"Yes, because the classifications of businesses are screwed up, so that you can end up with any "manufacturing" company getting a certain minimum allotment, even if that company is a one-man outfit who builds furniture by hand, with no power tools."
So what? That would mean that such a company is more efficient than its competitors so, again, its competitors are compelled to lower their emisions such a) they don't need to buy from it, b) they reach a point where *they* are the ones selling carbon credits to the laggards. Still a win-win.
"What manager in their right mind would fire an employee for breaching something as minor as a pathetic little IT policy?"
I'm not the one going to say otherwise; it's their business, after all. But we should remember that those same managers that won't fire somebody for breaching a pathetic little IT policy are the ones that tend to consider that all that fuss and expenditure is another pathetic IT policy... you know what I'm saying, Sony, I'm looking at you (but I could look at a lot of other people/companies as the cases of privacy breaching are not even surprising).
"if your type of business is allowed to emit 100 tons of CO2 every year, and for whatever reason you only emit 10 tons, you can sell 90 tons of "carbon offsets" so that other companies that can't comply with regulations are covered."
Not to tell there's not a lot of glaring fraud there but, did you stop to think how is it that a given type of business is allowd to emit 100 tons of CO2 (provided no fraud is involved)? Exactly! because standard practices for your type of business usually produces a bit more than 100 tons of CO2, so if you manage to do it with just 10, it is exactly the point that you are allowed to sell your 90 tons offset for a price so both you and your competitors are encouraged to go that path.
"Now, if the carbon credits work by having some company agree to plant enough trees to absorb a certain amount of carbon (say the equivalent to the round trip flight to Tahiti), the trees will in absorb it, but the carbon hasn't actually been taken out of the cycle. IE, they will die or get eaten by something, and the carbon will still get released into the atmosphere eventually."
Do you know how all that coal happened to get there?
Coal is wood from the past, you know, wood which is made out of Carbon that didn't get released into the atmosphere.
"How about silver, which projections have shown that we will be OUT OF in twenty years?"
What will it be transmuted into?
"How about any number of other raw materials"
Like uhhh... And remeber they not only need to be there, they need to be cheaper too.
"where we can put the environmental disaster out into space where it won't do any damage"
Like... how? A big graphene chimney from industrial complexes out to space?
"How about rather than trying to centrally plan a colony on an asteroid before we get there, we just let people go out there and mine whatever is profitable, and form their own colonies?"
No problem for me with that. And good luck with your profitability plans unless big dad g'vment goes into the equation.
"And you don't NEED to "break ties" with Earth."
When the argument is "we need to go to space in case Earth gets destroyed" then yes, you need to be able to survive without the Earth to claim a win.
Do you *really* mean stablishing a self-suficient colony on an asteroid? Because that's what we were talking about.
And then again, what do you expect to get from an asteroid that would mean such a big difference for us down here on Earth? And if you talk about mining asteroids for our outer colonies you go back to square one again: it'll take a bit more than graphene to stablish a self-sufficient colony anywhere in the Solar system. And as long as you are not talking about a self-sufficient colony you still haven't broken ties to big old Earth.
"if you do not design your service/software with horizontal scaling in mind, you may find that your service does not scale up on "the cloud" any more effectively than it could on your own servers."
Absolutly true. But then, once you learn your design is pure bullshit, what do you prefer? Just close your accounts with your cloud provider and start anew or being there with a lot of useful-for-nothing hardware that you still have to pay for?
""Cloud" does not imply scalability, it implies out-sourced infrastructure which is accounted for as an OpEx, rather than a CapEx"
And being so, it's a perfect match for a company that still has not demonstrated the ability to earn a dime out of its idea nor has the slightest idea about what its real volume -thus, its real needs, will be.
And you have a very poor imagination and sense of "exploration."
Or he has a stronger sense of reality than you.
"If nothing else, it would make maintaining our orbital space much cheaper."
Or not. You talked about imagination, let's test yours: can you imagine what could happen when you put a space elevator sweeping out a full of space debris low orbit at some few thousands miles per hour?
"Then we could finally get off this rock so if we don't figure out how to make it work here, at least we have some options to start over with."
Where? as per the grandparent, once you get there, you'll see it's still an emptiness. Are you meaning other planet within the Solar system? It'll take a bit more than graphene to stablish a self supporting colony there. Out the Solar system? It'll take a bit more than graphene to convince Einstein to allow us to go faster than light.
"IT is not an investment, just like cleaning the freaking floors in the office isn't an investment. It's a cost."
Mixing apples and oranges here. IT can perfectly be a cost center and still asking for the ROI of an IT *investment* as well as for anything else.
