THEY WANT TO SHARE CALENDARS! There is nothing said about putting patient medical records on the machine!!!!
rouge equipment
Who cares what color it is? Oh, wait, you meant rogue.... I should just ignore AC posts. Anyone who posts AC is obviously ashamed to be associated with the comments they make.
Most professional IT personnel would have caught this kind of crap within 3mo of starting their first job or before.
You have more respect for IT folk than I do. That's why I stopped working in IT.
You missed the part where this system is privately owned and not kept in IT controlled facilities.
Changing the IP address of the VM host doesn't alter port forwarding to internally NATted VM systems. Booting the system with a boot disk to wipe it is ok when the organization owns the equipment, but not when it's privately owned. I've never met an IT person who had keys to private offices.
I'll recap the OP, since you obviously didn't read it. In this scenario: IT only has control over the network (that's why OP is asking for a port forward). IT is asking for system access to a private system (they don't even want privileged access, just a regular user account). IT does not have physical access (not their system, not in their server locations).
Yeah right....this is Slashdot. We like to stick-it-to-the-man here!
Don't automatically assume they're going to do something bad to it, and don't think they're idiots who can't figure it out.
Assume? I've lived it! They are definitely going to do something bad to it. Maybe you didn't realize from my post that I don't have much respect for IT. So yes, I do think they're idiots.
They actually have more reason to suspect you of "doing something bad" in their network.
Doing something bad on the network would require that I get off my high-horse.
For goodness' sake, try to understand what "HIPAA compliance" means
Yes, it regards the protection of "individually identifiable" patient records. So they shouldn't put any patient detail in their calendar. Employee scheduling should be completely acceptable as long as they don't include any patient information. If they're using it to map free/busy time to the rest of their department, then it could easily be clear of patient information.
I've complied with much harsher restrictions than HIPAA
I can appreciate that point of view. I can also hope that the department using DAViCAL wouldn't be that careless with sensitive information. That scenario is entirely dependent on management of that department deciding what information is acceptable within an ical item.
traceroute will still succeed in my scenario and will end at the real machine!
A NATted VM would be indistinguishable from the host unless the IT person was given an account with privileges to run ifconfig, lspci, or if vmware-tools was installed and the IT account was able to run lsmod.
How many millions of pages does your website have? Mine is pushing 135 million (unique) pages.
Reading the About Us page, is an explanation that the site is an experiment to monitor search engine response to large numbers of pages.
Upon the next rewrite, the pagecount will be around 500 million pages. The reaction from Google should be interesting when presented with 135 million 301 redirects, and 370 million new pages.
Nope, never been bounced out of anywhere. And by offsite, I mean not on the local machine, and not within the server farms geographic location - but still within the secured private network of the organization.
as for being "windows weenies" our SA covers us if we need deep help...
Is that supposed to make it ok to be a windows weenie?
I haven't called tech for support since before Y2K, but since I spent a number of years taking level 3 support escalations, I don't hold it against anyone for calling tech support. Some people are just incapable.
Maybe you don't know what DAViCAL does. Here's a hint, it has nothing to do with patient health data, and therefor has no implication for HIPPA compliance.
As far as AUP goes, that all depends on the AUP, now doesn't it? If the AUP allows employees to connect their personal equipment to the network, then this guy is golden. He already stated that he purchased the machine with his own money, so it qualifies as personal equipment.
I'm glad AC posts start out with a zero score, because most of them stay there.
I haven't ever met an IT guy who has the power to get anyone fired. Even after someone is caught with pr0n, the IT guy has to turn it into his supervisor so it can move far enough up the food chain for anything to happen.
IT knows I have 3 department servers that they don't have (will never have) access to, and I have 1 public facing virtual server in their virtual farm that they will never (again) have access to. Sure, they asked for access...and my answer was no - with a well articulated set of reasons why they don't get access. The difference is value. That doesn't apply to me, because I'm actually valuable to my organization.
So, there are several steps in that extended process you missed.
