I'm afraid that calling this a solved problem is like saying that because we've successfully created nanofibers, we should already have a space elevator. There's an enormous gap between a mere accounting system to help balance a single checkbook, and the tracking and integration necessary to actually handle paychecks. And in a large government bureaucracy, the number of distinct systems and workflows that have to be replaced or integrated to will be enormous, and fought tooth and nail by people who perceive it as encroaching on their workflow. I'm afraid I've worked on similarly complex issues, though perhaps not as likely to work directly with so many distinct managers all at the same time. But I've some harsh experience that suggests that it can be _amazingly_ difficult.
Re:Google can fix it with a hammer.
on
AOSP Maintainer Quits
·
· Score: 3, Insightful
Given the existence of the Google Summer of Code projects, the ongoing publication by Google of Java patches, and the contribution of Google employees to fascinating projects on github.com, quite a large percentage of Google employees both use and publish open source and freeware. Numerous business partners and collaborators work with it extensively, especially when they see me publishing my patches or updated code and see that they benefit from my ongoing involvement. And they are willing to pay my company more because our projects are available, as source, so that work can be evolved or continued even if one of our developers changes employment.
I've certainly helped engineers try to reverse engineer software without source 10 years later, and it is _barbaric_. The last time, I fortunately found that the developer had actually cannibalized software I'd written decades ago to build the application. It was a reminder of why a GPL can be so much more powerful than an Apache or BSD license: the developer had not chosen to publish their modifications to their clients, for various legal and workflow reasons.
You've brought back memories of my youth, and occasional partners I've worked with., and of the entire academic research community. You can do a great deal of fascinating and useful work with such loose social standards. It doesn't always scale well: Tasks that need to be done absolutely correct, and absolutely consistently, for reliability, for scientific publication, o for human safety, or just for inventory control can wind up a bit slapdash. And a major difficulty can be _keeping_ anyone more than 10 years, especially the senior people with spouses or kids to raise.
But I agree that workplace comfort, both physical and social, can keep great people at much lower rates than industry standards. That's why I stay where I am: I would be _very_ expensive on the open market, but relish the changes and the great people I work with, and the chance to train others.
> Today we know that the main nutritional problem is excess fructose
As opposed to malnutrition from poverty? Think again.
As for nutrition causing heart disease, wait a few years. I'm afraid the cause will be "discovered" to be something else. The last few decades have seen the blame cast on smoking, excess preservatives, excess sucrose (not fructose!), excess protein, excess fat, excess trans-fatty acids, excess salt, excess liquor, excess body fat, excess work, excess processed food, excess caffeine, lack of vitamin C, lack of exercise, or poor sleep habits.
The claim that humans are "not supposed to eat animal products" is even less well founded. Humans have incisors and canine teeth, like other omnivors, for rending flesh. We also have rather short intestinal tracts and livers that handle animal proteins and fats reasonably well, neither of which are so common to herbivores.
Pay the departing sysadmin for their time, by any legal means, to provide additional information. I've had to work with companies where a core admin had just departed, and had to help hide that we then hired one such admin as part of our company with a different title in another group, partly so we could tap them legally for information about their old company's environments. We got a good engineer, they got a good contract to help out while they looked for a permanent role, and were able to factor in undocumented aspects of the old company's security practices and backup systems which they were flat-out lying about.
Find out why that admin is leaving, without their manager in the room or any witnesses. Don't take "no" or "we'll get that to you" as an answer: go behind the company's back if you have to, because if they're hiding it, it's probably _vital_ to know about.
Do a complete hardware inventory, both of material they're directly responsible for and of devices _connected_ to those. Include the names of the people responsible for services, and who need to be contacted for issues, for every single system.
Verify that the backups are complete and that they do in fact work. This is a very good time to get that backup server, or that failover switch, that has been awaiting the right time to install, and ideally perform the restorations on those.
Warn the managers that there are likely to be service interruptions, and ensure that the monitoring system works well to report them.
Do not change the default scripting language or configuration management system or source control system or account management tools until an opportunity to learn the old one is at least 80% completed.
Then understand that that they do not arrest people for the same rason they do not sign US treaties or sign bills into law. It's not their job to arrest people, even if they cooperate with and provide intelligence for the people who do and are in some ways responsible for such arrests or for what treaties get signed or what laws get passed informing the people who'd do such tasks.
I was careful to answer the question from aNonnyMouseCowered, not to say the NSA is innocent of wrongdoing or of providing leads for the FBI or or the US State department and US Customs to harass attendees at BlackHat or to block the visas of international attendees. It's vital to answer the people that people actually asked.
