It's a numbers game. MAPS is only a problem for people who are listed it. It's a solution for others. It's nothing for everyone else.
Spam is irritating when you get a few dozen a week. It's much more serious when you thousands per day. Spam is deliberately destructive to ISP's and other site owners. I've had to clean up servers of my own, friends, and companies I worked for that have been inundated with spam. Spammers will try every possible email address at a domain name. If I collect all undeliverable mail on my domains, I receive in excess of 10,000 pieces of spam to accounts that have never existed EACH DAY.
From a user's perspective, MAPS is a nuisance. From a sysadmin's perspective, it has its audience. As a sysadmin, I don't personally use it, but I understand the appeal of getting rid of so much trash with a little collateral damage. The filtering I use takes a lot more CPU time than a MAPS check would. I often have to wait several minutes to process all the spam if my connection goes down for a couple hours.
Also, it's important to keep in mind that MAPS is voluntary. If anyone is not receiving mail from someone listed in the database, it's because someone made a conscious decision to use it as an authoritative source.
Is that an OSS project? I don't think you'd be able to sell it. Most large companies already have people with an almost spooky ability to recognize traits that could lead to project success and avoid them like the plague.
Apparently 95% of managers will pick all three and result in delivering none of them. This must be some universal law of management. It's very rare that I see exceptions to this rule.
One trend I've noticed with increasing frequency is for a suit to push for an "aggressive schedule" only to move on to another organization before the results of their actions can be felt.
I spent most of last year on a project like this. I personally spent almost 3200 hours on the project, and I know the rest of the staff was working 50-60 hour weeks the entire time. We managed to bring the project to a successful completion on time, but our Manager and his Director were both gone (to the same other part of the company) before the project was due to be delivered. The result of this was that we spent as much money as planning a much more reasonable schedule, but were specifically directed to take short cuts to create a barely workable solution that would create more work in the future.
In the end, a lot of projects either fail or are minimally usable as a result of poor management decisions. The irony is that the decisions are made in the name of saving money, yet the projects cost as much or more than if a more reasonable approach were taken.
This is funny? I frequently tell the users what they need and only months after they have it do they realize that it really is what they need.
Sometimes the programmer is in the position of knowing the actual use of the program and having enough experience in the field to know what the users should be asking for.
I also frequently ask people if they really want a feature they requested if it takes a simple problem and makes it far more complicated. Often times the user doesn't know what they want. The customer is often wrong.
Now I'm spending most of my time looking at requirements for a project being implemented by a vendor and I axe requirements from people I work with/for all the time. Most people have a hard time understanding what a concise, actionable requirement is. Most nontechnical people I work with think a requirements specification should be a wish list. We're the customer, and I can say without reservation that we're often asking for what we want, not what we need.
The core of the problem is that more and more people have completely unreasonable expectations. I'm surprised how few people I see around me who are cynical enough to say "show me" when someone makes a preposterous claim.
Companies expect to cut staff year after year without losing productivity. Some organizations are so bloated that this works well the first few passes, but there becomes a point where the results of this approach are harmful. The people looking at the budget figure if they saved 20% on staff expenses over each of the last 2 years, they should do the same thing this year.
Vendors lie. Salespeople lie. Any organization that is purchasing any product, technology or otherwise based on the statements of salespeople and vendors is failing to perform due diligence. I frequently see complaints about products not working as expected, or products being sold under claims that are revealed by technical support to be completely untrue, but only after the purchase has occurred. When this happens, nobody is willing to lose face and increase their losses by taking the vendor to court for outright fraud.
Only the cynical pessimists seem to be successful due to setting expectations low enough that they can be pleasantly surprised with the results. Has IT gotten such a bad shakedown that there aren't enough grizzled old veterans on these projects?
I think someone with a knowledge of radio equipment, antennas, and motive to spend the money on those things would be able to extend the range. Even a range of 5-10 feet would be adequate for an attacker. Taking several attempts at reading the chip would make it pretty easy to reconstruct the number.
I keep seeing references to short distances. That distance is true for a typical receiver. But why would a bad guy limit himself to the off the shelf receiver? It's not even necessary to get the thing all at once since it's a static value. Much better radio equipment in the hands of the attacker seems like it would be all it would take.
