[HN Gopher] The search for dirt on Mudge
___________________________________________________________________
The search for dirt on Mudge
Author : jrochkind1
Score : 120 points
Date : 2022-09-13 12:46 UTC (10 hours ago)
(HTM) web link (www.newyorker.com)
(TXT) w3m dump (www.newyorker.com)
| ineptech wrote:
| > Zatko told me, "These tactics should be beneath whoever is
| behind them."
|
| Hahahaha! Probably time to get a padlock for your garbage cans.
|
| edit: apparently I should clarify, this was a humorous suggestion
| that the people who do research for hedge funds will stoop
| considerably lower than the tactics Mudge was referring to, not a
| serious suggestion that he actually padlock his garbage cans
| tablespoon wrote:
| > Hahahaha! Probably time to get a padlock for your garbage
| cans.
|
| How would that even work? Give the garbageman a key?
|
| Probably time to get a shredder, or a firepit, or both.
| scottyah wrote:
| Lots of small businesses have padlocks on their garbage bins
| to prevent others from filling their (paid)bin. Getting rid
| of a pickup-truck load of garbage (from a house renovation or
| something) is actually quite expensive.
| fmajid wrote:
| DIN 66399 P-5 shredders (1.9x15mm micro-cut) are not that
| expensive, I paid less than PS300 for my HSM Securio C18.
| Just get the good kind, not the made-in-China junk. The NSA
| requires P-7, which can still be had for slightly over $1200.
| wrycoder wrote:
| We wore out a commercial shredder on a GOCO proposal.
|
| At the end, we hired a kid to stand there and spray it with
| WD-40 as he fed it.
| sophacles wrote:
| The garbage area at a lot of retail stores is fenced off
| behind a padlock. Those places live in constant fear of
| someone making use of their trash for reasons other than
| making the trash problem worse.
| dan-robertson wrote:
| Seems like they're asking the wrong people, e.g.
|
| https://nitter.fly.dev/igb/status/1569679325359919104
| https://nitter.fly.dev/search?f=tweets&q=from%3A%40igb+mudge...
|
| (Direct Twitter links:
| https://twitter.com/igb/status/1569679325359919104
| https://twitter.com/search?f=tweets&q=from%3A%40igb+mudge+OR... )
|
| The basic claim (from someone I understand was reasonably senior
| and worked reasonably closely to Mudge) is basically that the guy
| was not good for Twitter security and so to a great extent his
| whistleblower complaint is 'Twitter put me in charge of security
| which was highly negligent of them' eg
| https://nitter.fly.dev/igb/status/1562087069391785984
| th0ma5 wrote:
| Sure does seem like a ton of effort to try to "expose" those
| trying to stop all the far right influence campaigns.
| DanAtC wrote:
| What's stopping someone from taking the money and giving them
| nothing of value in return? Missed opportunity.
| awinder wrote:
| Yeah I'm with you, once the friends group clued in that it was
| a bunch of financial types trying to make trades on a feeling,
| they should have spit all kinds of divergent information into
| that idiot machine.
| danielmarkbruce wrote:
| You can do that once, at best. Most of them have a phone
| system which counts the minutes and you get prorated. The
| people paying the money aren't idiots. They'll cut you off
| after 10 minutes if it seems like you are full of it. Then
| the relevant expert network never calls you again.
|
| The other side (the people that pay) do reviews etc.
|
| "Mr X appears incompetent".
| bdhe wrote:
| Integrity? Something the world seems awfully short of, these
| days.
| KerrAvon wrote:
| Self-interest would probably also work. You can do that once,
| maybe twice, but word will get around.
| fullsend wrote:
| As if the world was brimming with integrity in the past? We
| have the internet now, and can see how the powerful have been
| behaving this whole time.
| bloppe wrote:
| It's probably more like a plea deal negotiation. They pay for
| the info not just the conversation.
| [deleted]
| [deleted]
| [deleted]
| londons_explore wrote:
| Mudge developed password cracking tools....
|
| It seems likely that when he was starting out as a security
| researcher he did some more "legally shady" things... and I'm
| sure someone out there is willing to share information about that
| for enough money...
