There's a simple answer, even if it includes a conditional:
1. If these other two guys report to you, there's obviously a lack of respect for authority in the shop. Inform them that logging calls is one of their duties (a critical one at that), and if they fail to fulfill this portion of their job, they will have to seek another. This response would be inappropriate if you hadn't asked them to do so previously; however your post indicates that you have. 2. If these other two guys don't report to you, it's Not Your Problem(tm). At most you can inform their manager that they aren't "acting in the best interests of the team" or some similar poppycock.
If you have the responsibility to ensure that the help desk acts as it should, but you don't have the requisite authority, then Welcome To IT(tm):) I have that problem all the time myself. I've found that a combination of politicing with my peers and superiors, and browbeating those over whom I should have authority (but don't) is a decent combination.
I just checked some of our Microsoft Office documents from work with their "textmaker" app, which is supposed to be "100% compatible" with Microsoft Word.
Of course, it's not. It exhibits the same sorts of glitches that OpenOffice does. Which doesn't surprise me given the hoary nasty Microsoft Word file format, but hey, if they're going to claim it, they better back it up.
This use of the phrase "zero-day" is not new; it's commonly used in circles where security plays an important role to refer to a publicly-known/available vulnerability/exploit for which 0 days of notice was given to the vendor.
While Microsoft and Oracle and friends would have you believe that the IT community at large is irresponsible and we just go ahead and use bullhorns to broadcast our latest vulnerability find, it's actually quite unusual to come across a real vulnerability (which this appears to be) for which the vendor was given no notice nor opportunity to fix the issue in a reasonable (read: weeks, not months) timeframe.
The term may have at one point been used to refer to example exploit code which was provided on the same day as the vendor's fix, but that certainly isn't the common usage today.
I know, I know, the Slashdot crowd doesn't seem to like tapes. I use a three month rotation with a full backup at the beginning of every month and incrementals every Sunday. For the infrequently-changed directories (almost called them file systems... whoops), I use a six-month rotation.
Perhaps because with a few 250GB/320GB disks and wonderful software like BackupPC, I have nightlies going back a month, weeklies going back 3 months, monthlies going back a year, and quarterlies going back... well, 'til when I started backing up with this system (about a year ago - so fine, I haven't actually got a single "quarterly" backup sitting around:).
At my current usage growth, I will be able to continue that schedule for another 3 years without having to swap media. Not bad eh?
Okay, I'm taking bets on them doing this as part of a typical "Embrace, Extend, Extinguish, Extort" cycle. I give 2:1 odds on Microsoft producing ODF documents that just don't work right, or are horribly buggy. The import will lose all sorts of formatting and similar such things.
Caroline Benner is a fellow at the University of Washington's Institute for International Policy. From 2001 to 2003, Ms. Benner was a consultant with the geopolitical policy and strategy group at Microsoft.
Yeah. Take a look at the source. I wonder if maybe she's still freelancing for them.
Really all the article does is point out that there's no silver bullet. She does so by pointing out that there are "claims" about open source. That's it. She doesn't dispute the claims. She just says they're claims. Unsurprisingly, she also doesn't point to the evidence of the claims.
FUD stands for "fear, uncertainty, and doubt." This may very well be a simple, subtle form of doubt-sewing. Nothing actually inaccurate in the article, that I saw, but also called into question some faily well-proven FOSS benefits (such as a lower cost of ownership).
About the worst I saw was:
For example, they believe that the total cost of ownership of open-source software is lower than that of proprietary software because they avoid the expensive licensing fees that companies like Microsoft charge.
Actually, most people I know don't consider "Total Cost of Ownership." That's a term made up by Microsoft in an attempt to make FOSS proponents look like they're narrow-minded and that their conclusions were incomplete and "irrelevant to business." Everybody I know looks at "cost" - period. "Cost", by definition, without any modifiers, *must* mean total cost. "Partial cost" or "license cost" may mean something other than Cost, capital C.
Likewise, relatively few people I know think Microsoft licensing is the main cost in a Microsoft shop; the legions of sysadmins and helpdesk staff, as well as the lost productivity and downtime cost quickly outweight the (relatively benign) up-front cost of Microsoft software. Take a look at Red Hat's licensing - it's actually more expensive than Microsoft on most fronts. You make it up tenfold in reduced operating expenses, however, and you can save even more in operating expenses if you go with a more technologically advanced flavour such as Debian GNU/Linux (you also reduce the up-front procurement costs as well).
Bah. I can't believe I wasted five minutes debunking this Microsoft-shill fluff piece.
What I'm hearing is that their program is a basic proxy that you connect to via SSL. And unless their complete morons as some other poster thought they might be, they'll use their own code and not have China's public key anywhere on their trusted provider's list (quite the contrary, I would suspect they'd reject any key signed by them as dangerous by default...).
Psiphon appears to be an overcomplex (ie: technically it looks like it's built by a couple of freshmen who think great things) HTTP proxy. Aside from the purely technical, it fails on a number of very serious security concerns - namely, it's non-anonymous. If you live in Saudi Arabia, and you get a buddy of yours in Canada to proxy for you, how long do you think it will be before there's a knock on your (or their) door? If there's a human relationship involved, whether it be commercial or familiar or not, it's only a (short) matter of time before you're caught. What happens then depends upon the jurisdiction.
Your other point, I believe, is that "it's like HTTPS so it'll be harder to block". Yes and no. Mostly no really. HTTPS isn't particularly hard for censors to work around. They just make it so that you have to use a proxy to access HTTPS sites. This is commonly-used, particularly in commercial settings. You connect to the proxy via SSL, using the proxy's keys, and then the proxy makes the connection to the destination site. It decrypts your traffic, analyses it, then re-encrypts it. Since the only keys your computer sees are those of the proxy, it's feasible and done often enough to be scary. (This is not to be confused with HTTP CONNECT proxies, which actually result in the end-points having relative privacy between each other.)
I found http://www.third-bit.com/2004-fall/psiphon_ae.html and it doesn't describe something that's even as good as a plain old Squid proxy. Tor appears to be far, far, far safer.
(I live in Toronto. I want to go find these guys and slap them.)
That will make the NFS connection from 10.60.55.20 have all access go via UID/GID 1001, and all accesses from 10.60.55.30 go via UID/GID 1002. This is most applicable when using single-user endpoints/workstations.
Newer kernels (late 2.6.x-series) appear to have support for Kerberos and similar; of course, if you haven't even done LDAP yet (what's your excuse? If you're replacing Windows machines in an NT4 configuration, you should at least be migrating to something LDAP-based), then Kerberos is probably out of your league. Fix that.
While I don't feel particularly strongly about the debate of animal testing (my father is a butcher, I spent several years on a cattle/chicken farm as a child, and more than once have I killed my food a few short hours before I ate it), I would like to raise a point.
Most of the arguments in favour of animal testing revolve around "they aren't sentient, they can't feel it, better them than humans, etc." First, it's obvious that they feel it. Go poke a needle in your pet dog and see how he likes it:)
But that aside, the fact that they aren't sentient (or at least the theory that they aren't sentient) is an argument *against* testing on them, as far as I'm concerned. If the options are "test on something which can feel it, but isn't as self-aware as a human" or "test on a human who has weighed the options and made a concious decision on the matter," I think the latter is definitely more ethical.
Now, I'm off to kill a cow, eat its muscles, and wear its skin:)
The very definition of RAID is "Redundant Array of INEXPENSIVE Disks". Emphasis mine.
I've already read a bunch of posts about how SCSI is more reliable than SATA. Well, they actually mean SCSI drives are generally more reliable than SATA drivers (and some actually say so). They're quite correct for the most part.
Here's what storage vendors don't want you to know: It doesn't matter.
Use RAID. With SCSI or FC disks, you'll have to use RAID5. At that point, two disk failures in a given array and you're screwed. You REALLY care that two disks don't fail at the same time. And when you're using low-end or even mid-range drives, it happens.
