A user can install and update applications into his own folder.
On Debian and Ubuntu, that appears to work only for compiling and installing applications from source, as only root can install.deb packages. Or is that a problem of Debian packaging that other distributions have fixed?
As a simple google search will show you you can install DEBs (or RPMs, etc) to your own user directory if you like. It's not typically done, but it is possible to do and done by design.
Oddly enough, Flash, Java, Firefox, Chrome, and possibly even Adobe Reader have service level processes that can be used to keep their stuff updated. I believe they run by default under localsystem, but that's not to say you couldn't create more finely-grained admin (or power-user) accounts to improve their sandbox.
Now you might say that the proliferation of system-level services to do that is a problem (and I'd agree with you, which is why the only contender amongst the above which I use - Firefox - is set to update manually. But that's not to say you can't deliver a desktop to a user without admin privileges, even under XP.
Anyone have any experience of running Secunia under non-admin privileges? As that installs a system-level service I suspect that might be able to provide a good catch-most solution.
Do note that those "service level processes" are something relatively new in the Windows world. They use to be something that would run in the System Tray as the user; they were converted to "service level processes" due to UAC in Vista and later. Others employ the method like FileZilla still does - a check on startup, which is just as good.
But nonetheless, the historic behavior in Windows for those update programs was running as the user and requiring admin permissions.
It probably helps that Unix was developed from the beginning as a multi-user system, where you had to think about not letting one user trample all over another, whereas Windows started out as a single-user system where users could only f*ck up their own stuff if they did something stupid. The whole multi-user security thing was bolted on afterwards.
This is not true of Windows NT, which started with fine-grained access control to every kernel object (files, but also network interfaces and IPC primitives), when UNIX only had coarse-grained user-group-everyone permissions, and then only on things that showed up in the filesystem namespace (which, contrary to popular belief, is not everything).
UNIX had finer grain permissions than that before Windows NT was even started; though it probably depended on the flavor of UNIX you used as to whether you had them.
That said...if Windows NT permissions were really equivalent, then why hasn't Microsoft been able to get it CC certified to the same level as both Red Hat and SuSe have been able to get Linux CC certified to? (Hint: There is only one other OS that has the same CC certification level - Trusted Solaris; only way to get a higher CC certificiation is to do a completely custom, non-COTS OS product.)
That said, I've shunted entire X sessions - the whole GNOME/KDE desktop - over the Internet. Performance was pretty decent - all using X11 forwarding over SSH. (Yeah, I basically logged in via SSH with X forwarding enabled and ran "startx". Overlayed my own desktop.)
You could take the Microsoft approach. Don't worry about piracy, and let the unauthorized user crowd ramp up your user base, and therefore your usefulness.
That's certainly one approach; but I wouldn't advise it.
Ask yourself why Wordperfect, which was the standard, got blown out by the vastly inferior Word?
there's an anti-trust case against Microsoft on that - related to misbehavior of Microsoft during the release of Windows '95. It had little to nothing to do with piracy, and nearly everything with Microsoft crippling the ability of Novell (or their predecessor) to timely release a compatible version of Word Perfect for Windows '95.
Honestly, the best thing to do is look at your business plan and determine the best price - the one that yields the maximum sales for you in the market you are trying to target and the minimum piracy that you are comfortable with. Just realize that piracy will be non-zero as people who want to pirate will no matter what you do - no matter how much or how little you charge. So find the price point that maximizes your potential in the market you are aiming to sell into and don't worry about the rest.
Unfortunately, you need to do a market study to determine that price - so as always you have to spend money to make (more) money. You may be surprised that what you thought was only a $5-$10 app may be a $50 app; OTOH, it could turn out to be a $1 app too.
We're not talking MPG, we're talking KPL here (kilometers per litre)
Anecdote time to counter your anecdote: With the exception of cars I've modified ('87 Toyota Tercel hatchback, '87 Pontiac Recaro T/A Firebird, '98 Ford Taurus SE) none of them have met their estimated MPG/KPL within 25% margin.
He did note that the driver makes a big differnce;-)
The biggest problem is that religious people have a 'belief' without no scientific evidence, and seem to ignore that (or use psuedo-science to prove it) - they just 'believe'.