The problem with digital media is that there is usually a lot more than the data that needs to be stored. We can look at the past as a reasonable approximation of the dangers that need to be considered in the future as it pertains to digital storage.
The availability of the devices is an important factor. 15 years ago, 5.25" disk drives could be found anywhere. How many people who used them back then could find a drive easily now?
Also, the programs needed to read those files need to be available. 15 years ago everything was in weird proprietary formats. Nowadays we're not much better off.
I have disks that are more than 15 years old that I have no idea if I could get the data from anymore. However, I make a point of making copies of important stuff after making sure it's usable every few years when I have free time.
There are up sides to being a contractor that are often ignored in these situations as well. If contracting isn't right for you, don't do it.
I turned down a pretty respectable full time job where I'm working because I'm making substantially more as a contractor. I've been a contractor for over 2 years at the same place. I don't get any benefits through my employer. However, when I was expected to work 60-80 hours a week for well over a year, I got paid for all of those hours. Many companies hire full time employees to make them work 50-80 hours a week after negotiating a 40 hour/week salary. Now I work 40 hours a week and can take days off to even out the long days just to ensure the budget isn't blown like last year.
Contractor vs full time is a choice you have to make for yourself. They both have their good and bad sides, you just have to know what's important to you and play the system.
The beauty of steganography is that given an infinite supply of "ciphertexts"(spam), you can find a way to prove any message you want. Can we just call DHS now since we already know that we will find messages to/from terrorists "encoded" in spam? Can we use the military for raids on the spammers? Arrests will not be necessary. =)
Wasn't a compromised windows machine in a monitoring role part of a major power outage not that long ago? In order to hold people criminally accountable for negligence, it's necessary to look at much more than the outcome. I don't have a lot of faith in there ever being a legal solution to this kind of problem.
Given the number of computer-security-ignorant people, I think it would take something far more dramatic to make everyone care. Keep in mind that the average juror needed for a conviction is probably just as ignorant as the average user.
Do you think you're representative of an average user? The majority of business ideas are aimed at the majority of potential consumers. I'm a sysadmin and a programmer, so I'm much more inclined against giving up control of my own data. That just means that something that may be useful to most people doesn't appeal to me.
A lot of people download their mail. Though, I have to take exception with the concept of "archived forever" - what's your personal data recovery philosophy? Most people believe in "if my hard drive dies, I lose everything", though they tend not to make that as a conscious choice. I have email going back 10 years. What are the chances that I no longer have the computers or programs needed to run or view some of the stuff I was sent that long ago? I'd say it's very likely that there are attachments that would take considerable work to use. I'm willing to live with that. Again, most people make similar decisions by default, but aren't aware of them.
Fine, "the idea theorized..." would be better wording in this context. Does that change anything? If it's a good idea and there is demand, it will eventually be done. If it's out of touch with the needs of users who will pay for the service, it either won't happen or will come and go like so many other things.
Do you run your own servers to be online 24x7 to collect your email and serve your web pages?
Those people who want to hold onto and control all of their own stuff will still be able to do so.
The proposed solution here would address the vast majority who are happy to give up some control for the convenience of not having to administer their own systems.
I personally wouldn't want everything being held and run by a third party. However, there are many things which are less important to me that I'd be perfectly comfortable with being provided by a third party, especially one with the infrastructure needed to be reliable.
I think this is a relatively common observation. I've walked into conference rooms and turned the TV for the videoconferencing system off. My boss couldn't understand that I *heard* the TV on. I used to walk into my parents house all the time and go directly to the room where someone left one of the computer monitors on and turned it off. My parents thought I was weird.
For the applicants: if you are willing to bend the rules to get information that isn't formally made available to you, Harvard Business School doesn't want you. It doesn't take a lot of people with this mentality to ruin a company.
For Harvard: if you don't protect your data, people will get access to it. Fortunately, academia doesn't matter. In the real world, there could be far more serious ramifications of this kind of situation. If employment decisions were handled like this, there would be lawsuits and government actions.
Compiling from source is ironically the most consistent thing across various unix platforms. There are very few tools that I find require more than a "./configure; make ; make install" and it's been that way for the last 15 years I've been using unix variants.
I like the FreeBSD ports system because it combines platform specific patches and configuration with the benefits of compiling from source. I don't think the average user cares how the programs get installed - a user interface with a progress bar being displayed while the programs are being compiled in the background would probably make quite a few people happy. And something like that could be platform agnostic by setting some basic assumptions about what belongs where.
