"Many people seem to share your view that there is nothing wrong with the professor profiting from offering extra help to students. Of course most are assuming the students are skipping class, and some probably are, but attendance tracking is how you deal with that. Many students, however, need help with note taking skills and depending on the subject matter just trying to grasp concepts. They are hardly the dead-beats that the posters here are painting them out to be."
Why deal with absentees through attendance tracking? If you're in college, you're almost guaranteed to be a legal adult. Just like any other adult, you should be responsible for your actions. This means you show up or, in this case, you can pay $2.50 to cover your lack of responsibility. As for the note taking skills, learn them. I'm sure I'm not the only one who learned these skills by, well, showing up to class, listening, and actually taking notes. If you can't grasp the concepts, try asking questions or using office hours.
"Again, many, share your view that he's not doing anything wrong, but he is. He's profiting from offering extra help to students. If he was charging for extra for students to have problems or questions answered, it would be considered unethical. How is charging so somebody can re-hear his lecture any different?"
You actually believe this? This professor is recording or re-recording his lectures, doing some type of editing, then having them posted on a web site. He's not being paid for this extra effort by the university, so he's charging a minimal fee to those who want to benefit from his efforts. What if he was to take his lecture notes, edit them, have them bound, and sell them at the university bookstore? Would that be unethical? He's going above-and-beyond, so why shouldn't he be able to do this?
Answering problems and questions is part of the job, it's what professors are paid to do. Those activities are not over-and-above. What he's doing with his lectures _is_ over-and-above, so I still don't see why it would be considered wrong.
As a (hopefully) soon-to-be-former ISS customer I can't speak for Server Sensor, Proventia A, etc., but I do know about Site Protector, the Proventia G and the Proventia Desktop. The G isn't bad, as it's just a somewhat stripped-down Red Hat 8. It's pretty rock-solid and stable.
Site Protector is (IMHO) a bloated piece of crap. I don't like security software that will only run on Windows (only recently supporting W2k3 SP1), requires SQL Server, and can't be accessed in any useful manner from a non-Windows machine. There is a browser-based component, but it doesn't have full functionality and has even more reduced functionality if the browser isn't IE.
The Proventia Desktop is one of the biggest disappointments for me. They took BlackICE, which was a decent product, and thoroughly screwed it up. I ran the test deployment for our shop, using only IT folks for the run-through, and ended up canning the entire project. It was slow, it was buggy, and the Virus Prevention would slow the box to an absolute crawl if the user tried to do anything with Java.
I disagree completely. It is a jumbled mouthful to discuss how Voice Over Internet Protocal Session Initiation Protocol traffic has Network Address Translation traversal issues because the Internet Protocol address is embedded into the Transfer Control Protocol / Internet Protocol packet. That's much harded to understand than discussing how VoIP SIP traffic has NAT traversal issues because the IP address is embedded into the TCP/IP packet.
It does require knowledge of the acronyms, but the jumbled mass of words that would need to be used to decribe the situation are (IMHO) much worse.
Actually, the man-trap feature could be quite useful if properly implemented. If you had an external door with this enabled on a badge reader and a room separated from the inside with an internal door that had this disabled on a badge reader, this could trap the intruder (you know, a man trap). The intruder gets through the outside door and can't get through the inside one. If you have a badge reader that's needed to exit (w/o the man-trap feature enabled), then the intruder is now stuck in the room with no way in or out. This is a variation of the classic man-trap and allowing effectivly everyone from the outside is part of the configuration.
Pronunciation differences would have a huge impact on this change in spelling. Should you spell car as "cah" like a Northeasterner? Should door be spelled "doeor" like a Southerner says it? Since there isn't a truly standard pronunciation used by everyone, how can there be pronunciation-based spelling without causing major communcation problems?
Funny, I almost never assume that the help desk person on the other line has a clue. I once called to tell my ISP that their DNS servers weren't responding. I said, "I can't resolve anything through DNS. I tried to query your servers with nslookup and got nothing. I tried pinging them and got no response. I tracerouted to them, got responses from your network, but couldn't reach them." The person then asked, "Sir, what browser are you using to ping them?" I said, "Umm...I'm not using my browser to do that." This was followed by me asking, "Do you know a cool trick that I don't?" That's why I never assume tha tthe person answering the phone has a clue.
I'm curious, in what way do you think the usability has declined from OS9? I used OS7 and OS8 pretty regularly and I find OS X to be much more usable. I've not really been a big user of OS9, so I can't really compare. BTW, I'm not trolling, I'm genuinely interested in what you see as the decline in usability.