The word you are looking for is Faith, not religion. Faith can be independent of or tied to any religion. Scientists that shun religion typically put their faith in science - especially with respect to how the universe was created; in essence science is their religion, yet they would not admit it.
Science cannot prove how the universe was formed. it can give many hypotheses, but cannot prove it. Taking any of those hypotheses and saying "this is how it was done" is not science, but scientific religion.
Sure, religious people can be scientists as they then use scientific measures, but it rarely works the other way around - I mean, how many religious scientists use methods to determine their belief? None.
There are many scientists who started out as atheists and came to a religious faith due to their work in science, for example micro-biologists that find things going contrary to predictions (getting more complex instead of simpler), etc.
Religion should not ever be associated with science, as it makes a mockery of proper science.
Then none would be able to do science. It would be humanly impossible.
Rather, those doing science must examine and pronouce their assumptions behind the work such that anyone from any perspective could understand what is going on. For instance, macro evolutionists have to pronouce assumptions of certain ages of the earth (e.g. that the decay rate of C14 is stable), that the environment of the entire earth has not had massive changes, etc; conversely, the religious right needs to recognize that the tend to assume no time gap between Genesis 2 and 3.
A good network security design should reflect that every host is untrustworthy, and possibly breached; no host that has any firewall exception or any access possible by VPN users should be allowed to be trusted more than any random host on the internet. Just because a host is local or known, under the same management, and believed to be secure, does not mean that its security has not been defeated, permitting its use to facilitate an APT.
100% agree.
but when properly managed you can secure the organization as a whole.
It doesn't work so well in practice; in practice, you expose the organization as a whole by having a network design that promulgates a need for a VPN gateway in the first place.
As soon as one laptop or server on the inside gets a piece of malware on it, the usefulness "public/outside bad", "inside good" concept breaks down, and as number of remote access users and devices increase, the probability of it eventually happening and escaping immediate detection approaches 100%.
Which means, that the properly secure design approach is assumption of breach.
I'd much rather the organization have a VPN (single or multiple) that can be used instead of having all the servers open to the public.
I'd much rather the organization have a strong firewall, not allow exceptions such as "VPN" or "pass rules" for certain ports or outside addresses to the internal network.
Only specific traffic flows arranged in advanced, and originated from the more secure network, allowed.
I never said there should be exceptions for VPNs, only that the VPN should really be the only way to get to anything. So, consider my approach would be a VPN plus your approach.
E.g. Only outgoing connections from more secure to less secure.
And only with thorough inspection of contents by an IDS, and application aware firewalls, including inspection involving intermediary SSL decryption.
Anything that remote workers might need, belongs in a DMZ.
Instead of authenticating to a VPN gateway,
authenticate using a combination of a smartcard certificate or SSH client key to secure
the channel, and credentials to every server.
Once you are inside the VPN then that is the exact approach to use. Put your corporate internal network on one IP range (e.g. 10.1.x.y), the VPN on another (e.g. (172.16.w.z), and then use your approach for the two networks to communicate. All servers should also be configured as you suggest regardless of which network they live on - they should inherently not trust any clients they receive.
A VPN, SSH tunnel, or firewall port opening is no different from a server being properly open to the public.
I recommend that any resource workers have access to be placed in a DMZ, and VPN devices _and_ office workstations all be placed in networks that are at the same trust level by the firewall as other hosts on the internet.
Only problem is that it is hard for a IT administrators to know what resources 'remote workers' needs. Many projects have their own resources - e.g. lab equipment - and people may need to access them from off-site. Yet they won't be fully under the control of the IT beaurocracy, nor would it be feasible to put them into a DMZ. So if you are going to have remote workers, you need to have some way for them to traverse from the outside-in; and one that does a very good job of protecting the network as a whole. No solution will be perfect, but it must be responsibly designed, implemented, administered, and maintained.
With no direct TCP/IP communications enabled or possible from one workstation to another workstation, or between VPN hosts, or between VPN users and workstations.
Use cryptographic secrets tied to the actual workstation (whether local or remote),
to authenticate the establishment of network connections to such infras
VPN connections present a number of security challenges, risks, and costs, for organizations.
