Something that the CNET article failed to address was this: This work was _exactly_ in line with the norms and standards of networking research. It is quite normal for network operators to collect partial or full traffic traces, for both operational and research purposes.
If you believe that this study was inappropriate, then so is a very large fraction of networking measurement research. Consider at the very least:
* Just about everything done by CAIDA.
* The papers at IMC - the Internet Measurement Conference.
* Data at CRAWDAD - the Community Resource for Archiving Wireless Data at Dartmouth.
A large part of computer science research consists of observing how systems are used and how they work or don't work. You can do some small-scale studies on a private system with the explicit agreement of all users, but for something as large and complicated as the Internet, the only way to do meaningful research is to observe the real thing, which necessarily means that you can't identify and get the consent of all the users involved. That's the way this field works. Responsible researchers collect the least invasive information possible for their purposes, use it benignly, and anonymise anything they release so that individual users cannot be identified. The authors of this study did exactly those things.
Now, if you want to ban all observation-based networking research, I suppose that's a legitimate position. But you have to be willing to forgo the benefits of that research. Otherwise, you should accept that the authors acted responsibly and within the norms of the field. Moreover, the purpose of this research was to understand and thereby _improve_ TOR. The researchers identified several serious problems which were already being exploited by "black hats" for malicious purposes. Research like this enables those problems to be addressed before actual harm results.
Something that the CNET article failed to address was this: This work was _exactly_ in line with the norms and standards of networking research. It is quite normal for network operators to collect partial or full traffic traces, for both operational and research purposes.
If you believe that this study was inappropriate, then so is a very large fraction of networking measurement research. Consider at the very least:
* Just about everything done by CAIDA.
* The papers at IMC - the Internet Measurement Conference.
* Data at CRAWDAD - the Community Resource for Archiving Wireless Data at Dartmouth.
A large part of computer science research consists of observing how systems are used and how they work or don't work. You can do some small-scale studies on a private system with the explicit agreement of all users, but for something as large and complicated as the Internet, the only way to do meaningful research is to observe the real thing, which necessarily means that you can't identify and get the consent of all the users involved. That's the way this field works. Responsible researchers collect the least invasive information possible for their purposes, use it benignly, and anonymise anything they release so that individual users cannot be identified. The authors of this study did exactly those things.
Now, if you want to ban all observation-based networking research, I suppose that's a legitimate position. But you have to be willing to forgo the benefits of that research. Otherwise, you should accept that the authors acted responsibly and within the norms of the field. Moreover, the purpose of this research was to understand and thereby _improve_ TOR. The researchers identified several serious problems which were already being exploited by "black hats" for malicious purposes. Research like this enables those problems to be addressed before actual harm results.
"...armed with the authority to seize spammer's personal assets could easily achieve self-funded operation..."
It's hard to picture a shorter route to corruption. When law enforcement officers fund themselves by taking stuff, the main incentive isn't to serve justice any more, it's to... take stuff. This is exactly the problem faced by a lot of the former Soviet Union and Latin America: When the government can't (or won't) pay police enough to have a decent standard of living, they go into business for themselves. Not good.
Err, not really. All the capitalist economies which actually exist include things known as laws. A good portion of these exist to limit the means by which profit can be persued, and to address negative externalities (costs to uninvolved entities).
The ideal of market capitalism is not that you "should produce as good a product as possible for a given amount resources" but rather that you *have to* because otherwise someone else will produce a better product for the same amount of resources, and then kick your ass.
That's an ideal that's not always achieved in practice, but so's communism. The issue isn't about communism vs. capitalism, it's about ideal capitalism vs. the slightly thornier real thing.
For pete's sake: You can't take a word that's in common use, re-define it, and expect people to take it up. Language change happens, but you can't force it.
It also doesn't help when your re-definition is absurdly conceited. You're essentially claiming that yours is the intelligent position by appropriating the word. It would be Orwellian if it weren't ridiculous.
...And this is coming from someone who agrees with the principles "Brights" espouse.
Ok, to some extent this is true - sometimes you have to work hard on things you don't enjoy. But it's not something to aspire to!
The protestant work ethic is highly overrated: Being a dutiful methodical drudge is not a morally exalted outcome. I do not believe that you can significantly change who you are, nor that it would be a good thing, even if you could. You could try to shoe-horn yourself into a life which rewards abilities you haven't got and wastes the ones you have. But that won't make you happy, and you probably won't be very good at it. Much, much better to look around for chances to take advantage of who you are, rather than fighting against it.