|
| His only hope is that computers in the 80's/90's were typically
| far less interconnected, and any records of mudge's hacking may
| have been lost to history.
| fmajid wrote:
| Almost as bad as eBay's campaign of harrassment against David and
| Ina Steiner. It's long past time for executives to face personal
| criminal liability for their misdeeds on the company's dime.
| jahewson wrote:
| They do face liability for their own misdeeds. The problem is
| that "their own" is very hard to isolate.
| ericbarrett wrote:
| Strongly disagree:
|
| > Ina and David Steiner say eBay employees tortured them for
| two years because they posted online reviews about the site.
| Staffers allegedly sent the couple bizarre items, including a
| pig Halloween mask, insects and a book on losing a spouse.
|
| (Source: https://www.cbsnews.com/boston/news/ebay-lawsuit-
| cyberstalki...)
|
| The oppo research mentioned in the article surely leaves a bad
| taste in one's mouth, but it's not even in the same league as
| what the Steiners say they faced.
|
| Edit/additional thoughts: Mudge is a well-known executive who
| held high-profile position in several organizations, and who
| released very serious accusations about Twitter, where he was
| an officer of a public company, in the midst of a multi-billion
| dollar business dispute. Whereas the Steiners were just two of
| millions of eBay sellers who were allegedly criminally harassed
| by senior staff for the content of their newsletter (IIRC). So
| there's also an enormous difference in the relationship between
| these individuals and the entities opposing them.
| r00fus wrote:
| Let's just agree that both are the result of private stalking
| gone wild. I'd agree the Steiners' eBay harassment was much
| worse but silencing of any critical voices is definitely in
| the authoritarian playbook and bad for a functioning society.
| fmajid wrote:
| > He also said that the company was led by executives willing to
| cover up the platform's security issues, including by
| discouraging Zatko from informing its board of directors about
| them. (Hahn, the Twitter spokesperson, told me that Zatko's
| portrayal of the company was "riddled with inconsistencies and
| inaccuracies, and lacks important context.")
|
| I'm guessing the missing context is that Twitter's board itself
| did not want to know (plausible deniability), otherwise they
| would also become liable for breach of fiduciary duty.
| joe_the_user wrote:
| _Twitter 's board itself did not want to know (plausible
| deniability)_
|
| Oh seems plausible and I'd guess Mudge would expect that. And
| I'd also guess that when making a complaint, you gotta pretend
| that going through channels is the proper thing only few bad
| apples will try to stop, IE that everyone involved here isn't
| implicitly in on the scheme.
|
| And I doubt Twitter would raise this explicitly the "lacking
| context", to say the least.
| dweez wrote:
| Matt Levine today:
|
| > Surely the highest-variance aspect of the Twitter vs. Musk saga
| is Zatko's whistle-blower complaint. If Zatko can make a
| compelling case that Twitter is horribly bad -- that its
| information security is so bad that it violates the law, that it
| has fraudulently concealed its problems, etc. -- then that is
| probably Musk's best argument to get out of the deal: Twitter is
| doing fraud, it has suffered a material adverse effect, etc. If
| Zatko is just a run-of-the-mill paranoid security researcher who
| is aggrieved about being fired and making mountains out of
| molehills, then his complaint will quickly be kicked out of court
| and won't affect the Musk deal. Zatko's credibility -- whether
| he's telling the truth, and also whether he is exaggerating or
| underselling the importance of Twitter's problems -- is a key
| input into your evaluation of Twitter's stock value. The more
| credible he is, the less likely it is that Twitter will get
| $54.20 per share, and the less Twitter will be worth without
| Musk's deal.
|
| > So if you are a hedge fund, or an expert-network firm working
| on behalf of hedge funds, you obviously want to know how credible
| he is. You might, for instance, want to talk to some of his old
| coworkers to get a feel for him. You might offer to pay them a
| lot of money for a one-hour phone call, because you might have a
| lot of money riding on the Twitter deal, which means specifically
| that you have a lot of money riding on your evaluation of Zatko's
| credibility.
