> I'm a veteran. I served under both parties. I don't care which side of the aisle fixes this.
The idea that there are things entirely unpartisan or unpolitical is a polite fiction we can work with when things are somewhere around normal - usually even when things are pretty far from normal.
I get the army drilled this stance into you, but at some point the price the people pay for corruption includes their security.
I think you're technically right but missing what the guy is actually doing. When he says "this isn't about politics" he's not making some naive claim that governance exists outside of politics. He's saying "please don't retreat into the red team blue team thing here." And that's a legitimate move.
The word politics has basically split into two meanings that we swap between without noticing. There's the original sense, the art of navigating collective decisions, how we share power and resources. That version is unavoidable and actually kind of noble. Then there's what the word has come to mean in practice, which is identity-driven team sport. My side versus your side. Performance and signaling.
When you say "it is, in fact, about politics" you're technically correct in the first sense but you're activating the second sense, which is exactly the frame he's trying to get people out of. He's trying to create a space where people engage with the substance without immediately sorting into camps. That's valuable even if the distinction is a little artificial.
It's kind of a trap honestly. The escape hatch from tribal politics has itself become a political move, so you can always say "well actually that's political too." True, but not very useful if you're trying to get anywhere.
> I think you're technically right but missing what the guy is actually doing. When he says "this isn't about politics" he's not making some naive claim that governance exists outside of politics. He's saying "please don't retreat into the red team blue team thing here." And that's a legitimate move.
We've got a great term for the latter, and everyone is already familiar with it. Add the adjective "party". Done.
continuing off the tangent, "party" is a noun, not an adjective. In a construction "party politics", it functions _like_ an adjective, but it remains a noun.
Similarly, "computer" in "computer games" is a noun that modifies the meaning of the following noun. Modifying nouns like this always are in singular.
But you should write that to the OP, they are the one who misuses the term "politics" in the 2nd sense. The answer to confusing terms is not a retreat from the original definition, but education. Otherwise you're opening doors to these political moves.
Surely the reason why appeasement isn't working is that we just haven't appeased hard enough!
"Both sides" / "tribes bad" / "transcend the conflict" discourse is such cancer, because intentionally ignoring the most pertinent parameters of a conflict is not a neutral choice. When Donald Trump said he would end the Russia/Ukraine conflict on Day 1, we didn't fear that he was lying, we feared that he was serious because we all knew that the only way to actually do it would have been to force Ukrainian defeat. When your toddler is screaming because the smell of cooking has made him hungry but he has to wait, giving in to his demands is not conflict-transcending 3D chess, it's teaching your kid that tantrums are an effective tool. The same goes for politics.
It will have to get a lot of worse in order to get better. Voters have to be in a lot more pain to give the non-crazy party control to actually fix fundamental problems.
Note: I'm an independent, but the current administration is incompetent on an embarrassing level.
there is no need to rewrite it, because it's fine. What's not fine is people not observing it, and defending it with their lives, and making sure that violations are actioned with penalties, social stigma and disdain.
The fact that this conversation is happening at all is indicative that our current form of government and its founding documents were inadequate in preventing the existing situation.
If the constitution was appropriate, the people would have the explicit legal means of remedying this situation without relying on elections several years after the constitutional crises was underway.
A piece of paper doesn't make any difference if what's written is not observed, nor the rules it laid out followed. The fact that the president can commit crimes - like declaring war without the approval of congress - and have no consequences, means that the problem isn't with the written text, it's in enforcing it. And citizens can only enforce it with elections, or with civil unrest.
I would say that the constitution not enshrining a method of enforcement outside the auspices of the executive branch is an inherent failing of the document. Which would then indict its inability to be amended as originally intended over time.
The fact that it was intended to be a living document and has not remained so, I would argue, is partially responsible for our current predicament.
You are blind. The senate and electoral college and lack of clearly distributed powers have meant that we have never functioned as a liberal democracy despite our lofty rhetoric claiming otherwise.
Everyone acts like the electoral college was a blunder. The founding fathers studied the democracies of ancient Greece, and they made a very intentional choice to guard against unfettered democracy. You were supposed to be involved in local politics, where you could actually know and evaluate your representatives. Those representatives were supposed to make national decisions on your behalf, including choosing the president.
I'm not qualified to know who will make a good president. You probably aren't either. Pushing the process further into American Idol territory would make it worse, not better.
> Those representatives were supposed to make national decisions on your behalf, including choosing the president.
This is, incidentally, how we massively screwed up the federal government. In the original design US Senators were elected by the state legislatures, the premise being that they would prevent federal overreach into the regulatory domain of the states because they would be directly accountable to the state governments.
Then populists who wanted to do everything at the federal level pushed for the 17th Amendment which eliminated the state governments' representation in the federal government and people stopped caring about local politics because it started feeling like an exercise in futility when federal law could preempt anything you wanted to do and the thing meant to keep that in check was deleted.
And the federal government was supposed to have enumerated (i.e. narrow, limited) powers. It doesn't have the scaffolding for people to hold it accountable. You can elect the local dogcatcher but the only elected office in the entire federal executive branch is the President of the United States. Which is fine when the main thing they're doing is negotiating treaties and running the Post Office but not fine if you're trying to do thousands of pages of federal regulations on everything from healthcare to banking to labor to energy.
That's somewhat ahistorical, the 17th amendment happened because state legislatures were frequently deadlocked and could not appoint senators, meaning states went without senate representation entirely.
In a fifteen year period 46 senate elections were deadlocked in 20 states, at one point Delaware had an open senate seat for four years due to this.
That said the proper reform to this would've been the abolition of the senate, as it has always been and will always be an anti-democratic force, not moving for senators to be elected by the people.
> That's somewhat ahistorical, the 17th amendment happened because state legislatures were frequently deadlocked and could not appoint senators, meaning states went without senate representation entirely.
That seems more like an excuse than a legitimate reason. If that was actually a problem you could solve it by adopting a mechanism to break ties, putting the vote to the public only in the event of a tie, having the state legislatures use score voting which makes two candidates getting exactly the same score far less likely, etc.
> That said the proper reform to this would've been the abolition of the senate, as it has always been and will always be an anti-democratic force
It's supposed to be an anti-democratic force, like the Supreme Court and the entire concept of even having a federal government instead of allowing local voters to have full plenary power over local laws. Unconstrained direct democracy is a populist whirlwind of impulsive reactionary forces.
>I'm not qualified to know who will make a good president. You probably aren't either. Pushing the process further into American Idol territory would make it worse, not better.
I reject this premise. I'm not omniscient but I have a pretty good idea.
Then we must repeal the state laws criminalizing electors not voting in line with the states popular vote allocation, and directly elect electors to ensure they are people of sound morals and judgement rather than partisan hacks. Because at the moment the electoral college serves no function besides distorting the popular vote. Any other possible function has been removed by law.
> I'm not qualified to know who will make a good president. You probably aren't either. Pushing the process further into American Idol territory would make it worse, not better.
Randomly-selected citizens would have outperformed what we’ve gotten in the last few elections at minimum.
That doesn't really fit the math. At the time of the founding the largest colony was Virginia and of the original 13 colonies, 9 were in the North and only 4 were states that ended up in the Confederacy, i.e. it was the slave states that were underrepresented in the electoral college and the Senate.