No, they'll probably do like many businesses and make P2P file sharing against the acceptable use policy. Toss up some IDS sensors, detect people using P2P software (whether or not it's for sharing of legal or illegal material), charge the user with violating the AUP, repeat as needed. It's Draconian, but it's much easier simply to detect Napster, eDonkey, etc. than to examine the content.
BTW, I'm not saying that I either agree or disagree with this method. I'm just saying that it's the "solution" I see being implemented.
What's funny is that the varied documentation methods in Linux is what infuriates me. As an old Unix-head, I think stuff should be in man pages. I hate the method of --help and/usr/share/doc/*. The OpenBSD guys may be extremely rigid, but they got it right with man .
If the support forum for a particular piece of free software is not helpful, why pay support money to others for that particular piece of software? Why wouldn't you spend money, even if it's more, for a product that you know you can get supported?
As a student, you pay your tuition, that's it. Some money might go to this professor or the administration, but you don't control that. So be a good little student and shut up and pay your tuition.
As a taxpayer, I'd say that I am also paying for this teacher's salary. Given that, I'd say the students should sit down, quit whining, grab pen/paper, and concentrate on actually learning something.
Oh, absolutely it makes sense. I wasn't thinking about Linux either when I made my comment. I was thinking of the times that I ran HA clusters in Solaris and Tru64. There were some things that had the possibility of bring the whole thing down, e.g., an upgrade to the Veritas components (VCS and VVM) or TruCluster. There are simply some times where the best HA cluster may have to go down, even if only for a period of minutes. The users (and those paying the bills) need to understand that this is the case. Don't get me wrong, it's possible to build systems that have darn-near-zero downtime. But, it's difficult to get business people to pay for that type of redundancy.
I was with you, until you commented that the root password are in a safe. It's OK, as long as the server admins have said passwords. It sounds like a good idea to use a ridiculously long password, write it down, put it in a locked safe, and require written authorization to get to it. Well, it sounds good until a mission critical server crashes, reboots, requires the root password to go into maintenance mode to run fsck, and the person/people with the safe combination is/are unavailable. This has not happened to me or anyone I know, but it's a hypothetical that one needs to think about when coming up with methods of securing passwords.
One has to get to the "trust, but verify" aspect of things. I think server admins should have the admin/root/whatever password(s), but I think it should be logged (on another system) that this particular account was used. If you don't trust your SysAdmins to be the super-user, then fire them. Log what they do and audit those logs regularly, but at some point you have to trust them to do the job they're paid to do.
Sorry, we just finished yet another audit season. This stuff is still fresh in my mind.
HA clusters, redundant systems, etc. all still need maintenance. There are still patches that need to be applied, think VCS or VVM upgrades, that affect the entire cluster. Shoot, these HA devices need to be connected to shared storage. Sometimes things happen and the storage needs maintenance too. All computer equipment, even the vaunted NSKs and Tandems, need maintenance windows. It's just an art to make sure that the downtime is minimal and the business keeps running. That's why they pay us.
Depending on where you are and what you do, that's the norm. I once worked at a bank's data center and there were cameras all over the place. They do background checks before you join, etc. Personally, I don't have a problem with that. I would feel better knowing that the place that has my money is that careful.
Exactly. I do IT security and, as a general rule, access to many sites are blocked. If someone can come up with a business justification for why they need access, then I don't have a problem with it. I've been a sysadmin where I needed to use web-based email to communicate with a vendor because the corporate mail servers often blacklisted legitimate traffic. If you need something to get your job done and are willing to explain it in a document to your boss and mine, then I'm pretty good about letting you get to what you deem critical.
Yes, there are some IT folks who get a power trip over what they can keep people from accessing, but I would argue that most of us aren't like that. Every business has data that is considered sensitive, but some (financial, medical, legal, etc.) have data that is considerably more sensitive.
Before saying that IT is draconian, ask yourself how secure you want the business holding your data to be. Would feel comfortable knowing that your bank records are held at a place that doesn't do regular updates of the OSes and A/V software? Would you want your credit card info at a place that doesn't control which system can send SMTP traffic to the outside world, especially since it could be used to send your records to anywhere on the globe? Would you want your medical records held in a place that allows its normal business users to access IM servers, possilby introducing worms into the network and/or using the IM service to send out your data? Is this paranoid? Possibly. Is it a realistic view? Absolutely.
