I was totally not expecting Zeroconf support from a printer at that price point. I was very surprised when I went to save a receipt for an online purchase to PDF from my Mac (thus invoking the print dialog) and saw the printer as an option even though I had not set anything up in print center yet.
It definitely draws less power than the LJ4, and to all evidence does not suffer from the same problems with the fuser rollers that my original LJ4 did.
I picked up a brother hl-5170dn. It's network ready, comes with zeroconf (bonjour in the apple world) and includes postscript and PCL emulation. The web configuration interface is quite nice, it's "just worked" with my Mac, Windows and Linux boxes, and is readily available for under $300. And as a bonus, it has a built-in duplexer. It is black-and-white only and has its toner and drum separate. (Which is a good thing, since drums generally outlast toner, and this lets you replace them separately without resorting to dodgy refilled toner).
Do be sure to download and use Brother's.ppd files for best results. The postscript emulation, while good, isn't perfect. Using their.ppd files seems to take care of all the rough edges I encountered.
I'm admittedly a rather light user in terms of volume. But after going through a ream of paper or so I'm still on the cartridge that shipped with the printer. YMMV of course.
There may be a newer better model than this one, but I haven't tried it and this one is clearly still available. I was initially a little nervous about moving away from canon engines, but I have been quite pleased after about a year.
ha! though i think they're worse, i've long referred to gulls as "ocean pigeons". glad to see I'm not the only one who hates them:-). (stupid tourists feed them too...)
Instead of pitching a fit about new Microsoft software, why don't "I.T. Managers" do their jobs and manage the damn I.T.? Really. There are complex problems in I.T. for large businesses, but this is absolutely not one of them. Microsoft has given them the ability to manage software isntallations for years now. It's very simple, really. Users who cannot be trusted to install software like "Private Folder" without exposing the enterprise to increased risk of data loss should not have permission to install software. Full stop.
Is it really easier to shout at Microsoft than restrict users? Because shouting at Microsoft won't prevent users from using the dozens of equivalent apps available for download from other companies unless you also restrict users appropriately.
I was looking into something similar for a Soekris-based project recently. ProtoCase looks promising. I haven't actually placed my order, so I can't comment on quality just now. I did download their software and do a quick design to estimate costs. Looks like, for a typical soekris-sized project with a couple serial ports and a couple ethernet ports I'd be facing approx. $130/unit in very small quantities with about $70 in one-time setup fees.
These guys have also occasionally been recommended on soekris-tech, and also offer free software to help you design and submit projects to them.
So for example, if you uploaded FUNNY.JPG, and were to calculate last month's earnings:
eefoof image hits for the month: 10,000 FUNNY.JPG hits for the month: 100 eefoof image ad revenue: $1,000 FUNNY.JPG revenue earned: $10.00 eefoof's expenses $5.00 FUNNY.JPG earned you: $5.00
You're getting 1%, they're getting 99%. Fair enough, maybe, depending on your other options for making money from your videos. I haven't looked into that. What jumped out at me is that then their expenses come out of YOUR 1% rather than their 99%. What a deal. The RIAA has taught them well. Next up, eefoof will be deducting packaging fees and a breakage reduction from your cut.
(which *was* around 2003 or so) jPOS looked to be the best avaiable OSS solution. We were looking at a big custom development job anyway, though, and that appeared to be the best (open or closed) platform for custom development. If you're looking for something a bit more "out of the box", we never found anything open that went that direction. This looks promising, though.
For the "hackable devices in general" you seek, this controller looks really cool. This presentation also gives some cool, potentially less expensive ideas.
If someone comes up to you and demands the source code rudely, you can politely tell them to fetch the code from the same place you got it from. You can send source files for anything you have changed or added.
The angry user cannot legally sue you since they do not own the rights to the source code. The chances are the original programmer won't try to sue you either. They would have nothing to gain by doing so, unless you are making tons of money from your distribution (and if so, you can afford to mirror the entire source code). As long as you are reasonable you should be fine.