Virginia was a slave state at that time (I think it was 8 slave states to 5 non). The states that eventually joined the confederacy are different from those that had legalized slavery when the Constitution was signed.
Indeed Virginia was a slave state at the time, and was later part of the Confederacy, and it was the most underrepresented state in the Senate and electoral college at the founding, since those bodies cause higher population states to be underrepresented relative to their population.
> The states that eventually joined the confederacy are different from those that had legalized slavery when the Constitution was signed.
All of the states had legalized slavery when the Constitution was signed. But it was already gathering detractors even then. The states that wanted to keep it the most were the ones that ended up in the Confederacy and they were both a minority of the original colonies and a minority of the states at the time of the civil war.
I don't think everyone is being greedy cowards. Our system is designed to domesticate people through threat of poverty or state sanctioned violence.
Resistance is difficult because it typically requires great personal sacrifice. It's hard to protest when you have to work to feed and shelter your family. It's hard to resist law enforcement when your life is the price.
The working class's current inability to resist tyranny isn't an accident.
it always takes sacrifice to resist tyranny. It's just that there's been less tyranny in the past half century, that the new generation raised have not had to make sacrifices, and thus don't feel they need to. Surely, somebody else will make that sacrifice when the time comes...
Millenials have been killed by the current admin, and both Gen Z and Millenials have been in the streets across the country consistently since the current admin took office. Not sure what news you're consuming that you would think the way you do.
The "constitution is good, we just need to follow it" attitude missed out on the rot that occurred before Trump that enabled Trump and supports him to this day. That rot occured under both parties, when guardrails were followed and rules were in place and observed.
Agreed. And in my opinion, a big part of the rot was that Congress became progressively more dysfunctional. (When was the last time they passed an annual budget? That is the most basic job of Congress, and they haven't been able to do it for years.)
I agree with you, but I don't see these things as possible. Maybe the D party will enact campaign finance rules if they got a super majority. Given gerrymandering I'm not sure that is ever possible though.
People really need to understand the math here instead of listening to what politicians themselves self-interestedly complain about.
The modern balance of power remains on a razor's edge and constantly flips because both parties have learned to run data-driven campaigns. That would be as true if neither party did gerrymandering as if both parties do as they do now. Whatever the district which is closest to being flipped, that's the one where they would concentrate their resources. If one party started to get significantly more than 50% of the seats and the other significantly less, the loser would change some of their positions until they were back in the running because getting some of what you want with 51% of the seats is better than getting none of what you want with 39% of the seats.
The actual problem is not the electoral college or gerrymandering or The Despicable Other Party, it's first past the post voting, because that's what creates a two party system. Have your state adopt STAR voting or score voting and see what happens.
> Have your state adopt STAR voting or score voting and see what happens.
There have been ongoing efforts to ban things like ranked choice or other options at the state level and now it's being pushed federally (Make Elections Great Again act MEGA).
Look around at the politics of the majority of countries on the planet. Voters being in pain doesn't mean they suddenly start making the right choice. Quite the opposite in fact.
There's a long way to go on the path the USA is currently on. Ask anyone from India or Russia or Argentina or Egypt or Nigeria how democracy actually works.
It’s not just the incompetence, it’s the meanness. If this administration were simply incompetent, it would be bad but not alarming or scary. It’s the fact that they want to hurt a portion of the population that worries me greatly.
The electorate does give control but they get bored after a few years and want to wreck everything all over again. It's goldfish levels of political memory in this country.
It’s a reference to 5 USC 3331. Everyone who takes the oath should support his recommendations. That’s what I think he means by is not about politics. He’s tacitly asking whether people’s oath’s are intact.
Politics is about power. Who has it, who should have it, who will have it.
Democracy is a system in which parties lose elections, and therefore lose power.
When a party asserts they didn’t lose an election, don’t lose elections, that competing parties are illegitimate, that is an anti-democracy party.
That an anti-democracy party is in power and seems to not care about protecting institutions that help defend and protect Constitutional law and order, makes it a legitimate question whether their oath is intact or if they’re duplicitous.
A lot of effort under Biden was to make diinformation a big push and they offloaded work to third parties, so I'd be curious to know how many of the firings or resignations came from the government being pulled away from censorship in league with social media as opposed to losing harscore cybersecurity professionals. Makes me want to jump back on the cybersecurity bandwagon. I think the the CISA and NSA mandate for memory-safe software roadmap is good. I'm more of a SPARK 2014 fan than Rust, but I think by 2027, I'll shift to 30% focus on Rust and see where the government contracts go. I'm building a high-integrity secure, mostly formally verified automation and controls software for a state-of-the-art portable hoist able to function in aerospace that I am also co-engineering with my partner inventor.
> the government being pulled away from censorship in league with social media
The right sure said that a lot, but it repeatedly failed to materialize. The twitter files were especially embarrassing, where Elon alleged government censorship but his "detective" was forced to admit that it didn't exist. Oops!
> [@mtaibbi] Although several sources recalled hearing about a “general” warning from federal law enforcement that summer about possible foreign hacks, there’s no evidence - that I've seen - of any government involvement in the laptop story. In fact, that might have been the problem...
Contrast this to "we can do it the easy way or the hard way" from the current administration. Yikes!
> And what's happening at CISA right now should terrify every American who depends on running water, electricity, and the ability to vote in free elections.
The answer is right at the beginning. Current administration has the explicit goal to not have free elections going forward. It has been stated plainly, on TV. The rest is collateral damage, and an attack on critical infrastructure will be a good excuse to invade the next country, declare state of emergency or outright war and get rid of elections completely.
Apparently that's where you stopped reading. If you continue reading, with a little be of logical reasoning and comprehension, you will learn that Plankey has been nominated by Trump, has bipartisan support, and even that Trump started the CISA agency. The only thing holding it up are 2 republicans and 1 democrat over some contract that probably has something to do with their buddies getting some contract deal. This isn't about "this administration", it's about your everyday political favors behind closed doors that has been happening since governments have been a thing.
That doesn't account for the ~1,000 employees being gutted from the agency and leaving a maliciously incompetent acting director in place. Both of which are directly caused by the current admin and won't be remedied by Plankey getting a confirmation, possibly for years.
For what it’s worth CISA built upon previous work in the DHS (basically rebranded NPPD as CISA) which evolved from NCSD which itself merged NCS and other cybersecurity teams in the wake of 9/11. America has been doing cybersecurity longer than any other country I think but presenting a rebranding as somehow something Trump is leading the charge on is a weird take.
Repeated statements by Trump and his circle claiming he’ll run in 2028. Statements by Trump that his supporters won’t ever need to vote again. That little insurrection they tried on January 6th 2021. Their current weaponization and staffing of ICE by people with questionable backgrounds and morals and deploying them against their political enemies under the pretext of illegal immigration (Texas has a bigger problem than Wisconsin For what it’s worth). Constantly praising dictatorial leaders like Putin and Xi while threatening and talking shit about Democratic allies.
So whether or not metastasizes to that point, pretending like this concern has no grounding in actual actions taken and statements uttered is wild, because this playbook isn’t new and the intended direction seems more clear than not.
Hard agree with this and this matches what I’m hearing about the agency. That said, the failures start with Noem, DHS, and its approach to governing. Policies have been actively hostile to those working at the agency, messaging is prioritized over action, policies that make it harder to work overtime or telework or flex to the needs of actual problems, etc and that will likely continue under a new director.
