I suspect you got modded down by someone who profits from outsourcing on the buyer's side. The CIO who chooses outsourcing often gets some nifty perks and -- best of all -- a happy landing if he/she gets fired when the outsourcing strategy goes into epic fail mode. In the short run, it scores brownie points with CFO and CEO types while maintaining one's membership in the executive golf committee. When things go wrong, a smart executive knows how to get paid for failure. I know of several CIOs who bungled major outsourcing initiatives. Each of them landed a job with the outsourcer or a nifty promotion to another company where the same outsourcer already had a big presence. Nothing can propel your career like a well-managed failure. There is money to be made by properly managing a cycle of fail.
Below the executive level, you have the entire food chain of outsourced employees, who do the same jobs that conventional employees did before. Remember that many companies have dreadful salary scales for IT. In a past life, I had arguments with my HR department's treatment of IT positions. In many cases, they "require" a BSCS or above, while offering a salary less than an executive secretary. Sometimes outsourcing is the only way a company will allow itself to get a halfway intelligent person to work in IT. The stereotype is that good paying jobs are cut and cheapie temps take over. Employers love the concept, but reality can be a different story. The temp jobs are not always temporary and the hourly rates can be several times what a "permanent" employee would cost. But you won't find that in the brochure.
And lets not forget the additional people who work in the overhead departments of outsourcers. You have accounting people, a large well-paid sales department, and various executives that form the basis of a corporate management team that would not even exist if companies managed IT internally. If any of them are reading your post, they'll mod it down too!
Sometimes employees get screwed by outsourcing, but at least half the time it's the customer who gets fleeced. If you can't be part of the solution, there is money to be made by prolonging the problem.
RHEL support fees don't work for me, but I am OK with waiting for CentOS. I don't need cutting-edge Linux, just a distro that doesn't choke on a tarball. For those things that truly need to be absolutely current, I'll go get the source code and install the old fashioned way.
MS gets a token payment from Casio in exchange for discounts and freebies on MS products. It wouldn't be the first time a company offered $2 of free stuff for a $1 "purchase" of a patent license. As I recall, SCO was bundling Linux "licenses" into a variety of unrelated contract matters and calling it a "sale".
Given the unwillingness of MS to identify (much less litigate) these mysterious patents, the salesmanship must be very creative.
I agree with part of what you say. The market cannot consist entirely of day traders using the same system. Fortunately, this is not the case.
It all depends on which stock symbols you choose to track. Some stocks are lightly traded, and MANY stocks have lightly traded options. When a stock all of a sudden has option activity 100x normal volume, something is up even if (especially if) the underlying stock hasn't moved yet.
The more heavily traded the stock, the more you find hedge funds and other professionals who might be trading on factors other than insider knowledge. I think low volume stocks are more predictable by watching the options data, but not everyone agrees.
Not every stock lends itself to this kind of automated analysis, and not every big options transaction is the result of insider trading. But if you pick the right stocks to watch, there is a better than random chance that the stock will move in the direction indicated by the options data.
Insider trading regulations are designed so that shareholders are treated fairly (relative to each other) as far as access to information is concerned. As long as the decision to exit the hardware market was kept confidential, no problem. If insiders (or people with access to insiders) traded HP stock with advance knowledge of the plan, that's a different story.
With enough degrees of deniability, it's possible that someone traded HP stock based on 3rd or 4th hand information, at which point they acted on speculation that 3rd or 4th hand information was accurate. Very little can be done about that, and it happens more often than you think.
As a Slashdotter, you may be thinking, "Who cares about HP? How can I profit from insider shenanigans without being an insider and risking the wrath of the SEC?"
1. Monitor the options trading activity for a limited number of stock symbols where you suspect insider trading.
2. Build a database that is continuously updated with both option and stock pricing and volume.
3. Watch for a condition in which options activity and volume moves out of sync with the underlying stock. This doesn't prove insider trading, but if insiders are going to cheat, this is the easiest way for them to make a quick buck.
4. Use the options activity as a leading indicator on the stock.
5. Profit!!!!
I am not a financial advisor. This is not financial advice. Your actual mileage may vary.
