Can OCR properly trace the lines at least to replicate it? Meaning, it could make a vector replica of the handwriting? Would be neat if it could do that, then try to straighten out the lines, perhaps to simulate the possible path the original writer took to write it.
That was my goal many years ago. I got as far as analyzing characters into vectors, and that includes cursive writing. Then I was going to analyze the vectors just as you suggest. I got sidetracked into a career on the AS/400 iseries and never got back to it, but it is high on my list now.
It seems to me that it would be better to OCR everything and contract the proof-reading to the Chinese firm. The wide variation of writing styles and letter forms may make 100% accuracy of OCR impossible for this task, but starting from OCR should reduce the task, shouldn't it?
No, you may be confusing handwriting with handwritten characters. The summary said CAPTCHA's were broken, but all the examples given in past/. threads were of CAPTCHA characters that didn't overlap. I haven't seen any publicity on successful OCR of overlapping characters, much less cursive handwriting.
Even handwritten characters on devices are really analyzed by analysis of strokes as they are made by the stylus to print the character, not by optical character recognition of the final character. And those are discrete, non-overlapping characters.
Based on my reading from the frequent CAPTCHA threads, the algorithms to "break" CAPTCHA's are probably no more complex than density measurements which result in a few correct answers out of many attempts, and that's the trivial case of all upper case letters with perhaps numbers.
And more than likely, they are also using the Chinese and equivalent to "break" the CAPTCHA's.
Recognizing cursive handwriting is light years beyond these trivial cases.
Do you see a large amount of spam coming from actual hotmail accounts? I know I have in the past, but lately my own experience is most spam comes from (bogus-name)@(bogus-domain). I don't see much spam that is routed through hotmail servers, either.
yes, that's my experience as well. Hotmail now comprises a small portion of my incoming.
I think most spam is coming from PC's with forged from addresses, and I can attest that my email address or some from my domain are used in that forging periodically, including recently. I get all the spam rejection emails from it, but Postini catches most of them so not a problem.
Good work in TFA documenting an attack. A critical piece is that the CAPTCHA image is sent off and an encrypted answer of eight letters returns in an average of six seconds.
Most replies in all of these CAPTCHA/. threads assume the image is being decoded by computer (i.e., OCR), therefore suggest supposedly harder tests for a computer to solve as a solution (although most suggestions are actually easier).
There is a possibility of that going on, but more likely the images are being transmitted to humans to decode. I don't know for sure, but I've never seen one post ever that gave any good indication it was OCR being used, and plenty of known situations where humans are decoding it.
So for the case where OCR is actually being used, some of the characters in each image need to physically overlap to break OCR. But if humans are decoding, then obviously they can do what we can do, so just overlap the CAPTCHA characters to make OCR impossible and forget about all the other exotic suggestions.
In the case of phpBB (forum software I use), the CAPTCHA's don't overlap but the image is displayed embedded in the web page via CSS (as far as I can tell) so the whole page would have to be transmitted back for decoding versus an image file as from Hotmail's process. Not that that solves anything, but at least make it that much harder to transmit and decode the CAPTCHA.
If there is a service that anyone can abuse based on nothing more than ability to read some letters from an image, then everyone else needs to protect themselves from that abusive service. One possibility is blacklisting the domain and only allowing whitelisted addresses from it. But I use Postini and it traps most spam without anything special going on with hotmail. If it's spam it gets trapped and if it's good it comes through to me.
But hotmail could do a few things to keep from being blacklisted. One would be to require a confirmation from another email address, a different one for each hotmail account, to enable the hotmail registration with info such as a code provided with the registration required to be typed into the body of the reply email. Three failures or a timeout would delete the registration.
I also would suggest a controversial but effective strategy. I would allow for a whitelist of worldwide ISP domains that have identifiable customers. Other services similar to hotmail such as gmail wouldn't be on that list. I would allow email only from registrants who confirmed from a whitelisted domain to be sent from hotmail to any address. Others would only be allowed to send email to addresses for domains within their own regional internet registries.
This of course does not address spam overall as a problem, just spam emanating from hotmail accounts.
Speaking of which, I see the usual about most spam coming from the US. Yes, it may, but if it does it's because US PC's were owned by Euroasian botmasters and the spam is controlled by them.
