We use the "tip jar business model" successfully at work for our office coffee fund. Works just fine.
If the fund runs dry nobody gets any coffee - and in the five years we've been running the fund that's only happened once.
We told all the coffee drinkers we wanted to maintain $300 in the fund to buy supplies and if necessary, replace the office coffeepot - it's one of those big Bunn coffeemakers. When the coffee fund has >$300 we take the tip jar away until it doesn't have $300 in it any more.
Works like a charm - and I think it'd work with WiFi too. If yor WAP isn't self-supporting then turn it off until it is. If it's worth the $100 a month the DSL line probably costs I think your customers will support it.
The difference between tip jar WiFi and tip jar software is that you can turn off the WAP if it's not self-supporting:)
I wouldn't expect much more functionality in ICS DHCP. It works for the masses and the people who need more functionality are already running a proper DHCP server.
IM frequently less than HO consumer OS are for consumers. When you increase functionality you also increase complexity - and if you allow users to deviate from 192.168.0 you increase the chances they can't figure out how to stand up their own home network.
I spent some time working in a beta for an application that combines firewall, virus scanning and CD- or DVD-based backups. I dropped out of the beta because in addition to slowing my machine down dramatically there was the added benefit of no user-configurable options for the virus scanner and almost none for the firewall. The firewall prompts you when an unknown application tries to talk and asks whether you want to allow, deny or ask every time that application runs.
But - it's gonna be a *great* application for people who want their computers to just work - and that's the vast majority of computer users. We're the one-percenters who occasionally want more than a consumer OS will give us. I prefer Windows for desktops and Linux for servers - and am reasonably comfortable with both.
I have 768/768 SDSL from a local provider for $45 a month. I switched from cable and have been pretty happy with the service.
I run my own mail/web/IRC/NNTP server and they're okay with that. I do have a 45 gigabit a month limit in my TOS but I think I've exceeded that lotsa times and they've never sais a word.
These people also offer a 1.544 Mbit residential SDSL service for $99 a month. Too bad my phone lines won't talk faster than about 950k:(
I think a lot of us are in agreement that this isn't about fuel, it's about not doing stupid shit.
IMO if the guy had filed a proper flight plan and had contingency measures in place even if those contingency measures had failed I think both the US and NZ would have been willing to hook the guy up with a little petrol.
But it needs to be expensive. I vote for five-figure-or-more expensive.
I don't think it's about money. There are adventurers out there who could probably buy either or both bases down there - so there needs to be a disincentive to doing stupid shit and expecting someone else to bail you out.
Weather reports are available and the guy had no backup plan, lied on his flight plan and didn't have anyone to bail his happy ass out if something went wrong. Well, something went wrong:)
If it costs him an airplane I think that's probaly fair - the stunt could easily have cost him his life. If the guy chose to fly across Antarctica and was short enough on fuel that a headwind forced him to land as far as I can see the guy is pissing in my gene pool.
And again, I'm not picking on you, honest. I like contractors - I used to be one. My mistake for assuming that when you said the government didn't pay enough for people to put out 110% you were talking about your own compensation. My apologies.
I don't work with desktops any more - my job is corporate IT architecture these days.
Your thoughts here are the same as the ones I see in my own organization - contractors spend so much time putting bandaids on things that the real problem doesn't get addressed.
But you're right - the contractor lowballs the job so they'll get the contract and there often isn't enough money in the contract to do the job right, because if the contractor bid enough to do the job correctly they'd price themselves right out of the competition.
Best the contractor can do is get in the door and then try to get the contract modified to get the job done right - and then they run right into the federal bean counters and that's about as far as it goes.
Again, my apologies. I thought you were bitching about your salary and saying you weren't paid enough to do a good job. The bottom line is that in order to win the contract you have to show an attractive bottom line - and the mentality in the government these day is to do it cheap rather than doing it right.
We do spend more money on stupid stuff than they do in the private sector, though:)
Consequently, more than a few government entities scarce on IT knowledge have little choice but pay premium prices for All-in-One services.
