Slashdot Mirror


User: Rich0

Rich0's activity in the archive.

Stories
0
Comments
11,574
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,574

  1. Re:Security and Market Dominance by Obscurity on Scores of Vulnerable SAP Deployments Uncovered · · Score: 2

    Who uses it?

    Anybody who hasn't figured out how to avoid it. Unfortunately that usually ends up being most of the company. At my workplace SAP does everything from payroll to expenses to customs.

    SAP's main advantage is in all its integration. That's about its only advantage. Any individual task done by SAP is usually better-done by something else which leads to endless frustration. The advantage it has is that if I want to get reimbursed for a drive to a meeting I can charge the money to a specific subtask of a project which is tied to an investment that was approved which is tied to the general ledger. If I bought an extra bag of pretzels which wasn't opened I could in theory still be reimbursed for it and then put it into inventory and then whatever project takes it out of inventory gets charged for the pretzels. Oh, and if somebody decided to mail that bag of pretzels to mexico the system would know exactly how much was paid for it and fill out the customs declaration appropriately.

    Of course, nobody actually does all of that, but those kinds of features do come in handy in actual manufacturing.

    The big push for ERP solutions came after Sarbanes-Oxley due to the demanded rigor on accounting. Previously it was spreadsheets all the way down and nothing ever added up (you can't keep 47,000 spreadsheets in sync no matter how hard you try).

    Personally, I avoid it like the plague.

  2. Re:Color me surprised... on Scores of Vulnerable SAP Deployments Uncovered · · Score: 3, Insightful

    I think they're some sort of brokerage house that manages and markets buzzwords.

    ++

    They don't sell software - they sell a vision for your business. They don't sell it to anybody but the CEO.

    They're also a classical example of how the usual RFP process fails. If you give me a list of 500 arbitrary requirements and ask "can SAP do this?" the answer is almost certainly yes. Go ahead and put landing a man on the moon on that list of requirements and the answer still is yes. The problem is that in order to do even the most trivial functions your employees will be exposed to something that almost outdoes the airline industry in terms of arcanity. For various reasons you're not allowed to put on the RFP the question "can your system be operated by anybody other than an SAP developer without first training them to be an SAP developer?"

    This is a common failing in large systems. The only metric is checking all the boxes, so all the boxes get checked, and we don't even bother to deliver usability let alone try to measure it.

  3. Re:I can explain on Scores of Vulnerable SAP Deployments Uncovered · · Score: 2

    One of the people who did interviewing later wanted one of his standard letters -- emailed as a PDF routinely -- to have yellow hilighting applied to an important sentence. He asked the vendor to make that change...The vendor came back with a proposed work order for six hours of programmer time at $200/hour to make that change.

    That seems awfully cheap, frankly. Maybe it was just the incremental cost to add it to an already-planned release.

    When you're messing with software at this scale 95% of the effort goes into making sure that you don't break it, and documentation. Changing the report file probably takes 5 minutes, and then the rest of the time is writing the requirements, reviewing the prototype, having a PM check that it was done on time, writing up the system/acceptance tests, testing that all the other 47 requirements for that report are still met, writing up the install script and updating the install package, scheduling the downtime for the upgrade, updating the servers (likely on a weekend - oh and don't forget you have to do it once for your test instance as well), etc.

    On large transactional systems I support we typically queue up requests for trivial changes like these until the report needs some major functional change, and then overhaul the report all at once. Otherwise you end up spending 98% of your money on overhead. There is no such thing as a simple change on a big system.

  4. Re:How many times does it need to be repeated ? on Supreme Court Decides Your Silence May Be Used Against You · · Score: 4, Interesting

    Can you outline the differences in scope / freedom between being detained and under arrest?

    I am not a laywer, but I was once on a jury which had to determine whether a man had been arrested without probable cause which basically hung on this very question (got to hear really interesting expert testimony from several police consultants).

    Suppose you're walking down the street, and a police car drives by and notices that your appearance and attire matches those of a suspect in a recent and nearby serious crime. The officer pulls up and stops you and asks you what you're up to. Then the officer asks you to hold up your arms while he pats you down (but he does not reach into your pockets). All of that is considered legal (look up Terry Stop on Wikipedia). He can even make you stand there for a little while until they drive over a witness to try to make an identification or otherwise make inquiries.

