On a UNIX box, if I'm signing on as me (non-admin type), then I can feel pretty good about general security
People keep saying this, but it totally ignores all of the escalation of privilege bugs that are floating around. See for example here for a recent example on OS X.
If an ordinary UNIX user can be tricked into running a program, that program can then look for one of the hundreds of common bugs that allow escalation of privilege, and then install itself as root. This can be prevented by keeping current on your patches, and being careful about your configurations, but then you can keep a Windows box relatively secure by the same process. The trouble is that it's a lot of work and seems to be beyond the resources of most casual users regardless of which OS they use.
I don't think the argument here is either politics or computer science, I think it is how to turn computer programming into an engineering discipline. Every C/C++ programmer swears they will carefully attend to memory management and buffer bounds, and nearly every one of them will screw it up multiple times. Witness the numerous overflow bugs in OpenSSh and Sendmail, not to mention the Microsoft overflow bugs de jour. It's not that run time checking will prevent such errors, it's that when they occur (and they will), the program will fail in a predictable way and not execute arbitrary code.
The argument between supporters of "bondage and discipline" and "do what I say" languages has been going on since the birth of the industry. The "do what I say" languages have so far carried the day because they have had legitmate arguments about performance constraints, but isn't it time to devote a least some machine cycles to run time checking of the most common classes of programmer errors?
A relative of mine works in the aircraft industry. According to stories he has told me, it is required practice that all cables in a cable bundle have incompatible connectors. Obviously this is inefficient, expensive and tedious, but harsh experience has taught them that if a cable can be physically plugged into the wrong socket, it will be. Even the best programmers will occasionialy make mistakes and our software tools should accept this as a given.
The difference between bacteria and virii is crap too. Polio's a virus. When was the last time you heard about somebody with polio?
Despite the availability of vaccines. Polio is still endemic in much of the world. Have you contributed generously to the campaigns providing vaccine to poor countries?
And on the other hand, we've been "so close" to curing leprosy, fucking leprosy, for years now. Don't tell me that's more work to cure than a floppy dick.
Is it your extensive knowledge of biosciences that informs you otherwise, or simply your firm belief in the inherent kindness of the universe?
Malaria? Chagas? River blindness? We can fight stomach acid, cholesterol buildups, and hair loss and we can't come up with something to effectively stop fucking worms from crawling into somebody's eyeballs?
Malaria used to be endemic in the SE US. Civil engineering and public health measures are what make it rare here now. Malaria and River Blindness could be greatly reduced in the third world through similar measures. It doesn't require any new research, just the capital and the political will to take action. Are you contributing to these efforts? If not, how are you any different then the greedy drug companies?
Are you arguing that medicine should be subjective? I argue that it should be objective. A doctor's diagnosis and recommended treatment should be based on analysis of data (temperature, blood pressure, blood chemistry, mri's, whatever) using knowledge of diseases/conditions. If a task is objective, then it can be performed by a computer. Now if you want to argue that doctors should be subjective rather than objective, go right ahead, I will not entertain such nonsense
Given the state of knowlege of both medicine and computer science this is absurdly naive.
If you spend any time working in the natural sciences you'll quickly realize that the world is full of ambiguous and contradictory evidence. Picking out which evidence is relevant is a subjective process, and experience and training can help you make better subjective decisions. Think of a doctor palpitating your neck in a physical exam. The objective physical finding might be "swollen lymph glands", but that throws away 99.999% of the information perceived by the doctor, who is thinking "Jeez, this feels just like the lymph glands of that Hodgkins case I saw two years ago."
By your arguments we should no long require mathematicians, since after all, mathematics is as objective a task as any human activity. I can assure you though, that giving you copies of Maple, Matlab, and Mathematica, will not turn you into a mathematician.
Thanks for that insight. I haven't used C++ since 1998, and unfortunately never got around to learning the C++ Standard Library or STL.
I've read your other comments on this thread with interest. What are your views on the difficulty of writing correct code in C/C++ versus say Java or C#? My experience has been that while all C/C++ programmers promise to be very careful about memory management and bounds checking, most of them screw it up at some point, even quite talented and experienced programmers. It seems to me that languages with run-time bounds checking keep momentary lapses in concentration from becoming buffer overflow exploits.
