Slashdot Mirror


User: Skapare

Skapare's activity in the archive.

Stories
0
Comments
6,883
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,883

  1. Your design methods are outdated on Long Term Effects of Outsourcing · · Score: 1

    If you think that software development involves first coming up with a design that will remain absolutely static once things move into the programming stage, then you need to find a time machine and transport yourself back to the 1970's.

  2. Re:Outsourcing = Capitalism on Long Term Effects of Outsourcing · · Score: 1

    You'd whine too, if in order to compete, you had to take less pay in (e.g. what they make in Bangalore) than what your rent (here) is. Of course if everything cost 1/10 as much, I'd be happy with 1/10 the pay. In India, not everything is 1/10 as much, but some things like rent are still dirt cheap, even for a nice modern 2 bedroom apartment (which a friend of mine in Mumbai has for the equivalent of $80 a month ... and she shares that with another girl).

  3. Re:Outsourcing Solution Here on Long Term Effects of Outsourcing · · Score: 1

    Maybe you should read the article. While he didn't hire them at $80K, he did hire them at $45K. That might not be a great level of pay in a city like Boston, but it can pay the rent and place food on the table while still letting you keep a dialup internet account going. It won't be a luxury apartment and it won't be the finest dining, but at least you can still read Slashdot every day with a warm pizza, a cold beer, and no snow on your head.

  4. Re:At some point.... on Long Term Effects of Outsourcing · · Score: 1

    What India is currently doing is making promises (and they might well deliver on those promises) to place some of the outsourcing work they get in Pakistan. Pakistan has so far been getting shafted by the boom in Bangalore and a few other places. It wouldn't surprise me if in a couple years we see a branch of IIT open up in Karachi or Lahore. Once Pakistan shares in the boom, they will be less likely to upset things with nuke threats.

  5. Re:But... on Long Term Effects of Outsourcing · · Score: 1
    The trend we're seeing is people who are just looking at the their numbers, ...

    The trend we're seeing is driven by venture capitalists and institutional investors.

    Oh wait, that's the same thing.

  6. Banks are NOT the IT innovators on Long Term Effects of Outsourcing · · Score: 1

    You could certainly find a few exceptions, but in general, conservative institutions like banks are consumers of the IT innovations created by others; they are not the creators of such innovation. Their role as consumers can certainly create the demand for innovation. Those that make the decision sooner could lead their market with that, but they get it by partnering with their IT provider, rather than trying to create it in-house. Larger banks have the capacity to innovate, but they also tend to be the first ones to call up the big companies like IBM Global Services or other outsourcers to do it all for them. Smaller banks just don't have the capacity to even hope to try.

    If you work on such a project, you most likely are working third party (e.g. a non-career oriented short-term job, which used to pay a lot until the job got exported to India where someone gets paid to do it for less than your rent) for some faceless company that doesn't care about your, and most certainly doesn't give you an opportunity to become a part of the innovative aspect of the project. It is "commodity innovation", which means it's not innovation in any technical sense, but it probably makes some CEO say "gee whiz".

  7. Re:I'm not sure this is a good idea... on What You Get When You Buy a Spam CD · · Score: 1

    If spammers read that article and cleaned out all the duplicate addresses, then maybe I wouldn't be getting duplicate spam anymore.

  8. Re:It would have been a success at 40GB on Eight Biggest Tech Flops Ever · · Score: 1

    SCO got the #1 position in my list.

  9. Re:It would have been a success at 40GB on Eight Biggest Tech Flops Ever · · Score: 1

    Microsoft only got #3 in my list.

  10. It would have been a success at 40GB on Eight Biggest Tech Flops Ever · · Score: 1

    If they had done it at 40GB, it would have been a success. Hell, even I might have reconsidered my boycott of Iomega and thought about maybe getting one at that size, at that time, at that price. But in reality, Iomega remains a company whose products are too small, too pricey, too late, and too unreliable. That and their business practices are just too shady. In my book they are the #2 scumbag company in the country.

  11. Re:Why bother with the computation? on Microsoft Researching Anti-Spam Technique · · Score: 1

    It means that a given source can send no more than 8000 emails, multiplied by how many different recipient addresses can be put on the same message (unless you do a sleep per recipient), multiplied by how many connections they can make to your address (up to however many you limit from one address). And that's just to you. They can spam everyone else in parallel if the sleep proposal is used.

    Mailing lists usually use normal mail servers. They can make lots of outbound connections in parallel. They won't be impacted by the 10 second sleep very much, and only in cases where a given domain has lots of subscribers (like maybe aol.com). Spammers won't be impacted at all.

    I believe the number of compromised Windows machines could be more like 25,000,000 when considering several viruses that have been going around. Your estimates might be low.

  12. Bzzzt ... wrong on Microsoft Researching Anti-Spam Technique · · Score: 1
    There is only 65000 ports per IP address, and each connection requires it's own port...

