Re:I don't know if I fully agree with that
on
Fire Your IT Boss
·
· Score: 5, Interesting
I can't agree more.
I'm a bottom-level IT manager. They call me a "team lead," which is code for "you're a manager but we're not giving you any more money."
I was on vacation for 12 days at the end of August. When I got back, I got two reactions:
1. From my boss - "I'm so glad you're back, I tried to get the guys to do a build and apparently just managed to confuse them." 2. From the most senior developer - "I'm so glad you're back, I didn't realize how much you filter out. It was one of the worst weeks I've had in a long time."
My job is to run interference between my boss and my team, and to translate between boss-speak and developer-speak. Occasionally I get to write some code, too. If there's something that looks fun and is small I selfishly grab it for myself. God knows I don't have time to do anything big.
Before I was married I vacationed at Disney World a few times alone and experienced a bit of this at the water parks. Actually, maybe more than a bit - I truly have no idea, since I wouldn't have been wearing my glasses most of the time.
What is the right answer to "why are you at the park" anyhow? I would stammer and say something brilliant like "Huh? I don't understand, it's the park, I'm at the park because it's nice out and I felt like going to the park and wandering around."
I know all about tcpdump. I have a customized version of Ethereal that we use to decode the POS data stream.
It wouldn't be that hard to place a rogue piece of hardware in a single store - you'd probably just need to act like you were supposed to - but I repeat, there is NO centralized location aside from the A/P where every store's data stream can be seen.
And, as another poster commented, there are no network printers on our POS network. Parallel or serially attached to the registers.
I don't fully agree with this. Sometimes standards are just for making auditors money and managers and regulators feel good.
The large retailer I work for is technically not compliant with PCI-DSS standards.
The reality of our current credit processing solution is that it would have to be done at the acquirer/processor for a system-wide data breach, and to breach a single retail location, the credit card data would have to be captured on the fly across the internal, no-gateway, wired point-of-sale LAN.
It would have to be done with a new piece of hardware being placed on that network, because none of the equipment that belongs on the network is capable of getting into promiscuous mode and sniffing the network.
NO credit data (account numbers, expiration date, etc) is stored in a database. Not anywhere. The few pieces of a card number (last 4 digits) we keep are stored in a database local to the store, with no way to globally pull that data out of the store.
And yet, I've spent the better part of this year making us "more secure," because it brings us into compliance with what the PCI standard and auditors understand as security.
A few years after I was out of college, I noticed an ad for a new computer service (like CompuServe or AOL. Yes, I'm dating myself.)
So I dialed up the toll free number, went through the registration, and was told there were no local access numbers for me, so I declined to join.
At that point, I got dumped out of the Unix shell script that was apparently running and had a shell prompt. WTF? Turns out the author had put in an "exit" at that point, thinking it would log the user out.
Then I started looking around, and found - hey! a big CSV file with user names, real names, address, phone numbers, and credit cards, including my own.
Well That's Not Good, I thought to myself, and promptly did a "chmod 000 filename" and a "chown root filename." That should fix it, I thought.
Then I went over to CompuServe where I had an account and sent an email over to them to report the problem. Or maybe I phoned customer service, I don't recall any more.
And I saved off the terminal log of everything I had done to a diskette, gave it to a friend with an explanation of what it was, and got on with my life.
Never did hear back from them.... neither did anyone else, they appeared to have gone out of business shortly thereafter.
The D902, a three-cylinder version of the Z602, has a displacement of 0.898 L and an output of 20.6 hp at 3200 rpm. A 3600 rpm version, due for introduction next year, will be rated 23.5 hp.
I also looked for a price on this engine. The first I saw was about $2800 for a remanufactured unit, with a $700 core charge. It's used in bobcats and similar. If you're building this "car," you won't have a core, so it's going to cost you $3500.
Although the XR-3 can be built just as the prototype was built, kits are on the agenda. Information will appear on this page as it becomes available. But the XR3 can be constructed using the same techniques used to build Tri-Magnum. Click on FRP/foam composite for a document that shows the composite system used to build the body for the XR3.