You talk about cleaning the freaking floors. OK, let's talk about cleaning the freaking floors then: if the floors are percieved as being clean enough and you insist in expending more on cleaning the freaking floors (i.e.: hiring a more expensive while arguably better cleaning team -the floors won't only look clean, they'll shine) what do you think that will happen? Exactly: someone will ask you "where's the ROI?
"Talking of ROI with relation to costs is retarded."
Of course it is: ROI is about *investments*, not costs. But any money you start expending now in order to gain something tomorrow is -gasp! an investment, therefore is perfectly reasonable to ask when the investment will pay for itself, in other words, when you will get a Return Of Investment.
Because that's already done and the cost of supporting devices that you can't completly control is obviously larger in quite a lot of ways (management tools, training, baselining, added complexity and variability...) and even in some unobvious ways (when you allow for somebody to use his own car for business purposes you have to reimburse gas and tearing; you don't think that you'll get to use their devices for free, do you?)
"If it costs me less to support a device owned by an employee plus the added risk of lost/compromised data than it does to purchase, maintain, support and then ultimately dispose of a device owned by the company, then it makes perfect business sense."
Yes, you are right. It's only that as of today, it costs more and poses a higher risk.
"Assuming our deep packet inspection didn't catch it, we tell them the id who signed in to that IP."
So the choice is "pay and manage a complex and expensive system" or "use our cheap to manage and to-the-point devices to do the job you are paid for". I see a clear business case with one of the options, not sure about the other.
"I believe the solution is to put the "courtesy" network completely outside of the work network--no connection."
You are forgetting the main point of the article, then: "enable a new generation of workers who use consumer technologies to communicate and be productive."
It is not about allowing people to use their personal devices for their own personal pursuits on work time and premises but allowing people to do their job using their own personal devices. That means to find a way to allow those personal devices to access the production network.
" At this point, if you're not comfortable working with a PC / Mac / Linux desktop and knowledgeable enough not to do stupid things, then you're a dinosaur just hanging on until retirement"
So true. I've never met a computer from somebody below the 25-year-old mark that was infected of powned.
"What's the problem with having some egress filtering to prevent spam escaping from pwned machines, and with having proper NAT infrastructure in place to log everything? If the network is set up properly, each wired guest machine can be on its own vlan"
The problem is that it takes time and effort, thus money, to configure that way. Since it takes money an obvious question arises: where's the ROI?
If it can be shown that the extra risks and management time and money due to allow foreign devices on the network pays back, well, no problem.
Remember it won't be done because it can be done but because it pays back.
"On the other hand, requiring project management entries, and change control tickets, and manager signoff, and hours accurals, etc etc etc for a bugfix that simply has to go to production ASAP is just silly, and doesn't help matters at all."
But then, when you are overwhelmed you'll damn your manager because he is unable to bring some more hands where they are so needed. It is your tickets and your hour sheets what will allow him to show higher managment that the case is that your work load has increased 50% last year so some more hands are needed instead of you being a lazy one hidden on dark corners to avoid working as needed.
The more ASAP and firefighting work you find yourself doing, the more all that managerial stuff is needed to bring a solution to the table.
"It's among one of the older tricks in the book to pass a law which cannot reasonably be followed to the letter, typically enforce it in a reasonable way, but then bring the hammer of selective strict enforcement down later."
Yeah, that's the thesis from Michel Foucault. It's only that privacy laws are in fact enforced to the letter. It's not so difficult since they are quite reasonable and not such a big burden.
Just think critically about what would you consider fair about how others should manage your personal data and you won't be too far away from 95/46/CE which is the basis of privacy laws for all EU countries.
"No, it's the "a gun-range should monitor the weapons it gives out, and how all weapons on the grounds are used - or be liable for any killing/injuries incurred on it's land or with it's property" argument."
So a cab driver is responsible if he happens to drive an assassin to his victim. Quite understandable.
"did I mention that in practice Apache's default configuration is illegal?"
It is not. It is only that you should consider Apache logs as containing personal data and take care of them accordingly. As long as you plan to use those logs for its obvious purpose (technical maintenance) you don't need explicit consent: it is implicit by the fact you reached them with your browser.
"Notice how the EU has forced most (even US-based) ad networks to work around that by at least masking the last byte of the address."
That's only a mid-true: add servers collect IP address in order to process them as personal data (i.e. to focus their message), so they need explicit consent for collecting them: they don't get explicit consent for that, they can't collect them. Quite simple.
"Yeah, but to put credit where credit's due, it started in Germany, with other countries following in, which ultimately lead to the EU directive 95/46/EC."
