As a juror, I would have a hard time voting to convict a person for such an offense. There is very little you can do legally against spammers, so just as the legal system turns a blind eye to their actions, there's nothing wrong with doing the same to vigilantes going after them.
I'll bet someone could draw some pretty reasonable conclusions from all of the non-regulated information. Even if they're wrong in their assumptions, they can still misuse the information. If you know someone listens to country or rap, there's probably correlations with skin color and religion that you can draw.
By wanting people who have the least character, it fits with the trend of hiring more mediocre people based on cost and risk avoidance rather than abilities. 10% of the ability for 70% of the cost sounds like a good deal if there's a negligible chance that the person will embarrass the company. Unless, of course, you count the bad PR associated with gross incompetence. 9 out of 10 people we interview outright lie on their resumes about their experience with computers, so good thing we'll have a new tool to nail that last guy with.
I wonder how many people see it as an absurd tongue-in-cheek comment as opposed to a simple observation of the dumbing down of society. It just seemed like a good opportunity to illustrate how sometimes profanity can be interchangeable with the more descriptive terms.
While I like to inquire if someone is genetically predisposed to suboptimal performance, is that likely to be understood as well as saying "are you a retard?"
my sister is quite possibly the most selfish and arrogant person to walk this planet
This is the kind of unnecessarily wordy language that confuses young kids. It's much easier and more accurate to say "my sister is a bitch" which everyone understands more clearly.
Today's children aren't potty mouths, they're just much more efficient in their usage of words. Why sugar coat something when the efficient bad words are commonly accepted?
Everyone can see the world going to hell around them, so it would simply be misleading for kids to say "we will be burdened by the out of control debts of our predecessors" when everyone knows it's more accurate and succinct to simply say "we're fucked."
In my experience, the ego problems go with the people who proclaim themselves as experts, not the ones who everyone else points to as the real experts. Mature geeks recognize ways to benefit from everyone available. The lowly grunt that watches a screen and follow scripts to make red things turn green reduces the number of times the uber-geek gets paged to resolve problems. The DBA may be able to take a program that's running slowly and speed it up significantly all behind the scenes in the database.
I worked with a team of smart people implementing a data warehouse and all of the related components on a very short timeline. All of us had our own different areas of expertise, but working together could get the overall best result by trying to one up each other. Our DBA said we needed the SAN configured as RAID 10 instead of RAID 5 for performance. I showed him that using his realistic test cases, it resulted in a 5% increase in performance for a 50% cost in available space, so he acknowledged that it was a poor trade off given our resources. When you have the right kind of people working together, they'll recognize the right solution when they see it, and it's not going to matter who did what. At the end of the day, a good team will succeed because the focus is on achieving the goal, not stroking someone's childish ego. The trick is finding people who have the experience to know that it's ok to say "I don't know, but can figure it out if no one else knows".
While the composition in the article is TV based, there's something to the different types of personalities it takes to build a strong team. I think the key point is something I tell people all the time - failure isn't an option, it's a lifestyle. Failure is what you are when you give up, everything before that is an unscheduled learning experience. Building a team of strong people just takes the ability to recognize people who don't give up and don't need someone constantly harping on them to keep going.
It's shocking to people who believe that god is some guy who killed everyone in a flood in the world's largest temper tantrum. Makes perfect sense for those who see god as the all encompassing thing we explain as nature and the universe. God's the universal science catch all. If you believe in the big bang, where did that come from? God's as good of an answer as anyone else has.
Running Nessus produces numbers. Those numbers are then the metrics which management uses to judge how well people are doing their jobs. Lower numbers are always good and higher numbers are always bad.
Comprehension of what the numbers represent, or if they're accurate, is not really relevant from a management perspective. If you show that your numbers are small and keep getting smaller, then any security vulnerability can't be your fault, because the magic number machine says your compliant. It's the same thinking that says anyone who got a free virus scanner installed on their computer when they bought it 7 years ago is intrinsically safe.
Tools like Nessus can be useful from a technical perspective, but far more often are used for political reasons.
I gave up on trying to educate auditors. They often have the logical reasoning capability of a brick, without the value of being a building material. Compliance auditing is about reducing a complex set of circumstances and requirements into simple numbers. Comprehension of the underlying issues is not a job requirement.
The reason why that's a checklist item is that 99+% of users are have access to, but not knowledge required to set a umask, therefore making your point moot.
