You didn't really mention what your career aspirations were. Hard to give advice on which to pick when we don't know where you're headed.
IMHO, there's so much confusion in the marketplace over the differences in such terms that you should really worry more about what you want to learn and take classes appropriate to that. Some places, they're looking for sysadmins, they want you to have a comp-sci degree--other places, comp-engineering, for essentially the same role. Frankly, I think that most companies who specify their requirement so narrowly do so just because it sounds good, not because it really makes a difference in the job you'll be doing. I look for companies that are more concerned with your analytical skills and technical abilities than your credentials.
Re:Better technologies out there
on
Solar Sails
·
· Score: 1
You need a more maneuvourable (sp?), or faster reacting, engine for that when it comes to landing...
Your pardon, but the last time I spoke with anyone in the UK, they sounded not a whit like any Shakespeare or Milton I've ever read. And what about Middle English? You think you could sit down and rap with Chaucer? Surely that's the 'true' English--which you are just as far from as us. And the Bible, of course, was hardly written originally in English. The English educational system is much more deficient than the American in many regards; for instance, it seems to have left you with the preposterous idea that Americans are all from England when this is in fact clearly not the case.
I submit, sir, that your version of English is outmoded and has been superseded by a superior edition, as practiced here in the United States.
Plus, companies tend to value what they pay for--even if you're a whiz, they'll trust an idiot that they're paying 90K a year before they'll trust you. There is tremendous pressure to validate their hiring decisions, so they may not see your value because it devalues someone else. In other words, no one wants to hear... "So, if this high-school student, who we're paying absolutely nothing, can do Larry's job in half the time it takes Larry, why exactly did you hire Larry at 90K? You're fired." They're gonna let Larry take care of things and keep you fetching coffee.
I use a much more low-tech method of detecting telemarketers (granted, it still involves me picking up the phone). Most of the big companies these days use computer assisted dialing--the PBX runs through and dials the numbers and only patches a marketer in when there's an answer. The process of doing this, though, has a pretty distinctive signature--if you pick up the phone and say "Hello" right away and don't get an immediate answer, or hear a click as someone is patched in, it's a sure bet that there's a telemarketer on the other end. I just hang up whenever I hear the click.
This doesn't work on smaller outfits, but those are mostly local, and often charities that I don't mind hearing from anyway, so this works out pretty well for me. And, if for some reason one of the slimy ones gets through, well, it's always entertaining to jerk them around for a few minutes while they're on the clock.
Perhaps because this matter wasn't really settled in a court--it was a plea bargain, which means it was never officially measured against the applicable laws. The ISP, in all likelihood, just decided that it was not worth its while to put up a strong defense, and copped a plea. They weren't tried, weren't found guilty, and no precedent has been set. Really, this is more about overzealous prosecutors than anything--and maybe not even that; if the cops really did contact the ISP previously, as the article indicates, and they didn't drop known porn channels, then taking them to court may have been the only recourse. Even companies exempted from liability for third-party content are responsible for complying with laws once they have been notified.
The Plate Class GSV "The Anticipation of a New Lover's Arrival" from "Excession" would be my guess.
But you shouldn't apologize much for the other responses to NLA; she (if it is in fact a she) is one of the worst trolls I've seen around here for months. Gives other Banks' fans a bad name.
After all, NASA spent thousands to get an ink pen to write in space. The Russians used a pencil...
Oh, for crying out loud. Here we go ago. See my above referenced article. NASA paid not a dime to get an ink pen to write in space--it was an independently developed invention that was then purchased for the astronauts (who also used pencils at the time) and later by cosmonauts (who no longer use pencils).
Actually, they don't, and haven't for some time. This is an old myth that's trotted out anytime someone brings up the Space Pen, but the Russians use it too. Here's a link that both talks about the Apollo 11 story and shows Russian cosmonauts with the pens:
I've heard (although this is unverified) that the problem with the pencils was graphite dust getting into the machinery--or at least the potential for it.
I sort of semi-agree with you; admittedly, not everyone is going to be able to secure a network. However, my opinion is that about half of security (maybe more) is in the mindset you have when you approach systems design and upkeep--and mindset is not really something you can hire out. Still, I suppose that there is a market for it and it's probably better than nothing, provided you can avoid leaving the client with the "Oh, we paid somebody to do that, we're all secure now" attitude.
