I'm a consultant at a CPA firm, therfore, billable hours rule all. I (like many posting here) am a terrible procrastinator (evidenced by my visit to Slashdot...) I've struggled with the same problem, and a lot of people are posting one of a few solutions: use a new piece of software; use a piece of paper; use a timer.
The timer thing is not a bad idea, but it still has to be recorded somewhere, so it's not necessarily a good answer if you can't just say "eight hours billed between four clients, 2 hrs/client".
Paper can work great. I used a notebook and followed a methodology more or less laid out in a software engineering textbook that I took at Uni. Essentially, list out tasks and assign some identifier (i.e., as a penetration tester & computer forensics consultant, I have a code for Googling/researching/footprinting my client, and a separate one for port scanning, etc.) A few pages farther back, I have a listing of client/project identifiers. A few pages behind that, I have a slot to tally project/time expenditures and begin to get a feel for time spent on each client/type of task. A few pages behind that, I record start time, end time, a column to indicate breaks (i.e. 5, 10 mins for coffee or something), a delta, client number/indicator, task number/indicator, a description, and a checkbox to see if I've aggragated that item, recorded it in my billing system, etc.
I omitted the breaks/delta columns because every break tended to be a different client or project; coffee breaks waited until some other distraction broke me away from what I was doing. This worked fairly well, and eliminated having to mess with another software interface. Of course, the system I use dictates this time be entered manually, so a CSV export or something akin to it doesn't really help.
Now though, I track my time where I track my appointments, vacation, etc. by creating appointments for each client or job I work on. It's a little more time consuming to enter, but my PDA supports this time tracking method inherently, and I can use the Categories listings to indicate the client, I can summarize my work in the subject, I can track the task type in the location, and I can include notes or comments (say, if it's a phone call) all in the same spot. When I have to enter my time, I can just open my calendar and go back a few days. I can also (as someone else mentioned) use the Journal function in Outlook to augment this.
For me and my work habits, this seems to work out well, plus it's a little comforting when I have a good day and it's a solid block of blue (the label color I use for billable work).
Uh...a 20" CRT is over 80 lbs, in my experience. And 20"+ deep.
This LCD's depth is the base, the screen body itself appears similar to NEC's current LCDs, in that it's around 4" deep. The 8" base is necessary, unless you want your $6000 monitor to tip easily when you bump your desk. And at least the screen rotates...not to mention that this is still a pre-production model. I just hope it doesn't take five or ten years for this to become feasible for mere mortals.
Yeah, I apologize, it looks like TOSTA isn't so much worth anything. The guy talked up something totally different than is on their webpage. Forget I added that link.
Seeing as all the comments thus far are contributing nothing other than to bash ITIL/CMM/Six-Sigma/etc, I'll give a weak stab at this.
Google: itil "open source"
Now stop and determine what your goal is, what you want to accomplish by implementing ITIL. *Then* go looking for software solutions, or develop one in-house. Looking for a piece of software to drop ITIL, COBIT, or any of those other IT risk/product management frameworks leads you to a line of vendor gas-bags who have no idea what the framework is actually there for.
I'm not specifically familiar with ITIL, but I am going to assume it's similar to COBIT. In this light, you should be able to pick one or two of your organization's largest risks as identified by your ITIL assessment, and work to solve those problems first. There is not now, nor will there ever be, a project that will make your organization "ITIL Compliant" without more work on your behalf than your vendors & contsultants, etc. You (as an individual who will have to live with this, and as a company) will be better off if you approach this project with an understanding of what ITIL is, what it will give you, and what your risks are. Forget consultants. This is especially important because you're trying to use an enormous enterprise tool for a medium-sized business.
All that said, one guy I've talked to that may or may not know crap (I've no idea, as I didn't talk long)but had a strong interest in compliance via open source tools can be found at tosta.org.
Good luck.
Re:It's a surprisingly decent video player
on
Video iPod Screen Test
·
· Score: 2, Insightful
Yes, and that makes just as much sense, no matter whether he's talking about clarity or volume. In both cases, his car stereo is the factor that affects it, not the source, iPod or not. And my entire point was mossberg's irrelevance, spending his time reviewing macs..."holy crap! Apple made a postitively *AMAZING* product, and it works! It really does what the box says it can do!"
Video iPod not good for full length movies? What? Stop the presses!
I realize we are not his audience, but his "reviews" still rub me wrong.
And to the other poster: no, the geekiverse is not the blogosphere. The geekiverse is much cooler!
The FFIEC is an alphabet soup of the guys who matter in this respsect: OCC, FDIC, NCUA, the Fed, and the OTS. Regardless of what the other reply to your message says about regulators, the more important piece is the weight placed by banks & credit unions behind any FIL (financial institution letter) published by the FFIEC.
