Implementing email client security protocols over 15 platforms, each with at least a couple of different email clients, is much more difficult than forced SSL on a website.
As with most things in this industry, there are many different ways to do something...
The University I went to was moving away from POP3 and IMAP... by the time I graduated, incoming freshmen were instructed to use Webmail as their email client. The idea is that it's a consistent interface, doesn't require any configuration to use, and the security can be improved via SSL.
Since my business is web application development, I see a lot of the benefits. There have also been quite a few articles on Slashdot about web applications supplanting standalone versions...
You can usually expect minimum of $80. When I was in high school, I knew a lot of guys that bought Oakleys for about $120. As other posters have said, some models go into the low hundreds.
If you add $100 for a USB MP3 player, you're looking at maybe $350-450. I guess that's about right.
Of course, I've also heard that you can pick up a pair of Oakleys for about $20 in Mexico...
...but very frustrating. I learned from a Chinese friend that brought a set from home. He got us all addicted (in college, we had time for this stuff). Soon we had maybe ten games spread out over the quad in front of our dorm. When I finally beat my friend in a match, I retired for good. I had to go out on a high note.
Actually, the government erected huge white platforms above parts of the city to obscure the stuff that satellites were seeing. It blocked out the sun and all the plants died. They realized it was a bad idea, took the platforms down, and just used Paintbrush to erase the parts they didn't like.
In case you (or someone else reading your comment) takes that seriously - consider the hassle of security versus the hassle of explaining to customers why their data is unavailable, their accounts were compromised, or you won't be able to fulfill your promises... I'd rather spend an hour working on making sure something was done right then spend five minutes on the phone while the customer bitches me out. That's why it makes life easier.
Parent has a good point. Every company I've worked in has people who think, "It's not my problem." Management should be concerned about security protecting their business. IT personnel should be concerned about security because it keeps them in a job and makes life easier.
We have so many cliches and maxims about this very concept, but they fall on deaf ears:
Nobody seems to care about doing things the right way until they screw up because they were done poorly. Ounce of prevention and all that..
The point is that making such sales illegal will help make it harder; nobody's being inconvenienced except for the parents (who should be responsible for it in the first place) and the kids (who are not capable of being responsible).
We don't throw a fit when we ban cigarette, alcohol, porn, or weapons sales to minors... kids are not always responsible enough to handle them. In this case, we're not banning the use of them - just the sale.
Let parents make the decision about what games their children play.
That's why I think this bill is a good idea. If you let kids walk in and buy the most violent games, their parents may not know what's going on. Those are the parents that make me sick. If you make the parents buy it for their kids, then they're forced to take responsibility for it. We already have too many idiots claiming that video games are making their children violent; instead of parents taking responsibility, they blame the games. This just makes sure that they're involved.
For those not familiar with the name, Google Search will turn up quite a bit. But for those too lazy for that, the summary is basically this (lifted from his own site):
"His rare blend of knowledge and expertise began as a teenager. More than thirty-five years ago he was known as one of the world's most famous confidence men as depicted in his best-selling book, "Catch Me If You Can." He cashed $2.5 million in fraudulent checks in every state and 26 foreign countries over a five-year period. Between the ages of 16 and 21, he successfully posed as an airline pilot, an attorney, a college professor and a pediatrician. Apprehended by the French police when he was 21 years old, he served time in the French, Swedish and U. S. prison systems. After five years he was released on the condition that he would help the federal government, without remuneration, by teaching and assisting federal law enforcement agencies."
Honestly, if you can't think like the criminals then you're going to be beaten. Sometimes I like to sell my services to clients by hacking their websites right in front of them. Most have hired out to someone with education (it's easy to skate through college), experience (everyone gets experience with time), or a slick-looking office (seriously?!). Ability is something difficult to measure but means a lot more. It all comes down to whether you trust him to make the right decisions in the future, not in his past.
I think that's the point, though. A competent programmer will look at another language with the confidence that he could pick it up and start working in it (maybe not 100%) "with very little learning curve." Sure, there are intricacies of every language - but those are the things that you pick up over time as you learn.
In college, I watched entire classes go through the same intro topics (how hard is it to switch between C++ and Java when you're only talking about freakin' conditionals?!) for weeks... I think the grandparent poster meant that a competent programmer would look at that and pick it up in minutes.
I know a handful of programming languages. I also have studied a handful of real-world languages. I spent six years studying Japanese... talk about fundamental differences!
I read these books for the first time earlier this year. I was amazed at how much fun they were. There were times I had to put the book down because I was laughing so hard I was crying.
