Well, I was wrong in part. The OP was discussing an installer too. I had skimmed RTFA in the morning and replied in the evening having forgotten the details. Poor form on my part.
MSI would be a reasonable tool for that. Making the installer also uninstall all the bits would be important. Even with MSI, I have seen too many programs not clean up completely when uninstalled. That is not a fault of MSI, but the authors of the installer configuration.
MSI is actually a reasonable installer, however, it is not a software repository nor package manager, which the original poster was discussing. You cannot run MSI and ask it to display a list of word processing programs, for example. Nor can you query MSI and ask it who installed the file c:\winnt\system32\aaaamon.dll. These are questions that repositories (in the former) and package managers (in the latter) can answer. I would suggest using MSI as well (or NullSoft or any of the other good ones), for Windows software installers, however, it simply is not the tools which the OP was talking about.
I guess if the unit displayed any failure, it would be safer (and definitely quicker) to just replace the entire unit. I would have assumed they just put in a new unit and send the old one for repair, rather than discard the old unit.
However, the numbers just don't make sense to my frugal soul (from one who does not have umpteen million servers to manage).:-) Since the systems don't have cases and don't even need to be pulled from the rack to service, I would think these components could be easily & economically replaced:
A dead power supply seems pretty clear cut and would only require a few minutes to replace.
Bad RAM is a fairly easy diagnostic and again trivial to replace.
Any motherboard wierdness would justify pulling the unit, as it could be motherboard or CPU. (Presuming the RAM test showed nothing.)
Again, I'm assuming shared network storage and no local storage.
Of course, if the entire "computer" consists of the power supply, motherboard, CPU and RAM, there's not much there to repair. The power supply could simply be a connector off a larger power unit. So that leaves a motherboard/CPU pair and RAM. The former would be perhaps US$100 (depending on specs). The latter depends on size, but a 1GB-2GB would be US$100. (I'm assuming volume pricing, of course.)
Assuming typical repair and testing time would be a $105 for an hour (salary plus benefits plus overhead), then, I guess it does make sense to just discard the entire station. The old station might even be worth a bit to their computer recycler and defray the cost differential further.
> Good news -- my accountant recently told me that some computer equipment > is now three years. Check with yours to make sure I wasn't imagining things.
That would be good news. As I am my own accountant (private, not public), I'll have to check the newer rules with the IRS. As of the latest version of the IRS publication 946 ("How to Depreciate":
2. 5-year property. a. Automobiles, taxis, buses, and trucks. b. Computers and peripheral equipment.
This whole discussion is moot as Google simply does not have computers per se, just components. There are no cases, no monitors, just motherboards, CPUs, RAM and, maybe, storage. There's no reason for video, sound, peripherals either.
All of the components would be run until they fail. They would be not usable at that point. Nor would they be counted as a "computer," only an aggregate of parts. The failed component would be replaced and the rest kept on working until some other component fails. Effectively the "computers" would be immortal, but the components would be perpetually replaced.
> If the equipment is old, it's already depreciated and has no basis.
The only computer equipment which is old enough to be depreciated at Google would have had to have been purchased prior to 2001, since computer equipment has a 5 year depreciation schedule. As effective computer lifespans are considered three years among many IT folk, I doubt that a lot of the equipment is fully depreciated before it fails or is superceded by performance improvements. In which case, there is basis and the 21st Century Classrooms Act, signed into law as part of the Taxpayer Relief Act of 1997 (P.L. 105-34, Title II B, Sec. 224) comes into play to amplify the tax deduction.
Now, this is all assuming they capitalize the computers. While that would be how many businesses would treat them, Google might expense them. Google may well treat the computers as simply aggregates of spare parts.
There seems to be an assumption that computers are not simply refurbished by replacing any failing components, or broken down for spare parts, discarding the failed components. The accounting complexities of doing such for computers under depreciation boggles my mind, but that's what computers are for.
I doubt there are much in the way of failed "computers" at Google, but a lot of failed components. The components would typically be sent to a recycling firm, which either would be paid to take them away or would pay for the components if there was value to them.
My company only deals with thousands of computers, however, once salvagable components are removed & failed components are sent to recovery, there is little left except empty cases. The plastic components of which are typically waste and the metal is sent to a metal scrap yard when there's enough.
Since I can see little reason for Google to have cases per se (versus mounting brackets for raw components), I could easily imagine that Google doesn't have "computers" per se, but aggregates of motherboards, CPUs, RAM and storage. (If storage is shared, then not even that.)
So, this whole discussion may be moot as Google may simply not have computers per se, just components.
> even though the little padlock doesn't tell them anything about how their details are > stored on the receivers end, and that's probably a larger point of failure than a > man-in-the-middle attack
You are correct. Nor does it indicate whether they have a keylogger installed on their system either. So, you have two effectively untrusted ends and a secured channel between them, yielding, at best, a modest increase in security.
Encryption should almost be the default nowadays. That is completely separate from verification of the destination, however, and perhaps should never have been conflated with it. If certificates clearly indicated their level of verification (and, presumably, their security) ("drive-by" quickies being, say, amber through thoroughly verified certs backed by insurance being green) then perhaps the public would grasp that the padlock is not a simple on or off, but a range of trust.
