Is there anywhere that you don't have to make that choice? Whether it's a country, company, or other organization, there's always some risk to expressing displeasure with the status quo.
There is nothing you can say or do that can't be used against you. Whether it's a government threatening you with prison, or a company's lawyer threatening you with living in poverty for the rest of your life. Everyone can be a target. I'm not saying it's not a bad situation. I'm saying it's the cold, hard reality we live in. You can either accept the reality, or live in denial.
Freedom isn't free. Others can take the freedom you have, but no one except yourself can give you more. If you're not willing to risk retribution for pissing off the government, you've already voluntarily given up your freedom. If these situations make you too afraid to speak out, you've already created your own little prison in your mind. That, more than any other example case like this, is what most prevents you from being free.
I am free because I choose to be. Sure, there's some statistically irrelevant chance that someone in a position of authority could start some vendetta against me and they could take away the freedom I currently have. However, I'm not going to stop doing anything that might be politically unpopular because I'm afraid of someone, someday turning that against me. I'm sure I'm in several government databases, some of which may have a little =( next to my name. Many people will say "but what if you're wrong?" That's a chance I'm willing to take. But what if I'm right? Everything you don't do because you let others control you through fear, and all the opportunities that prevents you from having, is the chance you take, whether or not you recognize that you've already made such a choice in your own life.
As a society, we like to pretend that we're evolved and civilized. I suspect anyone who has been on either side (criminal or victim) of our criminal system has a much more realistic assessment. It doesn't exactly work the way they teach us in school.
Anyone who lives their life based on fear of the extreme cases is going to be miserable. At some point you just have to find the right balance of freak and normal behaviors. If you're doing a lot of things that may be borderline illegal, you probably want to also be a productive member of society. Appearances count. You don't have to like that, you just have to accept it.
There are so many laws that everyone violates some of them. Most houses have chemicals that could be used in the production of meth or pipe bombs. If the police want to go after you, they can find something. If the DA wants to prosecute you, he just needs to give a subset of the available facts and tell a story that compels a jury to find you guilty. The defense has to explain why those facts are being used in a misleading way and tell a better story to get off.
Amateur chemists need to understand that there is some potential risk in what they do. However, that is probably true of most hobbies. Nothing is completely safe. If you give someone a reason to investigate you, or just have bad luck, you'll have to justify your actions to someone who only cares about getting another prosecution, regardless of whether or not justice is served. The only way to avoid that is to do nothing and wait to die. Actually, that's would probably be suspect too. The chances of getting hauled off to a gulag are pretty small for people who aren't doing anything wrong. Like with all things in life, just do what you're going to do and hope the odds work in your favor.
This approach to finding patterns works well in marketing where getting a 1% rate of sales to contacts is a good response rate. The problem with using this approach for anything in the real world is the 99% of the time you're wrong.
They looked at the history of a few people and found a pattern. Now that the pattern has been disclosed, only historical information is likely to have any merit. If the people controlling the communications know this is a way to be found, after getting a call from a watched country, they'll have the people go somewhere else and send emails or otherwise use a different channel for communication.
Knowing all of the data points isn't enough if you don't know which ones in different databases (phone, email, etc) are related and why.
I dislike the idea of shielded wallets because it misses the point. If you want something to default to off without user interaction, you shouldn't be using something that is always on plus another thing that mitigates the always on effect. Why not just make the rfid circuit default to open and make you do something like squeeze the badge to close the circuit and enable the RFID capability? Always on means always vunerable. That gets sold based on convenience, but is it ever really a good idea?
All else being equal, it's easier to prosecute a US company. For anything political, it's important to know who your scapegoat will be and how you'll parade them as the cause of the problem. It's hard to do that with foreign entities.
It's legal for you to send packets over network connections owned and operated by third parties. If you have an expectation of privacy for data being handled by parties you have no relationship with, you're being unreasonable. I don't have any contract with AT&T, so what they do with my information is outside my control. I wouldn't do business with my ISP if they didn't have network connections that would get traffic to/from the rest of the world for me, so I'm giving up control once I send data out.