The path to counterfeit routers might involve surplus or QA-reject circuit boards, populated with surplus or QA-reject parts, assembled by low-cost electronics workers from the toy industry. The Chinese are unlikely to throw away ANYTHING that can be assembled into a marketable product. My guess is the cheap/counterfeit routers were supposed to end up on the domestic Chinese market, but somebody discovered they could get more for them in the US.
If the goal was espionage, it would make more sense to retrofit the REAL product so there would be no quality issues. Since any communications worth stealing would probably be encrypted before it hits the router, I think they could get a lot more mileage out of spyware on PCs and laptops.
If your approach to the competition requires a different/better operating system than they have, it's an uphill battle to hit critical mass with apps and THEN try and persuade customers that your OS is so superior they should abandon the "safe bets" of IOS and Android.
There is a great reward for introducing an exclusive, nifty OS that gets the job done and is loved by everyone. Problem is, most who try this approach will see their product end up on the "island of misfit toys".
There is more to terrorism than begging for attention. Yes, that's part of the incentive, but the terrorists don't get much of an advantage no matter how much attention they get. From the terrorists' point of view: "OK, now what?"
Terrorism is an industry; a relatively unstructured mercenary program. Unemployment is sky-high throughout the middle east and has been for decades. Young males in particular have a lot of anger about their perpetual unemployment. A variety of special interests have enemies they would like to see attacked in various ways, and lots of young people need something to do. Understanding terrorism is as simple as understanding supply and demand.
Before his jihad against the US, OBL was busy fighting the Soviets in Afghanistan. Since the Soviets invaded Afghanistan on their own, OBL's band of merry marauders was quickly funded by a plethora of interests (US and Muslim). The entire shift in strategy for OBL was necessary because with the Soviets gone, business was bad. Nobody was going to fund anti-Soviet fighters in Afghanistan if the Soviets were gone. They were going to fight someone as soon as a new client stepped forward with a target in mind. Speculate as much as you want about who OBL's client is, but the targets are obvious. For the right amount of money, these guys could be easily flipped against their clients. Problem is, they are just going to flip back someday when the money runs out. So the appropriate response is to tag 'em, bag 'em, and dump overboard.
You have a good point about the standard of proof in a civil case such as copyright. But if IP address is central to identifying the defendant and the defense manages to demonstrate the ability to morph their IP address at will, the level of certainty won't be anywhere near 50%.
If other factors contribute to circumstantial evidence (e.g. the file in question exists on the defendant's computer), the plaintiff can certainly try to rebuild the case without the IP address. If the flawed IP "evidence" is the justification to search a computer, it would not be easy to challenge the results of the search even if the defense undermines the basis for searching the computer in the first place. That's where your 50.001% fits in.
I wouldn't rely on undermining the validity of an IP address to get away with doing illegal things. Not everyone can skate away from trouble like Casey Anthony and OJ Simpson. But if a case against me depends entirely on an IP address that is literally up for grabs when my equipment is turned off, that's another story.
I agree that modern network hardware can be configured to prevent IP address swapping. But implementing such a tamper-resistant configuration requires modern hardware and competent admins -- at a cable ISP. I have no doubt such things exist, but in my experience they are in short supply.
You underestimate the gap between what you know is technically possible and what others have the aptitude or willingness to do. For years, people have been insisting that static IP addresses guessing is impossible. And for years they have been wrong. Some day we might have automatic rock-solid defenses against such a thing. But until that day comes, I will assume the worst.
I did not intend to offer a tutorial on how to play musical chairs with IP addresses, but anyone with basic networking skills can find the necessary tools to evaluate the risk on their network. Even if you have no intention of playing games with your IP address, it's worth knowing whether or not you could be the target of a false accusation when someone else decides to borrow your address. Depending on the capabilities of your ISP, it might work. Or it might not.
That database of address assignments is essentially a DHCP log file. And if the ONLY way to get a working address was via DHCP, it would be an accurate record. But that is not always the case. Although I have no doubt the ISPs _think_ they have records that explain all of the addresses on their network, the senior techs know better. The method I described in the parent post would allow a user onto the network in such a way that DHCP records are meaningless.
The MAC address might be a bit tricky, but remember that many routers allow you to override the MAC address, just as you can override the IP address.
Whether or not juries are taking ISP-provided DHCP records as absolute proof of identity, it is possible to destroy the credibility of DHCP logs on a cable modem network. With a trivial amount of work, you can get your computer to quietly assume an IP address that was not assigned (or logged) by DHCP.
