I'm on the IT Applications side of things, not operations so my experience with this has been more as a user than as an admin (though I've helped that group on a few things)...
...but we implemented Documentum and have found it to be slow, difficult to deal with and I've heard no end of horror stories about how hard it was to implement.
In all honesty we had a properly set up sharepoint (tsk!) solution at another company and it pretty much ran itself and did the job we needed it to do. YMMV.
Yeah, one book every 6 years is going to ensure that this ends up like the Wheel of Time series from Jordan... he's going to kick off before the damn thing is done.
I would rank and identify the projects you feel are most needed in the security area and then do some research and bring the ones you can make a realistic case for. Management likes numbers but keep it concise and honest. They also like to think they, being excessively smart, hired excessively smart people so cover all your bases beforehand.
If you can say "We could buy this system which severely decreases the chances of X happening. When X happened to Bob, Inc. they lost eleventy-billion dollars in revenue, downtime, lost productivity, etc... This system has positive feedback from these five major corporations who have successfully implemented it accross their enterprise in an average of 4 months and since implementation, none of them have had X happen to them. The realistic chance that we're going to be targeted by something like this within the next five years is about 10%."
Solve for X... and Bob, Inc, "eleventy-billion", 4 months and 10%.
Also remember that while you're doing a lot of estimating on the risks/savings, so are the people who are arguing for the new ERP system or what have you. You may not win the argument, but when X happens at least you have "I told you so".
Knowing Eric McCarty personally I have some level of insight into this case other than what's put out in the news media. For what it's worth here is my $.02.
I think we should establish stricter minimum guidelines for information security and hold those we choose to share our personal information with to them. Anyone in IT in the medical industry knows about HIPAA... usually with a groan. HIPAA can levy fines, shut down operations, etc... if you're not taking "reasonable and appropriate measures" in safeguarding sensitive data. Why should it be any different with other, equally personal data?
I understand the argument that "I wouldn't want someone picking my lock and then telling me that my lock was succeptable to being picked.", though I think the metaphor is stretched a little thin. The reality is that flawed code will be exploited eventually. Especially on higher profile sites. I think the goal should be to foster is an environment where there are responsible disclosure procedures available and allow there to be increased legal pressure for those who do not demonstrate adherence to established guidelines for information storage (see above).
Entities which store your data (companies, schools, etc...) will not be more responsible. There's no incentive for them to. It's more financially sound for them to respond under the current laws (mostly they're only required to do notifications, rarely will you be compensated to any amount near to what you will lose) than to fix the underlying security problems.
Another problem is the McCarty was prosecuted under new provisions in the Patriot Act which change how computer crimes can be convicted. It used to be that the government had to prove both unauthorized access and malicious intent. The malicious intent clause was dropped from the requirements. As such if you go forward and provide information about how the breach occurred and work with the site owners to resolve the issue before serious data loss can happen, you are criminally liable. This would be the perfect law if we could ensure it would be applied equally and fairly. Unfortunately many crimes cannot be prosecuted in this manner either because of geographic differences or lack of evidence (real hackers alter logs). As such it really only stands to prosecute those who aren't legitimate threats and gives the government some big news stories to try and lend credibility to the Patriot Act and the erosion of civil rights.
...or did he at no point talk about the sound quality of the device?
I mean, maybe it's just me... but if I was going to spend a chunk of money on a portable audio device, I'd be more concerned about the audio quality than "gamertags".
I'd be more concerned that Oracle has a record for being slow to patch security holes. I recall the bug that went acknowledged and unpatched for 365+ days and would grant a remote user shell access. If that's the kind of Linux they'll put out... no thanks.
I was a psychology major in college and now I work as a successful database administrator.
It takes a lot of hard work and a little bit of luck. I'm at the point in my career where I'm rarely asked "what is your degree in?" when I'm at an interview. And when I answer it's rarely been an issue. However I had to take low level jobs for a few years and prove myself. What you need to find is an organization that loves to promote from within. If you want to continue doing sysadmin or system engineer work I'd recommend finding a low-level position (computer engineer is probably a decent shot) and work your way up. Once you've got some experience you can bank on that to further your career rather than any education.
