What a load of histrionic bullshit. Gitmo? Are you fucking kidding me? You're really lacking an argument so much you have to pull that out? Call him a Nazi child molester and seal the deal while your at it.
What, pray tell, is there to "negotiate" here? It's not like she and the others didn't know they were taking someone else's work, without permission or credit, and using it to make money for themselves. If someone steals your wallet, are you obligated to ask nicely for it back before you call the cops? Bullshit. People stole his stuff. There's a law that gives him redress. He used it. Correctly. Period.
And you genuinely want to make out that he's the bad guy here? You believe this? And you paint him with the same brush as corrupt and illegal government actions. That is so deeply sad, and reflects so badly on your broken sense of ethics, I lack adequate words...
So if I walk up to you and take something that belongs to you, in your world view I should track you down and ask nicely for it back before I call the cops? It's not like she and the others didn't know they were taking someone else's work, without permission or credit, and using it to make money for themselves. And you genuinely want to make out that he's the bad guy here? You believe this? Really...thanks for making sure I'm not getting out of this week without one more reminder how hopelessly fucked up and bankrupt some peoples moral world view can be.
Oh, yes. It's all about helping the users get their job done. Let's take a trip through my midsized companies summary of just this months "this phrase 'business need' does not mean what you think it means", edited for clarity of intent. Thank the gods our management know the difference between "facilitating business" and "feckless idiots who are endangering the company".
U: "I need iTunes on my work PC"
IT: "Why would you even *want* to do this. Bring in your iPod."
U: "Full disk encryption is a pain in the ass, what with the second password. Please turn it off on my laptop."
IT: "You carry vast amounts of sensitive employee data on your laptop. And there's no second password. It's just the screen you enter your single password looks different."
U: "So?"
IT: "You've lost your laptop twice in the last 3 years. You leave it in your back seat. Even though we've told you not to."
U: "So?"
U: "I don't like X (the very expensive, very capable software package the whole rest of the team agreed to use, and be trained on at additional great cost). I used Y at my last job and I want to use that. I want you buy it. And I'll probably need some additional training."
IT: Checking records, user missed most of the training on X.
U: "I want to use KTBICS (known to be insecure cloud service) to share files amongst my team"
IT: "You're a finance group. Handling SOX related data. And we already have a corporate approved, secure service that does exactly the same thing."
U: "Well, we're already using the non-commercial free version of KTBICS to share the same data, so we don't see what the problem is."
U: "I want you to install IIS, SQLserver and.NET on my desktop PC for testing."
IT: "We've built a sophisticated, secure dev/test environment to do exactly this."
U: "I forgot about that. But since I have to deliver this week I won't have time to finish the project if I have to learn how to use the approved platform. So just install everything on my machine. And I'll need the Internet to have access."
IT: (check records...user blew off training on the dev platform, which would have allowed them to spin up everything they needed in about 5 minutes).
IT: "Ummm....When is your due date, and what IP addresses need access?"
U: "It's due this Friday. I don't know what IP addresses need access, so just let everyone in.".
U: "I don't want to use X. X is made by Microsoft, and I have moral objections to using Microsoft products. I want to use open source package Y."
IT: "If you have a moral objection to using Microsoft, why did you take a job on a team developing.NET applications on Windows Server 2008R2 in C# using Visual Studio with a SQLServer backend? Something made clear as far back as the job ad you responded to?"
Not my point. This is probably going to come as quite a surprise to you, and you probably don't much care, but there's more at stake here than the backdoor. Jason Wright, FBI plant or no, will never be able to fully clear his name, and for some will always be "the guy who might be a FBI plant". God help the guy if someone finds some sort of bug; no matter how innocuous, it will be cited as "proof". I clearly don't know how "douche" is defined in your world, but in mine throwing someone under the bus with no hard evidence and precisely zero concern for them qualifies as grade-A douche. But then, I actually give a shit about other people and consider the consequences of my actions. YMMV.
