Surely there are some white hats at MSD, or MOJ it now seems, who would've blown the whistle. I've written some more about this here:
Yeah, nice post. Is the whistleblower's legislation meant to legally oblige or require employees to use it for reporting things, or is it more intended to provide clearer legal processes for people who choose to report things when they're faced with retaliatory action from employers? Knowing some of the social situations that occur in many workplaces, I don't think I'd often blame someone for just choosing to give up, shut up and get on with all their main current ever-behind-schedule workload, compared with risking years of their and their families lives falling apart with possible legal action and fighting for their rights and facing the unknown, just because they have incompetent managers at a workplace where they'll only spend a few years of their lives. Maybe it's something in a New Zealand culture of disliking confrontation, but I think it'd be common for many people who weren't gelling with management to simply quit and find a better job, or at best wait it out for the economy to get better. The employee turnover stats in MSD's IT sections could be interesting.
It's great to have whistleblower protection, but to me it still seems that providing and clarifying legal rights of someone who reports an extraordinary situation is no substitute for employing appropriately responsible people and systems to ensure that situation never occurs in the first place.
Is the whistleblower’s legislation meant to legally oblige or require employees to use it for reporting things, or is it more intended to provide clearer legal processes for people who choose to report things when they’re faced with retaliatory action from employers?
Absolutely the latter. I would be distinctly queasy about the implications of legislation that tried to compel whistle-blowing.
The Protected Disclosures Act also only applies to internal disclosure or, where internal disclosure is not practical, disclosure to the Ombudsmen or a Minister of the Crown. The Act requires that public sector organisations establish internal processes for disclosing allegations of "serious wrongdoing", and protection under the Act only applies if those processes are followed. Going outside the organisation is a last resort where the employee believes there is wilful ignorance or a cover-up, and it's only then that going to the Ombudsmen or a Minister is protected.
You called Sir?
Ok, let us begin.
[originally, someone who makes furniture with an axe]
1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
3. A person capable of appreciating hack value.
4. A person who is good at programming quickly.
5. An expert at a particular program, or one who frequently does work using it or on it; as in ‘a Unix hacker’. (Definitions 1 through 5 are correlated, and people who fit them congregate.)
6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.
7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.
8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker. The correct term for this sense is cracker.
Right, cracker, that's what HSDPA meant, I guess.
Ooops, I mean HDPA, HSDPA meaning High-Speed Downlink Packet Access I did think High Density Poly Acetate but, apparently, no, at least not the poly acetate bit anyway.
The origional meaning of Hacker has a British equivalent, Bodger. The use of this term in Australasia usually refers to the practice of throwing shit together without care or consideration of consequences. This seems quite apt with regard to both the system design at MSD and the MSM reportage of the same.
As they say...
It's Knowledge Bro.
Excellent comment Lew.
The location and nature of value is shifting, just like it did when scribes were no longer the only ones who could write.
I don't think I'd say the challenge faced by journalists is quite as stark as justifying handwriting after the printing press was invented. That's like the most important invention of an entire millennium, whereas citizen journalism could actually rise and then fall. Journalists could come back into fashion. There was never going to be a fall after moveable type printing was conceived. "So what if you can make 3600 pages a day and the scribe could only do 2. His were quality pages".
Classic, 3 times faster than the Candyman. Or Candy woman in this case, whom I notice was thankfully never triggered. That would not have been good sport, sir.
Re the distinction between Hacker and Cracker.
I heard this argument from an esteemed blogger from the states a few years ago and I disputed it with him then.
The group of expert programmers may wish to use the jargon term cracker for bad guys and hacker for good guys - but they don't get to decide the meaning of words out in the real world of english speakers.
For better or worse hacker means someone who attacks systems - in its initial meaning for bad purposes. It does not mean expert programmer. That was the first meaning it had when it was first used in normal english and subsequent uses have solified that meaning. Expert programmers can try and reclaim the word but I suggest that the battle is lost.
Cracker has no real meaning in general english that relates to IT.
On a personal note - when customs ask me for my profession - I don't put hacker - I put computer programmer.
It's Knowledge Bro.
I just remember it was what the kid on Whiz Kids called himself. He also talked to his computer and gave it a name. I remember at the time thinking that there was almost nothing realistic about the show (most particularly the geek love-triangle), having seen up very close just how low-tech successful hacking could be, and what the personality type and motivation involved was.
Years later, studying computer science, a lecturer gave one of the most out-of-place lectures I can ever remember having, in which he ran down hackers with a bitterness that could only have been personal. They had to discipline a number of the kids who got it into their heads to crack the university systems, and he made some generalizations that have stuck with me ever since. "poor social graces and no sexual partners" leaped off the pages of a dry manual on operating system design. "Apart from trying to damage our systems, he sought thrills in other dangerous activities, nearly killing himself on a motorbike, and eventually blowing off one of his hands with home made fireworks". "They were not the talented students, which is why getting a cheap advantage through doing something tediously repetitive liking entering passwords endlessly struck them as a better idea than just getting a high paying job like most of our graduates <with a bitter verbal aside about the pay of university lecturers>".
I'm paraphrasing, having not kept the textbook. I thought it was a bit mean, probably 90% true, and quite funny. But still a damned boring subject.