Are you willing to pay 100 times what you pay now to ensure that your traffic doesn't cross the systems of someone who won't respect your privacy? Instead of $50/mo for broadband, would you pay $5000/mo? Keeping data off the backbone networks would be very expensive. Asking them to report what they collect just increases the burden, which translates directly into cost.
Private companies running this on their own networks are in an even more reasonable position. Are you afraid of them finding out that you're doing something using work computers and work networks on work time? If my employer records the fact that I posted this on company time, that's their choice. It's their system. If I don't want them recording it, I could wait and do it from home later.
And if they are recording it, I want to give a big thanks to the corporate security and networking guys - you're doing a great job! =)
These throw away CC #'s make it possible to do anonymous transactions with merchants. The credit card companies still want to know who you are so they can get paid. This seems like a reasonable compromise if you want it to be a credit account. Prepaid throw away debit cards on the other hand would likely be too easily abused for money laundering, making that a product that banks don't want to offer.
Making buildings impervious to RF seems like it solves the opposite of the actual problem. If construction companies put conduits in house that made it easier to route network cables to all of the rooms, there would be no need use wireless. The only reason I use wireless at home is that I don't want to try to come up with some horrible kludge to get wires everywhere.
It's more compressable once you realize that the regular expression.* expresses the same idea as blah. By extrapolation, blah.*blah is functionally equivalent to blah. Therefore, all marketing documentation can be compressed to the most accurate statement:
Security systems need to be designed for use by the lowest common denominator. A user should be able to use PGP for encryption and signing without knowing all the intricacies of how it works. This gives the user the ability to benefit from the security if they follow directions, and if they do everything wrong (ie, mail their private key out, choose "cat" for their pass phrase, etc) they're no worse off for having used PGP incorrectly than if they didn't use it.
The average user isn't going to understand key management. Should each bank sending email have a single PGP used for all of their email? Most banks have many different parts of the company that do different functions pertaining to the customer. If the signing of email is done at the company level, encryption of the data before it goes out is testing internal controls instead of ensuring legitimate emails can be authenticated. How will the key be retrieved and verified by the user for each bank? How about key revocation and replacement procedures when relevant employees leave?
PGP would only change the methods of attack. Phishing takes advantage of people who lack common sense. There's no amount of technology that can protect people from themselves. Technical solutions are good for technical problems. Phishing is a people problem.
So what if someone thinks a legitimate email from a bank is a phishing scam? Banks shouldn't be using email for anything serious because it makes their customers more susceptible to fraud. If people expect to receive legitimate and sensitive communications from their bank via email, it's that much easier to fall for it.
For example, I got one this morning talking about my home loan account with a large bank I don't have an account with. I know it's a phishing scam just from the From and Subject lines. However, if my own bank sent an email talking about my actual mortgage, I'd treat it in exactly the same way. There's no benefit to giving an email the benefit of the doubt. If there is something my bank needs from me, they can send a letter and I'll go to my local branch to take care of it in person.
Oddly enough, this is where I think being a contractor is a good thing. HR cannot do anything to me, because I'm not a human resource. I'm no different from a budget perspective from hardware or software. I'm either the least expensive way for the business to achieve its goals, or I'm replaced.
From the perspective of the people making the budgets, that's true of everyone. It's just that from a cost perspective, it's easy to say the entire company needs to lose 10% of their people and let someone else figure out which people those are. It just means the departments who are running efficiently feel a bigger impact than those that filled out with lots of fluff employees to build their empire.
An individual who changed the code would potentially be in violation of FCC regulations. However, that's not the same as saying that the possibility facilitates an actual problem. The code is not likely to be modified by most users. Hams are allowed to modify and utilize radio hardware in the appropriate bands. I don't know how many people would really do so, but cutting off the possibility of compliant experimentation because of the possibility of noncompliant abuse seems like a uneven tradeoff.
In a resume, you have limited space to convey the most useful information to someone. If you believe your certifications are high on that list, it can be interpreted as a negative. That's probably how they're looking at it when they toss resumes listing certifications.
I've been doing system administration on Sun's since 1992. This year I got some Sun certifications because they're needed by a Sun reseller I'm contracting with. I'm not going to put them on my resume because I'd rather talk about my experience than my certifications. If someone requires the certifications, I'll mention them. Otherwise, I'd rather focus on what I can do for them.