In my experience with my small phpBB forum, by a huge amount most attacks come from Euroasia. It's those attacks that take over PC's, and it's taken over PC's that send out spam. Looking at the source of the spam from an IP address perspective isn't the answer. You would need to look at where the botmasters are to say where spam comes from.
Under most configurations and browsers I've used, typing an address in the Google search box takes you directly to that address, as if you had typed it into the address box.
I thought so too and do that on a regular basis (assuming we're talking about clicking on I Feel Lucky to go straight there). However recently the/forums URL of my website didn't go to/forums, it went to one of the/forums pages on my site that was linked by wikipedia.
That shows that Google is applying their results algorithms even to URL's, which was a major surprise to me because it always went to any URL I typed in before (unless Google didn't have it indexed), but only because there's usually nothing higher ranked for a search result than the URL.
oh my, I see what you're saying if thinking about a client PC with ODBC connections to a database, and assuming enough access rights gaining database schema and downloading data.
I've seen remote corporate PC's where we did have them access with a client program via ODBC, but I can't imagine any corporate software server system that operates that way. There's nothing between you and any of your PC's out there to stop any ODBC access if the client apps are hitting tables directly. You might as well just dump your database out in the street and let anyone have it.
I expect any kind of corporate software like a reservations system to be view only, where the processing of database access and business logic is taking place on the server and the data sent to a PC for view and data entry, selection, etc.
We know of course a web app would work this way, but I'm assuming a Windows client program for worst case. The problem is with the term client server. Look at this white paper from Carnegie Mellon http://www.sei.cmu.edu/str/descriptions/clientserver_body.html and see the problems with client server, and those are just performance problems, not lack of security because they speak of operating on an intranet network, as is typical.
Any kind of serving like a reservations system would be done with a three tier system, and the database access is not done from a PC. There's just socketing for messaging to populate the screen and send back user selections/entries.
I just can't imagine client server being used for a system of that size though. There were hundreds of Best Western Hotels. And even on a smaller scale, I can't imagine it for performance and security reasons.
So that's why I wasn't thinking along your lines at all. But it is a good point.
Multiple problems with that, Whitehorse. First given the stated information that an Indian bypassed security and placed a trojan virus on the PC, there wasn't any question as to how that happened. Just accessing the PC via it's IP address to crack it as is attempted constantly all over the world.
Secondly, how do you log in to a hotel reservations system and "dump the database to file". Have you ever logged in to a reservations system, even an internet one like Travelocity? There is no dump database to file button.
The suggestion could be made that the cracker pulled an exploit that got him the command line with root, but would require details of the software to take a crack at guestimating what exploits might have been possible.
My opinion is that there is no basis for believing a database table was actually exported and FTP'd, or that the database files were FTP'd without some indication such an exploit took place.
That does not relieve the corporation from legal requirements as if it had, however, at least in the states. But those legal requirements, if any, vary from state to state. We see this all the time when news of stolen data finally makes it to the public, mainly because one of those requirements is to notify potential victims.
The funny thing is, if you didn't have any personal info like addresses and credit card info you couldn't notify them, but there wouldn't be anything potentially stolen to notify them about.
This whole thing is very confusing to make sense of, starting with British writers that write like the National Enquirer.
Starting at the beginning, from TFA, someone from India "planted a trojan virus on one of the [continental] Best Western Hotel machines used for reservations" collecting the username and login of a staff person's login.
So what does that give them? A log in to the Best Western reservations system. Gee, wonder how many people know that top secret info? Like every freakin Best Western counter clerk, for starters.
And then what does one do when logged in to a reservations system? They make reservations!!! Holy cow, that's top secret too.
So here's where it gets confusing. How does someone knowing the login to a reservations system, which is like everyone using it, allow anyone who's logged in to acquire the entire reservations history table?
If anyone can do it by selecting history on all or something, then any Best Western clerk could have retrieved all this info at any time just by logging in.
With the trojan virus hocus pocus talk, there is an implied possibility that the virus spread to the server which provided a back door to retrieve the info, but that isn't stated. What's stated is the that the trojan merely recorded a login and the Indian got it. We know that is what is happening in bot networks all over the world. It's just a matter of which logins get snapped up from an unsuspecting user.
So either any Best Western clerk could retrieve all reservation history including credt card info at any time, in which case the Indian might just as well worked for one, or there's an unspecified and unexplained access to the server that provided a backdoor FTP from the server.
