Well, since he is working for a public university that is subsidized by tax dollars, it is nice to see him giving back to the community at large. I, for example, work at Ohio State and our purpose statement is "To advance the well-being of the people of Ohio and the global community through the creation and dissemination of knowledge." In my humble opinion, I find it hard to see how updating Wikipedia doesn't support that vision.
The story says there are increased safety issues with electronic parts in cars. The Toyota accelerator pedal issue was mechanical. An electrical part is not inherently more error prone. The author of the story is just being sensationalistic and playing on peoples' fear of technology. DID YOU KNOW THEY USE ELECTRONIC CONTROLS IN PLANES!!! TONIGHT AT 10!
One of the mid-sized corporations I worked for did not allow admin access to developers on production machines. The reasons for this has been outlined by some other posts already, but mainly because the server team was responsible for the servers. It was also part of a strategy to meet Sarbanes Oxley requirements for servers touching financial data.
In order for it to work smoothly, an exact development copy of the production server is required. This is pretty resource intensive in both servers and admins. Second, the deployment of new applications needs to be communicated to the administrators. This took some time depending on the difficulty of the change. Finally, any issues that popped up in the production server that wasn't seen in the development server required "emergency admin access". It usually meant that a server admin and developer sitting at the same terminal working out an issue.
This method, while not being efficient, forced a couple of best practices. First, because development had to be done a replica of the server, the code was already tested on a server that was identical(as possible) to the original server. Second, because the deployment had to be done by server admins, the developer had to document all the steps required to deploy their application. It let the admins know the changes being made, allowed auditors to see the change, and forced the developer to make an application that was reasonably easy to deploy.
Overall, I think it lead to a pretty clean production environment with much fewer "surprises". However, any code you want to put into production takes twice as long and cost twice as much (approximately). To truly evaluate if it monetarily makes sense, the cost of a failure/fraud in a production environment needs to be calculated. I don't think it is always better one way or another. Although, as a developer it sure was a pain in the ass.
BASH can do pretty much anything you need it to do. Windows PowerShell scripting is nice, and provides access to things that are already accessible in "UnixVille". The statement about nothing in UnixVille like it in terms of integration really has no meaning at all. It's like a dumb statement....on steroids.
Being a system admin for nearly every operating system around, they all pretty much do what you need them to do as long as you are fairly intelligent and understand them. Almost all arguments I hear otherwise are based on ignorance, elitism, or both.
I couldn't agree more with your comment. This article is a complete waste of time and has no interesting or useful content. It bothers me that technical magazines these days feel like they can get away with writing something with so little substance.
It really is an article equivalent of a troll. I wonder if NASCAR magazine writers write about the differences between Ford, Chevy and Dodge just so they can get people fired up. Absolutely not slashdot worthy.
This problem is a non-issue and has been for years. Every Windows, Mac and Linux desktop I have had the pleasure of administering over the last 10 years had an automatic computer lock after x minutes of non-use. It is easy to set up for both enterprise and home users. The idea that this password is "set by the end user and less secure" is just plain silly as it *should* just use the credentials of the logged in user. If this is in the enterprise, it will follow whatever the password policy is corporate wide. If this is an end user, they need to make a secure password, which is their responsibility if they care about safe computing.
For web resources, require re-authentication (the idea that re-authorization plays any part in this scenario is making it needlessly more complicated) after x amount of time. All web frameworks have a built in time out for this reason. You actually have to go out of your way to write something that doesn't automatically time out after a period of time.
To put this bluntly, if you're having a problem with this sort of issue.....you're doing it wrong.
The fact that he is possibly targeting minors, creating risk to them through emotional trauma, and making academic claims about the information he is gathering on online subjects definitely means he should have IRB approval. Any reasonable academic would state that, especially given the risque nature of the study. In fact, given my experience with the IRB, I doubt he would even get approval. It really saddens me that so many graduate students spend their time following the rules just to watch misguided faculty members ignore them. I like the message this sends.
Below is a link to their own policy for online research. It does not deviate much from the policies I have seen at the multiple institutions I have attended. To the best of my reading, his research is in flagrant violation of the policies.
http://www.luc.edu/ors/irbonlinesurveys2.shtml
Slashdot Mirror
The patent was filed in 2006.
