Just goes to show you how little the "authorities" understand technology. If this had been a brick and mortar business it is highly unlikely that they would shut them down for 45 hours for one file. They didn't even bother to contact the owner of the site? The assumption that he is involved in the theft simply because he owns the site (which apparently is openly accessible) is asinine. You can just imagine the "authorities" talking in their little uniforms about "these hacker kids" while prodding the the strange boxes with their billy clubs.
I agree. An analogy would be closing a long-term storage facility because someone stored a bomb-making manual in one of its lockers.
Well, perhaps they would still close it and search for an actual bomb. But would they also close all of the facilities owned by the same storage company? More to the point, I guess, would they suspect that the storage company is an accomplice? Unlikely.
The problem is, hi tech is outside of the daily experience of most of the people, and much less understood by them. So they have to rely on experts and take the most conservative point of view (as potentially the least dangerous one). We have to be patient with them: education takes time.
The guy says he was uploading OSS work he did at Goldmans, same as he did when he worked there. It's not unusual for Quant researchers who work in R or SciPy/NumPy to update the modules they use to build their models, that source code is copyright by the developers of the statistical language modules - Goldman's don't own it.
Eh ? Not sure what you meant there, but if you and your employer do have a contract that says "all work that you produce while working here is owned by your employer", my understanding would be that updates to those modules, when written for your employers are actually owned by them, no ? (well, within software licensing terms)
Let me know what wasn't clear. Most employers who use OSS apps - including R, SciPy NumPy and other statistical languages - are comfortable with staff fixing bugs in those languages and distributing their modified copies of the works.
Just as long as they make sure to note never to rely on GitHub (I know everyone will have the full repo backed up, but for working together, deployment, etc). This kind of thing makes it clear GH could be toast because some yahoo decided to upload illegal code.
Aleinikov, though Sergey, is no Brin, that's for sure.
More seriously, he obviously did a stupid move. Whether it was malicious or not, I do not know.
But the way the whole collection of servers goes down just because a single remote user has done something suspicious from a legal (not technical) point of view raises concerns, both of legal and technical nature.
One issue is whether a distributed server system would have been able to withstand what is technically an attack from the legal authority.
Another issue is whether there is a technical solution to a legal challenge, specifically, if it is possible to recognize an illegal action by technical means. And if it is advisable too (for example, I would hate to see watermarks in the source code or, more likely, udp/tcp packets, but I would hate it much more if a whole system went down).
This kind of attack may be more efficient than a DOS attack. Can it be prevented?
I wonder... in what jurisdictions are these "oh a user is doing something bad, let's take out the company hosting that user with no warning" outages most common in? Most that I remember reading about were in Europe, but at the behest of US corporations.
Now, it does seem like this is a rare occurrence; data center problems are more common, so it doesn't seem like a reason to move just yet, but when it comes time to set up my European location, this is certainly something I will research and I will be less likely to host in countries more likely to give me an unplanned outage.
this part got me thinking: I then erased the bash history, he said, referring to a method of recalling commands used in previous computer sessions.Goldman security measures prevent such deletions, which tipped the firm off to his activities, prosecutors said.
Perhaps he would have gotten away with it had he not erased the bash history. Outside of that, there's probably a lot of data/operations moving about, and would be tough to spot, because I get the impression that he was up to stuff for a while and no one was the wiser.
