In my CS classes, there were very few women, and the few there were, well, off the bell curve, let's say.
In the high school I worked at, the Cisco instructor decided it would behoove her and the program in general to inspire females who showed aptitude in computers (and when she couldn't find enough of those, essentially any female who could type) to sign up for the program.
What they wound up with were a smattering of females who, to put it bluntly, exhibited the female stereotype to a 'T'. One would concentrate on her cosmetics during class, one or two would flirt with all the guys in the class, one would fret about when she could get out to have a snack (and roam the halls, talking with friends as high school girls do), and the rest just plum didn't get it.
Test results were abysmal. CCNA Semester 1 Chapter 1 is a basic introduction to computers. "This is a Central Processing Unit (CPU). This is a Network Interface Card (NIC). This is a network cable.", yet atleast a third of them failed it miserably, the others went on to either fail, drop out, or barely pass (which wouldn't have happened if Cisco hadn't dropped the >70% requirement to pass right out of the starting gate, but I digress).
Moving on to college, I found about a 15% female population in a networking course. Most of them were very bright women who were sure to go far in the career of their choice. However! Information Technology (sorry, I never was much for CS, but they're analagous enough for my point) is not that career.
Many of them were obviously there because they'd found themselves in similar situations in high school - pushed through the CCNA program by faculty, parents, or administration. The vast majority of CCNA grads picked up the routers again after the summer within hours, but the female CCNA grads had to resort to 'cheat sheets' to configure the routers, not realizing they had to modify their implementations, specifically WRT the IP addressing scheme on the 'cheat sheet' versus the assignment. Other females in the class were sore over the fact that (and I quote) "There were no requirements for computer courses spelled out beforehand."
I've known some brilliant female IT, and I've known some females in IT who should seriously consider a career change. I've also known some females in IT who just plum have too much resentment over their lack of success to be working with other people. (n.b. the same applies to men, but since we're singling out women, I'll talk about women).
For example; I've had several women, right out of the blue, accuse me of sexism because of their lack of understanding of the subject material. Be it a discussion between peers, or helping out people with problems, it's happened several times. In one case, a female's keyboard and mouse stopped working after she'd re-assembled her PC. I suggested, after listing a few possibilities, that it's possible the connectors (both PS/2) were reversed (this being before they were all colour coded; I've done it myself, it sucks, but you flip it and move on, lesson learned - take the extra 5 seconds to do it right the first time). I was treated to a barrage of how wrong I was, about how she wasn't inferior just because she was female, and how my "boys club" mentality and blatant sexism weren't appreciated, etc. etc. as she dug for a manual that explained how the PS/2 ports were interchangable (based on the voltages). I'm thinking Information Technology isn't the right career choice for anybody with this mentality, regardless of the size and shape of their frontal appendages.
So, to make a long story even longer, either you'll believe me to be sexist to the Nth degree, or you'll (hopefully) see my point; diversity for the sake of diversity does not work. Trying to shoehorn people into CS, IT, or any other discipline for which they do not have a) the mindset, or b) the desire to succeed will only lead to failure, resentment, and under-capable graduates flood
However if someone leaves a card at home, they can't do any work, or if someoneis working remotly and they don't have a fingerprint scanner they can't get access. There are downsides to physical security.
Innumerable people already carry one, two, or even three ID cards on their person at all times. One a photo ID card, one a magneto door card, and often a training certificate of some sort. If they forget them, security tells them to turn around.
There are a plethora of devices to attach these to a person. Clips, hoops, necklaces, etc.
Anyone at any real tech job probably has 50 or more passwords floating around their brain, and use at least half of those in any given week.
Yes, but how many of those are GOOD passwords (minimum 8 characters, mix of letter/number, mixed case)?
That's the connundrum users face. They're told these wild ideas about password security where they have to maintain solid, random passwords which must be changed every month. Oh, and they can't use the same password on multiple systems. So now people have to try to memorize upwards of a dozen random letter-number combinations that changes just as they start to get the hang of some of them (not many people can be expected to commit a full dozen to memory inside of a month, every month, without fail). Oh, and they're also not allowed to write them down anywhere or tell anybody.
You may have 50 passwords, but if half of them are the names of your pets and favourite sports clubs, you're dead in the water.
Yeah, they won't notice the difference because they will still save the files on their C drive. At least that's been my experience.
Some steps to follow;
Move existing documents from C: to x: (network home directory)
Change application defaults to x:
(Optional) Set group policy to redirect "My Documents" to x:
Issue written instructions to save to x:, with backing from management (yours and theirs), accompanied with notice that only files saved to x: come with any guarantee that they will still be there the next morning (vis, if their computer goes south, you replace parts and re-image, but the server is backed up regularly)
The key is to remind all employees regularly (twice/year or thereabouts) in writing, and keep management abreast of the situation and the reasons for doing so to ensure maximal CYA. If they don't listen to you and they lose work ("HDD crashed? Sorry, we can't justify $3k for data recovery for your workstation. But it's ok, your work is all stored on the server, right?"), it's their problem, and their job on the line.
