The government would likely not survive the closure of an IT SME such as Lavabit -- and loss of associated jobs -- which resulted from direct government interference in that company's ability to operate in Ireland.
I highly doubt that losing a company of less than 100 employees would cause the government in Ireland to topple, regardless of whether it was "the government's fault".
If that were true, no law that resulted in the loss of 100 jobs would ever get passed.
"Red October", the story of the largest magnetic anomaly in the ocean, that for some reason was undetectable by the US Navy, because. . . Well damnit because I said so.
Soviet "Alfa" class submarines have titanium hulls, which are non-magnetic.
Who is to say if the fictional advanced Typhoon-class submarine in HfRO has the same feature? Also, if you have you ever done search-and-rescue, you'd know that the "mowing the lawn" pattern takes a very long time to cover any area, and it assumes that the target isn't moving. With the target traveling at 25 knots, you'd need a really good knowledge of the planned course plus hundreds of airplanes just to have any chance. Add in the problem of lots of false positives (including all the other subs and ships searching), and it's not nearly as easy as you seem to think.
You think those 800,000 people are going to care about ACA when they don't get a paycheck this month?
Based on history, those people will still eventually get a paycheck for the days they are on furlough. If this extends very long, they might have some issues with finances before that happens.
I suspect that it will be resolved in the next day or two, though, as the actual shutdown is more of a stick than the threat was. A few days of no federal government isn't really a big deal, but it can get people to work harder to get a budget passed.
DSLRs are to point and shoots what high end sports cars are to volkswagons. They have a great deal more potential, said potential rather easily tapped by one with expertise in hand, but getting that potential out of them requires more than picking them up and pushing a button without some supporting knowledge.
There are actually quite a few point and shoot cameras that give the user more control than some dSLR cameras. And, if they have a viewfinder that isn't an LCD screen, they come close to the "through the lens" aiming of the SLR.
The truth is that the one thing that really sets the SLR apart is the interchangeable lenses. And, knowing what lens to use when is a big learning curve. Even though I have nearly a dozen different lenses and know when to use them, the one that gets the most use is just an upgrade of what comes with many dSLR kits: a 20-70mm f/2.8.
All the machines at work are owned by the organization.
You can stop right there. If the organization owns the machine, you have no expectation of privacy, legally or otherwise.
I work in a place that has a stated "no expectation of privacy" policy, but that doesn't mean that if someone uses their work PC to purchase the infamous 55 gallon drum of lube that information is going to be posted on the break room bulletin board.
What it actually means is that if you do something illegal using their computers, then they will turn that evidence over to the authorities, or if you send "trade secrets" to somebody via e-mail, they might discover it. It also means they might monitor your usage to see if you are goofing off too much, so I'm cutting this post short.;->
But, seriously, a company that does proxying/packet inspection/monitoring is actually in a much tougher legal situation than one that doesn't, because any information that is legally declared as "private" (like medical records) has to be kept private by the company doing the snooping, regardless of the "no expectation of privacy" statement. It's no different from the HR department seeing info about your insurance claims and not being allowed to talk about them to anyone who isn't authorized to see that info.
You don't get it. How is being distracted, staring down at a screen, fiddling with a text message, any different than staring down at a screen, fiddling with a GPS route?
I suspect you are the one that "doesn't get it", as "fiddling with a GPS route" on a GPS-only device would not be ticketed (as stated by the officer in TFA).
So, it's not about distraction, but rather about the device having "communication" functions that determines whether a ticket can be issued. I don't know how the law would handle the typical navigation system touchscreen systems that are built into cars, since they also usually control the radio and possibly a phone via bluetooth.
A lot of 'geeks' like me think it's a prerequisite to be socially awkward if you're smart. It's not. You can be smart, geeky AND popular.
If you are really "smart and geeky", it's highly unlikely you are spending time doing what "popular" people do, and that greatly controls what kind of social interactions you have with people.
