I've had Amazon Prime for two years, with multiple deliveries per week to a rural address. Hundreds and hundreds of packages, and only one issue with the package being delivered impaired (a large farm implement that wasn't even in a box, delivered missing a large bolt that was zip-tied to the steel frame).
UPS has been outstanding. USPS on the other hand can be guaranteed to leave mailboxes open, shred packages, place packages in strange places, destroy mail in transit, break DVDs, accumulate mail for a week at a time and then deliver it, etc.
FedEx has also been good to work with but by no means as friendly and helpful as our USPS has been.
Philosopher and media theorist McKenzie "Ken" Wark addresses a large aspect of this issue of gaming as subversive work and mis(re)appropriation of labor in gamespace to the application of capitalist/vectoralist interests in his recent work Gamer Theory (online interactive book).
The Video Game Monologues project does a reasonable job explaining some of this, put to animation.
Wolvenhaven's comment about budgets is on target; our small, rural Iowa district had to let 8 teachers go this spring because of declining tax inflows due to the economy. Funding teachers across more time would be a financial benefit to our family (my wife is a teacher in the district and doesn't receive compensation for when she's out of school not teaching as would be expected), but it'd cause the district to lose more teachers. In a small district, this would be devastating.
But there's another aspect some (including Obama) are missing. The United States is a highly diverse nation with a diverse workforce. Like a fool who would prescribe public transportation to replace all motor transportation in the U.S. -- a proposal that simply fails to understand the large spaces the U.S. covers and treats Wyoming like Berlin -- the educational system has similar heterogeneous aspects. During the summer months, our system is not to "send the kiddies to the field" as Obama's inept education administration official claims, but rather to supplement education in a highly diverse, non-governmental-decreed manner.
Yes, many kids get summer jobs, and there is considerable education for those working in a shop, grocery store or other light skill or service economy function given the probability that such students will be moving into this workforce upon graduation. In case you didn't notice the recent unemployment statistics, this demographic (16-24) now suffers over 50% unemployment, mostly due to the recession and the increase in minimum wages (which causes employers to substitute an unexperienced teen with an adult with experience for the same higher wage).
But many kids destined for college go off to specialized camps. My son spent 5 weeks of the summer at one of the top national debate institutes, working harder in the summer than he did during the year. Music camps, international travel, student summer foreign exchanges and local university summer programs all round out the options available for the college bound to receive much more intense and specialized education, necessary for their advancement in higher education. Obama's plan would replace that with more of the same -- as Gilles Deleuze would say, smoothing terrain by pushing more of the same hegemonic, institutional programme and eradicating diversity education that predominates summer break.
While it's not appropriate to debate this on the terms of "more education vs. kids sitting around watching tv" (those kids are also preparing for their future career through the choices being made), it is appropriate to debate this on the terms of whether we desire the heterogeneous workforce we're encouraging through the current model, or seek a more homogeneous model (ala "sameness"). Should further globalization be desired, as Obama's administration advances and his financial backer George Soros promotes, then perhaps the United States would be better served by creating more interchangeable service sector jobs. Given that both political parties desire a global model, Americans are less likely to be programmers, system engineers, architects, creative thinkers, product designers, etc.; even finance and legal professions are increasingly being offshored with great financial benefit to the global corporation. Preparing students for a career where they're part of a replaceable, worker-commodity workforce may be more appropriate in the long term, given the unified desire of Americans through the expression of those pro-globalization representatives they continue to elect.
I must have missed something in the thread... what extra services is the state of Washington providing Microsoft to account for the additional billions of dollars of cost their governance structure provides? If we're paying for governance and one state is many times more expensive than another, is that extra cost due to it being a really high quality state or simply a problem due to mismanagement, inefficiency, corruption, misguided spending of funds on ineffective purposes and theft?
And specifically, should the difference be explained by a superior state government in Washington, are these additional high-quality services items that Microsoft would value? For instance, it could be argued that if Washington had state school districts that were 50% better than Nevada's, Microsoft employees would receive a value for the expense (although it could be effectively argued that such an expense should be applied more directly to the recipient of the educational service). Perhaps Microsoft benefits from a better state corporate liability law system? Or better roads infrastructure to their campus?
We have a similar misconception in the information technology risk management world (actually, the greater risk world as well) where executive management mistakenly believes that compliance practices will eliminate risk. Even if we have 100% compliance with regulations (like PCI) and standards (like ISO 27000 series, CoBIT, ITIL, etc.) and could have an imaginary 100% effectiveness in the controls provided by these regulations/standards, we'd only eliminate known risk.
Consider what regulations and checklists provide to assess risk: a checklist. And where does the checklist come from? Previous situations where we had problems occur. We learned, for instance, that simple 6 character passwords suck and are easily bruteforced, so the checklist asks if passwords are longer than 8 characters, have complexity, etc. But no checklist can ask for what problems we haven't encountered yet. So while we'll have regulators, external assessors, internal auditors and other compliance professionals examine an environment on a periodic basis, it will never substitute for a risk program that uses methods for uncovering risk from the un-checklisted and unknown terrain. Advanced techniques, such as those that use approaches that illuminate the risk domain through the creation and exploration of new vantage points, efforts that shock the perspective comparable to critical theory's radicalization, or those that de/reterritorialize and allow us to apply different thought models to a domain (e.g. looking at network attacks from a rhizomic, not a hierarchical model which reflects how a DDoS attack might manifest) are all non-checklist methods to assess risk.
Interestingly, these approaches are not able to be appropriated by a hierarchical expert-system approach. Consider how expert systems create decision-trees, subject to all the Deleuzian problems (Galloway's books http://cultureandcommunication.org/galloway/Protocol: How Control Exists After Decentralization, or his work with Gene Thacker, The Exploit: A Theory of Networks, are both exceptionally valuable in understanding non-hierarchy problems in information technology). Plus such expert systems are subject to countless other problems known to information theorists and end up creating predictable paths through the model, to which any information system will adapt, and regress to the mean. Consider this example: if the IBM expert system is employed in the information security realm, it will specify a predictable path to responding to any security incident. Any information system will naturally recognize this predictable response and then use it against the system. This basic technique is already employed by most competent hackers -- measuring, testing, assessing your target to learn of the quality of their response to your efforts.
In other words, any organization that would rely upon this service from IBM will be a predictable, exploitable target. They might as well publish the blueprints of their network and list user names and passwords. God help the fools that believe that knowledge is static and life is not competitive.
Outstanding advice. I went back ~35 after a career up until then in network engineering and information security, though I went back and picked up a finance degree. gw0ntum makes a valuable addition. You're going to find it awkward, especially when you have some profs your age or even younger. Some suggestions I'd make:
1. BE HUMBLE: even if you're an alpha, don't play one. set it aside and adopt an alternate persona. your classmates not only don't want to hear about your experience but they're ready to reject you if you show any signs of it. instead, humility is your friend. when you kick ass in assignments and show you're naturally good at some things, your younger classmates will likely respect you then for it. but always keep the humility as your persona. they're going to be intimidated by the age difference and when they find that 15-20 years of age difference really doesn't mean jack u-know-what, they'll be cool with you.
2. HANDLE PROFS CAREFULLY: show your creativity, innovativness, eagerness, etc. by DOING, not by saying. this screws so many nontraditional students up. yes, its important to let the prof know you're eager to learn/succeed. but do it by doing, not by showing off. understand that you're an outlier, so every subtle action you make in the classroom will have 10x the effect. this pisses off your classmates and makes your prof uncomfortable.
3. FIND YOUR PERSONA AND STICK TO IT: my dad's long-time faculty at a university that has a good amount of nontraditional students. i've learned that even the faculty has stereotypes of the nontrads. eager beavers (over-eager volunteer for everything desperate to show their worth low self esteem types), suck-ups (total poseurs that will flunk out but will suck up at first and try to play the 'hey prof, i'm a grown-up like you, give me preference'), one-class-ponys (typically 60+ gals who take one class and blow the damn curve cuz they have no freaking life outside of that one class), over-committers (usually the nontrads who have just come back to academic world and are so clingy and over-committing trying to prove their worth to self and prof), and dominators (nontrads that want to give input to everything, dominate the discussion, share their "worldly" experience on everything and embarrass everyone in the room except themselves). Those are not good choices. Find something subtle, quiet and driven. Sit in the front row, kick ass and let your work show your drive. Let the prof call you out because you get stuff right. They will balance the dialog and keep you from being seen as a show-off - hey, when your work is good, that's the game.
4. FRIENDSHIPS: Be open, kind and friendly to all. I ended up with friends spanning the total range - from girl jocks to geeks to poet-thinkers to hard core achievers. All I had to do was smile, be relaxed, be damn good, and be a team player.
It's a weird situation but if you handle it right, it'll be very rewarding, and that degree does open up tons of doors. Good luck!
I'll only buy TTS books. I own a Kindle2 and have more than 20 texts (philosophy works for my degree and debate coaching) on there already. I've spent more than $500 in the past week on my Kindle investment.
As someone who also commutes, I find the TTS to be invaluable already. We'll see if that continues to last, but as I'm reading for educational purposes, not entertainment, I have a utilitarian informational need. I don't need an actor reading Baudrillard's "The Illusion of the End" (the words are powerful enough). And incidentally, good luck finding any of that material on books-on-tape... there's simply not the market for it.
So if an author or publisher refuses to allow me to listen to it, they take away a core functionality. I'll find another version (on older philosophical texts, that's common), or simply check it out from the library, depriving them of the sale. The TTS audio quality is no threat to your books-on-tape business, you offer no such capacity on most of the works I purchase, and the TTS allows me to make use of two hours a day of drive time during which I need to study.
Funny how history repeats itself, especially in Sprint's case. In 1996, Sean Doran (SprintLink senior network architect) decided CIX-W peering was no longer cool and dropped peering, causing one hell of a black hole. From my recollection, it was the first instance where open routing was disabled due to political or commercial objectives, and unfortunately for Sprint, it came at a time where Bob Collett (then head of SprintLink) was trying to promote Sprint's openness and participation in the community. Bob overruled his engineer and routing was restored several days later.