It couldn't be Germany alone, then. EU directive 95/46/EC is from 1995; Spanish LORTAD, which was basically the same, is from 1992.
(Spanish LORTAD had the only miss in that it focused only on "automated files" while 1999's LOPD following 1995 EU directive is executive over both computer and paper files).
"The problem with this law is that when company A collects personal data and gives it to company B to have it maintained and processed, company B is responsible to follow the provisions of this law."
Within legal jargon it is one thing "processing" and a different one "giving away". Basically, when "processing" the data can't be used for anything different than that it was collected for. The main responsible it is still the company that gathered the data but of course, due dilligence that those processing the data are going to follow proper procedures is expected.
If company A *gives* the data to company B, then company B will be able to do with it whatever it see fit, so a new explicit consent is needed.
Again, processing data is different from owning data.
Which is a fair business asumption, so no need of explicit consent. *But* you will need to take care of it as the personal data it is (so you can't pass it away to a third party to process it for different purposes than proper technical web site function). No problem.
"You then registered for a forum on that website, entering your name and email address."
And then you are advised what those name and address are going to be used for, which is for the sole purpose you collected them to start with -accessing that forum or web site and nothing else, and ask for your consent. No problem.
"you tried to buy something, giving out your credit card number."
And, again, you are advised what your credit card number is going to be stored for, and reassured it is not going to be used for any other purposes but those needed to properly complete the transaction and those based on legal requirements. No problem.
You seem to forget EU has been living under these kind of laws for more than a decade and the sky hasn't still fallen over our heads.
"Well India is using this as a way to stop data from being outsourced away from India."
Or maybe as a way to be able to insource from EU?
For the look of it, these regulations seems to be basically the same we've had here in Europe for about a decade, so that would mean India could gain a "safe harbour" status.
Slashdot Mirror
"Yes, because the classifications of businesses are screwed up, so that you can end up with any "manufacturing" company getting a certain minimum allotment, even if that company is a one-man outfit who builds furniture by hand, with no power tools."
So what? That would mean that such a company is more efficient than its competitors so, again, its competitors are compelled to lower their emisions such a) they don't need to buy from it, b) they reach a point where *they* are the ones selling carbon credits to the laggards. Still a win-win.
"You want to shut off an abundant and cheap source in favor of mining the urine of hospital patients?"
Cheap, like, err... going to an asteroid for it? On the other hand, mining urine in a hospital *is* cheap. Maybe not so glamorous but certainly cheap.
"What manager in their right mind would fire an employee for breaching something as minor as a pathetic little IT policy?"
I'm not the one going to say otherwise; it's their business, after all. But we should remember that those same managers that won't fire somebody for breaching a pathetic little IT policy are the ones that tend to consider that all that fuss and expenditure is another pathetic IT policy... you know what I'm saying, Sony, I'm looking at you (but I could look at a lot of other people/companies as the cases of privacy breaching are not even surprising).
"if your type of business is allowed to emit 100 tons of CO2 every year, and for whatever reason you only emit 10 tons, you can sell 90 tons of "carbon offsets" so that other companies that can't comply with regulations are covered."
Not to tell there's not a lot of glaring fraud there but, did you stop to think how is it that a given type of business is allowd to emit 100 tons of CO2 (provided no fraud is involved)? Exactly! because standard practices for your type of business usually produces a bit more than 100 tons of CO2, so if you manage to do it with just 10, it is exactly the point that you are allowed to sell your 90 tons offset for a price so both you and your competitors are encouraged to go that path.
"Now, if the carbon credits work by having some company agree to plant enough trees to absorb a certain amount of carbon (say the equivalent to the round trip flight to Tahiti), the trees will in absorb it, but the carbon hasn't actually been taken out of the cycle. IE, they will die or get eaten by something, and the carbon will still get released into the atmosphere eventually."
Do you know how all that coal happened to get there?
Coal is wood from the past, you know, wood which is made out of Carbon that didn't get released into the atmosphere.
"How about silver, which projections have shown that we will be OUT OF in twenty years?"
What will it be transmuted into?
"How about any number of other raw materials"
Like uhhh... And remeber they not only need to be there, they need to be cheaper too.
"where we can put the environmental disaster out into space where it won't do any damage"
Like... how? A big graphene chimney from industrial complexes out to space?
"How about rather than trying to centrally plan a colony on an asteroid before we get there, we just let people go out there and mine whatever is profitable, and form their own colonies?"
No problem for me with that. And good luck with your profitability plans unless big dad g'vment goes into the equation.
"And you don't NEED to "break ties" with Earth."
When the argument is "we need to go to space in case Earth gets destroyed" then yes, you need to be able to survive without the Earth to claim a win.