And if I put a wireless router on my LAN behind the PPPoE login?
Back to square 1.
Not really. No matter how many PCs you have on your LAN and no matter how they are connected to your router, outgoing traffic from your router hits the Internet with the IP address of the WAN port of your router. When your router logs in via PPPOE, it identifies you when it picks up an IP address as the result of a session that identified your ISP account. You might be able to play games with that address, but I suspect your session will drop.
You could claim the traffic in question came from unauthorized clients connecting illegally to your LAN, but that involves claiming that your wireless was either unencrypted or hacked. You might (or might not) get sympathy with that argument. Certain routers have a nasty bug in which they spontaneously reset to factory default (zero security) settings. Or you could just play dumb... "I didn't realize other people could use my wide-open Wifi connection". Somewhere in between is WEP security. It proves an attempt on your part to establish a secure network, but the tools to hack WEP are readily available and very little skill is necessary. And yet the WEP option remains available on most routers because legacy Wifi cards may not support any other encryption protocol.
Why should anyone pay taxes to a government that provides no service or (even worse) grants no voting rights to the taxpayer? Does "taxation without representation" ring a bell?
Two Supreme Court decisions (mentioned throughout this thread) resolve the issue quite clearly. States' arguments in favor of collecting sales tax involve proving a physical nexus. Not necessarily a corporate headquarters, any physical presence will do. This generally requires a building or employees whose work environment is in the state.
Amazon has been able to dodge this in a various states by threatening to leave. When a state claims that Amazon's in-state affiliates constitute a physical nexus for tax purposes, Amazon terminates all the affiliates in that state. At the outer fringe of anti-tax logic, Amazon might have a warehouse in a state whose purpose is shipping to the OTHER 49 states, thus it serves no function in the state in which it is located. That's a questionable argument, but combined with a threat to leave, they might get away with it.
For those states in which Amazon has no physical nexus, I applaud them for not caving in to money-hungry state governments that offer nothing in return. In the other cases, I hope they relocate to states with no sales tax.
If Amazon uses that one-year grace period to get out of California, it just might work.
In 1967, the U.S. Supreme Court determined in Bellas Hess v. Illinois that states could not require companies without either property or employees in the state to collect sales and use tax – in other words, companies needed a physical nexus. The 1992 Supreme Court Case Quill v. North Dakota then reaffirmed the principle that a company must have a substantive nexus in order for the state to require the company to collect sales taxes.
Get rid of the physical nexus, and the sales tax disappears. There are a few states with no sales tax. If Amazon relocates their warehouses and office to only those states, they can ship all over the US with impunity.
That's why Heathkit is a good idea. If nothing else, it lets kids learn about electronics via practical examples. There a few other electronic kits out there, but Heathkit was always the gold standard.
Although this is won't work with DSL because of PPOE login, with a cable modem your IP address is not proof of anything.
Why? DHCP is not the only game in town. On many networks, you can take a DHCP-assigned address and determine the appropriate subnet mask, default route, and DNS server. But nothing really stops you from manually overriding the IP address, as long as you choose one in the same subnet that happens to be unused at the moment. The ISP can make this a little more difficult by remembering the MAC address associated with each address, but there are workarounds for that too.
I became aware of this when my cable modem stopped working and the support technician discovered that my IP address was in use from someplace other than my house. In those days, all addressing was static. Some other customer had inadvertently (or deliberately) assumed my IP address. The tech gave me a new address assignment and everything worked. So whoever hijacked my IP address left the audit trail pointing to ME. The hijacker was (from an IP address perspective) invisible.
That's the closest thing I have seen to a plausible answer. There are some sleazy companies that I know for a fact had a lengthy BBB rap sheet, and now they are mysteriously sanitized.
I guess the concept of an owner promoting his business through bogus, self-congratulatory reviews is older than the Internet.
Re:Not highly confident in Zagat ratings
on
Google Acquires Zagat
·
· Score: 3, Insightful
A successful restaurant owner does not volunteer for these "makeover" shows. If you have customers, the last thing you want is a TV crew taking up space. If your place is packed, advertising won't help. Although many of the owners have claimed the show manufactured drama, a lot of what they show would hard to create just for the camera -- unless of course it was there already. How many restaurant owners are likely to admit the findings are accurate? In the cases where the TV chef sends in a cleaning crew to address years of unsanitary kitchen conditions, it's hard to believe they brought in years of grease buildup.