5. Upper management decides they need a better class of IT people. 6. Upper management takes a trip to Neverland and hires a good MCSE who also knows Linux. 7. The IT guy didn't lie on his resume, and actually does know Linux. 8. The IT guy actually knows a Linux that people actually use, not Suse. 9. The IT guy also has experience with Linux virtual machines and can identify a machine that is virtual. 10. The IT guy thinks what you did was funny and calls you to congratulate a kindred spirit. 11. The IT guy eases your fears because he's a decent guy who knows what he's doing and you don't mind giving him access to your real system. 12. Both you and the IT guy are elevated to the next level of consciousness where you eat rainbows and poop butterflies.
Now there are several parts of this extended process that will never happen.
5: management will never opt for a better class of anyone. If they actually hire good people, it's an accident. 6: Unlike Neverland, a good MCSE who also knows Linux does not exist. 7: Everyone lies on their resume...especially MCSEs 8: MCSEs don't use real-world - CLI Linux. 9: Bahahahaha, seriously? These guys would be lucky to get past an SSH login. MOTD would totally confuse them. For additional hilarity, give them/bin/sh 10: He didn't study the answers to the phone system certification.....he won't be calling. 11: There is no way I'm giving anyone access to a system I administer, no matter how decent they seem. I might consider giving them access to a VM so I can laugh at their.bash_history 12: Pooping butterflies...that's just gross.
Apache Web Server is open source, yet the Apache group doesn't give you a working server, nor do they give you the power to turn the server on. They give you source code and instructions to achieve a working server. You must provide the hardware, power and the time.
Your comparison to the fishing proverb isn't appropriate.
Closed source is giving a man a fish (I agree) Open source is teaching a man to fish (which I believe would encompass teaching the necessary pole technology)
Have you met any IT people? The ones I know are not much more than computer literate. They know just enough to pass their MCSE cert. The last one I met didn't know the difference between a router and a switch with vlans....he thought they did the same thing! Before that, I spent a few hours explaining to an MCSE newhire what ping and traceroute did! I'm not saying that all MCSEs are that bad, but I haven't ever met one that was any good.
So, I got out of IT....associating with those guys will give you a bad name, and everyone will hate you.
This guy is trying to run open source software, his IT department is - no doubt - filled with Windows weenies.
I recently needed a server with internet access and had to configure the server myself....the IT department here doesn't "speak linux". They recently asked me if I was doing my own backups! The first thing I did was create offsite backups because I don't trust their ability to keep this VM running!
1. install vmware server, configure a barebones virtual machine 2. configure local ssh to listen to an alternate port number. 3. configure port forwarding on your local machine to direct port 22 to the virtual machine. 4. give them access to the VM
Best of both worlds. They think you've given them access, and you have...just not to the machine they think they're accessing.
If you decide to give them an account on the actual machine, configure an external location to backup your logfiles, even remote logging. When they attempt to do something bad on your machine (and they will) you'll have the proof you need to make someone regret their actions.
I don't know about you, but I've got flash on my android tablet and my android phone as well as my linux and (vm) windows systems, and both of my macs. Mine wasn't an "apple sux" rant, it was a "don't be an asshat, give me what I want" rant. The market has spoken, and apple said 'take a flying leap'.
Flash on my android devices is fine...I have no problems with it. I'll be buying an ipad for testing and development this weekend. If it had flash, I wouldn't be buying it because it would support the video solution my customer is using for every other platform. Instead, I'm burning their contracted support hours on development when I could otherwise mark them off while I read the automatically generated reports.
When every browser supports flash except the browser on iOS devices, who's desperate to differentiate? Android users just want what's always been available to them in every other environment they use.
Personally, I think Flash is lame. Webmasters and designers use it WAY too much. I appreciate video players, but even that should be phased out as html5 gets more traction. When I'm building sites, I avoid flash like the plague. I'll use flash only if there is NO OTHER WAY to accomplish my goal. I can't control other developers though.
If I want to use the web, I need flash on my browser. It's everywhere, including Apple products....except iOS devices.
It would have been easier to accomplish using pennies and requiring the students to provide them. Pair the students up and require them to start with 1 penny and double the money back and forth X number of times..01 * 2^13 = $81.92. Maybe to 2^10 ($10.24) is a little more realistic for high school students. At the end, pool the money and have a pizza party.
I'd be willing to bet that the goal of the exercise wasn't to teach the students anything. It was to get the teachers name into the record books. FTA: "After several failed attempts..."
