Don't take this as flamebait but I have the feeling that nobody's really trying hard enough to protect us. We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?
Considering that IMO probably 98% of all the people in the world should never be seen naked I'd vote for gouging my eyes out, I think.
On a happier note, it's also my opinion that the remaining 2% of the population should be prohibited from wearing clothing at any time.
The committee that proposed expansion of the Patriot Act was the Senate Intelligence Committee - their job (among others) is to facilitate intelligence gathering.
This is a pretty far cry from getting something all the way through Congress.
Yes this may work for someone who has a normal (40h/week) job but when you are in my position and spending time home basically means get home, goto bed, get up, take a shower and leave for work, you have to cut some slack (or offer an alternative) when someone sends a few personal emails from time to time.
Actually they don't have to cut you any slack at all. Bottom line is if you use the company car/break room/gym/mail server/cell phone for personal stuff and they decide to fire you for it they're well within their rights.
I'll say it again, I LOVE competition. Ever since AMD became a threat to Intel, we've seen outrageous processor wars and benchmarking tribunals. I can buy a P4 3 gig processor for about $150 now.
Most likely, Intel will take that performance throne with their "secret". They have a way of doing that (like HT); but, we'll see something better come from AMD. And so the cycle continues...and we all benefit!
Exactly. I love being a consumer;-)
I haven't seen anything interesting enough to think about replacing the three aging dual processor P3 boxes at home - AMD64 doesn't make sense if you have to run Windows yet (and the wife is too stuck in her ways to run Linux) and I've been a bit miffed at Intel ever since they took away SMP with Tualatin and made everybody buy Xeons if they want SMP. Grrr.
HT is a joke. Anybody who's spent any time with a real SMP workstation would be disgusted by the whole hyperthreading thing.
MAC filtering is absolutely worthless. All I have to do is sniff, find a MAC on your network, and change my MAC to that. Easier than cracking WEP.
Standing up WiFi on a federal network is a lot like herding cats;-)
I'm the project manager responsible for standing up WiFi access on a fair-sized Department of Defense installation. If the wireless network is configured according to DoD security technical implementation guides (STIGs) it can be fairly secure.
You're correct that MAC filtering alone isn't real secure but we use MAC filtering as one component in a 'defense in depth' strategy.
You're also correct that DMZ + VPN is the only way that makes sense to stand up a wireless network and in DoD that's the only way you *can* stand one up if it connects to a trusted network;-)
The amusing thing for me was than when my boss handed me this project he thought I was gonna throw up a buncha access points and call it a network. This building is 13 stories high and has about 2500 users - and would produce the wireless footprint from hell if I'd let the boss have his way.
Instead, I told him the IDS pieces needed to be in place first - and we're using a reasonably effective network of AirDefense and Cisco WLSE - if you stand up a rogue AP or an ad hoc network in this building the system will close the ethernet ports feeding the device(s) and shoot an email to the federal cops in the building. I figure about ten minutes after you power the thing up someone with a uniform will be tapping on your shoulder;-)
All WiFi connections to trusted resources on this network are encrypted - as a matter of fact there's a DoD requirement to encrypt the hard drive of any wireless device connecting to a trusted resource.
So far the biggest challenge for us has been antenna selection and tuning WAP outout power so the network doesn't radiate any farther than we'd like it to and we've had pretty fair results so far. But - anybody working for the federal government who thinks you should just throw up a buncha access points and call it a network needs to be fired or killed or both;-)
My choice for WiFi security is a combination of private networks, the DMZ + VPN idea you had (which is a DoD requirement), MAC filtering, strategic placement of intrusion detection resources, client-server encryption (we use AirFortress), domain policies that prevent network bridging, denying access to anything that isn't 802.11g and so on. There's also a requirement that the WiFi network can't share any physical infrastructure with the trusted network - so the only only infrastructore pieces the wired and wireless network share are patch panels;-)
If you walk into my building with an unauthorized WiFi device you'll be able to connect to my Comcast cable modems in three or four public areas, but if you really want on my network you might be able to get on -
While I love the idea of Google raising money for its business I am still keeping my fingers crossed that they can remain faithful to their customers rather than the random whims of their investors.
