On this note.. I'd like to thank the administrators from from I was in high school for going through this. Their (ultimately unsuccessful) attempts at blocking everything gave me one heck of an awesome crash course in TCP/IP, DNS, firewalls, VPNs, and reverse proxies, etc.. knowledge which I've used to some extent at every job I've had for the past 15 years.
I think the author's tirade against wikis is that many people use a wiki as a magical tool that allows them to forego writing documentation in the hopes it will suddenly appear, written by users that want to write documentation. This obviously isn't what typically happens.
However, I think wikis can be (and often are) a great format for documentation. The author(s) of the software should still be the primary and/or only contributors, but even so good wiki software serves to lower the barrier to writing documentation: creating/editing as simple as clicking edit, and you instantly see the results. You can link between pages, reducing duplication. Some software forces a hierarchy of pages, leading you to create things in a logical, structured way (of course, you can lead a horse to water...).
The key to this of course is that the person/people writing the software must write the bulk of the documentation (eg, like you would without the wiki as well). Don't allow random edits, or at least subject edits to a review process.If your project is big and successful, just as it lowers the barrier for you to write docs it may encourage others to contribute -- but don't rely on this.
Think of the wiki more like a publishing platform or format; not like a way to absolve yourself of the responsibility to write documentation.
// Also, generate a random number, which we append to the URL, to make it appear as if a complex //key is required. This is a pathetic attempt to discourage someone from downloading the ZIPs //directly (ie. without having to login), if they deduce the URL pattern.
Translation:
Coder: "Here's the census web application." PHB: "Great. But wait..I can just type in these other names and download them really easily! People will hack us and we'll be out possibly a COUPLE THOUSAND DOLLARS! " Coder: "It is Creative Commons data, so of course we added no protection. Changing that now will be a massive rewrite and take months." PHB: "So let's add some random numbers to the end so it looks really complex and people can't guess how to get in." Coder: "But they still will eventually see the links because they do actually have to download it, so this is not really doing anything." PHB: "Psh, no one is smart enough to figure that out. I read about this GUID things and they're really hard to guess. It will work. This is your job today." Coder "..Ok, fine. I'll do it exactly the way you asked."
Many, many years ago when I got my first domain, I set up *@domain.com to forward to me. And about 5 minutes and several spams/garbage from the owner of the domain before me later, I turned it off.
However, I did end up making a subdomain and forwarding everything (*@sub.mydomain.com), and I've been using it exclusively for signing up to sites ever since (I've probably been using it for ~13 years). I can think of about two occasions where I have actually got spam to any of the addresses I used, both were from shady companies that turned on a 'share my address' setting without prompting (or it was so buried that I missed it, I usually spot those). I've never gotten any dictionary-style spam attacks to the subdomain or mail to an address I didn't explicitly use.
You've obviously never been involved in hiring developers.
There are a *lot* of bad developers out there. So many it's sickening. Bad developers that have resumes that look like they can do stuff. They may even call themselves senior. They've worked on a team that has successfully produced a product (or at least at a company that has).
One of the memorable interviews I did with was via a referral, and it worked out that I went straight to an in-person interview (skipping my usual weeding-out process). This person had a decent CV. They worked on a project designing a military helicopter training simulator, which basically involved wiring a game (written by another team) up to a 4-person helicopter mock-up that included pieces of real equipment (radios, navigation, etc) so the actual equipment displayed and could interact with the game. I've always had a personal fascination with interfacing real-world hardware with software (and have done lots of industrial control integration), so I had a ton of questions.
Well, despite trying for ~15 minutes, I could not figure out what this person actually had specifically accomplished. The team had successfully built this thing from what I could tell, but this person could not explain to me what *they* actually did. I asked in many different ways, including very bluntly like "What was some piece of functionality/code you wrote yourself?" and the person "could not remember" (they worked there for over a year, and had left less than a year prior). The most technical thing they could say about the integration was that it "involved UDP".. Seriously.
I've been using Chrome for well over a year, and have had this discussion many times. Yes, Chrome uses more ram. But I can close a bunch of tabs, and it frees it up. Firefox, every time I try it and despite that it's memory management is "getting better", still eventually uses several GB of ram and requires that I completely exit and restart before it's freed.
My browser is one of the first things I start up when I turn on my PC, and generally stays open until my PC has to reboot for some reason (which may be anywhere from a week to a month). This is really only possible now because I use Chrome.
If your pushing code the production once a day, you have no QA cycle whatsoever.
