It is pretty rare for a contract firm (aka body shop) to offer any benefits at all. Generally all they do is pay you subpar wages and mark up what they billing the customer, pocketing the difference.
I know quite a few CEOs and VP level execs. They are very focused on revenue. They are spending all their time trying to land new customers and grow the business. Security is a cost: generally: you have to pay money for it, either to security vendors or in headcount, and there is no corresponding revenue that you get. So it goes to the bottom of the priority list. Somewhere in their heads they know that deferring it is a bad idea, and the cost of a security breach is something they don't even want to think about, but there is always a new revenue target to hit, another customer to land, etc., and so the security stuff get put in the "maybe later" pile.
Some of that makes sense. But I think it is more basic. #1, don't just not hire older workers. The current reality is that once you are a tech guy over 40, you are less employable, and it gets worse as you get older. #2, have the idea that work doesn't have to mean 18-hour days at the office and there is such a thing as part-time - that is a big mind shift for a lot of tech shops.
Personally now I'm out of the workforce and doing part-time contract gigs. I am very fortunate to find some that will take me on part-time (helps if you are billing a hefty hourly rate: they think twice about eating up all your time). My other personal rule is that I don't do Scrum: I did it for years, I hated it, and two week cadence with daily standups assumes you are there all the time.
As far as I know the state of the art for nonlinear optimization when the objective is a very expensive process to run (or simulation of a process) is Radial Basis Function modeling/estimation. Much of the work on this was done at Cornell University - see for example Rommel Regis's papers. These algorithms do some random sampling, then build a model of the objective function, then based on that pick one or more new points to sample, and repeat.
Some of the ones I've read, it does sound like he is handing someone's head to them, but he's usually also explaining what they did that was wrong, and why it was wrong. So IMHO that mitigates some of the unpleasantness. He does seem to want the recipient to learn from the experience and not do whatever it was again.
Well, unlike Nokia they are in more than one line of business. But they have been executing poorly for some years and have a history of doing dumb acquisitions, culminating in the disastrous Autonomy deal in 2011. Ray Ozzie can't by himself fix any of that. But arguably he can't be worse than the slate of directors who got them to where they are.
I think that is true, but there is not any fundamental reason why something that is technologically possible can't be prohibited by law. Nor any reason governments can't be made subject to the law. In the U.S., Nixon was about to be impeached over misuse of federal resources to attack and embarrass his personal enemies.
By and large they don't make expensive gear. And as far as I can tell it isn't much worse than the other mass-market stuff it competes against. Their poor reputation among audio buffs is somewhat deserved but IMO mainly because it is cheapo gear and there is some tradeoff of cost and performance, certainly at the part of the cost curve they are operating in.
True enough, but you do not want to have the issue where the first sign of your success is your website failing. Early users get turned off if the service is flaky. So you can't just throw up a free website and wait to see when and where it crashes. A little planning is always good and so is a good reasonable starting architecture. That would include for example designing from the start for running with multiple backend servers behind a load balancer.
I ditched AT&T DSL a while back. It was both slow and unreliable. Comcast is much faster but quite pricey: they have all sorts of come-on deals where the price is low at first, but they will jack it up eventually. I'd sure like to see them both have some more serious competition.
By and large, the U.S. doesn't believe what they say. But the public threats and provocations may help convince the North Koreans (who mostly get their news from official sources, or not at all) that the regime is powerful and active, and its enemies are dangerous.
There are typically a lot of shareholders and even those that may hold relatively large blocks of the voting stock are still typically in a minority position. So it is hard to mobilize them to do anything in concert, such as rejecting a corporate nominee.
Despite the current year tax increases, we have very low marginal tax rates on high income earners, compared to the rest of the world and compared to historic rates in the US over the past 50 years. High taxes are not the biggest economic problem most people face. Ask someone who is unemployed whether high taxes are a problem for them.
I'll be back as an Ubuntu user when they have a reasonable UI again. Unfortunately I have one box xUbuntu won't install on, so I have to run Mint on it (that's my 2nd choice).
in electronics. When I was a teenage geek, a ham up the street gifted me with a number of things including a marvelous "boat anchor" surplus shortwave set. And lent me a number of other things like a working scope. It was a great learning experience. If something wasn't working or couldn't be made to work, I salvaged components from it. My parents had no idea I was debugging 400 volt tube circuits. Somehow I survived.
in response to a reset request is not hashing passwords and would fail a security audit (but I have certainly seen sites like this). There is no reason for the remote site you are logging into to ever store your password, vs. storing a hash (a strong hash, repeated multiple times to make brute force reverse hashing difficult).