Why do you have to use RAID5? Because with SCSI or FC disks, RAID5 is the only economical option. With a 300GB SCSI drive going for at least $1200USD, and FC drives of that size going for $2500USD, even the biggest corporations end up using RAID5.
Of course, RAID5 isn't the only level of RAID. It's the least redundant of any level of RAID, as a matter of fact.
Go SATA with RAID10, at least 4 drives, ideally six or more. With six drives, the likelyhood of having two drives fail before you can replace the first one is somewhat higher than if you're using SCSI, but the likelyhood of that second drive causing you data loss due to a failed array is infinitesimally smaller. It's guaranteed with RAID5, and the chance for RAID10 is inversely proportional to the number of disks in the array. So first the first drive has to fail, then the second drive which fails has to be of the same RAID1 set. Add onto that that drives do indeed "go old", and the heavier you work them, the faster they get old. With RAID5, disks tend to get worked a lot harder (without any cache, or if the cache misses, each write requires n-2 reads, and 2 writes).
Of course, you've pretty much decided that RAID10 is the way to go. At that point it's cost. If you're looking for 50GB of fast redundant storage, SCSI is going to be slightly cheaper. If you need any amount of storage though, SATA is going to be a whole lot cheaper for the same level of reliability (which requires more spindles), and typically better speed (more spindles means more seeks per second and more megs per second, though one needs to be mindful that big SATA disks are only 7200RPM, while the slowest SCSI disks you're going to get are 10kRPM).
Summary? I'm value-concious. I'd go the SATA route. RAID10, four disks minimum to start, a pair of 4-port 3ware SATA cards with 128MB+ of battery-backed cache. I'd do the RAID entirely with software (Linux MD), with each RAID1 set split across two controllers. We get cheap disk redundancy, cheap disk speed, cheap I/Os, and cheap controller redundancy. I'd consider using less fancy controllers, the 3ware jobbies tend to be expensive, but when you're doing big writes the cache makes a massive difference (75MB/s across four disks of RAID10 versus 20MB/s). I've considered putting together a dedicated storage appliance, exporting via SMB/NFS/NBD/GFS/what-have-you, without the battery-backed cache, but with a pair of 1U UPS units (one for each power supply). Then I'd go around turning off all the application-level fsync()ing, and see what happens with 4GB of disk cache. Bet it'd be fast. And with shutdown initiated via UPS trigger, almost as safe as a battery-backed cache. Remember: "Redundant Array of INEXPENSIVE Disks."
You're talking about the network. I'm referring to FC drives vs. SCSI drives.
You do not need "Fibre Channel" drives (SCSI drives with different firmware and a different connector) to access them through some network - regardless of whether the network is fibre-based or Ethernet-based. The network fabric is the job of the server (typically, for data storage, an appliance of some form). The disk's job is to serve data to the server. The interconnect there is almost irrelevant. SATA, SCSI, FC, they'll all do well enough. What matters is the drives - the platters, the actuators, the motors, etc..
One cannot compare an FC SAN to a SCSI drive, or an FC SAN to a direct-attached SCSI enclosure.
As far as iSCSI vs. an FC SAN goes, that's a separate matter. iSCSI is not limited to Ethernet. That's the entire point of using something TCP/IP-based, it's largely media-independant. Go check out InfiniBand if you want to see some nifty high-performance stuff (40Gbit/s fabric which you run TCP/IP on, as compared to the 4Gbit/s, tops, you get with FC). You can always run iSCSI over Fibre of course - there are plenty of Fibre NICs and mid-range/high-end switches have supported Fibre connections for years. Of course, unless you're spending hundreds of thousands or millions, you should probably be comparing iSCSI to 2Gbit/s FC. In that case, a pair of bonded 1Gbit/s Ethernet cables are going to get you the same fabric throughput, at a fraction of the price, plus you can use that bandwidth for other things when you're not busy reading from or writing to storage. You get all the wonderful scalability and technology improvements that comes with Ethernet - for instance, already 10Gbit/s kit isn't obscenely expensive, and is pretty easy to find. (Go ahead and try finding 10Gbit/s FC gear; they don't make it, because they can instead sell 2Gbit/s or 4Gbit/s to people who'll pay ten times as much as you ever could. Ethernet-equipment vendors, who market not to corporate IT departments but to almost the entire IT world [which has a great deal of sense compared to the former] have increased the speed of Ethernet by 2 orders of magnitude in the time FC equipment vendors have doubled the speed of FC.)
Personally I look forward to playing with iSCSI. I'm already trying to source a pair of Adaptec iSCSI HBAs (should be at least two per machine) so I can compare to an all-software solution (which appears to perform reasonably well). I have a colleague who does a fair bit of high-performance computing that swears by InfiniBand, but there's no reason why remote storage needs its own separate network (you don't see email getting a different network cable than SSH, HTTP, or VoIP).
Quite correct. We're an end-to-end networkable app, and there are (at minimum) seven different nodes. I've already started virtualising most stuff (so that one machine runs every node), but I'm relatively new here, only been here a year, and I'm having to fight some historical issues with respect to technology choice.
Basically, the last few people who did any purchasing (the President included) weren't particularly... effecient. So I'm having to carefully make sure that we're not embarassing anybody by showing that they could have spent a tenth the money and gotten twice the service. For instance, we have a four-year-old Fibre Channel array. When I started it wasn't being used for anything. Only two machines have FC adapters, so at most only two machines could use it. I still haven't found a use for it. When they bought it they spent about $120,000 on it. Thus it's a bit hard to justify, say, machines which have more than two local disks, when the President bought into the entire "everything needs to be on an FC SAN" marketing drivel. We're getting there though. Surprisingly quickly too; just yesterday we agreed in principle to a large purchase (a couple hundred thousand dollars). All machines are 2U, each has at least six local disk. The trick is that each machine needs its own copy of the data for security robustness purposes (they're to be separately-managed), and an FC SAN is just too slow and too expensive. So we're making progress.
The other bit is that it's Java stuff, and it beats the crap out of machines. Most of them are older dual-PIIIs, 1GHz+, and as soon as you get one or two developers actively working on a machine, it's not good for much else until they're done.
(You might have noted that I have a particular hate-on for FC SANs. I definitely do. Go take a look at EMC's quarterly reports or some of IBM's statements on the profitability of their storage division. It's a massive cash cow. The thing is, if it was reasonably priced [ie: if the markup was comparable to virtually every other component of a system], I would jump on FC SANs like there's no tommorow. Being able to migrate virtual machines requires that there be shared storage. NFS is bloody slow, and I've not yet gotten the time to really develop high-performance NBD/DRBD/GFS servers. I do have a decent 2U machine with 8 hot-swap SATA bays that I'm hoping to give a good try with.)
That the hardware and software vendors cater to IT departments because "they're geeks and they speak the industry language" is bullshit.
They cater to IT departments because the vast majority of them are run by total incompetents who have no idea what they're doing, and have no idea how to value hardware and software. I run a small business' IT department. Hell, I *am* the IT department. 40 some-odd servers, 20 or so desktops, 10 or so laptops. I do all the purchasing, and let me tell you, they sure as heck don't cater to *me*. They cater to the people who're willing to spend $80,000 on a crap piece of software which could be done by one of our dozen in-house coders (we're a software development shop) in a weekend. Or by me for maybe $2500 worth of time.
They cater to morons who think that "Fibre Channel" drives are better than SCSI, and so are willing to spend $3000 for a 150GB drive. They cater to people who think that there's something magical about SCSI, and so think that even if 10kRPM 300GB drives were available with SATA connectors instead of SCSI, the SCSI drives would still be worth $1500. (Here's a hint - the differences between Fibre Channel drives and SCSI drives is the connector. They may do some extra QA on FC drives, to up the MTBF, but this is what RAID is for.)
Vendors do NOT cater to IT departments because IT departments "know the language". They cater to IT departments because they tend to be massively over-funded for what they provide, and they're willing to piss away huge quantities of money.
