The EEOC may be able to help you better understand the reasons why some employers may be allowed to discriminate against you. If you haven't already, you may want to look into if and when you could get the felony expunged from your record. There are definitely far fewer job options available to felons. As well as helping you understand your rights and limitations as a felon seeking employment, the EEOC may be able to suggest other government agencies that can help you find a job.
I started programming in 1980, professionally in 1988. I still write my own code on many occaisions. I also do system administration. Those are the two areas I've always been interested in and done.
I do both of those things in my current job, as well as some management, some project management, and various other things that I think are pointless most of the time, detrimental the rest of the time. However, by doing the things I don't particularly enjoy, but the company needs to have done, I continue to provide value to the company and get to do some of the things I'm interested in. I've read a few books on project management in order to do what's needed of me better. Some parts gave me some useful insight into what the job entails. Other parts reinforced my previous belief that many project managers think that they can violate the laws of physics by either adding or omitting tasks to their plans.
I've realized that nobody in the real world gives a crap about me and what I want. The business world can be cold and harsh if you don't know how to work within it. We're all just resources. If they could pay someone to rapidly trace pieces of paper faster than a copier and at a lower cost, they would. Likewise, if they could buy a machine to do my job at less than they pay me, they would.
Is that 16 years a gap in your work history? That would work against you when comparing you against other applicants. You need to find a way to differentiate yourself from other people who don't have that gap and want the same job. For me, senior level experience in system administration and programming is a rare combination that makes it easier to get my foot in the door. Business people only care about what you've been doing that can benefit them. They don't attach value to taking care of your daughter. You need to demonstrate how you can provide value that meets their needs. It's really no different than my son being too young to understand that everything we have comes from me working, but if I want a nap after a long day at work, I'm going to end up getting poked in the eye.
If I didn't already have a good job, this would be a perfect opportunity to convince someone in corporate that they need to hire me. Anyone looking for a job who understands how to set up such a system to be fault tolerant and not coded by blind monkeys? Accepting applications should be easy. If your forms work and can save information into a database, it's done. Apparently they didn't find people that good yet.
A system that does not work may not actually be discriminating against any specific person or group. However, it may create the impression that they are. Applicants are told to use the kiosk, but it doesn't work. One could presume from all the employees working that there is a way to apply for a job, but the individual wasn't given an option that works.
The bottom line is that someone tried to apply for a job and was not permitted to apply. If that person is in one or more protected classes, that would be a legitimate complaint to the EEOC. The company would then have to demonstrate that through their own incompetance or negligence, their application process fails more often than not, but does so without bias.
Seriously though, someone should explain this to corporate and get a good job out of the deal. Technical people who find and solve business problems are valuable in these places.
The first amendment protects newspapers with thousands of readers and a profit motive, but not web sites or blogs that have thousands of readers and are free.
Government is not allowed to support or enforce a particular religion, but public schools use tax money to purchase science books that leave out scientific information about evolution and teach one particular religion's beliefs.
Email in transit (on the wire) is considered protected by law. At rest (on a server), it's not afforded the same protection. For those not familiar with how email works under the covers, the only case where you apparently have protection is when the sender connects directly to your mail server and you refuse to cooperate with law enforcement without a warrant. Most ISP's are convinced to cooperate since the effect of a warrant(on the off chance they could get one) would be all of their customers email being collected for investigation and the mail server taken offline indefinitely.
Ex post facto laws being upheld by courts. Ie, in California that tactic has been used with some firearms. It works like this: 1. You purchase a legal product in full compliance with all laws 2. A law gets passed to ban that product 3. You are ordered to surrender the product with no compensation
If you fail to comply with 3, the continued possession is the crime you can be charged with. If you do comply, you've been deprived of property without due process. This is punishment for step 1, where no law was violated.
In fact, these are just a few things that come off the top of my head. You might want to try http://yro.slashdot.org/ for some more examples.
The personality test tells you something about the company. Someone in a position of influence in HR got that instituted as a policy. I've only had one formal test like that. It was the only job I ever interviewed for that I didn't get. I'm making twice what they paid in the first job I got after interviewing there, so it appears to have worked out ok. All of my other employers have been happy with me as a person and employee, so I don't know what the personality tests tell someone.
