I create unique email addresses too. I run a catch-all mailbox, so my scheme doesn't do much to prevent me getting spam. It tells me who has been compromised and I can be a good citizen and let them know. I give them one fair chance, and if they don't respond, or if they're retaliatory towards me, then feck 'em. Nobody ever gets my "real" email address. Most websites simply never respond to my information. If it's a blogger, they infrequently respond, but just to express doubt, and interrogate me about my unique email policy on the grounds that I'm violating some unwritten "real identity" rule of theirs. They can be real jerks to me, the friendly messenger. One major website swore they were secure but had been compromised once over a year before. Since my email naming convention is websitenameyeardate@mydomain, I could prove my email had been harvested much more recently. They still flat out said "didn't happen". Otherwise, almost none of my spam comes from "unique" addresses.
There is a small handful of once-valid addresses I used as a blogger and forum commenter which continue to get email after many years, even though my email server properly rejects them as unknown mailboxes. Strangely, most spam sent to me is constructed using common names like admin@ contact@ info@ and a short list of asian firstnames@ of all things. If a particular address gets enough activity, I will add it to my blacklist. Setting the server to reject connections from unregistered email servers actually blocks far more spam than complex rules could.
The most interesting episode was when I kept getting repeated attempts to relay an email to a particular address. I could see by that address, that the recipient was local to me and contacted him. He found his mailbox maxed out with these test emails from servers which -were- relaying. He'd registered at websites using that email address and used the same password everywhere, so when one website was eventually compromised, they tried his password on Road Runner, and had themselves a handy mailbox to dump email relay test results into.
I read about this very thing in the news 15 years ago!
I half expect now, to learn that some surgeon in the 1700's was already using it experimentally.
Get off your ass, medical science!
I suspect that if this asteroid were to land gently in a valley somewhere, and we were to exploit all of it's resources conventionally, we'd find considerably less mineral wealth. The $195B figure is probably about saving the cost of launching comparable amounts of metals and water, minus the cost of developing infrastructure to mine in space. Mining in space is going to be about building in space, folks. The only thing we'll be sending back home is beams of space-generated power and research data. We'll spend the next million years filling the solar system with miles-long solar heat-sintered concrete cylinders to live in. There will be far more humans in space than on Earth, and we'll rarely mingle in person. Maybe someday we'll have the skill and energy to visit other stars (we quasi-already have the technology), but it won't be to bring back dilithium crystals and chests of gold-pressed latinum.
This wouldn't work for me, because the only thing that keeps some of my servers from misbehaving is the fact that they know I can drop-kick it down the stairwell if it acts up one more time.
The sad thing is, they probably stopped routing your DSL connection all the way to the central office, but connected it at the same sidewalk DSLAM box that your U-verse connects at. You've had a "classic" DSL connection that could achieve U-verse speeds, which they just wouldn't give it to you unless you paid for the conversion.
I don't see what was wrong with the old installer. It was straightforward and covered all the bases. This new one was like a frustrating chose-your-own adventure, and left me fearing that I'd skipped over part of the process. I felt like it was fighting me when I wanted to erase various vista, ubuntu 10.10 and dell diag partitions and just give it the whole drive. I asked myself "they delayed the launch 3 months for THIS?". However, I'll probably stick with F18 for now since I'm reading that F19 will not have fallback gui. I use the fallback exclusively since I don't have to install any further guis and gnome 3's vino vnc server sucks rancid goat balls when I'm trying to remote into the desktop.
Because I don't like how classic anti-spam black lists work, my idea describes doing essentially the opposite of your spam black list, as blacklisting is rife with abuse.
If any, let alone every, anti-spam black list works the way my anti-DDOS proposal works, please point them out to me. And we're looking for something a smidge more specific than "something that responds to avoid something else".
We don't need a full-blown "reputation" system, as flawed as that will undoubtedly be. It literally takes nothing to get on an email blacklist, and these systems are rampant with abuse. All that is important is to have a trusted third party to receive DDOS reports and independently verify them, and a cooperative admin (or automated system) at the ISP of the attacker who will promptly block his own network's outgoing traffic *to* the victim for a reasonable time. This will throttle down the DDOS attack, making such attacks ineffective. This will expose and map out botnets the moment they go live. There will be no collateral damage or customers helplessly complaining about being blocked, because the *victim* is requesting to be blocked.
