I justify that statement with the ten years I've spent as a member of the American workforce. Do you work in the states? If so, do a simple empirical experiment. As you go through your day at work, keep a running tally of the number of people you deal with, and for each one try to think of the last time that person said or did something that demonstrated agile and original thinking. If you're fortunate enough to work in a corporate climate where such things are rewarded and encouraged, or better yet one where the oppposite is actively discouraged, then more power to you. If on the other hand you routinely deal with co-workers who could easily have been in the cast of Office Space, then there's no reason for you to get so defensive.
I am an American, and my experience has been that unless we go through life as a hermit we're subject to a pop culture that wants to dumb us down and spoon feed our opinions to us, all while making us feel good and warm and fuzzy about being fucktards. And as a whole we gobble it up and ask for more.
Because IE does an msn search whenever you type anything it doesn't recognize as a URL into the URL bar, many users don't know of a search method other than typing their search into the URL bar. Anti-competitive much?
The results I am seeing so far indicate that while they can do the work, as instructed, they are incapable of being creative, or adaptive, when confronted with situations not covered in the textbooks.
And this distinguishes the Indian workers you encountered from 90% of the American workforce how?
Sounds to me like it isn't the job that's stressing him out. The user is letting technology stress him out, and is effectively transferring that to the tech.
So could the system admins here please realize that us users just want to do our work, with as little hassle as possible?
If that were truly the case, sysadmins wouldn't have the gripes that they have. Unfortunately, not all users want to just do their work with as little hassle as possible.
The ones who piss us off want to put weatherbug, bonzi buddy, elf bowling, comet cursor, and every other piece of cutesy malware on their machine that gets emailed to them or pups up in an IE install-on-demand window. And just maybe, somewhere in the middle of all that, they want to occasionally get some work done.
Much as I hate to say it, it's a pretty smart move on their part. Mydoom.A digs for www.sco.com every 60 seconds, so doing a DNS chan ge like the whitehouse did a couple years back won't let them avoid a DOS. The downside to it is, from their point of view, they don't have any evidence of the DOS a la firewall logs, etc when it comes time to prosecute the author of the worm.
Myself, I say screw 'em. If a company takes actions that get an unfavorable from a lot of people online, one should expect compromise attempts and DOS attacks. Considering also that they knew this was coming, I don't have too much sympathy for them.
Scr3w the fine print. I bet SCO's pulling the same trick you used to do in school to hit a minimum number of pages for a report. Yah sure it's "in excess of 60 pages" (Read that: 61 pages), but how much you wanna bet those 61 pages are double- or triple-spaced and single-sided?
Interestingly enough, the fifth hit when searching for "litigious bastards" on google is already a blog post about SCO. I find this surprising, not so much.
I think the behavior of the alleged hacker speaks volumes. Consider the following snippets:
According to the indictment, Ray made the e-mail demands to Best Buy under the name and Internet address of "Jamie Weathersby, IPC Corp."
According to an FBI search warrant, the first e-mail demand came on Oct. 16. It said there was a flaw in Best Buy's Web site that would allow the sender to "review all customer accounts and assume complete ownership of www.bestbuy.com by moving it to another register or server."
OK so right off the bat we're not talking about a security hole in Best Buy's systems; rather, someone's threatening to hijack their DNS registration.
The search warrant, which had been kept under court seal until this week, said a Best Buy employee attempted to respond to gain more information from the sender but could not locate any firm called IPC Corp.
Yah, contacting a company and requesting 2.5 mil in exchange for fixing a nonesistent security hole while claiming to be affiliated with a nonexistent company is always sound business.
A second e-mail came the next day offering "a step-by-step summary of how we were able to penetrate your Web site" for $2.5 million. If Best Buy did not agree to the deal, the e-mailer said he would list all of Best Buy's customers and their credit card numbers on BestBuy.com.
And now the story changes. This isn't a whitehat trying to get compensated for their assistance. This is extortion and dishonesty at its finest, and this tool is such a disgrace he makes script kiddies look good. Shame on any of us who feel sympathy for this guy.