I primarily do system administration and development centric jobs. The thing that's interesting about the personality tests I had experience with in psychology class and my mom's masters thesis is that they do a decent job of rating specific traits, but it's not clear what any of those traits mean.
For example, I find myself having frequent personality shifts. When I'm asking our senior management about their business needs, I'm a follower. When I'm telling them about technical solutions, I'm a leader. I tell them no and correct their assumptions. They seem to like that I can be an expert in some things without being an arrogant prick in things I know less about. I enjoy working with people like that as well.
How a personality test would help is beyond me. In most cases, it's beyond the HR people too. Technical people are black and white for me. They can either do what they claim they can do or they can't. The computer will be the one to decide if their solution works, so it's pretty easy to evaluate them. The HR people live in a world that is all one shade of grey. Whether or not their personality test is helpful or detrimental can't be determined. If they apply it uniformly, the ones who would have been great employees but fail the test will be working somewhere else, so you don't know that. Likewise, if it gets rid of the people who are one TPS report cover sheet away from going postal, you won't know because it will just be some workplace shooting on the other side of town for all you know.
Every company has weird little things that don't make any sense. If you otherwise like the company, jump through their stupid hoops and see how it goes. If you wouldn't be inclined to work for them even if offerred the job, tell them that you find personality tests to be demeaning and are no longer interested in the position. If you think it's worth posting on ask slashdot, I'm thinking you're already disinclined to do it. Why not give them negative feedback in the process.
I don't believe you. I want to see you and the Dali Lama in a deathmatch for the title of most humble person ever. Even if you are the Dali Lama, you're not going to win. =)
Do you think tyrants know that they're tyrants? People can't judge themselves objectively.
A lot of people do some pretty bad things while believing they're doing good. Environmentalists firebomb buildings under construction. Animal rights activists sabotage labs and meat processing plants. They believe that they're helping their cause, but most people think that they're insane. Crazy people don't know that they're crazy. Everything they're doing makes perfect sense to them.
I'm not taking a side for or against Bush here, but I do think it's possible that he genuinely believes he's doing the right thing and this guy is there to provide confirmation. Sure, the administration isn't going to go on TV tomorrow night and say "Oh. My. God. We were really out of control. We're sorry. Please forgive us." However, some good can come out of someone who has access to more information than the public saying "umm, don't you think that's a bit excessive?"
Of course, the opposite position is just as likely. This guy could be a stooge that is there to help tell everyone that their liberties are being protected by the video cameras being installed in their homes. If you tell a lie often enough, you may get the majority to believe it. My personal favorite is the movement over the last several decades to declare the constitution unconstitutional. That's some mighty fine doublethink we got going on there. =)
I disagree about the need for code modification. I've seen many responses to problems installing open source software that tell people to fix what doesn't work. No amount of documentation will make up for the wrong assumptions people make about other people's systems.
In college, I had to use an AIX system that had TRUE and FALSE removed from the system include files so that students could successfully compile code in the intro chapter to one of the programming books. Compiling anything on that machine required putting those in somewhere because it would complain that those were not defined. That's where an idiot sysadmin caused the problem with using someone else's program. However, it's not at all uncommon for programmers to assume that everyone has their favorite utilities, libraries or preferred version of compiler installed.
Some projects are released when it works for the small group of people who are working on it, so they already have all of the dependencies installed. Not all open source projects work out of the box for everyone. I've had a handful of times where I had to modify Makefiles and edit C programs to get them to install. Usually the C problems were pretty straightforward, like different locations for include files. However, saying that's a simple thing to fix assumes that the user knows C and knows how to figure out what needs to be changed. That's not a reasonable expectation when we're telling people(who aren't Unix people or programmers) they should try Linux.
I remember my first experiences with NetBSD seemed to almost require that you have one working NetBSD system as well as better than average system administration skills in order to get a new system up. The person who was recommending NetBSD told me that the community didn't need people who weren't willing to learn how to install the software. This is exactly the same type of person being cited here as a Linux Snob.
When you talk about installing and using code, I think of either utilities or libraries. I don't think either of those really require the code itself be documented for someone to use it. The interfaces need to be documented. Why would someone be trying to use code if they can't figure out how to do so? I think I may not be understanding the context in which you're talking about "code use" here.
