In the American Recovery and Reinvestment Act of 2009 (“Recovery Act”), Congress directed the Commission to create a national broadband plan by February 17, 2010, that seeks to “ensure that all people of the United States have access to broadband capability and establish[es] benchmarks for meeting that goal.”1 Among other things, the Commission is to provide “an analysis of the most effective and efficient mechanism for ensuring broadband access by all people of the United States”2 and “a detailed strategy for achieving affordability of such service and maximum utilization of broadband infrastructure and service by the public.”
In other words, they are looking to take your "no broadband available" location and make it a "broadband available" location. At the same time, they are looking to make the transition as cost-effective as possible so they will run whatever wires it takes to give you broadband but at the same time they are looking to eliminate duplicate services (running a nationwide-to-every-American PSTN network *AND* a nationwide-to-every-American Broadband Internet connection). They may even be able to use your existing copper to give you a good Internet connection.
Needless to say, but I'll say it anyway, any conversion of your actual home telephone to VoIP would occur (if it ever did at all) well AFTER you had sufficient high-speed Internet to support it. The FCC isn't going to convert everyone to VoIP today, disconnect massive numbers of remote customers who lack broadband, then figure out how to connect to all the outlying areas later.
In fact, I imagine a lot of what they are going to do is sponsor/mandate DSL implementations, including some sort of repeater technology to break the "local loop distance" barrier and give every American household that has a POTS phone line today access to DSL tomorrow.
There's a very good chance your existing telco will still be allowed to use the voice portion of your copper to send you POTS telephone service just like you are used to today, though many of them will probably want to become pure-play Internet/DSL providers and give you a VoIP box for your phone (but most will probably make that an Analog adapter so you can still use your existing phone) - that way they can use the entire available frequency band on your copper wires to give you the best Internet speed possible, rather than having to have data in one set of frequencies and voice in another. It also greatly simplifies the gear they have to maintain.
Right, and the level of control the user has over their computer is inversely proportional to the security imposed by an external force (assuming that source can be trusted). Sorry if my original statement made that sound completely black and white.
Your iPhone example is an excellent one.
So you have people jailbreaking iPhones so they could do things that Steve said "no" to, then they are complaining when they get hacked.
They had a reasonably secure, if overly controlling, overlord looking out for them. Jailbreakers decided they wanted to go out into the big wide world, and got run over by a bus because Nanny Steve wasn't there to hold their hand and remind them to look both ways.:)
They gained control, and lost security.
Windows XP made the security model almost absolutely black and white. You ran as Admin and could install software (and, sadly, in a lot of cases could RUN software), or you ran as Limited User and couldn't do either. So the default was Admin. People who wanted more security created LUser accounts and suffered big hassles (not Microsoft's fault, a lot of crappy software just assumed it had Admin rights because that was the default). Even those of us who really WANTED to run as LUser found it almost impossible to deal with on a regular basis.
Windows Vista and Seven have improved on this considerably. You run as a sorta-kinda Admin, but whenever you try to do Adminish sorts of things, the system asks you if this is really what you want to do. But you still have the freedom of absolute control over your software - albeit with a few annoying "are you sure" prompts.
But I don't think Microsoft (or the majority of their customers) are ready to go with an iPhone-style control of what is "approved" to run on Windows and what isn't, with all control going through Microsoft. In fact, I bet if they tried it the Slashdot community would only be the leading edge of the fecalstorm they'd find themselves in.
Linux lives in the middle ground between the "Gates of Chaos" and the "Job of Control". Most software is offered in repositories, and those are relatively controlled and secure. But any user can, at any time, install whatever they please.
No, I'm not saying that at all, though I can see how you might interpret it that way.
Let me attempt to be clearer.
The default install of any modern Linux distro includes access to a series of trusted repositories. Those repositories contain huge libraries of software that have been vetted out by the repository owners. It's also VERY easy to install software from those repositories. And I'd venture to guess that there is a solution for about 90% of the things that your average user would ever want to do sitting in the repository, generally a half-dozen solutions.
And, unlike the current mess in the commercial world where Acrobat, Flash, Google Earth, your video drivers, etc either have to have their own updaters or you have to remember to check for updates manually, ALL of your installed software is kept up to date constantly with the latest security patches using a central updater. It is possible to get bad software on those repositories, but it's a smaller risk than going to random websites and installing software one at a time. And it's very easy to keep all of your software at the latest, most secure versions.
If you want to add a repository to do something different, it's relatively trivial, but is an extra step. Once that additional repository is installed and trusted, any software installed from that repository is also updated as soon as the author comes out with a new update. It is possible to find and add bad repositories, but again it's harder than installing one-offs.
If you want to install something outside the repository, that's where things get risky, but it's also where things get more complicated. It's harder to do, usually requires some command-line work, and the user has to make sure to keep it up to date themselves.
The advantage of a repository model is that the user's default behavior (and the easiest way to do things) is directed toward the safest method for installing.
As the users become smart enough to handle installing software manually, they'll also have a better chance of understanding what they are doing.