When the "popular" people are doing whatever they do today (OK, I admit I'm old and don't know what the current version of "going to parties and hanging out at the mall" is), the geeks will be doing geeky things. World of Warcraft has more of a non-geek presence than D&D, but "playing video games" is still not something that the "popular" kids do in the same amount as "geeky" kids.
Also, if someone does manage to cross the gap (e.g., a sports star who is also a geek), I suspect that their personality will quickly gravitate to the "non-geek" things that get them laid. In other words, being/not being a geek tends to be a self-fulfilling prophecy.
Now, I am using "popular" in the Breakfast Club sense, so I'm not saying that a geek can't have a full and busy social life with a wide range of friends. But, being a "geek" and being "popular" will almost always be opposite ends of the spectrum, at least until the geek goes IPO and has lots of popularity.
I've seen other names come up in LinkedIn that could only be via my Google contacts.
Or, LinkedIn could just have an insanely good algorithm. I was recently presented with a "someone you might know" when I logged in to LinkedIn, and I did know them, but I have no clue how LinkedIn figured it out.
They had just joined LinkedIn in the past week. They used a different e-mail address (different provider/domain) from the one I contact them with and the e-mail address they contact me with isn't the one that LinkedIn has for me. I don't use any webmail (host my own e-mail and access via imap) and so LinkedIn can't get any contacts from me, even if they did "hack my e-mail" (which is unlikely as my e-mail username isn't the e-mail address they have for me and the password for my actual account isn't the same as my LinkedIn login). All of their links at the time were people from their new work (I don't work with them...they are just a friend).
So, basically, LinkedIn had no direct way to connect us, yet it did.
How is that possible. I have a LinkedIn account I never really use, but I thought you had to accept someones invite before they could recommend you, etc. Is that not the case?
Yes, that is the case...a direct link to someone is required to endorse them.
Unlike Facebook, unless you really know these people directly, you shouldn't be linked to them. The whole point of LinkedIn (and what got me my current job) is that you use the people you do know to connect to someone you don't so that you can then develop a real relationship with them to help you in your business (either by getting you a job or by finding someone you can hire). It's just like having your friend introduce you to someone at a party.
Since we are talking about LinkedIn, what do you guys do with the flurry of all those "endorsement" that started several months ago? I suspect those are just from people randomly pressing buttons on their screens, because I got those from people who have no idea what I am doing right now.
I feel uneasy not reciprocating to those but so far I am standing my ground. May be I am the black sheep of my network because of that....
Like anything else concerned with my work history/resume, I treat it with honesty.
If I personally know somebody is really good at something, I'll endorse them. Otherwise, it doesn't matter how good a friend they are, I won't. To be honest, I'd like there to be a "negative endorsement" system, too. Since only direct links would be allowed to do this, it would make people only link to people they really have a connection to, and would keep people more honest about their skills.
If you write a novel or something, you basically just need text with less than a dozen markers for where chapters start and such.
There are very few novels that don't use some sort of alternate text (italics, bold, etc.), so that has to be noted in some way.
Then, you have structures like in-chapter breaks, first paragraph differences, date/location notations, chapter name/number, etc., where it's very likely an author has an strong idea for what the final result should look like. At the extreme end, you have novels like The Andromeda Strain which is as complex in specific formatting requirements as a math textbook.
The primary difference today is that authors have many tools available that allow them to convey the desired look and feel to the publisher. And, for that, HTML is a lot more tedious than a WYSIWYG word processor. Someday, someone is going to write a WYSIWYG word processor that can output high-quality, compact HTML plus CSS, but none of those exist right now.
Slashdot is using a <ul> as the basis for their dropdown menus, and for that they don't want any markers. Unfortunately, they seem to have added "list-style: none;" to selectors for all <li> elements.
>That is my take on this as well. I really can't understand as someone who has both been a developer and the firewall guy why you'd want to test a 'protocol' on the Internet
Because when you control all the routers and firewalls, you can change the configs to make a protocol work. You can't do that on the Internet.
