SSH already went through the debate of timing style attacks and came out fine:
http://www.ssh.org/company/newsroom/article/204/.
Additionally, web forms aren't transmitted until you hit submit. So you need some interractive session to monitor to detect something like this. The article mentions telnet, which, if you're going to sniff to detect packet timing, you might as well watch the packets themselves. When you get into something that is encrypted and interractive, wouldn't there be enough random jitter from the encrypting and other data, like mouse position updates when you have remote GUI's, to make this very difficult without creating so much jitter to be obvious to the user that the keyboard is screwed up?
Implementation wise, the article lacked detail, so it's time to guess what's involved. You can't simply add a fixed number of ms to each key. What you need to do is have a timer that you are always offsetting from. Otherwise, the time that the user takes to type a key would be added on to the keystroke jitter, making it useless. Say you only watch 90 keys, giving you up to 90X, where X is some measurable time. The timer would also need to be 90X, meaning that you really have a maximum possible delay of 180X. With a CPU context switch (this is an interactive user), encryption processing, and physical network delays, I'm guessing that X would have to be several ms to be detectable. That would make the maximum time, even with only a 3ms X, over a half second in the worst case, which a user will certainly notice. Of course you can reduce the number of keys that you monitor, I picked 90 because it made the math easy and eliminated the F1-F12 keys. But anything over a couple 1/10s of a second will be noticable.
Lets see how long it takes for slashdot readers to swing into full hypocrisy mode. Specifically mocking windows because it is vulnerable to users running insecure software in administrator mode when every other OS has the exact same vulnerability.
I would agree with you, except that the hack was to run code that was unsigned when the OS was specifically designed with this security feature. If linux implemented something to prevent any executables from running that were not shipped from the distribution, and someone found a way to get around that, that would be a security hole, plain and simple. Not because other OS's do or don't have that feature, but because that feature was presumed to work and the user was expected to be able to trust it. If you can't trust an OS to implement the features they claim will make you secure, what about all the security features that they don't even offer?
Or at night, plan a raid, whereby you break the device in such a fashion that all the nice little leds stay on...
Screw that. I'd just head over there at 3 in the morning and smash it with a hammer
You are all making this too hard and you don't want to be caught trespassing at 3am. Try this:
It's outdoors
It's electrical
You probably have a garden hose
Just try not to electrocute yourself in the process, ok? And it wouldn't hurt to wait for the old fart to leave so that the evidence has dried up. Odds are that if it's a decent outdoor outlet, the GFI will pop. And if it's not so decent, or non-existent, the circuit breaker will trip eventually.
It won't be long before someone finds a while to build a targeted virus for these machines that changes the counters on that machine and all other machines it can reach on the network. And I won't be surprised when it's as simple as inserting one of those cards in the front of the machine and is done while the hacker is given privacy to cast their vote. The only question is if someone is good enough to do that, will we be good enough to find out, especially if the virus/worm is only memory resident so there aren't any traces.
I agree that non-violence is the best solution, but only when it's a feasible solution. Non-violence works well when your opposition tries to fight you with laws, scare tactics, and non-lethal violence. When the opposition desires to kill every one of your kind and eliminate you from the earth, there really isn't a good non-violent solution.
As for a good solution, well, there isn't one. The US is way too involved in a religious/holy war with the Jewish and Muslim groups. There are extremists on each side that believe the other is invading "their land" and will continue the conflict to the death. No peace talks, cease fires, or other "can't we all just get along" attempts will end that problem. The best solution is to stop supporting Israel, claim that we need to exercise our separation of church and state, and let everyone fend for themselves. We are still going to have a strained relationship with any Arab population for a long time to come, but the less we fuel the fire, the better.
I wish I could find the original quote, but it went along the lines of:
When the laws become so complex that people cannot understand them, the people are no longer free.
The trend is getting more disturbing these days. I grew up with the believe that police were there to protect and serve. I'm not quite sure who they are protecting now. The sad truth is that if police weren't harming the innocent, there wouldn't be so many loopholes that the guilty can use to get off the hook.
And something else to ponder, if a law against cell phone pictures of police were passed yesterday, would you know (assuming the media didn't pick up on it)? Are we really free when the people making the rules have no responsibility to inform the public of those new rules. Yes, I'm aware that they are made available for the public to view, but the lawmakers are well aware that the public doesn't have the time, nor the ability to comprehend, everything that is made into law. So we are left with a world where getting arrested is based on whether the police like you, and how much money you have to pay the lawyers. The same thing applies to paying your taxes.
I just say that linux on my machine doesn't have that problem, so I don't know why they are having that problem. They usually keep asking, in hopes that I'll get annoyed enough to take a look, but I keep giving the same answer. If they keep pushing, I reason that it's probably spyware, a virus, a windows bug, or a bad program, none of which I know about because I spend all my time tweaking linux instead of learning windows oddities. I don't ask them to fix my linux machine because they wouldn't know what they are doing, so why should they expect me to give good help on a windows box?