Tanton has been trying to break that record for a while, and he needed help from MIT and his students to do it. Personally, I hope the MIT origami club decides to break this new record before it can be published. Tanton shouldn't be using public resources and student labor to break records.
The fact that it can only be used in hybrid vehicles
Who said anything about "only" hybrid vehicles. I can see this being useful in all sorts of situations where power needs to be generated. I'd love to see a portable generator running one of these engines. Where currently greater than 50% of the weight of a generator is engine, this would significantly reduce the engine weight which could be dedicated to additional fuel storage or even reduce the amount of space the generator occupies. Where my current generator will run for about 6 hours on a tank, with this new engine that time could be extended to 20ish hours on the same amount of fuel.
Permanent generators might become a feasible alternative to grid power (if fuel prices ever stabilize).
If the oil companies can keep their assassins away from this technology, we might actually see it come to market.
Maybe you need glasses. Just because it's round and uses several colors does not make it a rip-off. They're different content areas entirely - chrome is a browser while qq is a social website. It's like saying that these products are ripping off other companies for name recognition.
Lewis v. United States, 680 F.2d 1239 From the decision:
The district court dismissed, holding that the Federal Reserve Bank is not a federal agency within the meaning of the Act and that the court therefore lacked subject matter jurisdiction. We affirm.... Each Federal Reserve Bank is a separate corporation owned by commercial banks in its region.
I can see that you're not interested in visiting my universe, where things aren't black and white. Maybe you'd be interested in Ann Coulters universe, where radiation is good for you.
Slashdot Mirror
I wish we could subpoena your real identity...
Those are tough words for someone posting as an AC!
Holy crap! Didn't anyone read the OP?
THEY WANT TO SHARE CALENDARS! There is nothing said about putting patient medical records on the machine!!!!
rouge equipment
Who cares what color it is? Oh, wait, you meant rogue.... I should just ignore AC posts. Anyone who posts AC is obviously ashamed to be associated with the comments they make.
obvious troll is obvious
Redundant statement is redundant....and wrong.
Most professional IT personnel would have caught this kind of crap within 3mo of starting their first job or before.
You have more respect for IT folk than I do. That's why I stopped working in IT.
You missed the part where this system is privately owned and not kept in IT controlled facilities.
Changing the IP address of the VM host doesn't alter port forwarding to internally NATted VM systems. Booting the system with a boot disk to wipe it is ok when the organization owns the equipment, but not when it's privately owned. I've never met an IT person who had keys to private offices.
I'll recap the OP, since you obviously didn't read it.
In this scenario:
IT only has control over the network (that's why OP is asking for a port forward).
IT is asking for system access to a private system (they don't even want privileged access, just a regular user account).
IT does not have physical access (not their system, not in their server locations).
Mod parent down, please.
Yeah right....this is Slashdot. We like to stick-it-to-the-man here!
Don't automatically assume they're going to do something bad to it, and don't think they're idiots who can't figure it out.
Assume? I've lived it! They are definitely going to do something bad to it. Maybe you didn't realize from my post that I don't have much respect for IT. So yes, I do think they're idiots.
They actually have more reason to suspect you of "doing something bad" in their network.
Doing something bad on the network would require that I get off my high-horse.
For goodness' sake, try to understand what "HIPAA compliance" means
Yes, it regards the protection of "individually identifiable" patient records. So they shouldn't put any patient detail in their calendar. Employee scheduling should be completely acceptable as long as they don't include any patient information. If they're using it to map free/busy time to the rest of their department, then it could easily be clear of patient information.
I've complied with much harsher restrictions than HIPAA
I can appreciate that point of view. I can also hope that the department using DAViCAL wouldn't be that careless with sensitive information. That scenario is entirely dependent on management of that department deciding what information is acceptable within an ical item.
Thursday: patient appointment 9:00 - exam room 8
I never suggested a TCP dump.
traceroute will still succeed in my scenario and will end at the real machine!
A NATted VM would be indistinguishable from the host unless the IT person was given an account with privileges to run ifconfig, lspci, or if vmware-tools was installed and the IT account was able to run lsmod.
Is every AC going to question my original post?
They provide source code, so I would argue that they do tell you how to write your own web server software by providing the source.
Knowledge isn't hardware either.