It very well may (and probably will) take past Dec. `06, but the key piece to remember when reading any legislation, regulation or guidance on such, is the interpretation varies.
What works for Wells Fargo regulators for "effective methods" of control does not mean that works for First National Bank of Podunk.
Financial institutions offering Internet-based products and services should use effective methods to authenticate the identity of customers using those products and services.
Single-factor authentication methodologies may not provide sufficient protection for Internet-based financial services.
The FFIEC agencies consider single-factor authentication, when used as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties.
Risk assessments should provide the basis for determining an effective authentication strategy according to the risks associated with the various products and services available to on-line customers.
Customer awareness and education should continue to be emphasized because they are effective deterrents to the on-line theft of assets and sensitive information.
If your bank or credit union management can make a case against any of these points, the regulators are only too happy to oblige. Just don't jump the gun and assume "control mechanism" means these are the only acceptable controls: user/pass, certificate, token, fingerprint, first-born child.
With changes implemented for Check21 compliance (check imaging, shorter processing time) and a 60-second window for a MITM attack with two-factor, I'm willing to pay for my own damn token (or certificate) if necessary, for the added protection. Of course, my password is also 8 chars, random letters/numbers (thanks, Wells Fargo, for that upper limit...) changed quarterly...
Re:It's a surprisingly decent video player
on
Video iPod Screen Test
·
· Score: 1, Insightful
Mossberg takes every opportunity to suck Apple's core, as does Slashdot's editorial staff, evidently.
This isn't to say I disagree, but the only reason anything Mossberg writes deserves a place on/. is to show what the "suits" of the world are reading about the geekiverse. Even then, the cover-story from Saturday's WSJ was a better insight into that than anything from Mossberg.
Another, previous poster under the story "WSJ approves of iPod nano" or some-such quoted Mossberg, who could (paraphrasing, here...) "hear his iPod nano with crystal clarity while flying down the freeway @ 70 with the top down in his convertible." Which is funny, because that's exactly the setup I would use to assess clarity and quality, driving at 70 with all that wind noise.
I had a 600, on which the LCD got so badly scratched I could no longer read the screen in any sort of light due to the glare. Even in a dark room with the brightness turned up, it was fuzzy at best. Since going back to my clamshell, I'm happy as a clam. The outer LCD can scratch just fine, but it's only displaying the time or one line of text, not images and small text like the main screen inside. This is actually my biggest beef about the ROKR too, that they went back to the non-clamshell design for it. Had they put the iTunes functionality in the v5xx series, or a RAZR, I'd be all over it. Granted I want more than 100 songs, but that'd be enough for me, as my phone sits next to my mac mini each night.
I think people's beef though is that the nano is so easily scratched. Not that they get scratched if mistreated, but that they get miscratched if you damn-near just touch the screen.
So no ipod, esp. a nano, and no ROKR, until this sort of thing is resolved.
It always amazes me when geeks complain about useful features in a program that can be disabled with one checkmark. Your "good example" is not a good example. Go into your preferences and disable in-line spell/grammar checking. And when you're writing a normal text document, you can manually spell-check.
That said, I agree that [sometimes] a simple text document *is* best.
Just create a label [mistress] or [love-notes] or [don't-look-here-honey], then you can conveniently log in periodically, check all read, and delete them!
(Just kidding honey, the label I use is junk mail. Though I seem to be getting more and more love letters from King Abdullah Frikahn III, asking if I would be willing to help him transfer his money...)
Oh, you can hire these guys or someone like them to use their scanning electron microscopes to map out the electrons. They can recover several layers of files, even after being deleted/overwritten/zeroed if not done thoroughly enough. Just hope you have over $100k per disk...
The tool is dd that automagically pipes the data stream through a checksummer to generate an md5/sha1/sha128/sha256 (IIRC) on a specified windowsize (from one 512b block to the entire device/file).
There is nothing special as far as what is/is not a valid source/destination device.
Uh, acrobat's plugin places a menubar inside the tab where I'm viewing a PDF. If I cange tabs, that bar goes away. The only other apps that I can think of currently would do anything like this are viewing office docs in IE, which I don't do anyway except intranet stuff at work. Then you can view/lightly edit excel (and I think word and ppt) documents within the browser window. Which is kludgy. So why is this necessary?
The other part of this that I started to hit on in another post, but never quite made it: Hydan (the most popular version of steg/de-steg software I've seen so far) uses bluefish. There's no rule saying you couldn't tie this into GPG, though, so you could wind up with both edges of the sword: steganographically-hidden, strongly-encrypted data.
