Moderators - do not mod this FP down please. It is insightful. At least as insightfull as the revelation by the Symantec CEO. This has been going on for 2+ years now. It is entertaining to see him noticing it now. It is in fact same as the parent post. A looser screaming "First Post", but posting at least 5-10 posts behind the FP proper.
Yep. We all remember that classic gem. It made the prime time news at the time, just to be followed by many others which never did.
IMO this pink-slip-by-email scam would have been more likely to work in the UK because in the UK you are not walked off the premises by security before you see your pink slip. At the same time procedurally, the UK has the least safeguards and least number of formalities for firing a worker in all EU. So in the UK the likelihood of people taking this fake email pink slip at face value is considerably higher then anywhere else.
This is a US specific phenomenon which does not exist elsewhere. For some reason in the US you are expected to wreak havoc and behave like a sociopathic delinquent. Not that I am surprised considering that some of the most prominent US high tech sector CEOs confess that sociopathy is a definitive job requirement: one example, many others.
That is not the case in the EU. There you will be expected to slave off to the end of your notice period (or at least part of it). The very few to try something sociopathic (the Dixons salary trigger) have seen the end of the very thick legal stick so people tend not to try this any more.
Slap or any other single impacts tend to injure the cortex on the slap side and the opposite (countershock) side. They do not damage the stem.
On the other hand shaking definitely damages the stem. So the picture is more along the lines of "parentus getting maddus at the kiddus and shaking him for which they don't want to take the responsibilitus"
Selectively change the destination name server using DNAT and send it to a fake name server. I use a similar hack for other less nefarious purposes. It used to be (before wireless hotspot ops got inventive) a very good way of supplying roaming clients with a well behaved and working DNS. You set the nameservers in the client to two well known, well behaved nameservers so it works with the VPN down. You also set the firewall/VPN gw to hijack all traffic to these well known nameservers coming down the VPN and direct it to your nameservers. As a result the clients consistently get good DNS after the VPN gets brought up and you do not get any silly split DNS scenarios.
Alternatively, besides master and slave there are several less known zone types. You should be able to achieve results similar to what you are looking for by using forward or stub type zones. This will give you a "bind-only" solution without playing silly firewall games.
Ahem.
Even a high end phone still sucks rotten eggz as far as any web browsing experience is concerned. Do we like it or not, but we are indoctrinated from the early childhood with the 60+ symbols per line 60+ lines per page format. 10+ years of books during our childhood indoctrinate us to expect a certain quantity of information per view and having much less then that really pisses us off.
As a result all attempts to push information at us via mobile end up in the same place as your family pictures - in one day fad land.
Do the mobile companies like it or not, the only way the mobile experience can become pervasive, universal and desired, is if the phone develops some form of external full size screen via projection or splits into two components - a reasonably sized reader (ebook/newton lookalike) and an ultra-minituarized headset/phone - best of all something that fits in the ear and does all the "phone" bits. Alternatively - an implant that projects straight on your retina or uses your nerves to simulate projection.
Unfortunately any of this tech is 10+ years off from now (at least) so for the time being the mobile web is a pointless waste of time, effort and resources. It is destined to suck. We are conditioned to hate it via the way we have been educated. We subconsiously want those 3.5KB+ of info per page and there is nothing tech can do about it.
In the near future - none. Most security "usual suspects" are working on network admission systems and how they fit in a business network. Some ISPs are looking to roll them out on public networks as well.
The general idea is that you do deep packet inspection on anything going in and out and any PC that suddenly exhibits abnormal behaviour is removed from the network proper and is put on the "naughty step" until it is fixed. Similarly, you can move any PC on your network to and from a naughty step area automatically based on a set of conditions.
Most elements to do that are already there so it is only a matter of time until this becomes the de-facto network design standard for LANs and access networks.
In the rest of the world if you register DunMalg LLC which does consultancy, freelance software and WofW "Character Development", the local equivalent of the IRS will have to allow you to claim expenses regardless of how much time you spend on each of these in a given taxation period. You will have to do proper company accounting though.
You should also look at how it is likely to develop in the future. Intel has always sucked in creating ecosystems. The only reason the x86 ecosystem exists is because IBM and Compaq created it.
Intel if anything did their best to screw it by breaking their promiss not to do chipsets, followed by breaking their promiss not do motherboards, followed by breaking their promiss not to do systems. While in the first two cases they came up with decent products the overall effect of this on the PC ecosystem has been decrease of choice and death of numerous suppliers who shipped in the mid-performance space (and some on the high end). Only the cheapskates and 1-2 players on the high end survived. IMO the overall effect of this on the x86 has been detrimental.