Obviously, it's not a perfect solution. It's a significant iteration toward security, not a total guarantee of security.
The problem with systems (such as Windows) that do not have a good central repository is that users will immediately start searching the Internet at random for their software. Once installed, most of that software (assuming it's not malware) either bogs down the system with its own updater or gets hopelessly out of date and never gets patches to fix any security holes in it.
There used to be "tune-up" software available for Windows that would go out and get the versions of all of the software installed on your machine, then check them against an internal database of the latest versions of all the software it knew about. It didn't handle any of the installs, but at least it could tell you about it.
Ford successfully uses it every time one of their products runs over a pedestrian. The steering wheel does exactly what it says. Turn the wheel left, the car moves to the left. Turn the wheel right, the car moves to the right. Unless you can prove that the steering wheel did something that the user did not ask it to do, and that the problem was a design defect, Ford can express their sympathies to the bereaved family in a totally non-liable way. Meanwhile, guilt is worked out between the pedestrian and the driver of the vehicle, usually with a strong bias toward the driver.
Windows, starting with Vista, does exactly what it says in the UAC warning popup. Click "Yes, please install fluffybunnies.exe", it installs fluffybunnies.exe. If fluffybunnies then moves on to get access to a protected driver, UAC asks again. And if you click "yes" again, it'll do precisely what you are telling it to do. The operating system has no way of knowing that messing with the core system registry is a bad thing under specific circumstances. If you've answered "yes, this software should have access to the core system registry." the OS has to assume that it's OK, because you've told it to. After all, you could be installing a system tool or an antivirus scanner, which can be as invasive as the worst malware but the invasion is generally beneficial rather than harmful. If your Antivirus scanner doesn't recognize the malware, Windows certainly can't.
Plus, I've never heard of anyone who has come down with asbestosis, black lung, severed digits, cancer, or death due to negative impact on a computer system caused by malware. If you've got a decent backup regimen, at worst they'd owe you a reinstall which you can already do with your recovery disk. It'd hardly be worth a court case, and would be handled under small claims court.
My kingdom for a massive amount of moderator points.
Of course, with most of the software I fixed it years ago. I put it in the trash. Not the electronic kind like Windows has. The round metal kind that sends the offending crapheap software to someplace where the disks hopefully die a slow, horrible death.
For the rest, there's always "Run As..." which is a pain in the arse but marginally better than ALWAYS allowing everything Admin access.
True. There are some other factors at work, though, in the security end of Linux.
Most (not all, but most) Linux users install software pretty much exclusively through a series of trusted repositories. In order to get someone to install malware, you have to either invade the repository, or convince a user to point to a bad repository, or have them install software manually (the latter is generally not something you'll get an inexperienced user to do).
There are at least two major advantages to that type of setup:
1. Security patches for each and every bit of installed software can be deployed and installed by end users easily and quickly (think "Windows Update" except it covers everything in your system). Since this is a central updating system, the system can scan ALL of your software frequently and look for updates. So a vulnerability, once fixed, can simply be published out to your favorite repository and the updater will catch it within a day or so, or faster (Linux Mint by default checks for updates every five minutes, which I think is a little too aggressive).
2. All the software available to the user has been vetted by someone that the repository trusts, and the user of that system can easily be convinced only to load software from a trusted repository by simply virtue of the fact that it's harder to do it any other way, and there's LOTS of software out in repositories to choose from. If I want a pair of eyeballs that follows my mouse cursor, I can find it out in the repository, and I'm relatively certain it's free of malware because I didn't go to a random website and download the first one I saw. It's like having a free IT department protect Aunt Edna's machine from harmful software by only offering her stuff that's been reviewed by the repository owner to be OK.
Now, having said that, repositories can be hacked, and buggy software can and does get into repositories. But it's another (and an important) layer of defense. And most major Linux distros have a huge vested interest in keeping malware out of their repositories.
As long as the person using it understands what a program should have access to and is capable of making an informed decision that "dancing fluffy bunnies" should not have access to the Master Boot Record or the/windows/system32/etc folder. As opposed to, say, a system management tool that should.
If you allow "my computer is an appliance" users to install software, then malware writers will be out there offering up useful-looking applications that are full of malware. What's an OS writer to do? In XP, Windows made the huge mistake to keep the average user running as Administrator, which was admittedly a huge error. They've seen the error of their ways, and tried to fix it in Vista and Se7en. With UAC, the USERS are STILL ASKING for this software to be installed, then people get upset when, lo and behold, it does get installed.
Case in point: Someone from a neighboring cube stopped by my desk not 15 minutes ago, asking about a "red shield screen" that came up and told her, out of the blue, that she had all these virus infestations that she could "pay $50 now and clean up immediately". She's clever enough to know that (a) she's already got a virus scanner installed, and (b) it's not called "Red Shield" and (c) she never asked "Red Shield" to look for viruses which raised suspicion as to where it came from. So she turned the computer off immediately and asked me about it today. In all seriousness, that likely puts her in the top thirty percent of computer users in terms of security awareness and savvy. Maybe better.
