The ACM is currently surveying its members on whether or not to oppose this and similar measures. If you're a member, you've probably already gotten e-mail. Be sure to follow up on it if this issue is important to you!
This just a minor quibble, but I think it bears mentioning: I wouldn't phrase it as "they're violating the GPL" because that sounds like (you think) the GPL has some inherent authority. The issue is that they're violating the terms of the license under which you released your code to them. That just happens to be the GPL.
Constantine recognized Christianity in the Roman Empire at around 300 a.d. Pretty much from then on, (some form of) Christianity was the official religion in (most of) Europe. Outside of Europe, especially in the Americas and Africa, Christianity was brought in by imperial powers and had official sanction from day one.
There have been lots of times when being the wrong sort of Christian for your particular location was unacceptable, but Christianity as a whole has been seen as acceptable or even required in most of the areas where it is common for most of the time that it's been there. If you think it's been an uphill battle for Christianity since day one, you would do well to look at the history of other religious groups.
I do, however, strongly agree that one's religion should be a matter of genuine faith, not social acceptability.
I agree with essentially everything in the above, but I want to add a few things:
Cameras are a lot like computers, in that the accessories make or break their usefulness in the long term. If you end up enjoying photography, you'll probably acquire a whole host of lenses and gewgaws, of which the camera body is possibly the cheapest part. Just as with computers, you can find yourself growing such a collection without intending to, and it sucks to wake up one morning and realize that you're heavily invested in the wrong system.
Practically, what I'm getting at is that you should pick a starting camera based not just on the body itself, but also on whether there are a good range of accessories available for it, and whether you'll want to keep using those accessories if you decide to be serious about this whole thing. My feeling is that there are dozens of perfectly fine SLR camera manufacturers, all of whose products look about the same on paper, but Nikon and Cannon have much more complete Camera Accoutrement Systems, including 3rd party products, than anybody else. So while an Olympus or Pentax or Minolta would be just as good per se, I'd steer toward a Nikon or Cannon anyway.
I personally started out using the Nikon FM-10 camera body, and I've been very happy with it. It cost me about $250 new with an OK lense. I've bought better lenses and way too much other surrounding gear, but I've never felt the need for another (35mm) body. The older cousins (FM, FM-2) are also supposed to be very good, and are widely available used.
Whatever cameras you buy, there are a few features which I think are worth looking for:
1. Manual everything. If you want to learn about photography, you need to understand and make all the decisions yourself. If the camera won't work without batteries, you've got the wrong one.
2. Interchangeable lenses. This is pretty much a given with SLRs, but make sure. You'll eventually want other lenses. Here's where picking a Nikon or Cannon comes in handy: There are just a lot more lenses, especially used ones, in circulation for those brands. It sucks to find a great price on a nice old lense, and then find out that it won't fit your camera.
3. Tripod mount. For pretty much everything but photojournalism, you'll want this: Tripods make moderate-length exposures sharper, and long exposures possible.
4. Mechanical self-timer or cable release. Both help reduce camera shake for steadier shots.
5. Multiple exposures. I'm going out on a limb, but I personally find this important. Sometimes, you want to expose the same frame of film repeatedly. Normally, when you re-cock the shutter, you simultaneously advance the film, making this impossible. Some cameras have a little button or lever you can push to let you re-cock while keeping the film in place.
So the iMac was considered an aesthetic success for a couple of reasons, one of which was its minimalism: It's small, it's self-contained, and it doesn't dominate your space. Designing a whole freakin' desk around the computer doesn't exactly go along with that concept. "Needing" special furniture to acomodate your computer is one of the problems with computers that Apple's design tries to avoid, and they're reintroduced it on stylistic grounds.
Oh, come off it. You feel qualified to say that I "have neiter imagination, initiative, or sympathy" because I think that's an excessive dollar ammount? Someone who talks about sympathy shouldn't be so quick to condemn, I think.
I'm not saying that what was done is acceptable on a personal level, or legal on a privacy or IP level. Of course it shouldn't have been posted and the world should respect his choice. I know a bit about how being mocked can hurt. I'm just saying that a quarter million dollars is an obscenely large amount of money for something that is unfortunate but not devastating. It's an internet meme - nobody's going to care or even remember, and more importantly, nobody with an emotional age over about 13 would hold it against him. So he did something silly - but totally ok - when he was 15. That's not going to make anyone worth impressing think any less of him. Hell, I did the same things (without the videotaping).
This is not going to be albetross that ruins his education and career. I've been a corporate recruiter and a college admissions interviewer and I'll tell you straight up - that movie wouldn't lower my opinion of him in the least. It might even raise it. This is not a career-limiting event, it's just being made fun of. Not good, but not $250,000 bad. Like I said, that's at least half a life's savings, or about 10-15 nice cars by my definition (over 100 of the nicest car *I've* ever owned), and it's way too much to hold against a handfull of kids who just did something immature.