I recently wrote a small program that generated one million random doubles and then sorted them by size. I initially wrote it in Java and then (because I had the same opinion as you) I re-wrote it in C. Much to my suprise the Java version was faster then the C version. I suspect the JIT compiler made Java a match for C in generating the random numbers, but on top of that, Java provided a standard library function specifically for sorting an array of doubles. The standard C runtime only provided a generic quicksort function. I had to pass it a comparison function which it used to compare elements within the sort. I suspect the overhead of this callback function killed the performace of the C version. If I had writen my own double specific sorting routine for the C version I probably could have bested the performance of the Java version, but then I would have had to start juggling how much time I wanted to spend writing the program vs how often it was going to be run.
I find that I can write correct code more easily in Java then in C or Fortran. This allows me to spend more time on choosing and implementing algorithms and in many cases a superior algorithm will make the JIT/native differences irrelevant.
quite honestly, morals are the only thing keeping most people out of wireless networks.
True, and I will confess to a rhetorical exaggeration, but I still think there is something to my point. I was just setting up my own wireless LAN last week, and I was blown away by the number of networks I was picking up that were broadcasting their default SSID and were apparently unencrypted. Since I was getting a better signal from some of these networks then my own it was very tempting to connect to them and just nose around a bit. My internal conversation went something like:
1. "Hmm. I wonder what I'd see if I connected to "linksys". 2. "That would be rude. You haven't been invited." 3. "It might also be illegal." 4. "How in hell would they know?" 5. "It might be a honeypot and Fry's probably gave your Visa card number and MAC address to Interpol and John Ashcroft." 6. "Give me a break." 7. "Never mind all that, it would still be impolite to connect without an explicit invitation."
As you correctly point out my primary motivation was my personal sence of morality (or at least propriety). However the legal aspect did cross my mind. I didn't want to get in trouble over a matter of idle curiousity.
... talking about these omnipotent laws
I didn't say that laws were omnipotent, I said that enforcement of the laws was one component of the security infrastructure. Legal sanctions don't discourage all, but they discourage some. Encryption doesn't solve all security problems, but it helps solve some. It is my experience that "fear of getting in trouble" is an important regulator of people's behavior. If nothing else it reinforces their own sense of morality when it is undercut by conflicing impulses like curiosity.
I did so upon request. I said he challenged me for a proof and I responded, I sent them a anonymous encrypted copy of the 2000 passwords cracked and a set of steps to correct the flwas (basicaly ditch the DES encryption and use SHA-1 or MD5 hashes).
Obviously I wasn't present during this conversation, but unless there is more to it then you include here, I think you have some serious problems in communicating with your fellow humans. I know if I asked somebody for proof that my systems were insecure I would be thinking more along the lines of "please describe in detail the vulnerability" not "please try to crack my system". If you really believed that you had a legitimate invitation to try to crack the system why did you submit the evidence anonymously?
....certainly illegal, but morally everything I did was correct
I think you have a very narrow view of morality then. Greater harm justifications only work if the questionable action was the only way to prevent the greater harm. Why didn't you just document the vulnerability and work your way up the chain of responsibility? (I mean immoral here as reading somebody's diary without permission, not as in assault or extortion.)
The legal penalties attached to cracking are just as much a part of the security infrastructure as encryption. Heck, if unauthorized network intrusion was a simple infraction punishable by a $10 fine I'd probably be wandering around my neighbor's unsecured wireless network right now.
A friend of mine (not a friend of a friend mind you, but mine very own friend) told a similar story.
He was working for a computer training company in Hawaii. In one of their classrooms they had an older computer which was no longer in use but not quite obsolete enough to toss. It sat unused in the corner next to the coffee station, and gradually picked up a patina of sugar and non-dairy creamer. Well, one day right before a class my friend is teaching, one of the student computers conks out, so my friend grabs the old computer, wipes off the schmutz, checks that it boots up, and uses it to replace the dead computer. The students come in, and he begins the lesson. A few minutes into the lesson the temperature inside the computer apparently reached the level of insect discomfort, and dozens of cockroaches came boiling out of every opening in the case, several of them dropping into the student's lap..
