When hatch won the office years ago he ran with this: "What do you call someone who has been in the senate for 24 years? You call them home!".
Frank Moss (Hatch's predecessor) was in the Senate for 18 years, not 24. The point stands, though: if 18 years is too long, then what's up with 30?
I'm also a registered voter in Utah, and I'll also be voting for Ashdown in November. Between now and then, I'll also be doing other things, like putting a sticker on my car (already done), putting a button image on my web site (already done), putting a sign on my lawn once the snow melts, and, oh yes, contributing money to the campaign.
Ahh Orrin Hatch, who previously brought us gems like the Induce Act. I hope people will vote accross partisan lines in this election and get rid of clueless Senators like Hatch. Next up, House Judiciary Committee Chairman James Sensenbrenner's Digital Transition Content Security Act. Hold your politicians accountable!
There certainly will be people who vote "across partisan lines" in this election. I, for one, don't much like the Republicans or the Democrats, but I'll be voting for Pete anyway.
Long before we get to that point, though, there's the money question. Every campaign needs it. Hatch has it. If you really don't want to see six more years of Induce Acts and the like, the thing to do today is to contribute, possibly with publicity but definitely with money, to Hatch's opponent.
Substitute Red Hat and Fedora for Suse, and FreeBSD for OpenBSD, and you've got my story, too. OpenBSD is also nice, and for a dedicated forewall it's probably what I'd use, but at the time that I switched I was looking for a single system that would work on both my server and my laptop, and FreeBSD fit that requirement better.
It really comes down to whether the school has any (for lack of a better term) jurisdiction over what the students do on their own time, off-campus. Would you expect a school to be able to enforce a dress code off-campus? Any student seen in Starbucks on the weekend gets suspended? Any student seen browsing the banned book display at the bookstore gets called into the principal's office?
In some cases, yes, a private school does expect to be able to do those kinds of things. Take, for instance, BYU. The Honor Code at BYU specifically prohibits the use of alcohol, tobacco or coffee, on or off campus, at any time, by any student or faculty member, and the university reserves the right to expel any student or fire any faculty member who breaks that rule. I'm not sure if it's still true, but some years ago Notre Dame had similar rules regarding alcohol (though they may not have had them about coffee), and the same may be true of other private schools, particularly those with religious affiliations.
On the other hand, at BYU, you sign an agreement to abide by that Honor Code when you enroll, and again every year for as long as you're there. In the case of the high school in TFA, I don't see that there was any signed agreement not to maintain a blog on a public web site. The absence of such an agreement can make a significant difference.
If liability is passed on to the individual developer, then it remains an externality -- and therefore a non-issue -- as far as the company is concerned. The company doesn't give a damn about your liability: management and marketing will continue to insist on ridiculous schedules and feature sets, because it doesn't effect them. The only way that might change is for the liability to rest with the company (or, as another poster mentioned, for software engineers to be given the same legal protections as other professional engineers, including jail time for managers who overrule their engineering decisions).
I certainly can't dispute your assertion that the US government is untrustworthy. The problem is, so is every other government on earth, and the UN is worse by at least an order of magnitude.
The current, largely unregulated structure isn't perfect, but it's vastly better than anything we're likely to see coming out of governmental control, EU control or, heaven forbid, UN control.
Writing your congressman may not be enough, either. If, for instance, your congressman happens to be Orrin Hatch, well, forget writing. Your only response will be a form letter that doesn't directly address the question, and that, in short, says "I'm right, you're wrong, deal with it." (I've lost count of how many of those form letters I've gotten from Senator Hatch's office over the years.) You have two options in that instance: vote for (and donate to) Pete Ashdown, or vote for (and donate to) Steve Urquhart.
Come to that, even if Orrin Hatch isn't your congressman, if fair use is of any interest to you, you may still want to donate to one of his opponents. I don't care which one: either would be an improvement.
OK, I guess you have a third option: vote for Hatch again, and then bend over and take it.
