Godel Escher Bach - Not really science. It's about patterns, number theory and such. I get the sense that Niel Stephensen read it before he wrote Cryptonomicon excellent read
Surely You're Joking Mr. Feynman - Excellent book on Physics and Quantum Mechanics. Outstanding really.
The Ambidextrous Universe - Really interesting read on symetry and asymetry in nature. Looks at symetry in various biology, physics of the small, physics of the large, physics of the every day. Really good coffee shop science book. (Older title, hard to find.)
Origin of the Species - Worth reading just to see what all the fuss is about.
Also, check out 2thing.org. Basically, it's fairly good site devoted to exactly this topic - good books on a variety of subjects - and most of their recommends are decent. They even have a popular science section.
Just manage it properly. I chimed in on the last conversation on securing your network and made basically a related point. You can implement biometrics (I wouldn't recommend), proximity cards (which seem very popular and have some advantages that I'm sure others will discuss), keypad locks etc. But, if you don't manage the access, that is track who has a card, who used to have access but shouldn't now etc everything else is just there for appearance's sake. Security is a process, NOT one time thing.
Say you go with proximity cards, the real security in those is that you can regularly check who has access to what, who USED their access and so forth. (While also true of a keypad or biometric system, proximity card systems relatively cheap, reliable and ubiquetous on the market.) Regular reviews of access and access privileges are MUCH more important than which technology you choose.
That said, you should define very clearly who should and shouldn't have access to your secure areas. Once you've defined who should and shouldn't, then define what levels of security will exist for those who should have security privileges. THEN, regularly review security privileges to see if the actually privileges out there jibe with your security definitions. Finally, if possible, design your system based on layers of security, where the most secure areas cannot be reached without first passing through less secure areas.
In my understanding, evolution happens when a new generation has new traits that give it an advantage. There is an implication that the previous generation dies off. States CAN evolve and the modern western ones might. But evolving means siring new states that are better than what came before.
Developing in the terms of a state means that the existing state gets better (pick your criteria to define better, doesn't matter for the point I'm making). As soon as I realized the distinction, I also realized that most of the west (probably most of the world really, and I'm definitely including but not singling out the US here) is either going to 'evolve' or 'develop'. Odds are, an evolutionary process is going to be bloodier. I think the decisions that the public makes and allows to be made on its behalf are going to decide which advancement type is the better analogy.
You know... my whole life I honestly thought the expression was "past mustard". Guess no one busted me for it. Strange.
From an independant Network Security Auditor
on
Securing Your Network?
·
· Score: 5, Informative
Ok, this is what I do for a living and frankly I find WAY WAY WAY too many companies lock down ports, install patches configure a firewall well and then call their networks secure.
All of the technical fixes in the world are rubbish when the independent auditor requests a list of all users on the network, goes down to HR and discovers 20 or 30 active user IDs for people who don't work there any more. Worse, I'll find 5 or 10 more for people who have changed jobs but still have their old privileges. (The guy in Accounts Payable SHOULD NEVER be able to access the Accounts Receivable systems.)
Everyone in security knows a high percentage exploits and a higher percentage of serious exploits are carried out by people who had valid access to the systems. Security for a network or a system begins in HR and the processes for granting, modifying and revoking system authority are much more critical that what ports are open. So what if you keep the script kiddies out when your CIO's secretary writes herself a cheque for $1,000,000? If you're serious about securing your network, figure out what your users can do that they shouldn't and look to developing systems to prevent internal breaches.
When I do a network security audit, first I test the following: Segregation of duties and appropriateness of access, procedures for adding / changing and removing users, change management and a user access privilege testing. Is everything authorized? By who?
If those things pass mustard, then I start actually looking at server room access, patches, firewall configuration, network diagrams, open ports, system auditing and security levels. It's not as sexy as pitting your skills against the crackers (what a f**ked up notion of sexy I have) but it's where you need to start if you're serious.
