Exactly. It seems that many efforts are focusing only on legislating common formats and content of ID cards. If there isn't a trusted way to validate the source documents used to obtain the ID (birth certificate, etc.), all of the security features built into the card will be pointless. Instead of forging an ID, a criminal will forge a birth certificate and get a real, state-issued ID. If organizations are going to dictate standards for the format of IDs, they should draw up standards for acceptable source documents, too. There is a reason that many of the WTC terrorists were from Florida; Florida has one of the most lenient standards for source documentation in the country.
To me, this is the same as people who think that security can be enforced solely through the use of encryption. Just as encrypting a conversation with someone isn't secure if you don't authenticate the person you're talking to, giving someone a fancy, high-tech ID isn't secure if they didn't adequately prove who they were first.
I had major problems with CT a few years back. I noticed that my wrists hurt less when I used my laptop (which has a trackpoint) than when I used my desktop keyboard and mouse. I ditched my mouse completely and bought a trackpoint keyboard instead. It helped tremendously and I've had much less pain since. It also works wonders at keeping other people from borrowing your workstation. **grin**
What I don't like about the "Penny per page" model is that it could reward sites with poor usability. What would the incentive be for a web site to perform task analyses to see how many pages a user must access to perform a task? It would be *good* for them if the process was difficult and resulted in the user needlessly accessing more pages than necessary to find the information he wanted.
The counter argument is that in a "free market" like on the Internet, sites would still strive to improve usability for fear of consumers getting frustrated and patronizing another site instead. With so many Internet businesses collapsing or merging these day, however, I wonder how long this will be a viable argument.
When I saw the news footage of the second plane crashing into the WTC, the first thing I thought of was the movie The Siege, when terrorists hijacked a bus. One guy said something like "These guys aren't waiting for the negotiators, they're waiting for the cameras." I couldn't help but think that they planned a staggered attack rather than a simultaneous one just so there would be footage of that building going up in flames with the second impact.
The thing that hit home most for me was the comment you made about the plane overhead. That happened to me, too. This morning, I heard both explosions and thought nothing of it. I just thought it was a sonic boom. Two hours later, the sound of a plane flying overhead made my coworkers and me freeze in our tracks. Its amazing what can change in two hours.
I live in Battery Park City, which is only a couple of blocks away from the Trade Center. I was running late to work this morning so I didn't have the TV on. I heard a plane go by and then a really loud BOOM that caused my whole apartment to shake. It's not unusual to hear planes or helicopters near where I am because of charters tours around the Statue of Liberty and the news copters, so the first thing that crossed my mind was that it was some type of plane going fast that had a sonic boom. I remember being kind of mad thinking that the fact my apartment shook validated why planes aren't allowed to fly supersonically over land. A few minutes later, the exact same thing happened. Again, I thought it was a sonic boom. I know that I was being really naive, but an explosion never crossed my mind. I turned on the TV and saw the pictures of the buildings burning and then I started hearing the sirens.
The news said that my usual subway, the N/R, was shut down, so I called my boss and said that I would catch the 4/5 if it was running or work from home. It didn't even occur to me that I was in danger and it never crossed my mind that the buildings would collapse. I left my apartment to go to the 4/5 and all kinds of people were standing in the street taking pictures of the building and looking at what was happening. There were people crying and shouting into cell phones trying to find loved ones. The emotion was so overwhelming. Cops came by and told us to move back into Battery Park proper (by the Statue of Liberty) in case something happened. I walked to the park and went in the 4/5 subway entrance. Down there, I started hearing people talk about the Pentagon and a false report about the White House. I started to worry and wonder where the safest place was to be. I didn't want to get trapped in the subway, but I thought my other option of walking over the Brooklyn Bridge sounded dangerous, too. The other option was staying by the Statue of Liberty, which didn't seem safe, either. While I'm waiting for the subway deciding what to do, I heard a loud explosion and the lights went out.
I ran out of the subway to see what happened and everyone was running and screaming. I had no idea what happened, but I thought I should just start running too. About 5 minutes later when people stopped, I asked someone near me what happened and she said that the building collapsed. About 5 minutes after that, we got hit by a dense cloud of smoke and everyone started panicking and running again. The ash was like it was snowing and you couldn't see your hand in front of your face. I ran to the Staten Island Ferry building with the crowd and started freaking out about what to do. At that point, noone had any idea where was safe. A girl pulled me into one of the bathrooms, told me to calm down, and that we at least would have clean air there. We waited there about a 1/2 hour until the air cleared. The men took off their undershirts and I took out my gym clothes, we ripped them up, and used them to cover our mouths and noses.