Again, this doesn't ensure anything about the quality of security on the vendor's end at all, though perhaps it should. If these extended verification certificates can be dynamically changed if/when the vendor has a security breach, then that would be of value. So XYZ.com had a green certificate until they lost 150,000 credit cards from a dumpster dive and they now have a sickly yellow certificate until they pass a security audit and rectify the breach and consequences. That would be too much to hope for and, to be honest, would be damned expensive to implement. That is the level that banks, credit card companies, other financial institutions, governmental and medical records, and the like ought to employ, IMO. Requiring such for a mom & pop business selling jams and jellies would simply be overkill.
But, the new certificates don't appear to possess the range of nuances needed to express the range of trusts that are needed for the different sorts of activities.
I can incorporate a business in my state for US$115 with online forms. I don't know how quickly they issue a company number now, but before the Internet it took about a week. Other states & countries may be cheaper, easier and faster. So, it is easy to create a quick corporation. So I agree verification of corporate status is not useful. A D-U-N-S number (Dun & Bradstreet) takes no more than 30 days. It doesn't verify much information either from my last experience. Since phone services are fragmented (between VoIP and multiple providers), the presence or lack of a phone directory listing isn't definitive. For example, all my company's lines are VoIP based and we have no phone directory listing as we have no wired lines at all, however, we've been in business 25 years. A listed phone number could simply ring to a service, not indicating the validity of the business. Of course, I have not RTFA, so I don't know precisely what verification is going to be used. Simply using the incorporation is meaningless, as you said.
As said by others, these new certificates are simply the old certificates with the verification work done. The first SSL cert I purchased entailed several weeks of verification, a copy of business paperwork, calls from the certifcate authority to the office, personal identification, listed phone number, and such. It took two tries to get everything right. The last SSL cert took 15 minutes and only required an email account. This is inexcusable.
The certificate authorities are supposed to be involved in the business of trust. They fell down on the job. I do not know who opened the floodgates by first issuing these "drive-by" certificates. I know everyone followed suit because they would have lost business and consumers simply don't know better than to demand more.
The browser bar color change might help a little, but since most people don't even know that they are visiting a secured page now, I doubt it'll help few more people than those already in the know.
(I do technical support for a living, and have been explaining these issues since the secure web first emerged. I fully expect to receive a number of calls complaining about the changing color and asking for it to be fixed.)
Terminal Server Licenses do not come with Windows XP when you are using Terminal Server on Windows Server 2003. That was true on Windows Server 2000, but even that ended about a year ago. You need to buy a client license for each user, irrespective of what operating system (Windows XP or Linux) they are running for any version of Terminal Server now.
> IBM (now Lenovo) laptops do indeed check for a list of approved PCI IDs at > boot-time. As an ex-IBMer I tend to think this has little to do with FCC > compliance and more to do with simple economics.
That's a reasonable explanation too, however, the IBM tech I spoke with said it was a FCC rule that was the source of the list.
I first encountered the issue when a client bought a wireless mini-pci card from IBM for an IBM laptop. Upon installation the laptop failed to boot and reported the 1802 error. Calling IBM elicited the explanation it was a FCC issue which required the restriction in the first place, but the solution in this instance was to update the BIOS in the IBM laptop to support the newer mini-pci ID. A bit of subsequent research found several other folk who had apparently been told the same thing by IBM about the FCC, so I took it as a given.
Later I encountered the same problem when using an Intel mini-pci card purchased from a non-IBM vendor. The Intel card was exactly the same model as the one IBM was selling (for considerably more money), however, it did not work. So, IBM's version of the same Intel model was different in some manner. I was a bit surprised that the Intel version was so different than the IBM one. Interestingly enough, once I patched the IBM BIOS to make the Intel card work, the IBM wireless antenna light did not work. So, the IBM version had been modified to provide additional signalling that the Intel version did not support. I felt this offered some confirmation of the FCC story.
It could just as well be support costs, proprietary lock-in, or added features to a otherwise standard card, rather than the FCC. Since no other vendor interprets those regulations in the same manner, I do start to doubt IBM's FCC explanation.
> Another possible answer could be that not all vendors agree > on the interpretation of the requirements.
Likely this is true.
In the case of IBM (now Lenovo), their laptops will not boot with a non-IBM-certified wireless mini-PCI card in the system. Their interpretation of the FCC regulations is that the complete laptop, with wireless card, is FCC-certified. Installing a different wireless card, even though it is a standard component, even from IBM itself, and has been FCC-certified by itself, in IBM's opinion, makes the entire laptop no longer certified. Therefore, they must prevent the now non-certified laptop from working so as to meet FCC compliance.
It is a singular interpretation of the rules, as far as I know. There is a simple third-party fix to poke a byte to disable the check, so it can be worked around, but is still aggravating.
While a bit off-topic to wireless drivers, this example shows that the rules are subject to such extreme interpretation. I can easily see the legal department of Intel, et al, deciding some rule would break FCC compliance and thus preventing open sourcing the driver or even making the specifications available.
As many have posted already, having a friend or relative either housesit or periodically check can be the best non-tech solution. When I had to be away for an extended time, I had an old friend live in my house, which worked out well.
Another time, I drained the pipes and radiators, opened the faucets, cancelled the mail and papers, disconnected the power and gave the keys to a neighbor. (I am a trusting soul and lived in an area where trusting your neighbor is perfectly sensible.) That also worked fine, though the house was quite musty when I returned.
