A black woman sued and defeated American Nazi groups that had been attacking her online.
The Judge awarded this brave woman over $700K and ruled that American Nazis, even if residing in Lebanon or Russia, are not allowed to “publish any public statements about her that are harassing, intimidating, or defamatory”:
“[2:56] The judgment equated online harassment with physical harassment…”
…a federal judge in Montana decided that Anglin owes real estate agent Tanya Gersh more than $14 million after rallying other white supremacists on his site to inundate her and her family with a barrage of threats and vitriol.
In June, a judge in Ohio awarded $4.1 million to Muslim-American radio host Dean Obeidallah after Anglin posted stories falsely accusing him of spearheading a terrorist attack.
These figures should be placed in context of how a CTO boasted about “executive titles and venture backing”, as well as powerful legal groups, enabling the hate campaigns:
Auernheimer took on the role of chief technology officer for the Daily Stormer, which had launched the year before in 2013. “Well, you know, it’s not – we’re not exactly like a normal company, you know? It’s not like we all have executive titles and venture backing,” he explained in a 2017 interview with NPR, regarding his role at the Daily Stormer.
[…]
Auernheimer went to prison in 2013 and was released the next year after the judgment was vacated on a technicality.
Auernheimer’s case had been extensively covered by mainstream and tech media, and he’d been supported by digital freedom advocates like the Electronic Frontier Foundation.
“Man arrested in Greece had nothing to do with 1985 hijacking and murder, victim’s brother tells Military Times”
The FBI most wanted list since 2006 has included Mohammed Ali Hammadi, a Lebanese member of the Iranian-backed terror group Hezbollah. A $5m bounty was posted in 2007.
A TWA Boeing 727 flight in 1985 was hijacked by him and his associates, who assaulted passengers and crew members for 17 days. They also murdered a US citizen, Navy Diver Robert Dean Stethem.
[Pilot] Testrake’s urgent message to the Beirut control tower was broadcast around the world: “We must, I repeat, we must land, repeat, at Beirut. . . . Ground, TWA 847, they are threatening to kill the passengers, they are threatening to kill the passengers. We must have fuel, we must get fuel. . . . They are beating the passengers, they are beating the passengers.”
…several Greek media outlets identified the detainee as Mohammed Ali Hammadi, who was arrested in Frankfurt in 1987 and convicted in Germany for the plane hijacking and Stethem’s slaying. Hammadi, an alleged Hezbollah member, was sentenced to life in prison but was paroled in 2005 and returned to Lebanon.
Germany had resisted pressure to extradite him to the United States after Hezbollah abducted two German citizens in Beirut and threatened to kill them.
He disembarked from a Turkish cruise ship and was held at island passport control. It appears to have been the result of a routine database check on tourists, during the peak cruise ship month for Mykonos (handling over 700,000 cruise passengers in 2019).
Conservative pundits in 2010 promoted a “Pakistani source” that the CIA killed Hammadi with a drone strike. So there’s still a chance reports today are wrong. Greek police news, for example, described the arrested man as aged 65. Hammadi would be 55 now (41 in 2005).
There are a lot of ways to tell this story about Apple allowing people to repair devices at a shop not owned and operated by Apple. It’s a wise move and here’s a personal anecdote why I would say so.
Nearly 25 years ago I worked as an authorized Apple repair engineer. I’d pore over videos sent to the independent repair shop I worked in. High-quality productions on CD from the manufacturer gave me x-ray vision, to see every step of decomposing and assembling Apple hardware.
In one hilarious day at work I was tossed a broken Apple product at noon by my manager and told to have it sorted out over lunch. Soon I had every screw and nut carefully removed down to the last one, parts laid out across the giant work space.
That means I did not just pull a part and replace using the “consumer-friendly” method of preset tabs and levers, common in today’s world. Instead I took apart, tested and rebuilt that device to be like new, given a carefully orchestrated training model from Apple themselves.
I said hilarious because when my manager returned from lunch he said “Damnit Davi, just pull a bad part and swap it. Do you have to understand everything? You could have joined us for lunch.”
Feed belly or mind? The choice for me was clear. He didn’t much care for the fact that I had just finished academic studies under Virgil’s Georgics (29 BCE) phrase “Rerum cognoscere causas” (verse 490 of Book 2 “to Know the Causes of Things”)
Sometimes I even put a personal touch on these repairs. One Apple laptop sent by the DoD was used in GPS development for strike fighters, so I made its icon for the system drive look like a tiny F-16 Falcon.
The generic Apple MacOS environment as it shipped
An appreciation for that extra effort meant a nice note from the US gov on formal stationary. Apple wanted computing to be “personal” and that is exactly what repair shops like ours were doing for customers.
Three years later I was managing a team of engineers who would desolder boards and update individual chips. As good and efficient as we were, however, everyone knew there was an impending slide into planned obsolescence economic models. Accountants might have asked us how many Zenith TV repair technicians exist, given Zenith itself disappeared. Remember these?