We’ve torched cooperation, shown we cannot protect classified information - if one didn’t know better one would think it was on purpose - but in general incompetence typically reigns. They just don’t think the agency should exist after they said elections in 2020 were generally secure.
Well, yes, but that someone else doesn’t need to be a foreign adversary.
There is a certain type of mentality that just doesn’t believe that government should do anything, and that private enterprise will always have the solution.
Those people appear to be in control of all levers of power in the United States.
It's simpler than ideology about government vs. private enterprise. These are purely transactional people, looking out for what can benefit themselves. It's just about grabbing things for personal gain.
Real world evidence doesn't seem to validate this position.
For example - The ratio of government employees (including contractors) to US population is at an all time high[1], and the ratio of GDP to government expense is at an all time high[2].
It should be obvious if you have a profilgate printer priting dollars left and right, and the printer's controllers livelyhood depends on the printer working, workers will eventually lease printing to anyone willing to pay the controllers.
Thus, doesn't seem like a problem of wealthy people to me. You are always going to have wealthy people in any society. But it seems the fault is at having a printer, and letting people who aren't your neighbor, to control it.
I'm open minded in this being a "Chicken or egg" Problem. But I'd need to hear a compelling argument for it.
The current President is a big fat liar and everybody knows it. But where's your counter for the argument? Government spending is now at a higher percentage of GDP than it was during the height of WWII, which had been the all-time high for 200+ years. That is inherently inconsistent with the incumbent "just doesn’t believe that government should do anything" -- the current government is doing a lot of something.
Why would you write it like it's a mystery. Government spending is for the most part public. Most of it going to two massive buckets military and social support programs (medicare, snap, et al). Now you can argue about how much we should be spending on each, but don't act like it's a big secret where the money is going. The elected representatives (all parties) of this country have voted to increase military spending year over year and most of the population is fine with this.
Separately but equally damaging in terms of spending is one party is consistently doing everything in their power to fuck over the most vulnerable, provide tax breaks to corporations and the wealthy, and generally make life miserable for anyone who isn't a wealthy (soon white) dude.
This means the other party being the only sane choice for people with morals, but also being subject to various types of capture corporate or otherwise, gets to spend their time in power bumbling around trying to undo the damage and make sure the wheels don't completely fall off, so the "welfare" state expands by necessity since the only thing the two parties can agree on at this point is that all problems should be solved by throwing absurd amount of money at them and nothing else.
> Most of it going to two massive buckets military and social support programs (medicare, snap, et al).
SNAP is peanuts. About a trillion dollars out of the seven trillion goes to the military and by far the largest amount goes to retirees.
> The elected representatives (all parties) of this country have voted to increase military spending year over year and most of the population is fine with this.
How can you tell if they're fine with it if all of their alternatives lead to the same result?
> Separately but equally damaging in terms of spending is one party is consistently doing everything in their power to fuck over the most vulnerable, provide tax breaks to corporations and the wealthy, and generally make life miserable for anyone who isn't a wealthy (soon white) dude.
The party that set up Social Security so that it has an income cap on the tax, makes larger payouts to people who had higher incomes up to the cap and max payouts to people who hit the income cap, and pays out more to white people in aggregate even proportional to their income because they live longer, was the party of FDR. The party that has been obstructing housing construction in San Francisco and other major cities for decades to the detriment of renters, young prospective home buyers and the homeless is the party with the majority in those cities, and you can't even pin that one on the filibuster.
You don't get to blame the other party for the things they screwed up and the things you screwed up.
That is basically the Republicans' entire existence at this point. They would rather blow it up/make it disfunction/burn in down than have a working government. They have proven so with actions/policy like their willingness to pile destructive levels of debt onto the nation in order leverage the damage to their political goal of destroying government.
But they seem to also believe in heavy-handed government intervention to prop up failing businesses. For example Trump's recent announcement that he'll require the military to buy coal power on long-term contracts:
So on the one hand they're saying government shouldn't do anything, but on the other hand they love having the government put its finger on the scales of the market.
The common thread that resolves this apparent conflict is, of course, billionaires. 100% of Republicans and ~60% of Democrats are in office primarily to serve at the whims of billionaires. They will pursue whatever policies will give more power to billionaires, consistency and hypocrisy are irrelevant.
How could you possibly come to this conclusion? Which party literally just voted for tax breaks on the wealthy and corporations, twice in one decade?!
In before "No clearly the party that helps the billionaires the most and is mostly comprised of billionaires and is backed by all the tech billionaires are the good guys, they are the true party of the people"
"So on the one hand they're saying government shouldn't do anything, but on the other hand they love having the government put its finger on the scales of the market."
Rather: They don't want the government to impede capitalist interests (greed), so they're using the government to further their corruption and greed
It's amazing what people will ignore to suit their prejudices. The Presidential cryptocurrency should have been the clearest signal that this was going to be all-grift, all of the time. I don't think any previous President would have been allowed to destroy half of the White House, either. The exact sort of thing that, if an "enemy" had did it, they would be demanding a war over.
You did get the memo from POTUS that loyalty is more important than intelligence, right?
Un-bias intelligence in this operation is not welcomed. One is told what is "factual truth" (not facts themselves) by those who operate out of Pennsylvania Avenue in DC.
If you're not blindly loyal and in line with the administration, then you'll be at risk of losing whatever role you have unless your loyalty is proven then you may receive some of that back based on how much you have demonstrated.
--
The problem in infosec in this world is not competence, it is cult of personality. This is why black t-shirt dislike black polo shirts not so secretly.
We're in an era of Disaster Capitalism. Some of the richest people have realized they've nearly extracted all the money they can gain on the current trajectory of nations and came to the conclusion they can make even more money if they destroy everything and then are the ones to rebuild society, their way.
Fallout's storyline from the live-action series, where Vault-Tec dropped the first nuke and started the apocalypse simply so they could wipe out the competition and rebuild later, is a little too on-the-nose.
Ya historically this doesn't traditionally work out for the rich instigators/accelerationist. idk maybe their bunkers are immune from having dirt shoved in the air intakes, either way it's not clear to me that they understand that the people they are trying to fuck over the hardest are the ones who know how to work all the industrial equipment and built the bunkers.
> CISA's own joint advisory confirmed that Volt Typhoon actors maintained access inside some victim environments for at least five years, using living-off-the-land techniques that make them nearly invisible to traditional security tools.
According to CISA's joint advisory (AA24-038A), here's specifically how they stayed inside for 5 years:
Valid credentials and stolen accounts. They repeatedly dumped NTDS.dit (the Active Directory database) from domain controllers to harvest every credential in the environment. In one confirmed case they extracted NTDS.dit from three domain controllers over a four-year period. They kept coming back to re-dump so they always had current, valid passwords.
Only operated during normal business hours. They studied the victim's work patterns and only used compromised credentials when legitimate admins would be active, so authentication logs looked normal.
Targeted log deletion. They deleted specific logs to cover their tracks.
Routed traffic through compromised SOHO routers. Fortinet, Cisco RV320, Netgear, and other end-of-life home/small office routers. Made their traffic appear to originate from legitimate residential IPs, not foreign infrastructure.
Zero malware. Literally none. They used only wmic, ntdsutil, netsh, PowerShell, cmd.exe, certutil, ldifde, net, and other native Windows tools. Nothing for an EDR to signature match against.