Obviously those solutions depend on your area and level of trust. New England ranges from urban and such concerns to the Great Northern Woods, where your concerns would mainly be bears, heavy snow and extended power loss. I knew someone in the northern woods who simply had the local snowmobile club stop by when they were grooming the trails. It all depends on your circumstances.
Tech
In other circumstances, I've also used monitoring equipment from SmartHome (http://www.smarthome.com/), which has a good selection of various detectors (including freeze, water, alarm, fire, etc.), phone dialers, and Internet-accessible home automation/control solutions.
I've devised and assembled functional solutions for a friend's house and for a museum for which I was the curator for a time. In the former instance, simulated lighting patterns, temperature & water monitor, and two webcams (one pointed to the driveway to make sure the snowplow guy came by:-) worked fine. (Of course, stopping the mail, papers and milk is mandatory.) For the museum, it was simply to call me if any of the sensors went off or out of range. There was no Internet service there. This was adequate. The Sensaphone, which others have mentioned, is a good choice for that scenario.
Many enterprises erase whatever is on the new computer just purchased and replace it with their standardized image. So, the system might officially have had Vista on it, but it may well be running Windows 2000.
Those systems would be counted as being Vista, in the marketing figures, as that was how it was sold. How it is used is irrelevant to marketing in this case.
Um, Windows 2000 security updates are still being supported by Microsoft, contrary to your claim. From Microsoft's life cycle website: "Microsoft will not accept requests for warranty support, design changes, or new features during the Extended support phase. We will of course continue to keep our Windows 2000 SP4 customers secure with security updates through the life of Windows 2000 (through 2010)."
So Windows 2000 security updates will be available for the next four years, which likely exceeds the presumed lifespan for the systems. Rather than going through an OS upgrade, followed by another one, the original poster has actually saved the client money.
Further, Windows 2000 is widely supported throughout the industry. We support thousands of Windows 2000 stations currently.
> you need to have clearly outlined objectives for the students to learn so that you > can determine if your hardware/software will meet those needs.
Absolutely!
The OS, software and hardware doesn't even begin to play a part if there is no plan on what to teach, and understanding by the teacher of what tools are available and what the limitations are.
This is true whether the OS is Linux, OS X, Windows or whatever.
> The main trick is just to speak like a normal human, and > use analogies instead of technical terms
Absolutely true. I've been doing tech support for closing on 30 years. (Which includes being a programmer, database administrator, sysadmin & accountant, among many various other roles.)
Dealing with people is one of the more challenging and interesting parts of it. From the beginning, I realized I needed to speak geek to geeks and try to speak normally to everyone else. That has served me well. That, and treating everyone as a potential friend. For those who feel more comfortable being involved, I treat them as potential partners in solving their problem. For those who prefer to know nothing but that it works, I keep it simple and succint.
As I think in analogies, using analogies is quite natural to me. I have created, however, some really strained ones trying to explain something deeply technical to a non-technical person. I have learned that at some point the analogies break down and it is often better to simply say it is "magic," or allow someone's misconceptions, than to explain further. Not correcting fundamental misunderstandings is difficult for me, but, as long as they don't harm the solution, leaving them is usually better than overloading someone beyond their technical level.
Being able to apply business knowledge, as well as technical knowledge, can be crucial at times. Sometimes saying there is no economical technical solution, is the best technical solution.
Most importantly, more than business or technical knowledge, is to not betray their trust and keep their confidence.
I arrived at a client site once to overhear someone saying "Oh God! Oh God! The computers are down!" just as I opened the door. Someone else immediately piped up with "Your prayers have been answered. Here He is!"
I just smiled benignly.
Much laughter ensued.
Over the last three decades of computer work, I have been called wizard, guru, and god - as well as Dan, Dan, the Computer Man, to balance out that ego inflation. I have never been called nerd or geek, though I have used those terms myself among other tech folk.
Our ballots sometimes are beyond the point of unwieldiness. We sometimes have town, county, school administrative unit, party primary, state and federal votes as well as constitutional amendments. Usually not on all the same day, I admit. There is something surreal, however, about deciding on who is going to run for President of the country at the same time as whether we want to amend zoning to let Ken at the corner move his driveway.
Our sensemarks do work well in general, but you get some folk who mark one choice, "X" it out and then mark the other. The machine reader obviously can't handle those. The folk are supposed to go get another ballot to replace the spoiled one, but, human nature being what it is, they sometimes don't. (After answering 43 questions well and botching one, I can sympathize.) Those unintelligble questions are dropped from the count, but the rest of the votes are counted. In a tight vote, you have people read the ballots and try to determine the intent of such bad markings. That's where the problems can arise.
Electronic voting (done right, with a paper trail) could alleviate that exercise by printing clear, machine & human readable ballots, with no question as to what choice was printed (and giving the voter a chance to confirm what was printed is what they chose). Being able to randomize the names on the ballot to prevent the primacy effect (voting for the first names seen or recognized) is in another benefit. To be honest, those are about it, in my mind. Our town moderator thought I'd be in favor of computerized voting (as he called it). I rather surprised him by disagreeing. Even two decades ago, I felt the problems could well overweight the benefits. Though I did welcome the sensemark machines.
Absolutely. Most of the towns I've voted in in my area used sensemark ballots. You mark the paper ballot(s) and feed it into the machine (face down) under the eye of the observers. The machine tabulates them and physically secures the paper ballots in its base. The paper ballots are the real votes. The machine is just a quick way to count them. In a recount, the paper ballots are what are counted - not the machine tabulation.
