We count the CAL as part of the workstation cost. They're cheap, only about $20 each ( http://www.cdw.com/shop/products/default.aspx?EDC=488489 ), and you only have to pay once per client, there is no additional cost for another server that is accessed by existing licensed clients. If you look at our accounts payable, Microsoft server licenses are a very small portion of our overall cost of doing business. I like Linux. But if I switch, it won't be because of cost. Windows just isn't all that expensive.
Even late in 2008 some third party apps were not supported on server 2008
Most of the major 3rd party software I work with doesn't support anything that they don't want to. All of my "mission critical" applications refuse to support Windows 2008, SQL 2005 or 2008, Clustering, SAN storage, or virtualization of any type. I have one piece of very expensive software that only supports remote management with PCAnywhere. Enabling Terminal Services, installing VNC or any other remote connectivity product will result in support being denied. The software is so mission critical that our call center will cease to function if this product cannot connect to the network, yet NIC teaming is not supported. The guy that came in and installed the software actually un-teamed the NICs and removed the second cable. Also, every single one of them demands to be on a dedicated server.
The logic is simple... There is a special OS for a server so the cost can be different. There is no technical reason that Windows couldn't be like Linux and allow you to add every server component to a single base operating system, The only reason is that they want to charge people that buy servers with 256GB of RAM $3000 per server and those that run small companies $600 per server. Both companies get a good deal (of course, not as good as free).
Where I work, a typical server costs $5,500, Windows costs around $600, physically putting the server in the datacenter costs $2,000, and labor for installing, configuring, and supporting the server costs $3,000 over the its life. At the end of the day, Windows servers cost around $11,100. Switching to Linux would save us $600, reducing our costs by 5%.
A typical server with 256GB of RAM would run about $60,000. This server would require the Enterprise editions of Windows Server, so that would run about $3,000. The other costs would remain the same and at the end of the day, the OS is still only five percent of the total.
Your comment is more interesting once you do a little math.
$28,000 per three hours works out to a rate of $81 million per year. This guy and could have easily put his own communication satellite in orbit and provided his own downlink station with a T3 for the same cost and broke even in less than five years. If a major telecommunications company is charging you more than you can do it yourself for, you are being raped. I'm guessing he was only one of hundreds on the network at the time, so the bill was being inflated by at least 10,000%.
Microsoft is famous for "stack-ranking" employees at review time. This means that somebody in every group will get a "worst of the group" review and somebody will get "best of the group". If you are in the bottom 10% at MSFT, you are never going to get a raise and you will eventually quit.
But, people with VCRs can still use theirs until they break. AT&T is making a service less valuable that customers are bound by contract to continue paying for. If they can't afford to build out 3G without harming 2G, then they simply can't afford to build out 3G.
Even better, many of the residents of NY live within a few miles of an indian reservation. If these taxes are viewed as oppressive, then the indians will start carrying the items in question and New York State will have lost more control and made less in tax money than they budgeted for.
Dude, chill out. I'm not part of the "war on drugs", I'm part of the "war on the DEA revoking my company's meal ticket" (distribution license). I am a programmer and I encourage creativity. However, I will not tolerate unnecessary risk in software. My project isn't important due to it's relationship to prescription drugs, it's important due to the fact that my company must follow the rules layed out by the DEA in order to conduct business. If we fail to follow those rules due to some immature programmer embedding a credits video in a piece of business software, and get our license revoked, that would not be good.
An easter egg is, almost by definition, code that hasn't been tested properly. That's not how I work.
BTW, I don't work for the government, I work for a company that has to follow their rules.
I'm the technical lead for a large chunk of this project and if I saw an Easter Egg in a check-in, there would be a closed door meeting with a programmer. I guess if you write games it might be considered acceptable.
Reducing your target development community substantially is often a good thing. A small team of top quality programmers working in a top quality environment you have specified is a much better choice than lots of people offering a mishmash of solutions.
Reducing the size of the community and reducing the size of the team are two totally different things. You can easily get 10 high quality Java programmers in just about any area of the world. Just because there's millions of them doesn't mean you have to hire all of them. However, it would be much more difficult to put together a team of 10 highly skilled Erlang programmers. It's not that you couldn't get a team of 10 highly skilled Erlang programmers, it's just that of the available pool, most of the highly skilled ones would be otherwise engaged at the moment.
I get dual-port SAS 15K drives for $2/GB for my SAN. If you add the cost of the SAN and the fibre channel switches, then I can get two switches, a 12 bay dual controller SAN, and 12 450GB drives for $30,000. That's about $6,000/TB using RAID 6, $10,000/TB at RAID 10. The second batch of drives runs about a third of the first batch after the investment in all the FC infrastructure.