    Wrong. Each connection requires a totally unique combination of source host:port and destination host:port. It is perfectly valid to make a connection from the same source host and source port as long as the connections go to a different destination address or a different destination port. A spammer only needs to use a variety of different source ports and destination addresses to achieve a massive number of concurrent connections. They might only be able to make 65000+ connections to your IP address, but they can make 1000000+ to lots of different IP addresses. In reality spammers would be making those multitudes of concurrent connections only to large providers like AOL (which have their own means to deal with it). But they can still easily achieve the 1000000 connections mark and go well beyond it.

  13. Re:Why bother with the computation? on Microsoft Researching Anti-Spam Technique · · Score: 2, Interesting

    The idea is not to take longer sending one email. Spammers don't send spam one at a time and wait for the first one to be finished before sending the second one. The idea is to force the spammer to spend something, specifically in this case 10-20 seconds of CPU time, per message. If all you are doing is sleeping 10 seconds, the spammers can out multithread you and just wait, while making 10000 other SMTP connections in parallel doing the same thing. The rate of messages will ultimately be the same but it will just take 10 seconds longer for the rate to reach the peak. Imagine what work the spammer's spam engine is doing while 10000 victims are sleeping for 10 seconds ... nothing at all ... then as soon as those sleeps are done, the spam flows. The spammer just has to raise the number of concurrent connections that are done. RAM is cheap.

    Your proposal would affect how many spams you get from that one spammer, but not how much total the spammer can get through. If you get more than 8640 spams per day from the same one IP address, then your proposal will be effective. But many spammers have 1000 servers, and some have 1000000 or more cracked windows machines at their disposal. Even the crypto idea is weak against the latter situation.

  14. This is not effective since spammers run parallel on Microsoft Researching Anti-Spam Technique · · Score: 1

    This is not effective since spammers run parallel machines, processes, threads, or logical tasks to send out spam. A typical email might take 100 milliseconds to deliver without the delay. So you multiply the time by 100. Now the spammer that previously had 100 open SMTP connections has to now have 10000. That's not that hard to do, given that the traffic volume still remains the same, and RAM is cheap. I can get 1000 concurrent connections going out per process. I can run 1000 processes doing that. I could get 1000000 connections going. Yes, that would bog things down, but it would be possible to do on one machine. Many spammers have a thousands servers. Some have a million spam engines running all over the world on the ends of cable and DSL connections. They won't be affected by sleep(10) at all. In fact the latter group won't be affected much by the CPU requirement of the proposed crypto idea, either, given all those home computers spamming a little here, a little there, in parallel.

  15. Re:Redundant! Moderators, are you paying attention on Microsoft Researching Anti-Spam Technique · · Score: 1

    There are mailing lists with already confirmed subscribers, running from properly configured email servers, on safe networks that do not allow spammers. They should not be forced to deal with this idiocy. Most mail systems do not have these automatic whitelist tools in place, and it will be years before it can be universally deployed.

    The best answer is the one that will work in a mere months if everyone were to decide to do it. That is to blacklist, ban, deny, or whatever, the entire address space of any and every ISP that hosts major spammers. Even if only the top 40 such ISPs were treated this way, it would put a substantial damper on spam. Just give a few days advance notice what ISP is being banned, and legitimate users can flee to other providers if they care (and if they don't care, then why should I care about them).

  16. any force known to man on Company Offers Disaster-Proof Storage For Records · · Score: 1

    I know of these:

    1. asteroid collision
    2. material degradation with age
    3. staff corruption
  17. When becometh Friday the Thirteenth on Time's Up: 2^30 Seconds Since 1970 · · Score: 4, Informative

    Actually UNIX is really using an effective 31 bits because of the fact that it defaults to a signed quantity, and hence the highest order bit is really a sign bit. So when the clock finally increments 0x7FFFFFFF (19 January 2038 03:14:07) to 0x80000000 the time will wrap back to 2,147,483,648 seconds before 1970, e.g. instead of being Tuesday 19 January 2038 03:14:08, it suddenly becomes Friday the Thirteenth (specifically Friday 13 December 1901 20:45:52).

    Those systems that are using an unsigned 32 bit time value can go on until Sunday 7 February 2106 06:28:15.

    If we were to switch to 64 bits, we could use a resolution of nanoseconds with all that extra space and still represent time until Friday 11 April 2262 23:47:16.854775807 before the sign bit becomes an issue (and negative values can represent time back to Tuesday 21 September 1677 00:12:43.145224192).

  18. Put "was outsourced" as the reason for leaving ... on Replaced by Outsourcing -- What's a Geek to Do? · · Score: 1

    Put "was outsourced" as the reason for leaving on your resume and/or job applications. As long as they are not telling people you were considered a security risk, you should be OK (if you can find any work that hasn't moved to India). OTOH, if they are telling anyone you are a security risk, then you need to hire a lawyer fast.

  19. Re:Network Security Analyst - bad position on Replaced by Outsourcing -- What's a Geek to Do? · · Score: 1

    I've had that same experience myself. But that clearly indicates that security is not being considered properly by everyone involved. If you happen to be in a project like that, a good "risk exposure analysis" would be a good thing to have. But for manager types, it will need to be expressed in terms of dollars lost vs. saved.