The NSA is not a law enforcement agency. They're an intelligence agency: they have little jurisdiction to charge US citizens for domestic crimes, or authority to arrest foreign nationsals for crimes overseas. That would be the task of the FBI for various federal crimes, the Secret Service for certain types of fiscal crimes including wire fraud, or local police for state or local crimes. And I'm afraid the NSA doesn't like to share responsibility for such arrests, because monitoring US communications is actually against their charter. They do it anyway with various very poor excuses, but they'd hardly pursue arrests on that basis.
Also, a lot of the activity is below any reasonable threshold of when a prosecutor would be bothered to file charges.
Not often, I'd think. Failed SWAT raids are quite expensive, and embarrassing. The SWAT members involved would not take wasting their time lightly.
Misreporting crimes to get them dealt with by another bureaucracy or other department, though, is an interesting way to work around frightened police or bystanders. Remember how assault, especially rape, victims are sometimes encouraged to scream "fire" insead of merely "help I'm being raped"? I've actually run to a fire alarm when my cell phone was out of charge in an emergency. (I saw someone else using their cell phone and didn't have to use the alarm.)
You've raised a good point about the Russian involvement, at least early in that war. The Chinese also got deeply involved later in the war in 1950. It's fascinating history.
I was also unclear at the time. The nominal reason was cutbacks: the private talks with my superiors helped expose the "cover" reasons that I mentioned. The real reason was the pressure from the embezzling VP trying to cover their criminal trail. The new manager tried their best to clean up the situation and make it up to people who'd been hurt in that process, and i bear the rest of the company or their newer ill-will.
But it's an excellent example of how the reason you are "fired" or asked to resign may not be for the reasons stated.
The Vietnam and Korean wars were partly to contain Communist Chinese political expansion in Asia. Both led to rampant human rights violations abuses and civilian casualties on both sides, sponsored by US and Chinese governments and their allies, and left terrible memories of racial and jingoistic hatred in the minds of people who are now senior business and political leaders.
Not in my experience. A bit of digging into the background of some computer science and engineering colleagues I've met, applying for work, or reviewing their resumes as port of planning for a shared project, shows a strong degree of fraud.
You've brought back memories. I was once selected for cutbacks for what I thought were very good reasons. I was already quite senior and had trained the junior members, and had documented my work, and family medical issues had cut my oncall availability. This was back when telephone modems were how you telecommuted, which were not as effective as modern roving laptops.
2 months later, i found out why I was _really_ let go just then. Another employee and I were closing in on the inventory of unused hardware to return it to service or get it off the books. The other employee was doing maps and lists of the hardware in the racks, very useful for finding and allocating space. I was surveying the monitoring systems and collecting MAC addresses and serial numbers remotely, with an eye towards reporting failures of similar types of hardware and planning scheduled replacements of obsolete hardware.
The manager who took the old VP's role contacted us both and made absolutely sure we were both in good new roles, and they're still a good reference many years later. I've since worked with them on several projects, and feel that company profited not only in getting rid of a dishonest employee but in getting an excellent leader out of it.
That's correct. Treat the speech itself as a criminal act if necessary (such as a call to violence or a physical threat, or a lie.) But don't censor the content carriers or the book printer. Try or censure the author of the content.
The time that could be spent digging into the already existing problems, such as the already present censorship and monitoring done without notification by security agencies, businesses monitoring and censoring their own employees' private lives, and the encroachment of "big data" into personal lives. Spending excess time on ideas that have already been demonstrated as impractical, expensive, and certain to be abused for other purposes lends them credence.
The reverse often works better for games and Windows specific software auch as Outlook or a great deal of CAD software. If your software needs the bare metal performance of vendor supported access to the graphics, such as many games require now, then I've found virtualizing the Linux to be far more efficient.
I'm afraid that all ideas do _not_ deserve equal review or attention, when the issues are so clear. Such censorship is expensive, ineffective for its most vaunted goals, and immediately prone to _enormous_ abuse to track or censor political and social speech. Wasting time in the middle debating subtleties lends legitimacy to very dangerous practices, such as deep packet inspection used to monitor speech and writing wholesale and aggregating the data into very dangerous histories on individuals and groups.
And all that's fine. But don't be upset when a third party vendor is selling front you the support with the latest patches, and it turns out they're just selling ou copies of _their_ licensed support from Sun, or Oracle. I've had vendors pull that, and get caught, and had to explain to my purchasing department to cancel the check.