As far as IIS goes, I've had reasonably good luck using Microsoft's checklists to lock it down after installing it on a box that's already been secured. The biggest problem with IIS, IMHO, is not really IIS, but ASP, and the fact that most ASP coders wouldn't recognize a security hole in their code if it bit them in the ass. Rigorous code auditing is really the only way around that, although I can certainly appreciate the value in having a good reverse proxy in front of the box. Personally, I never have a web server within a couple of defense rings of anything really important, anyway.
It's interesting that you should have this insight about the store subsystem right now, because the buzz over at Microsoft is, "Let's move all this over into SQL Server." So they're essentially headed in that same direction, as you say. But from what I hear, some of the old-timers over there are rolling their eyes--apparently they've tried it before, and it didn't work out so well. Not sure why, or when... but it would be interesting to find out.
So, I'm not vouching for any of this particularly, it's just bits and pieces I've picked up from friends who work for da' Man.
I think that security would be about the last thing that I would be wanting to outsource. I might use outside agencies to do annual audits or penetration testing, because they'll think of ways around my defenses that I hadn't thought of, but relying on them for the defense itself... I don't know about that.
Maybe I'm just paranoid, but it seems to me that if you don't know, yourself, the details of your security, then your site is not secure. This is especially true of firewalls--all too often you see someone just drop one in and assume that they're now safe from harm. A firewall is absolutely the last thing I implement in site defense--first I make sure everything is locked down tightly enough that it doesn't need the firewall, then I put the firewall in. Anyone or any company who is trying to sell you on "Yeah, just install our product, you'll be perfectly safe, don't worry about it..." is doing you a dis-service. It's worse than having nothing to put something like this in and then ignore it--false sense of security.
Now, maybe if you've already locked everything down and just want someone to handle the maintenance, these services might be okay. But there's gotta be a hole somewhere for them to get in to administer the thing... so really, you just opened up a new vulnerability in your network when you hire them.
Yeah, heat prolbems make sense. Think I'll pass on futzing around with the board, though... faster to slap a spare drive in and return the bad one under warranty.
If it's that catastrophic for you, consider planning adequately for the event in the future. I lose drives too, but it's not a big deal, because either A) They're in someone's crappy desktop which doesn't have anything besides the OS and applications on it, which I just swap out with a spare desktop box, kept on hand for just such contingencies or B) They're in a server and have adequate RAID protection to allow me to replace them at my leisure--with no lost data.
If we're talking about your box at home, keep backups, or better, implement some simple RAID 1 protection. Hard drives aren't that expensive, and any OS worth it's salt has some sort of software RAID implementation that is easy to set up.
That's odd. Usually, pretty much the only thing that goes wrong in our boxes is because of moving parts--power supply fan, or drive arm, platter, or motor. It always made sense to me--solid state components just don't have as much that can go wrong with them as any component that has friction involved.
Oh, yes, more frivolous lawsuits, that's exactly what we need.
You ask, is Microsoft free of any liabilities (the answer happens to be 'yes' if you opened the software and agreed to their ridiculous shrinkwrap license, but we'll forget that for the moment)? I would ask, is the user suddenly free of any responsibility? I mean, come on, Bill Gates didn't come out and sit down at your computer and open up that infected piece of mail. If you opened it, you've got one person to blame--yourself. I see this happen all the time, and in clear violation of company policies--you just don't open a file you get from someone you don't know or that you didn't ask for.
Regardless of how often or how much you sue manufacturers for, in this environment it will accomplish very little. These systems are complex enough that anyone with any significant motivation is going to find a way to distribute viruses. The only real solution is user education. I wish there were better safeguards in what was out there, too. But you know what? If I was that unhappy with them, I'd switch to a better product. That's on me, not Microsoft. People who are dumb enough to use their products without taking adequate precautions shouldn't be whining about it in court.
