Ironically, I think you have illustrated exactly why the desktop/laptop will be dead.
Similar arguments have been made for every outmoded technology by people who can't quite grasp that the world constantly changes around them. The only objection you are really leveling is already being attacked from both angles (areas with little or not Internet connectivity have been shrinking rapidly for a decade now, and many SaaS companies are providing basic caching and local operation of their services via browser plugins). We'll always still use something with some local processing capacity and storage to access cloud-based services, and in that sense, of course the "computer" is not dead... but it won't be the same processor/storage behemoth that we currently think of as a desktop or laptop. In fact, that's why they are calling those things you mention "netbooks"... because they aren't really a laptop or a desktop, no more than a horse and buggy is a car.
There are a load of fine suggestions in this thread which are well-constructed for logical minds, but I can't help but feel this tactic is best answered in kind: a gut-level fear-check. And so the best response isn't to sit down and try to explain the perils of security through obscurity, nor to try to sell additional security services, or to discuss patch cycles and the like, but instead to simply ask the client this: "When's the last time you heard on the evening news anything about a new virus, exploit, or vulnerability discovered in your Linux software? Now, how about Microsoft software?"
Overly simplistic? Absolutely. Sure to make them reconsider what the Microsoft vendors are trying to sell them on its supposed security? Definitely.
I think what it really shows the perils of is piling additional "features" on top of a perfectly good product until you've ruined what made it good in the first place and turned it into worthless crap. Search should be simple: give the user what they are looking for. All the other extraneous stuff they are loading it up with is bound to interfere with that basic requirement at some point.
I see this in mature development projects all the time. At some point, people get a pretty good product working, but they can't repress the urge to continue "improving" it... it can be boredom, wow factor for marketing, or just plain stupidity, but few people or organizations seem to know when to quit messing with a product that already works well.
The problem is that you know how they work and see the complexity first hand, and so you don't get the 10,000 foot view, which is that despite all that complexity--or perhaps because of it--the reality is that at the business/consumer level, technology has gotten easier. It's still not fool-proof, you can make a mess of it if you do things wrong, but in the last three to five years I have seen enough good implementations out there which have low downtime and minimal maintenance requirements to convince me that we're making progress with reliability and usability. I know of companies running information systems smoothly and with minimal IT staff now which would never have been able to afford keeping an NT4 network running.
SBS and to a lesser extent Windows Server itself really are manageable for day to day purposes in certain environments by a half-conscious office admin. And properly configured Linux or appliance servers can be set up, kicked under a desk, and ignored for years without problems now. I have seen support calls go down dramatically in the last few years as we have figured out how to deploy these things properly. Technology is just more reliable than it used to be; hardware failure rates are down, software explodes more gracefully, and for specific rote tasks, it's easier for users to learn and use. Ten years ago, you had to send staff off to class every time you brought in new software. I don't know of anyone who does that anymore.
I realize this isn't universally true, but it's one of those instances where a few organizations doing it prove that it can be done, and that the technology is not to blame in all of those places where so many problems still exist, but rather management and application.
I proudly adhere to a double-standard in this matter; I test people that I hire, but if I am the interviewee, I don't take tests and don't dress up for interviews (I guess it's only partially a double-standard... I don't care how people dress when I interview them; if anything, I'm a little suspicious of those who show up in suits, simply because I have never known anyone worthy in the field who has felt the need to bother with such a thing).
I test for all the reasons that most of the supporters of it here think I should; there's no blanket certification in this business that is trustworthy, and while many people can talk a good game, watching them do something they should be able to do is the only real way to evaluate them.
I won't take tests, and I don't dress up, because of a factor that others here have also cited: an interview is as much about me evaluating the company as the other way around, and I don't want to work at a company where those things are considered important. I'm not saying, as you suggest, that "hey, it shouldn't matter" to the company... they can obviously pick whatever they want to matter to them. But it doesn't matter to me and their wanting it to isn't going to change that... so better for both of us if we find out about that disagreement before I get hired, rather than my adopting the conventions of the job interview to effectively deceive them about my priorities.
I've been doing this long enough that there are plenty of people they can call if they want to check on my performance, and I have been doing it long enough that I expect they are bringing me in to do it my way, not theirs. There are plenty of young impressionable college grads available if the employer wants to stamp out another drone in the preferred mold. The best reason to hire me is to bring expertise into the company that it doesn't already have... and how are they going to evaluate that with a test? This isn't true for all job-seekers, of course, but that is where my double-standard comes from.