I'm pretty sure I'm not the only slashdot reader who got picked on while going through the school system. And I'm sorry, as much as being picked on sucks, it doesn't suck $250,000 worth. That's like 20 years' worth of savings, depending on how one's employed.
There's just no way that one embarrassing incident and the subsequent mockery is worth more than half a lifetime of hard work. Besides which, he's not even suing the people who actually mocked him. He's suing people who did something that may have induced the actual guilty parties to mock him. What's the accusation, contributory mockery?
The whole point of their paper was that TCP breaks down when the bandwidth-delay product gets really high, because of the high number of packets "in flight" per control iteration, and because of the comparatively high (per-rtt) probability that non-congestion-induced packet losses will occur. So yeah, they are using a high-bandwidth, high-latency line with relatively few flows, but because that's the situation they're working on, not because it's a rigged test. I think the New Scientist article did a bad job in making it clear that this is about how to take advantage of obscene amounts of bandwidth, not how to squeeze performance out of more meager links.
If you look at the applications they're interested in, namely multi-terrabyte scientific data set tranfers, UDP wouldn't be an ideal choice because they need the reliability features of TCP as well as the congestion control. Also, I'd expect this to achieve similar throughput to (well-behaved) UDP streaming protocols, because they have similar origins. FAST TCP and modern congestion-controlled UDP applications both used rate-based congestion control, largely based on the ideas introduced in TCP Vegas..
Trees have visible rings because they make a lot of wood during fat times, and only a little during lean.
It's the same way with programmers' ages. During boom times, companies will pick up a glut of programmers, including youngsters. This is what happened during the late '90s: They were hiring a lot of people, fairly indiscriminately. Further, the population of new programmers (or new people in any career) is disproportionately young. Young people are more likely to be either switching careers or just beginning a career than are older people, so we made up the bulk of this boom's new recruits.
You can see they cycles if you look at an older technology company. For example, I got started working for an air traffic control company (Lockheed Martin (formerly Univac, formerly Sperry-Rand, formerly...)) which had been in the computer business for 50 years. The programmers came in generations, because when there was an economic upswing, young engineers were hired, and then a decade or so would go by in which there were few new hires (and usually a few losses) and then the cycle would repeat again.
I think that the illusion that only young people can/should be programmers has a lot to do with the newness of the companies: Companies that didn't exist, or weren't in the computer industry 10 years ago haven't had the chance to develop a good age spread of employees, because this is their first cycle.
Of course, it depends a lot on what you know and what you've done: At LMATM, the coders in their 60s were freakin' good: They'd survived several rounds of layoffs for a reason, and they were seasoned veterans before I was born. If someone has 40 years of relevant experience doing good work, that's hard to argue with. On the other hand, someone whose experience is soleley with 40-year-old ways of thinking might actually be a hindrance. I think it would also be hard to be a new programmer in your 50s or 60s: There are biases out there in favor of youth, and a brand new programmer would not have the experience to offset that.
I suspect that college-level textbooks don't get written by committee for several reasons, but here's my main guess: They're not being written for a committee, either.
Since an individual professor selects the text for his or her course, the texts don't have to be written to satisfy the varied and mutually contradictory demands of an approval committee. That, and most of my textbooks are on a narrower subject area than "Science."
If you think that having all that claptrap in the first place makes someone lucky, then of course you don't get it. If you beleive that being wealthy means that you have a good life, then no wonder you don't have sympathy for people in that situation. Besides which, if you think that living on $50K (gross) requires "survival skills," you're in the same absurdly wealthy class as those earning $200K, relative to that 99.999% of humanity you talk about.
Let me tell you something. Money ain't shit. Once you've got enough for food, shelter and education, there's no correlation between having more and being happier. Really. None. There are two obvious conclusions to be drawn from this:
Don't waste your life pursuing wealth. Follow what give you joy.
Don't envy the rich, or assume that they've got it better than you. I've seen happy people with little income, and wealthy people in miserable torment.
If you're awake the lesson of this book isn't "The wealthy occasionally choose to be a little less wealthy. How noble." but "Sometimes people realize that money isn't making them happy. Once you get this, you can spend your like taking care of yourself instead of chasing the Almighty Dollar."
Look at it this way: Maybe the reason you hear about whiny rich people chucking it all to "find themselves" is because they needed to have wealth before they could stop and look at it and realize that it wasn't worth going for after all. As long as you think that you're not wealthy enough yet, you can maintain the illusion that maybe the next dollar will be the one to make you happy. Someone (like you) can look at those who have $200K and figure "Hey, they must have it good. I'm jealous."
