If you open the hole, people will exploit it. Not everyone is on break at the same time, so you can't poke holes in your firewall at appropriate times, and leaving the ability to access the service begs for someone to use it.
I understand that removing blocking is almost impossible in our current educational and social environment. What I would like to see is user-based security... you log on and your actions online are logged, monitored, tracked, and reported. With that, I would like some additional freedoms to be given -- the ability to access Messenger or other "non-educational" sites and services during your break hours with the understanding that they can monitor your usage, and if you break the rules... they'll know.
With decent monitoring software, the school should be able to identify suspect traffic or inappropriate usage patterns pretty quickly. Are there any firewall/monitoring packages that could build rules around user accounts - LDAP integration or something - and then monitor traffic per user and automatically block certain activities based on a set of rules? Here's my thought.
The student hops on the network and it associated with a user account -- already available. The student performs a Google search, which is verified against a block list and logged against their account. The student hops on Messenger, and the firewall checks to see if they're authorized to use the service at all, and then if they are authorized at that time. Permit or deny, it is logged. The student sets up a proxy server for their Messenger, and tries to connect, and the firewall denies it as Messenger traffic after inspecting the packets. The student sets up a secure proxy server for their browser, and starts wandering around. They server checks to see if it's an open proxy, and it's not. It allows it. The student uses the proxy a lot and the firewall's monitoring suite says, "Hey, there's an unusual amount of activity to this unknown site" and flags it for a report. An administrator inquires after the student, they find the proxy, and he gets his Internet privs locked down to only with specific teacher authorization.
Part of the problem is this likely isn't really considered secure information. Yes, there could be serious consequences if it were to be stolen, but it's the same basic data that thousands of companies and organizations currently use and have on file, where any warm body with a headset and two weeks training can view it.
Birth dates, social security numbers, and the like aren't government secrets or anywhere near the magnitude of something with a classification. It's simply "private." Just like in banking, where developers should never work with live systems, they must occasionally to see what sensitive, personal data is causing the problem.
The article is also unclear as to how the data was removed from the office, or whether the equipment stolen was personal or business use.
However, I do agree that better consideration and vigilance is merited in situations such as these.
And why is that? Government employees have gone through background checks. Did you? Government employees have accepted as a portion of their job that they must follow certain rules. Did you? They are are entrusted with certain secrets (not the word I wanted, but closer than many others) in trade for certain responsibilities. There are no such requirements placed on you, and so you do not have access to those same secrets.
This is an individual who failed to maintain the level of security required of him by his job. The potential consequences of his actions are astounding. He played a game of chance -- the likelihood of being caught and the likelihood of having the data stoled vs. the perceived benefits -- and lost, big time. So, too, may have many innocent people.
I doubt "The Man" specifically engineered this failure. "...was allowed to walk out?" What kind of crap statement is that? He had a laptop and an external hard drive. I didn't see any mention of "His supervisor instructed him to copy sensitive data onto a personal computer..." Should everyone leave an hour early so the door guards can perform an extensive scan on their laptop? If they run across encrypted files, shoudl they require the keys, to ensure no secure data is being taken? If they have to check those files, then don't the door guards need very high-level security clearances?
Unless you want the government to perform a full cavity search on every employee capable of interacting with anyone who has access to secure files every time they leave the building, this sort of thing can happen.
All the procedure in the world won't make up for an unthinking -- or worse, uncaring -- employee worried about meeting a deadline.
Not at all. Most services -- utilities, if you will kindly lump broadband into it -- are metered. Most broadband [with which I have experience] are not. It just represents a major change in the business.
It would probably shape up much like phone service, with a base connection charge for service -- higher for higher-capacity connections -- and then a usage fee, possibly with peak and off-peak usage.
This could actually benefit site owners as well, as software would [hopefully] start offering that ability to perform certain actions during low-use or off-peak times. Hmm, that becomes an issue, though, because off-peak doesn't change for phone service, where data service is full of automated services... Perhaps a new protocol for the ISPs to provide projected and current network capacity, allowing you to dynamically adjust imposed bandwidth limits. That way -- if you chose -- your connection could throttle back to 1.5mbps during high-traffic times...