The BOFH approach, while fun, doesn't work terribly well with common users. You have to explain the situation to them and attempt to reason it out in language they understand. If they know more than you about these computers (then why aren't they doing your job?), ensure that they've received their bi-monthly copy of the computer usage guidelines and hope it never has to come to a head.
While the scroll wheel is up there, and i do love it, I'd have to say microsoft's application menu (aka the "start button") is the most significant UI innovation in the last 10 years....
I'll have to echo this poaster's sentiments, and add to it that OS/2 Warp had a "Start Menu" back in the early 90's, as did most of the window managers I can recall from that era.
If you want to get technical, the graphical application menu is merely an extension of the age-old textual application menu concept that I've been using since the mid 80's or thereabouts.
i mean think about it, for a new user, they see a button that says "START" on it.
Have YOU ever had to tell a "new user" to click Start to Stop their computer?
The thumb button is pretty useless, as when I use it, the mouse moves 1/4 inch to the right.
Huh? How in the world do you manage that? Do you like let go of the mouse first?;)
I've got an A4 Tech mouse a friend gave me years ago (it was in development at the time; she was working on the projcet. Yay; beta mouse!) that has two buttons, a horizontal and vertical scroll wheel, and a thumb button that acts as the middle button. I used that mouse almost exclusvely on my primary workstation for years until I got my optical; pasted text, opened links in tabs, etc. but it never moved due to thumb-clicking.
I can only speak from what I've seen in our offices, but squid (running in transparent proxy mode) very definitely caches content from Windows Update... I set it up about six month ago and remeber being really surprised (because I think I very reasonably expected it not to).
Our store Squid server caches the likes of IE 6.1, Media Player and DirectX, but the vast majority of the Critical/Security updates are not cached. Our connection is quick enough to handle it, but a PITA nonetheless due to the dozens of machines requiring updates every week.
You only need filters on your outgoing servers. What, you don't have firewalls in front of your outgoing servers that block (or, better, reject) incoming SMTP already? What kind of moron are you if you don't?
{SIGH}
Additional filters would be required. This means additional work and additional CPU cycles. Of course, this isn't even taking into account the number of non-externally accessable MTAs that would have to somehow be accounted for, or for any of the (multi-)national ISPs which have upwards of 50+ outgoing MTAs for their clients. That's 50 (FIFTY!) extraneous connection attempts PER E-MAIL to reach a valid MX. I'm through mincing words; Your solution is not viable, short-sighted, and appears to be based almost entirely on ignorance.
It's quite apparent that you have no working knowledge of how mail transport operates in the real world, so call me whatever names you want, but I'll not respond to any further ramblings from you until you aquire a Clue<TM>.
Not at all. You can have multiple MX records associated with a domain. So what you do is set up the systems that you want acting as inbound mail servers with high-priority MX records and the systems you want acting as outbound mail servers with low-priority MX records. Then you block inbound SMTP traffic to the outbound mail servers (you're doing that already anyway, right?).
I hadn't realized how in-depth your lunacy had gone until I read this.
So we're supposed to double our MX records for all zones and maintain filters for all incoming and outgoing servers, because we've implemented falsified MX records in our zone files.
So now if my primary, incoming MX goes down, my outgoing MX (which, by your reasoning, has incoming mail blocked/DENY'd) will have all incoming mail pointed at it. So now, rather than returning a timely error message and having mail destined for my domains sit in a 'Delayed' or 'Deferred' state at the transport MTAs, they have to try entire additional step(s), thereby doubling the wasted bandwidth amd causing more problems than it solves.
Great solution. I'll propose it to my colleagues post haste - I'll try to remember to bring a tape recorder along so I can send you the resulting laugh track.
Could you be more specific? It's fine to make the claim that MX records won't do the job, but it's not useful to me or anyone else if you don't say why. Just saying "refer to the RFC" isn't sufficient
Since you're the one making the claim that you can stop SPAM without a significant rewrite of any software, I figured you'd atleast done some research into the situation, but I suppose wild, unsupported claims are nothing new on Slashdot, so I'll help you out;
You may wish to consult RFC2821; Simple Mail Transfer Protocol. Specifically, section 5.Address Resolution and Mail Handling. (Which, as it turns out, you referenced to me in a follow-up posting) To whit;
[...] The lookup first attempts to locate an MX record associated with the name. If a CNAME record is found instead, the resulting name is processed as if it were the initial name. If no MX records are found, but an A RR is found, the A RR is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host. If one or more MX RRs are found for a given name, SMTP systems MUST NOT utilize any A RRs associated with that name unless they are located using the MX RRs; the "implicit MX" rule above applies only if there are no MX records present. If MX records are present, but none of them are usable, this situation MUST be reported as an error.