A knocked-down body kit consisting of pre-molded panels provides the greatest benefit at the least cost. So body kits will be supplied as unassembled panels that builders can bond together. In addition to enabling the lowest price, this type of kit also reduces packaging and shipping costs. Frame kits will consist of a welded-together assembly, which turns the project into mostly a bolt-together operation. The goal is to deliver the greatest benefit at the lowest possible price, and avoid supplying parts that you can purchase locally.
The price of kits has not been established.
So the $25,000 is a guess at what you might be able to buy parts to build it for. It isn't an offer to sell a kit.
OK, the merchant shouldn't have your card # on file.
But wait, actually, according to my understanding of current PCI rules, they can have it on file, so long as it's secure from hacking. Not fraud, hacking.
Fraud = an employee steals the number or is fooled into giving it away. Hacking = IT security breach causes the loss.
So if they wrote it on a piece of paper and put it in a file drawer, it's fine.
If it's in electronic format, that's something they have to prove is secure - or, assuming they're a minor merchant, they have to claim is secure.
Now, we all know how easy it is to fool someone into giving you the card number, but once again, that would be fraud, and is not really covered by the PCI standard afaik.
Daily? You've got something wrong. My router is in the furnace room with all the other utility equipment and I pretty much just ignore it. In fact, I ignore all of the network equipment - it's all working flawlessly with zero attention. 2 WAPs (one private, one public,) a router, a print server, and a cable modem.
I had a D-Link for years and have now switched to a little Soekris system running m0n0wall.
None of my routers have had any wireless capabilities - my routers are routers, and my WAPs are WAPs, and that's how I like it. One device for each task is my philosophy.
The only time I ever have to reboot anything is after a power or other internet outage. Then there sometimes is a little dance of "unplug cable modem, power off router, plug in cable modem, wait for all the lights to return to good state, turn on router" to get things working again. Aside from a vain attempt a couple days ago (internet really was out) I haven't done that in months at least.
Thanks! I was just reviewing the Microsoft patch at work today - evaluating what category it should go into ("OMG NOW NOW NOW", "Soon", "Next Release", "Never.")
That helps a lot with understanding it. (I said "Next Release", by the way.)
If you want to live and work abroad, pick the language for where you want to go.
If you're planning to stay in the US, get fluent in Spanish. And not just if you're in the Southwest; the Hispanic population is growing everywhere. You probably won't need it for interacting with co-workers, but if you ever have contact with end-users, you may need it then. God knows when I was carrying a pager it would have helped a few times.
Keep in mind that a lot of corporate systems - where the end users don't have access or ability to upgrade Internet Explorer - are probably still running IE6.
The oft cited reason for this is compatibility. Some corporate intranet sites or other internal web applications require IE6 and don't function right under IE7.
Shockingly off topic at this point, but I'd rather the community as a whole worked to keep alcohol out of the hands of my hypothetical 12-year-old kid than depending on me following him around. I know, I know, he can get it if he really wants it, but still. Give me a hand at least.
Doesn't mean I'm convinced that 21 vs. 18 is the right age, but as I said, that is irrelevent to this topic. Drinking was merely an example of something you must show your ID for.
Dragging us back to the topic....
If I forget my work badge I have to show the security guard ID so he'll let me in. If I get pulled over I have to show the police officer my driver's license, even if he ultimately doesn't give me a ticket for absent mindedly driving almost 100 mph. (It happened, btw. I was shocked that I wasn't at least ticketed.) If I want to open a bank account, I have to show some form of ID. If I look 17 and want to go to an R-rated movie, I have to show an ID. If I look 17 and want to get into a strip club, I probably have to show an ID. (Seems like, but I've never been.) If I'm 19 and want to get into a bar in Champaign, IL, I have to show ID. (True 20 years ago at least.) If I want to use my credit card at the Disney store I have to show an ID. (Counter to network rules, but none the less true.)
There are plenty of actions where you have to prove your identity to do them, and I don't see why using an airplane ticket shouldn't be one of them.
And when there are people queued up behind you anxiously wondering if they're going to make their flight, that isn't the time to decide to make a stand. Just show your damn ID and get on the plane so I can get on mine. Your right to swing your arms wildly in the air ends at my nose, and this kind of shit is really close to my nose.