Since the whole point of this software is to transfer data across the Internet, we need to test it over a least some portion of the real Internet. Internal testing has already been done, and it works fine when there is no firewall blocking the port. I didn't include this point because I assumed it went without saying.
You should be testing the application in an isolated test environment and not on the production network. In fact, you could have gone to the firewall guys to install a test firewall in the test environment to iron all of these things out.
This is on a "test" VLAN behind the firewall. Since the firewall is so lightly loaded and such tests don't need any global changes to config (if they did, then that would be a reasonable place to have a very long discussion), there isn't a need for a "test" firewall.
Wrong and double wrong. In the secure environment of big companies the intranet connections ain't wifi.
I don't know if $10 billion/year in revenue is a "big company" by your definition, but we have secure WiFi where I work, and it's used pretty much constantly by mobile employees. We also have a public WiFi that goes only to the Internet (although you could technically use VPN software just like you can from home).
There aren't many tablets yet, but we've been asked about how we could foresee using them in the business environment. Since I know the person doing the actual planning, this isn't just a pie-in-the-sky thing...once they figure out the best way to do it, they will.
here is a random person who did the math and found out that the licensing cost of MSSQL is more than balanced by the lower support cost in a large installation.
Part of the assumptions in the listed prices are that only Microsoft SQL Server won't have a support contract.
If you need to have more than a 1 to 1 mysql to php setup you need a database with a workable user management.
I don't see how the MySQL user rights configuration is any more difficult to use than any other database. Admittedly, it's easy to get bitten if you forget that the login permissions are based on a combination of username and connection source (IP or hostname), which allows a "user" to have different passwords depending on where they are connecting from.
After that, it's pretty much the same "GRANT" command used by every SQL-based database to give fine-grained access to objects.
Seagate is claiming 400 Gs maximum operating shock. I, um, gee, well truthfully I have no idea what that means in practical terms but it seems like a big number to me.
A 100G impact will turn a human being into a collection of loosely assembled parts with an infinitesimal chance for restoration to correct function.
This is why all organizations need CIO, someone who is capable of translating "if we don't do X, we going to get pwned" into "if we don't spend X$ and Y man-hours, we are exposing our business to $Z,000,000 -sized liability".
Unfortunately, the average security person will vastly overestimate both the severity and the chance of a particular threat coming to pass, and thus will always suggest that X, Y, Z, A, B, C, and the entire alphabet including lower case simply must be done to avoid billions of dollars of damage.
Both my boss and colleagues use super weak password (tom101) in spite of me asking them to be serious.
Why is this an issue?
Seriously, the point of security rules is to keep data safe while still allowing the business to function. If it's a small office with no access from outside the local network, then maybe password strength isn't important. Maybe the real threat would be someone who is already inside the company, knows nothing about hacking, but could type in the long password they find written on the sticky note because the user couldn't remember it.
Until the entire system (by which I mean the whole company) is analyzed to create a weighted list of threats, there is no way to know if enforcing strong passwords is worth the trouble. That threat might be 192nd on the list, where only the top 12 are considered more than "low risk".
See point 2 about exceptions: middle management complains "security makes it impossible to get our work done" and the response from Upper Management is never to have the staff spend some time training and understanding the security and why it's there and how to work WITH it
There are many organizations where it really isn't possible to "work with" security because security policy is implemented by a group of people who don't care what the business needs to get done to make money. There are also some organizations where "security" gives lip service to communicating and working with the users, but the reality is that the rules are created with CYA as the primary driving force. In other words, if something bad happens, the security group gets to say "obeying our rules would have prevented this incident".
In addition, I have never been in an organization where security policies were reviewed to determine if they were still applicable, nor have I been in one where the makers of the rules have asked anybody other than themselves about "what should we do about X?" End-users get no input, managers only get the broadest of input ("protect us!", "I don't care if we get hacked, let the users do their work!", etc.), and so you end up with a very small group of people who wield a lot of power in the organization. People generally like wielding power, and are loathe to give it up.