Google's investors will control the direction of the company. That's what shareholders do;-)
IANAFinancialAdvisor, but I expect the price to slip below the opening price probably three weeks after the IPO and then settle to a more realistic price. I for one won't be participating in the IPO and have recommended that my friends wait and watch instead.
To be an MVP, from what I could see on Usenet, you don't have to do much else than lick Microsoft's boots in every single on-line comment you ever make (try to find an MVP who thinks product activation is a bad idea, for instance, or who disputes the Microsoft interpretation of an EULA), and demonstrate that you have competent skill (and even that I'm not so sure about, from when I still read the microsoft.public.* groups).
Why wouldn't this be proferred to those with MCSE credentials or MSDN subscriptions -- y'know, those guys who pay to know all this stuff?
I'm a Microsoft MVP - I'm also an MCSE and have an MSDN Universal subscription;-)
I've questioned WPA on Microsoft's campus in front of 600 other MVPs. My specific question was since WPA pretty much guarantees paid licenses and since the price of piracy was *already* built into Windows I asked whether MS was going to lower the price of Windows since sales on previously pirated copies of Windows were pure profit - development, marketing and distribution costs were factored into the price of Windows before WinXP ever came out.
I'm not going to dispute their interpretation of the EULA because they wrote the software and can license it any way they like.
And you're right - the quality of MVP answers varies widely, but if the MVP has any sense at all he'll STFU about stuff where his skills aren't strong - I know I've been corrected by both MVPs and newsgroup users a couple times in the past two or three years.
I've used RUNT for more than a year - the only thing I didn't like was the umsdos filesystem so I managed to format a USB pen drive as ext2 and went native. Very impressive.
I've found there's varying support and no clear standard when it comes to booting from USB flash devices - for example my test Dell GX150 would boot from the device but it took damn near 20 minutes, where recent Compaq laptops would boot from the thing just fine.
My solution was first to use a boot floppy - but then I modified things a little and wrote the boot files to a business-card sized CD-R and have been much happier with that setup. Much faster boot times than either floppy or pen drive.
I'm using a bit larger pen drive (512mb) and gave the drive a static IP that matches my web/mail server. Since I only have about ten users on the mail server I can plug the pen drive into any PC on my home network and users can continue to send and receive mail while I'm fixing the busted Linux box - it also serves up a web page that tells folks my website is down but I'm working on it. Pretty handy tool;-)
Since I'm not very bright, I tend to install bleeding edge components on production hardware without waiting a couple weeks and browsing Usenet to see who had problems. Apparently I haven't had enough pain to know better yet;-)
Anyway, when a shiny new production FC release came out I upgraded my FC1 box. Not much on there, it runs mail, web, mySQL IRC and a couple other daemons. I host my own domain but only have about ten mail users.
My observations:
alsa. I have an ISA PnP sound card (SB32) that quit working. I don't care a whole lot since this is a server but I'd like the damn thing to work without having to buy a PCI sound card. I've already spent more time messing with it than a cheap sound card would have cost me, but it's the principle of the thing.
cyrus. Migrating to a new imapd wasn't exactly painless. Getting mail+cyrus+clamav+spamassassin to work took a little bit but functionality is now where it needs to be - plus I pitched MailScanner for clamav-milter. Much better performance. I know of a few people who pitched cyrus for dovecot or rolled back to FC1's imapd.
The default yum.conf blows chunks. Several better ones are available on the net.
There are some problems with gnome-system-monitor. It only shows one CPU - interestingly, on ky dual processor box the CPU it shows is CPU1. top shows both processors running, though. I've heard it's a bug in procps but bugzilla doesn't provide anything that looks like my problem.
Oh, well - it all works now - except sound, and i'm stubborn enough to get the damn ISA sound card working;-)
...the average PC was inoperable due to a virus nine days a year.
I find this amazing.
I guess business needs to learn you spend it now or you spend it later - with adequate protection on the mail gateway, file, print and mail servers and desktop PCs I don't think we have nine days *total* virus downtime a year across the 2500 machines in our organization - at 86 locations in 14 countries.