I predict this leads to wider adoption of usage caps and bandwidth charges on broadband services. If they can't charge the site owners, they'll start charging the users.
There are so many factors in play, though. There was a huge spike for Christmas -- possibly in response to price drops and the Nano. Despite that popularity, that level of sales isn't sustainable. It would be safe to say that the phrase "market saturation" is never far from some minds in Cupertino. New products are in the pipe, almost certainly. I personally expect to see Apple switch to an Intel chip in the next generation of iPod, but I don't expect it out until mid-summer -- to catch the back-to-school buyers.
iPod is both a technology and a fad. It is a pop-culture icon. Pop-culture status tapers off, but it remains to be seen how well the technology -- ever-changing as it is -- endures.
As for Mac sales shrinking, you'll note the PowerMac and the iBook have suffered the largest decreases, while the PowerBook/MacBook Pro and the consumer desktops (iMac/eMac/Mac mini) increased substantially in 2005. This year is particularly ugly due to the architecture switch. Note that iBook sales fell off sharply because the product has not had an update since July -- far longer than it's average life cycle -- and an architectural change is anticipated. The PowerMac has been slowly losing market share to the increasingly-capable portables -- portables have been gaining market share across the industry. The PowerMac is also suffering from architecturitis, awaiting replacement with what I assume will be called the Mac Pro, but it will likely be the last release with the new architecture.
The raw numbers don't look great for Apple, but they don't tell the whole story. You have to look as the story that goes with them. Anything else is missing the big picture.
Flash has similar write-cycle issues, but neither are intended as system memory, only as storage.
Also, if you find yourself writing to the same single bit one hundred million times per second, you should consider some other technology for your hardware buffer.
1. You forgot to put "Oblig." in the subject. It seems like every time there's an Ask Slashdot, someone says this.
2. While Google can provide you with the product names, there is some benefit to the personal opinions and experiences you find on Slashdot. People can say, "I used this, and this works great" or "stay away from this if you need it to do this". You have to really dig to find information like that, elsewhere.
Apparently, none of you ever considered the benefit to shared knowledge. This is another thing people with common interests do; they talk about things that interest and concern then, typically with the goal of informing each other. I don't need a Mac OS X groupware application right now, but I learned about CalTalk, which I can use.
In conclusion, if you don't think there's benefit in asking questions of your peers, then skip the article and let the rest of us learn.
What if the videogame made available gameplay from either side, using the opposing views to demonstrate the misunderstandings and misconceptions which underlie the racism. That way, you get more gameplay, you get historical accuracy, and you demonstrate political savvy.
All for just under twice the price of the original game, though.
Point two would need tweaking, for all those stories that are rejected because they were submitted before any article made it through the editors. Other such "non-damaging" rejections would need to be established to ensure the system didn't negatively affect users who were just a few seconds slow.
I'm torn between a system where you look at everything the same and one where you track some sort of benefit for good submitters.
If you could mark rejections with "partial credit" - i.e. 'already submitted' or 'good link, bad summary' - which would display on the story submissions listing, would that provide any benefit to you? You could say, "Gee, so-and-so, has a lot of "partial credit" but very few accepts... I've got a fairly rare story from him...
I don't have a grasp on the process, so I'm not sure what direction to go, here.
But maybe the first submitter did an exceptionally bad job of presenting the topic. Completely re-writing a submission is not a job for the editor... They simply reject the story and look for a better submission.
The system is biased... it favors people who submit better - or more subjectively preferred, if you like - briefs and links. These people tend to get more postings.
Think about it like a news company... If you have a source that is reliable and provides quality information, wouldn't you tend to use him more than John Q Anonymous?
That's a fairly significant addition to site complexity, though. It also doesn't address the issue of potentially dozens of submissions per day that don't make it through the editors.
There are some problems that should be solved by society, not by policy. Isn't this one of them?
Part of it is quality of submission. You and I can post the same URL, but if mine says 'd00d! OMG!!11! r0x0r!' and yours is intelligible, they should pick yours. That is an extreme example, but it isn't just the link, it's also the presentation.