Wow, I'm glad you liked my idea I posted above, earlier. However, you shouldn't be blocking anyone's IP address *except* for the victim, as blocking the alleged offender simply begs to be abused in the same way as email blacklists. The system should provide the victim with a means to request temporary protection.
The "We regret to inform you... click here..." won't work though, since it would become what the next round of trojan installers look like.
The idea of voluntary email blackhole lists could be adapted here. Victims of DDOS could submit lists of IP addresses that are attacking, to a central clearinghouse, which will analyze the attack pattern in order to determine the most efficient response. The clearinghouse would verify and document which groups of IPs are part of a particular attack in progress, and notify the relevant ISPs in real time. These ISPs would respond by blocking outgoing access to the victim from their network for a time. Whenever possible, they could later contact the offending customer to help them eliminate the bot infection. Botnets could be mapped out instantly, and in great detail. DDOS attacks could be significantly throttled down after just a few minutes. If enough ISPs participated, DDOSers would be left with just the crummy little ISPs to use that don't give a toot. Regrettably, this system could also be used to illuminate any legitimate activity that governments and ISPs frown upon, and the central clearinghouse itself needs to be somehow immune to DDOS attacks.
Thank you so much for saying that.
The gargantuan facility being assembled at those coordinates say you're a gravely colossal fool.
This conversation is over.
What I know, Good Citizen, is that this government is assembling an engine of tyranny, literally a thousand times bigger than that of any absolute dictatorship mankind has ever known. And if things work the way you suggest, it would also be the first time a government assembled such a system without any interest in using it.
It's people like you who insist "but they're only *building* internment camps! They're not *using* them!" 40.427277 -111.934485
Speaking of pulling things out of their ass.... NSA presenting itself as the covert white knight of America's domestic computer systems. HooBOY.
So, Good Citizen, you must think that free men should be stopped from overthrowing an unjust government. You can think what you want, but when you sputter "NSA? Possess surveillance software?!?! Ridiculous!!", you only look like an idiot.
The unanswered questions are; if, and how does the NSA inform critical domestic utilities of their vulnerabilities, and what power might they have to compel those utilities to secure their systems appropriately? The problem being that the NSA would probably prefer to quietly catalog and study vulnerabilities, to help quell revolts or secessions in the future, rather than send out emails full of advice for patching bugs. Thus, they're no help to anyone, and at a high price. On the other extreme, the NSA's solution to every problem would likely be the compulsory installation of their own home-grown monitoring software, you know, to be "extra secure". Certainly, you can trust them. Their entire history is proof of the advantages of cooperation.
I've been lurking in/. for years, and I'm absolutely certain that this topic is nearly, if not exactly, word-for-word identical to another/. post from either last year or the year before.
...of course, it's the *providers* who demand the crippled firmware, but SS is only too happy to provide the custom lobotomies.
/yes, they have your PIN, PIN2 SIMM and every other number you're asking for. //yes, the're lying about not having this information, but noone you can get ahold of on the phone has it.
It's a considerable "security issue" because it may provide a vector through which you could install any app, ringtone, mp3, wallpaper, etc., that you did not buy from the manufacturer (thinking of currently un-rootable devices here). You could disable un-installable apps you mfger wants you to have. You could inspect and monitor your phone's memory and data transactions in such detail as to learn what information your mfgr, or installed apps, harvests from your activity. Heavens, you could finally back up and restore your phonebook from a device with a disabled data port. Enable wifi without a $15/mo service plan! Download your cameraphone pics and videos without using up some of your data ration! Or install a cut-and-paste extension! Freedom is dangerous! Samsung cannot ensure the 'highest customer experience' if the customer can shop around! Or some hog-swill like that.
Disclosure: worked for Samsung Wireless. They're evil.
So if I want to throw detectives off my trail, all I have to do is harvest a bunch of handles from 4chan, Slashdot and Fark to reuse? Good to know. Not that I'd do that, of course. Or use my enemy's handle. Hur hurr.