Now, you've got three choices as I see it. You can live the rest of your life not making $200K/year, but being jealous of those who do. That's just pathetic. Or, you can figure out what you have to do to make $200K/year yourself. That's a waste of your life, but at least you're not stewing with impotent envy. Or, you can realize now that having that kind of money isn't worth anything, take pity on people who've wasted their precious life on aquiring it, and put your life into something worthwhile. What'll it be?
Wired's article implies that they're trying to protect us from attackers using a wireless access point to launch a significant attack on the Internet itself. "We know that (an attack) could bring down the network of this country very quickly. Once you're on the network, it doesn't matter where you got in," were the words of the Homeland Security representative.
That's true, but stupid. By exactly their "logic", a terrorist or criminal could launch the same attack whether they connect through an unsecured wireless network or any other way. So unless they have a comprehensive strategy for making sure that terrorists can't get internet access *at all* then this doesn't accomplish anything. So either the administration doesn't realize this, or they do but they're using it as a smoke screen for some real reason, or it's being misreported. Frankly, I'd give about equal odds to all three.
There is nothing which *would* constitute a sufficient condition for security. You can't check any particular property, of the product or process, and say "Yup, it's secure." We should all know that by now. In general, the closest we come is to haul out a long list of known mistakes (the absence of which is a necessary but not sufficient condition) and hope not to find them.
It's also helpful to remember that the Common Criteria don't define try to define a reasonable security certification. What they do provide is a list of things which might be interesting and ways of measuring those things. It's up to the "end user" to choose which things are important to them (define a protection profile).
You asked about conferences, but it seems like what you're really looking for
is education in general. Especially as a "newbie," conferences aren't going
to be your best bet anyway: They tend to cover what's new and particular
topics of interest, but can't and don't provide general background knowlege.
You can get a lot of good books for the price of a conference admission, and
that's probably a better way to get started, anyhow. Here are a few
recommendations from my bookshelf:
Building Secure Software, Viega & McGraw, $55 at Amazon
Well, I think there's a big difference between "government regulation" and "government certification." Regulation is forcing you to do (or not do) something, while a certification is just providing information. As long as the certification isn't legally mandated, this doesn't strike me as bein so big a problem: It may be wasteful or stupid, but it's not opressive.
I tend to dislike government involvement at least as much as the next guy (which is sort of ironic, considering what I do) but this seems fairly reasonable. One thing that governments have done for a long time is establish standards (especially units of measure) and test whether products live up to their claims vis a vis those standards. I don't think it's that big a jump from certifying that a "pound" of flour really weighs a standard pound to certifying that a wireless networking hub offers the security it claims to.
>Nice pics by the way. Have you delved into digital yet?
Thanks. Not really: I've used a digital camera for snapshots and such, but I haven't worked with one seriously or explored the ways in which they're different from using film. I'd kind of like to, though, because the process of getting film pictures scanned is a royal pain. In addition to the standard transparency development process, you then have to pick which images are worth scanning (unless you can afford to scan them all), have them scanned, and then correct scanning artifacts in the resulting images. It's the last step that really sucks, in my opinion.
I'd have responded by e-mail, but your user information doesn't seem to give out your address.
Re:interesting
on
Built For Use
·
· Score: 5, Insightful
I haven't read the book, so I can't comment on what priciples it's
putting forth, but your comment seems to be missing the point which
the reviewer, at least, was making. Nobody's saying that art has no
role whatsoever in website design. What they seem to be saying - and
I agree wholeheartedly - is that art is a secondary concern. It's not
wrong to have art, indeed art is often desirable, but art should
facilitate the goals of the website, not be a goal per se.
I've done
web site design, and I consider myself an artist of sorts, and they
are very different activites. Art, as an end in itself, is about
beauty and self expression. A corporate web site, like everything
else a company does, is about advancing the company's financial
position. Usually this means encouraging people to buy something
(advertizing), directly enabling them to buy something (on-line
sales), or maximizing the value of things they've already bought
(customer service).
In none of these cases does the web site work by sitting there and
expressing the artist's vision. It works by enabling the
customer to do something they want to do - and which the
company also wants them to do - using the web site. Art, in a
commercial setting, is a fine means unto that end, but should not be
the end itself. This isn't to say that art for art's sake isn't a
wonderful and necessary part of our society, but a corporate web site
is probably not the most suitable canvas.
It depends where you go to school: At most schools, a C is no longer average, due to grade inflation. Even at
Northwestern, which is actually a fairly respectable school, the average GPA is up to 3.3. When you consider that a lot of less-than-driven students drift through large state universities, the average GPA for the real students is actually probably higher still.
Does anyone know about a more detailed write up of this?
Specifically, I'm wondering whether each portable device is computing its own location based on the relative intesities of the access points as measured at the device, or the other way around.