I can't argue this at all. The reason I'm a federal employee instead of a contractor now is that I have nine years of military service that counts toward retirement if I work for Uncle Sam instead of the contractor. Took me four years to find a government position in my location commensurate with my salary and experience. I took a $10k salary hit but I'll get to quit working almost ten years earlier than I would as a contractor:)
IMO if you can't do your job you need to be trained or fired - and that applies to federal employees as well. I have pretty close to 20 years IT experience - 18 of them in the civilian sector, a reasonably long list of certifications and a whole pile of corporate experience. Project managers don't need to be the alpha geek on the team but they do need to be able to speak intelligently to IT contractors - and like I said, if they can't they need to be trained or fired.
My current rant: Three years ago the DoD agency I work for decided to migrate a terminal-based Unix application to web application from a Major Relational Database Company Who Shall Remain Nameless.
I said at the time that users at remote sites would see fairly major performance issues because it's the nature of HTML to refresh entire screens instead of single characters like the terminal emulator did. To make a long story short the government didn't include application performance as a criteria in the statement of work.
The contractor finished the application - which is currently unusable by 2/3 of our employees who connect to the application across a WAN. Since nobody wrote performance metrics into the contract we ended up paying the contractor $6M for the application and then modifying the contract at pretty significant cost to get the performance issues fixed.
See? If everybody listened to me the government would run much smoother:)
Every government IT contract includes a "statement of work" that outlines what the government expects the contractor to do and the contractor doesn't have to do anything that's not in that statement of work. Maintaining IT security is part of the day-to-day operation of a government network and generally no modification to the contract is necessary.
But - when something falls outside the realm of normal IT operations the contractor can ask for more money - as an example we bought about a hundred firewalls to deploy to satellite offices. The contract we have with IT support staff allows X number of billable hours per job description. Installing and maintaining those firewalls was not factored into the contract so the contract was modified and IA staff increased by four people.
"This needs to be done" doesn't necessarily obligate the contractor. It does if it's part of the normal duties outlined in the contract, but if it exceeds time and materials outlined in the contract the contractor has the right to ask for more money.
I'm a sysadmin for an agency under DoD - those contractors work for me, sort of.
The government's responsibility in IT is project management - at least in the agency I work for. You wouldn't expect your CIO or any other manager to be 100% up to speed on latest IA trends - that's what we have contractors for. Government IT professionals make decisions based on input from the people who actually do the work.
I've worked both sides of the fence. I spent four years in this agency as a contractor heading up desktop support - at the time we had 3200 users in >100 locations. I started as a federal employee two years ago and now supervise the same contractors I was working with.
I'm not bashing you, but if the government doesn't pay you enough, maybe getting another job is an idea? I don't know anyone who was forced to take a job with the feds - it's reasonable to expect IT professionals to do the best job they can and identify where their employer is deviating from best practices.
IMO the best student camera out there. Light, fast, outstanding lens availability (between adorama.com and eBay I don't think I've ever spent >$75 for a lens).
I decided to branch out from point-and-shoot digital to film about a year ago - and after doing much research had narrowed the field to the Pentax K1000, Olympus OM-1 or Nikon FM2n.
Everybody's gonna recommend their favorite camera, but if you want to learn about photography, IM frequently les than HO a fully manual camera is the way to go. The Nikon is faster and lighter than either the Pentax or Olympus, has a much faster flash sync speed and will take pictures if the batteries are dead since they're only used for the light meter - everything else is mechanical. (To be fair, the K1000 will also take pictures with a dead battery.) As mentioned earlier, lenses are plentiful and cheap. Any Nikon AI or AIS lens will work just fine on an FM2n - older non-AI lenses can be converted for about $35.
I bought mine with a 50mm f1.4 lens for $175 - and you can find them all over eBay. If you're a responsible buyer you can find great deals in camera gear there.
Most of my pictures still suck mightily - but they get a little better with every roll:)
WinNT/2K/XP machines can format, read and write 4gb FAT partitions but DOS/Win9x/WinME machines can't. The limit for the older machines is 2gb because they don't support FAT partitions with 64kb clusters.
