Although MS may have a bastardized implementation of PKI, it has some primary flaws. For starters, MS will only allow their domain controller certs to be constructed in some specific fashion. If you are a small firm and it is inexpensive to gut your PKI quickly, then play with MS implementations.
Stick with standards compliance for larger implementations. You never know how someone is going to need to use your infrastructure, and it is a REAL PAIN to adjust (bigger = exponentially harder). For example, one day you might need to do something with hardware cards or trusted peers. If your chosen version doesn't play that way, you could be screwed. Just find another job, fast.
If all you want is single sign on with a piece of plastic, buy a SSO solution and be done with it. But if you want a root CA, subordinate CAs which issue hardware, software, server, and mcs credentials, then that's a real PKI.
If you don't have the facilities to handle physical security needed for a PKI, then find a vendor.
The first part of PKI is Policy (read - legal junk that gives your Base64 blobs some sort of validity). You need a CP and a CPS and that requires a lot of typing. Once you get that down, then you can survey offerings and find what you need. Some hints at decent products are from Novell and a section of RedHat that was formerly known as NSS.
I'm not stricly MS bashing, but some will see 2 linux vendors and say "oh, he just hates Windows". Fact is there are plenty of PKI standards and Microsoft doesn't do it correctly - why should they when everyone uses Windows to sign in.
Clarion has had this type of product for years. www.autopc.com (joyride system) Has USB interface, MMX processor, DVD/CD. And yeah, it runs with Windows.
If VeriSign's defense is that they sell something that can not be defined as property, then how can they sell it if they don't actually own anything?
It's a voucher for a service, not property of value. Much like you go to the gas station and buy a ticket for the car-wash. The face-value of the ticket is worthless, and it expires in time. But, punch that number into the machine and your car is washed. How many times have you tried to redeem the 1/100th of 1 cent in coupons from the Saturday paper?
I don't have shrink-wrapped stats to support it, but I believe JBoss is FOSS and they seem to make the money off of training, partnerships, etc.
I worked for a company that was considering opening up some source. After the initial push to get noticed, the plan was to produce books, training, certified partners, and all that other corporate stuff, so we could be paid. Needless to say, they are still a closed-source operation.
Other things that supposedly have a minimum age (in most
states):
Guns
Driving Permits
Tobacco & Alcohol (when did you even hear of a kid smoking/drinking under age)
Legal Documents
Movies (note that music is NOT limited, so busta gang bang on dat RIAA ass)
Sex (some states)
Where does a video game fit in with this crowd, while ignoring music and food? IANAL, but federal law doesn't seem to address any of the other items in my list (except sex).
The next installment of Mortal Combat needs a Saddam character, so we can all do our part in the war on terrorism.
Congresscritters, please protect me from myself, for I know not what I do
Seriously folks, has anyone looked at how big these antennas are? Read on for my contribution to the FUD:
If you had a Hummer and wanted to go camping, I could see this as a solution to the TV-addicted society.
"Hey honey, let's go camping." - "No, I'll miss Springer." - "No you won't, I just bought a big thing for the roof of the car, so you can watch while I fish"
Also, if I were a thief, the stupid EXTERIOR antenna (which covers an entire roof-rack) would be equivalent to a big "BREAK HERE" sign.
If I were a cop, I would sit in a helicopter and start TV-profiling for drivers that needed a ticket to lighten their wallet. As an added bonus, my coworkers could watch Dr. Phil while writing the tickets.
If there is any hope, it would require HDTV OTA, good signal coverage, and an internal antenna. The minute you lose view of the southern-sky, the DirecTV signal dies (tunnel, anyone?). The line-of-sight isn't an issue on a boat (unless you are circumnavigating the world). The company's original target market is the boating community, not autos. The technology is cool, but the application of it is dubious. These things have a better chance if they are made for a golf cart.
Take a look at this. MS is trying to buy web programmers that understand XML/SGML/HTML so Ballmer can brainwash them. He will do the monkey dance until they fall into submission.
To beat a dead horse - If we built houses like we build software,.....
When you buy a house, it is either pre-existing or soon-to-be-existing. In the case of the former, you can only know as much as the owner tells you, and the builder's reputation and the packaging. In the case of the latter, you can visit the site as often as you want (just don't be shocked if you see some beer cans sitting around).
I agree that most software sucks, but to say that you need to take the walls down to inspect the plumbing both trivializes a nontrivial problem, and tells one no-more-than 'next house on the list' inasmuch as they know what they are looking at.