Did you RTFA? The FSF, who is the copyright holder for much of the code distributed with MEPIS, demanded that the distributor of MEPIS comply with their license. They own the rights to the source code. They can legally sue. Only they can say whether they will sue or not, but a nastygram from them certainly seems to indicate that they might, if necessary, sue to stop you from infringing on their copyrights should you fail to do so voluntarily.
Not if the worm author used B::Bytecode and deleted the perl source on first run. It'd be about as hard to read as a compiled worm. It's possible that more folks have the skills to disassemble and understand perl bytecode, but I'm not confident in that.
But there's a proper way to get anonymity, and it doesn't involve providing false information to your registrar. I use an anonymizing service with a couple of my domains (it's cheap too!) that provides valid information but doesn't reveal my identity. I'm sure something equivalent exists for.ca domains, though it's no lock that it's as cheap. These means of keeping your identity confidential fit within the registrars' frameworks and protect you cancellation by a malicious entity. If there's nothing illegal about your site, the anonymity is as good as providing false information. Maybe better, being that, having violated no rules, your registrar is actually incented not to give up your info, if you're doing nothing illegal. Anonymity is legitimate, but you need to play by the rules to stay online.
And for what it's worth I don't think knowing any particular syntax is ever a good measure of programming aptitude, it can only be a measure of experience in a particular paradigm.
I agree. My question was intended to get at "do you really understand pointers and how to use them" in a concrete way rather than to quiz anyone on syntax. It's only intended to measure aptitude inasmuch as "understanding indirection" == "programming aptitude". If someone (and many aren't) is not absolutely comfortable with pointers and references I don't want them writing c++ in my shop:-). Even if they are, it's not automatic.
You'd really be surprised how many times people list "c++ expert" on their resumes and are completely unable to explain the difference between a pointer and a reference.
Using C# is a far call from using VB, even if it is VB.NET.
I'll give you that it's a far call from VB 6. But what makes it a far call from VB.NET in your opinion? I like C# much better because the syntax is much more familiar to me, but the appropriate uses for each as well as the capabilities of each seem largely similar to me. Performance is identical. So what does C# buy someone whose mind hasn't been molded by 15 years of C/C++, apart from mono's c# implementation being more mature than its VB.NET implementation (a consideration if cross-platform concerns are important)?
Joel Spolsky explained why CityDesk, written by a shop populated entirely by highly qualified C++ coders, is 95% VB. He has a frank discussion of VB's pros and cons as a development tool, and you may find that many points he discusses will resonate with you as you develop your reasoning. Even if you don't come to the same conclusion he does, it's an excellent discussion of just the topic you propose.
Really, reading his argument in the context of having a bunch of C++ coders build a nice Windows app in 2006, I think I'd probably conclude that C# was the way to go, as opposed to VB. But keep in mind that C#.NET and VB.NET are more alike than they are different. For most apps, the arguments for managed code (VB or other) are very potent.
My take: If you and every single developer on your team can't instantly see and explain the differences between the 4 arguments to this function:
If you all can, think really hard about why you want to spend your talent managing memory instead of doing things that'll really make your application shine. (There are reasons. They don't apply to most apps.)
If you're actually in a secured area, you don't bring in external computers, flash drives, iPods, cell phones, etc. (Though some of them will let you bring your cell in if you check the battery at the door.) The problem is those places that want to give the feel of being secure installations but aren't really, so they'll ban cameras but let you bring your own cell in, etc. Those tend to have no place to check them at the door, either:-P
Those are the places that have me continuing to reject camera phones when I order cells.
I read that link, and that's actually the one that made me think they might be vulnerable. It's clear that they aren't affected by this particular stream of bytes that compromises RealVNC. i.e. They're not impacted by the proof of concept. That says nothing about whether they're vulnerable to he same attack. Dig around on the site a little, though for details of the vulnerability and you'll see that the finder doesn't currently understand it.
