Users of the federal heath care exchange site have been advised to change their passwords this weekend after the Obama administration reviewed the government’s vulnerability to the Heartbleed Internet security bug.
Several things to note about this:
- The clueless knobs in government leapt to assure us that there was no danger to healthcare.gov users from Heartbleed. (I like John Hayward’s snark in this column, by the way. Healthcare.gov was so wretched that no one could use it for months, so that minimizes the vulnerability.)
- Heartbleed is a screwup in a widely-used (near universally-used in fact) security library. An open source library, which is written and maintained mainly by volunteers. They get virtually no support from the thousands of corporations or governments which use the library for essential business and government activities. If some of the cheap-asses would kick in some bucks or a part-time developer dedicated to reviewing the code of the some of the open source projects they use, a lot of vulnerabilities, other bugs, and usability issues might well go away.*
- One of the NSA’s charter purposes is to protect the US and its people from exactly this sort of problem. If OpenSSL is being used to protect the privacy of people who enter information into government web sites, which it is, then it’s arguably “critical infrastructure” and the NSA was either inept in not noticing the problem or criminally negligent in not alerting the OpenSSL developers. That’s even assuming that NSA didn’t know about it and left it vulnerable so they could eavesdrop on private conversations or even inject their own data. Sure, the NSA denies any knowledge or wrongdoing, or even intent to snoop on American citizens, but if there’s one thing that the Snowden papers show, it’s that there is no limit to the snooping perpetrated by the NSA or their lies to cover it up.
* Yah, this is a hot-button topic for me. I formerly did a fair amount of “community pay-back” work, including coding and documenting open source projects, hosting mailing list archives, and writing and maintaining FAQs. By and large I got more aggravation than appreciation from consumers of what I produced. And on the government side of things, I’ve had managers pester me for worthwhile ways to spend $10k left over in the software budget rather than “let it go to waste”, and been met by incomprehension or scorn when I suggesting donating to open source projects that the agency was using.
So. All that on the government managing to screw things up yet again, and it’s only one of the three items for today’s rant. Let’s continue…
Headline says it all. Of course the ballless wonder in the White House is pushing it back. He knows a decision either way will cost votes in November, so he’s defaulting to the technique used by preschoolers the world over, refusing to make a decision. However, in this case, refusing to make a decision is making a decision, but not having the balls to admit it. I hope voters remember this six months from now, especially if gasoline prices shoot up the way Obama wants them to.
But these weighty concerns actually understate government incompetence and meddling. No issue is too small for the government to stick their nose in and screw up.
The proposal [by the FDA] would classify [beer] companies that distribute spent grain to farms as animal feed manufacturers, possibly forcing them to dry and package the material before distribution.
The equipment and set up to do that would cost about $13 million per facility, said Scott Mennen, vice president of brewery operations at Widmer.
“That would be cost prohibitive,” Mennen said. “Most brewers would have to put this material in a landfill.”
As it says in the article, this is regulation in search of a problem. So far as I know, there is no evidence of any human sickness ever caused by used malt being splooped into a tanker and given to cows. But of course, solving actual problems is not what bureaucrats are all about, is it?
And with that, enjoy the rest of your day in the Land of the Free.