All consulting companies do that. Worst is MS consulting -- not only do they blow the scope on their projects to the point that they're trying to put MS software in in any place they can, but after they present their design docs, they walk out and say "we just design, we don't actually implement".
And then there's Price Waterhouse Cooper (PwC) -- once they get in somewhere, you can't get 'em out. And watch out if you hired a company like that to advise you on matters like Sarbanes/Oxley compliance. "you need to hire us to do this for you, and this for you, and this for you, and... " Wow... And the execs go for it, because if the report says they should do it, and they don't, and there's an accounting flaw - the execs are potentially criminally responsible for not doing proper due dilligence.
As someone who works IT in a hospital, I hear ya. When certain systems go down/stop performing correctly we can easily end up with a team working straight through for 48+ hours to resolve the issues. And everybody involved in those situations gets respect for it.
The advantage of working in a my hospital is that the director of clinical applications came from the user side, not the IT side, and still does work as an MD along with his work in IT. He knows both sides of the support issues and will communicate thanks to where it needs to go.
It's definitely much easier to go through a 40 hour day when you hear "thank you" at the end.
It is about a dying distribution model, though. The parent to your post said nothing about not paying for music, just not wanting DRM encumbered music when he pays for it. I still don't think people pirate music for cost reasons. We're a society of people bent on instant gratification - that means people aren't going to drag their lazy butts out of a chair and to the music store when a couple of clicks could download what they want without taking action.
A couple of years ago (1998-2000ish), when I was in college and Napster was hot, I was in a friend's room talking about music and for some reason the need to listen to a song came up. I had the CD in my room (2 doors away) and he bet me that he could have it downloaded before I came back with the CD. He won.
If it's quicker and easier to download it - pirated or otherwise - you're going to have a hard time convincing people to put out the effort of going to the store or ordering it and then waiting.
I'd argue that writing a virus or trojan in a lab setting shouldn't be illegal - neither should posting the code publically for other researchers. On the other hand, compiling and releasing a trojan in the real world such that it actually impacts people is a completely different issue. The virus and trojan and worm and other malware do have their place in research. Understanding the techniques that allow them to spread rapidly and effectively also helps improve the understanding of how to design systems to protect against those same techniques.
Not quite accurate about interchangable cog. I'm saying that the best way to learn is to work with a mentor. Having the mentor in a position under the mentee isn't going to raise the morale of the new person.
You're quite right about employees being better when given what they need to succeed and challenged etc. I'm stuck in corporate hell half the time doing contract work. I see companies bringing in teams of consultants to drive projects without getting their core employees involved. But hitting the ground running for employees without the necessary experience will lead to mistakes that are hard to correct later.
You need to bring in someone with the knowledge of what is right, as well as the experience to know WHY it is right. So many projects now completely ignore the question of "Why?". All the training in the world won't convey why - just how. This will be good for everybody.
The only thing that would make this into an interchangable cog type of position is the fact that I do suggest moving the person from a senior admin. on the windows side to a junior admin on the linux side. People hate to take pay cuts - I suppose the company could keep the pay the same and bring in he senior guy even higher, but companies hate to do that.
I hate to say it, but I honestly think your employer would be better off recruiting and hiring some linux talent for the lead admin roles with regard to their linux move. It will make the transition less painful in the long run. If you want to learn, the best way to learn would be to move from your (senior, I assume) Windows admin position into a junior Linux admin role under an experienced person (someone with 5+ years of Linux administration experience would be best).
As far as training goes -- list the challenges that you'd like to be prepared to solve. Figure out what your goals will be and try and solve those problems in a test lab. Figure out what you don't know and can't learn quickly without being walked through it. My experience with training classes is that they spend a week covering material that should be covered in a day so if you can skip some intro level work, that would be ideal.
The danger handheld from t-mobile is pretty nice, and the blackberry phone unit seems to work ok, but unless you get it from nextel, it needs to communicate through a Blackberry enterprise server. The nextel model actually has a local IP stack. Of course, the Idokorro SSH client for blackberry is nearly $200, for the 6820 it's $40.