HP has a new SAS SAN if the initial sticker shock of fibre channel is too much. You can get the first TB for under $10,000 and add to it for about $3,000/TB. You can't hook a ton of hosts to it, so it's more suited for a monster VMWare cluster than for a general purpose workload.
Always remember that just because it passes all the unit tests and gets through QA, it doesn't mean that it is good code. The first level of acceptability is "Does it work?". Make a concious effort to make your code maintainable and extensible.
It doesn't have as much to do with the barcode as it does the business model. The "push" model is where vendor put special 2D barcode on products that are specially designed to be scanned by phones. The "pull" model is to use whatever barcode is already on the product and gather information about it. Push usually implements 2D barcodes to get more data in it, pull uses the existing barcodes, and most of those are 1D. So it really must be 1D, because almost nothing has 2D barcodes.
As a consumer, I don't want to read the 2D barcode. That barcode is in the vendor's interest and will likely be very difficult to correlate with products from competing vendors or to find availablility from multiple sources to price shop. All I need is the UPC. Even that needs some massaging because some stores ask the vendor to put special UPCs on their products.
Where I work, Project Managers come from the PMO office and they don't supervise any employees other than project management staff. My boss (the guy who does my performance appraisal every year) is not a Project Manager.
Most of our projects are cross-business unit and cross-discipline. I couldn't imagine a project that I would be involved in where all of the techs have the same manager.
My experiences may be different from yours due to the sheer size of my company. We have over 4000 IT employees and do $100B in business every year.
Re:I don't know if I fully agree with that
on
Fire Your IT Boss
·
· Score: 4, Insightful
There's another side of the same coin.... I tell tech people I work with all the time - "If you can't find a way to work on a product that you don't fully understand, you will be doomed to a life of building and fixing small things." I work with a lot of people who are constantantly retreating into their offices for a few days to try to map out a whole system, or who say that a process is buggy because the guy that wrote part X didn't understand part Y. Building reliable systems of any size or building any system of significant size is a process of divide and conquer. Break a big problem into a bunch of simple problems.
Management is a similar situation. The manager is there to make sure that if he wants to outsource part to India, that the product has clear delineations and interfaces so the work can be split up. A manager who learned these lessons in 1980 doing RPG is the same as a manager who learned these lessons from his old boss at IBM who learned them writing COBOL in 1971, who is the same as a manager who just helped Google launch a new BETA product. His architect will tell him how to split it up, but the manager will be the one deciding what the important choices are, getting the right questions in front of the right people, and helping those who know work towards the right solution.
I work for a big IT department and I've worked as a tech on many projects with many IT Project managers. Not a single one of those project managers could have filled my shoes if I got hit by a bus, but every one of them knew where to look for a fill-in for me if it became necessary. I once saw a project manager volunteer to do some of the low-level tedious tech work on a project where the schedule was getting tight and the IT Director vetoed it hard.
I think it's interesting that you think of the techs on your projects as "under you". If I lost a PM and someone asked me to fill in, I certainly wouldn't regard it as a promotion. I'm several career levels above most of the PMs in my company.
I was on a federal court jury a few years ago. The judge explained to us that in the federal judicial system, there is no such thing as parole. If you get sentenced to 25, you do 25.
I would guess that it is because most jobs that can be performed effectively via telecommuting, could also be outsourced. Why go halfway? The only reason you still have your job is precisely because your job is not concusive to being doen somewhere else. What's the difference between India and an employee's mom's basement?
Linux had it's window of free growth while being the only lean base OS to host virtualization solutions. From now on, Linux will have to earn every sale. Windows Server 2008 Core with Hyper-V may not be better than VMWare ESX on Linux, but it works. As of this year, a hypervisor is now an expected feature of a server operating system and is now a commodity. Look at the licensing for Windows 2008 and you'll see it is actually close enough to free on a big server. Some licensing models actually allow for the purchase of one OS license and the ability to run unlimited 2008 servers on guests with that one license.
Heck, I spec out servers regularly for projects at work and we actually budget more for the network drop than for Windows on a typical server. I still can't figure out how we justify a standard $900 price tag for a network drop in a data center, it's not like we need to hire a cable monkey to punch holes in the walls.
- Prepare-and-execute runs just as fast as stored procedures and gets cached exactly like stored procedures do.
- Prepared statements still process data and the server. Not using stored procedures doesn't mean that you have to extract raw data.