That's not necessarily true. You can push code up once a day, where QA takes it a day (or whatever) later, and then it goes to staging and then goes to production. The code being pushed out today may have been in QA for the past two days, and actually written 3 days ago.
At the place I work at now, we're doing two week cycles like this. Once development is done, the code is pushed to QA, who then spends up to a couple weeks on it. If it passes, it can go out, but in the meantime, dev is working on new stuff. This works for any cycle duration, and even a per-issue basis, which is how >= daily updates (should) work.
Of course, there are places where there is no QA, and developers are pushing stuff to production immediately after writing it, and then spending the next couple days rushing fixes for all the bugs they just introduced into production. And then fixes for the bugs in those fixes... And the cycle ends when someone either wises up and realizes it's not sustainable, or all your developers burn out and leave and/or all your customers get sick of constant breaking and leave.
The folders could make sense -- it even appears they attempted that at the start, with "Accessories", "Games", and "Startup". But then presumably due to a default setting of an install tool, or perhaps just adopted convention, companies started using their names for the folders. Instead of "Internet" or "Web Browsers", you get "Mozilla". Instead of "Office and Productivity" you get "Microsoft Office".
The experience on most Linux desktops shows how much better this approach is. You don't need to remember the weird name of your favourite music player -- or worse, what company made it -- you pick "Music" and there it is.
The Vista start menu at least recognized having "Programs" featured so prominently was useless because the structure below was useless, unfortunately they "fixed" that by searching and pinning (which themselves, are not bad ideas) instead of enforcing a more logical structure.
Even if your storage passes the test, it could fail the next day. What you should be doing is designing your storage to gracefully handle failure, like RAID 5 with spares.
And then what you should test is that it actually notifies you when something does fail, so you know about it and can fix it. You can also test how long it takes to rebuild the array after replacing a disk, and how much performance degradation there is while that is happening.
I've always been tempted to bring a half tube of toothpaste or drink bottle just so I can duck and cover when they take it and toss it into the trash behind them. I'm pretty sure they wouldn't see the humour in it though and instead I'd end up at the least being detained for several hours..
Will it finally support remote tuners? (or does it do that now?) One thing I love about my sage setup (and about Mythtv, before that) was that I could have one server in my basement with a few tuners and all the noisy drives, and then have a silent, tiny box sitting next to my TV with just power, ethernet and HDMI out, and an IR remote. I just pick a channel to watch and it figures out an available tuner to use (truthfully, I usually just pick a show to record, and never watch live tv nor even think about "channels"). It doesn't matter that I have an analog cable tuner, a digital OTA antenna, and a couple digital cable tuners -- there is a single guide, with a single list of channels, and when you watch a show you have no clue where it comes from. That's the way it should be.
On top of that, of course, I do NOT want the complication of a full PC on my TVs, such as security updates, fighting to ensure no other apps steal focus, absolutely never requiring a keyboard/mouse, etc. That's part of the reason I switched to Sage from Myth, actually (that, plus I could not even get close to building a silent, disk-less PC for the $150 that it used to cost for the Sage HD extender, not to mention getting it to play 1080p video or boot in 5 seconds).
So what have they done up to this point? Shouldn't all plants require safety inspections, all the time, and if they're not up to standards they get shut down? Age of the plant shouldn't matter at all -- in fact, a plant built 50 years ago should be held to the same standards as a plant built 2 years ago. It doesn't matter if putting generators in the basement next to the ocean was deemed to be okay in 1967. If current standards say your backup power has to be protected from tsunamis, then the plant has to be fixed, or shut down.
Development environments and reference materials don't help you if you don't understand the logic.
When I ask people to write code or solve fizzbuzz-style problems, I tell them to do it in any language they want. I don't care about syntax errors, wrong function names, etc. I don't even care if you use % to take the modulus and your language doesn't even have a modulus operator, or you're writing in a language that doesn't even exist. What I care about that you knew you needed to use modulus, and really, that you solved the problem. If you can't solve fizzbuzz, how the hell are you going to write a multi-threaded high-performance ETL process?
Missing a semi-colon or closing brace doesn't make you a bad coder. An off-by-one error that you still can't spot after I hint at it, that may. Complete failure to solve the problem, well that definitely does.
Funny.. I also don't have an HDTV* - my old cathode ray tube is still going strong, unfortunately, and I can't justify replacing it for no other reason than to replace it.
(*I do have an HDTV in my basement, which just means we end up watching most movies and stuff down there, the living room tube is for more casual viewing).