    However, they cannot force you to come with them, or detain you there for an excessive period of time. Basically it is an administrative procedure to allow the police time to sort things out. They're allowed to pat you down for weapons to ensure their personal safety, and they can confiscate anything that is identifiable from a pat down.

    In the case I served as a juror for a suspect was placed into a van and transported a few blocks away for identification, allegedly because the police were concerned about a news van in the area and did not want a potentially innocent suspect to end up on TV. The issue was whether this legally constituted an arrest (at which time there was not probable cause to do so). The ruling in the end (as far as THAT particular issue went) was that it did not, because the movement was minimally intrusive and was justifiable. The police messed up a bunch of other stuff in that case, but alas so did the plaintiff's counsel suing them so there wasn't much we could do for him.

    The only way you should be able to end up being detained in a police station is if you walked in voluntarily, or under unusual circumstances (you're being detailed and hail starts falling and the station is next door, etc).

  5. Re:Yeah right on Microsoft Antitrust Judge Thomas Penfield Jackson Dead at 76 · · Score: 1

    About the only way you could do that on Linux would be with static linking.

    Or including the source and a compiler.

    And this is why Linux tends not to have stable APIs, but it isn't really a solution most software vendors would embrace. It also isn't a magic bullet - ever try running complex code written for a 5-year-old version of GCC against a modern version? If you're talking about hello world there will be no issues, but go nuts with c++ features and there is a good chance it won't build.

  6. Re:Yeah right on Microsoft Antitrust Judge Thomas Penfield Jackson Dead at 76 · · Score: 1

    " It wasn't that long ago at work that we still had applications that still used 8.3 filenames on XP. ..... About the only way you could do that on Linux would be with static linking."

    You are kidding, right? You can use 8.3 file names all day long on Linux. You always could. No change required.

    Uh, you missed the point. An application on Windows only is limited to 8.3 filenames if it is still using the old 16-bit (yes, 16) API of windows v3. That's an API that was 15 years old at that time.

    15 years ago from today was 1998. Just try running an ELF (I assume ELF was standard by then) built under gcc v2.8.0 against glibc v2.0.6 on a modern distro. I wouldn't be surprised if you had issue if it was ONLY linked against glibc, let alone against the common toolsets of the time.

    I wasn't suggesting that Linux didn't support 8.3 filenames - only that distros deprecate APIs FAR more quickly. Ubuntu considers "long term support" 3 years - MS supports Windows for 10 years AFTER it has been superseded, and the APIs basically forever.

    I love Linux, but not for a stable API.

  7. Re:Yeah right on Microsoft Antitrust Judge Thomas Penfield Jackson Dead at 76 · · Score: 0

    Linux is far from "write once, works 3 years from now" and neither is OS X. You'll find greater stability in running a Windows app via WINE that you will a native OS X or Linux app several years down the road.

    Ok, that's just total nonsense. Microsoft operating system and applications are, simply put, not known for their stability. I can't even imagine you typing that with a straight face.

    He is talking about API stability. Windows has extremely strong API stability. You could probably run calculator from Windows 3.1 on Windows 7 if you wanted to. You could certainly run almost any application from Windows 95 on Windows 7. It wasn't that long ago at work that we still had applications that still used 8.3 filenames on XP.

    About the only way you could do that on Linux would be with static linking. That involves bundling a LOT more code with your software than on Windows since the most advanced OS API you're using is glibc and X11. You can't really compare those directly with things like DirectX/etc.

    That said, the Linux kernel itself is very stable from an API perspective. Linus works hard to keep it that way. It is the rest of the typical GNU/Linux OS that lacks a stable API.

  8. Re:This is bullshit. on Sexism Still a Problem At E3 · · Score: 1

    Actually, those women who sell pharmaceuticals to doctors or telecom services to engineers kinda disprove your theory that its not an industry wide issue.