Compared to that AMD is currently trying to do the opposite - it is trying to create an ecosystem around Hypertransport and its sockets which spans beyond x86. It may fail of course, but if it succeeds it is quite likely to win the war for the high end even if it loses this year benchmark battles.
Fair point. But spamhaus is not the only RBL out there.
If it was not there we would have implemented it. So the threat of RBLs and spamtraps will always be there which means that greylisting will continue to be effective.
In addition to that many ISPs (f.e. BT in the UK) are currently looking into traffic analysis and admission control which will take zombies off the network after the first 1-2 messages they produce. This will make greylisting even more effective then now.
You assume that your customers won't leave en masse because "my sister just sent an email and it didn't get here 30 seconds later".
They will not.
First of all, some real world examples to back my statement: Yahoo greylists like crazy and has a vicious positive feedback loop which raises values for dodgy sites up to several hours. Anyone seen packs of users leaving it? I know a few more ISPs which greylist (I have helped them put it in place) and they have not observed any users leaving either.
Second, a well behaved implementation will cache greylist entries in a database and adjust lifetimes based on site/user message rates and spam scores. As a result you may have some initial delays, but no delays between common correspondents in a steady state.
Third, if you deploy it correctly you will not have any initial delays either. It is trivial to train the system for a week or two before deploying it for real. All you need to do is to put all the ACLs and check statements in your config without the final defer/reject. 1 week of mail traffic will set the steady state nicely. After that you enable the defer and have a working implementation without 99% of the users noticing it by anything, but the decrease of SPAM.
While they are not top CPU for 2006/2007 their roadmap and strategy will bring them back end of 2007 towards 2008. There is not that much to be gained on the CPU front any more anyway. The differences are marginal and irrelevant for nearly all applications except heavy crypto. In the near future it will be IO, crypto and ASICs which will be the selling points on the higher end.
There AMD is the clear winner. It has managed to bring IBM and possibly Sun onboard of the hypertransport bandwagon along with a list of smaller specialized players. Power7 is rumoured to be hypertransport (even pin compatible with future AMD CPUs). Sun is also looking at the tech. So are a few ASIC players. The comparable Intel effort is very late and is largely ignored by everyone. Nobody has said that they intend to use it at the last IDF and it looks like a dead duck anyway because it has too many hacks put in with the only purpose of compensating for design failures (no memory controller, etc). As a result porting an existing design to it is a nightmare.
So in about 2 years from now Intel will be sitting and banging its drums about how good are its CPUs on general purpose tasks without shipping them. At the same time smiling ASIC vendors will be shipping in quantity specialised parts that go into Opteron slots. It will start with the high end, go down to the enterprise and database load and even further all the way down to "physics" CPUs for gaming platforms, "security applications" and the like.
Intel may have won this years battle, but they are clearly losing the war through lack of long term thinking and loads of panic actions all around. Quite entertaining actually.
Spamhaus gives only further sub-5% improvement on top of greylisting with a positive feedback loop at delivery/user report level. With relay level content filtering feeding into the feedback loop that will be down to under 3%. Greylisting on its own does 90%+.
The CPU cost of greylisting is not that much higher compared to DNS blacklists (and on a large site you can dynamically gate greylists into a local DNS greylist zone for distribution). In fact it is less if you form temporary firewall reject lists from your greylisting database.
So the answer is: technically Spamhaus is full of shit and the floodgates will not open. On most well managed sites it will be just another day. A bit more SPAM, but not a lot. At most it will make admins tune feedback loops into grey/black lists a bit better.
Move along people, nothing to see here. Spamhaus should stop dragging the rest of the internet into the stupid internet governance battle which is not for them to fight in the first place. I already commented on their position on this issue in past Slashdot posts on it.
Spamhaus should stop talking BS and move their operations to the same domain as their legal country of residence.
They actually have a nice pile of government money given to research which will prevent the nation into slipping into the anglosaxon fast-food-fat-arse quagmire.
This is just one of the studies. In some of the others they have pointed to a well defined correlation between bad eating/quick sandwich at the desk and obesity and health problems. A french lunch may seem big, but it puts less fat on you then a classic "Wallstreet style - lunch is for whimps" quick sandwich at the desk.