| neonate wrote:
| https://www.bloomberg.com/opinion/articles/2022-09-13/crypto...
|
| https://archive.ph/YoBJQ
| anonymouse008 wrote:
| Well hell, I made the wrong choice at a fork in the road then.
| If finance is willing to buy a tighter confidence interval
| based on insight to Mudge's credibility, then I severely
| underpriced the potential payout in finance.
|
| E-mail is open to those who want tighter intervals re this deal
| or similar: my new pivot.
| ryandrake wrote:
| Yea, wow, I had no idea someone would pay that much simply
| for an ex-employee to spin a bunch of bullshit about their
| former company or colleague. Incredible!
|
| I remember a surreal experience after having left a Silicon
| Valley tech company. I was contacted over LinkedIn by someone
| wanting to "do research" about that company. Reading between
| the lines, he wanted company dirt, secrets, and so on. Having
| no intention of violating my (very serious) NDA, I declined,
| but he was insistent and offered to buy me dinner. I figured
| I could just go, chew my food and not answer questions, so
| why not get a free meal out of it? We met, I started chowing
| down, not answering anything, and just treating it like a
| lovely dinner date. He eventually excused himself to the
| bathroom, and then disappeared, leaving me with the bill. So,
| I guess my plan didn't work, but I got a stupid story out of
| it so I've got that going for me.
| dilap wrote:
| This story is fantastic. It's great because the ending is
| so unexpected, but then on second thought, exactly what you
| should've expected. Perfect.
| Scoundreller wrote:
| https://www.nytimes.com/2019/01/28/world/black-cube-nso-
| citi... ?
| linuxlizard wrote:
| That's not just a stupid story, that's an awesome stupid
| story.
| abawany wrote:
| You now know what the status of your payout would have been
| had you chosen to violate your NDA. There is no honor among
| thieves, apparently.
| appleiigs wrote:
| Lots of stories like this in finance. In Flash Boys book, it
| discuss finance firms laying 800 miles of fiber across
| mountains just for trading. Bloomberg terminal tracks oil
| tankers. Hedge funds using satellite photos to see how busy
| shopping malls are. To take that even further, a hedge fund
| hired hundreds of people to sit in Luckin Coffee stores to
| track traffic and what customers purchased... on and on.
| keepquestioning wrote:
| Please. How replicable do you think this situation is?
| danielmarkbruce wrote:
| Merger arb is a thing. Lot's of similar situations albeit
| with less media coverage.
| danielmarkbruce wrote:
| It's a $44 billion deal. The current market cap is $32
| billion. There is $12 billion of winnings sitting there on
| the table if you choose "it will close" and are right.
| Maursault wrote:
| > If Zatko can make a compelling case that Twitter is horribly
| bad
|
| I don't doubt his accusations. However, the same could be said
| for nearly everywhere there is a network. Twitter is high
| profile, but there are a million businesses most have never
| heard of that have a similar lack of information security. IOW,
| Twitter's crappy security is not remotely exceptional because
| nearly every business with a computer is bad. There are
| businesses with decent computer, network and information
| security, but even in those places tight as a drum a
| disgruntled employee could reek havoc, and I'd be really
| surprised if Mudge and most of HN wasn't aware of this.
|
| Things usually go bad for whistleblowers, it is a shame, but
| most often it doesn't work out for them. They make movies about
| the successful whistlebowers, but the unsuccessful are buried.
| It would have been different had Mudge stepped forward prior to
| termination, as he would have been able to avail himself of
| Federal whistleblower protections. I don't think it matters to
| his credibility, but that this is exactly what Musk wanted to
| hear is a little, tiny bit suspicious to me. What could Mudge
| gain from this other than saving face (which really isn't worth
| much)? What Musk did to Twitter is clearly unethical, as much
| as I respect him for his successes, it seems obvious his
| behavior regarding Twitter is irresponsible and many innocent
| lives and their wallets are being adversely affected. The SEC
| should look really hard at all this before choosing not to act,
| because he has manipulated markets for his personal benefit
| before and got a slap on the wrist.