Given that the flaw finder does not understand why his stream of bytes affects RealVNC the way it does, it's quite possible that a slight modification to his exploit will affect the others. Better phrasing would've been "Don't assume they're not vulnerable," I suppose. You just shouldn't assume you don't have a flaw simply because a PoC exploit doesn't work against you unless the exploit is understood. Others have been burned this way before. (e.g. PoC works against 2k but not XP, XP is touted as "not vulnerable", someone who understands the flaw finds the right offset and XP is suddenly vulnerable too)
only RealVNC is affected, which is a crappy vnc anyway. TightVnc and better yet UltraVNC are far ahead of RealVNC, neither of which are affected btw.
I wouldn't assume they aren't affected by this. They very likely aren't, but it looks like this guy stumbled upon the flaw as he was implementing an independent VNC viewer from the VNC specification. It doesn't sound like he really has his mind around why RealVNC is affected, so it'd be prudent to assume that they are. (i.e. Once he understands why the attack works he may be able to produce one easily against TightVNC and UltraVNC.)
At any rate, if you operate your VNC service in a reasonable configuration, you're safe. By "reasonable configuration" I mean listening only on 127.0.0.1 so that people have to connect via ssh or client-authenticated stunnel to get to it. VNC authentication is not safe on an untrusted connection. And you shouldn't trust your connection unless your network is so small and has such well-controlled access that you can physically inspect every device on it in <30 minutes with absolute certainty that you haven't missed any.
Encryption for VOIP won't help in many scenarios that LEAs are interested in. If you're calling a land line from your VOIP connection, the end point on the land line won't be able to decrypt the conversation, so even if all of the VOIP traffic is encrypted you'll have to go to the PSTN in the clear. AIUI, that's what they mean by "interconnected".
I don't notice the bandwidth difference, but I see a huge difference (on some pages) in the time it takes to display pages on my 3Mbps DSL line. The way some pages are written, browsers can't render the page until they've fetched the ads. IIRC it has something to do with sizes not being included in an img tag...
Some of the ad servers are quite slow to respond, and I can see my browser waiting for ads.mediaplex.com or some such. If I configure a proxy to remove all references to these servers, pages load much faster even though the bandwidth difference is negligible. So for me, 50% of the joy of blocking ads is the latency difference, not the bandwidth difference.
But to address OP's point, they can't tell whether you've fetched the image or not in anything resembling real time if they don't host the image themselves. So it's not incompetence alone that prevents them from noticing this, it's the desire of ad providers to track their own stats rather than trust LJ to do so themselves. Well, that and the desire of the ad providers to be able to send cookies to your site and track you across different sites, which they couldn't do unless you make an HTTP request to the ad provider...
So why is the Linux machine ($824, monitor and burner sold separately) more expensive than the Windows machine if Linux is free software? And why are Linux machines available only from "small business" and not "home office"?
Excellent question for Dell, especially given that the Linux models with monitors are the same price as their Windows counterparts. I have no idea what their answer would be, as I don't buy dell and only posted a link when you asked about Dell.
No, I can't: "This bundle is only available to UK customers." Any corresponding offer for people in Canada or the United States who cannot afford such a "business trip"? Which Google keywords should I try?
There's a similar deal here. I forget the exact keywords I used, but something like +linux +thinkpad +preinstall.
Are these boxes on display in the brick-and-mortar stores, or does one have to already know about the (poorly advertised) offer, already have a computer, and already have Internet access in order to buy one?
I don't know about Sears. I'm pretty sure you have to find the offer on walmart.com, not in the stores. The microcenter and the staples near me have the Linspire boxes available in the stores but I couldn't find them online to include in my links.
"My local market" doesn't seem to have a lot of entry-level IT job openings in careerbuilder.com. I've been looking for a job for three years; have I wasted three years of my life on the newspaper and careerbuilder.com?