Arctica class icebreakers have 135 MW power plants. That is larger then many coal or gas power plants. It is enough to drive a reasonable size city and they have fed the grid on a few occasions in the past. Nothing new here, move along.
I have quite a few TB+ volumes on XFS and I have not experienced this problem yet. Granted, I have not had a single case of power failure shutdown on any of these servers. They are all on UPS and the average time between reboots is 200+ times the backup interval (they are backed up nightly and the average uptime is 200+ days).
Nice to know that this can happen anyway (I have yet to see it in nearly 4 years of using XFS in production).
Currently NAS and ESD in a network environment are rather useless because there is no way to control the volume and mix correctly into NAS or ESD input on the server. Having the mixer done in software and mapping it onto hardware only if hardware is present will definitely help here. It will also allow to emulate some capabilities not present on some of the less supported hardware.
Finally improve kphone to the point where it is stable enough to live through 2+ phone calls and make it use arts instead of using the sound hardware directly.
Even better, throw it out and start something from scratch that aims to be a good SIP phone while being modular so you can expand it with plugins to a useable Asterisk switchboard console or add codecs that cannot be GPLed (or both).
This is possibly the only KDE app that I feel like missing when using KDE.
Disclaimer - I have not looked at kphone for a few months now so I may be barking up the wrong tree;-)
How much steel in the car comes from recycled is irrelevant.
How much of the car itself is recyclable is the relevant part. EU mandates that 95%+ of all newly manufactured cars must be from recyclable material and the manufacturer is obliged to take the car back for processing. I even got a leaflet stating in clear terms how to claim this. The returns are audited and disposal of more than 5% into landfill will bring a fine.
The reason why we do not hear about this that much is because it came in force around the same time as the electronic waste directive (at least in the UK) and the cars which are subject to this legislation are still on the roads. Compared to that the computers from that period are already recycling candidates.
Re:Poor social skills
on
IT and Divorce?
·
· Score: 5, Interesting
Not necessarily. At least in EU.
Lack of social skills in IT (and most heavily intellectual industries for that matter) is an American specific thing. That is not the case in the EU.
Based on personal observations from 2 years in a US Uni and 5 years in a EU Uni the stratification between sporty steroidheads and geeks is much more pronounced in the US. In EU sports are played for fun and there are quite a few sporty geeks or very geeky sportsmen. And quite a few womenisers and party animals (and vice versa) amidst them.
Till recently most EU companies did not consider it to be a "bad tone" for people to be rational and interested in the material side of the job (shares, salary, etc). That is not the case in the US which is much more like this. You are expected to be a sociopath, work long hours, be passionate about the job and sacrifice your family and kids in favour of it and if you do not fit this mould you do not get hired. While some EU companies have tried to adopt this model (I had that tried on me in an interview), it has not been particularly successfull (at least till recently). As a result in the US there is job based selection towards sociopathic intellectuals (this is not just IT, in fact biotech is much worse).
For example in the company where I work less then 5% are overweight, 90%+ play some form of sport, 95% are married and the divorce rate has been 0 per 100 employees (for 5 years span). That is way better than the national average for the UK and many times better than the US.
I have heard of bacula and I have looked at the list of supported features on a few occasions, but I have never seen any need to migrate. I also know a few admins who have migrated to it from amanda. It has always been for one of the following reasons:
Multitape support - most people simply do not know that amanda can support multiple tapes and tape libraries. Many of the ones who know do not know how to circumvent the file-does-not-span-a-tape limitation. For this I use automounter+nis to move things around across several servers with several TBs of total storage. This adds some extra work to do when defining backups (you cannot just tell it do the entire volume) and forces the use of tar instead of dump, but keeps each backup item down to a reasonable size. It is trivial, works, scales to any storage set size and any filesystem and allows your entire network to be easily maintainable. You can move items between servers and volumes at will with an ease which nothing short of a very high end SAN can achieve and do all of this with commodity OS on commodity hardware.
Unpredictability - Amanda schedules multiple full or same level backups in a tape cycle if the space allows. This is done on purpose and improves recovery probability in the event of a tape loss. This drives people who are accustomed to the full + differential paradigm nuts. I know many otherwise good sysadmins who have moved from Amanda to other backup products for this sole reason.