VPNs also solve a lot of security issues by focusing the security task in a central area. True it also can focus those trying to break in to the organization into that area as well, but when properly managed you can secure the organization as a whole.
I'd much rather the organization have a VPN (single or multiple) that can be used instead of having all the servers open to the public.
If someone's doing one commit a week and think's he's an 'ace developer' then the odds are he will not be missed.
In fact I've seen several people who thought they were ace developers walk off in a huff in my time. Life went on. The share price didn't budge. All anyone felt was a sense of relief for the next few weeks.
Most of the time people who think they're ace anything aren't because of the Dunning-Kruger effect.
And in the fact that in this case they're not doing much and you're better off laying them off.
As the AC pointed out, I called another developer an Ace Developer. And more to the point, when you implement policies that will encourage your best developers to leave - or that fire them - then you are in fact destroying your organization, thus my statement of "then sell the stock", because while it may be temporarily insulated from the immediate occurences, it will over the long term decline without recovery unless you change those policies.
BTW, the Ace Developer I was referring to has in fact left where I work, and it is having the exact effect I describe. But we're also a very small organization; and he was one of the few people left that knew all the technical information. Those of us left simply have not had the experience with the systems, clients, or various components to make up for his departure; and management isn't helping any by hiring kids right out of college when we need more senior people.
Top management tip. If you suggest a test to see which employees aren't working and someone comes up with a highly technical objection with lots of TLAs in it and explains how 'Ace developers' only commit once a week, nod politely and then tell them they're laid off next time performance reviews come up.
This. I hate having to use a VPN. They are usually overly slow and generally screwy. For instance, at my house my internet is 20Mbit/2Mbit up/down. At work, it's 100MBit down/up (fiber). Over the VPN I'm lucky to get 300Kbyte/s download speeds, and much more often they are in the less than 100 range. I use SSH tunnels when I can because I can actually max out my connection with them, even with a third intermediate server involved
While i agree, you're not exactly comparing Appls to oranges. 300Kbyte/s is 2400Kbit/s - or 2.4Mbits. Start with correct comparisons and you might just find the real culprit.
You aren't touching RCS servers with your work regularly? I'd fire you for other obvious reasons then. Your attitude would be a good excuse as well, you can be replaced for a 1/3rd the price by an Indian thats happy to have a job.
Depends what RCS system you are using. If you use git or any number of distributed RCS systems, then you only need to connect to the central servers to push something in - all you work is tracked locally, and no VPN connection is required.
If you're using a centralized system (like CVS or SVN) then it may just be that you don't do a lot of commits; and for some people that's fine. Personally I prefer to commit more regularly (at least once a day), but I know some people that were Ace developers that would only commit once per week - when they were finally done with something - sure it doesn't help others to see how you arrived there, but in the end it matters little unless your boss is a prick and micromanaging everything.
The vast majority of people do things that will be more than performant on systems that are 5 years old or more. Yes there are certain tasks that are exceptions, but they are done by very very few people.
That is what you think, and what you have no way of proving, especially considering the market says otherwise. You may think whatever you wish, but the truth is, you hardly know what the "vast majority" of people need.
The market tends to agree with the declining sales of laptops and desktops, and the ever growing mobile segment which fits what I say more than what you say.
So say what you wish, but the reality is that people really don't need as much computing power as is in most lower grade laptops and desktops any more.
My ARM-based Nexus One plays NetFlix just fine, and the various Apple devices (iPads, iPods, etc) doesn't have issues either; and I'd be willing to be that many DVD players, BD-DVD players, HD-DVD players, etc. all use ARM chips.
And all of these have special extra hardware to decode video and audio, while I can play a Blu-Ray movie at 1920x1080 on my desktop machine using nothing but the CPU for decoding.
You do realize that those specialized hardware is typically a mixture of ARM-based processors and DSPs, no?
It is nice to pull off numbers from your ass isn't it? You have absolutely no clue about how many people need or want more processing power, or what part of the user population they represent. The fact that people keep making upgrades and the market is not collapsing is proof enough that you are talking bullshit.
The vast majority of people do things that will be more than performant on systems that are 5 years old or more. Yes there are certain tasks that are exceptions, but they are done by very very few people.