"I'm sure that many lost sales happen because some sales doofus doesn't know that the product they're flogging actually meets the customer's needs perfectly!"
That's only if the customer actually knows their needs. Half the time the customer doesn't know what they need and will rely on the salesperson to tell them what they need. The other half (almost) the customers thinks they know what they need and will let the salesperson convince them that what they sell is what they need.
The thing is, almost every salesperson will approach it from the viewpoint that what they're selling is exactly what the customer should buy. That's why you see people walk out of Best Buy with the wrong thing for the wrong system, all at the wrong price.
Those are some pretty great suggestions, several of which I've followed myself. I invested in a decent pair of headphones (after sampling several) and have loved them ever since.
Three years ago, I would have laughed at you. That was until my friend (we'll call him analog-freak) sat me down in his listening chair and asked me to close my eyes.
He started playing music - it was very clear, so I figured it was a CD. It sounded amazing, though. Then I heard him click the A/B switch. The whole room seemed to open up and I could have sworn it was a live show, synchronized with the CD. I knew right away that this was vinyl; there were a few clicks and pops, but the sound was undeniably better than the CD. He switched back and forth a few times to let me hear the difference.
Now hear's the kicker: he's got a ridiculous system in house. He writes reviews for audiophile magazines, invests most of his free time and money in this stuff, and could sell his home system and pay off the house. The record he played was virgin, perfect vinyl - it was heavier than any record I've held. He said he paid just over $100 for the thing on eBay.
Since most of my listening is through my Honda Civic factory-installed CD player or through mp3s on my computer's crappy sound card, I don't get the opportunity to experience these amazing sound differences. So few people have the kind of equipment, knowledge, or money required to enjoy it at that level that I wouldn't even argue about it. Of course, this is Slashdot and audiophiles are an especially argumentative group of geeks.
Well, depending on the vendor's services I might call that a pretty unreasonable price. On the other hand, a large company might spend a lot more than that on hardware, software, audits, staff, etc. All to prevent such extortion...
--anecdote time-- If you're a small business, $100,000 might not be feasible. But then again, most small businesses won't need that kind of service. I've seen far too many sites ready to be discovered and attacked. One of my selling methods when I'm talking to a potential client is to visit their existing site and point out security holes. In one instance, I did a real quick SQL injection method to gain access to the "secure client login" area. Right in front of the client, we're staring at their largest client's account details.
"Can you fix it for me?" --end anecdote--
I generally charge $75/hour; that's 1,333 hours and 20 minutes of work before they'd pay $100k. Even with failover servers, load distributing, etc., getting out of the extortionists' crosshairs doesn't have to be so expensive.
...how this is any different from the way things work now:
"Imagine a company telling you, 'Hey, you want to make some extra dollars by building this car or writing this piece of software? Name your price, and you'll make some more cash.'"
I live in a state with at-will employment. In EVERY single interview I've ever had, the interviewing company has asked me what salary I wanted. They know how much they're willing to pay, and my answer to that question will pretty much always be a bid - if I name too high of a price, I generally don't get a call back. If it's low, they're more interested (or suspicious if it's too low).
Of course, this bidding process exactly how it works with a contract company; the client asks me to do something and wants to know how much it costs.
As I understand, this nurse bidding process is for extra shifts; you're already getting paid for a normal job and they have an extra shift. The person willing to work it for the least is going to get it.
"As long as you have some modicum of a clue - don't use IE, don't use Outlook, show some common sense about what you download - I really do think AV is a waste of money."
That right there is pretty much correct - which is why people have to use anti-virus. Most people don't have that modicum of a clue; either they're new to the intricacies of computing (look at the freshmen in many computer science classes) or they're just never going to be that informed (my mother, for instance). People do use IE, Outlook, and install everything that asks them to click Yes.
Security companies use FUD all the time to drive the point home. And many of them are extremely wealthy as a result.
The different is that FUD - fear, uncertainty, doubt - can in fact be grounded in reality. If you don't install a firewall, anti-virus software, and apply patches, you're not likely to last. So when they spread FUD, they're actually just educating. When SCO or Microsoft spreads FUD, they're just marketing. Sure, educating potential customers and marketing to potential customers can overlap - but don't be confused that FUD is necessarily an evil thing.
Slashdot Mirror
No kidding. I could have told them that it was 3 and they would have saved so much time and money.
See, that's what I tried to tell the judge...
Implementing email client security protocols over 15 platforms, each with at least a couple of different email clients, is much more difficult than forced SSL on a website.