That's a horrible precedent, though. If you become a popular submitter it is because you submit relevant stories. You end up in a cycle where a submitter becomes popular, someone complains, and you blackball him because of it.
Why should you punish your best submitters, even if they are doing it for their own benefit (URL on a popular site)?
I do think that using Slashdot as a forum to talking about slashdot is a great way to generate discussion and help people understand what's happening.
"Laptop" is not a valid term for this product, as he mentions in his review. It can be called "portable", but it would not be advisable to place this twelve-pound heat-sterilizer on your lap. Taco mentions it randomly shutting off due to heat.
That said, who has a lap big enough for it? Let me give you the key points:
Dimensions: 15.6"(W) x 11.7"(D) x 1.95"(H) Weight: 11.3 lbs. with Battery
As nice as it is to think that you could work out a notice, it is appropriate for companies to simply shake hands with you and pay you the two weeks you offered.
If the company has done its job, you don't need to be there. If you were to get hit by a bus, would the company survive? Probably? Then they'll get by without you. If they realize they need you desperately, you can consult.
Also, you are a liability. Even if you display no ill will toward the company, they can't be sure it's not an act.
To be professional, you accept the two weeks severance pay, and inform them you are available for consultation, should it be necessary. That's about all you can expect.
As far as the account lockout goes, I was put in a similar situation during a mass layoff when a company changed hands. They laid me off and asked me to train someone to do my job in basically the same breath. They had to clear it with my (by then former) boss, two sysadmins, and the CTO before I could have my accounts unlocked with someone watching over my shoulder. Had I been malicious, I could have done quite a bit of damage.
I have used a few of these. I would think that they would reduce the spread of disease through their "no touch" design -- no buttons or levers to press. The same argument made by users in the article, there. I guess I can understand the opposite argument; urine is just sitting there on the surface. But, I don't know many people that touch the inside of the urinal.
You can always spray it with a disinfectant, can't you?
Imagine a doctor sharing video of a cardio CT with a cardiologist 1000 miles away using less than $2500 in hardware and a DSL connection.
This bring so many possibilties to the medical field. A specialist in Massachusetts consults with the primary care physician in Maine and a colleague in Florida, all viewing the same CT footage... A patient able to carry MRI images to a specialist.
With a quick look at the OsiriX Documentation it looks like it has an Export to QuickTime option, which should make it easy to produce videos for the iPod - though I wouldn't want to wait for a Mac mini to do it. It is possible that a doctor could drop video onto a 6G iPod and view it on the small screen or output it to a TV.
Read the article. The doctor had an iPod, and started using it to move large files around. That in itself isn't news. It's the additional details.
They can take a patient's data with them and study it at the office, at home, at a colleague's office. This doesn't require an iPod.
They added an image export function to put pictures in iPod-viewable format once the iPod Photo came out. That's pretty minor, but you can use it for reference, or output it to a TV for viewing. The resolution is still lower than original quality, but I can't speak to those details.
Then they used iChat AV for full-motion video streaming to other doctors. Again, the quality is lower, but the ability to consult with other doctors in real-time with the data can be invaluable. They also used.Mac to conveniently post images - stripped of identifiers for anonymity - to protected web space for additional consultation and reference purposes.
The real imaging work can't be done on the portable because it is very demanding... it's a 3d video of sorts. A tablet might be able to do the work, but the real point isn't using the images on-the-go, it's taking the images with you or sharing them.
The costs are negligible because the equipment is there... they have the Mac to use Osirix. That means they have the iChat software. They were using their own iPods. Sure, some medical facilities might end up buying a few iPods for this use... is that so terrible? I think the additional costs of training and deployment for Windows Tablet PCs and a different DICOM viewer far outweigh the costs of iPods... if they even have to buy them. Remember, for most of the uses - excepting the iPod-viewable photos and videos - any portable drive would do.
Slashdot Mirror
Excellent. thanks for the info.
If you open the hole, people will exploit it. Not everyone is on break at the same time, so you can't poke holes in your firewall at appropriate times, and leaving the ability to access the service begs for someone to use it.
