Example, or explanatory, code very frequently comes with a note such as "data validation and error handled omitted for clarity". They aren't kidding - important code is left out in order to leave bare only what's being demonstrated. Putting such code online without proper validation and error handling is putting a glaring security hole in place.
I wrote a snippet of demo code years ago which was put into production on hundreds of thousands of web sites, though it should not have been. I demonstrated an idea with some code, which wasn't supposed to be production ready. A popular site copy-pasted it from my site, and others copy-pasted it from there. It ended up on Stack overflow repeatedly and other places as copy-pasted code that many, many people used in production. It was not secure.
Without checking, I would bet that Bing is serving up my code when someone searches how to do that, because it's on many well-known sites. It's not secure, production-ready code, though. It's demonstration code illustrating a certain technique.
I see the connection there. They had been operating independently, and were *allowed* a degree of autonomy in local issues, but ultimately under the authority of Rome regarding foreign affairs etc. That matches up both with the states who formed a federal government and with IT systems and database usage, where each part is to some degree independent insofar as its internal operation, but disciplined by the central authority in matters of relations with other entities (interstate commerce clause, etc).
Personally, I think the *idea* of a federal system of government, as outlined in the Constitution, makes sense. It local autonomy to both meet the needs of local people and to try out different ideas, while also getting the benefits of a large, coordinated, stable coalition. In order to maintain that federal approach, wherein both individual states and the united government have their proper place, one must however carefully guard the 10th amendment. The 10th and the enumerated powers clause, which limit the power of DC politicians, have been significantly eroded starting with the wheat cases. I think those were decided that way solely to avoid a power struggle between the court and the Congress and president - there is no reasonable logic which supports the decision. It essentially makes the enumerated powers clause and 10th amendment impotent. That violates a basic legal principle that all laws and parts of laws mean *something*. The 10th was passed for some reason, and has some meaning. The wheat cases essentially ruled that it means nothing, that it has no actual effect.
Okay, so I said secure programming is hard, you need to know what you're doing.
You disagree that it's hard, because people who call themselves professionals sometimes can't do it right. Professionals sometimes can't manage to do it, therefore it's easy. Is that right?
In 1965 someone asked "is McDonald's the future of American restaurants?" The answer was yes, regardless of whether most restaurants were better.
Is Python the future? That's scary, but it may be so. Why do I say it's scary? I wouldn't have said so 30 years ago. When I started programming, Python would have cool. Something very important happened in the mid 1990s. Something that completely freaked out Microsoft's programming tools team.
When I started programming, I started by writing very simple programs in languages such as BASIC, which ran first on my computer, then on a Casio calculator / handheld computer they sold in the 1980s. I'll never forget impressing my friends with a program that consisted of nothing but a loop and set of IF statements. It would prompt you to enter your name via the keyboard, then print in the screen "you're cool" or "you're weird" or whatever based on the name you entered. I think for one name in particular, Casey, it said "you're pretty". A very simple program, by a beginner programmer.
Few new programs today take input via keyboard and print output to the screen. These days, they take input via the Internet, query other resources over the network, and return something over the internet. It's no longer my boyhood crush Casey entering something, it's hackers from all over the world. They attack each program hundreds or thousands of times. Very simple programs by beginning programmers are now vectors for multi-million dollar losses. It's very hard to learn safely these days, because it requires some expertise to design and code software that will be safe against constant attacks. I don't know that I could learn today, it's just too dangerous for beginners to run code exposed to the internet, and today most code is exposed to the internet. Even a super simple programming task like a thermostat - if (temp desired) {
Hear = on }
Is now an IoT, and a threat.
This worries me because as we make it easier to create software, more possible for people who don't know what they are doing to expose your systems, we are now having so much exposed by people who haven't studied. You CAN write code without learning much at all. You can, that very much doesn't mean you SHOULD. Not in today's society, where everything is online.
Read the NN law apparated by the Obama administration with those types of operations in mind and see if you still think so. Remember the whole point of the $8 plan is for seniors, kids, employees, and others who want a basic feature phone, not a smartphone, which doesn't stream Hulu or anything. Read the rules and think about how you could possibly operate such a service given the laws at the time.
Try it. Copy and paste the commands. If you look, especially at old systems, you'll notice the code for chroot looks an awful lot like the code for cd. There's a reason for that.