Despite some of the criticisms above it's nice to see stuff like this. As part of my job I have to occasionally go into companies and review database conversions after the fact to confirm that they did everything correctly.
As obvious as the technique used above is to some/.ers, DB conversions are not always obvious to the people who actually do them IRL. I've seen some of the most horrific improvisations involving a third database as a data warehouse or worse, the process done manually with SQL dumping data into Notepad which is then copy/pasted into new SQL.
The one thing though - testing. Post conversion testing is essential unless you were doing all this for shits and giggles. If you can't show someone through rigorous testing that your conversion worked, no responsible person out there should rely on the new DB. (Assuming they were relying on the old one.)
I worked ato Future Shop (in Canada) for around two years while in University and probably sold around 5 to 10 printers a week. It was in a smallish town and I worked hard to make a good impression and develop clients, not just customers. As such, I VERY quickly stopped selling Lexmark, and only reluctantly sold any printer that cost less than $300. Not because I made more on the high end stuff, but because I would hear about it if I sold crap (AND I made more money on the high end stuff). HP's low end, Canon's low end, Epson's low end all suck. Suck suck suck. Drop $300 on a printer, and they were actually pretty decent.
Finally, the time came when my girlfriend's aging Apple Imagewriter died and I needed a new printer (for my PC). What did I get? An Okipage 6W, an LED printer - one step down from laser but it IS a toner based system (instead of ink) and I love it.
I've been counting the number of 500 page paper bundles I've fed into it (to see if the pages per toner cartridge numbers I would quote people were bullshit or not) and so far with two toner replacements I've printed around 8000 pages. Runs fine, print quality is great (black and white only) and the toner cartridge isn't even that expensive.
Moral of the story - skimp on the price now and you'll get crap. By an ink based system... well, read the rest of the posts for the various rants about how expensive, quality degradation, disposable they are. Go with a toner based system (laser or LED) and spend a little more. 8000 on an HP would have already cost me around $400-600 more than I've spent on my Oki including toner.
The handwashing thing is good advice all the time. As for cockroaches, I've lived in Canada for almost my whole life and have never seen one (trips to Mexico and the Caribbean notwithstanding). The cockroach theory is one of the theories to explain the apartment block in Hong Kong cases. Others include possible spread through water systems, sewage and physical contact with the elevator buttons.
Not to say that SARS isn't scary, there are two people I work with in voluntary quaranteen right now but the evidence is that this is not significant threat to most people. (Hope I'm right.)
I live in Toronto which represents the biggest SARS outbreak in the west. Our news talks about practically nothing else (I have no idea if this is the same in other cities), but one thing they're fairly sure of is that it is NOT air borne.
There was an interview on the radio with Patient 3 on Friday. Her mother and father were the people who brought SARS to Toronto from Hong Kong. He parents flew back on the plane infected with SARS. All of the people on the flight have been now been cleared. There is SOME evidence that it can be transmitted aerially through droplets but it does not appear to be air borne.
Additionally, of the 80 or so likely cases and 100 more possible cases only 10 people have died and in 8 cases they were elderly and most of those cases there were other contributing factors. More people in Canada have died in the same period from complications from regular pnuemonia. Not to say that there is nothing to worry about, but the biggest danger of SARS is that it is infecting health care workers which is crippling the health care system. If SARS was a tenth as bad as the media is making it out to be, there would be thousands of cases, not less than 200.
Mind you, I was in China Town this weekend and when someone sneezed on the street people acted like a bomb went off.
Never let Captain Kirk talk to the main computer. Every damn time he does he tricks it into self destructing. You'd think he doesn't want the Enterprise to have a network...
To apply these rules in every instance, we all know what happened last time we ignored Dr. Chaos and his mad ramblings about his doomsday weapon. Who would have thunk he meant the RIAA. And how he managed to fire it from a 60's kish super gun mounted atop a volcano...
In general my rule of thumb from now is to believe the scientist if he's pointing his invention right at me. Otherwise I'll feel free to disregard...