The OP talked about the way things were years ago. Ten years ago, it was also a wild west on the Internet. I personally had a Unix workstation hacked, as did a friend. The threats exist and they can be very serious, so IT has to take them seriously. The main problem that many IT shops have (my current one included) is that we still have problems with the delicate balance between security and usability. The users need to understand that what we do is done for the good of the company and our customers, but we need to understand that the job still has to get done.
Agreed. But this idiot did get other idiots to help whack the school's property. I think a felony is a bit harsh, but I can see charging him with a misdemeanor.
Um, he's 18. Under the law he's not longer a kid and can be treated as an adult. If this was an automated DDoS, then no one would care. This was a manual DDoS, but it's still a DDoS. If someone was to take out your server then claim, "Oh, it was just a joke" would you feel the same way? What if it crashed the server and you lost data?
Even more than the IM worms, etc., many of the original complaints in the article stem from legislation forced upon the business world. I've worked in financial institutions where Gramm-Leach-Bliley rules, I've been in healthcare where HIPAA rules, and every public company has to follow the mandates of Sarbanes-Oxley.
We block IM at work to the outside word because the auditors forced us to do so. We block access to web-based email sites (Yahoo, Gmail, Hotmail, etc.) because the auditors forced us to do so. When dealing with financial, patient, and/or business sensitive records, it's too easy for someone to forward them via IM or web-based email sites. We block many web sites, because they have no business purpose and the person paying the bills (the CIO) mandates that we don't waste bandwidth resources.
We force passwords to be more complex and expire after 90 days. Why? Because the auditors forced us to do so. We don't allow users to install software on the PCs on their desks. Why? Because we became tired of fighting Gator and all the other "fun" spyware. It's also an audit finding not to have protections against spyware, virii, etc. Beyond that, it's just good practice to make sure that there is a centralized group who tracks what is installed where.
I don't like being the "bad guy," but I'm forced to be. The average user has to realize that the PC on their desk isn't their home machine. They didn't pay for it and they can't do with it as they please. This also goes for the network bandwidth, the phone system, etc. It's just the way it is.
Does this mean that you'll dump Unix for Vista when it's released? Just because tech is "old," that doesn't make it bad. The wheel is rather old technology, but it's still quite useful.
Slashdot Mirror
"Many people seem to share your view that there is nothing wrong with the professor profiting from offering extra help to students. Of course most are assuming the students are skipping class, and some probably are, but attendance tracking is how you deal with that. Many students, however, need help with note taking skills and depending on the subject matter just trying to grasp concepts. They are hardly the dead-beats that the posters here are painting them out to be."
Why deal with absentees through attendance tracking? If you're in college, you're almost guaranteed to be a legal adult. Just like any other adult, you should be responsible for your actions. This means you show up or, in this case, you can pay $2.50 to cover your lack of responsibility. As for the note taking skills, learn them. I'm sure I'm not the only one who learned these skills by, well, showing up to class, listening, and actually taking notes. If you can't grasp the concepts, try asking questions or using office hours.
"Again, many, share your view that he's not doing anything wrong, but he is. He's profiting from offering extra help to students. If he was charging for extra for students to have problems or questions answered, it would be considered unethical. How is charging so somebody can re-hear his lecture any different?"
You actually believe this? This professor is recording or re-recording his lectures, doing some type of editing, then having them posted on a web site. He's not being paid for this extra effort by the university, so he's charging a minimal fee to those who want to benefit from his efforts. What if he was to take his lecture notes, edit them, have them bound, and sell them at the university bookstore? Would that be unethical? He's going above-and-beyond, so why shouldn't he be able to do this?
Answering problems and questions is part of the job, it's what professors are paid to do. Those activities are not over-and-above. What he's doing with his lectures _is_ over-and-above, so I still don't see why it would be considered wrong.
I agree completely with that statement.
As a (hopefully) soon-to-be-former ISS customer I can't speak for Server Sensor, Proventia A, etc., but I do know about Site Protector, the Proventia G and the Proventia Desktop. The G isn't bad, as it's just a somewhat stripped-down Red Hat 8. It's pretty rock-solid and stable.
Site Protector is (IMHO) a bloated piece of crap. I don't like security software that will only run on Windows (only recently supporting W2k3 SP1), requires SQL Server, and can't be accessed in any useful manner from a non-Windows machine. There is a browser-based component, but it doesn't have full functionality and has even more reduced functionality if the browser isn't IE.
The Proventia Desktop is one of the biggest disappointments for me. They took BlackICE, which was a decent product, and thoroughly screwed it up. I ran the test deployment for our shop, using only IT folks for the run-through, and ended up canning the entire project. It was slow, it was buggy, and the Virus Prevention would slow the box to an absolute crawl if the user tried to do anything with Java.