How many millions of pages does your website have? Mine is pushing 135 million (unique) pages.
Reading the About Us page, is an explanation that the site is an experiment to monitor search engine response to large numbers of pages.
Upon the next rewrite, the pagecount will be around 500 million pages. The reaction from Google should be interesting when presented with 135 million 301 redirects, and 370 million new pages.
VM host can run NAT and the virtual machine can be completely hidden from the physical network.
The point isn't to hide the real machine! The goal is to convince IT that they have access to it!
Is everyone who doesn't know a damn thing about VMs going to reply to my post?
I suppose I shouldn't get frustrated. There's a reason everyone is replying as AC. It's because they're afraid of looking like fools.
Nope, never been bounced out of anywhere. And by offsite, I mean not on the local machine, and not within the server farms geographic location - but still within the secured private network of the organization.
as for being "windows weenies" our SA covers us if we need deep help...
Is that supposed to make it ok to be a windows weenie?
I haven't called tech for support since before Y2K, but since I spent a number of years taking level 3 support escalations, I don't hold it against anyone for calling tech support. Some people are just incapable.
Maybe you don't know what DAViCAL does. Here's a hint, it has nothing to do with patient health data, and therefor has no implication for HIPPA compliance.
As far as AUP goes, that all depends on the AUP, now doesn't it? If the AUP allows employees to connect their personal equipment to the network, then this guy is golden. He already stated that he purchased the machine with his own money, so it qualifies as personal equipment.
I'm glad AC posts start out with a zero score, because most of them stay there.
I haven't ever met an IT guy who has the power to get anyone fired. Even after someone is caught with pr0n, the IT guy has to turn it into his supervisor so it can move far enough up the food chain for anything to happen.
Your method fails:
ifconfig eth0 hw ether 01:02:03:04:05:06
IT knows I have 3 department servers that they don't have (will never have) access to, and I have 1 public facing virtual server in their virtual farm that they will never (again) have access to. Sure, they asked for access...and my answer was no - with a well articulated set of reasons why they don't get access. The difference is value. That doesn't apply to me, because I'm actually valuable to my organization.
So, there are several steps in that extended process you missed.
5. Upper management decides they need a better class of IT people.
6. Upper management takes a trip to Neverland and hires a good MCSE who also knows Linux.
7. The IT guy didn't lie on his resume, and actually does know Linux.
8. The IT guy actually knows a Linux that people actually use, not Suse.
9. The IT guy also has experience with Linux virtual machines and can identify a machine that is virtual.
10. The IT guy thinks what you did was funny and calls you to congratulate a kindred spirit.
11. The IT guy eases your fears because he's a decent guy who knows what he's doing and you don't mind giving him access to your real system.
12. Both you and the IT guy are elevated to the next level of consciousness where you eat rainbows and poop butterflies.
Now there are several parts of this extended process that will never happen.
5: management will never opt for a better class of anyone. If they actually hire good people, it's an accident. /bin/sh .bash_history
6: Unlike Neverland, a good MCSE who also knows Linux does not exist.
7: Everyone lies on their resume...especially MCSEs
8: MCSEs don't use real-world - CLI Linux.
9: Bahahahaha, seriously? These guys would be lucky to get past an SSH login. MOTD would totally confuse them. For additional hilarity, give them
10: He didn't study the answers to the phone system certification.....he won't be calling.
11: There is no way I'm giving anyone access to a system I administer, no matter how decent they seem. I might consider giving them access to a VM so I can laugh at their
12: Pooping butterflies...that's just gross.
Apache Web Server is open source, yet the Apache group doesn't give you a working server, nor do they give you the power to turn the server on. They give you source code and instructions to achieve a working server. You must provide the hardware, power and the time.
Your comparison to the fishing proverb isn't appropriate.
Closed source is giving a man a fish (I agree)
Open source is teaching a man to fish (which I believe would encompass teaching the necessary pole technology)
Source is knowledge, not product.
http://openfarmtech.org/wiki/Main_Page
Have you met any IT people? The ones I know are not much more than computer literate. They know just enough to pass their MCSE cert. The last one I met didn't know the difference between a router and a switch with vlans....he thought they did the same thing! Before that, I spent a few hours explaining to an MCSE newhire what ping and traceroute did! I'm not saying that all MCSEs are that bad, but I haven't ever met one that was any good.