Anecdote from a friend with kids (who are 6-8 years old):
They have always had a DVD player. One day, my friend hooked up his old VCR so they could watch some old movies he had on VHS. They thought it was an amazing new technology, because it had a great feature where if you took the tape out and then later put it back in, it resumed right away from where you left off.
You're bang-on with this. Reverse DNS entries and SPF are critically important. Your forward DNS should also match, eg; if you send from 1.2.3.4, you should have a PTR record for that IP to "mail.mycompany.com" and "mail.mycompany.com" should have an A record that points to 1.2.3.4.
Though as you point out, not all "business class" IP ranges are created equally. Notably, if the ISP allows many other businesses to send spam (from virus infections) in the same range as your IPs, you'll probably eventually be blacklisted as well.
This setup will get you a good outbound setup. I did something similar when I joined the company I'm at now, though took it a step further, and because we have some servers in a data center anyways, I changed our Exchange server to relay it's outbound mail (aka use the stupidly-named "smarthost" thing) to a server running postfix, when then sends to the rest of the internet. The reason I did this was two-fold: I don't really trust our cable co's IPs, and we have a secondary DSL line: if we fail-over to that, I still wanted outbound email to work. This setup allows both, since our mail always comes from an IP in our datacenter netblock. In the 2.5 years we've been using it, we've had no problems with people getting our mail.
The other side of this is inbound: personally, inbound mail on a cable modem hosted in a regular office is a recipe for disaster, eventually. In fact, one of our clients had it happen to them, their office flooded, and their ability to get email was down for several days while they tried to get a new server up and relocate it. Email was actually bouncing back to people sending to them, because nothing was responding. Since their phones were also down at first, it looked like they were out of business, except that they called us to tell us what was going on. You don't want this to happen to your business.
When I first did the email setup described above, I also got an account at dyndns using their Mailhop Forward service. Effectively, you point your MX records at their server, and then they deliver mail via SMTP to your (possibly dynamic) IP. If the office connection goes down, they spool mail for you for up to a week, and deliver it once you come back online. No mail lost, even if your connection is down. In a disaster, you can easily redirect the service to send to another mail server, without having to wait for DNS changes to propagate and all those other servers to retry sending and/or people to manually re-send.
Since then, we got tired of the spam (whatever crappy software we had that integrated with Exchange sucked), and so probably a year ago, we switched to Messagelabs, which provides a similar service to Mailhop but also does virus/spam filtering. Spam went to effectively 0. I HIGHLY recommend using an external company for this.. it costs us a few dollars per person, well worth it, and we don't have to manage anything ourselves. I see Dyndns is now offering something similar as well, I can't vouch for that service specifically but we continue to host our DNS with Dyndns and I have nothing but good things to say about them.
Security that relies on a policy of changing passwords regularly is inherently flawed. Generally when that policy is enacted, you're also forced to not reuse passwords, and have fairly high complexity.. the combination of which leads to passwords that most people can't remember, and so you end up with sticky notes underneath keyboards with passwords.
The reasons you'd want to require people to change passwords are to try and protect the system if other people know the password. The problem is, at the very best, it allows the compromise to happen for a few weeks/months until the next password change. That's more than enough time to do a lot of damage, extract info, etc. So I'd say the policy totally fails in that respect. This includes causal password sharing among co-workers ("hey, can you on to my email to get me that phone number?").
You're also right about being forced to have a "different enough" password.. but consider people who use passwords like "winter2011". The next one will be reasonably different, on a character-by-character basis, but I bet you can still guess what it will be..
So really, password policy is only a small part. Force some amount of complexity, but it doesn't need to expire. Instead, the IT infrastructure needs to detect and handle compromise by itself. Multiple invalid password attempts should gradually take longer to respond (so after your 4th wrong password, it might take 10 seconds to respond, and soon after that take 30 seconds to respond), which makes brute force attacks infeasible. A user logging in simultaneously from multiple locations should at the least be flagged. Logging in at odd times, or new locations should be flagged (if an employee who works in New York and doesn't travel is suddenly trying to log in from Nigeria, something is probably not right). Restrict what they have access to.
Of course, all of this actually makes the IT department do actual work, instead of blaming users when a compromise happens. I mean, IT even sent a memo saying not to write down or share passwords, how can they be blamed that the user didn't listen? And yet, that's the mentality that puts these stupid policies into effect, despite a couple decades of it not working.