While I agree that a particular file format is not necessary in order to run a business, and even that you could run most businesses without them, I'd like to point out that in all likelyhood, these businesses probably wouldn't be able to run without them. Business in the information age is about moving paper--electronically or otherwise. Any company that disregards the importance of the infrastructure that this stuff moves across is asking for trouble. And if you've ever been through a platform migration at a company of any significant size, I don't think you'll lightly say that this stuff can "just as easily be ported over to (name you package)". It's a lot of time-consuming, costly work and training.
Having just started at a company where a project was already underway building a site with PHP and MySQL, my advice would be, go with something you personally are familiar with. Even if it ain't the latest and greatest, open-sourced, bells-and-whistles product, use something that you can support.
There are a couple of reasons for this. One, you are likely the one who will have to support it after the consultants pack up and move on. If you're looking to learn something new, cool, but make sure you've got time to get up the learning curve.
Two, you'll be able to exercise some oversight on the people building it out for you. The jokers that were hired for the project done here didn't have anyone looking over their shoulder, and it shows. No one here was able to check on their work or provide decent direction. While they were technically astute enough, they were obviously not experienced consultants and the design and documentation are woefully lacking.
This is a good rule for hiring any sort of consultants, I feel, but I would be especially careful getting and checking references on these particular technologies. You should be looking for someone who is a professional first, and a technical expert second. It doesn't matter if they're self-taught whizzes that put the coolest site in the universe together in their basement--you need someone who can do your project professionally enough that you can understand and continue to support it.
I've found that I rarely have this problem when I'm working in technical environments with other technically astute people. After a few weeks where they sort of feel you out and you prove that you're not a moron, they'll pretty much be willing to hear you out (although they'll still slag you down if there's room for disagreement--nerds can be harsh). And of course, the more technical accomplishments you show them, the higher you rise in their esteem over time.
But in a non-technical environment, I think it's very much the case of people equating age with experience. For example, right now I'm in a contract-to-hire position for an MIS Manager slot at a mid-sized real estate development company. Originally, they were planning on just hiring the position perm and full-time, but apparently they were a little nervous about me. I've only been here a couple of weeks, but already I've cleaned a lot of things up, improved performance and stability, and generally made life easier for the staff. But I'm not at all sure that they'll offer me the perm position, because I get the impression that they're looking for someone a little older who wears a tie. The pay is awesome and the job is interesting enough, but I find myself uncomfortable with the lack of emphasis on performance as a measuring stick. I'm coming out of dot-coms where you're pretty much taken for whoever you are as long as you can get the job done and I don't have much patience for the extraneous BS of corporate life. My normal reaction would be to say, screw 'em, and move on--but it's not so easy when $$$$ start popping up.
So I have some idea of where you're at. I guess that you (and I) have a couple of options. Here's what I'm planning on doing:
--Emphasize past performance that has been to the benefit of the company. If you've done things that have improved their bottom line, point them out and speak up. They're more likely to value your opinion if you have provided measurable value to the company.
--Point out that IT is not like accounting. This field evolves so rapidly that all any of us really have is a couple of years of experience. Sure, the rest is something to build on, and I wouldn't trade it in, but most of the technologies I work with day to day have only existed for a few years--remember the ads for Java programmers with 10 years of experience a year after the language was invented? Traditional yardsticks don't mean much in this environment.
--Let them hang themselves. Put things in writing. If you have an opinion that you stand behind that runs counter to what they think, put it in a memo and spread it around. If they ignore you and six months later pay for it, you and they both know that they should have listened to you. You don't have to rub their noses in it; just propose your own solution again--they'll get the message.
--Write it up. Don't just expect someone to listen to you because you talk. Give 'em a paper with citations, arguments, and examples. People in traditional businesses love that shit.
Good luck. If you give it a few months and it still doesn't work for you, look elsewhere; there are still places where what you think is more important than how you look.
Slashdot Mirror
You didn't really mention what your career aspirations were. Hard to give advice on which to pick when we don't know where you're headed.
IMHO, there's so much confusion in the marketplace over the differences in such terms that you should really worry more about what you want to learn and take classes appropriate to that. Some places, they're looking for sysadmins, they want you to have a comp-sci degree--other places, comp-engineering, for essentially the same role. Frankly, I think that most companies who specify their requirement so narrowly do so just because it sounds good, not because it really makes a difference in the job you'll be doing. I look for companies that are more concerned with your analytical skills and technical abilities than your credentials.