I understand that removing blocking is almost impossible in our current educational and social environment. What I would like to see is user-based security... you log on and your actions online are logged, monitored, tracked, and reported. With that, I would like some additional freedoms to be given -- the ability to access Messenger or other "non-educational" sites and services during your break hours with the understanding that they can monitor your usage, and if you break the rules... they'll know.
With decent monitoring software, the school should be able to identify suspect traffic or inappropriate usage patterns pretty quickly. Are there any firewall/monitoring packages that could build rules around user accounts - LDAP integration or something - and then monitor traffic per user and automatically block certain activities based on a set of rules? Here's my thought.
The student hops on the network and it associated with a user account -- already available.
The student performs a Google search, which is verified against a block list and logged against their account.
The student hops on Messenger, and the firewall checks to see if they're authorized to use the service at all, and then if they are authorized at that time. Permit or deny, it is logged.
The student sets up a proxy server for their Messenger, and tries to connect, and the firewall denies it as Messenger traffic after inspecting the packets.
The student sets up a secure proxy server for their browser, and starts wandering around. They server checks to see if it's an open proxy, and it's not. It allows it.
The student uses the proxy a lot and the firewall's monitoring suite says, "Hey, there's an unusual amount of activity to this unknown site" and flags it for a report.
An administrator inquires after the student, they find the proxy, and he gets his Internet privs locked down to only with specific teacher authorization.
What do you think?
Part of the problem is this likely isn't really considered secure information. Yes, there could be serious consequences if it were to be stolen, but it's the same basic data that thousands of companies and organizations currently use and have on file, where any warm body with a headset and two weeks training can view it.
Birth dates, social security numbers, and the like aren't government secrets or anywhere near the magnitude of something with a classification. It's simply "private." Just like in banking, where developers should never work with live systems, they must occasionally to see what sensitive, personal data is causing the problem.
The article is also unclear as to how the data was removed from the office, or whether the equipment stolen was personal or business use.
However, I do agree that better consideration and vigilance is merited in situations such as these.
And why is that? Government employees have gone through background checks. Did you? Government employees have accepted as a portion of their job that they must follow certain rules. Did you? They are are entrusted with certain secrets (not the word I wanted, but closer than many others) in trade for certain responsibilities. There are no such requirements placed on you, and so you do not have access to those same secrets.
This is an individual who failed to maintain the level of security required of him by his job. The potential consequences of his actions are astounding. He played a game of chance -- the likelihood of being caught and the likelihood of having the data stoled vs. the perceived benefits -- and lost, big time. So, too, may have many innocent people.
I doubt "The Man" specifically engineered this failure. "...was allowed to walk out?" What kind of crap statement is that? He had a laptop and an external hard drive. I didn't see any mention of "His supervisor instructed him to copy sensitive data onto a personal computer..." Should everyone leave an hour early so the door guards can perform an extensive scan on their laptop? If they run across encrypted files, shoudl they require the keys, to ensure no secure data is being taken? If they have to check those files, then don't the door guards need very high-level security clearances?
Unless you want the government to perform a full cavity search on every employee capable of interacting with anyone who has access to secure files every time they leave the building, this sort of thing can happen.
All the procedure in the world won't make up for an unthinking -- or worse, uncaring -- employee worried about meeting a deadline.
Not at all. Most services -- utilities, if you will kindly lump broadband into it -- are metered. Most broadband [with which I have experience] are not. It just represents a major change in the business.
It would probably shape up much like phone service, with a base connection charge for service -- higher for higher-capacity connections -- and then a usage fee, possibly with peak and off-peak usage.
This could actually benefit site owners as well, as software would [hopefully] start offering that ability to perform certain actions during low-use or off-peak times. Hmm, that becomes an issue, though, because off-peak doesn't change for phone service, where data service is full of automated services... Perhaps a new protocol for the ISPs to provide projected and current network capacity, allowing you to dynamically adjust imposed bandwidth limits. That way -- if you chose -- your connection could throttle back to 1.5mbps during high-traffic times...
Maybe?