I made my way to our Wall St. office, called my family, and emailed my address book, letting people know I was OK. All of my coworkers were in Brooklyn, so a random person from another team invited me home with her. We walked to her place on 23rd Street. I was amazed at how nice people were -- there was no profiteering, people were giving out water and food to all of us refugees trying to find shelter in uptown.
I spent the afternoon at her house watching news reports. I called my apartment complex and they said it is closed until further notice because they need to inspect it for structural defects. My boss was kind enough to offer to put me up in Long Island, so that's where I am for the night. There was an awful incident on the LIRR on my way here where some crazy people were going up and down the train threatening anyone who wasn't white. They were asking them if they were Islamic and from the Middle East. One man said he was Indian and Christian, but they still almost beat him up.
I have no idea when I will have a home again and what things will be like over the next few days. I am just grateful that I am alive and humbled by the number of calls and emails I have received from people who love me and were worried. My heart is with the rescue workers and with the families of those who are missing or dead.
Speaking of Rijndael, where can you download a good implementation that is free and licensed for commercial use? I recently had to choose an encryption package for a program my group was writing and our client (government affiliated) wanted to go with Rijndael since it was the new AES standard. The NIST implementation is not licensed for commercial use and other implementations don't seem to come from trustworthy enough sources. I couldn't find anything that I felt comfortable recommending so we ended up going with Blowfish.
I store all of my bookmarks on Backflip. The site lets you categorize your bookmarks, write comments about them, and access them from any computer. New bookmarks can be added by clicking on a button you add to your browser or through their site. The best feature, I've found, is it lets you set access controls for your bookmark categories. That lets me give my co-workers access to my work-related bookmarks, such as Java resources, without letting them see my personal links.
I'm a consultant who works with government agencies. I would recommend going this route for the following reasons:
Our projects are cooler. The agencies I've worked for do the older, mainframe stuff themselves but contract out all of the "fun" projects that use newer technologies. I get to do the Java coding while the government workers get to do the COBOL backend.
The people are more interesting. I don't want to be mean, but consulting firms tend to attract people who are more interested in staying on top of their field and who want to challenge themselves intellectually. My consultant co-workers are also much more diverse and have broader interests than the government workers I interact with. This could just be my own experience but it may be something to consider.
The pay is MUCH better.
I agree that working for the government is very rewarding. I really like the fact that what I do impacts many people's daily lives (hopefully for the better!) I find that working as a consultant instead of working directly for the government helps me balance my needs (wanting to be challenged, working with interesting people, and making a good living) with the benefits of being able to help others.
After my sophomore year of college, a friend and I both took internships at different companies. At the end of the summer when we compared experiences, he said he was "offended and disgusted" by the work he was expected to do and learned nothing the entire summer. I said that I had a great experience and learned more than I had the previous year at school. When we talked about our summers in more detail, it turned out that we had both spent our summers doing the same thing: fixing software bugs. Sure the work didn't test all of my programming skills but I learned a lot of things that can't be taught in a CS class. I was able to observe how a code base with over 100 source files was managed, I was able to observe the interaction of roles on a large development effort, and I was able to read lots of code written by experienced programmers. My friend expected to be writing new applications and spent his summer pouting because he was offended when he was asked to do maintenance. Not only is this unrealistic given the amount of time programmers spend developing vs. maintaing code, but he missed out on many opportunities to learn things that can't be taught in the classroom.
I read somewhere that Java bytecode can easily be identified because the first 8 Hex digits always spell out "CAFEBABE". (Supposedly, the team that developed Java had a certain 'appreciation' for one of the female workers at a local coffee shop and decided to immortalize her in their work.)
I'm a girl, I code Java, and I wanted an appropriately geeky name, so that's how I picked my nick. I considered 0xCAFEBABE, but I figured that would be going a little too far.
Look at the Toolkit for Conceptual Modeling It runs under Linux and Solaris and is distributed under the GPL. It can be used to design tables, trees, ER diagrams, UML(use cases, collaboration diagrams, etc.), data and event flow diagrams, state transition diagrams, and many other types of documents. It can output data in PostScript, encapsulated PostScript, or FIG. I've used it for projects before and it offers pretty much all of the functionality you would get from a program like Visio. (And if you drop the TCM diagrams into LaTeX, you'll get something that looks better than anything you could hope to produce on "that other platform".)
Bush:I would give a tax cut because I believe the American People can spend their money better than some Washington bureaucrat. I trust the American people to make their own decisions...well, except for deciding whether they should have an abortion...or deciding which sites they should be able to visit on the Internet...or deciding whether they should be able to serve in the military if they are homosexual...