Cd changes which directory the "." alias points to, chroot changes which directory the "/" points to. Just as you can cd to change ".", then cd again to change it again, chroot works the same way. It's just about as "secure" as cd, because it's almost the same code.
In other words, your goal is to have the person who reads your comment say to their co-worker "hey look at this, this is interesting". It's a COMMENT period, not a VOTING period.
"Opinion" is probably the wrong word. If your opinion is "Sprint sucks", nobody will pay any attention to that. You CAN say things they WILL pay attention to, though, if you're informed on the topic.
I have been effective at influencing these kinds of things with regulators, but you have to know what type.of comments will be effective.
This is an appropriate an effective time to point out things that they may not have thought about, finer points. It's not particularly effective to say "no, I don't want this", because it's not a vote.
Regulators frequently require than before a merger, the companies must sell off certain assets, preferably to a smaller competitor, in order to maintain competition in a particular market. Suppose you know that in your area there are three carriers:
T-Mobile is available to you Sprint is available to you Blaze Wireless is available a few miles away, in a neighboring town, but not in your area
You could point out that the merger would create a monopoly in your area, but that could be fixed by having them sell the Sprint or T-Mobile towers to nearby Blaze Wireless. The combined T-Sprint would then have Blaze as competition in your area. THAT is the type of thing that can make a difference.
Look into the details of the merger proposal. Do any of the details raise red flags? What should be changed? Suggesting changes that regulators haven't already considered can be helpful.
> US does not have higher authority over all the different laws, that states and even counties have
The Constitution diagrees with you: -- US Constitution, Article VI, Clause 2: This Constitution, and the Laws of the United States which shall be made in Pursuance thereof; and all Treaties made, or which shall be made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Thing in the Constitution or Laws of any State to the Contrary notwithstanding. --
The other side of that is the enumerated powers and 10th amendment. Federal law is absolutely supreme over state law, and city ordinances subordinate even to state law. However, federal law is only authorized (and therefore valid) on certain specific topics. Federal law is never subordinate to state law - it's supreme. Only if it's not law it at all, if it's null and void by being unconstitutional, does it not override state law.
-- federative system. In other words, there is no higher authority that manages, broadcasts and moderates the content offered, as is the case with YouTube, but a network --
Someone does know what federation is, and therefore contradicts themselves. Apparently they haven't even heard of the federal government, which is the "higher authority", above the states.
A federal system, or federation, is when previously separate entities establish a centralized authority, for common purposes. Examples would be the United States, which were separate states and then established the FEDERAL GOVERNMENT. The EU is following a similar pattern.
Database federation is when you had separate database servers, but then you establish one server as the central authority all queries go to, and it then delegates parts of those queries to the servers that have the relevant data.
Exactly. An ideal container, perfectly configured and perfectly implemented, with a more-secure but less- convenient settings, would be - Well it would be non-existent, because shit ain't perfect. If things in the real world were perfect, security wouldn't be much of an issue.
I'll have hard data in real-world containers and VMs next month. My company (Alert Logic) just released a suite of security services for containers so we will be able to tell exactly how often, and in which ways, our customers actual containers are breached, and what vulnerabilities they actually have. I can cross-reference that data with VMs in my database.
Based on decades of experience, I expect the data will show that VMs are more secure. I also expect the data will show that what you put IN the container or VM is far more important than whether you put it in a VM or container. Stupid in a VM is stupid, stupid in a container is stupid. Containers can use less RAM, though.
Someone mentioned chroot, which is the basic system call behind containers. Chroot is not a security tool. Chroot was not designed for security. Chroot does not provide security of any kind. Leaving chroot is as simple as chrooting again:
mkdir foo; chroot foo; cd..
Chroot is useful for cross-compiling and certain other tasks related to developing software. It was created for the purpose of compiling and testing BSD4.2 before it was ready for release. Bill's machine ran 4.1, he could switch to 4.2 versions of the files by running chroot. (And could go back to the 4.1 system by simply running chroot again)
Our team tracked the amount of time we spend on "administrata", which we defined as essentially:
Our own meetings
stuff that government or corporate expects us to do, but doesn't improve our productivity
Note that *useful* training isn't included.
That's actually our largest category, where we spend the night most time. We spend more time on that stuff than on things that have direct benefit to the customer, or on investments in our productivity, such as improving our tooling and systems.
