Apologies if it's in bad taste to reply to my own post, especially because it's about the product I'm working on, but here are some of Dropbox's differences/improvements over what people typically hack together themselves:
- syncs continuously/watches the FS for file changes (no cron jobs needed -- things usually sync as quickly as they can be sent) - does binary diffing and only sends deltas (compressed & over SSL) - transparently archives past versions of all files (i.e. undelete/infinite undo) - syncs across any number of machines - lets you get to your files from the web - some more info @ http://venturebeat.com/2007/08/16/the-y-combinator -list/
We made it after hacking together our own rsync-based abominations and getting really annoyed that no one had solved this genre of problems in a way that normal people could use.
Okay, I can stop shilling now. I was just excited that other people run into these problems.
Take a look at Dropbox (http://getdropbox.com/; screencast at http://getdropbox.com/u/2/screencast.html) if you want something that's rsync-like but integrated into Windows and OS X. It's in beta (and full disclosure: I co-founded the company) but was designed precisely because there's nothing out there that does this well and is easy to use.
that's actually a fantastic idea (paid stories in a separate box on the right like AdWords), and would let these social news sites monetize without being annoying or shady, in the same way that organic and paid search are divided.
it seems like a no brainer. why haven't digg/reddit et al done this already?
Full disclosure: I'm working on the product/service in the parent post -- but I feel the pain of no good integrated team sync/backup tool for Windows that also works with large files, large file sets, and doesn't require a PhD to use:)
Check out http://www.getdropbox.com/ . It hasn't launched yet, but is very a similar product: think rsync for Windows that's actually pleasant to use -- integrated into the shell, low-overhead automatic/continuous backup based on filesystem change notifications, compressed binary diffs, etc.
n.b. i was logged into amazon at the time of copying those links, and judging by the length of the urls, there's probably some referrer shenanigans in there. if that bothers you, feel free to (un)mangle the link (i don't really care about making 17 cents or whatever if someone clicks one of the links).
bit9 (http://www.bit9.com) parity does exactly what the OP is looking for. you can lock down computers without taking away admin rights, and can whitelist applications which are allowed to install during lockdown. you can also administer all your desktops from the web console, so you don't have to go to each desktop and manually configure everything every time you want to make a change, and you can see what applications are running/installed on each desktop, and be alerted when something new appears.
[full disclosure: i work at bit9 -- i couldn't help posting as we see and solve this exact problem all the time:)]
hope this helps; there are other alternatives (imaging/freezing products that others have pointed out) as well.
well, one way to look at it is in general a lot of shellcode relies on downloading/dumping an executable file somewhere and running it; this would be blocked (the new exe would drop, but you couldn't run it), even if you're able to blow up winword.exe. yeah you could cram a bunch of executable code into the document, fine, but then that code would have to modify something/overwrite a system file (which would get blocked), or write a new exe on the disk (blocked on attempted execute) if they wanted something to stay resident beyond that instance of winword.exe.
to the pedants: fine, you might be able to contrive some rube goldbergesque way to get past it, but today most most companies are getting screwed by trivial vulnerabilities. put another way, if you had an adversary that had the resources ($) and motive to craft a malformed document that was customized to be able to jump through all of the hoops needed (no overwriting system files or writing new exes), they could probably just pay off the secretary or janitor and/or physically break in and steal the info they needed:)
in general, it's very effective against the vast majority of malware that is commonly encountered.
on the server, you can mark certain updaters, users, directories and/or publishers as trusted, and all files that come from these trusted origins are locally approved on each desktop (while the rest of the system remains locked down.)
this way you don't have to maintain any enormous whitelists or blacklists or anything and you only have to look at what's new/unknown (the graylist.)
it does have a technical solution -- just don't let it run in the first place:) or more specifically, take the choice out of the (uninformed) end-user's hands and let the IT admin decide.
lets you lock down PCs and stops anything new/unknown (from a network-wide perspective) from running without taking away admin rights.
so if someone gets snuck an evil email attachment, it would be identified by the software as new to the network and blocked at the kernel level before the OS executes it. no signatures or AV needed.
