If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Huffington Post)   Darrell Issa (R-eally Evil) complains that healthcare.gov may be open to hacking, insists on un-redacted copies of the networking code, then releases it. The Aristocrats   (huffingtonpost.com) divider line 192
    More: Sick, Darrell Issa, humans, Affordable Care Act, Betsy McCaughey, House Oversight, Government Reform Committee, White House Counsel, deem and pass  
•       •       •

5585 clicks; posted to Politics » on 11 Jan 2014 at 5:26 AM (49 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



192 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | 3 | 4 | » | Last | Show all
 
2014-01-11 02:38:00 PM  

theknuckler_33: How the hell is that guy not being charged with treason?


Because treason is when you betray your own nation to a foreign government. Attempting to undermine the country from within falls under seditious conspiracy.

Which of course is the God given right of the GOP to commit as they take the country back from those heathen libfarts and their marijuana scented kenyan bongo farts.
 
2014-01-11 02:47:23 PM  

TheBigJerk: Semantic Warrior:
Uh... nope.  Open source doesn't make it easier to hack information, it makes it easier for anyone to look at the code so any security flaws that could make HIPPA considerations vulnerable would become more likely noticed and fixed.  Open source doesn't give access to stored information.  Linux is open source and is far superior in its security than the likes of Windows.

This is more debatable than you Linux cowboys want to make it out to be.

But it *is* debatable, as opposed to clear that we should just trust in the closed-source semi-monopolies.

And it is tangential, the point that remains is that Issa has once again leaked classified information which could damage the functioning of our country in order to attack political enemies.


Oh I'm not arguing any of that at all, just hindsight.  In a true democratic sense, the People could have designed a better sight.
 
2014-01-11 02:50:08 PM  

cameroncrazy1984: This argument is like saying "if you only lock your door, you deserve to be broken into"


It's more like saying "If you don't lock the door, but trust that no one knows where it is, then you deserve to be broken into."

/Security by Obscurity is worse than no security at all.
 
2014-01-11 02:51:38 PM  

toomuchwhargarbl: theknuckler_33: How the hell is that guy not being charged with treason?

Because treason is when you betray your own nation to a foreign government. Attempting to undermine the country from within falls under seditious conspiracy.

Which of course is the God given right of the GOP to commit as they take the country back from those heathen libfarts and their marijuana scented kenyan bongo farts.


The part that absolutely pisses me off is that if the tables were reversed, you could bet every single penny you own that there would be petitions to execute the guy made over night in all 50 states if a Democrat released part of source code to a similar GOP website.
 
2014-01-11 03:05:56 PM  

efgeise: The part that absolutely pisses me off is that if the tables were reversed, you could bet every single penny you own that there would be petitions to execute the guy made over night in all 50 states if a Democrat released part of source code to a similar GOP website.


Republicans are bullies, Democrats are the kids that have just taken bullying as a given and internalized the bully's abuse to the point that they feel they deserve it. We're sooooo sorry for not being Republicans, may we have another?

There really is no opposition party in America, and I'm not sure after the way that the GOP's Military/Police/Industrial and Media complexes took down Occupy through criminalization of emerging leaders and propaganda bombardment that one could exist at this point without massive upheaval. And things really just aren't bad enough for that to happen, plus many people would die.

TLDR version: The GOP is on a Jihad, and the ends justify the means.
 
2014-01-11 03:10:50 PM  

Semantic Warrior: TheBigJerk: Semantic Warrior:
Uh... nope.  Open source doesn't make it easier to hack information, it makes it easier for anyone to look at the code so any security flaws that could make HIPPA considerations vulnerable would become more likely noticed and fixed.  Open source doesn't give access to stored information.  Linux is open source and is far superior in its security than the likes of Windows.

This is more debatable than you Linux cowboys want to make it out to be.

But it *is* debatable, as opposed to clear that we should just trust in the closed-source semi-monopolies.

And it is tangential, the point that remains is that Issa has once again leaked classified information which could damage the functioning of our country in order to attack political enemies.

Oh I'm not arguing any of that at all, just hindsight.  In a true democratic sense, the People could have designed a better sight.

Wow, site.