I disagree. If a private citizen were being extorted for 2.5 mil, the feds would be willing to get involved. It's when the script kiddy down the street is extorting the local cyber cafe for free coffee that the feds won't touch it. Last I checked, the loss had to be above $5000 for the feds to investigate computer crime. That was a couple years ago though, don't know what it is now.
Depends I suppose if that's 30 days or 30 business days. If it's business days, they'd have until 22 January. InternetWeek has it listed as "the end of the week" though.
One of the primary advantages of CE is that it doesn't ship with craploads of unnecassary services/features, etc. It's a lightweight platform, and it's great for a thinclient running RDP to get to a Term Services box. I kow I'm probably opening the floodgates for flames from the citrix crowd, but if an organization has enterprise licensing from MS, it's kinda dumb to also pay for citrix licenses. Besides the inherent efficiency of a lightweight platform, the platform is also more secure by not having so many extra services to keep patched.
I disagree. Automatic Updates is a huge step in teh right direction, and it's easy enough to change the settings. My biggest complaint about windows update is that there's no way to run it from the command line or remotely initiate it. Is that so fscking hard? That's all I ask really. Let me run the patch in a testbed, give it the mushroom stamp of approval, run a script to deploy the patch on a few servers, determine that things are good there, then kick it out to the enterprise. Real men don't click.
You and many other posters are failing to take into account both the different uses for a presentation and the different learning styles of audience members. By your description of how presentations should be done, you're most likely an auditory learner. There's nothing wrong with that, go with whatever works. But the person sitting next to you may very well be a visual learner, and the speaker presenting to you should be using techniques that will reach both of you. Myself, I teach Routing/Switching classes, and I've run into extremes on both ends: I've met visual learners who will zone out while I'm describing a simple network scenario because they have to draw it for themselves before anything I say will make sense, and I've dealt with auditory learners who can't make a connection until they've talked their way through a problem.
Note also that for the preso's I do, a good majority of your rules would be detrimental to anyone trying to understand what I'm putting out. While blackboards/dry erase boards are ok for drawing up simple scenarios, in some cases you simply have to have pre-drawn diagrams if you're going to accomplish anything. Most college students have an attention/retention span of 30 minutes, and I simply can't afford to give up ten minutes of that to drawing out a multi-area OSPF redistributed into BGP scenario. I've found it's far more efficient to have a visio diagram on hand or embedded into a preso, and spend one or two minutes talking through the setup, using the diagram as a reference (thus also keeping the auditory learners involved). Avoiding animations is a mistake, unless of course the animations are thrown in there for fluff. If a picture is worth a thousand words, then a well-done animation is worth a million. For an auditory learner, this may not be the case. A 2-minute verbal explanation of a routing loop is fine for those people. For a visual learner however, an animation can save hours of headaches.
In short, your advice works fine if someone is doing a presentation for you and only you. Otherwise, a presenter will need to employ the methods and tools necessary to cover the subject at hand and reach as wide an audience as possible.
Problem there is, the perpetrators of the scam don't have to use the numbers to cash in, they just sell that list of numbers to someone else. Sure, there may be a trail that can be followed, but that increases the complexity of the investigation.
What I find more disturbing are reports of postal workers having their trucks robbed (believe it's happened twince in this area within the last year) as well as mailboxes being ransacked. I suspect this is the MO for a lot of CC fraud perps:
1. Obtain stolen CC #, exp. date, address, etc.
2. Order merchandise, having it shipped to a neighbor's house (one who works during the day)
3. Rob the mailman, or snag the package from your neighbor's house
4. Profit, while basking in your wretchedness.
(via patents or whatever -- you know killing Samba is on their to-do list).
Incidentally, with its first service pack, Windows Server 2003 is supposed to have a "feature" whereby it can check to see of connecting client machines conform to a patch/service pack policy, and deny them access if they don't. What do you suppose will happen when a linux machine tries to connect to one of these servers using smbclient or smbmount?
Sure, I've gotten hit with viruses, but with reasonable precautions it's not an everyday occurance, just the occasional annoyance.