There are a few people that I try to help, but they keep their requests to a minimum and invite me over to bbq's. The other people you may consider helping are those that can help you in some way, working out a "scratch your back if you scratch mine" type of deal. But when it's someone looking for free advice, playing dumb is the best thing I can suggest.
Freedom and rights have to be fought for. The enemy isn't just the government; it includes corporations.
Human rights must come before corporate rights. Too many Libertarians I know seem uncomfortable with that.
When it comes to basic human rights, I agree. But beyond that, over regulating the corporations only moves things in the direction more government control and higher barriers of entry that the big corporations like. Keep in mind that a majority of corporations aren't the huge giants that everyone loves to hate. They are the small ones (<20 people) where the owner is looking to protect their own assets from the business they created. Personally I'd like to see fewer barriers and more people starting businesses. Competition from many small companies is the best way to keep the big corporations in check without growing the government into an even larger bloated mess.
Also, the other reason they get uncomfortable is because they are trying to move all of the public services to private companies. So, the logic goes, you wouldn't want to handcuff the organizations that you are trying to move the power towards, would you?
As for my beef with the Libertarians, it's that the only ones that ever run in my region are the extremist that want to get rid of public education and privatize all the roads, among other things. I'll cast a vote for them when I know my vote is wasted no matter who I vote for, but only to send a signal to the major politicians that their base is splintering and they need to stop pushing the wedge issues. If a Libertarian is ever going to have a chance, they need to move to toward the center and realize that small government doesn't mean a non-existent government, and we still need something to maintain a basic quality of life.
As for the Democrats and Republicans, they have all gone corrupt. It's all about the lobbyist and corporate interests. Candidates only work with the people when they see that it will help them get reelected. Considering all the redistricting and corrupt campaign finances, those in power never intend to give it up. They designed a system that is stacked against true third party competition (otherwise, we would see something like a ranked ballot). When we can only replace one bad politician with another, the government is free to run off against the peoples will and only shift direction slightly based on some pre-selected wedge issue (how is it that immigration reform suddenly became a crisis?).
He dismisses as 'random malarkey' the idea that Microsoft is having trouble hiring and keeping the kind of brilliant employees that have always been the company's competitive weapon.
When you're that big and popular, I don't doubt that you have an easy time finding talented developers. Sure, you will lose some to the other cool companies like google, but that's not microsoft's problem. The problem is that they are popular because all the applications are written for the current version of microsoft, and the existing code is extremely complicated. They are also the majority, if not the monopoly in many parts of the industry. The result is that you can only lead the industry by abusing your monopoly powers since drastic innovative code changes cause all those applications to start breaking. And with the complex code, any improvement is likely to be drastic. The end result is that competitors pull away parts of your customer base one bit at a time and you are constantly playing catch-up to avoid losing your majority.
This isn't rocket science, so I would avoid hiring a professional or using one that works off of commissions. If you have a good friend (that's not in college), getting some free advice won't hurt. Here's the process in a nut shell:
1. Avoid credit card debt. If you have any, pay it off. If you can pay off your card every month, then use it, you'll build a nice credit history and get have no problem getting that first apartment. If you can't, lock it away (either in a freezer or cut into pieces) and get a debit card instead. You're better off not closing the account if there's no annual fee since they base your credit rating partially off of how long you've had your accounts open.
2. Save your emergency stash. This is what you're really asking about right now. I recommend this after fixing any credit card problems because credit card interest is pretty bad. And should you get in a jam without an emergency stash, you could go back to your credit cards, but lets hope that doesn't happen. For working folks, this is 3-6 months of expenses to get you through a layoff. For you, you have to plan to get through college, possibly move, get business attire and other necessities, and then find that first job, so start figuring how much you might need for that. This money should be very liquid and not at risk, so something like an ING Orange or CD would be pretty good, or feel free to find higher rate alternatives.
3. With those done, you are really comparing interest rates and risk. The stock market usually returns somewhere in the 6-10% range, but you may have to stay in for 5-10 years for the bumps to average out. When you invest in individual companies, be prepared to lose all of that money because you never know when the next Enron will appear. For example, say you think there's a 25% chance you'll lose 0-20% or more, a 50% chance you'll make between 0-10%, and a 25% chance you'll make more than 10% in the 2-4 year horizon you have set
(before your loans start coming due). Do the math to see if it's worth the risk, and check your gut to see if you could stomach the worst option. If you don't believe there's enough upside to beat the 95% chance you'll make 5% in saving or CD, then there's no reason to play the market. Finally, consider any loans or other debt, and determine if you can do better investing your money than you could just by paying off that debt to avoid the interest. If you are determined to go with the stock market, but don't know exactly what you are doing, go with a no-load, low expense ration index fund. Vanguard and Fidelity both come to mind. Avoid the latest fads (.e.g gold, oil, realestate/reits) since by the time you are ready to cash in, the fad will be over.
And finally, I'd recommend Suze Orman (she's on CNBC, has a few of books, and also does PBS fund raisers) and the Motley Fool for the beginners advice. After you get those under your belt, consider moving up to the wall street classics and some of the higher risk folks (the random walk, think and grow rich, robert kiyosaki, and so on). Also, while you're just figuring things out, start watching your credit report. It's free and will hopefully have you making smarter decisions when you know how your score could be effected.