Since that point, BGP black holes have continued, usually to the detriment of customers. BBN Planet, Exodus and numerous others played the game presuming that content was more important than eyeballs or vice versa. The fallacy in their model is that content without consumer is as useless as consumer without content. Until they establish that understanding, neither unbalanced provider will succeed.
With the "deep packet inspection" technologies, conceivably ISPs can just replace, in real-time, our Google AdSense pubisher IDs with their own.
Increasingly, I'd expect https sessions will be necessary for sites with any form of confidential information - not just sites with more sensitive financial, social security or other higher sensitivity levels. Consider that the ISPs are leveraging confidential session information to exploit the web sessions elsewhere. ISPs are also harvesting web traffic data and selling it to others for data mining utility. As a visitor to google, yahoo, whatever, my identity and usage is confidential information of financial value. It's time encapsulation and encryption be utilized by these firms to protect that information - otherwise they'll see further encroachment and loss of revenue due to this technique.
I do find it reprehensible that any ISP would violate the integrity of traffic I've requested from its source. It's a sense of forgery through a MITM activity I have not consented to (oh I'm sure they'll put that language in my contract so that I do consent, but you get the point).
I seriously believe that one of the reasons throwing money at the problem hasn't been working is that people who are implementing these things aren't the best possible candidates.
In larger corporations, especially where the regulatory environment is a driving factor, you might find that money isn't being thrown at security, but rather compliance. As ErichTheRed points out, there is no shortage of these silver bullets being purchased from executives who don't know better.
As someone who heads up an information risk program for a global financial firm, I've been fortunate enough to see the policy and technical control environment and observe where and why controls failed to prevent against security incidents. Having a company that came from a regulatory-driven security model (not unlike many), the assessments of the incidents has shown repeatedly that the alignment of a program in reaction to PCI, GLBA, HIPAA, SOX, etc. does not provide for a risk-optimized information security program. Yet business executives in many firms believe that the highest bar to be funded is that prescribed by external regulation. Compliance should be regarded as the lowest bar, not the highest, as it is by no means intended to fully address the realm of information risk and security.
The recent breach experienced by Hannaford is a good illustration of this problem. Hannaford was reportedly PCI compliant at the time of the breach, yet was using WEP to secure wireless in numerous cases. Elsewhere, there is too much reliance upon comprehensive common controls to compensate for lousy security at the application level. Hannaford execs are apparently "shocked" at the breach, yet were using a wireless security control a mediocre offsec analyst can break in 2-10 minutes. At the same time, I'm certain many firms have gone overboard on other controls (prospect theory tends to explain why so many of us over-treat the perceived likely risks and completely ignore the perceived improbable black swans that end up wiping us out). It's hard for us to make a case for security when we blow too much on some things and never see a threat test it out, and get clobbered on something we ignored.
The biggest problem I see is that the business executives see security as a product, not a process, and information risk and security people don't do a good enough job correcting that misconception. The lack of understanding risk optimization by InfoSec professionals is a real issue: we tend to overspend for the risk in some controls while neglecting others.
NIST SP800-37 prescribes creating safe applications in a sea of risk, yet many large firms pretend the oceans can be calmed if the right firewall or NIDS is deployed (think about what it tells you when NIDS is regarded as a control that *prevents* threats from exercising vulnerabilities by executives!).
The best results I've seen have come from a very close tie between the business unit management and information risk using financial language to communicate risk through an optimization approach. I'd suggest ISO 31000 or AS/NZS 4360 (Aussie/NZ standard) as a great starting place to talk about not being risk averse, as so many of us in InfoSec are, but taking the right risks. I certainly encourage people to be careful about probability models - read Taleb's "The Black Swan" for some clues on why you don't want to rely on guassian models for too much of your modeling.
Back to those regulations like PCI, I've found business execs understand the concept of "minimum baseline" when put in the context of a reserve requirement on credit portfolios. That regulatory requirement serves as the bottom line level, permitting the lending firm to select its own optimizing level of risk. Some may have offsetting efforts that
many of these Executives never do anything to justify the increases.
Actually, they do quite a bit in the short term to "justify" the increases, but to the detriment of the rest of us.
A year ago, I read a speech by Sir Edmund Hillary explaining how horrified he was that climbers of Mount Everest violated the ethical code of climbers, ignoring a man in trouble on their climb upward and letting him die without help. These summit-seekers were intent on reaching their own self-gratifying goal. They spent their tens of thousands on the "trip of a lifetime" and weren't about to let someone else's misfortune spoil it. Instead of setting aside their summit-reaching goal to rescue someone in trouble, they choose to let him die while they kept on seeking great returns.
As a professional operational risk manager, I see the same behavior in countless execs. It's called leptokurtic risk (or kurtosis) - the condition of seeking artificial enhancement of returns at the center of a distribution while also taking on excessive outlier risk in the tails (called "fat tails"). These executives take on excessive risk for all of us as they seek their own personally-rewarding summits. The company I work for has struggled through significant catastrophic risk due to the neglect of systems maintenance by previous executives. Instead of spending money refreshing hardware, maintaining trained staffing and continuing license agreements with vendors, they threw it all overboard so they could puff up quarterly numbers and reward themselves for their "achievements." They left before the disasters began to occur, millions richer. They cashed out with hundreds of millions while shareholders and employees were left holding the bag. Their summit-seeking behavior let them seek greatness and riches while screwing the rest of us.
A simple example of this would be a airline pilot who is rewarded for getting to his destination faster. Once he realizes all the safety equipment (mid-air collision avoidance, oxygen systems for depressurization, fire retardants and other items taking up weight) can be discarded letting him fly faster, he tosses it all overboard and takes on excessive risk for all the passengers. He flies this way until he's realized the plane's certain to crash, and jumps out with a golden parachute, letting the gutted aircraft collide directly into the side of a mountain, taking the lives of everyone on board. Increasingly, this is a common practice for public company and private equity executives.
As Circuit City witnessed, there is a direct correlation between this behavior in executives and the failure of the company they harvested. The only thing I can recommend for those who find their behavior disgusting is to flee any and all companies that you observe rewarding executives for summit seeking. If they're taking on excessive risk (usually by ignoring it and dismantling all the safeguards so they have even greater funds to line their pockets with), abandon these companies. Let them collapse while the parasites are within, taking them down with them. Until capital markets become savvy to this parasite racket, we're all at risk. Watch for this summit-seeking behavior in the companies you work for and invest in.
That's a pretty good observation. In my case, I do buy the CDs, after hearing stuff on digitalgunfire.com and rantradio.com that I didn't know about and want. Usually, it's an artist on Metropolis Records like And One, Funker Vogt, etc. that has never received a single minute of airplay in our top 50 population market. Even having switched to XM Radio since I can't stand the pathetically poor programming on our local stations, XM's variety doesn't cover this genre as much as I'd like.
But before you shell out $20 on a CD, you really want to hear at least two or three more tracks by the artist to make sure what you heard is representative of their sound. Jump onto P2P and pull down a few tracks and verify.
I've probably bought no less than 100 CDs from Metropolis Records this year alone, and thank them every time for supporting streaming shoutcast stations of their music. They recognize nobody would ever hear their artists outside of Europe, NYC and LA if they didn't support these efforts, and have numerous artists who are benefiting from streaming audio and P2P fileshare music promotion. Clearly, there are labels and artists who embrace modern promotion and distribution approaches.
So who rejects this approach? Only labels with large portfolios of tired artists and an unviable financial model that doesn't compete without regulatory force. If you really want to put an end to DRM, completely stop purchasing music from artists on RIAA labels. Vote with your wallet - it seriously works, as SCO found out (it's hard to continue senseless litigation when your revenues disappear). Otherwise, quit complaining about it as your purchase continues to signal them that you support their efforts.
A better approximation can be achieved by modeling the level of rationality of the individual and assigning probabilities based on that.
And yet even this approach has serious problems; normal probability models fail miserably when applied to numerous areas where humans have an influence. Check out Dr. Taleb's The Black Swan: The Impact of the Highly Improbable or at a minimum, check out Dr. Taleb's website for more details.
Taleb's conjecture (which is supported by many others in the fields of behavioral finance & economics) is that models based on normal distributions (the primary model in Taleb's "mediocristan") fail when they encounter conditions often found with human behavior that seriously violate the prerequisites for such a distribution. For example, a normal distribution requires that each flip of a coin be an independent event and have no outcome bias from previous heads or tails. Unfortunately, many human events tend to violate this precondition. Winners tend to win more, and losers lose more, in human situations possibly due to herding behavior (e.g. people feel they will be safer from harm by being around a winner, thereby assigning more resources to the winner and allowing them to win even more). This condition alone damages normal distribution models and tends to yield what is called a fractal distribution (also known as a "power law" distribution).
Other conditions, such as bimodal and multimodal models, further distort the use of normal distribution approaches in forecasting events. Some suggest the economy is bimodal, having a "good economy" ruleset and a "bad economy" ruleset based on the majority perception. A friend who manages a multi-billion dollar mutual fund has conjectured that U.S. financial markets are multi-modal, with its behavior corresponding to the financial belief system of the dominant participants. E.g. the dot-com boom was driven by non-technical investors who believed in the rule of capital appreciation (and totally ignored models like dividend discount model and such for equity valuation). Following that bust and their departure from the market, those who remained in the market were mostly those educated in classical financial analysis methods, and subsequently the market tended to behave following their rules for a few years (mostly 2002-2004). When technical analysis investors tend to get active, you'll find equities of interest to the TAs tend to start following the TA rules - mostly because those who are interacting with it daily believe in them. This goes on until a different dominant force influences the mode, often due to opportunities being discovered by users of other models that are missed in the current one. This approach was also heavily practiced by George Soros, who would raid an investment target when the current mode carried it way out of line, creating unique risks (such as liquidity risks) which the current model didn't recognize. Multi-modal distributions cause normal distribution approaches to fail miserably as the modes tend to be organic and have considerable influence from exogenous events.