Van, it's good to hear back from you. I'm glad you liked some of the ideas I bounced your way. It sounds like you have the ball rolling now. While other slashdotters may vary, my advice is always to just be yourself. Managing special people is a dandy skill to acquire, but it would involve a degree of dishonesty I couldn't muster. I just be direct and reasonable. In the long run, I'm happier finding out that people didn't respect me, or that the company culture required that I be treated like a subordinate until I'd been there a minimum number of years. But I think you're in a better situation than that.
I have some experience with working for non-profits (student orgs), and I know what it's like to be emotionally attached to something that no longer deserves my efforts. Going forward, I try to quickly find out if I'm in a messed up situation before I get attached. As an IT contractor, I run into this all the time. I've dealt with a number of Bob-lites. I get hired to fix their problems, and help them keep their status and dignity. Naturally, I get blamed for the problems. When I see what's coming over the horizon, I try to estimate what point my paycheck fails to be worth it all, and initiate a graceful exit which avoids my pay being recalculated at minimum wage (stupid contracts!). Most experiences are good though, and sometimes I'm treated like a hero. Makes it all worth it.
I sort of view the board as being the problem for living with and shrugging off problems like these. It could be that the org has attracted too many people with this attitude, or is so desperately short on resources, and should be left to natural causes. It could be that Vanderhoth is a malcontent neat freak and overstates the problem. There may not be a way out of this without drama. Best course is an honest attempt to directly talk to Bob about the document system. If it doesn't pan out, quit before becoming too invested in the failing org.
Let's unpack this a little bit. Unlike the rest of the board, this Bob thing aggravates you enough to ask that something be done about it. It may be that you don't quite fit in with these people. You may want to leave. Or do you suspect you've been brought in to shake things up?
You say you don't have the time to take over Bob's job yourself if he bolts, and I guess that's why it's so important to keep him. You keep saying every single time how great Bob is (he reads slashdot, am I right?). If he's so great, why does he need to be treated so tenderly? Why is everyone agreed that his system has gone to heck, but no one wants to confront him? Does he own the org's domain name? Has he threatened to quit before? Don't be shy. Tomorrow, ask at least 3 people why they themselves haven't brought the topic up with Bob.
You say you're usually direct, but you're here asking how you can finesse this thing all sneaky like. Why don't you just be yourself, and approach Bob about it? Don't try to manipulate him or manage him, just tell him, that as a programmer yourself, you see it's past time to clean things up. If it doesn't look like it's going to happen, then leave the organization. You'll have discovered why they have so much trouble retaining members, and you'll have left before you invested too much of yourself in it.
If you have the free time, put together the document system they need, and wait for news that Bob has left the picture. Offer to take over as document specialist for a reasonable fee. If they decline, you're morally straight, and they go down the tubes for natural reasons.
One final thing; have an item placed on the next agenda to adopt a standard for naming and placement of documents. Make sure the document management interface gets a banner added which reminds folks to use the standard.
I've been wondering why the board members warned Vanderhoth to approach the issue so sensitively. It may be that Bob has a history of bad reactions to his system, or not. It could be that ANOTHER board member is depending on the disorganization to keep some skeletons hidden. If no one will give you a straight or consistent answer; clang clang clang clang clang, get your ass out of that organization.
You have the choice of being direct, and finding out if this is an organization you want to waste any more of your time with, or pussyfoot around with the rest of them until the system comes crashing down. Pray this doesn't involve indictments.
If you feel you have Bob's respect, ask him point blank who he considers to be the second most capable person with his system. Ask him to make you the new 2nd, out of concern for his irreplaceability. Don't take no for an answer. If he rejects you, then he's an irrational fool, and the organization is foolish. Get out.
But first, bring a shiny new USB terabyte drive into the office and make a copy of the documents, even if it means losing the index. You can always run some scripts later to organize them by creation and access dates, author, and likely subject keywords. Peruse to your heart's content and see if you can dig up an explanation. If it seems simple enough (long shot), just stick it all into your own document management system, and look into automated daily imports of new and updated documents.
