Imagine turning the Cap'n Crunch seen in Cryptonomicon into a movie -- Randy Waterhouse eats a bowl of cereal in a Manila hotel room. Woohoo!
Yes, imagine it. Imagine trying to convey the sense that this guy has some serious issues using only his cereal ritual.
I'd film it by putting a digital clock on the table. Hook the clock to a sensor pad. The clock starts when he puts the milk on it. Focus on how he keeps his eyes on the clock while eating.
Then, have the phone ring. He turns to the phone and drops his spoon. He reaches down to get the spoon, gets a bit frantic when he can't grab it, then grabs it and comes up. He stares at the timer.
"Fuck....."
Then he gets up, washes out the bowl, focus on all the cereal in the sink's drain. He dries the bowl. He dries the spoon. Then he takes them over to the table again.
He fills the bowl with cereal, re-sets the timer, looks up, goes to the phone and carefully unplugs it and wraps the cord around the receive. Then he goes back to the table and reaches for the milk...
Don't focus on eating the cereal. Focus on the person who has a ritual that complicated just for eating cereal. Focus on the effects that interupting that ritual has on that person.
I think it comes down to understanding the unstated requirements and assumptions and being able to communicate those to everyone.
If you can get past that, then management is very simple.
The *business* has a goal of shipping product X on date Y to make profit Z. Unstated is the requirement that it doesn't have to be perfect. Just "good enough". And, exactly, what "good enough" means in this situation.
I can ship any product on any deadline provided that there are only 2 requirements: #1. It doesn't have to work. #2. I don't have to maintain it.
Now, the great manager will also be able to communicate the unstated requirements and assumptions of the programmers to the business people. AND get them to UNDERSTAND them.
So the programmer wants more time to write cleaner code. This is good in that it means the maintenance will be less costly. If you plan on supporting this product or shipping v2.0, then you want cleaner code at the beginning.
If there's no plans to support it or ship a new version, then tell the programmers that.
Once the programmers and the business people clearly understand the real issues, then management is easy.
Finally, banks and credit unions that send out email with clickable links teach their customers incredibly dangerous habits. Financial institutions that use multiple domain names are setting their customers up for disaster. And, of course, any financial institution that isn't checking their referrer logs for odd and unknown sites is a time bomb waiting to explode.
All any bank would have to do to end phishing is to PUBLICLY state that they will NEVER use email to communicate with ANY of their clients.
They have your phone number. They have your address.
They can send you a letter, they can call your phone. And their phishing rate would drop to almost zero.
Spam is often referred to as UCE "Unsolicited Commercial Email", which his emails were not.
Yes, some people call it that.
But it is important to remember the origin of the term "spam" in this context. It refers to posting/sending the same (or almost the same) thing over and over and over...
So, it is possible to "spam" a USENET discussion board with non-commercial postings.
So his emails are "spam"... but may not meet the criteria for that specific sub-category of spam known as "UCE".
Why would you expect that the answers of someone "dedicated to accelerating the growth and adoption of Linux in the enterprise" would be more objective, in any way, than any of the reports created by pro-MS companies?
Since it all comes down to what you choose to measure and how you measure it... I'd rephrase your question as:
Why would anyone expect that the criteria of someone "dedicated to accelerating the growth and adoption of Linux in the enterprise" would be more objective or that the measurements would be more accurate than any of the "studies" done by pro-Microsoft companies?
I've seen pro-Microsoft studies that "extrapolate" data out for 5 years to get their "TCO" figures.
Not to mention that "TCO" figures are meaningless when compared between different companies. There are too many variations between the tech staff, the users, the apps, the hardware, remote vs local users, and so forth.
You can build a Linux-based router (xBSD-based or whatever).
You can buy a Cisco router (or any other brand).
You can implement VLAN's.
You can buy more switches/hubs and physically separate the networks.
There are so many different options that it isn't really worth it to list them all. Just choose one and do it. But do NOT allow your critical machines to access the Internet or any machine that has accessed the Internet.
What the fuck their keycard access system was doing on the same network as some of the infected computers is a complete mystery to me though.
Considering that the various entry points need to communicate back to the central server... and there's already all this cat5 cable run for the network...