I can understand that firewalls and AV products are expensive - but downtime is even more expensive.
If the proper infrastructure is in place a network can be reasonably secure - but businesses need to spend some money to secure it. If they've spent the cash and are still seeing this kind of downtime they need to fire a buncha sysadmins and desktop support people.
On the bright side, you might end up with fewer cats hanging around the yard...
I'm somewhat of an expert at this, much to my wife's (and her cat's) chagrin...
How to chase cats with remotely piloted vehicles (RPV):
1. Position yourself so that you can observe the RPV but not in the same room. Make sure the cat isn't in the same room either.
2. Place the RPV in the center of the room.
3. Operate the RPV using short back-and-forth commands - only about a foot in each direction, please. The cat will enter the room to investigate the noise.
4. Once the cat starts moving in the direction of the RPV, stop the vehicle.
5. The cat will walk over to sniff the object that was making noise earlier. Once the cat has reached optimum distance from the RPV, apply full throttle and steer toward the cat. Big fun!
6. Obtain blankets and snacks for when the spousal unit makes you sleep on the couch.
I run SMP machines at home exclusively. First it was Celerons and then P4s that cannot be run in pairs. If you want Intel x86 SMP these days you'll buy a Xeon processor.
I really don't get this - seems to me that some of the hardcore overclockers would let the magic smoke out of the processor by tweaking Vcc to get that extra 10Hz of clock speed - and Intel would sell more processors by unlocking them.
Go figure. I guess I've just built my last Intel machine.
Infrastructure costs to the ISP are several times higher for cable than dialup or DSL. Also, there's value to the customer in providing faster connections.
That said, after watching my third web host lose data for me (yes, they said they did daily backups and I believed them) I decided to host my own domain, pitched my cable modem and found a provider that gave me a 768k SDSL pipe for the same price as my cable modem.
Comcast's pipe is four times as fast downstream but my pipe is considerably faster upstream - fast enough for me to host my own web and mail and pitch the web host. My DSL provider gives me a synchronous connection for $45 a month and doesn't care if I run a server as long as I don't exceed his rather generous bandwidth allocation. For me it was a win-win situation.
If the market will bear higher prices I guess it's reasonable to expect people to charge higher prices. Sad, but true.
Are your hiring practices so pragmatic when it comes to degree-less support technicans, I wonder?
Yes - I expect to keep anyone I hire for at least a year.
$30k a year is actually a pretty good wage for a junior IT position that doesn't require a degree. I have a couple of Tier 2 folks making almost twice that - and I believe only two of them have are degreed. If you're doing desktop support and making more than $50k a year you're doing pretty okay in my book.
I don't know - but an educated guess would be six months.
But - I'm expected to do better than break even. Right now my one-year retention numbers for both Tier 1 and Tier 2 desktop support types are pretty close to 100%.
Oops, I guess they just don't even get a chance. Sad, really.
That it is.
I do hear you loud and clear, honest - and agree with quite a bit of what you say. I can't ask applicants to sign an employment contract - if I could get them to stay for a year or so in *some* position in the company I'd hire the guy with the Masters in a second.
[whine]
I don't have the authority to promote from the helpdesk to a design team because ADP support and application development are two different divisions in my company - the best I can do is recommend. In almost seven years I've been sucessful in placing a desktop tech in the development section only once. I don't have enough personal horsepower in this company to pull something like that off;-)
[/whine]
I agree that it'd provide real-world experience to the guy with the Masters - and it would build his skill set considerably. But again, my primary responsibility is to the company, not the applicant.
Let me ask you a question, DrkShadow - if you had an MS and I started you at the helpdesk at $30k would you sign an agreement to stay with the company for a year?
I'm not really trying to crack a joke here, but honestly: What are the chances ANY competent person is going to stay with a Help Desk job for any significant period of time? The customers are often frustrating, the pace can be exhausting, the work rarely has long-term personal satisfaction associated with it... If you get some PhD, hire him / her and feel very lucky to have a (presumably) competent employee for the few months that they are with you.
I hear you, but I can promote helpdesk technicians to fill Tier 2 slots - IME the guy with the postgradual degree will more than likely leave the company. If I can keep the MS in the company I'd have no problem starting him at the helpdesk.