    Ever see a female sales rep show up at a doctor's office? I'm sure there is a selection effect that tends to keep the more attractive ones around, but they're hardly dressed in low-cut outfits. Every time I've ever seen one they've been in something they could wear into any corporate office. I'm sure that there are some racey examples out there somewhere, but they must be very-much the exception. They're certainly not handed skimpy outfits and told to go change.

  9. Re:NEWSFLASH on Ancient Roman Concrete Is About To Revolutionize Modern Architecture · · Score: 2

    Yup - obviously the Roman stuff has essentially had the benefit of selection applied. I wouldn't be surprised if the Romans had a bunch of ways of making cement, but the stuff we notice is the stuff that is still around.

    That said, nothing wrong with learning from it all. We don't really have any modern materials that have gone through 2000-year stability tests under real-world conditions. Stuff that we fortuitously have at hand to study could turn up other useful finds.

  10. Re:Shouldn't cell phone thefts help police? on Prosecutors Push For Anti-Phone-Theft Kill Switches · · Score: 1

    How much human time is worth even an $800 phone and a potential violent encounter? If you consider a minimum of 3-4 cops to handle "recovery", then almost none is the answer. Even if the phone was worth $2,000 the time allotted value barely changes (and should the cops discriminate based on phone value?).

    If we only prosecuted crimes when the damage done by the criminal exceeded the cost to punish him, then you'd have to set armed watches at night to get any sleep at all. That is, when you aren't busy doing raids on your neighbor's house.

    Enforcing the law is almost never cost-effective if you only measure it in terms of the criminals you catch. It becomes cost-effective because for every criminal you put behind bars there are 5 more potential criminals who think better of committing a crime.

    People steal cell-phones because they know they can get away with it. If you knew there was a 95% chance that you'd end up in prison if you stole a cell phone then you wouldn't steal them. Arresting cell phone thieves isn't playing whack-a-mole - it is about whacking a dozen moles really hard and watching the rest flee in terror.

    What crime could possibly carry a greater risk of being caught than one in which you steal a device that by law has to be locatable at all times by authorities (911 requirement)? Sure, there are countermeasures, but the market for stolen phones would dry up quickly if they were almost impossible to sell (nobody will buy used phones from non-reputable sources when there is a good chance you'll lose it and your money and get a fine besides).

  11. Re:Not bicycle powered? on Flying Bicycle Is Real, Takes First Flight · · Score: 1

    I had the same reaction, that strapping a bicycle to it seemed totally irrelevant. But I guess you can bike down to the river, fly across, and continue biking. And if you don't mind burning some of your flight time you can use the batteries to power the bike. That gives you a combination of long ground range with the ability to fly over terrain or traffic at will.

    The moment you power it for ground operations it isn't a bicycle in the classic sense of the word - it is a motorcycle or moped or two-wheeled aircraft or whatever you want to call it. If not, then we already have thousands of flying tricycles in the air already.

    At 187lbs this is useless as a classic bicycle. You'd probably need a downward slope just to get the wheels rolling fast enough so that it doesn't tip over on otherwise-level ground.

  12. Re:Not bicycle powered? on Flying Bicycle Is Real, Takes First Flight · · Score: 1

    At 187 pounds you won't be travelling all that far. If you're going to make a 187 pound bicycle you should at least make it a motorcycle.

  13. Re:not a bicycle on Flying Bicycle Is Real, Takes First Flight · · Score: 1

    electric scooter or motorcycle maybe, but no flight via manual pedal-power-only means not a flying bicycle

    That was my first thought too. My second thought is that if they put a charging device that worked off pedal power, then it would technically qualify. Of course, you might have to pedal for a whole week to power your six minute flight...

    Not sure why they bother with the wheels. You'd have to pedal a week just to get this thing up a hill on the ground. 187 pounds for the bike itself? Good luck strapping that onto your car!

  14. Re:Genius judge on Federal Judge Says Interns Should Be Paid · · Score: 1

    There are jobs that people really, really, really want to do for zero pay. Why wouldn't you allow them to make that decision for themselves?