I predict this leads to wider adoption of usage caps and bandwidth charges on broadband services. If they can't charge the site owners, they'll start charging the users.
Look at the Wii Lightsaber!
There are so many factors in play, though. There was a huge spike for Christmas -- possibly in response to price drops and the Nano. Despite that popularity, that level of sales isn't sustainable. It would be safe to say that the phrase "market saturation" is never far from some minds in Cupertino. New products are in the pipe, almost certainly. I personally expect to see Apple switch to an Intel chip in the next generation of iPod, but I don't expect it out until mid-summer -- to catch the back-to-school buyers.
iPod is both a technology and a fad. It is a pop-culture icon. Pop-culture status tapers off, but it remains to be seen how well the technology -- ever-changing as it is -- endures.
As for Mac sales shrinking, you'll note the PowerMac and the iBook have suffered the largest decreases, while the PowerBook/MacBook Pro
and the consumer desktops (iMac/eMac/Mac mini) increased substantially in 2005. This year is particularly ugly due to the architecture switch. Note that iBook sales fell off sharply because the product has not had an update since July -- far longer than it's average life cycle -- and an architectural change is anticipated. The PowerMac has been slowly losing market share to the increasingly-capable portables -- portables have been gaining market share across the industry. The PowerMac is also suffering from architecturitis, awaiting replacement with what I assume will be called the Mac Pro, but it will likely be the last release with the new architecture.
The raw numbers don't look great for Apple, but they don't tell the whole story. You have to look as the story that goes with them. Anything else is missing the big picture.
Flash has similar write-cycle issues, but neither are intended as system memory, only as storage.
Also, if you find yourself writing to the same single bit one hundred million times per second, you should consider some other technology for your hardware buffer.
Two things:
1. You forgot to put "Oblig." in the subject. It seems like every time there's an Ask Slashdot, someone says this.
2. While Google can provide you with the product names, there is some benefit to the personal opinions and experiences you find on Slashdot. People can say, "I used this, and this works great" or "stay away from this if you need it to do this". You have to really dig to find information like that, elsewhere.
Apparently, none of you ever considered the benefit to shared knowledge. This is another thing people with common interests do; they talk about things that interest and concern then, typically with the goal of informing each other. I don't need a Mac OS X groupware application right now, but I learned about CalTalk, which I can use.
In conclusion, if you don't think there's benefit in asking questions of your peers, then skip the article and let the rest of us learn.
Here's a thought:
What if the videogame made available gameplay from either side, using the opposing views to demonstrate the misunderstandings and misconceptions which underlie the racism. That way, you get more gameplay, you get historical accuracy, and you demonstrate political savvy.
All for just under twice the price of the original game, though.
JOhn C Dvorak wrote an article in PC Magazine about this back in October.
Point two would need tweaking, for all those stories that are rejected because they were submitted before any article made it through the editors. Other such "non-damaging" rejections would need to be established to ensure the system didn't negatively affect users who were just a few seconds slow.
I'm torn between a system where you look at everything the same and one where you track some sort of benefit for good submitters.
If you could mark rejections with "partial credit" - i.e. 'already submitted' or 'good link, bad summary' - which would display on the story submissions listing, would that provide any benefit to you? You could say, "Gee, so-and-so, has a lot of "partial credit" but very few accepts... I've got a fairly rare story from him...
I don't have a grasp on the process, so I'm not sure what direction to go, here.
But maybe the first submitter did an exceptionally bad job of presenting the topic. Completely re-writing a submission is not a job for the editor... They simply reject the story and look for a better submission.
The system is biased... it favors people who submit better - or more subjectively preferred, if you like - briefs and links. These people tend to get more postings.
Think about it like a news company... If you have a source that is reliable and provides quality information, wouldn't you tend to use him more than John Q Anonymous?
That's a fairly significant addition to site complexity, though. It also doesn't address the issue of potentially dozens of submissions per day that don't make it through the editors.
There are some problems that should be solved by society, not by policy. Isn't this one of them?