We can design the software to be as secure as we want. We can allow an untrained user to install software. PICK ONE.
I see where you were going with it, but I disagree. Having hundreds of.conf files scattered randomly about *my home directory* in Ubuntu/Mint beats the registry all hollow. Mostly because most Linux software is following relatively clear standards as to the location (if not format) of their configuration files. Functionally, having those configuration files as part of my/home, and not as part of the core system, works extremely well.
1. Core system functions are handled by configuration files stored in areas that are read-only to the user and require root/Admin/SuperUser access to change. In general, I neither know nor care where the config file is located nor what it's named, because I have GUIs to do all the configuration updates. I find myself running vi to edit a config file less often than I run regedit to edit the Windows registry.
2. Settings specific to me as a user are all contained within my/home directory, where I can see and control them. And if a certain piece of software starts acting erratically or I want to punch the "reset" button on it, I find its settings folder (usually a dot followed by the name of the application) and blow it away or rename it, then restart the application. This is as opposed to settings for the software stored in all manner of places within the Registry where I have to search for them.
3. Expaning on #2 - the REAL reason why I love the.conf file approach as implemented in Linux. I can reinstall a totally new version (or even a totally new distro) of Linux on my machine while leaving my/home directory alone, and when I boot to the new operating system everything is configured exactly the way it was before the reload. When I install Firefox, all my Firefox settings just load exactly like they were before the reload. And the same is true of every other piece of Linux software I've encountered. Reloads are just a complete no-brainer.
I can see the rationale behind a centralized configuration system, but there are both benefits and costs to having that centralization. And, frankly, with what I've seen the costs appear to outweigh the benefits, at least for me. And I use Windows XP every day, and still like it.
And my automobile (sorry, obligatory automotive analogy) has a steering wheel that allows me to turn the car toward pedestrians and kill people. This happens far more frequently, and has been happening since before the computer was even invented.
The PC was invented because people wanted to have a computer under their control that they could load anything they wanted to. Trick someone into thinking that the cute little fluffy sheep walking around on their screen is something they want, and they'll install it, and they'll answer the "Do you want this program to have access to core system functions?" and they'll have no clue what a core is except they don't own an Apple, and they'll say "sure, whatever it takes to just stop bothering the piss out of me and show me the fuzzy sheep".
The only way to really solve the problem is to prevent the computer from executing anything until it's been signed by a local administrator. And then the average "computer is appliance" user is going to click the "allow everything forever" button because they just want the poppy things to get out of the way of loading their new fancy cursor or BonziBuddy.
The user can control the computer, or they can't. If you give them control, they can and frequently will load things that will cause problems. If you don't give them control, they'll take it back to Wal-Mart because it can't do what they bought it for.
I intend no insult to inexperienced users here. It would be nice if computers were designed to slowly unlock functions as people get more experienced and knowledgeable with the operating system, but that just ain't gonna happen. Like ladders, chainsaws, hammers, and lathes - there's only so much safety you can design into something and still allow someone to get the work done they want with it.
It hasn't been around as long as some of the other religions, so its follower base is smaller, which somewhat limits the damage they can do?
The incredible amount of obvious attempts at secrecy and loud legal threats keeps them in the spotlight, keeping all but the most gullible and weak-willed from being stupid enough to join up?
Is pumping boiling water through pipes the most efficient way to heat houses? Isn't there a pretty massive heat loss in the pipes?
Having said that, if they are already using this system for heat, the introduction of waste heat from a datacenter seems to make a lot of sense. Acts as a heat sink for the data center, reduces the amount of energy needed to heat the water.
Well, true, but I assume the BsoDSP is like the BSOD - the network card isn't operating any more, and therefore by definition the computer is not connected to the Internet.
However, if this leaves the machine running in the background AFTER login, then reverse that, "Microsoft finds a way to make an Operating System ONLY accessible to hackers!"
If that's the case, we can pretty much call this Windows 7 Service pack ME.
I think the term probably comes from flowchart standards, where the Internet (and some other large networks) are represented by a large cloud shape. Someone with a serious case of mahogany fume poisoning needed the whole "Internet" thing dumbed down to where they could pronounce it, and someone billing them thousands an hour increased their chances of retaining billable hours by calling it what it looked like on the pretty picture.
A cloud. A fluffy, happy cloud, where nothing could go wrong and it was all sunsets and rainbows and fluffy bunnies and worth lots of money.
And the mahogany-poisoned executive felt smarter and kept them around because he liked the feel smarter thing and wanted more. When he got bored of "Cloud", the consultant started throwing out other nonsense phrases that made him smile again, like "Web 2.0".
If only the consultant could carve a mobile out of mahogany.
The headline should read "Microsoft finds way to make an Operating System 100% secure".
Once the Black (screen of) Death Security Pack is installed, the computer locks up after login, meaning the user will not be able to surf to dangerous pages, will not be the victim of even the most clever social engineering hacks, and best of all won't see any spam any more, ever.
Users protected by the BsoDSP can feel free to emerge from their basements and experience RealWorld 1.0. It's like a MMORPG, but with real sex.