I'm sick of hearing Bush talk about how much he trusts the American people when so many of his policies don't back him up. The only thing he trusts people with are money...and with his tax cut giving so much to the wealthy and not the middle or lower classes, what he really is saying is "I trust the wealthy minority of American citizens to spend their money on things that are better than preserving Social Security and funding Medicare reform." I disagree.
Try Bookpool for discount technical books. I never understood people's attraction to Fatbrain. Bookpool's service is first rate and their discounts are almost always better than Fatbrain's.
I graduated from a computer science department where all development was done on Unix platforms with traditional command line tools. When I started going to job fairs my senior year, I noticed that a large number of companies were advertising for developers with experience in Visual Basic or Visual C++. Frustrated, I asked my advisor why our programming classes used g++ instead of Visual C++ since employers seemed to want employees with experience with visual tools and M$ discounts their products for universities.
His response was that a good computer science curriculum should teach programming skills, not tools. The tools and languages that are "in vogue" change from year to year, but the same programming fundamentals apply to all technologies. Teaching students programming using Visual Studio or another IDE focuses too much attention on the tool and not enough on the practice of programming. Visual tools also abstract away low-level concepts that are important for a complete understanding of how programs work. Any developer with a good understanding of programming can learn a new tool; a person who does not grasp the fundamentals of programming will have trouble adapting when the "new new thing" comes along. With the dynamic nature of technology, a CS program should teach how to learn new technologies, not the technologies themselves (ex. Instead of teaching C++, teach students about Data Structures and have them prove they understand the concept by using them in a C++ program.)
After being in the "real world" for a while, I have to say that I agree with everything my advisor said. I have seen coworkers of mine who learned on Visual tools struggle when problems arise in low level or server side code. When my department announced that new development would be in Java instead of PL/SQL & C++, many of my coworkers who were trained in those technologies were concerned about their job security. My coworkers who had mastered the fundamentals of programming were not at all concerned -- they were saying things like "I'll pick up a book on the way home and learn it over the weekend."
Yes, graduates who already know Visual tools may be more productive in the short term. When you look at the "big picture", however, universities do a much bigger service by teaching traditional programming.
My 2 cents.
Re:Vendors just passing on Credit Card Company buc
on
A Matter Of Trust?
·
· Score: 3
On a side note -- Wired magazine had an article a few days ago about how American Express will no longer cover credit card transactions from porn sites. AMEX says that porn sites have such a high charge back rate from fraud that they are no longer interested in working with those companies. One thing the article pointed out is that a lot of the fraud from these sites doesn't come from stolen cards or invalid numbers, but from people disputing what are probably valid charges because they don't want to admit to embarassing purchases. ("No, honey, I don't know how that charge got on my bill. Someone must have stolen my card...")
Considering how lucrative the online market is for porn and other goods and services people would rather purchase with the benefit of anonymity, credit card companies should probably focus some of their security research on techniques for nonrepudiation, not just improving methods for authentication and preventing interception of card numbers.
Slashdot Mirror
To me, this is the same as people who think that security can be enforced solely through the use of encryption. Just as encrypting a conversation with someone isn't secure if you don't authenticate the person you're talking to, giving someone a fancy, high-tech ID isn't secure if they didn't adequately prove who they were first.
What I don't like about the "Penny per page" model is that it could reward sites with poor usability. What would the incentive be for a web site to perform task analyses to see how many pages a user must access to perform a task? It would be *good* for them if the process was difficult and resulted in the user needlessly accessing more pages than necessary to find the information he wanted.
The counter argument is that in a "free market" like on the Internet, sites would still strive to improve usability for fear of consumers getting frustrated and patronizing another site instead. With so many Internet businesses collapsing or merging these day, however, I wonder how long this will be a viable argument.
When I saw the news footage of the second plane crashing into the WTC, the first thing I thought of was the movie The Siege, when terrorists hijacked a bus. One guy said something like "These guys aren't waiting for the negotiators, they're waiting for the cameras." I couldn't help but think that they planned a staggered attack rather than a simultaneous one just so there would be footage of that building going up in flames with the second impact.
The thing that hit home most for me was the comment you made about the plane overhead. That happened to me, too. This morning, I heard both explosions and thought nothing of it. I just thought it was a sonic boom. Two hours later, the sound of a plane flying overhead made my coworkers and me freeze in our tracks. Its amazing what can change in two hours.