 
2014-01-11 03:19:56 PM  
Republicans don't care if their actions harm the government.  In fact, that's exactly what they want to do.
 
2014-01-11 03:25:45 PM  

Pincy: Republicans don't care if their actions harm the government.  In fact, that's exactly what they want to do.


Only if they're not in control of it. It's called petulance... and they have it in abundance.
 
2014-01-11 03:26:30 PM  
imagizer.imageshack.us

OgreMagi: Properly written code does not need secrecy to remain secure.


Captain Midnight disagrees.
 
2014-01-11 03:27:29 PM  

Wyalt Derp: Are the people calling Issa a traitor the same people who called Bradley Manning and Edward Snowden heroes?


All three are traitors. Are the same partisan assholes going to hide behind their constructed fallacies and allow anyone with an (R) behind their name to fark this country over without a farking peep or, per the usual, attempt to use derp logic to defend the indefensible? I think we know the answer to that one.
 
2014-01-11 03:55:37 PM  
Bender The Offender:
All three are traitors. Are the same partisan assholes going to hide behind their constructed fallacies and allow anyone with an (R) behind their name to fark this country over without a farking peep or, per the usual, attempt to use derp logic to defend the indefensible? I think we know the answer to that one.

Well thanks for clearing that up. I now totally expect Darryl Issa will either be imprisoned and placed on solitary confinement, or flee to somewhere without extradition and seek asylum aaaaaaany day now.
 
2014-01-11 03:57:28 PM  
if any of you open source advocates think that Darrell Issa released the source code to use the power of the open source community to improve the web site, I have a stake in Darrell Issa's fire insurance company to sell you.
 
2014-01-11 03:58:22 PM  

meyerkev: cameroncrazy1984: This argument is like saying "if you only lock your door, you deserve to be broken into"

It's more like saying "If you don't lock the door, but trust that no one knows where it is, then you deserve to be broken into."

/Security by Obscurity is worse than no security at all.


You say that like that is literally the only security they have.
 
2014-01-11 03:59:35 PM  
Okay I have a better analogy: It's like saying "Your home isn't secure if the only thing you're relying on is a secret alarm code. If you get broken into because this idiot broadcasts your secret alarm code, clearly it wasn't secure at all"
 
2014-01-11 04:09:19 PM  

cameroncrazy1984: Okay I have a better analogy: It's like saying "Your home isn't secure if the only thing you're relying on is a secret alarm code. If you get broken into because this idiot broadcasts your secret alarm code, clearly it wasn't secure at all"


Except it's more akin to him broadcasting the method by which the system authenticates your secret alarm code (unless they have some really crappy programmers putting alarm codes into the source, and that's a whole other issue).  Don't get me wrong; like above, I don't think the idiot is trying to improve the system.
 
2014-01-11 04:14:47 PM  

Wyalt Derp: Are the people calling Issa a traitor the same people who called Bradley Manning and Edward Snowden heroes?


Well, I'm not calling him a traitor--I was considering posting 'WHY THE F*CK WOULD YOU DO THAT?!'--but yeah, I'm on that boat. Manning and Snowden released information showing we were doing shiat that was morally questionable. This guy is just randomly throwing shiat out that will have no purpose beyond getting the website crashed. It's not revealing anything, it's not protesting anything, it's just throwing out crap that'll crash part of a bureaucracy.

/Nuance: An important part of every American's worldview.
 
2014-01-11 04:15:11 PM  

MmmmBacon: There may be HIPAA considerations that prevent the use of Open Source code. By law the personal information of people who use the ACA website must be protected, and letting anyone have access to the code for that site - which could place user's personal information at risk - is not acceptable.


There is no HIPAA problems because the only health question is 'do you smoke.' No pre existing conditions means no questions need be asked.
 
2014-01-11 04:21:35 PM  

cameroncrazy1984: Okay I have a better analogy: It's like saying "Your home isn't secure if the only thing you're relying on is a secret alarm code. If you get broken into because this idiot broadcasts your secret alarm code, clearly it wasn't secure at all"


More like:

"Your bank vault is secure only as long as no one knows what company made your vaults.  If the vault company did it right, they still need your keysto get into your vault (or really serious lock-breaking tools)".  And if knowing that Vaults-R-Us made your vault (or even what model your vault is) means that they can break into your vault, Vault-R-Us has bigger issues.