My recent favorite audit vulnerability was mode 644 on wtmpx. If someone has an account on a system (which is already limited to legitimate need anyway), I'm not deeply concerned if they can find out who has recently logged into the server. In fact, I'd rather that simple troubleshooting be done by unprivileged users, some of which fall into the 99+%, rather than requiring they get root access to look at harmless information.
The best part is when one compliance program says that SSHD should have PermitRootLogin=No, but another group needs it to be Yes to allow all of the root passwords to be centrally managed to meet some other compliance requirement.
PRINTER_LINEFEED would be a reasonable name for 013, but a horrible name for 0x13. Reminds me of this guy I used to work with who always knew the right thing, but always did the wrong thing for "job security". =)
We recently had to upgrade from Office 2003 to 2007 at work. Everyone agrees that the new interface is far less intuitive and provides no benefit. The only benefit of the new interface is that it's so foreign to everyone that someone who learned on Office 2007 would have a harder time switching to Open Office. I really don't think that GUI design change was motivated by any customer input.
There's more overlap than you may think. Geek Squad caters to many Windows users. Anyone on Slashdot running Windows knows that prayers are a big part of it continuing to work on a day to day basis.
Vaporizing stuff on orbit with a high powered laser sounds like a cool idea, but you're going to end up putting someone's eye out 4 light years away. Sure, lets find out if there are aliens by trying to blind their kids. =)
OpenSolaris provides insight into the directions Solaris is going. I've used my experience with OpenSolaris at home to discuss possible future directions at work once the features work into mainstream Solaris. OpenSolaris is to Solaris what Fedora is to RedHat Enterprise Linux. Giving your customers a chance to preview what's up and coming gives them an opportunity to suggest a direction before it's in the mainstream release. Sure, a lot of deadbeats benefit from making the OS freely available, but getting contributions from the unpaid community and giving your customers reasons to promote your products should be a good enough benefit to justify the business case to keep it going.
I work for a hosting group in a large financial services company. We have over a thousand Linux and Solaris systems we support, with more being added all the time. We have numerous internal groups that need large Oracle databases on Solaris and we're happy to provide that. The people who write standards for the company are telling us to move away from Solaris and either move to Oracle on Linux, or for large databases, go to DB2 on AIX. When we're being told to drop Solaris, we really need something compelling to argue in favor of keeping it around. That is going to be much harder with Oracle's tight lipped approach to letting customers know what's coming up.
At home, I run OpenSolaris using ZFS for all of my storage. I run Ubuntu under VirtualBox to get all of the benefits of ZFS on the hardware with the more user friendly features of Ubuntu as a desktop. This is working out great for my whole family. Unfortunately, it looks like I'm going to have to look for another OS for the bottom of the stack since Oracle appears to be dropping it entirely.
OpenSolaris may not be a direct money maker for Oracle, but it has a very real contribution to their bottom line. With an enterprise database, you can get away with being secretive about everything. With an operating system that is much more widely used, that approach is not wise. Unfortunately, Oracle probably won't realize that until they've permanently lost several large customers.
For those who want to purchase tickets for N specific people and can provide their names to associate with the tickets, sell them however many tickets they want.
For people who want transferable tickets, limit each purchaser to a reasonable number of transferable tickets, like 5. Ticketmaster would probably make the transferable tickets another $5-10 more each. If you have 30 friends who need tickets, don't have names, and you can't come up with 5 other friends with credit cards to also buy tickets, doom on you.
If you want refundable airline tickets, the prices are higher than the non-refundable ones. There's no reason the same model couldn't be used here to make everyone happy enough.
The problem with promoting an ideal solution involving special hardware and digital signatures is adoption. Most consumers do not want to pay for security, which means it would require a solution that has to be funded by people who are in business, and therefore unwilling to incur an unnecessary expense. Until the vast majority of merchants use better security, there's little incentive for anyone to convert. And profits will prevent companies like Visa from telling merchants to convert to get out.
Interactive communication with the customer, even if it has fundamental flaws, is a vast improvement over the current system. The key to adoption is minimizing the arguments against a new technology (like cost) while focusing on its benefits.
The malware you're concerned with would be targeting individuals to get their keys, which means each individual would have input on their security. That would be a lot better than the current system where shared secrets can be exploited by every single entity you share those secrets with. I agree that using cell phones is lame, but history shows us that using the best solution as an argument for not implementing a better solution guarantees that the status quo will not change.