I live in Battery Park City, which is only a couple of blocks away from the Trade Center. I was running late to work this morning so I didn't have the TV on. I heard a plane go by and then a really loud BOOM that caused my whole apartment to shake. It's not unusual to hear planes or helicopters near where I am because of charters tours around the Statue of Liberty and the news copters, so the first thing that crossed my mind was that it was some type of plane going fast that had a sonic boom. I remember being kind of mad thinking that the fact my apartment shook validated why planes aren't allowed to fly supersonically over land. A few minutes later, the exact same thing happened. Again, I thought it was a sonic boom. I know that I was being really naive, but an explosion never crossed my mind. I turned on the TV and saw the pictures of the buildings burning and then I started hearing the sirens.
The news said that my usual subway, the N/R, was shut down, so I called my boss and said that I would catch the 4/5 if it was running or work from home. It didn't even occur to me that I was in danger and it never crossed my mind that the buildings would collapse. I left my apartment to go to the 4/5 and all kinds of people were standing in the street taking pictures of the building and looking at what was happening. There were people crying and shouting into cell phones trying to find loved ones. The emotion was so overwhelming. Cops came by and told us to move back into Battery Park proper (by the Statue of Liberty) in case something happened. I walked to the park and went in the 4/5 subway entrance. Down there, I started hearing people talk about the Pentagon and a false report about the White House. I started to worry and wonder where the safest place was to be. I didn't want to get trapped in the subway, but I thought my other option of walking over the Brooklyn Bridge sounded dangerous, too. The other option was staying by the Statue of Liberty, which didn't seem safe, either. While I'm waiting for the subway deciding what to do, I heard a loud explosion and the lights went out.
I ran out of the subway to see what happened and everyone was running and screaming. I had no idea what happened, but I thought I should just start running too. About 5 minutes later when people stopped, I asked someone near me what happened and she said that the building collapsed. About 5 minutes after that, we got hit by a dense cloud of smoke and everyone started panicking and running again. The ash was like it was snowing and you couldn't see your hand in front of your face. I ran to the Staten Island Ferry building with the crowd and started freaking out about what to do. At that point, noone had any idea where was safe. A girl pulled me into one of the bathrooms, told me to calm down, and that we at least would have clean air there. We waited there about a 1/2 hour until the air cleared. The men took off their undershirts and I took out my gym clothes, we ripped them up, and used them to cover our mouths and noses.
I made my way to our Wall St. office, called my family, and emailed my address book, letting people know I was OK. All of my coworkers were in Brooklyn, so a random person from another team invited me home with her. We walked to her place on 23rd Street. I was amazed at how nice people were -- there was no profiteering, people were giving out water and food to all of us refugees trying to find shelter in uptown.
I spent the afternoon at her house watching news reports. I called my apartment complex and they said it is closed until further notice because they need to inspect it for structural defects. My boss was kind enough to offer to put me up in Long Island, so that's where I am for the night. There was an awful incident on the LIRR on my way here where some crazy people were going up and down the train threatening anyone who wasn't white. They were asking them if they were Islamic and from the Middle East. One man said he was Indian and Christian, but they still almost beat him up.
I have no idea when I will have a home again and what things will be like over the next few days. I am just grateful that I am alive and humbled by the number of calls and emails I have received from people who love me and were worried. My heart is with the rescue workers and with the families of those who are missing or dead.
Speaking of Rijndael, where can you download a good implementation that is free and licensed for commercial use? I recently had to choose an encryption package for a program my group was writing and our client (government affiliated) wanted to go with Rijndael since it was the new AES standard. The NIST implementation is not licensed for commercial use and other implementations don't seem to come from trustworthy enough sources. I couldn't find anything that I felt comfortable recommending so we ended up going with Blowfish.
I store all of my bookmarks on Backflip. The site lets you categorize your bookmarks, write comments about them, and access them from any computer. New bookmarks can be added by clicking on a button you add to your browser or through their site. The best feature, I've found, is it lets you set access controls for your bookmark categories. That lets me give my co-workers access to my work-related bookmarks, such as Java resources, without letting them see my personal links.
I'm a consultant who works with government agencies. I would recommend going this route for the following reasons:
I agree that working for the government is very rewarding. I really like the fact that what I do impacts many people's daily lives (hopefully for the better!) I find that working as a consultant instead of working directly for the government helps me balance my needs (wanting to be challenged, working with interesting people, and making a good living) with the benefits of being able to help others.