In the meantime, take any education opportunity you have. Self-study for certifications if you can. Also remember that many people with "formal" educations aren't very effective engineers. It's not necessarily a reliable predictor of a technically compitent employee.
Call this ad-hominem if you like, but if someone pushes a POV year in, year out, you tend to dismiss them.
If I dismissed them then I wouldn't ever take anything people on/. say seriously... Not that it's incorrect, but the point of view of most people on this site regarding windows vs. *nix is fairly consistent.
While I couldn't ever get Morrowind to run without crashing every hour or so of gameplay, I've found Oblivion to be rock-solid. (System specs: 2.8ghz P4, 1gb RAM, Radeon X800GT). While I can only get playable framerates at 1024x768 with relatively medium settings, I still find the game visually enthralling and immersive. I've also noticed that people who don't have problems with running the game don't comment in the forums. So I'd think it seems like more people are having problems than really are.
As for the complaints about gameplay, balance, etc... I guess I can see that. I'm not overfond of the large-size interface, though it does remind me a bit of old adventure games... 2pts for nostalgia. I would've preferred that enemies scaled up more based on area and less by player level. I've felt that they fixed much of the issues with Morrowind by the revised travel system, the better radar and quest log and the simplified skills system. You also get the feeling that there's replayability; there are decisions you can make now that will open up or cut off whole worlds of possibilities.
I also like the improved theft system. In Morrowind, you could (and would) steal anything that wasn't bolted down. In this game the penalties for crime are more harsh. People will recognize stolen goods in your inventory and you will get in trouble. Stealing from your guild can quickly get you booted out (or force you to do agonizingly difficult side-quests to get back in their good graces). Frequently you'll have trouble selling off your ill-gotten goods.
I really like that the NPCs have their own motivations. I've watched them interact with each other, one individual in a tavern I was hanging out in was apparently on a quest to get smashed. He kept walking back to the bartender, buying a bottle, heading back to drink it for a while and then repeating the process. I've seen imperial hunsmen have pitched battles in the wilderness with bands of robbers, then unceremoniously loot the bodies when they're done.
I think we'll see a lot of user-created modifications and improvements that will help to obtain the changes and balance that people are wanting.
I've found that having a major in Psychology doesn't open a whole lot of doors for me (I'm a DBA and database developer). I've considered getting MCDBA or Oracle certifications in the past just to advance my career. While it doesn't guarantee that you know what you're doing, it does usually mean you have at least a familiarity with the material. In hiring I've never been impressed with someone who had a lot of certifications if they couldn't answer some basic questions about the actual application of that "knowledge".
On top of that oftentimes there is an advantage to your employer. A while back I worked for a company which was trying to gain a certain level of partnership with Microsoft. You can become a partner by gaining enough points by having applications that make use of certain MS technologies and by having a certain number of staff with varying MS certifications. There was kind of an unspoken agreement that if we pursued our MS certifications we would probably share in the wealth once the company gained that partner status. Though when we did the actual count, the most competent developers, sysadmins and DBA's on staff didn't have any certifications. In fact, one MCSD who left the company shortly after that left so many bugs into the product that we were left chasing them down for about 6 months afterwards.
My biggest fear of the points system was that we'd be hiring what we liked to call "paper MCXX's" just because they had certifications. People who studied for four days beforehand, passed the tests, but couldn't really do the work once they got into the trenches. Certifications are nice, but they're no substitute for experience and ability.
Re:is it just me is the 299 version utterly pointl
on
J Allard Interviewed
·
· Score: 1
For some reason I'm reminded of a funny little line from the O'Reilly Learning Perl book talking about bugs:
[Perl] is a program, and every program has at least one bug*.
(footnote)
* Programmers also know that every program has at least one line of unnecessary source code. By combining these two rules and using logical induction, it's a simple matter to prove that any program could be reduced to a single line of code with a bug.
They have a great beer selection and the food is pretty good too. That brings in most of the customers. I and a few friends have often decided that we were going to "work" from there and used the free wi-fi and our VPN connections. I can guarantee you that Tom's (the owner) investment has more than paid for itself.