Consider too that most people upgrade hardware that was purchased at the bottom of the spectrum - e.g. they're upgrading their RAM from a 2GB it came with to 4 GB, where it maxes out. Most don't do processor upgrades (they just buy new computers). And many are probably doing hard drive upgrades only, and paying Best Buy (or similar) to copy the data over.
The upgrade market is primarily driven by the enthusiasts and techies who want the top of the line and have the spare cash to essentially build a new computer every 6-12 months. No one else is buying the stuff with the high margins.
A few seconds less to open big excel sheets, or large images is motive enough for many many people. So is being able to play the latest games or full HD videos encoded in high compression codecs is another, processing big chunks of data, encryption, and many more tasks.
Processor speed will not usually do much in those cases. It's mostly driven by hard drive access - seek, file fragmentation, etc. Things that system maintenance will do better at fixing than upgrading you computer. Upgrading the hard drive essentially does a massive defrag of the drive. And yes, NTFS needs defragmentation done on a regular basis.
Realize that the processor usually never goes above 10% usage outside of a few peaks; it's mostly waiting on I/O to occur.
I think your '99%' analogy is a bit off - I think more like 80% or so is probably accurate. I have friends who try to edit photos on older systems and have nothing but trouble, and the same with people gaming on inadequate hardware. At work, I help folks all the time that need to upgrade because the hardware they are on - sometimes from only a couple of years ago - just doesn't meet their needs.
Also, there is the idea of 'fast enough' itself. Where do you draw the line? If a modern, graphics-intensive website took several seconds to full render is that 'fast enough'? A lot of little delays can add up to wasted time and user frustration, but faster computer hardware can often alleviate those things... and with internet tasks, of course, more bandwidth can also help. How many people here would be okay if their ISP just capped everything at 5Mbps or less for the rest of eternity, just because 'its enough to watch low-res video, check email, and play games'?
Few things to consider: (i) how well are those Windows machines maintained? And (ii) are you really upgrading the right parts or fixing the right thing? Chances are you are not.
In all honesty, a good rebuild of a Windows system will usually restore it to better performance levels; yet that is so rarely done (and time consuming). Often it's just as good as doing an upgrade - and an upgrade of RAM/processor/etc will soar even more when its done too.
And of course, in some cases MSDN has zero documentation for stuff. For example, there's many instances of the Windows Scripting Host functionality where it is only documented in VBScript despite the fact that Microsoft fully supports JavaScript with WSH as well. So you have to turn to other sources to figure out how to do it in JavaScript if that's what you are using. (Yeah, it drove me nuts a few years back.)
So now I use the MSDN search in Firefox, or use the "site:microsoft.com" feature in Google for MSDN specific stuff; but often I end up turning to the general web to find stuff. MSDN's internal search (provided by Bing) is absolute crap; and it's only been going down hill since somewhere around 2004.
Yes, at one point you could actually find stuff in MSDN on Microsoft website; good luck now - it usually takes you through a maze of backwater portions of the site that don't give you any useful information - e.g. looking for C/C++ stuff but it only shows you C# or C++/CLI stuff.
> general purpose = internet surfing, email and maybe a movie
Plenty of movies will clobber ARM appliances.
Even content consumption benefits from a better general purpose CPU. As with any general purpose device, you can do things that weren't originally designed into your device. You also have the ability to make updates and fixes or just dump the bundled software entirely.
Specialty silicon is cool of course but also limited.
Interesting. My ARM-based Nexus One plays NetFlix just fine, and the various Apple devices (iPads, iPods, etc) doesn't have issues either; and I'd be willing to be that many DVD players, BD-DVD players, HD-DVD players, etc. all use ARM chips. Heck, the vast majority of WinCE devices were ARM-based.
Just because its ARM doesn't mean is a SoC. And just because its x86 doesn't mean its not SoC either.
Slashdot Mirror
A user can install and update applications into his own folder.
On Debian and Ubuntu, that appears to work only for compiling and installing applications from source, as only root can install .deb packages. Or is that a problem of Debian packaging that other distributions have fixed?