I understand there are some restaurant owners who think their only problem is marketing, so free TV publicity is all they think they need. But I know of some great restaurants that are always packed. Their success is pretty much self-sustaining (even with zero advertising) as long as customer satisfaction is high. Sooner or later something happens to break the cycle and a downward spiral begins. Very rarely is a restaurant failing due to a sudden lack of advertising.
I watch some of those "failing restaurant" shows: Kitchen Nightmares, Restaurant Impossible, etc.
MANY of those places have Zagat stickers in the windows, often with good ratings. And yet their businesses are dying and the TV chefs think the food is awful. Customers are scarce, so there must be a reason. Some of the problems with food quality and cleanliness might be overstated for shock value, but it never looks like the TV chef has to try very hard to find problems.
What's up with all of these Zagat-rated disaster restaurants? Does anyone on Slashdot know what's going on?
"You say that is if IT asked for SOX, HIPAA, PCI, etc along with all of the script-kiddies (and professional hacker networks) that are actively looking for vulnerabilities. IT engineers a network that meets compliance regulations because they *have* to, not because they thought it might be a fun thing to do. After a few SaaS providers are hacked, it will be interesting to see what kind of responsibility the customer has for the hack even if they made sure that the provider had all of the right certifications."
Nobody at the lower levels of IT asked for SOX,etc. but there were plenty of useful idiots in IT management who bought into this stuff. Meanwhile, information leaks pretty much at will. You can have a 64-character random password that changes every 12 hours, but one disgruntled employee will leak the client list faster than you can say "audit compliance report". Ironically, the number of disgruntled employees is higher than it would be without all of this TSA-style security.
I'm more than a little tired of newbies who think the attacks are coming from the outside in the form of script kiddies and port scans. The attacks are coming from the INSIDE, by fully authorized users who face little if any opposition. The absolute HIGHEST RISK is the disgruntled worker who fears being outsourced and keeps a nifty supply of sensitive material on a USB drive. Ironically, the IT workers who build these "secure enterprise networks" are among the biggest security threats.
"If your kid's facebook page is hacked, no one cares except them. If your hospital lets your health records leak out, they can face large fines, and if it was a egregious violation, individuals can face personal fines and criminal charges."
I've seen a lot more corporate applications hacked than Facebook pages. Especially when rent-a-hack developers leave privileged usernames and passwords in plain text files on the web server. Somehow the corporate security audit missed that one. Score one for Facebook.
"Unless your kids are hosting their own email server, your household budget *does* include an email administrator, you're just paying it to your ISP (or through trading off some privacy and pageviews to an ad-supported email provider)"
Have you ever heard of Gmail with a POP3 client? Sheesh.
"This may come as some surprise to you, but maintaining an enterprise network of 500 desktops is different then a single desktop - a college student can spend 2 hours of his own time recovering from a virus infection, doing that across 500 desktops with 2 helpdesk staff would take over 2 months."
This may come as a surprise to you, but my 2 kids and 498 of their colleagues have the same number of computers as your "enterprise network of 500 desktops". They accomplish more of what they set out to do than the average corporate employee -- with a lot less BS. Although your hypothetical 500 infected desktops might take a helpdesk a few man-months to re-image, would't it be cheaper to buy MacBooks and fire the helpdesk?
The average corporate IT department has ALREADY degraded to the level of TSA; more interested in "compliance" than business success. At some point, the pendulum has to swing back the other way -- cutting the costs imposed by all of these policies and self-important police. By that time, I think we will have a "bring your own" mentality towards desktop hardware, just as mechanics are expected to supply their own tools. Instead of buying servers (or even cloud-based virtual servers), corporate IT will buy complete applications whose server-side infrastructure is vendor-supplied. Mandatory stupidity and shortsighted cost control have pretty much killed off the ability to handle IT any other way.
The future model of IT is what home users and especially college students are doing right now. My KIDS have less computer downtime than the average corporate IT worker, and our household budget does NOT include an e-mail administrator or desktop support.