One or the other, but if the first then it wouldn't be the greatest cyber-crime ever, it would be the worst reservation system server software in history.
If the second, again, a clerk could have copied a trojan virus file from a floppy to the reservations PC and logged in, doesn't require a "hacker" at all.
My guess from the frenzied journalism is that a reservations clerk login is all it took rather than hoping the trojan virus could both capture the login and then also migrate successfully to the server, which trojans generally aren't multi-OS aware and assuming the server was the same OS, migrated with standard trojan attack vectors for the OS. I find that hard to believe though.
I also wonder whether there were any confirmed sightings of the info being offered in criminal forums by any of these quoted security experts or just how it came to be known that the entire reservations history table has been downloaded by anyone who acquired the reservations system login from the Indian.
Gee, having a Best Western reservations system login being the cyber-crime of the century is the goofiest thing I've seen since the last/. debacle thread, and we don't have to go too far back to find one.
149,000 e-mail accounts 6,100,000 e-mail messages per day
That's over 40 emails per person per day. I've got to assume that most of them are "internal spam"...
That's probably a bad assumption. They would count incoming spam they have to deal with, wouldn't they? That's where the large numbers per employee would come from.
Which brings me over to the question "what is an IT person?" I am sure that different companies define this differently, and some might consider e.g. payroll processing "IT work", while others include non-IT personnel working for the IT department, like (in order of importance) janitors, cafeteria workers and CIOs. In a big company, they still may be employed in the IT division, and count as IT.
Computer operations is IT. An HR office employee working with payroll who performs some functions on their PC is not a computer operator.
Non-IT personnel are not IT personnel because they work in an IT department. Big companies do not count them as so. Plus I've never really seen non-IT personnel limited in their function to an IT department except secretaries who do count in the IT department. Heck, generally they do the counting.
IT Department Staff ratio to overall employees is a fair question, but unless the answers are broken down by category of IT work the answers are useless.
How many are admins, and for what operating systems and technologies? How many help desk? How many management, including project managers, business analysts, and documentation people?
And then finally you get to what makes the difference, whether the business develops/modifies software for itself or not. That's where the person asking the question is referring to a simple software change taking six months. By the way, simple as in how? Also, how much of the six months is a backlog before they even started on it?
In the end, only cost effectiveness is the real answer, as it levels out buy versus build decisions. And cost effectiveness is one of those things that can be rationalized any way someone wants. So that's why questions like this get asked and there are never any clear answers.
In particular, having to do something with a large number of records is exactly the kind of problem that scales well when you throw machines at it...
That's actually not true at all. Sure there are a few specialized proprietary distributed databases written from the ground up - Google, Amazon, EBay, Yahoo, and the like - but no, dealing with very large databases does not scale well by throwing commodity hardware at it. That's why we have mainframes and the large midrange IBM system i's that I work on.
I routinely deal with files with over a billion records in them in my business process programming for companies that do a few billion dollars a year in business. The work is done with programs running on the big iron. It couldn't be done faster or better or cheaper with any combination of distributing either data or programming or both across commodity servers.
If it could, we'd be doing it.
Even with commodity servers used for web serving, the "web farms" typically are all hitting one or more large database servers. It's not faster or better, but easier for web programmers using Windows or Linux on the commodity servers to process web pages.
I'm developing a mainframe/midrange approach now as a personal open source project in the RPG midrange language that will attempt to provide a superior web serving infrastructure over web farm commodity servers. Speaking of Google, that's where I'll be hosting the source.:)
Isn't this the same COBOL that stopped California from implementing pay cuts because they didn't have anyone who could quickly make the changes?
No, it was the complex programming logic that would be required, not the language. They wouldn't have wanted to attempt that in any language, including yur favorite, whatever it is.
Also, in that same thread, I suggested a way to do it without any programming changes. It could have been done, they just didn't want to do it, for obvious reasons.
A quick Google search of "sex" returns about 849 million results in 0.42 seconds.
Google didn't count 849 million records in.42 seconds.
Also, do a quick Google search on an unusual name in quotes or something else that only returns a few records and see that the results are returned in nearly the same time,.20 to.30 seconds or so.
Has nothing to do with reading records in that amount of time. Has to do with Google giving estimates from its indexing.