Then again, it's not terribly surprising that grants such as these are given. Most of our financial and risk analysts are trained in classical models and are constantly shocked when the real world doesn't behave as such. If you're interested in this kind of stuff, or find amusement in the failure of supposedly smart people to predict stuff, check out "Why Most Things Fail" by Paul Ormerod,
They want to be able to plug into "the formula" to market and sell albums.
Who the hell are you to claim you know better than music industry experts as to what people want to listen to? Next, you'll be telling us people want more than Old Country Buffet for dining experiences and prefer cars in colors other than black. Just imagine the chaos this causes producers!
If you go back and read the article, you'll learn that perfectly qualified EXPERTS like Rick Rubin are pre-screening music for you. Experts like this take the randomness out of the process of locating talent, and provide consistent, predictable revenues for the recording industry. Instead of the volatility of new artists popping up and very likely not needing the record label to produce their success (with the obligatory contracts that ensure the majority of the proceeds go to the label), this uncertainty is eliminated by imposing a control economy model upon art.
In a manner all progressivists and liberals would champion, artists are selected, promoted and "made" by the label. The label controls the distribution and ensures that airplay on radio stations closely mirrors what the labels have to offer. Music forms not managed under major label contracts, such as trance, EBM, gothic, industrial, etc. are prohibited from exposure. Forms of promotion are closely controlled and those that do not allow for such control, such as Internet broadcasting, are terminated. Even innovative new forms of discovery, such as American Idol (where the industry allows the audience to believe it is creating a new organically determined artists, while still ensuring the winner will be under contract with the industry on terms even more favorable to the label).
You should be thankful that this highly controlled industry consistently cranks out music for you to buy and has had such low uncertainty in its earnings for its oligopoly owners. Control-economy efforts such as these take the short-term normal business volatility risk out of the picture (at the expense of improbable fat-tailed risks sneaking up and causing industry-demolishing catastrophes). Labels manage chaos for the same reason public corporations manage earnings: to reduce uncertainties in the short-term at the expense of inviting in black swans in the long term. Since the latter is usually another manager's problem in another financial quarter (and always after the current manager's bonus has been paid), that's always somebody elses problem
Kindly quit complaining and go buy some Ricky Martin, Rolling Stones and anything with a "Best of" in its title. The recording industry's year-end bonus is counting on it!
This crap will never change as long as we have fools on both sides of politics that readily believe the only one party has been corrupted by money, special interest and the protection of elite, old money families. Neither party has a monopoly on the corruption of power.
I tell you what our president has done. He has reduced America to third world status.
Anyone who's spent time in third-world nations knows the falsehood of this ignorant commentary. Let's objectively criticize people for what they really have done - as Bush, Reid and Pelosi have no shortage of legitimate criticisms. Our President (and his Congressional counterparts) has exclusively represented the powerful special interests that put him in office in a manner no different than Clinton, Lyndon Johnson (Halliburton's Man, who's wife was a major shareholder of Halliburton until her recent death), FDR, Harry Truman, Nixon, and numerous others. Actually, you'd be hard pressed to find any President who didn't represent elites.
Regarding broadband and the U.S. Federal Government, the Ag bill passed by Congress ~2002/2003 set aside record funds for rural broadband. Senator Harkin (D) of our state was instrumental in its passage, and also instrumental in having the actual rules written to exclusively benefit the incumbent fat-cat monopoly local telcos. Competitors to these tired old local monopolies were written out in the details. This wasn't BushHitlerCo, this was Democrats in Congress along with a Republican administration.
Having worked for a competitor to the incumbents, covering 10 counties, we found funds dried up while tired old ILECs got tens of millions only to sit on the money. Worse yet, permissions for formerly illegal cross-subsidies were enacted, allowing monopolies like Iowa Telecom to apply $3.50 charges to every phone line and dump it into their broadband entity, driving competition out of the market. They kicked competition off of the copper, subsidized from their monopoly business and used monopoly subsidized operations and infrastructure to lower the cost of their broadband business and killed off any real threat. Both Democrats and Republicans were implicit in this gift to their fat-cat buddies.
the Bush administration put Michael Powell in charge of the FCC, the digital robber barons were basically set free to do whatever they liked.
Except the Clinton FCC already set the pace for special deals with incumbents and as mentioned, numerous persons of both parties made sure only their fat cat buddies would get new slush funds.
Read up on the infamous Representative from Bell South, Billy Tauzin, and his efforts with powerful Democratic Senator Dingell to further reinforce monopoly power in broadband. Tauzin was a Republican and Dingell a Democrat. Both are bought and paid for by the incumbents.
As long as we have fools who believe one side is good and the other evil, we'll have a government exclusively representing fat-cat special interests while us fools get screwed. Get your head out of the sand if you don't like being screwed.
One option if you can make the time for the investment is to add either a minor, double-major or emphasis in a non-technology field, especially if you're looking at the IT path. This approach will set you apart from other candidates and puts you in a position to be able to communicate and understand problems in specific business domains.
For example, while the Fortune 250 firm I work for is shedding programmers and analysts like mad for outsourced options, it is also hiring project managers, auditors, information security analysts and risk managers who have a non-IT specialization like finance, marketing, legal/regulatory in conjunction with the IT foundation. These multi-domain specialists are critical in moving projects forward, especially when the programming staff is outsourced and someone has to relate business requirements to the outsourcing resource.
Having come up in telecom and IT, I went back and added a finance degree a few years ago and am now completing a masters in economics. I went from having a tough job competing over scarce network engineering positions to a senior position in operational risk. The key was mastering more than one business domain so my employer found I could work between different business units. Many of my friends who've been successful have taken the same approach and it is a great way to reach into a six-figure salary pretty quickly.
If you find you're quantitatively inclined, you might consider getting a double major in finance or statistics to complement that IT degree, rather than focusing on a CS degree. The quant can be harder and the job market is significantly different. Countless firms have a shortage of IT analysts in finance, data mining and other corporate decision-making fields.
As long as you're a replaceable commodity, you'll be at risk to outsourcing and low salary issues. Become someone who can help management understand their problem area and relate it to a technology solution and you'll do very well.
most states use some or all of the fuel taxes to help defray the cost of road improvements
Inefficient, ineffective tax collection means isn't our problem. What do we need to do to get our progressive brothers on the same side of the table with us libertarians who're tired of complicated tax schemes that only empower central governmental authority and punish innovation?
Too much of the U.S. government is about the empowerment of the state. Highway speed enforcement, as even my state patrol buddies attest, has nothing to do with safety and everything to do with revenue generation. Fees here, fines there, and taxes everywhere. A government obsessed with collecting our money is one that has lost track of its primary purpose. Protection of the environment, the individual and our country no longer matter. It's all about fat-cat government bureaucrats making a buck.
If you're pissed about evil oil companies, Halliburton, etc., then please consider this for a moment: What doesn't matter in math and economics is the size of numbers. Freaking idiots get wound up about seeing more zeros behind an number and believe that's relevant. What does matter is normalized ratios. If you're too stupid to understand these math basics, then you're screwed in life anyways so don't bother. In otherwords, it's about ratios. If British Petroleum makes a trillion dollars in profit, but only has a 2% margin, they're making a lousy return for the risk they're taking. If any investor (e.g. your pension fund at work) is putting money into BP for a crappy 2% return, they're insane. There are much lower risk investments they should be in instead.
When you look at the actual returns of big oil, it's pretty sucky respective to the risk. But try this on for size: while a gallon of gas at the station only makes a nickel to a dime for the gas company, the government is making a couple of quarters. Why? What did they risk for that gallon of gas? The answer is unfortunate; they risked nothing. Why did you let these government fat cats take you for 4 to 5 times the "profit" while they risked absolutely nothing? Why are you paying them such outlandish fees? Haven't you figured out you've got "sucker" written on your forehead in their eyes?
If you're having a hard time with the risk/return concept, put yourself in the equation: If you work 2 hours a week surfing your favorite websites, you're really not putting much to risk and you'd probably agree that you shouldn't be paid much. But if you bust your ass and work 60 hours a week putting all you have into something, you've really stretched out and deserve a chance at making a lot more, right? Oil companies, as unpopular as they are, risk many billions per platform, oil rig, etc. and pray they don't get bit by hurricanes, government nationalization (e..g Venezuela were 'all your oil rigs are belong to us'), greedy government taxes, etc. Consider putting $100,000 of your own money at risk when you know there's a damn good chance the government will claim it, you'll come up dry on your speculation, or the damn weather will wipe you out. What kind of return do you demand for this kind of risk? I'll betcha it's a hell of a lot more than the oil companies are making.
But not our government. The fat cats in DC and our state houses are never full.
farmers have been severely pissed off about the low prices they've been getting. One frind of mine who farms poined out there's more money in hauling garbage per ton than selling corn per ton.
Exactly. Corn prices have been near historic lows, and now we finally have upward change (which apparently is something the under-educated news media doesn't grasp. Guess we know who flunked out of calculus in school).
I live in rural Iowa and work in Nebraska and have many friends who are row crop farmers. Both corn and soybean prices have finally increased past the government subsidy for minimum prices (which unfortunately has detrimental effects itself). Last year, farmers were dumping crops and not even bothering to store them due to the prices being so low. The took the subsizided minimum price and cut their losses. More farmers were squeezed out of the market. The U.S. economy has had a massive shift from farm-oriented rural economies over the past century (from 95% rural agricultural focused to less than 5%) which automation and technologies certainly improves, but the losses we've seen since 1990 has had little to do with any further automation.
Unless you've inherited at least 2,000 acres, you can't make the finances work in today's row crop economy. Those that are doing fine have more than 3,000 acres per family for corn and beans in our parts. At $2,200 to $3,200 an acre, you cannot purchase new land and go into farming and survive, even with considerable governmental support. You have to have a base of inherited land that has nearly zero cost as a base, and even then you're dependent upon subsidized government crop insurance. Consider these numbers: good corn yields around these parts of the Midwest are 140 bushels per acre. At $2.50 a bushel, your gross income per acre is a whopping $350. Less fuel costs, seed costs, fertilizer and other chemical costs, irrigation, crop insurance, tractor & combine machinery costs, contractor costs for spraying, trucking costs to move crops from the field to market, and any storage costs, you're looking at hard costs of $200-$250 per acre. $100 income per acre, before labor and land cost. Remember, I said you had to already own the land, because if you do the net present value math on 1,000 acres at $2500/acre (6% over 10 years), you'll be paying $340 per year per acre - which is almost as much as your gross profit itself. Care to dive into farming?