Slashdot Mirror
I suspect you got modded down by someone who profits from outsourcing on the buyer's side. The CIO who chooses outsourcing often gets some nifty perks and -- best of all -- a happy landing if he/she gets fired when the outsourcing strategy goes into epic fail mode. In the short run, it scores brownie points with CFO and CEO types while maintaining one's membership in the executive golf committee. When things go wrong, a smart executive knows how to get paid for failure. I know of several CIOs who bungled major outsourcing initiatives. Each of them landed a job with the outsourcer or a nifty promotion to another company where the same outsourcer already had a big presence. Nothing can propel your career like a well-managed failure. There is money to be made by properly managing a cycle of fail.
Below the executive level, you have the entire food chain of outsourced employees, who do the same jobs that conventional employees did before. Remember that many companies have dreadful salary scales for IT. In a past life, I had arguments with my HR department's treatment of IT positions. In many cases, they "require" a BSCS or above, while offering a salary less than an executive secretary. Sometimes outsourcing is the only way a company will allow itself to get a halfway intelligent person to work in IT. The stereotype is that good paying jobs are cut and cheapie temps take over. Employers love the concept, but reality can be a different story. The temp jobs are not always temporary and the hourly rates can be several times what a "permanent" employee would cost. But you won't find that in the brochure.
And lets not forget the additional people who work in the overhead departments of outsourcers. You have accounting people, a large well-paid sales department, and various executives that form the basis of a corporate management team that would not even exist if companies managed IT internally. If any of them are reading your post, they'll mod it down too!
Sometimes employees get screwed by outsourcing, but at least half the time it's the customer who gets fleeced. If you can't be part of the solution, there is money to be made by prolonging the problem.
RHEL support fees don't work for me, but I am OK with waiting for CentOS. I don't need cutting-edge Linux, just a distro that doesn't choke on a tarball. For those things that truly need to be absolutely current, I'll go get the source code and install the old fashioned way.
the purpose of attackwatch.com
But they forgot to leave a way to upload pictures of the targets to be terminated. Oops.
MS gets a token payment from Casio in exchange for discounts and freebies on MS products. It wouldn't be the first time a company offered $2 of free stuff for a $1 "purchase" of a patent license. As I recall, SCO was bundling Linux "licenses" into a variety of unrelated contract matters and calling it a "sale".
Given the unwillingness of MS to identify (much less litigate) these mysterious patents, the salesmanship must be very creative.
I agree with part of what you say. The market cannot consist entirely of day traders using the same system. Fortunately, this is not the case.
It all depends on which stock symbols you choose to track. Some stocks are lightly traded, and MANY stocks have lightly traded options. When a stock all of a sudden has option activity 100x normal volume, something is up even if (especially if) the underlying stock hasn't moved yet.
The more heavily traded the stock, the more you find hedge funds and other professionals who might be trading on factors other than insider knowledge. I think low volume stocks are more predictable by watching the options data, but not everyone agrees.
Not every stock lends itself to this kind of automated analysis, and not every big options transaction is the result of insider trading. But if you pick the right stocks to watch, there is a better than random chance that the stock will move in the direction indicated by the options data.
Insider trading regulations are designed so that shareholders are treated fairly (relative to each other) as far as access to information is concerned. As long as the decision to exit the hardware market was kept confidential, no problem. If insiders (or people with access to insiders) traded HP stock with advance knowledge of the plan, that's a different story.
With enough degrees of deniability, it's possible that someone traded HP stock based on 3rd or 4th hand information, at which point they acted on speculation that 3rd or 4th hand information was accurate. Very little can be done about that, and it happens more often than you think.
As a Slashdotter, you may be thinking, "Who cares about HP? How can I profit from insider shenanigans without being an insider and risking the wrath of the SEC?"
1. Monitor the options trading activity for a limited number of stock symbols where you suspect insider trading.
2. Build a database that is continuously updated with both option and stock pricing and volume.
3. Watch for a condition in which options activity and volume moves out of sync with the underlying stock. This doesn't prove insider trading, but if insiders are going to cheat, this is the easiest way for them to make a quick buck.
4. Use the options activity as a leading indicator on the stock.
5. Profit!!!!
I am not a financial advisor. This is not financial advice. Your actual mileage may vary.
I guess banner ads are not enough.
I never said it was a GOOD plan.