The adult, professional, dare I say "non-douche" way to handle this would have been to say "I have credible reason to believe that there is a deliberately introduced back door in the IPSec code in OpenBSD. It would have been introduced around $DATE and/or in $FILES. Please drop what you are doing and start auditing." while trying to confirm the details. Obviously, that didn't happen. Obviously, far too many people couldn't care less.
Lesse...I'll publish a wildly sensational accusation by a third party without attempting to verify any of it and excuse myself with "prove you didn't do it". Of course, since everyone on the Internet will take a reasoned step back, verify all the facts before reacting, and will never launch a mass electronic lynch mob, the folk accused will be just fine.
Does that cover how big a douche DeRaadt is here?
You purchasing people are idiots. My brothers small biz routinely orders well appointed Dell machines (mid-tier Core processors, 4-8gb RAM, nice monitors) for around $700. That's for one or two at a time. It sounds like your folks negotiated some "standard" buys which are crappy deals. This is not Dells problem, and it's unlikely white-boxing will fix a broken procurement system.
To be clear, this was a report done by a law firm retained by the school district to "investigate" the situation. One shouldn't take it as conclusive or impartial.
> Where's the value/point in releasing another limited-utility webserver?
Well...that depends I suppose. I don't think G-WAN is worth paying attention to, but Marcus Ranum semi-famously wrote a "limited utility" web server for an porn site that was both very fast and very secure in 1996, and still was a decade later. I agree with his point that not everything requires Apache level functionality, and all those bells and whistles come at a cost. Right tool for the job and all that.
I truly believe that the patching fad in which we are currently living is not going to last much longer. It can't. In another couple years, we'll have one full-time patcher to each system administrator. What's odd is that if companies simply exercised a bit of discipline, it wouldn't be necessary at all. Back in 1996 a buddy of mine and I set up a web server for a high-traffic significant target. It was not the Whitehouse; it was a porn site. We invested 8 hours (of our customer's money) writing a small web server daemon that knew how to serve up files, cache them, and virtualize filenames behind hashes. It ran chrooted on a version of UNIX that was very minimized and had code hacked right into the IP stack to toss traffic that was not TCP aimed at port 80. 10 years later, it's still working, has never been hacked, and has never been patched. If you compute the Return On Investment (Or ROI in the language of Prince Ciao) it's gigantic.
Georgia Tech has been offering a ridiculously popular Science Fiction literature class since the 70s. You might use it's curriculum as a guide.
http://lcc.gatech.edu/~brobertson3/texts/sf.pdf
> Having written in assembly on 8048, 8051, 8086 and DEC Vax boxes
In other words, you've never written assembly for anything remotely resembling a modern, deeply pipelined processor with multiple functional units or, frankly, most any other modern processor construct (though \VAX processors \did have (tiny) cache and (short) pipeline). Well, I guess that's authoritative.
Radio Shack has been an irrelevant vendor of cell phones and cheap 2nd tier consumer electronics for a decade. Long gone are the days when one ran down there to pick up a couple of capacitors and transistors to finish that weekend project.
> The quality of a programmer is often proportional to his ego.
Bullshit, and irrelevant for programming teams of more than one person. For every Theo De Raadt, et. al., there are dozens of senior folks who've delivered large scale, sophisticated, quality, widely used software projects that didn't feel that it was their personal prerogative to shit mercilessly on any contributor who they decided to abuse that day.
My life became vastly easier and much more successful when I quit believing the hype that you had to put up with the self-absorbed, egomaniacal, abusive, "superstars" to do great work. I figured out that there were really large numbers of supremely competent, team-oriented, consummate professionals that were more interested in getting the job done well than their own personal ideology to the detriment of those around them.
I got rid of the prima donnas and hired guys with a track record of leading teams to success. They delivered; got the projects done. Noone had to beg them for deliverables, documentation or to treat others as human. The bonus was that the professionals (unlike the "superstars"), would actually spend time mentoring the "stupid" junior folks instead of shitting on them, turning them into competent professionals and the next generation of solid developers. A culture of success evolves.