None of this is to say that you shouldn't learn discipline, study skills, time management, and all that sensible responsibility stuff. I haven't (personally) found a way to get by without it, and being OK at the stuff that doesn't come naturally helps me be in a position to do the stuff that does. But for God's sake, don't just be a hard-working drone doing a mediocre job of living a life that's better suited for someone else. If you don't feel like you're playing to your strengths at least a fair portion of the time, you're doing the wrong thing. It's OK to change majors, schools, jobs, careers or lifestyles as often as necessary to find one which works.
(Only have a little common sense - if you're think you might want to change your employment situation, don't take on major financial responsibilities. You have fewer options when you have car/house/alimony payments to make. Or so they tell me.)
Hmmm.... The west coast is a big place, and maybe some it has a lot of lightning. My part sure doesn't. I live in Oregon now, and I've seen less lightning here than anywhere else I've ever lived. So maybe the guy's not totally off-base.
This is a bit off-topic, but why not. I'd e-mail you, but your address isn't listed.
There are a few things I'd knowingly die for, and a good number more that I'd take a risk on. But my laptop's not one of them. And neither is trying to be a deterrent to muggers. So if someone's trying to take my stuff, I'll do whatever seems the safest.
You make the good point that as a matter of self-preservation you shouldn't "give up control" or let someone put you into a dangerous situation. That's true, but you need some common sense. You seem to suggest that handing over my backpack is tantamount to handing over my life. That's just dumb. Throwing down my wallet isn't giving up control. It's giving up my wallet. I still have the same options and capabilities (well, less a few financial ones) that I had before.
There are two different possibilities, and you need to consider both of them:
Possibility A: The crook really just wants your stuff. They don't intend to hurt you, but might well do so if startled or threatened. Giving him/her the stuff and getting the hell out of there is probably your best bet.
Possibility B: The crook intends to hurt you. Going along with them only helps them to do so.
You have to figure out which it is when the situation happens. I'm not an expert, so I don't claim to know what you should do here. What I've been told, and it makes sense to me, is this: If they're asking for stuff, that's probably what they want. Being robbed is common, being assaulted out of the blue by a stranger is very rare. Put the stuff on the ground and try to leave. If they try to stop you, run if you can and fight if you have to. If the mugger tells you to do something that would weaken your position (like getting into a car, or going somewhere with them), that's a bad sign, and you should (again) run if you can and fight if you have to.
I'm not against fighting: I'll fight for my beliefs, for the people I care about, and to protect myself. But I'm not going to fight for my laptop, my bus pass or 8 bucks in cash.
I'm pretty sure this has all been said before, but I'll try to put it in one place. This is an issue I think about a fair bit, because I'm a computer science grad student and wannabe photographer. Which is to say that I have some stuff that's worth stealing, but am also broke enough that I'd really miss it.
1. Don't carry valuables in a way that makes them identifiable. For example, don't use computer bags, iPod cases, and whatnot. Get a protective sleeve for your laptop and toss it in an ordinary backpack. Stick your iPod (or, in my case, ancient Rio) in a pocket. A backpack crammed with expensive electronic toys looks the same as one full of books and old tin cans.
2. Don't act or look like a good victim. Carrying yourself properly is a whole discussion in itself, so I won't even really try to cover it.
3. Don't dress or act like you've got money. You should be above status symbols anyway, but if you're not, here's another incentive.
4. Remember that your data's probably worth more than your equipment. Always keep good backups, especially for mobile devices. If your data is sensitive, either keep in encrypted or don't put it on portable devices in the first place.
5. Get insurance. Find out what your homeowner's (or renter's) insurance covers, and fork over the extra for "scheduled item" coverage on your portable valuables. I do a lot of photography, and it's infinitely more relaxing to know that if something happens to my stuff, I don't have to worry. The extra cost is somewhere around a couple % of the insured value anually, and the peace of mind is worth it. Good policies even cover accidental loss and breakage, so you're protected from your own stupidity up to a point.
6. If someone *does* mug you, just give them the damned stuff. It's not worth getting hurt over. If you've done 4 and 5, it won't even be that big a deal. But even if you haven't, it's just stuff.
Those don't track your progress, they only record where and when you started the trip. The guy's idea was to keep track of whether anyone had *actually* passed a certain direction.
Having a record of where people *intend* to be going helps some, because then you know where to start looking. But almost by definition, lost people are usually somewhere other than where they meant to be.