I shouldn't be able to break into your car just because I know what car you drive.  I should still have to figure out how to break the locks.  Heck, if the lock is designed properly, I can hand you blueprints of the locks (but not the exact pattern of the keys) and you still shouldn't be able to break into the lock.

He didn't leak the keys (He didn't right?  Like he's not that stupid, right).  He leaked the code.   Look, if they did it right (and from everything else coming out of this, I'm guessing they didn't), they used standard, possibly open-source (or originally forked from open-source) libraries.  And the reason WHY they're (in theory) secure is that we've had tens of thousands of eyes looking over them and using them for the last few decades.  We HAVE the codes already, and we know (to the extent that anything is ever known secure) that they're secure.
 
2014-01-11 04:32:58 PM  
Darrell Issa needs to be arrested and shot.  NO "ifs", "ands" or "buts" about it.  He has has deliberately put the private information of Americans at risk, and he sees nothing wrong with his blatant security violations as long as it advances his agenda.

Someone shoot him.  Please.  Or at the very least toss his ass in jail.
 
2014-01-11 04:40:45 PM  

meyerkev: cameroncrazy1984: Okay I have a better analogy: It's like saying "Your home isn't secure if the only thing you're relying on is a secret alarm code. If you get broken into because this idiot broadcasts your secret alarm code, clearly it wasn't secure at all"

More like:

"Your bank vault is secure only as long as no one knows what company made your vaults.  If the vault company did it right, they still need your keysto get into your vault (or really serious lock-breaking tools)".  And if knowing that Vaults-R-Us made your vault (or even what model your vault is) means that they can break into your vault, Vault-R-Us has bigger issues.

I shouldn't be able to break into your car just because I know what car you drive.  I should still have to figure out how to break the locks.  Heck, if the lock is designed properly, I can hand you blueprints of the locks (but not the exact pattern of the keys) and you still shouldn't be able to break into the lock.

He didn't leak the keys (He didn't right?  Like he's not that stupid, right).  He leaked the code.   Look, if they did it right (and from everything else coming out of this, I'm guessing they didn't), they used standard, possibly open-source (or originally forked from open-source) libraries.  And the reason WHY they're (in theory) secure is that we've had tens of thousands of eyes looking over them and using them for the last few decades.  We HAVE the codes already, and we know (to the extent that anything is ever known secure) that they're secure.


You clearly don't understand how hackers really work.  They, given your analogy, don't figure out how to crack the safe themselves, they find people in Valuts R Us or your company, fool or lure them into comprimising some aspect of security and then gather enough information to get into the vault.  Every piece of information you give a hacker, who is less like a genius than a dumpster diver crossed with a con man, brings the threat level up.

This was criminally stupid.
 
2014-01-11 04:47:13 PM  
Leave Issa alone.

He wants code to be free. Everyone should be able to set up their own insurance exchange without having to pay for it.
 
2014-01-11 05:08:56 PM  

toomuchwhargarbl: Bender The Offender:
All three are traitors. Are the same partisan assholes going to hide behind their constructed fallacies and allow anyone with an (R) behind their name to fark this country over without a farking peep or, per the usual, attempt to use derp logic to defend the indefensible? I think we know the answer to that one.

Well thanks for clearing that up. I now totally expect Darryl Issa will either be imprisoned and placed on solitary confinement, or flee to somewhere without extradition and seek asylum aaaaaaany day now.


Living up to you name, because the only person you've made any sense to is yourself. What kind of farking retard actually expects any politician in this country to suffer the same consequences as the "little" people would suffer for the exact same crimes? Oh wait, you've answered that question for us. My view on things, surprisingly enough, have no legal impact or bearing on anything beyond the discussion at hand. If I could force that twat to actually answer for releasing classified information, compromising allies and critical assets (as he did with the whole Lebanon affair), and abusing his position like any political whore, I would, believe me. Wake me up when I have any judicial powers, until then, pull your head out of your ass and live in reality were internet posters do not actually operate under some delusion that they have any influence on federal ethics or policies.
 