That's the thing I hate most about the IT industry right now. Prices aren't set by competitive pressure between the vendors, they're set by twits not knowing that it's silly to pay $50,000 for some shared storage they don't need. Why should IBM sell me a 10kRPM 150GB SCSI drive for $500 when they can sell it to an idiot for $1500? (They'll sell them to me for $1000, and that's the lowest they'll go. I still think it's horribly overpriced.)
Does your company do any type of quality assurance? How the hell can you do proper QA in a few hours, unless it's a trivial fix?
That's why I said "hours, days, or - very occasionally - weeks"; not all fixes are trivial:) And yes, we do get trivial fixes in and tested within a matter of hours.
That said, many commercial software companies (such as Oracle and Microsoft) can't even manage to get trivial fixes done - even given months.
There are two types of QA: preventative and exhaustive. We do a buttload of preventative QA. That means a good, clean, well-separated architecture. It means good documentation and extreme attention to detail. It means doing things right, even when adding a given new feature will take weeks or months instead of days or hours.
Neither Microsoft or Oracle do (much) preventative QA. Their software is extremely hoary. They have a different set of priorities, based largely on marketing. It's just turning out that more and more people are caring about technical details in a security context, meaning all of a sudden the quality of their code is a headline marketing issue.
The other kind of QA, exhaustive QA, is basically a brute-forcing. At our shop, 99% of that QA is done automatically, at every level. We have several clusters of mixed platforms on which our software runs. The front-end is a box which takes in telephone calls. Our regression testing actually makes hundreds of automated phone calls when a new release is being tried out - and the results of each of those calls is checked down to the source-class level.
That sort of thing is really helped by extensive and meticulously-mainted documentation about how data flows through the system, so that the tests can touch each and every part of the code, in all sorts of different ways.
Non-trivial fixes can take longer. Sometimes it means we don't do as much QA as we'd like. Luckily the code is written well enough that there hasn't been more than one or two non-trivial fixes, and the bugs they fixed weren't themselves critical.
Basically it gets down to this:
If a fix isn't trivial, why isn't it? (Usually because of poor architecture or code quality.)
Regardless of whether the fix is trivial or not, why does it take more than a year to fix it? (There's really no excuse for this one.)
If the fix is available, why don't you release it immediately? (Typically because they have "more important" customers from whom they wish to hide the frequency of security problems, since if those customers thought there were so many so often, they'd have second thoughts about buying the software [with all the attendant cost of patching required].)
If a vendor doesn't have good answers to those questions, I honestly don't see why I should consider buying from them. And I don't see why anybody would consider using our own software, either.
In TFA she discusses two sorts: those who play ball, and those who don't. One of the continuing problems with IT security is the fact that the bright folks who can find or fix problems aren't always the ones who understand how really big, clunky corporations work.
The only goal in the article there is to do discourage people from doing the whole "I found a vulnerability, you have 5 days to comply" nonsense. Yeah, sure, it works great if you've got a 1-person operation with no legal team, and no multitiered support system in place to filter out the garbage.
You miss the entire point. You could be referring to one of two "really big, clunky corporations." Either the "really big, clunky corporation" that needs to upgrade all their vulnerable equipment, or the "reall big, clunky corporation" which actually has to provide the fix. Let's do the last one first:
My job is to provide services in a secure, cost-effective, and effecient manner
It's my responsibility to choose the components I will use to do my job
That means that (unlike the recent Oracle vulnerabilities), I require that fixes for reported vulnerabilities be provided in a reasonable time-frame, fully-tested and audited
A "reasonable timeframe" is measured in hours, days, or - very occasionally - weeks. Not months or years (such as the recent Oracle fixes)
You may say "that will increase the cost of the products" - no it won't. The relatively minor increase in ticket and support contract price is dwarfed by the price of a security breach
Whether the vendor is a "big, clunky corporation" or not is irrelevant - all that matters is if they can meet the requirements set out by their customers (of which I am but one, and trust me, more and more customers are demanding reasonable security-fix practices - of which "sit on it for a year or more" isn't one)
Or, if you're talking about the "really big, clunky corporation" which can't manage to perform critical upgrades at a time appropriate for the business:
That's their choice and their problem. That some yahoo idiot corporation can't expend the resources to secure their infrastructure isn't my responsibility.
Note that near reporting periods, I don't touch critical infrastructure either. My choice. I implement what workarounds are safe to put in place, and I make a calculated risk. By refusing to act on security-related reports in a timely manner, Oracle took that choice away from me.
To sum up: Oracle waited YEARS to fix some of these bugs. I don't care why they were unable to fix them. They got caught with their pants down, after the people who reported them decided that "okay, by now, somebody who'll use these vulnerabilities to actually attack people has probably found them" and subsequently released (limited) details required to inform Oracle's customers of the possibility of vulnerabilities.
Now they're trying to blame those people, who actually gave me the ability to make reasoned decisions? The gall. A year ago I wasn't in a position to choose which software we used in our infrastructure, and now I am. Oracle's failure to act upon vulnerability reports, and their subsequent attempt to disparage those who allowed me to do my job, has lost them any possibility of future sales while I'm in charge (until, of course, they actually change - and confirming that change will require me to actually audit their own practices, which I doubt they'll ever let me do).
The saddest part? We're a software development firm which gets to dictate to some really big customers what database engine they use. We're talking about tens of thousands of licenses, easy. Whereas we were previously looking at MySQL, Postgres, and Oracle. Now Oracle is just totally ruled out.
It is a business of network equipment. It has the primary goal of turning over as much equipment as it can, and make as much money as it can... what's the phrase? "Maximizing Shareholder Value".
You misunderstand the stock market system. The stock market system is about making the executive and management of a company responsible to a large number of stakeholders. It's easy to hold them responsible to a small number of people, but once you get millions of stakeholders, it's a bit more difficult.
In a way though, you're right - it all gets down to "maximizing shareholder value." Except it's the shareholders who decide what they value - not you (likely an armchair stock analyst without any Cisco stock), the executive, the management, or the employees.
If some shareholders feel that protecting their freedoms is valuable, and they feel that one of the ways Cisco can do that is by refusing to allow those freedoms to be curtailed - at least on such a massive scale as China - using their technology, then the appropriate course of action would attempt to bring the issue to a vote.
Am I the only one who finds filling this out depressing?
Especially when you fill out the bad bits about the current job. And see that you checked most of the boxes. And then realise that is says "please specify no more than three."
Yes, I've seen this sort of thing at other places I work. It's inherently dishonest. It's justified via a) claiming that it'll help sales (dubious), and b) claiming that everybody knows that they're bullshit anyways. Note that the two justifications are mutually exclusive. Doesn't stop them from using them though.
No, I trust none of these "bakeoffs". Or any other IT advertising for that matter. There isn't a single mainstream IT rag which is even marginally trustworthy. Go ahead and, instead of reading just the bakeoff that you're looking for, read an article about something you already know about (through hands-on experience with all the primary alternatives, including a FOSS alternative if it's software and there is a FOSS alternative). Note how much stuff they get wrong, how shallow the article is, and how it almost reads like an advertisement. The same is true for cars too, largely, at least from what I've read. I can't comment on other industries since I'm not particularly familiar with their trade press. Note, however, that I still don't trust them at all - I expect they're just as bad. It's just that I don't make enough decisions relating to those industries' products to warrant reading the trade press - instead I go to the store and carefully examine the alternatives.
This sort of thing crossed the line into fake advertising at least a decade ago. Companies routinely make absurd claims and get away with it. There's just no political interest in enforcing it. At best they'll include fine print in their ad. If it's a print ad, maybe you'll be able to read it. It's been a while since I've seen an ad with fine print whose fine print didn't take up at least 10 lines of extremely small type. Television ads are a joke, it's impossible to read the fine print at broadcast resolution, regardless of the size of your TV, and it typically takes up a whole screen.