You need a more maneuvourable (sp?), or faster reacting, engine for that when it comes to landing...
What, you've never heard of tacking?
You, sir, are a troll and a fool.
Your pardon, but the last time I spoke with anyone in the UK, they sounded not a whit like any Shakespeare or Milton I've ever read. And what about Middle English? You think you could sit down and rap with Chaucer? Surely that's the 'true' English--which you are just as far from as us. And the Bible, of course, was hardly written originally in English. The English educational system is much more deficient than the American in many regards; for instance, it seems to have left you with the preposterous idea that Americans are all from England when this is in fact clearly not the case.
I submit, sir, that your version of English is outmoded and has been superseded by a superior edition, as practiced here in the United States.
Good day to you, sir.
Plus, companies tend to value what they pay for--even if you're a whiz, they'll trust an idiot that they're paying 90K a year before they'll trust you. There is tremendous pressure to validate their hiring decisions, so they may not see your value because it devalues someone else. In other words, no one wants to hear... "So, if this high-school student, who we're paying absolutely nothing, can do Larry's job in half the time it takes Larry, why exactly did you hire Larry at 90K? You're fired." They're gonna let Larry take care of things and keep you fetching coffee.
I use a much more low-tech method of detecting telemarketers (granted, it still involves me picking up the phone). Most of the big companies these days use computer assisted dialing--the PBX runs through and dials the numbers and only patches a marketer in when there's an answer. The process of doing this, though, has a pretty distinctive signature--if you pick up the phone and say "Hello" right away and don't get an immediate answer, or hear a click as someone is patched in, it's a sure bet that there's a telemarketer on the other end. I just hang up whenever I hear the click.
This doesn't work on smaller outfits, but those are mostly local, and often charities that I don't mind hearing from anyway, so this works out pretty well for me. And, if for some reason one of the slimy ones gets through, well, it's always entertaining to jerk them around for a few minutes while they're on the clock.
Perhaps because this matter wasn't really settled in a court--it was a plea bargain, which means it was never officially measured against the applicable laws. The ISP, in all likelihood, just decided that it was not worth its while to put up a strong defense, and copped a plea. They weren't tried, weren't found guilty, and no precedent has been set. Really, this is more about overzealous prosecutors than anything--and maybe not even that; if the cops really did contact the ISP previously, as the article indicates, and they didn't drop known porn channels, then taking them to court may have been the only recourse. Even companies exempted from liability for third-party content are responsible for complying with laws once they have been notified.
The Plate Class GSV "The Anticipation of a New Lover's Arrival" from "Excession" would be my guess.
But you shouldn't apologize much for the other responses to NLA; she (if it is in fact a she) is one of the worst trolls I've seen around here for months. Gives other Banks' fans a bad name.
After all, NASA spent thousands to get an ink pen to write in space. The Russians used a pencil...
Oh, for crying out loud. Here we go ago. See my above referenced article. NASA paid not a dime to get an ink pen to write in space--it was an independently developed invention that was then purchased for the astronauts (who also used pencils at the time) and later by cosmonauts (who no longer use pencils).
Actually, they don't, and haven't for some time. This is an old myth that's trotted out anytime someone brings up the Space Pen, but the Russians use it too. Here's a link that both talks about the Apollo 11 story and shows Russian cosmonauts with the pens:
Apollo 11 Space Pen Story
I've heard (although this is unverified) that the problem with the pencils was graphite dust getting into the machinery--or at least the potential for it.
I sort of semi-agree with you; admittedly, not everyone is going to be able to secure a network. However, my opinion is that about half of security (maybe more) is in the mindset you have when you approach systems design and upkeep--and mindset is not really something you can hire out. Still, I suppose that there is a market for it and it's probably better than nothing, provided you can avoid leaving the client with the "Oh, we paid somebody to do that, we're all secure now" attitude.
As far as IIS goes, I've had reasonably good luck using Microsoft's checklists to lock it down after installing it on a box that's already been secured. The biggest problem with IIS, IMHO, is not really IIS, but ASP, and the fact that most ASP coders wouldn't recognize a security hole in their code if it bit them in the ass. Rigorous code auditing is really the only way around that, although I can certainly appreciate the value in having a good reverse proxy in front of the box. Personally, I never have a web server within a couple of defense rings of anything really important, anyway.