After my sophomore year of college, a friend and I both took internships at different companies. At the end of the summer when we compared experiences, he said he was "offended and disgusted" by the work he was expected to do and learned nothing the entire summer. I said that I had a great experience and learned more than I had the previous year at school. When we talked about our summers in more detail, it turned out that we had both spent our summers doing the same thing: fixing software bugs. Sure the work didn't test all of my programming skills but I learned a lot of things that can't be taught in a CS class. I was able to observe how a code base with over 100 source files was managed, I was able to observe the interaction of roles on a large development effort, and I was able to read lots of code written by experienced programmers. My friend expected to be writing new applications and spent his summer pouting because he was offended when he was asked to do maintenance. Not only is this unrealistic given the amount of time programmers spend developing vs. maintaing code, but he missed out on many opportunities to learn things that can't be taught in the classroom.
I read somewhere that Java bytecode can easily be identified because the first 8 Hex digits always spell out "CAFEBABE". (Supposedly, the team that developed Java had a certain 'appreciation' for one of the female workers at a local coffee shop and decided to immortalize her in their work.)
I'm a girl, I code Java, and I wanted an appropriately geeky name, so that's how I picked my nick. I considered 0xCAFEBABE, but I figured that would be going a little too far.
Look at the Toolkit for Conceptual Modeling It runs under Linux and Solaris and is distributed under the GPL. It can be used to design tables, trees, ER diagrams, UML(use cases, collaboration diagrams, etc.), data and event flow diagrams, state transition diagrams, and many other types of documents. It can output data in PostScript, encapsulated PostScript, or FIG. I've used it for projects before and it offers pretty much all of the functionality you would get from a program like Visio. (And if you drop the TCM diagrams into LaTeX, you'll get something that looks better than anything you could hope to produce on "that other platform".)
Good luck!
Bush:I would give a tax cut because I believe the American People can spend their money better than some Washington bureaucrat. I trust the American people to make their own decisions...well, except for deciding whether they should have an abortion...or deciding which sites they should be able to visit on the Internet...or deciding whether they should be able to serve in the military if they are homosexual...
I'm sick of hearing Bush talk about how much he trusts the American people when so many of his policies don't back him up. The only thing he trusts people with are money...and with his tax cut giving so much to the wealthy and not the middle or lower classes, what he really is saying is "I trust the wealthy minority of American citizens to spend their money on things that are better than preserving Social Security and funding Medicare reform." I disagree.
Try Bookpool for discount technical books. I never understood people's attraction to Fatbrain. Bookpool's service is first rate and their discounts are almost always better than Fatbrain's.
I disagree.
I graduated from a computer science department where all development was done on Unix platforms with traditional command line tools. When I started going to job fairs my senior year, I noticed that a large number of companies were advertising for developers with experience in Visual Basic or Visual C++. Frustrated, I asked my advisor why our programming classes used g++ instead of Visual C++ since employers seemed to want employees with experience with visual tools and M$ discounts their products for universities.
His response was that a good computer science curriculum should teach programming skills, not tools. The tools and languages that are "in vogue" change from year to year, but the same programming fundamentals apply to all technologies. Teaching students programming using Visual Studio or another IDE focuses too much attention on the tool and not enough on the practice of programming. Visual tools also abstract away low-level concepts that are important for a complete understanding of how programs work. Any developer with a good understanding of programming can learn a new tool; a person who does not grasp the fundamentals of programming will have trouble adapting when the "new new thing" comes along. With the dynamic nature of technology, a CS program should teach how to learn new technologies, not the technologies themselves (ex. Instead of teaching C++, teach students about Data Structures and have them prove they understand the concept by using them in a C++ program.)
After being in the "real world" for a while, I have to say that I agree with everything my advisor said. I have seen coworkers of mine who learned on Visual tools struggle when problems arise in low level or server side code. When my department announced that new development would be in Java instead of PL/SQL & C++, many of my coworkers who were trained in those technologies were concerned about their job security. My coworkers who had mastered the fundamentals of programming were not at all concerned -- they were saying things like "I'll pick up a book on the way home and learn it over the weekend."
Yes, graduates who already know Visual tools may be more productive in the short term. When you look at the "big picture", however, universities do a much bigger service by teaching traditional programming.
My 2 cents.
On a side note -- Wired magazine had an article a few days ago about how American Express will no longer cover credit card transactions from porn sites. AMEX says that porn sites have such a high charge back rate from fraud that they are no longer interested in working with those companies. One thing the article pointed out is that a lot of the fraud from these sites doesn't come from stolen cards or invalid numbers, but from people disputing what are probably valid charges because they don't want to admit to embarassing purchases. ("No, honey, I don't know how that charge got on my bill. Someone must have stolen my card...")
Considering how lucrative the online market is for porn and other goods and services people would rather purchase with the benefit of anonymity, credit card companies should probably focus some of their security research on techniques for nonrepudiation, not just improving methods for authentication and preventing interception of card numbers.