The "user input" to S&R operations usually consists of the missing person's family calling up the sherif to say that so-and-so didn't come home when he or she was expected. Then rescuers try to reconstruct where the person might be, search the obvious places first, and then expand the area.
Read my response to Spazoid - I've been "in the trenches" and I have a pretty good perspective of what life in the IT industry is actually like. It's not a complete perspective, of course, but neither is anyone else's. If you can't be bothered to look into it a little bit before assuming I "don't have the frame of reference," well, I'm not sure how much stock I put in your perspective either.
I never called APIs superfluous details: when you're trying to make something, you've got to know your tools. I'll be the first to agree that such details matter. At the same time, they're not enough: knowing how to work a lathe isn't the same thing as knowing what to make with one. My whole point was that you should go to school to learn the fundamentals, AND teach yourself how to use the current tools.
I'm sorry your friends had bad experiences with Ph.D. programs. If it was "all about ego" then maybe they ran into the wrong people. There are jackasses everywhere, and accademia is no exception. In any event, the Ph.D. thing is a tangent - I've never said that you need a Ph.D. to write code. But I do think a solid undergraduate background in mathematics and CS helps a lot.
Thanks for the compliments on my writing style, and I'm honored that you read my resume. But... if you read it in a litte more detail, you'll see that I have in fact held a few real-world jobs, too. I've seen a couple of fairly big projects through to completion. Among other things, the last time you flew on an airplane, the odds are pretty good that some of the air traffic controllers responsible for your flight were running my code.
If you feel qualified to ignore everything else about me that might be relevent, well, I suppose that's up to you.
The dot-com boom it may not be, but C.S. and related fields are still looking pretty good. The 2002 wage estimates for computer and mathematical sciences make us look better-paid than most other fields. The mean anual pay for research computer scientists, programmers, and application software engineers were $80.5k, $63.7k, and $73.8k respectively. The mean for the whole occupational category is $61,630.
For comparison, the all-occupation mean is $35,560, and the only occupational categories with higher mean wages were management ($78,870) and legal occupations ($77,300). And actually, the situation is even better that it appears: In computing, the median wages were almost exactly the same as the means, while they were 10-20% lower than the means in the other fields. Which is to say that typical computing types really are getting paid those wages, they're not just skewed by a small subset that gets paid a lot more. Heck: The median programmer is making $29/hr, while the median lawyer is making $43. Making 2/3 of what lawyers make is doing pretty well, and S.W. engineers and scientists fared even better.
I know it's hard to get a job. I graduated from college in 2001, when the computing job market was worse than it is now. What I found wasn't my ideal, and it paid less than those averages (as one would expect) but still, it was work and it paid more than enough to live off of. I watched friends who are smarter than I am look longer and find less in other fields. We can be bitter about the "I.T. meltdown" and outsourcing if we want to, but we've still got it pretty good.
...Now if only they included "graduate student" as an occupation.
As far as I can tell, the connection to "secure data storage" is fairly tenuous. Or at least, they don't mean what computer security people would expect by that phrase.
C&EN's summary says that such material could be used to make ID cards which show different images (data) under different light, and that this "would be nearly impossible to fake." As far as I can tell, what this means is that a card made with this material is easily distinguishable from one that isn't. This only makes faking hard if forgers aren't able to make the material themselves. There wasn't anything in the article specifically saying why that would be the case, but it's easy to imagine that needing esoteric equipment would raise the bar a bit.
Having only read the C&EN blurb, I can't confidently say that there isn't some more direct security connection that wasn't mentioned. But no obvious candidates are coming to mind. You could store various watermarks and signatures and whatnot, but you can do that with existsing systems too.
There is a difference between new research, something that can be practically implemented, and something that's ready for mass-market production. This is obviously not in the third category, but that doesn't make it uninteresting.
The venturi effect was discovered hundreds of years before the Wright Flyer was built, and it was 20 or 30 years after that before airplanes were useful for much. That doesn't mean the discovery and prototype (or specialized applications) were of no interest until commercial airliners appeared.
If you only care about deployable mass-market products, I suppose that's fine, but it's not worth posting about. If you can't tell the difference, or choose to ignore it, that's just obnoxious.
I think about half of what you said is true, a quarter is sometimes true and sometimes not, and a quarter is downright wrong. Being grumpy, I'll start with the wrong part:
Anyone starting school today... my advice is forget tech. If you feel it in your soul (like you should do it), fine, go to a tech school like DeVry, start making money and save it. Going to traditional 4 year programs for CS is an utter waste of time. Way too much change and like I said it's always about what you did in the last six months.