Er; you did see who the author of the article was, right? Not exactly one of the record companies favorite people... Napster co-founder Jordan Ritter.
You're saying they paid him off, or did you just not bother to read the header?
Which is exactly why they are such a mess; and why they are trying to move in the direction of SQL Server.
Fortunately, as seen on Slashdot, someone is already working on the problem:l
http://slashdot.org/articles/99/08/25/141254.shtm
It's interesting that you should have this insight about the store subsystem right now, because the buzz over at Microsoft is, "Let's move all this over into SQL Server." So they're essentially headed in that same direction, as you say. But from what I hear, some of the old-timers over there are rolling their eyes--apparently they've tried it before, and it didn't work out so well. Not sure why, or when... but it would be interesting to find out.
So, I'm not vouching for any of this particularly, it's just bits and pieces I've picked up from friends who work for da' Man.
I think that security would be about the last thing that I would be wanting to outsource. I might use outside agencies to do annual audits or penetration testing, because they'll think of ways around my defenses that I hadn't thought of, but relying on them for the defense itself... I don't know about that.
Maybe I'm just paranoid, but it seems to me that if you don't know, yourself, the details of your security, then your site is not secure. This is especially true of firewalls--all too often you see someone just drop one in and assume that they're now safe from harm. A firewall is absolutely the last thing I implement in site defense--first I make sure everything is locked down tightly enough that it doesn't need the firewall, then I put the firewall in. Anyone or any company who is trying to sell you on "Yeah, just install our product, you'll be perfectly safe, don't worry about it..." is doing you a dis-service. It's worse than having nothing to put something like this in and then ignore it--false sense of security.
Now, maybe if you've already locked everything down and just want someone to handle the maintenance, these services might be okay. But there's gotta be a hole somewhere for them to get in to administer the thing... so really, you just opened up a new vulnerability in your network when you hire them.
Yeah, heat prolbems make sense. Think I'll pass on futzing around with the board, though... faster to slap a spare drive in and return the bad one under warranty.
If it's that catastrophic for you, consider planning adequately for the event in the future. I lose drives too, but it's not a big deal, because either A) They're in someone's crappy desktop which doesn't have anything besides the OS and applications on it, which I just swap out with a spare desktop box, kept on hand for just such contingencies or B) They're in a server and have adequate RAID protection to allow me to replace them at my leisure--with no lost data.
If we're talking about your box at home, keep backups, or better, implement some simple RAID 1 protection. Hard drives aren't that expensive, and any OS worth it's salt has some sort of software RAID implementation that is easy to set up.
That's odd. Usually, pretty much the only thing that goes wrong in our boxes is because of moving parts--power supply fan, or drive arm, platter, or motor. It always made sense to me--solid state components just don't have as much that can go wrong with them as any component that has friction involved.
Oh, yes, more frivolous lawsuits, that's exactly what we need.
You ask, is Microsoft free of any liabilities (the answer happens to be 'yes' if you opened the software and agreed to their ridiculous shrinkwrap license, but we'll forget that for the moment)? I would ask, is the user suddenly free of any responsibility? I mean, come on, Bill Gates didn't come out and sit down at your computer and open up that infected piece of mail. If you opened it, you've got one person to blame--yourself. I see this happen all the time, and in clear violation of company policies--you just don't open a file you get from someone you don't know or that you didn't ask for.
Regardless of how often or how much you sue manufacturers for, in this environment it will accomplish very little. These systems are complex enough that anyone with any significant motivation is going to find a way to distribute viruses. The only real solution is user education. I wish there were better safeguards in what was out there, too. But you know what? If I was that unhappy with them, I'd switch to a better product. That's on me, not Microsoft. People who are dumb enough to use their products without taking adequate precautions shouldn't be whining about it in court.
If you're going to have a beef with the ATF, you should at least realize that they're not part of the FBI--they're Treasury, not Justice, agents.
And, of course, they had nothing to do with Elian Gonzalez, who was removed by the INS (also a DOJ entity).