What you really need to do is find a lawyer that knows something about technology and IP. There are some fairly tricky contracts that allow customers access to source code while not negating the IP rights of the author(s). The first thing that you need to do, however, is place copyright notices on every file of source code. At a minimum, it's better than nothing, especially if you are locked into a contract already. Getting a customer to rewrite a contract that has already been signed is a bad idea.
If you want to continue as a practitioner of code, here is a laundry list:
RDMS - Databases will be needed for a very long time. You can look at specifics - such as Oracle's 9iAS portal technology, or you can look to general design and ANSI-compliant implementation. You can take this almost anywhere.
Web technology - XML is a MUST-have. Understand HTTP and HTML. Can go almost anywhere.
P2P - lots of lesser-known things in this arena, few and far-between. More of a niche, difficult to find for-pay work.
networking security - even fewer people competently know this stuff. You can count the number of new (true) US graduates/certifications on your fingers and toes. Lots of government-related work. Could require security clerance. Takes time (and $) to learn.
If you don't want to schlock code around, invest in learning more about Systems/Software Engineering. DoD just killed the 5000-series, so 40 years of 'the way we do things' is dead. Emphasis on items like CMMI, software quality, productivity, etc will give any of your future employers a competetive edge, if you are succesful in practicing what you have learned. Organizational culture and buy-in would be your biggest obstacles, so you need to be one heck of a salesman.
All the computing sector needs is an influx of people who think they know something about computers.
These people get a government job, and start telling their contractors what to do and how to do it
This courses introduction should be "Here is what real software engineers do (insert comlex UML diagram here), and this course won't prepare you to even get there."
Burn their webserver - IIS 4 (according to NetCraft). The techs are probably working on installing updates and re-service-packing everything. Not to mention all the rebooting.
They had no chance of survival.
Come back in a week...
I work at a company with a similar situation. We have spent the past couple months, at my insistance, on reworking our process.
Here is what we've done:
PM must know that they are administrative, not a spec-writer.
Let the PM B.S. with the client - they may discover some future-intent that was unstated in the initial requirements-cut. It can help you in deciding on an approach/design to the software.
Analysts and Devs need to be present whenever a system is discussed (requirements or enhancements)
Two people will interpret the same thing differently
Mitigate questions, internally then with the clients
Project Managers will never estimate a cost, and will accept what they are told. (No marketing-lies)
Requirements will never be perfect; aim for 85 percent.
Someone is tasked to update and manage the requirements and design, and they need to understand both.
The person who wrote the requirements and/or design is not the one to develop the production system. It must be delegated to a peer. If your requirements and/or design are full of holes and assumptions, it will come-out in the handoff.
Most importantly, use a process that makes sense for both the project and the task. If something is high-risk, consider a spiral-model. If something is complex, use iterations or the (related) Unified Process. From an organizational perspective, you should lay out templates for all of these.
Find someone that knows something about Software Engineering, not just Computer Science. Programmers know some great stuff but there is much more to acceptable-software than elegant functional code.
Comparing apples and oranges, in an otherwise decent post. It's bad logic to say "We can fix our holes quickly, therefore we are better!".
I doubt anyone would argue that the MS OS product is everywhere. However, there is a distinct differenct between patching a component and patching a dam. IMHO, this would be a more-constructive discussion (libraries vs. everything interleaved).
Seriously, MS does a good job of packaging the fixes and making them available to the public. They work at making things easy enough that I can explain "how to update windows" to my girlfriend's mother. Although their patches aren't 100% smooth, you only hear about the "one that got away". That 1% slip, thru the cracks, is probably the responsibility of some low-life on their last day.
OSS projects push the support on their users, whom generally have a minimum double-digit IQ and a set of "supported hardware". MS works for the dolts that built their PCs from recycled auto parts.
I work as a developer for a tech services firm that started out as a "virtual company". There are a few factors that will help you make your case for the boss.
Research. Find some financial incentives for your company. A good example would be the Telework VA!. Look for one in your region.
Find a company like yours that has already implemented a Telework program. In my case, Altum (dot-com). This can be sold as "being behind in our internal strategy". And yes, we make money.