The path to counterfeit routers might involve surplus or QA-reject circuit boards, populated with surplus or QA-reject parts, assembled by low-cost electronics workers from the toy industry. The Chinese are unlikely to throw away ANYTHING that can be assembled into a marketable product. My guess is the cheap/counterfeit routers were supposed to end up on the domestic Chinese market, but somebody discovered they could get more for them in the US.
If the goal was espionage, it would make more sense to retrofit the REAL product so there would be no quality issues. Since any communications worth stealing would probably be encrypted before it hits the router, I think they could get a lot more mileage out of spyware on PCs and laptops.
I can see the benefit of a backup plan in case Google gets petulant. For most of the industry, the backup plan is Windows Mobile.
If your approach to the competition requires a different/better operating system than they have, it's an uphill battle to hit critical mass with apps and THEN try and persuade customers that your OS is so superior they should abandon the "safe bets" of IOS and Android.
There is a great reward for introducing an exclusive, nifty OS that gets the job done and is loved by everyone. Problem is, most who try this approach will see their product end up on the "island of misfit toys".
There is more to terrorism than begging for attention. Yes, that's part of the incentive, but the terrorists don't get much of an advantage no matter how much attention they get. From the terrorists' point of view: "OK, now what?"
Terrorism is an industry; a relatively unstructured mercenary program. Unemployment is sky-high throughout the middle east and has been for decades. Young males in particular have a lot of anger about their perpetual unemployment. A variety of special interests have enemies they would like to see attacked in various ways, and lots of young people need something to do. Understanding terrorism is as simple as understanding supply and demand.
Before his jihad against the US, OBL was busy fighting the Soviets in Afghanistan. Since the Soviets invaded Afghanistan on their own, OBL's band of merry marauders was quickly funded by a plethora of interests (US and Muslim). The entire shift in strategy for OBL was necessary because with the Soviets gone, business was bad. Nobody was going to fund anti-Soviet fighters in Afghanistan if the Soviets were gone. They were going to fight someone as soon as a new client stepped forward with a target in mind. Speculate as much as you want about who OBL's client is, but the targets are obvious. For the right amount of money, these guys could be easily flipped against their clients. Problem is, they are just going to flip back someday when the money runs out. So the appropriate response is to tag 'em, bag 'em, and dump overboard.
You have a good point about the standard of proof in a civil case such as copyright. But if IP address is central to identifying the defendant and the defense manages to demonstrate the ability to morph their IP address at will, the level of certainty won't be anywhere near 50%.
If other factors contribute to circumstantial evidence (e.g. the file in question exists on the defendant's computer), the plaintiff can certainly try to rebuild the case without the IP address. If the flawed IP "evidence" is the justification to search a computer, it would not be easy to challenge the results of the search even if the defense undermines the basis for searching the computer in the first place. That's where your 50.001% fits in.
I wouldn't rely on undermining the validity of an IP address to get away with doing illegal things. Not everyone can skate away from trouble like Casey Anthony and OJ Simpson. But if a case against me depends entirely on an IP address that is literally up for grabs when my equipment is turned off, that's another story.
I agree that modern network hardware can be configured to prevent IP address swapping. But implementing such a tamper-resistant configuration requires modern hardware and competent admins -- at a cable ISP. I have no doubt such things exist, but in my experience they are in short supply.
You underestimate the gap between what you know is technically possible and what others have the aptitude or willingness to do. For years, people have been insisting that static IP addresses guessing is impossible. And for years they have been wrong. Some day we might have automatic rock-solid defenses against such a thing. But until that day comes, I will assume the worst.
I did not intend to offer a tutorial on how to play musical chairs with IP addresses, but anyone with basic networking skills can find the necessary tools to evaluate the risk on their network. Even if you have no intention of playing games with your IP address, it's worth knowing whether or not you could be the target of a false accusation when someone else decides to borrow your address. Depending on the capabilities of your ISP, it might work. Or it might not.
That database of address assignments is essentially a DHCP log file. And if the ONLY way to get a working address was via DHCP, it would be an accurate record. But that is not always the case. Although I have no doubt the ISPs _think_ they have records that explain all of the addresses on their network, the senior techs know better. The method I described in the parent post would allow a user onto the network in such a way that DHCP records are meaningless.
The MAC address might be a bit tricky, but remember that many routers allow you to override the MAC address, just as you can override the IP address.