As you might expect that student wasn't ever able to regain their focus on the lesson, and they were given a refund.
While a lot of people think that the Pons-Fleischman episode was very bad science, I don't think many people think it was a hoax, which would implies deliberate deception. I think the consensus was that neutron detection and ultra-precise calorimetery are very hard to get right, and that Pons and Flieschman were too eager to publish and way too naive about sources of error in the experiment.
Near the close of the article Jones of Utah says that some of the experiments are "approaching" 80% reproducible. This means that after 14 years of work it is still a flaky experiment, and I expect this accounts for the reluctance of many scientists to get involved in cold fusion research. Until you have a reliable experiment there is too much chance that you'll chase your tail over experimental artifacts.
They are going to work because there are numerous bugs floating around the UNIX world that allow garden variety users to run commands as root (do a google search on "unix privilege escalation" to see a sample of them). For a properly configured UNIX box, current on all its patches, this wouldn't be be much of a problem. Unfortunately, getting all the joe sixpacks to run properly configured and patched software of whatever flavor is an intractable problem.
to do an escalated privilege attack you need to not know that there is a user logged in remotely.
You don't seem to understand the issue. There are numerous bugs around the UNIX world that allow garden variety users to execute commands with root privileges. If I send you an executable as an attachment, and trick you into executing it, and the program can find and exploit one of those bugs, it can subsequently execute the commands of its choice with root privileges. That command may be to install a kernel module or any other damned thing they care to write into it. I will grant you that the common UNIX email clients make it a lot harder to trick a user into running an attachment, but it is by no means impossible as you claimed.
... effective escape macro yet but like 'fdisk/mbr'
Are you refering to ANSI macro exploits? If so, you should be aware that they affect several UNIX terminal programs as well! See for example this story Getting Hacked Through Your Terminal
I only use Linux for e-mail and I hose and clean my windows C partition whenever they get covered in bug shit! Symantec and MS can go to hell
I'm not here to apologize for Microsoft's security gafes, only to warn you that Linux has its own set of security issues. You must keep up with the patches and security fixes on a Linux box just as surely as if you were running Windows box.
I find that paying someone else a yearly ransom to secure your system and do maintenance is a real piss off!
Even if you run Linux you still either have to invest the time to follow the security updates and gather the patches yourself, or pay somebody like Red Hat to do it for you. Depending on how much software you have installed, this can be a real time sink. I make ~$30/hr, so I'm happy to pay Red Hat the $15 a year to keep current on patches and fixes. And of course I still have to spend a couple hours a month keeping up with security issues in order to make sure Red Hat isn't screwing up.
The price of security is eternal vigilance, and it's a pain in the neck.
don't care if you know the TCP/IP protocol inside out, and personally devised a new form of NAT. I acknowledge that there are some roles out there where that's very valuable experience and capability, and good luck getting one of them - you're probably in with a good shout.
Despite your caveat I think you are too focused on your own experience. IT is an ungodly huge field now, and one size never fits all. I've worked in back office IT, but now I'm working in bioinformatics and binary searches definitely don't cut it there. Somebody working in network security had damn well better know TCP/IP inside and out, and you may have noticed that network security is not an insignificant area these days. There will always be more jobs in back office IT then in specialties benefiting from an advance degree, but there aren't all that many advance degrees being produced, and there will always be critical roles for them.
I also think that you are comparing fresh oranges to rotten apples. Sure, I'm always going to pick a smart, experienced, motivated, non-degreed programer over an stupid, lazy, freshly minted, Ph.D., but what about a smart, experienced, motivated, Ph.D?
The cause of the blackout has still not been determined. In the face of this, I can understand that it is irritating to hear slashdot posters ascribe it with certainity to the evils of deregulation. However, by the same token, it is irritating to hear members of the Senate and the cabinet claim that the blackout could have been prevented by deregulation and drilling in ANWAR.