Zenith TV were meant to be kept for generations and repaired by local electronics experts, if not yourself
Profit models on the wall seemed to rotate towards shipping any malfunctioning products back to manufacturers, who would forward them to Chinese landfills for indefinite futures, instead of to engineers like me or my team who would gladly turn them around in a week.
Anyway it was 2010 when I owned an Apple iPhone. It died abruptly. Locked out of repairing it myself by the company policy, I took it to a desk in their billboard-like sensory-overload retail/fashion store.
An Apple employee looked at the phone and told me a secret sensor showed red, so no warranty would be honored. There had been no moisture I was aware of, yet Apple was telling me I couldn’t return my dead device because they believed that faulty device more than me?
Disgusted with this seemingly illegal approach to warranty issues, I quickly and easily disassembled that iPhone, replaced their faulty red sensor with a new one, and returned again. Apple confirmed (as a stupid formality) the new sensor wasn’t showing red, and gladly swapped the phone with a brand new one instead of repairing mine.
…owners that were denied warranty repairs over internal moisture sensors that falsely registered water damage are a step closer to collecting their share…
Immediately after they swapped my defective phone I sold the new one and stopped using any Apple products, as I announced in my HOPE talk that year.
Good news, therefore, that today Apple finally has gone back to a mode of operating that honors the important consumer right-to-repair, as Vice reports:
After years of fighting independent repair, Apple is rolling out a program that will allow some independent companies to buy official parts, repair tools, and diagnostic services outside of the company’s limited “authorized” program. It’s a big win for the right to repair movement…
I’ve written about this on my blog for nearly 15 years already, so it’s encouraging to see progress even if it does come late.
Cloud-hosted data sadly has been turning out to be more prone to breach than those run in a traditional private architecture, and now people are facing arrest for using database products without authentication enabled.
It’s a bitter pill for some vendors to swallow as they push for cloud adoption and subscriptions to replace licensing. Yet we published a book in 2012 about why and how this could end up being the case and what needed to be done to avoid it.
Despite our best warnings we have watched ransomware emerge as a lucrative crime model. Software vendors have been leaving authentication disabled by default, hedging on even the most basic security tenets as “questioned” or delayed. Unfortunately this meant since at least 2015 private data ended up being widely exposed all over the Internet with little to no accountability.
Cloud made this problem even worse, as we wrote in the book, because by definition it puts a database of private information onto a public and shared network, introducing the additional danger of “back doors” for remote centralized management over everything.
Take for example today on the Elasticsearch website you see an obvious lack of security awareness in their service offering self-description:
Known for its simple REST APIs, distributed nature, speed, and scalability, Elasticsearch is the central component of the Elastic Stack, a set of open source tools for data ingestion, enrichment, storage, analysis, and visualization.
They want you to focus on: Simple. Distributed. Fast. Scalable.
Safe? The most important word of all is missing entirely.
Normal operations must include safety, otherwise the products should fail any “simple” test. Is a steam engine still allowed to be defined as “simple” if use means a good chance of burning the entire neighborhood down?
Hint: The answer is no. If you have high risk by default, you don’t have simple. And “distributed, fast, scalable” become liabilities like how a dangerous fire spreads, not benefits.
Should vendors be allowed to sell anything called “simple” or easy to use unless it specifically means it is safe from being misconfigured in a harmful manner? For databases that deploy to cloud that means authentication must be on by default, no?
Ecuador quickly has leaped into global leadership on this issue by raiding the offices of an Elasticsearch customer and arresting an executive who used a big data product simply configured to be unsafe.
Ecuadorian authorities have arrested the executive of a data analytics firm after his company left the personal records of most of Ecuador’s population exposed online on an internet server.
[…]
According to our reporting, a local data analytics company named Novaestrat left an Elasticsearch server exposed online without a password, allowing anyone to access its data.
The data stored on the server included personal information for 20.8 million Ecuadorians (including the details of 6.7 million children), 7.5 million financial and banking records, and 2.5 million car ownership records.
The primary question raised in the article is how such a firm ended up with the data, as it wasn’t even authorized.
Yet that question may have a deeper one lurking behind it, because database vendors failed to enforce authentication it undermines any discussion of authorization. Could Ecuador move to ban database vendors that make authentication hard or disabled by default?
A hot topic to explore here is what vendors did over the past seven years to prevent firms like the one in this story from ending up with data in the first place, as well as preventing further unauthorized access to the data they accumulated (whether with or without authorization).
A broad investigation of database defaults could net real answers for how Ecuador, and even the whole world, can clarify when to hold vendors accountable for ongoing security baseline errors that are now impacting national security, highlighting the true economics of database privacy/profit.
Update October 2019: An unprotected Elasticsearch cluster contained personally identifiable information on 20 million Russian citizens from 2009 to 2016.