One day Bob will be unavailable at a critical time, and you can show everyone your spiffy new system. If they're not too afraid of offending Bob (seriously, what is this issue with everyone and Bob, if he's such a nice, respectable guy?), they'll take to your system like fish to water, and you can quietly shut Bob's server off.
Domain names might be considered optional if one has exclusive use of their IP address. But if you share your IP with other customers at a hosting service, you'll need something for your browser and email client to use as a target label.
Folks, we're not required by law to use the established ICANN Domain Name System! At least not in most "free", first-world countries. Imagine being able to privately or publicly register any freakin' string you like as a domain name, thus sidestepping the pointless, expensive and tyrannical limitations of the current one. This could be implemented as entries in your HOSTS file, the use of a private DNS server on your LAN, or the establishment of an alternate DNS system on the Internet. Users could use it only to set up their own address-bar "shortcuts" like "slash.dot" or "pepsikids.reallycool.internet.blog", or additionally opt-in to accept other's "shortcuts" like "apple", "ebay", and "ibm" too.
As an example of the opposite goal, one of OpenDNS's strengths is to intercept legitimate requests for domains that host objectionable material, and redirect them so the kiddies can't browse porn. This function can be extended, or a parallel service established, which permits the DNS resolution of additional strings which are not recognized by ICANN. Call it UCANNOW or DNSAnything. This alternate system would typically filter the use of patterns that would conflict with ICANN TLD's. It's not impossible to make exceptions for those nice, short domains that have been uselessly parked for years by speculators. Screw 'em.
ICANN can be expected to do anything in it's power to sabotage this end-run around their feed trough, but will ultimately fail, since this proposed system is opt-in. It doesn't even need it's own domain name to be set up as Primary DNS on folk's PCs or routers. Some controls would need to be established to limit misuse and libel, but this work can be largely handled by it's own community.
Registration would be dirt cheap, but vary according to how short or similar to ICANN TLDs a request is. One doesn't want to let IO or IBM pay just $5/yr to secure control of their DNSA counterpart. Registering something like chucks.blog.of.weird.people.at.walmart might cost just $1/life.
Slashdot Mirror
I create unique email addresses too. I run a catch-all mailbox, so my scheme doesn't do much to prevent me getting spam. It tells me who has been compromised and I can be a good citizen and let them know. I give them one fair chance, and if they don't respond, or if they're retaliatory towards me, then feck 'em. Nobody ever gets my "real" email address. Most websites simply never respond to my information. If it's a blogger, they infrequently respond, but just to express doubt, and interrogate me about my unique email policy on the grounds that I'm violating some unwritten "real identity" rule of theirs. They can be real jerks to me, the friendly messenger. One major website swore they were secure but had been compromised once over a year before. Since my email naming convention is websitenameyeardate@mydomain, I could prove my email had been harvested much more recently. They still flat out said "didn't happen". Otherwise, almost none of my spam comes from "unique" addresses.
There is a small handful of once-valid addresses I used as a blogger and forum commenter which continue to get email after many years, even though my email server properly rejects them as unknown mailboxes. Strangely, most spam sent to me is constructed using common names like admin@ contact@ info@ and a short list of asian firstnames@ of all things. If a particular address gets enough activity, I will add it to my blacklist. Setting the server to reject connections from unregistered email servers actually blocks far more spam than complex rules could.
The most interesting episode was when I kept getting repeated attempts to relay an email to a particular address. I could see by that address, that the recipient was local to me and contacted him. He found his mailbox maxed out with these test emails from servers which -were- relaying. He'd registered at websites using that email address and used the same password everywhere, so when one website was eventually compromised, they tried his password on Road Runner, and had themselves a handy mailbox to dump email relay test results into.
I read about this very thing in the news 15 years ago! I half expect now, to learn that some surgeon in the 1700's was already using it experimentally. Get off your ass, medical science!
I suspect that if this asteroid were to land gently in a valley somewhere, and we were to exploit all of it's resources conventionally, we'd find considerably less mineral wealth. The $195B figure is probably about saving the cost of launching comparable amounts of metals and water, minus the cost of developing infrastructure to mine in space. Mining in space is going to be about building in space, folks. The only thing we'll be sending back home is beams of space-generated power and research data. We'll spend the next million years filling the solar system with miles-long solar heat-sintered concrete cylinders to live in. There will be far more humans in space than on Earth, and we'll rarely mingle in person. Maybe someday we'll have the skill and energy to visit other stars (we quasi-already have the technology), but it won't be to bring back dilithium crystals and chests of gold-pressed latinum.