You'll note that in the case where no MX records are found, an A RR pointing to the name is treated as an implicit MX with a preference of 0.
In the case where people are running small to medium sized domains where all services are hosted at the same location, removing the MX record is one method to reduce the overall size and complexity of the zonefile.
The doamins aren't their only expense. Now they also have to pay for their own hosting as well, as well as for the DNS servers that will be authoritative for their domains.
Give me an hour and I'll give you a list of over a thousand free hosting companies; including many companies who perform "all in one" domain registration, DNS, web, and e-mail hosting.
Give me a day and I'll give you a list of over a thousand offshore hosting companies who'll sell their services for a song.
What happens when they do that is that the system they're connecting to looks up the MXes for sysexperts.com and
You ignored a portion of my previous posting. MX records are not reliable points of source-address verification.
I'll say it again; MX records are not reliable points of source-address verification.
Your proposal, my friend, would require an SMTP re-implementation.
Read the relevant RFCs and you'll waste less time arguing a moot point.
With 261,000 hard drives, and each hard drive to say operate for 250,000 hours mean-time between failures, there could be a disk failure about each hour within the system!!
Uhm, MTBF doesn't exactly work like that. Assuming they buy drives in 10k batches, that means they have approximately 285k hours before all 10k drives reach the end of their guaranteed reliability period. The drives in my home servers and the SOHO servers I've implemented tend to live out their MTBF ratings in active use, then gain an additional hundred thousand hours or so of use in a workstation or two before being retired.
Any organization rolling out tens or hundreds of thousands of drives who doesn't do their research (and testing) first deserves whatever they get. (And purchasing for servers the above referenced "value" drives - a class suitable only for home user desktops - is definately a first class blunder)
Moreover, they aren't terribly likely to be implementing "value" drives (the ones that typically come with such low MTBF ratings), but more likely something like the WD Raptor, Seagate Cheetah 10k.6 or similar with 1.2 million hour MTBF ratings.
What people need to do is stop trusting every email connection that's made, and instead insist that every email connection comes from a listed MX.
Which in itself is an RFC violation.
End result: it forces spammers to buy a domain (that won't last very long since it'll be blacklisted immediately if it starts sending spam), makes it easy to create useful blacklists that work, and ultimately significantly increases the costs of spamming. And finally provides a way of reliably ignoring open relays (because you can blacklist the domain associated with the open relay).
Give me a Visa card with a $2000 limit and I can own about 200 domains inside of 24 hours. Considering SPAMmers are purchasing $750k houses with the proceeds from their efforts, I'd say that's not a huge problem.
Now consider what happens when SPAMmers start routinely issuing "MAIL FROM: <kcbrown@sysexperts.com>"
Oh, wait, they already do that, and implementations like you suggest would only re-double their efforts. I'd rather not find myself at the wraith of people who have the capabilities to send 10 billion messages/month in my name, thanks.
I assume that joke here is that there are hardly any other countries in the world which have 3500 miles for a letter to go. Even if the mail in, say, Japan were free, you still couldn't send a letter 3500 miles. I guess nobody got it.:)
What if a powerful organization was able to convince ALL major search/indexing companies to remove their listing for a given site?
I'm all out of tinfoil, so I'm afraid I'll have to let that one lie.
For all effective purposes, unless it's very heavily promoted through other means, it will cease to exist on the internet (unless you already know about it).
If your site is relying on search engines for the majority of its traffic, your model is already flawed and it's best that you go silently into the night until you figure out a new approach.
Opps, $10m is more like it, sorry typo, dunno how is did it twice...:\
$10m for 54000 servers? Considering these servers are said to average 2CPUs and five hard drives per, I'd say your estimated $185.00 per server is a little on the slim side.
Estimating a more round $2000 per server, we come to a figure of $108 million. Factor on top of this the costs of housing these servers, including backup power (UPS and generator), the real estate (you can't shove 54k servers into a spare equipment closet), the custom software (which is where the real money's at) and the costs are suddenly a lot more real.
A project the magnitude of Google isn't something that can be implemented by a company as a side effort, which is precisely why nobody, including Microsoft, Yahoo!, or others have had any luck thus far in duplicating their success.
he point is, that is the _ONLY_ way which some people (myself included) FIND things on the web, thus, if something is missing from _THERE_ i probably won't ever see it. and most of these people don't know that google might quietly censor sites from it's index, so they won't even know that they should look towards other searches and indexes when they look for information on certain subjects. end result being that they can essentially remove whole sites from web that most people would ever see unless the sites are very actively promoted..
What a load of nonsense. Google is a company. They operate to turn a profit. They do so because they're good at what they do. You have the choice to use, or to never look at Google. They no more have to provide you with anything than does my homepage, msn.com's search, or Slashdot.