> I do believe that a typical visit to the polls for our American cousins involves more than the greatly > simplified answering of exactly one question we do here ("which candidate do you like for the job you're voting > on")
In one election I had 17 double-sided, legal-sized pages worth of ballots. I think it was five different ballots. I've forgotten the number of choices to make. The piece of paper would have needed to be 40 feet (12 meters) long.
> 1. One piece of paper as long as required. Alphabetically.
In the state of New Hampshire, alphabetical listing is no longer acceptable. Each candidate is supposed to get equal access. Those earlier in the alphabet actually have a higher chance of being elected. We also had a problem due to the last winning party being at the top of the ballot, which is also no longer acceptable for the same reason.
Regarding the length of ballot, in one election I had 17 pages (most double-sided, all but one legal-sized) worth of material to read and choices to make. So, the ballot would have needed to be 476" (1190 cm) long, that is about 40' (12 m).
> 2. An X is an X. A dash is not an X > Other markings invalidate the ballot.
The entire ballot, or just that one choice?
> 3. You are only given one ballot, you can only cast one ballot. > They watch you put it in the box (it is folded first)
Uh, the 17 pages mentioned above. I had 17 pages (maybe 5 ballots, I forget) to cast that election. My town used sensemark (a great technology for the purpose, IMHO - quick counts, verifiable paper ballots in case). It would have been easy to add another ballot to that bunch (or for that matter to misfeed in two at once). Though either ought to have been caught on the totals; if 4000 people voted, there ought to be 4000 voters counted and 68,000 pages worth of ballots.
I've used FileMaker quite successfully for many years. It is simple enough for most folk, but extensible. It can store pictures and other binary data. The web interface can be customized. User level access control is built-in. It runs under Windows and Mac and in Wine under Linux. Databases can be migrated to a FileMaker Server, if they go beyond the standalone limits (10 simultaneous users, typically). There's also a compiler to create standalone applications from databases, without needing a license per user.
All in all, FileMaker is a great tool for this sort of thing.
Technically USB was designed to provide power, however, the limitations do preclude supporting many devices, since there is a 500mA limit for "high power" devices. Many devices need more than that. A group of devices would likely draw more than the source could provide, in any event. So, I agree USB is not a viable power distribution option.
> I sit corrected. However, I don't feel that calling 911 to see if your VoIP > is working is tantamount to pulling a fire-alarm in an apartment building > (to me that would be a "flagrant false alarm"). In Maryland it is only a > fine 'after' the third occurrence of your house alarm going off with the > police responding.
My main point was that it varies with jurisdiction. Rather than just calling 911 and maybe getting in trouble, calling the dispatchers on their non-emergency number FIRST would be a good idea. That's all.
> Do I think it's the right thing to do? No. Do I think it's right to ensure > that my parent's safety is assured? Yes! I don't trust the VoIP providers to > tell the truth, and I don't feel that that the 911 number that my parents > call will get them to the correct Fire/Police/Emergency contact.
Again, calling the dispatchers first was my point. Not that testing was a bad idea. Only that calling them first on a non-emergency number was, at the least, polite and might save them and you some hassle. I think testing 911 is a good idea - for landlines as well as VOIP.
My state deployed E911 service (and for that matter 911 in some towns) fairly recently. In many towns until quite recently 911 didn't work. You called the police station or the fire station or the emergency dispatch number for your town. In my home town, you called Florence at xxx-2323. She called whomever needed to come. She was the town dispatcher for about 50 years until 911 came in maybe 10 years ago.
When 911 was being deployed throughout the state, it was a good idea to test it from the landlines. Sometimes the E911 database had errors. A lot of towns needed to change similar sounding road names. In some towns they had to assign road names in the first place.
> Sure, they can call the local folks, but how do the local folks know what > address is going to show up on the 911 screen?
The way E911 works around here is that it routes the call to the local folks. (Presuming there is local police or fire service, if not, then it goes to the state police or the rangers.) Perhaps it is different in other areas. If not, how do the local police or fire know where to go? By calling the police first, then testing 911, they'll be expecting a call from you and can confirm they got the right address. Which was my point to belabor it once more.:-)
> There is a lot of info that you can give the 911 operator to appease > them--without having any response.
Again, it depends on the jurisdiction. It some areas they must, by law, roll a car to check it out. No matter what you say. By giving them warning FIRST, then common sense can apply, rather than the law.
> However there needs to be some reasonable > understanding on both sides.
Absolutely. By giving them the courtesy of notice, I believe they'd be understanding. In many areas, they'd be understanding anyways. As the earlier poster said, in his jurisdiction, they are not understanding.
> We do pay for the service after all (taxes, > phone/cell phone surcharges)......Check your bill on both.
Actually, I do not have a landline and have not for several years, but the landlines did have a e911 surcharge. So does my cell phone bill.
> I'm sure there's already a 911 charge in there for VoIP service too...
Uh, no. I did check my bill. None of the VOIP providers pay into the e911 fund at least in my state (New Hampshire). They are not tariffed (at all, in fact) the same as landlines & cell phones, which do pay in. That may vary from state to state.
Slashdot Mirror
Well, I was wrong in part. The OP was discussing an installer too. I had skimmed RTFA in the morning and replied in the evening having forgotten the details. Poor form on my part.