On the other hand, I and a lot of other folks are still paying the bills for the 2000-2001 power crisis in the west. This despite FERC's finding that there was widespread manipulation of the market by power producers and brokers (including the late unlamented Enron). To put it more bluntly, the "market actors" colluded to limit suppy and drive up prices, and this was the finding of the current administration's own appointees not some liberal conspiracy theory. I hope you will forgive us our cynicism if we entertain the notion that deregulation or market manpipulation may have played a role in this blackout.
Even though a cause for this blackout has not yet been determined, we are already hearing the drumbeat from certain parties calling for further deregulation and drilling in ANWAR as a solution.
Two years ago I would have been inclined to entertain these claims, but since the administration's own appointees on FERC found that market manipulation was rife during the 2000-2001 power crisis in the west, I now have to entertain the possibility that this summer's blackout was due to market manipulation. FERC finds widespread power manipulation in California"
Yeah they would if you transfered majoring in computer science, but if you transfer majoring in liberal arts or philosophy they dont really care about your math credentials
What are you planning to study? I think you'll find that even liberal art majors are required to complete a year of college math (though not necessarily calculus) during their first two years. If you are going into computer science you'll probably be required to complete calculus before you are admitted to the major. Before graduating you'll probably have to take statistics, and discrete math as well. The role of those in computer science is a whole other discussion, but I think you'll find that those are common requirements.
My field has absolutely nothing to do with calculus and calculus is not a degree requirement.
Fine, but you are trying to impress them so you can get in, and I think you'll find that they aren't impressed by folks who simply meet requirements.
So you are telling me getting teachers to write letters would be equal to me getting a 3.5+ GPA? I'm focused 100% on my GPA, some teachers were impressed by me and gave me compliments, but I dont know if they'd actually write a letter of recommendation, I suppose I could ask?
I wish I could give you a blanket answer, but it completely depends on the school. To get into the competitive schools you have to do something to impress them, and preferably two or three things. It may be a high GPA, a brilliant interview, community service, personal recomendations, your essay, your ethnic background, or an important relative. I can just about promise you though, that a 3.5 GPA in easy courses is not going to impress them more then a 3.0 in courses that approximate their something like their own requirements.
Be sure to talk to you community college advisors and the admissions counselors at the schools you are interested in attending.
Well you see, the point I'm trying to make is, when it comes to getting a job its all about who you know, not what you know and by going to elite private universities you meet the right people who can help you later on in life when you need refrences to take out a loan or you need to start a business and cant get any seed money.
I think you missed the point of the anecdote. Lyndon Johnson, the president of the US, was the one who had graduated from Southwest Texas State Teacher's College and all those Ph.D.s and JDs from Harvard worked at his pleasure.
I think you are rather romantically overestimating the power of connection. In my experience connections make a difference often enough to be discouraging to us non-connected folks, but unless you are born into a connected family (like our current president), choosing a college with an eye to making connections is playing a longshot. I have a niece who going to St. Andrews in Scotland where Prince William is attending. She sees him in lecture and in town now and then, but she certainly isn't going to be able to hit him up for a job when she graduates. I went to Reed College, it's not Ivy League, but it is a national liberal art college with a good reputation. My old classmates are now moderately succesuful doctors, business people, and professors, but certainly nobody with "juice", or who could bankroll me in a business venture.
Luck plays a huge role in life, but get the best education you can, because "chance favors the prepared mind".
This isnt about the jobs, this is about getting a degree from an elite private university
There is a lot to be said for attending an elite private university. You'll have a excellent education presented to you in the most supportive of environments. However, I'm reminded of a story about Lyndon B. Johnson's first cabinet meeting as president. He supposedly said something like "It is awe inspring to to be at this table with the best and brightest minds of the country: Ph.D.s, MBAs, and JDs from Havard, Yale, M.I.T and Princeton, and one B.A. from Southwest Texas State Teachers College."
This isnt about the jobs, this is about getting a degree from an elite private university.