I stopped agreeing to take tests after an oral exam many years ago from some ex-Microsoft millionaire, who, like many of them, by dint of his association with the company had become convinced of his own brilliance and skill and left with his nest-egg to form a startup that was sure to be the Next Big Thing. He asked a series of questions and I answered them confidently, having had experience with the matters he brought up, and didn't imagine things weren't going well until he stopped me mid-answer and abruptly said, "You're wrong." He proceeded to outline his own answers, which I quickly understood to accomplish the same things as mine, but in a different fashion, and basically monologued for the rest of the interview about how great the company was going to be, wasting both our time. The insight I received from that experience was that he was looking for a psychic, not a system administrator, and that tests, as necessary as they may be in judging skills, are generally doing the same thing: there is one right answer in most tests, but in Information Technology, there is rarely only one right answer. There are a hundred ways to accomplish any given thing in this business, each with its own advantages and tradeoffs, but only in the minds of zealots are all but one of them unacceptable. If you are an open-minded interviewer, then you can "test" prospects by accepting a spectrum of acceptable answers, but most tests do nothing of the sort. They're good at whittling your number of applicants down to a reasonable size for interviews, but they put the wheat out with the chaff in doing so.
Also it is beyond my understanding that someone tells us that what is being done is good for them without seeing there, talking to anyone working there. Don't you think it is way too arrogant to "know" what is good for them?
Seems to me that goes both ways. A lot of folks agitating for changes in oversea working conditions (at least with respect to China) might be very surprised to learn the actual opinions of all those poor, downtrodden folks they are "protecting."
The good thing about total surveillance is that it will make the unjust laws stand out and expose them to the public.
I don't think that is necessarily true even if people find out about the cases in which those laws are enforced. Even if it were, they probably won't find out; the increases in surveillance have been accompanied in many cases by gag orders to prevent anyone who finds out about them from relaying that information, and with secret proceedings to determine the outcomes, how exactly are these things being exposed? Although the gagging provisions in the PATRIOT act were struck down in 2007, no one outside the federal government has any idea what laws it was used to enforce. And it seems likely that there are still instances of covert surveillance underway which may never be disclosed, as the lines between domestic and foreign intelligence has been blurred so drastically over the past seven years.
Anyone familiar with the American legal system should understand that legal and ethical are not the same thing. The ability to do a thing does not make it the right thing.
I haven't looked at it lately, so maybe it's one of the expired provisions, but wasn't one of the more insidious problems with PATRIOT was that subpoenas issued under its auspices could not be revealed to anyone, or even the fact that they had been issued at all? Don't want those terrorists to know we're looking for 'em, after all.
That was really the most frightening part of the whole thing, although few people picked up on it (apparently--maybe those that did were just hustled off in the middle of the night and shot). With those provisions, we have absolutely no idea how often the act is being used or to what ends. Presumably the subpoenas you were issued weren't part of PATRIOT investigations, though.
For someone who had such a problem with the generalization "the computer world in general" you've gone on to make an even less accurate one with "Given the option, programmers write good code. They're rarely given the option."
I'll add mine: most code is complete crap. A small percentage of programmers write good code, the rest churn out drek that requires a lot of testing and review to pass muster (which, if anything, reinforces your point about QA). They are no more immune to featuritis or feature creep than their managers, no small number of whom are--you guessed it--former programmers.
The problems you have pointed out are very real and are a part of the overall issue, no doubt. But it's disingenous to suggest that simply allowing programmers to go their own way and take as long as they feel is necessary to complete the project would solve the issue. I suggest you amble on over to Sourceforge and peruse any random sample of the projects there whose coders have had as much time as they please to work on before release, and then come back and tell us how terrific it all is.
Nonsense. It allows unlimited modification of the code, but it also REQUIRES inclusion of a copyright notice by the author--so no, they can't just remove those attributions and remain in compliance.
Yeah, it's absolutely vital, and the results of a breach can be devastating.
The trick to knowing whether or not it's absolutely vital (which it isn't, not in every case) is to calculate just how devastating a breach could be. That's how you decide how much time/effort/pay-grade to put into it. And sure, that's the CTO's job to determine, but the CEO needs to make sure that it's done, and depending on what the answer to the "How devastating?" question turns out to be, it may be a matter for his or her personal attention.
Every other method of weighing the importance of security is a bunch of blather. You figure out the costs and that tells you what you can afford to spend in protection.
Absolutely correct. Moving from small manual operations to 200+ PCs at a client requires, much more than technical knowledge, organization. It's a whole different approach to IT, and if you don't learn it quick, you're going to both run yourselves ragged and displease your clients immensely. Standards, procedures, all those nasty managerial buzzwords, are things you are going to have to become intimately familiar with in short-order. And since it doesn't sound like you have that sort of background yet, it means hiring someone who does.