"All four listed patents deal with the problem of having both short and long file names. None of my digital cameras use long file names."
That's a limitation of the camera, not the filesystem. All my CF cards are formatted FAT32 and can support long filenames. As removable media gets bigger FAT32 or something like it is gonna be required for volumes bigger than 2gb anyway.
I went back and reread the article as you suggested - turns out we were both a bit mistaken. Now that I've reread the article I'm gonna suggest you reread the First Amendment. To save you from looking it up, I've included it here -
"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances."
The University of Florida is not Congress and is therefore not restricted by the First Amendment. And - exactly how is a p2p connection a First Amendment freedom anyway?
I did some research on ICARUS - there's a pretty good article here. Apparently the system is a bit more sophisticated than we thought.
Also, it appears students agree not to do this stuff as a prerequisite to using the school's network - apparently they also consent to network monitoring.
What right do I have to "use everyone else's bandwidth up"? I run the network here - downloading ISO images from software vendors and government distribution points is in my job description. When I mentioned targeting "offenders" I was talking about my network, not UofF's network.
Anyway, it's clear we're not gonna see eye to eye on this, since it's clear you believe students have a right to connect to anything they want to on a publicly funded network and I disagree with that premise. It's a pretty fundamental difference - so I'm gonna move on. Thanks for the conversation:)
But - the 600mb ISO via FTP and the 600mb download via KaZaa use exactly the same network resources and the same network bandwidth once the traffic hits the school's gateway.
One basic flaw in the argument you present is that you have the right to do whatever you want if you're granted access to a publicly-funded network. Anybody with even a rudimentary information assurance background will tell you that you block all ports on the firewall and then open only the ones you need. The onus is on the user to demonstrate the need - and since school networks have shared storage resources you might have a difficult time demonstrating that your need for KaZaa overrides the school's need for network security.
Yes, you can demonstrate a need to share files with other folks on the school network. You'd have a pretty tough time demonstrating a need to share files off-network or that blocking KaZaa's default port prevents you from doing that since there are other methods on the school's network to share files - email, network drives, workgroups and so on.
Your library example is one of content filtering - and again, we're not filtering content here. Monitoring (or even blocking) a TCP port is not content filtering.
You mention "normal tools" - as a sysadmin on a government network a bandwidth cap is absolutely the last tool I'd use to prevent network abuse. I don't know anyone who's had to resort to something like that - after closing all the ports we need to we generally target offenders.
I have an MSDN Universal subscription and a business need to download ISO images from Microsoft and a few other places - so a bandwidth cap doesn't work for me or for several of the people I work with.
Again, I agree that filtering content is illegal - but using best practices to secure a network doesn't require content filtering.
The First Amendment says that Congress can't make a law restricting free speech. The government certainly can tell you what you can and can't do with its network. Try sending a threatening email to the President or a member of Congress and see if you don't get a world of pain for your efforts. Free speech isn't as free as some folks would think. People get arrested for trying to enter military installations to protest.
Government networks *routinely* block P2P ports and I'm required by my higher headquarters to block NNTP at the firewall, which is a damn shame because not all the software companies I deal with have web interfaces to all their private newsgroups:(
If you wanted to stop most file sharing you'd close port 119, 1214, 6346 and 6667 - and you'd block any traffic that wasn't HTTP on port 80.
If you didn't want to completely block Usenet you'd just quit carrying alt.binaries.* and deny connections to any server but your own on port 119. This stuff is all taught in Firewalls 101, honest:)
Sure, you could move to another port to transfer your files - but the one thing all P2P aplications *must* have is a common port for everyone to meet on to get the sharing started.
IMO that handful of firewall instructions would immediately stop more than 95% of file sharing in its tracks - and as anyone in IA will tell you if you can block 95% of the bad traffic with a couple firewall rules you can then focus your attention on the remaining 5%:)
I think we ought to applaud ISPs who haven't taken measures like this yet - it'd certainly be easier to close ports than to get sued by the recording industry. So far most ISPs are taking pretty good care of us, I think.