And someone else commented on finding enough data to hide a sizeable file. Well, the other side to that coin is a text file doesn't require much space, but there are infinite times in all walks of life where a few lines of well-written text, if sent to the right person, can have great influence. Of course, the other side to thatcoin is that you could [potentially] use a DVD movie to hide a larger amount of data. Put that on a burned DVD, slap a bootlegged-like label on it, and if anyone discovered that there was data stegged on it, and it's "I don't know what you're talking about, I bought it off some dude in Central Park when I was in NY last month." Just remember not to leave the key you used sitting on the disk!
Or better yet, steg it in the cover image! Or not...
This is not totally accurate. Steg (using hydan, say) works this way: you run hydan, specifying a file to hide, a message/file to hide, and the output filename. You'll be prompted for a password to use (ala PGP passphrase/key) and the message is encrypted with the bluefish encryption algorithm. While it's not quite as strong as PGP with a 1024b key, there's no rule saying you couldn't actually use a PGP key to do this, public or private. It's just that the same phrase must be used on both ends.
From hydan-0.10 README:
Hydan [hI-dn]: Old english, to hide or conceal.
Intro:
Hydan steganographically conceals a message into an application.
Features include:
Application filesize remains unchanged
Message is blowfish encrypted with a user-supplied passphrase before being embedded
Embed a message:
./hydan/bin/ls <msg> ls.stegged
Decode the message:
./hydan-decode ls.stegged
Note: Don't use commonly available applications like/bin/ls to conceal your message! It would be trivial for an attacker to realize that there is something hidden in your copy of ls, as the md5sum would differ. Checkout the README.details for more info about implementation and attacks.
Slashdot Mirror
I am simply amazed that this is the first actual AD&D reply to this story (at +2, at least...)
...because the UI is black, so it matches your ipod nano and better represents your depressed state as a result of being a Windows user?
You read that wrong. That's exactly the poster's point.
MASH is fine.
Civi ambulances & medical equipment "most likely [are] in violation".
"Games probably aren't [in violation] because they're depictions of armed forces and war."
The timer thing is not a bad idea, but it still has to be recorded somewhere, so it's not necessarily a good answer if you can't just say "eight hours billed between four clients, 2 hrs/client".
Paper can work great. I used a notebook and followed a methodology more or less laid out in a software engineering textbook that I took at Uni. Essentially, list out tasks and assign some identifier (i.e., as a penetration tester & computer forensics consultant, I have a code for Googling/researching/footprinting my client, and a separate one for port scanning, etc.) A few pages farther back, I have a listing of client/project identifiers. A few pages behind that, I have a slot to tally project/time expenditures and begin to get a feel for time spent on each client/type of task. A few pages behind that, I record start time, end time, a column to indicate breaks (i.e. 5, 10 mins for coffee or something), a delta, client number/indicator, task number/indicator, a description, and a checkbox to see if I've aggragated that item, recorded it in my billing system, etc.
I omitted the breaks/delta columns because every break tended to be a different client or project; coffee breaks waited until some other distraction broke me away from what I was doing. This worked fairly well, and eliminated having to mess with another software interface. Of course, the system I use dictates this time be entered manually, so a CSV export or something akin to it doesn't really help.
Now though, I track my time where I track my appointments, vacation, etc. by creating appointments for each client or job I work on. It's a little more time consuming to enter, but my PDA supports this time tracking method inherently, and I can use the Categories listings to indicate the client, I can summarize my work in the subject, I can track the task type in the location, and I can include notes or comments (say, if it's a phone call) all in the same spot. When I have to enter my time, I can just open my calendar and go back a few days. I can also (as someone else mentioned) use the Journal function in Outlook to augment this.
For me and my work habits, this seems to work out well, plus it's a little comforting when I have a good day and it's a solid block of blue (the label color I use for billable work).
How sad is it that this is the first time I've actually understood what short selling, margin & options actually means?
Are we looking at some new, cuddly Microsoft? A fracking emoticon?
Weird. Let's just hope this doesn't turn out to be "we'll support you...by helping you go back and open this webpage with IE."
This LCD's depth is the base, the screen body itself appears similar to NEC's current LCDs, in that it's around 4" deep. The 8" base is necessary, unless you want your $6000 monitor to tip easily when you bump your desk. And at least the screen rotates...not to mention that this is still a pre-production model. I just hope it doesn't take five or ten years for this to become feasible for mere mortals.
Yeah, I apologize, it looks like TOSTA isn't so much worth anything. The guy talked up something totally different than is on their webpage. Forget I added that link.
Google: itil "open source"
Now stop and determine what your goal is, what you want to accomplish by implementing ITIL. *Then* go looking for software solutions, or develop one in-house. Looking for a piece of software to drop ITIL, COBIT, or any of those other IT risk/product management frameworks leads you to a line of vendor gas-bags who have no idea what the framework is actually there for.