If you don't like your returned results, contact them and explain the situation. If you're morally opposed to their practises, use one of the other thousands of search engines out there. Just be prepared to have them think for you and return dozens of pages of irrelevant results before hitting on something actually related to your query.
Billions of pages of HTML existed on the WWW before Google existed, and will all continue to exist long after Google runs its course.
I don't normally do this, but would some moderators with a clue please mod the parent post appropriately? (Troll, possibly funny, but certainly not "Interesting")
How is your privacy invaded? Do you fill out the forms with real info????
Here's what I extrapolate from your posting;
It is entirely plausible, in fact likely, that the New York Times are, in fact, selling information.
Since you are responding antagonistically to an advocate of falsifying login information, I can assume you're an advocate of creating your own account. How is a unique, falsified account any better than a shared, falsified account?
Further based upon your statement, it seems you're not aware of a practise employed by many websites out there of tracking cookies to extract surfing habits, purchasing decisions, etc.
Am I about right so far?
I will continue using a false login, much as I'm sure afidel and temos will continue using theirs as well.
That's great that you will give them money when you can, but we aren't talking about a donation thing here. We're talking about a product which gives you two options of use: buy it, or use the free version with ad banners. If you choose the free version and disable the ads, then you are stealing.
I'd like to echo many of the sentiments I've heard here already;
I disable ads in the other products I use; including running AdZapper with Squid to sanitize my browsing experience. So do many others.
Further to point #1, I don't make purchasing decisions based on advertising. Therefore, disabling ads for products I won't buy is stealing nothing from the advertiser, including the myth of "potential revenue".
Opera gives people the option of a "FREE Download". It's up to Opera to offer a limited version - which they have; it has screen real-estate taken up by the banner space. Whether there's a banner in that space or not is beside the point.
The notion of "stealing" from a company because you don't pay attention to their ads is mis-guided corporate brainwashing. A corporate television executive indicated that the viewers entered into an agreement with all TV networks to watch their commercials in return for watching their shows. That logic is just as flawed as distributing an otherwise fully functional product and hoping that people will decide to purchase it merely to rid themselves of the ads.
Long story short, the guy's using the version that he downloaded from the web. He is not using, nor is he advocating the use of the pirated version of the browser, so cut him a little slack huh?
On the other hand, you're also still stuck on the inherent value business. You can't set a price for yourself (say, $100/hr). You're not worth $100/hr until somebody actually pays you $100/hr.
I could say that you're stuck on the antagonistic "you're not worth..." line of thought, which is not only incorrect (literal figures aside; see my previous post) but is decidedly counter-productive.
When I'm working a job, I bust my ass and I do my best. Always have, always will. However there is a time when you do the letter of the contract and there's a time when you go out of your way. Yes, advising against poor decisions is part of the job, but no, working on my own time for a client who wants to cut corners, pay me the smallest amount possible, go against my advice despite good reason to the contrary and niggle over every point is not an option.
Some contracts are just not worth the headache, no matter what the work and no matter what the pay. I've walked away from contracts because I would have not only lost money, but lost hair in the process of executing it.
Look at it this way: do you feel guilt if you were paid $500 an hour when you're only "worth" $100 an hour? Do you return the money?
If a client paid me exorbitant amounts of money over what I'm worth, yes, I'll be suspicious. Of course, that's an extreme hypothetical and not terribly likely to happen here in the real world, so it's a moot point anyways.
Re:Those stats don't seem that off to me.
on
WLANs As Spam Conduit
·
· Score: 2, Insightful
I've read repeatedly that some percentage of all email is spam. I think the number that usually gets thrown around is 40%.
I can't remember the last time I got that much legitimate email...
People like you are balanced out by people like me. I use "Contact Me" forms on my website rather than my e-mail address, I don't give out my real address, and I use a throw-away address for mailing lists and a free e-mail address (Softhome, Yahoo, etc.) for submitting to forms on the web where I have no choice.
Only recently, and only through negligence on my part (posted to a couple mailing lists with my real address) have I ever received SPAM to a production e-mail address. I think I'm up to a total of ten SPAMs in the past decade.
Of course, if you use a free web based e-mail provider, all bets are off. Those seem to get SPAMmed like there's no tomorrow. My little brother got a Hotmail account comprised of seemingly random letters and numbers (it was like "cewlgy007"; phonetically "Cool Guy Double-Oh-Seven") and was receiving pornography SPAM within two weeks. By about a week later, his INBOX was so crammed with the stuff the account became useless.
I really wonder how these stats are gathered.
Mail servers / filters often keep stats, so the filters from major ISPs are analyzed and the stats likely extrapolated from there. I'm no statistician so I won't elaborate, but that's my best guess.
Now then, back to the topic...