For those that need help understanding what MS is really saying:
1. We will ensure that Microsoft will design Windows in ways that make it easy for people to add non-Microsoft features.
Like viruses, spyware, adware, and so forth. Otherwise, we wouldn't have a market for getting rid of those problems and people wouldn't have a reason to upgrade.
2. Computer manufacturers are free to add icons, shortcuts and the like to the Windows Start menu and other places used to access software programs so that customers can easily find them.
3. Microsoft will design Windows so as to let computer manufacturers and users set non-Microsoft programs to operate by default in certain categories, such as Web browsing and media playback
And we can get past all that antitrust litigation.
4. Exclusive promotion of non-Microsoft programs... indicating that Microsoft's fierce competition with Google aside, the company is dedicated to this principle.
Oh, we forgot to mention the entire open source movement and anything they happen to create. Them and Google. Oh, and Apple. Um... how about if we just limit this to companies we can buy or crush?
5. Microsoft will not retaliate against any computer manufacturer that supports non-Microsoft software
Again with the antitrust thing. Of course there's nothing saying you won't buy or destroy the other company, retaliation is completely different.
6. Microsoft provides the developer community with a broad range of innovative operating system services, via documented APIs (application programming interfaces), for use in developing state-of-the-art applications.
#$%$^ EU.
7. Microsoft will design Windows Live as a product that is separate from Windows. Customers will be free to choose Windows with or without Windows Live
Wait, didn't we just say no retaliation? Oh, you meant retaliation against them? Ok, them too.
8. Microsoft will design and license Windows so that it does not block access to any lawful Web site or impose any fee for reaching any non-Microsoft Web site or using any non-Microsoft Web service
We had this cool system all ready to go, but the marketing dept said they couldn't find a good way to sell it without pissing off the anti-trust folks.
9. The U.S. antitrust ruling provides that Microsoft may not enter into contracts that require any third party to promote Windows or any "middleware" in Windows on an exclusive basis and Microsoft has pledged to continue this.
Ok, so just this one time, we are going to do what we were order to do by the courts. But don't push your luck.
10. Microsoft will make its communications protocols available for commercial release.
We think there's a lot of money to be made here.
11. The company will generally license patents on its operating system invention.
Except to those damn open source folks, we'll make sure the license is way to restrictive for them.
12. The company is committed to supporting industry standards.
We always have. Just ignore the fact that we then extend them to our own liking. And that process usually means we have to break a few parts of the standard.
President Bush effectively blocked a Justice Department investigation of the National Security Agency's warrantless surveillance program, refusing to give security clearances to attorneys who were attempting to conduct the probe, Attorney General Alberto Gonzales said Tuesday.
...
Last week, Specter and the administration agreed on a proposal that would allow Bush to submit the program to the government's secret terrorism and intelligence court for review of its legality.
So, is the government's secret terrorism and intelligence court the same as the Justice Department? This story didn't make it clear, but looking over similar articles, no, they are different. So the president agrees to investigation B and then says that it's better if a bunch of staff members in investigation A aren't granted access. It seems a bit over the top to then say that the president is getting away with the wiretapping unchecked before we know what is happening with the secret terrorism and intelligence court.
While I'm more conservative than most of the vocal slashdot crowd, my concern with the wiretapping is that there isn't a check to make sure it's legal, and that doesn't appear to be happening... yet. In fact, a point made many time in the other articles is:
White House spokesman Tony Snow said the eavesdropping has been subject to legal review every 45 days by senior officials, including Gonzales. "The Office of Professional Responsibility was not the proper venue for conducting" a legal review, Snow said.
For the full, unedited article, it's worth checking the original source:
washington post
I guessing you are talking about the US. While I don't know the amps, homes in the US are powered by two 110V lines that are out of phase. Normal circuits from the breaker box are wired by connecting one 110V line to the ground. The 220V lines that you have for dryers, electric ovens, and so forth, are setup by connecting to the two 110V lines, which, since they are out of phase, make 220V. All you need is to run an outlet from your dryer or from the breaker box to your garage. And if you're spending $80k on a car, the afternoon project for an electrician isn't a big deal.
Luckily I haven't run into any clients that have gone to port level security, but I'm curious how well I'd be supported by those that have already setup such a system. For those that have already done this, how well do you support consultants and vendors that show up with their own laptops preloaded with all their own tools who need access to important servers? Do we have to wait for a network login (likely a domain account) and install some kind of app? What about the ones who's PCs are configured for another companies network and cannot be changed (e.g. we don't have Admin on our own laptop) or if we show up running Linux? Myself, I have root, but it's on linux. So, being independent, I'm wondering if I should include a clause in my contract to cover environments that lock me out.