The problem with documentation is that you have to know your target audience. Some topics cannot be watered down so much that everyone is going to be able to understand them. Would you want someone who doesn't understand cryptography to be modifying your cryptographic algorithms? It sure would suck to find out that your security is relying on something that was broken in an obvious way from the perspective of a cryptographer, but not obvious to the average devry graduate. Documentation can only take you so far.
For example, I wrote a program that's used for parsing data at work. It's only about 300 lines of code. There is a 5 page document that explains what it's doing in detail. It creates complex regular expressions from descriptions of patterns to do the actual data parsing. I have explained at a high level how it works to nontechnical people. I have also explained the gory details to technical people. With both extremes, the people were satisfied that it did what was needed and was the simplest, and easiest to maintain solution to the problem of inconsistent incoming data.
However, without a solid understanding of regular expressions and the subject matter of the data being parsed, it is hard for someone to modify the patterns correctly. We had one person spend a month trying to create patterns after picking up a book on regular expressions and believing that they were an expert after a week. Is that a failure of the documentation,? I think it's a failure of the person who overestimates their own ability to modify someone else's code.
Some people believe that all code must be targeted towards the lowest common denominator. This is a good idea at large companies with high turnover rates, because the lowest common denominator (on average) will be maintaining that code. It's hard to get people interested in contributing to an open source project if you tell them "don't ever do anything creative or innovative." In fact, I think that's the exact opposite of the philosophy of most open source projects. New ideas are a good thing. Code is the ultimate expression of the idea because it's functional. However, many excellent programmers are sub-optimal in communicating their ideas in a non-functional syntax, such as written language targeted to the general public.
There is code that legitimately should not be modified by just anyone. The problem is that too many people believe their own code falls into that group.
I seem to have no problem setting up a network of machines with secure communication between them. I don't have to know what data is being sent to make the secure communication possible. A good consultant would be able to demonstrate this for a prospective client in such a way as to help them understand that he can provide ongoing support after installation without jeopardizing the security of the organization's data. In fact, for this kind of situation, I'd recommend an unrelated third party audit the system to ensure that the client is getting the security they expect and the client is fully in control of the environment.
Outsourcing doesn't have to mean India. Just giving the task to someone who has the appropriate area of expertise.
I'm sure the mafia would want to outsource to a local security consultant. The client would want to be able to penalize a vendor not acting in their best interests. Someone half way around the world is inconvenient. A local expert is much easier to file a complaint against. I hear that the Mob Business Bureau has a complaint resolution process that involves an all expenses paid vacation to the coast. =)
Getting advice on something is different than having someone else do all of it for you. I would think someone who wants to be truly paranoid would get recommendations of how to secure messages himself, then have someone else pass those encrypted messages over a secure channel.
To put it in terms of other mafia business, it's similar to getting advice on where to get an inexpensive gun without a paper trail. You don't have to tell them what you're going to do with it, you only have to tell them what you want.
A good leader would delegate tasks like communication security to someone who could do that well. However, I get the feeling that someone who dropped out of school at 8 and became a mob boss may not have been keeping up to date on the latest management training strategies. =)
This is a good example of when you should outsource. If your business is not security, you should get security consultants to give you advice on securing your communications. Even the paranoid can hire multiple unrelated consultants and compare their recommendations. If they had done this, they might be using something out of date, but at least it would help. For example, no one would still recommend PGP 2.3 with 512 bit RSA keys, but it would have at least been an improvement over this.
This is also an example of where business continuity plans come into play. Organized crime has more risks than most businesses, so it's important to mitigate against those risks. The organization needs to ensure that individual members are complying with the security guidelines. I would expect the mafia to have a cement boot policy for people who leave incriminating, poorly encrypted data available. This data should have been encrypted and stored in a mafia run data center. There's simply no excuse for such pitiful data security in any organization.
I was kidding about people actually getting along.
There are people who want their religion taught in public schools. Evolution is an easy excuse for trying to make this happen in science classes.
It would be more productive to teach science in the context of facts vs conclusions. Artifacts being found represent facts, unless someone finds a way to show that the artifacts were fabricated. What those artifacts mean are stories made up by people working in the field. Many of those stories seem plausable and are supported by the facts. However, it's important to realize that they are still one person's opinion, based on facts, which is different from the story being a fact.
Personally, I think evolution has some serious scientific merit. However, when it comes to my children's education, I must insist on the only complete story of the human race - the FSM version.