We were able to reduce it by maybe 20%, which was good. It's still the largest chunk of our time, though. We can't reduce it much further because a lot of the stuff is either directly required by government, or is indirectly required by government, where the corporate bosses have flexibility in how they address requirements or can decide how much legal risk to take. Either way, they have driven by laws and regulations. Further action on reducing this wasted time will largely have to wait until November, election time.
What you've said is true, nearly half of our time isn't really productive. Which means we need more productive time, not less.
This week, I had mandatory compliance training for FCPA, sexual harassment, discrimination, and another one. I had several hours of required meetings, and another few hours dicking with the VPN and crap so I could work.
Suppose the compliance-related training was 6 hours. Required meetings are 3 hours. Dealing with infrastructure, regular password changes, and crap is two hours. That's 11 hours of required bullshit. From a 40 hour work week, that leaves 29 hours for productive work plus going to the bathroom, sick days, etc. 25% of the time is mandatory bullshit.
Now we subtract an 8 hour day, making it a 32 hour week. We STILL have those 11 hours of compliance training and crap. Now the mandatory bullshit is 33% of the work week instead of 25%, and we have only 21 hours left for productive work, plus going to the bathroom, sick days, etc.
You're right in what you said - meetings, training, etc take up a lot of time. Getting rid of them might help. So long as we have mandatory compliance training and such, fewer hours cuts disproportionately into the productive time since regulators still want you to have your three hours of LGBT sensitivity training or whatever.
Obviously, that does NOT mean we should all work 60 hours. Being exhausted is not good. Avoiding exhaustion doesn't mean we should all work 10 hours per week, either. That would give us only enough time for mandatory bullshit, and leave zero hours for productive work. There's a right number, where working longer has you too exhausted to think, and working less leaves you little time to be productive, especially relative to the amount of less productive crap that's required in a business.
> designing how the four-day week would be managed so as not to negatively impact productivity."
They designed it with the hope of not negatively impacting productivity. I wrote a cover page hoping to get a CISO job. I'm not a CISO. The article gives multiple numbers measuring that employees liked it, but not a single number suggesting that productivity, even per-hour productivity, wasn't reduced. The author knows to give measurements to prove a point, and gives no measurements to indicate workers got the same amount of work done.
Either the article sucks (completely forgetting to include key information) or it's designed to mislead.
I'm also reminded of some of the studies that ended the "scientific management" fad of the 1980s. In the eighties, we found out that switching to an open office increases productivity. And that switching to cubicles increases productivity. And switching to private offices increases productivity. What we learned is that switching things up helps for a while. It doesn't matter much what the change is, change promoted as being better reinvigorates people for a little while.
> reducing or eliminating non-work-related internet usage
Now that would be an interesting thing to measure. The IT department could tell you of non-work-related internet usage ACTUALLY changed, and give you a pretty decent measure of how much it changed. Over the course of six months to a year, you could figure out which works better for most people: A. Continue to fart around on the internet (Slashdot) while at your desk B. Do not get on Slashdot while at work, and instead go home earlier.
> I am as cynical as they come but how is this a failed experiment if you lose nothing but have happier employees?
That's a VERY big assumption. You lose 20% of time they were working, so about 20% of their productivity, unless you have evidence otherwise. The article mentions no such evidence.
Competitive pressures may well mean that leads to losing the company, by delivering 20% less value to customers. Studies show it takes people some time to get back into what they were doing, they don't come in Monday morning and reset their brains to remember everything they were thinking on Friday. Rather, they have to spend time re-reading things they read on Friday, getting back into the groove.
> Also think about this: The work that took five days previously now gets done in four.
What makes you think that? I see no such claim in the article. The article only says that people like having time off - duh. Well, they like certain things about it. Most people don't actually choose part-time work because part-time work means part-time production, and therefore part-time pay. Most people want full-time pay, so they choose to work full-time.
If workers were just as productive, that would be a very interesting result, but the article doesn't claim that.
Yeah, there are a lot of things to consider. For my own SOHO use, used enterprise Cisco gear works pretty well. Just yesterday I needed to set up routed secure tunnels between my home office network and two other locations. That was easy to do with Cisco gear I got for almost free. Of course I'm a nerd, Cisco integrated services routers aren't for everyone.
Instead of constantly logging in to my employer's VPN with all three operating systems I use, a thought occurred to me - my employer's end of the VPN is a Cisco ASA firewall. I have a Cisco ASA firewall in my home rack. Why not just let my ASA VPN to their ASA and I don't have to manually connect all the time.