    For the same reason that you're not allowed to work a job for $1/hour even if you really, really, really want to do it. For every case where the situation ends up not being abusive there are 1000 cases where it is used to exploit people who would really prefer to be paid but are desperate.

  15. Re:If this were really about theft... on Apple's War Against Jailbreaking Now Makes Perfect Sense · · Score: 1

    There is a simple solution to theft - initialize each device with a unique key, and give a copy of that key to the owner. By all means pre-load it with trust for the vendor key as well so that it can auto-update by default, but the master key goes to the user. The key might be a $2 USB drive in a little envelope that says "keep safe and don't open unless you want to modify the OS software - Vendor may not be able to repair devices without this key."

    "Hello, Apple tech Support" "I lost my USB key - and my phone won't unlock."

    If they didn't disable the vendor key, then the vendor could unlock it for them. If they did, well, that's what the fine print is for.

    Rich

  16. Re:it's too wide on Nicaragua Gives Chinese Firm Contract To Build Alternative To Panama Canal · · Score: 4, Insightful

    not to mention how stupid it is to completely cut your country in half.

    Yeah, that MIssisippi river forces people to ride thousands of miles further to take their horses from Mississippi to Texas. Oh wait, they've been building bridges and fording rivers since before the colonial era?

    Sure, it is a longer route than Panama, but I suspect the shipping volumes are large enough that it might be profitable. China is likely viewing this strategically - they've been taking the long view far more than the US in recent years, with the exceptions of their environmental policy and the US willingness to invest in blowing things up.

  17. Re:If this were really about theft... on Apple's War Against Jailbreaking Now Makes Perfect Sense · · Score: 1

    Hate to self-reply, but you could market this as a feature for the average user too. Call it a "digital key." If the user ever forgets their password or otherwise messes up their device they can always use their key to unlock it, using the Vendor's software. The average single car-buyer is probably already used to getting a second set of keys and giving it to somebody to help them out in a jam, or keeping them someplace safe just in case. It should be a familiar metaphor.

  18. If this were really about theft... on Apple's War Against Jailbreaking Now Makes Perfect Sense · · Score: 4, Interesting

    There is a simple solution to theft - initialize each device with a unique key, and give a copy of that key to the owner. By all means pre-load it with trust for the vendor key as well so that it can auto-update by default, but the master key goes to the user. The key might be a $2 USB drive in a little envelope that says "keep safe and don't open unless you want to modify the OS software - Vendor may not be able to repair devices without this key."

    The average user just sticks the key in a drawer and gets the default experience. A user who wants to unlock the device just downloads their alternate firmware installer of choice and it will ask them to insert their key so that it can reflash the phone. Users could also disable the Vendor's keys if they wish. By all means let users generate their own keys and install those on the device as well (obviously this will require the previous key). In the case of business-owned phones the business would procure the phone and keep the key, and thus they can stay in control of the hardware even if they allow employees to use it.

    Now users can reflash at will, but if somebody steals the phone they will be unable to do so. It would have minimal cost, and since the defaults are all idiot-proof those who don't care about the feature can ignore it and as long as they don't remove the Vendor key the vendor can still do anything they can do today. However, it would establish that the person who paid for the phone is the one who owns it. Since the key is a tangible object, it can be transferred if the owner wishes to do so, and I'd just make it a read-only simple USB drive so that it could be copied if desired as well - just like a car key.

  19. Re:Hire a Consultant on Ask Slashdot: How Do You Prove an IT Manager Is Incompetent? · · Score: 1

    Comcast did this. They did not like the answer so they fired the consultant and threw out everything he found and said.

    Consultant gets paid the same anyway, but in general a consultant will pick up on this and tell you what you want to hear. If you really want honest advice you need to approach them this way. If senior management is part of the problem, then basically you just have to look at it like a paycheck until they change, unless you want to try to organize some kind of shareholder revolt (and those almost never work).

  20. Not if you paste the ciphertext into your mail program. Then it doesn't matter what the mail program does.

    Sure, but what about your recipient's email program? I've yet to see a decent web-based FOSS email program that handles encryption (well, I've yet to see a decent web-based FOSS MUA at all, let alone one that has decent mobile platform support). That means I use Gmail, and that means that I'm not going to be sending/receiving much encrypted mail. If you do send me an encrypted message don't be surprised if an unencrypted copy ends up sitting on Google's servers after I'm done with it.