Testing drivers, and maintaining testable builds, of 8 year old hardware is quite expensive. I've certainly done so and helped partners do so, but charging real money for supporting such outdated software and hardware is both common and quite reasonable. They're high fees because you have to maintain a full tool suite: hardware, media, backups, patches, and expertise.
I'm afraid that Aaron did "hack". MIT apparently started requiring logins for JSTOR access when the amount of downloaded material started interfering with JSTOR's servers, and Aaron snuck past the logins and the MAC address logging that was attempted to throttle the traffic. It's not deeply sophisticated hacking, but it's certainly applying computer insights to allow access that has been denied and to evade detection.
Sun's hardware was, indeed, bulletproof. But at the end of 6 years, the extra money you spent on that single set of bullet proof hardware would have been better spent on 2 cheap sets of x86 hardware, with the second set 3 years newer and thus vastly more powerful, yielding an enormous improvement in available resources, with spare older hardware available for testing rigs or non-critical use. And their ongoing choices to develop their own processor technologies, combined with their decision to switch to AT&T style UNIX from BSD style UNIX, made cross-compatiblity and porting of open source software more and more difficult.
Sun and their developers created or helped foster some very useful technologies. But critical, "business school" type decisions actively hampered the use of their hardwe, ranging from the their old mishandling of the "OpenWindows" as a forked and proprietized and thus incompatible version of X11, to their propietary serial port connectors on hardware servers, to their misnaming of JDK RPM packages as a filename that does not even resemble the actual installed package name, etc.
> separate each platter and mount the platters on a lathe and mill them down to bare aluminium
Given the prevalence of aluminum platters with iron oxide coatings, this seems extraordinarily dangerous. Although, thinking about the possible thermite reaction this could trigger, I think that _would_ destroy the data.
Unless it's not. I'm afraid I've been handed several systems by military software developers that were never scrubbed before they were loaned to me for software projects. I did try to arrange a quiet talk with their IT personnel about their security practices, and on one occasion felt compelled to write a registered letter, with copies to their and our legal staff, to warn about the dangers. (There were poorly protect system passwords stored in plaintext on the system.)
Slashdot Mirror
I'm afraid that calling this a solved problem is like saying that because we've successfully created nanofibers, we should already have a space elevator. There's an enormous gap between a mere accounting system to help balance a single checkbook, and the tracking and integration necessary to actually handle paychecks. And in a large government bureaucracy, the number of distinct systems and workflows that have to be replaced or integrated to will be enormous, and fought tooth and nail by people who perceive it as encroaching on their workflow. I'm afraid I've worked on similarly complex issues, though perhaps not as likely to work directly with so many distinct managers all at the same time. But I've some harsh experience that suggests that it can be _amazingly_ difficult.
Given the existence of the Google Summer of Code projects, the ongoing publication by Google of Java patches, and the contribution of Google employees to fascinating projects on github.com, quite a large percentage of Google employees both use and publish open source and freeware. Numerous business partners and collaborators work with it extensively, especially when they see me publishing my patches or updated code and see that they benefit from my ongoing involvement. And they are willing to pay my company more because our projects are available, as source, so that work can be evolved or continued even if one of our developers changes employment.
I've certainly helped engineers try to reverse engineer software without source 10 years later, and it is _barbaric_. The last time, I fortunately found that the developer had actually cannibalized software I'd written decades ago to build the application. It was a reminder of why a GPL can be so much more powerful than an Apache or BSD license: the developer had not chosen to publish their modifications to their clients, for various legal and workflow reasons.
You've brought back memories of my youth, and occasional partners I've worked with., and of the entire academic research community. You can do a great deal of fascinating and useful work with such loose social standards. It doesn't always scale well: Tasks that need to be done absolutely correct, and absolutely consistently, for reliability, for scientific publication, o for human safety, or just for inventory control can wind up a bit slapdash. And a major difficulty can be _keeping_ anyone more than 10 years, especially the senior people with spouses or kids to raise.
But I agree that workplace comfort, both physical and social, can keep great people at much lower rates than industry standards. That's why I stay where I am: I would be _very_ expensive on the open market, but relish the changes and the great people I work with, and the chance to train others.
> Today we know that the main nutritional problem is excess fructose
As opposed to malnutrition from poverty? Think again.