I clicked your signature link and saw you get Linux running on a printer - eight years ago. That's cool. Why? I wonder if a couple of cool uses occurred to you.
My immediate thought is that printer can move things in two dimensions with 600DPI accuracy. Replace the printer head with a Dremel and you've got a high-accuracy CAD-CAM mill from a garage sale printer. Eight years ago you know what was going on with 3D printers. Replace the ink print head with a filament nozzle, boot Linux on the printer, and you're most of the way to a great 3D printer. Now we have good ooen 3D printer designs and resources for parts, but eight years ago your project could have been the start of something really cool.
Nothing new about using crispr for fruits. I've been using my crispr for fruits and vegetables for a long time. The drawer next to the crispr is where I keep my cheese and stuff. Milk goes on the top shelf, eggs in door.
This is exactly what I want as a worker. Also what I have.
For many years I owned the companies I worked for. I'm now enjoying a steady, predictable salary, like these employees have. If I wanted unpredictable pay (like commissions), I could make a lot more money working for myself, or working contracts. I also wouldn't like commissions because that puts my own interest (my pay) in direct opposition to the customer's interest in managing the budget. I much prefer to be able to serve the customer the best I can, rather than try to sell them as much as possible in order to pay my rent.
At my job, we also have metrics and goals - I know what's expected of me, and it's agreed to beforehand. My new boss and I didn't get along at first. My first performance review with him wasn't going so well until we started looking at the goals we had agreed to for the quarter and my actual performance. He saw that I got done what my boss had asked me to get done, so his attitude changed (an employee who gets it done is valuable to a boss).
Recently we came up with new metrics and goals for the team, to align with the company's new strategic goals. A co-worker pointed out a possible flaw - sometimes customer needs might not match up with one of our metrics. I pointed out that having goals doesn't mean we have to ignore the customer while chasing the metric with tunnel vision. The metric is ONE way we measure the value we deliver to the customer. It's not the only way. Since our pay is salary, not toed directly to a specific metric, we can serve the customer's needs from day to day, with the metric serving its proper purpose as but one measurement.
So that's exactly the work situation I like. Salaried, steady pay. Defined metrics and goals so I know what is expected of me and the bosses agree (in writing). But the metrics are but one thing we look at in reviews, one part of the story.
Another important thing I do is recognized, but not measured. I really enjoy helping train and equip my teammates to better serve the customer and the team. Today I had two different people asking me for help at the same time. I love it, it improves the efficiency of the team by allowing their work to reflect my experience, and my boss appreciates the value - rather than having a less efficient and effective team because I'm selfishly chasing my own commissions.
> . Cisco gets by on inertia... a combination of slightly non-standard features that unwitting users have started using
Quite often, the non-standard features Cisco offers become standardized 5-10 years later. They are simply ahead of the standards. Things like channel bonding and cost-based routing are now considered "must-have". They were unique to Cisco for years, before eventually the rest of the industry agreed on a standard.
Certainly not everyone NEEDS Cisco. Frequently though, it's far better to make a needed improvement by turning on a feature you didn't need before, rather than having to replace hardware or come up with weird hacks because your cheap gear doesn't do the things that Cisco does. It very much depends on the relative cost of:
Network down time Network administration (administrators aren't cheap) Hardware
$500 more or even $5000 spent on hardware can be a GREAT value when it saves two hours of down time, or not. It depends - how much does two hours of down time cost your company?
Someone with an IQ of 60 can learn to tie their shoes. Someone we never went to even elementary school can see things and learn something new, even accidentally.
You've provided yourself with a guarantee, though. You've discovered the fool-proof way to everlasting ignorance - simple refusal to learn. "I won't click on a link to law! If I read the law I might learn what it says!", says Aighearach.
At least your way is predictable - proof against all information, ensuring everlasting ignorance, by refusal to see information which could contradict your first guess.
Banks, or banking systems, get hacked fairly regularly. This isn't a new development. You might be seeing more of it in the popular press recently because the popular press has trends.
Slashdot Mirror
Example, or explanatory, code very frequently comes with a note such as "data validation and error handled omitted for clarity". They aren't kidding - important code is left out in order to leave bare only what's being demonstrated. Putting such code online without proper validation and error handling is putting a glaring security hole in place.