On a personal note - when customs ask me for my profession - I don't put hacker - I put computer programmer.
Wise choice. I notice that even the most alert and attentive passport controller gets a glazed look in their eye when they ask about that job. It's probably the fastest way to look boring and square imaginable. Act like you really want to tell them about it, and you'll be angrily waved through. Make sure you always put a line through any zeros and sevens on the forms. If they ask, then you can explain ASCII! Instant wave-through.
Quick question Keith. Was Paul (or yourself) actually approached to be interviewed about the story and if so did he (or you) give one? Seems like that could have cleared up any confusion about his motives in breaking into kiosks.
Without the opportunity of speaking to an insider it seems hard to argue a reporter should automatically know the word "malicious" has different meaning in hacker circles (or even that "hacker" doesn't immediately mean "bad guy" in hacker jargon).
I also don't think you can necessarily argue a reporter should assume that because someone is posting about hacking on youtube that means they actually have noble intentions. There of plenty of people who post on facebook and youtube gloating and boasting about how they are breaking the law and showing how to do it (just to be clear I'm not suggesting that's what Paul was doing but you can see how someone might misinterpret the tone of what is being said in that youtube vid).
What I'm trying to say here is it seems unfair to accuse a reporter of producing a misleading report which lacked context when that reporter didn't have the opportunity to speak to someone who could explain that context...
justifying handwriting after the printing press was invented
I'm talking earlier, when writing became something a wider group could do - nothing to do with technology. Was a narrow profession before that.
when that reporter didn't have the opportunity to speak to someone
Do you have a link about the reporter "not having an opportunity"?
poor social graces
Not sure about the sexual partners aspect, but back in the day when I worked for a large NZ consulting firm we used to ensure our 'IT security people' didn't talk to the client without a chaperone/interpreter. Too easy to scare the horses otherwise.
Sorry that sentence should have been “IF that reporter didn’t have an opportunity”.
I was inferring an interview didn’t happen because Paul doesn’t appear to be interviewed in the TVNZ piece. It only shows snippets from his youtube vid.
I expect every journalist and editor has to make choices about talking with quoted and well-informed parties before publishing.
Agreed but if those parties won't front to explain themselves it's hard to complain the story was maliciously biased against them.
Too easy to scare the horses otherwise.
Classic. It's kind of become a badge of pride, though. In my last job there was a guy who was deliberately scrofulous to an extreme degree that I was sure was 90% affectation. I think he felt that his credibility as a computer nerd was in doubt if he didn't look the part. His business partner (who was also my business partner, just in a different business) had the guy to stay over at his house (the fellow lived in California), and had to reprimand him one day for leaving his dirty underpants in my partners hallway (my partner had a wife and two children, in an immaculate house). I found it hard to actually believe someone would be so careless about things as to somehow drop their underpants in the hallway of someone else's house, and to not notice them when walking past, several times. It just had to be a put on. Didn't it? Surely?
if those parties won't front to explain themselves
Any evidence that such a situation applies here? It's a pretty basic part of a journalist's job.
if those parties won’t front to explain themselves it’s hard to complain the story was maliciously biased against them
Keith's blog posts explained his side clearly and at some length. I would have thought a journo writing about the subject would have read them. 36,000 other people did, according to the stats.
Sorry don't understand your objection, could you explain a bit further?
Keith's original story was outing the security flaw at MSD and had nothing to do with this particular hacker as far as I can see. As I understood it the TVNZ story seems only tangentially related to the MSD thing. It seems to suggest suggests a hacker who worked for a company which did some work for MSD was encouraging other hackers to breach kiosk security and showing them how to do it. That would be a story in itself even if there were no issues with the kiosks at MSD (although I accept from reading Kieth's blog he wasn't doing this with malicious intent and was actually working on the side of good)..
Nothing in Keiths previous blog posts alluded to hackers at all (except to say the security breach didn't actually require the skill of a professional hacker).
No I don't have evidence (beyond noting no interview appears in the report) but I don't really need any, I'm just asking whether there was an interview or not and pointing out if one was requested and refused it seems a bit unfair to complain a story lacks context.
if one was requested and refused it seems a bit unfair to complain a story lacks context.
That's not particularly relevant without any evidence that it's true in this case. You're stretching a bit.
Nothing in Keiths previous blog posts alluded to hackers at all
Quite. It was specious spin rapidly applied by govt and parroted unthinkingly by some media outlets.
No I don't have evidence (beyond noting no interview appears in the report
That's the reasoning Mr Roughan used about Campbell Live's coverage of Chch school closures, as discussed here recently. Absence of evidence is not evidence of absence.
in the real world of english speakers.For better or worse hacker means someone who attacks systems
There are english speakers and there are English speakers, I'd assume the reason you wouldn't give hacker as your profession is that it's (as knowledge bro pointed out - def 1) technically more of a hobby/ lifestyle.
Outside the cube as it were...
If we’re taking ‘knowledge’ here to mean research/ language skillz, then I concur. Editors and journalists need knowledge – and tons of it.
Actually this thread is all about domain knowledge, which helps assess relevance and provide context for facts and opinions.