What can we do about it? Elect governments with some spine. These sorts of advertisements will continue to be successful so long as people are poorly-educated, and people will continue to be poorly-educated unless there is a strong collective agreement in place that says "yes, everybody needs some minimum level of education, otherwise they're prone to manipulation and our society is controlled by those who control the media or the other forms of information dissemination." It's funny, isn't it, how political campaigns in the US almost exclusively take the form of commercials? (Except for the "debates", which are a joke to everybody outside the country.)
Note that when the US was founded, everybody who advocated democracy made sure to point out that the requirements for democracy included an educated public, free speech, and free press. People have totally forgotten the education bit and the press bit. (A government-controlled press is no more effective at disseminating important information than a press controlled by an aristocracy - corporate or otherwise.)
You're out of date. Macs are comparable (the WSJ's Walt Mossberg even claims cheaper) in price/performance to x86 boxes.
That article (and most others like it) compare brand-name Apple hardware to brand-name x86 hardware; typically from the likes of IBM, sometimes from the likes of Deel.
If you're going to add 20-30% markup by going with a brand-name vendor, of course it comes out to about the same, at least now that the Apple has the G5.
However, if you want to build your own, or buy a beige box, there's no comparison. You can easily get comparable x86 hardware for two thirds or even half the price of a Mac.
This is pretty decent. I actually agree with all of the candidate's statements, with a few caveats:
1) Lay off the "racist" stuff a bit. I mean, there's no doubt that there are a number of racist institutions in your country (I'm Canadian myself), but I rather suspect that belaboring the point so much does more harm than good. I'd make it a single campaign issue instead of weaving it into... a number of campaign issues. 2) Generating electricity from solar energy is far more polluting than nuclear energy. The chemicals and energy expended to produce solar cells are obscene. It's really quite disgusting. You can still use solar to heat water for home use and such, but generating electricity from it is currently no-win and won't be viable (from a net-energy standpoint) for decades to come (and there are companies which are betting their future on it - the sooner they get it done, the better off they'll be, but even they don't delude themselves into thinking it'll happen *soon*).
Wind power is great, at least when care is taken not to dramatically change weather patterns. It's pretty local in nature, unfortunately, and I haven't seen any math showing that it's a viable energy source for the entirety of your country.
That leaves, pretty much, hydro as the only viable renewable energy source available within the forseeable future. Unfortunately, hydro power itself is extremely traumatic to the local environment.
Nuclear, however, is very clean. It's cleaner than all known energy sources excepting wind power and possibly hydro power (depending on how you define "clean" - hydro power destroys entire ecosystems). The *only* problems with nuclear power are its nonrenewable nature and the toxic waste it creates. The nonrenewable nature of the power is obviously something to consider; the known sources of nuclear fuel could only support modern usage levels for a few hundred years (I think I saw an estimate which said up to a thousand or so, but I can't find it any more). That's enough time to support high industry while we come up with something better though. The toxic waste is largely a marketing worry. Did you know that oil companies probably supported Green Peace's anti-nuclear movement? Go ahead and search for papers written on it, they're out there. There are natural systems in America and elsewhere which have kept things far more mobile than nuclear waste (like, say, water and life) contained for tens of millions of years. There are *truly* viable systems available for storage of nuclear waste for tens of thousands of years - long enough for them to be totally harmless by the time the containment systems fail and the (now non-toxic) waste is released into the ecosystem.
As you can gather, I don't like seeing unsubstantiated fearmongering when it comes to energy sources:) Nor do I like it when alternatives are suggested which are neither cleaner nor more economically viable than nuclear (such as solar power).
3) This relates to the nuclear power thing in that I believe they're both based on FUD. Or perhaps more correctly, upon unsubstantiated fears or maybe even a bit of moral extremism. What's the third thing? Genetic modification of life forms. I don't think we should be doing it lightly, and at this point we *certainly* shouldn't be doing it outside of the laboratory, but to espouse a position that is "against" a *science* smacks of near-religious extremism.
In summary: if I were down in the US there, I might vote for the Green party. It's still not a real clincher, because the three points outlined above indicate some level of nonrational extremism that's a bit scary. NEVER "oppose" an action or a science or a school of thought - just oppose the consequences. ie: instead of ruling out "nuclear power", rule out "brain-numblingly stupid levels of pollution". Keep minds open to how the problems you actually want to solve (polution in this example) *can* be solved. In the case of GM food, the only way it'll ever be safe is if it's
The only times I've ever seen numbers compared (for instance, frame rate or how long it takes to perform given operations), the differences were so negligble such that they could be attributed to random cosmic rays. And in XFree86's favour typically (though very, very, very marginally).
It's also worth noting that X11 is not "Linux", nor is the main implementation of X11 (XFree86 in other words) "Linux". Nor are they even particularly well-associated with Linux - XFree86 is developed largely by BSD nuts (meant in a nice way, one of them is a good friend of mine).
Right, so anyways. Got any numbers? *Anything* other than foaming at the mouth?
... people have spent years complaining about Microsoft security, Microsoft don't change anything because they claim it will break stuff.
Microsoft folds and implements some security features which inevitably break things... then everybody gets upset.
First, you're dismissing the (rather large I bet) group of people who don't want it both ways. For instance, huge numbers of computers are already protected to some degree by corporate firewalls and home routers and similar such things. Now when these people bought the software, they knew its shortcomings and worked around them appropriately. They're now not only having to explain to bosses and the like that "no, after all, we didn't need to spend 2 million bucks on all that security crap you argued against vehemently," (because all the bosses will know is that "Windows XP SP2 is secure") but also having to deal with all the various breakages introduced by SP2. And what are their options? How long will MS support non-SP2 versions of XP?
Second, people can feel rightly upset when a doctor cures the disease by killing the patient. This is a service pack - an update to an already-released software environment. It's not the right time for huge massive changes. Many of the people who previously complained about Microsoft's lack of security awareness and are now complaining about SP1 are no longer complaining about Microsoft's lack of security awareness, but the manner in which they're moving forward on their plans to secure the software.
Lastly, there are many people who rightly want it both ways. Microsoft made the decisions they made 10 years ago in order to beat competitors to market and to offer a superficially superior user experience. You can't blame anybody other than Microsoft for those decisions - they were lambasted in the trade press and experts all over the place were telling them how wrong they were. There have even a number of Microsoft employees apologising for those decisions, because they knew they were gambling - they just lost.
Those people who are complaining both about Microsoft's lack of security and the invasiveness of the current software updates can do so in perfect conscience - Microsoft made its own bed, and now they have to lie in it. If they hadn't made patently ludicrous decisions 10 years ago they wouldn't be left with a legacy which pleases nobody.
Most of your argument rests on people not being able to read/write data from hard drives fast enough to use the network bandwidth. Some examples:
The only time I've ever seen near gigabit traffic at a steady pace was at network servers, where traffic can reach a steady 600mbps on a single gig link - which is maxing out the speed at which the server drive can read/write data to its hard drive. Think of it this way, a 1 gigaBIT link can transfer a 1 gigaBYTE file in about 10 seconds, that's FAST! Conversely, it takes nearly 20-30 seconds just to write that large a file to the hard drive.
More:
Even at these tremendous speeds, they are only used at traffic aggregation points, again because any network device, even a turbocharged SAN couldn't handle reading/writing at those speeds for anything longer than a quick burst.
And lastly, your conclusion:
I say this: If you think that 10gig/sec is your answer, you're looking at the wrong problem. You can get the performance you need at gigabit rates.
Given your premise, you argue for your conclusion quite well. I don't, however, think your premise is accurate. Or perhaps better, I don't think it's relevant. First and foremost, there's all sorts of storage mechanisms which can transfer data as fast or faster than 10Gbps. Think solid-state drives and some decent-sized drive arrays (they don't need to be *that* large, we're talking roughly 1 gigabyte per second; that can be done with 5-10 consumer-grade drives, let alone the arrays of hundreds of high-end 15kRPM SCSI drives and the like). So on the basis of storage speed alone, your argument fails.