Minimal activity between credential dumps. They got in, dumped creds, did light recon, then went silent. They weren't exfiltrating data. They were pre-positioning for future disruption. That silence is what made them invisible.
It's a term-of-art that means to use the tools that are already available on the target machine. So rather than shipping a custom binary/shellcode/etc which exfiltrates data or whatever, you string together existing powershell/unix/etc commands to do so. It's effective because it's hard to distinguish these from legitimate processes.
Traditional malware relies on delivery of “payload” with a custom program and data, and/or establishing persistence by installing files to local storage.
These behaviors generate distinctive evidence of compromise in-progress, active, and after the fact, so your AV software or forensics team can identify it.
“Living off the Land” means minimizing or eliminating the payloads and the system modifications, and leveraging anything and everything that is found already existing in the system.
Obviously while presenting extra logistical challenges, LOL can be stealthier and easier to deploy on your target systems.
We won't. This is what the end of empire looks like. The US is going to end up a backwards, superstitious, backwater. I would be surprised if the "U" part of USA survives the century.
The one thing that keeps me going through the fall of the US is the knowledge that despite all, there are still lots of happy people in Russia and China. People live their lives under those single-party authoritarian regimes, and many of them are happy. Maybe I can be happy here, too.
“He gazed up at the enormous face. Forty years it had taken him to learn what kind of smile was hidden beneath the dark moustache. O cruel, needless misunderstanding! O stubborn, self-willed exile from the loving breast! Two gin-scented tears trickled down the sides of his nose. But it was all right, everything was all right, the struggle was finished. He had won the victory over himself. He loved Big Brother.”
Political party in power makes it an explicit goal to dismantle government agencies and privatize all regulations, safety, security, environmental protections.
Chaos ensues.
Average American - "This isn't about politics. Both sides are to blame. We must work together."
Unless people collectively get their heads out of their asses the situation isn't going to magically reverse itself.
I've only really heard of cisa in terms of "fighting disinformation", which seemed more than a little dubious. Can someone speak to what their mission is and how effective they've been at it?
Or is this like the DHS where you just get to say that we haven't had any more 9/11s, so clearly the money and complete transformation of how we think about personal liberties was worth it?
Theoretically, it makes sense that we would need something like a cyber defense agency. Realistically, this doesn't seem like something the government (even at the best of times) would be capable of doing effectively.
Before its recent extension into the mis/disinformation (censorship) space, CISA was primarily focused on coordinating public/private response to cyber threats and distributing information about known vulnerabilities. It is the primary US sponsor of the CVE system, for instance. It also provides guidance regarding best practices to industry and government agencies.
By getting CISA involved in speech regulation, former directors made CISA into a political football, risking its core mission. (This actually happened during the first Trump admin, under a Trump appointee, but continued into the Biden administration.) There is no reason that an organization established to tackle cyber threats should be involved with regulating speech via third parties in NGOs and industry. None. Not even if that speech takes place “on the internet.”
Alex Stamos talked about this a bit on TWiT late last year:
"It's getting hard to not be conspiracy minded here. They closed CSRB, destroyed CISA. CISA has no confirmed director. This just adds to kind of a complete surrender at least on the cyber side. We are spectacularly poorly prepared right now for a cyber attack."
Hopefully there's still MAD (mutually assured destruction). That is, the US has (I presume) a rather formidable array of cyber offensive capabilities. Anyone thinking of cyber attacking the US might find that concerning - hopefully concerning enough that they decide that an attack isn't worth it.
I mean, I'd far rather that that US had both offensive capability and a solid defense. But the situation is not totally hopeless - or so I hope.
This is a good thing. CISA was run by a bunch of BAH consultants that loved to push 8-9 digit cyber security software / license requirements to agencies with no thoughts on how to pay for it. Cyber security in federal is one big circle jerk. Cyber vendors pay into non-profits to write whitepapers why you need X, Y, Z software. This in turn was pushed by IT consultants from the major System Integrators, whom CIO's loved to bend the knee to because that was their near retirement career path. CISA would eventually push these as requirements, with even a bribe of "use our contract, we'll pay for year 1" but no idea how to pay for future years.
I work in a cabinet level agency running an $350M IT program. I'm good what I do, including cyber. We're too focused on paperwork compliance and vendor agents that provide little to no value for 8-9 digit annual costs.
Anonymous Account because I'd like to keep my job.
As an American taxpayer who has a twenty-five year decade long career in IT this concerns me. Doesn't surprise me in the least but concerns me. Yet you see this waste and take to HN instead of reporting the waste and abuse via channels such as whistleblowers?
I'm glad you're good at what you do, but to me, and this attitude of "I know this is an issue but I'm still gonna waste taxpayer funds as part of my job and perl-clutch on HN" is concerning.
Outside of your paycheck contributions and otherwise, that isn't your money friend.
This is how any large federally funded markets operate in the United States. Businesses pay into trade associations or lobbying groups, and they try to impact public policy to ultimately increase/decrease regulation or get funding in future years. This is just the IT version of that.
> This Isn't About Politics
> I'm a veteran. I served under both parties. I don't care which side of the aisle fixes this.
The idea that there are things entirely unpartisan or unpolitical is a polite fiction we can work with when things are somewhere around normal - usually even when things are pretty far from normal.
I get the army drilled this stance into you, but at some point the price the people pay for corruption includes their security.
It is, in fact, about politics.
I think you're technically right but missing what the guy is actually doing. When he says "this isn't about politics" he's not making some naive claim that governance exists outside of politics. He's saying "please don't retreat into the red team blue team thing here." And that's a legitimate move.
The word politics has basically split into two meanings that we swap between without noticing. There's the original sense, the art of navigating collective decisions, how we share power and resources. That version is unavoidable and actually kind of noble. Then there's what the word has come to mean in practice, which is identity-driven team sport. My side versus your side. Performance and signaling.
When you say "it is, in fact, about politics" you're technically correct in the first sense but you're activating the second sense, which is exactly the frame he's trying to get people out of. He's trying to create a space where people engage with the substance without immediately sorting into camps. That's valuable even if the distinction is a little artificial.
It's kind of a trap honestly. The escape hatch from tribal politics has itself become a political move, so you can always say "well actually that's political too." True, but not very useful if you're trying to get anywhere.
> I think you're technically right but missing what the guy is actually doing. When he says "this isn't about politics" he's not making some naive claim that governance exists outside of politics. He's saying "please don't retreat into the red team blue team thing here." And that's a legitimate move.
We've got a great term for the latter, and everyone is already familiar with it. Add the adjective "party". Done.
continuing off the tangent, "party" is a noun, not an adjective. In a construction "party politics", it functions _like_ an adjective, but it remains a noun.
Similarly, "computer" in "computer games" is a noun that modifies the meaning of the following noun. Modifying nouns like this always are in singular.
Specifically this type of modifier is called a "noun adjunct"
Great point, thanks for the correction.
what about "sports betting"
But you should write that to the OP, they are the one who misuses the term "politics" in the 2nd sense. The answer to confusing terms is not a retreat from the original definition, but education. Otherwise you're opening doors to these political moves.
Politics used to mean diplomacy and work across multiple groups with differing but also overlapping incentive structures.
Not two “teams” beating each other over the head.