Well, since he is working for a public university that is subsidized by tax dollars, it is nice to see him giving back to the community at large. I, for example, work at Ohio State and our purpose statement is "To advance the well-being of the people of Ohio and the global community through the creation and dissemination of knowledge." In my humble opinion, I find it hard to see how updating Wikipedia doesn't support that vision.
Hey, at least Microsoft didn't do this. Then it'd be downright evil.
The story says there are increased safety issues with electronic parts in cars. The Toyota accelerator pedal issue was mechanical. An electrical part is not inherently more error prone. The author of the story is just being sensationalistic and playing on peoples' fear of technology. DID YOU KNOW THEY USE ELECTRONIC CONTROLS IN PLANES!!! TONIGHT AT 10!
One of the mid-sized corporations I worked for did not allow admin access to developers on production machines. The reasons for this has been outlined by some other posts already, but mainly because the server team was responsible for the servers. It was also part of a strategy to meet Sarbanes Oxley requirements for servers touching financial data.
In order for it to work smoothly, an exact development copy of the production server is required. This is pretty resource intensive in both servers and admins. Second, the deployment of new applications needs to be communicated to the administrators. This took some time depending on the difficulty of the change. Finally, any issues that popped up in the production server that wasn't seen in the development server required "emergency admin access". It usually meant that a server admin and developer sitting at the same terminal working out an issue.
This method, while not being efficient, forced a couple of best practices. First, because development had to be done a replica of the server, the code was already tested on a server that was identical(as possible) to the original server. Second, because the deployment had to be done by server admins, the developer had to document all the steps required to deploy their application. It let the admins know the changes being made, allowed auditors to see the change, and forced the developer to make an application that was reasonably easy to deploy.
Overall, I think it lead to a pretty clean production environment with much fewer "surprises". However, any code you want to put into production takes twice as long and cost twice as much (approximately). To truly evaluate if it monetarily makes sense, the cost of a failure/fraud in a production environment needs to be calculated. I don't think it is always better one way or another. Although, as a developer it sure was a pain in the ass.
BASH can do pretty much anything you need it to do. Windows PowerShell scripting is nice, and provides access to things that are already accessible in "UnixVille". The statement about nothing in UnixVille like it in terms of integration really has no meaning at all. It's like a dumb statement....on steroids. Being a system admin for nearly every operating system around, they all pretty much do what you need them to do as long as you are fairly intelligent and understand them. Almost all arguments I hear otherwise are based on ignorance, elitism, or both.
I couldn't agree more with your comment. This article is a complete waste of time and has no interesting or useful content. It bothers me that technical magazines these days feel like they can get away with writing something with so little substance. It really is an article equivalent of a troll. I wonder if NASCAR magazine writers write about the differences between Ford, Chevy and Dodge just so they can get people fired up. Absolutely not slashdot worthy.
This problem is a non-issue and has been for years. Every Windows, Mac and Linux desktop I have had the pleasure of administering over the last 10 years had an automatic computer lock after x minutes of non-use. It is easy to set up for both enterprise and home users. The idea that this password is "set by the end user and less secure" is just plain silly as it *should* just use the credentials of the logged in user. If this is in the enterprise, it will follow whatever the password policy is corporate wide. If this is an end user, they need to make a secure password, which is their responsibility if they care about safe computing.
For web resources, require re-authentication (the idea that re-authorization plays any part in this scenario is making it needlessly more complicated) after x amount of time. All web frameworks have a built in time out for this reason. You actually have to go out of your way to write something that doesn't automatically time out after a period of time.
To put this bluntly, if you're having a problem with this sort of issue.....you're doing it wrong.
The fact that he is possibly targeting minors, creating risk to them through emotional trauma, and making academic claims about the information he is gathering on online subjects definitely means he should have IRB approval. Any reasonable academic would state that, especially given the risque nature of the study. In fact, given my experience with the IRB, I doubt he would even get approval. It really saddens me that so many graduate students spend their time following the rules just to watch misguided faculty members ignore them. I like the message this sends. Below is a link to their own policy for online research. It does not deviate much from the policies I have seen at the multiple institutions I have attended. To the best of my reading, his research is in flagrant violation of the policies. http://www.luc.edu/ors/irbonlinesurveys2.shtml