How many members of the Linux Kernel team, the Apache team or the Samba team are actually unpaid for their work on said project? Last time I looked, the vast majority of all those teams were made up of dedicated, paid developers.
The same thing would apply to credentialed academics employed by universities, corporations, government, and non-profits funded by them. The change required to enable this is recognition of acceptance to open source textbooks by peer review committees, and a change from printed books to PDF / web page books.
Imagine the interaction you could introduce into text books with programmed demos and extensive, dynamic questions and answers to recall from a growing knowledge base.
To be realistic, though, the current academics cut from textbooks (however upfront or backdoor it may be) will need to be replaced to kindle any interest. The solution is to add some percentage of current class enrollment fees (e.g. total quarter or semester hours cost) that represent approximately 25% of estimated current textbook costs as an open source textbooks fee. This fee would go straight to the credentialed academic authors, along with payments to peer review members.
Students would pay only 25% of what they now pay for textbooks and open source textbook contributors would likely increase income substantially over current publishing company royalties.
Course teachers would lose out on kickbacks, but they could contribute to the growing open source body of knowledge in their field that they know well enough to teach, and actually earn the money.
I see that ZDnet's Larry Zignan concluded from a 2004 Baseline article that Netflix had startup problems for their homegrown business systems, but he apparently misread the article. It says the system was reworked in 2000, 2002, etc. as customers grew to 1.5 million, but tha's not startup problems, that's keeping with massive growth you wouldn't be able to get and handle if you had startup problems.
Slashdot Mirror
Plus if they'd bought it through google maybe they'd be concerned about a shareholder backlash?
yes, I would expect the company is privately funded by the Google execs and is independent of Google.
Perhaps the cursive issue has to do with the effective resolution you can get from the old paper scans?
No, has to do with no breaks between the letters, similar to wordsruntogether but with cursive letters run together for each word.
rd
Can OCR properly trace the lines at least to replicate it? Meaning, it could make a vector replica of the handwriting? Would be neat if it could do that, then try to straighten out the lines, perhaps to simulate the possible path the original writer took to write it.
That was my goal many years ago. I got as far as analyzing characters into vectors, and that includes cursive writing. Then I was going to analyze the vectors just as you suggest. I got sidetracked into a career on the AS/400 iseries and never got back to it, but it is high on my list now.
Here's a sample: http://www.rdwrites.com/forums/viewtopic.php?t=3794
rd
It seems to me that it would be better to OCR everything and contract the proof-reading to the Chinese firm. The wide variation of writing styles and letter forms may make 100% accuracy of OCR impossible for this task, but starting from OCR should reduce the task, shouldn't it?
No, you may be confusing handwriting with handwritten characters. The summary said CAPTCHA's were broken, but all the examples given in past /. threads were of CAPTCHA characters that didn't overlap. I haven't seen any publicity on successful OCR of overlapping characters, much less cursive handwriting.
Even handwritten characters on devices are really analyzed by analysis of strokes as they are made by the stylus to print the character, not by optical character recognition of the final character. And those are discrete, non-overlapping characters.
Based on my reading from the frequent CAPTCHA threads, the algorithms to "break" CAPTCHA's are probably no more complex than density measurements which result in a few correct answers out of many attempts, and that's the trivial case of all upper case letters with perhaps numbers.
And more than likely, they are also using the Chinese and equivalent to "break" the CAPTCHA's.
Recognizing cursive handwriting is light years beyond these trivial cases.
rd
Do you see a large amount of spam coming from actual hotmail accounts? I know I have in the past, but lately my own experience is most spam comes from (bogus-name)@(bogus-domain). I don't see much spam that is routed through hotmail servers, either.
yes, that's my experience as well. Hotmail now comprises a small portion of my incoming.
I think most spam is coming from PC's with forged from addresses, and I can attest that my email address or some from my domain are used in that forging periodically, including recently. I get all the spam rejection emails from it, but Postini catches most of them so not a problem.
rd
Good work in TFA documenting an attack. A critical piece is that the CAPTCHA image is sent off and an encrypted answer of eight letters returns in an average of six seconds.
Most replies in all of these CAPTCHA /. threads assume the image is being decoded by computer (i.e., OCR), therefore suggest supposedly harder tests for a computer to solve as a solution (although most suggestions are actually easier).