^ this is correct
Surely the reason why appeasement isn't working is that we just haven't appeased hard enough!
"Both sides" / "tribes bad" / "transcend the conflict" discourse is such cancer, because intentionally ignoring the most pertinent parameters of a conflict is not a neutral choice. When Donald Trump said he would end the Russia/Ukraine conflict on Day 1, we didn't fear that he was lying, we feared that he was serious because we all knew that the only way to actually do it would have been to force Ukrainian defeat. When your toddler is screaming because the smell of cooking has made him hungry but he has to wait, giving in to his demands is not conflict-transcending 3D chess, it's teaching your kid that tantrums are an effective tool. The same goes for politics.
It will have to get a lot of worse in order to get better. Voters have to be in a lot more pain to give the non-crazy party control to actually fix fundamental problems.
Note: I'm an independent, but the current administration is incompetent on an embarrassing level.
We're going to need to, at the very bare minimum, fix campaign finance before we are able to produce a party that will fight for a stable democracy.
Tbh, I don't see any way going back to democracy and rule of law is possible without completely rewriting our constitution.
> without completely rewriting our constitution.
there is no need to rewrite it, because it's fine. What's not fine is people not observing it, and defending it with their lives, and making sure that violations are actioned with penalties, social stigma and disdain.
The fact that this conversation is happening at all is indicative that our current form of government and its founding documents were inadequate in preventing the existing situation.
If the constitution was appropriate, the people would have the explicit legal means of remedying this situation without relying on elections several years after the constitutional crises was underway.
A piece of paper doesn't make any difference if what's written is not observed, nor the rules it laid out followed. The fact that the president can commit crimes - like declaring war without the approval of congress - and have no consequences, means that the problem isn't with the written text, it's in enforcing it. And citizens can only enforce it with elections, or with civil unrest.
I would say that the constitution not enshrining a method of enforcement outside the auspices of the executive branch is an inherent failing of the document. Which would then indict its inability to be amended as originally intended over time.
The fact that it was intended to be a living document and has not remained so, I would argue, is partially responsible for our current predicament.
> because it's fine.
You are blind. The senate and electoral college and lack of clearly distributed powers have meant that we have never functioned as a liberal democracy despite our lofty rhetoric claiming otherwise.
Everyone acts like the electoral college was a blunder. The founding fathers studied the democracies of ancient Greece, and they made a very intentional choice to guard against unfettered democracy. You were supposed to be involved in local politics, where you could actually know and evaluate your representatives. Those representatives were supposed to make national decisions on your behalf, including choosing the president.
I'm not qualified to know who will make a good president. You probably aren't either. Pushing the process further into American Idol territory would make it worse, not better.
> Those representatives were supposed to make national decisions on your behalf, including choosing the president.
This is, incidentally, how we massively screwed up the federal government. In the original design US Senators were elected by the state legislatures, the premise being that they would prevent federal overreach into the regulatory domain of the states because they would be directly accountable to the state governments.
Then populists who wanted to do everything at the federal level pushed for the 17th Amendment which eliminated the state governments' representation in the federal government and people stopped caring about local politics because it started feeling like an exercise in futility when federal law could preempt anything you wanted to do and the thing meant to keep that in check was deleted.
And the federal government was supposed to have enumerated (i.e. narrow, limited) powers. It doesn't have the scaffolding for people to hold it accountable. You can elect the local dogcatcher but the only elected office in the entire federal executive branch is the President of the United States. Which is fine when the main thing they're doing is negotiating treaties and running the Post Office but not fine if you're trying to do thousands of pages of federal regulations on everything from healthcare to banking to labor to energy.
That's somewhat ahistorical, the 17th amendment happened because state legislatures were frequently deadlocked and could not appoint senators, meaning states went without senate representation entirely.
In a fifteen year period 46 senate elections were deadlocked in 20 states, at one point Delaware had an open senate seat for four years due to this.
That said the proper reform to this would've been the abolition of the senate, as it has always been and will always be an anti-democratic force, not moving for senators to be elected by the people.
> That's somewhat ahistorical, the 17th amendment happened because state legislatures were frequently deadlocked and could not appoint senators, meaning states went without senate representation entirely.
That seems more like an excuse than a legitimate reason. If that was actually a problem you could solve it by adopting a mechanism to break ties, putting the vote to the public only in the event of a tie, having the state legislatures use score voting which makes two candidates getting exactly the same score far less likely, etc.
> That said the proper reform to this would've been the abolition of the senate, as it has always been and will always be an anti-democratic force
It's supposed to be an anti-democratic force, like the Supreme Court and the entire concept of even having a federal government instead of allowing local voters to have full plenary power over local laws. Unconstrained direct democracy is a populist whirlwind of impulsive reactionary forces.
>I'm not qualified to know who will make a good president. You probably aren't either. Pushing the process further into American Idol territory would make it worse, not better.
I reject this premise. I'm not omniscient but I have a pretty good idea.
Then we must repeal the state laws criminalizing electors not voting in line with the states popular vote allocation, and directly elect electors to ensure they are people of sound morals and judgement rather than partisan hacks. Because at the moment the electoral college serves no function besides distorting the popular vote. Any other possible function has been removed by law.
> I'm not qualified to know who will make a good president. You probably aren't either. Pushing the process further into American Idol territory would make it worse, not better.
Randomly-selected citizens would have outperformed what we’ve gotten in the last few elections at minimum.
Genuinely think we should consider that.
Athens actually had part of the legislative body chosen by random lot. It makes some amount of sense as a check against entrenched power structures.
The Electoral College is part of the slavery compromise and the slavery compromise was a blunder.
That doesn't really fit the math. At the time of the founding the largest colony was Virginia and of the original 13 colonies, 9 were in the North and only 4 were states that ended up in the Confederacy, i.e. it was the slave states that were underrepresented in the electoral college and the Senate.
No, because the slave states got to count slaves as 3/5 of a person for EC purposes.
If the president was elected by popular vote, slaves would count as zero because they obviously weren't going to let them vote.
Virginia was a slave state at that time (I think it was 8 slave states to 5 non). The states that eventually joined the confederacy are different from those that had legalized slavery when the Constitution was signed.
> Virginia was a slave state at that time
Indeed Virginia was a slave state at the time, and was later part of the Confederacy, and it was the most underrepresented state in the Senate and electoral college at the founding, since those bodies cause higher population states to be underrepresented relative to their population.
> The states that eventually joined the confederacy are different from those that had legalized slavery when the Constitution was signed.
All of the states had legalized slavery when the Constitution was signed. But it was already gathering detractors even then. The states that wanted to keep it the most were the ones that ended up in the Confederacy and they were both a minority of the original colonies and a minority of the states at the time of the civil war.
> please refrain from personal attacks.
This is perfect as the enemy of the good.
There have been plenty of times the country has functioned extremely well with the exact same setup as it is now.
The issue is everyone being greedy cowards instead of actually fighting for what matters.
I don't think everyone is being greedy cowards. Our system is designed to domesticate people through threat of poverty or state sanctioned violence.
Resistance is difficult because it typically requires great personal sacrifice. It's hard to protest when you have to work to feed and shelter your family. It's hard to resist law enforcement when your life is the price.
The working class's current inability to resist tyranny isn't an accident.