Large networks tend to be much softer once you are inside the firewall. The biggest selling point tends to be preventing a worm or virus from spreading while you get around to patching everyone's PC. But you could also consider that departements tend to install servers for the group, and the security group doesn't make sure it's hardened if it's not in the DMZ and doesn't contain really important data. But even with all that, there's the liability of people doing things from your network, such as running P2P and serving porn or illegal material. Large networks tend to be much more secure if you only allow locked down PC's on the network that are centrally managed (e.g. users don't have Administrator on machines connected to the network). And when bad things happen, you can know who's responsible so that management can take the appropriate actions.
Companies are already moving things out of the US, only right now it's for cheaper labor and getting closer to natural resources in a few cases. But the more legislation there is, and the more we isolate ourselves, the more the rest of the world will simply surpass the US. The US grew to where it was because of competition with little regulation, and with a few exceptions (things like cell phones without GSM) that's worked in our favor. But the more we block immigrants, restrict the internet, minimum wage, and so forth, the quicker companies will move the jobs elsewhere. The only other option is to get every country to adopt our same standards and restrictions, or to be a worse place to do business, but that's becoming less and less the case. Pretty depressing really.
You got that right, but I prefer the "free as in drugs" metaphor here. They are trying to get you hooked and then charge you for it later. What no one in the industry seems to get is that people will pay for the "free as in speech" type, and there are enough that care to be legal to make it a worthwhile model despite all the piracy. The industry tries so hard to stop the pirates that they turn the legit users into thieves.
As others have said, you should estimate based on similar tasks, and then overestimate before giving that number to management. But there's also something to be said for being honest. Most management types I've dealt with are just fine when you say "I don't know if the application allows us to make that change quickly, so let me do some research and get back to you tomorrow with an educated guess." It helps if every so often you come back to them before the end of the day and say that it was an easy change and you've already finished it. Finally, when working on more than a few things at once, I make sure there's a prioritized list that I'm working from that management is aware of (so they understand why the latest request will take more time) Also, I make sure there's regular progress on one or more high priority items. Management and customers always sleep better when they see forward momentum even if the deadlines slip a little. Spending a week with nothing to show makes them nervous even when things are on time.
The if-then-else with and-or-not is a prerequisite for the rest of the patent, not the patent itself. From the abstract:
A system for applying artificial intelligence technology to data stored in databases and generates diagnostics that are user definable interpretations of information in the database. The diagnostics are stored in a database which can be queried with downdrilling to the associated data which generated the diagnostic. A set of bidirectional links is maintained between selected data items in the first database and the corresponding diagnostics in the second database. The system acts as an information compiler in developing a map of the raw data dimension into the structured dimension of intelligent interpretation of the data in the diagnostic database.
Seeing decision support tools with drill down interfaces on top of raw data (admittedly, never seeing them done right, but that's another topic), I would say that this is no simple import/export tool, nor is it a if-then-else implementation. If it's anything like the tools I've seen in the past, the result is a screen that a manager can look at everything in a high level. Click on a problem area and you get the detail, perhaps split out per month instead of a sum for the full year. Zoom back out from a single month and see how everything was performing in that given month, you get the idea. My guess is that they still haven't figured out how to automatically determine how best to summarize the data, i.e. answering the managers question before they ask it... that would be a pretty good patent.
"Oh sure, so I'll throw away my 25 years in IT, my degrees in math, comp sci, and business, and be a pharmacist. Will that niche still be there after I have completed my studies?"
I'm simply putting out ideas, some of which I've experienced first hand, others I've seen second hand. Your message comes across as one determined to sit back and say that everything is wrong and there is nothing that you can do. If that's truly how you feel, I'd highly recommend "who moved my cheese". It's a quick read, so if you don't want to buy it, stop by B&N, get something to drink, and read it there.
As for if what I said would work in the real world, of course your mileage may vary, but most everything comes from personal experience. I'm an independent consultant after spending several years working with Tivoli (a fairly complex app). I'm frequently asked if my clearance is still active after I worked for a few years with the DoD. And coming out of college, the mid size consulting organization that hired me was happy to send me off to 4 weeks of training and had me shadow some other consultants before sending me off on my own. Times may have changed, but many large companies still provide some kind of training and assign you to a complex app or unknown platform if your salary is low enough and your contract states that you'll pay them back for the training should you leave within X months. For the cost of X months of a lower salary, you get the training, experience, and a few contacts in a niche. Long term job security seems worth several months of scraping by.
Supply and demand are making some significant changes in how we do business because of global economic model vs the US economic model. We've been getting our economy out of sync with the world for far too long and we are seeing the results with the trade deficit, immigrants trying to jump our borders, and jobs moving overseas. I'm sure anyone that has worked with a bankrupt airline or is in the final stages of Detriot's breakdown will tell you, throwing up barriers will only prolong the pain. And unfortunately, there isn't anyone jumping up with a clear solution because there is no clear solution that everyone will like. My best guess is that the peak of the US economy is in our rear view.
One thing that should already be clear to every worker is that you are an expense to your company, not an asset. The best way to make money is to solve problems in a way that the value you bring (cost savings or additional income) is noticeably greater than how much you cost the company. And your cost is significantly more than your salary. Try to factor in the cost of office space, HR, taxes paid by your employer, management requirements, etc. People that do this are the problem solvers, those who see what could be done better, and create the solution, sometimes without any support from their company.