If the devices are determining their own position, then, at least in theory, it should be possible to be selective about who gets access to that information. Done properly, there wouldn't need to be any central point of failure, so an attacker would need to compromise the software on their intended victim's PC. Or, more likely, they would have to discover an unintentional fault in that software and exploit it. On the other hand, if an external system is determining the location of the devices, then a would-be snooper need not compromise the software on the victim's computer, but only the central system.
In the first scenario, your own Pocket PC is trusted, while in the second, a device outside your control is. This isn't really that big a distinction in practice, because most of us extend trust to third parties by using software and hardware the properties of which we cannot or do not verify, but it's still important: It's possible to some extent to verify and monitor the behavior of systems in our physical possession, but nearly impossible to do so with someone else's.
When you say the "old system" your're probably talking about ARTS IIIA, which is about 30 years old, using period displays like FDADs and the like. Of course Raytheon's $1.7Bn 2002 system is better than Sperry/Univac's 1970 system.
The proper question isn't how STARS compares with what their competitors did 30 years ago, it's how STARS compares with what their competitors are doing now. Specifically, STARS most direct competitor is Common ARTS, which is a the current system from Lockheed Martin. In my biased opinion (I work on it) Common ARTS has comparable functionality to STARS, and it actually passes safety tests! Oh yeah, and Common ARTS has been installed at 139 sites, on time, within budget. STARS is more than 4 years behind schedule, 800 million dollars over budget, and still has 258 critical system trouble reports outstanding.
Standard disclaimer: I am speaking for myself, on my own time, and not my employer.
For more information, here's the memo as a pdf or text from the the Office of the Inspector General of the Department of Transportation.
For some background into why this may be happening, consider the following: FAA Administrator Jane Garvey was a champion of the STARS program. She is about to leave the post, and may want to be able to claim some success before she goes. Also, th philadelphia TRACON is nearing its capacity and needs to be upgraded in the immediate future. There are two ways to go for the upgrade: One is to put in STARS, and the other is to install Common ARTS, a competing system. If they can't put STARS on in the immediate future, practical necessity will force them to install Common ARTS instead. If they put the money into installing Common ARTS now, they'll have a hell of a time justifying switching over to STARS later, because there'll be no need. Thus, Raytheon and Garvey and other STARS proponents are in a now-or-never situation to get STARS in, by hook or by crook, unless they want the work to go to a competitor and make them look bad.
NOTE: This is my own opinion, written on my own time, and I DO NOT speak for my employer (one of the companies involved).
What you say is certainly true, but I want to put a big caveat on it:
It's very difficult to answer the question " what are we securing and how valuable is it?" for a number of reasons. To do that, you need to define what it is you're afraid of losing and how much of it you might lose from a particular attack. Both are very difficult questions, and are often gotten wrong.
Looking at the first, people often underestimate the risk from a security compromise because they're only thinking about the confidentiality (secrecy) of their data. At least as important to consider are integrity and availability, that is whether the system and data remain correct and usable. There are lots of things don't really need to be confidential, but do need to be right. Picture building design specs, for example. They're not secret at all - most of them will become matters of public record - so it doesn't really matter if they get stolen. God help you, though, if they get altered and you don't find out until halfway through construction.
Supposing you can somehow estimate the total VAR (Value At Risk) of your information systems, it's still nigh impossible to figure out what portion of that would be endangered by any particular attack. An apparently minor attack can easily be a stepping stone to a much more serious one. Parlaying limited access - whether aquired legitimately or otherwiss - into greater power is generally called privilege escalation, and it's a common component of attacks. The "root kit" is a classic examples of this. A root kit won't get you onto a system, but if you can get unprivilleged access some other way, the kit will then get you root. You can't assume that the security of a given account is unimportant just because that person hasn't been granted access to anything sensitive. There's always the possibility that a user has, or could get, access to things way beyond what was intended. Consider your marketing schmoe whose password security you claim is relatively unimportant. It's entirely possible (even likely) that the network which "does not allow remote access" does indeed have a gap somewhere. And if it does, someone could telnet in, log in as Mr. (or Ms.) Schmoe, and escalate to root on their one server. At this point, the attacker can probably compromise the username and password of any other user on that server, one of whom may have access to something that does realy matter. This is just a hypothetical story, but it illustrates a very important point about computer security: A series of weaknesses, any one of which would be unimportant as long as everything else worked as intended, can often be strung together into a succesfull attack.
As you said, security policies should be based on a rational economic evaluation of what's at risk and how much it would cost to mitigate that risk. The problem is that it can be difficult indeed to assess how much risk hinges on a given decision, so it's usually wise to be more conservative than you think you need to be.
Software can't kill people directly, but it controls hardware than can. Also, people frequently depend on systems which include software for life-critical purposes.