I have no idea what your local market is, but I can tell you that for the last 5 hires (spread over 7 months) I've been involved with (only 2 could rightly be called entry-level) we didn't post in either of those places. We tried career builder for one of the positions and found it really useless. We don't even bother with the newspaper. I don't know if other employers take a similar view. My current one and prior one do. If employers consider careerbuilder and the newspaper a waste of time, you probably should too. Our best results have come from internship programs where we've hired the intern afterward (we post those at local universities), searching resumes on monster (we don't generally post positions, just search through people who've posted their resumes) and local job fairs where we'll set up a booth and speak to potential candidates in person. Far and away the best results per dollar spent for us come from buying a booth at the job fairs. The booths are often cheaper than ads, the "pre-screening" is rapid if you have the right people in the booth, and there's been some self-selection of candidates because people take the time/initiative to come out and stop at your booth and introduce themselves.
The point is that you can pay a nationally recognized company to build you a computer and install Windows XP on it. It's much harder to find a national OEM vendor that sells machines that have been preloaded with Ubuntu.
Only if their time is worth nothing. If the time to learn how to get Linux working is worth more than the price of a copy of Windows XP and its successor, then the masses will choose Windows XP and its successor.
IMO, you commit the same fallacy he does. Your time only needs to be worth nothing for this to work out if you assume that the skills you learn in the process are worth nothing. I'd argue that, depending on your local market, a solid understanding of "what's going on under the hood" is worth substantially more than nothing and more than pays back the value of the time you invest. And if the hood is welded shut (to steal an overused analogy) it's much harder to pick up those skills, whereas on an open system you have more freedom to do so.
Current FOSS operating systems (OS) are targeted mainly at geeks, hackers and other technically skilled developers and users. While there have been some progress in making the installation and use of FOSS OSes like Ubuntu easier and simpler, they still do not have the "click-click-click" ease of installation of popular proprietary OSes like Windows XP or Mac OS X.
which is simply wrong. The author acknowledges that "OSes like Ubuntu" are easy to use but dings them on the installation process relative to Windows XP. (S/)He has clearly never installed XP from scratch. That's reflected again in his dig about driver problems...
Those two concerns are addressed by buying a machine with a pre-installed OS and using that. He never argues why you should buy a machine pre-installed with Windows. He also misses the point that all users are, of course, free to learn the advanced technical skills that are dismissed in this column. And the point that such self improvement is much more accessible when the developers of the software in use have preserved the freedoms the author derides as only useful for tinkering that real people have no interest in.
Not to knock OSS development, but i think it lacks the design documentation required for FIPS certification. The OSS montra of find a problem, write,and submit a patch really doesent leave any formal pre code, paper based design to fall back on.
You should tell the authors of crypto++, OpenSSL and NSS. I bet they'd like to know this, as they all have FIPS-certified open source software crypto. The documentation stack required for FIPS certification is not actually that onerous; it's even feasible for someone other than the author to produce the necessary documentation, produce the alg certs and work with the lab to get the job done.
Slashdot Mirror
I was totally not expecting Zeroconf support from a printer at that price point. I was very surprised when I went to save a receipt for an online purchase to PDF from my Mac (thus invoking the print dialog) and saw the printer as an option even though I had not set anything up in print center yet.
It definitely draws less power than the LJ4, and to all evidence does not suffer from the same problems with the fuser rollers that my original LJ4 did.
I picked up a brother hl-5170dn. It's network ready, comes with zeroconf (bonjour in the apple world) and includes postscript and PCL emulation. The web configuration interface is quite nice, it's "just worked" with my Mac, Windows and Linux boxes, and is readily available for under $300. And as a bonus, it has a built-in duplexer. It is black-and-white only and has its toner and drum separate. (Which is a good thing, since drums generally outlast toner, and this lets you replace them separately without resorting to dodgy refilled toner).
.ppd files for best results. The postscript emulation, while good, isn't perfect. Using their .ppd files seems to take care of all the rough edges I encountered.
Do be sure to download and use Brother's
I'm admittedly a rather light user in terms of volume. But after going through a ream of paper or so I'm still on the cartridge that shipped with the printer. YMMV of course.