This wouldn't work for me, because the only thing that keeps some of my servers from misbehaving is the fact that they know I can drop-kick it down the stairwell if it acts up one more time.
The sad thing is, they probably stopped routing your DSL connection all the way to the central office, but connected it at the same sidewalk DSLAM box that your U-verse connects at. You've had a "classic" DSL connection that could achieve U-verse speeds, which they just wouldn't give it to you unless you paid for the conversion.
I don't see what was wrong with the old installer. It was straightforward and covered all the bases. This new one was like a frustrating chose-your-own adventure, and left me fearing that I'd skipped over part of the process. I felt like it was fighting me when I wanted to erase various vista, ubuntu 10.10 and dell diag partitions and just give it the whole drive. I asked myself "they delayed the launch 3 months for THIS?". However, I'll probably stick with F18 for now since I'm reading that F19 will not have fallback gui. I use the fallback exclusively since I don't have to install any further guis and gnome 3's vino vnc server sucks rancid goat balls when I'm trying to remote into the desktop.
Because I don't like how classic anti-spam black lists work, my idea describes doing essentially the opposite of your spam black list, as blacklisting is rife with abuse.
If any, let alone every, anti-spam black list works the way my anti-DDOS proposal works, please point them out to me. And we're looking for something a smidge more specific than "something that responds to avoid something else".
We don't need a full-blown "reputation" system, as flawed as that will undoubtedly be. It literally takes nothing to get on an email blacklist, and these systems are rampant with abuse. All that is important is to have a trusted third party to receive DDOS reports and independently verify them, and a cooperative admin (or automated system) at the ISP of the attacker who will promptly block his own network's outgoing traffic *to* the victim for a reasonable time. This will throttle down the DDOS attack, making such attacks ineffective. This will expose and map out botnets the moment they go live. There will be no collateral damage or customers helplessly complaining about being blocked, because the *victim* is requesting to be blocked.
Wow, I'm glad you liked my idea I posted above, earlier. However, you shouldn't be blocking anyone's IP address *except* for the victim, as blocking the alleged offender simply begs to be abused in the same way as email blacklists. The system should provide the victim with a means to request temporary protection.
The "We regret to inform you... click here..." won't work though, since it would become what the next round of trojan installers look like.
The idea of voluntary email blackhole lists could be adapted here. Victims of DDOS could submit lists of IP addresses that are attacking, to a central clearinghouse, which will analyze the attack pattern in order to determine the most efficient response. The clearinghouse would verify and document which groups of IPs are part of a particular attack in progress, and notify the relevant ISPs in real time. These ISPs would respond by blocking outgoing access to the victim from their network for a time. Whenever possible, they could later contact the offending customer to help them eliminate the bot infection. Botnets could be mapped out instantly, and in great detail. DDOS attacks could be significantly throttled down after just a few minutes. If enough ISPs participated, DDOSers would be left with just the crummy little ISPs to use that don't give a toot. Regrettably, this system could also be used to illuminate any legitimate activity that governments and ISPs frown upon, and the central clearinghouse itself needs to be somehow immune to DDOS attacks.
Thank you so much for saying that.
The gargantuan facility being assembled at those coordinates say you're a gravely colossal fool.
This conversation is over.
What I know, Good Citizen, is that this government is assembling an engine of tyranny, literally a thousand times bigger than that of any absolute dictatorship mankind has ever known. And if things work the way you suggest, it would also be the first time a government assembled such a system without any interest in using it.
It's people like you who insist "but they're only *building* internment camps! They're not *using* them!" 40.427277 -111.934485
Speaking of pulling things out of their ass.... NSA presenting itself as the covert white knight of America's domestic computer systems. HooBOY.
So, Good Citizen, you must think that free men should be stopped from overthrowing an unjust government. You can think what you want, but when you sputter "NSA? Possess surveillance software?!?! Ridiculous!!", you only look like an idiot.