Think:
1. 911 call centers 2. Industrial robotics 3. Air Traffic Control 4. Engines with embedded software controls 5. The telephone network 6. The power grid 7. Medical equipment
I'd like to point out that there are documented deaths from software failures in most of these categories.
Slashdot Mirror
The ACM is currently surveying its members on whether or not to oppose this and similar measures. If you're a member, you've probably already gotten e-mail. Be sure to follow up on it if this issue is important to you!
The current policy committee positions are viewable on the ACM web site.
This just a minor quibble, but I think it bears mentioning: I wouldn't phrase it as "they're violating the GPL" because that sounds like (you think) the GPL has some inherent authority. The issue is that they're violating the terms of the license under which you released your code to them. That just happens to be the GPL.
Constantine recognized Christianity in the Roman Empire at around 300 a.d. Pretty much from then on, (some form of) Christianity was the official religion in (most of) Europe. Outside of Europe, especially in the Americas and Africa, Christianity was brought in by imperial powers and had official sanction from day one.
There have been lots of times when being the wrong sort of Christian for your particular location was unacceptable, but Christianity as a whole has been seen as acceptable or even required in most of the areas where it is common for most of the time that it's been there. If you think it's been an uphill battle for Christianity since day one, you would do well to look at the history of other religious groups.
I do, however, strongly agree that one's religion should be a matter of genuine faith, not social acceptability.
I agree with essentially everything in the above, but I want to add a few things:
Cameras are a lot like computers, in that the accessories make or break their usefulness in the long term. If you end up enjoying photography, you'll probably acquire a whole host of lenses and gewgaws, of which the camera body is possibly the cheapest part. Just as with computers, you can find yourself growing such a collection without intending to, and it sucks to wake up one morning and realize that you're heavily invested in the wrong system.
Practically, what I'm getting at is that you should pick a starting camera based not just on the body itself, but also on whether there are a good range of accessories available for it, and whether you'll want to keep using those accessories if you decide to be serious about this whole thing. My feeling is that there are dozens of perfectly fine SLR camera manufacturers, all of whose products look about the same on paper, but Nikon and Cannon have much more complete Camera Accoutrement Systems, including 3rd party products, than anybody else. So while an Olympus or Pentax or Minolta would be just as good per se, I'd steer toward a Nikon or Cannon anyway.
I personally started out using the Nikon FM-10 camera body, and I've been very happy with it. It cost me about $250 new with an OK lense. I've bought better lenses and way too much other surrounding gear, but I've never felt the need for another (35mm) body. The older cousins (FM, FM-2) are also supposed to be very good, and are widely available used.
Whatever cameras you buy, there are a few features which I think are worth looking for:
1. Manual everything. If you want to learn about photography, you need to understand and make all the decisions yourself. If the camera won't work without batteries, you've got the wrong one.
2. Interchangeable lenses. This is pretty much a given with SLRs, but make sure. You'll eventually want other lenses. Here's where picking a Nikon or Cannon comes in handy: There are just a lot more lenses, especially used ones, in circulation for those brands. It sucks to find a great price on a nice old lense, and then find out that it won't fit your camera.
3. Tripod mount. For pretty much everything but photojournalism, you'll want this: Tripods make moderate-length exposures sharper, and long exposures possible.
4. Mechanical self-timer or cable release. Both help reduce camera shake for steadier shots.
5. Multiple exposures. I'm going out on a limb, but I personally find this important. Sometimes, you want to expose the same frame of film repeatedly. Normally, when you re-cock the shutter, you simultaneously advance the film, making this impossible. Some cameras have a little button or lever you can push to let you re-cock while keeping the film in place.
So the iMac was considered an aesthetic success for a couple of reasons, one of which was its minimalism: It's small, it's self-contained, and it doesn't dominate your space. Designing a whole freakin' desk around the computer doesn't exactly go along with that concept. "Needing" special furniture to acomodate your computer is one of the problems with computers that Apple's design tries to avoid, and they're reintroduced it on stylistic grounds.
Oh, come off it. You feel qualified to say that I "have neiter imagination, initiative, or sympathy" because I think that's an excessive dollar ammount? Someone who talks about sympathy shouldn't be so quick to condemn, I think.
I'm not saying that what was done is acceptable on a personal level, or legal on a privacy or IP level. Of course it shouldn't have been posted and the world should respect his choice. I know a bit about how being mocked can hurt. I'm just saying that a quarter million dollars is an obscenely large amount of money for something that is unfortunate but not devastating. It's an internet meme - nobody's going to care or even remember, and more importantly, nobody with an emotional age over about 13 would hold it against him. So he did something silly - but totally ok - when he was 15. That's not going to make anyone worth impressing think any less of him. Hell, I did the same things (without the videotaping).