But don't you think the admissions committe is going to notice the lack of math courses on your transcript? A 3.0 GPA may be a minimum standard, but I can assure you that not all 3.0 GPAs are equal. A 3.0 with Intro Calc is going to be more impressive then a 3.0 with "Free Verse for Slackers". This is true even for liberal arts majors. If you are thinking of going into a technical field, the lack of math would be the kiss of death.
I never take more than 4 classes per semester, and I never get anything below a B in grades, those are the rules I follow
I could never handle 4 classes in a semester! When I was taking three classes I doing OK, but running from one assigment to the next without much time for reflection. Two classes a semester is perfect for me (unfortunately most schools require you to take at least 3 to maintain eligibility for financial aid).
If you will forgive me reapeating my unsolicited advise, I really think you would be better off taking fewer but more challenging courses. If you struggle with math, this is the perfect opportunity to get to know your instructors. Prepare as best you can, show up at all their office hours, and then get them to write letters of recommendation. I know from experience that letters of recommendation carry a lot of weight in admissions at elite private universities.
I highly recommend Cartoon Guide to Statistics and Cartoon Guide to Genetics Despite the titles, they don't sacrifice accuracy for cuteness. If you make it all the way through the Cartoon Guide to Statistics you'll be able to understand common statistical practices like t-tests and confidence intervals, and you'll have a much better chance of recognizing when statistics are being abused.
What is the point of avoiding difficult but important classes simply to preserve your GPA? Are you in school to get an education or to simply achieve some arbitrary GPA? I've been in the position of hiring people for technical positions and I've always been far more impressed by a mediocre GPA in a substantial curriculum then a high GPA in an easy curriculum.
I recently returned to school myself, so I do have sympathy with amount of work required to do really well in a course, and I do understand that those planning to continue to a four year school or go on to graduate school need to match minimum requirements, but in my opinion you'll be better served by reducing the number of classes you take in a given term then by trying to ditch the challenging courses.
I'm curious, does your attitude apply just to IT jobs, or to all American labor. Do you drive an American car? Are your clothes made in America? Do you buy imported food? Or are you like myself and most other folks, and you've been shopping for the best value no matter where it came from? "Too bad about those textile workers, they should get re-trained as computer programmers" was not an uncommon attitude in the 80's. Now the chickens are coming home to roost.
Not quite a smoking cannon, but Mr. Bennett is one of the directors of Empower America, which has opposed the expansion of legalized gambling, and lists gambling as one of the negative "cultural indicators". It has been suggested that the gambling industry's irritation with this stance is why someone ratted Mr. Bennett out. Casinos are usually quite protective of their clients privacy.
IMHO the hypocracy lies not in the gambling per se, but in the arguments he used to defend his gambling, "It's my business", "I'm not hurting anyone", "It's legal in some jurisictions", and "I've won more then I've lost". These are all arguments that he has explicity rejected as justifications for things like homosexuality and marijuana use. It certainly seems like special pleading to reject these arguments for other people's vices but then marshall them in defense of his own vice.
Slashdot Mirror
People keep saying this, but it totally ignores all of the escalation of privilege bugs that are floating around. See for example here for a recent example on OS X.
If an ordinary UNIX user can be tricked into running a program, that program can then look for one of the hundreds of common bugs that allow escalation of privilege, and then install itself as root. This can be prevented by keeping current on your patches, and being careful about your configurations, but then you can keep a Windows box relatively secure by the same process. The trouble is that it's a lot of work and seems to be beyond the resources of most casual users regardless of which OS they use.
I don't think the argument here is either politics or computer science, I think it is how to turn computer programming into an engineering discipline. Every C/C++ programmer swears they will carefully attend to memory management and buffer bounds, and nearly every one of them will screw it up multiple times. Witness the numerous overflow bugs in OpenSSh and Sendmail, not to mention the Microsoft overflow bugs de jour. It's not that run time checking will prevent such errors, it's that when they occur (and they will), the program will fail in a predictable way and not execute arbitrary code.
The argument between supporters of "bondage and discipline" and "do what I say" languages has been going on since the birth of the industry. The "do what I say" languages have so far carried the day because they have had legitmate arguments about performance constraints, but isn't it time to devote a least some machine cycles to run time checking of the most common classes of programmer errors?