There is a possibility of that going on, but more likely the images are being transmitted to humans to decode. I don't know for sure, but I've never seen one post ever that gave any good indication it was OCR being used, and plenty of known situations where humans are decoding it.
So for the case where OCR is actually being used, some of the characters in each image need to physically overlap to break OCR. But if humans are decoding, then obviously they can do what we can do, so just overlap the CAPTCHA characters to make OCR impossible and forget about all the other exotic suggestions.
In the case of phpBB (forum software I use), the CAPTCHA's don't overlap but the image is displayed embedded in the web page via CSS (as far as I can tell) so the whole page would have to be transmitted back for decoding versus an image file as from Hotmail's process. Not that that solves anything, but at least make it that much harder to transmit and decode the CAPTCHA.
If there is a service that anyone can abuse based on nothing more than ability to read some letters from an image, then everyone else needs to protect themselves from that abusive service. One possibility is blacklisting the domain and only allowing whitelisted addresses from it. But I use Postini and it traps most spam without anything special going on with hotmail. If it's spam it gets trapped and if it's good it comes through to me.
But hotmail could do a few things to keep from being blacklisted. One would be to require a confirmation from another email address, a different one for each hotmail account, to enable the hotmail registration with info such as a code provided with the registration required to be typed into the body of the reply email. Three failures or a timeout would delete the registration.
I also would suggest a controversial but effective strategy. I would allow for a whitelist of worldwide ISP domains that have identifiable customers. Other services similar to hotmail such as gmail wouldn't be on that list. I would allow email only from registrants who confirmed from a whitelisted domain to be sent from hotmail to any address. Others would only be allowed to send email to addresses for domains within their own regional internet registries.
This of course does not address spam overall as a problem, just spam emanating from hotmail accounts.
Speaking of which, I see the usual about most spam coming from the US. Yes, it may, but if it does it's because US PC's were owned by Euroasian botmasters and the spam is controlled by them.
In my experience with my small phpBB forum, by a huge amount most attacks come from Euroasia. It's those attacks that take over PC's, and it's taken over PC's that send out spam. Looking at the source of the spam from an IP address perspective isn't the answer. You would need to look at where the botmasters are to say where spam comes from.
rd
And more time than Hans Reiser (15 to life means he'll be out in 10).
He wishes.
rd
Under most configurations and browsers I've used, typing an address in the Google search box takes you directly to that address, as if you had typed it into the address box.
I thought so too and do that on a regular basis (assuming we're talking about clicking on I Feel Lucky to go straight there). However recently the /forums URL of my website didn't go to /forums, it went to one of the /forums pages on my site that was linked by wikipedia.
That shows that Google is applying their results algorithms even to URL's, which was a major surprise to me because it always went to any URL I typed in before (unless Google didn't have it indexed), but only because there's usually nothing higher ranked for a search result than the URL.
rd
And at 106428 he's been waiting a long time.
Or just finished his masterpiece after all these years. :)
rd
I would call this personal service.
rd
oh my, I see what you're saying if thinking about a client PC with ODBC connections to a database, and assuming enough access rights gaining database schema and downloading data.
I've seen remote corporate PC's where we did have them access with a client program via ODBC, but I can't imagine any corporate software server system that operates that way. There's nothing between you and any of your PC's out there to stop any ODBC access if the client apps are hitting tables directly. You might as well just dump your database out in the street and let anyone have it.
I expect any kind of corporate software like a reservations system to be view only, where the processing of database access and business logic is taking place on the server and the data sent to a PC for view and data entry, selection, etc.
We know of course a web app would work this way, but I'm assuming a Windows client program for worst case. The problem is with the term client server. Look at this white paper from Carnegie Mellon http://www.sei.cmu.edu/str/descriptions/clientserver_body.html and see the problems with client server, and those are just performance problems, not lack of security because they speak of operating on an intranet network, as is typical.
Any kind of serving like a reservations system would be done with a three tier system, and the database access is not done from a PC. There's just socketing for messaging to populate the screen and send back user selections/entries.
I just can't imagine client server being used for a system of that size though. There were hundreds of Best Western Hotels. And even on a smaller scale, I can't imagine it for performance and security reasons.
So that's why I wasn't thinking along your lines at all. But it is a good point.
rd
Multiple problems with that, Whitehorse. First given the stated information that an Indian bypassed security and placed a trojan virus on the PC, there wasn't any question as to how that happened. Just accessing the PC via it's IP address to crack it as is attempted constantly all over the world.