I disagree completely. It is a jumbled mouthful to discuss how Voice Over Internet Protocal Session Initiation Protocol traffic has Network Address Translation traversal issues because the Internet Protocol address is embedded into the Transfer Control Protocol / Internet Protocol packet. That's much harded to understand than discussing how VoIP SIP traffic has NAT traversal issues because the IP address is embedded into the TCP/IP packet.
It does require knowledge of the acronyms, but the jumbled mass of words that would need to be used to decribe the situation are (IMHO) much worse.
Actually, the man-trap feature could be quite useful if properly implemented. If you had an external door with this enabled on a badge reader and a room separated from the inside with an internal door that had this disabled on a badge reader, this could trap the intruder (you know, a man trap). The intruder gets through the outside door and can't get through the inside one. If you have a badge reader that's needed to exit (w/o the man-trap feature enabled), then the intruder is now stuck in the room with no way in or out. This is a variation of the classic man-trap and allowing effectivly everyone from the outside is part of the configuration.
Pronunciation differences would have a huge impact on this change in spelling. Should you spell car as "cah" like a Northeasterner? Should door be spelled "doeor" like a Southerner says it? Since there isn't a truly standard pronunciation used by everyone, how can there be pronunciation-based spelling without causing major communcation problems?
Funny, I almost never assume that the help desk person on the other line has a clue. I once called to tell my ISP that their DNS servers weren't responding. I said, "I can't resolve anything through DNS. I tried to query your servers with nslookup and got nothing. I tried pinging them and got no response. I tracerouted to them, got responses from your network, but couldn't reach them." The person then asked, "Sir, what browser are you using to ping them?" I said, "Umm...I'm not using my browser to do that." This was followed by me asking, "Do you know a cool trick that I don't?" That's why I never assume tha tthe person answering the phone has a clue.
I'm curious, in what way do you think the usability has declined from OS9? I used OS7 and OS8 pretty regularly and I find OS X to be much more usable. I've not really been a big user of OS9, so I can't really compare. BTW, I'm not trolling, I'm genuinely interested in what you see as the decline in usability.
Why couldn't Bridgestone do that? Shoot, Michelin did that very thing at the U.S. Grand Prix in Indianpolis last year.
/
http://edition.cnn.com/2005/SPORT/06/19/usa.grand
No, they'll probably do like many businesses and make P2P file sharing against the acceptable use policy. Toss up some IDS sensors, detect people using P2P software (whether or not it's for sharing of legal or illegal material), charge the user with violating the AUP, repeat as needed. It's Draconian, but it's much easier simply to detect Napster, eDonkey, etc. than to examine the content.
BTW, I'm not saying that I either agree or disagree with this method. I'm just saying that it's the "solution" I see being implemented.
What's funny is that the varied documentation methods in Linux is what infuriates me. As an old Unix-head, I think stuff should be in man pages. I hate the method of --help and /usr/share/doc/*. The OpenBSD guys may be extremely rigid, but they got it right with man .
If the support forum for a particular piece of free software is not helpful, why pay support money to others for that particular piece of software? Why wouldn't you spend money, even if it's more, for a product that you know you can get supported?
As a student, you pay your tuition, that's it. Some money might go to this professor or the administration, but you don't control that. So be a good little student and shut up and pay your tuition.
This does go both ways.
As a taxpayer, I'd say that I am also paying for this teacher's salary. Given that, I'd say the students should sit down, quit whining, grab pen/paper, and concentrate on actually learning something.
Oh, absolutely it makes sense. I wasn't thinking about Linux either when I made my comment. I was thinking of the times that I ran HA clusters in Solaris and Tru64. There were some things that had the possibility of bring the whole thing down, e.g., an upgrade to the Veritas components (VCS and VVM) or TruCluster. There are simply some times where the best HA cluster may have to go down, even if only for a period of minutes. The users (and those paying the bills) need to understand that this is the case. Don't get me wrong, it's possible to build systems that have darn-near-zero downtime. But, it's difficult to get business people to pay for that type of redundancy.
I was with you, until you commented that the root password are in a safe. It's OK, as long as the server admins have said passwords. It sounds like a good idea to use a ridiculously long password, write it down, put it in a locked safe, and require written authorization to get to it. Well, it sounds good until a mission critical server crashes, reboots, requires the root password to go into maintenance mode to run fsck, and the person/people with the safe combination is/are unavailable. This has not happened to me or anyone I know, but it's a hypothetical that one needs to think about when coming up with methods of securing passwords.