If I drop off my car and hand the keys to a mechanic I've basically surrendered my right to privacy concerning anything he finds in the car while going about the repairs so if he finds anything illegal it is perfectly right for him to report it to the police if he feels that is his duty.
Bzzzzzt. Wrong. If I drop off my car and hand the keys to a mechanic, he is given permission to look at those parts of the car that are related to the work I've asked to have done. If he's supposed to be replacing the water pump, he has absolutely no business and no permission to be looking in the trunk, or in the glove box, or under the seats. Now, as it happens, he wouldn't find anything illegal in my car anyway, but that doesn't change the fact that it's neither his responsibility nor his right to look.
If is will be full of holes just a few years down the road, wouldn't it then be correct to say it's full of holes now?!
Yes, but whether that's immediately important depends on what kind of hole it is. There are several possibilities:
Brute Force Cryptanalysis: or, just try every possible key until you find one that works. This is a known (and unpreventable) hole in every cryptosystem except the one-time pad. However, the feasibility of exploiting the "hole" depends on Moore's law and the length of the key. 56-bit DES was very secure a few years ago, but it's trivial to brute-force today.
Holes depending on mathematical tricks: These may exist in whatever cryptosystem you pick. However, there may or may not be anyone who knows the trick. Until it's discovered, the hole will go undetected and unexploited.
Key management holes. This is entirely independent of the strength of the cipher itself. The biggest problem with the one-time pad is the key management problem (essentially, if you have a secure method for transporting and storing the key, then you have a secure method for transporting and storing the message, so why do you need to encrypt it at all?) Weak key management, and the related holes of human weakness, are often the easiest holes to exploit, regardless of the cryptosystem involved. (See also the Jargon File entry entitled "Rubber-hose cryptanalysis")
The number of people who visit site $x belongs to site $x. Any identifying information about those people belongs to the individual people who visit the site.
The fact that you saw "someone" walking "a dog" in front of your house this morning is fairly innocuous. Be very careful, though, when you start identifying who, or whose dog.
A good body of privacy law will be based on the notion that any and all identifying information about me, belongs exclusively to me, and my not be used, published, stored or distributed without my express written consent. Nothing that falls short of that standard is adequate.
I wish the president would have had the gumption to just extend Daylight Savings Time to all year long and ditch the date changes entirely. Nearly every device can be configured to ignore DST changes and it would have saved the world a lot of confusion each year.
I just wish the Congress would have had the gumption to eliminate Daylight Saving Time all year long, and ditch the date changes entirely. Nearly every device can be configured to ignore DST changes, and it would have saved the world (or, at least, the US) a lot of confusion each year.
The year-round DST thing was attempted during the previous energy crisis. It Didn't Work. It Never Will. Can we quit proposing it already?
In the US, companies like choicepoint are collecting huge amounts of data and yet even though the data is about us, it does not belong to us.
And that's one of the great failures of existing privacy law. The rule needs to be that "All information about me, including but not limited to the merest hint of the possibility that I may ever have existed somewhere in the Universe, is proprietary to me and may not be used, stored, distributed or disclosed without my prior written consent."
There are several locations in this area that have free WiFi provided by a local ISP, and the general feeling is that the free service attracts customers and is good for business. (I've also heard and read blog postings from several customers of those businesses who claim that the wireless service is one of their reasons for choosing those businesses over competitors.)
I don't live in an apartment, but even sitting in the front room of my house, I can usually pick up unsecured wireless connections from at least three neighbors. There was a time when I unplugged my access point and went back to dragging around 50 feet of CAT5, because while I could get on the public internet, the neighbors' signals were making it impossible for me to connect to my own network in my house. (I did finally plug the AP back in. Mine's the only one with any encryption enabled, and my Powerbook is configured to only use mine. That appears to have solved the problem.)
Java's fine if the only platforms you care about are Windows, Mac, Linux and Solaris. Once you bring in the others (FreeBSD, for instance), Java won't work anymore.
Maybe the best solution to that problem is to persuade Sun to release JVMs for more platforms, but until that happens, Java isn't the panacea it claims to be.