When you have a company with a sum total of about 120 employees, and your former IT guy was the company controller who was the most comfy with a wire crimper, one IT guy has to be enough.:)
With all respect, "Fair" has nothing to do with it. He's offering a legal service to a customer at an agreed-upon price, and there was (at worst) a misunderstanding about what services were included. If he asks for more money for the disputed services, fine, he can ask. The employer can pay it if they feel it's affordable or if his skills are truly irreplaceable (which I would question since he did get laid off). They can also terminate the contract and stop paying him, or insist that the contract is valid at which point he can terminate it (quit).
I have to imagine that if I walked in to any shop, off the street, and said I could offer legal on-call services for free if they hired me for a 40-hour-a-week contract, and the business agreed to it, I'd assume that we'd have a legal and valid contract. I could throw in anything legal I wanted to in order to secure that contract.
If I went back to that customer three weeks later and told them that it was patently unfair that they weren't paying me overtime for off-hours calls, I suspect I'd know what the response would be. Either they'd hold me to my contract or they'd consider it a breach of contract and the contract would be null and void.
However, this thread has been a learning experience. Turning a former employee into an independent contractor sounds like a deal fraught with peril, since it introduces some interesting issues. That is assuming some of the concepts mentioned on this thread such as conversion are true.
I think if I were the employer and I saw this, and if the concepts were real, I'd go back to the table with all the people I retained as contractors, retroactively rehire them and pay back benefits and taxes, lay them off with whatever severance package I had going at the time, then never let them in the building again (even if they approached me, or if they were hired to fulfill a short-term contract through a contracting firm) unless I could justify rehiring them full time.
And suing the former employer / current customer is certainly well within his rights. If he wishes to take that risk, I wish him luck.
I'm not aware of any labor practices involving specific pay for being on call, though I've never been an employer and I'm certainly not a lawyer, much less one practicing in labor law.'
If the employer is:
- Asking him to work a sum total of 40 hours per week.
- Stating that paid overtime is not available under any circumstances.
- Paying him for those 40 hours.
- Stating that "other duties as assigned" includes carrying a pager.
- Counting all hours spent actually working as working time (so if he gets a one-hour call at 3AM, he gets to count that hour as part of his 40)... then I don't see an abusive practice.
But I honestly don't know whether asking someone to be on call 24/7 with no compensation for non-working on-call time is considered "abusive" under today's labor laws. If it is, then clearly he's being abused.
Of course, then that employer is going to be smarter next time and not accept any of their former employees as a contractor under any circumstances, ever. They'll just outsource it to India. It's safer that way.
He's an independent contractor. He doesn't have an employer, he has a customer. He doesn't have to do anything he's not paid for. He doesn't have to do anything he doesn't feel like doing. On the other hand, his customer doesn't have to pay him for anything not in the contract, and they don't have to keep him as a vendor.
I get the pretty distinct impression that he agreed to a an hourly paycheck based on doing the exact same job he did before, which job had formerly included on-call duties. Not being privy to the actual conversation, it's hard to say for sure, but it sure sounds like the subject of compensation for non-working on-call time didn't come up at all.
If it's an expectation of his customer's that he provide that service as part of the contract, and he decides that he doesn't want to, then he'll find himself with one fewer customer the first time he decides not to answer the phone. And since his former employer is his ONLY customer...
Again, our newly fledged independent contractor has to decide whether the current terms are worthwhile. If not, then it's time to go back to the negotiation table. The result of renegotiation can be one of three possible outcomes:
1. Contractor gets pay increase or some other alternate compensation. 2. Contractor does not get pay increase but keeps contract. 3. Customer finds another contractor more willing to play ball. Contractor is looking for another job.
Being an independent contractor means you have to negotiate for terms of employment, pay your employment and income taxes, etc all on your own. A lot of full-time employees think of independents as making craploads of money and living the life of Riley, but in reality it's a profitable-but-risky proposition with absolutely zero job security, and there's a LOT of paperwork. If it works out and you can maintain a solid workload, it's extremely profitable, but work could dry up any time. That's part of what makes it profitable - you take the risk, you get paid more.
Most contractors I know (myself included back when I did it) work through a firm that takes care of the paperwork and taxes, assists you in finding the next gig, etc, and takes a reasonable cut of the take for their services. It doesn't guarantee work, but it means all the legal stuff is taken care of efficiently and correctly and you have more billable hours available to easily make up what you pay them.
Well, the "the exact same job as before, only paid by the hour instead of on salary, with no benefits" quote came directly from the original article. So that may well be true.
Slashdot Mirror
Paragraph 1 of the attached PDF:
In the American Recovery and Reinvestment Act of 2009 (“Recovery Act”), Congress directed
the Commission to create a national broadband plan by February 17, 2010, that seeks to “ensure that all
people of the United States have access to broadband capability and establish[es] benchmarks for
meeting that goal.”1 Among other things, the Commission is to provide “an analysis of the most effective
and efficient mechanism for ensuring broadband access by all people of the United States”2 and “a
detailed strategy for achieving affordability of such service and maximum utilization of broadband
infrastructure and service by the public.”