I read a few months ago that they were finally thinking about doing that (article here) but I don't know if they finally decided to or not. I was flabbergasted when I found out that wasn't the case already--I don't know any other major company that runs Windows which allows such broad access to the desktop. But it sure explained a lot in retrospect about Windows security and application access requirements.
The problem with profiling isn't so much that it is discriminatory, but that using it introduces patterns into the system which are then easy to play to and beat. It may seem like common sense, but really it's just another weakness in the security system.
I think you're right that most people use that word to refer to the current practice, but I think you're wrong in assuming they have any idea what the distinction between the two actually is. Most of the time when I hear people throw around the word "democracy" it's as the implicit idea that every individual should have a voice on every choice society is faced with. Even in our supposedly representative process here in the US, you can still see that the general belief is that each person has the right to vote on each topic just by looking at the way campaigns for representatives are framed... they have less to do with "so and so is a good person and you should vote for him because he will excercise your proxy with courage and wisdom" than "so and so will vote on issue X exactly the same way you would so you should elect him!" The trend, at least in Western states, toward increasing numbers of referendums and initiatives to produce law, also points to that belief.
So I think the grandparent's point and the distinction are valid; you and I may be enlightened enough to bandy about "democracy" in the understanding that it refers to a representative form, but that's a concept that needs reinforcing in open discussions.
Re:It's like nothing we've seen .. since Linux
on
A New Kind of OS
·
· Score: 5, Insightful
I don't disagree with you entirely, but you can certainly understand that the line between using and programming has become blurred over the years, and not always with such negative outcomes. After all, in the beginning, everything was programming. Your argument could have been applied to someone just wanting a simple word processor back in the punch-card and teletype days.
Things have obviously changed quite a bit; you don't have to be a programmer to get WYSIWYG editing and print output anymore. It may not seem like it from here, but there are probably a lot of functions that most people consider "programming" that will fall into the same category at some unspecified point in the future. All that programming does is simply interface with the machine at a slightly more complex level than the average user. We're just talking about improving the interface to the point where some things, which now require "programming", will simply be "using" instead... and programmers will move on to more complicated arenas.
Macros or mail filters or Netflix's recommendation system are all ways that average users basically program computers today without any hardcore CS education. Ten or twenty years ago, they would have required such a background to accomplish the same tasks, but no one really considers it "programming" today; there is no reason that many other functions that we currently think of as programming won't become similarly easy or transparent.
There will always be the wizards responsible for writing the code that puts those things into place, and so that's where I agree with you--if you want to be a coder, go learn to code. In that sense, programming will always be programming, but I think the common definition of the word is a necessarily moving target.
In addition to the other factors that people have already mentioned (higher risks, long-distance blocking) there is also the fact that employeers don't have to indiscriminately block phone calls, because it's obvious to everyone within earshot when you are making a personal call as opposed to a business call--there is automatic, if informal, monitoring.
Now look at the guy seated in the next cubicle over. Is he diligently hammering away at his TPS reports or playing Yahoo Poker? Looks the same if you're not looking over his shoulder. With no easy way to discriminate between business and personal use, then the blocking has to be indiscriminate. Any other form of monitoring takes too many resources.
Personally I don't think businesses should bother; I think you should judge people by the results they put up. If your best employee spends two hours a day chatting up his girlfriend on AIM, who cares? Keep him happy, he'll be productive. If he's not productive anyway, then who cares whether the cause is the Internet or something else--get rid of him. Monitoring and blocking just results in a lot of wasted time on both sides as new methods are developed for circumventing it and counters devised and implemented.
At the same time I realized that Slashdot is colored by the largely mid-level knowledge-working audience; it probably makes most of us more productive to have full-time, unfiltered net access, but there are classes of jobs where that isn't the case. A lot of relatively low-level positions now require having a computer in front of them, and in my experience more you lock those suckers down and the less extraneous capability they have beyond the vital requirements to accomplish specific job tasks, the safer and happier everyone is. They don't break as much, they don't provide a new way to goof off, they just work.
Also, its up to the users to put their data on the shared and backed up network drive because their desktop is not backed up.
A lovely theory that doesn't play too well when you take it to management; IT is supposed to know about and deal with such things, users are rarely held responsible, a point I alluded to earlier. Asking the users to take care of anything is a half-assed approach to IT managment, and is inefficient in itself... you're not doing much in the way of managing if you are leaving all the important bits up to them. The security and continuity of business files is an important bit. They shouldn't have to think about anything other than doing their job. That's what the IT department is there for.