As a simple google search will show you you can install DEBs (or RPMs, etc) to your own user directory if you like. It's not typically done, but it is possible to do and done by design.
Oddly enough, Flash, Java, Firefox, Chrome, and possibly even Adobe Reader have service level processes that can be used to keep their stuff updated. I believe they run by default under localsystem, but that's not to say you couldn't create more finely-grained admin (or power-user) accounts to improve their sandbox.
Now you might say that the proliferation of system-level services to do that is a problem (and I'd agree with you, which is why the only contender amongst the above which I use - Firefox - is set to update manually. But that's not to say you can't deliver a desktop to a user without admin privileges, even under XP.
Anyone have any experience of running Secunia under non-admin privileges? As that installs a system-level service I suspect that might be able to provide a good catch-most solution.
Do note that those "service level processes" are something relatively new in the Windows world. They use to be something that would run in the System Tray as the user; they were converted to "service level processes" due to UAC in Vista and later. Others employ the method like FileZilla still does - a check on startup, which is just as good.
But nonetheless, the historic behavior in Windows for those update programs was running as the user and requiring admin permissions.
I've always been curious about those reports. Because those are the **public** reports. What about the **private** reports?
Well, MS's policy is that they don't fix a CVE unless it has been exploited - public OR private.
It probably helps that Unix was developed from the beginning as a multi-user system, where you had to think about not letting one user trample all over another, whereas Windows started out as a single-user system where users could only f*ck up their own stuff if they did something stupid. The whole multi-user security thing was bolted on afterwards.
This is not true of Windows NT, which started with fine-grained access control to every kernel object (files, but also network interfaces and IPC primitives), when UNIX only had coarse-grained user-group-everyone permissions, and then only on things that showed up in the filesystem namespace (which, contrary to popular belief, is not everything).
UNIX had finer grain permissions than that before Windows NT was even started; though it probably depended on the flavor of UNIX you used as to whether you had them.
That said...if Windows NT permissions were really equivalent, then why hasn't Microsoft been able to get it CC certified to the same level as both Red Hat and SuSe have been able to get Linux CC certified to? (Hint: There is only one other OS that has the same CC certification level - Trusted Solaris; only way to get a higher CC certificiation is to do a completely custom, non-COTS OS product.)
They're not even in fouth place for the phone market.
VNC sucks. RDP sucks a little less.
That said, I've shunted entire X sessions - the whole GNOME/KDE desktop - over the Internet. Performance was pretty decent - all using X11 forwarding over SSH. (Yeah, I basically logged in via SSH with X forwarding enabled and ran "startx". Overlayed my own desktop.)
You could take the Microsoft approach. Don't worry about piracy, and let the unauthorized user crowd ramp up your user base, and therefore your usefulness.
That's certainly one approach; but I wouldn't advise it.
Ask yourself why Wordperfect, which was the standard, got blown out by the vastly inferior Word?
there's an anti-trust case against Microsoft on that - related to misbehavior of Microsoft during the release of Windows '95. It had little to nothing to do with piracy, and nearly everything with Microsoft crippling the ability of Novell (or their predecessor) to timely release a compatible version of Word Perfect for Windows '95.
Honestly, the best thing to do is look at your business plan and determine the best price - the one that yields the maximum sales for you in the market you are trying to target and the minimum piracy that you are comfortable with. Just realize that piracy will be non-zero as people who want to pirate will no matter what you do - no matter how much or how little you charge. So find the price point that maximizes your potential in the market you are aiming to sell into and don't worry about the rest.
Unfortunately, you need to do a market study to determine that price - so as always you have to spend money to make (more) money. You may be surprised that what you thought was only a $5-$10 app may be a $50 app; OTOH, it could turn out to be a $1 app too.
We're not talking MPG, we're talking KPL here (kilometers per litre)
Anecdote time to counter your anecdote: With the exception of cars I've modified ('87 Toyota Tercel hatchback, '87 Pontiac Recaro T/A Firebird, '98 Ford Taurus SE) none of them have met their estimated MPG/KPL within 25% margin.
He did note that the driver makes a big differnce ;-)
Suit A:"We're losing money and marketshare! What are we going to do"
Suit B: "The same thing we do every time"
Both in unison: "Layoffs and hire some more lobbyists!"