Are a great investment for any basement (or cavelike room) where you think you might be spending significant time. My friend gets seasonal affective disorder and a simple set of full spectrum florescent lights made a HUGE difference in the winter.
I have a brother who used to be an engineer at JDS Uniphase and their unofficial slogan (in the engineering department) was "More Pr0n faster". They estimated that on one line of fiber that they were maintaining something on the order of 70% of the bandwidth was pr0n. I don't really know how they arrived at this number.
Once, during an executive meeting one of the engineers raised the issue that really anyone building internet infrastructure was really in the mass pr0n delivery business and thus the company's 'No pr0n on the business machines' was in conflict with their main source of revenue.
"Pornographer! Pornographer! How can you call me that?!? I don't even own a pornograph!"
One halloween, a friend of mine got up green tube dress, white choker pearls and did her hair up like Marge. We went to a halloween party, and seriously I've never seen one girl get hit on so many times at a party. Nor have I heard so many attempted Homer-isms as pick up lines.
It was really reading Robert Forward that made me realize how attainable space really is, if only we'd gather the collective will to go there. Of course, preaching to the/. crowd about heading into space is classic preaching to the choir.
Some of his ideas (or ideas he put forward) are things that mankind should be and could be doing now. Orbital microwave power transmitters, the StarWisp, fountain towers, rotovators, sky hooks etc are all essentially doable and doable with current technology.
However, in the modern world and with people possessing modern sensibilities - space exploration will have to give a return on investment that people (investors) can realize in lifetimes before it will really take off. It would be a hundred times easier to sell a scheme to launch a solar powered orbital microwave power transmitter satellite that could generate X megawatts of power than it would to sell a Mars mission. Why? Because the people putting up the cash want their money back.
As much as I would the truth be otherwise, space exploration cannot in the short term rely on philanthropy and "man's quest for knowledge" if we want the gains that are achievable. Sigh. Why can't just this one thing not be about money?
While browsing a used bookstore I found a copy of a novel called "The Truth Machine" which I haven't read yet but sounded interesting. Just the implications of being able to force truth and honest under certain situations. I mean, would ANYONE vote for a canditate who refused to subject himself to honesty treatment while in office?
As scary and twisted the applications of this type of technology could be, I think that the benefits in terms of the direct applications and increased understanding of the brain would be worth it.
Now, if only we could plug one into the/. Post Comment page and reduce all the troll posts to"In Soviet Russia I'm a pathic looser with too much time on my hands and nothing valuable to say."
Second, by security reviews... I should have been clearer... not securing the boxes on any kind of code or OS level... if the sys admin isn't doing his job I'll never damn well know. I'll be reviewing security policy. Who has authority to sign off on new user accounts? Has this person signed off on new user accounts? What is the process for notifying the sys admin to remove an account? Has everyone who's departed the company had their account deleted? This is the kind of security review I'm responsible for. I also look at who has the ability to actually walk up to the box. I assess adequacy of the security physically getting into the server room.
I'm not totally stupid. If they wanted me to actually touch a keyboard on a machine who's OS I didn't know - I would tell them to find someone else. (Hell, because of the nature of what I do, I'm reluctant to touch the machines I do know.) I try to learn as much as I can before I go in because that is the way I prefer to work.
There are people in my shop who wouldn't know a shell script from a hollywood script and they can do the same job I do and do it competently. I just like to know as much as I can about the system.
And so far the best suggestions have been to read the online stuff and not sleep... already doing that. (Avoiding/. is a good suggestion too frankly, but at 3AM I need a break.)
I'm not going to actually touch a machine. Period. I'm going to be handling physical security and the people side of the policy - ie. What business process are involved in granting or revoking user accounts and how are code changes managed on a process side. That's my job.
I do touch the tech often enough that I'm helping out the VMS guy. Mostly, that'll mean doing his documentation for him when he's done his testing. I just want to be conversant enough that I won't be a time suck while I document everything. As for learning, I find I don't know what to ask the sys admins if I don't know anything about the OS. Even when I know the system, I play dumb... it's just going to be much much easier to play dumb for VMS.