As for nutrition causing heart disease, wait a few years. I'm afraid the cause will be "discovered" to be something else. The last few decades have seen the blame cast on smoking, excess preservatives, excess sucrose (not fructose!), excess protein, excess fat, excess trans-fatty acids, excess salt, excess liquor, excess body fat, excess work, excess processed food, excess caffeine, lack of vitamin C, lack of exercise, or poor sleep habits.
The claim that humans are "not supposed to eat animal products" is even less well founded. Humans have incisors and canine teeth, like other omnivors, for rending flesh. We also have rather short intestinal tracts and livers that handle animal proteins and fats reasonably well, neither of which are so common to herbivores.
Pay the departing sysadmin for their time, by any legal means, to provide additional information. I've had to work with companies where a core admin had just departed, and had to help hide that we then hired one such admin as part of our company with a different title in another group, partly so we could tap them legally for information about their old company's environments. We got a good engineer, they got a good contract to help out while they looked for a permanent role, and were able to factor in undocumented aspects of the old company's security practices and backup systems which they were flat-out lying about.
Find out why that admin is leaving, without their manager in the room or any witnesses. Don't take "no" or "we'll get that to you" as an answer: go behind the company's back if you have to, because if they're hiding it, it's probably _vital_ to know about.
Do a complete hardware inventory, both of material they're directly responsible for and of devices _connected_ to those. Include the names of the people responsible for services, and who need to be contacted for issues, for every single system.
Verify that the backups are complete and that they do in fact work. This is a very good time to get that backup server, or that failover switch, that has been awaiting the right time to install, and ideally perform the restorations on those.
Warn the managers that there are likely to be service interruptions, and ensure that the monitoring system works well to report them.
Do not change the default scripting language or configuration management system or source control system or account management tools until an opportunity to learn the old one is at least 80% completed.
Then understand that that they do not arrest people for the same rason they do not sign US treaties or sign bills into law. It's not their job to arrest people, even if they cooperate with and provide intelligence for the people who do and are in some ways responsible for such arrests or for what treaties get signed or what laws get passed informing the people who'd do such tasks.
I was careful to answer the question from aNonnyMouseCowered, not to say the NSA is innocent of wrongdoing or of providing leads for the FBI or or the US State department and US Customs to harass attendees at BlackHat or to block the visas of international attendees. It's vital to answer the people that people actually asked.
The NSA is not a law enforcement agency. They're an intelligence agency: they have little jurisdiction to charge US citizens for domestic crimes, or authority to arrest foreign nationsals for crimes overseas. That would be the task of the FBI for various federal crimes, the Secret Service for certain types of fiscal crimes including wire fraud, or local police for state or local crimes. And I'm afraid the NSA doesn't like to share responsibility for such arrests, because monitoring US communications is actually against their charter. They do it anyway with various very poor excuses, but they'd hardly pursue arrests on that basis.
Also, a lot of the activity is below any reasonable threshold of when a prosecutor would be bothered to file charges.
Not often, I'd think. Failed SWAT raids are quite expensive, and embarrassing. The SWAT members involved would not take wasting their time lightly.
Misreporting crimes to get them dealt with by another bureaucracy or other department, though, is an interesting way to work around frightened police or bystanders. Remember how assault, especially rape, victims are sometimes encouraged to scream "fire" insead of merely "help I'm being raped"? I've actually run to a fire alarm when my cell phone was out of charge in an emergency. (I saw someone else using their cell phone and didn't have to use the alarm.)
You've raised a good point about the Russian involvement, at least early in that war. The Chinese also got deeply involved later in the war in 1950. It's fascinating history.
I was also unclear at the time. The nominal reason was cutbacks: the private talks with my superiors helped expose the "cover" reasons that I mentioned. The real reason was the pressure from the embezzling VP trying to cover their criminal trail. The new manager tried their best to clean up the situation and make it up to people who'd been hurt in that process, and i bear the rest of the company or their newer ill-will.
But it's an excellent example of how the reason you are "fired" or asked to resign may not be for the reasons stated.
The Vietnam and Korean wars were partly to contain Communist Chinese political expansion in Asia. Both led to rampant human rights violations abuses and civilian casualties on both sides, sponsored by US and Chinese governments and their allies, and left terrible memories of racial and jingoistic hatred in the minds of people who are now senior business and political leaders.
> It's actually exceptionally rare.
Not in my experience. A bit of digging into the background of some computer science and engineering colleagues I've met, applying for work, or reviewing their resumes as port of planning for a shared project, shows a strong degree of fraud.