Part of it is quality of submission. You and I can post the same URL, but if mine says 'd00d! OMG!!11! r0x0r!' and yours is intelligible, they should pick yours. That is an extreme example, but it isn't just the link, it's also the presentation.
That's a horrible precedent, though. If you become a popular submitter it is because you submit relevant stories. You end up in a cycle where a submitter becomes popular, someone complains, and you blackball him because of it.
Why should you punish your best submitters, even if they are doing it for their own benefit (URL on a popular site)?
I do think that using Slashdot as a forum to talking about slashdot is a great way to generate discussion and help people understand what's happening.
"Laptop" is not a valid term for this product, as he mentions in his review. It can be called "portable", but it would not be advisable to place this twelve-pound heat-sterilizer on your lap. Taco mentions it randomly shutting off due to heat.
That said, who has a lap big enough for it? Let me give you the key points:
Dimensions: 15.6"(W) x 11.7"(D) x 1.95"(H)
Weight: 11.3 lbs. with Battery
That is almost the size of two reams of paper .
Product Link for reference.
As nice as it is to think that you could work out a notice, it is appropriate for companies to simply shake hands with you and pay you the two weeks you offered.
If the company has done its job, you don't need to be there. If you were to get hit by a bus, would the company survive? Probably? Then they'll get by without you. If they realize they need you desperately, you can consult.
Also, you are a liability. Even if you display no ill will toward the company, they can't be sure it's not an act.
To be professional, you accept the two weeks severance pay, and inform them you are available for consultation, should it be necessary. That's about all you can expect.
As far as the account lockout goes, I was put in a similar situation during a mass layoff when a company changed hands. They laid me off and asked me to train someone to do my job in basically the same breath. They had to clear it with my (by then former) boss, two sysadmins, and the CTO before I could have my accounts unlocked with someone watching over my shoulder. Had I been malicious, I could have done quite a bit of damage.
I have used a few of these. I would think that they would reduce the spread of disease through their "no touch" design -- no buttons or levers to press. The same argument made by users in the article, there. I guess I can understand the opposite argument; urine is just sitting there on the surface. But, I don't know many people that touch the inside of the urinal.
You can always spray it with a disinfectant, can't you?
Imagine a doctor sharing video of a cardio CT with a cardiologist 1000 miles away using less than $2500 in hardware and a DSL connection.
This bring so many possibilties to the medical field. A specialist in Massachusetts consults with the primary care physician in Maine and a colleague in Florida, all viewing the same CT footage... A patient able to carry MRI images to a specialist.
With a quick look at the OsiriX Documentation it looks like it has an Export to QuickTime option, which should make it easy to produce videos for the iPod - though I wouldn't want to wait for a Mac mini to do it. It is possible that a doctor could drop video onto a 6G iPod and view it on the small screen or output it to a TV.
Read the article. The doctor had an iPod, and started using it to move large files around. That in itself isn't news. It's the additional details.
.Mac to conveniently post images - stripped of identifiers for anonymity - to protected web space for additional consultation and reference purposes.
They can take a patient's data with them and study it at the office, at home, at a colleague's office. This doesn't require an iPod.
They added an image export function to put pictures in iPod-viewable format once the iPod Photo came out. That's pretty minor, but you can use it for reference, or output it to a TV for viewing. The resolution is still lower than original quality, but I can't speak to those details.
Then they used iChat AV for full-motion video streaming to other doctors. Again, the quality is lower, but the ability to consult with other doctors in real-time with the data can be invaluable. They also used
The real imaging work can't be done on the portable because it is very demanding... it's a 3d video of sorts. A tablet might be able to do the work, but the real point isn't using the images on-the-go, it's taking the images with you or sharing them.
The costs are negligible because the equipment is there... they have the Mac to use Osirix. That means they have the iChat software. They were using their own iPods. Sure, some medical facilities might end up buying a few iPods for this use... is that so terrible? I think the additional costs of training and deployment for Windows Tablet PCs and a different DICOM viewer far outweigh the costs of iPods... if they even have to buy them. Remember, for most of the uses - excepting the iPod-viewable photos and videos - any portable drive would do.
this sound like a setup dammit. A good setup.