A relative of mine works in the aircraft industry. According to stories he has told me, it is required practice that all cables in a cable bundle have incompatible connectors. Obviously this is inefficient, expensive and tedious, but harsh experience has taught them that if a cable can be physically plugged into the wrong socket, it will be. Even the best programmers will occasionialy make mistakes and our software tools should accept this as a given.
Is it your extensive knowledge of biosciences that informs you otherwise, or simply your firm belief in the inherent kindness of the universe?
Malaria used to be endemic in the SE US. Civil engineering and public health measures are what make it rare here now. Malaria and River Blindness could be greatly reduced in the third world through similar measures. It doesn't require any new research, just the capital and the political will to take action. Are you contributing to these efforts? If not, how are you any different then the greedy drug companies?
Given the state of knowlege of both medicine and computer science this is absurdly naive.
If you spend any time working in the natural sciences you'll quickly realize that the world is full of ambiguous and contradictory evidence. Picking out which evidence is relevant is a subjective process, and experience and training can help you make better subjective decisions. Think of a doctor palpitating your neck in a physical exam. The objective physical finding might be "swollen lymph glands", but that throws away 99.999% of the information perceived by the doctor, who is thinking "Jeez, this feels just like the lymph glands of that Hodgkins case I saw two years ago."
By your arguments we should no long require mathematicians, since after all, mathematics is as objective a task as any human activity. I can assure you though, that giving you copies of Maple, Matlab, and Mathematica, will not turn you into a mathematician.
Thanks for that insight. I haven't used C++ since 1998, and unfortunately never got around to learning the C++ Standard Library or STL.
I've read your other comments on this thread with interest. What are your views on the difficulty of writing correct code in C/C++ versus say Java or C#? My experience has been that while all C/C++ programmers promise to be very careful about memory management and bounds checking, most of them screw it up at some point, even quite talented and experienced programmers. It seems to me that languages with run-time bounds checking keep momentary lapses in concentration from becoming buffer overflow exploits.
I recently wrote a small program that generated one million random doubles and then sorted them by size. I initially wrote it in Java and then (because I had the same opinion as you) I re-wrote it in C. Much to my suprise the Java version was faster then the C version. I suspect the JIT compiler made Java a match for C in generating the random numbers, but on top of that, Java provided a standard library function specifically for sorting an array of doubles. The standard C runtime only provided a generic quicksort function. I had to pass it a comparison function which it used to compare elements within the sort. I suspect the overhead of this callback function killed the performace of the C version. If I had writen my own double specific sorting routine for the C version I probably could have bested the performance of the Java version, but then I would have had to start juggling how much time I wanted to spend writing the program vs how often it was going to be run.
I find that I can write correct code more easily in Java then in C or Fortran. This allows me to spend more time on choosing and implementing algorithms and in many cases a superior algorithm will make the JIT/native differences irrelevant.
Obviously I wasn't present during this conversation, but unless there is more to it then you include here, I think you have some serious problems in communicating with your fellow humans. I know if I asked somebody for proof that my systems were insecure I would be thinking more along the lines of "please describe in detail the vulnerability" not "please try to crack my system". If you really believed that you had a legitimate invitation to try to crack the system why did you submit the evidence anonymously?
I think you have a very narrow view of morality then. Greater harm justifications only work if the questionable action was the only way to prevent the greater harm. Why didn't you just document the vulnerability and work your way up the chain of responsibility? (I mean immoral here as reading somebody's diary without permission, not as in assault or extortion.)
The legal penalties attached to cracking are just as much a part of the security infrastructure as encryption. Heck, if unauthorized network intrusion was a simple infraction punishable by a $10 fine I'd probably be wandering around my neighbor's unsecured wireless network right now.
A friend of mine (not a friend of a friend mind you, but mine very own friend) told a similar story.