Secondly, how do you log in to a hotel reservations system and "dump the database to file". Have you ever logged in to a reservations system, even an internet one like Travelocity? There is no dump database to file button.
The suggestion could be made that the cracker pulled an exploit that got him the command line with root, but would require details of the software to take a crack at guestimating what exploits might have been possible.
My opinion is that there is no basis for believing a database table was actually exported and FTP'd, or that the database files were FTP'd without some indication such an exploit took place.
That does not relieve the corporation from legal requirements as if it had, however, at least in the states. But those legal requirements, if any, vary from state to state. We see this all the time when news of stolen data finally makes it to the public, mainly because one of those requirements is to notify potential victims.
The funny thing is, if you didn't have any personal info like addresses and credit card info you couldn't notify them, but there wouldn't be anything potentially stolen to notify them about.
rd
This should be posted as an update in the summary. But that would take all the sensationalism out of it.
That's no fun.
rd
This whole thing is very confusing to make sense of, starting with British writers that write like the National Enquirer.
Starting at the beginning, from TFA, someone from India "planted a trojan virus on one of the [continental] Best Western Hotel machines used for reservations" collecting the username and login of a staff person's login.
So what does that give them? A log in to the Best Western reservations system. Gee, wonder how many people know that top secret info? Like every freakin Best Western counter clerk, for starters.
And then what does one do when logged in to a reservations system? They make reservations!!! Holy cow, that's top secret too.
So here's where it gets confusing. How does someone knowing the login to a reservations system, which is like everyone using it, allow anyone who's logged in to acquire the entire reservations history table?
If anyone can do it by selecting history on all or something, then any Best Western clerk could have retrieved all this info at any time just by logging in.
With the trojan virus hocus pocus talk, there is an implied possibility that the virus spread to the server which provided a back door to retrieve the info, but that isn't stated. What's stated is the that the trojan merely recorded a login and the Indian got it. We know that is what is happening in bot networks all over the world. It's just a matter of which logins get snapped up from an unsuspecting user.
So either any Best Western clerk could retrieve all reservation history including credt card info at any time, in which case the Indian might just as well worked for one, or there's an unspecified and unexplained access to the server that provided a backdoor FTP from the server.
One or the other, but if the first then it wouldn't be the greatest cyber-crime ever, it would be the worst reservation system server software in history.
If the second, again, a clerk could have copied a trojan virus file from a floppy to the reservations PC and logged in, doesn't require a "hacker" at all.
My guess from the frenzied journalism is that a reservations clerk login is all it took rather than hoping the trojan virus could both capture the login and then also migrate successfully to the server, which trojans generally aren't multi-OS aware and assuming the server was the same OS, migrated with standard trojan attack vectors for the OS. I find that hard to believe though.
I also wonder whether there were any confirmed sightings of the info being offered in criminal forums by any of these quoted security experts or just how it came to be known that the entire reservations history table has been downloaded by anyone who acquired the reservations system login from the Indian.
Gee, having a Best Western reservations system login being the cyber-crime of the century is the goofiest thing I've seen since the last /. debacle thread, and we don't have to go too far back to find one.
rd
149,000 e-mail accounts
6,100,000 e-mail messages per day
That's over 40 emails per person per day. I've got to assume that most of them are "internal spam"...
That's probably a bad assumption. They would count incoming spam they have to deal with, wouldn't they? That's where the large numbers per employee would come from.
rd
Which brings me over to the question "what is an IT person?"
I am sure that different companies define this differently, and some might consider e.g. payroll processing "IT work", while others include non-IT personnel working for the IT department, like (in order of importance) janitors, cafeteria workers and CIOs. In a big company, they still may be employed in the IT division, and count as IT.
Computer operations is IT. An HR office employee working with payroll who performs some functions on their PC is not a computer operator.
Non-IT personnel are not IT personnel because they work in an IT department. Big companies do not count them as so. Plus I've never really seen non-IT personnel limited in their function to an IT department except secretaries who do count in the IT department. Heck, generally they do the counting.
rd
IT Department Staff ratio to overall employees is a fair question, but unless the answers are broken down by category of IT work the answers are useless.
How many are admins, and for what operating systems and technologies? How many help desk? How many management, including project managers, business analysts, and documentation people?