If you're in the San Diego area you should stop in.
Every time I try to talk open source to non-technical folks their eyes glaze over real fast. So don't get too technical.
If you just want to introduce the idea that, hey... there might be other alternatives out there divide the group in half. Give each "team" a laptop. One should have a copy of MS Encarta on it (they were giving it away with every OEM for a while, shouldn't be too hard to scrounge one up). Set the other up with a web browser with Wikipedia as their home page.
Then have an information scavenger hunt with a prize to whichever team can find all the answers to a series of questions using their particular tool the fastest. Then do a little 5-minute talk about the differences (Wikis being community developed, etc...).
Well there's that and on top of it the implication that is made is that you can only have 3-disk or 5-disk RAID 5 setups. In fact, you theoretically have a minimum of 3 and the maximum is based on what controller you have.
I just feel if they're going to do an informative article, maybe checking the details might be for the best...
Everyone's got stories of feeding the idiots the loopback address. With the advent of IPv6, I wonder how many people will be succeptable to this when you tell them that your IP is::1. Maybe 0:0:0:0:0:0:0:1 they'll fall for...
That's it, I'm calling the cops on those 6 year old 'vandals' playing on the sidewalk outside my window! These hearts and flowers tags on the street have been cluttering up our fine community for too long!
In college, my friend's computer was running without a single case fan. She had bought it from some chop-shop and they had done a real crappy job putting the thing together. I had a spare one so we popped open the case and threw the fan in to cool it down a bit. Upon plugging everything back in, the computer booted fine, however her network connection seemed to be dead. It didn't receive an IP from DHCP, but everything seemed to be working fine otherwise. We decided (as it was late) to try and figure it out the next day.
The following morning she sat down at her computer and decided to play a little Unreal Tournament. As soon as she fired up the game, her AIM came on in the background. When she quit out of the game, her network connection died again.
We stared at this phenomenon for hours wondering how installing a fan could have done such a thing... and how Unreal Tournament could've possibly fixed it.
Slashdot Mirror
I'm on the IT Applications side of things, not operations so my experience with this has been more as a user than as an admin (though I've helped that group on a few things)...
...but we implemented Documentum and have found it to be slow, difficult to deal with and I've heard no end of horror stories about how hard it was to implement.
In all honesty we had a properly set up sharepoint (tsk!) solution at another company and it pretty much ran itself and did the job we needed it to do. YMMV.
Yeah, one book every 6 years is going to ensure that this ends up like the Wheel of Time series from Jordan... he's going to kick off before the damn thing is done.
I would rank and identify the projects you feel are most needed in the security area and then do some research and bring the ones you can make a realistic case for. Management likes numbers but keep it concise and honest. They also like to think they, being excessively smart, hired excessively smart people so cover all your bases beforehand.
If you can say "We could buy this system which severely decreases the chances of X happening. When X happened to Bob, Inc. they lost eleventy-billion dollars in revenue, downtime, lost productivity, etc... This system has positive feedback from these five major corporations who have successfully implemented it accross their enterprise in an average of 4 months and since implementation, none of them have had X happen to them. The realistic chance that we're going to be targeted by something like this within the next five years is about 10%."
Solve for X... and Bob, Inc, "eleventy-billion", 4 months and 10%.
Also remember that while you're doing a lot of estimating on the risks/savings, so are the people who are arguing for the new ERP system or what have you. You may not win the argument, but when X happens at least you have "I told you so".
Knowing Eric McCarty personally I have some level of insight into this case other than what's put out in the news media. For what it's worth here is my $.02.
I think we should establish stricter minimum guidelines for information security and hold those we choose to share our personal information with to them. Anyone in IT in the medical industry knows about HIPAA... usually with a groan. HIPAA can levy fines, shut down operations, etc... if you're not taking "reasonable and appropriate measures" in safeguarding sensitive data. Why should it be any different with other, equally personal data?