Try to look at it from their perspective. They were given a theory of how humans got here to ask questions like "how did humans get here?" That theory is that God created everything. There is a lot of information that suggests another possible way that humans got here. This information contradicts the original theory. The result is that the information is thrown out in favor of the original idea. If an idea cannot evolve given additional data, how is it possible for anything to evolve, given any input? From that perspective, it almost makes sense.
As humans, we seem to focus entirely on our differences and ignore our similarities. Why can't we just leave evolution/ID as a point we agree to disagree on. Ultimately, no matter what we choose to believe, we're all much more similar than we want to admit. In large corporations, this is even more obvious. People of all different races, religions and cultures can be found intermixed in a sea of cubicles. No matter what god you believe in, can't we all agree that cube farms are the opposite of your god's master plan? =)
I take it you've never seen a committee in action. If you wanted to give them a head start, you'd book a resort, organize the catering, and get the airline tickets booked for each member. That would save at least 6 months of discussions on where the committee will be meeting and what food will be served for the kickoff meeting to get the security committee into action. Accounts without passwords isn't really a committee topic.
To understand the committee mentality, you must ask yourself "how can the company pay for all of the expenses of my next vacation?" Once you know the answer to that and know why a committee member can't ever use up all of their vacation days, you'll be ready to join a committee. Or if you're not eligible to be on a committee, you'll be ready to go on a rampage. =)
It's actually quite easy to have large amounts of damages in any large organization. The cost of the hardware is irrelevant in the grand scheme of things.
Once the machine has been compromised, they need to take it down. There is a cost associated with downtime. There is the time needed to build a new system to provide the same services. There is the time needed to correct the security problems. (Some would argue that this was just development time that was previously deferred by management decisions.) All of this is time just associated with correcting the problem caused by the compromise.
After that is done, there will be a committee formed to investigate the causes of the compromise. This committee will probably spend hundreds of man-hours on discussing the problem. There will be policies enacted to make sure the scapegoat path of responsibility is more clearly defined in the future. The cost of implementing and communicating these policies can't be calculated, so an estimate may be used, such as: 2 hours * total number of people in the organization * average salary.
Sure, the root cause of the problem is that there were insecure systems. However, the organization will always argue that the security wasn't a problem until the attacker came along. This is how they come to the conclusion that all of the associated costs were caused by the attacker. Taking responsibility for deploying insecure systems and failing to maintain them is the kind of thing that will prevent someone from ever being promoted into a position of responsibility.
I've always been oscillating between sysadmin/programmer in most of my jobs. Now I'm doing both, and the salary is definitely better than either of them individually. The nice thing about being on both sides is that you can more easily develop a more cohesive, but realistic and maintainable system. Programmers and sysadmins have different goals most of the time. Once you transcend all of that, call yourself a System Architect.
How much you're going to make is pretty easy to calculate. It's how you spin all of that on your taxes so you can keep more of it that requires some fairly advanced number theory and bistromathics.
By using "can", which is synonomous with "won't", the lawyers will not jump down your throat.
It's like the insurance commercial where they say something like "if we're this helpful to you now, just imagine how helpful we are once you're a customer." The word "imagine" allows you to plant the seed in the mind of your victim and ignore the reality. The goal is to get you as a customer. To be a customer, you have to have already given them your money. Once you've given them your money, there's no reason for them to be helpful anymore. Being helpful is a marketing tactic. Telling you to use your imagination is a way of convincing you to lie to yourself.
Try this on for size:
By adopting an open source technology infrastructure, we can leverage the best of breed applications that empower the internet. Imagine the ROI we can realize by adopting open standards as a foundation for all of our business processes.
As with any tool, corporate speak can be used for good or evil. Of course, you don't get to a position of influence in a company by using it for good. =)
We've got a billion monkeys with a billion computers. Given infinite time, something is bound to happen that's useful. Large corporations start as small companies who got lucky and built up over time by only needing to be successful 1% of the time. The trick is that the successes are so large that they pay for the other 99% of the attempts. The problem most people run into is that they can't afford to have most of their efforts fail, so they only take small chances, which result in small rewards.
Slashdot Mirror
Try contacting http://www.eeoc.gov/.