The documents are locked out if two people try to edit simultaneously, exactly my point--no one wastes time with simultaneous edits, since one or the other is at least aware it is happening.
If corporate procurement is stocking desktops with a lot of disk space, then they're buying the wrong desktops. You could still use it, if you wanted, with DFS or some such, but when it's not tied together, it's not cheap... you're just not factoring in any of the management overhead that would be required to make it secure and organized.
Sure they are very convenient, but its best to keep larger permanent storage on a shared disk, and your regular day to day stuff on a local disk.
This is a recipe for a nightmare when it comes to backup, security, and disaster recovery. It's usually also a terribly inefficient (and therefore, expensive) use of disk space and in my experience it often results in document versioning problems which take hours to unravel--you know, Fred and Alice are both working on that proposal, each of them has it on their desktop, making mutually exclusive changes simultaneously. It's difficult to keep documents organized when they are scattered across a hundred PCs with a hundred different users' idea of the ideal folder organization; need that important PO the day that Jerry happens to be out sick? Gosh, I'm sure it's on his computer somewhere.
But that's an incidental issue, the real reason is cost. It's far cheaper to make a server disk array reasonably redundant and have it organized, secured, indexed, and backed up, than to do so for every desktop in the enterprise, which is why most of us do it that way rather than a fascination with NFS. At least, those of us who value organization and security. No matter how often you tell the average user to make sure to either move important documents to the shared drive or back them up individually, they don't, and it's a business problem when their el cheapo PC hard drive goes wonky, or they leave, or accidentally erase something. Better to eat the relatively low cost of having them store EVERYTHING on the server than to lose the hours required sorting out the other mess.
Amen. I've been preaching that quite a bit in situations where it's practical--the real cost of license management for anyone who is serious about compliance is significant, and when you factor it into TCO, often tips the scales decisively toward free OSS solutions.
That's overly simplistic, and as it's stated, demonstrably incorrect. Everyone can pirate Windows; pretty clearly, more than 5% actually do pay for it regardless.
The reality is that there is a sliding scale of factors that actually control piracy. It's never as simple as "Everyone will do it if they can" or "Only a small number will do it if they respect you and your product." It's a combination of basic honesty (believe it or not, at least in most of the First World, this exists... police-state crackpot comments aside, society doesn't have nearly the resources to enforce basic ethical and legal codes without overwhelming voluntary compliance), rudimentary registration control, and reputation of the company and the product.
IMHO, Apple seems to have about hit the sweet spot on this. Most of their users are fans, and therefore willing to pay for the product; they do have some basic controls that make it at least slightly harder than falling off a log to pirate their software, which seems to prevent most casual piracy... but the controls aren't so draconian as to throw a red flag up in front of the hacking community and make it an overwhelming, blood-lust goal to crack them, the way that most Microsoft products seem to be treated. I think there are a lot of pirates who make it their mission to have cracks out for MS software practically as soon as it is out the door--I don't see the same environment around Apple stuff.
And the bit about most companies not tolerating pirated software? Way off the mark in my experience. The companies that I have seen (and I've seen more than most, as a consultant) are generally very lax about licensing enforcement, unless they've gotten bit at some point by the BSA or their ilk. It's a real challenge to get most corporate IT departments to get serious about license tracking (see other comments in this story for examples) because it's neither interesting nor mission critical, and even if management has made it a priority, the junior techs actually installing crap usually don't give a shit.
Ah, but it's not just the knowledge, it's the availability of the resources.
You get to the point where you start needing petroleum products, how easy is it going to be to get access to those oil reserves with your bootstrap technology, now that all the easy pickings are gone? Same thing with a lot of metals... the easily accessed deposits have been mined out, and the hard to get at stuff requires higher technology... which may well require the hard to get at stuff in the first place. Catch 22.
I think what things would look like if we had to restart civilization from scratch would involve entirely different kinds of figuring shit out... it would be about reuse and recycling rather than re-implementing old technologies from whole cloth. Why spend time with wood and stone when you've got a bunch of metal already laying around? I don't think the jump to metal actually would be the hard part; I think the jump to non-petrochemical bases would be the hard part.
Yeah, yeah, it's all off-topic, mod me down, I know.
I think his point is that a large marketing budget doesn't necessarily equate to a large R&D or QC budget and so, yeah, it's unintelligent to make any purchasing decision unless you'd done research on reliability and comfort/pleasure regardless of whether the product in question is brand name or not.