I wrote a snippet of demo code years ago which was put into production on hundreds of thousands of web sites, though it should not have been. I demonstrated an idea with some code, which wasn't supposed to be production ready. A popular site copy-pasted it from my site, and others copy-pasted it from there. It ended up on Stack overflow repeatedly and other places as copy-pasted code that many, many people used in production. It was not secure.
Without checking, I would bet that Bing is serving up my code when someone searches how to do that, because it's on many well-known sites. It's not secure, production-ready code, though. It's demonstration code illustrating a certain technique.
Thanks for that.
I see the connection there. They had been operating independently, and were *allowed* a degree of autonomy in local issues, but ultimately under the authority of Rome regarding foreign affairs etc. That matches up both with the states who formed a federal government and with IT systems and database usage, where each part is to some degree independent insofar as its internal operation, but disciplined by the central authority in matters of relations with other entities (interstate commerce clause, etc).
Personally, I think the *idea* of a federal system of government, as outlined in the Constitution, makes sense. It local autonomy to both meet the needs of local people and to try out different ideas, while also getting the benefits of a large, coordinated, stable coalition. In order to maintain that federal approach, wherein both individual states and the united government have their proper place, one must however carefully guard the 10th amendment. The 10th and the enumerated powers clause, which limit the power of DC politicians, have been significantly eroded starting with the wheat cases. I think those were decided that way solely to avoid a power struggle between the court and the Congress and president - there is no reasonable logic which supports the decision. It essentially makes the enumerated powers clause and 10th amendment impotent. That violates a basic legal principle that all laws and parts of laws mean *something*. The 10th was passed for some reason, and has some meaning. The wheat cases essentially ruled that it means nothing, that it has no actual effect.
Okay, so I said secure programming is hard, you need to know what you're doing.
You disagree that it's hard, because people who call themselves professionals sometimes can't do it right. Professionals sometimes can't manage to do it, therefore it's easy. Is that right?
In 1965 someone asked "is McDonald's the future of American restaurants?" The answer was yes, regardless of whether most restaurants were better.
Is Python the future? That's scary, but it may be so. Why do I say it's scary? I wouldn't have said so 30 years ago. When I started programming, Python would have cool. Something very important happened in the mid 1990s. Something that completely freaked out Microsoft's programming tools team.
When I started programming, I started by writing very simple programs in languages such as BASIC, which ran first on my computer, then on a Casio calculator / handheld computer they sold in the 1980s. I'll never forget impressing my friends with a program that consisted of nothing but a loop and set of IF statements. It would prompt you to enter your name via the keyboard, then print in the screen "you're cool" or "you're weird" or whatever based on the name you entered. I think for one name in particular, Casey, it said "you're pretty". A very simple program, by a beginner programmer.
Few new programs today take input via keyboard and print output to the screen. These days, they take input via the Internet, query other resources over the network, and return something over the internet. It's no longer my boyhood crush Casey entering something, it's hackers from all over the world. They attack each program hundreds or thousands of times. Very simple programs by beginning programmers are now vectors for multi-million dollar losses. It's very hard to learn safely these days, because it requires some expertise to design and code software that will be safe against constant attacks. I don't know that I could learn today, it's just too dangerous for beginners to run code exposed to the internet, and today most code is exposed to the internet. Even a super simple programming task like a thermostat -
if (temp desired) {
Hear = on
}
Is now an IoT, and a threat.
This worries me because as we make it easier to create software, more possible for people who don't know what they are doing to expose your systems, we are now having so much exposed by people who haven't studied. You CAN write code without learning much at all. You can, that very much doesn't mean you SHOULD. Not in today's society, where everything is online.
Read the NN law apparated by the Obama administration with those types of operations in mind and see if you still think so. Remember the whole point of the $8 plan is for seniors, kids, employees, and others who want a basic feature phone, not a smartphone, which doesn't stream Hulu or anything. Read the rules and think about how you could possibly operate such a service given the laws at the time.
Try it. Copy and paste the commands. If you look, especially at old systems, you'll notice the code for chroot looks an awful lot like the code for cd. There's a reason for that.
Cd changes which directory the "." alias points to, chroot changes which directory the "/" points to. Just as you can cd to change ".", then cd again to change it again, chroot works the same way. It's just about as "secure" as cd, because it's almost the same code.
> There is no centralized authority, each system is autonomous and interacts with other systems based upon agreed standards/exchanges.
That's called peer to peer.