[full disclosure: yeah, i work at bit9, and the product rocks:)]
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses (X) Mailing lists and other legitimate email uses would be affected ( ) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks (X) It will stop spam for two weeks and then we'll be stuck with it ( ) Users of email will not put up with it ( ) Microsoft will not put up with it ( ) The police will not put up with it ( ) Requires too much cooperation from spammers (X) Requires immediate total cooperation from everybody at once ( ) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists ( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it ( ) Lack of centrally controlling authority for email ( ) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses ( ) Asshats ( ) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money (X) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email (X) Armies of worm riddled broadband-connected Windows boxes (X) Eternal arms race involved in all filtering approaches ( ) Extreme profitability of spam ( ) Joe jobs and/or identity theft ( ) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers ( ) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering ( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud (X) Countermeasures should not involve sabotage of public networks ( ) Countermeasures must work if phased in gradually ( ) Sending email should be free ( ) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email (X) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, asshole! I'm going to find out where you live and burn your house down!
so they wrote an asynchronous proxy that slows down connections. cool trick, but not any kind of scalable solution.
the core assumption, and the only thing that makes this work, is that botnet spam software will _always_ just give up after 30 seconds; if this throttling technique ever became commonplace, spammers would just write their own asynchronous mailer -- it's not THAT hard. windows has the same kind of async networking support (either through the winsock API and/or IO completion ports, or what have you) and i'm sure the spam/botnet software authors have no qualms about holding open a couple thousand sockets on the rooted windows machine (times a few hundred thousand machines.) furthermore, i bet there are some shitty legitimate MTAs that would just give up too, causing actual mail to get discarded:)
(that, and they shoulda used twisted or something:) -- using a pool of apache/mod_perl instances to handle connections is grossly inefficient.)
ok, ok, maybe this sounds overly critical. it's a clever, thinking-out-of-the-box idea, but certainly not the panacea we're looking for to stop spam.
One piece I think people skip over is the benefit from rotating certain monitors to be oriented vertically. Most non-media-related computing tasks rely more on the y-axis (emails, code, web pages.); being able to see 100+ lines of code on the screen lets you have a lot more context.
In addition, it helps to be able to maximize multiple windows rather than have one giant screen space and to have to manually resize (or use the clumsy tile windows capability.) If I had one 30" monitor it would drive me nuts; instead I have 3 20" Dell LCDs both at home and at work and it makes a huge difference to be able to maximize two windows on the left and center monitors and to leave the right monitor for email/IM/VMs. (I also usually have about 40-50 windows open at once, which some find strange -- a bunch of python shells, Komodo, Visual Studio, VMware, remote desktop, other text editors and tools, skype, AIM, winamp, photoshop, etc.)
The actually productivity boost comes from not needing to alt-tab, and thus avoiding the concomitant mental context switches; it's great to be able to look at a google search or API reference on one window while actually writing code instead of flipping back and forth and back and forth.
I agree with the spirit of this post, but frankly there are a lot of incorrect points.
First, you need more than "9th grade math" or "8th grade education"; among other topics there's geometry (10th grade for most kids) and some probability/data analysis. (You're correct though that vocab is critically important.)
Second, it's not really a reasoning test in the way that, for example, an IQ test is. It *does* test math and language skills, albeit in a rather shallow and limited way. It also tests *specific* skills, such as identifying the tone of a literary passage or using the formula for the circumference of a circle, not just "basic knowledge".
Third, preparation provably helps, often leading to multiple-hundred point increases. The test is engineered to trick students, and knowing these traps (there aren't that many), and taking practice tests (to establish comfort with the layout of the exam, and to avoid wasting time reading the directions which never change) can boost your score significantly.
This is dangerous advice; even if it is a farce, for very many schools the SAT is still an important (and often required) part of the college application (until something better comes along, but I'm not holding my breath.)
Selective schools get inundated with many more highly qualified applicants than spots and the SAT is one of several measuring sticks admissions counselors use to cull the field down to a manageable level.
I agree that the SAT is largely a meaningless hoop to jump through, but realize that thumbing your nose at it will just cause the college to shrug and admit one of the many other applicants who took it seriously.
Just a few corrections (sorry if this is pedantic, but these are common misconceptions): There are no longer analogies on the SAT; the test is now out of 2400; there are no scientific deduction questions per se (although critical reading passage questions somewhat resemble "logic" questions); there is also now an essay (it's no longer just multiple choice.)
The only thing I can suggest is that preparation gives you a huge leg up -- there is only a finite number of kinds of questions you will encounter, and if you get accustomed to the format of the exam and the typical traps while taking *practice* tests you'll do much better on the real thing.
Think about *casual* piracy, though -- average people who formerly bought CDs but then turned to file sharing in the past 5 or 6 years -- the segment that cost the RIAA most dearly.