The article is FUD. The headline is a scare tactic, the stats are garbage, and the conclusions only ring true based on empirical evidence. Yes, wide-open WLANs are used for malicious purposes every day. A simple DC converter, my laptop, and my bland million-just-like-it Cavalier becomes a DDoS/SPAM/H4x0r staging ground. I could drive the streets of Toronto (hey - traffic jam - more time!) all day long attacking people all over the world from a different address every time. Get a couple friends in on it and we've got ourselves a party!
The solution is for companies implementing WLANs to atleast enable WEP. People aren't going to sit and run down their car battery (and expensive gas) waiting to crack a WEP key when they can find an easier target down the road. Coffee shops and the like that allow open WLANs should restrict traffic by port and proxy all traffic - with filters imposed.
People should also tell their Congress-Critters that war drivers who publicize open WLANs are NOT TERRORISTS! These people are helping by raising awareness of open access to the Internet, intentionally or otherwise. People just have to learn to pay the hell attention and do something about it. I mean, seriously, someone comes along and tells you that you have an easily correctable hole in your network that could be used maliciously and cost you thousands (millions?) of dollars - and you want to throw THEM in prison? Get real!
Anyways, this article doesn't seem terribly worth further discourse, so colour me outta here...
If the only job offer you can find pays $30 an hour, you're worth $30 an hour. Obsessing about your vaporized $100 rate, or worse, doing a sub-par job because of it, will serve no one well.
That's not what I'm saying at all. Quite the opposite, in fact. I never said that I would do 'sub-par' work; only that I wouldn't go the extra mile for the minimum amount of money offerred. The figures I presented were examples only, and not to be taken as a literal argument. It could be the difference between $30/hr and $18/hr, or $60/hr and $20/hr. The exact figures will, of course, vary according to a person's experience, qualifications, and market share in their area.
If I'm going to have to stress myself out arguing with a client, risking losing my position because they don't want me to disagree with their decisions and overall don't respect my expertise enough to pay me what I'm worth (opposed to what they can afford right now. See 'short term savings' versus 'long term losses'), I won't do it. If they plan on implementing something that I feel is inadviseable, I will tell them as much, and I will explain to them why I feel this way. I will not, however, put in additional hours of research and spend time preparing exhaustive presentations on the matter, for example.
If they continue to go against my reccomendations, I'll inform them that since my presence is no longer required it's time for me to find a position elsewhere.
Your performance should not be tied to the amount you are paid. If they pay too little for your expertise, don't accept the job. This is unethical if you did not inform your "cheap" employer that this is what they're getting before signing. They read your resume, offered you money for the knowledge that resume represents, and you took the money.
Sometimes you have to take "cheap" jobs to make bills and put food in your mouth. More than once I've taken a job to put gas in my car along the way.
While I don't agree entirely with trmj, I also don't believe in going "the extra mile" for the minimum amount of money. I'll work my butt off while I'm being paid a fair amount, but I won't work over time, I won't go out on a limb, or above and beyond my job description. It's just not worth the risk or headache.
If they want a $100/hr consultant for $30/hr, they're in for dissapointment.
Slashdot Mirror
In the high school I worked at, the Cisco instructor decided it would behoove her and the program in general to inspire females who showed aptitude in computers (and when she couldn't find enough of those, essentially any female who could type) to sign up for the program.
What they wound up with were a smattering of females who, to put it bluntly, exhibited the female stereotype to a 'T'. One would concentrate on her cosmetics during class, one or two would flirt with all the guys in the class, one would fret about when she could get out to have a snack (and roam the halls, talking with friends as high school girls do), and the rest just plum didn't get it.
Test results were abysmal. CCNA Semester 1 Chapter 1 is a basic introduction to computers. "This is a Central Processing Unit (CPU). This is a Network Interface Card (NIC). This is a network cable.", yet atleast a third of them failed it miserably, the others went on to either fail, drop out, or barely pass (which wouldn't have happened if Cisco hadn't dropped the >70% requirement to pass right out of the starting gate, but I digress).
Moving on to college, I found about a 15% female population in a networking course. Most of them were very bright women who were sure to go far in the career of their choice. However! Information Technology (sorry, I never was much for CS, but they're analagous enough for my point) is not that career.
Many of them were obviously there because they'd found themselves in similar situations in high school - pushed through the CCNA program by faculty, parents, or administration. The vast majority of CCNA grads picked up the routers again after the summer within hours, but the female CCNA grads had to resort to 'cheat sheets' to configure the routers, not realizing they had to modify their implementations, specifically WRT the IP addressing scheme on the 'cheat sheet' versus the assignment. Other females in the class were sore over the fact that (and I quote) "There were no requirements for computer courses spelled out beforehand."
I've known some brilliant female IT, and I've known some females in IT who should seriously consider a career change. I've also known some females in IT who just plum have too much resentment over their lack of success to be working with other people. (n .b. the same applies to men, but since we're singling out women, I'll talk about women).