Here's the diagram of the federated architecture reference model. Note the MA authority:
https://en.m.wikipedia.org/wik...
In other words, your goal is to have the person who reads your comment say to their co-worker "hey look at this, this is interesting". It's a COMMENT period, not a VOTING period.
"Opinion" is probably the wrong word. If your opinion is "Sprint sucks", nobody will pay any attention to that. You CAN say things they WILL pay attention to, though, if you're informed on the topic.
I have been effective at influencing these kinds of things with regulators, but you have to know what type.of comments will be effective.
This is an appropriate an effective time to point out things that they may not have thought about, finer points. It's not particularly effective to say "no, I don't want this", because it's not a vote.
Regulators frequently require than before a merger, the companies must sell off certain assets, preferably to a smaller competitor, in order to maintain competition in a particular market. Suppose you know that in your area there are three carriers:
T-Mobile is available to you
Sprint is available to you
Blaze Wireless is available a few miles away, in a neighboring town, but not in your area
You could point out that the merger would create a monopoly in your area, but that could be fixed by having them sell the Sprint or T-Mobile towers to nearby Blaze Wireless. The combined T-Sprint would then have Blaze as competition in your area. THAT is the type of thing that can make a difference.
Look into the details of the merger proposal. Do any of the details raise red flags? What should be changed? Suggesting changes that regulators haven't already considered can be helpful.
> US does not have higher authority over all the different laws, that states and even counties have
The Constitution diagrees with you:
--
US Constitution, Article VI, Clause 2:
This Constitution, and the Laws of the United States which shall be made in Pursuance thereof; and all Treaties made, or which shall be made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Thing in the Constitution or Laws of any State to the Contrary notwithstanding.
--
For more information
http://en.m.wikipedia.org/wiki...
The other side of that is the enumerated powers and 10th amendment. Federal law is absolutely supreme over state law, and city ordinances subordinate even to state law. However, federal law is only authorized (and therefore valid) on certain specific topics. Federal law is never subordinate to state law - it's supreme. Only if it's not law it at all, if it's null and void by being unconstitutional, does it not override state law.
That should be "someone doesn't know"
The author is also dumb
--
federative system. In other words, there is no higher authority that manages, broadcasts and moderates the content offered, as is the case with YouTube, but a network
--
Someone does know what federation is, and therefore contradicts themselves. Apparently they haven't even heard of the federal government, which is the "higher authority", above the states.
A federal system, or federation, is when previously separate entities establish a centralized authority, for common purposes. Examples would be the United States, which were separate states and then established the FEDERAL GOVERNMENT. The EU is following a similar pattern.
Database federation is when you had separate database servers, but then you establish one server as the central authority all queries go to, and it then delegates parts of those queries to the servers that have the relevant data.
Exactly. An ideal container, perfectly configured and perfectly implemented, with a more-secure but less- convenient settings, would be -
Well it would be non-existent, because shit ain't perfect. If things in the real world were perfect, security wouldn't be much of an issue.
I'll have hard data in real-world containers and VMs next month. My company (Alert Logic) just released a suite of security services for containers so we will be able to tell exactly how often, and in which ways, our customers actual containers are breached, and what vulnerabilities they actually have. I can cross-reference that data with VMs in my database.
Based on decades of experience, I expect the data will show that VMs are more secure. I also expect the data will show that what you put IN the container or VM is far more important than whether you put it in a VM or container. Stupid in a VM is stupid, stupid in a container is stupid. Containers can use less RAM, though.
Someone mentioned chroot, which is the basic system call behind containers. Chroot is not a security tool. Chroot was not designed for security. Chroot does not provide security of any kind. Leaving chroot is as simple as chrooting again:
mkdir foo; chroot foo; cd ..
Chroot is useful for cross-compiling and certain other tasks related to developing software. It was created for the purpose of compiling and testing BSD4.2 before it was ready for release. Bill's machine ran 4.1, he could switch to 4.2 versions of the files by running chroot. (And could go back to the 4.1 system by simply running chroot again)
Our team tracked the amount of time we spend on "administrata", which we defined as essentially:
Our own meetings
stuff that government or corporate expects us to do, but doesn't improve our productivity
Note that *useful* training isn't included.
That's actually our largest category, where we spend the night most time. We spend more time on that stuff than on things that have direct benefit to the customer, or on investments in our productivity, such as improving our tooling and systems.