I understand the argument that "I wouldn't want someone picking my lock and then telling me that my lock was succeptable to being picked.", though I think the metaphor is stretched a little thin. The reality is that flawed code will be exploited eventually. Especially on higher profile sites. I think the goal should be to foster is an environment where there are responsible disclosure procedures available and allow there to be increased legal pressure for those who do not demonstrate adherence to established guidelines for information storage (see above).
Entities which store your data (companies, schools, etc...) will not be more responsible. There's no incentive for them to. It's more financially sound for them to respond under the current laws (mostly they're only required to do notifications, rarely will you be compensated to any amount near to what you will lose) than to fix the underlying security problems.
Another problem is the McCarty was prosecuted under new provisions in the Patriot Act which change how computer crimes can be convicted. It used to be that the government had to prove both unauthorized access and malicious intent. The malicious intent clause was dropped from the requirements. As such if you go forward and provide information about how the breach occurred and work with the site owners to resolve the issue before serious data loss can happen, you are criminally liable. This would be the perfect law if we could ensure it would be applied equally and fairly. Unfortunately many crimes cannot be prosecuted in this manner either because of geographic differences or lack of evidence (real hackers alter logs). As such it really only stands to prosecute those who aren't legitimate threats and gives the government some big news stories to try and lend credibility to the Patriot Act and the erosion of civil rights.
...or did he at no point talk about the sound quality of the device?
I mean, maybe it's just me... but if I was going to spend a chunk of money on a portable audio device, I'd be more concerned about the audio quality than "gamertags".
I'd be more concerned that Oracle has a record for being slow to patch security holes. I recall the bug that went acknowledged and unpatched for 365+ days and would grant a remote user shell access. If that's the kind of Linux they'll put out... no thanks.
I was a psychology major in college and now I work as a successful database administrator.
It takes a lot of hard work and a little bit of luck. I'm at the point in my career where I'm rarely asked "what is your degree in?" when I'm at an interview. And when I answer it's rarely been an issue. However I had to take low level jobs for a few years and prove myself. What you need to find is an organization that loves to promote from within. If you want to continue doing sysadmin or system engineer work I'd recommend finding a low-level position (computer engineer is probably a decent shot) and work your way up. Once you've got some experience you can bank on that to further your career rather than any education.
In the meantime, take any education opportunity you have. Self-study for certifications if you can. Also remember that many people with "formal" educations aren't very effective engineers. It's not necessarily a reliable predictor of a technically compitent employee.
Call this ad-hominem if you like, but if someone pushes a POV year in, year out, you tend to dismiss them.
/. say seriously... Not that it's incorrect, but the point of view of most people on this site regarding windows vs. *nix is fairly consistent.
If I dismissed them then I wouldn't ever take anything people on
While I couldn't ever get Morrowind to run without crashing every hour or so of gameplay, I've found Oblivion to be rock-solid. (System specs: 2.8ghz P4, 1gb RAM, Radeon X800GT). While I can only get playable framerates at 1024x768 with relatively medium settings, I still find the game visually enthralling and immersive. I've also noticed that people who don't have problems with running the game don't comment in the forums. So I'd think it seems like more people are having problems than really are. As for the complaints about gameplay, balance, etc... I guess I can see that. I'm not overfond of the large-size interface, though it does remind me a bit of old adventure games... 2pts for nostalgia. I would've preferred that enemies scaled up more based on area and less by player level. I've felt that they fixed much of the issues with Morrowind by the revised travel system, the better radar and quest log and the simplified skills system. You also get the feeling that there's replayability; there are decisions you can make now that will open up or cut off whole worlds of possibilities. I also like the improved theft system. In Morrowind, you could (and would) steal anything that wasn't bolted down. In this game the penalties for crime are more harsh. People will recognize stolen goods in your inventory and you will get in trouble. Stealing from your guild can quickly get you booted out (or force you to do agonizingly difficult side-quests to get back in their good graces). Frequently you'll have trouble selling off your ill-gotten goods. I really like that the NPCs have their own motivations. I've watched them interact with each other, one individual in a tavern I was hanging out in was apparently on a quest to get smashed. He kept walking back to the bartender, buying a bottle, heading back to drink it for a while and then repeating the process. I've seen imperial hunsmen have pitched battles in the wilderness with bands of robbers, then unceremoniously loot the bodies when they're done. I think we'll see a lot of user-created modifications and improvements that will help to obtain the changes and balance that people are wanting.