MSI would be a reasonable tool for that. Making the installer also uninstall all the bits would be important. Even with MSI, I have seen too many programs not clean up completely when uninstalled. That is not a fault of MSI, but the authors of the installer configuration.
MSI is actually a reasonable installer, however, it is not a software repository nor package manager, which the original poster was discussing. You cannot run MSI and ask it to display a list of word processing programs, for example. Nor can you query MSI and ask it who installed the file c:\winnt\system32\aaaamon.dll. These are questions that repositories (in the former) and package managers (in the latter) can answer. I would suggest using MSI as well (or NullSoft or any of the other good ones), for Windows software installers, however, it simply is not the tools which the OP was talking about.
I guess if the unit displayed any failure, it would be safer (and definitely quicker) to just replace the entire unit. I would have assumed they just put in a new unit and send the old one for repair, rather than discard the old unit.
:-) Since the systems don't have cases and don't even need to be pulled from the rack to service, I would think these components could be easily & economically replaced:
However, the numbers just don't make sense to my frugal soul (from one who does not have umpteen million servers to manage).
A dead power supply seems pretty clear cut and would only require a few minutes to replace.
Bad RAM is a fairly easy diagnostic and again trivial to replace.
Any motherboard wierdness would justify pulling the unit, as it could be motherboard or CPU. (Presuming the RAM test showed nothing.)
Again, I'm assuming shared network storage and no local storage.
Of course, if the entire "computer" consists of the power supply, motherboard, CPU and RAM, there's not much there to repair. The power supply could simply be a connector off a larger power unit. So that leaves a motherboard/CPU pair and RAM. The former would be perhaps US$100 (depending on specs). The latter depends on size, but a 1GB-2GB would be US$100. (I'm assuming volume pricing, of course.)
Assuming typical repair and testing time would be a $105 for an hour (salary plus benefits plus overhead), then, I guess it does make sense to just discard the entire station. The old station might even be worth a bit to their computer recycler and defray the cost differential further.
I guess I'm persuaded now.
> Good news -- my accountant recently told me that some computer equipment
> is now three years. Check with yours to make sure I wasn't imagining things.
That would be good news. As I am my own accountant (private, not public), I'll have to check the newer rules with the IRS. As of the latest version of the IRS publication 946 ("How to Depreciate":
2. 5-year property.
a. Automobiles, taxis, buses, and trucks.
b. Computers and peripheral equipment.
There is nothing to sell.
This whole discussion is moot as Google simply does not have computers per se, just components. There are no cases, no monitors, just motherboards, CPUs, RAM and, maybe, storage. There's no reason for video, sound, peripherals either.
All of the components would be run until they fail. They would be not usable at that point. Nor would they be counted as a "computer," only an aggregate of parts. The failed component would be replaced and the rest kept on working until some other component fails. Effectively the "computers" would be immortal, but the components would be perpetually replaced.
> If the equipment is old, it's already depreciated and has no basis.
The only computer equipment which is old enough to be depreciated at Google would have had to have been purchased prior to 2001, since computer equipment has a 5 year depreciation schedule. As effective computer lifespans are considered three years among many IT folk, I doubt that a lot of the equipment is fully depreciated before it fails or is superceded by performance improvements. In which case, there is basis and the 21st Century Classrooms Act, signed into law as part of the Taxpayer Relief Act of 1997 (P.L. 105-34, Title II B, Sec. 224) comes into play to amplify the tax deduction.
Now, this is all assuming they capitalize the computers. While that would be how many businesses would treat them, Google might expense them. Google may well treat the computers as simply aggregates of spare parts.
There seems to be an assumption that computers are not simply refurbished by replacing any failing components, or broken down for spare parts, discarding the failed components. The accounting complexities of doing such for computers under depreciation boggles my mind, but that's what computers are for.
I doubt there are much in the way of failed "computers" at Google, but a lot of failed components. The components would typically be sent to a recycling firm, which either would be paid to take them away or would pay for the components if there was value to them.
My company only deals with thousands of computers, however, once salvagable components are removed & failed components are sent to recovery, there is little left except empty cases. The plastic components of which are typically waste and the metal is sent to a metal scrap yard when there's enough.
Since I can see little reason for Google to have cases per se (versus mounting brackets for raw components), I could easily imagine that Google doesn't have "computers" per se, but aggregates of motherboards, CPUs, RAM and storage. (If storage is shared, then not even that.)
So, this whole discussion may be moot as Google may simply not have computers per se, just components.
> even though the little padlock doesn't tell them anything about how their details are
> stored on the receivers end, and that's probably a larger point of failure than a
> man-in-the-middle attack
You are correct. Nor does it indicate whether they have a keylogger installed on their system either. So, you have two effectively untrusted ends and a secured channel between them, yielding, at best, a modest increase in security.
Encryption should almost be the default nowadays. That is completely separate from verification of the destination, however, and perhaps should never have been conflated with it. If certificates clearly indicated their level of verification (and, presumably, their security) ("drive-by" quickies being, say, amber through thoroughly verified certs backed by insurance being green) then perhaps the public would grasp that the padlock is not a simple on or off, but a range of trust.