The EEOC may be able to help you better understand the reasons why some employers may be allowed to discriminate against you. If you haven't already, you may want to look into if and when you could get the felony expunged from your record. There are definitely far fewer job options available to felons. As well as helping you understand your rights and limitations as a felon seeking employment, the EEOC may be able to suggest other government agencies that can help you find a job.
I started programming in 1980, professionally in 1988. I still write my own code on many occaisions. I also do system administration. Those are the two areas I've always been interested in and done.
I do both of those things in my current job, as well as some management, some project management, and various other things that I think are pointless most of the time, detrimental the rest of the time. However, by doing the things I don't particularly enjoy, but the company needs to have done, I continue to provide value to the company and get to do some of the things I'm interested in. I've read a few books on project management in order to do what's needed of me better. Some parts gave me some useful insight into what the job entails. Other parts reinforced my previous belief that many project managers think that they can violate the laws of physics by either adding or omitting tasks to their plans.
I've realized that nobody in the real world gives a crap about me and what I want. The business world can be cold and harsh if you don't know how to work within it. We're all just resources. If they could pay someone to rapidly trace pieces of paper faster than a copier and at a lower cost, they would. Likewise, if they could buy a machine to do my job at less than they pay me, they would.
Is that 16 years a gap in your work history? That would work against you when comparing you against other applicants. You need to find a way to differentiate yourself from other people who don't have that gap and want the same job. For me, senior level experience in system administration and programming is a rare combination that makes it easier to get my foot in the door. Business people only care about what you've been doing that can benefit them. They don't attach value to taking care of your daughter. You need to demonstrate how you can provide value that meets their needs. It's really no different than my son being too young to understand that everything we have comes from me working, but if I want a nap after a long day at work, I'm going to end up getting poked in the eye.
If I didn't already have a good job, this would be a perfect opportunity to convince someone in corporate that they need to hire me. Anyone looking for a job who understands how to set up such a system to be fault tolerant and not coded by blind monkeys? Accepting applications should be easy. If your forms work and can save information into a database, it's done. Apparently they didn't find people that good yet.
A system that does not work may not actually be discriminating against any specific person or group. However, it may create the impression that they are. Applicants are told to use the kiosk, but it doesn't work. One could presume from all the employees working that there is a way to apply for a job, but the individual wasn't given an option that works.
The bottom line is that someone tried to apply for a job and was not permitted to apply. If that person is in one or more protected classes, that would be a legitimate complaint to the EEOC. The company would then have to demonstrate that through their own incompetance or negligence, their application process fails more often than not, but does so without bias.
Seriously though, someone should explain this to corporate and get a good job out of the deal. Technical people who find and solve business problems are valuable in these places.
That's just a general feeling I get.
The first amendment protects newspapers with thousands of readers and a profit motive, but not web sites or blogs that have thousands of readers and are free.
Government is not allowed to support or enforce a particular religion, but public schools use tax money to purchase science books that leave out scientific information about evolution and teach one particular religion's beliefs.
Email in transit (on the wire) is considered protected by law. At rest (on a server), it's not afforded the same protection. For those not familiar with how email works under the covers, the only case where you apparently have protection is when the sender connects directly to your mail server and you refuse to cooperate with law enforcement without a warrant. Most ISP's are convinced to cooperate since the effect of a warrant(on the off chance they could get one) would be all of their customers email being collected for investigation and the mail server taken offline indefinitely.
Ex post facto laws being upheld by courts. Ie, in California that tactic has been used with some firearms. It works like this:
1. You purchase a legal product in full compliance with all laws
2. A law gets passed to ban that product
3. You are ordered to surrender the product with no compensation
If you fail to comply with 3, the continued possession is the crime you can be charged with. If you do comply, you've been deprived of property without due process. This is punishment for step 1, where no law was violated.
In fact, these are just a few things that come off the top of my head. You might want to try http://yro.slashdot.org/ for some more examples.
The personality test tells you something about the company. Someone in a position of influence in HR got that instituted as a policy. I've only had one formal test like that. It was the only job I ever interviewed for that I didn't get. I'm making twice what they paid in the first job I got after interviewing there, so it appears to have worked out ok. All of my other employers have been happy with me as a person and employee, so I don't know what the personality tests tell someone.
I primarily do system administration and development centric jobs. The thing that's interesting about the personality tests I had experience with in psychology class and my mom's masters thesis is that they do a decent job of rating specific traits, but it's not clear what any of those traits mean.