I noticed over the last week a couple of news clips where they actually showed someone being killed on TV. One was shot in the back of the head and the other was ejected from a car in a crash. These were real live people who died on camera and promptly ended up in the evening news. When I was growing up, that was a big taboo. Now it's just par for the course.
TV is just one aspect, but society as a whole has become more accepting of violence. It's hard to buy into the causation argument since it's not possible to see how much of a factor TV is, and how much comes from other social influences.
Most people aren't software people. Most people do things with their computers. It's only geeks like me who like computers for the sake of computers. All the business people I work with have to use them. They simply do not care about anything other than their needs being met in the most timely, reliable and cost effective manner.
When advocating open source, what problem are you solving? I used to advocate open source solutions for individuals and companies, but now I just give options. I still include open source options where they are a good solution, but that's not always true. People who like to play the newest popular games should probably not be switching to linux. Part of advocacy is knowing when to shut up. Pushing a particular solution to all problems, regardless of requirements is a major turnoff to pretty much everyone.
All security breeches have actual damages. Companies pay people to deal with these things, and those people having to stop what they're doing and focus on a breech is an actual impact with a real cost in dollars.
Some people seem to think that the company had to spend the time securing their systems anyway, so it's a wash. That's not even close to reality. Suits are big into image, so when it becomes publicly known that there was a security breech, they all start chattering like schoolgirls. This gets a lot of them involved and eventually it comes down to the sysadmin who now not only has to fix the security hole, but explain how it happened, what is being done to prevent it in the future, and why each and every other technical thing that isn't understood by a suit, including the coke machine, isn't susceptible to the same vulnerability. From the sysadmin's perspective, this works out to about 2 hours for the fix and 4 weeks until the suits quit chattering about it.
Slashdot Mirror
It's a numbers game. MAPS is only a problem for people who are listed it. It's a solution for others. It's nothing for everyone else.
Spam is irritating when you get a few dozen a week. It's much more serious when you thousands per day. Spam is deliberately destructive to ISP's and other site owners. I've had to clean up servers of my own, friends, and companies I worked for that have been inundated with spam. Spammers will try every possible email address at a domain name. If I collect all undeliverable mail on my domains, I receive in excess of 10,000 pieces of spam to accounts that have never existed EACH DAY.
From a user's perspective, MAPS is a nuisance. From a sysadmin's perspective, it has its audience. As a sysadmin, I don't personally use it, but I understand the appeal of getting rid of so much trash with a little collateral damage. The filtering I use takes a lot more CPU time than a MAPS check would. I often have to wait several minutes to process all the spam if my connection goes down for a couple hours.
Also, it's important to keep in mind that MAPS is voluntary. If anyone is not receiving mail from someone listed in the database, it's because someone made a conscious decision to use it as an authoritative source.
Is that an OSS project? I don't think you'd be able to sell it. Most large companies already have people with an almost spooky ability to recognize traits that could lead to project success and avoid them like the plague.
Apparently 95% of managers will pick all three and result in delivering none of them. This must be some universal law of management. It's very rare that I see exceptions to this rule.
One trend I've noticed with increasing frequency is for a suit to push for an "aggressive schedule" only to move on to another organization before the results of their actions can be felt.
I spent most of last year on a project like this. I personally spent almost 3200 hours on the project, and I know the rest of the staff was working 50-60 hour weeks the entire time. We managed to bring the project to a successful completion on time, but our Manager and his Director were both gone (to the same other part of the company) before the project was due to be delivered. The result of this was that we spent as much money as planning a much more reasonable schedule, but were specifically directed to take short cuts to create a barely workable solution that would create more work in the future.
In the end, a lot of projects either fail or are minimally usable as a result of poor management decisions. The irony is that the decisions are made in the name of saving money, yet the projects cost as much or more than if a more reasonable approach were taken.
This is funny? I frequently tell the users what they need and only months after they have it do they realize that it really is what they need.
Sometimes the programmer is in the position of knowing the actual use of the program and having enough experience in the field to know what the users should be asking for.
I also frequently ask people if they really want a feature they requested if it takes a simple problem and makes it far more complicated. Often times the user doesn't know what they want. The customer is often wrong.