So, I got out of IT....associating with those guys will give you a bad name, and everyone will hate you.
This guy is trying to run open source software, his IT department is - no doubt - filled with Windows weenies.
I recently needed a server with internet access and had to configure the server myself....the IT department here doesn't "speak linux". They recently asked me if I was doing my own backups! The first thing I did was create offsite backups because I don't trust their ability to keep this VM running!
1. install vmware server, configure a barebones virtual machine
2. configure local ssh to listen to an alternate port number.
3. configure port forwarding on your local machine to direct port 22 to the virtual machine.
4. give them access to the VM
Best of both worlds.
They think you've given them access, and you have...just not to the machine they think they're accessing.
If you decide to give them an account on the actual machine, configure an external location to backup your logfiles, even remote logging. When they attempt to do something bad on your machine (and they will) you'll have the proof you need to make someone regret their actions.
I don't know about you, but I've got flash on my android tablet and my android phone as well as my linux and (vm) windows systems, and both of my macs. Mine wasn't an "apple sux" rant, it was a "don't be an asshat, give me what I want" rant. The market has spoken, and apple said 'take a flying leap'.
Flash on my android devices is fine...I have no problems with it. I'll be buying an ipad for testing and development this weekend. If it had flash, I wouldn't be buying it because it would support the video solution my customer is using for every other platform. Instead, I'm burning their contracted support hours on development when I could otherwise mark them off while I read the automatically generated reports.
When every browser supports flash except the browser on iOS devices, who's desperate to differentiate? Android users just want what's always been available to them in every other environment they use.
Personally, I think Flash is lame. Webmasters and designers use it WAY too much. I appreciate video players, but even that should be phased out as html5 gets more traction. When I'm building sites, I avoid flash like the plague. I'll use flash only if there is NO OTHER WAY to accomplish my goal. I can't control other developers though.
If I want to use the web, I need flash on my browser. It's everywhere, including Apple products....except iOS devices.
It would have been easier to accomplish using pennies and requiring the students to provide them. Pair the students up and require them to start with 1 penny and double the money back and forth X number of times. .01 * 2^13 = $81.92. Maybe to 2^10 ($10.24) is a little more realistic for high school students. At the end, pool the money and have a pizza party.
I'd be willing to bet that the goal of the exercise wasn't to teach the students anything. It was to get the teachers name into the record books. FTA: "After several failed attempts..."
Tanton has been trying to break that record for a while, and he needed help from MIT and his students to do it. Personally, I hope the MIT origami club decides to break this new record before it can be published. Tanton shouldn't be using public resources and student labor to break records.
I'd rather smile on a city bus...
Buying love on a city bus is just gross!
The fact that it can only be used in hybrid vehicles
Who said anything about "only" hybrid vehicles. I can see this being useful in all sorts of situations where power needs to be generated. I'd love to see a portable generator running one of these engines. Where currently greater than 50% of the weight of a generator is engine, this would significantly reduce the engine weight which could be dedicated to additional fuel storage or even reduce the amount of space the generator occupies. Where my current generator will run for about 6 hours on a tank, with this new engine that time could be extended to 20ish hours on the same amount of fuel.
Permanent generators might become a feasible alternative to grid power (if fuel prices ever stabilize).
If the oil companies can keep their assassins away from this technology, we might actually see it come to market.
Maybe you need glasses. Just because it's round and uses several colors does not make it a rip-off. They're different content areas entirely - chrome is a browser while qq is a social website. It's like saying that these products are ripping off other companies for name recognition.
Have you ever been to Texas? Our textbooks say no such thing.
federal reserve - a government entity
The US Court of Appeals has a different opinion.
Lewis v. United States, 680 F.2d 1239
From the decision:
The district court dismissed, holding that the Federal Reserve Bank is not a federal agency within the meaning of the Act and that the court therefore lacked subject matter jurisdiction. We affirm. ...
Each Federal Reserve Bank is a separate corporation owned by commercial banks in its region.
I can see that you're not interested in visiting my universe, where things aren't black and white. Maybe you'd be interested in Ann Coulters universe, where radiation is good for you.