Some "genius" decides to save money (always a good plan) and use the existing cable system to enable communication between the entry points and the security computer.
You can laugh all you want, but my boss right now would take the savings and rely upon me to make sure that everything else was fully patched, anti-virused, locked down, etc.
After all, I'm salaried and hardware / cable installation costs real money.
Encryption will block them knowing the dirty joke you just told your friends, but it won't stop them from knowing WHO your friends are!
So, you sent and email to Mr. A.
Who sends email to Mr. B.
Who sends email to Mrs. C.
Yeah, you see where this is going. Just about anyone can be connected to anyone else with enough hops.
And the government would be "justified" in collecting the information on each of the people in those hops because those people are "connected" to someone under investigation.
Incorrect. It is not them. It is their shareholders. If Yahoo would have decided to miss this business opportunity on moral grounds it would have been eaten alive by the shareholders.
Like I said, the people running the company have morals/ethics.
That includes the shareholders.
If the shareholders value money over everything else, that is their moral/ethical decision.
If they choose to litigate, then they are acting on those morals/ethics.
From my point of view, Yahoo is not doing wrong as it surely is complying with petitions that the Chinese government asks.
That depends upon your personal moral code. And different people have different moral/ethical codes.
A lot of people in slashdot think that just because they *believe* the type of Government China has is unfair then it is wrong and unfair.
If they *believe* that the actions are wrong, then according to their moral/ethical code, those actions are wrong.
But companies working over there MUST comply with current legislation.
That does not mean that the actions are not wrong. Again, based upon each individual's moral/ethical code.
Companies are not people and do not have moral/ethical codes.
But the people running the companies do.
Yahoo MUST comply with local laws if they want to make buisness there, there is no other choice, comply or go, and while China keeps giving good revenue, they will continue.
What you are saying is that morals/ethics don't matter when it comes to money.
That is incorrect.
The people in charge at Yahoo! make the moral/ethical decisions and they've chosen profit.
The question becomes... is there any action that Yahoo! would not take, provided it was legal in that country, for a profit?
This isn't about a "free lunch" or "free ride" or anything like that.
This is about Verizon realizing that providing the pipeline is a good, solid revenue stream... but the REAL money is in controlling the bottleneck.
So, they attempt to frame the debate as "free lunch", but the reality is that they're looking for a way to get some of Google's revenues by building a bottleneck.
In the UBE industry, spam is viewed differently than it is here on slashdot.
Yep. They love it, we hate it.
Whereas we consider Spam any unsolicited ad, spam is considered email that does not follow the rules of CANSPAM in the industry -- that is it doesn't allow opt-outs, emails come from scrapes, etc.
Yep. Those are also included in the "spam" usage for me.
But companies who are legit would not be doing that in the first place, right?
If I block all zombie emailers from my users, then offer companies access to my users for a fee, as long as they don't use zombies... there's no benefit for the legit companies.
What this fee does is it allows companies that follow optout and other rules to get inbox delivery for a fee.
And those companies are already the ones least likely to be blocked.
Further, because the cost goes from about $0.00001 per message to around $0.0025-$0.01 per message for that delivery, the marketer has incentive to target his list more carefully rather than just blasting everybody in sight.
AGAIN, the legit companies do NOT do that ALREADY.
This also gets rid of some of the crappier ads, as the marketer is going to pass the $10,000 fee on to the advertiser.
Nope. Because the company/person most likely to send out those crappy ads will still send them and just try to get around the filters.
This will not cut down on the crappy ads.
This is nothing more than the ISP's attempt to sell access to their users.
If you're running a smart company's ads, then you already take precautions against being blocked/blacklisted.
Because they chose to weld IE to the OS, they have more difficulty with patching (and the vulnerabilities become OS vulnerabilities).
If they had maintained a rigid distinction between OS & apps, they wouldn't have those problems.
This was predicted back when MS first "integrated" their browser.
Package management includes testing.
on
Linux Patch Management
·
· Score: 4, Informative
Then you'd have to trust that the distro doesn't self destruct by patches breaking your vital (read mission critical here) services.
No trust allowed.