The other option is to find a niche where there isn't enough supply. That includes government work with a clearance, a bunch of positions in health care (I recently discovered that pharmacists have their pick of jobs), and the less popular parts of IT. The less popular parts of IT aren't necessarily bad jobs, they just aren't the rent-a-coder jobs that schools keep trying to fill. Rather it's the people that know a complex application or have lots of experience in a unused platform. I've made a pretty good living off of solving problems with a complex application. The next problem I plan to solve involves a platform that you just don't see that often where the existing solution involves an aging mainframe and expensive proprietary hardware.
Maybe the best advise I can think of would be for everyone stuck in the entitled employee mentality to try shifting your thinking with a few good books: Rich Dad, Poor Dad; Think and Grow Rich; and Who Moved my Cheese.
That's nothing. I'm almost done with my time travel invention that will take you 1 hour into the future in just 60 minutes. It's still in the beta stages, so there's no reverse feature, but hopefully I can find some venture capital with the prototype.
If it's corporate policy not to allow it, then it really isn't a computer problem, but a company policy problem.
Being a consultant, I've seen a wide variety of security policies from my various clients. I've had countless clients that have strict restrictions on where you can get over the network out of concern that you may transmit confidential data, but then let you walk in and out the door with a laptop as you please. That same client provided vpn access for remote support, but blocked ssh over the vpn because that would allow an ftp like (scp) access while leaving telnet open. I've been to places that refused to give me internet access even though it was the prefered way to receive support for their application and the only way to search the knowledge base. I've started on a project with a team of people, and more desktops (not even counting our own laptops) than network jacks. After waiting several weeks for a couple new jacks to be installed with three of us sharing one PC, I gave up and got a cheap network hub (this was several years ago) but was told that it wasn't allowed because they couldn't be sure it hasn't been compromised. I've been places where they wouldn't give me a badge to get in the door and no one was assigned to the front desk, so the unlucky guy sitting by the side door got used to hearing the banging and letting anyone in without any idea of who they were.
Of course, for every bad client, there's one that lets me remotely connect to my home network, makes sure I have a badge with access to everywhere I need to be, and promptly makes a backup and changes the root password before providing me full access to the server that I need to configure. It's all a question of cost of security breach vs cost of security enforcement.
To me, none of these things are worth being upset about. Yes, they are annoying, but it's the clients decision to make things more difficult, and therefore, more expensive. I simply do the best I can with the resources available. Of course it would be nice if the policies considered the threat instead of only the past exploits. Then they would realize that someone trying to carrying a stack of files out the door is no worse than the guy that walked by with the flash drive in his pocket.
Slashdot Mirror
SSH already went through the debate of timing style attacks and came out fine: http://www.ssh.org/company/newsroom/article/204/. Additionally, web forms aren't transmitted until you hit submit. So you need some interractive session to monitor to detect something like this. The article mentions telnet, which, if you're going to sniff to detect packet timing, you might as well watch the packets themselves. When you get into something that is encrypted and interractive, wouldn't there be enough random jitter from the encrypting and other data, like mouse position updates when you have remote GUI's, to make this very difficult without creating so much jitter to be obvious to the user that the keyboard is screwed up?
Implementation wise, the article lacked detail, so it's time to guess what's involved. You can't simply add a fixed number of ms to each key. What you need to do is have a timer that you are always offsetting from. Otherwise, the time that the user takes to type a key would be added on to the keystroke jitter, making it useless. Say you only watch 90 keys, giving you up to 90X, where X is some measurable time. The timer would also need to be 90X, meaning that you really have a maximum possible delay of 180X. With a CPU context switch (this is an interactive user), encryption processing, and physical network delays, I'm guessing that X would have to be several ms to be detectable. That would make the maximum time, even with only a 3ms X, over a half second in the worst case, which a user will certainly notice. Of course you can reduce the number of keys that you monitor, I picked 90 because it made the math easy and eliminated the F1-F12 keys. But anything over a couple 1/10s of a second will be noticable.
And Nova was talking about it back in 2003: http://www.pbs.org/wgbh/nova/archimedes/
Of course they hadn't started with the X-Rays at that point.
- It's outdoors
- It's electrical
- You probably have a garden hose
Just try not to electrocute yourself in the process, ok? And it wouldn't hurt to wait for the old fart to leave so that the evidence has dried up. Odds are that if it's a decent outdoor outlet, the GFI will pop. And if it's not so decent, or non-existent, the circuit breaker will trip eventually.It won't be long before someone finds a while to build a targeted virus for these machines that changes the counters on that machine and all other machines it can reach on the network. And I won't be surprised when it's as simple as inserting one of those cards in the front of the machine and is done while the hacker is given privacy to cast their vote. The only question is if someone is good enough to do that, will we be good enough to find out, especially if the virus/worm is only memory resident so there aren't any traces.