Again, this doesn't ensure anything about the quality of security on the vendor's end at all, though perhaps it should. If these extended verification certificates can be dynamically changed if/when the vendor has a security breach, then that would be of value. So XYZ.com had a green certificate until they lost 150,000 credit cards from a dumpster dive and they now have a sickly yellow certificate until they pass a security audit and rectify the breach and consequences. That would be too much to hope for and, to be honest, would be damned expensive to implement. That is the level that banks, credit card companies, other financial institutions, governmental and medical records, and the like ought to employ, IMO. Requiring such for a mom & pop business selling jams and jellies would simply be overkill.
But, the new certificates don't appear to possess the range of nuances needed to express the range of trusts that are needed for the different sorts of activities.
Trust is not a binary function. It is a spectrum.
I can incorporate a business in my state for US$115 with online forms. I don't know how quickly they issue a company number now, but before the Internet it took about a week. Other states & countries may be cheaper, easier and faster. So, it is easy to create a quick corporation. So I agree verification of corporate status is not useful. A D-U-N-S number (Dun & Bradstreet) takes no more than 30 days. It doesn't verify much information either from my last experience. Since phone services are fragmented (between VoIP and multiple providers), the presence or lack of a phone directory listing isn't definitive. For example, all my company's lines are VoIP based and we have no phone directory listing as we have no wired lines at all, however, we've been in business 25 years. A listed phone number could simply ring to a service, not indicating the validity of the business. Of course, I have not RTFA, so I don't know precisely what verification is going to be used. Simply using the incorporation is meaningless, as you said.
As said by others, these new certificates are simply the old certificates with the verification work done. The first SSL cert I purchased entailed several weeks of verification, a copy of business paperwork, calls from the certifcate authority to the office, personal identification, listed phone number, and such. It took two tries to get everything right. The last SSL cert took 15 minutes and only required an email account. This is inexcusable.
The certificate authorities are supposed to be involved in the business of trust. They fell down on the job. I do not know who opened the floodgates by first issuing these "drive-by" certificates. I know everyone followed suit because they would have lost business and consumers simply don't know better than to demand more.
The browser bar color change might help a little, but since most people don't even know that they are visiting a secured page now, I doubt it'll help few more people than those already in the know.
(I do technical support for a living, and have been explaining these issues since the secure web first emerged. I fully expect to receive a number of calls complaining about the changing color and asking for it to be fixed.)
Terminal Server Licenses do not come with Windows XP when you are using Terminal Server on Windows Server 2003. That was true on Windows Server 2000, but even that ended about a year ago. You need to buy a client license for each user, irrespective of what operating system (Windows XP or Linux) they are running for any version of Terminal Server now.
> IBM (now Lenovo) laptops do indeed check for a list of approved PCI IDs at
> boot-time. As an ex-IBMer I tend to think this has little to do with FCC
> compliance and more to do with simple economics.
That's a reasonable explanation too, however, the IBM tech I spoke with said it was a FCC rule that was the source of the list.
I first encountered the issue when a client bought a wireless mini-pci card from IBM for an IBM laptop. Upon installation the laptop failed to boot and reported the 1802 error. Calling IBM elicited the explanation it was a FCC issue which required the restriction in the first place, but the solution in this instance was to update the BIOS in the IBM laptop to support the newer mini-pci ID. A bit of subsequent research found several other folk who had apparently been told the same thing by IBM about the FCC, so I took it as a given.
Later I encountered the same problem when using an Intel mini-pci card purchased from a non-IBM vendor. The Intel card was exactly the same model as the one IBM was selling (for considerably more money), however, it did not work. So, IBM's version of the same Intel model was different in some manner. I was a bit surprised that the Intel version was so different than the IBM one. Interestingly enough, once I patched the IBM BIOS to make the Intel card work, the IBM wireless antenna light did not work. So, the IBM version had been modified to provide additional signalling that the Intel version did not support. I felt this offered some confirmation of the FCC story.
It could just as well be support costs, proprietary lock-in, or added features to a otherwise standard card, rather than the FCC. Since no other vendor interprets those regulations in the same manner, I do start to doubt IBM's FCC explanation.
> Another possible answer could be that not all vendors agree
> on the interpretation of the requirements.
Likely this is true.
In the case of IBM (now Lenovo), their laptops will not boot with a non-IBM-certified wireless mini-PCI card in the system. Their interpretation of the FCC regulations is that the complete laptop, with wireless card, is FCC-certified. Installing a different wireless card, even though it is a standard component, even from IBM itself, and has been FCC-certified by itself, in IBM's opinion, makes the entire laptop no longer certified. Therefore, they must prevent the now non-certified laptop from working so as to meet FCC compliance.
It is a singular interpretation of the rules, as far as I know. There is a simple third-party fix to poke a byte to disable the check, so it can be worked around, but is still aggravating.
While a bit off-topic to wireless drivers, this example shows that the rules are subject to such extreme interpretation. I can easily see the legal department of Intel, et al, deciding some rule would break FCC compliance and thus preventing open sourcing the driver or even making the specifications available.
As many have posted already, having a friend or relative either housesit or periodically check can be the best non-tech solution. When I had to be away for an extended time, I had an old friend live in my house, which worked out well.
Another time, I drained the pipes and radiators, opened the faucets, cancelled the mail and papers, disconnected the power and gave the keys to a neighbor. (I am a trusting soul and lived in an area where trusting your neighbor is perfectly sensible.) That also worked fine, though the house was quite musty when I returned.