Or just buy a long HDMI cable.. or HDMI-over-Cat5 adapter.. or (if you have the luxury during construction or like to retrofit) install HDMI in your walls. This is just.. too obvious. It's probably less effort and more effective than trying to soundproof a PC, cheaper than liquid cooling+SSD drives, and is stil noise-free for anyone in the room not using headphones.
I had one of my mythtv frontends (which also happened to be the server - lots of fans/drives, quite noisy) in the utility room behind the wall my TV is mounted on. HDMI and USB cable coming in was all I needed, and I had a remote (and keyboard/mouse - when needed), and sound/video. And it was totally silent. (I've since switched to another system with a no-moving-parts frontend, so now it sits in the same room).
The 20 seconds spent by a slow typist is likely more than double the time spent by a decent typist. That is (lets say) 13 seconds more time spent thinking about typing that could have been used to think about programming.
I also think that spending so much extra time thinking about typing makes the poor typist more likely to (partially) forget what the next line was going to be, and thus spend more time thinking about it.
Personally, I think more in 'sections' than lines, and when I think up a way to write a particular bit of code - which may involve a loop iterating through an array, for example - I can just pound out that section very quickly. This lets me get thinking about the next block sooner, since I spend almost no energy thinking about typing.
There's definitely also times where my typing is too slow for my thought process - for example I decide to solve some particular problem, I need to write a class to represent my data and a collection class to hold it - and so my brain is waiting for my fingers to catch up so I can actually start writing the real logic. I don't know if that's really a good explanation; I just get into spurts where tens of lines of code just stream out very quickly, and then I sit back for a few seconds to think, before streaming out another chunk of code.
Using ISP email accounts is stupid regardless of the way you access it.
I switched to using gmail after hosting my own email for many years.
1. I was using Thunderbird, which was okay, but did consume some resources and make things slow.
2. I was running webmail using Horde, which was fairly clumsy although usable.
3. I hated that I had to have Thunderbird open (at least somewhere) in order for my filters to work. This was particularly annoying whenever I was away from my own computers, and accessing via crappy (compared to Thunderbird) webmail client.
4. I was running my email through a commercial spam appliance, plus had RBL lists on my server, plus had Bayesian rules trained in Thunderbird, and yet still got a few spam's a week in my inbox.
5. I had switched PC a few times over the years I was running mail. The first time or two I manually re-created my rules. Then I found an import/export add-on that could move filtering rules. Then I got a laptop, and used both my laptop and desktop an equal amount - keeping filtering rules in sync was a pain.
Finally, after I got my current laptop, I got sick of the whole mess (and the spam), and changed my account to forward to gmail. I've been doing that for at least a year now, and I could count on one hand the number of spam's I've got. My only complaint is that the rules aren't as complex as what I could make in Thunderbird, but the searching is sufficiently accurate and fast that having as many folders as I used to have is simply not that important anymore.
Gmail is set to send 'from' my domain (not my gmail address), so to anyone else, it's transparent.
Cameron also had a monitor rig that he could hold on set - it was motion-tracked as well, and basically gave a real-time view into the rendered scene, so he could move it around like a virtual camera. I'm not entirely sure but it seemed (from a longer making-of video) like they actually used that as a "camera" at points, so even the camera tracking had a human-hand-held feel at times.
I do use VoIP, and I "spoof" in two specific situations:
Since I got a cell phone through my work, I had my old cell phone number (which I'd had for like 7 years, and it spells my name) ported to VoIP (I keep both numbers and have separate personal/work numbers, and only carry one device). Now when you call it, it simultaneously rings the phone in my home office, and my cell. When it calls my cell, it "spoofs" the outbound call to appear as though it's coming from whoever ACTUALLY called my number, so on my cell phone the caller id shows the true caller, and not as if someone at my house is calling.
The other time I use it is as a secondary VoIP service. I only have one inbound number (DID) for my "house" number, which is tied to a specific provider. I have another provider that is setup as a secondary service, in the case I try to make a call and the first is unreachable, or rejects my call for any reason. I don't have a DID with that provider, only outgoing service. So when I place calls from that line, I "spoof" my house DID number, so it doesn't show up as blocked or some random CLID.
Unfortunately, I don't see how they can distinguish these two uses from actual malicious spoofing, but I'm not in Mississippi (or the US for that matter) so this doesn't apply to me now.
Slashdot Mirror
On this note.. I'd like to thank the administrators from from I was in high school for going through this. Their (ultimately unsuccessful) attempts at blocking everything gave me one heck of an awesome crash course in TCP/IP, DNS, firewalls, VPNs, and reverse proxies, etc .. knowledge which I've used to some extent at every job I've had for the past 15 years.