This is what is known as "being over-qualified", and it's a killer. You wouldn't think that, after all that hard work in getting through school and finally getting a doctorate in a hard science or engineering, you'd have trouble finding work, but you do. Ever see a PhD working a helpdesk? Not a tech PhD, that's for sure.
Having hired helpdesk technicians for years, I can say that I've never turned down a Ph.D but have turned down more than a few types with postgraduate degrees. If you've got a Masters in any IS field and are applying for a $30k helpdesk position what are the chances of you sticking with me when that good job does come along? If you decide to move on I wouldn't blame you at all - but new employees mean my company incurs siginificant training costs, and it's generally a few months before the techs are operating at a level that actually benefits the company. Hiring is an investment and I need to be able to see a return on that investment.
I know I'm part of the problem, but for helpdesk (and even Tier 2 deskside support positions) having a postgraduate degree actually hurts you - because there's no way I can keep these guys. Easier for me to just put their resume in the 'do not hire' pile;-)
Slashdot Mirror
Considering that IMO probably 98% of all the people in the world should never be seen naked I'd vote for gouging my eyes out, I think.
On a happier note, it's also my opinion that the remaining 2% of the population should be prohibited from wearing clothing at any time.
http://www.targus.com/us/product_details.asp?sku=P A460U
The committee that proposed expansion of the Patriot Act was the Senate Intelligence Committee - their job (among others) is to facilitate intelligence gathering.
This is a pretty far cry from getting something all the way through Congress.
neener neener neener.
Actually they don't have to cut you any slack at all. Bottom line is if you use the company car/break room/gym/mail server/cell phone for personal stuff and they decide to fire you for it they're well within their rights.
Maybe what we need is a 60 hour a week job ;-)
Most likely, Intel will take that performance throne with their "secret". They have a way of doing that (like HT); but, we'll see something better come from AMD. And so the cycle continues...and we all benefit!
Exactly. I love being a consumer ;-)
I haven't seen anything interesting enough to think about replacing the three aging dual processor P3 boxes at home - AMD64 doesn't make sense if you have to run Windows yet (and the wife is too stuck in her ways to run Linux) and I've been a bit miffed at Intel ever since they took away SMP with Tualatin and made everybody buy Xeons if they want SMP. Grrr.
HT is a joke. Anybody who's spent any time with a real SMP workstation would be disgusted by the whole hyperthreading thing.
Standing up WiFi on a federal network is a lot like herding cats ;-)
I'm the project manager responsible for standing up WiFi access on a fair-sized Department of Defense installation. If the wireless network is configured according to DoD security technical implementation guides (STIGs) it can be fairly secure.
You're correct that MAC filtering alone isn't real secure but we use MAC filtering as one component in a 'defense in depth' strategy.
You're also correct that DMZ + VPN is the only way that makes sense to stand up a wireless network and in DoD that's the only way you *can* stand one up if it connects to a trusted network ;-)
The amusing thing for me was than when my boss handed me this project he thought I was gonna throw up a buncha access points and call it a network. This building is 13 stories high and has about 2500 users - and would produce the wireless footprint from hell if I'd let the boss have his way.
Instead, I told him the IDS pieces needed to be in place first - and we're using a reasonably effective network of AirDefense and Cisco WLSE - if you stand up a rogue AP or an ad hoc network in this building the system will close the ethernet ports feeding the device(s) and shoot an email to the federal cops in the building. I figure about ten minutes after you power the thing up someone with a uniform will be tapping on your shoulder ;-)
All WiFi connections to trusted resources on this network are encrypted - as a matter of fact there's a DoD requirement to encrypt the hard drive of any wireless device connecting to a trusted resource.