As with most things in this industry, there are many different ways to do something...
The University I went to was moving away from POP3 and IMAP... by the time I graduated, incoming freshmen were instructed to use Webmail as their email client. The idea is that it's a consistent interface, doesn't require any configuration to use, and the security can be improved via SSL.
Since my business is web application development, I see a lot of the benefits. There have also been quite a few articles on Slashdot about web applications supplanting standalone versions...
Are you still using Lotus 1-2-3, too?
You can usually expect minimum of $80. When I was in high school, I knew a lot of guys that bought Oakleys for about $120. As other posters have said, some models go into the low hundreds.
If you add $100 for a USB MP3 player, you're looking at maybe $350-450. I guess that's about right.
Of course, I've also heard that you can pick up a pair of Oakleys for about $20 in Mexico...
A conversation about "looking too perfect" and you pick Tommy Lee Jones?!
You forgot Voice Over Mediocre Internet Telephones
Should someone be welcoming our new ArchLord?
...but very frustrating. I learned from a Chinese friend that brought a set from home. He got us all addicted (in college, we had time for this stuff). Soon we had maybe ten games spread out over the quad in front of our dorm. When I finally beat my friend in a match, I retired for good. I had to go out on a high note.
Actually, the government erected huge white platforms above parts of the city to obscure the stuff that satellites were seeing. It blocked out the sun and all the plants died. They realized it was a bad idea, took the platforms down, and just used Paintbrush to erase the parts they didn't like.
I get the joke, and I expected that...
In case you (or someone else reading your comment) takes that seriously - consider the hassle of security versus the hassle of explaining to customers why their data is unavailable, their accounts were compromised, or you won't be able to fulfill your promises... I'd rather spend an hour working on making sure something was done right then spend five minutes on the phone while the customer bitches me out. That's why it makes life easier.
Parent has a good point. Every company I've worked in has people who think, "It's not my problem." Management should be concerned about security protecting their business. IT personnel should be concerned about security because it keeps them in a job and makes life easier.
We have so many cliches and maxims about this very concept, but they fall on deaf ears:
Nobody seems to care about doing things the right way until they screw up because they were done poorly. Ounce of prevention and all that..
The point is that making such sales illegal will help make it harder; nobody's being inconvenienced except for the parents (who should be responsible for it in the first place) and the kids (who are not capable of being responsible).
We don't throw a fit when we ban cigarette, alcohol, porn, or weapons sales to minors... kids are not always responsible enough to handle them. In this case, we're not banning the use of them - just the sale.
Let parents make the decision about what games their children play.
That's why I think this bill is a good idea. If you let kids walk in and buy the most violent games, their parents may not know what's going on. Those are the parents that make me sick. If you make the parents buy it for their kids, then they're forced to take responsibility for it. We already have too many idiots claiming that video games are making their children violent; instead of parents taking responsibility, they blame the games. This just makes sure that they're involved.
skeletons...like Frank Abagnale?
For those not familiar with the name, Google Search will turn up quite a bit. But for those too lazy for that, the summary is basically this (lifted from his own site):
"His rare blend of knowledge and expertise began as a teenager. More than thirty-five years ago he was known as one of the world's most famous confidence men as depicted in his best-selling book, "Catch Me If You Can." He cashed $2.5 million in fraudulent checks in every state and 26 foreign countries over a five-year period. Between the ages of 16 and 21, he successfully posed as an airline pilot, an attorney, a college professor and a pediatrician. Apprehended by the French police when he was 21 years old, he served time in the French, Swedish and U. S. prison systems. After five years he was released on the condition that he would help the federal government, without remuneration, by teaching and assisting federal law enforcement agencies."
Honestly, if you can't think like the criminals then you're going to be beaten. Sometimes I like to sell my services to clients by hacking their websites right in front of them. Most have hired out to someone with education (it's easy to skate through college), experience (everyone gets experience with time), or a slick-looking office (seriously?!). Ability is something difficult to measure but means a lot more. It all comes down to whether you trust him to make the right decisions in the future, not in his past.
I think that's the point, though. A competent programmer will look at another language with the confidence that he could pick it up and start working in it (maybe not 100%) "with very little learning curve." Sure, there are intricacies of every language - but those are the things that you pick up over time as you learn.
In college, I watched entire classes go through the same intro topics (how hard is it to switch between C++ and Java when you're only talking about freakin' conditionals?!) for weeks... I think the grandparent poster meant that a competent programmer would look at that and pick it up in minutes.