So understand that corn prices have been historically low, and now they are finally changing due to demand for the product. Any economist worth his salt can tell you the crops being produced aren't priced right when the total profit from the sale of those crops barely covers the cost of dormant land, let alone all the other expenses (using pragmatic numbers assuming 10% margins bearing full costs, we should expect to see $7 to $8 dollar corn per bushel, or must see a dramatic devaluation in farmland prices). Foreign subsidization of corn crop production has also kept prices unnaturally low, as well as import barriers on U.S. product. Just like global warming, you cannot have a rational perspective if you accept only the extreme outliers at one tail and call that a central tendency. Prices will change, and in this case, regression to the mean is going to occur (meaning that things tend to want to go back to the normal medium, rather than staying at the extremes).
If you're looking for things to panic about, this isn't one of them. Be thankful that we won't lose even more U.S. crop production human capital, or the natural correction of this unnatural trend will be even more dramatic. Be encouraged that poor foreign farmers in Mexico, South America and elsewhere are being paid more for their crops, instead of throwing a couple more billion dollars at the oil elites. If you hate big business, hate the multi-billionaire clubs, hate corrupt oil cartels, then spend your gas money on ethanol fuel and biodiesel.
everything I've read in the financial press about Vista's sales performance has been positive
Same here, which has really puzzled. It's not permitted yet in our Fortune 500 company, and won't be for the foreseen future. While much of the prohibition is due to reliability concerns, we also have to evaluate its impact on our own production environment and there just isn't a compelling reason to incur that expense for an upgrade that provides us with functionalities not already present. I'd imagine we'll upgrade kicking and screaming when XP support is finally cut off.
From my experience with personal users, almost nobody has bothered. So who is driving all these incredible sales?
What a serious strategic error this is, even if its only a PR trial balloon. Not only has Microsoft ignored a significant shift in national intellectual property law (per recent Supreme court decisions) and pretended the collapse of SCO litigation was irrelevant, but Microsoft once again presumes all commerce is predicated on U.S. intellectual property law.
Faced with serious issues in Australia, China, nearly every emerging market and even much of the EU, Microsoft wants to play "us vs. them" with open source? Even much of the Fortune 500 has been investing significantly into Linux (such as the corporation I work for, which is one of the larger global financial companies). Our company didn't take previous patent trolls lightly, and Microsoft's reliability issues don't give it a reliable foundation on which to make life any more difficult for us.
In an era of unprecedented foreign confiscation of pharmaceutical intellectual property, can Microsoft be this utterly ignorant and stupid? Does Microsoft not realize it has zero leverage outside the U.S., facing serious penalties in the EU for its disregard for their law and even worse conditions elsewhere? Does it really believe it can force Brazil, China, Mexico, India, Malaysia, emerging Eastern Europe, Russia and countless other markets to pay excessive royalties for a bunch of questionable patents it had its attorneys sneak through? The only certain outcome is that U.S. intellectual property law will be even further ignored and real issues like drug patent confiscations more common.
Apparently SCO was only the warm-up act. This certainly is going to be an interesting train wreck for us to watch if they venture down this path.
If computers were already secure against viruses, there wouldn't be any need for antivirus products.
I've had a lot of respect for Bruce Schneier and was unfortunately rather surprised by this column. My conjecture is that beer, late nights and column deadlines don't mix, as I know he's better than this perspective.
I work in information security risk management for one of the largest global financial processors. Our firewall budget alone exceeds the infosec budget for many Fortune 500 firms. Our IDS staff alone dwarfs the entire infosec staff at most firms. Subsequently, we've gotten rather effective in evaluating the risk and return of capital investments in various infosec systems. Just as you don't insure a $500 1978 Pinto at the expense of $2,000/year, you have to apply a quantified risk management approach to decision-making in even the largest, most targeted Internet-connected networks.
Bruce's column follows the dream inherent in many of us of perfection. Give me perfectly coded systems and perfectly designed networks, and infosec will be unnecessary. Thankfully many clueful slashdotters have already pointed the foundational assumption: Bruce's dream requires perfect people. With that recognized, we can quickly suspend further conjectures about any quest to create perfect technology. People lose badges, paste passwords under keyboards, fall prey to social engineering attacks, get stressed by deadlines and write sloppy code, get replaced by new-hires who don't follow the hardening procedures exactly, or god forbid, make a typo which renders things imperfect.
For those who have a statistical inclination, let me ask Bruce's question from the perspective of probability theory: what is the probability that exactly 100% of the system will be secure? That's Bruce's goal. The answer for those who drank their way through college stats (or haven't yet had the opportunity to do so) is exactly 0%. And worse yet, efforts to approach it tend to see the expense of the undertaking quickly approach the infinite. This is why businesses accept risk - to avoid it with 100% certainty is not only impossible, but darn expensive!
Consider this: how many of us have had a minor annoyance develop in our car or truck? Such as that minor shudder in the tires or alignment at 63 mph that goes away at 65 mph? Or the two or three times we heard the brakes squeak when we were braking hard? Why didn't we seek perfection and replace the car? Heck, most of us probably ignored the issue altogether or threw a container of instant tune-up fluid down the fuel tank. We don't incur significant costs until we're forced to, which causes us to frequently ignore risk until it becomes a much more expensive proposition. Bruce's model not only requires immediately replacement of anything observed to have the slightest defect, but realistically the employment of every computer expert in the world to review and verify the perfection of the system's security. Otherwise, if one person knows something the others don't causing it to be insecure, his quest for perfectly secure systems fails.
Can we make better software? Can we develop better systems? Can we engineer more secure networks? Of course, but we need to realize that this is an optimization strategy where he who over-optimizes wastes resources and energy that could have been more productively used and subsequently loses, and he who ignores risks and gets caught on it also loses. He who recognizes the right optimizing strategy is the one who prevails in the end.
I live in Nebraska too.. but I thought the Senate terms stuck? 20 senators were ineligible to run again.
Well, they're ineligible for now, but we have three state senators suing the citizens of Nebraska to overturn it, using the judicial system to bypass the 2000 ballot initiative.
Here in Oklahoma, we brought the lottery to a vote three times and it passed all three times, but we never got the lottery until about a year after the third time.
In Nebraska, we've voted in term limits for our state legislators three times. Because Nebraska has the nation's only unicameral (meaning only one congressional body, rather than two like a house and senate), the people's vote via referendum is considered the check and balance of "the other house."
In all three cases, the legislators threw the term limits out (which limit them to only a few terms). They refuse to leave, and have deemed the overwhelming majority vote of the people to be either caused by confusion reading ballets or just plain wrong.
Because the people kept on sending out petitions to get it back on the ballot and voted on, the legislature decided to fix that. They made all sorts of new rules on the petition process, cutting the time to circulate petitions in half, doubling the required amount of votes, using nefarious methods to reject signatures, etc.
Once you let someone be a full-time politician, the power goes to their head. The influence of lobbyists and the nice gifts they bring matters much more than any pathetic constituent. Show me someone who's a life-long politician and I'll show you a crook - party need not matter.
And use enough buzzwords to make the tech implementer roll their eyes and mock you behind your back. ..
It only sounds like buzzwords because you probably don't work with it. That's what we call quantified measurements, and those in operations management, finance, risk management, etc have to do that to really get at a problem. Otherwise we're practicing the behavior you're inferring by your comment: making totally subjective, qualitative guesses.
A good piece of advice is not to mock someone for using language you don't understand, especially if it sounds like management speak. If you're going to represent more than one domain, you have to stop talking the geekspeak of your locale and be able to represent concepts in the dialect of the group you're working with. It does me no good to go rambling about GARCH models and problems with autoregressive conditional heteroskedasticity in my time-series dataset, but that's ineffective and inappropriate.
My job is to apply my expertise to find solutions for my clients, not to wow them with big terms. Nobody cares that you can talk fancy words in your area of expertise. They assume you know your stuff - that's why you're there to do the job. Whenever you work out of your locale, communicate in their language and you'll find you're much more effective.
One is a functional manager that has many people reporting to them (think Lumberg from Office Space). The other is a technical leader--one with degrees & experience implementing ideas.
There's also a third option in many larger companies: a cross-functional, multi-domain expert. While many people are familiar with the Java/Routing/InfoSec/DB2/etc. expert who has developed extensive expertise and attained mastery in the technical domain, the multi-domain expert is another option which can be quite professionally rewarding.
Both my brother and I had IT careers (he in client app development and me in infosec and internetworking), and both of us went back to school. He added a marketing undergraduate and a MBA with a marketing focus, while I added a finance undergraduate and a Master of Science in Economics. For both of us, it was an exceptional career move. He's a marketing information systems manager for a Fortune 500 company, handling most of the IT projects for the different product brands of the company and gets to work with developing them the way he wants for his clients - architecting the solution, developing cross-functional dev teams, etc.
The finance and economics addition to an infosec and networking background has helped me become a dual-domain expert in operational risk management (an area that needs many more experts who understand both IT operations and the whole quantitative aspect). I get to design and develop metrics that help us analyze, track and improve our operations, manage the development of the systems that collect and report these metrics and then evaluate them to assess the company's global risk.
The cool part is if you like to set yourself apart from the crowd, it's a great way to accomplish that. It certainly isn't easy committing time to develop that second domain, and takes very careful job selection to get into a place where you can start using both domains. However, because companies seem to have serious problems communicating between different functional areas (e.g. marketing can't speak IT, and IT can't talk marketing), people who span the gap get very nicely compensated, have significant creative authority and overall get to see their ideas implemented.