One has to get to the "trust, but verify" aspect of things. I think server admins should have the admin/root/whatever password(s), but I think it should be logged (on another system) that this particular account was used. If you don't trust your SysAdmins to be the super-user, then fire them. Log what they do and audit those logs regularly, but at some point you have to trust them to do the job they're paid to do.
Sorry, we just finished yet another audit season. This stuff is still fresh in my mind.
HA clusters, redundant systems, etc. all still need maintenance. There are still patches that need to be applied, think VCS or VVM upgrades, that affect the entire cluster. Shoot, these HA devices need to be connected to shared storage. Sometimes things happen and the storage needs maintenance too. All computer equipment, even the vaunted NSKs and Tandems, need maintenance windows. It's just an art to make sure that the downtime is minimal and the business keeps running. That's why they pay us.
Six months? The auditors require us to have all passwords changed every three months.
Depending on where you are and what you do, that's the norm. I once worked at a bank's data center and there were cameras all over the place. They do background checks before you join, etc. Personally, I don't have a problem with that. I would feel better knowing that the place that has my money is that careful.
Exactly. I do IT security and, as a general rule, access to many sites are blocked. If someone can come up with a business justification for why they need access, then I don't have a problem with it. I've been a sysadmin where I needed to use web-based email to communicate with a vendor because the corporate mail servers often blacklisted legitimate traffic. If you need something to get your job done and are willing to explain it in a document to your boss and mine, then I'm pretty good about letting you get to what you deem critical.
Yes, there are some IT folks who get a power trip over what they can keep people from accessing, but I would argue that most of us aren't like that. Every business has data that is considered sensitive, but some (financial, medical, legal, etc.) have data that is considerably more sensitive.
Before saying that IT is draconian, ask yourself how secure you want the business holding your data to be. Would feel comfortable knowing that your bank records are held at a place that doesn't do regular updates of the OSes and A/V software? Would you want your credit card info at a place that doesn't control which system can send SMTP traffic to the outside world, especially since it could be used to send your records to anywhere on the globe? Would you want your medical records held in a place that allows its normal business users to access IM servers, possilby introducing worms into the network and/or using the IM service to send out your data? Is this paranoid? Possibly. Is it a realistic view? Absolutely.
The OP talked about the way things were years ago. Ten years ago, it was also a wild west on the Internet. I personally had a Unix workstation hacked, as did a friend. The threats exist and they can be very serious, so IT has to take them seriously. The main problem that many IT shops have (my current one included) is that we still have problems with the delicate balance between security and usability. The users need to understand that what we do is done for the good of the company and our customers, but we need to understand that the job still has to get done.
Agreed. But this idiot did get other idiots to help whack the school's property. I think a felony is a bit harsh, but I can see charging him with a misdemeanor.
So I take it you regularly DDoS the U.S. Congress too?
Um, he's 18. Under the law he's not longer a kid and can be treated as an adult. If this was an automated DDoS, then no one would care. This was a manual DDoS, but it's still a DDoS. If someone was to take out your server then claim, "Oh, it was just a joke" would you feel the same way? What if it crashed the server and you lost data?
Even more than the IM worms, etc., many of the original complaints in the article stem from legislation forced upon the business world. I've worked in financial institutions where Gramm-Leach-Bliley rules, I've been in healthcare where HIPAA rules, and every public company has to follow the mandates of Sarbanes-Oxley.
We block IM at work to the outside word because the auditors forced us to do so. We block access to web-based email sites (Yahoo, Gmail, Hotmail, etc.) because the auditors forced us to do so. When dealing with financial, patient, and/or business sensitive records, it's too easy for someone to forward them via IM or web-based email sites. We block many web sites, because they have no business purpose and the person paying the bills (the CIO) mandates that we don't waste bandwidth resources.
We force passwords to be more complex and expire after 90 days. Why? Because the auditors forced us to do so. We don't allow users to install software on the PCs on their desks. Why? Because we became tired of fighting Gator and all the other "fun" spyware. It's also an audit finding not to have protections against spyware, virii, etc. Beyond that, it's just good practice to make sure that there is a centralized group who tracks what is installed where.
I don't like being the "bad guy," but I'm forced to be. The average user has to realize that the PC on their desk isn't their home machine. They didn't pay for it and they can't do with it as they please. This also goes for the network bandwidth, the phone system, etc. It's just the way it is.
Does this mean that you'll dump Unix for Vista when it's released? Just because tech is "old," that doesn't make it bad. The wheel is rather old technology, but it's still quite useful.