If it suits your personality be rewarded with "I'm recognized because I put up with the most crap from the more recognized names", good for you. But recognize there's a bunch of folks, just as "quality", who said "I don't need this" and found real, supportive teams to work on.
Cite, beyond the single limited study I'm aware of that doesn't really prove the point but makes an excellent way of boosting the authors Google search score when they apply for their next grant?
Exactly. Gawd do I hate these "gurus" who sally forth on the "right way" to do things without a clue in the world how things work when there are, say, 6,000 developers supporting a couple of dozen mission critical interconnected applications. Even worse when you get some junior developer grousing about "gee, I read this dudes blog and is organization is so much cooler than mine" not realizing the dude has to worry about 10 folks, nothing mission critical and only self-imposed deadlines.
Why? Li is stating "I base my proof on X". Connes says "I see you've based your proof on X. I'm quite content that X doesn't work." Game over. If the fundamental assumption is wrong, what is gained from going on? If you read a paper that started "assume the square root of 9 was 3.1", do you *really* need to read all of it before you decide "this fellow might be off track."?
Funny. The first manager position I was ever hiring manager for was for a software development project manager. This was back when we actually ran ads in the paper for such things. A Pizza Hut manager applied and proceeded to call me every day for two weeks to try and convince me that "management is just management" and since he was such a fantastic manager, all those pesky technical details would just fall into place. He was dead serious. I give him an A for effort, but after two weeks I had to threaten him with a restraining order to get him to stop calling.
Actually, it would be nicer if someone else with Reiser's skill and vision joined the EXT[34] or XFS or JFS or etc., etc. folks and made those systems better. I vote XFS because I've got several years of flawless operation on a nontrivial number of servers, but I'm not picky as long as the ball moves forward. Hans was the {primary,only} driving force behind his file system, and it's at best a distraction now that he's looking at federal PMITA prison. I'm undoubtedly heretical in thinking that hype aside ReiserFS was not revolutionary enough to justify Yet Another FileSystem. This undoubtedly makes me a bad person.
P.S. - If you really can't think of a solution other than thousands of files in one directory, you're doing it wrong.
You have the economics backwards...the cameras will get cheaper because of the number of places governments are watching. Governments aren't known to be particularly price sensitive consumers.
Slashdot Mirror
What a load of histrionic bullshit. Gitmo? Are you fucking kidding me? You're really lacking an argument so much you have to pull that out? Call him a Nazi child molester and seal the deal while your at it. What, pray tell, is there to "negotiate" here? It's not like she and the others didn't know they were taking someone else's work, without permission or credit, and using it to make money for themselves. If someone steals your wallet, are you obligated to ask nicely for it back before you call the cops? Bullshit. People stole his stuff. There's a law that gives him redress. He used it. Correctly. Period. And you genuinely want to make out that he's the bad guy here? You believe this? And you paint him with the same brush as corrupt and illegal government actions. That is so deeply sad, and reflects so badly on your broken sense of ethics, I lack adequate words...
So if I walk up to you and take something that belongs to you, in your world view I should track you down and ask nicely for it back before I call the cops? It's not like she and the others didn't know they were taking someone else's work, without permission or credit, and using it to make money for themselves. And you genuinely want to make out that he's the bad guy here? You believe this? Really...thanks for making sure I'm not getting out of this week without one more reminder how hopelessly fucked up and bankrupt some peoples moral world view can be.
Didn't read the article, eh? Don't understand the issues I see? How'd you miss your face with that knee-jerk.
U: "I need iTunes on my work PC"
IT: "Why would you even *want* to do this. Bring in your iPod."
U: "Full disk encryption is a pain in the ass, what with the second password. Please turn it off on my laptop."
IT: "You carry vast amounts of sensitive employee data on your laptop. And there's no second password. It's just the screen you enter your single password looks different."
U: "So?"
IT: "You've lost your laptop twice in the last 3 years. You leave it in your back seat. Even though we've told you not to."