He was working for a computer training company in Hawaii. In one of their classrooms they had an older computer which was no longer in use but not quite obsolete enough to toss. It sat unused in the corner next to the coffee station, and gradually picked up a patina of sugar and non-dairy creamer. Well, one day right before a class my friend is teaching, one of the student computers conks out, so my friend grabs the old computer, wipes off the schmutz, checks that it boots up, and uses it to replace the dead computer. The students come in, and he begins the lesson. A few minutes into the lesson the temperature inside the computer apparently reached the level of insect discomfort, and dozens of cockroaches came boiling out of every opening in the case, several of them dropping into the student's lap..
As you might expect that student wasn't ever able to regain their focus on the lesson, and they were given a refund.
While a lot of people think that the Pons-Fleischman episode was very bad science, I don't think many people think it was a hoax, which would implies deliberate deception. I think the consensus was that neutron detection and ultra-precise calorimetery are very hard to get right, and that Pons and Flieschman were too eager to publish and way too naive about sources of error in the experiment.
Near the close of the article Jones of Utah says that some of the experiments are "approaching" 80% reproducible. This means that after 14 years of work it is still a flaky experiment, and I expect this accounts for the reluctance of many scientists to get involved in cold fusion research. Until you have a reliable experiment there is too much chance that you'll chase your tail over experimental artifacts.
They are going to work because there are numerous bugs floating around the UNIX world that allow garden variety users to run commands as root (do a google search on "unix privilege escalation" to see a sample of them). For a properly configured UNIX box, current on all its patches, this wouldn't be be much of a problem. Unfortunately, getting all the joe sixpacks to run properly configured and patched software of whatever flavor is an intractable problem.
Are you refering to ANSI macro exploits? If so, you should be aware that they affect several UNIX terminal programs as well! See for example this story Getting Hacked Through Your Terminal
I'm not here to apologize for Microsoft's security gafes, only to warn you that Linux has its own set of security issues. You must keep up with the patches and security fixes on a Linux box just as surely as if you were running Windows box.
The price of security is eternal vigilance, and it's a pain in the neck.
Ever hear of an installable kernel module?
I've worked in back office IT, but now I'm working in bioinformatics and binary searches definitely don't cut it there. Somebody working in network security had damn well better know TCP/IP inside and out, and you may have noticed that network security is not an insignificant area these days. There will always be more jobs in back office IT then in specialties benefiting from an advance degree, but there aren't all that many advance degrees being produced, and there will always be critical roles for them.
I also think that you are comparing fresh oranges to rotten apples. Sure, I'm always going to pick a smart, experienced, motivated, non-degreed programer over an stupid, lazy, freshly minted, Ph.D., but what about a smart, experienced, motivated, Ph.D?
The cause of the blackout has still not been determined. In the face of this, I can understand that it is irritating to hear slashdot posters ascribe it with certainity to the evils of deregulation. However, by the same token, it is irritating to hear members of the Senate and the cabinet claim that the blackout could have been prevented by deregulation and drilling in ANWAR.
On the other hand, I and a lot of other folks are still paying the bills for the 2000-2001 power crisis in the west. This despite FERC's finding that there was widespread manipulation of the market by power producers and brokers (including the late unlamented Enron). To put it more bluntly, the "market actors" colluded to limit suppy and drive up prices, and this was the finding of the current administration's own appointees not some liberal conspiracy theory. I hope you will forgive us our cynicism if we entertain the notion that deregulation or market manpipulation may have played a role in this blackout.
Hear, Hear!
Even though a cause for this blackout has not yet been determined, we are already hearing the drumbeat from certain parties calling for further deregulation and drilling in ANWAR as a solution.
Two years ago I would have been inclined to entertain these claims, but since the administration's own appointees on FERC found that market manipulation was rife during the 2000-2001 power crisis in the west, I now have to entertain the possibility that this summer's blackout was due to market manipulation. FERC finds widespread power manipulation in California"
Be sure to talk to you community college advisors and the admissions counselors at the schools you are interested in attending.
Best of luck to you
I think you missed the point of the anecdote. Lyndon Johnson, the president of the US, was the one who had graduated from Southwest Texas State Teacher's College and all those Ph.D.s and JDs from Harvard worked at his pleasure.