Second, what does storage speed have anything to do with it? You mention servers not needing this - a *huge* number of servers never touch their drives to read the data they're serving. Drive access == death in most Internet services, and people invest thousands of dollars in huge RAM pools to cache all the data (they used to invest tens of thousands, but now RAM is cheap:). So for a huge number of servers, drive speed is simply irrelevant; it's all served from RAM and generated by the CPU, so unless you're trying to say that CPUs can't deal with 10Gbps (which you aren't, and quite rightly), the conclusion falls down again.
Do desktops need this? No, of course not. If that's what you're really trying to say, then all fine and dandy, just say it. Acceptable reasons would be "people don't need to be able to transfer their 640MB files in less than 10 seconds" and "their Internet connections aren't even at 10Mbps yet, they certainly don't need 10Gbps!" However, you'll find that this technology quickly percolates downwards, so at some point in the future people will be able to transfer their 4GB (not 640MB at this point) files in a few seconds, and their "little" 640MB files will transfer near-instantaneously.
Unfortunately, expect Mr. Powell's blog to be spammed by every idealogue around. Already some pointless jabber about the FCC's "indecency" issues have popped up, some merely wrappers for political bashing. If only that was the worst that it will get..
Yeah, because anybody who can handle seeing a naked tit on TV and who dislikes the obvious restrictions on free speech made with stupid excuses like covering those hemispherical mammary glands up is obviously just a jabbering idiot who is really just after some "political" bashing.
Slashdot Mirror
There's a simple answer, even if it includes a conditional:
:) I have that problem all the time myself. I've found that a combination of politicing with my peers and superiors, and browbeating those over whom I should have authority (but don't) is a decent combination.
1. If these other two guys report to you, there's obviously a lack of respect for authority in the shop. Inform them that logging calls is one of their duties (a critical one at that), and if they fail to fulfill this portion of their job, they will have to seek another. This response would be inappropriate if you hadn't asked them to do so previously; however your post indicates that you have.
2. If these other two guys don't report to you, it's Not Your Problem(tm). At most you can inform their manager that they aren't "acting in the best interests of the team" or some similar poppycock.
If you have the responsibility to ensure that the help desk acts as it should, but you don't have the requisite authority, then Welcome To IT(tm)
I just checked some of our Microsoft Office documents from work with their "textmaker" app, which is supposed to be "100% compatible" with Microsoft Word.
Of course, it's not. It exhibits the same sorts of glitches that OpenOffice does. Which doesn't surprise me given the hoary nasty Microsoft Word file format, but hey, if they're going to claim it, they better back it up.
This use of the phrase "zero-day" is not new; it's commonly used in circles where security plays an important role to refer to a publicly-known/available vulnerability/exploit for which 0 days of notice was given to the vendor.
While Microsoft and Oracle and friends would have you believe that the IT community at large is irresponsible and we just go ahead and use bullhorns to broadcast our latest vulnerability find, it's actually quite unusual to come across a real vulnerability (which this appears to be) for which the vendor was given no notice nor opportunity to fix the issue in a reasonable (read: weeks, not months) timeframe.
The term may have at one point been used to refer to example exploit code which was provided on the same day as the vendor's fix, but that certainly isn't the common usage today.
HTH
Perhaps because with a few 250GB/320GB disks and wonderful software like BackupPC, I have nightlies going back a month, weeklies going back 3 months, monthlies going back a year, and quarterlies going back ... well, 'til when I started backing up with this system (about a year ago - so fine, I haven't actually got a single "quarterly" backup sitting around :).
At my current usage growth, I will be able to continue that schedule for another 3 years without having to swap media. Not bad eh?
Okay, I'm taking bets on them doing this as part of a typical "Embrace, Extend, Extinguish, Extort" cycle. I give 2:1 odds on Microsoft producing ODF documents that just don't work right, or are horribly buggy. The import will lose all sorts of formatting and similar such things.
:)
Anybody?
Yeah. Take a look at the source. I wonder if maybe she's still freelancing for them.
Really all the article does is point out that there's no silver bullet. She does so by pointing out that there are "claims" about open source. That's it. She doesn't dispute the claims. She just says they're claims. Unsurprisingly, she also doesn't point to the evidence of the claims.
FUD stands for "fear, uncertainty, and doubt." This may very well be a simple, subtle form of doubt-sewing. Nothing actually inaccurate in the article, that I saw, but also called into question some faily well-proven FOSS benefits (such as a lower cost of ownership).
About the worst I saw was:
Actually, most people I know don't consider "Total Cost of Ownership." That's a term made up by Microsoft in an attempt to make FOSS proponents look like they're narrow-minded and that their conclusions were incomplete and "irrelevant to business." Everybody I know looks at "cost" - period. "Cost", by definition, without any modifiers, *must* mean total cost. "Partial cost" or "license cost" may mean something other than Cost, capital C.
Likewise, relatively few people I know think Microsoft licensing is the main cost in a Microsoft shop; the legions of sysadmins and helpdesk staff, as well as the lost productivity and downtime cost quickly outweight the (relatively benign) up-front cost of Microsoft software. Take a look at Red Hat's licensing - it's actually more expensive than Microsoft on most fronts. You make it up tenfold in reduced operating expenses, however, and you can save even more in operating expenses if you go with a more technologically advanced flavour such as Debian GNU/Linux (you also reduce the up-front procurement costs as well).
Bah. I can't believe I wasted five minutes debunking this Microsoft-shill fluff piece.
Psiphon appears to be an overcomplex (ie: technically it looks like it's built by a couple of freshmen who think great things) HTTP proxy. Aside from the purely technical, it fails on a number of very serious security concerns - namely, it's non-anonymous. If you live in Saudi Arabia, and you get a buddy of yours in Canada to proxy for you, how long do you think it will be before there's a knock on your (or their) door? If there's a human relationship involved, whether it be commercial or familiar or not, it's only a (short) matter of time before you're caught. What happens then depends upon the jurisdiction.
Your other point, I believe, is that "it's like HTTPS so it'll be harder to block". Yes and no. Mostly no really. HTTPS isn't particularly hard for censors to work around. They just make it so that you have to use a proxy to access HTTPS sites. This is commonly-used, particularly in commercial settings. You connect to the proxy via SSL, using the proxy's keys, and then the proxy makes the connection to the destination site. It decrypts your traffic, analyses it, then re-encrypts it. Since the only keys your computer sees are those of the proxy, it's feasible and done often enough to be scary. (This is not to be confused with HTTP CONNECT proxies, which actually result in the end-points having relative privacy between each other.)
One link: http://tor.eff.org/
l and it doesn't describe something that's even as good as a plain old Squid proxy. Tor appears to be far, far, far safer.
I found http://www.third-bit.com/2004-fall/psiphon_ae.htm
(I live in Toronto. I want to go find these guys and slap them.)
Recent NFS kernel implementations (for instance, whatever I have installed on my Debian/Sid boxen) have a few options which might be useful.
First, in /etc/exports, you can do per-IP-address UID/GID squashing. 'man 5 exports' considered helpful. For instance (Slashdot will mangle this),
That will make the NFS connection from 10.60.55.20 have all access go via UID/GID 1001, and all accesses from 10.60.55.30 go via UID/GID 1002. This is most applicable when using single-user endpoints/workstations.
Newer kernels (late 2.6.x-series) appear to have support for Kerberos and similar; of course, if you haven't even done LDAP yet (what's your excuse? If you're replacing Windows machines in an NT4 configuration, you should at least be migrating to something LDAP-based), then Kerberos is probably out of your league. Fix that.
It's probably waaaaay too late, but...
:)
:)
While I don't feel particularly strongly about the debate of animal testing (my father is a butcher, I spent several years on a cattle/chicken farm as a child, and more than once have I killed my food a few short hours before I ate it), I would like to raise a point.