I agree that non-violence is the best solution, but only when it's a feasible solution. Non-violence works well when your opposition tries to fight you with laws, scare tactics, and non-lethal violence. When the opposition desires to kill every one of your kind and eliminate you from the earth, there really isn't a good non-violent solution.
As for a good solution, well, there isn't one. The US is way too involved in a religious/holy war with the Jewish and Muslim groups. There are extremists on each side that believe the other is invading "their land" and will continue the conflict to the death. No peace talks, cease fires, or other "can't we all just get along" attempts will end that problem. The best solution is to stop supporting Israel, claim that we need to exercise our separation of church and state, and let everyone fend for themselves. We are still going to have a strained relationship with any Arab population for a long time to come, but the less we fuel the fire, the better.
I wish I could find the original quote, but it went along the lines of:
When the laws become so complex that people cannot understand them, the people are no longer free.
The trend is getting more disturbing these days. I grew up with the believe that police were there to protect and serve. I'm not quite sure who they are protecting now. The sad truth is that if police weren't harming the innocent, there wouldn't be so many loopholes that the guilty can use to get off the hook.
And something else to ponder, if a law against cell phone pictures of police were passed yesterday, would you know (assuming the media didn't pick up on it)? Are we really free when the people making the rules have no responsibility to inform the public of those new rules. Yes, I'm aware that they are made available for the public to view, but the lawmakers are well aware that the public doesn't have the time, nor the ability to comprehend, everything that is made into law. So we are left with a world where getting arrested is based on whether the police like you, and how much money you have to pay the lawyers. The same thing applies to paying your taxes.
I just say that linux on my machine doesn't have that problem, so I don't know why they are having that problem. They usually keep asking, in hopes that I'll get annoyed enough to take a look, but I keep giving the same answer. If they keep pushing, I reason that it's probably spyware, a virus, a windows bug, or a bad program, none of which I know about because I spend all my time tweaking linux instead of learning windows oddities. I don't ask them to fix my linux machine because they wouldn't know what they are doing, so why should they expect me to give good help on a windows box?
There are a few people that I try to help, but they keep their requests to a minimum and invite me over to bbq's. The other people you may consider helping are those that can help you in some way, working out a "scratch your back if you scratch mine" type of deal. But when it's someone looking for free advice, playing dumb is the best thing I can suggest.
Also, the other reason they get uncomfortable is because they are trying to move all of the public services to private companies. So, the logic goes, you wouldn't want to handcuff the organizations that you are trying to move the power towards, would you?
As for my beef with the Libertarians, it's that the only ones that ever run in my region are the extremist that want to get rid of public education and privatize all the roads, among other things. I'll cast a vote for them when I know my vote is wasted no matter who I vote for, but only to send a signal to the major politicians that their base is splintering and they need to stop pushing the wedge issues. If a Libertarian is ever going to have a chance, they need to move to toward the center and realize that small government doesn't mean a non-existent government, and we still need something to maintain a basic quality of life.
As for the Democrats and Republicans, they have all gone corrupt. It's all about the lobbyist and corporate interests. Candidates only work with the people when they see that it will help them get reelected. Considering all the redistricting and corrupt campaign finances, those in power never intend to give it up. They designed a system that is stacked against true third party competition (otherwise, we would see something like a ranked ballot). When we can only replace one bad politician with another, the government is free to run off against the peoples will and only shift direction slightly based on some pre-selected wedge issue (how is it that immigration reform suddenly became a crisis?).
This isn't rocket science, so I would avoid hiring a professional or using one that works off of commissions. If you have a good friend (that's not in college), getting some free advice won't hurt. Here's the process in a nut shell:
1. Avoid credit card debt. If you have any, pay it off. If you can pay off your card every month, then use it, you'll build a nice credit history and get have no problem getting that first apartment. If you can't, lock it away (either in a freezer or cut into pieces) and get a debit card instead. You're better off not closing the account if there's no annual fee since they base your credit rating partially off of how long you've had your accounts open.
2. Save your emergency stash. This is what you're really asking about right now. I recommend this after fixing any credit card problems because credit card interest is pretty bad. And should you get in a jam without an emergency stash, you could go back to your credit cards, but lets hope that doesn't happen. For working folks, this is 3-6 months of expenses to get you through a layoff. For you, you have to plan to get through college, possibly move, get business attire and other necessities, and then find that first job, so start figuring how much you might need for that. This money should be very liquid and not at risk, so something like an ING Orange or CD would be pretty good, or feel free to find higher rate alternatives.
3. With those done, you are really comparing interest rates and risk. The stock market usually returns somewhere in the 6-10% range, but you may have to stay in for 5-10 years for the bumps to average out. When you invest in individual companies, be prepared to lose all of that money because you never know when the next Enron will appear. For example, say you think there's a 25% chance you'll lose 0-20% or more, a 50% chance you'll make between 0-10%, and a 25% chance you'll make more than 10% in the 2-4 year horizon you have set (before your loans start coming due). Do the math to see if it's worth the risk, and check your gut to see if you could stomach the worst option. If you don't believe there's enough upside to beat the 95% chance you'll make 5% in saving or CD, then there's no reason to play the market. Finally, consider any loans or other debt, and determine if you can do better investing your money than you could just by paying off that debt to avoid the interest. If you are determined to go with the stock market, but don't know exactly what you are doing, go with a no-load, low expense ration index fund. Vanguard and Fidelity both come to mind. Avoid the latest fads (.e.g gold, oil, realestate/reits) since by the time you are ready to cash in, the fad will be over.