Slashdot Mirror
I've had Amazon Prime for two years, with multiple deliveries per week to a rural address. Hundreds and hundreds of packages, and only one issue with the package being delivered impaired (a large farm implement that wasn't even in a box, delivered missing a large bolt that was zip-tied to the steel frame).
UPS has been outstanding. USPS on the other hand can be guaranteed to leave mailboxes open, shred packages, place packages in strange places, destroy mail in transit, break DVDs, accumulate mail for a week at a time and then deliver it, etc.
FedEx has also been good to work with but by no means as friendly and helpful as our USPS has been.
Philosopher and media theorist McKenzie "Ken" Wark addresses a large aspect of this issue of gaming as subversive work and mis(re)appropriation of labor in gamespace to the application of capitalist/vectoralist interests in his recent work Gamer Theory (online interactive book).
The Video Game Monologues project does a reasonable job explaining some of this, put to animation.
Wolvenhaven's comment about budgets is on target; our small, rural Iowa district had to let 8 teachers go this spring because of declining tax inflows due to the economy. Funding teachers across more time would be a financial benefit to our family (my wife is a teacher in the district and doesn't receive compensation for when she's out of school not teaching as would be expected), but it'd cause the district to lose more teachers. In a small district, this would be devastating.
But there's another aspect some (including Obama) are missing. The United States is a highly diverse nation with a diverse workforce. Like a fool who would prescribe public transportation to replace all motor transportation in the U.S. -- a proposal that simply fails to understand the large spaces the U.S. covers and treats Wyoming like Berlin -- the educational system has similar heterogeneous aspects. During the summer months, our system is not to "send the kiddies to the field" as Obama's inept education administration official claims, but rather to supplement education in a highly diverse, non-governmental-decreed manner.
Yes, many kids get summer jobs, and there is considerable education for those working in a shop, grocery store or other light skill or service economy function given the probability that such students will be moving into this workforce upon graduation. In case you didn't notice the recent unemployment statistics, this demographic (16-24) now suffers over 50% unemployment, mostly due to the recession and the increase in minimum wages (which causes employers to substitute an unexperienced teen with an adult with experience for the same higher wage).
But many kids destined for college go off to specialized camps. My son spent 5 weeks of the summer at one of the top national debate institutes, working harder in the summer than he did during the year. Music camps, international travel, student summer foreign exchanges and local university summer programs all round out the options available for the college bound to receive much more intense and specialized education, necessary for their advancement in higher education. Obama's plan would replace that with more of the same -- as Gilles Deleuze would say, smoothing terrain by pushing more of the same hegemonic, institutional programme and eradicating diversity education that predominates summer break.
While it's not appropriate to debate this on the terms of "more education vs. kids sitting around watching tv" (those kids are also preparing for their future career through the choices being made), it is appropriate to debate this on the terms of whether we desire the heterogeneous workforce we're encouraging through the current model, or seek a more homogeneous model (ala "sameness"). Should further globalization be desired, as Obama's administration advances and his financial backer George Soros promotes, then perhaps the United States would be better served by creating more interchangeable service sector jobs. Given that both political parties desire a global model, Americans are less likely to be programmers, system engineers, architects, creative thinkers, product designers, etc.; even finance and legal professions are increasingly being offshored with great financial benefit to the global corporation. Preparing students for a career where they're part of a replaceable, worker-commodity workforce may be more appropriate in the long term, given the unified desire of Americans through the expression of those pro-globalization representatives they continue to elect.
I must have missed something in the thread... what extra services is the state of Washington providing Microsoft to account for the additional billions of dollars of cost their governance structure provides? If we're paying for governance and one state is many times more expensive than another, is that extra cost due to it being a really high quality state or simply a problem due to mismanagement, inefficiency, corruption, misguided spending of funds on ineffective purposes and theft?
And specifically, should the difference be explained by a superior state government in Washington, are these additional high-quality services items that Microsoft would value? For instance, it could be argued that if Washington had state school districts that were 50% better than Nevada's, Microsoft employees would receive a value for the expense (although it could be effectively argued that such an expense should be applied more directly to the recipient of the educational service). Perhaps Microsoft benefits from a better state corporate liability law system? Or better roads infrastructure to their campus?
We have a similar misconception in the information technology risk management world (actually, the greater risk world as well) where executive management mistakenly believes that compliance practices will eliminate risk. Even if we have 100% compliance with regulations (like PCI) and standards (like ISO 27000 series, CoBIT, ITIL, etc.) and could have an imaginary 100% effectiveness in the controls provided by these regulations/standards, we'd only eliminate known risk.
Consider what regulations and checklists provide to assess risk: a checklist. And where does the checklist come from? Previous situations where we had problems occur. We learned, for instance, that simple 6 character passwords suck and are easily bruteforced, so the checklist asks if passwords are longer than 8 characters, have complexity, etc. But no checklist can ask for what problems we haven't encountered yet. So while we'll have regulators, external assessors, internal auditors and other compliance professionals examine an environment on a periodic basis, it will never substitute for a risk program that uses methods for uncovering risk from the un-checklisted and unknown terrain. Advanced techniques, such as those that use approaches that illuminate the risk domain through the creation and exploration of new vantage points, efforts that shock the perspective comparable to critical theory's radicalization, or those that de/reterritorialize and allow us to apply different thought models to a domain (e.g. looking at network attacks from a rhizomic, not a hierarchical model which reflects how a DDoS attack might manifest) are all non-checklist methods to assess risk.
Interestingly, these approaches are not able to be appropriated by a hierarchical expert-system approach. Consider how expert systems create decision-trees, subject to all the Deleuzian problems (Galloway's books http://cultureandcommunication.org/galloway/Protocol: How Control Exists After Decentralization, or his work with Gene Thacker, The Exploit: A Theory of Networks, are both exceptionally valuable in understanding non-hierarchy problems in information technology). Plus such expert systems are subject to countless other problems known to information theorists and end up creating predictable paths through the model, to which any information system will adapt, and regress to the mean. Consider this example: if the IBM expert system is employed in the information security realm, it will specify a predictable path to responding to any security incident. Any information system will naturally recognize this predictable response and then use it against the system. This basic technique is already employed by most competent hackers -- measuring, testing, assessing your target to learn of the quality of their response to your efforts.
In other words, any organization that would rely upon this service from IBM will be a predictable, exploitable target. They might as well publish the blueprints of their network and list user names and passwords. God help the fools that believe that knowledge is static and life is not competitive.
Outstanding advice. I went back ~35 after a career up until then in network engineering and information security, though I went back and picked up a finance degree. gw0ntum makes a valuable addition. You're going to find it awkward, especially when you have some profs your age or even younger. Some suggestions I'd make:
1. BE HUMBLE: even if you're an alpha, don't play one. set it aside and adopt an alternate persona. your classmates not only don't want to hear about your experience but they're ready to reject you if you show any signs of it. instead, humility is your friend. when you kick ass in assignments and show you're naturally good at some things, your younger classmates will likely respect you then for it. but always keep the humility as your persona. they're going to be intimidated by the age difference and when they find that 15-20 years of age difference really doesn't mean jack u-know-what, they'll be cool with you.
2. HANDLE PROFS CAREFULLY: show your creativity, innovativness, eagerness, etc. by DOING, not by saying. this screws so many nontraditional students up. yes, its important to let the prof know you're eager to learn/succeed. but do it by doing, not by showing off. understand that you're an outlier, so every subtle action you make in the classroom will have 10x the effect. this pisses off your classmates and makes your prof uncomfortable.
3. FIND YOUR PERSONA AND STICK TO IT: my dad's long-time faculty at a university that has a good amount of nontraditional students. i've learned that even the faculty has stereotypes of the nontrads. eager beavers (over-eager volunteer for everything desperate to show their worth low self esteem types), suck-ups (total poseurs that will flunk out but will suck up at first and try to play the 'hey prof, i'm a grown-up like you, give me preference'), one-class-ponys (typically 60+ gals who take one class and blow the damn curve cuz they have no freaking life outside of that one class), over-committers (usually the nontrads who have just come back to academic world and are so clingy and over-committing trying to prove their worth to self and prof), and dominators (nontrads that want to give input to everything, dominate the discussion, share their "worldly" experience on everything and embarrass everyone in the room except themselves). Those are not good choices. Find something subtle, quiet and driven. Sit in the front row, kick ass and let your work show your drive. Let the prof call you out because you get stuff right. They will balance the dialog and keep you from being seen as a show-off - hey, when your work is good, that's the game.
4. FRIENDSHIPS: Be open, kind and friendly to all. I ended up with friends spanning the total range - from girl jocks to geeks to poet-thinkers to hard core achievers. All I had to do was smile, be relaxed, be damn good, and be a team player.
It's a weird situation but if you handle it right, it'll be very rewarding, and that degree does open up tons of doors. Good luck!
I'll only buy TTS books. I own a Kindle2 and have more than 20 texts (philosophy works for my degree and debate coaching) on there already. I've spent more than $500 in the past week on my Kindle investment.
As someone who also commutes, I find the TTS to be invaluable already. We'll see if that continues to last, but as I'm reading for educational purposes, not entertainment, I have a utilitarian informational need. I don't need an actor reading Baudrillard's "The Illusion of the End" (the words are powerful enough). And incidentally, good luck finding any of that material on books-on-tape... there's simply not the market for it.
So if an author or publisher refuses to allow me to listen to it, they take away a core functionality. I'll find another version (on older philosophical texts, that's common), or simply check it out from the library, depriving them of the sale. The TTS audio quality is no threat to your books-on-tape business, you offer no such capacity on most of the works I purchase, and the TTS allows me to make use of two hours a day of drive time during which I need to study.
Funny how history repeats itself, especially in Sprint's case. In 1996, Sean Doran (SprintLink senior network architect) decided CIX-W peering was no longer cool and dropped peering, causing one hell of a black hole. From my recollection, it was the first instance where open routing was disabled due to political or commercial objectives, and unfortunately for Sprint, it came at a time where Bob Collett (then head of SprintLink) was trying to promote Sprint's openness and participation in the community. Bob overruled his engineer and routing was restored several days later.