I couldn't disagree more strongly - the field of computer science is not changing all that quickly. Radically new ideas come along only rarely, and even when they do, if you're well-educated in the field, it's not hard to understand them. The products on the market are turning over very quickly, but that's all the more reason to focus on the fundamentals.
A sufficiently intelligent and motivated person can probably do it any way they like, but in general I think it's a lot easier to study science in school and self-study the applies side than to do it the other way around.
Yes, there are hiring managers like the ones you describe - and they're a good sign that you're interviewing with the wrong company. There are also places that don't suck.
I was recently clued-in to the existence of Argus.
It's really good for summarizing flow information in quasi-realtime, so it fills the niche of being more detailed than NetFlow, but more big-picture than tcpdump or ethereal.
Most faults are software problems, not hardware, so having different machines won't help. Further, interestingly, most major software faults (at least, of the sort that make it through serious testing) tend to be conceptual problems, not coding ones, and different people tend to make the same mistakes. This means in practice that even when you have completely independent software implementations (called n-version programming), they're frequently all wrong in the same way at the same times. See the famous Knight & Levesonpaper.
At least some provable properties can be "pushed" through the compilation process all the way to the resulting object code. If you're interested, you can look into proof-carrying code and typed assembly language (papers by Necula, Appel, Walker, Zdanzewic, Crary and a cast of thousands.)
The resulting proofs are still hairy enough that they have to be checked by machine, but the size and complexity of the proof-checker is much less than that of the compilation toolchain. That means that while there's still some code that has to be trusted, it's much less. Here's my informal scariness hierarchy:
Normal model (you have to trust everything) > type safe languages (you have to trust the compilers / interpreters) > proof-carrying code (you have to trust the proof-checker*).
If you haven't already, you should definitely read Ken Thompson's Turing Award lecture, "Reflections on Trusting Trust" here.
* - Pedantry point: If you're talking about Necula's original PCC work, you also have to trust the verification condition generator, which is some fairly deep voodoo. Appel's Foundational PCC addresses this to a signficant extent.
The headline does a slight disservice in describing the article that way: Whether or not computers can create proofs isn't an issue. The problem comes when the resulting proof is too involved to be verified by a human, and so the computer's work has to be trusted.
I submitted the following response in a letter to the editor:
Dear Sir or Madam,
I am concerned that Mr. Jones's column of February 11th, "Open Source is Fertile Grounds for Foul Play," indicates a significant misunderstanding of open-source development processes. The argument presented is that all software development carries the risk that malicious code will be inserted by insiders, and that open-source is especially vulnerable because more people are insiders. The first part is absolutely true, and applies to both closed- and open-source development as Mr. Jones acknowledges, but the second part does not stand up to scrutiny.
Most open-source projects have only a small group of "core developers" who have the ability to modify the official source code, just as is the case with proprietary software development. Any malicious person could insert destructive code into his or her own copy, but not back into the official version. That leaves the possibility of intentional compromise by the core developers, or by subsequent distributors. The first is a risk, but less so than with proprietary software: The number of people in a position to corrupt the source is similar in both models, but the possibility of outside review reduces the danger for open-source software. Mr. Jones posits that core developers could avoid such scrutiny by not making the corrupted version public, but this is nonsensical: The version of the source code available for use is by definition also available for review.
The other concern raised is that distributors who re-package open source software could add vulnerabilities. Again, this is possible, but no more so than with proprietary software. It's easy for an attacker to add malicious code to compiled binaries; indeed much pirated software is reported to contain viruses or Trojan Horses. For both open-source and proprietary software, the solution is the same: Be careful who you get your software from. Downloading open-source software directly from the public sources or buying a packaged version from a trustworthy distributors is no riskier than buying e.g. Windows directly from Microsoft or a system integrator like IBM. If a consumer buys either open- or closed-source software from Bob's Back-Alley Software and Pawn Shop, well, it's a bad idea either way.
Open-source is not the security panacea that some advocates make it out to be, but it doesn't incur the added risks which Mr. Jones attributes to it, either. A government or other user which applies common sense to its software acquisition is no more at risk from open-source software than closed-source, and may even be a bit safer.
Respectfully,
Eric Anderson
-- Eric Anderson - anderson@cs.uoregon.edu University of Oregon Network Security Research Lab PGP fingerprints: D3C5 D6FF EDED 9F1F C36D 53A3 74B7 53A6 3C74 5F12 9544 C724 CAF3 DC63 8CAB 5F30 68AE 5C63 B282 2D79
Slashdot Mirror
Something that the CNET article failed to address was this: This work was _exactly_ in line with the norms and standards of networking research. It is quite normal for network operators to collect partial or full traffic traces, for both operational and research purposes.