2014-01-11 05:33:27 PM  
Bender The Offender:
Living up to you name, because the only person you've made any sense to is yourself. What kind of farking retard actually expects any politician in this country to suffer the same consequences as the "little" people would suffer for the exact same crimes? Oh wait, you've answered that question for us. My view on things, surprisingly enough, have no legal impact or bearing on anything beyond the discussion at hand. If I could force that twat to actually answer for releasing classified information, compromising allies and critical assets (as he did with the whole Lebanon affair), and abusing his position like any political whore, I would, believe me. Wake me up when I have any judicial powers, until then, pull your head out of your ass and live in reality were internet posters do not actually operate under some delusion that they have any influence on federal ethics or policies.

If it was a democrat, they'd be getting shouted out of office by now. But the important thing is that both sides are the same.

/Carlin was right
//Power does what it wants.
 
2014-01-11 05:34:27 PM  
So, he leaked the source code for a website. Exactly what is the issue? I can go to just about every website out there and see the source code in my browser. Is there something I missed where this is suddenly a major national security breach? Oh no they can see the code to our web portal! Now the hackers can see millions of lines of shiatty code that contains flaws because the people setting up the back end were incompetent!

/dnrtfa
//"leaking code to a website" is like leaking draft version of a movie poster.
///it's not like the code contains any kind of usernames or passwords or anything
 
2014-01-11 05:41:45 PM  
Also, code for a website controls how it functions, it does nothing for the security of the connection or how data is handled, the back end manages most of that (with the exception of possibly some libs being called).

This is about as much of an issue as Benghazi actually is (that is to say not).

Issa himself may be dumb enough to believe this will somehow torpedo the site, but like any other congresschild, what they actually understand could fill a thimbul.
 
2014-01-11 05:45:58 PM  

Kit Fister: So, he leaked the source code for a website. Exactly what is the issue? I can go to just about every website out there and see the source code in my browser. Is there something I missed where this is suddenly a major national security breach? Oh no they can see the code to our web portal! Now the hackers can see millions of lines of shiatty code that contains flaws because the people setting up the back end were incompetent!

/dnrtfa
//"leaking code to a website" is like leaking draft version of a movie poster.
///it's not like the code contains any kind of usernames or passwords or anything


So he probably leaked the back-end server code (And I'm not seeing any actual code in my skimming the article, so correct away).  You wouldn't be seeing it normally.  It's all the code

So for Fark, they probably have a big template for the main page with code that says: "Go to the database and look up the last X headlines and plug them into the individual headline template code.".  You see the end-product HTML/Javascript, but not all the code that looks up the headlines, or ensures that you're logged in.

Mind you, if they did it properly (probably didn't), they could put every single piece of code involved with this out on the interwebs, and they'd still be secure.  If leaking the code is a security hole (vs. HIPPA/privacy violation or just plain dumb), they need to rewrite the code.

/I'm not saying Issa's leaking the code ain't stupid, I'm just saying that if the programmers did it right, it's not a hole.
 
2014-01-11 05:48:33 PM  

meyerkev: So he probably leaked the back-end server code (And I'm not seeing any actual code in my skimming the article, so correct away).  You wouldn't be seeing it normally.  It's all the code that writes the code that you actually see.


FTFM

/Or in one mild WTF, the code that wrote the Javascript that wrote the code.
 
2014-01-11 05:58:52 PM  

netweavr: He's a whistleblower, just like Snowden


Holy shiat, dude, you need to go up the creek with Issa.
 
2014-01-11 06:01:17 PM  
So, where does the line form for the class action lawsuit?
 
2014-01-11 06:20:36 PM  
I see a whole lot of ignorant people screaming for his head.  The few computer literate people trying to explain how things actually work are out numbered by the idiots.
 
2014-01-11 06:43:52 PM  

OgreMagi: I see a whole lot of ignorant people screaming for his head.  The few computer literate people trying to explain how things actually work are out numbered by the idiots.


Why does one have to be computer literate to understand the concept of operational security?
 
2014-01-11 07:23:14 PM  
Whatever crimes Issa committed this time, he is innocent because Benghazi and IRS is much much worse. BENGHAZI!
 