As an example, we're trying to get a data transfer application that uses a non-standard port to work through our firewall. The current test setup has no data that can even be remotely considered "sensitive" (e.g., test files are "lorem ipsum" or similar). But, before the port can be opened to see if the protocol will work at all, we needed to recompile some libraries to force the user of higher strength encryption. Now, our testing is hampered by the "too many changes" problem...is the config file for the app on both ends correct, does the encryption sync up, is the port open, is any IDS/traffic shaper/etc. causing a problem, etc. The correct way to test would have been to just open the port with a restriction on the outside IP address, and then we could just use the app with default config (no security, etc.), and make changes to get to a production config that met the security requirements. At that point, the firewall rule could be changed to allow the connections from arbitrary IP addresses we will eventually need.
But, because security has a veto on everything, we're spending a lot more time trying to figure out what is causing issues. A proper security group would understand when rules can be bent or broken (and even allow rules to be permanently changed), instead of blindly applying rules that they might not even have had a hand in creating (depending on turnover within the organization).
It's actually a single "egrep -i -o -f " per mail. For each mail, egrep is forked exactly once, which means writing my own tool will not reduce the OS overhead.
I might give perl a try though, but I doubt that forking perl will be much faster than forking grep.
So, stop forking. There are lots of spam filters that use perl as the engine and run as daemons with a socket to write to. This keeps the compiled perl regular expressions in memory (assuming you're not swapping because of low memory).
Spamassassin can use pretty much the same file you have right now as a source for patterns, and runs quicker than what you are seeing for your setup. I don't use any custom rules for SA, and only see about 5 spam e-mails per week in my mail client, and all end up in the "marked as spam by SA" folder. I do use greylisting and strict SMTP syntax checks to stop a lot before SA even sees them.
Slashdot Mirror
Now that you are unemployed and have no healthcare
If the GP was truly "laid off", then he might not have any company-provided health care.
OTOH, if he was "furloughed" (as I and the majority who are no longer working because of the shutdown were), then he still has health care.
The government would likely not survive the closure of an IT SME such as Lavabit -- and loss of associated jobs -- which resulted from direct government interference in that company's ability to operate in Ireland.
I highly doubt that losing a company of less than 100 employees would cause the government in Ireland to topple, regardless of whether it was "the government's fault".
If that were true, no law that resulted in the loss of 100 jobs would ever get passed.
"Red October", the story of the largest magnetic anomaly in the ocean, that for some reason was undetectable by the US Navy, because. . . Well damnit because I said so.
Soviet "Alfa" class submarines have titanium hulls, which are non-magnetic.
Who is to say if the fictional advanced Typhoon-class submarine in HfRO has the same feature? Also, if you have you ever done search-and-rescue, you'd know that the "mowing the lawn" pattern takes a very long time to cover any area, and it assumes that the target isn't moving. With the target traveling at 25 knots, you'd need a really good knowledge of the planned course plus hundreds of airplanes just to have any chance. Add in the problem of lots of false positives (including all the other subs and ships searching), and it's not nearly as easy as you seem to think.
You think those 800,000 people are going to care about ACA when they don't get a paycheck this month?
Based on history, those people will still eventually get a paycheck for the days they are on furlough. If this extends very long, they might have some issues with finances before that happens.
I suspect that it will be resolved in the next day or two, though, as the actual shutdown is more of a stick than the threat was. A few days of no federal government isn't really a big deal, but it can get people to work harder to get a budget passed.
DSLRs are to point and shoots what high end sports cars are to volkswagons. They have a great deal more potential, said potential rather easily tapped by one with expertise in hand, but getting that potential out of them requires more than picking them up and pushing a button without some supporting knowledge.
There are actually quite a few point and shoot cameras that give the user more control than some dSLR cameras. And, if they have a viewfinder that isn't an LCD screen, they come close to the "through the lens" aiming of the SLR.
The truth is that the one thing that really sets the SLR apart is the interchangeable lenses. And, knowing what lens to use when is a big learning curve. Even though I have nearly a dozen different lenses and know when to use them, the one that gets the most use is just an upgrade of what comes with many dSLR kits: a 20-70mm f/2.8.