I've found that having a major in Psychology doesn't open a whole lot of doors for me (I'm a DBA and database developer). I've considered getting MCDBA or Oracle certifications in the past just to advance my career. While it doesn't guarantee that you know what you're doing, it does usually mean you have at least a familiarity with the material. In hiring I've never been impressed with someone who had a lot of certifications if they couldn't answer some basic questions about the actual application of that "knowledge". On top of that oftentimes there is an advantage to your employer. A while back I worked for a company which was trying to gain a certain level of partnership with Microsoft. You can become a partner by gaining enough points by having applications that make use of certain MS technologies and by having a certain number of staff with varying MS certifications. There was kind of an unspoken agreement that if we pursued our MS certifications we would probably share in the wealth once the company gained that partner status. Though when we did the actual count, the most competent developers, sysadmins and DBA's on staff didn't have any certifications. In fact, one MCSD who left the company shortly after that left so many bugs into the product that we were left chasing them down for about 6 months afterwards. My biggest fear of the points system was that we'd be hiring what we liked to call "paper MCXX's" just because they had certifications. People who studied for four days beforehand, passed the tests, but couldn't really do the work once they got into the trenches. Certifications are nice, but they're no substitute for experience and ability.
For some reason I'm reminded of a funny little line from the O'Reilly Learning Perl book talking about bugs: [Perl] is a program, and every program has at least one bug*. (footnote) * Programmers also know that every program has at least one line of unnecessary source code. By combining these two rules and using logical induction, it's a simple matter to prove that any program could be reduced to a single line of code with a bug.
I've had a windows ME box that's been powered by feces for years...
O'Briens Pub in San Diego
They have a great beer selection and the food is pretty good too. That brings in most of the customers. I and a few friends have often decided that we were going to "work" from there and used the free wi-fi and our VPN connections. I can guarantee you that Tom's (the owner) investment has more than paid for itself.
If you're in the San Diego area you should stop in.
Every time I try to talk open source to non-technical folks their eyes glaze over real fast. So don't get too technical. If you just want to introduce the idea that, hey... there might be other alternatives out there divide the group in half. Give each "team" a laptop. One should have a copy of MS Encarta on it (they were giving it away with every OEM for a while, shouldn't be too hard to scrounge one up). Set the other up with a web browser with Wikipedia as their home page. Then have an information scavenger hunt with a prize to whichever team can find all the answers to a series of questions using their particular tool the fastest. Then do a little 5-minute talk about the differences (Wikis being community developed, etc...).
Well there's that and on top of it the implication that is made is that you can only have 3-disk or 5-disk RAID 5 setups. In fact, you theoretically have a minimum of 3 and the maximum is based on what controller you have. I just feel if they're going to do an informative article, maybe checking the details might be for the best...
Anyone else notice the error in the RAID 5 explanation?
Everyone's got stories of feeding the idiots the loopback address. With the advent of IPv6, I wonder how many people will be succeptable to this when you tell them that your IP is ::1. Maybe 0:0:0:0:0:0:0:1 they'll fall for...
That's it, I'm calling the cops on those 6 year old 'vandals' playing on the sidewalk outside my window! These hearts and flowers tags on the street have been cluttering up our fine community for too long!
In college, my friend's computer was running without a single case fan. She had bought it from some chop-shop and they had done a real crappy job putting the thing together. I had a spare one so we popped open the case and threw the fan in to cool it down a bit. Upon plugging everything back in, the computer booted fine, however her network connection seemed to be dead. It didn't receive an IP from DHCP, but everything seemed to be working fine otherwise. We decided (as it was late) to try and figure it out the next day. The following morning she sat down at her computer and decided to play a little Unreal Tournament. As soon as she fired up the game, her AIM came on in the background. When she quit out of the game, her network connection died again. We stared at this phenomenon for hours wondering how installing a fan could have done such a thing... and how Unreal Tournament could've possibly fixed it.