The CPU in the 6820 is grossly underpowered for extensive use of the SSH client - session startup is painful, but it works in a pinch. In my blackberry, it's not so bad.
I fried my 3300 by falling out of a boat with it in my pocket - replacement was a necessity and I wanted a different feature set anyway. (Actually, falling out of the boat didn't really do it... it worked for almost a year after. I think the green stuff growing on the board is what did it.)
I like it... You can even get a slow but useable SSH client that runs on it from www.idokorro.com. The electrical connections between the keyboard portion that flips seem to be a little flimsy, and sometimes certain keys don't have the expected behavior. Other than that, it's a nice unit. I definitely like the fact that it has a normal phone form factor, unlike my previous phone... the Nokia 3300 mp3 phone.
Where people go wrong is that it is just as illegal as it ever was to redistribute the content without permission, the only thing changing is that it is easier.
Not entirely true... Up until (I believe) 1976, copyright law regulated the right to "publish," not "copy" -- there is a subtle but huge difference between the two.
fair enough -- but by identifying it as a virus, you have stopped it's viral tendancies and therefore done the job of an AV package, regardless of the assertion that "it's only a virus when it's not".
Umm, you can't do that - I think I first saw the relevant paradox in Ralf Burger's book on viruses and it goes something like this: Say you've got some blackbox routine called is_a_virus() that does just what these guys claim; all you do is build it into a virus like so:
So, if you're a virus, you're not a virus - but if you're not, you are. Reductio ad absurdum, anyone?
Not quite an accurate statement on your part -- your assumption relies on a specific construction of "is_a_virus()". And the paradox doesn't fail due to a reductio argument. It is purely due to the fact that it, if true, forces a contradiction. A reductio ad absurdum argument assumes the negation of what it tries to prove and from there proves that that leads to contradiction therefore it's opposite must be true.
Now... for your example. If the program that is running could call out to the is_a_virus() routine, that wouldn't be very useful to the anti-virus software, but... besides that little issue - the virus you've constructed is still a virus even if it happens to do absolutely nothing when the software declares that it is a virus. The software wouldn't be wrong in erradicating it.
What you've basically presented is an arguement for completeness -- or, more specifically, a proof of incompleteness. However, that doesn't work here as the software doesn't claim to eliminate false positives. If after using some amount of resources, the software can't decide if the code is a virus or if it's harmless, then all it needs to do is block it.
Consider for a moment a virus checker that has signatures for all non-virus software (or even just some large subset). Now, when a virus is checked, unless it matches a known good piece of software, it is rejected. In theory, all viruses are rejected, as well as possibly some non-viruses, but... I never claimed to not stop intentional software from running, just viruses.
I've sat down with 2 windows servers on opposite ends of an OC-3 with a 30ms latency (do the calculations -- standard TCP window size etc and you end up wit a maximum throughput of a little unde 2Mbps) and after some tuning of the registry, was pushing pretty close to the 100Mbps that the NICs in the servers could handle. This required enabling large windows, setting the default window size to something appropriately large, and making the send buffers big enough to account for it.
TCP can be tuned easily enough to different networks, the paper discusses algorithms that are good without resetting parameters for different kinds of networks. Granted, tuning for a high latency network doesn't hurt you on a low latency network and if you know the network characteristics, tuning your TCP stack to match them will never hurt.... Why search for the optimal window size if you know it at the start?...
That doesn't raise rates for malpractice insurance, that raises rates for health insurance. Lawsuits kill the malpractice rates more than the cost of drugs and tests. Unless you're saying that the costs of treating a malpractice victim have gone up because the cost of medicine has and therefore the lawsuits are awarding more money?
Still doesn't seem fitting -- 'cuz you can easily double what you spend without significantly adding to the outcome.
So... I just checked an ink vendor and the lexmark cartridges they had (same model numbers from the story) were 2x as expensive as the Xerox ones. Nice to know that you're not locked in to the vendor, but beyond that - I think I'd find the Xerox cartridge a better buy. (The vendor was Laser Monks)
you know -- it's hard to decide to comment when you've got mod points, but I just have to say this. Light SUVs aren't friendly to ANYBODY. They roll - sideways. I was in one when it happened. It sucks.