The same is true of several other platforms, even on x86. FreeBSD, for instance, doesn't have a native flash player from Macromedia, and I don't expect one in the foreseeable future. (Admittedly FreeBSD on x86 has the advantage of being able to run the Linux player in compatibility mode, which PPC Linux can't, but a native player would be an improvement.)
Exactly. If you want something inexpensive to block unwanted noise, try a pair of Sennheiser HD202s. You can pick them up for around US$20 if you look in the right places. (Amazon, for instance, has them in that price range.)
Of course, if you want to pay more money, Sennheiser and Shure both have some very nice lines of expensive sealed headphones they'd love to sell you!
Keep it legal: stay away from trade secrets, insider stock information or anything that might possibly be covered by an NDA.
Keep it positive: open and honest is good, but companies do worry about their PR. Even if you don't care about this job, keep mind: potential future employers may also read what you write, and you may not want to scare them off.
Consider the culture where you work. Are you in an environment where open communication is encouraged? If not, you place yourself at risk blogging about work.
For my own part, I prefer to keep my work separate from my blog, but I can see where others might take a different view. Here's one fairly reasonable viewpoint on the subject, from someone who has more blogging experience than I do:)
This follows directly from the guiding principle of the *AA: It's not who's right that counts, it's who's left. If they can eliminate (through intimidation, lawsuits, harassment, censorship,...) all opposition, then who's left?
The problem with that is, some of the data in the computers at your school / workplace is about you. If you do nothing, your data remains under the same risks as everyone else's.
The hard question, though, is: At what point do you decide that your risk is greater by doing nothing than by reporting the problem?
At this point there is nothing that can stop the passage of REAL ID short of a line item veto when it reaches the presidents desk.. and that's simply not going to happen.
Which is to say, nothing at all can stop it now. The president doesn't have a line-item veto, and even if he did, he's certainly not about to use it to veto a law he's favored all along.
Here's an example. My mom uses the computer primarily to: Type documents (in Word Perfect, and I don't recommend that she change from that), do email (in Mozilla since day 1, and she wouldn't want to change from that), and browse web sites, mainly to do with quilting.
One day when I was in town (I live some 50 miles away), I got to clean a load of spyware and a few viruses off from her machine. Not wanting to deal with that again, I installed a decent antivirus, the standard AdAware/Spybot combo, and Firefox. A few days later, I got an email praising the popup blocker: something to the effect that "I went to visit a quilting site, and the popup blocker is going crazy -- but I'm not!" That sort of response leads me to believe that Firefox was the right way to go:)
I've tried several different Linux distributions on my laptop over the last four years. (Yes, it's been the same laptop, a Presario 1800-series, for that entire time.) Some have worked right out of the box, others haven't worked at all, most are somewhere in between.
One trend I've noticed is that Red Hat / Fedora keeps getting progressively worse. RH7.x worked great. It detected all of the hardware right out of the box -- including the video chipset, at a time when even Windows 2000 didn't have a video driver. RH8 and 9 still worked, but not as well. FC1 found some things not working anymore, FC2 was worse, and with FC3 I had the same experience as the author of TFA: a black screen, with no way to install at all. Should there happen to be an FC4, I doubt I'll even bother trying it.
The best current distro I've found for my laptop is Mepis, with Suse as a close second place, and FreeBSD 5.3 doing admirably as well. I suppose it's worth noting, though, that on my Dell laptop at work, no Linux distro I've tried works at all, but FreeBSD has been great from day 1. Conclusion: your mileage is unconditionally guaranteed to vary based on what laptop you use.
Re:Capability Maturity Model
on
QA != Testing
·
· Score: 1
CMM has its place, and, used properly, it can be a valuable tool. Unfortunately, it's all too often used improperly, and that's worse than not using it at all.
Too little process, or none at all, can doom a project and an organization. Too much process, or the wrong process, will doom the project and the organization just as surely, and often kill them of faster (but more expensively and with more personal pain to the employees). CMM level 3 in a small organization is (usually) far too much process. On the other hand, you're right that level 1 is usually too little.