It's not convoluted if you've been around since the dawn of time. It makes sense if you've seen the evolution. You don't want to know what it was like in the bad old days.
I consider impersonal to be a good thing. I like my computers to do their thing consistently once they're set up. The idea of a computer that works 80% of the time, but will give me a hug whenever I want one just seems wrong.
Though, I think Unix is friendly. It does exactly what I ask of it, no questions asked. If I'm telling it to do the wrong thing and it does it, is it really fair for me to get mad at the computer for being cooperative?
A degree without experience is actually worse. They expect to pay you more because you have a degree, but without experience, you're no more capable of doing the job. Certifications may factor into HR checklists for keeping resumes, but they don't pay more just because you are certified by Smilin' Joes BBQ and IT Certification Cafe.
The best thing you can do is get experience. There are plenty of jobs for someone who is really interested in doing something, has some background, and is willing to be paid poorly. Most people start at the crappy jobs and work their way up. I'm sure there are people who get a degree and get a $50k starting salary. That's not how it works for most people in the real world. I don't know how the job market is now, but last I looked in 2003, there were a lot of people who were underemployed. That's someone who has a lot of experience taking a job that doesn't require their skill level because the person needs a job and the company gets a more experienced person for less money.
And some do. I work for a large bank and they checked all of my references. They specifically asked if I had a degree since I put the years I attended college and major on my resume. I told them no. That wasn't a problem since I already got through the rest of the interview process successfully. I agree that whether or not I have a degree, I am just as capable of doing my job. Many of the people I work with have PhD's. They learned their profession in school, I learned mine on the streets of silicon valley. They appreciate my contribution because I do things they understand. I appreciate theirs because I don't want to spend another decade in school to get a degree that qualifies me for a lower paying job. =)
I make recommendations to directors and VP's all the time. Some of the recommendations involve computer security processes. They trust me because I consistently show integrity in what I do. Someone who says they have a degree when they don't lacks integrity. That's the kind of thing that can come out at any time. HR people at large companies may not know which resumes to toss and which to keep, or verify people's claims sometimes, but they do a decent job of keeping track of why they let you go. Do you really want to take that chance?
Given adequate funding, anyone could unearth a pyramid. They're everywhere, just covered with dirt and rocks. The biggest curiousity is how the rocks covering the pyramid bonded with the rocks that make up the pyramid. The bonds are so strong that unearthing the pyramid almost seems like you have to carve it out of the mountain. This phenomena can't currently be explained by archaeologists.
While that archaeology web site makes some interesting arguments, they're completely ignoring the possibility that aliens constructed the pyramid. This theory, made popular by the film Alien Vs Predator, has not been discredited by serious researchers. They simply dismiss the theory without so much as communicating with the aliens to get their perspective. It's simply not fair that the crack pot viewpoint is completely disregarded by the so called legitimate research community. It's discrimination and it's wrong. =)
I don't mean to discount all disaster recovery plans in large companies. That's certainly a good example of why they exist.
However, I think the one size fits all approach goes overboard. For example, I need to create a disaster recovery plan for an environment that was considered small enough that all but one member of the development team was downsized after completion of the project. A DR plan was not a serious consideration at the time, so the information that would have been needed for a rational plan is no longer available. Right now, it's nothing more than a paperwork requirement.
The reality of most DR plans is that they come down to the approach in "Dilbert and the Way of the Weasel" - your personal disaster recovery plan can be to drive across town and get a job at a company that didn't have a disaster. I suspect this is eerily close to the truth in most cases.
I've always found disaster recovery plans to be an annoying necessity in large businesses. I'd hate to see all the other paperwork that would be needed if my systems were subjected to mortar attacks. That certainly justifies the need for clustering over a WAN.
I don't consider myself an expert in kernel programming, but I definitely think someone is off base if they're expecting programmers as a whole to do the right thing. Many programs seem to work by coincidence rather than design. People didn't do their memory management right in the days when it was necessary. Now that a lot of people are moving towards languages that handle the memory management for them, I expect even fewer to worry about it. That does mean that the programmers of the programming languages are the ones who are responsible, but I'd personally rather have the kernel take a more active role in memory management.