So I'm currently accepting (female) volunteers in my selfless efforts to research condom reliability, comfort, and pleasure--apply within!
Slashdot Mirror
Ironically, I think you have illustrated exactly why the desktop/laptop will be dead.
Similar arguments have been made for every outmoded technology by people who can't quite grasp that the world constantly changes around them. The only objection you are really leveling is already being attacked from both angles (areas with little or not Internet connectivity have been shrinking rapidly for a decade now, and many SaaS companies are providing basic caching and local operation of their services via browser plugins). We'll always still use something with some local processing capacity and storage to access cloud-based services, and in that sense, of course the "computer" is not dead... but it won't be the same processor/storage behemoth that we currently think of as a desktop or laptop. In fact, that's why they are calling those things you mention "netbooks"... because they aren't really a laptop or a desktop, no more than a horse and buggy is a car.
There are a load of fine suggestions in this thread which are well-constructed for logical minds, but I can't help but feel this tactic is best answered in kind: a gut-level fear-check. And so the best response isn't to sit down and try to explain the perils of security through obscurity, nor to try to sell additional security services, or to discuss patch cycles and the like, but instead to simply ask the client this: "When's the last time you heard on the evening news anything about a new virus, exploit, or vulnerability discovered in your Linux software? Now, how about Microsoft software?"
Overly simplistic? Absolutely. Sure to make them reconsider what the Microsoft vendors are trying to sell them on its supposed security? Definitely.
I think what it really shows the perils of is piling additional "features" on top of a perfectly good product until you've ruined what made it good in the first place and turned it into worthless crap. Search should be simple: give the user what they are looking for. All the other extraneous stuff they are loading it up with is bound to interfere with that basic requirement at some point.
I see this in mature development projects all the time. At some point, people get a pretty good product working, but they can't repress the urge to continue "improving" it... it can be boredom, wow factor for marketing, or just plain stupidity, but few people or organizations seem to know when to quit messing with a product that already works well.
The problem is that you know how they work and see the complexity first hand, and so you don't get the 10,000 foot view, which is that despite all that complexity--or perhaps because of it--the reality is that at the business/consumer level, technology has gotten easier. It's still not fool-proof, you can make a mess of it if you do things wrong, but in the last three to five years I have seen enough good implementations out there which have low downtime and minimal maintenance requirements to convince me that we're making progress with reliability and usability. I know of companies running information systems smoothly and with minimal IT staff now which would never have been able to afford keeping an NT4 network running.
SBS and to a lesser extent Windows Server itself really are manageable for day to day purposes in certain environments by a half-conscious office admin. And properly configured Linux or appliance servers can be set up, kicked under a desk, and ignored for years without problems now. I have seen support calls go down dramatically in the last few years as we have figured out how to deploy these things properly. Technology is just more reliable than it used to be; hardware failure rates are down, software explodes more gracefully, and for specific rote tasks, it's easier for users to learn and use. Ten years ago, you had to send staff off to class every time you brought in new software. I don't know of anyone who does that anymore.
I realize this isn't universally true, but it's one of those instances where a few organizations doing it prove that it can be done, and that the technology is not to blame in all of those places where so many problems still exist, but rather management and application.
I proudly adhere to a double-standard in this matter; I test people that I hire, but if I am the interviewee, I don't take tests and don't dress up for interviews (I guess it's only partially a double-standard... I don't care how people dress when I interview them; if anything, I'm a little suspicious of those who show up in suits, simply because I have never known anyone worthy in the field who has felt the need to bother with such a thing).
I test for all the reasons that most of the supporters of it here think I should; there's no blanket certification in this business that is trustworthy, and while many people can talk a good game, watching them do something they should be able to do is the only real way to evaluate them.
I won't take tests, and I don't dress up, because of a factor that others here have also cited: an interview is as much about me evaluating the company as the other way around, and I don't want to work at a company where those things are considered important. I'm not saying, as you suggest, that "hey, it shouldn't matter" to the company... they can obviously pick whatever they want to matter to them. But it doesn't matter to me and their wanting it to isn't going to change that... so better for both of us if we find out about that disagreement before I get hired, rather than my adopting the conventions of the job interview to effectively deceive them about my priorities.
I've been doing this long enough that there are plenty of people they can call if they want to check on my performance, and I have been doing it long enough that I expect they are bringing me in to do it my way, not theirs. There are plenty of young impressionable college grads available if the employer wants to stamp out another drone in the preferred mold. The best reason to hire me is to bring expertise into the company that it doesn't already have... and how are they going to evaluate that with a test? This isn't true for all job-seekers, of course, but that is where my double-standard comes from.