And finally, I'd recommend Suze Orman (she's on CNBC, has a few of books, and also does PBS fund raisers) and the Motley Fool for the beginners advice. After you get those under your belt, consider moving up to the wall street classics and some of the higher risk folks (the random walk, think and grow rich, robert kiyosaki, and so on). Also, while you're just figuring things out, start watching your credit report. It's free and will hopefully have you making smarter decisions when you know how your score could be effected.
And we can get past all that antitrust litigation.
Oh, we forgot to mention the entire open source movement and anything they happen to create. Them and Google. Oh, and Apple. Um... how about if we just limit this to companies we can buy or crush?
Again with the antitrust thing. Of course there's nothing saying you won't buy or destroy the other company, retaliation is completely different.
#$%$^ EU.
Wait, didn't we just say no retaliation? Oh, you meant retaliation against them? Ok, them too.
We had this cool system all ready to go, but the marketing dept said they couldn't find a good way to sell it without pissing off the anti-trust folks.
Ok, so just this one time, we are going to do what we were order to do by the courts. But don't push your luck.
We think there's a lot of money to be made here.
Except to those damn open source folks, we'll make sure the license is way to restrictive for them.
We always have. Just ignore the fact that we then extend them to our own liking. And that process usually means we have to break a few parts of the standard.
So, yeah, nothing to see here folks. Move along.
While I'm more conservative than most of the vocal slashdot crowd, my concern with the wiretapping is that there isn't a check to make sure it's legal, and that doesn't appear to be happening... yet. In fact, a point made many time in the other articles is: For the full, unedited article, it's worth checking the original source: washington post
I guessing you are talking about the US. While I don't know the amps, homes in the US are powered by two 110V lines that are out of phase. Normal circuits from the breaker box are wired by connecting one 110V line to the ground. The 220V lines that you have for dryers, electric ovens, and so forth, are setup by connecting to the two 110V lines, which, since they are out of phase, make 220V. All you need is to run an outlet from your dryer or from the breaker box to your garage. And if you're spending $80k on a car, the afternoon project for an electrician isn't a big deal.
Luckily I haven't run into any clients that have gone to port level security, but I'm curious how well I'd be supported by those that have already setup such a system. For those that have already done this, how well do you support consultants and vendors that show up with their own laptops preloaded with all their own tools who need access to important servers? Do we have to wait for a network login (likely a domain account) and install some kind of app? What about the ones who's PCs are configured for another companies network and cannot be changed (e.g. we don't have Admin on our own laptop) or if we show up running Linux? Myself, I have root, but it's on linux. So, being independent, I'm wondering if I should include a clause in my contract to cover environments that lock me out.
B: Proactive Security
Large networks tend to be much softer once you are inside the firewall. The biggest selling point tends to be preventing a worm or virus from spreading while you get around to patching everyone's PC. But you could also consider that departements tend to install servers for the group, and the security group doesn't make sure it's hardened if it's not in the DMZ and doesn't contain really important data. But even with all that, there's the liability of people doing things from your network, such as running P2P and serving porn or illegal material. Large networks tend to be much more secure if you only allow locked down PC's on the network that are centrally managed (e.g. users don't have Administrator on machines connected to the network). And when bad things happen, you can know who's responsible so that management can take the appropriate actions.
Companies are already moving things out of the US, only right now it's for cheaper labor and getting closer to natural resources in a few cases. But the more legislation there is, and the more we isolate ourselves, the more the rest of the world will simply surpass the US. The US grew to where it was because of competition with little regulation, and with a few exceptions (things like cell phones without GSM) that's worked in our favor. But the more we block immigrants, restrict the internet, minimum wage, and so forth, the quicker companies will move the jobs elsewhere. The only other option is to get every country to adopt our same standards and restrictions, or to be a worse place to do business, but that's becoming less and less the case. Pretty depressing really.
You got that right, but I prefer the "free as in drugs" metaphor here. They are trying to get you hooked and then charge you for it later. What no one in the industry seems to get is that people will pay for the "free as in speech" type, and there are enough that care to be legal to make it a worthwhile model despite all the piracy. The industry tries so hard to stop the pirates that they turn the legit users into thieves.
It was an external harddrive that they were searching for, and presumably found, separate from the laptop:
http://www.wtop.com/?sid=813030&nid=25
As others have said, you should estimate based on similar tasks, and then overestimate before giving that number to management. But there's also something to be said for being honest. Most management types I've dealt with are just fine when you say "I don't know if the application allows us to make that change quickly, so let me do some research and get back to you tomorrow with an educated guess." It helps if every so often you come back to them before the end of the day and say that it was an easy change and you've already finished it. Finally, when working on more than a few things at once, I make sure there's a prioritized list that I'm working from that management is aware of (so they understand why the latest request will take more time) Also, I make sure there's regular progress on one or more high priority items. Management and customers always sleep better when they see forward momentum even if the deadlines slip a little. Spending a week with nothing to show makes them nervous even when things are on time.