Whether or not juries are taking ISP-provided DHCP records as absolute proof of identity, it is possible to destroy the credibility of DHCP logs on a cable modem network. With a trivial amount of work, you can get your computer to quietly assume an IP address that was not assigned (or logged) by DHCP.
And if I put a wireless router on my LAN behind the PPPoE login?
Back to square 1.
Not really. No matter how many PCs you have on your LAN and no matter how they are connected to your router, outgoing traffic from your router hits the Internet with the IP address of the WAN port of your router. When your router logs in via PPPOE, it identifies you when it picks up an IP address as the result of a session that identified your ISP account. You might be able to play games with that address, but I suspect your session will drop.
You could claim the traffic in question came from unauthorized clients connecting illegally to your LAN, but that involves claiming that your wireless was either unencrypted or hacked. You might (or might not) get sympathy with that argument. Certain routers have a nasty bug in which they spontaneously reset to factory default (zero security) settings. Or you could just play dumb... "I didn't realize other people could use my wide-open Wifi connection". Somewhere in between is WEP security. It proves an attempt on your part to establish a secure network, but the tools to hack WEP are readily available and very little skill is necessary. And yet the WEP option remains available on most routers because legacy Wifi cards may not support any other encryption protocol.
Why should anyone pay taxes to a government that provides no service or (even worse) grants no voting rights to the taxpayer? Does "taxation without representation" ring a bell?
Two Supreme Court decisions (mentioned throughout this thread) resolve the issue quite clearly. States' arguments in favor of collecting sales tax involve proving a physical nexus. Not necessarily a corporate headquarters, any physical presence will do. This generally requires a building or employees whose work environment is in the state.
Amazon has been able to dodge this in a various states by threatening to leave. When a state claims that Amazon's in-state affiliates constitute a physical nexus for tax purposes, Amazon terminates all the affiliates in that state. At the outer fringe of anti-tax logic, Amazon might have a warehouse in a state whose purpose is shipping to the OTHER 49 states, thus it serves no function in the state in which it is located. That's a questionable argument, but combined with a threat to leave, they might get away with it.
For those states in which Amazon has no physical nexus, I applaud them for not caving in to money-hungry state governments that offer nothing in return. In the other cases, I hope they relocate to states with no sales tax.
Ask not who is clueless, you might be surprised.
If Amazon uses that one-year grace period to get out of California, it just might work.
In 1967, the U.S. Supreme Court determined in Bellas Hess v. Illinois that states could not require companies without either property or employees in the state to collect sales and use tax – in other words, companies needed a physical nexus. The 1992 Supreme Court Case Quill v. North Dakota then reaffirmed the principle that a company must have a substantive nexus in order for the state to require the company to collect sales taxes.
Get rid of the physical nexus, and the sales tax disappears. There are a few states with no sales tax. If Amazon relocates their warehouses and office to only those states, they can ship all over the US with impunity.
That's why Heathkit is a good idea. If nothing else, it lets kids learn about electronics via practical examples. There a few other electronic kits out there, but Heathkit was always the gold standard.
Although this is won't work with DSL because of PPOE login, with a cable modem your IP address is not proof of anything.
Why? DHCP is not the only game in town. On many networks, you can take a DHCP-assigned address and determine the appropriate subnet mask, default route, and DNS server. But nothing really stops you from manually overriding the IP address, as long as you choose one in the same subnet that happens to be unused at the moment. The ISP can make this a little more difficult by remembering the MAC address associated with each address, but there are workarounds for that too.
I became aware of this when my cable modem stopped working and the support technician discovered that my IP address was in use from someplace other than my house. In those days, all addressing was static. Some other customer had inadvertently (or deliberately) assumed my IP address. The tech gave me a new address assignment and everything worked. So whoever hijacked my IP address left the audit trail pointing to ME. The hijacker was (from an IP address perspective) invisible.
That's the closest thing I have seen to a plausible answer. There are some sleazy companies that I know for a fact had a lengthy BBB rap sheet, and now they are mysteriously sanitized.
I guess the concept of an owner promoting his business through bogus, self-congratulatory reviews is older than the Internet.