In other words, they are looking to take your "no broadband available" location and make it a "broadband available" location. At the same time, they are looking to make the transition as cost-effective as possible so they will run whatever wires it takes to give you broadband but at the same time they are looking to eliminate duplicate services (running a nationwide-to-every-American PSTN network *AND* a nationwide-to-every-American Broadband Internet connection). They may even be able to use your existing copper to give you a good Internet connection.
Needless to say, but I'll say it anyway, any conversion of your actual home telephone to VoIP would occur (if it ever did at all) well AFTER you had sufficient high-speed Internet to support it. The FCC isn't going to convert everyone to VoIP today, disconnect massive numbers of remote customers who lack broadband, then figure out how to connect to all the outlying areas later.
In fact, I imagine a lot of what they are going to do is sponsor/mandate DSL implementations, including some sort of repeater technology to break the "local loop distance" barrier and give every American household that has a POTS phone line today access to DSL tomorrow.
There's a very good chance your existing telco will still be allowed to use the voice portion of your copper to send you POTS telephone service just like you are used to today, though many of them will probably want to become pure-play Internet/DSL providers and give you a VoIP box for your phone (but most will probably make that an Analog adapter so you can still use your existing phone) - that way they can use the entire available frequency band on your copper wires to give you the best Internet speed possible, rather than having to have data in one set of frequencies and voice in another. It also greatly simplifies the gear they have to maintain.
The server manager will upload a new hack that prevents wallhacking. In the mean time, keep voting the cheaters off the CS server.
Oh, wait, this is real life?
Right, and the level of control the user has over their computer is inversely proportional to the security imposed by an external force (assuming that source can be trusted). Sorry if my original statement made that sound completely black and white.
Your iPhone example is an excellent one.
So you have people jailbreaking iPhones so they could do things that Steve said "no" to, then they are complaining when they get hacked.
They had a reasonably secure, if overly controlling, overlord looking out for them. Jailbreakers decided they wanted to go out into the big wide world, and got run over by a bus because Nanny Steve wasn't there to hold their hand and remind them to look both ways. :)
They gained control, and lost security.
Windows XP made the security model almost absolutely black and white. You ran as Admin and could install software (and, sadly, in a lot of cases could RUN software), or you ran as Limited User and couldn't do either. So the default was Admin. People who wanted more security created LUser accounts and suffered big hassles (not Microsoft's fault, a lot of crappy software just assumed it had Admin rights because that was the default). Even those of us who really WANTED to run as LUser found it almost impossible to deal with on a regular basis.
Windows Vista and Seven have improved on this considerably. You run as a sorta-kinda Admin, but whenever you try to do Adminish sorts of things, the system asks you if this is really what you want to do. But you still have the freedom of absolute control over your software - albeit with a few annoying "are you sure" prompts.
But I don't think Microsoft (or the majority of their customers) are ready to go with an iPhone-style control of what is "approved" to run on Windows and what isn't, with all control going through Microsoft. In fact, I bet if they tried it the Slashdot community would only be the leading edge of the fecalstorm they'd find themselves in.
Linux lives in the middle ground between the "Gates of Chaos" and the "Job of Control". Most software is offered in repositories, and those are relatively controlled and secure. But any user can, at any time, install whatever they please.
No, I'm not saying that at all, though I can see how you might interpret it that way.
Let me attempt to be clearer.
The default install of any modern Linux distro includes access to a series of trusted repositories. Those repositories contain huge libraries of software that have been vetted out by the repository owners. It's also VERY easy to install software from those repositories. And I'd venture to guess that there is a solution for about 90% of the things that your average user would ever want to do sitting in the repository, generally a half-dozen solutions.
And, unlike the current mess in the commercial world where Acrobat, Flash, Google Earth, your video drivers, etc either have to have their own updaters or you have to remember to check for updates manually, ALL of your installed software is kept up to date constantly with the latest security patches using a central updater. It is possible to get bad software on those repositories, but it's a smaller risk than going to random websites and installing software one at a time. And it's very easy to keep all of your software at the latest, most secure versions.
If you want to add a repository to do something different, it's relatively trivial, but is an extra step. Once that additional repository is installed and trusted, any software installed from that repository is also updated as soon as the author comes out with a new update. It is possible to find and add bad repositories, but again it's harder than installing one-offs.
If you want to install something outside the repository, that's where things get risky, but it's also where things get more complicated. It's harder to do, usually requires some command-line work, and the user has to make sure to keep it up to date themselves.
The advantage of a repository model is that the user's default behavior (and the easiest way to do things) is directed toward the safest method for installing.
As the users become smart enough to handle installing software manually, they'll also have a better chance of understanding what they are doing.
Obviously, it's not a perfect solution. It's a significant iteration toward security, not a total guarantee of security.
The problem with systems (such as Windows) that do not have a good central repository is that users will immediately start searching the Internet at random for their software. Once installed, most of that software (assuming it's not malware) either bogs down the system with its own updater or gets hopelessly out of date and never gets patches to fix any security holes in it.