Yeah, people who can name 5-10 file sharing programs off the top of their head, or know what warez or IRC are, will always be able to track down what they're looking for (and probably weren't formerly spending as much cash on CDs anyway). But think about your less computer-savvy friends. The fear mongering by the RIAA et al (suing of 12 year olds, raiding of college dorms) has spurred an impressive level of paranoia among casual file sharers. A lot of my friends don't use file sharing anymore for this reason (who really wants to go to jail for downloading Dani California), and I think the availability of legal (i.e. guilt/paranoia-free) and affordable alternatives like iTunes has also been a big factor.
I think the RIAA has acheived resounding success in reducing both file-sharing demand (through PR and paranoia) and supply (by continuing to aggressively shut down pirate sites.) Their adversary is about as tough as one could imagine -- an anonymous army of millions of smart, connected users flagrantly ignoring copyright laws that governments are pretty lax to enforce -- how would *you* fight such an enemy?
The RIAA's success is pretty impressive (remember, the goal wasn't to eliminate piracy, but to cut it down to only the most hardcore/defiant subset, so that the rest of the general population goes back to paying $), but at the same time makes me die a little inside.:P
Well, that's good, because you're the exact target audience of that article. I'm usually not that cynical but this is pretty blatant: is the message "Google is a doubleplusgood working environment" really _news_, or just a clever press hit and recruiting tool (as are the massages, chefs, yada yada. Ironic too that it's hosted on a Microsoft-owned news site, haha.)
They need to do _something_ with those billions of dollars:)
Yeah, you'll be able to find teams like this online. And they will have an appallingly wide variance in quality -- a friend of mine just finished getting out of a contract where he was paying $160/hr for expedited service but the consulting company either was completely incompetent or just too lazy to do the work (their spec was laughable, consisting of blurbs of text cut and pasted from open source components they were going to slough together to make the site).
But (as a technical founder/co-CEO myself) let me tell you why even if you find a decent consulting shop that this is a bad idea.
First, you're a startup. You're dreaming if you think your requirements aren't going to change as users start interacting with the site and you tweak your product idea and learn more about the market. This just doesn't jive with a consulting agreement, where clear expectations and well-defined specs are absolutely essential for success. Otherwise, you're asking for a world of hurt (time, money, stress) when you quickly realize that you and the consultant have a very different view of what constitutes "complete" in terms of quality and features. I guess if you have a great relationship with your consulting team, maybe they can be nimble for you. But you'll pay for it -- "Whoa whoa whoa -- you wanted to be able to SEARCH posts on your message board? That wasn't in the spec, it's going to be at least another week, and at x hours at $y per hour, plus overtime, that's..." And this is assuming, too, that you find a scrupulous dev shop -- I can only imagine the horrors of an unethical dev shop screwing over a technically unenlightened founder/CEO (I've seen it. It's not pretty.)
Fundamentally, you and the dev shop just aren't on the same team (your "incentives aren't aligned.") Look at it from their perspective: they want to get your project done as soon as possible (so that they can start working, and making money on something else) and to do the least work possible that could pass as "complete" especially if you have a flat $x/milestone agreement. You want to make something your users will love, and you don't quite know what that "something" exactly is until a few iterations in. Think about it -- if you're a consultant, and you're trying to wrap up this damn project which is already running late (and it's your head under the guillotine for missing milestones), are you going to 1) complete the feature in the quickest way possible or 2) add a little extra to make something the end user will love... but not get compensated for it? Yes, maybe are consulting companies that will go the extra mile, but these aren't the ones bidding for the bottom of the barrel at rent-a-coder.
You can maybe align things better with clever contingencies. You can negotiate a support contract or retainer (for bug fixes afterwards) or something with them. But after the project is delivered, you are in a _terrible_ negotiating position as you desperately NEED them for bug fixes and enhancements (i.e. your alternatives are terrible), and they can easily make you pay dearly. Plus, what if you're willing to spend the money but your former lead dev at the consulting shop gets staffed somewhere else? or leaves? etc.