There may be a newer better model than this one, but I haven't tried it and this one is clearly still available. I was initially a little nervous about moving away from canon engines, but I have been quite pleased after about a year.
ha! though i think they're worse, i've long referred to gulls as "ocean pigeons". glad to see I'm not the only one who hates them :-). (stupid tourists feed them too...)
i'm going to friend you for that post...
Instead of pitching a fit about new Microsoft software, why don't "I.T. Managers" do their jobs and manage the damn I.T.? Really. There are complex problems in I.T. for large businesses, but this is absolutely not one of them. Microsoft has given them the ability to manage software isntallations for years now. It's very simple, really. Users who cannot be trusted to install software like "Private Folder" without exposing the enterprise to increased risk of data loss should not have permission to install software. Full stop.
Is it really easier to shout at Microsoft than restrict users? Because shouting at Microsoft won't prevent users from using the dozens of equivalent apps available for download from other companies unless you also restrict users appropriately.
I was looking into something similar for a Soekris-based project recently. ProtoCase looks promising. I haven't actually placed my order, so I can't comment on quality just now. I did download their software and do a quick design to estimate costs. Looks like, for a typical soekris-sized project with a couple serial ports and a couple ethernet ports I'd be facing approx. $130/unit in very small quantities with about $70 in one-time setup fees.
These guys have also occasionally been recommended on soekris-tech, and also offer free software to help you design and submit projects to them.
Good luck!
Note to self: finish coffee before reading things and posting about them. (Really, I should know that by now.)
Oops. You're spot on. That'll teach me to read and reply before finishing the first cup of coffee.
You're getting 1%, they're getting 99%. Fair enough, maybe, depending on your other options for making money from your videos. I haven't looked into that. What jumped out at me is that then their expenses come out of YOUR 1% rather than their 99%. What a deal. The RIAA has taught them well. Next up, eefoof will be deducting packaging fees and a breakage reduction from your cut.
Meh.
(which *was* around 2003 or so) jPOS looked to be the best avaiable OSS solution. We were looking at a big custom development job anyway, though, and that appeared to be the best (open or closed) platform for custom development. If you're looking for something a bit more "out of the box", we never found anything open that went that direction. This looks promising, though.
For the "hackable devices in general" you seek, this controller looks really cool. This presentation also gives some cool, potentially less expensive ideas.
Did you RTFA? The FSF, who is the copyright holder for much of the code distributed with MEPIS, demanded that the distributor of MEPIS comply with their license. They own the rights to the source code. They can legally sue. Only they can say whether they will sue or not, but a nastygram from them certainly seems to indicate that they might, if necessary, sue to stop you from infringing on their copyrights should you fail to do so voluntarily.
Not if the worm author used B::Bytecode and deleted the perl source on first run. It'd be about as hard to read as a compiled worm. It's possible that more folks have the skills to disassemble and understand perl bytecode, but I'm not confident in that.
But there's a proper way to get anonymity, and it doesn't involve providing false information to your registrar. I use an anonymizing service with a couple of my domains (it's cheap too!) that provides valid information but doesn't reveal my identity. I'm sure something equivalent exists for .ca domains, though it's no lock that it's as cheap. These means of keeping your identity confidential fit within the registrars' frameworks and protect you cancellation by a malicious entity. If there's nothing illegal about your site, the anonymity is as good as providing false information. Maybe better, being that, having violated no rules, your registrar is actually incented not to give up your info, if you're doing nothing illegal. Anonymity is legitimate, but you need to play by the rules to stay online.
And for what it's worth I don't think knowing any particular syntax is ever a good measure of programming aptitude, it can only be a measure of experience in a particular paradigm.
:-). Even if they are, it's not automatic.
I agree. My question was intended to get at "do you really understand pointers and how to use them" in a concrete way rather than to quiz anyone on syntax. It's only intended to measure aptitude inasmuch as "understanding indirection" == "programming aptitude". If someone (and many aren't) is not absolutely comfortable with pointers and references I don't want them writing c++ in my shop
You'd really be surprised how many times people list "c++ expert" on their resumes and are completely unable to explain the difference between a pointer and a reference.