I stopped agreeing to take tests after an oral exam many years ago from some ex-Microsoft millionaire, who, like many of them, by dint of his association with the company had become convinced of his own brilliance and skill and left with his nest-egg to form a startup that was sure to be the Next Big Thing. He asked a series of questions and I answered them confidently, having had experience with the matters he brought up, and didn't imagine things weren't going well until he stopped me mid-answer and abruptly said, "You're wrong." He proceeded to outline his own answers, which I quickly understood to accomplish the same things as mine, but in a different fashion, and basically monologued for the rest of the interview about how great the company was going to be, wasting both our time. The insight I received from that experience was that he was looking for a psychic, not a system administrator, and that tests, as necessary as they may be in judging skills, are generally doing the same thing: there is one right answer in most tests, but in Information Technology, there is rarely only one right answer. There are a hundred ways to accomplish any given thing in this business, each with its own advantages and tradeoffs, but only in the minds of zealots are all but one of them unacceptable. If you are an open-minded interviewer, then you can "test" prospects by accepting a spectrum of acceptable answers, but most tests do nothing of the sort. They're good at whittling your number of applicants down to a reasonable size for interviews, but they put the wheat out with the chaff in doing so.
Seems to me that goes both ways. A lot of folks agitating for changes in oversea working conditions (at least with respect to China) might be very surprised to learn the actual opinions of all those poor, downtrodden folks they are "protecting."
I don't think that is necessarily true even if people find out about the cases in which those laws are enforced. Even if it were, they probably won't find out; the increases in surveillance have been accompanied in many cases by gag orders to prevent anyone who finds out about them from relaying that information, and with secret proceedings to determine the outcomes, how exactly are these things being exposed? Although the gagging provisions in the PATRIOT act were struck down in 2007, no one outside the federal government has any idea what laws it was used to enforce. And it seems likely that there are still instances of covert surveillance underway which may never be disclosed, as the lines between domestic and foreign intelligence has been blurred so drastically over the past seven years.
Anyone familiar with the American legal system should understand that legal and ethical are not the same thing. The ability to do a thing does not make it the right thing.
I haven't looked at it lately, so maybe it's one of the expired provisions, but wasn't one of the more insidious problems with PATRIOT was that subpoenas issued under its auspices could not be revealed to anyone, or even the fact that they had been issued at all? Don't want those terrorists to know we're looking for 'em, after all.
That was really the most frightening part of the whole thing, although few people picked up on it (apparently--maybe those that did were just hustled off in the middle of the night and shot). With those provisions, we have absolutely no idea how often the act is being used or to what ends. Presumably the subpoenas you were issued weren't part of PATRIOT investigations, though.
For someone who had such a problem with the generalization "the computer world in general" you've gone on to make an even less accurate one with "Given the option, programmers write good code. They're rarely given the option."
I'll add mine: most code is complete crap. A small percentage of programmers write good code, the rest churn out drek that requires a lot of testing and review to pass muster (which, if anything, reinforces your point about QA). They are no more immune to featuritis or feature creep than their managers, no small number of whom are--you guessed it--former programmers.
The problems you have pointed out are very real and are a part of the overall issue, no doubt. But it's disingenous to suggest that simply allowing programmers to go their own way and take as long as they feel is necessary to complete the project would solve the issue. I suggest you amble on over to Sourceforge and peruse any random sample of the projects there whose coders have had as much time as they please to work on before release, and then come back and tell us how terrific it all is.
Nonsense. It allows unlimited modification of the code, but it also REQUIRES inclusion of a copyright notice by the author--so no, they can't just remove those attributions and remain in compliance.
Yeah, it's absolutely vital, and the results of a breach can be devastating.
The trick to knowing whether or not it's absolutely vital (which it isn't, not in every case) is to calculate just how devastating a breach could be. That's how you decide how much time/effort/pay-grade to put into it. And sure, that's the CTO's job to determine, but the CEO needs to make sure that it's done, and depending on what the answer to the "How devastating?" question turns out to be, it may be a matter for his or her personal attention.
Every other method of weighing the importance of security is a bunch of blather. You figure out the costs and that tells you what you can afford to spend in protection.
Absolutely correct. Moving from small manual operations to 200+ PCs at a client requires, much more than technical knowledge, organization. It's a whole different approach to IT, and if you don't learn it quick, you're going to both run yourselves ragged and displease your clients immensely. Standards, procedures, all those nasty managerial buzzwords, are things you are going to have to become intimately familiar with in short-order. And since it doesn't sound like you have that sort of background yet, it means hiring someone who does.
the core of a hat - isn't that just empty space?