I've had the same security desires out of financial institutions for the last 20 years, but in that time I've seen very little progress because nobody wants to support incremental improvements. The only improvement I've seen in that time is one time use card #'s, while the number of ways to exploit the fundamental existing problems has grown substantially.
If only there were some common device that people just carried with them which could display short text messages and have a number pad or keyboard for a simple response. Perhaps something that could be used for more than just payment authentication so people wouldn't leave it at home.
The technology already exists to solve the problem. Creating applications for a wide variety of mobile phones exists today. However, fraud is not a technical problem, it is a political one. Fraud is political capital. The losses (real, imaginary and potential) are used as justification for the fees and high interest rates.
Back in my day, we didn't have to pay for domains. They were free, you just set up a couple of name servers and emailed in a form. I remember sending uunet $50 back then, not for the domain, but for them to set up a couple of name servers to be authoritative for the domain. When I had my own machines on the net, I provided name servers for free so others could get domains without spending a penny.
The contract terms protect those stupid people, aka customers from their own ignorance. At a minimum, EMI should have to contact everyone who ever bought one of those songs individually and provide the rest of the album free of charge. If they have to pay royalties on the album price and only got income based on the single track price, that would give them an incentive to honor their contracts in the future.
99% seems a bit high. I would be surprised if more than 20% of companies that are still in business today are stupid enough to put HR in charge of screening.
People should put their best foot forward on their resume. If education is all you have going for you, put it first. Once you have professional experience that matters, put that first. Most people don't read past the first page of a resume, so useful experience on the first page is more likely to get an interview than whatever education someone has listed at the end of their resume.
I've been responsible for hiring dozens of people over the years and education has never been all that useful as a metric. What school someone attended and whether or not they graduated doesn't seem to have any correlation with their ability to solve real world problems. Education only introduces people to subjects, it doesn't ensure comprehension. Which is more interesting - a programmer who has proven that he can complete assignments on time, or one who has demonstrated in the real world that he can take a vaguely defined problem and produce a working solution without 30 other people working on the exact same problem that he can go to for help?
Slashdot Mirror
I think he is the only one. All of these other posters were at our staff meeting yesterday.
As a juror, I would have a hard time voting to convict a person for such an offense. There is very little you can do legally against spammers, so just as the legal system turns a blind eye to their actions, there's nothing wrong with doing the same to vigilantes going after them.
I'll bet someone could draw some pretty reasonable conclusions from all of the non-regulated information. Even if they're wrong in their assumptions, they can still misuse the information. If you know someone listens to country or rap, there's probably correlations with skin color and religion that you can draw.
By wanting people who have the least character, it fits with the trend of hiring more mediocre people based on cost and risk avoidance rather than abilities. 10% of the ability for 70% of the cost sounds like a good deal if there's a negligible chance that the person will embarrass the company. Unless, of course, you count the bad PR associated with gross incompetence. 9 out of 10 people we interview outright lie on their resumes about their experience with computers, so good thing we'll have a new tool to nail that last guy with.
I wonder how many people see it as an absurd tongue-in-cheek comment as opposed to a simple observation of the dumbing down of society. It just seemed like a good opportunity to illustrate how sometimes profanity can be interchangeable with the more descriptive terms.
While I like to inquire if someone is genetically predisposed to suboptimal performance, is that likely to be understood as well as saying "are you a retard?"
my sister is quite possibly the most selfish and arrogant person to walk this planet
This is the kind of unnecessarily wordy language that confuses young kids. It's much easier and more accurate to say "my sister is a bitch" which everyone understands more clearly.
Today's children aren't potty mouths, they're just much more efficient in their usage of words. Why sugar coat something when the efficient bad words are commonly accepted?
Everyone can see the world going to hell around them, so it would simply be misleading for kids to say "we will be burdened by the out of control debts of our predecessors" when everyone knows it's more accurate and succinct to simply say "we're fucked."
In my experience, the ego problems go with the people who proclaim themselves as experts, not the ones who everyone else points to as the real experts. Mature geeks recognize ways to benefit from everyone available. The lowly grunt that watches a screen and follow scripts to make red things turn green reduces the number of times the uber-geek gets paged to resolve problems. The DBA may be able to take a program that's running slowly and speed it up significantly all behind the scenes in the database.