And then finally you get to what makes the difference, whether the business develops/modifies software for itself or not. That's where the person asking the question is referring to a simple software change taking six months. By the way, simple as in how? Also, how much of the six months is a backlog before they even started on it?
In the end, only cost effectiveness is the real answer, as it levels out buy versus build decisions. And cost effectiveness is one of those things that can be rationalized any way someone wants. So that's why questions like this get asked and there are never any clear answers.
At least until they go under.
rd
In particular, having to do something with a large number of records is exactly the kind of problem that scales well when you throw machines at it...
That's actually not true at all. Sure there are a few specialized proprietary distributed databases written from the ground up - Google, Amazon, EBay, Yahoo, and the like - but no, dealing with very large databases does not scale well by throwing commodity hardware at it. That's why we have mainframes and the large midrange IBM system i's that I work on.
I routinely deal with files with over a billion records in them in my business process programming for companies that do a few billion dollars a year in business. The work is done with programs running on the big iron. It couldn't be done faster or better or cheaper with any combination of distributing either data or programming or both across commodity servers.
If it could, we'd be doing it.
Even with commodity servers used for web serving, the "web farms" typically are all hitting one or more large database servers. It's not faster or better, but easier for web programmers using Windows or Linux on the commodity servers to process web pages.
I'm developing a mainframe/midrange approach now as a personal open source project in the RPG midrange language that will attempt to provide a superior web serving infrastructure over web farm commodity servers. Speaking of Google, that's where I'll be hosting the source. :)
rd
Isn't this the same COBOL that stopped California from implementing pay cuts because they didn't have anyone who could quickly make the changes?
No, it was the complex programming logic that would be required, not the language. They wouldn't have wanted to attempt that in any language, including yur favorite, whatever it is.
Also, in that same thread, I suggested a way to do it without any programming changes. It could have been done, they just didn't want to do it, for obvious reasons.
rd
A quick Google search of "sex" returns about 849 million results in 0.42 seconds.
Google didn't count 849 million records in .42 seconds.
Also, do a quick Google search on an unusual name in quotes or something else that only returns a few records and see that the results are returned in nearly the same time, .20 to .30 seconds or so.
Has nothing to do with reading records in that amount of time. Has to do with Google giving estimates from its indexing.
In other words, not applicable to the topic.
rd
By legacy I mean the old programs written in the '80s in COBOL rather than more modern programs written in, say, C.
Because of course C wasn't around in the 80's. And people stopped writing in Cobol in the 80's.
By legacy you mean whatever you don't know about.
Holy cow.
rd
How many members of the Linux Kernel team, the Apache team or the Samba team are actually unpaid for their work on said project? Last time I looked, the vast majority of all those teams were made up of dedicated, paid developers.
The same thing would apply to credentialed academics employed by universities, corporations, government, and non-profits funded by them. The change required to enable this is recognition of acceptance to open source textbooks by peer review committees, and a change from printed books to PDF / web page books.
Imagine the interaction you could introduce into text books with programmed demos and extensive, dynamic questions and answers to recall from a growing knowledge base.
To be realistic, though, the current academics cut from textbooks (however upfront or backdoor it may be) will need to be replaced to kindle any interest. The solution is to add some percentage of current class enrollment fees (e.g. total quarter or semester hours cost) that represent approximately 25% of estimated current textbook costs as an open source textbooks fee. This fee would go straight to the credentialed academic authors, along with payments to peer review members.
Students would pay only 25% of what they now pay for textbooks and open source textbook contributors would likely increase income substantially over current publishing company royalties.
Course teachers would lose out on kickbacks, but they could contribute to the growing open source body of knowledge in their field that they know well enough to teach, and actually earn the money.
rd
Seems a lot of the stories get posted to get into "the media" without having the required science/adverse analysis/hostile counterpoint process done.
I like to read the hostile counterpoints here. :)
yeah, mine has been getting worse last few days, today is bigger than ever.
nothing like 800 though.
rd
I see that ZDnet's Larry Zignan concluded from a 2004 Baseline article that Netflix had startup problems for their homegrown business systems, but he apparently misread the article. It says the system was reworked in 2000, 2002, etc. as customers grew to 1.5 million, but tha's not startup problems, that's keeping with massive growth you wouldn't be able to get and handle if you had startup problems.
rd