Most of the arguments in favour of animal testing revolve around "they aren't sentient, they can't feel it, better them than humans, etc." First, it's obvious that they feel it. Go poke a needle in your pet dog and see how he likes it
But that aside, the fact that they aren't sentient (or at least the theory that they aren't sentient) is an argument *against* testing on them, as far as I'm concerned. If the options are "test on something which can feel it, but isn't as self-aware as a human" or "test on a human who has weighed the options and made a concious decision on the matter," I think the latter is definitely more ethical.
Now, I'm off to kill a cow, eat its muscles, and wear its skin
The very definition of RAID is "Redundant Array of INEXPENSIVE Disks". Emphasis mine.
I've already read a bunch of posts about how SCSI is more reliable than SATA. Well, they actually mean SCSI drives are generally more reliable than SATA drivers (and some actually say so). They're quite correct for the most part.
Here's what storage vendors don't want you to know: It doesn't matter.
Use RAID. With SCSI or FC disks, you'll have to use RAID5. At that point, two disk failures in a given array and you're screwed. You REALLY care that two disks don't fail at the same time. And when you're using low-end or even mid-range drives, it happens.
Why do you have to use RAID5? Because with SCSI or FC disks, RAID5 is the only economical option. With a 300GB SCSI drive going for at least $1200USD, and FC drives of that size going for $2500USD, even the biggest corporations end up using RAID5.
Of course, RAID5 isn't the only level of RAID. It's the least redundant of any level of RAID, as a matter of fact.
Go SATA with RAID10, at least 4 drives, ideally six or more. With six drives, the likelyhood of having two drives fail before you can replace the first one is somewhat higher than if you're using SCSI, but the likelyhood of that second drive causing you data loss due to a failed array is infinitesimally smaller. It's guaranteed with RAID5, and the chance for RAID10 is inversely proportional to the number of disks in the array. So first the first drive has to fail, then the second drive which fails has to be of the same RAID1 set. Add onto that that drives do indeed "go old", and the heavier you work them, the faster they get old. With RAID5, disks tend to get worked a lot harder (without any cache, or if the cache misses, each write requires n-2 reads, and 2 writes).
Of course, you've pretty much decided that RAID10 is the way to go. At that point it's cost. If you're looking for 50GB of fast redundant storage, SCSI is going to be slightly cheaper. If you need any amount of storage though, SATA is going to be a whole lot cheaper for the same level of reliability (which requires more spindles), and typically better speed (more spindles means more seeks per second and more megs per second, though one needs to be mindful that big SATA disks are only 7200RPM, while the slowest SCSI disks you're going to get are 10kRPM).
Summary? I'm value-concious. I'd go the SATA route. RAID10, four disks minimum to start, a pair of 4-port 3ware SATA cards with 128MB+ of battery-backed cache. I'd do the RAID entirely with software (Linux MD), with each RAID1 set split across two controllers. We get cheap disk redundancy, cheap disk speed, cheap I/Os, and cheap controller redundancy. I'd consider using less fancy controllers, the 3ware jobbies tend to be expensive, but when you're doing big writes the cache makes a massive difference (75MB/s across four disks of RAID10 versus 20MB/s). I've considered putting together a dedicated storage appliance, exporting via SMB/NFS/NBD/GFS/what-have-you, without the battery-backed cache, but with a pair of 1U UPS units (one for each power supply). Then I'd go around turning off all the application-level fsync()ing, and see what happens with 4GB of disk cache. Bet it'd be fast. And with shutdown initiated via UPS trigger, almost as safe as a battery-backed cache. Remember: "Redundant Array of INEXPENSIVE Disks."
God I ramble.
You're talking about the network. I'm referring to FC drives vs. SCSI drives.
You do not need "Fibre Channel" drives (SCSI drives with different firmware and a different connector) to access them through some network - regardless of whether the network is fibre-based or Ethernet-based. The network fabric is the job of the server (typically, for data storage, an appliance of some form). The disk's job is to serve data to the server. The interconnect there is almost irrelevant. SATA, SCSI, FC, they'll all do well enough. What matters is the drives - the platters, the actuators, the motors, etc..
One cannot compare an FC SAN to a SCSI drive, or an FC SAN to a direct-attached SCSI enclosure.
As far as iSCSI vs. an FC SAN goes, that's a separate matter. iSCSI is not limited to Ethernet. That's the entire point of using something TCP/IP-based, it's largely media-independant. Go check out InfiniBand if you want to see some nifty high-performance stuff (40Gbit/s fabric which you run TCP/IP on, as compared to the 4Gbit/s, tops, you get with FC). You can always run iSCSI over Fibre of course - there are plenty of Fibre NICs and mid-range/high-end switches have supported Fibre connections for years. Of course, unless you're spending hundreds of thousands or millions, you should probably be comparing iSCSI to 2Gbit/s FC. In that case, a pair of bonded 1Gbit/s Ethernet cables are going to get you the same fabric throughput, at a fraction of the price, plus you can use that bandwidth for other things when you're not busy reading from or writing to storage. You get all the wonderful scalability and technology improvements that comes with Ethernet - for instance, already 10Gbit/s kit isn't obscenely expensive, and is pretty easy to find. (Go ahead and try finding 10Gbit/s FC gear; they don't make it, because they can instead sell 2Gbit/s or 4Gbit/s to people who'll pay ten times as much as you ever could. Ethernet-equipment vendors, who market not to corporate IT departments but to almost the entire IT world [which has a great deal of sense compared to the former] have increased the speed of Ethernet by 2 orders of magnitude in the time FC equipment vendors have doubled the speed of FC.)
Personally I look forward to playing with iSCSI. I'm already trying to source a pair of Adaptec iSCSI HBAs (should be at least two per machine) so I can compare to an all-software solution (which appears to perform reasonably well). I have a colleague who does a fair bit of high-performance computing that swears by InfiniBand, but there's no reason why remote storage needs its own separate network (you don't see email getting a different network cable than SSH, HTTP, or VoIP).
Quite correct. We're an end-to-end networkable app, and there are (at minimum) seven different nodes. I've already started virtualising most stuff (so that one machine runs every node), but I'm relatively new here, only been here a year, and I'm having to fight some historical issues with respect to technology choice.
... effecient. So I'm having to carefully make sure that we're not embarassing anybody by showing that they could have spent a tenth the money and gotten twice the service. For instance, we have a four-year-old Fibre Channel array. When I started it wasn't being used for anything. Only two machines have FC adapters, so at most only two machines could use it. I still haven't found a use for it. When they bought it they spent about $120,000 on it. Thus it's a bit hard to justify, say, machines which have more than two local disks, when the President bought into the entire "everything needs to be on an FC SAN" marketing drivel. We're getting there though. Surprisingly quickly too; just yesterday we agreed in principle to a large purchase (a couple hundred thousand dollars). All machines are 2U, each has at least six local disk. The trick is that each machine needs its own copy of the data for security robustness purposes (they're to be separately-managed), and an FC SAN is just too slow and too expensive. So we're making progress.
Basically, the last few people who did any purchasing (the President included) weren't particularly
The other bit is that it's Java stuff, and it beats the crap out of machines. Most of them are older dual-PIIIs, 1GHz+, and as soon as you get one or two developers actively working on a machine, it's not good for much else until they're done.
(You might have noted that I have a particular hate-on for FC SANs. I definitely do. Go take a look at EMC's quarterly reports or some of IBM's statements on the profitability of their storage division. It's a massive cash cow. The thing is, if it was reasonably priced [ie: if the markup was comparable to virtually every other component of a system], I would jump on FC SANs like there's no tommorow. Being able to migrate virtual machines requires that there be shared storage. NFS is bloody slow, and I've not yet gotten the time to really develop high-performance NBD/DRBD/GFS servers. I do have a decent 2U machine with 8 hot-swap SATA bays that I'm hoping to give a good try with.)
That the hardware and software vendors cater to IT departments because "they're geeks and they speak the industry language" is bullshit.