Almost all employees (contract or regular) usually have to sign a non-disclosure agreement, among other things. So he broke that for sure. Re export of the RSA token - if it contains encryption software he probably should have gotten export paperwork done for it, but he's not likely to be prosecuted for that.
I've used it more than once, but not often enough that I don't have to go back and learn parts of over the next time I use it.
It just isn't very intuitive. The regex support can do awesome things, but just I can't seem to keep enough of it in my head to be productive. Or if I do, it leaks out when I'm off coding in some other language:-).
All this stuff about "is the software author pure enough" makes me sad. That is why I like the BSD (and similar) non copyleft licenses. Remember, 99% of software users are not programmers and wouldn't use the source code if they had it. Heck, most *programmers* even don't use the source code of the FOSS they consume. The GPL is catering to the tiny percentage of software users who are RMS or like RMS.
People with Asperger's just don't conform to the expectations most people have, and unless you have some background and understanding, it is just baffling, and they tend to get slotted into categories people already have, like "rude" or "difficult," when really something else is going on. My personal experience (family member) is that you keep saying to yourself or the other person "Why can't you..?" where ? is something that fits expectations, and finally you realize the answer is that "because you have a non-typical brain wiring." Once you get that it becomes easier because you understand that this probably isn't fixable, and you're going to have to alter your expectations. But most people don't get to that level of understanding of Asperger's.
Also, we don't know just how crackable off the shelf encryption is. More than you'd think, probably. The NSA is not going to tell you just how good they are at reading encrypted material but they employ some of the best cryptographers on the planet, so their capabilities are not to be underestimated.
I think the issue is, as the submitter said, they don't control from where the end user downloads the product. They could get it from anywhere and those 3rd-party sites don't put up any kind of disclaimer. Maybe you can put it in bold letters in the installer, but many users don't read their EULA anyway, and you can't rely on the download site.
Slashdot Mirror
It is pretty rare for a contract firm (aka body shop) to offer any benefits at all. Generally all they do is pay you subpar wages and mark up what they billing the customer, pocketing the difference.
I know quite a few CEOs and VP level execs. They are very focused on revenue. They are spending all their time trying to land new customers and grow the business. Security is a cost: generally: you have to pay money for it, either to security vendors or in headcount, and there is no corresponding revenue that you get. So it goes to the bottom of the priority list. Somewhere in their heads they know that deferring it is a bad idea, and the cost of a security breach is something they don't even want to think about, but there is always a new revenue target to hit, another customer to land, etc., and so the security stuff get put in the "maybe later" pile.
Programmers are commonly unionized in Europe.
Some of that makes sense. But I think it is more basic. #1, don't just not hire older workers. The current reality is that once you are a tech guy over 40, you are less employable, and it gets worse as you get older. #2, have the idea that work doesn't have to mean 18-hour days at the office and there is such a thing as part-time - that is a big mind shift for a lot of tech shops.
Personally now I'm out of the workforce and doing part-time contract gigs. I am very fortunate to find some that will take me on part-time (helps if you are billing a hefty hourly rate: they think twice about eating up all your time). My other personal rule is that I don't do Scrum: I did it for years, I hated it, and two week cadence with daily standups assumes you are there all the time.
I think the original paper on this is by H. M. Gutman. For an intro to more modern methods see Regis and Shoemaker's 2007 paper.
Juliane Mueller has some working code available.
As far as I know the state of the art for nonlinear optimization when the objective is a very expensive process to run (or simulation of a process) is Radial Basis Function modeling/estimation. Much of the work on this was done at Cornell University - see for example Rommel Regis's papers. These algorithms do some random sampling, then build a model of the objective function, then based on that pick one or more new points to sample, and repeat.
Some of the ones I've read, it does sound like he is handing someone's head to them, but he's usually also explaining what they did that was wrong, and why it was wrong. So IMHO that mitigates some of the unpleasantness. He does seem to want the recipient to learn from the experience and not do whatever it was again.
Well, unlike Nokia they are in more than one line of business. But they have been executing poorly for some years and have a history of doing dumb acquisitions, culminating in the disastrous Autonomy deal in 2011. Ray Ozzie can't by himself fix any of that. But arguably he can't be worse than the slate of directors who got them to where they are.