Oh and one more thing. The recent absurd TSA policies aren't the only cause of clogged up lines.
I've been flying for decades, and have encountered both long backed-up lines and short no-wait lines all through those decades. It's a function of the number of travellers, the percentage of experienced travellers, and the number of on-duty security people.
Maybe I'm too unconcerned about my own privacy but it seems to me you may be a bit too concerned about your own.
I don't really care if a vendor knows my name, whether it be a restaurant, an airline, or my dry cleaner. I'm entering into a business relationship with them, and I think they're as entitled to know who I am as I am to know the name of the airline or the restaurant or the dry cleaner. Maybe that's a product of my upbringing; I grew up in a small town, and everyone knows everyone. Then I owned a small business, wherein I collected names and addresses, but never put them to any use - not even junk mail - except the one time I recalled some products because a bunch of people had problems with them and I was tired of the slow trickle - better to just get it over with.
You have to show ID to buy alcohol because that's the only mechanism for verifying age. I suppose there could be a government program for tattooing everyone's birth date on their forearm but you probably wouldn't like that either.
I did skim TFA and don't recall anything where the TSA claims this would stop terrorism.
I think this is perfectly reasonable policy; don't waste people's time and clog up lines by refusing to show ID. If you forgot your ID, that's fine, they'll pat you down and send you through. But when hundreds of people are trying to make their flights, don't get all civil rightsy over nothing.
So you have to show a driver's license. So what. Until recently I had to show ID to buy a beer, and I'm 39. I just finally look > 35 because the hair that isn't falling out is turning gray.
You used your name when you bought the ticket, didn't you? Exactly what privacy do you think you're protecting?
Slashdot Mirror
I can't agree more.
I'm a bottom-level IT manager. They call me a "team lead," which is code for "you're a manager but we're not giving you any more money."
I was on vacation for 12 days at the end of August. When I got back, I got two reactions:
1. From my boss - "I'm so glad you're back, I tried to get the guys to do a build and apparently just managed to confuse them."
2. From the most senior developer - "I'm so glad you're back, I didn't realize how much you filter out. It was one of the worst weeks I've had in a long time."
My job is to run interference between my boss and my team, and to translate between boss-speak and developer-speak. Occasionally I get to write some code, too. If there's something that looks fun and is small I selfishly grab it for myself. God knows I don't have time to do anything big.
Before I was married I vacationed at Disney World a few times alone and experienced a bit of this at the water parks. Actually, maybe more than a bit - I truly have no idea, since I wouldn't have been wearing my glasses most of the time.
What is the right answer to "why are you at the park" anyhow? I would stammer and say something brilliant like "Huh? I don't understand, it's the park, I'm at the park because it's nice out and I felt like going to the park and wandering around."
I know all about tcpdump. I have a customized version of Ethereal that we use to decode the POS data stream.
It wouldn't be that hard to place a rogue piece of hardware in a single store - you'd probably just need to act like you were supposed to - but I repeat, there is NO centralized location aside from the A/P where every store's data stream can be seen.
And, as another poster commented, there are no network printers on our POS network. Parallel or serially attached to the registers.
And no wireless networks.
I don't fully agree with this. Sometimes standards are just for making auditors money and managers and regulators feel good.
The large retailer I work for is technically not compliant with PCI-DSS standards.
The reality of our current credit processing solution is that it would have to be done at the acquirer/processor for a system-wide data breach, and to breach a single retail location, the credit card data would have to be captured on the fly across the internal, no-gateway, wired point-of-sale LAN.
It would have to be done with a new piece of hardware being placed on that network, because none of the equipment that belongs on the network is capable of getting into promiscuous mode and sniffing the network.
NO credit data (account numbers, expiration date, etc) is stored in a database. Not anywhere. The few pieces of a card number (last 4 digits) we keep are stored in a database local to the store, with no way to globally pull that data out of the store.
And yet, I've spent the better part of this year making us "more secure," because it brings us into compliance with what the PCI standard and auditors understand as security.
And don't get me started about SOX.....
Here's my experience....
A few years after I was out of college, I noticed an ad for a new computer service (like CompuServe or AOL. Yes, I'm dating myself.)