2014-01-11 08:42:27 PM  
www.mtholyoke.edu
 
2014-01-11 09:59:06 PM  

NewportBarGuy: Why don't we just hand out the nuclear launch codes while we're at it.


Don't effing tempt him. He may just do it to show that Obama is incompetent with the nuclear stockpile.
 
2014-01-11 10:29:12 PM  
Republicans utter and complete contempt for the law and national security is so cute. There's no way whatsoever that this could result in their eventual total expulsion from the government and being replaced by adults is there?

Is there?

/I know, silly question.
//Because the brown people or something.
 
2014-01-11 10:30:18 PM  

MmmmBacon: MattStafford: What issa did is obviously reprehensible and he should be punished, but question regarding this:

Why not make it open source? There has to be a team or coders out there who would gladly look over the code, point out problems or offer advice. They can check to see if any back doors were being added, check to make sure the security is up to standard, whatever.

Why is the us government concerned about the code being released? Wouldn't it be stronger if it was public and white hats can go over it and point out the problems before taking it live?

There may be HIPAA considerations that prevent the use of Open Source code. By law the personal information of people who use the ACA website must be protected, and letting anyone have access to the code for that site - which could place user's personal information at risk - is not acceptable.


OSS does not work that way.
 
2014-01-11 11:29:02 PM  

MaudlinMutantMollusk: There is something very wrong with Mr. Issa

/and anyone who defends or supports him


Is it actually possible to be too stupid to be a traitor? Treason requires intent, doesn't it?
 
2014-01-11 11:53:29 PM  

MattStafford: What issa did is obviously reprehensible and he should be punished, but question regarding this:

Why not make it open source? There has to be a team or coders out there who would gladly look over the code, point out problems or offer advice. They can check to see if any back doors were being added, check to make sure the security is up to standard, whatever.

Why is the us government concerned about the code being released? Wouldn't it be stronger if it was public and white hats can go over it and point out the problems before taking it live?


Is there some way of preventing the black hats from seeing it?
 
2014-01-12 10:16:38 AM  

Crapinoleum: MattStafford: What issa did is obviously reprehensible and he should be punished, but question regarding this:

Why not make it open source? There has to be a team or coders out there who would gladly look over the code, point out problems or offer advice. They can check to see if any back doors were being added, check to make sure the security is up to standard, whatever.

Why is the us government concerned about the code being released? Wouldn't it be stronger if it was public and white hats can go over it and point out the problems before taking it live?

Is there some way of preventing the black hats from seeing it?


You could always hide it under some coconuts.
 
2014-01-12 12:08:50 PM  
I'm saving this thread next time people biatch it would be more secure if it was open source.
 
2014-01-12 01:02:17 PM  

cameroncrazy1984: Okay I have a better analogy: It's like saying "Your home isn't secure if the only thing you're relying on is a secret alarm code. If you get broken into because this idiot broadcasts your secret alarm code, clearly it wasn't secure at all"


Cam, the proper way to secure your home is to patrol your yard with a handgun, you know, in case the governor has spie disguised as trees that leave no footprints in the snow (thanks to super-special shoes).
http://www.buffalonews.com/city-region/wben-host-bauerles-behavior-r ai ses-concerns-of-neighbors-police-20140111
/'nother local lib
//you're gonna like the way this reads.
 
2014-01-12 07:16:46 PM  

toomuchwhargarbl: OgreMagi: I see a whole lot of ignorant people screaming for his head.  The few computer literate people trying to explain how things actually work are out numbered by the idiots.

Why does one have to be computer literate to understand the concept of operational security?


Here's what a proper bit of security code would look like (not actual instructions!):

1. Obtain username and password from form.
2. Filter for bad characters.
3. MD5 the password.
4. Look for matching username and encrypted password in the database.
5. Decide what to do based on result.

Having the actual code that does this does NOT compromise security.  UNLESS it is badly written code, e.g. step 2 was left out.  Seeing that step 3 was left out would reveal the programmer was an idiot, but doesn't impose and immediate threat.

The computer illiterates seem to think the code would have this line:

if $thepassword == "mysecretword" then hand-over-the-keys-to-the-missiles
 
Displayed 42 of 192 comments

First | « | 1 | 2 | 3 | 4 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report