That said - there's nothing that prevents people from choosing components that meet their needs. You can get small keyboards for people with smaller hands - you just have to look, they're not the default. Then again, I think keyboard size is pretty good for the average of the adult population... people with big hands are going to be uncomfortable with them too.
I'll admit to not having read the article, just jumping on the SUV comment but i'm gonna go read it now. Does it say anything about who uses the stuff vs. who buys it?
That sounds like one semester there - at least for a university level student. You're splitting up your classes too much - linux, for instance, by the end of a semester, a student should be able to implement a kernel module that does something like/dev/magic8ball or something. An advanced class would involve designing and implementing a network filesystem (including the data structures on disk and all that fun stuff).
Where I went to school, a 3 unit class meant that you were in class for an hour a week and expected to spend about 2 hours on the class out side of class. 60 units in a semester was a rough semester, but not entirely uncommon (I think I did 56 a couple of times -- 8 semesters of 45 was the requirement for graduating - basically). I think your unit estimates are in line with the time required for teaching those things.
Both of the course listings sound like topics for a minor in being a corporate IT person at most. IT isn't worthy of a major -- combine it with some business, technical writing etc. and you've got a good start on a career in IT -- call it MIS or BIS (management/business information systems).
A CS degree is going to be lots of theory, lots of proofs, lots of math etc. Algorithm design, OS design, analysis of complex systems, information theory, etc. None of it should be training in specific technologies.
The trick isn't whether Vonage et al. survive. VoIP is making some major inroads in large corporations - replacing old analog PBX equipment. Just because delivery of voice services to homes via IP could fail doesn't mean IP telephony has failed. It just means that those companies had a poor business model.
Besides, there's nothing stopping you from having your POTS line come in to an IP gateway and running all your internal phones off the IP network. 1 network card in you gateway is alot cheaper than an FXS port per internal line.
you'd be closer if yahoo's client displayed ads. This isn't the AOL IM client - this is Yahoo. It has never shown me an ad. Nor does it have anywhere on it's UI where it could.
He put his company and title in the paper. If he did not clear that with his company before publishing this paper, @stake has every reason to fire him.
Ok... the fact that he held that position with that company still remains fact. In future papers he could have a bio blurb that claims "Former CTO of @stake" - put it on everything, if they try to sue for the use of their name and trademark they're likely to lose.
Even in his current incarnation, it is still fact that he was the CTO of @stake at the time of writing that. If people derive credibility from that title, and hold it against the company for which he works, they have to be careful. It really is a matter of fact and if @stake doesn't like that, well... I don't know what to tell 'em.
you need policy support from management. If management can't provide support with resources, they are capable of acknowledging the shortcomings in that respect and making decisions about where your time should be spent. If management can't do that, they're really not managing anything. Draft your own policies, present them to management and get them approved. Distribute them to all users.
If IT is understaffed, it's not the staff's fault that things don't happen. Keep accurate logs of what you DO - when somebody complains about what you don't do, point to the logs. Have nearly every minute of the day accounted for. Don't give them a chance to say "well, you had 20 minutes here where you could have taken care of this".
If you need to log "1300-1315 Taking a dump" - do it. If they don't like that, call users back during that time and see how they feel about it.
I think what you're looking for are policies. You want something endorsed by whoever is above you that details what you are and aren't supposed to be working on as well as what work gets priority. Maybe from 8-noon you handle new requests and 1-quitting you're on project stuff? Make it known that helpdesk stuff isn't the bulk of your job.
Also -- consider talking to people in each of those groups you outlined earlier. Maybe a couple of developers could be roped in to screening questions from their fellow developers before passing them up to you. It sounds like you're with an IT heavy company - the individual user groups can probably take some responsibility for their own actions.
Implement LDAP or AD and give a user from each group power to manage users within that group. That way you don't get called for password changes etc.
There's lots of things that you could work on to take load off of you. People do need to understand that you can't do everything. If you can get a work priority policy past the boss, at least you can start keeping track of the piles and whe a user says "why isn't X done" you say -- management says it's not a priority so it will be done when P D and Q are finished. ("when will that be" -- "6 months to a year") The users will go to their bosses and ask about the policy -- either the policy will get changed by your management, or they'll stick to it and back you on following it.