I think the author's tirade against wikis is that many people use a wiki as a magical tool that allows them to forego writing documentation in the hopes it will suddenly appear, written by users that want to write documentation. This obviously isn't what typically happens.
However, I think wikis can be (and often are) a great format for documentation. The author(s) of the software should still be the primary and/or only contributors, but even so good wiki software serves to lower the barrier to writing documentation: creating/editing as simple as clicking edit, and you instantly see the results. You can link between pages, reducing duplication. Some software forces a hierarchy of pages, leading you to create things in a logical, structured way (of course, you can lead a horse to water...).
The key to this of course is that the person/people writing the software must write the bulk of the documentation (eg, like you would without the wiki as well). Don't allow random edits, or at least subject edits to a review process.If your project is big and successful, just as it lowers the barrier for you to write docs it may encourage others to contribute -- but don't rely on this.
Think of the wiki more like a publishing platform or format; not like a way to absolve yourself of the responsibility to write documentation.
From the code:
// Also, generate a random number, which we append to the URL, to make it appear as if a complex
//key is required. This is a pathetic attempt to discourage someone from downloading the ZIPs
//directly (ie. without having to login), if they deduce the URL pattern.
Translation:
Coder: "Here's the census web application."
PHB: "Great. But wait..I can just type in these other names and download them really easily! People will hack us and we'll be out possibly a COUPLE THOUSAND DOLLARS! "
Coder: "It is Creative Commons data, so of course we added no protection. Changing that now will be a massive rewrite and take months."
PHB: "So let's add some random numbers to the end so it looks really complex and people can't guess how to get in."
Coder: "But they still will eventually see the links because they do actually have to download it, so this is not really doing anything."
PHB: "Psh, no one is smart enough to figure that out. I read about this GUID things and they're really hard to guess. It will work. This is your job today."
Coder "..Ok, fine. I'll do it exactly the way you asked."
Many, many years ago when I got my first domain, I set up *@domain.com to forward to me. And about 5 minutes and several spams/garbage from the owner of the domain before me later, I turned it off.
However, I did end up making a subdomain and forwarding everything (*@sub.mydomain.com), and I've been using it exclusively for signing up to sites ever since (I've probably been using it for ~13 years). I can think of about two occasions where I have actually got spam to any of the addresses I used, both were from shady companies that turned on a 'share my address' setting without prompting (or it was so buried that I missed it, I usually spot those). I've never gotten any dictionary-style spam attacks to the subdomain or mail to an address I didn't explicitly use.
You've obviously never been involved in hiring developers.
There are a *lot* of bad developers out there. So many it's sickening. Bad developers that have resumes that look like they can do stuff. They may even call themselves senior. They've worked on a team that has successfully produced a product (or at least at a company that has).
One of the memorable interviews I did with was via a referral, and it worked out that I went straight to an in-person interview (skipping my usual weeding-out process). This person had a decent CV. They worked on a project designing a military helicopter training simulator, which basically involved wiring a game (written by another team) up to a 4-person helicopter mock-up that included pieces of real equipment (radios, navigation, etc) so the actual equipment displayed and could interact with the game. I've always had a personal fascination with interfacing real-world hardware with software (and have done lots of industrial control integration), so I had a ton of questions.
Well, despite trying for ~15 minutes, I could not figure out what this person actually had specifically accomplished. The team had successfully built this thing from what I could tell, but this person could not explain to me what *they* actually did. I asked in many different ways, including very bluntly like "What was some piece of functionality/code you wrote yourself?" and the person "could not remember" (they worked there for over a year, and had left less than a year prior). The most technical thing they could say about the integration was that it "involved UDP".. Seriously.
I've been using Chrome for well over a year, and have had this discussion many times. Yes, Chrome uses more ram. But I can close a bunch of tabs, and it frees it up. Firefox, every time I try it and despite that it's memory management is "getting better", still eventually uses several GB of ram and requires that I completely exit and restart before it's freed.
My browser is one of the first things I start up when I turn on my PC, and generally stays open until my PC has to reboot for some reason (which may be anywhere from a week to a month). This is really only possible now because I use Chrome.
If your pushing code the production once a day, you have no QA cycle whatsoever.
That's not necessarily true. You can push code up once a day, where QA takes it a day (or whatever) later, and then it goes to staging and then goes to production. The code being pushed out today may have been in QA for the past two days, and actually written 3 days ago.