If you believe that this study was inappropriate, then so is a very large fraction of networking measurement research. Consider at the very least:
* Just about everything done by CAIDA.
* The papers at IMC - the Internet Measurement Conference.
* Data at CRAWDAD - the Community Resource for Archiving Wireless Data at Dartmouth.
A large part of computer science research consists of observing how systems are used and how they work or don't work. You can do some small-scale studies on a private system with the explicit agreement of all users, but for something as large and complicated as the Internet, the only way to do meaningful research is to observe the real thing, which necessarily means that you can't identify and get the consent of all the users involved. That's the way this field works. Responsible researchers collect the least invasive information possible for their purposes, use it benignly, and anonymise anything they release so that individual users cannot be identified. The authors of this study did exactly those things.
Now, if you want to ban all observation-based networking research, I suppose that's a legitimate position. But you have to be willing to forgo the benefits of that research. Otherwise, you should accept that the authors acted responsibly and within the norms of the field. Moreover, the purpose of this research was to understand and thereby _improve_ TOR. The researchers identified several serious problems which were already being exploited by "black hats" for malicious purposes. Research like this enables those problems to be addressed before actual harm results.
Something that the CNET article failed to address was this: This work was _exactly_ in line with the norms and standards of networking research. It is quite normal for network operators to collect partial or full traffic traces, for both operational and research purposes.
If you believe that this study was inappropriate, then so is a very large fraction of networking measurement research. Consider at the very least:
* Just about everything done by CAIDA.
* The papers at IMC - the Internet Measurement Conference.
* Data at CRAWDAD - the Community Resource for Archiving Wireless Data at Dartmouth.
A large part of computer science research consists of observing how systems are used and how they work or don't work. You can do some small-scale studies on a private system with the explicit agreement of all users, but for something as large and complicated as the Internet, the only way to do meaningful research is to observe the real thing, which necessarily means that you can't identify and get the consent of all the users involved. That's the way this field works. Responsible researchers collect the least invasive information possible for their purposes, use it benignly, and anonymise anything they release so that individual users cannot be identified. The authors of this study did exactly those things.
Now, if you want to ban all observation-based networking research, I suppose that's a legitimate position. But you have to be willing to forgo the benefits of that research. Otherwise, you should accept that the authors acted responsibly and within the norms of the field. Moreover, the purpose of this research was to understand and thereby _improve_ TOR. The researchers identified several serious problems which were already being exploited by "black hats" for malicious purposes. Research like this enables those problems to be addressed before actual harm results.
... for your butt. What's not to love?
It's hard to picture a shorter route to corruption. When law enforcement officers fund themselves by taking stuff, the main incentive isn't to serve justice any more, it's to ... take stuff. This is exactly the problem faced by a lot of the former Soviet Union and Latin America: When the government can't (or won't) pay police enough to have a decent standard of living, they go into business for themselves. Not good.
Err, not really. All the capitalist economies which actually exist include things known as laws. A good portion of these exist to limit the means by which profit can be persued, and to address negative externalities (costs to uninvolved entities).
The ideal of market capitalism is not that you "should produce as good a product as possible for a given amount resources" but rather that you *have to* because otherwise someone else will produce a better product for the same amount of resources, and then kick your ass.
That's an ideal that's not always achieved in practice, but so's communism. The issue isn't about communism vs. capitalism, it's about ideal capitalism vs. the slightly thornier real thing.
I don't see Xcor on the list of X Prize teams:
http://www.xprize.org/teams/teams.html
Unless they're on there under a different name, they're not competing.
For pete's sake: You can't take a word that's in common use, re-define it, and expect people to take it up. Language change happens, but you can't force it.
...And this is coming from someone who agrees with the principles "Brights" espouse.
It also doesn't help when your re-definition is absurdly conceited. You're essentially claiming that yours is the intelligent position by appropriating the word. It would be Orwellian if it weren't ridiculous.
Ok, to some extent this is true - sometimes you have to work hard on things you don't enjoy. But it's not something to aspire to!
The protestant work ethic is highly overrated: Being a dutiful methodical drudge is not a morally exalted outcome. I do not believe that you can significantly change who you are, nor that it would be a good thing, even if you could. You could try to shoe-horn yourself into a life which rewards abilities you haven't got and wastes the ones you have. But that won't make you happy, and you probably won't be very good at it. Much, much better to look around for chances to take advantage of who you are, rather than fighting against it.