All the machines at work are owned by the organization.
You can stop right there. If the organization owns the machine, you have no expectation of privacy, legally or otherwise.
I work in a place that has a stated "no expectation of privacy" policy, but that doesn't mean that if someone uses their work PC to purchase the infamous 55 gallon drum of lube that information is going to be posted on the break room bulletin board.
What it actually means is that if you do something illegal using their computers, then they will turn that evidence over to the authorities, or if you send "trade secrets" to somebody via e-mail, they might discover it. It also means they might monitor your usage to see if you are goofing off too much, so I'm cutting this post short. ;->
But, seriously, a company that does proxying/packet inspection/monitoring is actually in a much tougher legal situation than one that doesn't, because any information that is legally declared as "private" (like medical records) has to be kept private by the company doing the snooping, regardless of the "no expectation of privacy" statement. It's no different from the HR department seeing info about your insurance claims and not being allowed to talk about them to anyone who isn't authorized to see that info.
Citing for using the GPS is fucking stupid.
You don't get it. How is being distracted, staring down at a screen, fiddling with a text message, any different than staring down at a screen, fiddling with a GPS route?
I suspect you are the one that "doesn't get it", as "fiddling with a GPS route" on a GPS-only device would not be ticketed (as stated by the officer in TFA).
So, it's not about distraction, but rather about the device having "communication" functions that determines whether a ticket can be issued. I don't know how the law would handle the typical navigation system touchscreen systems that are built into cars, since they also usually control the radio and possibly a phone via bluetooth.
A lot of 'geeks' like me think it's a prerequisite to be socially awkward if you're smart. It's not. You can be smart, geeky AND popular.
If you are really "smart and geeky", it's highly unlikely you are spending time doing what "popular" people do, and that greatly controls what kind of social interactions you have with people.
When the "popular" people are doing whatever they do today (OK, I admit I'm old and don't know what the current version of "going to parties and hanging out at the mall" is), the geeks will be doing geeky things. World of Warcraft has more of a non-geek presence than D&D, but "playing video games" is still not something that the "popular" kids do in the same amount as "geeky" kids.
Also, if someone does manage to cross the gap (e.g., a sports star who is also a geek), I suspect that their personality will quickly gravitate to the "non-geek" things that get them laid. In other words, being/not being a geek tends to be a self-fulfilling prophecy.
Now, I am using "popular" in the Breakfast Club sense, so I'm not saying that a geek can't have a full and busy social life with a wide range of friends. But, being a "geek" and being "popular" will almost always be opposite ends of the spectrum, at least until the geek goes IPO and has lots of popularity.
I've seen other names come up in LinkedIn that could only be via my Google contacts.
Or, LinkedIn could just have an insanely good algorithm. I was recently presented with a "someone you might know" when I logged in to LinkedIn, and I did know them, but I have no clue how LinkedIn figured it out.
They had just joined LinkedIn in the past week. They used a different e-mail address (different provider/domain) from the one I contact them with and the e-mail address they contact me with isn't the one that LinkedIn has for me. I don't use any webmail (host my own e-mail and access via imap) and so LinkedIn can't get any contacts from me, even if they did "hack my e-mail" (which is unlikely as my e-mail username isn't the e-mail address they have for me and the password for my actual account isn't the same as my LinkedIn login). All of their links at the time were people from their new work (I don't work with them...they are just a friend).
So, basically, LinkedIn had no direct way to connect us, yet it did.
How is that possible. I have a LinkedIn account I never really use, but I thought you had to accept someones invite before they could recommend you, etc. Is that not the case?
Yes, that is the case...a direct link to someone is required to endorse them.
Unlike Facebook, unless you really know these people directly, you shouldn't be linked to them. The whole point of LinkedIn (and what got me my current job) is that you use the people you do know to connect to someone you don't so that you can then develop a real relationship with them to help you in your business (either by getting you a job or by finding someone you can hire). It's just like having your friend introduce you to someone at a party.