| purpleblue wrote:
| During the dotcom days, when employees had desk phones, some of
| my coworkers would get unsolicited calls from analysts or other
| people searching for inside information about our company. They
| would engage them in conversation, try to become friends with
| them over months so that they could reveal even the smallest
| bit of inside information for them.
|
| The lengths that people will go to get some sort of information
| edge to make money, even doing illegal things, is incredible.
| shalmanese wrote:
| Is that illegal for analysts? If an employee chooses to share
| confidential info to any random person, that's a breach of
| contract for the employee but does the analyst face any
| culpability?
| distrill wrote:
| if they trade on material non public information, then yes
| that's illegal.
| otikik wrote:
| It will greatly depend on the specifics, I suspect.
|
| An analyst hears something being talked about on a
| different table in a restaurant by chance is legal.
|
| An analyst offering money to a retired nuclear weapons
| defense contractor in order to sell might... suddenly
| disappear.
|
| In between those two extremes? Ask a lawyer, not the
| internet.
| ramraj07 wrote:
| Snippets from Zatko's Wikipedia page:
|
| > Mudge was responsible for early research into a type of
| security vulnerability known as the buffer overflow. In 1995 he
| published "How to Write Buffer Overflows", one of the first
| papers on the topic.
|
| > He was one of the seven L0pht members who testified before a
| Senate committee in 1998 about the serious vulnerabilities of the
| Internet at that time.
|
| And they say he wasn't doing a good enough job at a company whose
| only job is to pass some text back and forth lol. Didn't the
| breach happen because some slack channel inside Twitter had the
| password pinned to the top?
|
| https://en.m.wikipedia.org/wiki/Peiter_Zatko
| fmajid wrote:
| Er, the (in)famous Robert Tappan Morris worm of 1988 used a
| buffer overflow. Zatko may be a renowned security expert but he
| didn't invent the buffer overflow.
|
| I'm inclined to believe everything he says about Twitter from
| my experience implementing Twitter APIs then constantly working
| around their incessant random breakage.
| stonogo wrote:
| Nobody claimed he invented the buffer overflow. The claim is
| that he was one of the first researchers to investigate them.
| That claim is justified.
| homarp wrote:
| https://en.wikipedia.org/wiki/Buffer_overflow#History
| confirms
|
| The earliest documented hostile exploitation of a buffer
| overflow was in 1988. It was one of several exploits used by
| the Morris worm to propagate itself over the Internet. The
| program exploited was a service on Unix called finger.
| (source code here https://0x00sec.org/t/examining-the-morris-
| worm-source-code-... )
|
| Later, in 1995, Thomas Lopatic independently rediscovered the
| buffer overflow and published his findings on the Bugtraq
| security mailing list.
|
| A year later, in 1996, Elias Levy (also known as Aleph One)
| published in Phrack magazine the paper "Smashing the Stack
| for Fun and Profit", a step-by-step introduction to
| exploiting stack-based buffer overflow vulnerabilities.
|
| And here is "How to write buffer overflow" by Mudge
| (10/20/95) :
| https://insecure.org/stf/mudge_buffer_overflow_tutorial.html
| zhxshen wrote:
| Some of this digging might not be to discredit Mudge, but to
| estimate how well his claims will hold up in the crossfire. That
| would be useful information to some hedgie looking to make a big
| play on twitter stock (or tesla stock, indirectly).
| danielmarkbruce wrote:
| Almost all of it will be that. The companies looking for the
| information are all expert networks, where the paying customer
| is almost always a hedge fund or private equity. There are
| billions of dollars at stake, of course they are looking for
| any insight they can get on the guy.
| smm11 wrote:
| Musk wants to settle Mars. Twitter is noise.
| danielmarkbruce wrote:
| This isn't great reporting. A much simpler explanation is that
| hedge funds betting on the outcome of the twtr/musk case are
| trying to understand the situation so they can make bets on the
| outcome of the deal.
| throwoutway wrote:
| At this point, the Twitter board needs to bring in an outside
| investigatory team.
|
| Mudge, who is well respected in the industry, is saying the
| executives are lying to the board.