There are several questions that must be asked when implementing a new process, if the process is to be successful:
What problem is this process intended to solve or prevent?
Will the process work to solve or prevent that problem?
What other problems will be introduced by implementing the process? (If you said "none", try again: there's always something.)
Does the net effect (problems solved vs. problems introduced) result in a benefit? I've also seen this phrased as: Does the pain of not using the new process exceed the pain of using it?
The key is to end up with Just Enough Process, and have it be the right process for your situation. This way lies your best chance of success.
Close, but not quite: Quality = (Knowledgeable Staff on Good Salary) + (Intelligent and Reasonalble Deadlines).
Absense of deadlines (often) leads to never shipping a product at all. Unreasonable deadlines, on the other hand, lead either to a bad product that ships on time, or a bad product that ships six months late with no QA at all -- not even a hand-wave at testing. Both extremes == bad.
Slashdot Mirror
When hatch won the office years ago he ran with this: "What do you call someone who has been in the senate for 24 years? You call them home!".
Frank Moss (Hatch's predecessor) was in the Senate for 18 years, not 24. The point stands, though: if 18 years is too long, then what's up with 30?
I'm also a registered voter in Utah, and I'll also be voting for Ashdown in November. Between now and then, I'll also be doing other things, like putting a sticker on my car (already done), putting a button image on my web site (already done), putting a sign on my lawn once the snow melts, and, oh yes, contributing money to the campaign.
Ahh Orrin Hatch, who previously brought us gems like the Induce Act. I hope people will vote accross partisan lines in this election and get rid of clueless Senators like Hatch. Next up, House Judiciary Committee Chairman James Sensenbrenner's Digital Transition Content Security Act. Hold your politicians accountable!
There certainly will be people who vote "across partisan lines" in this election. I, for one, don't much like the Republicans or the Democrats, but I'll be voting for Pete anyway.
Long before we get to that point, though, there's the money question. Every campaign needs it. Hatch has it. If you really don't want to see six more years of Induce Acts and the like, the thing to do today is to contribute, possibly with publicity but definitely with money, to Hatch's opponent.
Substitute Red Hat and Fedora for Suse, and FreeBSD for OpenBSD, and you've got my story, too. OpenBSD is also nice, and for a dedicated forewall it's probably what I'd use, but at the time that I switched I was looking for a single system that would work on both my server and my laptop, and FreeBSD fit that requirement better.
It really comes down to whether the school has any (for lack of a better term) jurisdiction over what the students do on their own time, off-campus. Would you expect a school to be able to enforce a dress code off-campus? Any student seen in Starbucks on the weekend gets suspended? Any student seen browsing the banned book display at the bookstore gets called into the principal's office?
In some cases, yes, a private school does expect to be able to do those kinds of things. Take, for instance, BYU. The Honor Code at BYU specifically prohibits the use of alcohol, tobacco or coffee, on or off campus, at any time, by any student or faculty member, and the university reserves the right to expel any student or fire any faculty member who breaks that rule. I'm not sure if it's still true, but some years ago Notre Dame had similar rules regarding alcohol (though they may not have had them about coffee), and the same may be true of other private schools, particularly those with religious affiliations.
On the other hand, at BYU, you sign an agreement to abide by that Honor Code when you enroll, and again every year for as long as you're there. In the case of the high school in TFA, I don't see that there was any signed agreement not to maintain a blog on a public web site. The absence of such an agreement can make a significant difference.
If liability is passed on to the individual developer, then it remains an externality -- and therefore a non-issue -- as far as the company is concerned. The company doesn't give a damn about your liability: management and marketing will continue to insist on ridiculous schedules and feature sets, because it doesn't effect them. The only way that might change is for the liability to rest with the company (or, as another poster mentioned, for software engineers to be given the same legal protections as other professional engineers, including jail time for managers who overrule their engineering decisions).
I certainly can't dispute your assertion that the US government is untrustworthy. The problem is, so is every other government on earth, and the UN is worse by at least an order of magnitude.