And all this even ignores the major point. Your product is your special sauce; the thing you do better than your competitors; the source of your sustainable competitive advantage. It's just suicide to try to contract that out to someone else. It's one thing (and highly recommended) to outsource ANCILLARY business functions (accounting, legal, etc.) that to you are basically a commodity. But not your crown jewels. Did Google, Microsoft, Yahoo, Amazon, or frankly ANY successful startup start by outsourcing/offshoring the development of their core IP? (There may be RARE exceptions, and I'd love to hear them, because I know of precisely zero successful companies that have done this)
So I shudder when newbie founder/CEO or MBA/management major types say they'll get their first product done for $20k and in 3 weeks by shipping
Thinking that a CS degree is a "dead end" is the wrong takeaway. The answer is that it depends on what you want to do. Talented architects and computer scientists will always be in demand, as there are lots of interesting problems to solve, and true CS talent is scarce (and, amusingly, will only get scarcer over the next few years as enrollment in CS programs stays low.) The theory will still be much the same in 20 years, even if we're not programming using today's technology.
In addition, the assertion that "the days of a geek making it into upper management are over" is patently false. Google, Microsoft, Apple and Oracle are obvious counterexamples, and I'm sure everyone else can come up with more. If you want to have have a leadership in a company that produces new technology, you had better be a geek. On the other hand, if you're no more than a typical rank-and-file coder, things do not look good.
However, most pure CS students definitely lack communications skills, business sense, and an understanding of social graces and human behavior -- and these things aren't played up enough in most CS curricula. Your great ideas aren't worth much if your coworkers can't stand to be around you or are laughing to themselves when you're talking or presenting.
The good news is geeks can often pick up the business side (CEOs of aforementioned companies being good examples), but I've never met a pure business major who could truly pick up the important CS stuff like algorithms and systems analysis (your brain just stops being able to pick that stuff up after a while.) The pure management majors here at MIT learn to write great memos and know how to dress up for interviews, but that's about it (compared to the science majors) -- they can talk the business side, but are clueless about the underlying technology. (To be fair, most CS majors around here can't form complete English sentences or withstand direct sunlight.)
I'm glad I started out towards the geek side and stayed in CS, because picking up the business side isn't that intellectually hard --it's just different. And you'd be surprised how much your CS intuition applies to the business side as well -- a lot of my pure business buddies just don't understand logic, systems, or basic concepts of probability, for example, and consequently make stupid business decisions. Joel Spolsky has a good take on both sides of the issue.
Anyway. A CS degree is still very valuable, but only (or especially so) when paired with the ability to communicate and lead others.
Well, for web development (God, do I now have to call this "RIA development"?) I found a diamond in the rough.
It turns out there's this Python-based application server/templating language called SkunkWeb (http://www.skunkweb.org/) which seems to be the Holy Grail for me of, well, a Python-based web framework that doesn'tcompletelysuck (Okay, I know 1995 and CGI was awesome and everything, but no one should be writing "print '<html><head>'..." statements within Python code to make web pages, and don't get me started on Zope.) And no, I'm not affiliated with the project or its developers.
I don't know about Ruby/Ruby on Rails, but I'd rather write in Python which, to me, has a more accessible syntax and a truly badass standard library. And doesn't make you want to jump blindfolded off of tall buildings.
Skunkweb lets you combine the best of Python and PHP -- you create real Python classes to do the heavy lifting/DB accesses/app logic (and you can unit test those separately) without the PHP spaghetti code mess, and then you use Skunkweb's refreshingly sane blend-of-HTML-and-Python template language (contrived example -- need a list of usernames? It's this easy)
to tie it all together. The win is that this way you can separate logic (standalone Python modules) from presentation (templated HTML/Python) in a much cleaner manner than other web development frameworks.
In addition, it was built from the ground up for scalability (ok, the application server itself is probably slower than Apache/PHP, but I don't notice the difference, and you can use psyco or other methods to speed things up) and has caching and db connection pooling and other performance-oriented features built in.
I've been doing web development for nearly a decade, and Skunkweb has recently been my best-kept secret and a big competitive advantage. It's at the core of two companies I'm starting (one of which is a comprehensive online SAT prep course and is already profitable, the other which is earlier stage but angel-funded) It lends itself to clean and quick development and if it didn't have the stupid name (good luck convincing your boss to bet the farm on something with "skunk" in the name) it would have taken over the world by now.
Anyway, you heard it here first, folks. If anyone else out there is using Skunk, drop me a line (houston at mit.edu) because it would be nice to start a little community.
Slashdot Mirror
Apologies if it's in bad taste to reply to my own post, especially because it's about the product I'm working on, but here are some of Dropbox's differences/improvements over what people typically hack together themselves:
r -list/
- syncs continuously/watches the FS for file changes (no cron jobs needed -- things usually sync as quickly as they can be sent)
- does binary diffing and only sends deltas (compressed & over SSL)
- transparently archives past versions of all files (i.e. undelete/infinite undo)
- syncs across any number of machines
- lets you get to your files from the web
- some more info @ http://venturebeat.com/2007/08/16/the-y-combinato
We made it after hacking together our own rsync-based abominations and getting really annoyed that no one had solved this genre of problems in a way that normal people could use.