Sorry, I wasn't paying attention. You asked about a _free_ client.
Motino isn't free - but a 2000 user license is about six bucks a head. I think a single user is $20 and as far as I'm concerned it's well worth it. They have a free demo - you might want to check it out.
I've been pretty happy with Motino - as a matter of fact we're getting ready to deploy it to about 1800 users.
We block obvious spam at the mail gateway and are looking to catch the rest of it at client level - IMO this is a function the mail server doesn't need to perform in a fairly large enterprise.
On my itty bitty home domain I use spamassassin, though:)
It doesn't necessarily follow that the network is public because the organization is publicly funded. I'm a sysadmin on a Department of Defense network - we're wholly supported by your tax dollars:)
Slashdot Mirror
If the fund runs dry nobody gets any coffee - and in the five years we've been running the fund that's only happened once.
We told all the coffee drinkers we wanted to maintain $300 in the fund to buy supplies and if necessary, replace the office coffeepot - it's one of those big Bunn coffeemakers. When the coffee fund has >$300 we take the tip jar away until it doesn't have $300 in it any more.
Works like a charm - and I think it'd work with WiFi too. If yor WAP isn't self-supporting then turn it off until it is. If it's worth the $100 a month the DSL line probably costs I think your customers will support it.
The difference between tip jar WiFi and tip jar software is that you can turn off the WAP if it's not self-supporting :)
Why bother with g at all? The WAP isn't gonna pass data faster than the pipe feeding it :)
IM frequently less than HO consumer OS are for consumers. When you increase functionality you also increase complexity - and if you allow users to deviate from 192.168.0 you increase the chances they can't figure out how to stand up their own home network.
I spent some time working in a beta for an application that combines firewall, virus scanning and CD- or DVD-based backups. I dropped out of the beta because in addition to slowing my machine down dramatically there was the added benefit of no user-configurable options for the virus scanner and almost none for the firewall. The firewall prompts you when an unknown application tries to talk and asks whether you want to allow, deny or ask every time that application runs.
But - it's gonna be a *great* application for people who want their computers to just work - and that's the vast majority of computer users. We're the one-percenters who occasionally want more than a consumer OS will give us. I prefer Windows for desktops and Linux for servers - and am reasonably comfortable with both.
I run my own mail/web/IRC/NNTP server and they're okay with that. I do have a 45 gigabit a month limit in my TOS but I think I've exceeded that lotsa times and they've never sais a word.
These people also offer a 1.544 Mbit residential SDSL service for $99 a month. Too bad my phone lines won't talk faster than about 950k :(
I think that's a marvelous idea.
IMO if the guy had filed a proper flight plan and had contingency measures in place even if those contingency measures had failed I think both the US and NZ would have been willing to hook the guy up with a little petrol.
But it needs to be expensive. I vote for five-figure-or-more expensive.
I don't think it's about money. There are adventurers out there who could probably buy either or both bases down there - so there needs to be a disincentive to doing stupid shit and expecting someone else to bail you out.
Weather reports are available and the guy had no backup plan, lied on his flight plan and didn't have anyone to bail his happy ass out if something went wrong. Well, something went wrong :)
If it costs him an airplane I think that's probaly fair - the stunt could easily have cost him his life. If the guy chose to fly across Antarctica and was short enough on fuel that a headwind forced him to land as far as I can see the guy is pissing in my gene pool.
I don't work with desktops any more - my job is corporate IT architecture these days.
Your thoughts here are the same as the ones I see in my own organization - contractors spend so much time putting bandaids on things that the real problem doesn't get addressed.
But you're right - the contractor lowballs the job so they'll get the contract and there often isn't enough money in the contract to do the job right, because if the contractor bid enough to do the job correctly they'd price themselves right out of the competition.
Best the contractor can do is get in the door and then try to get the contract modified to get the job done right - and then they run right into the federal bean counters and that's about as far as it goes.
Again, my apologies. I thought you were bitching about your salary and saying you weren't paid enough to do a good job. The bottom line is that in order to win the contract you have to show an attractive bottom line - and the mentality in the government these day is to do it cheap rather than doing it right.