Since that point, BGP black holes have continued, usually to the detriment of customers. BBN Planet, Exodus and numerous others played the game presuming that content was more important than eyeballs or vice versa. The fallacy in their model is that content without consumer is as useless as consumer without content. Until they establish that understanding, neither unbalanced provider will succeed.
With the "deep packet inspection" technologies, conceivably ISPs can just replace, in real-time, our Google AdSense pubisher IDs with their own.
Increasingly, I'd expect https sessions will be necessary for sites with any form of confidential information - not just sites with more sensitive financial, social security or other higher sensitivity levels. Consider that the ISPs are leveraging confidential session information to exploit the web sessions elsewhere. ISPs are also harvesting web traffic data and selling it to others for data mining utility. As a visitor to google, yahoo, whatever, my identity and usage is confidential information of financial value. It's time encapsulation and encryption be utilized by these firms to protect that information - otherwise they'll see further encroachment and loss of revenue due to this technique.
I do find it reprehensible that any ISP would violate the integrity of traffic I've requested from its source. It's a sense of forgery through a MITM activity I have not consented to (oh I'm sure they'll put that language in my contract so that I do consent, but you get the point).
I seriously believe that one of the reasons throwing money at the problem hasn't been working is that people who are implementing these things aren't the best possible candidates.
In larger corporations, especially where the regulatory environment is a driving factor, you might find that money isn't being thrown at security, but rather compliance. As ErichTheRed points out, there is no shortage of these silver bullets being purchased from executives who don't know better.
As someone who heads up an information risk program for a global financial firm, I've been fortunate enough to see the policy and technical control environment and observe where and why controls failed to prevent against security incidents. Having a company that came from a regulatory-driven security model (not unlike many), the assessments of the incidents has shown repeatedly that the alignment of a program in reaction to PCI, GLBA, HIPAA, SOX, etc. does not provide for a risk-optimized information security program. Yet business executives in many firms believe that the highest bar to be funded is that prescribed by external regulation. Compliance should be regarded as the lowest bar, not the highest, as it is by no means intended to fully address the realm of information risk and security.
The recent breach experienced by Hannaford is a good illustration of this problem. Hannaford was reportedly PCI compliant at the time of the breach, yet was using WEP to secure wireless in numerous cases. Elsewhere, there is too much reliance upon comprehensive common controls to compensate for lousy security at the application level. Hannaford execs are apparently "shocked" at the breach, yet were using a wireless security control a mediocre offsec analyst can break in 2-10 minutes. At the same time, I'm certain many firms have gone overboard on other controls (prospect theory tends to explain why so many of us over-treat the perceived likely risks and completely ignore the perceived improbable black swans that end up wiping us out). It's hard for us to make a case for security when we blow too much on some things and never see a threat test it out, and get clobbered on something we ignored.
The biggest problem I see is that the business executives see security as a product, not a process, and information risk and security people don't do a good enough job correcting that misconception. The lack of understanding risk optimization by InfoSec professionals is a real issue: we tend to overspend for the risk in some controls while neglecting others.
NIST SP800-37 prescribes creating safe applications in a sea of risk, yet many large firms pretend the oceans can be calmed if the right firewall or NIDS is deployed (think about what it tells you when NIDS is regarded as a control that *prevents* threats from exercising vulnerabilities by executives!).
The best results I've seen have come from a very close tie between the business unit management and information risk using financial language to communicate risk through an optimization approach. I'd suggest ISO 31000 or AS/NZS 4360 (Aussie/NZ standard) as a great starting place to talk about not being risk averse, as so many of us in InfoSec are, but taking the right risks. I certainly encourage people to be careful about probability models - read Taleb's "The Black Swan" for some clues on why you don't want to rely on guassian models for too much of your modeling.
Back to those regulations like PCI, I've found business execs understand the concept of "minimum baseline" when put in the context of a reserve requirement on credit portfolios. That regulatory requirement serves as the bottom line level, permitting the lending firm to select its own optimizing level of risk. Some may have offsetting efforts that
many of these Executives never do anything to justify the increases.
Actually, they do quite a bit in the short term to "justify" the increases, but to the detriment of the rest of us.
A year ago, I read a speech by Sir Edmund Hillary explaining how horrified he was that climbers of Mount Everest violated the ethical code of climbers, ignoring a man in trouble on their climb upward and letting him die without help. These summit-seekers were intent on reaching their own self-gratifying goal. They spent their tens of thousands on the "trip of a lifetime" and weren't about to let someone else's misfortune spoil it. Instead of setting aside their summit-reaching goal to rescue someone in trouble, they choose to let him die while they kept on seeking great returns.
As a professional operational risk manager, I see the same behavior in countless execs. It's called leptokurtic risk (or kurtosis) - the condition of seeking artificial enhancement of returns at the center of a distribution while also taking on excessive outlier risk in the tails (called "fat tails"). These executives take on excessive risk for all of us as they seek their own personally-rewarding summits. The company I work for has struggled through significant catastrophic risk due to the neglect of systems maintenance by previous executives. Instead of spending money refreshing hardware, maintaining trained staffing and continuing license agreements with vendors, they threw it all overboard so they could puff up quarterly numbers and reward themselves for their "achievements." They left before the disasters began to occur, millions richer. They cashed out with hundreds of millions while shareholders and employees were left holding the bag. Their summit-seeking behavior let them seek greatness and riches while screwing the rest of us.
A simple example of this would be a airline pilot who is rewarded for getting to his destination faster. Once he realizes all the safety equipment (mid-air collision avoidance, oxygen systems for depressurization, fire retardants and other items taking up weight) can be discarded letting him fly faster, he tosses it all overboard and takes on excessive risk for all the passengers. He flies this way until he's realized the plane's certain to crash, and jumps out with a golden parachute, letting the gutted aircraft collide directly into the side of a mountain, taking the lives of everyone on board. Increasingly, this is a common practice for public company and private equity executives.
As Circuit City witnessed, there is a direct correlation between this behavior in executives and the failure of the company they harvested. The only thing I can recommend for those who find their behavior disgusting is to flee any and all companies that you observe rewarding executives for summit seeking. If they're taking on excessive risk (usually by ignoring it and dismantling all the safeguards so they have even greater funds to line their pockets with), abandon these companies. Let them collapse while the parasites are within, taking them down with them. Until capital markets become savvy to this parasite racket, we're all at risk. Watch for this summit-seeking behavior in the companies you work for and invest in.
people like music, so they buy music.
That's a pretty good observation. In my case, I do buy the CDs, after hearing stuff on digitalgunfire.com and rantradio.com that I didn't know about and want. Usually, it's an artist on Metropolis Records like And One, Funker Vogt, etc. that has never received a single minute of airplay in our top 50 population market. Even having switched to XM Radio since I can't stand the pathetically poor programming on our local stations, XM's variety doesn't cover this genre as much as I'd like.
But before you shell out $20 on a CD, you really want to hear at least two or three more tracks by the artist to make sure what you heard is representative of their sound. Jump onto P2P and pull down a few tracks and verify.
I've probably bought no less than 100 CDs from Metropolis Records this year alone, and thank them every time for supporting streaming shoutcast stations of their music. They recognize nobody would ever hear their artists outside of Europe, NYC and LA if they didn't support these efforts, and have numerous artists who are benefiting from streaming audio and P2P fileshare music promotion. Clearly, there are labels and artists who embrace modern promotion and distribution approaches.
So who rejects this approach? Only labels with large portfolios of tired artists and an unviable financial model that doesn't compete without regulatory force. If you really want to put an end to DRM, completely stop purchasing music from artists on RIAA labels. Vote with your wallet - it seriously works, as SCO found out (it's hard to continue senseless litigation when your revenues disappear). Otherwise, quit complaining about it as your purchase continues to signal them that you support their efforts.
A better approximation can be achieved by modeling the level of rationality of the individual and assigning probabilities based on that.
And yet even this approach has serious problems; normal probability models fail miserably when applied to numerous areas where humans have an influence. Check out Dr. Taleb's The Black Swan: The Impact of the Highly Improbable or at a minimum, check out Dr. Taleb's website for more details.
Taleb's conjecture (which is supported by many others in the fields of behavioral finance & economics) is that models based on normal distributions (the primary model in Taleb's "mediocristan") fail when they encounter conditions often found with human behavior that seriously violate the prerequisites for such a distribution. For example, a normal distribution requires that each flip of a coin be an independent event and have no outcome bias from previous heads or tails. Unfortunately, many human events tend to violate this precondition. Winners tend to win more, and losers lose more, in human situations possibly due to herding behavior (e.g. people feel they will be safer from harm by being around a winner, thereby assigning more resources to the winner and allowing them to win even more). This condition alone damages normal distribution models and tends to yield what is called a fractal distribution (also known as a "power law" distribution).
Other conditions, such as bimodal and multimodal models, further distort the use of normal distribution approaches in forecasting events. Some suggest the economy is bimodal, having a "good economy" ruleset and a "bad economy" ruleset based on the majority perception. A friend who manages a multi-billion dollar mutual fund has conjectured that U.S. financial markets are multi-modal, with its behavior corresponding to the financial belief system of the dominant participants. E.g. the dot-com boom was driven by non-technical investors who believed in the rule of capital appreciation (and totally ignored models like dividend discount model and such for equity valuation). Following that bust and their departure from the market, those who remained in the market were mostly those educated in classical financial analysis methods, and subsequently the market tended to behave following their rules for a few years (mostly 2002-2004). When technical analysis investors tend to get active, you'll find equities of interest to the TAs tend to start following the TA rules - mostly because those who are interacting with it daily believe in them. This goes on until a different dominant force influences the mode, often due to opportunities being discovered by users of other models that are missed in the current one. This approach was also heavily practiced by George Soros, who would raid an investment target when the current mode carried it way out of line, creating unique risks (such as liquidity risks) which the current model didn't recognize. Multi-modal distributions cause normal distribution approaches to fail miserably as the modes tend to be organic and have considerable influence from exogenous events.