Slashdot Mirror
All consulting companies do that. Worst is MS consulting -- not only do they blow the scope on their projects to the point that they're trying to put MS software in in any place they can, but after they present their design docs, they walk out and say "we just design, we don't actually implement".
... " Wow... And the execs go for it, because if the report says they should do it, and they don't, and there's an accounting flaw - the execs are potentially criminally responsible for not doing proper due dilligence.
And then there's Price Waterhouse Cooper (PwC) -- once they get in somewhere, you can't get 'em out. And watch out if you hired a company like that to advise you on matters like Sarbanes/Oxley compliance. "you need to hire us to do this for you, and this for you, and this for you, and
CRAZY
The advantage of working in a my hospital is that the director of clinical applications came from the user side, not the IT side, and still does work as an MD along with his work in IT. He knows both sides of the support issues and will communicate thanks to where it needs to go.
It's definitely much easier to go through a 40 hour day when you hear "thank you" at the end.
It is about a dying distribution model, though. The parent to your post said nothing about not paying for music, just not wanting DRM encumbered music when he pays for it. I still don't think people pirate music for cost reasons. We're a society of people bent on instant gratification - that means people aren't going to drag their lazy butts out of a chair and to the music store when a couple of clicks could download what they want without taking action.
A couple of years ago (1998-2000ish), when I was in college and Napster was hot, I was in a friend's room talking about music and for some reason the need to listen to a song came up. I had the CD in my room (2 doors away) and he bet me that he could have it downloaded before I came back with the CD. He won.
If it's quicker and easier to download it - pirated or otherwise - you're going to have a hard time convincing people to put out the effort of going to the store or ordering it and then waiting.
I'd argue that writing a virus or trojan in a lab setting shouldn't be illegal - neither should posting the code publically for other researchers. On the other hand, compiling and releasing a trojan in the real world such that it actually impacts people is a completely different issue. The virus and trojan and worm and other malware do have their place in research. Understanding the techniques that allow them to spread rapidly and effectively also helps improve the understanding of how to design systems to protect against those same techniques.
Not quite accurate about interchangable cog. I'm saying that the best way to learn is to work with a mentor. Having the mentor in a position under the mentee isn't going to raise the morale of the new person.
You're quite right about employees being better when given what they need to succeed and challenged etc. I'm stuck in corporate hell half the time doing contract work. I see companies bringing in teams of consultants to drive projects without getting their core employees involved. But hitting the ground running for employees without the necessary experience will lead to mistakes that are hard to correct later.
You need to bring in someone with the knowledge of what is right, as well as the experience to know WHY it is right. So many projects now completely ignore the question of "Why?". All the training in the world won't convey why - just how. This will be good for everybody.
The only thing that would make this into an interchangable cog type of position is the fact that I do suggest moving the person from a senior admin. on the windows side to a junior admin on the linux side. People hate to take pay cuts - I suppose the company could keep the pay the same and bring in he senior guy even higher, but companies hate to do that.
I hate to say it, but I honestly think your employer would be better off recruiting and hiring some linux talent for the lead admin roles with regard to their linux move. It will make the transition less painful in the long run. If you want to learn, the best way to learn would be to move from your (senior, I assume) Windows admin position into a junior Linux admin role under an experienced person (someone with 5+ years of Linux administration experience would be best).
As far as training goes -- list the challenges that you'd like to be prepared to solve. Figure out what your goals will be and try and solve those problems in a test lab. Figure out what you don't know and can't learn quickly without being walked through it. My experience with training classes is that they spend a week covering material that should be covered in a day so if you can skip some intro level work, that would be ideal.
The danger handheld from t-mobile is pretty nice, and the blackberry phone unit seems to work ok, but unless you get it from nextel, it needs to communicate through a Blackberry enterprise server. The nextel model actually has a local IP stack. Of course, the Idokorro SSH client for blackberry is nearly $200, for the 6820 it's $40.