A successful restaurant owner does not volunteer for these "makeover" shows. If you have customers, the last thing you want is a TV crew taking up space. If your place is packed, advertising won't help. Although many of the owners have claimed the show manufactured drama, a lot of what they show would hard to create just for the camera -- unless of course it was there already. How many restaurant owners are likely to admit the findings are accurate? In the cases where the TV chef sends in a cleaning crew to address years of unsanitary kitchen conditions, it's hard to believe they brought in years of grease buildup.
I understand there are some restaurant owners who think their only problem is marketing, so free TV publicity is all they think they need. But I know of some great restaurants that are always packed. Their success is pretty much self-sustaining (even with zero advertising) as long as customer satisfaction is high. Sooner or later something happens to break the cycle and a downward spiral begins. Very rarely is a restaurant failing due to a sudden lack of advertising.
I watch some of those "failing restaurant" shows: Kitchen Nightmares, Restaurant Impossible, etc.
MANY of those places have Zagat stickers in the windows, often with good ratings. And yet their businesses are dying and the TV chefs think the food is awful. Customers are scarce, so there must be a reason. Some of the problems with food quality and cleanliness might be overstated for shock value, but it never looks like the TV chef has to try very hard to find problems.
What's up with all of these Zagat-rated disaster restaurants? Does anyone on Slashdot know what's going on?
"You say that is if IT asked for SOX, HIPAA, PCI, etc along with all of the script-kiddies (and professional hacker networks) that are actively looking for vulnerabilities. IT engineers a network that meets compliance regulations because they *have* to, not because they thought it might be a fun thing to do. After a few SaaS providers are hacked, it will be interesting to see what kind of responsibility the customer has for the hack even if they made sure that the provider had all of the right certifications."
Nobody at the lower levels of IT asked for SOX,etc. but there were plenty of useful idiots in IT management who bought into this stuff. Meanwhile, information leaks pretty much at will. You can have a 64-character random password that changes every 12 hours, but one disgruntled employee will leak the client list faster than you can say "audit compliance report". Ironically, the number of disgruntled employees is higher than it would be without all of this TSA-style security.
I'm more than a little tired of newbies who think the attacks are coming from the outside in the form of script kiddies and port scans. The attacks are coming from the INSIDE, by fully authorized users who face little if any opposition. The absolute HIGHEST RISK is the disgruntled worker who fears being outsourced and keeps a nifty supply of sensitive material on a USB drive. Ironically, the IT workers who build these "secure enterprise networks" are among the biggest security threats.
"If your kid's facebook page is hacked, no one cares except them. If your hospital lets your health records leak out, they can face large fines, and if it was a egregious violation, individuals can face personal fines and criminal charges."
I've seen a lot more corporate applications hacked than Facebook pages. Especially when rent-a-hack developers leave privileged usernames and passwords in plain text files on the web server. Somehow the corporate security audit missed that one. Score one for Facebook.
"Unless your kids are hosting their own email server, your household budget *does* include an email administrator, you're just paying it to your ISP (or through trading off some privacy and pageviews to an ad-supported email provider)"
Have you ever heard of Gmail with a POP3 client? Sheesh.
"This may come as some surprise to you, but maintaining an enterprise network of 500 desktops is different then a single desktop - a college student can spend 2 hours of his own time recovering from a virus infection, doing that across 500 desktops with 2 helpdesk staff would take over 2 months."
This may come as a surprise to you, but my 2 kids and 498 of their colleagues have the same number of computers as your "enterprise network of 500 desktops". They accomplish more of what they set out to do than the average corporate employee -- with a lot less BS. Although your hypothetical 500 infected desktops might take a helpdesk a few man-months to re-image, would't it be cheaper to buy MacBooks and fire the helpdesk?
The average corporate IT department has ALREADY degraded to the level of TSA; more interested in "compliance" than business success. At some point, the pendulum has to swing back the other way -- cutting the costs imposed by all of these policies and self-important police. By that time, I think we will have a "bring your own" mentality towards desktop hardware, just as mechanics are expected to supply their own tools. Instead of buying servers (or even cloud-based virtual servers), corporate IT will buy complete applications whose server-side infrastructure is vendor-supplied. Mandatory stupidity and shortsighted cost control have pretty much killed off the ability to handle IT any other way.
The future model of IT is what home users and especially college students are doing right now. My KIDS have less computer downtime than the average corporate IT worker, and our household budget does NOT include an e-mail administrator or desktop support.