Then again, it's not terribly surprising that grants such as these are given. Most of our financial and risk analysts are trained in classical models and are constantly shocked when the real world doesn't behave as such. If you're interested in this kind of stuff, or find amusement in the failure of supposedly smart people to predict stuff, check out "Why Most Things Fail" by Paul Ormerod,
They want to be able to plug into "the formula" to market and sell albums.
Who the hell are you to claim you know better than music industry experts as to what people want to listen to? Next, you'll be telling us people want more than Old Country Buffet for dining experiences and prefer cars in colors other than black. Just imagine the chaos this causes producers!
If you go back and read the article, you'll learn that perfectly qualified EXPERTS like Rick Rubin are pre-screening music for you. Experts like this take the randomness out of the process of locating talent, and provide consistent, predictable revenues for the recording industry. Instead of the volatility of new artists popping up and very likely not needing the record label to produce their success (with the obligatory contracts that ensure the majority of the proceeds go to the label), this uncertainty is eliminated by imposing a control economy model upon art.
In a manner all progressivists and liberals would champion, artists are selected, promoted and "made" by the label. The label controls the distribution and ensures that airplay on radio stations closely mirrors what the labels have to offer. Music forms not managed under major label contracts, such as trance, EBM, gothic, industrial, etc. are prohibited from exposure. Forms of promotion are closely controlled and those that do not allow for such control, such as Internet broadcasting, are terminated. Even innovative new forms of discovery, such as American Idol (where the industry allows the audience to believe it is creating a new organically determined artists, while still ensuring the winner will be under contract with the industry on terms even more favorable to the label).
You should be thankful that this highly controlled industry consistently cranks out music for you to buy and has had such low uncertainty in its earnings for its oligopoly owners. Control-economy efforts such as these take the short-term normal business volatility risk out of the picture (at the expense of improbable fat-tailed risks sneaking up and causing industry-demolishing catastrophes). Labels manage chaos for the same reason public corporations manage earnings: to reduce uncertainties in the short-term at the expense of inviting in black swans in the long term. Since the latter is usually another manager's problem in another financial quarter (and always after the current manager's bonus has been paid), that's always somebody elses problem
Kindly quit complaining and go buy some Ricky Martin, Rolling Stones and anything with a "Best of" in its title. The recording industry's year-end bonus is counting on it!
This crap will never change as long as we have fools on both sides of politics that readily believe the only one party has been corrupted by money, special interest and the protection of elite, old money families. Neither party has a monopoly on the corruption of power.
I tell you what our president has done. He has reduced America to third world status.
Anyone who's spent time in third-world nations knows the falsehood of this ignorant commentary. Let's objectively criticize people for what they really have done - as Bush, Reid and Pelosi have no shortage of legitimate criticisms. Our President (and his Congressional counterparts) has exclusively represented the powerful special interests that put him in office in a manner no different than Clinton, Lyndon Johnson (Halliburton's Man, who's wife was a major shareholder of Halliburton until her recent death), FDR, Harry Truman, Nixon, and numerous others. Actually, you'd be hard pressed to find any President who didn't represent elites.
Regarding broadband and the U.S. Federal Government, the Ag bill passed by Congress ~2002/2003 set aside record funds for rural broadband. Senator Harkin (D) of our state was instrumental in its passage, and also instrumental in having the actual rules written to exclusively benefit the incumbent fat-cat monopoly local telcos. Competitors to these tired old local monopolies were written out in the details. This wasn't BushHitlerCo, this was Democrats in Congress along with a Republican administration.
Having worked for a competitor to the incumbents, covering 10 counties, we found funds dried up while tired old ILECs got tens of millions only to sit on the money. Worse yet, permissions for formerly illegal cross-subsidies were enacted, allowing monopolies like Iowa Telecom to apply $3.50 charges to every phone line and dump it into their broadband entity, driving competition out of the market. They kicked competition off of the copper, subsidized from their monopoly business and used monopoly subsidized operations and infrastructure to lower the cost of their broadband business and killed off any real threat. Both Democrats and Republicans were implicit in this gift to their fat-cat buddies.
the Bush administration put Michael Powell in charge of the FCC, the digital robber barons were basically set free to do whatever they liked.
Except the Clinton FCC already set the pace for special deals with incumbents and as mentioned, numerous persons of both parties made sure only their fat cat buddies would get new slush funds.
Read up on the infamous Representative from Bell South, Billy Tauzin, and his efforts with powerful Democratic Senator Dingell to further reinforce monopoly power in broadband. Tauzin was a Republican and Dingell a Democrat. Both are bought and paid for by the incumbents.
As long as we have fools who believe one side is good and the other evil, we'll have a government exclusively representing fat-cat special interests while us fools get screwed. Get your head out of the sand if you don't like being screwed.
One option if you can make the time for the investment is to add either a minor, double-major or emphasis in a non-technology field, especially if you're looking at the IT path. This approach will set you apart from other candidates and puts you in a position to be able to communicate and understand problems in specific business domains.
For example, while the Fortune 250 firm I work for is shedding programmers and analysts like mad for outsourced options, it is also hiring project managers, auditors, information security analysts and risk managers who have a non-IT specialization like finance, marketing, legal/regulatory in conjunction with the IT foundation. These multi-domain specialists are critical in moving projects forward, especially when the programming staff is outsourced and someone has to relate business requirements to the outsourcing resource.
Having come up in telecom and IT, I went back and added a finance degree a few years ago and am now completing a masters in economics. I went from having a tough job competing over scarce network engineering positions to a senior position in operational risk. The key was mastering more than one business domain so my employer found I could work between different business units. Many of my friends who've been successful have taken the same approach and it is a great way to reach into a six-figure salary pretty quickly.
If you find you're quantitatively inclined, you might consider getting a double major in finance or statistics to complement that IT degree, rather than focusing on a CS degree. The quant can be harder and the job market is significantly different. Countless firms have a shortage of IT analysts in finance, data mining and other corporate decision-making fields.
As long as you're a replaceable commodity, you'll be at risk to outsourcing and low salary issues. Become someone who can help management understand their problem area and relate it to a technology solution and you'll do very well.
most states use some or all of the fuel taxes to help defray the cost of road improvements
Inefficient, ineffective tax collection means isn't our problem. What do we need to do to get our progressive brothers on the same side of the table with us libertarians who're tired of complicated tax schemes that only empower central governmental authority and punish innovation?
Too much of the U.S. government is about the empowerment of the state. Highway speed enforcement, as even my state patrol buddies attest, has nothing to do with safety and everything to do with revenue generation. Fees here, fines there, and taxes everywhere. A government obsessed with collecting our money is one that has lost track of its primary purpose. Protection of the environment, the individual and our country no longer matter. It's all about fat-cat government bureaucrats making a buck.
If you're pissed about evil oil companies, Halliburton, etc., then please consider this for a moment: What doesn't matter in math and economics is the size of numbers. Freaking idiots get wound up about seeing more zeros behind an number and believe that's relevant. What does matter is normalized ratios. If you're too stupid to understand these math basics, then you're screwed in life anyways so don't bother. In otherwords, it's about ratios. If British Petroleum makes a trillion dollars in profit, but only has a 2% margin, they're making a lousy return for the risk they're taking. If any investor (e.g. your pension fund at work) is putting money into BP for a crappy 2% return, they're insane. There are much lower risk investments they should be in instead.
When you look at the actual returns of big oil, it's pretty sucky respective to the risk. But try this on for size: while a gallon of gas at the station only makes a nickel to a dime for the gas company, the government is making a couple of quarters. Why? What did they risk for that gallon of gas? The answer is unfortunate; they risked nothing. Why did you let these government fat cats take you for 4 to 5 times the "profit" while they risked absolutely nothing? Why are you paying them such outlandish fees? Haven't you figured out you've got "sucker" written on your forehead in their eyes?
If you're having a hard time with the risk/return concept, put yourself in the equation: If you work 2 hours a week surfing your favorite websites, you're really not putting much to risk and you'd probably agree that you shouldn't be paid much. But if you bust your ass and work 60 hours a week putting all you have into something, you've really stretched out and deserve a chance at making a lot more, right? Oil companies, as unpopular as they are, risk many billions per platform, oil rig, etc. and pray they don't get bit by hurricanes, government nationalization (e..g Venezuela were 'all your oil rigs are belong to us'), greedy government taxes, etc. Consider putting $100,000 of your own money at risk when you know there's a damn good chance the government will claim it, you'll come up dry on your speculation, or the damn weather will wipe you out. What kind of return do you demand for this kind of risk? I'll betcha it's a hell of a lot more than the oil companies are making.
But not our government. The fat cats in DC and our state houses are never full.
*scoove*
farmers have been severely pissed off about the low prices they've been getting. One frind of mine who farms poined out there's more money in hauling garbage per ton than selling corn per ton.
Exactly. Corn prices have been near historic lows, and now we finally have upward change (which apparently is something the under-educated news media doesn't grasp. Guess we know who flunked out of calculus in school).
I live in rural Iowa and work in Nebraska and have many friends who are row crop farmers. Both corn and soybean prices have finally increased past the government subsidy for minimum prices (which unfortunately has detrimental effects itself). Last year, farmers were dumping crops and not even bothering to store them due to the prices being so low. The took the subsizided minimum price and cut their losses. More farmers were squeezed out of the market. The U.S. economy has had a massive shift from farm-oriented rural economies over the past century (from 95% rural agricultural focused to less than 5%) which automation and technologies certainly improves, but the losses we've seen since 1990 has had little to do with any further automation.
Unless you've inherited at least 2,000 acres, you can't make the finances work in today's row crop economy. Those that are doing fine have more than 3,000 acres per family for corn and beans in our parts. At $2,200 to $3,200 an acre, you cannot purchase new land and go into farming and survive, even with considerable governmental support. You have to have a base of inherited land that has nearly zero cost as a base, and even then you're dependent upon subsidized government crop insurance. Consider these numbers: good corn yields around these parts of the Midwest are 140 bushels per acre. At $2.50 a bushel, your gross income per acre is a whopping $350. Less fuel costs, seed costs, fertilizer and other chemical costs, irrigation, crop insurance, tractor & combine machinery costs, contractor costs for spraying, trucking costs to move crops from the field to market, and any storage costs, you're looking at hard costs of $200-$250 per acre. $100 income per acre, before labor and land cost. Remember, I said you had to already own the land, because if you do the net present value math on 1,000 acres at $2500/acre (6% over 10 years), you'll be paying $340 per year per acre - which is almost as much as your gross profit itself. Care to dive into farming?