We do spend more money on stupid stuff than they do in the private sector, though :)
I can't argue this at all. The reason I'm a federal employee instead of a contractor now is that I have nine years of military service that counts toward retirement if I work for Uncle Sam instead of the contractor. Took me four years to find a government position in my location commensurate with my salary and experience. I took a $10k salary hit but I'll get to quit working almost ten years earlier than I would as a contractor :)
IMO if you can't do your job you need to be trained or fired - and that applies to federal employees as well. I have pretty close to 20 years IT experience - 18 of them in the civilian sector, a reasonably long list of certifications and a whole pile of corporate experience. Project managers don't need to be the alpha geek on the team but they do need to be able to speak intelligently to IT contractors - and like I said, if they can't they need to be trained or fired.
My current rant: Three years ago the DoD agency I work for decided to migrate a terminal-based Unix application to web application from a Major Relational Database Company Who Shall Remain Nameless.
I said at the time that users at remote sites would see fairly major performance issues because it's the nature of HTML to refresh entire screens instead of single characters like the terminal emulator did. To make a long story short the government didn't include application performance as a criteria in the statement of work.
The contractor finished the application - which is currently unusable by 2/3 of our employees who connect to the application across a WAN. Since nobody wrote performance metrics into the contract we ended up paying the contractor $6M for the application and then modifying the contract at pretty significant cost to get the performance issues fixed.
See? If everybody listened to me the government would run much smoother :)
But - when something falls outside the realm of normal IT operations the contractor can ask for more money - as an example we bought about a hundred firewalls to deploy to satellite offices. The contract we have with IT support staff allows X number of billable hours per job description. Installing and maintaining those firewalls was not factored into the contract so the contract was modified and IA staff increased by four people.
"This needs to be done" doesn't necessarily obligate the contractor. It does if it's part of the normal duties outlined in the contract, but if it exceeds time and materials outlined in the contract the contractor has the right to ask for more money.
Being a federal employee and a sysadmin I expect the contractor to inform his government.
I just used the DoD Wireless STIG to draft an 802.11 policy for the agency I work for. It actually wasn't a bad piece of work :)
DISA is still trying to make 802.11 impossible in DoD - but we're working out the kinks now.
The government's responsibility in IT is project management - at least in the agency I work for. You wouldn't expect your CIO or any other manager to be 100% up to speed on latest IA trends - that's what we have contractors for. Government IT professionals make decisions based on input from the people who actually do the work.
I've worked both sides of the fence. I spent four years in this agency as a contractor heading up desktop support - at the time we had 3200 users in >100 locations. I started as a federal employee two years ago and now supervise the same contractors I was working with.
I'm not bashing you, but if the government doesn't pay you enough, maybe getting another job is an idea? I don't know anyone who was forced to take a job with the feds - it's reasonable to expect IT professionals to do the best job they can and identify where their employer is deviating from best practices.
That's why they call them professionals.
I decided to branch out from point-and-shoot digital to film about a year ago - and after doing much research had narrowed the field to the Pentax K1000, Olympus OM-1 or Nikon FM2n.
Everybody's gonna recommend their favorite camera, but if you want to learn about photography, IM frequently les than HO a fully manual camera is the way to go. The Nikon is faster and lighter than either the Pentax or Olympus, has a much faster flash sync speed and will take pictures if the batteries are dead since they're only used for the light meter - everything else is mechanical. (To be fair, the K1000 will also take pictures with a dead battery.) As mentioned earlier, lenses are plentiful and cheap. Any Nikon AI or AIS lens will work just fine on an FM2n - older non-AI lenses can be converted for about $35.
I bought mine with a 50mm f1.4 lens for $175 - and you can find them all over eBay. If you're a responsible buyer you can find great deals in camera gear there.
Most of my pictures still suck mightily - but they get a little better with every roll :)
Best of luck, Jenni.