The CPU in the 6820 is grossly underpowered for extensive use of the SSH client - session startup is painful, but it works in a pinch. In my blackberry, it's not so bad.
I fried my 3300 by falling out of a boat with it in my pocket - replacement was a necessity and I wanted a different feature set anyway. (Actually, falling out of the boat didn't really do it ... it worked for almost a year after. I think the green stuff growing on the board is what did it.)
I like it... You can even get a slow but useable SSH client that runs on it from www.idokorro.com. The electrical connections between the keyboard portion that flips seem to be a little flimsy, and sometimes certain keys don't have the expected behavior. Other than that, it's a nice unit. I definitely like the fact that it has a normal phone form factor, unlike my previous phone... the Nokia 3300 mp3 phone.
Not entirely true... Up until (I believe) 1976, copyright law regulated the right to "publish," not "copy" -- there is a subtle but huge difference between the two.
fair enough -- but by identifying it as a virus, you have stopped it's viral tendancies and therefore done the job of an AV package, regardless of the assertion that "it's only a virus when it's not".
Not quite an accurate statement on your part -- your assumption relies on a specific construction of "is_a_virus()". And the paradox doesn't fail due to a reductio argument. It is purely due to the fact that it, if true, forces a contradiction. A reductio ad absurdum argument assumes the negation of what it tries to prove and from there proves that that leads to contradiction therefore it's opposite must be true.
Now... for your example. If the program that is running could call out to the is_a_virus() routine, that wouldn't be very useful to the anti-virus software, but ... besides that little issue - the virus you've constructed is still a virus even if it happens to do absolutely nothing when the software declares that it is a virus. The software wouldn't be wrong in erradicating it.
What you've basically presented is an arguement for completeness -- or, more specifically, a proof of incompleteness. However, that doesn't work here as the software doesn't claim to eliminate false positives. If after using some amount of resources, the software can't decide if the code is a virus or if it's harmless, then all it needs to do is block it.
Consider for a moment a virus checker that has signatures for all non-virus software (or even just some large subset). Now, when a virus is checked, unless it matches a known good piece of software, it is rejected. In theory, all viruses are rejected, as well as possibly some non-viruses, but... I never claimed to not stop intentional software from running, just viruses.
I've sat down with 2 windows servers on opposite ends of an OC-3 with a 30ms latency (do the calculations -- standard TCP window size etc and you end up wit a maximum throughput of a little unde 2Mbps) and after some tuning of the registry, was pushing pretty close to the 100Mbps that the NICs in the servers could handle. This required enabling large windows, setting the default window size to something appropriately large, and making the send buffers big enough to account for it.
... Why search for the optimal window size if you know it at the start? ...
TCP can be tuned easily enough to different networks, the paper discusses algorithms that are good without resetting parameters for different kinds of networks. Granted, tuning for a high latency network doesn't hurt you on a low latency network and if you know the network characteristics, tuning your TCP stack to match them will never hurt.
What you really mean is
Which does make the assumption that user home dirs are
Remember, there's a limited number of keystrokes in a lifetime - use them wisely.
That doesn't raise rates for malpractice insurance, that raises rates for health insurance. Lawsuits kill the malpractice rates more than the cost of drugs and tests. Unless you're saying that the costs of treating a malpractice victim have gone up because the cost of medicine has and therefore the lawsuits are awarding more money?
Still doesn't seem fitting -- 'cuz you can easily double what you spend without significantly adding to the outcome.
Of course I read the article -- how else would I have known what cartridge models to check prices on. ... wonder how much international shipping is?
So... I just checked an ink vendor and the lexmark cartridges they had (same model numbers from the story) were 2x as expensive as the Xerox ones. Nice to know that you're not locked in to the vendor, but beyond that - I think I'd find the Xerox cartridge a better buy. (The vendor was Laser Monks)
you know -- it's hard to decide to comment when you've got mod points, but I just have to say this. Light SUVs aren't friendly to ANYBODY. They roll - sideways. I was in one when it happened. It sucks.
That said - there's nothing that prevents people from choosing components that meet their needs. You can get small keyboards for people with smaller hands - you just have to look, they're not the default. Then again, I think keyboard size is pretty good for the average of the adult population... people with big hands are going to be uncomfortable with them too.