I worked with a team of smart people implementing a data warehouse and all of the related components on a very short timeline. All of us had our own different areas of expertise, but working together could get the overall best result by trying to one up each other. Our DBA said we needed the SAN configured as RAID 10 instead of RAID 5 for performance. I showed him that using his realistic test cases, it resulted in a 5% increase in performance for a 50% cost in available space, so he acknowledged that it was a poor trade off given our resources. When you have the right kind of people working together, they'll recognize the right solution when they see it, and it's not going to matter who did what. At the end of the day, a good team will succeed because the focus is on achieving the goal, not stroking someone's childish ego. The trick is finding people who have the experience to know that it's ok to say "I don't know, but can figure it out if no one else knows".
While the composition in the article is TV based, there's something to the different types of personalities it takes to build a strong team. I think the key point is something I tell people all the time - failure isn't an option, it's a lifestyle. Failure is what you are when you give up, everything before that is an unscheduled learning experience. Building a team of strong people just takes the ability to recognize people who don't give up and don't need someone constantly harping on them to keep going.
Even worse, every lost packet costs you real money. Network collisions could bankrupt you.
It's shocking to people who believe that god is some guy who killed everyone in a flood in the world's largest temper tantrum. Makes perfect sense for those who see god as the all encompassing thing we explain as nature and the universe. God's the universal science catch all. If you believe in the big bang, where did that come from? God's as good of an answer as anyone else has.
Running Nessus produces numbers. Those numbers are then the metrics which management uses to judge how well people are doing their jobs. Lower numbers are always good and higher numbers are always bad.
Comprehension of what the numbers represent, or if they're accurate, is not really relevant from a management perspective. If you show that your numbers are small and keep getting smaller, then any security vulnerability can't be your fault, because the magic number machine says your compliant. It's the same thinking that says anyone who got a free virus scanner installed on their computer when they bought it 7 years ago is intrinsically safe.
Tools like Nessus can be useful from a technical perspective, but far more often are used for political reasons.
I gave up on trying to educate auditors. They often have the logical reasoning capability of a brick, without the value of being a building material. Compliance auditing is about reducing a complex set of circumstances and requirements into simple numbers. Comprehension of the underlying issues is not a job requirement.
The reason why that's a checklist item is that 99+% of users are have access to, but not knowledge required to set a umask, therefore making your point moot.
My recent favorite audit vulnerability was mode 644 on wtmpx. If someone has an account on a system (which is already limited to legitimate need anyway), I'm not deeply concerned if they can find out who has recently logged into the server. In fact, I'd rather that simple troubleshooting be done by unprivileged users, some of which fall into the 99+%, rather than requiring they get root access to look at harmless information.
The best part is when one compliance program says that SSHD should have PermitRootLogin=No, but another group needs it to be Yes to allow all of the root passwords to be centrally managed to meet some other compliance requirement.
PRINTER_LINEFEED would be a reasonable name for 013, but a horrible name for 0x13. Reminds me of this guy I used to work with who always knew the right thing, but always did the wrong thing for "job security". =)
The scientist. It would be inhumane to run these tests on a live child.
We recently had to upgrade from Office 2003 to 2007 at work. Everyone agrees that the new interface is far less intuitive and provides no benefit. The only benefit of the new interface is that it's so foreign to everyone that someone who learned on Office 2007 would have a harder time switching to Open Office. I really don't think that GUI design change was motivated by any customer input.
There's more overlap than you may think. Geek Squad caters to many Windows users. Anyone on Slashdot running Windows knows that prayers are a big part of it continuing to work on a day to day basis.
Vaporizing stuff on orbit with a high powered laser sounds like a cool idea, but you're going to end up putting someone's eye out 4 light years away. Sure, lets find out if there are aliens by trying to blind their kids. =)
OpenSolaris provides insight into the directions Solaris is going. I've used my experience with OpenSolaris at home to discuss possible future directions at work once the features work into mainstream Solaris. OpenSolaris is to Solaris what Fedora is to RedHat Enterprise Linux. Giving your customers a chance to preview what's up and coming gives them an opportunity to suggest a direction before it's in the mainstream release. Sure, a lot of deadbeats benefit from making the OS freely available, but getting contributions from the unpaid community and giving your customers reasons to promote your products should be a good enough benefit to justify the business case to keep it going.
I work for a hosting group in a large financial services company. We have over a thousand Linux and Solaris systems we support, with more being added all the time. We have numerous internal groups that need large Oracle databases on Solaris and we're happy to provide that. The people who write standards for the company are telling us to move away from Solaris and either move to Oracle on Linux, or for large databases, go to DB2 on AIX. When we're being told to drop Solaris, we really need something compelling to argue in favor of keeping it around. That is going to be much harder with Oracle's tight lipped approach to letting customers know what's coming up.