At the place I work at now, we're doing two week cycles like this. Once development is done, the code is pushed to QA, who then spends up to a couple weeks on it. If it passes, it can go out, but in the meantime, dev is working on new stuff. This works for any cycle duration, and even a per-issue basis, which is how >= daily updates (should) work.
Of course, there are places where there is no QA, and developers are pushing stuff to production immediately after writing it, and then spending the next couple days rushing fixes for all the bugs they just introduced into production. And then fixes for the bugs in those fixes... And the cycle ends when someone either wises up and realizes it's not sustainable, or all your developers burn out and leave and/or all your customers get sick of constant breaking and leave.
I'm offended by your suggestion that I or someone I know might ever say something mean in public and should be arrested. I demand you be arrested!
The folders could make sense -- it even appears they attempted that at the start, with "Accessories", "Games", and "Startup". But then presumably due to a default setting of an install tool, or perhaps just adopted convention, companies started using their names for the folders. Instead of "Internet" or "Web Browsers", you get "Mozilla". Instead of "Office and Productivity" you get "Microsoft Office".
The experience on most Linux desktops shows how much better this approach is. You don't need to remember the weird name of your favourite music player -- or worse, what company made it -- you pick "Music" and there it is.
The Vista start menu at least recognized having "Programs" featured so prominently was useless because the structure below was useless, unfortunately they "fixed" that by searching and pinning (which themselves, are not bad ideas) instead of enforcing a more logical structure.
And then what you should test is that it actually notifies you when something does fail, so you know about it and can fix it. You can also test how long it takes to rebuild the array after replacing a disk, and how much performance degradation there is while that is happening.
I've always been tempted to bring a half tube of toothpaste or drink bottle just so I can duck and cover when they take it and toss it into the trash behind them. I'm pretty sure they wouldn't see the humour in it though and instead I'd end up at the least being detained for several hours..
Will it finally support remote tuners? (or does it do that now?) One thing I love about my sage setup (and about Mythtv, before that) was that I could have one server in my basement with a few tuners and all the noisy drives, and then have a silent, tiny box sitting next to my TV with just power, ethernet and HDMI out, and an IR remote. I just pick a channel to watch and it figures out an available tuner to use (truthfully, I usually just pick a show to record, and never watch live tv nor even think about "channels"). It doesn't matter that I have an analog cable tuner, a digital OTA antenna, and a couple digital cable tuners -- there is a single guide, with a single list of channels, and when you watch a show you have no clue where it comes from. That's the way it should be.
On top of that, of course, I do NOT want the complication of a full PC on my TVs, such as security updates, fighting to ensure no other apps steal focus, absolutely never requiring a keyboard/mouse, etc. That's part of the reason I switched to Sage from Myth, actually (that, plus I could not even get close to building a silent, disk-less PC for the $150 that it used to cost for the Sage HD extender, not to mention getting it to play 1080p video or boot in 5 seconds).
So what have they done up to this point? Shouldn't all plants require safety inspections, all the time, and if they're not up to standards they get shut down? Age of the plant shouldn't matter at all -- in fact, a plant built 50 years ago should be held to the same standards as a plant built 2 years ago. It doesn't matter if putting generators in the basement next to the ocean was deemed to be okay in 1967. If current standards say your backup power has to be protected from tsunamis, then the plant has to be fixed, or shut down.
Development environments and reference materials don't help you if you don't understand the logic.
When I ask people to write code or solve fizzbuzz-style problems, I tell them to do it in any language they want. I don't care about syntax errors, wrong function names, etc. I don't even care if you use % to take the modulus and your language doesn't even have a modulus operator, or you're writing in a language that doesn't even exist. What I care about that you knew you needed to use modulus, and really, that you solved the problem. If you can't solve fizzbuzz, how the hell are you going to write a multi-threaded high-performance ETL process?
Missing a semi-colon or closing brace doesn't make you a bad coder. An off-by-one error that you still can't spot after I hint at it, that may. Complete failure to solve the problem, well that definitely does.
Funny.. I also don't have an HDTV* - my old cathode ray tube is still going strong, unfortunately, and I can't justify replacing it for no other reason than to replace it.
(*I do have an HDTV in my basement, which just means we end up watching most movies and stuff down there, the living room tube is for more casual viewing).
Anecdote from a friend with kids (who are 6-8 years old):
They have always had a DVD player. One day, my friend hooked up his old VCR so they could watch some old movies he had on VHS. They thought it was an amazing new technology, because it had a great feature where if you took the tape out and then later put it back in, it resumed right away from where you left off.