As far as the ACLs I usually dump them into a separate file before (and in some cases after) the backup run for the entire fs. This is not very efficient and has the major problem of being non-atomic. There is always the probability of losing some ACL information somewhere. It has the advantage of being portable across different ACL systems and not limited by the backup system. It also allows moving things around in a much easier manner on a large installation with multiple servers and systems. Labels (including SE), application info, etc can all be treated in the same manner. While this is not applicable to some systems where the backup/recovery must be strictly atomic it will be enough for 99% of the installs out there.
Slashdot Mirror
Moderators - do not mod this FP down please. It is insightful. At least as insightfull as the revelation by the Symantec CEO. This has been going on for 2+ years now. It is entertaining to see him noticing it now. It is in fact same as the parent post. A looser screaming "First Post", but posting at least 5-10 posts behind the FP proper.
Yep. We all remember that classic gem. It made the prime time news at the time, just to be followed by many others which never did.
IMO this pink-slip-by-email scam would have been more likely to work in the UK because in the UK you are not walked off the premises by security before you see your pink slip. At the same time procedurally, the UK has the least safeguards and least number of formalities for firing a worker in all EU. So in the UK the likelihood of people taking this fake email pink slip at face value is considerably higher then anywhere else.
I am surprised it has not been done yet.
This is a US specific phenomenon which does not exist elsewhere. For some reason in the US you are expected to wreak havoc and behave like a sociopathic delinquent. Not that I am surprised considering that some of the most prominent US high tech sector CEOs confess that sociopathy is a definitive job requirement: one example, many others.
That is not the case in the EU. There you will be expected to slave off to the end of your notice period (or at least part of it). The very few to try something sociopathic (the Dixons salary trigger) have seen the end of the very thick legal stick so people tend not to try this any more.
More likely shaking.
Slap or any other single impacts tend to injure the cortex on the slap side and the opposite (countershock) side. They do not damage the stem.
On the other hand shaking definitely damages the stem. So the picture is more along the lines of "parentus getting maddus at the kiddus and shaking him for which they don't want to take the responsibilitus"
No need to drop.
Selectively change the destination name server using DNAT and send it to a fake name server. I use a similar hack for other less nefarious purposes. It used to be (before wireless hotspot ops got inventive) a very good way of supplying roaming clients with a well behaved and working DNS. You set the nameservers in the client to two well known, well behaved nameservers so it works with the VPN down. You also set the firewall/VPN gw to hijack all traffic to these well known nameservers coming down the VPN and direct it to your nameservers. As a result the clients consistently get good DNS after the VPN gets brought up and you do not get any silly split DNS scenarios.
Alternatively, besides master and slave there are several less known zone types. You should be able to achieve results similar to what you are looking for by using forward or stub type zones. This will give you a "bind-only" solution without playing silly firewall games.
Ahem. Even a high end phone still sucks rotten eggz as far as any web browsing experience is concerned. Do we like it or not, but we are indoctrinated from the early childhood with the 60+ symbols per line 60+ lines per page format. 10+ years of books during our childhood indoctrinate us to expect a certain quantity of information per view and having much less then that really pisses us off. As a result all attempts to push information at us via mobile end up in the same place as your family pictures - in one day fad land. Do the mobile companies like it or not, the only way the mobile experience can become pervasive, universal and desired, is if the phone develops some form of external full size screen via projection or splits into two components - a reasonably sized reader (ebook/newton lookalike) and an ultra-minituarized headset/phone - best of all something that fits in the ear and does all the "phone" bits. Alternatively - an implant that projects straight on your retina or uses your nerves to simulate projection. Unfortunately any of this tech is 10+ years off from now (at least) so for the time being the mobile web is a pointless waste of time, effort and resources. It is destined to suck. We are conditioned to hate it via the way we have been educated. We subconsiously want those 3.5KB+ of info per page and there is nothing tech can do about it.
All you need is to add 2+2 to get 4
Both authors are not members of the medical profession. Graduate school of management. Bleah... Move along...
Nowdays - a lot as it is mostly manual.
In the near future - none. Most security "usual suspects" are working on network admission systems and how they fit in a business network. Some ISPs are looking to roll them out on public networks as well.
The general idea is that you do deep packet inspection on anything going in and out and any PC that suddenly exhibits abnormal behaviour is removed from the network proper and is put on the "naughty step" until it is fixed. Similarly, you can move any PC on your network to and from a naughty step area automatically based on a set of conditions.
Most elements to do that are already there so it is only a matter of time until this becomes the de-facto network design standard for LANs and access networks.
Possibly. Dunno about the US.