> resist tyranny
it always takes sacrifice to resist tyranny. It's just that there's been less tyranny in the past half century, that the new generation raised have not had to make sacrifices, and thus don't feel they need to. Surely, somebody else will make that sacrifice when the time comes...
Millenials have been killed by the current admin, and both Gen Z and Millenials have been in the streets across the country consistently since the current admin took office. Not sure what news you're consuming that you would think the way you do.
Yup, and that ‘why doesn’t someone else do something’ while refusing to actually do the hard part themselves is exactly the greedy coward part.
Which, given current incentives re: law and order does seem to be the sanest thing to do from a local minima perspective.
However, it is also one of the worst outcomes from a global perspective.
The "constitution is good, we just need to follow it" attitude missed out on the rot that occurred before Trump that enabled Trump and supports him to this day. That rot occured under both parties, when guardrails were followed and rules were in place and observed.
Agreed. And in my opinion, a big part of the rot was that Congress became progressively more dysfunctional. (When was the last time they passed an annual budget? That is the most basic job of Congress, and they haven't been able to do it for years.)
I agree with you, but I don't see these things as possible. Maybe the D party will enact campaign finance rules if they got a super majority. Given gerrymandering I'm not sure that is ever possible though.
People really need to understand the math here instead of listening to what politicians themselves self-interestedly complain about.
The modern balance of power remains on a razor's edge and constantly flips because both parties have learned to run data-driven campaigns. That would be as true if neither party did gerrymandering as if both parties do as they do now. Whatever the district which is closest to being flipped, that's the one where they would concentrate their resources. If one party started to get significantly more than 50% of the seats and the other significantly less, the loser would change some of their positions until they were back in the running because getting some of what you want with 51% of the seats is better than getting none of what you want with 39% of the seats.
The actual problem is not the electoral college or gerrymandering or The Despicable Other Party, it's first past the post voting, because that's what creates a two party system. Have your state adopt STAR voting or score voting and see what happens.
> Have your state adopt STAR voting or score voting and see what happens.
There have been ongoing efforts to ban things like ranked choice or other options at the state level and now it's being pushed federally (Make Elections Great Again act MEGA).
Look around at the politics of the majority of countries on the planet. Voters being in pain doesn't mean they suddenly start making the right choice. Quite the opposite in fact.
There's a long way to go on the path the USA is currently on. Ask anyone from India or Russia or Argentina or Egypt or Nigeria how democracy actually works.
Sometimes they do, but yes, I am worried about the flip side as well.
It’s not just the incompetence, it’s the meanness. If this administration were simply incompetent, it would be bad but not alarming or scary. It’s the fact that they want to hurt a portion of the population that worries me greatly.
The electorate does give control but they get bored after a few years and want to wreck everything all over again. It's goldfish levels of political memory in this country.
There have been competent Republican administrations. Take for example Eisenhower. Or Nixon who won the cold war with his China switch.
But the GOP turned into the MAGA cult.
It’s a reference to 5 USC 3331. Everyone who takes the oath should support his recommendations. That’s what I think he means by is not about politics. He’s tacitly asking whether people’s oath’s are intact.
Politics is about power. Who has it, who should have it, who will have it.
Democracy is a system in which parties lose elections, and therefore lose power.
When a party asserts they didn’t lose an election, don’t lose elections, that competing parties are illegitimate, that is an anti-democracy party.
That an anti-democracy party is in power and seems to not care about protecting institutions that help defend and protect Constitutional law and order, makes it a legitimate question whether their oath is intact or if they’re duplicitous.
A lot of effort under Biden was to make diinformation a big push and they offloaded work to third parties, so I'd be curious to know how many of the firings or resignations came from the government being pulled away from censorship in league with social media as opposed to losing harscore cybersecurity professionals. Makes me want to jump back on the cybersecurity bandwagon. I think the the CISA and NSA mandate for memory-safe software roadmap is good. I'm more of a SPARK 2014 fan than Rust, but I think by 2027, I'll shift to 30% focus on Rust and see where the government contracts go. I'm building a high-integrity secure, mostly formally verified automation and controls software for a state-of-the-art portable hoist able to function in aerospace that I am also co-engineering with my partner inventor.
> the government being pulled away from censorship in league with social media
The right sure said that a lot, but it repeatedly failed to materialize. The twitter files were especially embarrassing, where Elon alleged government censorship but his "detective" was forced to admit that it didn't exist. Oops!
> [@mtaibbi] Although several sources recalled hearing about a “general” warning from federal law enforcement that summer about possible foreign hacks, there’s no evidence - that I've seen - of any government involvement in the laptop story. In fact, that might have been the problem...
Contrast this to "we can do it the easy way or the hard way" from the current administration. Yikes!
The last government contracting I observed was in Swift and TypeScript, of all things.
> I get the army drilled this stance into you
Nah, this didn't come from there.
> And what's happening at CISA right now should terrify every American who depends on running water, electricity, and the ability to vote in free elections.
The answer is right at the beginning. Current administration has the explicit goal to not have free elections going forward. It has been stated plainly, on TV. The rest is collateral damage, and an attack on critical infrastructure will be a good excuse to invade the next country, declare state of emergency or outright war and get rid of elections completely.
"You will only have to vote once more. Then we'll fix it"
Apparently that's where you stopped reading. If you continue reading, with a little be of logical reasoning and comprehension, you will learn that Plankey has been nominated by Trump, has bipartisan support, and even that Trump started the CISA agency. The only thing holding it up are 2 republicans and 1 democrat over some contract that probably has something to do with their buddies getting some contract deal. This isn't about "this administration", it's about your everyday political favors behind closed doors that has been happening since governments have been a thing.
That doesn't account for the ~1,000 employees being gutted from the agency and leaving a maliciously incompetent acting director in place. Both of which are directly caused by the current admin and won't be remedied by Plankey getting a confirmation, possibly for years.
For what it’s worth CISA built upon previous work in the DHS (basically rebranded NPPD as CISA) which evolved from NCSD which itself merged NCS and other cybersecurity teams in the wake of 9/11. America has been doing cybersecurity longer than any other country I think but presenting a rebranding as somehow something Trump is leading the charge on is a weird take.
> Current administration has the explicit goal to not have free elections going forward.
Where do you get this from?
Some people have eyes and ears.
Vibes, gut feelings, a general understanding of the history of authoritarian movements. But no, let's wait and see if He goes all the way.
from the actual words said by the president???
https://www.usatoday.com/story/news/politics/2025/10/25/trum...
https://www.huffpost.com/entry/donald-trump-laura-ingraham-f...
Repeated statements by Trump and his circle claiming he’ll run in 2028. Statements by Trump that his supporters won’t ever need to vote again. That little insurrection they tried on January 6th 2021. Their current weaponization and staffing of ICE by people with questionable backgrounds and morals and deploying them against their political enemies under the pretext of illegal immigration (Texas has a bigger problem than Wisconsin For what it’s worth). Constantly praising dictatorial leaders like Putin and Xi while threatening and talking shit about Democratic allies.
So whether or not metastasizes to that point, pretending like this concern has no grounding in actual actions taken and statements uttered is wild, because this playbook isn’t new and the intended direction seems more clear than not.
Hard agree with this and this matches what I’m hearing about the agency. That said, the failures start with Noem, DHS, and its approach to governing. Policies have been actively hostile to those working at the agency, messaging is prioritized over action, policies that make it harder to work overtime or telework or flex to the needs of actual problems, etc and that will likely continue under a new director.