You're bang-on with this. Reverse DNS entries and SPF are critically important. Your forward DNS should also match, eg; if you send from 1.2.3.4, you should have a PTR record for that IP to "mail.mycompany.com" and "mail.mycompany.com" should have an A record that points to 1.2.3.4.
Though as you point out, not all "business class" IP ranges are created equally. Notably, if the ISP allows many other businesses to send spam (from virus infections) in the same range as your IPs, you'll probably eventually be blacklisted as well.
This setup will get you a good outbound setup. I did something similar when I joined the company I'm at now, though took it a step further, and because we have some servers in a data center anyways, I changed our Exchange server to relay it's outbound mail (aka use the stupidly-named "smarthost" thing) to a server running postfix, when then sends to the rest of the internet. The reason I did this was two-fold: I don't really trust our cable co's IPs, and we have a secondary DSL line: if we fail-over to that, I still wanted outbound email to work. This setup allows both, since our mail always comes from an IP in our datacenter netblock. In the 2.5 years we've been using it, we've had no problems with people getting our mail.
The other side of this is inbound: personally, inbound mail on a cable modem hosted in a regular office is a recipe for disaster, eventually. In fact, one of our clients had it happen to them, their office flooded, and their ability to get email was down for several days while they tried to get a new server up and relocate it. Email was actually bouncing back to people sending to them, because nothing was responding. Since their phones were also down at first, it looked like they were out of business, except that they called us to tell us what was going on. You don't want this to happen to your business.
When I first did the email setup described above, I also got an account at dyndns using their Mailhop Forward service. Effectively, you point your MX records at their server, and then they deliver mail via SMTP to your (possibly dynamic) IP. If the office connection goes down, they spool mail for you for up to a week, and deliver it once you come back online. No mail lost, even if your connection is down. In a disaster, you can easily redirect the service to send to another mail server, without having to wait for DNS changes to propagate and all those other servers to retry sending and/or people to manually re-send.
Since then, we got tired of the spam (whatever crappy software we had that integrated with Exchange sucked), and so probably a year ago, we switched to Messagelabs, which provides a similar service to Mailhop but also does virus/spam filtering. Spam went to effectively 0. I HIGHLY recommend using an external company for this.. it costs us a few dollars per person, well worth it, and we don't have to manage anything ourselves. I see Dyndns is now offering something similar as well, I can't vouch for that service specifically but we continue to host our DNS with Dyndns and I have nothing but good things to say about them.
Security that relies on a policy of changing passwords regularly is inherently flawed. Generally when that policy is enacted, you're also forced to not reuse passwords, and have fairly high complexity.. the combination of which leads to passwords that most people can't remember, and so you end up with sticky notes underneath keyboards with passwords.
The reasons you'd want to require people to change passwords are to try and protect the system if other people know the password. The problem is, at the very best, it allows the compromise to happen for a few weeks/months until the next password change. That's more than enough time to do a lot of damage, extract info, etc. So I'd say the policy totally fails in that respect. This includes causal password sharing among co-workers ("hey, can you on to my email to get me that phone number?").
You're also right about being forced to have a "different enough" password.. but consider people who use passwords like "winter2011". The next one will be reasonably different, on a character-by-character basis, but I bet you can still guess what it will be..
So really, password policy is only a small part. Force some amount of complexity, but it doesn't need to expire. Instead, the IT infrastructure needs to detect and handle compromise by itself. Multiple invalid password attempts should gradually take longer to respond (so after your 4th wrong password, it might take 10 seconds to respond, and soon after that take 30 seconds to respond), which makes brute force attacks infeasible. A user logging in simultaneously from multiple locations should at the least be flagged. Logging in at odd times, or new locations should be flagged (if an employee who works in New York and doesn't travel is suddenly trying to log in from Nigeria, something is probably not right). Restrict what they have access to.
Of course, all of this actually makes the IT department do actual work, instead of blaming users when a compromise happens. I mean, IT even sent a memo saying not to write down or share passwords, how can they be blamed that the user didn't listen? And yet, that's the mentality that puts these stupid policies into effect, despite a couple decades of it not working.
Or just buy a long HDMI cable.. or HDMI-over-Cat5 adapter.. or (if you have the luxury during construction or like to retrofit) install HDMI in your walls. This is just .. too obvious. It's probably less effort and more effective than trying to soundproof a PC, cheaper than liquid cooling+SSD drives, and is stil noise-free for anyone in the room not using headphones.