In any case, there are certain expenses that are incurred when you start teleworking, for hardware and connectivity, so it isn't as easy as turning on a light. In addition, you should think about how teleworking will affect you. Teleworking blurs the distinction between @Work and @Home, so you must set aside a work-schedule. Otherwise you could easily become either addicted to work (burn-out) or non-productive. I can't even count how many times people ask me to do things because they think that I am "@home" when I am really "at-work @home". Best advice: sell the idea, then bring in a consultant to fix you up right.
Slashdot Mirror
Although MS may have a bastardized implementation of PKI, it has some primary flaws. For starters, MS will only allow their domain controller certs to be constructed in some specific fashion. If you are a small firm and it is inexpensive to gut your PKI quickly, then play with MS implementations.
Stick with standards compliance for larger implementations. You never know how someone is going to need to use your infrastructure, and it is a REAL PAIN to adjust (bigger = exponentially harder). For example, one day you might need to do something with hardware cards or trusted peers. If your chosen version doesn't play that way, you could be screwed. Just find another job, fast.
If all you want is single sign on with a piece of plastic, buy a SSO solution and be done with it. But if you want a root CA, subordinate CAs which issue hardware, software, server, and mcs credentials, then that's a real PKI.
If you don't have the facilities to handle physical security needed for a PKI, then find a vendor.
The first part of PKI is Policy (read - legal junk that gives your Base64 blobs some sort of validity). You need a CP and a CPS and that requires a lot of typing. Once you get that down, then you can survey offerings and find what you need. Some hints at decent products are from Novell and a section of RedHat that was formerly known as NSS.
I'm not stricly MS bashing, but some will see 2 linux vendors and say "oh, he just hates Windows". Fact is there are plenty of PKI standards and Microsoft doesn't do it correctly - why should they when everyone uses Windows to sign in.
I sure hope you are not working on HSPD12Clarion has had this type of product for years. www.autopc.com (joyride system) Has USB interface, MMX processor, DVD/CD. And yeah, it runs with Windows.
If I were a retailer, could I be sued because you came in and bought something with a fake credit-card (your name and someone else's acct)?
I'm not saying your wrong, I just don't see the logic between Cohen and Verisign. It's not like they were conspiring.
But, you wouldn't sue the gas station for zillions of dollars, claiming that they gave away your PROPERTY, either.
It's a voucher for a service, not property of value. Much like you go to the gas station and buy a ticket for the car-wash. The face-value of the ticket is worthless, and it expires in time. But, punch that number into the machine and your car is washed. How many times have you tried to redeem the 1/100th of 1 cent in coupons from the Saturday paper?
IMHO, commercial telcos are interested in 1 thing, PROFIT. Not much R&D, no competetive pricing. Abysmal customer service.
Read Jim Baller's remarks for a synopsis of technological rollout.
I don't have shrink-wrapped stats to support it, but I believe JBoss is FOSS and they seem to make the money off of training, partnerships, etc.
I worked for a company that was considering opening up some source. After the initial push to get noticed, the plan was to produce books, training, certified partners, and all that other corporate stuff, so we could be paid. Needless to say, they are still a closed-source operation.
Wow, and I even switched to decaf!
While the congress is hardly at work, they should also consider age limits on purchasing Fast Food. It would be inline with the current trend of suing food vendors and blaming them for their child's "weight problems", which supposedly kills alot more people over time.
Where does a video game fit in with this crowd, while ignoring music and food? IANAL, but federal law doesn't seem to address any of the other items in my list (except sex).
The next installment of Mortal Combat needs a Saddam character, so we can all do our part in the war on terrorism.
Congresscritters, please protect me from myself, for I know not what I do
Seriously folks, has anyone looked at how big these antennas are? Read on for my contribution to the FUD:
If you had a Hummer and wanted to go camping, I could see this as a solution to the TV-addicted society.
Also, if I were a thief, the stupid EXTERIOR antenna (which covers an entire roof-rack) would be equivalent to a big "BREAK HERE" sign.
If I were a cop, I would sit in a helicopter and start TV-profiling for drivers that needed a ticket to lighten their wallet. As an added bonus, my coworkers could watch Dr. Phil while writing the tickets.
If there is any hope, it would require HDTV OTA, good signal coverage, and an internal antenna. The minute you lose view of the southern-sky, the DirecTV signal dies (tunnel, anyone?). The line-of-sight isn't an issue on a boat (unless you are circumnavigating the world). The company's original target market is the boating community, not autos. The technology is cool, but the application of it is dubious. These things have a better chance if they are made for a golf cart.