So far the biggest challenge for us has been antenna selection and tuning WAP outout power so the network doesn't radiate any farther than we'd like it to and we've had pretty fair results so far. But - anybody working for the federal government who thinks you should just throw up a buncha access points and call it a network needs to be fired or killed or both ;-)
My choice for WiFi security is a combination of private networks, the DMZ + VPN idea you had (which is a DoD requirement), MAC filtering, strategic placement of intrusion detection resources, client-server encryption (we use AirFortress), domain policies that prevent network bridging, denying access to anything that isn't 802.11g and so on. There's also a requirement that the WiFi network can't share any physical infrastructure with the trusted network - so the only only infrastructore pieces the wired and wireless network share are patch panels ;-)
If you walk into my building with an unauthorized WiFi device you'll be able to connect to my Comcast cable modems in three or four public areas, but if you really want on my network you might be able to get on -
But I'm gonna make you work for access ;-)
Google's investors will control the direction of the company. That's what shareholders do ;-)
IANAFinancialAdvisor, but I expect the price to slip below the opening price probably three weeks after the IPO and then settle to a more realistic price. I for one won't be participating in the IPO and have recommended that my friends wait and watch instead.
Why wouldn't this be proferred to those with MCSE credentials or MSDN subscriptions -- y'know, those guys who pay to know all this stuff?
I'm a Microsoft MVP - I'm also an MCSE and have an MSDN Universal subscription ;-)
I've questioned WPA on Microsoft's campus in front of 600 other MVPs. My specific question was since WPA pretty much guarantees paid licenses and since the price of piracy was *already* built into Windows I asked whether MS was going to lower the price of Windows since sales on previously pirated copies of Windows were pure profit - development, marketing and distribution costs were factored into the price of Windows before WinXP ever came out.
I'm not going to dispute their interpretation of the EULA because they wrote the software and can license it any way they like.
And you're right - the quality of MVP answers varies widely, but if the MVP has any sense at all he'll STFU about stuff where his skills aren't strong - I know I've been corrected by both MVPs and newsgroup users a couple times in the past two or three years.
I use SBC's Privacy Manager service on my voice line - and so far it's been pretty effective. You unmask caller ID or you talk to the machine ;-)
I've found there's varying support and no clear standard when it comes to booting from USB flash devices - for example my test Dell GX150 would boot from the device but it took damn near 20 minutes, where recent Compaq laptops would boot from the thing just fine.
My solution was first to use a boot floppy - but then I modified things a little and wrote the boot files to a business-card sized CD-R and have been much happier with that setup. Much faster boot times than either floppy or pen drive.
I'm using a bit larger pen drive (512mb) and gave the drive a static IP that matches my web/mail server. Since I only have about ten users on the mail server I can plug the pen drive into any PC on my home network and users can continue to send and receive mail while I'm fixing the busted Linux box - it also serves up a web page that tells folks my website is down but I'm working on it. Pretty handy tool ;-)
Anyway, when a shiny new production FC release came out I upgraded my FC1 box. Not much on there, it runs mail, web, mySQL IRC and a couple other daemons. I host my own domain but only have about ten mail users.
My observations:
alsa. I have an ISA PnP sound card (SB32) that quit working. I don't care a whole lot since this is a server but I'd like the damn thing to work without having to buy a PCI sound card. I've already spent more time messing with it than a cheap sound card would have cost me, but it's the principle of the thing.
cyrus. Migrating to a new imapd wasn't exactly painless. Getting mail+cyrus+clamav+spamassassin to work took a little bit but functionality is now where it needs to be - plus I pitched MailScanner for clamav-milter. Much better performance. I know of a few people who pitched cyrus for dovecot or rolled back to FC1's imapd.
The default yum.conf blows chunks. Several better ones are available on the net.
There are some problems with gnome-system-monitor. It only shows one CPU - interestingly, on ky dual processor box the CPU it shows is CPU1. top shows both processors running, though. I've heard it's a bug in procps but bugzilla doesn't provide anything that looks like my problem.
Oh, well - it all works now - except sound, and i'm stubborn enough to get the damn ISA sound card working ;-)
I find this amazing.
I guess business needs to learn you spend it now or you spend it later - with adequate protection on the mail gateway, file, print and mail servers and desktop PCs I don't think we have nine days *total* virus downtime a year across the 2500 machines in our organization - at 86 locations in 14 countries.
I can understand that firewalls and AV products are expensive - but downtime is even more expensive.
