That is true, but without understanding what the GAO report was covering it can be a bit misleading. Here is a bit of a graphic summary. http://www.gao.gov/key_issues/...
First it is important to note the 106B was over like a 20 year period. It is also important to note, that 106B wasn't all for science (in fact only the minority of it was). That number was the full amount they could attribute towards any are of work on climate change. In the above link the break it down into science, technology, and international assistance. So this covers FAR more than what one would first think of if they were told 106B went to climate change research. Research into clean coal? That would be counted. Nuclear, that would be counted. Research into better batteries for electric cars, that is counted. Research in to solar/wind, that is counted.
You can dig into the reports further to get a more detailed understanding. The point is simply saying climate change got 106B may sound like "oh my god climate researchers are getting rich!!!!". However, when you understand what the report really covers (long period of time and only a small portion goes to what you'd normally thing of as climate research) it does change the perspective a bit.
If they come from a company retained pool, that company retained pool would be an asset on the companies balance sheet. So taking it from there lowers the company's value by 76M. The stock options are a tax dodge, but that isn't what Oracle's owners are complaining about. They are complaining about his compensation being too high. I don't think they are too worried about the exact structure of that compensation. Either way it takes from their value.
I have gotten incredibly sick of the tin foil hat brigade putting the NSA into every one of their conspiracy theories
If at this point, you still believe the NSA collecting private data is tin foil hat territory, I'm not sure exactly how to proceed. However, I'll assume you didn't actually mean that for purposes of the rest of the post.
Obviously you are concerned about your data being intercepted and stolen. Do you guys honestly think, for one second, that you can hide from these guys if they really want you?
OK, this statement really points that you aren't involved in information security (at least in a serious capacity anyway). Do you really guarantee you can hide from Anonymous or even script kiddies 100% of the time if they really want you? If you answer yes, then again we know you aren't involved in information security. So since the answer is no, what is your solution? Do you simply throw your hands in the air and say screw it? I cannot guarantee to stop them anyway, so lets just toss our firewall and anti-virus in the trash? No of course not. Heck even your sarcastic comment about a physically secured facility, in a faraday cage, with no internet access cannot promise the information will be secure. A simple warrant, guys with guns, breaking down your door and taking the server easily gets around that.
Information security is about risk mitigation. What can you reasonably and responsibly do to ensure the security of your client information? It isn't about guaranteeing 100% security as that is simply not possible (NSA or not). So there standard industry best practices to mitigate against risks even though that doesn't completely remove all risks. Such things include encryption, firewalls, anti-virus, IPS, DLP, etc, etc. Even if you do all of those things and more, that cannot promise 100% safety, but it does represent you doing your best to protect your clients data and not just tossing your hands in the air and saying screw it.
This NSA (I use that as they are the largest, but mean it to encompass every alphabet agency from every country) threat isn't new obviously, but the scope and visibility of it is obviously much more obvious than ever. Thus responsible IT professionals will be talking about how best to responsibly do their jobs in this regard for quite some time. I'm sorry you don't like it, but it is a good thing. New best practices on how to combat and mitigate these risks will come from such discussions. There will never be a 100% fix, but these discussions will lead to solutions that help. Those of us who take our clients information security serious obviously love these discussions. I'm sorry for you (really more for your clients) if you don't want to hear about this, but it isn't going anywhere.
To be clear, I don't think Apple sharing my fingerprint is the biggest problem here. I'd never use it simply because my finger print is already known or easily knowable by so many people/entities. My properly strong passwords are not.
Apple touts the fact that the fingerprint is never sent over the network as a feature but in reality it can't send it over the network even if it wants to
So the data exists on the phone. The phone is connected to a network. But it is physically impossible for that data to be sent over the network? Not sure how that would work.
Certainly not FUD. A valid concern even if you personally don't think it is an issue. I personally am not worried about it != FUD.
If you want better security on your phone your best bet is stop using a 4 digit numerical passcode or incredibly simply swipe gestures and choose a properly strong/long password. My knowledge of biometrics is limited to enterprise system we had years ago which was horribly unreliable (often wouldn't allow the proper person access and would allow unauthorized people access on what seemed a random basis). I'm sure things have improved a lot since then, but still most studies you read on such systems don't leave you with much confidence.
Their best use seems to be in a 2 factor authentication scheme, but certainly not a replacement for a proper strong password.
Well that is simple then. Identify the users violating the agreement you have with and enforce that agreement.
You can measure a programmer's perspective by noting his attitude on the continuing viability of FORTRAN. -- Alan Perlis