Slashdot Mirror
Is there anywhere that you don't have to make that choice? Whether it's a country, company, or other organization, there's always some risk to expressing displeasure with the status quo.
There is nothing you can say or do that can't be used against you. Whether it's a government threatening you with prison, or a company's lawyer threatening you with living in poverty for the rest of your life. Everyone can be a target. I'm not saying it's not a bad situation. I'm saying it's the cold, hard reality we live in. You can either accept the reality, or live in denial.
Freedom isn't free. Others can take the freedom you have, but no one except yourself can give you more. If you're not willing to risk retribution for pissing off the government, you've already voluntarily given up your freedom. If these situations make you too afraid to speak out, you've already created your own little prison in your mind. That, more than any other example case like this, is what most prevents you from being free.
I am free because I choose to be. Sure, there's some statistically irrelevant chance that someone in a position of authority could start some vendetta against me and they could take away the freedom I currently have. However, I'm not going to stop doing anything that might be politically unpopular because I'm afraid of someone, someday turning that against me. I'm sure I'm in several government databases, some of which may have a little =( next to my name. Many people will say "but what if you're wrong?" That's a chance I'm willing to take. But what if I'm right? Everything you don't do because you let others control you through fear, and all the opportunities that prevents you from having, is the chance you take, whether or not you recognize that you've already made such a choice in your own life.
As a society, we like to pretend that we're evolved and civilized. I suspect anyone who has been on either side (criminal or victim) of our criminal system has a much more realistic assessment. It doesn't exactly work the way they teach us in school.
Anyone who lives their life based on fear of the extreme cases is going to be miserable. At some point you just have to find the right balance of freak and normal behaviors. If you're doing a lot of things that may be borderline illegal, you probably want to also be a productive member of society. Appearances count. You don't have to like that, you just have to accept it.
There are so many laws that everyone violates some of them. Most houses have chemicals that could be used in the production of meth or pipe bombs. If the police want to go after you, they can find something. If the DA wants to prosecute you, he just needs to give a subset of the available facts and tell a story that compels a jury to find you guilty. The defense has to explain why those facts are being used in a misleading way and tell a better story to get off.
Amateur chemists need to understand that there is some potential risk in what they do. However, that is probably true of most hobbies. Nothing is completely safe. If you give someone a reason to investigate you, or just have bad luck, you'll have to justify your actions to someone who only cares about getting another prosecution, regardless of whether or not justice is served. The only way to avoid that is to do nothing and wait to die. Actually, that's would probably be suspect too. The chances of getting hauled off to a gulag are pretty small for people who aren't doing anything wrong. Like with all things in life, just do what you're going to do and hope the odds work in your favor.
This approach to finding patterns works well in marketing where getting a 1% rate of sales to contacts is a good response rate. The problem with using this approach for anything in the real world is the 99% of the time you're wrong.
They looked at the history of a few people and found a pattern. Now that the pattern has been disclosed, only historical information is likely to have any merit. If the people controlling the communications know this is a way to be found, after getting a call from a watched country, they'll have the people go somewhere else and send emails or otherwise use a different channel for communication.
Knowing all of the data points isn't enough if you don't know which ones in different databases (phone, email, etc) are related and why.
I dislike the idea of shielded wallets because it misses the point. If you want something to default to off without user interaction, you shouldn't be using something that is always on plus another thing that mitigates the always on effect. Why not just make the rfid circuit default to open and make you do something like squeeze the badge to close the circuit and enable the RFID capability? Always on means always vunerable. That gets sold based on convenience, but is it ever really a good idea?
All else being equal, it's easier to prosecute a US company. For anything political, it's important to know who your scapegoat will be and how you'll parade them as the cause of the problem. It's hard to do that with foreign entities.
It's legal for you to send packets over network connections owned and operated by third parties. If you have an expectation of privacy for data being handled by parties you have no relationship with, you're being unreasonable. I don't have any contract with AT&T, so what they do with my information is outside my control. I wouldn't do business with my ISP if they didn't have network connections that would get traffic to/from the rest of the world for me, so I'm giving up control once I send data out.
Are you willing to pay 100 times what you pay now to ensure that your traffic doesn't cross the systems of someone who won't respect your privacy? Instead of $50/mo for broadband, would you pay $5000/mo? Keeping data off the backbone networks would be very expensive. Asking them to report what they collect just increases the burden, which translates directly into cost.