I think that is true, but there is not any fundamental reason why something that is technologically possible can't be prohibited by law. Nor any reason governments can't be made subject to the law. In the U.S., Nixon was about to be impeached over misuse of federal resources to attack and embarrass his personal enemies.
By and large they don't make expensive gear. And as far as I can tell it isn't much worse than the other mass-market stuff it competes against. Their poor reputation among audio buffs is somewhat deserved but IMO mainly because it is cheapo gear and there is some tradeoff of cost and performance, certainly at the part of the cost curve they are operating in.
True enough, but you do not want to have the issue where the first sign of your success is your website failing. Early users get turned off if the service is flaky. So you can't just throw up a free website and wait to see when and where it crashes. A little planning is always good and so is a good reasonable starting architecture. That would include for example designing from the start for running with multiple backend servers behind a load balancer.
I ditched AT&T DSL a while back. It was both slow and unreliable. Comcast is much faster but quite pricey: they have all sorts of come-on deals where the price is low at first, but they will jack it up eventually. I'd sure like to see them both have some more serious competition.
By and large, the U.S. doesn't believe what they say. But the public threats and provocations may help convince the North Koreans (who mostly get their news from official sources, or not at all) that the regime is powerful and active, and its enemies are dangerous.
There are typically a lot of shareholders and even those that may hold relatively large blocks of the voting stock are still typically in a minority position. So it is hard to mobilize them to do anything in concert, such as rejecting a corporate nominee.
Despite the current year tax increases, we have very low marginal tax rates on high income earners, compared to the rest of the world and compared to historic rates in the US over the past 50 years. High taxes are not the biggest economic problem most people face. Ask someone who is unemployed whether high taxes are a problem for them.
I'll be back as an Ubuntu user when they have a reasonable UI again. Unfortunately I have one box xUbuntu won't install on, so I have to run Mint on it (that's my 2nd choice).
in electronics. When I was a teenage geek, a ham up the street gifted me with a number of things including a marvelous "boat anchor" surplus shortwave set. And lent me a number of other things like a working scope. It was a great learning experience. If something wasn't working or couldn't be made to work, I salvaged components from it. My parents had no idea I was debugging 400 volt tube circuits. Somehow I survived.
$999 is not really a bargain price considering what is in the box. As with other Apple hardware you are paying a premium for the Apple brand.
in response to a reset request is not hashing passwords and would fail a security audit (but I have certainly seen sites like this). There is no reason for the remote site you are logging into to ever store your password, vs. storing a hash (a strong hash, repeated multiple times to make brute force reverse hashing difficult).
Almost all employees (contract or regular) usually have to sign a non-disclosure agreement, among other things. So he broke that for sure. Re export of the RSA token - if it contains encryption software he probably should have gotten export paperwork done for it, but he's not likely to be prosecuted for that.
I've used it more than once, but not often enough that I don't have to go back and learn parts of over the next time I use it.
It just isn't very intuitive. The regex support can do awesome things, but just I can't seem to keep enough of it in my head to be productive. Or if I do, it leaks out when I'm off coding in some other language :-).
All this stuff about "is the software author pure enough" makes me sad. That is why I like the BSD (and similar) non copyleft licenses. Remember, 99% of software users are not programmers and wouldn't use the source code if they had it. Heck, most *programmers* even don't use the source code of the FOSS they consume. The GPL is catering to the tiny percentage of software users who are RMS or like RMS.
People with Asperger's just don't conform to the expectations most people have, and unless you have some background and understanding, it is just baffling, and they tend to get slotted into categories people already have, like "rude" or "difficult," when really something else is going on. My personal experience (family member) is that you keep saying to yourself or the other person "Why can't you ..?" where ? is something that fits expectations, and finally you realize the answer is that "because you have a non-typical brain wiring." Once you get that it becomes easier because you understand that this probably isn't fixable, and you're going to have to alter your expectations. But most people don't get to that level of understanding of Asperger's.
Also, we don't know just how crackable off the shelf encryption is. More than you'd think, probably. The NSA is not going to tell you just how good they are at reading encrypted material but they employ some of the best cryptographers on the planet, so their capabilities are not to be underestimated.
I think the issue is, as the submitter said, they don't control from where the end user downloads the product. They could get it from anywhere and those 3rd-party sites don't put up any kind of disclaimer. Maybe you can put it in bold letters in the installer, but many users don't read their EULA anyway, and you can't rely on the download site.