Basically, I could go in to this and not know a thing about VMS and it wouldn't really hurt my ability to do my job. However, that's not the way I like to do things... I handle processes and policies but the more I know about the client...
A HUGE part of my job is preventing social engineering type stuff (or if you want to be specific - evaluating the degree to which a client has successfully implemented good risk management and security management). I interview people all the time, and I assure you that waving $100 is the most sure fire way to not get what you want.
People are more afraid of getting caught, of loosing their job or of getting in trouble than I think you realize. That said, it is amazing the things people do, if they think they're supposed to do them.
I'll routinely call people at a client and just start asking questions to total strangers. I've been in server rooms interviewing people and I'll ask questions like, "How does a visitor get access to this room?" When they answer, I'll ALWAYS follow up with, "Why was I not subjected to that procedure?" I'm legitimately supposed to get access to the information I get, and I sign NDAs and get approval for everything I do. Not once have I ever been challenged to provide that information. (For some reason, if you call the manager of a department and tell him that you'll be talking to his employees and why - they assume you're legitimate.)
Show up, talk the talk and look like you belong there and people will tell you anything. Wave around $100 and people call security.
Scientists in the US have come forward to confirm the British findings and excitedly add that Winger, Pantera and Judas Priest have also shown promising results. Cancer patients are urged to use 80's metal with caution however, as side effects such as mullets, Pointac Firebird ownership and acid wash jeans can often overshadow the original illness.
Actually, I have read it, and I stand by the statement I made. Most of what he had to say was bogus. If long winded quotes from the book are you need, I can easily go back to the library and get it.
But if you're so eager to defend him, why don't you regale us with some examples of his good old fashioned hard science.
Slashdot Mirror
Godel Escher Bach - Not really science. It's about patterns, number theory and such. I get the sense that Niel Stephensen read it before he wrote Cryptonomicon excellent read
Surely You're Joking Mr. Feynman - Excellent book on Physics and Quantum Mechanics. Outstanding really.
The Ambidextrous Universe - Really interesting read on symetry and asymetry in nature. Looks at symetry in various biology, physics of the small, physics of the large, physics of the every day. Really good coffee shop science book. (Older title, hard to find.)
Origin of the Species - Worth reading just to see what all the fuss is about.
Also, check out 2thing.org. Basically, it's fairly good site devoted to exactly this topic - good books on a variety of subjects - and most of their recommends are decent. They even have a popular science section.
Whatever, any security system will do.
Just manage it properly. I chimed in on the last conversation on securing your network and made basically a related point. You can implement biometrics (I wouldn't recommend), proximity cards (which seem very popular and have some advantages that I'm sure others will discuss), keypad locks etc. But, if you don't manage the access, that is track who has a card, who used to have access but shouldn't now etc everything else is just there for appearance's sake. Security is a process, NOT one time thing.
Say you go with proximity cards, the real security in those is that you can regularly check who has access to what, who USED their access and so forth. (While also true of a keypad or biometric system, proximity card systems relatively cheap, reliable and ubiquetous on the market.) Regular reviews of access and access privileges are MUCH more important than which technology you choose.
That said, you should define very clearly who should and shouldn't have access to your secure areas. Once you've defined who should and shouldn't, then define what levels of security will exist for those who should have security privileges. THEN, regularly review security privileges to see if the actually privileges out there jibe with your security definitions. Finally, if possible, design your system based on layers of security, where the most secure areas cannot be reached without first passing through less secure areas.
In my understanding, evolution happens when a new generation has new traits that give it an advantage. There is an implication that the previous generation dies off. States CAN evolve and the modern western ones might. But evolving means siring new states that are better than what came before.
Developing in the terms of a state means that the existing state gets better (pick your criteria to define better, doesn't matter for the point I'm making). As soon as I realized the distinction, I also realized that most of the west (probably most of the world really, and I'm definitely including but not singling out the US here) is either going to 'evolve' or 'develop'. Odds are, an evolutionary process is going to be bloodier. I think the decisions that the public makes and allows to be made on its behalf are going to decide which advancement type is the better analogy.