They cater to IT departments because the vast majority of them are run by total incompetents who have no idea what they're doing, and have no idea how to value hardware and software. I run a small business' IT department. Hell, I *am* the IT department. 40 some-odd servers, 20 or so desktops, 10 or so laptops. I do all the purchasing, and let me tell you, they sure as heck don't cater to *me*. They cater to the people who're willing to spend $80,000 on a crap piece of software which could be done by one of our dozen in-house coders (we're a software development shop) in a weekend. Or by me for maybe $2500 worth of time.
They cater to morons who think that "Fibre Channel" drives are better than SCSI, and so are willing to spend $3000 for a 150GB drive. They cater to people who think that there's something magical about SCSI, and so think that even if 10kRPM 300GB drives were available with SATA connectors instead of SCSI, the SCSI drives would still be worth $1500. (Here's a hint - the differences between Fibre Channel drives and SCSI drives is the connector. They may do some extra QA on FC drives, to up the MTBF, but this is what RAID is for.)
Vendors do NOT cater to IT departments because IT departments "know the language". They cater to IT departments because they tend to be massively over-funded for what they provide, and they're willing to piss away huge quantities of money.
That's the thing I hate most about the IT industry right now. Prices aren't set by competitive pressure between the vendors, they're set by twits not knowing that it's silly to pay $50,000 for some shared storage they don't need. Why should IBM sell me a 10kRPM 150GB SCSI drive for $500 when they can sell it to an idiot for $1500? (They'll sell them to me for $1000, and that's the lowest they'll go. I still think it's horribly overpriced.)
That's why I said "hours, days, or - very occasionally - weeks"; not all fixes are trivial :) And yes, we do get trivial fixes in and tested within a matter of hours.
That said, many commercial software companies (such as Oracle and Microsoft) can't even manage to get trivial fixes done - even given months.
There are two types of QA: preventative and exhaustive. We do a buttload of preventative QA. That means a good, clean, well-separated architecture. It means good documentation and extreme attention to detail. It means doing things right, even when adding a given new feature will take weeks or months instead of days or hours.
Neither Microsoft or Oracle do (much) preventative QA. Their software is extremely hoary. They have a different set of priorities, based largely on marketing. It's just turning out that more and more people are caring about technical details in a security context, meaning all of a sudden the quality of their code is a headline marketing issue. The other kind of QA, exhaustive QA, is basically a brute-forcing. At our shop, 99% of that QA is done automatically, at every level. We have several clusters of mixed platforms on which our software runs. The front-end is a box which takes in telephone calls. Our regression testing actually makes hundreds of automated phone calls when a new release is being tried out - and the results of each of those calls is checked down to the source-class level.That sort of thing is really helped by extensive and meticulously-mainted documentation about how data flows through the system, so that the tests can touch each and every part of the code, in all sorts of different ways.
Non-trivial fixes can take longer. Sometimes it means we don't do as much QA as we'd like. Luckily the code is written well enough that there hasn't been more than one or two non-trivial fixes, and the bugs they fixed weren't themselves critical.
Basically it gets down to this:
If a vendor doesn't have good answers to those questions, I honestly don't see why I should consider buying from them. And I don't see why anybody would consider using our own software, either.
You miss the entire point. You could be referring to one of two "really big, clunky corporations." Either the "really big, clunky corporation" that needs to upgrade all their vulnerable equipment, or the "reall big, clunky corporation" which actually has to provide the fix. Let's do the last one first:
- My job is to provide services in a secure, cost-effective, and effecient manner
- It's my responsibility to choose the components I will use to do my job
- That means that (unlike the recent Oracle vulnerabilities), I require that fixes for reported vulnerabilities be provided in a reasonable time-frame, fully-tested and audited
- A "reasonable timeframe" is measured in hours, days, or - very occasionally - weeks. Not months or years (such as the recent Oracle fixes)
- You may say "that will increase the cost of the products" - no it won't. The relatively minor increase in ticket and support contract price is dwarfed by the price of a security breach
- Whether the vendor is a "big, clunky corporation" or not is irrelevant - all that matters is if they can meet the requirements set out by their customers (of which I am but one, and trust me, more and more customers are demanding reasonable security-fix practices - of which "sit on it for a year or more" isn't one)
Or, if you're talking about the "really big, clunky corporation" which can't manage to perform critical upgrades at a time appropriate for the business:To sum up: Oracle waited YEARS to fix some of these bugs. I don't care why they were unable to fix them. They got caught with their pants down, after the people who reported them decided that "okay, by now, somebody who'll use these vulnerabilities to actually attack people has probably found them" and subsequently released (limited) details required to inform Oracle's customers of the possibility of vulnerabilities.
Now they're trying to blame those people, who actually gave me the ability to make reasoned decisions? The gall. A year ago I wasn't in a position to choose which software we used in our infrastructure, and now I am. Oracle's failure to act upon vulnerability reports, and their subsequent attempt to disparage those who allowed me to do my job, has lost them any possibility of future sales while I'm in charge (until, of course, they actually change - and confirming that change will require me to actually audit their own practices, which I doubt they'll ever let me do).The saddest part? We're a software development firm which gets to dictate to some really big customers what database engine they use. We're talking about tens of thousands of licenses, easy. Whereas we were previously looking at MySQL, Postgres, and Oracle. Now Oracle is just totally ruled out.
You misunderstand the stock market system. The stock market system is about making the executive and management of a company responsible to a large number of stakeholders. It's easy to hold them responsible to a small number of people, but once you get millions of stakeholders, it's a bit more difficult.
In a way though, you're right - it all gets down to "maximizing shareholder value." Except it's the shareholders who decide what they value - not you (likely an armchair stock analyst without any Cisco stock), the executive, the management, or the employees.
If some shareholders feel that protecting their freedoms is valuable, and they feel that one of the ways Cisco can do that is by refusing to allow those freedoms to be curtailed - at least on such a massive scale as China - using their technology, then the appropriate course of action would attempt to bring the issue to a vote.
Am I the only one who finds filling this out depressing?
Especially when you fill out the bad bits about the current job. And see that you checked most of the boxes. And then realise that is says "please specify no more than three."
*sigh*
Yes, I've seen this sort of thing at other places I work. It's inherently dishonest. It's justified via a) claiming that it'll help sales (dubious), and b) claiming that everybody knows that they're bullshit anyways. Note that the two justifications are mutually exclusive. Doesn't stop them from using them though.
No, I trust none of these "bakeoffs". Or any other IT advertising for that matter. There isn't a single mainstream IT rag which is even marginally trustworthy. Go ahead and, instead of reading just the bakeoff that you're looking for, read an article about something you already know about (through hands-on experience with all the primary alternatives, including a FOSS alternative if it's software and there is a FOSS alternative). Note how much stuff they get wrong, how shallow the article is, and how it almost reads like an advertisement. The same is true for cars too, largely, at least from what I've read. I can't comment on other industries since I'm not particularly familiar with their trade press. Note, however, that I still don't trust them at all - I expect they're just as bad. It's just that I don't make enough decisions relating to those industries' products to warrant reading the trade press - instead I go to the store and carefully examine the alternatives.
This sort of thing crossed the line into fake advertising at least a decade ago. Companies routinely make absurd claims and get away with it. There's just no political interest in enforcing it. At best they'll include fine print in their ad. If it's a print ad, maybe you'll be able to read it. It's been a while since I've seen an ad with fine print whose fine print didn't take up at least 10 lines of extremely small type. Television ads are a joke, it's impossible to read the fine print at broadcast resolution, regardless of the size of your TV, and it typically takes up a whole screen.
What can we do about it? Elect governments with some spine. These sorts of advertisements will continue to be successful so long as people are poorly-educated, and people will continue to be poorly-educated unless there is a strong collective agreement in place that says "yes, everybody needs some minimum level of education, otherwise they're prone to manipulation and our society is controlled by those who control the media or the other forms of information dissemination." It's funny, isn't it, how political campaigns in the US almost exclusively take the form of commercials? (Except for the "debates", which are a joke to everybody outside the country.)