This is an inherent problem with the attitude of end users towards viruses in particular and security in general: "It's just the occasional annoyance." That's all well and good, but sooner or later the "occasional annoyance" is going to be someone installing a trojan on your machine and keystroke-logging their way into every credit card or bank account number that you enter online. Or it could be someone reading or deleting sensitive corporate documents from your machine at work. Or an attacker could make your machine their b!tch and use it to host warez sites, spit out spam, or break into other machines. Are any of those a minor nuisance? The pending anti-spam legislation makes no mention of taking exception for machines that have been compromised... and you don't want to be the first person to be taken to court for a law that still has ink drying with some overzealous prosecuting attorney trying to throw the book at you.
None of these compromises are unique to Windows. But because of the poorly designed architecture, usually once a single service or application has been compromised you can take numerous actions that would otherwise require admin level access. I promise you, within the next five years or so we're going to see an Internet-wide compromise that will be worse the Code Red, SQLSlammer, and MSBlaster combined. It's literally a case of "us" vs. "them", and "them" keeps getting better and better at what they do. With every vulnerability that gets announced, the elapsed time from the announcment of the vulnerability to the posting of exploit code keeps getting shorter. Likewise, the spammers are starting to employ virii and worms in their activities. What we're seeing is not only faster coding of exploits, but a shift in the motivation and skill levels of the blackhats. It used to be that worms were just minor annoyances, but now their goals have shifted from notoriety and mischief to fraud and financial gain.
Think I'm paranoid? Just remember, paranoia is the unfounded delusional belief that they're all out to get you... except none of this is delusional or unfounded. Don't think so? Tell your Security guys at work that you consider security issues to be an "occasional annoyance" and ask if you can see an hour's worth of antivirus, firewall, or IDS logs.
The bottom line is, your time is MUCH more valuable than the cost of a windows license.
Absolutely Not. The bottom line is this: The confidentiality, integrity, and availability of your (or your company's) data is much more valuable than your time.
No one in the OSS movement (well, no one sane) advocates forcing people to get off of Windows. What they do advocate is educating users so that they CAN make a choice, which in most cases, is currently unavailable.
Here's the one problem with wanting to educate users and let them make a choice: Most users don't want to be educated. They don't care how it works, they just want it to work. Microsoft is entrenched because of the clueless millions who account for 99% of home users. And even if they have a choice, what do you think they'll choose? It's kind of like when The Man Show asked women, "If there was an operation you could get that made you twice as smart, but made your ass bigger, would you do it?" Just imagine asking that 99%, "If there was a free reliable operating system that gave you total control over your system, but in order to get anything done you were occasionally required to rub two brain cells together, would you use it?"
However, a preliminary look at data for 2003 shows that the decline in high-tech employment has slowed considerably this year.
This annoys me to no end. I love it when politicians and economists talk about the economy recovering when they tout statistics showing that fewer jobs were eliminated this year than last year. Guess what genius, that's still jobs getting eliminated! Don't tell me the economy is recovering because there were fewer new unemployment claims this month than there were last month, tell me it's recovering when there are fewer actual unemployment claims.
If software vendors with a lot to lose could be trusted not to schmooze, buy gifts, and grease palms every step of the way, then there would be no need for legislation mandating OSS. Remember, you're dealing with a criminal corporation that has already offered to practically give away software in order to retain their market share. Do you really think they're above a bribe here and there?
Having said that, I don't think closed-source software should be outlawed for government use. Rather, an agency or department that wants to use closed-source software, Microsoft or otherwise, should have to demonstrate a business need and demonstrate that no OSS solution will fit the bill. These should be the exceptions, not the rules.
...yet human-resource consultants and executive headhunters agree some jobs command excessive compensation that can't be explained by labor supply-and-demand imbalances.
You gotta be fscking kidding. Did the HR consultants and executive headhunters point out that their own astronomical salaries can't be explained by anyone? Anyone that is, except for other HR consultants and executive headhunters...
If you get flamed it's because you're posting flamebait. Have you read the books? There's more in the way of philosophy, themes, undertones, subplots, character development, background, and thought provocation in a single paragraph from LoTR than can be find in the matrix movies. You're prejudging an awful lot if you don't know how the trilogy ends, considering that Tolkien deftly suggests some of the same themes that the Matrix beats as if they were a dead horse. Don't get me, I enjoyed the matrix trilogy (I have some reservations about the last one, but who doesn't) but comparing LotR to The Matrix is an exercise in futility.