This is absolutely correct - I'm gonna shut the hell up now :)
For me, FAT=FAT16 and FAT32=FAT32. Sorry for the confusion :)
WinNT/2K/XP machines can format, read and write 4gb FAT partitions but DOS/Win9x/WinME machines can't. The limit for the older machines is 2gb because they don't support FAT partitions with 64kb clusters.
That's a limitation of the camera, not the filesystem. All my CF cards are formatted FAT32 and can support long filenames. As removable media gets bigger FAT32 or something like it is gonna be required for volumes bigger than 2gb anyway.
I imagine they're monitoring port 25 - it won't matter whether the mail comes from their server or not ;)
"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances."
The University of Florida is not Congress and is therefore not restricted by the First Amendment. And - exactly how is a p2p connection a First Amendment freedom anyway?
I did some research on ICARUS - there's a pretty good article here. Apparently the system is a bit more sophisticated than we thought.
Also, it appears students agree not to do this stuff as a prerequisite to using the school's network - apparently they also consent to network monitoring.
What right do I have to "use everyone else's bandwidth up"? I run the network here - downloading ISO images from software vendors and government distribution points is in my job description. When I mentioned targeting "offenders" I was talking about my network, not UofF's network.
Anyway, it's clear we're not gonna see eye to eye on this, since it's clear you believe students have a right to connect to anything they want to on a publicly funded network and I disagree with that premise. It's a pretty fundamental difference - so I'm gonna move on. Thanks for the conversation :)
One basic flaw in the argument you present is that you have the right to do whatever you want if you're granted access to a publicly-funded network. Anybody with even a rudimentary information assurance background will tell you that you block all ports on the firewall and then open only the ones you need. The onus is on the user to demonstrate the need - and since school networks have shared storage resources you might have a difficult time demonstrating that your need for KaZaa overrides the school's need for network security.
Yes, you can demonstrate a need to share files with other folks on the school network. You'd have a pretty tough time demonstrating a need to share files off-network or that blocking KaZaa's default port prevents you from doing that since there are other methods on the school's network to share files - email, network drives, workgroups and so on.
Your library example is one of content filtering - and again, we're not filtering content here. Monitoring (or even blocking) a TCP port is not content filtering.
You mention "normal tools" - as a sysadmin on a government network a bandwidth cap is absolutely the last tool I'd use to prevent network abuse. I don't know anyone who's had to resort to something like that - after closing all the ports we need to we generally target offenders.
I have an MSDN Universal subscription and a business need to download ISO images from Microsoft and a few other places - so a bandwidth cap doesn't work for me or for several of the people I work with.
Again, I agree that filtering content is illegal - but using best practices to secure a network doesn't require content filtering.
Government networks *routinely* block P2P ports and I'm required by my higher headquarters to block NNTP at the firewall, which is a damn shame because not all the software companies I deal with have web interfaces to all their private newsgroups :(
If you didn't want to completely block Usenet you'd just quit carrying alt.binaries.* and deny connections to any server but your own on port 119. This stuff is all taught in Firewalls 101, honest :)
Sure, you could move to another port to transfer your files - but the one thing all P2P aplications *must* have is a common port for everyone to meet on to get the sharing started.
IMO that handful of firewall instructions would immediately stop more than 95% of file sharing in its tracks - and as anyone in IA will tell you if you can block 95% of the bad traffic with a couple firewall rules you can then focus your attention on the remaining 5% :)
I think we ought to applaud ISPs who haven't taken measures like this yet - it'd certainly be easier to close ports than to get sued by the recording industry. So far most ISPs are taking pretty good care of us, I think.
Motino isn't free - but a 2000 user license is about six bucks a head. I think a single user is $20 and as far as I'm concerned it's well worth it. They have a free demo - you might want to check it out.
We block obvious spam at the mail gateway and are looking to catch the rest of it at client level - IMO this is a function the mail server doesn't need to perform in a fairly large enterprise.
On my itty bitty home domain I use spamassassin, though :)
It doesn't necessarily follow that the network is public because the organization is publicly funded. I'm a sysadmin on a Department of Defense network - we're wholly supported by your tax dollars :)