For example; I've had several women, right out of the blue, accuse me of sexism because of their lack of understanding of the subject material. Be it a discussion between peers, or helping out people with problems, it's happened several times. In one case, a female's keyboard and mouse stopped working after she'd re-assembled her PC. I suggested, after listing a few possibilities, that it's possible the connectors (both PS/2) were reversed (this being before they were all colour coded; I've done it myself, it sucks, but you flip it and move on, lesson learned - take the extra 5 seconds to do it right the first time). I was treated to a barrage of how wrong I was, about how she wasn't inferior just because she was female, and how my "boys club" mentality and blatant sexism weren't appreciated, etc. etc. as she dug for a manual that explained how the PS/2 ports were interchangable (based on the voltages). I'm thinking Information Technology isn't the right career choice for anybody with this mentality, regardless of the size and shape of their frontal appendages.
So, to make a long story even longer, either you'll believe me to be sexist to the Nth degree, or you'll (hopefully) see my point; diversity for the sake of diversity does not work. Trying to shoehorn people into CS, IT, or any other discipline for which they do not have a) the mindset, or b) the desire to succeed will only lead to failure, resentment, and under-capable graduates flood
Innumerable people already carry one, two, or even three ID cards on their person at all times. One a photo ID card, one a magneto door card, and often a training certificate of some sort. If they forget them, security tells them to turn around.
There are a plethora of devices to attach these to a person. Clips, hoops, necklaces, etc.
Yes, but how many of those are GOOD passwords (minimum 8 characters, mix of letter/number, mixed case)?
That's the connundrum users face. They're told these wild ideas about password security where they have to maintain solid, random passwords which must be changed every month. Oh, and they can't use the same password on multiple systems. So now people have to try to memorize upwards of a dozen random letter-number combinations that changes just as they start to get the hang of some of them (not many people can be expected to commit a full dozen to memory inside of a month, every month, without fail). Oh, and they're also not allowed to write them down anywhere or tell anybody.
You may have 50 passwords, but if half of them are the names of your pets and favourite sports clubs, you're dead in the water.
Some steps to follow;
The key is to remind all employees regularly (twice/year or thereabouts) in writing, and keep management abreast of the situation and the reasons for doing so to ensure maximal CYA. If they don't listen to you and they lose work ("HDD crashed? Sorry, we can't justify $3k for data recovery for your workstation. But it's ok, your work is all stored on the server, right?"), it's their problem, and their job on the line.
The BOFH approach, while fun, doesn't work terribly well with common users. You have to explain the situation to them and attempt to reason it out in language they understand. If they know more than you about these computers (then why aren't they doing your job?), ensure that they've received their bi-monthly copy of the computer usage guidelines and hope it never has to come to a head.
Joke?!?
I'll have to echo this poaster's sentiments, and add to it that OS/2 Warp had a "Start Menu" back in the early 90's, as did most of the window managers I can recall from that era.
If you want to get technical, the graphical application menu is merely an extension of the age-old textual application menu concept that I've been using since the mid 80's or thereabouts.
Have YOU ever had to tell a "new user" to click Start to Stop their computer?
Huh? How in the world do you manage that? Do you like let go of the mouse first? ;)
I've got an A4 Tech mouse a friend gave me years ago (it was in development at the time; she was working on the projcet. Yay; beta mouse!) that has two buttons, a horizontal and vertical scroll wheel, and a thumb button that acts as the middle button. I used that mouse almost exclusvely on my primary workstation for years until I got my optical; pasted text, opened links in tabs, etc. but it never moved due to thumb-clicking.
Our store Squid server caches the likes of IE 6.1, Media Player and DirectX, but the vast majority of the Critical/Security updates are not cached. Our connection is quick enough to handle it, but a PITA nonetheless due to the dozens of machines requiring updates every week.
{SIGH}
Additional filters would be required. This means additional work and additional CPU cycles. Of course, this isn't even taking into account the number of non-externally accessable MTAs that would have to somehow be accounted for, or for any of the (multi-)national ISPs which have upwards of 50+ outgoing MTAs for their clients. That's 50 (FIFTY!) extraneous connection attempts PER E-MAIL to reach a valid MX. I'm through mincing words; Your solution is not viable, short-sighted, and appears to be based almost entirely on ignorance.
It's quite apparent that you have no working knowledge of how mail transport operates in the real world, so call me whatever names you want, but I'll not respond to any further ramblings from you until you aquire a Clue<TM>.
I hadn't realized how in-depth your lunacy had gone until I read this.
So we're supposed to double our MX records for all zones and maintain filters for all incoming and outgoing servers, because we've implemented falsified MX records in our zone files.
So now if my primary, incoming MX goes down, my outgoing MX (which, by your reasoning, has incoming mail blocked/DENY'd) will have all incoming mail pointed at it. So now, rather than returning a timely error message and having mail destined for my domains sit in a 'Delayed' or 'Deferred' state at the transport MTAs, they have to try entire additional step(s), thereby doubling the wasted bandwidth amd causing more problems than it solves.