If the movies lost any of those qualities, it's because A, all of the themes and philosophies present in LotR wouldn't fit in 19 hours of movie footage, let alone 9, and B, most American audiences wouldn't have the patience and clarity necessary to appreciate it all.
Is there a middle ground? How do we find it and what is it?
I believe there is. Clearances for judges. One of the problems the patriot act theoretically solved was the dilemma of needing a judge's approval for a warrant or a court order based on classified evidence.The process of judicial review that existed pre-patriot act can still exist, and it's pretty simple. Get some judges cleared to view TS material, then let them determine if the feds have enough evidence to hold someone. Judges get so much public scrutiny, most of them would probably be easier to clear than most intel folks in the military, and probably a good number of feds too. Yes, the background investigations for a TS clearance are time-consuming and expensive, but that's hardly a stumbling point. Considering the number of people who have gotten clearances so they can take out the trash and handle the shredding in buildings that process classified docs, I don't think it'd be an issue.
Slashdot Mirror
I am an American, and my experience has been that unless we go through life as a hermit we're subject to a pop culture that wants to dumb us down and spoon feed our opinions to us, all while making us feel good and warm and fuzzy about being fucktards. And as a whole we gobble it up and ask for more.
Because IE does an msn search whenever you type anything it doesn't recognize as a URL into the URL bar, many users don't know of a search method other than typing their search into the URL bar. Anti-competitive much?
And this distinguishes the Indian workers you encountered from 90% of the American workforce how?
Sounds to me like it isn't the job that's stressing him out. The user is letting technology stress him out, and is effectively transferring that to the tech.
If that were truly the case, sysadmins wouldn't have the gripes that they have. Unfortunately, not all users want to just do their work with as little hassle as possible.
The ones who piss us off want to put weatherbug, bonzi buddy, elf bowling, comet cursor, and every other piece of cutesy malware on their machine that gets emailed to them or pups up in an IE install-on-demand window. And just maybe, somewhere in the middle of all that, they want to occasionally get some work done.
Myself, I say screw 'em. If a company takes actions that get an unfavorable from a lot of people online, one should expect compromise attempts and DOS attacks. Considering also that they knew this was coming, I don't have too much sympathy for them.
You'd think Microsoft would go after said bug as well as they who try to exploit it with great vigor: the scammers are cutting in on their action.
Actually, couldn't you compile samba under cygwin, then set it up to run as a service on the windows machine?
Scr3w the fine print. I bet SCO's pulling the same trick you used to do in school to hit a minimum number of pages for a report. Yah sure it's "in excess of 60 pages" (Read that: 61 pages), but how much you wanna bet those 61 pages are double- or triple-spaced and single-sided?
Interestingly enough, the fifth hit when searching for "litigious bastards" on google is already a blog post about SCO. I find this surprising, not so much.
OK so right off the bat we're not talking about a security hole in Best Buy's systems; rather, someone's threatening to hijack their DNS registration.
Yah, contacting a company and requesting 2.5 mil in exchange for fixing a nonesistent security hole while claiming to be affiliated with a nonexistent company is always sound business.
And now the story changes. This isn't a whitehat trying to get compensated for their assistance. This is extortion and dishonesty at its finest, and this tool is such a disgrace he makes script kiddies look good. Shame on any of us who feel sympathy for this guy.
I disagree. If a private citizen were being extorted for 2.5 mil, the feds would be willing to get involved. It's when the script kiddy down the street is extorting the local cyber cafe for free coffee that the feds won't touch it. Last I checked, the loss had to be above $5000 for the feds to investigate computer crime. That was a couple years ago though, don't know what it is now.
Depends I suppose if that's 30 days or 30 business days. If it's business days, they'd have until 22 January. InternetWeek has it listed as "the end of the week" though.