You've brought back memories. I was once selected for cutbacks for what I thought were very good reasons. I was already quite senior and had trained the junior members, and had documented my work, and family medical issues had cut my oncall availability. This was back when telephone modems were how you telecommuted, which were not as effective as modern roving laptops.
2 months later, i found out why I was _really_ let go just then. Another employee and I were closing in on the inventory of unused hardware to return it to service or get it off the books. The other employee was doing maps and lists of the hardware in the racks, very useful for finding and allocating space. I was surveying the monitoring systems and collecting MAC addresses and serial numbers remotely, with an eye towards reporting failures of similar types of hardware and planning scheduled replacements of obsolete hardware.
The manager who took the old VP's role contacted us both and made absolutely sure we were both in good new roles, and they're still a good reference many years later. I've since worked with them on several projects, and feel that company profited not only in getting rid of a dishonest employee but in getting an excellent leader out of it.
That's correct. Treat the speech itself as a criminal act if necessary (such as a call to violence or a physical threat, or a lie.) But don't censor the content carriers or the book printer. Try or censure the author of the content.
> What time is wasted having that discussion?
The time that could be spent digging into the already existing problems, such as the already present censorship and monitoring done without notification by security agencies, businesses monitoring and censoring their own employees' private lives, and the encroachment of "big data" into personal lives. Spending excess time on ideas that have already been demonstrated as impractical, expensive, and certain to be abused for other purposes lends them credence.
The reverse often works better for games and Windows specific software auch as Outlook or a great deal of CAD software. If your software needs the bare metal performance of vendor supported access to the graphics, such as many games require now, then I've found virtualizing the Linux to be far more efficient.
I'm afraid that all ideas do _not_ deserve equal review or attention, when the issues are so clear. Such censorship is expensive, ineffective for its most vaunted goals, and immediately prone to _enormous_ abuse to track or censor political and social speech. Wasting time in the middle debating subtleties lends legitimacy to very dangerous practices, such as deep packet inspection used to monitor speech and writing wholesale and aggregating the data into very dangerous histories on individuals and groups.
And all that's fine. But don't be upset when a third party vendor is selling front you the support with the latest patches, and it turns out they're just selling ou copies of _their_ licensed support from Sun, or Oracle. I've had vendors pull that, and get caught, and had to explain to my purchasing department to cancel the check.
Testing drivers, and maintaining testable builds, of 8 year old hardware is quite expensive. I've certainly done so and helped partners do so, but charging real money for supporting such outdated software and hardware is both common and quite reasonable. They're high fees because you have to maintain a full tool suite: hardware, media, backups, patches, and expertise.
I'm afraid that Aaron did "hack". MIT apparently started requiring logins for JSTOR access when the amount of downloaded material started interfering with JSTOR's servers, and Aaron snuck past the logins and the MAC address logging that was attempted to throttle the traffic. It's not deeply sophisticated hacking, but it's certainly applying computer insights to allow access that has been denied and to evade detection.
They also wanted the MySQL customer lists, to migrate them over to Oracle tools.
Sun's hardware was, indeed, bulletproof. But at the end of 6 years, the extra money you spent on that single set of bullet proof hardware would have been better spent on 2 cheap sets of x86 hardware, with the second set 3 years newer and thus vastly more powerful, yielding an enormous improvement in available resources, with spare older hardware available for testing rigs or non-critical use. And their ongoing choices to develop their own processor technologies, combined with their decision to switch to AT&T style UNIX from BSD style UNIX, made cross-compatiblity and porting of open source software more and more difficult.
Sun and their developers created or helped foster some very useful technologies. But critical, "business school" type decisions actively hampered the use of their hardwe, ranging from the their old mishandling of the "OpenWindows" as a forked and proprietized and thus incompatible version of X11, to their propietary serial port connectors on hardware servers, to their misnaming of JDK RPM packages as a filename that does not even resemble the actual installed package name, etc.
Or the obligatory xkcd reference, "sudo make me a sandwich".
https://xkcd.com/149/
> separate each platter and mount the platters on a lathe and mill them down to bare aluminium
Given the prevalence of aluminum platters with iron oxide coatings, this seems extraordinarily dangerous. Although, thinking about the possible thermite reaction this could trigger, I think that _would_ destroy the data.
Unless it's not. I'm afraid I've been handed several systems by military software developers that were never scrubbed before they were loaned to me for software projects. I did try to arrange a quiet talk with their IT personnel about their security practices, and on one occasion felt compelled to write a registered letter, with copies to their and our legal staff, to warn about the dangers. (There were poorly protect system passwords stored in plaintext on the system.)