  20. Re:Network Security Analyst - bad position on Replaced by Outsourcing -- What's a Geek to Do? · · Score: 1

    They very well could be. That's what the references probe would help find out. If the employer never reveals that information to anyone in any form, then it would not be defamation of character. The actual report, which is apparently unseen, might very well have just stated that a security risk exists when security is handled exclusively by a single person (which I might tend to agree with, too). OTOH, if they turn around and hire someone else for that position, that would change the picture of this.

  21. Re:Network Security Analyst - bad position on Replaced by Outsourcing -- What's a Geek to Do? · · Score: 1

    The lawyer might not actually do so; a private investigator can do it. Anyone "can" consider hiring the guy. Saying they are a company that they are not could be a bad thing, depending.

    As for the employer not providing information, you are correct that lots of them won't provide any but the basic facts (which makes references rather useless to the extent that is true). If you contact HR, that's almost surely what will happen. If you contact the direct report manager, you may get another story. Doing this can still indicate if the employer feels the fact of the report is something they can tell people asking for references. The big thing is, if they are saying "he was cited in a study as being a security risk so we had to let him go, even though he was performing his job very well", then what I would do is sue the company that made the report, not the employer (but they would be called to testify).

    And I do agree that a "one man security team" is not all that good for a financial institution (e.g. bank, investment firm, VC firm, etc). They may well be better off with the outsourced company from one perspective, as long as that company does what they are supposed to do.

  22. Network Security Analyst - bad position on Replaced by Outsourcing -- What's a Geek to Do? · · Score: 4, Insightful

    If all you did there was security, then you were in a bad position to begin with. Security should be a part of everything that is done, not handled simply by one person somewhere.

    Network engineer - The person or persons responsible for designing, managing, and maintaining the enterprise network should be the ones responsible for its security through all aspects of their work. Security has to be designed in to begin with, so that the network has the absolute minimum exposure and still provides a maximum ability for authorized staff to monitor and control it, while all other authorized staff can make full intended use of the network.

    Systems administrator - The person or persons responsible for selecting, installing, configuring, operating, and administering computer systems, both servers as well as workstations and desktops, should be the ones responsible for its security through all aspects of their work. Security has to be part of all the procedures so that the systems have the absolute minimum exposure while allowing authorized staff to perform the functions the systems are intended for.

    Programmer/analyst - The person or persons responsible for designing, programming, testing, and deploying new applications, or changes to existing applications, should be the ones responsible for its security through all aspects of their work. Security has to be designed into the way the application works, into its program code, properly and thoroughly tested, and then further verified once the application is up and running. And this has to be done while the application can still be fully used by all authorized staff, clients, customers, etc.

    Get the picture?

    Sorry to burst your bubble, but there should not be just one person who handles security. Depending on the nature of the business, one person might be the one who handles security coordination, but that isn't a techie/geek job; it should be more along the lines of an auditor who would be a paper pusher kind of person at businesses like banks and investment firms.

    As to your current situation I advise the following:

    Hire a lawyer. Have this lawyer contact the company pretending to be your new potential employer, and ask them for reference information about you. Actually do this twice (be sure completely different people call and pretend to be completely different companies). In one case your "new" position should basically be described as one similar to what you had at the company that outsourced you out. In the other case your "new" position should basically be central to your non-security skill set, such as a network administrator or network engineer (or whatever is appropriate for you). If they give you a good recommendation, then move on with your life and don't worry about it (just don't open your own personal accounts there, etc). However, if they give you a bad recommendation (such as "he was assessed to be a security risk") then discuss with your lawyer that situation and determine what can be done (you may have a case for a defamation lawsuit against either your employer or the outsourcing company).

    Be aware that most companies do tend to try to pretect themselves from lawsuits when giving references. They may very well not specify any problems. But that can also be interpreted by future employers as a problem, if they didn't give you a glowing recommendation. You'll have to determine how that will affect your career future.

    You might want to start your own small "security management and monitoring services company". There are lots of smaller businesses that will need this kind of service (whether they know that or not ... but that's a salesman's job to work on), but are too small to hire someone full time, and not big enough to hire the big security contracting firms. In a few years, as the big security firms expand to the smaller businesses (to keep up equity growth as their big business market saturates), they may come along and offer to buy up your business. If you play your cards right, you could end up being more "successful" than the managers of the financial institution that fired you.

  23. S877 on Congress Sends Anti-Spam Bill To White House · · Score: 2, Interesting

    "S877" goes into my blocking keyword list today

  24. Put 50 million on the list? on Congress Sends Anti-Spam Bill To White House · · Score: 1

    Put 50 million on the list? Why limit it to that? I already have several thousand I use. I could put those on there.

  25. Nothing we haven't seen before on McBride's New Open Letter on Copyrights · · Score: 1
    Nothing we haven't seen before.

    So why was this even worth submitting?

    Ya know, I think Darl got his business plan from a piece of spam last year.