Since we are talking about LinkedIn, what do you guys do with the flurry of all those "endorsement" that started several months ago? I suspect those are just from people randomly pressing buttons on their screens, because I got those from people who have no idea what I am doing right now.
I feel uneasy not reciprocating to those but so far I am standing my ground. May be I am the black sheep of my network because of that....
Like anything else concerned with my work history/resume, I treat it with honesty.
If I personally know somebody is really good at something, I'll endorse them. Otherwise, it doesn't matter how good a friend they are, I won't. To be honest, I'd like there to be a "negative endorsement" system, too. Since only direct links would be allowed to do this, it would make people only link to people they really have a connection to, and would keep people more honest about their skills.
If you write a novel or something, you basically just need text with less than a dozen markers for where chapters start and such.
There are very few novels that don't use some sort of alternate text (italics, bold, etc.), so that has to be noted in some way.
Then, you have structures like in-chapter breaks, first paragraph differences, date/location notations, chapter name/number, etc., where it's very likely an author has an strong idea for what the final result should look like. At the extreme end, you have novels like The Andromeda Strain which is as complex in specific formatting requirements as a math textbook.
The primary difference today is that authors have many tools available that allow them to convey the desired look and feel to the publisher. And, for that, HTML is a lot more tedious than a WYSIWYG word processor. Someday, someone is going to write a WYSIWYG word processor that can output high-quality, compact HTML plus CSS, but none of those exist right now.
HTML5 is a terrible source format because it is predominantly a visual markup, not a semantic one.
Actually, HTML elements in ePub have defined semantic roles, primarily to allow assistive technologies to make better use of the content.
Because it is a mistake.
Slashdot is using a <ul> as the basis for their dropdown menus, and for that they don't want any markers. Unfortunately, they seem to have added "list-style: none;" to selectors for all <li> elements.
>That is my take on this as well. I really can't understand as someone who has both been a developer and the firewall guy why you'd want to test a 'protocol' on the Internet
Because when you control all the routers and firewalls, you can change the configs to make a protocol work. You can't do that on the Internet.
Since the whole point of this software is to transfer data across the Internet, we need to test it over a least some portion of the real Internet. Internal testing has already been done, and it works fine when there is no firewall blocking the port. I didn't include this point because I assumed it went without saying.
You should be testing the application in an isolated test environment and not on the production network. In fact, you could have gone to the firewall guys to install a test firewall in the test environment to iron all of these things out.
This is on a "test" VLAN behind the firewall. Since the firewall is so lightly loaded and such tests don't need any global changes to config (if they did, then that would be a reasonable place to have a very long discussion), there isn't a need for a "test" firewall.
Wrong and double wrong. In the secure environment of big companies the intranet connections ain't wifi.
I don't know if $10 billion/year in revenue is a "big company" by your definition, but we have secure WiFi where I work, and it's used pretty much constantly by mobile employees. We also have a public WiFi that goes only to the Internet (although you could technically use VPN software just like you can from home).
There aren't many tablets yet, but we've been asked about how we could foresee using them in the business environment. Since I know the person doing the actual planning, this isn't just a pie-in-the-sky thing...once they figure out the best way to do it, they will.
here is a random person who did the math and found out that the licensing cost of MSSQL is more than balanced by the lower support cost in a large installation.
Part of the assumptions in the listed prices are that only Microsoft SQL Server won't have a support contract.
If you need to have more than a 1 to 1 mysql to php setup you need a database with a workable user management.
I don't see how the MySQL user rights configuration is any more difficult to use than any other database. Admittedly, it's easy to get bitten if you forget that the login permissions are based on a combination of username and connection source (IP or hostname), which allows a "user" to have different passwords depending on where they are connecting from.
After that, it's pretty much the same "GRANT" command used by every SQL-based database to give fine-grained access to objects.
Seagate is claiming 400 Gs maximum operating shock. I, um, gee, well truthfully I have no idea what that means in practical terms but it seems like a big number to me.