So I dialed up the toll free number, went through the registration, and was told there were no local access numbers for me, so I declined to join.
At that point, I got dumped out of the Unix shell script that was apparently running and had a shell prompt. WTF? Turns out the author had put in an "exit" at that point, thinking it would log the user out.
Then I started looking around, and found - hey! a big CSV file with user names, real names, address, phone numbers, and credit cards, including my own.
Well That's Not Good, I thought to myself, and promptly did a "chmod 000 filename" and a "chown root filename." That should fix it, I thought.
Then I went over to CompuServe where I had an account and sent an email over to them to report the problem. Or maybe I phoned customer service, I don't recall any more.
And I saved off the terminal log of everything I had done to a diskette, gave it to a friend with an explanation of what it was, and got on with my life.
Never did hear back from them.... neither did anyone else, they appeared to have gone out of business shortly thereafter.
I think they covered it a year or two ago, actually; it seems familiar.
I also looked for a price on this engine. The first I saw was about $2800 for a remanufactured unit, with a $700 core charge. It's used in bobcats and similar. If you're building this "car," you won't have a core, so it's going to cost you $3500.
From the web site:
So the $25,000 is a guess at what you might be able to buy parts to build it for. It isn't an offer to sell a kit.
It's not rocket science, but it is dishonest and immoral.
Well the biggest problem with her daughter being pregnant (despite being engaged) is that the girl is 17. A bit young by modern standards.
Afraid I don't understand actually.
OK, the merchant shouldn't have your card # on file.
But wait, actually, according to my understanding of current PCI rules, they can have it on file, so long as it's secure from hacking. Not fraud, hacking.
Fraud = an employee steals the number or is fooled into giving it away.
Hacking = IT security breach causes the loss.
So if they wrote it on a piece of paper and put it in a file drawer, it's fine.
If it's in electronic format, that's something they have to prove is secure - or, assuming they're a minor merchant, they have to claim is secure.
Now, we all know how easy it is to fool someone into giving you the card number, but once again, that would be fraud, and is not really covered by the PCI standard afaik.
Err, have you ever been to Toys R Us?
Looks fundamentally similar to http://www.toysrus.com/product/index.jsp?productId=2647157
My team does almost 100% maintenance programming. It's rare that we write a new program.
The application has been developed, in C, over the last 20 years.
Our coding standard is "try to figure out what the file you're in mostly looks like. Do that."
Here's a tip for a new router:
Soekris (www.soekris.com) + m0n0wall (http://m0n0.ch/wall) = happiness.
Daily? You've got something wrong. My router is in the furnace room with all the other utility equipment and I pretty much just ignore it. In fact, I ignore all of the network equipment - it's all working flawlessly with zero attention. 2 WAPs (one private, one public,) a router, a print server, and a cable modem.
I had a D-Link for years and have now switched to a little Soekris system running m0n0wall.
None of my routers have had any wireless capabilities - my routers are routers, and my WAPs are WAPs, and that's how I like it. One device for each task is my philosophy.
The only time I ever have to reboot anything is after a power or other internet outage. Then there sometimes is a little dance of "unplug cable modem, power off router, plug in cable modem, wait for all the lights to return to good state, turn on router" to get things working again. Aside from a vain attempt a couple days ago (internet really was out) I haven't done that in months at least.
Thanks! I was just reviewing the Microsoft patch at work today - evaluating what category it should go into ("OMG NOW NOW NOW", "Soon", "Next Release", "Never.")
That helps a lot with understanding it. (I said "Next Release", by the way.)
If you want to live and work abroad, pick the language for where you want to go.
If you're planning to stay in the US, get fluent in Spanish. And not just if you're in the Southwest; the Hispanic population is growing everywhere. You probably won't need it for interacting with co-workers, but if you ever have contact with end-users, you may need it then. God knows when I was carrying a pager it would have helped a few times.
Keep in mind that a lot of corporate systems - where the end users don't have access or ability to upgrade Internet Explorer - are probably still running IE6.
The oft cited reason for this is compatibility. Some corporate intranet sites or other internal web applications require IE6 and don't function right under IE7.