For example, I find myself having frequent personality shifts. When I'm asking our senior management about their business needs, I'm a follower. When I'm telling them about technical solutions, I'm a leader. I tell them no and correct their assumptions. They seem to like that I can be an expert in some things without being an arrogant prick in things I know less about. I enjoy working with people like that as well.
How a personality test would help is beyond me. In most cases, it's beyond the HR people too. Technical people are black and white for me. They can either do what they claim they can do or they can't. The computer will be the one to decide if their solution works, so it's pretty easy to evaluate them. The HR people live in a world that is all one shade of grey. Whether or not their personality test is helpful or detrimental can't be determined. If they apply it uniformly, the ones who would have been great employees but fail the test will be working somewhere else, so you don't know that. Likewise, if it gets rid of the people who are one TPS report cover sheet away from going postal, you won't know because it will just be some workplace shooting on the other side of town for all you know.
Every company has weird little things that don't make any sense. If you otherwise like the company, jump through their stupid hoops and see how it goes. If you wouldn't be inclined to work for them even if offerred the job, tell them that you find personality tests to be demeaning and are no longer interested in the position. If you think it's worth posting on ask slashdot, I'm thinking you're already disinclined to do it. Why not give them negative feedback in the process.
I don't believe you. I want to see you and the Dali Lama in a deathmatch for the title of most humble person ever. Even if you are the Dali Lama, you're not going to win. =)
Do you think tyrants know that they're tyrants? People can't judge themselves objectively.
A lot of people do some pretty bad things while believing they're doing good. Environmentalists firebomb buildings under construction. Animal rights activists sabotage labs and meat processing plants. They believe that they're helping their cause, but most people think that they're insane. Crazy people don't know that they're crazy. Everything they're doing makes perfect sense to them.
I'm not taking a side for or against Bush here, but I do think it's possible that he genuinely believes he's doing the right thing and this guy is there to provide confirmation. Sure, the administration isn't going to go on TV tomorrow night and say "Oh. My. God. We were really out of control. We're sorry. Please forgive us." However, some good can come out of someone who has access to more information than the public saying "umm, don't you think that's a bit excessive?"
Of course, the opposite position is just as likely. This guy could be a stooge that is there to help tell everyone that their liberties are being protected by the video cameras being installed in their homes. If you tell a lie often enough, you may get the majority to believe it. My personal favorite is the movement over the last several decades to declare the constitution unconstitutional. That's some mighty fine doublethink we got going on there. =)
I disagree about the need for code modification. I've seen many responses to problems installing open source software that tell people to fix what doesn't work. No amount of documentation will make up for the wrong assumptions people make about other people's systems.
In college, I had to use an AIX system that had TRUE and FALSE removed from the system include files so that students could successfully compile code in the intro chapter to one of the programming books. Compiling anything on that machine required putting those in somewhere because it would complain that those were not defined. That's where an idiot sysadmin caused the problem with using someone else's program. However, it's not at all uncommon for programmers to assume that everyone has their favorite utilities, libraries or preferred version of compiler installed.
Some projects are released when it works for the small group of people who are working on it, so they already have all of the dependencies installed. Not all open source projects work out of the box for everyone. I've had a handful of times where I had to modify Makefiles and edit C programs to get them to install. Usually the C problems were pretty straightforward, like different locations for include files. However, saying that's a simple thing to fix assumes that the user knows C and knows how to figure out what needs to be changed. That's not a reasonable expectation when we're telling people(who aren't Unix people or programmers) they should try Linux.
I remember my first experiences with NetBSD seemed to almost require that you have one working NetBSD system as well as better than average system administration skills in order to get a new system up. The person who was recommending NetBSD told me that the community didn't need people who weren't willing to learn how to install the software. This is exactly the same type of person being cited here as a Linux Snob.
When you talk about installing and using code, I think of either utilities or libraries. I don't think either of those really require the code itself be documented for someone to use it. The interfaces need to be documented. Why would someone be trying to use code if they can't figure out how to do so? I think I may not be understanding the context in which you're talking about "code use" here.
The problem with documentation is that you have to know your target audience. Some topics cannot be watered down so much that everyone is going to be able to understand them. Would you want someone who doesn't understand cryptography to be modifying your cryptographic algorithms? It sure would suck to find out that your security is relying on something that was broken in an obvious way from the perspective of a cryptographer, but not obvious to the average devry graduate. Documentation can only take you so far.