|
| Twitter's CEO publicly mocks him, refuses to testify to Congress,
| and instead we hear that people are being offered money to dish
| dirt on their respected colleague.
|
| If Twitter's board does not act, then they're willfully ignorant
| to the behavior and that negligence is going to harm investors.
| Lastly, if the board does not act, then the investors need to
| bring this to vote at the next shareholder meeting.
| anm89 wrote:
| You are speaking from the alternate universe where people care
| if any of this stuff is ethical. In reality only a tiny cohort
| of message board nerds (I'm including myself) care and 95% of
| twitter users, if they ever hear about it all will be over it
| in about 5 seconds.
| colechristensen wrote:
| But activist shareholders could sue the board / executives
| for breach of their duties and get money out of it. Whether
| or not they actually care, they could pretend to care in
| order to profit from it.
|
| Regardless if it's true, they could say they lost out on
| Elons buyout because the board acted inappropriately before
| and during the buyout negotiations.
| nawgz wrote:
| You are making the risk assessment the expected value of
| legal action is higher than the expected value of market
| returns or other applications of that same fund.
|
| I'm not sure where you gained such confidence.
| spfzero wrote:
| The board's behavior is a really interesting point. On one
| hand, they are doing the owners (stockholders) a dis-service by
| first being gullible enough to be successfully kept ignorant
| about the company's security situation, and then not making
| rapid management changes upon being alerted to it(by Mudge, it
| seems). On the other hand, if they can successfully get Musk to
| pay the offer price, they have then represented the owners
| interests very effectively.
|
| The fact that the case is coming up soon makes me think that
| the board thinks they can focus on the case for now, and fix
| the company's problems later, after the case, if they win it.
| If the case looses, they'll be out of a job anyway and it will
| be some other board's problem.
| londons_explore wrote:
| > The board's behavior is a really interesting point
|
| The board know about the poor security. But they also see the
| Equifax leak (far worse than the data twitter holds), and how
| small that fine was, and they make the conscious decision not
| to invest in security.
|
| They also know they might be given government incentive
| money/contracts to increase security against foreign agents.
| If they do the work now, they won't get paid that money.
|
| Win win!
| criddell wrote:
| Why did Twitter pick Agrawal for their CEO. I hadn't read
| anything about him before Mudge's revelations and every single
| thing I've read since has not been kind to him. He seems to be
| doing a really bad job navigating this event and nobody appears
| to have any respect for the guy.
|
| But you don't get to be CEO of a company the size of Twitter if
| you are this bad at managing. So, what's going on?
| googlryas wrote:
| I've wondered the same thing. He had one of the most epic
| upward trajectories of anyone ever going from rank and file
| to CEO of a multibillion dollar company. Did he even have any
| other job on his resume?
|
| I assume he has some connections that let him shoot up
| through the ranks. I think his wife is a general partner at
| a16z, maybe that has something to do with it? But a lot of
| people fit that bill who might want to get their bestie
| listed as CEO
| programmarchy wrote:
| Maybe Jack saw a shitstorm on the horizon, and Agrawal was
| naive or willing enough to become the patsy?
| spywaregorilla wrote:
| The board and the shareholders are massively incentivized not
| to show that the execs are lying though, even if they know for
| certain that they are lying.
| vmoore wrote:
| > Mudge, who is well respected in the industry
|
| Keep in mind, although he's classed as an 'ethical' hacker,
| many whitehats come from blackhat backgrounds, and turned
| whitehat because of fear of getting caught up in draconian
| CFAA[0] trials. Every hacker in their youth done some stupid
| stuff that could haunt them later. If you didn't do stupid
| stuff in your youth, you never really grew or learned from it.
|
| [0] https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
| gnu8 wrote:
| This is a no-true-Scotsman argument where none was asked for,
| but thank you for linking to Wikipedia properly.
|
| "Ethical" hacker is also a nonsense term. Ethics means the
| study of moral philosophy, it is not a synonym for "good" and
| to use it as such belies a superficial understanding of both
| morality and hacking.
| nekoashide wrote:
| That's why you don't request your personal file from the FBI,
| either they have a file on you from your youth or you have
| given them reason to suspect you did something at some point.