None of this is to say that you shouldn't learn discipline, study skills, time management, and all that sensible responsibility stuff. I haven't (personally) found a way to get by without it, and being OK at the stuff that doesn't come naturally helps me be in a position to do the stuff that does. But for God's sake, don't just be a hard-working drone doing a mediocre job of living a life that's better suited for someone else. If you don't feel like you're playing to your strengths at least a fair portion of the time, you're doing the wrong thing. It's OK to change majors, schools, jobs, careers or lifestyles as often as necessary to find one which works.
(Only have a little common sense - if you're think you might want to change your employment situation, don't take on major financial responsibilities. You have fewer options when you have car/house/alimony payments to make. Or so they tell me.)
Hmmm.... The west coast is a big place, and maybe some it has a lot of lightning. My part sure doesn't. I live in Oregon now, and I've seen less lightning here than anywhere else I've ever lived. So maybe the guy's not totally off-base.
This is a bit off-topic, but why not. I'd e-mail you, but your address isn't listed.
There are a few things I'd knowingly die for, and a good number more that I'd take a risk on. But my laptop's not one of them. And neither is trying to be a deterrent to muggers. So if someone's trying to take my stuff, I'll do whatever seems the safest.
You make the good point that as a matter of self-preservation you shouldn't "give up control" or let someone put you into a dangerous situation. That's true, but you need some common sense. You seem to suggest that handing over my backpack is tantamount to handing over my life. That's just dumb. Throwing down my wallet isn't giving up control. It's giving up my wallet. I still have the same options and capabilities (well, less a few financial ones) that I had before.
There are two different possibilities, and you need to consider both of them:
Possibility A: The crook really just wants your stuff. They don't intend to hurt you, but might well do so if startled or threatened. Giving him/her the stuff and getting the hell out of there is probably your best bet.
Possibility B: The crook intends to hurt you. Going along with them only helps them to do so.
You have to figure out which it is when the situation happens. I'm not an expert, so I don't claim to know what you should do here. What I've been told, and it makes sense to me, is this: If they're asking for stuff, that's probably what they want. Being robbed is common, being assaulted out of the blue by a stranger is very rare. Put the stuff on the ground and try to leave. If they try to stop you, run if you can and fight if you have to. If the mugger tells you to do something that would weaken your position (like getting into a car, or going somewhere with them), that's a bad sign, and you should (again) run if you can and fight if you have to.
I'm not against fighting: I'll fight for my beliefs, for the people I care about, and to protect myself. But I'm not going to fight for my laptop, my bus pass or 8 bucks in cash.
I'm pretty sure this has all been said before, but I'll try to put it in one place. This is an issue I think about a fair bit, because I'm a computer science grad student and wannabe photographer. Which is to say that I have some stuff that's worth stealing, but am also broke enough that I'd really miss it.
1. Don't carry valuables in a way that makes them identifiable. For example, don't use computer bags, iPod cases, and whatnot. Get a protective sleeve for your laptop and toss it in an ordinary backpack. Stick your iPod (or, in my case, ancient Rio) in a pocket. A backpack crammed with expensive electronic toys looks the same as one full of books and old tin cans.
2. Don't act or look like a good victim. Carrying yourself properly is a whole discussion in itself, so I won't even really try to cover it.
3. Don't dress or act like you've got money. You should be above status symbols anyway, but if you're not, here's another incentive.
4. Remember that your data's probably worth more than your equipment. Always keep good backups, especially for mobile devices. If your data is sensitive, either keep in encrypted or don't put it on portable devices in the first place.
5. Get insurance. Find out what your homeowner's (or renter's) insurance covers, and fork over the extra for "scheduled item" coverage on your portable valuables. I do a lot of photography, and it's infinitely more relaxing to know that if something happens to my stuff, I don't have to worry. The extra cost is somewhere around a couple % of the insured value anually, and the peace of mind is worth it. Good policies even cover accidental loss and breakage, so you're protected from your own stupidity up to a point.
6. If someone *does* mug you, just give them the damned stuff. It's not worth getting hurt over. If you've done 4 and 5, it won't even be that big a deal. But even if you haven't, it's just stuff.
Those don't track your progress, they only record where and when you started the trip. The guy's idea was to keep track of whether anyone had *actually* passed a certain direction.
Having a record of where people *intend* to be going helps some, because then you know where to start looking. But almost by definition, lost people are usually somewhere other than where they meant to be.