- The task based security you claim only works if you run the entirety of that logic unit on the server written in SQL. T-SQL is an utterly horrible language. I get to run my code on the server when I choose to do so and run it on an app server when I choose to do so. I also get to control exactly what certain IDs can call, I simply choose to use the best technology for the job at hand instead of always using stored procedures.
Don't get me wrong, I'm not anti-stored procedure. I'm simply not pro-stored procedure. I do a lot of my coding in stored procedures, a lot in triggers, and a lot in user-defined functions. Every time I choose one of these solutions, I have a specific reason for doing so. My reasons are almost never performance and seldom security. For example, I might make a complex data retrieval process for a report into a stored procedure because it is easier to maintain than a large blob of SQL buried in a report. Since I don't do my report rendering on user workstations, security never plays a role. My report-only users can't even log into the database server, let alone read any data from it. On the other hand, burying the SQL in the report makes it easier to deploy. I maintain my own dependency database, so I will always know which report would be affected by a schema modification whether I use a stored procedure or not. Besides, you can't trust sp_depends. If you rebuild a db and run the sp scripts in the wrong order, it will be wrong.
Then, if you were a victim of this attack, realize that you are still an idiot and you build a *nix system that is just as poorly configured as your previous Windows system.
In order to be hurt by this attack, you have to have at least one web page accessible via the Internet that hasn't been even casually reviewed by someone who knows even a little bit about creating secure web pages. Nothing is broken here and this isn't a "hidden complexity" or an "evolutionary feature". This isn't more flaws, but the same flaw I (and thousands of others) demonstrated to web programming students in 1997. Don't blame the web, blame the developers and project managers and embarass them out of thier current jobs.
But, it also encourages more logic in the database. If the logic were in the middle tier instead of in stored procedures, there wouldn't be a need to rewrite anything when switching database platforms.
Who cares what the DBA wants to know (except the DBA). Do we build business processes to access the database, or databases to support business needs? The simple fact is that the demand to use stored procedures is nothing other than a power grab by DBAs. The SQL Injection in the original article was caused by idiot front end developers who made several compounding mistakes. Are you suggesting that these monumental idiots wouldn't have called the stored procedures from the query string if you forced them to use stored procedures?
Slashdot Mirror
We count the CAL as part of the workstation cost. They're cheap, only about $20 each ( http://www.cdw.com/shop/products/default.aspx?EDC=488489 ), and you only have to pay once per client, there is no additional cost for another server that is accessed by existing licensed clients. If you look at our accounts payable, Microsoft server licenses are a very small portion of our overall cost of doing business. I like Linux. But if I switch, it won't be because of cost. Windows just isn't all that expensive.
Even late in 2008 some third party apps were not supported on server 2008
Most of the major 3rd party software I work with doesn't support anything that they don't want to. All of my "mission critical" applications refuse to support Windows 2008, SQL 2005 or 2008, Clustering, SAN storage, or virtualization of any type. I have one piece of very expensive software that only supports remote management with PCAnywhere. Enabling Terminal Services, installing VNC or any other remote connectivity product will result in support being denied. The software is so mission critical that our call center will cease to function if this product cannot connect to the network, yet NIC teaming is not supported. The guy that came in and installed the software actually un-teamed the NICs and removed the second cable. Also, every single one of them demands to be on a dedicated server.
The logic is simple... There is a special OS for a server so the cost can be different. There is no technical reason that Windows couldn't be like Linux and allow you to add every server component to a single base operating system, The only reason is that they want to charge people that buy servers with 256GB of RAM $3000 per server and those that run small companies $600 per server. Both companies get a good deal (of course, not as good as free).
Where I work, a typical server costs $5,500, Windows costs around $600, physically putting the server in the datacenter costs $2,000, and labor for installing, configuring, and supporting the server costs $3,000 over the its life. At the end of the day, Windows servers cost around $11,100. Switching to Linux would save us $600, reducing our costs by 5%.
A typical server with 256GB of RAM would run about $60,000. This server would require the Enterprise editions of Windows Server, so that would run about $3,000. The other costs would remain the same and at the end of the day, the OS is still only five percent of the total.
Your comment is more interesting once you do a little math.
$28,000 per three hours works out to a rate of $81 million per year. This guy and could have easily put his own communication satellite in orbit and provided his own downlink station with a T3 for the same cost and broke even in less than five years. If a major telecommunications company is charging you more than you can do it yourself for, you are being raped. I'm guessing he was only one of hundreds on the network at the time, so the bill was being inflated by at least 10,000%.