A 100G impact will turn a human being into a collection of loosely assembled parts with an infinitesimal chance for restoration to correct function.
A 400G impact will turn a human being into goo.
This is why all organizations need CIO, someone who is capable of translating "if we don't do X, we going to get pwned" into "if we don't spend X$ and Y man-hours, we are exposing our business to $Z,000,000 -sized liability".
Unfortunately, the average security person will vastly overestimate both the severity and the chance of a particular threat coming to pass, and thus will always suggest that X, Y, Z, A, B, C, and the entire alphabet including lower case simply must be done to avoid billions of dollars of damage.
Both my boss and colleagues use super weak password (tom101) in spite of me asking them to be serious.
Why is this an issue?
Seriously, the point of security rules is to keep data safe while still allowing the business to function. If it's a small office with no access from outside the local network, then maybe password strength isn't important. Maybe the real threat would be someone who is already inside the company, knows nothing about hacking, but could type in the long password they find written on the sticky note because the user couldn't remember it.
Until the entire system (by which I mean the whole company) is analyzed to create a weighted list of threats, there is no way to know if enforcing strong passwords is worth the trouble. That threat might be 192nd on the list, where only the top 12 are considered more than "low risk".
See point 2 about exceptions: middle management complains "security makes it impossible to get our work done" and the response from Upper Management is never to have the staff spend some time training and understanding the security and why it's there and how to work WITH it
There are many organizations where it really isn't possible to "work with" security because security policy is implemented by a group of people who don't care what the business needs to get done to make money. There are also some organizations where "security" gives lip service to communicating and working with the users, but the reality is that the rules are created with CYA as the primary driving force. In other words, if something bad happens, the security group gets to say "obeying our rules would have prevented this incident".
In addition, I have never been in an organization where security policies were reviewed to determine if they were still applicable, nor have I been in one where the makers of the rules have asked anybody other than themselves about "what should we do about X?" End-users get no input, managers only get the broadest of input ("protect us!", "I don't care if we get hacked, let the users do their work!", etc.), and so you end up with a very small group of people who wield a lot of power in the organization. People generally like wielding power, and are loathe to give it up.
As an example, we're trying to get a data transfer application that uses a non-standard port to work through our firewall. The current test setup has no data that can even be remotely considered "sensitive" (e.g., test files are "lorem ipsum" or similar). But, before the port can be opened to see if the protocol will work at all, we needed to recompile some libraries to force the user of higher strength encryption. Now, our testing is hampered by the "too many changes" problem...is the config file for the app on both ends correct, does the encryption sync up, is the port open, is any IDS/traffic shaper/etc. causing a problem, etc. The correct way to test would have been to just open the port with a restriction on the outside IP address, and then we could just use the app with default config (no security, etc.), and make changes to get to a production config that met the security requirements. At that point, the firewall rule could be changed to allow the connections from arbitrary IP addresses we will eventually need.
But, because security has a veto on everything, we're spending a lot more time trying to figure out what is causing issues. A proper security group would understand when rules can be bent or broken (and even allow rules to be permanently changed), instead of blindly applying rules that they might not even have had a hand in creating (depending on turnover within the organization).
Some country-code domains have their CCTLD set up as a website.
Try http://tk./ and http://dk./ for example.
Both give me the "Firefox can't find the server at" message.
It's actually a single "egrep -i -o -f " per mail. For each mail, egrep is forked exactly once, which means writing my own tool will not reduce the OS overhead. I might give perl a try though, but I doubt that forking perl will be much faster than forking grep.
So, stop forking. There are lots of spam filters that use perl as the engine and run as daemons with a socket to write to. This keeps the compiled perl regular expressions in memory (assuming you're not swapping because of low memory).
Spamassassin can use pretty much the same file you have right now as a source for patterns, and runs quicker than what you are seeing for your setup. I don't use any custom rules for SA, and only see about 5 spam e-mails per week in my mail client, and all end up in the "marked as spam by SA" folder. I do use greylisting and strict SMTP syntax checks to stop a lot before SA even sees them.