Depends on who is wearing it, doesn't it?
*rimshot*
I read a few months ago that they were finally thinking about doing that (article here) but I don't know if they finally decided to or not. I was flabbergasted when I found out that wasn't the case already--I don't know any other major company that runs Windows which allows such broad access to the desktop. But it sure explained a lot in retrospect about Windows security and application access requirements.
The problem with profiling isn't so much that it is discriminatory, but that using it introduces patterns into the system which are then easy to play to and beat. It may seem like common sense, but really it's just another weakness in the security system.
I think you're right that most people use that word to refer to the current practice, but I think you're wrong in assuming they have any idea what the distinction between the two actually is. Most of the time when I hear people throw around the word "democracy" it's as the implicit idea that every individual should have a voice on every choice society is faced with. Even in our supposedly representative process here in the US, you can still see that the general belief is that each person has the right to vote on each topic just by looking at the way campaigns for representatives are framed... they have less to do with "so and so is a good person and you should vote for him because he will excercise your proxy with courage and wisdom" than "so and so will vote on issue X exactly the same way you would so you should elect him!" The trend, at least in Western states, toward increasing numbers of referendums and initiatives to produce law, also points to that belief.
So I think the grandparent's point and the distinction are valid; you and I may be enlightened enough to bandy about "democracy" in the understanding that it refers to a representative form, but that's a concept that needs reinforcing in open discussions.
I don't disagree with you entirely, but you can certainly understand that the line between using and programming has become blurred over the years, and not always with such negative outcomes. After all, in the beginning, everything was programming. Your argument could have been applied to someone just wanting a simple word processor back in the punch-card and teletype days.
Things have obviously changed quite a bit; you don't have to be a programmer to get WYSIWYG editing and print output anymore. It may not seem like it from here, but there are probably a lot of functions that most people consider "programming" that will fall into the same category at some unspecified point in the future. All that programming does is simply interface with the machine at a slightly more complex level than the average user. We're just talking about improving the interface to the point where some things, which now require "programming", will simply be "using" instead... and programmers will move on to more complicated arenas.
Macros or mail filters or Netflix's recommendation system are all ways that average users basically program computers today without any hardcore CS education. Ten or twenty years ago, they would have required such a background to accomplish the same tasks, but no one really considers it "programming" today; there is no reason that many other functions that we currently think of as programming won't become similarly easy or transparent.
There will always be the wizards responsible for writing the code that puts those things into place, and so that's where I agree with you--if you want to be a coder, go learn to code. In that sense, programming will always be programming, but I think the common definition of the word is a necessarily moving target.
In addition to the other factors that people have already mentioned (higher risks, long-distance blocking) there is also the fact that employeers don't have to indiscriminately block phone calls, because it's obvious to everyone within earshot when you are making a personal call as opposed to a business call--there is automatic, if informal, monitoring.
Now look at the guy seated in the next cubicle over. Is he diligently hammering away at his TPS reports or playing Yahoo Poker? Looks the same if you're not looking over his shoulder. With no easy way to discriminate between business and personal use, then the blocking has to be indiscriminate. Any other form of monitoring takes too many resources.
Personally I don't think businesses should bother; I think you should judge people by the results they put up. If your best employee spends two hours a day chatting up his girlfriend on AIM, who cares? Keep him happy, he'll be productive. If he's not productive anyway, then who cares whether the cause is the Internet or something else--get rid of him. Monitoring and blocking just results in a lot of wasted time on both sides as new methods are developed for circumventing it and counters devised and implemented.
At the same time I realized that Slashdot is colored by the largely mid-level knowledge-working audience; it probably makes most of us more productive to have full-time, unfiltered net access, but there are classes of jobs where that isn't the case. A lot of relatively low-level positions now require having a computer in front of them, and in my experience more you lock those suckers down and the less extraneous capability they have beyond the vital requirements to accomplish specific job tasks, the safer and happier everyone is. They don't break as much, they don't provide a new way to goof off, they just work.
Also, its up to the users to put their data on the shared and backed up network drive because their desktop is not backed up.
A lovely theory that doesn't play too well when you take it to management; IT is supposed to know about and deal with such things, users are rarely held responsible, a point I alluded to earlier. Asking the users to take care of anything is a half-assed approach to IT managment, and is inefficient in itself... you're not doing much in the way of managing if you are leaving all the important bits up to them. The security and continuity of business files is an important bit. They shouldn't have to think about anything other than doing their job. That's what the IT department is there for.