I had one of my mythtv frontends (which also happened to be the server - lots of fans/drives, quite noisy) in the utility room behind the wall my TV is mounted on. HDMI and USB cable coming in was all I needed, and I had a remote (and keyboard/mouse - when needed), and sound/video. And it was totally silent. (I've since switched to another system with a no-moving-parts frontend, so now it sits in the same room).
The 20 seconds spent by a slow typist is likely more than double the time spent by a decent typist. That is (lets say) 13 seconds more time spent thinking about typing that could have been used to think about programming.
I also think that spending so much extra time thinking about typing makes the poor typist more likely to (partially) forget what the next line was going to be, and thus spend more time thinking about it.
Personally, I think more in 'sections' than lines, and when I think up a way to write a particular bit of code - which may involve a loop iterating through an array, for example - I can just pound out that section very quickly. This lets me get thinking about the next block sooner, since I spend almost no energy thinking about typing.
There's definitely also times where my typing is too slow for my thought process - for example I decide to solve some particular problem, I need to write a class to represent my data and a collection class to hold it - and so my brain is waiting for my fingers to catch up so I can actually start writing the real logic. I don't know if that's really a good explanation; I just get into spurts where tens of lines of code just stream out very quickly, and then I sit back for a few seconds to think, before streaming out another chunk of code.
Using ISP email accounts is stupid regardless of the way you access it.
I switched to using gmail after hosting my own email for many years.
1. I was using Thunderbird, which was okay, but did consume some resources and make things slow.
2. I was running webmail using Horde, which was fairly clumsy although usable.
3. I hated that I had to have Thunderbird open (at least somewhere) in order for my filters to work. This was particularly annoying whenever I was away from my own computers, and accessing via crappy (compared to Thunderbird) webmail client.
4. I was running my email through a commercial spam appliance, plus had RBL lists on my server, plus had Bayesian rules trained in Thunderbird, and yet still got a few spam's a week in my inbox.
5. I had switched PC a few times over the years I was running mail. The first time or two I manually re-created my rules. Then I found an import/export add-on that could move filtering rules. Then I got a laptop, and used both my laptop and desktop an equal amount - keeping filtering rules in sync was a pain.
Finally, after I got my current laptop, I got sick of the whole mess (and the spam), and changed my account to forward to gmail. I've been doing that for at least a year now, and I could count on one hand the number of spam's I've got. My only complaint is that the rules aren't as complex as what I could make in Thunderbird, but the searching is sufficiently accurate and fast that having as many folders as I used to have is simply not that important anymore.
Gmail is set to send 'from' my domain (not my gmail address), so to anyone else, it's transparent.
Basically the only reason to see Avatar was the 3D.
I thought the way they made the Avatar characters was pretty neat: http://www.youtube.com/watch?v=P2_vB7zx_SQ
Cameron also had a monitor rig that he could hold on set - it was motion-tracked as well, and basically gave a real-time view into the rendered scene, so he could move it around like a virtual camera. I'm not entirely sure but it seemed (from a longer making-of video) like they actually used that as a "camera" at points, so even the camera tracking had a human-hand-held feel at times.
Some other great pics:
* http://krebsonsecurity.com/2010/01/would-you-have-spotted-the-fraud/
* http://krebsonsecurity.com/2010/02/atm-skimmers-part-ii/
* http://krebsonsecurity.com/2010/05/fun-with-atm-skimmers-part-iii/
Required viewing: Enhance megamix.. of course, the Super Troopers expertly makes fun of the whole concept.
I do use VoIP, and I "spoof" in two specific situations:
Since I got a cell phone through my work, I had my old cell phone number (which I'd had for like 7 years, and it spells my name) ported to VoIP (I keep both numbers and have separate personal/work numbers, and only carry one device). Now when you call it, it simultaneously rings the phone in my home office, and my cell. When it calls my cell, it "spoofs" the outbound call to appear as though it's coming from whoever ACTUALLY called my number, so on my cell phone the caller id shows the true caller, and not as if someone at my house is calling.
The other time I use it is as a secondary VoIP service. I only have one inbound number (DID) for my "house" number, which is tied to a specific provider. I have another provider that is setup as a secondary service, in the case I try to make a call and the first is unreachable, or rejects my call for any reason. I don't have a DID with that provider, only outgoing service. So when I place calls from that line, I "spoof" my house DID number, so it doesn't show up as blocked or some random CLID.
Unfortunately, I don't see how they can distinguish these two uses from actual malicious spoofing, but I'm not in Mississippi (or the US for that matter) so this doesn't apply to me now.