Before anything goes into production, it goes into test.
YOU are the one responsible if a package breaks a production server.
You can still set a cron job to auto-magically download and install the apps, but you'd point it to your own repository where you put only the packages that have passed your testing.
The more "mission critical" something is, the less you want to automate ANY process that changes ANYTHING on the OS or apps.
For our critical database server, I come in on the weekend and hand apply every patch. And that is AFTER those same patches have been applied to the test server.
We do, however, justifiably claim to have a more secure out-of-the-box operating system than Microsoft and so do the Linux geeks.
And THAT is what is important.
Windows / Macs / Linux... they can all be secured to about the same degree by an administrator who is sufficiently skilled / knowledgeable.
But it is more important to have a decently secured OS right out of the box. This is because most of the average users will use it the way it is delivered to them.
If this means turning off some "usability" features that a certain percentage of your users would like... but those features make the OS less secure... than turn them off.
Ahh but these problems are easily solved by giving the user permission on the specific resources, such as the registry keys needed. You don't need to make them an admin.
I had said: "Yep. It is possible. But it is more work than the average Windows user will want to put into it."
Then you asked:
Can you name any? Besides games, that is. I hear this all the time, but almost nobody can actually come up with any kind of list. If there are so many of them, why is it so hard to list them?
So I provided you with specific links describing the specific problems and even HOW those problems arise.
So you replied:
Ahh but these problems are easily solved by giving the user permission on the specific resources, such as the registry keys needed. You don't need to make them an admin.
Yeah. No one ever said that it was IMPOSSIBLE.
What I said was that it was more work than the average Windows user was likely to put into it.
Did you understand it that time? Do I have to repeat it again for you? I do? Okay, I will.
Under Windows, it is far easier for the average user to just run as adminstrator than it is for them to fix the apps that don't work right as a non-administrator user.
NOT "impossible".
And the reason that is it far easier is because the average user must, somehow, FIRST learn why running as administrator is a BAD THING.
Back in the old days, we had real trolls. We had trolls who knew MORE about the systems than the admins. We had trolls who could tear apart a TCP/IP packet.
Now, all we have are these "search Google for me" trolls. It's a sad day for trolls everywhere.
A common example is when an application saves its runtime settings to a registry key under HKEY_LOCAL_MACHINE (which is read-only to LUA users), instead of to HKEY_CURRENT_USER.
You might want to spend some time looking up Powerpoint 2003, too.
Isn't Linux immune to viruses and what not? Isn't that what the Linux world has been telling them?
I don't think anyone but Mac users claim that. And anyone that claims that for any processing device is lying to you. There are Linux Viruses out there, just use your favorite search engine.
Linux is not completely immune to viruses. It is only EFFECTIVELY immune.
Viruses only spread when their infection rate EXCEEDS the removal/immunization rate.
When the infection rate is lower than the removal/immunization rate, the virus dies.
With most current versions of Linux, the default security configuration means that it is very difficult to infect a machine (not impossible) and very easy to remove the infection.
Before this "InterWeb" thingie, I was cleaning boot sector viruses from DOS machines that required someone to have booted from an infected floppy.
Linux boxes CAN be infected, but the odds of it happening are very, very slim.
What I continually fail to understand is why everyone I know logs in as an Administrator under Windows, even after falling victim to a virus, spyware, etc. I don't necessarily mean the account with that name, having a personal user in that group amounts to the same thing.
Because too many apps have problems when run by a non-admin.
This isn't necessarily the fault of Windows... although Microsoft is one of the prime offenders with IE and MSOffice and so forth.
The same thing is of course possible under Windows: Make your main login a 'Power User', or if you feel that's not safe enough, put it in a group with the same policies as the 'Users' group and slowly increase its permissions until you can work productively.
Yep. It is possible. But it is more work than the average Windows user will want to put into it.
And that is only because the FIRST step is learning enough about the system to know that there is a problem. It's easy for most of us who spend time and read/., but for others, they aren't even aware that there is a problem.
I'd film it by putting a digital clock on the table. Hook the clock to a sensor pad. The clock starts when he puts the milk on it. Focus on how he keeps his eyes on the clock while eating.