I, too, often find myself wondering where the Animaniacs end, and Corporate America begins...
In this case, Corporate Europe...but nonetheless valid.
The biggest problem is that religious people have a 'belief' without no scientific evidence, and seem to ignore that (or use psuedo-science to prove it) - they just 'believe'.
The word you are looking for is Faith, not religion. Faith can be independent of or tied to any religion. Scientists that shun religion typically put their faith in science - especially with respect to how the universe was created; in essence science is their religion, yet they would not admit it.
Science cannot prove how the universe was formed. it can give many hypotheses, but cannot prove it. Taking any of those hypotheses and saying "this is how it was done" is not science, but scientific religion.
Sure, religious people can be scientists as they then use scientific measures, but it rarely works the other way around - I mean, how many religious scientists use methods to determine their belief? None.
There are many scientists who started out as atheists and came to a religious faith due to their work in science, for example micro-biologists that find things going contrary to predictions (getting more complex instead of simpler), etc.
Religion should not ever be associated with science, as it makes a mockery of proper science.
Then none would be able to do science. It would be humanly impossible.
Rather, those doing science must examine and pronouce their assumptions behind the work such that anyone from any perspective could understand what is going on. For instance, macro evolutionists have to pronouce assumptions of certain ages of the earth (e.g. that the decay rate of C14 is stable), that the environment of the entire earth has not had massive changes, etc; conversely, the religious right needs to recognize that the tend to assume no time gap between Genesis 2 and 3.
A good network security design should reflect that every host is untrustworthy, and possibly breached; no host that has any firewall exception or any access possible by VPN users should be allowed to be trusted more than any random host on the internet. Just because a host is local or known, under the same management, and believed to be secure, does not mean that its security has not been defeated, permitting its use to facilitate an APT.
100% agree.
but when properly managed you can secure the organization as a whole.
It doesn't work so well in practice; in practice, you expose the organization as a whole by having a network design that promulgates a need for a VPN gateway in the first place.
As soon as one laptop or server on the inside gets a piece of malware on it, the usefulness "public/outside bad", "inside good" concept breaks down, and as number of remote access users and devices increase, the probability of it eventually happening and escaping immediate detection approaches 100%.
Which means, that the properly secure design approach is assumption of breach.
I'd much rather the organization have a VPN (single or multiple) that can be used instead of having all the servers open to the public.
I'd much rather the organization have a strong firewall, not allow exceptions such as "VPN" or "pass rules" for certain ports or outside addresses to the internal network. Only specific traffic flows arranged in advanced, and originated from the more secure network, allowed.
I never said there should be exceptions for VPNs, only that the VPN should really be the only way to get to anything. So, consider my approach would be a VPN plus your approach.
E.g. Only outgoing connections from more secure to less secure. And only with thorough inspection of contents by an IDS, and application aware firewalls, including inspection involving intermediary SSL decryption.
Anything that remote workers might need, belongs in a DMZ.
Instead of authenticating to a VPN gateway, authenticate using a combination of a smartcard certificate or SSH client key to secure the channel, and credentials to every server.
Once you are inside the VPN then that is the exact approach to use. Put your corporate internal network on one IP range (e.g. 10.1.x.y), the VPN on another (e.g. (172.16.w.z), and then use your approach for the two networks to communicate. All servers should also be configured as you suggest regardless of which network they live on - they should inherently not trust any clients they receive.
A VPN, SSH tunnel, or firewall port opening is no different from a server being properly open to the public.
I recommend that any resource workers have access to be placed in a DMZ, and VPN devices _and_ office workstations all be placed in networks that are at the same trust level by the firewall as other hosts on the internet.
Only problem is that it is hard for a IT administrators to know what resources 'remote workers' needs. Many projects have their own resources - e.g. lab equipment - and people may need to access them from off-site. Yet they won't be fully under the control of the IT beaurocracy, nor would it be feasible to put them into a DMZ. So if you are going to have remote workers, you need to have some way for them to traverse from the outside-in; and one that does a very good job of protecting the network as a whole. No solution will be perfect, but it must be responsibly designed, implemented, administered, and maintained.