The "user input" to S&R operations usually consists of the missing person's family calling up the sherif to say that so-and-so didn't come home when he or she was expected. Then rescuers try to reconstruct where the person might be, search the obvious places first, and then expand the area.
That's pretty cool. Thanks for the heads-up.
Read my response to Spazoid - I've been "in the trenches" and I have a pretty good perspective of what life in the IT industry is actually like. It's not a complete perspective, of course, but neither is anyone else's. If you can't be bothered to look into it a little bit before assuming I "don't have the frame of reference," well, I'm not sure how much stock I put in your perspective either.
I never called APIs superfluous details: when you're trying to make something, you've got to know your tools. I'll be the first to agree that such details matter. At the same time, they're not enough: knowing how to work a lathe isn't the same thing as knowing what to make with one. My whole point was that you should go to school to learn the fundamentals, AND teach yourself how to use the current tools.
I'm sorry your friends had bad experiences with Ph.D. programs. If it was "all about ego" then maybe they ran into the wrong people. There are jackasses everywhere, and accademia is no exception. In any event, the Ph.D. thing is a tangent - I've never said that you need a Ph.D. to write code. But I do think a solid undergraduate background in mathematics and CS helps a lot.
Thanks for the compliments on my writing style, and I'm honored that you read my resume. But... if you read it in a litte more detail, you'll see that I have in fact held a few real-world jobs, too. I've seen a couple of fairly big projects through to completion. Among other things, the last time you flew on an airplane, the odds are pretty good that some of the air traffic controllers responsible for your flight were running my code.
If you feel qualified to ignore everything else about me that might be relevent, well, I suppose that's up to you.
The dot-com boom it may not be, but C.S. and related fields are still looking pretty good. The 2002 wage estimates for computer and mathematical sciences make us look better-paid than most other fields. The mean anual pay for research computer scientists, programmers, and application software engineers were $80.5k, $63.7k, and $73.8k respectively. The mean for the whole occupational category is $61,630.
...Now if only they included "graduate student" as an occupation.
For comparison, the all-occupation mean is $35,560, and the only occupational categories with higher mean wages were management ($78,870) and legal occupations ($77,300). And actually, the situation is even better that it appears: In computing, the median wages were almost exactly the same as the means, while they were 10-20% lower than the means in the other fields. Which is to say that typical computing types really are getting paid those wages, they're not just skewed by a small subset that gets paid a lot more. Heck: The median programmer is making $29/hr, while the median lawyer is making $43. Making 2/3 of what lawyers make is doing pretty well, and S.W. engineers and scientists fared even better.
I know it's hard to get a job. I graduated from college in 2001, when the computing job market was worse than it is now. What I found wasn't my ideal, and it paid less than those averages (as one would expect) but still, it was work and it paid more than enough to live off of. I watched friends who are smarter than I am look longer and find less in other fields. We can be bitter about the "I.T. meltdown" and outsourcing if we want to, but we've still got it pretty good.
As far as I can tell, the connection to "secure data storage" is fairly tenuous. Or at least, they don't mean what computer security people would expect by that phrase.
C&EN's summary says that such material could be used to make ID cards which show different images (data) under different light, and that this "would be nearly impossible to fake." As far as I can tell, what this means is that a card made with this material is easily distinguishable from one that isn't. This only makes faking hard if forgers aren't able to make the material themselves. There wasn't anything in the article specifically saying why that would be the case, but it's easy to imagine that needing esoteric equipment would raise the bar a bit.
Having only read the C&EN blurb, I can't confidently say that there isn't some more direct security connection that wasn't mentioned. But no obvious candidates are coming to mind. You could store various watermarks and signatures and whatnot, but you can do that with existsing systems too.
There is a difference between new research, something that can be practically implemented, and something that's ready for mass-market production. This is obviously not in the third category, but that doesn't make it uninteresting.
The venturi effect was discovered hundreds of years before the Wright Flyer was built, and it was 20 or 30 years after that before airplanes were useful for much. That doesn't mean the discovery and prototype (or specialized applications) were of no interest until commercial airliners appeared.
If you only care about deployable mass-market products, I suppose that's fine, but it's not worth posting about. If you can't tell the difference, or choose to ignore it, that's just obnoxious.
I couldn't disagree more strongly - the field of computer science is not changing all that quickly. Radically new ideas come along only rarely, and even when they do, if you're well-educated in the field, it's not hard to understand them. The products on the market are turning over very quickly, but that's all the more reason to focus on the fundamentals.