What if, like this guy, you were being charged $2 a second? I would probably smash by phone with the nearest heavy object.
Microsoft is famous for "stack-ranking" employees at review time. This means that somebody in every group will get a "worst of the group" review and somebody will get "best of the group". If you are in the bottom 10% at MSFT, you are never going to get a raise and you will eventually quit.
But, people with VCRs can still use theirs until they break. AT&T is making a service less valuable that customers are bound by contract to continue paying for. If they can't afford to build out 3G without harming 2G, then they simply can't afford to build out 3G.
Even better, many of the residents of NY live within a few miles of an indian reservation. If these taxes are viewed as oppressive, then the indians will start carrying the items in question and New York State will have lost more control and made less in tax money than they budgeted for.
Dude, chill out. I'm not part of the "war on drugs", I'm part of the "war on the DEA revoking my company's meal ticket" (distribution license). I am a programmer and I encourage creativity. However, I will not tolerate unnecessary risk in software. My project isn't important due to it's relationship to prescription drugs, it's important due to the fact that my company must follow the rules layed out by the DEA in order to conduct business. If we fail to follow those rules due to some immature programmer embedding a credits video in a piece of business software, and get our license revoked, that would not be good.
An easter egg is, almost by definition, code that hasn't been tested properly. That's not how I work.
BTW, I don't work for the government, I work for a company that has to follow their rules.
I'm on this project right now...
http://www.pharmaceuticalcommerce.com/frontEnd/main.php?idSeccion=972
I'm the technical lead for a large chunk of this project and if I saw an Easter Egg in a check-in, there would be a closed door meeting with a programmer. I guess if you write games it might be considered acceptable.
Reducing your target development community substantially is often a good thing. A small team of top quality programmers working in a top quality environment you have specified is a much better choice than lots of people offering a mishmash of solutions.
Reducing the size of the community and reducing the size of the team are two totally different things. You can easily get 10 high quality Java programmers in just about any area of the world. Just because there's millions of them doesn't mean you have to hire all of them. However, it would be much more difficult to put together a team of 10 highly skilled Erlang programmers. It's not that you couldn't get a team of 10 highly skilled Erlang programmers, it's just that of the available pool, most of the highly skilled ones would be otherwise engaged at the moment.
I get dual-port SAS 15K drives for $2/GB for my SAN. If you add the cost of the SAN and the fibre channel switches, then I can get two switches, a 12 bay dual controller SAN, and 12 450GB drives for $30,000. That's about $6,000/TB using RAID 6, $10,000/TB at RAID 10. The second batch of drives runs about a third of the first batch after the investment in all the FC infrastructure. HP has a new SAS SAN if the initial sticker shock of fibre channel is too much. You can get the first TB for under $10,000 and add to it for about $3,000/TB. You can't hook a ton of hosts to it, so it's more suited for a monster VMWare cluster than for a general purpose workload.
Always remember that just because it passes all the unit tests and gets through QA, it doesn't mean that it is good code. The first level of acceptability is "Does it work?". Make a concious effort to make your code maintainable and extensible.
It doesn't have as much to do with the barcode as it does the business model. The "push" model is where vendor put special 2D barcode on products that are specially designed to be scanned by phones. The "pull" model is to use whatever barcode is already on the product and gather information about it. Push usually implements 2D barcodes to get more data in it, pull uses the existing barcodes, and most of those are 1D. So it really must be 1D, because almost nothing has 2D barcodes.
As a consumer, I don't want to read the 2D barcode. That barcode is in the vendor's interest and will likely be very difficult to correlate with products from competing vendors or to find availablility from multiple sources to price shop. All I need is the UPC. Even that needs some massaging because some stores ask the vendor to put special UPCs on their products.
Where I work, Project Managers come from the PMO office and they don't supervise any employees other than project management staff. My boss (the guy who does my performance appraisal every year) is not a Project Manager.
Most of our projects are cross-business unit and cross-discipline. I couldn't imagine a project that I would be involved in where all of the techs have the same manager.
My experiences may be different from yours due to the sheer size of my company. We have over 4000 IT employees and do $100B in business every year.
There's another side of the same coin.... I tell tech people I work with all the time - "If you can't find a way to work on a product that you don't fully understand, you will be doomed to a life of building and fixing small things." I work with a lot of people who are constantantly retreating into their offices for a few days to try to map out a whole system, or who say that a process is buggy because the guy that wrote part X didn't understand part Y. Building reliable systems of any size or building any system of significant size is a process of divide and conquer. Break a big problem into a bunch of simple problems.