We’ve torched cooperation, shown we cannot protect classified information - if one didn’t know better one would think it was on purpose - but in general incompetence typically reigns. They just don’t think the agency should exist after they said elections in 2020 were generally secure.
If one didn't know better one would think it's incompetence.
Should've made them do leetcode
> shown we cannot protect classified information
Extremely embarrassing that the current POTUS should be in prison specifically for his mishandling of classified information
Butter emales tho
Ever feel like these things are being burned down not just on purpose, but for the gains of someone else?
Well, yes, but that someone else doesn’t need to be a foreign adversary.
There is a certain type of mentality that just doesn’t believe that government should do anything, and that private enterprise will always have the solution.
Those people appear to be in control of all levers of power in the United States.
It's simpler than ideology about government vs. private enterprise. These are purely transactional people, looking out for what can benefit themselves. It's just about grabbing things for personal gain.
Real world evidence doesn't seem to validate this position.
For example - The ratio of government employees (including contractors) to US population is at an all time high[1], and the ratio of GDP to government expense is at an all time high[2].
It should be obvious if you have a profilgate printer priting dollars left and right, and the printer's controllers livelyhood depends on the printer working, workers will eventually lease printing to anyone willing to pay the controllers.
Thus, doesn't seem like a problem of wealthy people to me. You are always going to have wealthy people in any society. But it seems the fault is at having a printer, and letting people who aren't your neighbor, to control it.
I'm open minded in this being a "Chicken or egg" Problem. But I'd need to hear a compelling argument for it.
[1] https://www.brookings.edu/articles/the-true-size-of-governme...
[2] https://www.imf.org/external/datamapper/exp@FPP/USA
ze/l,dcg;klsd;fmg'sex WHATD. you need to learn how monetary policy works. there's nothing in your response worth correcting it's so wrong.
And completely ignores who is President and his explicit words.
The current President is a big fat liar and everybody knows it. But where's your counter for the argument? Government spending is now at a higher percentage of GDP than it was during the height of WWII, which had been the all-time high for 200+ years. That is inherently inconsistent with the incumbent "just doesn’t believe that government should do anything" -- the current government is doing a lot of something.
Why would you write it like it's a mystery. Government spending is for the most part public. Most of it going to two massive buckets military and social support programs (medicare, snap, et al). Now you can argue about how much we should be spending on each, but don't act like it's a big secret where the money is going. The elected representatives (all parties) of this country have voted to increase military spending year over year and most of the population is fine with this.
Separately but equally damaging in terms of spending is one party is consistently doing everything in their power to fuck over the most vulnerable, provide tax breaks to corporations and the wealthy, and generally make life miserable for anyone who isn't a wealthy (soon white) dude.
This means the other party being the only sane choice for people with morals, but also being subject to various types of capture corporate or otherwise, gets to spend their time in power bumbling around trying to undo the damage and make sure the wheels don't completely fall off, so the "welfare" state expands by necessity since the only thing the two parties can agree on at this point is that all problems should be solved by throwing absurd amount of money at them and nothing else.
> Most of it going to two massive buckets military and social support programs (medicare, snap, et al).
SNAP is peanuts. About a trillion dollars out of the seven trillion goes to the military and by far the largest amount goes to retirees.
> The elected representatives (all parties) of this country have voted to increase military spending year over year and most of the population is fine with this.
How can you tell if they're fine with it if all of their alternatives lead to the same result?
> Separately but equally damaging in terms of spending is one party is consistently doing everything in their power to fuck over the most vulnerable, provide tax breaks to corporations and the wealthy, and generally make life miserable for anyone who isn't a wealthy (soon white) dude.
The party that set up Social Security so that it has an income cap on the tax, makes larger payouts to people who had higher incomes up to the cap and max payouts to people who hit the income cap, and pays out more to white people in aggregate even proportional to their income because they live longer, was the party of FDR. The party that has been obstructing housing construction in San Francisco and other major cities for decades to the detriment of renters, young prospective home buyers and the homeless is the party with the majority in those cities, and you can't even pin that one on the filibuster.
You don't get to blame the other party for the things they screwed up and the things you screwed up.
That is basically the Republicans' entire existence at this point. They would rather blow it up/make it disfunction/burn in down than have a working government. They have proven so with actions/policy like their willingness to pile destructive levels of debt onto the nation in order leverage the damage to their political goal of destroying government.
https://en.wikipedia.org/wiki/Starve_the_beast
But they seem to also believe in heavy-handed government intervention to prop up failing businesses. For example Trump's recent announcement that he'll require the military to buy coal power on long-term contracts:
https://arstechnica.com/science/2026/02/trumps-latest-plan-t...
So on the one hand they're saying government shouldn't do anything, but on the other hand they love having the government put its finger on the scales of the market.
The common thread that resolves this apparent conflict is, of course, billionaires. 100% of Republicans and ~60% of Democrats are in office primarily to serve at the whims of billionaires. They will pursue whatever policies will give more power to billionaires, consistency and hypocrisy are irrelevant.
> ~60% of Democrats
I think you can make that ~80%, but maybe you've done the calculations more diligently than I have.
No, it is more like Reps 75% and Dems 90%, ±5%.
How could you possibly come to this conclusion? Which party literally just voted for tax breaks on the wealthy and corporations, twice in one decade?!
In before "No clearly the party that helps the billionaires the most and is mostly comprised of billionaires and is backed by all the tech billionaires are the good guys, they are the true party of the people"
"So on the one hand they're saying government shouldn't do anything, but on the other hand they love having the government put its finger on the scales of the market."
Rather: They don't want the government to impede capitalist interests (greed), so they're using the government to further their corruption and greed
You think they truly believe private enterprise is going to defend the country from cyberattacks?
I personally find the mentality truly not sane. So, why not? Absolutists appear to not think through a lot of things.
On top of that, there is the whole accelerationist ideology factor, which is also deeply insane to me.
Sure, but under that assumption there’s no reason to rule out any of the other theories, either.
Agreed. I guess my point in OP was about my own realization that crazy stuff need not be at the behest of a foreign adversary.
It's amazing what people will ignore to suit their prejudices. The Presidential cryptocurrency should have been the clearest signal that this was going to be all-grift, all of the time. I don't think any previous President would have been allowed to destroy half of the White House, either. The exact sort of thing that, if an "enemy" had did it, they would be demanding a war over.
Each new fire is a distraction from the chaos created by the previous one.
It's a distraction only if people let themselves be distracted.
You did get the memo from POTUS that loyalty is more important than intelligence, right?
Un-bias intelligence in this operation is not welcomed. One is told what is "factual truth" (not facts themselves) by those who operate out of Pennsylvania Avenue in DC.
If you're not blindly loyal and in line with the administration, then you'll be at risk of losing whatever role you have unless your loyalty is proven then you may receive some of that back based on how much you have demonstrated.
--
The problem in infosec in this world is not competence, it is cult of personality. This is why black t-shirt dislike black polo shirts not so secretly.
Yes, a thousand little petty warlords in waiting.
We're in an era of Disaster Capitalism. Some of the richest people have realized they've nearly extracted all the money they can gain on the current trajectory of nations and came to the conclusion they can make even more money if they destroy everything and then are the ones to rebuild society, their way.