Now I'm spending most of my time looking at requirements for a project being implemented by a vendor and I axe requirements from people I work with/for all the time. Most people have a hard time understanding what a concise, actionable requirement is. Most nontechnical people I work with think a requirements specification should be a wish list. We're the customer, and I can say without reservation that we're often asking for what we want, not what we need.
The core of the problem is that more and more people have completely unreasonable expectations. I'm surprised how few people I see around me who are cynical enough to say "show me" when someone makes a preposterous claim.
Companies expect to cut staff year after year without losing productivity. Some organizations are so bloated that this works well the first few passes, but there becomes a point where the results of this approach are harmful. The people looking at the budget figure if they saved 20% on staff expenses over each of the last 2 years, they should do the same thing this year.
Vendors lie. Salespeople lie. Any organization that is purchasing any product, technology or otherwise based on the statements of salespeople and vendors is failing to perform due diligence. I frequently see complaints about products not working as expected, or products being sold under claims that are revealed by technical support to be completely untrue, but only after the purchase has occurred. When this happens, nobody is willing to lose face and increase their losses by taking the vendor to court for outright fraud.
Only the cynical pessimists seem to be successful due to setting expectations low enough that they can be pleasantly surprised with the results. Has IT gotten such a bad shakedown that there aren't enough grizzled old veterans on these projects?
Thanks for that summary of how it works. That does seem like it would be considerably harder to grab the info than a typical low output transmitter.
I think someone with a knowledge of radio equipment, antennas, and motive to spend the money on those things would be able to extend the range. Even a range of 5-10 feet would be adequate for an attacker. Taking several attempts at reading the chip would make it pretty easy to reconstruct the number.
I keep seeing references to short distances. That distance is true for a typical receiver. But why would a bad guy limit himself to the off the shelf receiver? It's not even necessary to get the thing all at once since it's a static value. Much better radio equipment in the hands of the attacker seems like it would be all it would take.
The problem with digital media is that there is usually a lot more than the data that needs to be stored. We can look at the past as a reasonable approximation of the dangers that need to be considered in the future as it pertains to digital storage.
The availability of the devices is an important factor. 15 years ago, 5.25" disk drives could be found anywhere. How many people who used them back then could find a drive easily now?
Also, the programs needed to read those files need to be available. 15 years ago everything was in weird proprietary formats. Nowadays we're not much better off.
I have disks that are more than 15 years old that I have no idea if I could get the data from anymore. However, I make a point of making copies of important stuff after making sure it's usable every few years when I have free time.
Tell me more about these $100/hr jobs. Also, can I telecommute from work^H^H^H^Hhome for one of these positions? =)
There are up sides to being a contractor that are often ignored in these situations as well. If contracting isn't right for you, don't do it.
I turned down a pretty respectable full time job where I'm working because I'm making substantially more as a contractor. I've been a contractor for over 2 years at the same place. I don't get any benefits through my employer. However, when I was expected to work 60-80 hours a week for well over a year, I got paid for all of those hours. Many companies hire full time employees to make them work 50-80 hours a week after negotiating a 40 hour/week salary. Now I work 40 hours a week and can take days off to even out the long days just to ensure the budget isn't blown like last year.
Contractor vs full time is a choice you have to make for yourself. They both have their good and bad sides, you just have to know what's important to you and play the system.
The beauty of steganography is that given an infinite supply of "ciphertexts"(spam), you can find a way to prove any message you want. Can we just call DHS now since we already know that we will find messages to/from terrorists "encoded" in spam? Can we use the military for raids on the spammers? Arrests will not be necessary. =)
Wasn't a compromised windows machine in a monitoring role part of a major power outage not that long ago? In order to hold people criminally accountable for negligence, it's necessary to look at much more than the outcome. I don't have a lot of faith in there ever being a legal solution to this kind of problem.
Given the number of computer-security-ignorant people, I think it would take something far more dramatic to make everyone care. Keep in mind that the average juror needed for a conviction is probably just as ignorant as the average user.
Do you think you're representative of an average user? The majority of business ideas are aimed at the majority of potential consumers. I'm a sysadmin and a programmer, so I'm much more inclined against giving up control of my own data. That just means that something that may be useful to most people doesn't appeal to me.