| I'm curious, but not that curious.
| woodruffw wrote:
| Tens of thousands of people FOIA their DOJ files each year.
| Unless you're already pinged for something, I doubt the FBI
| is going to expend any additional effort solely because
| you've asked for some personal files.
| jjulius wrote:
| >If you didn't do stupid stuff in your youth, you never
| really grew or learned from it.
|
| So, he's... just like most people? Do you have any specific
| incident(s) to point to, re: Mudge, or is this just
| speculation that can be applied to nearly everyone?
| bitexploder wrote:
| I got into infosec consulting perfectly cleanly, as did most
| of my peers. Sure some of them were involved in shenanigans
| in the distant past, but that is a very broad brush to paint
| with and seems out of place here given zero specific
| knowledge about Mudge and what he may or may not have done
| just because he is in an industry where some people
| occasionally did some questionable things in the past.
| marshray wrote:
| Mudge held a significant position within the Department of
| Defense.
|
| That doesn't happen without having any skeletons in your
| closet identified and investigated.
| woodruffw wrote:
| Mudge was a DARPA PM; that's a significant position in the
| sense that he led DARPA-funded research programs, but I
| don't think it's one that actually requires a clearance.
|
| Source: currently do DARPA-funded research. No PM has ever
| mentioned having a clearance to me, and the work itself is
| entirely uncleared.
| snowwrestler wrote:
| To be fair, marshray did not mention clearance, just that
| some skeletons would be looked for. Getting cleared is
| not the only time or the only way the federal government
| does that sort of thing.
| woodruffw wrote:
| Sure. I actually wouldn't doubt that Mudge was already a
| known entity to USG. I just wanted to dispel some of the
| clearance voodoo that comes along with "significant
| position within the Department of Defense."
| coldsauce wrote:
| In his most recent testimony, Mudge mentioned that he was
| in the leaked OPM database with his details and clearance
| level leaked which implies he had clearance.
| xenophonf wrote:
| That doesn't necessarily mean Mudge had a Secret
| clearance or something. For all we know, he could have
| had a Public Trust position, which meant he handled
| sensitive but unclassified information. Anybody in IT or
| infosec would have that kind of clearance.
|
| https://en.wikipedia.org/wiki/Sensitive_but_unclassified
|
| https://news.clearancejobs.com/2020/09/01/what-is-a-
| public-t...
| woodruffw wrote:
| Did he mention a clearance level, or just being in the
| OPM breach? My understanding is that the OPM breach
| included plenty of uncleared employeesas well.
|
| (I'm not trying to be stubborn! If he really did hold a
| clearance as a DARPA PM, then I'm wrong in his case.)
| RajT88 wrote:
| You could have been in the OPM database being a janitor
| at the VA.
|
| Although that wording about "Clearance level" does seem
| to suggest more than just the baseline government
| employee background check.
| woodruffw wrote:
| Yeah, that's the part I'm curious about: there are plenty
| of "public trust" or SBU roles that I'd expect to have
| been leaked with the OPM breach that are "cleared" in the
| pop sense of the word, but are not actual clearances in
| the US Government's sense.
| MacsHeadroom wrote:
| > but I don't think it's one that actually requires a
| clearance.
|
| In general, it doesn't. For some project areas it
| sometimes does. It really depends.
| woodruffw wrote:
| Right. The context in question is I2O, since that's the
| office that Mudge was a PM in. I'd expect other offices
| to have different expectations around clearances,
| particularly the ones that do ballistic or aerospace
| research.
| tptacek wrote:
| What kind of clearance do you actually need to be a DARPA
| PI?
| woodruffw wrote:
| None that I'm aware of (or can find on DARPA's site).
| DARPA might help a PM maintain their clearance if they
| already have one, but I don't think they require one for
| new PMs (unless the project directly requires classified
| information, which of course some do).
| throwawaylol_ wrote:
| marshray wrote:
| In talks, Mudge has referenced participation in various
| Pentagon projects that would definitely require a
| nontrivial clearance.