One of the primary advantages of CE is that it doesn't ship with craploads of unnecassary services/features, etc. It's a lightweight platform, and it's great for a thinclient running RDP to get to a Term Services box. I kow I'm probably opening the floodgates for flames from the citrix crowd, but if an organization has enterprise licensing from MS, it's kinda dumb to also pay for citrix licenses. Besides the inherent efficiency of a lightweight platform, the platform is also more secure by not having so many extra services to keep patched.
I disagree. Automatic Updates is a huge step in teh right direction, and it's easy enough to change the settings. My biggest complaint about windows update is that there's no way to run it from the command line or remotely initiate it. Is that so fscking hard? That's all I ask really. Let me run the patch in a testbed, give it the mushroom stamp of approval, run a script to deploy the patch on a few servers, determine that things are good there, then kick it out to the enterprise. Real men don't click.
You and many other posters are failing to take into account both the different uses for a presentation and the different learning styles of audience members. By your description of how presentations should be done, you're most likely an auditory learner. There's nothing wrong with that, go with whatever works. But the person sitting next to you may very well be a visual learner, and the speaker presenting to you should be using techniques that will reach both of you. Myself, I teach Routing/Switching classes, and I've run into extremes on both ends: I've met visual learners who will zone out while I'm describing a simple network scenario because they have to draw it for themselves before anything I say will make sense, and I've dealt with auditory learners who can't make a connection until they've talked their way through a problem.
Note also that for the preso's I do, a good majority of your rules would be detrimental to anyone trying to understand what I'm putting out. While blackboards/dry erase boards are ok for drawing up simple scenarios, in some cases you simply have to have pre-drawn diagrams if you're going to accomplish anything. Most college students have an attention/retention span of 30 minutes, and I simply can't afford to give up ten minutes of that to drawing out a multi-area OSPF redistributed into BGP scenario. I've found it's far more efficient to have a visio diagram on hand or embedded into a preso, and spend one or two minutes talking through the setup, using the diagram as a reference (thus also keeping the auditory learners involved). Avoiding animations is a mistake, unless of course the animations are thrown in there for fluff. If a picture is worth a thousand words, then a well-done animation is worth a million. For an auditory learner, this may not be the case. A 2-minute verbal explanation of a routing loop is fine for those people. For a visual learner however, an animation can save hours of headaches.
In short, your advice works fine if someone is doing a presentation for you and only you. Otherwise, a presenter will need to employ the methods and tools necessary to cover the subject at hand and reach as wide an audience as possible.Problem there is, the perpetrators of the scam don't have to use the numbers to cash in, they just sell that list of numbers to someone else. Sure, there may be a trail that can be followed, but that increases the complexity of the investigation.
What I find more disturbing are reports of postal workers having their trucks robbed (believe it's happened twince in this area within the last year) as well as mailboxes being ransacked. I suspect this is the MO for a lot of CC fraud perps:
1. Obtain stolen CC #, exp. date, address, etc.
2. Order merchandise, having it shipped to a neighbor's house (one who works during the day)
3. Rob the mailman, or snag the package from your neighbor's house
4. Profit, while basking in your wretchedness.
Incidentally, with its first service pack, Windows Server 2003 is supposed to have a "feature" whereby it can check to see of connecting client machines conform to a patch/service pack policy, and deny them access if they don't. What do you suppose will happen when a linux machine tries to connect to one of these servers using smbclient or smbmount?
This is an inherent problem with the attitude of end users towards viruses in particular and security in general: "It's just the occasional annoyance." That's all well and good, but sooner or later the "occasional annoyance" is going to be someone installing a trojan on your machine and keystroke-logging their way into every credit card or bank account number that you enter online. Or it could be someone reading or deleting sensitive corporate documents from your machine at work. Or an attacker could make your machine their b!tch and use it to host warez sites, spit out spam, or break into other machines. Are any of those a minor nuisance? The pending anti-spam legislation makes no mention of taking exception for machines that have been compromised... and you don't want to be the first person to be taken to court for a law that still has ink drying with some overzealous prosecuting attorney trying to throw the book at you.