"Oh sure, so I'll throw away my 25 years in IT, my degrees in math, comp sci, and business, and be a pharmacist. Will that niche still be there after I have completed my studies?"
I'm simply putting out ideas, some of which I've experienced first hand, others I've seen second hand. Your message comes across as one determined to sit back and say that everything is wrong and there is nothing that you can do. If that's truly how you feel, I'd highly recommend "who moved my cheese". It's a quick read, so if you don't want to buy it, stop by B&N, get something to drink, and read it there.
As for if what I said would work in the real world, of course your mileage may vary, but most everything comes from personal experience. I'm an independent consultant after spending several years working with Tivoli (a fairly complex app). I'm frequently asked if my clearance is still active after I worked for a few years with the DoD. And coming out of college, the mid size consulting organization that hired me was happy to send me off to 4 weeks of training and had me shadow some other consultants before sending me off on my own. Times may have changed, but many large companies still provide some kind of training and assign you to a complex app or unknown platform if your salary is low enough and your contract states that you'll pay them back for the training should you leave within X months. For the cost of X months of a lower salary, you get the training, experience, and a few contacts in a niche. Long term job security seems worth several months of scraping by.
Supply and demand are making some significant changes in how we do business because of global economic model vs the US economic model. We've been getting our economy out of sync with the world for far too long and we are seeing the results with the trade deficit, immigrants trying to jump our borders, and jobs moving overseas. I'm sure anyone that has worked with a bankrupt airline or is in the final stages of Detriot's breakdown will tell you, throwing up barriers will only prolong the pain. And unfortunately, there isn't anyone jumping up with a clear solution because there is no clear solution that everyone will like. My best guess is that the peak of the US economy is in our rear view.
One thing that should already be clear to every worker is that you are an expense to your company, not an asset. The best way to make money is to solve problems in a way that the value you bring (cost savings or additional income) is noticeably greater than how much you cost the company. And your cost is significantly more than your salary. Try to factor in the cost of office space, HR, taxes paid by your employer, management requirements, etc. People that do this are the problem solvers, those who see what could be done better, and create the solution, sometimes without any support from their company.
The other option is to find a niche where there isn't enough supply. That includes government work with a clearance, a bunch of positions in health care (I recently discovered that pharmacists have their pick of jobs), and the less popular parts of IT. The less popular parts of IT aren't necessarily bad jobs, they just aren't the rent-a-coder jobs that schools keep trying to fill. Rather it's the people that know a complex application or have lots of experience in a unused platform. I've made a pretty good living off of solving problems with a complex application. The next problem I plan to solve involves a platform that you just don't see that often where the existing solution involves an aging mainframe and expensive proprietary hardware.
Maybe the best advise I can think of would be for everyone stuck in the entitled employee mentality to try shifting your thinking with a few good books: Rich Dad, Poor Dad; Think and Grow Rich; and Who Moved my Cheese.
That's nothing. I'm almost done with my time travel invention that will take you 1 hour into the future in just 60 minutes. It's still in the beta stages, so there's no reverse feature, but hopefully I can find some venture capital with the prototype.
If it's corporate policy not to allow it, then it really isn't a computer problem, but a company policy problem.
Being a consultant, I've seen a wide variety of security policies from my various clients. I've had countless clients that have strict restrictions on where you can get over the network out of concern that you may transmit confidential data, but then let you walk in and out the door with a laptop as you please. That same client provided vpn access for remote support, but blocked ssh over the vpn because that would allow an ftp like (scp) access while leaving telnet open. I've been to places that refused to give me internet access even though it was the prefered way to receive support for their application and the only way to search the knowledge base. I've started on a project with a team of people, and more desktops (not even counting our own laptops) than network jacks. After waiting several weeks for a couple new jacks to be installed with three of us sharing one PC, I gave up and got a cheap network hub (this was several years ago) but was told that it wasn't allowed because they couldn't be sure it hasn't been compromised. I've been places where they wouldn't give me a badge to get in the door and no one was assigned to the front desk, so the unlucky guy sitting by the side door got used to hearing the banging and letting anyone in without any idea of who they were.
Of course, for every bad client, there's one that lets me remotely connect to my home network, makes sure I have a badge with access to everywhere I need to be, and promptly makes a backup and changes the root password before providing me full access to the server that I need to configure. It's all a question of cost of security breach vs cost of security enforcement.
To me, none of these things are worth being upset about. Yes, they are annoying, but it's the clients decision to make things more difficult, and therefore, more expensive. I simply do the best I can with the resources available. Of course it would be nice if the policies considered the threat instead of only the past exploits. Then they would realize that someone trying to carrying a stack of files out the door is no worse than the guy that walked by with the flash drive in his pocket.