Great solution. I'll propose it to my colleagues post haste - I'll try to remember to bring a tape recorder along so I can send you the resulting laugh track.
Since you're the one making the claim that you can stop SPAM without a significant rewrite of any software, I figured you'd atleast done some research into the situation, but I suppose wild, unsupported claims are nothing new on Slashdot, so I'll help you out;
You may wish to consult RFC2821; Simple Mail Transfer Protocol. Specifically, section 5. Address Resolution and Mail Handling. (Which, as it turns out, you referenced to me in a follow-up posting) To whit;
You'll note that in the case where no MX records are found, an A RR pointing to the name is treated as an implicit MX with a preference of 0.
In the case where people are running small to medium sized domains where all services are hosted at the same location, removing the MX record is one method to reduce the overall size and complexity of the zonefile.
Give me an hour and I'll give you a list of over a thousand free hosting companies; including many companies who perform "all in one" domain registration, DNS, web, and e-mail hosting.
Give me a day and I'll give you a list of over a thousand offshore hosting companies who'll sell their services for a song.
You ignored a portion of my previous posting. MX records are not reliable points of source-address verification.
I'll say it again; MX records are not reliable points of source-address verification.
Your proposal, my friend, would require an SMTP re-implementation.
Read the relevant RFCs and you'll waste less time arguing a moot point.
Uhm, MTBF doesn't exactly work like that. Assuming they buy drives in 10k batches, that means they have approximately 285k hours before all 10k drives reach the end of their guaranteed reliability period. The drives in my home servers and the SOHO servers I've implemented tend to live out their MTBF ratings in active use, then gain an additional hundred thousand hours or so of use in a workstation or two before being retired.
If you buy cheap, faulty, low-quality hard drives, yes, you're going to encounter drive failures on a regular basis.
Any organization rolling out tens or hundreds of thousands of drives who doesn't do their research (and testing) first deserves whatever they get. (And purchasing for servers the above referenced "value" drives - a class suitable only for home user desktops - is definately a first class blunder)
Moreover, they aren't terribly likely to be implementing "value" drives (the ones that typically come with such low MTBF ratings), but more likely something like the WD Raptor, Seagate Cheetah 10k.6 or similar with 1.2 million hour MTBF ratings.
Which in itself is an RFC violation.
Give me a Visa card with a $2000 limit and I can own about 200 domains inside of 24 hours. Considering SPAMmers are purchasing $750k houses with the proceeds from their efforts, I'd say that's not a huge problem.
Now consider what happens when SPAMmers start routinely issuing "MAIL FROM: <kcbrown@sysexperts.com>"
Oh, wait, they already do that, and implementations like you suggest would only re-double their efforts. I'd rather not find myself at the wraith of people who have the capabilities to send 10 billion messages/month in my name, thanks.
Canada and Russia for two.
Some of us got it, it was just piss poor.
I'm all out of tinfoil, so I'm afraid I'll have to let that one lie.
If your site is relying on search engines for the majority of its traffic, your model is already flawed and it's best that you go silently into the night until you figure out a new approach.
$10m for 54000 servers? Considering these servers are said to average 2CPUs and five hard drives per, I'd say your estimated $185.00 per server is a little on the slim side.
Estimating a more round $2000 per server, we come to a figure of $108 million. Factor on top of this the costs of housing these servers, including backup power (UPS and generator), the real estate (you can't shove 54k servers into a spare equipment closet), the custom software (which is where the real money's at) and the costs are suddenly a lot more real.
A project the magnitude of Google isn't something that can be implemented by a company as a side effort, which is precisely why nobody, including Microsoft, Yahoo!, or others have had any luck thus far in duplicating their success.
What a load of nonsense. Google is a company. They operate to turn a profit. They do so because they're good at what they do. You have the choice to use, or to never look at Google. They no more have to provide you with anything than does my homepage, msn.com's search, or Slashdot.
If you don't like your returned results, contact them and explain the situation. If you're morally opposed to their practises, use one of the other thousands of search engines out there. Just be prepared to have them think for you and return dozens of pages of irrelevant results before hitting on something actually related to your query.
Billions of pages of HTML existed on the WWW before Google existed, and will all continue to exist long after Google runs its course.
I don't normally do this, but would some moderators with a clue please mod the parent post appropriately? (Troll, possibly funny, but certainly not "Interesting")
Here's what I extrapolate from your posting;
Am I about right so far?
I will continue using a false login, much as I'm sure afidel and temos will continue using theirs as well.
I'd like to echo many of the sentiments I've heard here already;
The notion of "stealing" from a company because you don't pay attention to their ads is mis-guided corporate brainwashing. A corporate television executive indicated that the viewers entered into an agreement with all TV networks to watch their commercials in return for watching their shows. That logic is just as flawed as distributing an otherwise fully functional product and hoping that people will decide to purchase it merely to rid themselves of the ads.