The unanswered questions are; if, and how does the NSA inform critical domestic utilities of their vulnerabilities, and what power might they have to compel those utilities to secure their systems appropriately? The problem being that the NSA would probably prefer to quietly catalog and study vulnerabilities, to help quell revolts or secessions in the future, rather than send out emails full of advice for patching bugs. Thus, they're no help to anyone, and at a high price. On the other extreme, the NSA's solution to every problem would likely be the compulsory installation of their own home-grown monitoring software, you know, to be "extra secure". Certainly, you can trust them. Their entire history is proof of the advantages of cooperation.
I've been lurking in /. for years, and I'm absolutely certain that this topic is nearly, if not exactly, word-for-word identical to another /. post from either last year or the year before.
...of course, it's the *providers* who demand the crippled firmware, but SS is only too happy to provide the custom lobotomies.
/yes, they have your PIN, PIN2 SIMM and every other number you're asking for.
//yes, the're lying about not having this information, but noone you can get ahold of on the phone has it.
It's a considerable "security issue" because it may provide a vector through which you could install any app, ringtone, mp3, wallpaper, etc., that you did not buy from the manufacturer (thinking of currently un-rootable devices here). You could disable un-installable apps you mfger wants you to have. You could inspect and monitor your phone's memory and data transactions in such detail as to learn what information your mfgr, or installed apps, harvests from your activity. Heavens, you could finally back up and restore your phonebook from a device with a disabled data port. Enable wifi without a $15/mo service plan! Download your cameraphone pics and videos without using up some of your data ration! Or install a cut-and-paste extension! Freedom is dangerous! Samsung cannot ensure the 'highest customer experience' if the customer can shop around! Or some hog-swill like that.
Disclosure: worked for Samsung Wireless. They're evil.
So if I want to throw detectives off my trail, all I have to do is harvest a bunch of handles from 4chan, Slashdot and Fark to reuse? Good to know. Not that I'd do that, of course. Or use my enemy's handle. Hur hurr.
Ya know what I think? I think we just freed up 84 unused netblocks for the rest of the Internet to use.
Van, it's good to hear back from you. I'm glad you liked some of the ideas I bounced your way. It sounds like you have the ball rolling now. While other slashdotters may vary, my advice is always to just be yourself. Managing special people is a dandy skill to acquire, but it would involve a degree of dishonesty I couldn't muster. I just be direct and reasonable. In the long run, I'm happier finding out that people didn't respect me, or that the company culture required that I be treated like a subordinate until I'd been there a minimum number of years. But I think you're in a better situation than that.
I have some experience with working for non-profits (student orgs), and I know what it's like to be emotionally attached to something that no longer deserves my efforts. Going forward, I try to quickly find out if I'm in a messed up situation before I get attached. As an IT contractor, I run into this all the time. I've dealt with a number of Bob-lites. I get hired to fix their problems, and help them keep their status and dignity. Naturally, I get blamed for the problems. When I see what's coming over the horizon, I try to estimate what point my paycheck fails to be worth it all, and initiate a graceful exit which avoids my pay being recalculated at minimum wage (stupid contracts!). Most experiences are good though, and sometimes I'm treated like a hero. Makes it all worth it.
I sort of view the board as being the problem for living with and shrugging off problems like these. It could be that the org has attracted too many people with this attitude, or is so desperately short on resources, and should be left to natural causes. It could be that Vanderhoth is a malcontent neat freak and overstates the problem. There may not be a way out of this without drama. Best course is an honest attempt to directly talk to Bob about the document system. If it doesn't pan out, quit before becoming too invested in the failing org.
Let's unpack this a little bit. Unlike the rest of the board, this Bob thing aggravates you enough to ask that something be done about it. It may be that you don't quite fit in with these people. You may want to leave. Or do you suspect you've been brought in to shake things up?
You say you don't have the time to take over Bob's job yourself if he bolts, and I guess that's why it's so important to keep him. You keep saying every single time how great Bob is (he reads slashdot, am I right?). If he's so great, why does he need to be treated so tenderly? Why is everyone agreed that his system has gone to heck, but no one wants to confront him? Does he own the org's domain name? Has he threatened to quit before? Don't be shy. Tomorrow, ask at least 3 people why they themselves haven't brought the topic up with Bob.