| tptacek wrote:
| I'm not doubting so much as asking curiously: I've
| participated in what I'd guess are fairly sensitive
| Pentagon projects (commercially, over about a year and a
| half+) and I've never been cleared for anything.
|
| + _None of it involved vulnerability research; this was
| back in my anti-DDOS days_.
| ChrisMarshallNY wrote:
| _> That doesn 't happen without having any skeletons in
| your closet identified and investigated._
|
| Yup. They would have gone in with a proctoscope, and would
| not have tossed him an ID card, unless he could completely
| convince them that he's good for it.
|
| If they are looking for dirt, they won't get it. I assume
| they are intelligent people, and know that, so maybe they
| are actually doing what has been suggested; looking for as
| much _accurate_ information as possible -either way.
|
| NPD is a multibillion-dollar company, because they sell
| _accurate_ information; not information that people _want_
| to hear (how they get that information, well, that 's
| another matter).
| cma wrote:
| > They would have gone in with a proctoscope, and would
| not have tossed him an ID card, unless he could
| completely convince them that he's good for it.
|
| Astronauts undergo detailed psyche exams, personality
| evaluations, and usually have some level of security
| clearance. And yet..
|
| https://www.wikipedia.org/wiki/Lisa_Nowak
| mc32 wrote:
| Not only that, but we know fabrications happen and take
| years to dispel. If a powerful entity wants to ruin your
| reputation, they can and do not need truth behind them.
|
| It's courageous for him to speak the truth (at least his
| observations) when they were unwilling to and actively
| try to undermine it.
| woodruffw wrote:
| > Yup. They would have gone in with a proctoscope, and
| would not have tossed him an ID card, unless he could
| completely convince them that he's good for it.
|
| This is a mild overstatement. DARPA doesn't necessarily
| require clearances for PMs; even if a particular project
| does, it's not necessarily one that requires the "full-
| scope" process (meaning polygraph and the rest of the
| works).
|
| I wound't be surprised if Mudge had to fill out an SF-86,
| but that's not that invasive as far as background
| investigations go. It's nearly identical to the process
| used for Global Entry.
| phpisthebest wrote:
| >>being offered money to dish dirt on their respected
| colleague.
|
| that dirt also better be security related, not digging up ex's
| or that he told an offensive joke one time at a conference
| years ago which seems to be the SOP for "dirt" these days
| munificent wrote:
| _> that negligence is going to harm investors._
|
| Only if the truth comes out. If you can control the narrative
| long enough, it becomes indistinguishable from reality, at
| least as far as the markets are concerned.
| tpmx wrote:
| [deleted]
| icpmacdo wrote:
| https://archive.ph/IOy3u
| encryptluks2 wrote:
| If we used Congress hearings and feelings of Republicans as a
| testament of honesty, then at this point Mudge shares as much
| credibility as the election being rigged. We have literal
| breaches of credit reporting agencies storing all your data but
| this is what Congress wants to focus on.
|
| Heck, I saw worse than what Mudge is reporting in actual GovCloud
| environments involving PHI.
|
| Wake me up when people are not so easily manipulated by the news
| cycle and their self-interests.
| TotoHorner wrote:
| programmarchy wrote:
| I watched the committee hearing, and there didn't seem to be
| much partisan politicking going on. The primary focus was
| protecting the privacy of users, which impressed me. However,
| at one point Lindsey Graham mentioned he and Elizabeth Warren
| were in agreement enough to start fleshing out some kind of
| social media operator licensing regime, which sounds terrible.
| unconed wrote:
| What bothered me the most is that they vaguely referred to
| Europe's data protection having more teeth, even though the
| GDPR has all but been neutered via Legitimate Interest.
|
| Most GDPR popups now classify "building a personal profile",
| "serving personalized ads" and "linking multiple devices" as
| legitimate interest, and they still default it to on, without
| a clear and equally-visible "No" button next to the "Agree".
| This is so obviously against the intended spirit of the
| legislation but it's everywhere.
|
| So yeah, large targets like Twitter might need to watch out,
| but third parties are still harvesting data left and right,
| so what's the point?
| [deleted]
___________________________________________________________________
(page generated 2022-09-13 23:00 UTC)