This is not going to be albetross that ruins his education and career. I've been a corporate recruiter and a college admissions interviewer and I'll tell you straight up - that movie wouldn't lower my opinion of him in the least. It might even raise it. This is not a career-limiting event, it's just being made fun of. Not good, but not $250,000 bad. Like I said, that's at least half a life's savings, or about 10-15 nice cars by my definition (over 100 of the nicest car *I've* ever owned), and it's way too much to hold against a handfull of kids who just did something immature.
I'm pretty sure I'm not the only slashdot reader who got picked on while going through the school system. And I'm sorry, as much as being picked on sucks, it doesn't suck $250,000 worth. That's like 20 years' worth of savings, depending on how one's employed.
There's just no way that one embarrassing incident and the subsequent mockery is worth more than half a lifetime of hard work. Besides which, he's not even suing the people who actually mocked him. He's suing people who did something that may have induced the actual guilty parties to mock him. What's the accusation, contributory mockery?
The whole point of their paper was that TCP breaks down when the bandwidth-delay product gets really high, because of the high number of packets "in flight" per control iteration, and because of the comparatively high (per-rtt) probability that non-congestion-induced packet losses will occur. So yeah, they are using a high-bandwidth, high-latency line with relatively few flows, but because that's the situation they're working on, not because it's a rigged test. I think the New Scientist article did a bad job in making it clear that this is about how to take advantage of obscene amounts of bandwidth, not how to squeeze performance out of more meager links.
If you look at the applications they're interested in, namely multi-terrabyte scientific data set tranfers, UDP wouldn't be an ideal choice because they need the reliability features of TCP as well as the congestion control. Also, I'd expect this to achieve similar throughput to (well-behaved) UDP streaming protocols, because they have similar origins. FAST TCP and modern congestion-controlled UDP applications both used rate-based congestion control, largely based on the ideas introduced in TCP Vegas..
That idea seems to be more or less straight from TCP Vegas. Is it clear to you what they're doing differently?
Trees have visible rings because they make a lot of wood during fat times, and only a little during lean.
It's the same way with programmers' ages. During boom times, companies will pick up a glut of programmers, including youngsters. This is what happened during the late '90s: They were hiring a lot of people, fairly indiscriminately. Further, the population of new programmers (or new people in any career) is disproportionately young. Young people are more likely to be either switching careers or just beginning a career than are older people, so we made up the bulk of this boom's new recruits.
You can see they cycles if you look at an older technology company. For example, I got started working for an air traffic control company (Lockheed Martin (formerly Univac, formerly Sperry-Rand, formerly...)) which had been in the computer business for 50 years. The programmers came in generations, because when there was an economic upswing, young engineers were hired, and then a decade or so would go by in which there were few new hires (and usually a few losses) and then the cycle would repeat again.
I think that the illusion that only young people can/should be programmers has a lot to do with the newness of the companies: Companies that didn't exist, or weren't in the computer industry 10 years ago haven't had the chance to develop a good age spread of employees, because this is their first cycle.
Of course, it depends a lot on what you know and what you've done: At LMATM, the coders in their 60s were freakin' good: They'd survived several rounds of layoffs for a reason, and they were seasoned veterans before I was born. If someone has 40 years of relevant experience doing good work, that's hard to argue with. On the other hand, someone whose experience is soleley with 40-year-old ways of thinking might actually be a hindrance. I think it would also be hard to be a new programmer in your 50s or 60s: There are biases out there in favor of youth, and a brand new programmer would not have the experience to offset that.
I suspect that college-level textbooks don't get written by committee for several reasons, but here's my main guess: They're not being written for a committee, either.
Since an individual professor selects the text for his or her course, the texts don't have to be written to satisfy the varied and mutually contradictory demands of an approval committee. That, and most of my textbooks are on a narrower subject area than "Science."
If you think that having all that claptrap in the first place makes someone lucky, then of course you don't get it. If you beleive that being wealthy means that you have a good life, then no wonder you don't have sympathy for people in that situation. Besides which, if you think that living on $50K (gross) requires "survival skills," you're in the same absurdly wealthy class as those earning $200K, relative to that 99.999% of humanity you talk about.
Let me tell you something. Money ain't shit. Once you've got enough for food, shelter and education, there's no correlation between having more and being happier. Really. None. There are two obvious conclusions to be drawn from this:
If you're awake the lesson of this book isn't "The wealthy occasionally choose to be a little less wealthy. How noble." but "Sometimes people realize that money isn't making them happy. Once you get this, you can spend your like taking care of yourself instead of chasing the Almighty Dollar."
Look at it this way: Maybe the reason you hear about whiny rich people chucking it all to "find themselves" is because they needed to have wealth before they could stop and look at it and realize that it wasn't worth going for after all. As long as you think that you're not wealthy enough yet, you can maintain the illusion that maybe the next dollar will be the one to make you happy. Someone (like you) can look at those who have $200K and figure "Hey, they must have it good. I'm jealous."