Then, have the phone ring. He turns to the phone and drops his spoon. He reaches down to get the spoon, gets a bit frantic when he can't grab it, then grabs it and comes up. He stares at the timer.
"Fuck....."
Then he gets up, washes out the bowl, focus on all the cereal in the sink's drain. He dries the bowl. He dries the spoon. Then he takes them over to the table again.
He fills the bowl with cereal, re-sets the timer, looks up, goes to the phone and carefully unplugs it and wraps the cord around the receive. Then he goes back to the table and reaches for the milk
Don't focus on eating the cereal. Focus on the person who has a ritual that complicated just for eating cereal. Focus on the effects that interupting that ritual has on that person.
I think it comes down to understanding the unstated requirements and assumptions and being able to communicate those to everyone.
If you can get past that, then management is very simple.
The *business* has a goal of shipping product X on date Y to make profit Z.
Unstated is the requirement that it doesn't have to be perfect. Just "good enough". And, exactly, what "good enough" means in this situation.
I can ship any product on any deadline provided that there are only 2 requirements:
#1. It doesn't have to work.
#2. I don't have to maintain it.
Now, the great manager will also be able to communicate the unstated requirements and assumptions of the programmers to the business people. AND get them to UNDERSTAND them.
So the programmer wants more time to write cleaner code. This is good in that it means the maintenance will be less costly. If you plan on supporting this product or shipping v2.0, then you want cleaner code at the beginning.
If there's no plans to support it or ship a new version, then tell the programmers that.
Once the programmers and the business people clearly understand the real issues, then management is easy.
They have your phone number.
They have your address.
They can send you a letter, they can call your phone. And their phishing rate would drop to almost zero.
But it is important to remember the origin of the term "spam" in this context. It refers to posting/sending the same (or almost the same) thing over and over and over
So, it is possible to "spam" a USENET discussion board with non-commercial postings.
So his emails are "spam"
All UCE is spam
Not all spam is UCE
Why would anyone expect that the criteria of someone "dedicated to accelerating the growth and adoption of Linux in the enterprise" would be more objective or that the measurements would be more accurate than any of the "studies" done by pro-Microsoft companies?
I've seen pro-Microsoft studies that "extrapolate" data out for 5 years to get their "TCO" figures.
Not to mention that "TCO" figures are meaningless when compared between different companies. There are too many variations between the tech staff, the users, the apps, the hardware, remote vs local users, and so forth.
You can build a Linux-based router (xBSD-based or whatever).
You can buy a Cisco router (or any other brand).
You can implement VLAN's.
You can buy more switches/hubs and physically separate the networks.
There are so many different options that it isn't really worth it to list them all. Just choose one and do it. But do NOT allow your critical machines to access the Internet or any machine that has accessed the Internet.
Yes, there are far more steps to change software on medical equipment than on the average workstation ...
So the answer is to NEVER allow INCOMING connections to that network. It must be 100% isolated from any incoming, outside connections.
This requires far more attention be given to designing the network and such. But when lives are on the line, you just do it.
Some "genius" decides to save money (always a good plan) and use the existing cable system to enable communication between the entry points and the security computer.
You can laugh all you want, but my boss right now would take the savings and rely upon me to make sure that everything else was fully patched, anti-virused, locked down, etc.
After all, I'm salaried and hardware / cable installation costs real money.
Who sends email to Mr. B.
Who sends email to Mrs. C.
Yeah, you see where this is going. Just about anyone can be connected to anyone else with enough hops.
And the government would be "justified" in collecting the information on each of the people in those hops because those people are "connected" to someone under investigation.
You only lose any Rights you haven't used within the last 90 days.
Now, you have to prove to the government that you're actually using any Rights you want to hang on to.
I recommend calling and sending real letters to your CongressCritters.
There are many reasons, but the one I've encountered most often is fear.
Upper management, usually, did not get there by taking big risks. They don't want to lead the herd.
They will take any excuse to avoid Linux until enough other companies and people they know are openly using it AND saving money.
Until then, no matter what you say, they will focus on whatever "facts" and opinions "justify" their fear.
That includes the shareholders.