So understand that corn prices have been historically low, and now they are finally changing due to demand for the product. Any economist worth his salt can tell you the crops being produced aren't priced right when the total profit from the sale of those crops barely covers the cost of dormant land, let alone all the other expenses (using pragmatic numbers assuming 10% margins bearing full costs, we should expect to see $7 to $8 dollar corn per bushel, or must see a dramatic devaluation in farmland prices). Foreign subsidization of corn crop production has also kept prices unnaturally low, as well as import barriers on U.S. product. Just like global warming, you cannot have a rational perspective if you accept only the extreme outliers at one tail and call that a central tendency. Prices will change, and in this case, regression to the mean is going to occur (meaning that things tend to want to go back to the normal medium, rather than staying at the extremes).
If you're looking for things to panic about, this isn't one of them. Be thankful that we won't lose even more U.S. crop production human capital, or the natural correction of this unnatural trend will be even more dramatic. Be encouraged that poor foreign farmers in Mexico, South America and elsewhere are being paid more for their crops, instead of throwing a couple more billion dollars at the oil elites. If you hate big business, hate the multi-billionaire clubs, hate corrupt oil cartels, then spend your gas money on ethanol fuel and biodiesel.
everything I've read in the financial press about Vista's sales performance has been positive
Same here, which has really puzzled. It's not permitted yet in our Fortune 500 company, and won't be for the foreseen future. While much of the prohibition is due to reliability concerns, we also have to evaluate its impact on our own production environment and there just isn't a compelling reason to incur that expense for an upgrade that provides us with functionalities not already present. I'd imagine we'll upgrade kicking and screaming when XP support is finally cut off.
From my experience with personal users, almost nobody has bothered. So who is driving all these incredible sales?
What a serious strategic error this is, even if its only a PR trial balloon. Not only has Microsoft ignored a significant shift in national intellectual property law (per recent Supreme court decisions) and pretended the collapse of SCO litigation was irrelevant, but Microsoft once again presumes all commerce is predicated on U.S. intellectual property law.
Faced with serious issues in Australia, China, nearly every emerging market and even much of the EU, Microsoft wants to play "us vs. them" with open source? Even much of the Fortune 500 has been investing significantly into Linux (such as the corporation I work for, which is one of the larger global financial companies). Our company didn't take previous patent trolls lightly, and Microsoft's reliability issues don't give it a reliable foundation on which to make life any more difficult for us.
In an era of unprecedented foreign confiscation of pharmaceutical intellectual property, can Microsoft be this utterly ignorant and stupid? Does Microsoft not realize it has zero leverage outside the U.S., facing serious penalties in the EU for its disregard for their law and even worse conditions elsewhere? Does it really believe it can force Brazil, China, Mexico, India, Malaysia, emerging Eastern Europe, Russia and countless other markets to pay excessive royalties for a bunch of questionable patents it had its attorneys sneak through? The only certain outcome is that U.S. intellectual property law will be even further ignored and real issues like drug patent confiscations more common.
Apparently SCO was only the warm-up act. This certainly is going to be an interesting train wreck for us to watch if they venture down this path.
*scoove*
If computers were already secure against viruses, there wouldn't be any need for antivirus products.
I've had a lot of respect for Bruce Schneier and was unfortunately rather surprised by this column. My conjecture is that beer, late nights and column deadlines don't mix, as I know he's better than this perspective.
I work in information security risk management for one of the largest global financial processors. Our firewall budget alone exceeds the infosec budget for many Fortune 500 firms. Our IDS staff alone dwarfs the entire infosec staff at most firms. Subsequently, we've gotten rather effective in evaluating the risk and return of capital investments in various infosec systems. Just as you don't insure a $500 1978 Pinto at the expense of $2,000/year, you have to apply a quantified risk management approach to decision-making in even the largest, most targeted Internet-connected networks.
Bruce's column follows the dream inherent in many of us of perfection. Give me perfectly coded systems and perfectly designed networks, and infosec will be unnecessary. Thankfully many clueful slashdotters have already pointed the foundational assumption: Bruce's dream requires perfect people. With that recognized, we can quickly suspend further conjectures about any quest to create perfect technology. People lose badges, paste passwords under keyboards, fall prey to social engineering attacks, get stressed by deadlines and write sloppy code, get replaced by new-hires who don't follow the hardening procedures exactly, or god forbid, make a typo which renders things imperfect.
For those who have a statistical inclination, let me ask Bruce's question from the perspective of probability theory: what is the probability that exactly 100% of the system will be secure? That's Bruce's goal. The answer for those who drank their way through college stats (or haven't yet had the opportunity to do so) is exactly 0%. And worse yet, efforts to approach it tend to see the expense of the undertaking quickly approach the infinite. This is why businesses accept risk - to avoid it with 100% certainty is not only impossible, but darn expensive!
Consider this: how many of us have had a minor annoyance develop in our car or truck? Such as that minor shudder in the tires or alignment at 63 mph that goes away at 65 mph? Or the two or three times we heard the brakes squeak when we were braking hard? Why didn't we seek perfection and replace the car? Heck, most of us probably ignored the issue altogether or threw a container of instant tune-up fluid down the fuel tank. We don't incur significant costs until we're forced to, which causes us to frequently ignore risk until it becomes a much more expensive proposition. Bruce's model not only requires immediately replacement of anything observed to have the slightest defect, but realistically the employment of every computer expert in the world to review and verify the perfection of the system's security. Otherwise, if one person knows something the others don't causing it to be insecure, his quest for perfectly secure systems fails.
Can we make better software? Can we develop better systems? Can we engineer more secure networks? Of course, but we need to realize that this is an optimization strategy where he who over-optimizes wastes resources and energy that could have been more productively used and subsequently loses, and he who ignores risks and gets caught on it also loses. He who recognizes the right optimizing strategy is the one who prevails in the end.
*scoove*
I live in Nebraska too.. but I thought the Senate terms stuck? 20 senators were ineligible to run again.
Well, they're ineligible for now, but we have three state senators suing the citizens of Nebraska to overturn it, using the judicial system to bypass the 2000 ballot initiative.
Here in Oklahoma, we brought the lottery to a vote three times and it passed all three times, but we never got the lottery until about a year after the third time.
In Nebraska, we've voted in term limits for our state legislators three times. Because Nebraska has the nation's only unicameral (meaning only one congressional body, rather than two like a house and senate), the people's vote via referendum is considered the check and balance of "the other house."
In all three cases, the legislators threw the term limits out (which limit them to only a few terms). They refuse to leave, and have deemed the overwhelming majority vote of the people to be either caused by confusion reading ballets or just plain wrong.
Because the people kept on sending out petitions to get it back on the ballot and voted on, the legislature decided to fix that. They made all sorts of new rules on the petition process, cutting the time to circulate petitions in half, doubling the required amount of votes, using nefarious methods to reject signatures, etc.
Once you let someone be a full-time politician, the power goes to their head. The influence of lobbyists and the nice gifts they bring matters much more than any pathetic constituent. Show me someone who's a life-long politician and I'll show you a crook - party need not matter.
And use enough buzzwords to make the tech implementer roll their eyes and mock you behind your back. . .
It only sounds like buzzwords because you probably don't work with it. That's what we call quantified measurements, and those in operations management, finance, risk management, etc have to do that to really get at a problem. Otherwise we're practicing the behavior you're inferring by your comment: making totally subjective, qualitative guesses.
A good piece of advice is not to mock someone for using language you don't understand, especially if it sounds like management speak. If you're going to represent more than one domain, you have to stop talking the geekspeak of your locale and be able to represent concepts in the dialect of the group you're working with. It does me no good to go rambling about GARCH models and problems with autoregressive conditional heteroskedasticity in my time-series dataset, but that's ineffective and inappropriate.
My job is to apply my expertise to find solutions for my clients, not to wow them with big terms. Nobody cares that you can talk fancy words in your area of expertise. They assume you know your stuff - that's why you're there to do the job. Whenever you work out of your locale, communicate in their language and you'll find you're much more effective.
One is a functional manager that has many people reporting to them (think Lumberg from Office Space). The other is a technical leader--one with degrees & experience implementing ideas.
There's also a third option in many larger companies: a cross-functional, multi-domain expert. While many people are familiar with the Java/Routing/InfoSec/DB2/etc. expert who has developed extensive expertise and attained mastery in the technical domain, the multi-domain expert is another option which can be quite professionally rewarding.
Both my brother and I had IT careers (he in client app development and me in infosec and internetworking), and both of us went back to school. He added a marketing undergraduate and a MBA with a marketing focus, while I added a finance undergraduate and a Master of Science in Economics. For both of us, it was an exceptional career move. He's a marketing information systems manager for a Fortune 500 company, handling most of the IT projects for the different product brands of the company and gets to work with developing them the way he wants for his clients - architecting the solution, developing cross-functional dev teams, etc.
The finance and economics addition to an infosec and networking background has helped me become a dual-domain expert in operational risk management (an area that needs many more experts who understand both IT operations and the whole quantitative aspect). I get to design and develop metrics that help us analyze, track and improve our operations, manage the development of the systems that collect and report these metrics and then evaluate them to assess the company's global risk.
The cool part is if you like to set yourself apart from the crowd, it's a great way to accomplish that. It certainly isn't easy committing time to develop that second domain, and takes very careful job selection to get into a place where you can start using both domains. However, because companies seem to have serious problems communicating between different functional areas (e.g. marketing can't speak IT, and IT can't talk marketing), people who span the gap get very nicely compensated, have significant creative authority and overall get to see their ideas implemented.
*scoove*