We were able to reduce it by maybe 20%, which was good. It's still the largest chunk of our time, though. We can't reduce it much further because a lot of the stuff is either directly required by government, or is indirectly required by government, where the corporate bosses have flexibility in how they address requirements or can decide how much legal risk to take. Either way, they have driven by laws and regulations. Further action on reducing this wasted time will largely have to wait until November, election time.
What you've said is true, nearly half of our time isn't really productive. Which means we need more productive time, not less.
This week, I had mandatory compliance training for FCPA, sexual harassment, discrimination, and another one. I had several hours of required meetings, and another few hours dicking with the VPN and crap so I could work.
Suppose the compliance-related training was 6 hours.
Required meetings are 3 hours.
Dealing with infrastructure, regular password changes, and crap is two hours. That's 11 hours of required bullshit. From a 40 hour work week, that leaves 29 hours for productive work plus going to the bathroom, sick days, etc. 25% of the time is mandatory bullshit.
Now we subtract an 8 hour day, making it a 32 hour week. We STILL have those 11 hours of compliance training and crap. Now the mandatory bullshit is 33% of the work week instead of 25%, and we have only 21 hours left for productive work, plus going to the bathroom, sick days, etc.
You're right in what you said - meetings, training, etc take up a lot of time. Getting rid of them might help. So long as we have mandatory compliance training and such, fewer hours cuts disproportionately into the productive time since regulators still want you to have your three hours of LGBT sensitivity training or whatever.
Obviously, that does NOT mean we should all work 60 hours. Being exhausted is not good. Avoiding exhaustion doesn't mean we should all work 10 hours per week, either. That would give us only enough time for mandatory bullshit, and leave zero hours for productive work. There's a right number, where working longer has you too exhausted to think, and working less leaves you little time to be productive, especially relative to the amount of less productive crap that's required in a business.
> designing how the four-day week would be managed so as not to negatively impact productivity."
They designed it with the hope of not negatively impacting productivity. I wrote a cover page hoping to get a CISO job. I'm not a CISO. The article gives multiple numbers measuring that employees liked it, but not a single number suggesting that productivity, even per-hour productivity, wasn't reduced. The author knows to give measurements to prove a point, and gives no measurements to indicate workers got the same amount of work done.
Either the article sucks (completely forgetting to include key information) or it's designed to mislead.
I'm also reminded of some of the studies that ended the "scientific management" fad of the 1980s. In the eighties, we found out that switching to an open office increases productivity. And that switching to cubicles increases productivity. And switching to private offices increases productivity. What we learned is that switching things up helps for a while. It doesn't matter much what the change is, change promoted as being better reinvigorates people for a little while.
> reducing or eliminating non-work-related internet usage
Now that would be an interesting thing to measure. The IT department could tell you of non-work-related internet usage ACTUALLY changed, and give you a pretty decent measure of how much it changed. Over the course of six months to a year, you could figure out which works better for most people:
A. Continue to fart around on the internet (Slashdot) while at your desk
B. Do not get on Slashdot while at work, and instead go home earlier.
That would be an interesting experiment.
> I am as cynical as they come but how is this a failed experiment if you lose nothing but have happier employees?
That's a VERY big assumption. You lose 20% of time they were working, so about 20% of their productivity, unless you have evidence otherwise. The article mentions no such evidence.
Competitive pressures may well mean that leads to losing the company, by delivering 20% less value to customers. Studies show it takes people some time to get back into what they were doing, they don't come in Monday morning and reset their brains to remember everything they were thinking on Friday. Rather, they have to spend time re-reading things they read on Friday, getting back into the groove.
> Also think about this: The work that took five days previously now gets done in four.
What makes you think that? I see no such claim in the article. The article only says that people like having time off - duh. Well, they like certain things about it. Most people don't actually choose part-time work because part-time work means part-time production, and therefore part-time pay. Most people want full-time pay, so they choose to work full-time.
If workers were just as productive, that would be a very interesting result, but the article doesn't claim that.
Yeah, there are a lot of things to consider. For my own SOHO use, used enterprise Cisco gear works pretty well. Just yesterday I needed to set up routed secure tunnels between my home office network and two other locations. That was easy to do with Cisco gear I got for almost free. Of course I'm a nerd, Cisco integrated services routers aren't for everyone.