If the shareholders value money over everything else, that is their moral/ethical decision.
If they choose to litigate, then they are acting on those morals/ethics.
Companies are not people and do not have moral/ethical codes.
But the people running the companies do.What you are saying is that morals/ethics don't matter when it comes to money.
That is incorrect.
The people in charge at Yahoo! make the moral/ethical decisions and they've chosen profit.
The question becomes
This isn't about a "free lunch" or "free ride" or anything like that.
... but the REAL money is in controlling the bottleneck.
This is about Verizon realizing that providing the pipeline is a good, solid revenue stream
So, they attempt to frame the debate as "free lunch", but the reality is that they're looking for a way to get some of Google's revenues by building a bottleneck.
Email is different in that the companies (and zombies) push content to your inbox.
But companies who are legit would not be doing that in the first place, right?
If I block all zombie emailers from my users, then offer companies access to my users for a fee, as long as they don't use zombies
This will not cut down on the crappy ads.
This is nothing more than the ISP's attempt to sell access to their users.
If you're running a smart company's ads, then you already take precautions against being blocked/blacklisted.
Because they chose to weld IE to the OS, they have more difficulty with patching (and the vulnerabilities become OS vulnerabilities).
If they had maintained a rigid distinction between OS & apps, they wouldn't have those problems.
This was predicted back when MS first "integrated" their browser.
Before anything goes into production, it goes into test.
YOU are the one responsible if a package breaks a production server.
You can still set a cron job to auto-magically download and install the apps, but you'd point it to your own repository where you put only the packages that have passed your testing.
The more "mission critical" something is, the less you want to automate ANY process that changes ANYTHING on the OS or apps.
For our critical database server, I come in on the weekend and hand apply every patch. And that is AFTER those same patches have been applied to the test server.
Windows / Macs / Linux
But it is more important to have a decently secured OS right out of the box. This is because most of the average users will use it the way it is delivered to them.
If this means turning off some "usability" features that a certain percentage of your users would like
"Yep. It is possible. But it is more work than the average Windows user will want to put into it."
Then you asked:
So I provided you with specific links describing the specific problems and even HOW those problems arise.
So you replied:Yeah. No one ever said that it was IMPOSSIBLE.
What I said was that it was more work than the average Windows user was likely to put into it.
Did you understand it that time? Do I have to repeat it again for you? I do? Okay, I will.
Under Windows, it is far easier for the average user to just run as adminstrator than it is for them to fix the apps that don't work right as a non-administrator user.
NOT "impossible".
And the reason that is it far easier is because the average user must, somehow, FIRST learn why running as administrator is a BAD THING.
Back in the old days, we had real trolls. We had trolls who knew MORE about the systems than the admins. We had trolls who could tear apart a TCP/IP packet.
Now, all we have are these "search Google for me" trolls. It's a sad day for trolls everywhere.
That starts you off on shares and setting the time/date.
Do you want to know one of the coding practices lead to this problem?
http://blogs.msdn.com/aaron_margosis/
You might want to spend some time looking up Powerpoint 2003, too.
Viruses only spread when their infection rate EXCEEDS the removal/immunization rate.
When the infection rate is lower than the removal/immunization rate, the virus dies.
With most current versions of Linux, the default security configuration means that it is very difficult to infect a machine (not impossible) and very easy to remove the infection.
Before this "InterWeb" thingie, I was cleaning boot sector viruses from DOS machines that required someone to have booted from an infected floppy.
Linux boxes CAN be infected, but the odds of it happening are very, very slim.
This isn't necessarily the fault of Windows
And that is only because the FIRST step is learning enough about the system to know that there is a problem. It's easy for most of us who spend time and read
It is not IT's job. IT just gives everyone the pricing based upon how many 9's of availablility you want and the database/server licenses.
If the user balks at that, the database can be put on the far less expensive PostgreSQL/mySQL server.
The downside is that the database people need to become familiar with TWO different databases (or more depending upon the other apps).
The upside is that the company saves a LOT of money in licenses and such.
The only advantage biometric data has is that the user cannot lose it or forget it.
Other than that, if someone is watching you authenticate, it might be possible for them to see you using a fake finger or something.