Fallout's storyline from the live-action series, where Vault-Tec dropped the first nuke and started the apocalypse simply so they could wipe out the competition and rebuild later, is a little too on-the-nose.
Ya historically this doesn't traditionally work out for the rich instigators/accelerationist. idk maybe their bunkers are immune from having dirt shoved in the air intakes, either way it's not clear to me that they understand that the people they are trying to fuck over the hardest are the ones who know how to work all the industrial equipment and built the bunkers.
> CISA's own joint advisory confirmed that Volt Typhoon actors maintained access inside some victim environments for at least five years, using living-off-the-land techniques that make them nearly invisible to traditional security tools.
What are these living-off-the-land techniques?
According to CISA's joint advisory (AA24-038A), here's specifically how they stayed inside for 5 years: Valid credentials and stolen accounts. They repeatedly dumped NTDS.dit (the Active Directory database) from domain controllers to harvest every credential in the environment. In one confirmed case they extracted NTDS.dit from three domain controllers over a four-year period. They kept coming back to re-dump so they always had current, valid passwords. Only operated during normal business hours. They studied the victim's work patterns and only used compromised credentials when legitimate admins would be active, so authentication logs looked normal. Targeted log deletion. They deleted specific logs to cover their tracks. Routed traffic through compromised SOHO routers. Fortinet, Cisco RV320, Netgear, and other end-of-life home/small office routers. Made their traffic appear to originate from legitimate residential IPs, not foreign infrastructure. Zero malware. Literally none. They used only wmic, ntdsutil, netsh, PowerShell, cmd.exe, certutil, ldifde, net, and other native Windows tools. Nothing for an EDR to signature match against. Minimal activity between credential dumps. They got in, dumped creds, did light recon, then went silent. They weren't exfiltrating data. They were pre-positioning for future disruption. That silence is what made them invisible.
It's a term-of-art that means to use the tools that are already available on the target machine. So rather than shipping a custom binary/shellcode/etc which exfiltrates data or whatever, you string together existing powershell/unix/etc commands to do so. It's effective because it's hard to distinguish these from legitimate processes.
Traditional malware relies on delivery of “payload” with a custom program and data, and/or establishing persistence by installing files to local storage.
These behaviors generate distinctive evidence of compromise in-progress, active, and after the fact, so your AV software or forensics team can identify it.
“Living off the Land” means minimizing or eliminating the payloads and the system modifications, and leveraging anything and everything that is found already existing in the system.
Obviously while presenting extra logistical challenges, LOL can be stealthier and easier to deploy on your target systems.
I don't know about this specific case, but there is a list of well-known techniques: https://lolbas-project.github.io/
Funny enough, CISA made a joint advisory on it: https://www.cisa.gov/sites/default/files/2025-03/Joint-Guida...
My understanding is you could write an article like this for every agency right now. Rebuilding is going to be very expensive assuming we get there.
We won't. This is what the end of empire looks like. The US is going to end up a backwards, superstitious, backwater. I would be surprised if the "U" part of USA survives the century.
The one thing that keeps me going through the fall of the US is the knowledge that despite all, there are still lots of happy people in Russia and China. People live their lives under those single-party authoritarian regimes, and many of them are happy. Maybe I can be happy here, too.
I think that's exactly how Russia operates, sadly. Vodka helps, I guess.
“He gazed up at the enormous face. Forty years it had taken him to learn what kind of smile was hidden beneath the dark moustache. O cruel, needless misunderstanding! O stubborn, self-willed exile from the loving breast! Two gin-scented tears trickled down the sides of his nose. But it was all right, everything was all right, the struggle was finished. He had won the victory over himself. He loved Big Brother.”
Political party in power makes it an explicit goal to dismantle government agencies and privatize all regulations, safety, security, environmental protections.
Chaos ensues.
Average American - "This isn't about politics. Both sides are to blame. We must work together."
Unless people collectively get their heads out of their asses the situation isn't going to magically reverse itself.
I've only really heard of cisa in terms of "fighting disinformation", which seemed more than a little dubious. Can someone speak to what their mission is and how effective they've been at it?
Or is this like the DHS where you just get to say that we haven't had any more 9/11s, so clearly the money and complete transformation of how we think about personal liberties was worth it?
Theoretically, it makes sense that we would need something like a cyber defense agency. Realistically, this doesn't seem like something the government (even at the best of times) would be capable of doing effectively.
Before its recent extension into the mis/disinformation (censorship) space, CISA was primarily focused on coordinating public/private response to cyber threats and distributing information about known vulnerabilities. It is the primary US sponsor of the CVE system, for instance. It also provides guidance regarding best practices to industry and government agencies.
By getting CISA involved in speech regulation, former directors made CISA into a political football, risking its core mission. (This actually happened during the first Trump admin, under a Trump appointee, but continued into the Biden administration.) There is no reason that an organization established to tackle cyber threats should be involved with regulating speech via third parties in NGOs and industry. None. Not even if that speech takes place “on the internet.”
It’s getting replaced with something more agile
Alex Stamos talked about this a bit on TWiT late last year:
https://twit.tv/shows/this-week-in-tech/episodes/1056?autost..."We are spectacularly poorly prepared right now for a cyber attack."
Then we will deserve it. (Sad to say.)
Hopefully there's still MAD (mutually assured destruction). That is, the US has (I presume) a rather formidable array of cyber offensive capabilities. Anyone thinking of cyber attacking the US might find that concerning - hopefully concerning enough that they decide that an attack isn't worth it.
I mean, I'd far rather that that US had both offensive capability and a solid defense. But the situation is not totally hopeless - or so I hope.
And a cyberattack would justify another war and extra powers of emergency. Perfect!
This is a good thing. CISA was run by a bunch of BAH consultants that loved to push 8-9 digit cyber security software / license requirements to agencies with no thoughts on how to pay for it. Cyber security in federal is one big circle jerk. Cyber vendors pay into non-profits to write whitepapers why you need X, Y, Z software. This in turn was pushed by IT consultants from the major System Integrators, whom CIO's loved to bend the knee to because that was their near retirement career path. CISA would eventually push these as requirements, with even a bribe of "use our contract, we'll pay for year 1" but no idea how to pay for future years.
I work in a cabinet level agency running an $350M IT program. I'm good what I do, including cyber. We're too focused on paperwork compliance and vendor agents that provide little to no value for 8-9 digit annual costs.
Anonymous Account because I'd like to keep my job.
As an American taxpayer who has a twenty-five year decade long career in IT this concerns me. Doesn't surprise me in the least but concerns me. Yet you see this waste and take to HN instead of reporting the waste and abuse via channels such as whistleblowers?
I'm glad you're good at what you do, but to me, and this attitude of "I know this is an issue but I'm still gonna waste taxpayer funds as part of my job and perl-clutch on HN" is concerning.
Outside of your paycheck contributions and otherwise, that isn't your money friend.
This is how any large federally funded markets operate in the United States. Businesses pay into trade associations or lobbying groups, and they try to impact public policy to ultimately increase/decrease regulation or get funding in future years. This is just the IT version of that.
I live and work in the DMV. I get it. Doesn't change my point.
"America [...] Is Burning Down and Nobody's Coming to Put It Out [because it decided to do so to itself]"
There, fixed the title with some subbtle edits. /s