While I agree that a particular file format is not necessary in order to run a business, and even that you could run most businesses without them, I'd like to point out that in all likelyhood, these businesses probably wouldn't be able to run without them. Business in the information age is about moving paper--electronically or otherwise. Any company that disregards the importance of the infrastructure that this stuff moves across is asking for trouble. And if you've ever been through a platform migration at a company of any significant size, I don't think you'll lightly say that this stuff can "just as easily be ported over to (name you package)". It's a lot of time-consuming, costly work and training.
If they've been taking people to small-claims court, they're even cheaper bastards than I thought ;-)
Kilo is not metric; it just means 'thousand.' You can put it in front of all kinds of stuff--kilowatt, kilovolt, kilobyte, etc.
Stuff based on meters is metric.
Having just started at a company where a project was already underway building a site with PHP and MySQL, my advice would be, go with something you personally are familiar with. Even if it ain't the latest and greatest, open-sourced, bells-and-whistles product, use something that you can support.
There are a couple of reasons for this. One, you are likely the one who will have to support it after the consultants pack up and move on. If you're looking to learn something new, cool, but make sure you've got time to get up the learning curve.
Two, you'll be able to exercise some oversight on the people building it out for you. The jokers that were hired for the project done here didn't have anyone looking over their shoulder, and it shows. No one here was able to check on their work or provide decent direction. While they were technically astute enough, they were obviously not experienced consultants and the design and documentation are woefully lacking.
This is a good rule for hiring any sort of consultants, I feel, but I would be especially careful getting and checking references on these particular technologies. You should be looking for someone who is a professional first, and a technical expert second. It doesn't matter if they're self-taught whizzes that put the coolest site in the universe together in their basement--you need someone who can do your project professionally enough that you can understand and continue to support it.
I've found that I rarely have this problem when I'm working in technical environments with other technically astute people. After a few weeks where they sort of feel you out and you prove that you're not a moron, they'll pretty much be willing to hear you out (although they'll still slag you down if there's room for disagreement--nerds can be harsh). And of course, the more technical accomplishments you show them, the higher you rise in their esteem over time.
But in a non-technical environment, I think it's very much the case of people equating age with experience. For example, right now I'm in a contract-to-hire position for an MIS Manager slot at a mid-sized real estate development company. Originally, they were planning on just hiring the position perm and full-time, but apparently they were a little nervous about me. I've only been here a couple of weeks, but already I've cleaned a lot of things up, improved performance and stability, and generally made life easier for the staff. But I'm not at all sure that they'll offer me the perm position, because I get the impression that they're looking for someone a little older who wears a tie. The pay is awesome and the job is interesting enough, but I find myself uncomfortable with the lack of emphasis on performance as a measuring stick. I'm coming out of dot-coms where you're pretty much taken for whoever you are as long as you can get the job done and I don't have much patience for the extraneous BS of corporate life. My normal reaction would be to say, screw 'em, and move on--but it's not so easy when $$$$ start popping up.
So I have some idea of where you're at. I guess that you (and I) have a couple of options. Here's what I'm planning on doing:
--Emphasize past performance that has been to the benefit of the company. If you've done things that have improved their bottom line, point them out and speak up. They're more likely to value your opinion if you have provided measurable value to the company.
--Point out that IT is not like accounting. This field evolves so rapidly that all any of us really have is a couple of years of experience. Sure, the rest is something to build on, and I wouldn't trade it in, but most of the technologies I work with day to day have only existed for a few years--remember the ads for Java programmers with 10 years of experience a year after the language was invented? Traditional yardsticks don't mean much in this environment.
--Let them hang themselves. Put things in writing. If you have an opinion that you stand behind that runs counter to what they think, put it in a memo and spread it around. If they ignore you and six months later pay for it, you and they both know that they should have listened to you. You don't have to rub their noses in it; just propose your own solution again--they'll get the message.
--Write it up. Don't just expect someone to listen to you because you talk. Give 'em a paper with citations, arguments, and examples. People in traditional businesses love that shit.
Good luck. If you give it a few months and it still doesn't work for you, look elsewhere; there are still places where what you think is more important than how you look.