Obviously those solutions depend on your area and level of trust. New England ranges from urban and such concerns to the Great Northern Woods, where your concerns would mainly be bears, heavy snow and extended power loss. I knew someone in the northern woods who simply had the local snowmobile club stop by when they were grooming the trails. It all depends on your circumstances.
Tech
In other circumstances, I've also used monitoring equipment from SmartHome (http://www.smarthome.com/), which has a good selection of various detectors (including freeze, water, alarm, fire, etc.), phone dialers, and Internet-accessible home automation/control solutions.
I've devised and assembled functional solutions for a friend's house and for a museum for which I was the curator for a time. In the former instance, simulated lighting patterns, temperature & water monitor, and two webcams (one pointed to the driveway to make sure the snowplow guy came by :-) worked fine. (Of course, stopping the mail, papers and milk is mandatory.) For the museum, it was simply to call me if any of the sensors went off or out of range. There was no Internet service there. This was adequate. The Sensaphone, which others have mentioned, is a good choice for that scenario.
Many enterprises erase whatever is on the new computer just purchased and replace it with their standardized image. So, the system might officially have had Vista on it, but it may well be running Windows 2000.
Those systems would be counted as being Vista, in the marketing figures, as that was how it was sold. How it is used is irrelevant to marketing in this case.
Um, Windows 2000 security updates are still being supported by Microsoft, contrary to your claim. From Microsoft's life cycle website:
"Microsoft will not accept requests for warranty support, design changes, or new features during the Extended support phase. We will of course continue to keep our Windows 2000 SP4 customers secure with security updates through the life of Windows 2000 (through 2010)."
So Windows 2000 security updates will be available for the next four years, which likely exceeds the presumed lifespan for the systems. Rather than going through an OS upgrade, followed by another one, the original poster has actually saved the client money.
Further, Windows 2000 is widely supported throughout the industry. We support thousands of Windows 2000 stations currently.
> you need to have clearly outlined objectives for the students to learn so that you
> can determine if your hardware/software will meet those needs.
Absolutely!
The OS, software and hardware doesn't even begin to play a part if there is no plan on what to teach, and understanding by the teacher of what tools are available and what the limitations are.
This is true whether the OS is Linux, OS X, Windows or whatever.
> The main trick is just to speak like a normal human, and
> use analogies instead of technical terms
Absolutely true. I've been doing tech support for closing on 30 years. (Which includes being a programmer, database administrator, sysadmin & accountant, among many various other roles.)
Dealing with people is one of the more challenging and interesting parts of it. From the beginning, I realized I needed to speak geek to geeks and try to speak normally to everyone else. That has served me well. That, and treating everyone as a potential friend. For those who feel more comfortable being involved, I treat them as potential partners in solving their problem. For those who prefer to know nothing but that it works, I keep it simple and succint.
As I think in analogies, using analogies is quite natural to me. I have created, however, some really strained ones trying to explain something deeply technical to a non-technical person. I have learned that at some point the analogies break down and it is often better to simply say it is "magic," or allow someone's misconceptions, than to explain further. Not correcting fundamental misunderstandings is difficult for me, but, as long as they don't harm the solution, leaving them is usually better than overloading someone beyond their technical level.
Being able to apply business knowledge, as well as technical knowledge, can be crucial at times. Sometimes saying there is no economical technical solution, is the best technical solution.
Most importantly, more than business or technical knowledge, is to not betray their trust and keep their confidence.
Good luck with your venture.
I arrived at a client site once to overhear someone saying "Oh God! Oh God! The computers are down!" just as I opened the door. Someone else immediately piped up with "Your prayers have been answered. Here He is!"
I just smiled benignly.
Much laughter ensued.
Over the last three decades of computer work, I have been called wizard, guru, and god - as well as Dan, Dan, the Computer Man, to balance out that ego inflation. I have never been called nerd or geek, though I have used those terms myself among other tech folk.
Sounds simple and straightforward.
Our ballots sometimes are beyond the point of unwieldiness. We sometimes have town, county, school administrative unit, party primary, state and federal votes as well as constitutional amendments. Usually not on all the same day, I admit. There is something surreal, however, about deciding on who is going to run for President of the country at the same time as whether we want to amend zoning to let Ken at the corner move his driveway.
Our sensemarks do work well in general, but you get some folk who mark one choice, "X" it out and then mark the other. The machine reader obviously can't handle those. The folk are supposed to go get another ballot to replace the spoiled one, but, human nature being what it is, they sometimes don't. (After answering 43 questions well and botching one, I can sympathize.) Those unintelligble questions are dropped from the count, but the rest of the votes are counted. In a tight vote, you have people read the ballots and try to determine the intent of such bad markings. That's where the problems can arise.
Electronic voting (done right, with a paper trail) could alleviate that exercise by printing clear, machine & human readable ballots, with no question as to what choice was printed (and giving the voter a chance to confirm what was printed is what they chose). Being able to randomize the names on the ballot to prevent the primacy effect (voting for the first names seen or recognized) is in another benefit. To be honest, those are about it, in my mind. Our town moderator thought I'd be in favor of computerized voting (as he called it). I rather surprised him by disagreeing. Even two decades ago, I felt the problems could well overweight the benefits. Though I did welcome the sensemark machines.
> The machine must not be the vote.
Absolutely. Most of the towns I've voted in in my area used sensemark ballots. You mark the paper ballot(s) and feed it into the machine (face down) under the eye of the observers. The machine tabulates them and physically secures the paper ballots in its base. The paper ballots are the real votes. The machine is just a quick way to count them. In a recount, the paper ballots are what are counted - not the machine tabulation.