Anyway, just thinking aloud.
Bookmarking Article for Later, ignore.
With a mean DM and you'll figure out the right and wrong way to map underground passages. What was the old rule, keep going left.
You know... my whole life I honestly thought the expression was "past mustard". Guess no one busted me for it. Strange.
Ok, this is what I do for a living and frankly I find WAY WAY WAY too many companies lock down ports, install patches configure a firewall well and then call their networks secure.
All of the technical fixes in the world are rubbish when the independent auditor requests a list of all users on the network, goes down to HR and discovers 20 or 30 active user IDs for people who don't work there any more. Worse, I'll find 5 or 10 more for people who have changed jobs but still have their old privileges. (The guy in Accounts Payable SHOULD NEVER be able to access the Accounts Receivable systems.)
Everyone in security knows a high percentage exploits and a higher percentage of serious exploits are carried out by people who had valid access to the systems. Security for a network or a system begins in HR and the processes for granting, modifying and revoking system authority are much more critical that what ports are open. So what if you keep the script kiddies out when your CIO's secretary writes herself a cheque for $1,000,000? If you're serious about securing your network, figure out what your users can do that they shouldn't and look to developing systems to prevent internal breaches.
When I do a network security audit, first I test the following: Segregation of duties and appropriateness of access, procedures for adding / changing and removing users, change management and a user access privilege testing. Is everything authorized? By who?
If those things pass mustard, then I start actually looking at server room access, patches, firewall configuration, network diagrams, open ports, system auditing and security levels. It's not as sexy as pitting your skills against the crackers (what a f**ked up notion of sexy I have) but it's where you need to start if you're serious.
You're a liar and your girlfriend is fat! Oooh! What fun!
Wait... that wasn't fun at all... I feel cheated. Oh well.
Despite some of the criticisms above it's nice to see stuff like this. As part of my job I have to occasionally go into companies and review database conversions after the fact to confirm that they did everything correctly.
/.ers, DB conversions are not always obvious to the people who actually do them IRL. I've seen some of the most horrific improvisations involving a third database as a data warehouse or worse, the process done manually with SQL dumping data into Notepad which is then copy/pasted into new SQL.
As obvious as the technique used above is to some
The one thing though - testing. Post conversion testing is essential unless you were doing all this for shits and giggles. If you can't show someone through rigorous testing that your conversion worked, no responsible person out there should rely on the new DB. (Assuming they were relying on the old one.)
I worked ato Future Shop (in Canada) for around two years while in University and probably sold around 5 to 10 printers a week. It was in a smallish town and I worked hard to make a good impression and develop clients, not just customers. As such, I VERY quickly stopped selling Lexmark, and only reluctantly sold any printer that cost less than $300. Not because I made more on the high end stuff, but because I would hear about it if I sold crap (AND I made more money on the high end stuff). HP's low end, Canon's low end, Epson's low end all suck. Suck suck suck. Drop $300 on a printer, and they were actually pretty decent.
Finally, the time came when my girlfriend's aging Apple Imagewriter died and I needed a new printer (for my PC). What did I get? An Okipage 6W, an LED printer - one step down from laser but it IS a toner based system (instead of ink) and I love it.
I've been counting the number of 500 page paper bundles I've fed into it (to see if the pages per toner cartridge numbers I would quote people were bullshit or not) and so far with two toner replacements I've printed around 8000 pages. Runs fine, print quality is great (black and white only) and the toner cartridge isn't even that expensive.
Moral of the story - skimp on the price now and you'll get crap. By an ink based system... well, read the rest of the posts for the various rants about how expensive, quality degradation, disposable they are. Go with a toner based system (laser or LED) and spend a little more. 8000 on an HP would have already cost me around $400-600 more than I've spent on my Oki including toner.