Okay, I can stop shilling now. I was just excited that other people run into these problems.
Take a look at Dropbox (http://getdropbox.com/; screencast at http://getdropbox.com/u/2/screencast.html) if you want something that's rsync-like but integrated into Windows and OS X. It's in beta (and full disclosure: I co-founded the company) but was designed precisely because there's nothing out there that does this well and is easy to use.
that's actually a fantastic idea (paid stories in a separate box on the right like AdWords), and would let these social news sites monetize without being annoying or shady, in the same way that organic and paid search are divided.
it seems like a no brainer. why haven't digg/reddit et al done this already?
-fren
Full disclosure: I'm working on the product/service in the parent post -- but I feel the pain of no good integrated team sync/backup tool for Windows that also works with large files, large file sets, and doesn't require a PhD to use :)
Check out http://www.getdropbox.com/ . It hasn't launched yet, but is very a similar product: think rsync for Windows that's actually pleasant to use -- integrated into the shell, low-overhead automatic/continuous backup based on filesystem change notifications, compressed binary diffs, etc.
-Drew
if you're a tech entrepreneur, you might find these interesting:
guy kawasaki's ten favorite books
definitely second guy's suggestions of influence, crossing the chasm and innovator's dilemma; i'd also include the tipping point and blink (both by malcolm gladwell, quick reads -- kinda fluffy but interesting), seth godin's all marketers are liars, high tech startup by john nesheim, emotional intelligence by daniel goleman, and windows internals by mark russinovich, and for web design don't make me think is pretty good... what else -- i like joel spolsky's stuff, particularly user interface design for programmers, joel on software, and best software writing I is interesting too. paul graham's hackers and painters is also an interesting read if you haven't read his essays online.
n.b. i was logged into amazon at the time of copying those links, and judging by the length of the urls, there's probably some referrer shenanigans in there. if that bothers you, feel free to (un)mangle the link (i don't really care about making 17 cents or whatever if someone clicks one of the links).
-fren
can't go too far without mentioning the canonical algorithms textbook --
Introduction to Algorithms by Cormen, Leiserson and Rivest
i read a ton of business books too -- maybe i'll post some of my favorites in a little bit.
-fren
bit9 (http://www.bit9.com) parity does exactly what the OP is looking for. you can lock down computers without taking away admin rights, and can whitelist applications which are allowed to install during lockdown. you can also administer all your desktops from the web console, so you don't have to go to each desktop and manually configure everything every time you want to make a change, and you can see what applications are running/installed on each desktop, and be alerted when something new appears.
:)]
[full disclosure: i work at bit9 -- i couldn't help posting as we see and solve this exact problem all the time
hope this helps; there are other alternatives (imaging/freezing products that others have pointed out) as well.
-drew
well, one way to look at it is in general a lot of shellcode relies on downloading/dumping an executable file somewhere and running it; this would be blocked (the new exe would drop, but you couldn't run it), even if you're able to blow up winword.exe. yeah you could cram a bunch of executable code into the document, fine, but then that code would have to modify something/overwrite a system file (which would get blocked), or write a new exe on the disk (blocked on attempted execute) if they wanted something to stay resident beyond that instance of winword.exe.
:)
to the pedants: fine, you might be able to contrive some rube goldbergesque way to get past it, but today most most companies are getting screwed by trivial vulnerabilities. put another way, if you had an adversary that had the resources ($) and motive to craft a malformed document that was customized to be able to jump through all of the hoops needed (no overwriting system files or writing new exes), they could probably just pay off the secretary or janitor and/or physically break in and steal the info they needed
in general, it's very effective against the vast majority of malware that is commonly encountered.
-d
very carefully :)
on the server, you can mark certain updaters, users, directories and/or publishers as trusted, and all files that come from these trusted origins are locally approved on each desktop (while the rest of the system remains locked down.)
this way you don't have to maintain any enormous whitelists or blacklists or anything and you only have to look at what's new/unknown (the graylist.)
-fren
it does have a technical solution -- just don't let it run in the first place :) or more specifically, take the choice out of the (uninformed) end-user's hands and let the IT admin decide.