Management is a similar situation. The manager is there to make sure that if he wants to outsource part to India, that the product has clear delineations and interfaces so the work can be split up. A manager who learned these lessons in 1980 doing RPG is the same as a manager who learned these lessons from his old boss at IBM who learned them writing COBOL in 1971, who is the same as a manager who just helped Google launch a new BETA product. His architect will tell him how to split it up, but the manager will be the one deciding what the important choices are, getting the right questions in front of the right people, and helping those who know work towards the right solution.
I work for a big IT department and I've worked as a tech on many projects with many IT Project managers. Not a single one of those project managers could have filled my shoes if I got hit by a bus, but every one of them knew where to look for a fill-in for me if it became necessary. I once saw a project manager volunteer to do some of the low-level tedious tech work on a project where the schedule was getting tight and the IT Director vetoed it hard.
I think it's interesting that you think of the techs on your projects as "under you". If I lost a PM and someone asked me to fill in, I certainly wouldn't regard it as a promotion. I'm several career levels above most of the PMs in my company.
I was on a federal court jury a few years ago. The judge explained to us that in the federal judicial system, there is no such thing as parole. If you get sentenced to 25, you do 25.
I would guess that it is because most jobs that can be performed effectively via telecommuting, could also be outsourced. Why go halfway? The only reason you still have your job is precisely because your job is not concusive to being doen somewhere else. What's the difference between India and an employee's mom's basement?
Linux had it's window of free growth while being the only lean base OS to host virtualization solutions. From now on, Linux will have to earn every sale. Windows Server 2008 Core with Hyper-V may not be better than VMWare ESX on Linux, but it works. As of this year, a hypervisor is now an expected feature of a server operating system and is now a commodity. Look at the licensing for Windows 2008 and you'll see it is actually close enough to free on a big server. Some licensing models actually allow for the purchase of one OS license and the ability to run unlimited 2008 servers on guests with that one license.
Heck, I spec out servers regularly for projects at work and we actually budget more for the network drop than for Windows on a typical server. I still can't figure out how we justify a standard $900 price tag for a network drop in a data center, it's not like we need to hire a cable monkey to punch holes in the walls.
- Prepare-and-execute runs just as fast as stored procedures and gets cached exactly like stored procedures do.
- Prepared statements still process data and the server. Not using stored procedures doesn't mean that you have to extract raw data.
- The task based security you claim only works if you run the entirety of that logic unit on the server written in SQL. T-SQL is an utterly horrible language. I get to run my code on the server when I choose to do so and run it on an app server when I choose to do so. I also get to control exactly what certain IDs can call, I simply choose to use the best technology for the job at hand instead of always using stored procedures.
Don't get me wrong, I'm not anti-stored procedure. I'm simply not pro-stored procedure. I do a lot of my coding in stored procedures, a lot in triggers, and a lot in user-defined functions. Every time I choose one of these solutions, I have a specific reason for doing so. My reasons are almost never performance and seldom security. For example, I might make a complex data retrieval process for a report into a stored procedure because it is easier to maintain than a large blob of SQL buried in a report. Since I don't do my report rendering on user workstations, security never plays a role. My report-only users can't even log into the database server, let alone read any data from it. On the other hand, burying the SQL in the report makes it easier to deploy. I maintain my own dependency database, so I will always know which report would be affected by a schema modification whether I use a stored procedure or not. Besides, you can't trust sp_depends. If you rebuild a db and run the sp scripts in the wrong order, it will be wrong.
Then, if you were a victim of this attack, realize that you are still an idiot and you build a *nix system that is just as poorly configured as your previous Windows system.
In order to be hurt by this attack, you have to have at least one web page accessible via the Internet that hasn't been even casually reviewed by someone who knows even a little bit about creating secure web pages. Nothing is broken here and this isn't a "hidden complexity" or an "evolutionary feature". This isn't more flaws, but the same flaw I (and thousands of others) demonstrated to web programming students in 1997. Don't blame the web, blame the developers and project managers and embarass them out of thier current jobs.
But, it also encourages more logic in the database. If the logic were in the middle tier instead of in stored procedures, there wouldn't be a need to rewrite anything when switching database platforms.
Who cares what the DBA wants to know (except the DBA). Do we build business processes to access the database, or databases to support business needs? The simple fact is that the demand to use stored procedures is nothing other than a power grab by DBAs. The SQL Injection in the original article was caused by idiot front end developers who made several compounding mistakes. Are you suggesting that these monumental idiots wouldn't have called the stored procedures from the query string if you forced them to use stored procedures?