Note that when the US was founded, everybody who advocated democracy made sure to point out that the requirements for democracy included an educated public, free speech, and free press. People have totally forgotten the education bit and the press bit. (A government-controlled press is no more effective at disseminating important information than a press controlled by an aristocracy - corporate or otherwise.)
That article (and most others like it) compare brand-name Apple hardware to brand-name x86 hardware; typically from the likes of IBM, sometimes from the likes of Deel.
If you're going to add 20-30% markup by going with a brand-name vendor, of course it comes out to about the same, at least now that the Apple has the G5.
However, if you want to build your own, or buy a beige box, there's no comparison. You can easily get comparable x86 hardware for two thirds or even half the price of a Mac.
This is pretty decent. I actually agree with all of the candidate's statements, with a few caveats:
... a number of campaign issues.
:) Nor do I like it when alternatives are suggested which are neither cleaner nor more economically viable than nuclear (such as solar power).
1) Lay off the "racist" stuff a bit. I mean, there's no doubt that there are a number of racist institutions in your country (I'm Canadian myself), but I rather suspect that belaboring the point so much does more harm than good. I'd make it a single campaign issue instead of weaving it into
2) Generating electricity from solar energy is far more polluting than nuclear energy. The chemicals and energy expended to produce solar cells are obscene. It's really quite disgusting. You can still use solar to heat water for home use and such, but generating electricity from it is currently no-win and won't be viable (from a net-energy standpoint) for decades to come (and there are companies which are betting their future on it - the sooner they get it done, the better off they'll be, but even they don't delude themselves into thinking it'll happen *soon*).
Wind power is great, at least when care is taken not to dramatically change weather patterns. It's pretty local in nature, unfortunately, and I haven't seen any math showing that it's a viable energy source for the entirety of your country.
That leaves, pretty much, hydro as the only viable renewable energy source available within the forseeable future. Unfortunately, hydro power itself is extremely traumatic to the local environment.
Nuclear, however, is very clean. It's cleaner than all known energy sources excepting wind power and possibly hydro power (depending on how you define "clean" - hydro power destroys entire ecosystems). The *only* problems with nuclear power are its nonrenewable nature and the toxic waste it creates. The nonrenewable nature of the power is obviously something to consider; the known sources of nuclear fuel could only support modern usage levels for a few hundred years (I think I saw an estimate which said up to a thousand or so, but I can't find it any more). That's enough time to support high industry while we come up with something better though. The toxic waste is largely a marketing worry. Did you know that oil companies probably supported Green Peace's anti-nuclear movement? Go ahead and search for papers written on it, they're out there. There are natural systems in America and elsewhere which have kept things far more mobile than nuclear waste (like, say, water and life) contained for tens of millions of years. There are *truly* viable systems available for storage of nuclear waste for tens of thousands of years - long enough for them to be totally harmless by the time the containment systems fail and the (now non-toxic) waste is released into the ecosystem.
As you can gather, I don't like seeing unsubstantiated fearmongering when it comes to energy sources
3) This relates to the nuclear power thing in that I believe they're both based on FUD. Or perhaps more correctly, upon unsubstantiated fears or maybe even a bit of moral extremism. What's the third thing? Genetic modification of life forms. I don't think we should be doing it lightly, and at this point we *certainly* shouldn't be doing it outside of the laboratory, but to espouse a position that is "against" a *science* smacks of near-religious extremism.
In summary: if I were down in the US there, I might vote for the Green party. It's still not a real clincher, because the three points outlined above indicate some level of nonrational extremism that's a bit scary. NEVER "oppose" an action or a science or a school of thought - just oppose the consequences. ie: instead of ruling out "nuclear power", rule out "brain-numblingly stupid levels of pollution". Keep minds open to how the problems you actually want to solve (polution in this example) *can* be solved. In the case of GM food, the only way it'll ever be safe is if it's
You didn't mention anything specific :)
:)
The only times I've ever seen numbers compared (for instance, frame rate or how long it takes to perform given operations), the differences were so negligble such that they could be attributed to random cosmic rays. And in XFree86's favour typically (though very, very, very marginally).
It's also worth noting that X11 is not "Linux", nor is the main implementation of X11 (XFree86 in other words) "Linux". Nor are they even particularly well-associated with Linux - XFree86 is developed largely by BSD nuts (meant in a nice way, one of them is a good friend of mine).
Right, so anyways. Got any numbers? *Anything* other than foaming at the mouth?
HTH, HAND
(Yes, I Have Been Trolled
First, you're dismissing the (rather large I bet) group of people who don't want it both ways. For instance, huge numbers of computers are already protected to some degree by corporate firewalls and home routers and similar such things. Now when these people bought the software, they knew its shortcomings and worked around them appropriately. They're now not only having to explain to bosses and the like that "no, after all, we didn't need to spend 2 million bucks on all that security crap you argued against vehemently," (because all the bosses will know is that "Windows XP SP2 is secure") but also having to deal with all the various breakages introduced by SP2. And what are their options? How long will MS support non-SP2 versions of XP?
Second, people can feel rightly upset when a doctor cures the disease by killing the patient. This is a service pack - an update to an already-released software environment. It's not the right time for huge massive changes. Many of the people who previously complained about Microsoft's lack of security awareness and are now complaining about SP1 are no longer complaining about Microsoft's lack of security awareness, but the manner in which they're moving forward on their plans to secure the software.
Lastly, there are many people who rightly want it both ways. Microsoft made the decisions they made 10 years ago in order to beat competitors to market and to offer a superficially superior user experience. You can't blame anybody other than Microsoft for those decisions - they were lambasted in the trade press and experts all over the place were telling them how wrong they were. There have even a number of Microsoft employees apologising for those decisions, because they knew they were gambling - they just lost.
Those people who are complaining both about Microsoft's lack of security and the invasiveness of the current software updates can do so in perfect conscience - Microsoft made its own bed, and now they have to lie in it. If they hadn't made patently ludicrous decisions 10 years ago they wouldn't be left with a legacy which pleases nobody.
Most of your argument rests on people not being able to read/write data from hard drives fast enough to use the network bandwidth. Some examples:
More:
And lastly, your conclusion:
Given your premise, you argue for your conclusion quite well. I don't, however, think your premise is accurate. Or perhaps better, I don't think it's relevant. First and foremost, there's all sorts of storage mechanisms which can transfer data as fast or faster than 10Gbps. Think solid-state drives and some decent-sized drive arrays (they don't need to be *that* large, we're talking roughly 1 gigabyte per second; that can be done with 5-10 consumer-grade drives, let alone the arrays of hundreds of high-end 15kRPM SCSI drives and the like). So on the basis of storage speed alone, your argument fails.
Second, what does storage speed have anything to do with it? You mention servers not needing this - a *huge* number of servers never touch their drives to read the data they're serving. Drive access == death in most Internet services, and people invest thousands of dollars in huge RAM pools to cache all the data (they used to invest tens of thousands, but now RAM is cheap :). So for a huge number of servers, drive speed is simply irrelevant; it's all served from RAM and generated by the CPU, so unless you're trying to say that CPUs can't deal with 10Gbps (which you aren't, and quite rightly), the conclusion falls down again.
Do desktops need this? No, of course not. If that's what you're really trying to say, then all fine and dandy, just say it. Acceptable reasons would be "people don't need to be able to transfer their 640MB files in less than 10 seconds" and "their Internet connections aren't even at 10Mbps yet, they certainly don't need 10Gbps!" However, you'll find that this technology quickly percolates downwards, so at some point in the future people will be able to transfer their 4GB (not 640MB at this point) files in a few seconds, and their "little" 640MB files will transfer near-instantaneously.
Yeah, because anybody who can handle seeing a naked tit on TV and who dislikes the obvious restrictions on free speech made with stupid excuses like covering those hemispherical mammary glands up is obviously just a jabbering idiot who is really just after some "political" bashing.
Oh sorry, I've been trolled haven't I? Oh well.