:)]
http://www.bit9.com/
lets you lock down PCs and stops anything new/unknown (from a network-wide perspective) from running without taking away admin rights.
so if someone gets snuck an evil email attachment, it would be identified by the software as new to the network and blocked at the kernel level before the OS executes it. no signatures or AV needed.
[full disclosure: yeah, i work at bit9, and the product rocks
-fren
Your post advocates a
(X) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(X) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, asshole! I'm going to find out where you live and burn your
house down!
so they wrote an asynchronous proxy that slows down connections. cool trick, but not any kind of scalable solution.
:)
:) -- using a pool of apache/mod_perl instances to handle connections is grossly inefficient.)
the core assumption, and the only thing that makes this work, is that botnet spam software will _always_ just give up after 30 seconds; if this throttling technique ever became commonplace, spammers would just write their own asynchronous mailer -- it's not THAT hard. windows has the same kind of async networking support (either through the winsock API and/or IO completion ports, or what have you) and i'm sure the spam/botnet software authors have no qualms about holding open a couple thousand sockets on the rooted windows machine (times a few hundred thousand machines.) furthermore, i bet there are some shitty legitimate MTAs that would just give up too, causing actual mail to get discarded
(that, and they shoulda used twisted or something
ok, ok, maybe this sounds overly critical. it's a clever, thinking-out-of-the-box idea, but certainly not the panacea we're looking for to stop spam.
-fren
One piece I think people skip over is the benefit from rotating certain monitors to be oriented vertically. Most non-media-related computing tasks rely more on the y-axis (emails, code, web pages.); being able to see 100+ lines of code on the screen lets you have a lot more context.
In addition, it helps to be able to maximize multiple windows rather than have one giant screen space and to have to manually resize (or use the clumsy tile windows capability.) If I had one 30" monitor it would drive me nuts; instead I have 3 20" Dell LCDs both at home and at work and it makes a huge difference to be able to maximize two windows on the left and center monitors and to leave the right monitor for email/IM/VMs. (I also usually have about 40-50 windows open at once, which some find strange -- a bunch of python shells, Komodo, Visual Studio, VMware, remote desktop, other text editors and tools, skype, AIM, winamp, photoshop, etc.)
The actually productivity boost comes from not needing to alt-tab, and thus avoiding the concomitant mental context switches; it's great to be able to look at a google search or API reference on one window while actually writing code instead of flipping back and forth and back and forth.
-fren
I agree with the spirit of this post, but frankly there are a lot of incorrect points.
First, you need more than "9th grade math" or "8th grade education"; among other topics there's geometry (10th grade for most kids) and some probability/data analysis. (You're correct though that vocab is critically important.)
Second, it's not really a reasoning test in the way that, for example, an IQ test is. It *does* test math and language skills, albeit in a rather shallow and limited way. It also tests *specific* skills, such as identifying the tone of a literary passage or using the formula for the circumference of a circle, not just "basic knowledge".
Third, preparation provably helps, often leading to multiple-hundred point increases. The test is engineered to trick students, and knowing these traps (there aren't that many), and taking practice tests (to establish comfort with the layout of the exam, and to avoid wasting time reading the directions which never change) can boost your score significantly.
-fren
This is dangerous advice; even if it is a farce, for very many schools the SAT is still an important (and often required) part of the college application (until something better comes along, but I'm not holding my breath.)
Selective schools get inundated with many more highly qualified applicants than spots and the SAT is one of several measuring sticks admissions counselors use to cull the field down to a manageable level.
I agree that the SAT is largely a meaningless hoop to jump through, but realize that thumbing your nose at it will just cause the college to shrug and admit one of the many other applicants who took it seriously.
-fren
Just a few corrections (sorry if this is pedantic, but these are common misconceptions): There are no longer analogies on the SAT; the test is now out of 2400; there are no scientific deduction questions per se (although critical reading passage questions somewhat resemble "logic" questions); there is also now an essay (it's no longer just multiple choice.)
The only thing I can suggest is that preparation gives you a huge leg up -- there is only a finite number of kinds of questions you will encounter, and if you get accustomed to the format of the exam and the typical traps while taking *practice* tests you'll do much better on the real thing.
-fren
Here's a comprehensive online course for the new SAT by Harvard & MIT grads and a perfect 2400 scorer:
:)
http://www.accoladeprep.com/
(Full disclosure: This post is on-topic, but also a shameless plug -- I'm one of the co-creators of the course.)