The current, largely unregulated structure isn't perfect, but it's vastly better than anything we're likely to see coming out of governmental control, EU control or, heaven forbid, UN control.
Writing your congressman may not be enough, either. If, for instance, your congressman happens to be Orrin Hatch, well, forget writing. Your only response will be a form letter that doesn't directly address the question, and that, in short, says "I'm right, you're wrong, deal with it." (I've lost count of how many of those form letters I've gotten from Senator Hatch's office over the years.) You have two options in that instance: vote for (and donate to) Pete Ashdown, or vote for (and donate to) Steve Urquhart.
Come to that, even if Orrin Hatch isn't your congressman, if fair use is of any interest to you, you may still want to donate to one of his opponents. I don't care which one: either would be an improvement.
OK, I guess you have a third option: vote for Hatch again, and then bend over and take it.
If I drop off my car and hand the keys to a mechanic I've basically surrendered my right to privacy concerning anything he finds in the car while going about the repairs so if he finds anything illegal it is perfectly right for him to report it to the police if he feels that is his duty.
Bzzzzzt. Wrong. If I drop off my car and hand the keys to a mechanic, he is given permission to look at those parts of the car that are related to the work I've asked to have done. If he's supposed to be replacing the water pump, he has absolutely no business and no permission to be looking in the trunk, or in the glove box, or under the seats. Now, as it happens, he wouldn't find anything illegal in my car anyway, but that doesn't change the fact that it's neither his responsibility nor his right to look.
If is will be full of holes just a few years down the road, wouldn't it then be correct to say it's full of holes now?!
Yes, but whether that's immediately important depends on what kind of hole it is. There are several possibilities:
The number of people who visit site $x belongs to site $x. Any identifying information about those people belongs to the individual people who visit the site.
The fact that you saw "someone" walking "a dog" in front of your house this morning is fairly innocuous. Be very careful, though, when you start identifying who, or whose dog.
A good body of privacy law will be based on the notion that any and all identifying information about me, belongs exclusively to me, and my not be used, published, stored or distributed without my express written consent. Nothing that falls short of that standard is adequate.
I wish the president would have had the gumption to just extend Daylight Savings Time to all year long and ditch the date changes entirely. Nearly every device can be configured to ignore DST changes and it would have saved the world a lot of confusion each year.
I just wish the Congress would have had the gumption to eliminate Daylight Saving Time all year long, and ditch the date changes entirely. Nearly every device can be configured to ignore DST changes, and it would have saved the world (or, at least, the US) a lot of confusion each year.
The year-round DST thing was attempted during the previous energy crisis. It Didn't Work. It Never Will. Can we quit proposing it already?
In the US, companies like choicepoint are collecting huge amounts of data and yet even though the data is about us, it does not belong to us.
And that's one of the great failures of existing privacy law. The rule needs to be that "All information about me, including but not limited to the merest hint of the possibility that I may ever have existed somewhere in the Universe, is proprietary to me and may not be used, stored, distributed or disclosed without my prior written consent."
There are several locations in this area that have free WiFi provided by a local ISP, and the general feeling is that the free service attracts customers and is good for business. (I've also heard and read blog postings from several customers of those businesses who claim that the wireless service is one of their reasons for choosing those businesses over competitors.)
I don't live in an apartment, but even sitting in the front room of my house, I can usually pick up unsecured wireless connections from at least three neighbors. There was a time when I unplugged my access point and went back to dragging around 50 feet of CAT5, because while I could get on the public internet, the neighbors' signals were making it impossible for me to connect to my own network in my house. (I did finally plug the AP back in. Mine's the only one with any encryption enabled, and my Powerbook is configured to only use mine. That appears to have solved the problem.)
Java's fine if the only platforms you care about are Windows, Mac, Linux and Solaris. Once you bring in the others (FreeBSD, for instance), Java won't work anymore.
Maybe the best solution to that problem is to persuade Sun to release JVMs for more platforms, but until that happens, Java isn't the panacea it claims to be.