A sufficiently intelligent and motivated person can probably do it any way they like, but in general I think it's a lot easier to study science in school and self-study the applies side than to do it the other way around.
Yes, there are hiring managers like the ones you describe - and they're a good sign that you're interviewing with the wrong company. There are also places that don't suck.
I was going to say more, but now I have to run.
The Bureau of Labor Statistics keeps this sort of data, though possibly with some significant lag time.
Try looking at: http://www.bls.gov/bls/blswage.htm.
I was recently clued-in to the existence of Argus.
It's really good for summarizing flow information in quasi-realtime, so it fills the niche of being more detailed than NetFlow, but more big-picture than tcpdump or ethereal.
No! Definitely not! Really! :-)
Most faults are software problems, not hardware, so having different machines won't help. Further, interestingly, most major software faults (at least, of the sort that make it through serious testing) tend to be conceptual problems, not coding ones, and different people tend to make the same mistakes. This means in practice that even when you have completely independent software implementations (called n-version programming), they're frequently all wrong in the same way at the same times. See the famous Knight & Leveson paper.
At least some provable properties can be "pushed" through the compilation process all the way to the resulting object code. If you're interested, you can look into proof-carrying code and typed assembly language (papers by Necula, Appel, Walker, Zdanzewic, Crary and a cast of thousands.)
The resulting proofs are still hairy enough that they have to be checked by machine, but the size and complexity of the proof-checker is much less than that of the compilation toolchain. That means that while there's still some code that has to be trusted, it's much less. Here's my informal scariness hierarchy:
Normal model (you have to trust everything) > type safe languages (you have to trust the compilers / interpreters) > proof-carrying code (you have to trust the proof-checker*).
If you haven't already, you should definitely read Ken Thompson's Turing Award lecture, "Reflections on Trusting Trust" here.
* - Pedantry point: If you're talking about Necula's original PCC work, you also have to trust the verification condition generator, which is some fairly deep voodoo. Appel's Foundational PCC addresses this to a signficant extent.
The headline does a slight disservice in describing the article that way: Whether or not computers can create proofs isn't an issue. The problem comes when the resulting proof is too involved to be verified by a human, and so the computer's work has to be trusted.
I submitted the following response in a letter to the editor:
Dear Sir or Madam,
I am concerned that Mr. Jones's column of February 11th, "Open Source is Fertile Grounds for Foul Play," indicates a significant misunderstanding of open-source development processes. The argument presented is that all software development carries the risk that malicious code will be inserted by insiders, and that open-source is especially vulnerable because more people are insiders. The first part is absolutely true, and applies to both closed- and open-source development as Mr. Jones acknowledges, but the second part does not stand up to scrutiny.
Most open-source projects have only a small group of "core developers" who have the ability to modify the official source code, just as is the case with proprietary software development. Any malicious person could insert destructive code into his or her own copy, but not back into the official version. That leaves the possibility of intentional compromise by the core developers, or by subsequent distributors. The first is a risk, but less so than with proprietary software: The number of people in a position to corrupt the source is similar in both models, but the possibility of outside review reduces the danger for open-source software. Mr. Jones posits that core developers could avoid such scrutiny by not making the corrupted version public, but this is nonsensical: The version of the source code available for use is by definition also available for review.
The other concern raised is that distributors who re-package open source software could add vulnerabilities. Again, this is possible, but no more so than with proprietary software. It's easy for an attacker to add malicious code to compiled binaries; indeed much pirated software is reported to contain viruses or Trojan Horses. For both open-source and proprietary software, the solution is the same: Be careful who you get your software from. Downloading open-source software directly from the public sources or buying a packaged version from a trustworthy distributors is no riskier than buying e.g. Windows directly from Microsoft or a system integrator like IBM. If a consumer buys either open- or closed-source software from Bob's Back-Alley Software and Pawn Shop, well, it's a bad idea either way.
Open-source is not the security panacea that some advocates make it out to be, but it doesn't incur the added risks which Mr. Jones attributes to it, either. A government or other user which applies common sense to its software acquisition is no more at risk from open-source software than closed-source, and may even be a bit safer.
Respectfully,
Eric Anderson
--
Eric Anderson - anderson@cs.uoregon.edu
University of Oregon Network Security Research Lab
PGP fingerprints:
D3C5 D6FF EDED 9F1F C36D 53A3 74B7 53A6 3C74 5F12
9544 C724 CAF3 DC63 8CAB 5F30 68AE 5C63 B282 2D79