Contact us (contact at accoladeprep.com) and we'll get you set up.
Alright, end shameless plug
-fren
Think about *casual* piracy, though -- average people who formerly bought CDs but then turned to file sharing in the past 5 or 6 years -- the segment that cost the RIAA most dearly.
:P
Yeah, people who can name 5-10 file sharing programs off the top of their head, or know what warez or IRC are, will always be able to track down what they're looking for (and probably weren't formerly spending as much cash on CDs anyway). But think about your less computer-savvy friends. The fear mongering by the RIAA et al (suing of 12 year olds, raiding of college dorms) has spurred an impressive level of paranoia among casual file sharers. A lot of my friends don't use file sharing anymore for this reason (who really wants to go to jail for downloading Dani California), and I think the availability of legal (i.e. guilt/paranoia-free) and affordable alternatives like iTunes has also been a big factor.
I think the RIAA has acheived resounding success in reducing both file-sharing demand (through PR and paranoia) and supply (by continuing to aggressively shut down pirate sites.) Their adversary is about as tough as one could imagine -- an anonymous army of millions of smart, connected users flagrantly ignoring copyright laws that governments are pretty lax to enforce -- how would *you* fight such an enemy?
The RIAA's success is pretty impressive (remember, the goal wasn't to eliminate piracy, but to cut it down to only the most hardcore/defiant subset, so that the rest of the general population goes back to paying $), but at the same time makes me die a little inside.
-fren
Well, that's good, because you're the exact target audience of that article. I'm usually not that cynical but this is pretty blatant: is the message "Google is a doubleplusgood working environment" really _news_, or just a clever press hit and recruiting tool (as are the massages, chefs, yada yada. Ironic too that it's hosted on a Microsoft-owned news site, haha.)
:)
They need to do _something_ with those billions of dollars
-fren
Yeah, you'll be able to find teams like this online. And they will have an appallingly wide variance in quality -- a friend of mine just finished getting out of a contract where he was paying $160/hr for expedited service but the consulting company either was completely incompetent or just too lazy to do the work (their spec was laughable, consisting of blurbs of text cut and pasted from open source components they were going to slough together to make the site).
But (as a technical founder/co-CEO myself) let me tell you why even if you find a decent consulting shop that this is a bad idea.
First, you're a startup. You're dreaming if you think your requirements aren't going to change as users start interacting with the site and you tweak your product idea and learn more about the market. This just doesn't jive with a consulting agreement, where clear expectations and well-defined specs are absolutely essential for success. Otherwise, you're asking for a world of hurt (time, money, stress) when you quickly realize that you and the consultant have a very different view of what constitutes "complete" in terms of quality and features. I guess if you have a great relationship with your consulting team, maybe they can be nimble for you. But you'll pay for it -- "Whoa whoa whoa -- you wanted to be able to SEARCH posts on your message board? That wasn't in the spec, it's going to be at least another week, and at x hours at $y per hour, plus overtime, that's..." And this is assuming, too, that you find a scrupulous dev shop -- I can only imagine the horrors of an unethical dev shop screwing over a technically unenlightened founder/CEO (I've seen it. It's not pretty.)
Fundamentally, you and the dev shop just aren't on the same team (your "incentives aren't aligned.") Look at it from their perspective: they want to get your project done as soon as possible (so that they can start working, and making money on something else) and to do the least work possible that could pass as "complete" especially if you have a flat $x/milestone agreement. You want to make something your users will love, and you don't quite know what that "something" exactly is until a few iterations in. Think about it -- if you're a consultant, and you're trying to wrap up this damn project which is already running late (and it's your head under the guillotine for missing milestones), are you going to 1) complete the feature in the quickest way possible or 2) add a little extra to make something the end user will love... but not get compensated for it? Yes, maybe are consulting companies that will go the extra mile, but these aren't the ones bidding for the bottom of the barrel at rent-a-coder.
You can maybe align things better with clever contingencies. You can negotiate a support contract or retainer (for bug fixes afterwards) or something with them. But after the project is delivered, you are in a _terrible_ negotiating position as you desperately NEED them for bug fixes and enhancements (i.e. your alternatives are terrible), and they can easily make you pay dearly. Plus, what if you're willing to spend the money but your former lead dev at the consulting shop gets staffed somewhere else? or leaves? etc.