U: "So?"
U: "I don't like X (the very expensive, very capable software package the whole rest of the team agreed to use, and be trained on at additional great cost). I used Y at my last job and I want to use that. I want you buy it. And I'll probably need some additional training."
IT: Checking records, user missed most of the training on X.
U: "I want to use KTBICS (known to be insecure cloud service) to share files amongst my team"
IT: "You're a finance group. Handling SOX related data. And we already have a corporate approved, secure service that does exactly the same thing."
U: "Well, we're already using the non-commercial free version of KTBICS to share the same data, so we don't see what the problem is."
U: "I want you to install IIS, SQLserver and .NET on my desktop PC for testing."
IT: "We've built a sophisticated, secure dev/test environment to do exactly this."
U: "I forgot about that. But since I have to deliver this week I won't have time to finish the project if I have to learn how to use the approved platform. So just install everything on my machine. And I'll need the Internet to have access."
IT: (check records...user blew off training on the dev platform, which would have allowed them to spin up everything they needed in about 5 minutes).
IT: "Ummm....When is your due date, and what IP addresses need access?"
U: "It's due this Friday. I don't know what IP addresses need access, so just let everyone in.".
U: "I don't want to use X. X is made by Microsoft, and I have moral objections to using Microsoft products. I want to use open source package Y." .NET applications on Windows Server 2008R2 in C# using Visual Studio with a SQLServer backend? Something made clear as far back as the job ad you responded to?"
IT: "If you have a moral objection to using Microsoft, why did you take a job on a team developing
Lemme guess...fill the bottle with butyric acid, top of with some random aromatic oil...profit!
Not my point. This is probably going to come as quite a surprise to you, and you probably don't much care, but there's more at stake here than the backdoor. Jason Wright, FBI plant or no, will never be able to fully clear his name, and for some will always be "the guy who might be a FBI plant". God help the guy if someone finds some sort of bug; no matter how innocuous, it will be cited as "proof". I clearly don't know how "douche" is defined in your world, but in mine throwing someone under the bus with no hard evidence and precisely zero concern for them qualifies as grade-A douche. But then, I actually give a shit about other people and consider the consequences of my actions. YMMV.
The adult, professional, dare I say "non-douche" way to handle this would have been to say "I have credible reason to believe that there is a deliberately introduced back door in the IPSec code in OpenBSD. It would have been introduced around $DATE and/or in $FILES. Please drop what you are doing and start auditing." while trying to confirm the details. Obviously, that didn't happen. Obviously, far too many people couldn't care less.
Lesse...I'll publish a wildly sensational accusation by a third party without attempting to verify any of it and excuse myself with "prove you didn't do it". Of course, since everyone on the Internet will take a reasoned step back, verify all the facts before reacting, and will never launch a mass electronic lynch mob, the folk accused will be just fine. Does that cover how big a douche DeRaadt is here?
You purchasing people are idiots. My brothers small biz routinely orders well appointed Dell machines (mid-tier Core processors, 4-8gb RAM, nice monitors) for around $700. That's for one or two at a time. It sounds like your folks negotiated some "standard" buys which are crappy deals. This is not Dells problem, and it's unlikely white-boxing will fix a broken procurement system.
To be clear, this was a report done by a law firm retained by the school district to "investigate" the situation. One shouldn't take it as conclusive or impartial.
> Where's the value/point in releasing another limited-utility webserver?
Well...that depends I suppose. I don't think G-WAN is worth paying attention to, but Marcus Ranum semi-famously wrote a "limited utility" web server for an porn site that was both very fast and very secure in 1996, and still was a decade later. I agree with his point that not everything requires Apache level functionality, and all those bells and whistles come at a cost. Right tool for the job and all that.
http://www.ranum.com/security/computer_security/editorials/master-tzu/
No.
Georgia Tech has been offering a ridiculously popular Science Fiction literature class since the 70s. You might use it's curriculum as a guide. http://lcc.gatech.edu/~brobertson3/texts/sf.pdf
We do. All the time. And we don't put critical infrastructure on things we build out in the garage.