The documents are locked out if two people try to edit simultaneously, exactly my point--no one wastes time with simultaneous edits, since one or the other is at least aware it is happening.
If corporate procurement is stocking desktops with a lot of disk space, then they're buying the wrong desktops. You could still use it, if you wanted, with DFS or some such, but when it's not tied together, it's not cheap... you're just not factoring in any of the management overhead that would be required to make it secure and organized.
Sure they are very convenient, but its best to keep larger permanent storage on a shared disk, and your regular day to day stuff on a local disk.
This is a recipe for a nightmare when it comes to backup, security, and disaster recovery. It's usually also a terribly inefficient (and therefore, expensive) use of disk space and in my experience it often results in document versioning problems which take hours to unravel--you know, Fred and Alice are both working on that proposal, each of them has it on their desktop, making mutually exclusive changes simultaneously. It's difficult to keep documents organized when they are scattered across a hundred PCs with a hundred different users' idea of the ideal folder organization; need that important PO the day that Jerry happens to be out sick? Gosh, I'm sure it's on his computer somewhere.
But that's an incidental issue, the real reason is cost. It's far cheaper to make a server disk array reasonably redundant and have it organized, secured, indexed, and backed up, than to do so for every desktop in the enterprise, which is why most of us do it that way rather than a fascination with NFS. At least, those of us who value organization and security. No matter how often you tell the average user to make sure to either move important documents to the shared drive or back them up individually, they don't, and it's a business problem when their el cheapo PC hard drive goes wonky, or they leave, or accidentally erase something. Better to eat the relatively low cost of having them store EVERYTHING on the server than to lose the hours required sorting out the other mess.
Amen. I've been preaching that quite a bit in situations where it's practical--the real cost of license management for anyone who is serious about compliance is significant, and when you factor it into TCO, often tips the scales decisively toward free OSS solutions.
That's overly simplistic, and as it's stated, demonstrably incorrect. Everyone can pirate Windows; pretty clearly, more than 5% actually do pay for it regardless.
The reality is that there is a sliding scale of factors that actually control piracy. It's never as simple as "Everyone will do it if they can" or "Only a small number will do it if they respect you and your product." It's a combination of basic honesty (believe it or not, at least in most of the First World, this exists... police-state crackpot comments aside, society doesn't have nearly the resources to enforce basic ethical and legal codes without overwhelming voluntary compliance), rudimentary registration control, and reputation of the company and the product.
IMHO, Apple seems to have about hit the sweet spot on this. Most of their users are fans, and therefore willing to pay for the product; they do have some basic controls that make it at least slightly harder than falling off a log to pirate their software, which seems to prevent most casual piracy... but the controls aren't so draconian as to throw a red flag up in front of the hacking community and make it an overwhelming, blood-lust goal to crack them, the way that most Microsoft products seem to be treated. I think there are a lot of pirates who make it their mission to have cracks out for MS software practically as soon as it is out the door--I don't see the same environment around Apple stuff.
And the bit about most companies not tolerating pirated software? Way off the mark in my experience. The companies that I have seen (and I've seen more than most, as a consultant) are generally very lax about licensing enforcement, unless they've gotten bit at some point by the BSA or their ilk. It's a real challenge to get most corporate IT departments to get serious about license tracking (see other comments in this story for examples) because it's neither interesting nor mission critical, and even if management has made it a priority, the junior techs actually installing crap usually don't give a shit.
Ah, but it's not just the knowledge, it's the availability of the resources.
You get to the point where you start needing petroleum products, how easy is it going to be to get access to those oil reserves with your bootstrap technology, now that all the easy pickings are gone? Same thing with a lot of metals... the easily accessed deposits have been mined out, and the hard to get at stuff requires higher technology... which may well require the hard to get at stuff in the first place. Catch 22.
I think what things would look like if we had to restart civilization from scratch would involve entirely different kinds of figuring shit out... it would be about reuse and recycling rather than re-implementing old technologies from whole cloth. Why spend time with wood and stone when you've got a bunch of metal already laying around? I don't think the jump to metal actually would be the hard part; I think the jump to non-petrochemical bases would be the hard part.
Yeah, yeah, it's all off-topic, mod me down, I know.
I think his point is that a large marketing budget doesn't necessarily equate to a large R&D or QC budget and so, yeah, it's unintelligent to make any purchasing decision unless you'd done research on reliability and comfort/pleasure regardless of whether the product in question is brand name or not.
So I'm currently accepting (female) volunteers in my selfless efforts to research condom reliability, comfort, and pleasure--apply within!