Using C# is a far call from using VB, even if it is VB.NET.
I'll give you that it's a far call from VB 6. But what makes it a far call from VB.NET in your opinion? I like C# much better because the syntax is much more familiar to me, but the appropriate uses for each as well as the capabilities of each seem largely similar to me. Performance is identical. So what does C# buy someone whose mind hasn't been molded by 15 years of C/C++, apart from mono's c# implementation being more mature than its VB.NET implementation (a consideration if cross-platform concerns are important)?
Joel Spolsky explained why CityDesk, written by a shop populated entirely by highly qualified C++ coders, is 95% VB. He has a frank discussion of VB's pros and cons as a development tool, and you may find that many points he discusses will resonate with you as you develop your reasoning. Even if you don't come to the same conclusion he does, it's an excellent discussion of just the topic you propose.
Really, reading his argument in the context of having a bunch of C++ coders build a nice Windows app in 2006, I think I'd probably conclude that C# was the way to go, as opposed to VB. But keep in mind that C#.NET and VB.NET are more alike than they are different. For most apps, the arguments for managed code (VB or other) are very potent.
My take: If you and every single developer on your team can't instantly see and explain the differences between the 4 arguments to this function:
void foo(std::string a, std::string * b, std::string & c, std::string *& d)
stop now and use managed code of some kind.
If you all can, think really hard about why you want to spend your talent managing memory instead of doing things that'll really make your application shine. (There are reasons. They don't apply to most apps.)
If you're actually in a secured area, you don't bring in external computers, flash drives, iPods, cell phones, etc. (Though some of them will let you bring your cell in if you check the battery at the door.) The problem is those places that want to give the feel of being secure installations but aren't really, so they'll ban cameras but let you bring your own cell in, etc. Those tend to have no place to check them at the door, either :-P
Those are the places that have me continuing to reject camera phones when I order cells.
I read that link, and that's actually the one that made me think they might be vulnerable. It's clear that they aren't affected by this particular stream of bytes that compromises RealVNC. i.e. They're not impacted by the proof of concept. That says nothing about whether they're vulnerable to he same attack. Dig around on the site a little, though for details of the vulnerability and you'll see that the finder doesn't currently understand it.
Given that the flaw finder does not understand why his stream of bytes affects RealVNC the way it does, it's quite possible that a slight modification to his exploit will affect the others. Better phrasing would've been "Don't assume they're not vulnerable," I suppose. You just shouldn't assume you don't have a flaw simply because a PoC exploit doesn't work against you unless the exploit is understood. Others have been burned this way before. (e.g. PoC works against 2k but not XP, XP is touted as "not vulnerable", someone who understands the flaw finds the right offset and XP is suddenly vulnerable too)
only RealVNC is affected, which is a crappy vnc anyway. TightVnc and better yet UltraVNC are far ahead of RealVNC, neither of which are affected btw.
I wouldn't assume they aren't affected by this. They very likely aren't, but it looks like this guy stumbled upon the flaw as he was implementing an independent VNC viewer from the VNC specification. It doesn't sound like he really has his mind around why RealVNC is affected, so it'd be prudent to assume that they are. (i.e. Once he understands why the attack works he may be able to produce one easily against TightVNC and UltraVNC.)
At any rate, if you operate your VNC service in a reasonable configuration, you're safe. By "reasonable configuration" I mean listening only on 127.0.0.1 so that people have to connect via ssh or client-authenticated stunnel to get to it. VNC authentication is not safe on an untrusted connection. And you shouldn't trust your connection unless your network is so small and has such well-controlled access that you can physically inspect every device on it in <30 minutes with absolute certainty that you haven't missed any.
Encryption for VOIP won't help in many scenarios that LEAs are interested in. If you're calling a land line from your VOIP connection, the end point on the land line won't be able to decrypt the conversation, so even if all of the VOIP traffic is encrypted you'll have to go to the PSTN in the clear. AIUI, that's what they mean by "interconnected".