A lot of people download their mail. Though, I have to take exception with the concept of "archived forever" - what's your personal data recovery philosophy? Most people believe in "if my hard drive dies, I lose everything", though they tend not to make that as a conscious choice. I have email going back 10 years. What are the chances that I no longer have the computers or programs needed to run or view some of the stuff I was sent that long ago? I'd say it's very likely that there are attachments that would take considerable work to use. I'm willing to live with that. Again, most people make similar decisions by default, but aren't aware of them.
Fine, "the idea theorized..." would be better wording in this context. Does that change anything? If it's a good idea and there is demand, it will eventually be done. If it's out of touch with the needs of users who will pay for the service, it either won't happen or will come and go like so many other things.
Do you run your own servers to be online 24x7 to collect your email and serve your web pages?
Those people who want to hold onto and control all of their own stuff will still be able to do so.
The proposed solution here would address the vast majority who are happy to give up some control for the convenience of not having to administer their own systems.
I personally wouldn't want everything being held and run by a third party. However, there are many things which are less important to me that I'd be perfectly comfortable with being provided by a third party, especially one with the infrastructure needed to be reliable.
I think this is a relatively common observation. I've walked into conference rooms and turned the TV for the videoconferencing system off. My boss couldn't understand that I *heard* the TV on. I used to walk into my parents house all the time and go directly to the room where someone left one of the computer monitors on and turned it off. My parents thought I was weird.
There's two lessons here:
For the applicants: if you are willing to bend the rules to get information that isn't formally made available to you, Harvard Business School doesn't want you. It doesn't take a lot of people with this mentality to ruin a company.
For Harvard: if you don't protect your data, people will get access to it. Fortunately, academia doesn't matter. In the real world, there could be far more serious ramifications of this kind of situation. If employment decisions were handled like this, there would be lawsuits and government actions.
It's an easy target. Using hardware against people who only know how to react to software. They're defenseless.
Compiling from source is ironically the most consistent thing across various unix platforms. There are very few tools that I find require more than a "./configure; make ; make install" and it's been that way for the last 15 years I've been using unix variants.
I like the FreeBSD ports system because it combines platform specific patches and configuration with the benefits of compiling from source. I don't think the average user cares how the programs get installed - a user interface with a progress bar being displayed while the programs are being compiled in the background would probably make quite a few people happy. And something like that could be platform agnostic by setting some basic assumptions about what belongs where.
It does save water. The important trick is that you need to get dirty first, which can be done outside the shower.
Video games and TV made me violent. That's certainly my story if I ever end up getting busted for some violent crime.
I noticed over the last week a couple of news clips where they actually showed someone being killed on TV. One was shot in the back of the head and the other was ejected from a car in a crash. These were real live people who died on camera and promptly ended up in the evening news. When I was growing up, that was a big taboo. Now it's just par for the course.
TV is just one aspect, but society as a whole has become more accepting of violence. It's hard to buy into the causation argument since it's not possible to see how much of a factor TV is, and how much comes from other social influences.
Most people aren't software people. Most people do things with their computers. It's only geeks like me who like computers for the sake of computers. All the business people I work with have to use them. They simply do not care about anything other than their needs being met in the most timely, reliable and cost effective manner.
When advocating open source, what problem are you solving? I used to advocate open source solutions for individuals and companies, but now I just give options. I still include open source options where they are a good solution, but that's not always true. People who like to play the newest popular games should probably not be switching to linux. Part of advocacy is knowing when to shut up. Pushing a particular solution to all problems, regardless of requirements is a major turnoff to pretty much everyone.
All security breeches have actual damages. Companies pay people to deal with these things, and those people having to stop what they're doing and focus on a breech is an actual impact with a real cost in dollars.
Some people seem to think that the company had to spend the time securing their systems anyway, so it's a wash. That's not even close to reality. Suits are big into image, so when it becomes publicly known that there was a security breech, they all start chattering like schoolgirls. This gets a lot of them involved and eventually it comes down to the sysadmin who now not only has to fix the security hole, but explain how it happened, what is being done to prevent it in the future, and why each and every other technical thing that isn't understood by a suit, including the coke machine, isn't susceptible to the same vulnerability. From the sysadmin's perspective, this works out to about 2 hours for the fix and 4 weeks until the suits quit chattering about it.