I'm not specifically familiar with ITIL, but I am going to assume it's similar to COBIT. In this light, you should be able to pick one or two of your organization's largest risks as identified by your ITIL assessment, and work to solve those problems first. There is not now, nor will there ever be, a project that will make your organization "ITIL Compliant" without more work on your behalf than your vendors & contsultants, etc. You (as an individual who will have to live with this, and as a company) will be better off if you approach this project with an understanding of what ITIL is, what it will give you, and what your risks are. Forget consultants. This is especially important because you're trying to use an enormous enterprise tool for a medium-sized business.
All that said, one guy I've talked to that may or may not know crap (I've no idea, as I didn't talk long)but had a strong interest in compliance via open source tools can be found at tosta.org.
Good luck.
Video iPod not good for full length movies? What? Stop the presses!
I realize we are not his audience, but his "reviews" still rub me wrong.
And to the other poster: no, the geekiverse is not the blogosphere. The geekiverse is much cooler!
It very well may (and probably will) take past Dec. `06, but the key piece to remember when reading any legislation, regulation or guidance on such, is the interpretation varies.
What works for Wells Fargo regulators for "effective methods" of control does not mean that works for First National Bank of Podunk.
From the actual FIL [emphasis added]:
If your bank or credit union management can make a case against any of these points, the regulators are only too happy to oblige. Just don't jump the gun and assume "control mechanism" means these are the only acceptable controls: user/pass, certificate, token, fingerprint, first-born child.
With changes implemented for Check21 compliance (check imaging, shorter processing time) and a 60-second window for a MITM attack with two-factor, I'm willing to pay for my own damn token (or certificate) if necessary, for the added protection. Of course, my password is also 8 chars, random letters/numbers (thanks, Wells Fargo, for that upper limit...) changed quarterly...
This isn't to say I disagree, but the only reason anything Mossberg writes deserves a place on /. is to show what the "suits" of the world are reading about the geekiverse. Even then, the cover-story from Saturday's WSJ was a better insight into that than anything from Mossberg.
Another, previous poster under the story "WSJ approves of iPod nano" or some-such quoted Mossberg, who could (paraphrasing, here...) "hear his iPod nano with crystal clarity while flying down the freeway @ 70 with the top down in his convertible." Which is funny, because that's exactly the setup I would use to assess clarity and quality, driving at 70 with all that wind noise.
actually...most are sans-serif.
I think people's beef though is that the nano is so easily scratched. Not that they get scratched if mistreated, but that they get miscratched if you damn-near just touch the screen.
So no ipod, esp. a nano, and no ROKR, until this sort of thing is resolved.
That said, I agree that [sometimes] a simple text document *is* best.
Oh, that's easy! Just do what I do!
Just create a label [mistress] or [love-notes] or [don't-look-here-honey], then you can conveniently log in periodically, check all read, and delete them!
(Just kidding honey, the label I use is junk mail. Though I seem to be getting more and more love letters from King Abdullah Frikahn III, asking if I would be willing to help him transfer his money...)
"Technology's just chimneypieces." (Paraphrased)
Jesus...
Can you say penchant for the dramatic?
Nicely eloquent, though!
Oh, you can hire these guys or someone like them to use their scanning electron microscopes to map out the electrons. They can recover several layers of files, even after being deleted/overwritten/zeroed if not done thoroughly enough. Just hope you have over $100k per disk...
There is nothing special as far as what is/is not a valid source/destination device.
Uh, acrobat's plugin places a menubar inside the tab where I'm viewing a PDF. If I cange tabs, that bar goes away. The only other apps that I can think of currently would do anything like this are viewing office docs in IE, which I don't do anyway except intranet stuff at work. Then you can view/lightly edit excel (and I think word and ppt) documents within the browser window. Which is kludgy. So why is this necessary?
Does the FBSD crowd really want to do that to themselves?
Thanks, I couldn't read that. I shot my eye out last Christmas with a damn BB gun.
And someone else commented on finding enough data to hide a sizeable file. Well, the other side to that coin is a text file doesn't require much space, but there are infinite times in all walks of life where a few lines of well-written text, if sent to the right person, can have great influence. Of course, the other side to thatcoin is that you could [potentially] use a DVD movie to hide a larger amount of data. Put that on a burned DVD, slap a bootlegged-like label on it, and if anyone discovered that there was data stegged on it, and it's "I don't know what you're talking about, I bought it off some dude in Central Park when I was in NY last month." Just remember not to leave the key you used sitting on the disk!
Or better yet, steg it in the cover image! Or not...
From hydan-0.10 README:
Hydan [hI-dn]: Old english, to hide or conceal.
Intro:
Hydan steganographically conceals a message into an application.
Features include:
- Application filesize remains unchanged
- Message is blowfish encrypted with a user-supplied passphrase before being embedded
Embed a message: Decode the message: Note: Don't use commonly available applications like