There used to be "tune-up" software available for Windows that would go out and get the versions of all of the software installed on your machine, then check them against an internal database of the latest versions of all the software it knew about. It didn't handle any of the installs, but at least it could tell you about it.
Ford successfully uses it every time one of their products runs over a pedestrian. The steering wheel does exactly what it says. Turn the wheel left, the car moves to the left. Turn the wheel right, the car moves to the right. Unless you can prove that the steering wheel did something that the user did not ask it to do, and that the problem was a design defect, Ford can express their sympathies to the bereaved family in a totally non-liable way. Meanwhile, guilt is worked out between the pedestrian and the driver of the vehicle, usually with a strong bias toward the driver.
Windows, starting with Vista, does exactly what it says in the UAC warning popup. Click "Yes, please install fluffybunnies.exe", it installs fluffybunnies.exe. If fluffybunnies then moves on to get access to a protected driver, UAC asks again. And if you click "yes" again, it'll do precisely what you are telling it to do. The operating system has no way of knowing that messing with the core system registry is a bad thing under specific circumstances. If you've answered "yes, this software should have access to the core system registry." the OS has to assume that it's OK, because you've told it to. After all, you could be installing a system tool or an antivirus scanner, which can be as invasive as the worst malware but the invasion is generally beneficial rather than harmful. If your Antivirus scanner doesn't recognize the malware, Windows certainly can't.
Plus, I've never heard of anyone who has come down with asbestosis, black lung, severed digits, cancer, or death due to negative impact on a computer system caused by malware. If you've got a decent backup regimen, at worst they'd owe you a reinstall which you can already do with your recovery disk. It'd hardly be worth a court case, and would be handled under small claims court.
* Windows has determined that
someone is attempting to type
using the keyboard.
[Allow] [Deny]
**** ERROR: Mouse Movement Detected. Press [A] to Allow, [D] to deny ****
(user tries to press "A")
* Windows has determined that
someone is attempting to type
using the keyboard.
[Allow] [Deny]
Lather, rinse, repeat...
My kingdom for a massive amount of moderator points.
Of course, with most of the software I fixed it years ago. I put it in the trash. Not the electronic kind like Windows has. The round metal kind that sends the offending crapheap software to someplace where the disks hopefully die a slow, horrible death.
For the rest, there's always "Run As..." which is a pain in the arse but marginally better than ALWAYS allowing everything Admin access.
In 2017 Russia, all knowledge comes to you!
True. There are some other factors at work, though, in the security end of Linux.
Most (not all, but most) Linux users install software pretty much exclusively through a series of trusted repositories. In order to get someone to install malware, you have to either invade the repository, or convince a user to point to a bad repository, or have them install software manually (the latter is generally not something you'll get an inexperienced user to do).
There are at least two major advantages to that type of setup:
1. Security patches for each and every bit of installed software can be deployed and installed by end users easily and quickly (think "Windows Update" except it covers everything in your system). Since this is a central updating system, the system can scan ALL of your software frequently and look for updates. So a vulnerability, once fixed, can simply be published out to your favorite repository and the updater will catch it within a day or so, or faster (Linux Mint by default checks for updates every five minutes, which I think is a little too aggressive).
2. All the software available to the user has been vetted by someone that the repository trusts, and the user of that system can easily be convinced only to load software from a trusted repository by simply virtue of the fact that it's harder to do it any other way, and there's LOTS of software out in repositories to choose from. If I want a pair of eyeballs that follows my mouse cursor, I can find it out in the repository, and I'm relatively certain it's free of malware because I didn't go to a random website and download the first one I saw. It's like having a free IT department protect Aunt Edna's machine from harmful software by only offering her stuff that's been reviewed by the repository owner to be OK.
Now, having said that, repositories can be hacked, and buggy software can and does get into repositories. But it's another (and an important) layer of defense. And most major Linux distros have a huge vested interest in keeping malware out of their repositories.
As long as the person using it understands what a program should have access to and is capable of making an informed decision that "dancing fluffy bunnies" should not have access to the Master Boot Record or the /windows/system32/etc folder. As opposed to, say, a system management tool that should.
If you allow "my computer is an appliance" users to install software, then malware writers will be out there offering up useful-looking applications that are full of malware. What's an OS writer to do? In XP, Windows made the huge mistake to keep the average user running as Administrator, which was admittedly a huge error. They've seen the error of their ways, and tried to fix it in Vista and Se7en. With UAC, the USERS are STILL ASKING for this software to be installed, then people get upset when, lo and behold, it does get installed.
Case in point: Someone from a neighboring cube stopped by my desk not 15 minutes ago, asking about a "red shield screen" that came up and told her, out of the blue, that she had all these virus infestations that she could "pay $50 now and clean up immediately". She's clever enough to know that (a) she's already got a virus scanner installed, and (b) it's not called "Red Shield" and (c) she never asked "Red Shield" to look for viruses which raised suspicion as to where it came from. So she turned the computer off immediately and asked me about it today. In all seriousness, that likely puts her in the top thirty percent of computer users in terms of security awareness and savvy. Maybe better.
