The scary/sick/sad part of all this is that Gorman got every piece of information from the Internet and other publically-available sources. The fact that a grad student working with a single research assistant was able to construct something like this should certainly ring alarm bells, but it's sheer idiocy on the part of the government and private corporations to demand he hand over his collection of information, or that it be classified. It's even more asinine that they aren't interested in the kind of insight such a system can provide. If one man working alone was able to create a system of this complexity and detail, it's logical and safe to assume that others (including scary evil people who aren't Americans) have done so, as well, and are probably using it to their advantage.
Should we, then, go about the process of finding and destroying all systems similar to Gorman's? Obviously, this is unrealistic because we don't know who else has created one. We should assume others have been created, though. The only correct course of action is to use systems such as Gorman's for their intended purpose: to identify points of weakness in our infrastructure and, from there, eliminate them.
That the government and corporate America haven't jumped at this opportunity to discover and eradicate these points of weakness but instead have attempted to eradicate the system which can be used to find such weaknesses should fill one with a sharp sense of dismay. It seems incompetence and information-hiding is the way we've chosen to go about ensuring our national security; I have a strong feeling this will come back to bite us in the ass, and I've no remorse for those who stand to lose billions from such an attack yet seem to have no interest in doing anything to prevent it. I only hope the human toll of such an attack is negligible.
Why upgrade a server if it still works? Put 2000 and XP on the workstations, sure, but why replace an already-functional server?
Obviously, if the operating system is out of support and there are several critical security holes in it, it should be replaced. Windows NT 4 is almost 10 years old now; those servers must be getting close to that age too, and will no doubt start losing disks at a more frequent rate as they age.
It's silly to expect support for most 10-year-old operating systems; does IBM even support 10-year-old versions of MVS? The time has come to consider replacement hardware and software.
Govt IT folks aren't as stupid as you might think. We're generally quite shrewd about our purchasing habits, and buy the right sized equipment to do the job for more years of useful service life out of it than your typical private enterprise does.
Unfortunately, I generally trust what my friends say more than I trust what folks who post anonymously on weblogs do. As I listened to him regale me with tales of setting up and configuring these machines, I did the math in my head. Perhaps my estimate was off by $100k or so in either direction, but a pair of loaded 700s and a pair of loaded 660s comes awfully close to $1M before any IBM discounts.
The number of false positives is almost nil, and the ones that do get hit are spammy looking autogenerated reciepts from purchases I've made.
This is quite possibly the only complaint I have about spambayes, too, and it's not even that big a deal to me. After about a month of collecting spam in its own folder (named SHIT, oddly enough), it had learned enough that I was able to dial down my SpamAssassin settings (I use an old version of SA still, too, without the bayesian stuff built in -- too lazy to switch; spambayes works well enough that it's not worth it.) I check my incoming spam folder once or twice a week now, as opposed to once or twice a day when I only ran SpamAssassin at a relatively forgiving (4.5-5.5) setting.
There are a few thousand spams in SB's crap folder now; it's gotten so good that I can't really remember the last time I've had something miscategorized as spam, and of the 50-60 spams I get per day, usually only one or two make it through to my inbox, if that. Half of the time, I don't get any at all.
If you didn't have a reason for installing a Python interpreter before, now you do.
My friend did some contract work for the Army a few months back. They needed a pair of IBM RS/6000 P-series 660s, fully loaded, attached to a pair of FastT700 fibrechannel arrays. Close to $1M worth of hardware, by my rough estimates, having purchased similar hardware in the past.
So, yeah I'm glad someone is doing this but I honestly think the market they are speaking to is so small and niche that its going to be lost in the statistical variance of the overall group.
Even though they sell thousands of copies of each show this way, at $12-15 each.
That's not a manufacturing/engineering package, though; it's architectural design and modeling software. It also costs $600 for the upgrade or $4k for the full version, versus $80-90k for a Catia license. Totally different ballpark.
Oh yeah, and they can also run Mac OSX, OS9, and 64-bit UNIX scientific, math, and engineering applications at blazing speed and with unprecedented ease of use. So what's a Sun box good for again?
I'm no Sun evangelist (as a matter of fact, I hate their products lately), but let's at least stop displaying our abject ignorance. What's a Sun box good for? How about naming me a high-end manufacturing/engineering design package that runs on OS X first, then we can talk about what a Sun box is good for.