For example, I wrote a program that's used for parsing data at work. It's only about 300 lines of code. There is a 5 page document that explains what it's doing in detail. It creates complex regular expressions from descriptions of patterns to do the actual data parsing. I have explained at a high level how it works to nontechnical people. I have also explained the gory details to technical people. With both extremes, the people were satisfied that it did what was needed and was the simplest, and easiest to maintain solution to the problem of inconsistent incoming data.
However, without a solid understanding of regular expressions and the subject matter of the data being parsed, it is hard for someone to modify the patterns correctly. We had one person spend a month trying to create patterns after picking up a book on regular expressions and believing that they were an expert after a week. Is that a failure of the documentation,? I think it's a failure of the person who overestimates their own ability to modify someone else's code.
Some people believe that all code must be targeted towards the lowest common denominator. This is a good idea at large companies with high turnover rates, because the lowest common denominator (on average) will be maintaining that code. It's hard to get people interested in contributing to an open source project if you tell them "don't ever do anything creative or innovative." In fact, I think that's the exact opposite of the philosophy of most open source projects. New ideas are a good thing. Code is the ultimate expression of the idea because it's functional. However, many excellent programmers are sub-optimal in communicating their ideas in a non-functional syntax, such as written language targeted to the general public.
There is code that legitimately should not be modified by just anyone. The problem is that too many people believe their own code falls into that group.
I seem to have no problem setting up a network of machines with secure communication between them. I don't have to know what data is being sent to make the secure communication possible. A good consultant would be able to demonstrate this for a prospective client in such a way as to help them understand that he can provide ongoing support after installation without jeopardizing the security of the organization's data. In fact, for this kind of situation, I'd recommend an unrelated third party audit the system to ensure that the client is getting the security they expect and the client is fully in control of the environment.
Outsourcing doesn't have to mean India. Just giving the task to someone who has the appropriate area of expertise.
I'm sure the mafia would want to outsource to a local security consultant. The client would want to be able to penalize a vendor not acting in their best interests. Someone half way around the world is inconvenient. A local expert is much easier to file a complaint against. I hear that the Mob Business Bureau has a complaint resolution process that involves an all expenses paid vacation to the coast. =)
Getting advice on something is different than having someone else do all of it for you. I would think someone who wants to be truly paranoid would get recommendations of how to secure messages himself, then have someone else pass those encrypted messages over a secure channel.
To put it in terms of other mafia business, it's similar to getting advice on where to get an inexpensive gun without a paper trail. You don't have to tell them what you're going to do with it, you only have to tell them what you want.
Fear may also be the reason no one told him that this wasn't a good way to send messages.
Correction: It only worked until the police got ahold of his messages.
A good leader would delegate tasks like communication security to someone who could do that well. However, I get the feeling that someone who dropped out of school at 8 and became a mob boss may not have been keeping up to date on the latest management training strategies. =)
This is a good example of when you should outsource. If your business is not security, you should get security consultants to give you advice on securing your communications. Even the paranoid can hire multiple unrelated consultants and compare their recommendations. If they had done this, they might be using something out of date, but at least it would help. For example, no one would still recommend PGP 2.3 with 512 bit RSA keys, but it would have at least been an improvement over this.
This is also an example of where business continuity plans come into play. Organized crime has more risks than most businesses, so it's important to mitigate against those risks. The organization needs to ensure that individual members are complying with the security guidelines. I would expect the mafia to have a cement boot policy for people who leave incriminating, poorly encrypted data available. This data should have been encrypted and stored in a mafia run data center. There's simply no excuse for such pitiful data security in any organization.
I was kidding about people actually getting along.
s ter
There are people who want their religion taught in public schools. Evolution is an easy excuse for trying to make this happen in science classes.
It would be more productive to teach science in the context of facts vs conclusions. Artifacts being found represent facts, unless someone finds a way to show that the artifacts were fabricated. What those artifacts mean are stories made up by people working in the field. Many of those stories seem plausable and are supported by the facts. However, it's important to realize that they are still one person's opinion, based on facts, which is different from the story being a fact.