> I do believe that a typical visit to the polls for our American cousins involves more than the greatly
> simplified answering of exactly one question we do here ("which candidate do you like for the job you're voting
> on")
In one election I had 17 double-sided, legal-sized pages worth of ballots. I think it was five different ballots. I've forgotten the number of choices to make. The piece of paper would have needed to be 40 feet (12 meters) long.
> 1. One piece of paper as long as required. Alphabetically.
In the state of New Hampshire, alphabetical listing is no longer acceptable. Each candidate is supposed to get equal access. Those earlier in the alphabet actually have a higher chance of being elected. We also had a problem due to the last winning party being at the top of the ballot, which is also no longer acceptable for the same reason.
Regarding the length of ballot, in one election I had 17 pages (most double-sided, all but one legal-sized) worth of material to read and choices to make. So, the ballot would have needed to be 476" (1190 cm) long, that is about 40' (12 m).
> 2. An X is an X. A dash is not an X
> Other markings invalidate the ballot.
The entire ballot, or just that one choice?
> 3. You are only given one ballot, you can only cast one ballot.
> They watch you put it in the box (it is folded first)
Uh, the 17 pages mentioned above. I had 17 pages (maybe 5 ballots, I forget) to cast that election. My town used sensemark (a great technology for the purpose, IMHO - quick counts, verifiable paper ballots in case). It would have been easy to add another ballot to that bunch (or for that matter to misfeed in two at once). Though either ought to have been caught on the totals; if 4000 people voted, there ought to be 4000 voters counted and 68,000 pages worth of ballots.
I've used FileMaker quite successfully for many years. It is simple enough for most folk, but extensible. It can store pictures and other binary data. The web interface can be customized. User level access control is built-in. It runs under Windows and Mac and in Wine under Linux. Databases can be migrated to a FileMaker Server, if they go beyond the standalone limits (10 simultaneous users, typically). There's also a compiler to create standalone applications from databases, without needing a license per user.
All in all, FileMaker is a great tool for this sort of thing.
Technically USB was designed to provide power, however, the limitations do preclude supporting many devices, since there is a 500mA limit for "high power" devices. Many devices need more than that. A group of devices would likely draw more than the source could provide, in any event. So, I agree USB is not a viable power distribution option.
http://www.usbdeveloper.com/UnderstandUSB/underst> I sit corrected. However, I don't feel that calling 911 to see if your VoIP
:-)
> is working is tantamount to pulling a fire-alarm in an apartment building
> (to me that would be a "flagrant false alarm"). In Maryland it is only a
> fine 'after' the third occurrence of your house alarm going off with the
> police responding.
My main point was that it varies with jurisdiction. Rather than just calling 911 and maybe getting in trouble, calling the dispatchers on their non-emergency number FIRST would be a good idea. That's all.
> Do I think it's the right thing to do? No. Do I think it's right to ensure
> that my parent's safety is assured? Yes! I don't trust the VoIP providers to
> tell the truth, and I don't feel that that the 911 number that my parents
> call will get them to the correct Fire/Police/Emergency contact.
Again, calling the dispatchers first was my point. Not that testing was a bad idea. Only that calling them first on a non-emergency number was, at the least, polite and might save them and you some hassle. I think testing 911 is a good idea - for landlines as well as VOIP.
My state deployed E911 service (and for that matter 911 in some towns) fairly recently. In many towns until quite recently 911 didn't work. You called the police station or the fire station or the emergency dispatch number for your town. In my home town, you called Florence at xxx-2323. She called whomever needed to come. She was the town dispatcher for about 50 years until 911 came in maybe 10 years ago.
When 911 was being deployed throughout the state, it was a good idea to test it from the landlines. Sometimes the E911 database had errors. A lot of towns needed to change similar sounding road names. In some towns they had to assign road names in the first place.
> Sure, they can call the local folks, but how do the local folks know what
> address is going to show up on the 911 screen?
The way E911 works around here is that it routes the call to the local folks. (Presuming there is local police or fire service, if not, then it goes to the state police or the rangers.) Perhaps it is different in other areas. If not, how do the local police or fire know where to go? By calling the police first, then testing 911, they'll be expecting a call from you and can confirm they got the right address. Which was my point to belabor it once more.
> There is a lot of info that you can give the 911 operator to appease
> them--without having any response.
Again, it depends on the jurisdiction. It some areas they must, by law, roll a car to check it out. No matter what you say. By giving them warning FIRST, then common sense can apply, rather than the law.
> However there needs to be some reasonable
> understanding on both sides.
Absolutely. By giving them the courtesy of notice, I believe they'd be understanding. In many areas, they'd be understanding anyways. As the earlier poster said, in his jurisdiction, they are not understanding.
> We do pay for the service after all (taxes,
> phone/cell phone surcharges)......Check your bill on both.
Actually, I do not have a landline and have not for several years, but the landlines did have a e911 surcharge. So does my cell phone bill.
> I'm sure there's already a 911 charge in there for VoIP service too...
Uh, no. I did check my bill. None of the VOIP providers pay into the e911 fund at least in my state (New Hampshire). They are not tariffed (at all, in fact) the same as landlines & cell phones, which do pay in. That may vary from state to state.