I know a handful of programming languages. I also have studied a handful of real-world languages. I spent six years studying Japanese... talk about fundamental differences!
I read these books for the first time earlier this year. I was amazed at how much fun they were. There were times I had to put the book down because I was laughing so hard I was crying.
Go read them again.
"I'm sure that many lost sales happen because some sales doofus doesn't know that the product they're flogging actually meets the customer's needs perfectly!"
That's only if the customer actually knows their needs. Half the time the customer doesn't know what they need and will rely on the salesperson to tell them what they need. The other half (almost) the customers thinks they know what they need and will let the salesperson convince them that what they sell is what they need.
The thing is, almost every salesperson will approach it from the viewpoint that what they're selling is exactly what the customer should buy. That's why you see people walk out of Best Buy with the wrong thing for the wrong system, all at the wrong price.
Those are some pretty great suggestions, several of which I've followed myself. I invested in a decent pair of headphones (after sampling several) and have loved them ever since.
Three years ago, I would have laughed at you. That was until my friend (we'll call him analog-freak) sat me down in his listening chair and asked me to close my eyes.
He started playing music - it was very clear, so I figured it was a CD. It sounded amazing, though. Then I heard him click the A/B switch. The whole room seemed to open up and I could have sworn it was a live show, synchronized with the CD. I knew right away that this was vinyl; there were a few clicks and pops, but the sound was undeniably better than the CD. He switched back and forth a few times to let me hear the difference.
Now hear's the kicker: he's got a ridiculous system in house. He writes reviews for audiophile magazines, invests most of his free time and money in this stuff, and could sell his home system and pay off the house. The record he played was virgin, perfect vinyl - it was heavier than any record I've held. He said he paid just over $100 for the thing on eBay.
Since most of my listening is through my Honda Civic factory-installed CD player or through mp3s on my computer's crappy sound card, I don't get the opportunity to experience these amazing sound differences. So few people have the kind of equipment, knowledge, or money required to enjoy it at that level that I wouldn't even argue about it. Of course, this is Slashdot and audiophiles are an especially argumentative group of geeks.
Well, depending on the vendor's services I might call that a pretty unreasonable price. On the other hand, a large company might spend a lot more than that on hardware, software, audits, staff, etc. All to prevent such extortion...
--anecdote time--
If you're a small business, $100,000 might not be feasible. But then again, most small businesses won't need that kind of service. I've seen far too many sites ready to be discovered and attacked. One of my selling methods when I'm talking to a potential client is to visit their existing site and point out security holes. In one instance, I did a real quick SQL injection method to gain access to the "secure client login" area. Right in front of the client, we're staring at their largest client's account details.
"Can you fix it for me?"
--end anecdote--
I generally charge $75/hour; that's 1,333 hours and 20 minutes of work before they'd pay $100k. Even with failover servers, load distributing, etc., getting out of the extortionists' crosshairs doesn't have to be so expensive.
...how this is any different from the way things work now:
"Imagine a company telling you, 'Hey, you want to make some extra dollars by building this car or writing this piece of software? Name your price, and you'll make some more cash.'"
I live in a state with at-will employment. In EVERY single interview I've ever had, the interviewing company has asked me what salary I wanted. They know how much they're willing to pay, and my answer to that question will pretty much always be a bid - if I name too high of a price, I generally don't get a call back. If it's low, they're more interested (or suspicious if it's too low).
Of course, this bidding process exactly how it works with a contract company; the client asks me to do something and wants to know how much it costs.
As I understand, this nurse bidding process is for extra shifts; you're already getting paid for a normal job and they have an extra shift. The person willing to work it for the least is going to get it.
"As long as you have some modicum of a clue - don't use IE, don't use Outlook, show some common sense about what you download - I really do think AV is a waste of money."
That right there is pretty much correct - which is why people have to use anti-virus. Most people don't have that modicum of a clue; either they're new to the intricacies of computing (look at the freshmen in many computer science classes) or they're just never going to be that informed (my mother, for instance). People do use IE, Outlook, and install everything that asks them to click Yes.
Security companies use FUD all the time to drive the point home. And many of them are extremely wealthy as a result.
The different is that FUD - fear, uncertainty, doubt - can in fact be grounded in reality. If you don't install a firewall, anti-virus software, and apply patches, you're not likely to last. So when they spread FUD, they're actually just educating. When SCO or Microsoft spreads FUD, they're just marketing. Sure, educating potential customers and marketing to potential customers can overlap - but don't be confused that FUD is necessarily an evil thing.