With no direct TCP/IP communications enabled or possible from one workstation to another workstation, or between VPN hosts, or between VPN users and workstations.
Use cryptographic secrets tied to the actual workstation (whether local or remote), to authenticate the establishment of network connections to such infras
...using FB so often when they forced the Timeline as the main page. It's useless for me, and just plain annoying.
VPN connections present a number of security challenges, risks, and costs, for organizations.
VPNs also solve a lot of security issues by focusing the security task in a central area. True it also can focus those trying to break in to the organization into that area as well, but when properly managed you can secure the organization as a whole.
I'd much rather the organization have a VPN (single or multiple) that can be used instead of having all the servers open to the public.
If someone's doing one commit a week and think's he's an 'ace developer' then the odds are he will not be missed.
In fact I've seen several people who thought they were ace developers walk off in a huff in my time. Life went on. The share price didn't budge. All anyone felt was a sense of relief for the next few weeks.
Most of the time people who think they're ace anything aren't because of the Dunning-Kruger effect.
http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
<snip>
And in the fact that in this case they're not doing much and you're better off laying them off.
As the AC pointed out, I called another developer an Ace Developer. And more to the point, when you implement policies that will encourage your best developers to leave - or that fire them - then you are in fact destroying your organization, thus my statement of "then sell the stock", because while it may be temporarily insulated from the immediate occurences, it will over the long term decline without recovery unless you change those policies.
BTW, the Ace Developer I was referring to has in fact left where I work, and it is having the exact effect I describe. But we're also a very small organization; and he was one of the few people left that knew all the technical information. Those of us left simply have not had the experience with the systems, clients, or various components to make up for his departure; and management isn't helping any by hiring kids right out of college when we need more senior people.
Top management tip. If you suggest a test to see which employees aren't working and someone comes up with a highly technical objection with lots of TLAs in it and explains how 'Ace developers' only commit once a week, nod politely and then tell them they're laid off next time performance reviews come up.
Then make sure to sell your stock.
This. I hate having to use a VPN. They are usually overly slow and generally screwy. For instance, at my house my internet is 20Mbit/2Mbit up/down. At work, it's 100MBit down/up (fiber). Over the VPN I'm lucky to get 300Kbyte/s download speeds, and much more often they are in the less than 100 range. I use SSH tunnels when I can because I can actually max out my connection with them, even with a third intermediate server involved
While i agree, you're not exactly comparing Appls to oranges. 300Kbyte/s is 2400Kbit/s - or 2.4Mbits. Start with correct comparisons and you might just find the real culprit.
Depends what RCS system you are using. If you use git or any number of distributed RCS systems, then you only need to connect to the central servers to push something in - all you work is tracked locally, and no VPN connection is required.
If you're using a centralized system (like CVS or SVN) then it may just be that you don't do a lot of commits; and for some people that's fine. Personally I prefer to commit more regularly (at least once a day), but I know some people that were Ace developers that would only commit once per week - when they were finally done with something - sure it doesn't help others to see how you arrived there, but in the end it matters little unless your boss is a prick and micromanaging everything.
The vast majority of people do things that will be more than performant on systems that are 5 years old or more. Yes there are certain tasks that are exceptions, but they are done by very very few people.
That is what you think, and what you have no way of proving, especially considering the market says otherwise. You may think whatever you wish, but the truth is, you hardly know what the "vast majority" of people need.
The market tends to agree with the declining sales of laptops and desktops, and the ever growing mobile segment which fits what I say more than what you say. So say what you wish, but the reality is that people really don't need as much computing power as is in most lower grade laptops and desktops any more.
My ARM-based Nexus One plays NetFlix just fine, and the various Apple devices (iPads, iPods, etc) doesn't have issues either; and I'd be willing to be that many DVD players, BD-DVD players, HD-DVD players, etc. all use ARM chips.
And all of these have special extra hardware to decode video and audio, while I can play a Blu-Ray movie at 1920x1080 on my desktop machine using nothing but the CPU for decoding.
You do realize that those specialized hardware is typically a mixture of ARM-based processors and DSPs, no?