I don't notice the bandwidth difference, but I see a huge difference (on some pages) in the time it takes to display pages on my 3Mbps DSL line. The way some pages are written, browsers can't render the page until they've fetched the ads. IIRC it has something to do with sizes not being included in an img tag...
Some of the ad servers are quite slow to respond, and I can see my browser waiting for ads.mediaplex.com or some such. If I configure a proxy to remove all references to these servers, pages load much faster even though the bandwidth difference is negligible. So for me, 50% of the joy of blocking ads is the latency difference, not the bandwidth difference.
But to address OP's point, they can't tell whether you've fetched the image or not in anything resembling real time if they don't host the image themselves. So it's not incompetence alone that prevents them from noticing this, it's the desire of ad providers to track their own stats rather than trust LJ to do so themselves. Well, that and the desire of the ad providers to be able to send cookies to your site and track you across different sites, which they couldn't do unless you make an HTTP request to the ad provider...
Excellent question for Dell, especially given that the Linux models with monitors are the same price as their Windows counterparts. I have no idea what their answer would be, as I don't buy dell and only posted a link when you asked about Dell.
There's a similar deal here. I forget the exact keywords I used, but something like +linux +thinkpad +preinstall.
I don't know about Sears. I'm pretty sure you have to find the offer on walmart.com, not in the stores. The microcenter and the staples near me have the Linspire boxes available in the stores but I couldn't find them online to include in my links.
I have no idea what your local market is, but I can tell you that for the last 5 hires (spread over 7 months) I've been involved with (only 2 could rightly be called entry-level) we didn't post in either of those places. We tried career builder for one of the positions and found it really useless. We don't even bother with the newspaper. I don't know if other employers take a similar view. My current one and prior one do. If employers consider careerbuilder and the newspaper a waste of time, you probably should too. Our best results have come from internship programs where we've hired the intern afterward (we post those at local universities), searching resumes on monster (we don't generally post positions, just search through people who've posted their resumes) and local job fairs where we'll set up a booth and speak to potential candidates in person. Far and away the best results per dollar spent for us come from buying a booth at the job fairs. The booths are often cheaper than ads, the "pre-screening" is rapid if you have the right people in the booth, and there's been some self-selection of candidates because people take the time/initiative to come out and stop at your booth and introduce themselves.
True. "OSes like Ubuntu" are indeed possible though. Dell doesn't do Ubuntu. They do Red Hat. You can get thinkpads with Ubuntu rather easily. Sears sells boxes with Linspire, as do others.
IMO, you commit the same fallacy he does. Your time only needs to be worth nothing for this to work out if you assume that the skills you learn in the process are worth nothing. I'd argue that, depending on your local market, a solid understanding of "what's going on under the hood" is worth substantially more than nothing and more than pays back the value of the time you invest. And if the hood is welded shut (to steal an overused analogy) it's much harder to pick up those skills, whereas on an open system you have more freedom to do so.
The entire article hinges on this point:
which is simply wrong. The author acknowledges that "OSes like Ubuntu" are easy to use but dings them on the installation process relative to Windows XP. (S/)He has clearly never installed XP from scratch. That's reflected again in his dig about driver problems...
Those two concerns are addressed by buying a machine with a pre-installed OS and using that. He never argues why you should buy a machine pre-installed with Windows. He also misses the point that all users are, of course, free to learn the advanced technical skills that are dismissed in this column. And the point that such self improvement is much more accessible when the developers of the software in use have preserved the freedoms the author derides as only useful for tinkering that real people have no interest in.
Not to knock OSS development, but i think it lacks the design documentation required for FIPS certification. The OSS montra of find a problem, write,and submit a patch really doesent leave any formal pre code, paper based design to fall back on.
You should tell the authors of crypto++, OpenSSL and NSS. I bet they'd like to know this, as they all have FIPS-certified open source software crypto. The documentation stack required for FIPS certification is not actually that onerous; it's even feasible for someone other than the author to produce the necessary documentation, produce the alg certs and work with the lab to get the job done.