You say you're usually direct, but you're here asking how you can finesse this thing all sneaky like. Why don't you just be yourself, and approach Bob about it? Don't try to manipulate him or manage him, just tell him, that as a programmer yourself, you see it's past time to clean things up. If it doesn't look like it's going to happen, then leave the organization. You'll have discovered why they have so much trouble retaining members, and you'll have left before you invested too much of yourself in it.
If you have the free time, put together the document system they need, and wait for news that Bob has left the picture. Offer to take over as document specialist for a reasonable fee. If they decline, you're morally straight, and they go down the tubes for natural reasons.
One final thing; have an item placed on the next agenda to adopt a standard for naming and placement of documents. Make sure the document management interface gets a banner added which reminds folks to use the standard.
I've been wondering why the board members warned Vanderhoth to approach the issue so sensitively. It may be that Bob has a history of bad reactions to his system, or not. It could be that ANOTHER board member is depending on the disorganization to keep some skeletons hidden. If no one will give you a straight or consistent answer; clang clang clang clang clang, get your ass out of that organization.
You have the choice of being direct, and finding out if this is an organization you want to waste any more of your time with, or pussyfoot around with the rest of them until the system comes crashing down. Pray this doesn't involve indictments.
If you feel you have Bob's respect, ask him point blank who he considers to be the second most capable person with his system. Ask him to make you the new 2nd, out of concern for his irreplaceability. Don't take no for an answer. If he rejects you, then he's an irrational fool, and the organization is foolish. Get out.
But first, bring a shiny new USB terabyte drive into the office and make a copy of the documents, even if it means losing the index. You can always run some scripts later to organize them by creation and access dates, author, and likely subject keywords. Peruse to your heart's content and see if you can dig up an explanation. If it seems simple enough (long shot), just stick it all into your own document management system, and look into automated daily imports of new and updated documents.
One day Bob will be unavailable at a critical time, and you can show everyone your spiffy new system. If they're not too afraid of offending Bob (seriously, what is this issue with everyone and Bob, if he's such a nice, respectable guy?), they'll take to your system like fish to water, and you can quietly shut Bob's server off.
You can label your browser's shortcuts with any name you want, and it's easy to migrate your shortcuts to other browsers.
Domain names might be considered optional if one has exclusive use of their IP address. But if you share your IP with other customers at a hosting service, you'll need something for your browser and email client to use as a target label. Folks, we're not required by law to use the established ICANN Domain Name System! At least not in most "free", first-world countries. Imagine being able to privately or publicly register any freakin' string you like as a domain name, thus sidestepping the pointless, expensive and tyrannical limitations of the current one. This could be implemented as entries in your HOSTS file, the use of a private DNS server on your LAN, or the establishment of an alternate DNS system on the Internet. Users could use it only to set up their own address-bar "shortcuts" like "slash.dot" or "pepsikids.reallycool.internet.blog", or additionally opt-in to accept other's "shortcuts" like "apple", "ebay", and "ibm" too. As an example of the opposite goal, one of OpenDNS's strengths is to intercept legitimate requests for domains that host objectionable material, and redirect them so the kiddies can't browse porn. This function can be extended, or a parallel service established, which permits the DNS resolution of additional strings which are not recognized by ICANN. Call it UCANNOW or DNSAnything. This alternate system would typically filter the use of patterns that would conflict with ICANN TLD's. It's not impossible to make exceptions for those nice, short domains that have been uselessly parked for years by speculators. Screw 'em. ICANN can be expected to do anything in it's power to sabotage this end-run around their feed trough, but will ultimately fail, since this proposed system is opt-in. It doesn't even need it's own domain name to be set up as Primary DNS on folk's PCs or routers. Some controls would need to be established to limit misuse and libel, but this work can be largely handled by it's own community. Registration would be dirt cheap, but vary according to how short or similar to ICANN TLDs a request is. One doesn't want to let IO or IBM pay just $5/yr to secure control of their DNSA counterpart. Registering something like chucks.blog.of.weird.people.at.walmart might cost just $1/life.