Now, you've got three choices as I see it. You can live the rest of your life not making $200K/year, but being jealous of those who do. That's just pathetic. Or, you can figure out what you have to do to make $200K/year yourself. That's a waste of your life, but at least you're not stewing with impotent envy. Or, you can realize now that having that kind of money isn't worth anything, take pity on people who've wasted their precious life on aquiring it, and put your life into something worthwhile. What'll it be?
Wired's article implies that they're trying to protect us from attackers using a wireless access point to launch a significant attack on the Internet itself. "We know that (an attack) could bring down the network of this country very quickly. Once you're on the network, it doesn't matter where you got in," were the words of the Homeland Security representative.
That's true, but stupid. By exactly their "logic", a terrorist or criminal could launch the same attack whether they connect through an unsecured wireless network or any other way. So unless they have a comprehensive strategy for making sure that terrorists can't get internet access *at all* then this doesn't accomplish anything. So either the administration doesn't realize this, or they do but they're using it as a smoke screen for some real reason, or it's being misreported. Frankly, I'd give about equal odds to all three.
You're right, but...
There is nothing which *would* constitute a sufficient condition for security. You can't check any particular property, of the product or process, and say "Yup, it's secure." We should all know that by now. In general, the closest we come is to haul out a long list of known mistakes (the absence of which is a necessary but not sufficient condition) and hope not to find them.
It's also helpful to remember that the Common Criteria don't define try to define a reasonable security certification. What they do provide is a list of things which might be interesting and ways of measuring those things. It's up to the "end user" to choose which things are important to them (define a protection profile).
Here Turn off images in your browser, or else you'll end up waiting for the (slashdotted) server to cough up the images for the (cached) page.
You asked about conferences, but it seems like what you're really looking for is education in general. Especially as a "newbie," conferences aren't going to be your best bet anyway: They tend to cover what's new and particular topics of interest, but can't and don't provide general background knowlege.
You can get a lot of good books for the price of a conference admission, and that's probably a better way to get started, anyhow. Here are a few recommendations from my bookshelf:
I tend to dislike government involvement at least as much as the next guy (which is sort of ironic, considering what I do) but this seems fairly reasonable. One thing that governments have done for a long time is establish standards (especially units of measure) and test whether products live up to their claims vis a vis those standards. I don't think it's that big a jump from certifying that a "pound" of flour really weighs a standard pound to certifying that a wireless networking hub offers the security it claims to.
>Nice pics by the way. Have you delved into digital yet?
Thanks. Not really: I've used a digital camera for snapshots and such, but I haven't worked with one seriously or explored the ways in which they're different from using film. I'd kind of like to, though, because the process of getting film pictures scanned is a royal pain. In addition to the standard transparency development process, you then have to pick which images are worth scanning (unless you can afford to scan them all), have them scanned, and then correct scanning artifacts in the resulting images. It's the last step that really sucks, in my opinion.
I'd have responded by e-mail, but your user information doesn't seem to give out your address.
I haven't read the book, so I can't comment on what priciples it's putting forth, but your comment seems to be missing the point which the reviewer, at least, was making. Nobody's saying that art has no role whatsoever in website design. What they seem to be saying - and I agree wholeheartedly - is that art is a secondary concern. It's not wrong to have art, indeed art is often desirable, but art should facilitate the goals of the website, not be a goal per se.
I've done web site design, and I consider myself an artist of sorts, and they are very different activites. Art, as an end in itself, is about beauty and self expression. A corporate web site, like everything else a company does, is about advancing the company's financial position. Usually this means encouraging people to buy something (advertizing), directly enabling them to buy something (on-line sales), or maximizing the value of things they've already bought (customer service).
In none of these cases does the web site work by sitting there and expressing the artist's vision. It works by enabling the customer to do something they want to do - and which the company also wants them to do - using the web site. Art, in a commercial setting, is a fine means unto that end, but should not be the end itself. This isn't to say that art for art's sake isn't a wonderful and necessary part of our society, but a corporate web site is probably not the most suitable canvas.
It depends where you go to school: At most schools, a C is no longer average, due to grade inflation. Even at Northwestern, which is actually a fairly respectable school, the average GPA is up to 3.3. When you consider that a lot of less-than-driven students drift through large state universities, the average GPA for the real students is actually probably higher still.
Does anyone know about a more detailed write up of this?
Specifically, I'm wondering whether each portable device is computing its own location based on the relative intesities of the access points as measured at the device, or the other way around.
If the devices are determining their own position, then, at least in theory, it should be possible to be selective about who gets access to that information. Done properly, there wouldn't need to be any central point of failure, so an attacker would need to compromise the software on their intended victim's PC. Or, more likely, they would have to discover an unintentional fault in that software and exploit it. On the other hand, if an external system is determining the location of the devices, then a would-be snooper need not compromise the software on the victim's computer, but only the central system.