Long story short, the guy's using the version that he downloaded from the web. He is not using, nor is he advocating the use of the pirated version of the browser, so cut him a little slack huh?
I could say that you're stuck on the antagonistic "you're not worth..." line of thought, which is not only incorrect (literal figures aside; see my previous post) but is decidedly counter-productive.
When I'm working a job, I bust my ass and I do my best. Always have, always will. However there is a time when you do the letter of the contract and there's a time when you go out of your way. Yes, advising against poor decisions is part of the job, but no, working on my own time for a client who wants to cut corners, pay me the smallest amount possible, go against my advice despite good reason to the contrary and niggle over every point is not an option.
Some contracts are just not worth the headache, no matter what the work and no matter what the pay. I've walked away from contracts because I would have not only lost money, but lost hair in the process of executing it.
If a client paid me exorbitant amounts of money over what I'm worth, yes, I'll be suspicious. Of course, that's an extreme hypothetical and not terribly likely to happen here in the real world, so it's a moot point anyways.
People like you are balanced out by people like me. I use "Contact Me" forms on my website rather than my e-mail address, I don't give out my real address, and I use a throw-away address for mailing lists and a free e-mail address (Softhome, Yahoo, etc.) for submitting to forms on the web where I have no choice.
Only recently, and only through negligence on my part (posted to a couple mailing lists with my real address) have I ever received SPAM to a production e-mail address. I think I'm up to a total of ten SPAMs in the past decade.
Of course, if you use a free web based e-mail provider, all bets are off. Those seem to get SPAMmed like there's no tomorrow. My little brother got a Hotmail account comprised of seemingly random letters and numbers (it was like "cewlgy007"; phonetically "Cool Guy Double-Oh-Seven") and was receiving pornography SPAM within two weeks. By about a week later, his INBOX was so crammed with the stuff the account became useless.
Mail servers / filters often keep stats, so the filters from major ISPs are analyzed and the stats likely extrapolated from there. I'm no statistician so I won't elaborate, but that's my best guess.
Now then, back to the topic ...
The article is FUD. The headline is a scare tactic, the stats are garbage, and the conclusions only ring true based on empirical evidence. Yes, wide-open WLANs are used for malicious purposes every day. A simple DC converter, my laptop, and my bland million-just-like-it Cavalier becomes a DDoS/SPAM/H4x0r staging ground. I could drive the streets of Toronto (hey - traffic jam - more time!) all day long attacking people all over the world from a different address every time. Get a couple friends in on it and we've got ourselves a party!
The solution is for companies implementing WLANs to atleast enable WEP. People aren't going to sit and run down their car battery (and expensive gas) waiting to crack a WEP key when they can find an easier target down the road. Coffee shops and the like that allow open WLANs should restrict traffic by port and proxy all traffic - with filters imposed.
People should also tell their Congress-Critters that war drivers who publicize open WLANs are NOT TERRORISTS! These people are helping by raising awareness of open access to the Internet, intentionally or otherwise. People just have to learn to pay the hell attention and do something about it. I mean, seriously, someone comes along and tells you that you have an easily correctable hole in your network that could be used maliciously and cost you thousands (millions?) of dollars - and you want to throw THEM in prison? Get real!
Anyways, this article doesn't seem terribly worth further discourse, so colour me outta here ...
That's not what I'm saying at all. Quite the opposite, in fact. I never said that I would do 'sub-par' work; only that I wouldn't go the extra mile for the minimum amount of money offerred. The figures I presented were examples only, and not to be taken as a literal argument. It could be the difference between $30/hr and $18/hr, or $60/hr and $20/hr. The exact figures will, of course, vary according to a person's experience, qualifications, and market share in their area.
If I'm going to have to stress myself out arguing with a client, risking losing my position because they don't want me to disagree with their decisions and overall don't respect my expertise enough to pay me what I'm worth (opposed to what they can afford right now. See 'short term savings' versus 'long term losses'), I won't do it. If they plan on implementing something that I feel is inadviseable, I will tell them as much, and I will explain to them why I feel this way. I will not, however, put in additional hours of research and spend time preparing exhaustive presentations on the matter, for example.
If they continue to go against my reccomendations, I'll inform them that since my presence is no longer required it's time for me to find a position elsewhere.
Sometimes you have to take "cheap" jobs to make bills and put food in your mouth. More than once I've taken a job to put gas in my car along the way.
While I don't agree entirely with trmj, I also don't believe in going "the extra mile" for the minimum amount of money. I'll work my butt off while I'm being paid a fair amount, but I won't work over time, I won't go out on a limb, or above and beyond my job description. It's just not worth the risk or headache.
If they want a $100/hr consultant for $30/hr, they're in for dissapointment.