If the proper infrastructure is in place a network can be reasonably secure - but businesses need to spend some money to secure it. If they've spent the cash and are still seeing this kind of downtime they need to fire a buncha sysadmins and desktop support people.
I'm somewhat of an expert at this, much to my wife's (and her cat's) chagrin...
How to chase cats with remotely piloted vehicles (RPV):
1. Position yourself so that you can observe the RPV but not in the same room. Make sure the cat isn't in the same room either.
2. Place the RPV in the center of the room.
3. Operate the RPV using short back-and-forth commands - only about a foot in each direction, please. The cat will enter the room to investigate the noise.
4. Once the cat starts moving in the direction of the RPV, stop the vehicle.
5. The cat will walk over to sniff the object that was making noise earlier. Once the cat has reached optimum distance from the RPV, apply full throttle and steer toward the cat. Big fun!
6. Obtain blankets and snacks for when the spousal unit makes you sleep on the couch.
Inquiring minds want to know.
I really don't get this - seems to me that some of the hardcore overclockers would let the magic smoke out of the processor by tweaking Vcc to get that extra 10Hz of clock speed - and Intel would sell more processors by unlocking them.
Go figure. I guess I've just built my last Intel machine.
Incorrect - but thanks for playing. We have some lovely parting gifts for you.
Why do cows need Internet access?
Infrastructure costs to the ISP are several times higher for cable than dialup or DSL. Also, there's value to the customer in providing faster connections.
That said, after watching my third web host lose data for me (yes, they said they did daily backups and I believed them) I decided to host my own domain, pitched my cable modem and found a provider that gave me a 768k SDSL pipe for the same price as my cable modem.
Comcast's pipe is four times as fast downstream but my pipe is considerably faster upstream - fast enough for me to host my own web and mail and pitch the web host. My DSL provider gives me a synchronous connection for $45 a month and doesn't care if I run a server as long as I don't exceed his rather generous bandwidth allocation. For me it was a win-win situation.
If the market will bear higher prices I guess it's reasonable to expect people to charge higher prices. Sad, but true.
Yes - I expect to keep anyone I hire for at least a year.
$30k a year is actually a pretty good wage for a junior IT position that doesn't require a degree. I have a couple of Tier 2 folks making almost twice that - and I believe only two of them have are degreed. If you're doing desktop support and making more than $50k a year you're doing pretty okay in my book.
But - I'm expected to do better than break even. Right now my one-year retention numbers for both Tier 1 and Tier 2 desktop support types are pretty close to 100%.
That it is.
I do hear you loud and clear, honest - and agree with quite a bit of what you say. I can't ask applicants to sign an employment contract - if I could get them to stay for a year or so in *some* position in the company I'd hire the guy with the Masters in a second.
[whine]
I don't have the authority to promote from the helpdesk to a design team because ADP support and application development are two different divisions in my company - the best I can do is recommend. In almost seven years I've been sucessful in placing a desktop tech in the development section only once. I don't have enough personal horsepower in this company to pull something like that off ;-)
[/whine]
I agree that it'd provide real-world experience to the guy with the Masters - and it would build his skill set considerably. But again, my primary responsibility is to the company, not the applicant.
Let me ask you a question, DrkShadow - if you had an MS and I started you at the helpdesk at $30k would you sign an agreement to stay with the company for a year?
I hear you, but I can promote helpdesk technicians to fill Tier 2 slots - IME the guy with the postgradual degree will more than likely leave the company. If I can keep the MS in the company I'd have no problem starting him at the helpdesk.
Having hired helpdesk technicians for years, I can say that I've never turned down a Ph.D but have turned down more than a few types with postgraduate degrees. If you've got a Masters in any IS field and are applying for a $30k helpdesk position what are the chances of you sticking with me when that good job does come along? If you decide to move on I wouldn't blame you at all - but new employees mean my company incurs siginificant training costs, and it's generally a few months before the techs are operating at a level that actually benefits the company. Hiring is an investment and I need to be able to see a return on that investment.
I know I'm part of the problem, but for helpdesk (and even Tier 2 deskside support positions) having a postgraduate degree actually hurts you - because there's no way I can keep these guys. Easier for me to just put their resume in the 'do not hire' pile ;-)