I think you are rather romantically overestimating the power of connection. In my experience connections make a difference often enough to be discouraging to us non-connected folks, but unless you are born into a connected family (like our current president), choosing a college with an eye to making connections is playing a longshot. I have a niece who going to St. Andrews in Scotland where Prince William is attending. She sees him in lecture and in town now and then, but she certainly isn't going to be able to hit him up for a job when she graduates. I went to Reed College, it's not Ivy League, but it is a national liberal art college with a good reputation. My old classmates are now moderately succesuful doctors, business people, and professors, but certainly nobody with "juice", or who could bankroll me in a business venture.
Luck plays a huge role in life, but get the best education you can, because "chance favors the prepared mind".
There is a lot to be said for attending an elite private university. You'll have a excellent education presented to you in the most supportive of environments. However, I'm reminded of a story about Lyndon B. Johnson's first cabinet meeting as president. He supposedly said something like "It is awe inspring to to be at this table with the best and brightest minds of the country: Ph.D.s, MBAs, and JDs from Havard, Yale, M.I.T and Princeton, and one B.A. from Southwest Texas State Teachers College."
But don't you think the admissions committe is going to notice the lack of math courses on your transcript? A 3.0 GPA may be a minimum standard, but I can assure you that not all 3.0 GPAs are equal. A 3.0 with Intro Calc is going to be more impressive then a 3.0 with "Free Verse for Slackers". This is true even for liberal arts majors. If you are thinking of going into a technical field, the lack of math would be the kiss of death.
I could never handle 4 classes in a semester! When I was taking three classes I doing OK, but running from one assigment to the next without much time for reflection. Two classes a semester is perfect for me (unfortunately most schools require you to take at least 3 to maintain eligibility for financial aid).
If you will forgive me reapeating my unsolicited advise, I really think you would be better off taking fewer but more challenging courses. If you struggle with math, this is the perfect opportunity to get to know your instructors. Prepare as best you can, show up at all their office hours, and then get them to write letters of recommendation. I know from experience that letters of recommendation carry a lot of weight in admissions at elite private universities.
I highly recommend Cartoon Guide to Statistics and Cartoon Guide to Genetics Despite the titles, they don't sacrifice accuracy for cuteness. If you make it all the way through the Cartoon Guide to Statistics you'll be able to understand common statistical practices like t-tests and confidence intervals, and you'll have a much better chance of recognizing when statistics are being abused.
What is the point of avoiding difficult but important classes simply to preserve your GPA? Are you in school to get an education or to simply achieve some arbitrary GPA? I've been in the position of hiring people for technical positions and I've always been far more impressed by a mediocre GPA in a substantial curriculum then a high GPA in an easy curriculum.
I recently returned to school myself, so I do have sympathy with amount of work required to do really well in a course, and I do understand that those planning to continue to a four year school or go on to graduate school need to match minimum requirements, but in my opinion you'll be better served by reducing the number of classes you take in a given term then by trying to ditch the challenging courses.
I'm curious, does your attitude apply just to IT jobs, or to all American labor. Do you drive an American car? Are your clothes made in America? Do you buy imported food? Or are you like myself and most other folks, and you've been shopping for the best value no matter where it came from? "Too bad about those textile workers, they should get re-trained as computer programmers" was not an uncommon attitude in the 80's. Now the chickens are coming home to roost.
Not quite a smoking cannon, but Mr. Bennett is one of the directors of Empower America, which has opposed the expansion of legalized gambling, and lists gambling as one of the negative "cultural indicators". It has been suggested that the gambling industry's irritation with this stance is why someone ratted Mr. Bennett out. Casinos are usually quite protective of their clients privacy.
IMHO the hypocracy lies not in the gambling per se, but in the arguments he used to defend his gambling, "It's my business", "I'm not hurting anyone", "It's legal in some jurisictions", and "I've won more then I've lost". These are all arguments that he has explicity rejected as justifications for things like homosexuality and marijuana use. It certainly seems like special pleading to reject these arguments for other people's vices but then marshall them in defense of his own vice.