None of these compromises are unique to Windows. But because of the poorly designed architecture, usually once a single service or application has been compromised you can take numerous actions that would otherwise require admin level access. I promise you, within the next five years or so we're going to see an Internet-wide compromise that will be worse the Code Red, SQLSlammer, and MSBlaster combined. It's literally a case of "us" vs. "them", and "them" keeps getting better and better at what they do. With every vulnerability that gets announced, the elapsed time from the announcment of the vulnerability to the posting of exploit code keeps getting shorter. Likewise, the spammers are starting to employ virii and worms in their activities. What we're seeing is not only faster coding of exploits, but a shift in the motivation and skill levels of the blackhats. It used to be that worms were just minor annoyances, but now their goals have shifted from notoriety and mischief to fraud and financial gain.
Think I'm paranoid? Just remember, paranoia is the unfounded delusional belief that they're all out to get you... except none of this is delusional or unfounded. Don't think so? Tell your Security guys at work that you consider security issues to be an "occasional annoyance" and ask if you can see an hour's worth of antivirus, firewall, or IDS logs.
Absolutely Not. The bottom line is this: The confidentiality, integrity, and availability of your (or your company's) data is much more valuable than your time.
Here's the one problem with wanting to educate users and let them make a choice: Most users don't want to be educated. They don't care how it works, they just want it to work. Microsoft is entrenched because of the clueless millions who account for 99% of home users. And even if they have a choice, what do you think they'll choose? It's kind of like when The Man Show asked women, "If there was an operation you could get that made you twice as smart, but made your ass bigger, would you do it?" Just imagine asking that 99%, "If there was a free reliable operating system that gave you total control over your system, but in order to get anything done you were occasionally required to rub two brain cells together, would you use it?"
However, a preliminary look at data for 2003 shows that the decline in high-tech employment has slowed considerably this year.
This annoys me to no end. I love it when politicians and economists talk about the economy recovering when they tout statistics showing that fewer jobs were eliminated this year than last year. Guess what genius, that's still jobs getting eliminated! Don't tell me the economy is recovering because there were fewer new unemployment claims this month than there were last month, tell me it's recovering when there are fewer actual unemployment claims.
If software vendors with a lot to lose could be trusted not to schmooze, buy gifts, and grease palms every step of the way, then there would be no need for legislation mandating OSS. Remember, you're dealing with a criminal corporation that has already offered to practically give away software in order to retain their market share. Do you really think they're above a bribe here and there?
Having said that, I don't think closed-source software should be outlawed for government use. Rather, an agency or department that wants to use closed-source software, Microsoft or otherwise, should have to demonstrate a business need and demonstrate that no OSS solution will fit the bill. These should be the exceptions, not the rules.
You gotta be fscking kidding. Did the HR consultants and executive headhunters point out that their own astronomical salaries can't be explained by anyone? Anyone that is, except for other HR consultants and executive headhunters...
If you get flamed it's because you're posting flamebait. Have you read the books? There's more in the way of philosophy, themes, undertones, subplots, character development, background, and thought provocation in a single paragraph from LoTR than can be find in the matrix movies. You're prejudging an awful lot if you don't know how the trilogy ends, considering that Tolkien deftly suggests some of the same themes that the Matrix beats as if they were a dead horse. Don't get me, I enjoyed the matrix trilogy (I have some reservations about the last one, but who doesn't) but comparing LotR to The Matrix is an exercise in futility.
If the movies lost any of those qualities, it's because A, all of the themes and philosophies present in LotR wouldn't fit in 19 hours of movie footage, let alone 9, and B, most American audiences wouldn't have the patience and clarity necessary to appreciate it all.
I believe there is. Clearances for judges. One of the problems the patriot act theoretically solved was the dilemma of needing a judge's approval for a warrant or a court order based on classified evidence.The process of judicial review that existed pre-patriot act can still exist, and it's pretty simple. Get some judges cleared to view TS material, then let them determine if the feds have enough evidence to hold someone. Judges get so much public scrutiny, most of them would probably be easier to clear than most intel folks in the military, and probably a good number of feds too. Yes, the background investigations for a TS clearance are time-consuming and expensive, but that's hardly a stumbling point. Considering the number of people who have gotten clearances so they can take out the trash and handle the shredding in buildings that process classified docs, I don't think it'd be an issue.