Private companies running this on their own networks are in an even more reasonable position. Are you afraid of them finding out that you're doing something using work computers and work networks on work time? If my employer records the fact that I posted this on company time, that's their choice. It's their system. If I don't want them recording it, I could wait and do it from home later.
And if they are recording it, I want to give a big thanks to the corporate security and networking guys - you're doing a great job! =)
Nice try Mallory. We all know you're not the real Bob.
These throw away CC #'s make it possible to do anonymous transactions with merchants. The credit card companies still want to know who you are so they can get paid. This seems like a reasonable compromise if you want it to be a credit account. Prepaid throw away debit cards on the other hand would likely be too easily abused for money laundering, making that a product that banks don't want to offer.
Making buildings impervious to RF seems like it solves the opposite of the actual problem. If construction companies put conduits in house that made it easier to route network cables to all of the rooms, there would be no need use wireless. The only reason I use wireless at home is that I don't want to try to come up with some horrible kludge to get wires everywhere.
It's more compressable once you realize that the regular expression .* expresses the same idea as blah. By extrapolation, blah.*blah is functionally equivalent to blah. Therefore, all marketing documentation can be compressed to the most accurate statement:
Blah.
Security systems need to be designed for use by the lowest common denominator. A user should be able to use PGP for encryption and signing without knowing all the intricacies of how it works. This gives the user the ability to benefit from the security if they follow directions, and if they do everything wrong (ie, mail their private key out, choose "cat" for their pass phrase, etc) they're no worse off for having used PGP incorrectly than if they didn't use it.
The average user isn't going to understand key management. Should each bank sending email have a single PGP used for all of their email? Most banks have many different parts of the company that do different functions pertaining to the customer. If the signing of email is done at the company level, encryption of the data before it goes out is testing internal controls instead of ensuring legitimate emails can be authenticated. How will the key be retrieved and verified by the user for each bank? How about key revocation and replacement procedures when relevant employees leave?
PGP would only change the methods of attack. Phishing takes advantage of people who lack common sense. There's no amount of technology that can protect people from themselves. Technical solutions are good for technical problems. Phishing is a people problem.
So what if someone thinks a legitimate email from a bank is a phishing scam? Banks shouldn't be using email for anything serious because it makes their customers more susceptible to fraud. If people expect to receive legitimate and sensitive communications from their bank via email, it's that much easier to fall for it.
For example, I got one this morning talking about my home loan account with a large bank I don't have an account with. I know it's a phishing scam just from the From and Subject lines. However, if my own bank sent an email talking about my actual mortgage, I'd treat it in exactly the same way. There's no benefit to giving an email the benefit of the doubt. If there is something my bank needs from me, they can send a letter and I'll go to my local branch to take care of it in person.
Oddly enough, this is where I think being a contractor is a good thing. HR cannot do anything to me, because I'm not a human resource. I'm no different from a budget perspective from hardware or software. I'm either the least expensive way for the business to achieve its goals, or I'm replaced.
From the perspective of the people making the budgets, that's true of everyone. It's just that from a cost perspective, it's easy to say the entire company needs to lose 10% of their people and let someone else figure out which people those are. It just means the departments who are running efficiently feel a bigger impact than those that filled out with lots of fluff employees to build their empire.
Sure, it's: total/unique
The problem is that x/0 is undefined.
An individual who changed the code would potentially be in violation of FCC regulations. However, that's not the same as saying that the possibility facilitates an actual problem. The code is not likely to be modified by most users. Hams are allowed to modify and utilize radio hardware in the appropriate bands. I don't know how many people would really do so, but cutting off the possibility of compliant experimentation because of the possibility of noncompliant abuse seems like a uneven tradeoff.
In a resume, you have limited space to convey the most useful information to someone. If you believe your certifications are high on that list, it can be interpreted as a negative. That's probably how they're looking at it when they toss resumes listing certifications.
I've been doing system administration on Sun's since 1992. This year I got some Sun certifications because they're needed by a Sun reseller I'm contracting with. I'm not going to put them on my resume because I'd rather talk about my experience than my certifications. If someone requires the certifications, I'll mention them. Otherwise, I'd rather focus on what I can do for them.