We can design the software to be as secure as we want. We can allow an untrained user to install software. PICK ONE.
I see where you were going with it, but I disagree. Having hundreds of .conf files scattered randomly about *my home directory* in Ubuntu/Mint beats the registry all hollow. Mostly because most Linux software is following relatively clear standards as to the location (if not format) of their configuration files. Functionally, having those configuration files as part of my /home, and not as part of the core system, works extremely well.
1. Core system functions are handled by configuration files stored in areas that are read-only to the user and require root/Admin/SuperUser access to change. In general, I neither know nor care where the config file is located nor what it's named, because I have GUIs to do all the configuration updates. I find myself running vi to edit a config file less often than I run regedit to edit the Windows registry.
2. Settings specific to me as a user are all contained within my /home directory, where I can see and control them. And if a certain piece of software starts acting erratically or I want to punch the "reset" button on it, I find its settings folder (usually a dot followed by the name of the application) and blow it away or rename it, then restart the application. This is as opposed to settings for the software stored in all manner of places within the Registry where I have to search for them.
3. Expaning on #2 - the REAL reason why I love the .conf file approach as implemented in Linux. I can reinstall a totally new version (or even a totally new distro) of Linux on my machine while leaving my /home directory alone, and when I boot to the new operating system everything is configured exactly the way it was before the reload. When I install Firefox, all my Firefox settings just load exactly like they were before the reload. And the same is true of every other piece of Linux software I've encountered. Reloads are just a complete no-brainer.
I can see the rationale behind a centralized configuration system, but there are both benefits and costs to having that centralization. And, frankly, with what I've seen the costs appear to outweigh the benefits, at least for me. And I use Windows XP every day, and still like it.
And my automobile (sorry, obligatory automotive analogy) has a steering wheel that allows me to turn the car toward pedestrians and kill people. This happens far more frequently, and has been happening since before the computer was even invented.
The PC was invented because people wanted to have a computer under their control that they could load anything they wanted to. Trick someone into thinking that the cute little fluffy sheep walking around on their screen is something they want, and they'll install it, and they'll answer the "Do you want this program to have access to core system functions?" and they'll have no clue what a core is except they don't own an Apple, and they'll say "sure, whatever it takes to just stop bothering the piss out of me and show me the fuzzy sheep".
The only way to really solve the problem is to prevent the computer from executing anything until it's been signed by a local administrator. And then the average "computer is appliance" user is going to click the "allow everything forever" button because they just want the poppy things to get out of the way of loading their new fancy cursor or BonziBuddy.
The user can control the computer, or they can't. If you give them control, they can and frequently will load things that will cause problems. If you don't give them control, they'll take it back to Wal-Mart because it can't do what they bought it for.
I intend no insult to inexperienced users here. It would be nice if computers were designed to slowly unlock functions as people get more experienced and knowledgeable with the operating system, but that just ain't gonna happen. Like ladders, chainsaws, hammers, and lathes - there's only so much safety you can design into something and still allow someone to get the work done they want with it.
And here I was thinking that a post could never be simultaneously Flamebait, Insightful, AND Funny at the same time. Bravo, sir!
It hasn't been around as long as some of the other religions, so its follower base is smaller, which somewhat limits the damage they can do?
The incredible amount of obvious attempts at secrecy and loud legal threats keeps them in the spotlight, keeping all but the most gullible and weak-willed from being stupid enough to join up?
Sorry, that's all I've got.
"Charged" as in "Charged with a crime"
Is pumping boiling water through pipes the most efficient way to heat houses? Isn't there a pretty massive heat loss in the pipes?
Having said that, if they are already using this system for heat, the introduction of waste heat from a datacenter seems to make a lot of sense. Acts as a heat sink for the data center, reduces the amount of energy needed to heat the water.
Well, true, but I assume the BsoDSP is like the BSOD - the network card isn't operating any more, and therefore by definition the computer is not connected to the Internet.
However, if this leaves the machine running in the background AFTER login, then reverse that, "Microsoft finds a way to make an Operating System ONLY accessible to hackers!"
If that's the case, we can pretty much call this Windows 7 Service pack ME.
Leaving all my email on my Gmail account makes me fringe a bit.
Yes, it is a real tassle.
I think the term probably comes from flowchart standards, where the Internet (and some other large networks) are represented by a large cloud shape. Someone with a serious case of mahogany fume poisoning needed the whole "Internet" thing dumbed down to where they could pronounce it, and someone billing them thousands an hour increased their chances of retaining billable hours by calling it what it looked like on the pretty picture.
A cloud. A fluffy, happy cloud, where nothing could go wrong and it was all sunsets and rainbows and fluffy bunnies and worth lots of money.
And the mahogany-poisoned executive felt smarter and kept them around because he liked the feel smarter thing and wanted more. When he got bored of "Cloud", the consultant started throwing out other nonsense phrases that made him smile again, like "Web 2.0".