The handwashing thing is good advice all the time. As for cockroaches, I've lived in Canada for almost my whole life and have never seen one (trips to Mexico and the Caribbean notwithstanding). The cockroach theory is one of the theories to explain the apartment block in Hong Kong cases. Others include possible spread through water systems, sewage and physical contact with the elevator buttons.
Not to say that SARS isn't scary, there are two people I work with in voluntary quaranteen right now but the evidence is that this is not significant threat to most people. (Hope I'm right.)
I live in Toronto which represents the biggest SARS outbreak in the west. Our news talks about practically nothing else (I have no idea if this is the same in other cities), but one thing they're fairly sure of is that it is NOT air borne.
There was an interview on the radio with Patient 3 on Friday. Her mother and father were the people who brought SARS to Toronto from Hong Kong. He parents flew back on the plane infected with SARS. All of the people on the flight have been now been cleared. There is SOME evidence that it can be transmitted aerially through droplets but it does not appear to be air borne.
Additionally, of the 80 or so likely cases and 100 more possible cases only 10 people have died and in 8 cases they were elderly and most of those cases there were other contributing factors. More people in Canada have died in the same period from complications from regular pnuemonia. Not to say that there is nothing to worry about, but the biggest danger of SARS is that it is infecting health care workers which is crippling the health care system. If SARS was a tenth as bad as the media is making it out to be, there would be thousands of cases, not less than 200.
Mind you, I was in China Town this weekend and when someone sneezed on the street people acted like a bomb went off.
Get your war on is an instant classic.
Never let Captain Kirk talk to the main computer. Every damn time he does he tricks it into self destructing. You'd think he doesn't want the Enterprise to have a network...
DAMMIT Jim! I'm a Doctor not a UNIX admin!
To apply these rules in every instance, we all know what happened last time we ignored Dr. Chaos and his mad ramblings about his doomsday weapon. Who would have thunk he meant the RIAA. And how he managed to fire it from a 60's kish super gun mounted atop a volcano...
In general my rule of thumb from now is to believe the scientist if he's pointing his invention right at me. Otherwise I'll feel free to disregard...
Are a great investment for any basement (or cavelike room) where you think you might be spending significant time. My friend gets seasonal affective disorder and a simple set of full spectrum florescent lights made a HUGE difference in the winter.
I have a brother who used to be an engineer at JDS Uniphase and their unofficial slogan (in the engineering department) was "More Pr0n faster". They estimated that on one line of fiber that they were maintaining something on the order of 70% of the bandwidth was pr0n. I don't really know how they arrived at this number.
Once, during an executive meeting one of the engineers raised the issue that really anyone building internet infrastructure was really in the mass pr0n delivery business and thus the company's 'No pr0n on the business machines' was in conflict with their main source of revenue.
"Pornographer! Pornographer! How can you call me that?!? I don't even own a pornograph!"
One halloween, a friend of mine got up green tube dress, white choker pearls and did her hair up like Marge. We went to a halloween party, and seriously I've never seen one girl get hit on so many times at a party. Nor have I heard so many attempted Homer-isms as pick up lines.
It was really reading Robert Forward that made me realize how attainable space really is, if only we'd gather the collective will to go there. Of course, preaching to the /. crowd about heading into space is classic preaching to the choir.
Some of his ideas (or ideas he put forward) are things that mankind should be and could be doing now. Orbital microwave power transmitters, the StarWisp, fountain towers, rotovators, sky hooks etc are all essentially doable and doable with current technology.
However, in the modern world and with people possessing modern sensibilities - space exploration will have to give a return on investment that people (investors) can realize in lifetimes before it will really take off. It would be a hundred times easier to sell a scheme to launch a solar powered orbital microwave power transmitter satellite that could generate X megawatts of power than it would to sell a Mars mission. Why? Because the people putting up the cash want their money back.
As much as I would the truth be otherwise, space exploration cannot in the short term rely on philanthropy and "man's quest for knowledge" if we want the gains that are achievable. Sigh. Why can't just this one thing not be about money?