It is nice to pull off numbers from your ass isn't it? You have absolutely no clue about how many people need or want more processing power, or what part of the user population they represent. The fact that people keep making upgrades and the market is not collapsing is proof enough that you are talking bullshit.
The vast majority of people do things that will be more than performant on systems that are 5 years old or more. Yes there are certain tasks that are exceptions, but they are done by very very few people.
Consider too that most people upgrade hardware that was purchased at the bottom of the spectrum - e.g. they're upgrading their RAM from a 2GB it came with to 4 GB, where it maxes out. Most don't do processor upgrades (they just buy new computers). And many are probably doing hard drive upgrades only, and paying Best Buy (or similar) to copy the data over.
The upgrade market is primarily driven by the enthusiasts and techies who want the top of the line and have the spare cash to essentially build a new computer every 6-12 months. No one else is buying the stuff with the high margins.
A few seconds less to open big excel sheets, or large images is motive enough for many many people. So is being able to play the latest games or full HD videos encoded in high compression codecs is another, processing big chunks of data, encryption, and many more tasks.
Processor speed will not usually do much in those cases. It's mostly driven by hard drive access - seek, file fragmentation, etc. Things that system maintenance will do better at fixing than upgrading you computer. Upgrading the hard drive essentially does a massive defrag of the drive. And yes, NTFS needs defragmentation done on a regular basis.
Realize that the processor usually never goes above 10% usage outside of a few peaks; it's mostly waiting on I/O to occur.
I think your '99%' analogy is a bit off - I think more like 80% or so is probably accurate. I have friends who try to edit photos on older systems and have nothing but trouble, and the same with people gaming on inadequate hardware. At work, I help folks all the time that need to upgrade because the hardware they are on - sometimes from only a couple of years ago - just doesn't meet their needs.
Also, there is the idea of 'fast enough' itself. Where do you draw the line? If a modern, graphics-intensive website took several seconds to full render is that 'fast enough'? A lot of little delays can add up to wasted time and user frustration, but faster computer hardware can often alleviate those things... and with internet tasks, of course, more bandwidth can also help. How many people here would be okay if their ISP just capped everything at 5Mbps or less for the rest of eternity, just because 'its enough to watch low-res video, check email, and play games'?
Few things to consider: (i) how well are those Windows machines maintained? And (ii) are you really upgrading the right parts or fixing the right thing? Chances are you are not.
In all honesty, a good rebuild of a Windows system will usually restore it to better performance levels; yet that is so rarely done (and time consuming). Often it's just as good as doing an upgrade - and an upgrade of RAM/processor/etc will soar even more when its done too.
All very true.
And of course, in some cases MSDN has zero documentation for stuff. For example, there's many instances of the Windows Scripting Host functionality where it is only documented in VBScript despite the fact that Microsoft fully supports JavaScript with WSH as well. So you have to turn to other sources to figure out how to do it in JavaScript if that's what you are using. (Yeah, it drove me nuts a few years back.)
So now I use the MSDN search in Firefox, or use the "site:microsoft.com" feature in Google for MSDN specific stuff; but often I end up turning to the general web to find stuff. MSDN's internal search (provided by Bing) is absolute crap; and it's only been going down hill since somewhere around 2004. Yes, at one point you could actually find stuff in MSDN on Microsoft website; good luck now - it usually takes you through a maze of backwater portions of the site that don't give you any useful information - e.g. looking for C/C++ stuff but it only shows you C# or C++/CLI stuff.
To quote XKCD "maybe it's a virus"
A virus called Windows?
> general purpose = internet surfing, email and maybe a movie
Plenty of movies will clobber ARM appliances.
Even content consumption benefits from a better general purpose CPU. As with any general purpose device, you can do things that weren't originally designed into your device. You also have the ability to make updates and fixes or just dump the bundled software entirely.
Specialty silicon is cool of course but also limited.
Interesting. My ARM-based Nexus One plays NetFlix just fine, and the various Apple devices (iPads, iPods, etc) doesn't have issues either; and I'd be willing to be that many DVD players, BD-DVD players, HD-DVD players, etc. all use ARM chips. Heck, the vast majority of WinCE devices were ARM-based.
Just because its ARM doesn't mean is a SoC. And just because its x86 doesn't mean its not SoC either.