In other words, you've never written assembly for anything remotely resembling a modern, deeply pipelined processor with multiple functional units or, frankly, most any other modern processor construct (though \VAX processors \did have (tiny) cache and (short) pipeline). Well, I guess that's authoritative.
Let us know how that works for you. We, obviously, won't be paying attention.
Radio Shack has been an irrelevant vendor of cell phones and cheap 2nd tier consumer electronics for a decade. Long gone are the days when one ran down there to pick up a couple of capacitors and transistors to finish that weekend project.
> The quality of a programmer is often proportional to his ego. Bullshit, and irrelevant for programming teams of more than one person. For every Theo De Raadt, et. al., there are dozens of senior folks who've delivered large scale, sophisticated, quality, widely used software projects that didn't feel that it was their personal prerogative to shit mercilessly on any contributor who they decided to abuse that day. My life became vastly easier and much more successful when I quit believing the hype that you had to put up with the self-absorbed, egomaniacal, abusive, "superstars" to do great work. I figured out that there were really large numbers of supremely competent, team-oriented, consummate professionals that were more interested in getting the job done well than their own personal ideology to the detriment of those around them. I got rid of the prima donnas and hired guys with a track record of leading teams to success. They delivered; got the projects done. Noone had to beg them for deliverables, documentation or to treat others as human. The bonus was that the professionals (unlike the "superstars"), would actually spend time mentoring the "stupid" junior folks instead of shitting on them, turning them into competent professionals and the next generation of solid developers. A culture of success evolves. If it suits your personality be rewarded with "I'm recognized because I put up with the most crap from the more recognized names", good for you. But recognize there's a bunch of folks, just as "quality", who said "I don't need this" and found real, supportive teams to work on.
Cite, beyond the single limited study I'm aware of that doesn't really prove the point but makes an excellent way of boosting the authors Google search score when they apply for their next grant?
Exactly. Gawd do I hate these "gurus" who sally forth on the "right way" to do things without a clue in the world how things work when there are, say, 6,000 developers supporting a couple of dozen mission critical interconnected applications. Even worse when you get some junior developer grousing about "gee, I read this dudes blog and is organization is so much cooler than mine" not realizing the dude has to worry about 10 folks, nothing mission critical and only self-imposed deadlines.
There are billboards around town for exactly this. You're undoubtedly right that infomercials are not far behind.
What? Fail.
Why? Li is stating "I base my proof on X". Connes says "I see you've based your proof on X. I'm quite content that X doesn't work." Game over. If the fundamental assumption is wrong, what is gained from going on? If you read a paper that started "assume the square root of 9 was 3.1", do you *really* need to read all of it before you decide "this fellow might be off track."?
Funny. The first manager position I was ever hiring manager for was for a software development project manager. This was back when we actually ran ads in the paper for such things. A Pizza Hut manager applied and proceeded to call me every day for two weeks to try and convince me that "management is just management" and since he was such a fantastic manager, all those pesky technical details would just fall into place. He was dead serious. I give him an A for effort, but after two weeks I had to threaten him with a restraining order to get him to stop calling.
Actually, it would be nicer if someone else with Reiser's skill and vision joined the EXT[34] or XFS or JFS or etc., etc. folks and made those systems better. I vote XFS because I've got several years of flawless operation on a nontrivial number of servers, but I'm not picky as long as the ball moves forward. Hans was the {primary,only} driving force behind his file system, and it's at best a distraction now that he's looking at federal PMITA prison. I'm undoubtedly heretical in thinking that hype aside ReiserFS was not revolutionary enough to justify Yet Another FileSystem. This undoubtedly makes me a bad person. P.S. - If you really can't think of a solution other than thousands of files in one directory, you're doing it wrong.
You have the economics backwards...the cameras will get cheaper because of the number of places governments are watching. Governments aren't known to be particularly price sensitive consumers.