Take a look at this. MS is trying to buy web programmers that understand XML/SGML/HTML so Ballmer can brainwash them. He will do the monkey dance until they fall into submission.
I would never buy anything Java-related that came from microsoft. Here's why!
All your files belong to us. It's in the EULA.
To beat a dead horse - If we built houses like we build software, .....
When you buy a house, it is either pre-existing or soon-to-be-existing. In the case of the former, you can only know as much as the owner tells you, and the builder's reputation and the packaging. In the case of the latter, you can visit the site as often as you want (just don't be shocked if you see some beer cans sitting around).
I agree that most software sucks, but to say that you need to take the walls down to inspect the plumbing both trivializes a nontrivial problem, and tells one no-more-than 'next house on the list' inasmuch as they know what they are looking at.
What you really need to do is find a lawyer that knows something about technology and IP. There are some fairly tricky contracts that allow customers access to source code while not negating the IP rights of the author(s). The first thing that you need to do, however, is place copyright notices on every file of source code. At a minimum, it's better than nothing, especially if you are locked into a contract already. Getting a customer to rewrite a contract that has already been signed is a bad idea.
Just imagine, if Congress keeps this up! We could finally get fuck.us, long overdue from them.
Along those lines, feel free to reply with some original hostnames...
Remember kids, 9/11 wasn't anybody's faultIf you don't want to schlock code around, invest in learning more about Systems/Software Engineering. DoD just killed the 5000-series, so 40 years of 'the way we do things' is dead. Emphasis on items like CMMI, software quality, productivity, etc will give any of your future employers a competetive edge, if you are succesful in practicing what you have learned. Organizational culture and buy-in would be your biggest obstacles, so you need to be one heck of a salesman.
All the computing sector needs is an influx of people who think they know something about computers.
These people get a government job, and start telling their contractors what to do and how to do it
This courses introduction should be "Here is what real software engineers do (insert comlex UML diagram here), and this course won't prepare you to even get there."
This is another example of Congressman doing things that they cannot comprehend (e.g. DMCA or that freaky RIAA bill).
I would prefer these do something more constructive with their time, like passing bills to allocate funding for FY03.
The last thing that any engineer wants is a lawyer inside the software.
Shame on you, Tom Davis! You just lost my vote. <slap>
Burn their webserver - IIS 4 (according to NetCraft). The techs are probably working on installing updates and re-service-packing everything. Not to mention all the rebooting. They had no chance of survival. Come back in a week...
I work at a company with a similar situation. We have spent the past couple months, at my insistance, on reworking our process.
Here is what we've done:
Most importantly, use a process that makes sense for both the project and the task. If something is high-risk, consider a spiral-model. If something is complex, use iterations or the (related) Unified Process. From an organizational perspective, you should lay out templates for all of these.
Find someone that knows something about Software Engineering, not just Computer Science. Programmers know some great stuff but there is much more to acceptable-software than elegant functional code.
Comparing apples and oranges, in an otherwise decent post. It's bad logic to say "We can fix our holes quickly, therefore we are better!".
I doubt anyone would argue that the MS OS product is everywhere. However, there is a distinct differenct between patching a component and patching a dam. IMHO, this would be a more-constructive discussion (libraries vs. everything interleaved).
Seriously, MS does a good job of packaging the fixes and making them available to the public. They work at making things easy enough that I can explain "how to update windows" to my girlfriend's mother. Although their patches aren't 100% smooth, you only hear about the "one that got away". That 1% slip, thru the cracks, is probably the responsibility of some low-life on their last day.
OSS projects push the support on their users, whom generally have a minimum double-digit IQ and a set of "supported hardware". MS works for the dolts that built their PCs from recycled auto parts.
Although not much on OS, you can gather a little more domain knowledge by reading thru the site.
- Research. Find some financial incentives for your company. A good example would be the Telework VA!. Look for one in your region.
- Find a company like yours that has already implemented a Telework program. In my case, Altum (dot-com). This can be sold as "being behind in our internal strategy". And yes, we make money.
In any case, there are certain expenses that are incurred when you start teleworking, for hardware and connectivity, so it isn't as easy as turning on a light. In addition, you should think about how teleworking will affect you. Teleworking blurs the distinction between @Work and @Home, so you must set aside a work-schedule. Otherwise you could easily become either addicted to work (burn-out) or non-productive. I can't even count how many times people ask me to do things because they think that I am "@home" when I am really "at-work @home". Best advice: sell the idea, then bring in a consultant to fix you up right.