And all this even ignores the major point. Your product is your special sauce; the thing you do better than your competitors; the source of your sustainable competitive advantage. It's just suicide to try to contract that out to someone else. It's one thing (and highly recommended) to outsource ANCILLARY business functions (accounting, legal, etc.) that to you are basically a commodity. But not your crown jewels. Did Google, Microsoft, Yahoo, Amazon, or frankly ANY successful startup start by outsourcing/offshoring the development of their core IP? (There may be RARE exceptions, and I'd love to hear them, because I know of precisely zero successful companies that have done this)
So I shudder when newbie founder/CEO or MBA/management major types say they'll get their first product done for $20k and in 3 weeks by shipping
Subchapter S corporations (what I think he was referring to by saying "California-S": a California S corp) don't get double-taxed.
-fren
-fren
This is a troll, but sigh, I'll bite.
Thinking that a CS degree is a "dead end" is the wrong takeaway. The answer is that it depends on what you want to do. Talented architects and computer scientists will always be in demand, as there are lots of interesting problems to solve, and true CS talent is scarce (and, amusingly, will only get scarcer over the next few years as enrollment in CS programs stays low.) The theory will still be much the same in 20 years, even if we're not programming using today's technology.
In addition, the assertion that "the days of a geek making it into upper management are over" is patently false. Google, Microsoft, Apple and Oracle are obvious counterexamples, and I'm sure everyone else can come up with more. If you want to have have a leadership in a company that produces new technology, you had better be a geek. On the other hand, if you're no more than a typical rank-and-file coder, things do not look good.
However, most pure CS students definitely lack communications skills, business sense, and an understanding of social graces and human behavior -- and these things aren't played up enough in most CS curricula. Your great ideas aren't worth much if your coworkers can't stand to be around you or are laughing to themselves when you're talking or presenting.
The good news is geeks can often pick up the business side (CEOs of aforementioned companies being good examples), but I've never met a pure business major who could truly pick up the important CS stuff like algorithms and systems analysis (your brain just stops being able to pick that stuff up after a while.) The pure management majors here at MIT learn to write great memos and know how to dress up for interviews, but that's about it (compared to the science majors) -- they can talk the business side, but are clueless about the underlying technology. (To be fair, most CS majors around here can't form complete English sentences or withstand direct sunlight.)
I'm glad I started out towards the geek side and stayed in CS, because picking up the business side isn't that intellectually hard --it's just different. And you'd be surprised how much your CS intuition applies to the business side as well -- a lot of my pure business buddies just don't understand logic, systems, or basic concepts of probability, for example, and consequently make stupid business decisions. Joel Spolsky has a good take on both sides of the issue.
Anyway. A CS degree is still very valuable, but only (or especially so) when paired with the ability to communicate and lead others.
-fren
It turns out there's this Python-based application server/templating language called SkunkWeb (http://www.skunkweb.org/) which seems to be the Holy Grail for me of, well, a Python-based web framework that doesn't completely suck (Okay, I know 1995 and CGI was awesome and everything, but no one should be writing "print '<html><head>'..." statements within Python code to make web pages, and don't get me started on Zope.) And no, I'm not affiliated with the project or its developers.
I don't know about Ruby/Ruby on Rails, but I'd rather write in Python which, to me, has a more accessible syntax and a truly badass standard library. And doesn't make you want to jump blindfolded off of tall buildings.
Skunkweb lets you combine the best of Python and PHP -- you create real Python classes to do the heavy lifting/DB accesses/app logic (and you can unit test those separately) without the PHP spaghetti code mess, and then you use Skunkweb's refreshingly sane blend-of-HTML-and-Python template language (contrived example -- need a list of usernames? It's this easy) to tie it all together. The win is that this way you can separate logic (standalone Python modules) from presentation (templated HTML/Python) in a much cleaner manner than other web development frameworks.
In addition, it was built from the ground up for scalability (ok, the application server itself is probably slower than Apache/PHP, but I don't notice the difference, and you can use psyco or other methods to speed things up) and has caching and db connection pooling and other performance-oriented features built in.
I've been doing web development for nearly a decade, and Skunkweb has recently been my best-kept secret and a big competitive advantage. It's at the core of two companies I'm starting (one of which is a comprehensive online SAT prep course and is already profitable, the other which is earlier stage but angel-funded) It lends itself to clean and quick development and if it didn't have the stupid name (good luck convincing your boss to bet the farm on something with "skunk" in the name) it would have taken over the world by now.
Anyway, you heard it here first, folks. If anyone else out there is using Skunk, drop me a line (houston at mit.edu) because it would be nice to start a little community.
-fren