I'll admit to not having read the article, just jumping on the SUV comment but i'm gonna go read it now. Does it say anything about who uses the stuff vs. who buys it?
That sounds like one semester there - at least for a university level student. You're splitting up your classes too much - linux, for instance, by the end of a semester, a student should be able to implement a kernel module that does something like /dev/magic8ball or something. An advanced class would involve designing and implementing a network filesystem (including the data structures on disk and all that fun stuff).
Where I went to school, a 3 unit class meant that you were in class for an hour a week and expected to spend about 2 hours on the class out side of class. 60 units in a semester was a rough semester, but not entirely uncommon (I think I did 56 a couple of times -- 8 semesters of 45 was the requirement for graduating - basically). I think your unit estimates are in line with the time required for teaching those things.
Both of the course listings sound like topics for a minor in being a corporate IT person at most. IT isn't worthy of a major -- combine it with some business, technical writing etc. and you've got a good start on a career in IT -- call it MIS or BIS (management/business information systems).
A CS degree is going to be lots of theory, lots of proofs, lots of math etc. Algorithm design, OS design, analysis of complex systems, information theory, etc. None of it should be training in specific technologies.
you say you're hiring but leave no good contact method -- unless it's on your website that got slashdotted the second your comment got modded to +5
The trick isn't whether Vonage et al. survive. VoIP is making some major inroads in large corporations - replacing old analog PBX equipment. Just because delivery of voice services to homes via IP could fail doesn't mean IP telephony has failed. It just means that those companies had a poor business model.
Besides, there's nothing stopping you from having your POTS line come in to an IP gateway and running all your internal phones off the IP network. 1 network card in you gateway is alot cheaper than an FXS port per internal line.
you'd be closer if yahoo's client displayed ads. This isn't the AOL IM client - this is Yahoo. It has never shown me an ad. Nor does it have anywhere on it's UI where it could.
Ok... the fact that he held that position with that company still remains fact. In future papers he could have a bio blurb that claims "Former CTO of @stake" - put it on everything, if they try to sue for the use of their name and trademark they're likely to lose.
Even in his current incarnation, it is still fact that he was the CTO of @stake at the time of writing that. If people derive credibility from that title, and hold it against the company for which he works, they have to be careful. It really is a matter of fact and if @stake doesn't like that, well... I don't know what to tell 'em.
you need policy support from management. If management can't provide support with resources, they are capable of acknowledging the shortcomings in that respect and making decisions about where your time should be spent. If management can't do that, they're really not managing anything. Draft your own policies, present them to management and get them approved. Distribute them to all users.
If IT is understaffed, it's not the staff's fault that things don't happen. Keep accurate logs of what you DO - when somebody complains about what you don't do, point to the logs. Have nearly every minute of the day accounted for. Don't give them a chance to say "well, you had 20 minutes here where you could have taken care of this".
If you need to log "1300-1315 Taking a dump" - do it. If they don't like that, call users back during that time and see how they feel about it.
I think what you're looking for are policies. You want something endorsed by whoever is above you that details what you are and aren't supposed to be working on as well as what work gets priority. Maybe from 8-noon you handle new requests and 1-quitting you're on project stuff? Make it known that helpdesk stuff isn't the bulk of your job.
Also -- consider talking to people in each of those groups you outlined earlier. Maybe a couple of developers could be roped in to screening questions from their fellow developers before passing them up to you. It sounds like you're with an IT heavy company - the individual user groups can probably take some responsibility for their own actions.
Implement LDAP or AD and give a user from each group power to manage users within that group. That way you don't get called for password changes etc.
There's lots of things that you could work on to take load off of you. People do need to understand that you can't do everything. If you can get a work priority policy past the boss, at least you can start keeping track of the piles and whe a user says "why isn't X done" you say -- management says it's not a priority so it will be done when P D and Q are finished. ("when will that be" -- "6 months to a year") The users will go to their bosses and ask about the policy -- either the policy will get changed by your management, or they'll stick to it and back you on following it.