At home, I run OpenSolaris using ZFS for all of my storage. I run Ubuntu under VirtualBox to get all of the benefits of ZFS on the hardware with the more user friendly features of Ubuntu as a desktop. This is working out great for my whole family. Unfortunately, it looks like I'm going to have to look for another OS for the bottom of the stack since Oracle appears to be dropping it entirely.
OpenSolaris may not be a direct money maker for Oracle, but it has a very real contribution to their bottom line. With an enterprise database, you can get away with being secretive about everything. With an operating system that is much more widely used, that approach is not wise. Unfortunately, Oracle probably won't realize that until they've permanently lost several large customers.
The solution seems really simple:
For those who want to purchase tickets for N specific people and can provide their names to associate with the tickets, sell them however many tickets they want.
For people who want transferable tickets, limit each purchaser to a reasonable number of transferable tickets, like 5. Ticketmaster would probably make the transferable tickets another $5-10 more each. If you have 30 friends who need tickets, don't have names, and you can't come up with 5 other friends with credit cards to also buy tickets, doom on you.
If you want refundable airline tickets, the prices are higher than the non-refundable ones. There's no reason the same model couldn't be used here to make everyone happy enough.
I choose evil of my own free will. I see the signs that say the speed limit is 40, but I'm always going 50-55. I know it's wrong, but I do it anyway.
A wise man once said "now you see that evil will always triumph because good is dumb."
The problem with promoting an ideal solution involving special hardware and digital signatures is adoption. Most consumers do not want to pay for security, which means it would require a solution that has to be funded by people who are in business, and therefore unwilling to incur an unnecessary expense. Until the vast majority of merchants use better security, there's little incentive for anyone to convert. And profits will prevent companies like Visa from telling merchants to convert to get out.
Interactive communication with the customer, even if it has fundamental flaws, is a vast improvement over the current system. The key to adoption is minimizing the arguments against a new technology (like cost) while focusing on its benefits.
The malware you're concerned with would be targeting individuals to get their keys, which means each individual would have input on their security. That would be a lot better than the current system where shared secrets can be exploited by every single entity you share those secrets with. I agree that using cell phones is lame, but history shows us that using the best solution as an argument for not implementing a better solution guarantees that the status quo will not change.
I've had the same security desires out of financial institutions for the last 20 years, but in that time I've seen very little progress because nobody wants to support incremental improvements. The only improvement I've seen in that time is one time use card #'s, while the number of ways to exploit the fundamental existing problems has grown substantially.
If only there were some common device that people just carried with them which could display short text messages and have a number pad or keyboard for a simple response. Perhaps something that could be used for more than just payment authentication so people wouldn't leave it at home.
The technology already exists to solve the problem. Creating applications for a wide variety of mobile phones exists today. However, fraud is not a technical problem, it is a political one. Fraud is political capital. The losses (real, imaginary and potential) are used as justification for the fees and high interest rates.
Back in my day, we didn't have to pay for domains. They were free, you just set up a couple of name servers and emailed in a form. I remember sending uunet $50 back then, not for the domain, but for them to set up a couple of name servers to be authoritative for the domain. When I had my own machines on the net, I provided name servers for free so others could get domains without spending a penny.
The contract terms protect those stupid people, aka customers from their own ignorance. At a minimum, EMI should have to contact everyone who ever bought one of those songs individually and provide the rest of the album free of charge. If they have to pay royalties on the album price and only got income based on the single track price, that would give them an incentive to honor their contracts in the future.
Now all of the trolls who only speak english will be able to harass other cultures around the world. Thank someone for that miracle.
99% seems a bit high. I would be surprised if more than 20% of companies that are still in business today are stupid enough to put HR in charge of screening.
People should put their best foot forward on their resume. If education is all you have going for you, put it first. Once you have professional experience that matters, put that first. Most people don't read past the first page of a resume, so useful experience on the first page is more likely to get an interview than whatever education someone has listed at the end of their resume.
I've been responsible for hiring dozens of people over the years and education has never been all that useful as a metric. What school someone attended and whether or not they graduated doesn't seem to have any correlation with their ability to solve real world problems. Education only introduces people to subjects, it doesn't ensure comprehension. Which is more interesting - a programmer who has proven that he can complete assignments on time, or one who has demonstrated in the real world that he can take a vaguely defined problem and produce a working solution without 30 other people working on the exact same problem that he can go to for help?