Sun should be very scared. Their Dual 1.2GHz 64bit offering is $14,995. Ouch!
How do you figure? The two are aimed at entirely different markets. A home user will not be purchasing a Blade 1000, and an engineer doing solid modeling in Catia or Pro/Engineer will not be purchasing a dual G5. There's absolutely no reason for Sun to care about what Apple's doing. The two do not compete in the same marketplace.
I think most of you are missing the point. It's not necessarily that he was expecting this project to yield an income, though it would be nice. It is that he thought his expertise in computers and routing should yield an income, which honestly is not too much to ask of the world, and sadly is not the case these days.
His tale of lengthy unemployment when he is clearly very skilled is all-too-common.
Unfortunately, if his parting shots are indicative at all of his real-life interpersonal communications and relationship skills, it's absolutely no wonder he doesn't have a well-paying job to this day. Living in Middle Of Nowhere, Florida has little or nothing to do with it. He just seems like a cock.
I once used sling shot power to hurl little rocks at my neighbor's cat. Used the middle finger from a rubber kitchen glove, a cut-apart 2-liter soda bottle, and a pipe clamp.
If they built one of those in space, they'd be able to scare the shit out of my neighbor's cat.
The other 4 hours (and all Saturday and Sunday), simply sit at your desk with the classifieds section open, or monster.com up. Make sure everyone in your department does this. The message should get across after a few days.
Yes. And quitting and taking a new job is simple. You do it all the time, right? Why not prevent this kind of egregious abuse of the labor system to begin with?
- A.P.
Re:What reality do these people live in?
on
Sun's Last Stand
·
· Score: 1
There is Sun's biggest problem. They are lacking in the software, not the hardware.
I'll second that. Even the OS is anemic in spots, and sorely lacking in others. Looking for administrative tools? What, you mean "admintool?" Or SMC? The former is featureless and the latter is new, slow, and full of bugs. volume management? Oh, you mean DiskSuite, which only very recently acquired the ability to expand a filesystem/volume? NIC failover in Solaris is still just a glorified shell script and there's no adapter teaming or round-robin capability to speak of (a 10-second delay for failover is rather pathetic, too. So is requiring 3 or more IP addresses just to do failover...)
Unfortunately, though, I'll have to disagree about the hardware part, for all but the very latest Sun servers. The older-generation UltraSparc chips are far too slow to keep up with most shit these days; the v-series machines are finally approaching respectability, but IBM still has them beat with the Power 4+, which is well over 1 GHz now.
DEC had great hardware, impeccable service and Ultrix rocked.
This is a joke, right? You're not actually serious, are you? Ultrix was one of the worst things I've ever had the displeasure of using. Talk about convoluted. It got even worse when OSF/1 came out.
I just graduated CMU with a degree in CS, I'd take a $10 an hour job if I could find one.
Then go be a night manager at Taco Bell. Contrary to what many folks might tell you, there are CS jobs out there that pay more than $dick.99/hour. If you've got a degree in CS from Carnegie Mellon, you're either not looking hard enough for work or you're living in the wrong part of the country. Look harder or move.
Also, regarding the metric the parent post threw out, there's absolutely no way anyone could port Mozilla to a new operating system in a month's time. You'd be lucky to get it done in six, at which point you'd be making much less than minimum wage, and probably living on ramen or your own reconstituted waste (though I can't tell the difference, can you?)
23 dollars an hour is good for a mid-level position. Nobody should take a job out of college that pays less than $15 an hour ($30k/year), regardless of where in the country you live and what the cost of living there is; $30k a year in the IT field is so bottom-of-the-barrel it's not even funny.
Slashdot Mirror
The scary/sick/sad part of all this is that Gorman got every piece of information from the Internet and other publically-available sources. The fact that a grad student working with a single research assistant was able to construct something like this should certainly ring alarm bells, but it's sheer idiocy on the part of the government and private corporations to demand he hand over his collection of information, or that it be classified. It's even more asinine that they aren't interested in the kind of insight such a system can provide. If one man working alone was able to create a system of this complexity and detail, it's logical and safe to assume that others (including scary evil people who aren't Americans) have done so, as well, and are probably using it to their advantage.