    That's the problem with email encryption - it is a chain as weak as the weakest link, and if you communicate with 20 other people then you only control 5% of that chain to begin with.

  21. Re:Ummm... on The Strange History of Apple and FlatWorld · · Score: 1

    That's what paralegals are for. :)

  22. Re:not to be a buzzkill but this isnt free. on Class Action Suit Goodies Await Tech Users · · Score: 1

    "Passing it on to the consumers" only works when the entire market is passing it on, not just one company.

    I think tobacco companies might disagree.

    They're affected by competition like everything else, though in their case they're granted an enforced oligopoly on the market (your government at work - I do not believe it is legal to start a new tobacco company). Most of the costs that they've had to pass on though were industry-wide ones like the big tobacco lawsuits - so the entire market was passing it on.

  23. Re:Reminder on Class Action Suit Goodies Await Tech Users · · Score: 1

    Keep in mind this is only effective if the corporation you're suing has some kind of tangible property in your state. If you're suing some out-of-state mail-order company they'll just ignore the summons and the ruling, and you won't be able to collect unless you sue them in their own jurisdiction, which will no doubt cost you a lot more.

    But, for big corporations, yeah, small claims works just fine (unless they can get it bumped to common pleas).

  24. Re:Reminder on Class Action Suit Goodies Await Tech Users · · Score: 1

    The judge looked at the insurance company lawyer and told them they should have just settled as what I was asking was perfectly reasonable...In the end they ended up paying the fair market value of the car, storage for 6 months, what ever it cost to have someone go to court, what ever it cost to prepare for court, and what ever it cost to have someone hand deliver a check to me when it should have only cost them the fair market value of the vehicle.

    The judge was correct in his ruling, but wrong in his advice. The insurance company did exactly the right thing (from a selfish perspective). Sure, you stuck it out for months and did a lot of work and went to court, but most people wouldn't bother with that. So, in the end maybe this cost them $20k instead of $5k, but in the other 99% of cases they save $3-4k If they just rolled over when you challenged them they'd end up paying the $5k far more often (though it would save them $15k) - lots of people will call to complain, but few will take it to court and then pursue a collection when they still don't pay up.

    But, yes, if you do stick to it in a clear case like this you'll almost certainly get all your money if the other party is a corporation with real property within the jurisdiction of the court you go to. It is really easy to collect on such companies - just phone up the sheriff, give them the order, and let him walk in and open cash registers, tow away cars, and sell $50k worth of stuff for $30k so that you can get your $5k, the sheriff can get his $500, and the store can get the difference (eating the loss on the fire sale).

    Most likely the company knew exactly what it was doing to you. Sometimes it is just incompetence though. I once worked in a retail store during high school (one any American has certainly heard of and anybody over 30 has likely visited), and one day a man walked up to the customer service desk, showed his utility ID, and informed the store that if they didn't hand him a check in an hour the power would be shut off. He got his check.

  25. Re:MS Languages and platforms a dead end on Pondering the Future of a Re-Org'd Microsoft · · Score: 1

    While in general it takes a lot of work to move between different APIs on Windows, there is one thing that REALLY keeps Windows entrenched: they support their APIs almost forever.

    Sure, it takes a lot of work to migrate VB6 to VB.net, but an app written in VB6 works just fine in Win8. Heck, an application for Win 3.1 will probably work reasonably well in Win8 as long as it followed the specs at the time - certainly any Win95 app would.

    Their non-desktop environments don't provide this kind of backwards compatibility (I think), and guess what - nobody wants to use them.

    The reason you deploy Win7 on your brand new corporate PC and not OSX is because Win7 can still run the accounting software you built in the 90s which is held together with rubber bands, or the $500k X-Ray machine that still lives in a world of 8.3 filenames. Windows doesn't eliminate the need to rewrite software, but it does generally eliminate the need to rewrite it all at once.