And in Chicago they shoot them off over Lake Michigan.
In Peoria, they shoot them off over the Illinois River.
In fact, most places strongly prefer to shoot fireworks off over water - because there is no chance of catching the water on fire.
Now, if they were somehow bouncing them off the water, that would be something unusual and definitely something worth seeing.
Go back to the police officer who wanted to help you. You can teach someone who cares.
You cannot make someone care.
Explain to him that it's kind of like LoJack - but you need some court orders to get the physical location information broken loose.
Walk him through the information you have, and what business entities can turn that information into physical-space addresses.
If you have IP addresses, MySpace and Google logins, you probably have enough information to identify the people in current possession of the laptop.
He can work with the DA to get appropriate court orders to turn logins into names and addresses without fully understanding any of it.
Dunno why Lewis being wrong is upsetting.
Everything I've ever heard as a "Gartner opinion" got one of two reactions from me:
1. Well duh.
2. No, that's obviously wrong.
Looks like this is #2.
Shockingly off topic at this point, but I'd rather the community as a whole worked to keep alcohol out of the hands of my hypothetical 12-year-old kid than depending on me following him around. I know, I know, he can get it if he really wants it, but still. Give me a hand at least.
Doesn't mean I'm convinced that 21 vs. 18 is the right age, but as I said, that is irrelevent to this topic. Drinking was merely an example of something you must show your ID for.
Dragging us back to the topic....
If I forget my work badge I have to show the security guard ID so he'll let me in.
If I get pulled over I have to show the police officer my driver's license, even if he ultimately doesn't give me a ticket for absent mindedly driving almost 100 mph. (It happened, btw. I was shocked that I wasn't at least ticketed.)
If I want to open a bank account, I have to show some form of ID.
If I look 17 and want to go to an R-rated movie, I have to show an ID.
If I look 17 and want to get into a strip club, I probably have to show an ID. (Seems like, but I've never been.)
If I'm 19 and want to get into a bar in Champaign, IL, I have to show ID. (True 20 years ago at least.)
If I want to use my credit card at the Disney store I have to show an ID. (Counter to network rules, but none the less true.)
There are plenty of actions where you have to prove your identity to do them, and I don't see why using an airplane ticket shouldn't be one of them.
And when there are people queued up behind you anxiously wondering if they're going to make their flight, that isn't the time to decide to make a stand. Just show your damn ID and get on the plane so I can get on mine. Your right to swing your arms wildly in the air ends at my nose, and this kind of shit is really close to my nose.
Oh and one more thing. The recent absurd TSA policies aren't the only cause of clogged up lines.
I've been flying for decades, and have encountered both long backed-up lines and short no-wait lines all through those decades. It's a function of the number of travellers, the percentage of experienced travellers, and the number of on-duty security people.
Maybe I'm too unconcerned about my own privacy but it seems to me you may be a bit too concerned about your own.
I don't really care if a vendor knows my name, whether it be a restaurant, an airline, or my dry cleaner. I'm entering into a business relationship with them, and I think they're as entitled to know who I am as I am to know the name of the airline or the restaurant or the dry cleaner. Maybe that's a product of my upbringing; I grew up in a small town, and everyone knows everyone. Then I owned a small business, wherein I collected names and addresses, but never put them to any use - not even junk mail - except the one time I recalled some products because a bunch of people had problems with them and I was tired of the slow trickle - better to just get it over with.
You have to show ID to buy alcohol because that's the only mechanism for verifying age. I suppose there could be a government program for tattooing everyone's birth date on their forearm but you probably wouldn't like that either.
I did skim TFA and don't recall anything where the TSA claims this would stop terrorism.
I think this is perfectly reasonable policy; don't waste people's time and clog up lines by refusing to show ID. If you forgot your ID, that's fine, they'll pat you down and send you through. But when hundreds of people are trying to make their flights, don't get all civil rightsy over nothing.
So you have to show a driver's license. So what. Until recently I had to show ID to buy a beer, and I'm 39. I just finally look > 35 because the hair that isn't falling out is turning gray.
You used your name when you bought the ticket, didn't you? Exactly what privacy do you think you're protecting?