Should we, then, go about the process of finding and destroying all systems similar to Gorman's? Obviously, this is unrealistic because we don't know who else has created one. We should assume others have been created, though. The only correct course of action is to use systems such as Gorman's for their intended purpose: to identify points of weakness in our infrastructure and, from there, eliminate them.
That the government and corporate America haven't jumped at this opportunity to discover and eradicate these points of weakness but instead have attempted to eradicate the system which can be used to find such weaknesses should fill one with a sharp sense of dismay. It seems incompetence and information-hiding is the way we've chosen to go about ensuring our national security; I have a strong feeling this will come back to bite us in the ass, and I've no remorse for those who stand to lose billions from such an attack yet seem to have no interest in doing anything to prevent it. I only hope the human toll of such an attack is negligible.
Why upgrade a server if it still works? Put 2000 and XP on the workstations, sure, but why replace an already-functional server?
Obviously, if the operating system is out of support and there are several critical security holes in it, it should be replaced. Windows NT 4 is almost 10 years old now; those servers must be getting close to that age too, and will no doubt start losing disks at a more frequent rate as they age.
It's silly to expect support for most 10-year-old operating systems; does IBM even support 10-year-old versions of MVS? The time has come to consider replacement hardware and software.
- A.P.
While I generally think MS got Win2K right (though not XP), several people in my office still explicitly request NT4 on new machines.
Do you work in an S&M shop or something?
- A.P.
Govt IT folks aren't as stupid as you might think. We're generally quite shrewd about our purchasing habits, and buy the right sized equipment to do the job for more years of useful service life out of it than your typical private enterprise does.
Unfortunately, I generally trust what my friends say more than I trust what folks who post anonymously on weblogs do. As I listened to him regale me with tales of setting up and configuring these machines, I did the math in my head. Perhaps my estimate was off by $100k or so in either direction, but a pair of loaded 700s and a pair of loaded 660s comes awfully close to $1M before any IBM discounts.
This was, by the way, a departmental web server.
- A.P.
This was a web server.
- A.P.
The number of false positives is almost nil, and the ones that do get hit are spammy looking autogenerated reciepts from purchases I've made.
This is quite possibly the only complaint I have about spambayes, too, and it's not even that big a deal to me. After about a month of collecting spam in its own folder (named SHIT, oddly enough), it had learned enough that I was able to dial down my SpamAssassin settings (I use an old version of SA still, too, without the bayesian stuff built in -- too lazy to switch; spambayes works well enough that it's not worth it.) I check my incoming spam folder once or twice a week now, as opposed to once or twice a day when I only ran SpamAssassin at a relatively forgiving (4.5-5.5) setting.
There are a few thousand spams in SB's crap folder now; it's gotten so good that I can't really remember the last time I've had something miscategorized as spam, and of the 50-60 spams I get per day, usually only one or two make it through to my inbox, if that. Half of the time, I don't get any at all.
If you didn't have a reason for installing a Python interpreter before, now you do.
- A.P.
My friend did some contract work for the Army a few months back. They needed a pair of IBM RS/6000 P-series 660s, fully loaded, attached to a pair of FastT700 fibrechannel arrays. Close to $1M worth of hardware, by my rough estimates, having purchased similar hardware in the past.
This was for a workgroup of 30 people.
Government contracts are the best.
- A.P.
Worst.
Analogy.
Ever.
- A.P.
So, yeah I'm glad someone is doing this but I honestly think the market they are speaking to is so small and niche that its going to be lost in the statistical variance of the overall group.
Even though they sell thousands of copies of each show this way, at $12-15 each.
- A.P.
That's not a manufacturing/engineering package, though; it's architectural design and modeling software. It also costs $600 for the upgrade or $4k for the full version, versus $80-90k for a Catia license. Totally different ballpark.
- A.P.
Oh yeah, and they can also run Mac OSX, OS9, and 64-bit UNIX scientific, math, and engineering applications at blazing speed and with unprecedented ease of use. So what's a Sun box good for again?
I'm no Sun evangelist (as a matter of fact, I hate their products lately), but let's at least stop displaying our abject ignorance. What's a Sun box good for? How about naming me a high-end manufacturing/engineering design package that runs on OS X first, then we can talk about what a Sun box is good for.
- A.P.
Sun should be very scared. Their Dual 1.2GHz 64bit offering is $14,995. Ouch!