While browsing a used bookstore I found a copy of a novel called "The Truth Machine" which I haven't read yet but sounded interesting. Just the implications of being able to force truth and honest under certain situations. I mean, would ANYONE vote for a canditate who refused to subject himself to honesty treatment while in office?
/. Post Comment page and reduce all the troll posts to"In Soviet Russia I'm a pathic looser with too much time on my hands and nothing valuable to say."
As scary and twisted the applications of this type of technology could be, I think that the benefits in terms of the direct applications and increased understanding of the brain would be worth it.
Now, if only we could plug one into the
First off... I will not be touching machines.
/. is a good suggestion too frankly, but at 3AM I need a break.)
Second, by security reviews... I should have been clearer... not securing the boxes on any kind of code or OS level... if the sys admin isn't doing his job I'll never damn well know. I'll be reviewing security policy. Who has authority to sign off on new user accounts? Has this person signed off on new user accounts? What is the process for notifying the sys admin to remove an account? Has everyone who's departed the company had their account deleted? This is the kind of security review I'm responsible for. I also look at who has the ability to actually walk up to the box. I assess adequacy of the security physically getting into the server room.
I'm not totally stupid. If they wanted me to actually touch a keyboard on a machine who's OS I didn't know - I would tell them to find someone else. (Hell, because of the nature of what I do, I'm reluctant to touch the machines I do know.) I try to learn as much as I can before I go in because that is the way I prefer to work.
There are people in my shop who wouldn't know a shell script from a hollywood script and they can do the same job I do and do it competently. I just like to know as much as I can about the system.
And so far the best suggestions have been to read the online stuff and not sleep... already doing that. (Avoiding
I'm not going to actually touch a machine. Period. I'm going to be handling physical security and the people side of the policy - ie. What business process are involved in granting or revoking user accounts and how are code changes managed on a process side. That's my job.
I do touch the tech often enough that I'm helping out the VMS guy. Mostly, that'll mean doing his documentation for him when he's done his testing. I just want to be conversant enough that I won't be a time suck while I document everything. As for learning, I find I don't know what to ask the sys admins if I don't know anything about the OS. Even when I know the system, I play dumb... it's just going to be much much easier to play dumb for VMS.
Basically, I could go in to this and not know a thing about VMS and it wouldn't really hurt my ability to do my job. However, that's not the way I like to do things... I handle processes and policies but the more I know about the client...
A HUGE part of my job is preventing social engineering type stuff (or if you want to be specific - evaluating the degree to which a client has successfully implemented good risk management and security management). I interview people all the time, and I assure you that waving $100 is the most sure fire way to not get what you want.
People are more afraid of getting caught, of loosing their job or of getting in trouble than I think you realize. That said, it is amazing the things people do, if they think they're supposed to do them.
I'll routinely call people at a client and just start asking questions to total strangers. I've been in server rooms interviewing people and I'll ask questions like, "How does a visitor get access to this room?" When they answer, I'll ALWAYS follow up with, "Why was I not subjected to that procedure?" I'm legitimately supposed to get access to the information I get, and I sign NDAs and get approval for everything I do. Not once have I ever been challenged to provide that information. (For some reason, if you call the manager of a department and tell him that you'll be talking to his employees and why - they assume you're legitimate.)
Show up, talk the talk and look like you belong there and people will tell you anything. Wave around $100 and people call security.
Scientists in the US have come forward to confirm the British findings and excitedly add that Winger, Pantera and Judas Priest have also shown promising results. Cancer patients are urged to use 80's metal with caution however, as side effects such as mullets, Pointac Firebird ownership and acid wash jeans can often overshadow the original illness.
Actually, I have read it, and I stand by the statement I made. Most of what he had to say was bogus. If long winded quotes from the book are you need, I can easily go back to the library and get it.
But if you're so eager to defend him, why don't you regale us with some examples of his good old fashioned hard science.
"What's that? You haven't read it yet?"