Instead of constantly logging in to my employer's VPN with all three operating systems I use, a thought occurred to me - my employer's end of the VPN is a Cisco ASA firewall. I have a Cisco ASA firewall in my home rack. Why not just let my ASA VPN to their ASA and I don't have to manually connect all the time.
I clicked your signature link and saw you get Linux running on a printer - eight years ago. That's cool. Why? I wonder if a couple of cool uses occurred to you.
My immediate thought is that printer can move things in two dimensions with 600DPI accuracy. Replace the printer head with a Dremel and you've got a high-accuracy CAD-CAM mill from a garage sale printer. Eight years ago you know what was going on with 3D printers. Replace the ink print head with a filament nozzle, boot Linux on the printer, and you're most of the way to a great 3D printer. Now we have good ooen 3D printer designs and resources for parts, but eight years ago your project could have been the start of something really cool.
Nothing new about using crispr for fruits. I've been using my crispr for fruits and vegetables for a long time. The drawer next to the crispr is where I keep my cheese and stuff. Milk goes on the top shelf, eggs in door.
This is exactly what I want as a worker. Also what I have.
For many years I owned the companies I worked for. I'm now enjoying a steady, predictable salary, like these employees have. If I wanted unpredictable pay (like commissions), I could make a lot more money working for myself, or working contracts. I also wouldn't like commissions because that puts my own interest (my pay) in direct opposition to the customer's interest in managing the budget. I much prefer to be able to serve the customer the best I can, rather than try to sell them as much as possible in order to pay my rent.
At my job, we also have metrics and goals - I know what's expected of me, and it's agreed to beforehand. My new boss and I didn't get along at first. My first performance review with him wasn't going so well until we started looking at the goals we had agreed to for the quarter and my actual performance. He saw that I got done what my boss had asked me to get done, so his attitude changed (an employee who gets it done is valuable to a boss).
Recently we came up with new metrics and goals for the team, to align with the company's new strategic goals. A co-worker pointed out a possible flaw - sometimes customer needs might not match up with one of our metrics. I pointed out that having goals doesn't mean we have to ignore the customer while chasing the metric with tunnel vision. The metric is ONE way we measure the value we deliver to the customer. It's not the only way. Since our pay is salary, not toed directly to a specific metric, we can serve the customer's needs from day to day, with the metric serving its proper purpose as but one measurement.
So that's exactly the work situation I like. Salaried, steady pay. Defined metrics and goals so I know what is expected of me and the bosses agree (in writing). But the metrics are but one thing we look at in reviews, one part of the story.
Another important thing I do is recognized, but not measured. I really enjoy helping train and equip my teammates to better serve the customer and the team. Today I had two different people asking me for help at the same time. I love it, it improves the efficiency of the team by allowing their work to reflect my experience, and my boss appreciates the value - rather than having a less efficient and effective team because I'm selfishly chasing my own commissions.
Thank you. I enjoyed talking to you.
I had actually forgotten about the most recent developments until you reminded me.
Here's one decent link. You can find a ton more with a Google search of "Connecticut attorney general Craigslist".
https://www.ozarksfirst.com/ne...
> . Cisco gets by on inertia... a combination of slightly non-standard features that unwitting users have started using
Quite often, the non-standard features Cisco offers become standardized 5-10 years later. They are simply ahead of the standards. Things like channel bonding and cost-based routing are now considered "must-have". They were unique to Cisco for years, before eventually the rest of the industry agreed on a standard.
Certainly not everyone NEEDS Cisco. Frequently though, it's far better to make a needed improvement by turning on a feature you didn't need before, rather than having to replace hardware or come up with weird hacks because your cheap gear doesn't do the things that Cisco does. It very much depends on the relative cost of:
Network down time
Network administration (administrators aren't cheap)
Hardware
$500 more or even $5000 spent on hardware can be a GREAT value when it saves two hours of down time, or not. It depends - how much does two hours of down time cost your company?
Someone with an IQ of 60 can learn to tie their shoes.
Someone we never went to even elementary school can see things and learn something new, even accidentally.
You've provided yourself with a guarantee, though. You've discovered the fool-proof way to everlasting ignorance - simple refusal to learn. "I won't click on a link to law! If I read the law I might learn what it says!", says Aighearach.
At least your way is predictable - proof against all information, ensuring everlasting ignorance, by refusal to see information which could contradict your first guess.
Banks, or banking systems, get hacked fairly regularly. This isn't a new development. You might be seeing more of it in the popular press recently because the popular press has trends.