It's not convoluted if you've been around since the dawn of time. It makes sense if you've seen the evolution. You don't want to know what it was like in the bad old days.
I consider impersonal to be a good thing. I like my computers to do their thing consistently once they're set up. The idea of a computer that works 80% of the time, but will give me a hug whenever I want one just seems wrong.
Though, I think Unix is friendly. It does exactly what I ask of it, no questions asked. If I'm telling it to do the wrong thing and it does it, is it really fair for me to get mad at the computer for being cooperative?
A degree without experience is actually worse. They expect to pay you more because you have a degree, but without experience, you're no more capable of doing the job. Certifications may factor into HR checklists for keeping resumes, but they don't pay more just because you are certified by Smilin' Joes BBQ and IT Certification Cafe.
The best thing you can do is get experience. There are plenty of jobs for someone who is really interested in doing something, has some background, and is willing to be paid poorly. Most people start at the crappy jobs and work their way up. I'm sure there are people who get a degree and get a $50k starting salary. That's not how it works for most people in the real world. I don't know how the job market is now, but last I looked in 2003, there were a lot of people who were underemployed. That's someone who has a lot of experience taking a job that doesn't require their skill level because the person needs a job and the company gets a more experienced person for less money.
And some do. I work for a large bank and they checked all of my references. They specifically asked if I had a degree since I put the years I attended college and major on my resume. I told them no. That wasn't a problem since I already got through the rest of the interview process successfully. I agree that whether or not I have a degree, I am just as capable of doing my job. Many of the people I work with have PhD's. They learned their profession in school, I learned mine on the streets of silicon valley. They appreciate my contribution because I do things they understand. I appreciate theirs because I don't want to spend another decade in school to get a degree that qualifies me for a lower paying job. =)
I make recommendations to directors and VP's all the time. Some of the recommendations involve computer security processes. They trust me because I consistently show integrity in what I do. Someone who says they have a degree when they don't lacks integrity. That's the kind of thing that can come out at any time. HR people at large companies may not know which resumes to toss and which to keep, or verify people's claims sometimes, but they do a decent job of keeping track of why they let you go. Do you really want to take that chance?
Given adequate funding, anyone could unearth a pyramid. They're everywhere, just covered with dirt and rocks. The biggest curiousity is how the rocks covering the pyramid bonded with the rocks that make up the pyramid. The bonds are so strong that unearthing the pyramid almost seems like you have to carve it out of the mountain. This phenomena can't currently be explained by archaeologists.
While that archaeology web site makes some interesting arguments, they're completely ignoring the possibility that aliens constructed the pyramid. This theory, made popular by the film Alien Vs Predator, has not been discredited by serious researchers. They simply dismiss the theory without so much as communicating with the aliens to get their perspective. It's simply not fair that the crack pot viewpoint is completely disregarded by the so called legitimate research community. It's discrimination and it's wrong. =)
I don't mean to discount all disaster recovery plans in large companies. That's certainly a good example of why they exist.
However, I think the one size fits all approach goes overboard. For example, I need to create a disaster recovery plan for an environment that was considered small enough that all but one member of the development team was downsized after completion of the project. A DR plan was not a serious consideration at the time, so the information that would have been needed for a rational plan is no longer available. Right now, it's nothing more than a paperwork requirement.
The reality of most DR plans is that they come down to the approach in "Dilbert and the Way of the Weasel" - your personal disaster recovery plan can be to drive across town and get a job at a company that didn't have a disaster. I suspect this is eerily close to the truth in most cases.
I've always found disaster recovery plans to be an annoying necessity in large businesses. I'd hate to see all the other paperwork that would be needed if my systems were subjected to mortar attacks. That certainly justifies the need for clustering over a WAN.
I don't consider myself an expert in kernel programming, but I definitely think someone is off base if they're expecting programmers as a whole to do the right thing. Many programs seem to work by coincidence rather than design. People didn't do their memory management right in the days when it was necessary. Now that a lot of people are moving towards languages that handle the memory management for them, I expect even fewer to worry about it. That does mean that the programmers of the programming languages are the ones who are responsible, but I'd personally rather have the kernel take a more active role in memory management.