How do you figure? The two are aimed at entirely different markets. A home user will not be purchasing a Blade 1000, and an engineer doing solid modeling in Catia or Pro/Engineer will not be purchasing a dual G5. There's absolutely no reason for Sun to care about what Apple's doing. The two do not compete in the same marketplace.
- A.P.
I think most of you are missing the point. It's not necessarily that he was expecting this project to yield an income, though it would be nice. It is that he thought his expertise in computers and routing should yield an income, which honestly is not too much to ask of the world, and sadly is not the case these days.
His tale of lengthy unemployment when he is clearly very skilled is all-too-common.
Unfortunately, if his parting shots are indicative at all of his real-life interpersonal communications and relationship skills, it's absolutely no wonder he doesn't have a well-paying job to this day. Living in Middle Of Nowhere, Florida has little or nothing to do with it. He just seems like a cock.
- A.P.
Looks fake to me, look at the address it was sent from:
dmca@idsa.com
Who would use that address?
Probably IDSA's DMCA lawyers.
- A.P.
That's the sound of the B2 Stealth Joke Plane flying miles overhead, safely out of range.
- q.x.
I sewed it back on when I was done. She was none the wiser.
- A.P.
I once used sling shot power to hurl little rocks at my neighbor's cat. Used the middle finger from a rubber kitchen glove, a cut-apart 2-liter soda bottle, and a pipe clamp.
If they built one of those in space, they'd be able to scare the shit out of my neighbor's cat.
- A.P.
I do know I'm not going to take some pills over it.
This clearly makes you a better person. Kudos to you, sir! You are drug-free and nonjudgemental!
- A.P.
The other 4 hours (and all Saturday and Sunday), simply sit at your desk with the classifieds section open, or monster.com up. Make sure everyone in your department does this. The message should get across after a few days.
- A.P.
Yes. And quitting and taking a new job is simple. You do it all the time, right? Why not prevent this kind of egregious abuse of the labor system to begin with?
- A.P.
There is Sun's biggest problem. They are lacking in the software, not the hardware.
I'll second that. Even the OS is anemic in spots, and sorely lacking in others. Looking for administrative tools? What, you mean "admintool?" Or SMC? The former is featureless and the latter is new, slow, and full of bugs. volume management? Oh, you mean DiskSuite, which only very recently acquired the ability to expand a filesystem/volume? NIC failover in Solaris is still just a glorified shell script and there's no adapter teaming or round-robin capability to speak of (a 10-second delay for failover is rather pathetic, too. So is requiring 3 or more IP addresses just to do failover...)
Unfortunately, though, I'll have to disagree about the hardware part, for all but the very latest Sun servers. The older-generation UltraSparc chips are far too slow to keep up with most shit these days; the v-series machines are finally approaching respectability, but IBM still has them beat with the Power 4+, which is well over 1 GHz now.
DEC had great hardware, impeccable service and Ultrix rocked.
This is a joke, right? You're not actually serious, are you? Ultrix was one of the worst things I've ever had the displeasure of using. Talk about convoluted. It got even worse when OSF/1 came out.
- A.P.
Nice use of referenced facts to back up that assertion there, guy. Unfortunately, the post directly above yours pretty much proves you wrong.
- A.P.
I can understand that. Dog eat dog. Some men are better than other men. Yah thats exactly why I called you an idiot, because your beliefs.
No wonder you've not been hired by anyone. Is this how you come across in interviews, too?
- A.P.
I just graduated CMU with a degree in CS, I'd take a $10 an hour job if I could find one.
Then go be a night manager at Taco Bell. Contrary to what many folks might tell you, there are CS jobs out there that pay more than $dick.99/hour. If you've got a degree in CS from Carnegie Mellon, you're either not looking hard enough for work or you're living in the wrong part of the country. Look harder or move.
Also, regarding the metric the parent post threw out, there's absolutely no way anyone could port Mozilla to a new operating system in a month's time. You'd be lucky to get it done in six, at which point you'd be making much less than minimum wage, and probably living on ramen or your own reconstituted waste (though I can't tell the difference, can you?)
23 dollars an hour is good for a mid-level position. Nobody should take a job out of college that pays less than $15 an hour ($30k/year), regardless of where in the country you live and what the cost of living there is; $30k a year in the IT field is so bottom-of-the-barrel it's not even funny.
- A.P.