In the first scenario, your own Pocket PC is trusted, while in the second, a device outside your control is. This isn't really that big a distinction in practice, because most of us extend trust to third parties by using software and hardware the properties of which we cannot or do not verify, but it's still important: It's possible to some extent to verify and monitor the behavior of systems in our physical possession, but nearly impossible to do so with someone else's.
When you say the "old system" your're probably talking about ARTS IIIA, which is about 30 years old, using period displays like FDADs and the like. Of course Raytheon's $1.7Bn 2002 system is better than Sperry/Univac's 1970 system.
The proper question isn't how STARS compares with what their competitors did 30 years ago, it's how STARS compares with what their competitors are doing now. Specifically, STARS most direct competitor is Common ARTS, which is a the current system from Lockheed Martin. In my biased opinion (I work on it) Common ARTS has comparable functionality to STARS, and it actually passes safety tests! Oh yeah, and Common ARTS has been installed at 139 sites, on time, within budget. STARS is more than 4 years behind schedule, 800 million dollars over budget, and still has 258 critical system trouble reports outstanding.
Standard disclaimer: I am speaking for myself, on my own time, and not my employer.
For more information, here's the memo as a pdf or text from the the Office of the Inspector General of the Department of Transportation.
For some background into why this may be happening, consider the following: FAA Administrator Jane Garvey was a champion of the STARS program. She is about to leave the post, and may want to be able to claim some success before she goes. Also, th philadelphia TRACON is nearing its capacity and needs to be upgraded in the immediate future. There are two ways to go for the upgrade: One is to put in STARS, and the other is to install Common ARTS, a competing system. If they can't put STARS on in the immediate future, practical necessity will force them to install Common ARTS instead. If they put the money into installing Common ARTS now, they'll have a hell of a time justifying switching over to STARS later, because there'll be no need. Thus, Raytheon and Garvey and other STARS proponents are in a now-or-never situation to get STARS in, by hook or by crook, unless they want the work to go to a competitor and make them look bad.
NOTE: This is my own opinion, written on my own time, and I DO NOT speak for my employer (one of the companies involved).
What you say is certainly true, but I want to put a big caveat on it:
It's very difficult to answer the question " what are we securing and how valuable is it?" for a number of reasons. To do that, you need to define what it is you're afraid of losing and how much of it you might lose from a particular attack. Both are very difficult questions, and are often gotten wrong.
Looking at the first, people often underestimate the risk from a security compromise because they're only thinking about the confidentiality (secrecy) of their data. At least as important to consider are integrity and availability, that is whether the system and data remain correct and usable. There are lots of things don't really need to be confidential, but do need to be right. Picture building design specs, for example. They're not secret at all - most of them will become matters of public record - so it doesn't really matter if they get stolen. God help you, though, if they get altered and you don't find out until halfway through construction.
Supposing you can somehow estimate the total VAR (Value At Risk) of your information systems, it's still nigh impossible to figure out what portion of that would be endangered by any particular attack. An apparently minor attack can easily be a stepping stone to a much more serious one. Parlaying limited access - whether aquired legitimately or otherwiss - into greater power is generally called privilege escalation, and it's a common component of attacks. The "root kit" is a classic examples of this. A root kit won't get you onto a system, but if you can get unprivilleged access some other way, the kit will then get you root. You can't assume that the security of a given account is unimportant just because that person hasn't been granted access to anything sensitive. There's always the possibility that a user has, or could get, access to things way beyond what was intended. Consider your marketing schmoe whose password security you claim is relatively unimportant. It's entirely possible (even likely) that the network which "does not allow remote access" does indeed have a gap somewhere. And if it does, someone could telnet in, log in as Mr. (or Ms.) Schmoe, and escalate to root on their one server. At this point, the attacker can probably compromise the username and password of any other user on that server, one of whom may have access to something that does realy matter. This is just a hypothetical story, but it illustrates a very important point about computer security: A series of weaknesses, any one of which would be unimportant as long as everything else worked as intended, can often be strung together into a succesfull attack.
As you said, security policies should be based on a rational economic evaluation of what's at risk and how much it would cost to mitigate that risk. The problem is that it can be difficult indeed to assess how much risk hinges on a given decision, so it's usually wise to be more conservative than you think you need to be.
Software can't kill people directly, but it controls hardware than can. Also, people frequently depend on systems which include software for life-critical purposes.
Think:
1. 911 call centers
2. Industrial robotics
3. Air Traffic Control
4. Engines with embedded software controls
5. The telephone network
6. The power grid
7. Medical equipment
I'd like to point out that there are documented deaths from software failures in most of these categories.