Personally, I think evolution has some serious scientific merit. However, when it comes to my children's education, I must insist on the only complete story of the human race - the FSM version.
http://en.wikipedia.org/wiki/Flying_spaghetti_mon
Try to look at it from their perspective. They were given a theory of how humans got here to ask questions like "how did humans get here?" That theory is that God created everything. There is a lot of information that suggests another possible way that humans got here. This information contradicts the original theory. The result is that the information is thrown out in favor of the original idea. If an idea cannot evolve given additional data, how is it possible for anything to evolve, given any input? From that perspective, it almost makes sense.
As humans, we seem to focus entirely on our differences and ignore our similarities. Why can't we just leave evolution/ID as a point we agree to disagree on. Ultimately, no matter what we choose to believe, we're all much more similar than we want to admit. In large corporations, this is even more obvious. People of all different races, religions and cultures can be found intermixed in a sea of cubicles. No matter what god you believe in, can't we all agree that cube farms are the opposite of your god's master plan? =)
I take it you've never seen a committee in action. If you wanted to give them a head start, you'd book a resort, organize the catering, and get the airline tickets booked for each member. That would save at least 6 months of discussions on where the committee will be meeting and what food will be served for the kickoff meeting to get the security committee into action. Accounts without passwords isn't really a committee topic.
To understand the committee mentality, you must ask yourself "how can the company pay for all of the expenses of my next vacation?" Once you know the answer to that and know why a committee member can't ever use up all of their vacation days, you'll be ready to join a committee. Or if you're not eligible to be on a committee, you'll be ready to go on a rampage. =)
It's actually quite easy to have large amounts of damages in any large organization. The cost of the hardware is irrelevant in the grand scheme of things.
Once the machine has been compromised, they need to take it down. There is a cost associated with downtime. There is the time needed to build a new system to provide the same services. There is the time needed to correct the security problems. (Some would argue that this was just development time that was previously deferred by management decisions.) All of this is time just associated with correcting the problem caused by the compromise.
After that is done, there will be a committee formed to investigate the causes of the compromise. This committee will probably spend hundreds of man-hours on discussing the problem. There will be policies enacted to make sure the scapegoat path of responsibility is more clearly defined in the future. The cost of implementing and communicating these policies can't be calculated, so an estimate may be used, such as: 2 hours * total number of people in the organization * average salary.
Sure, the root cause of the problem is that there were insecure systems. However, the organization will always argue that the security wasn't a problem until the attacker came along. This is how they come to the conclusion that all of the associated costs were caused by the attacker. Taking responsibility for deploying insecure systems and failing to maintain them is the kind of thing that will prevent someone from ever being promoted into a position of responsibility.
I've always been oscillating between sysadmin/programmer in most of my jobs. Now I'm doing both, and the salary is definitely better than either of them individually. The nice thing about being on both sides is that you can more easily develop a more cohesive, but realistic and maintainable system. Programmers and sysadmins have different goals most of the time. Once you transcend all of that, call yourself a System Architect.
How much you're going to make is pretty easy to calculate. It's how you spin all of that on your taxes so you can keep more of it that requires some fairly advanced number theory and bistromathics.
It's even easier than that:
* can *
By using "can", which is synonomous with "won't", the lawyers will not jump down your throat.
It's like the insurance commercial where they say something like "if we're this helpful to you now, just imagine how helpful we are once you're a customer." The word "imagine" allows you to plant the seed in the mind of your victim and ignore the reality. The goal is to get you as a customer. To be a customer, you have to have already given them your money. Once you've given them your money, there's no reason for them to be helpful anymore. Being helpful is a marketing tactic. Telling you to use your imagination is a way of convincing you to lie to yourself.
Try this on for size:
By adopting an open source technology infrastructure, we can leverage the best of breed applications that empower the internet. Imagine the ROI we can realize by adopting open standards as a foundation for all of our business processes.
As with any tool, corporate speak can be used for good or evil. Of course, you don't get to a position of influence in a company by using it for good. =)
We've got a billion monkeys with a billion computers. Given infinite time, something is bound to happen that's useful. Large corporations start as small companies who got lucky and built up over time by only needing to be successful 1% of the time. The trick is that the successes are so large that they pay for the other 99% of the attempts. The problem most people run into is that they can't afford to have most of their efforts fail, so they only take small chances, which result in small rewards.
That would do just fine.
"No sprinkles. For every sprinkle I find, I shall kill you."