If only the consultant could carve a mobile out of mahogany.
The headline should read "Microsoft finds way to make an Operating System 100% secure".
Once the Black (screen of) Death Security Pack is installed, the computer locks up after login, meaning the user will not be able to surf to dangerous pages, will not be the victim of even the most clever social engineering hacks, and best of all won't see any spam any more, ever.
Users protected by the BsoDSP can feel free to emerge from their basements and experience RealWorld 1.0. It's like a MMORPG, but with real sex.
When you have a company with a sum total of about 120 employees, and your former IT guy was the company controller who was the most comfy with a wire crimper, one IT guy has to be enough. :)
With all respect, "Fair" has nothing to do with it. He's offering a legal service to a customer at an agreed-upon price, and there was (at worst) a misunderstanding about what services were included. If he asks for more money for the disputed services, fine, he can ask. The employer can pay it if they feel it's affordable or if his skills are truly irreplaceable (which I would question since he did get laid off). They can also terminate the contract and stop paying him, or insist that the contract is valid at which point he can terminate it (quit).
I have to imagine that if I walked in to any shop, off the street, and said I could offer legal on-call services for free if they hired me for a 40-hour-a-week contract, and the business agreed to it, I'd assume that we'd have a legal and valid contract. I could throw in anything legal I wanted to in order to secure that contract.
If I went back to that customer three weeks later and told them that it was patently unfair that they weren't paying me overtime for off-hours calls, I suspect I'd know what the response would be. Either they'd hold me to my contract or they'd consider it a breach of contract and the contract would be null and void.
However, this thread has been a learning experience. Turning a former employee into an independent contractor sounds like a deal fraught with peril, since it introduces some interesting issues. That is assuming some of the concepts mentioned on this thread such as conversion are true.
I think if I were the employer and I saw this, and if the concepts were real, I'd go back to the table with all the people I retained as contractors, retroactively rehire them and pay back benefits and taxes, lay them off with whatever severance package I had going at the time, then never let them in the building again (even if they approached me, or if they were hired to fulfill a short-term contract through a contracting firm) unless I could justify rehiring them full time.
And suing the former employer / current customer is certainly well within his rights. If he wishes to take that risk, I wish him luck.
I'm not aware of any labor practices involving specific pay for being on call, though I've never been an employer and I'm certainly not a lawyer, much less one practicing in labor law.'
If the employer is:
- Asking him to work a sum total of 40 hours per week. .. then I don't see an abusive practice.
- Stating that paid overtime is not available under any circumstances.
- Paying him for those 40 hours.
- Stating that "other duties as assigned" includes carrying a pager.
- Counting all hours spent actually working as working time (so if he gets a one-hour call at 3AM, he gets to count that hour as part of his 40).
But I honestly don't know whether asking someone to be on call 24/7 with no compensation for non-working on-call time is considered "abusive" under today's labor laws. If it is, then clearly he's being abused.
Of course, then that employer is going to be smarter next time and not accept any of their former employees as a contractor under any circumstances, ever. They'll just outsource it to India. It's safer that way.
Agreed. He actually doesn't "have" to provide it.
He's an independent contractor. He doesn't have an employer, he has a customer. He doesn't have to do anything he's not paid for. He doesn't have to do anything he doesn't feel like doing. On the other hand, his customer doesn't have to pay him for anything not in the contract, and they don't have to keep him as a vendor.
I get the pretty distinct impression that he agreed to a an hourly paycheck based on doing the exact same job he did before, which job had formerly included on-call duties. Not being privy to the actual conversation, it's hard to say for sure, but it sure sounds like the subject of compensation for non-working on-call time didn't come up at all.
If it's an expectation of his customer's that he provide that service as part of the contract, and he decides that he doesn't want to, then he'll find himself with one fewer customer the first time he decides not to answer the phone. And since his former employer is his ONLY customer...
Again, our newly fledged independent contractor has to decide whether the current terms are worthwhile. If not, then it's time to go back to the negotiation table. The result of renegotiation can be one of three possible outcomes:
1. Contractor gets pay increase or some other alternate compensation.
2. Contractor does not get pay increase but keeps contract.
3. Customer finds another contractor more willing to play ball. Contractor is looking for another job.
Being an independent contractor means you have to negotiate for terms of employment, pay your employment and income taxes, etc all on your own. A lot of full-time employees think of independents as making craploads of money and living the life of Riley, but in reality it's a profitable-but-risky proposition with absolutely zero job security, and there's a LOT of paperwork. If it works out and you can maintain a solid workload, it's extremely profitable, but work could dry up any time. That's part of what makes it profitable - you take the risk, you get paid more.
Most contractors I know (myself included back when I did it) work through a firm that takes care of the paperwork and taxes, assists you in finding the next gig, etc, and takes a reasonable cut of the take for their services. It doesn't guarantee work, but it means all the legal stuff is taken care of efficiently and correctly and you have more billable hours available to easily make up what you pay them.
Well, the "the exact same job as before, only paid by the hour instead of on salary, with no benefits" quote came directly from the original article. So that may well be true.