The same is true of several other platforms, even on x86. FreeBSD, for instance, doesn't have a native flash player from Macromedia, and I don't expect one in the foreseeable future. (Admittedly FreeBSD on x86 has the advantage of being able to run the Linux player in compatibility mode, which PPC Linux can't, but a native player would be an improvement.)
Exactly. If you want something inexpensive to block unwanted noise, try a pair of Sennheiser HD202s. You can pick them up for around US$20 if you look in the right places. (Amazon, for instance, has them in that price range.)
Of course, if you want to pay more money, Sennheiser and Shure both have some very nice lines of expensive sealed headphones they'd love to sell you!
For my own part, I prefer to keep my work separate from my blog, but I can see where others might take a different view. Here's one fairly reasonable viewpoint on the subject, from someone who has more blogging experience than I do :)
This follows directly from the guiding principle of the *AA: It's not who's right that counts, it's who's left. If they can eliminate (through intimidation, lawsuits, harassment, censorship, ...) all opposition, then who's left?
The problem with that is, some of the data in the computers at your school / workplace is about you. If you do nothing, your data remains under the same risks as everyone else's.
The hard question, though, is: At what point do you decide that your risk is greater by doing nothing than by reporting the problem?
At this point there is nothing that can stop the passage of REAL ID short of a line item veto when it reaches the presidents desk .. and that's simply not going to happen.
Which is to say, nothing at all can stop it now. The president doesn't have a line-item veto, and even if he did, he's certainly not about to use it to veto a law he's favored all along.
Here's an example. My mom uses the computer primarily to: Type documents (in Word Perfect, and I don't recommend that she change from that), do email (in Mozilla since day 1, and she wouldn't want to change from that), and browse web sites, mainly to do with quilting.
One day when I was in town (I live some 50 miles away), I got to clean a load of spyware and a few viruses off from her machine. Not wanting to deal with that again, I installed a decent antivirus, the standard AdAware/Spybot combo, and Firefox. A few days later, I got an email praising the popup blocker: something to the effect that "I went to visit a quilting site, and the popup blocker is going crazy -- but I'm not!" That sort of response leads me to believe that Firefox was the right way to go :)
I've tried several different Linux distributions on my laptop over the last four years. (Yes, it's been the same laptop, a Presario 1800-series, for that entire time.) Some have worked right out of the box, others haven't worked at all, most are somewhere in between.
One trend I've noticed is that Red Hat / Fedora keeps getting progressively worse. RH7.x worked great. It detected all of the hardware right out of the box -- including the video chipset, at a time when even Windows 2000 didn't have a video driver. RH8 and 9 still worked, but not as well. FC1 found some things not working anymore, FC2 was worse, and with FC3 I had the same experience as the author of TFA: a black screen, with no way to install at all. Should there happen to be an FC4, I doubt I'll even bother trying it.
The best current distro I've found for my laptop is Mepis, with Suse as a close second place, and FreeBSD 5.3 doing admirably as well. I suppose it's worth noting, though, that on my Dell laptop at work, no Linux distro I've tried works at all, but FreeBSD has been great from day 1. Conclusion: your mileage is unconditionally guaranteed to vary based on what laptop you use.
CMM has its place, and, used properly, it can be a valuable tool. Unfortunately, it's all too often used improperly, and that's worse than not using it at all.
Too little process, or none at all, can doom a project and an organization. Too much process, or the wrong process, will doom the project and the organization just as surely, and often kill them of faster (but more expensively and with more personal pain to the employees). CMM level 3 in a small organization is (usually) far too much process. On the other hand, you're right that level 1 is usually too little.
There are several questions that must be asked when implementing a new process, if the process is to be successful:
The key is to end up with Just Enough Process, and have it be the right process for your situation. This way lies your best chance of success.
Close, but not quite: Quality = (Knowledgeable Staff on Good Salary) + (Intelligent and Reasonalble Deadlines).
Absense of deadlines (often) leads to never shipping a product at all. Unreasonable deadlines, on the other hand, lead either to a bad product that ships on time, or a bad product that ships six months late with no QA at all -- not even a hand-wave at testing. Both extremes == bad.