In the rest of the world if you register DunMalg LLC which does consultancy, freelance software and WofW "Character Development", the local equivalent of the IRS will have to allow you to claim expenses regardless of how much time you spend on each of these in a given taxation period. You will have to do proper company accounting though.
Play as a company and expense all off your equipment and bandwidth purchases.
Dunno about the SSN, but I will be surprised if next year all major online games will continue to insist on a registration by a person.
Ahem.
You should also look at how it is likely to develop in the future. Intel has always sucked in creating ecosystems. The only reason the x86 ecosystem exists is because IBM and Compaq created it.
Intel if anything did their best to screw it by breaking their promiss not to do chipsets, followed by breaking their promiss not do motherboards, followed by breaking their promiss not to do systems. While in the first two cases they came up with decent products the overall effect of this on the PC ecosystem has been decrease of choice and death of numerous suppliers who shipped in the mid-performance space (and some on the high end). Only the cheapskates and 1-2 players on the high end survived. IMO the overall effect of this on the x86 has been detrimental.
Compared to that AMD is currently trying to do the opposite - it is trying to create an ecosystem around Hypertransport and its sockets which spans beyond x86. It may fail of course, but if it succeeds it is quite likely to win the war for the high end even if it loses this year benchmark battles.
Fair point. But spamhaus is not the only RBL out there.
If it was not there we would have implemented it. So the threat of RBLs and spamtraps will always be there which means that greylisting will continue to be effective.
In addition to that many ISPs (f.e. BT in the UK) are currently looking into traffic analysis and admission control which will take zombies off the network after the first 1-2 messages they produce. This will make greylisting even more effective then now.
They will not.
While they are not top CPU for 2006/2007 their roadmap and strategy will bring them back end of 2007 towards 2008. There is not that much to be gained on the CPU front any more anyway. The differences are marginal and irrelevant for nearly all applications except heavy crypto. In the near future it will be IO, crypto and ASICs which will be the selling points on the higher end.
There AMD is the clear winner. It has managed to bring IBM and possibly Sun onboard of the hypertransport bandwagon along with a list of smaller specialized players. Power7 is rumoured to be hypertransport (even pin compatible with future AMD CPUs). Sun is also looking at the tech. So are a few ASIC players. The comparable Intel effort is very late and is largely ignored by everyone. Nobody has said that they intend to use it at the last IDF and it looks like a dead duck anyway because it has too many hacks put in with the only purpose of compensating for design failures (no memory controller, etc). As a result porting an existing design to it is a nightmare.
So in about 2 years from now Intel will be sitting and banging its drums about how good are its CPUs on general purpose tasks without shipping them. At the same time smiling ASIC vendors will be shipping in quantity specialised parts that go into Opteron slots. It will start with the high end, go down to the enterprise and database load and even further all the way down to "physics" CPUs for gaming platforms, "security applications" and the like.
Intel may have won this years battle, but they are clearly losing the war through lack of long term thinking and loads of panic actions all around. Quite entertaining actually.
I have.
Here is the result:
Spamhaus gives only further sub-5% improvement on top of greylisting with a positive feedback loop at delivery/user report level. With relay level content filtering feeding into the feedback loop that will be down to under 3%. Greylisting on its own does 90%+.
The CPU cost of greylisting is not that much higher compared to DNS blacklists (and on a large site you can dynamically gate greylists into a local DNS greylist zone for distribution). In fact it is less if you form temporary firewall reject lists from your greylisting database.
So the answer is: technically Spamhaus is full of shit and the floodgates will not open. On most well managed sites it will be just another day. A bit more SPAM, but not a lot. At most it will make admins tune feedback loops into grey/black lists a bit better.
Move along people, nothing to see here. Spamhaus should stop dragging the rest of the internet into the stupid internet governance battle which is not for them to fight in the first place. I already commented on their position on this issue in past Slashdot posts on it.
Spamhaus should stop talking BS and move their operations to the same domain as their legal country of residence.
They actually have a nice pile of government money given to research which will prevent the nation into slipping into the anglosaxon fast-food-fat-arse quagmire.
This is just one of the studies. In some of the others they have pointed to a well defined correlation between bad eating/quick sandwich at the desk and obesity and health problems. A french lunch may seem big, but it puts less fat on you then a classic "Wallstreet style - lunch is for whimps" quick sandwich at the desk.
Correlation != Causation
Nuff said.
Arctica class icebreakers have 135 MW power plants. That is larger then many coal or gas power plants. It is enough to drive a reasonable size city and they have fed the grid on a few occasions in the past. Nothing new here, move along.
Quite correct.
I have quite a few TB+ volumes on XFS and I have not experienced this problem yet. Granted, I have not had a single case of power failure shutdown on any of these servers. They are all on UPS and the average time between reboots is 200+ times the backup interval (they are backed up nightly and the average uptime is 200+ days).
Nice to know that this can happen anyway (I have yet to see it in nearly 4 years of using XFS in production).
One more: Software defined audio mixers.
Currently NAS and ESD in a network environment are rather useless because there is no way to control the volume and mix correctly into NAS or ESD input on the server. Having the mixer done in software and mapping it onto hardware only if hardware is present will definitely help here. It will also allow to emulate some capabilities not present on some of the less supported hardware.
Finally improve kphone to the point where it is stable enough to live through 2+ phone calls and make it use arts instead of using the sound hardware directly.
;-)
Even better, throw it out and start something from scratch that aims to be a good SIP phone while being modular so you can expand it with plugins to a useable Asterisk switchboard console or add codecs that cannot be GPLed (or both).
This is possibly the only KDE app that I feel like missing when using KDE.
Disclaimer - I have not looked at kphone for a few months now so I may be barking up the wrong tree
Err... Apple and oranges your honour.
How much steel in the car comes from recycled is irrelevant.
How much of the car itself is recyclable is the relevant part. EU mandates that 95%+ of all newly manufactured cars must be from recyclable material and the manufacturer is obliged to take the car back for processing. I even got a leaflet stating in clear terms how to claim this. The returns are audited and disposal of more than 5% into landfill will bring a fine.
The reason why we do not hear about this that much is because it came in force around the same time as the electronic waste directive (at least in the UK) and the cars which are subject to this legislation are still on the roads. Compared to that the computers from that period are already recycling candidates.
Not necessarily. At least in EU.
Lack of social skills in IT (and most heavily intellectual industries for that matter) is an American specific thing. That is not the case in the EU.
Based on personal observations from 2 years in a US Uni and 5 years in a EU Uni the stratification between sporty steroidheads and geeks is much more pronounced in the US. In EU sports are played for fun and there are quite a few sporty geeks or very geeky sportsmen. And quite a few womenisers and party animals (and vice versa) amidst them.
Till recently most EU companies did not consider it to be a "bad tone" for people to be rational and interested in the material side of the job (shares, salary, etc). That is not the case in the US which is much more like this. You are expected to be a sociopath, work long hours, be passionate about the job and sacrifice your family and kids in favour of it and if you do not fit this mould you do not get hired. While some EU companies have tried to adopt this model (I had that tried on me in an interview), it has not been particularly successfull (at least till recently). As a result in the US there is job based selection towards sociopathic intellectuals (this is not just IT, in fact biotech is much worse).
For example in the company where I work less then 5% are overweight, 90%+ play some form of sport, 95% are married and the divorce rate has been 0 per 100 employees (for 5 years span). That is way better than the national average for the UK and many times better than the US.
- Multitape support - most people simply do not know that amanda can support multiple tapes and tape libraries. Many of the ones who know do not know how to circumvent the file-does-not-span-a-tape limitation. For this I use automounter+nis to move things around across several servers with several TBs of total storage. This adds some extra work to do when defining backups (you cannot just tell it do the entire volume) and forces the use of tar instead of dump, but keeps each backup item down to a reasonable size. It is trivial, works, scales to any storage set size and any filesystem and allows your entire network to be easily maintainable. You can move items between servers and volumes at will with an ease which nothing short of a very high end SAN can achieve and do all of this with commodity OS on commodity hardware.
- Unpredictability - Amanda schedules multiple full or same level backups in a tape cycle if the space allows. This is done on purpose and improves recovery probability in the event of a tape loss. This drives people who are accustomed to the full + differential paradigm nuts. I know many otherwise good sysadmins who have moved from Amanda to other backup products for this sole reason.
As far as the ACLs I usually dump them into a separate file before (and in some cases after) the backup run for the entire fs. This is not very efficient and has the major problem of being non-atomic. There is always the probability of losing some ACL information somewhere. It has the advantage of being portable across different ACL systems and not limited by the backup system. It also allows moving things around in a much easier manner on a large installation with multiple servers and systems. Labels (including SE), application info, etc can all be treated in the same manner. While this is not applicable to some systems where the backup/recovery must be strictly atomic it will be enough for 99% of the installs out there.