"Asteroids, you fucking moron."
Do you *really* mean stablishing a self-suficient colony on an asteroid? Because that's what we were talking about.
And then again, what do you expect to get from an asteroid that would mean such a big difference for us down here on Earth? And if you talk about mining asteroids for our outer colonies you go back to square one again: it'll take a bit more than graphene to stablish a self-sufficient colony anywhere in the Solar system. And as long as you are not talking about a self-sufficient colony you still haven't broken ties to big old Earth.
"if you do not design your service/software with horizontal scaling in mind, you may find that your service does not scale up on "the cloud" any more effectively than it could on your own servers."
Absolutly true. But then, once you learn your design is pure bullshit, what do you prefer? Just close your accounts with your cloud provider and start anew or being there with a lot of useful-for-nothing hardware that you still have to pay for?
""Cloud" does not imply scalability, it implies out-sourced infrastructure which is accounted for as an OpEx, rather than a CapEx"
And being so, it's a perfect match for a company that still has not demonstrated the ability to earn a dime out of its idea nor has the slightest idea about what its real volume -thus, its real needs, will be.
And you have a very poor imagination and sense of "exploration."
Or he has a stronger sense of reality than you.
"If nothing else, it would make maintaining our orbital space much cheaper."
Or not. You talked about imagination, let's test yours: can you imagine what could happen when you put a space elevator sweeping out a full of space debris low orbit at some few thousands miles per hour?
"Then we could finally get off this rock so if we don't figure out how to make it work here, at least we have some options to start over with."
Where? as per the grandparent, once you get there, you'll see it's still an emptiness. Are you meaning other planet within the Solar system? It'll take a bit more than graphene to stablish a self supporting colony there. Out the Solar system? It'll take a bit more than graphene to convince Einstein to allow us to go faster than light.
"IT is not an investment, just like cleaning the freaking floors in the office isn't an investment. It's a cost."
Mixing apples and oranges here. IT can perfectly be a cost center and still asking for the ROI of an IT *investment* as well as for anything else.
You talk about cleaning the freaking floors. OK, let's talk about cleaning the freaking floors then: if the floors are percieved as being clean enough and you insist in expending more on cleaning the freaking floors (i.e.: hiring a more expensive while arguably better cleaning team -the floors won't only look clean, they'll shine) what do you think that will happen? Exactly: someone will ask you "where's the ROI?
"Talking of ROI with relation to costs is retarded."
Of course it is: ROI is about *investments*, not costs. But any money you start expending now in order to gain something tomorrow is -gasp! an investment, therefore is perfectly reasonable to ask when the investment will pay for itself, in other words, when you will get a Return Of Investment.
"Why does the decision have to bring in revenue?"
Because change costs money.
"Why can't it be a simple comparison of costs?"
Because that's already done and the cost of supporting devices that you can't completly control is obviously larger in quite a lot of ways (management tools, training, baselining, added complexity and variability...) and even in some unobvious ways (when you allow for somebody to use his own car for business purposes you have to reimburse gas and tearing; you don't think that you'll get to use their devices for free, do you?)
"If it costs me less to support a device owned by an employee plus the added risk of lost/compromised data than it does to purchase, maintain, support and then ultimately dispose of a device owned by the company, then it makes perfect business sense."
Yes, you are right. It's only that as of today, it costs more and poses a higher risk.
"For most employees IT policy is just that text that flashes up when they first turn on the computer."
That's a business decision.
Once you have fired the first half a dozen people that breaks the policy you'll see how fast the other will start paying attention to it.
As long as management thinks IT policies are mere extra fuss is no wonder that employees will think the same.
"Assuming our deep packet inspection didn't catch it, we tell them the id who signed in to that IP."
So the choice is "pay and manage a complex and expensive system" or "use our cheap to manage and to-the-point devices to do the job you are paid for". I see a clear business case with one of the options, not sure about the other.
"I believe the solution is to put the "courtesy" network completely outside of the work network--no connection."
You are forgetting the main point of the article, then: "enable a new generation of workers who use consumer technologies to communicate and be productive."
It is not about allowing people to use their personal devices for their own personal pursuits on work time and premises but allowing people to do their job using their own personal devices. That means to find a way to allow those personal devices to access the production network.
" At this point, if you're not comfortable working with a PC / Mac / Linux desktop and knowledgeable enough not to do stupid things, then you're a dinosaur just hanging on until retirement"
So true. I've never met a computer from somebody below the 25-year-old mark that was infected of powned.
Yes, I'm being sarcastic.
"What's the problem with having some egress filtering to prevent spam escaping from pwned machines, and with having proper NAT infrastructure in place to log everything? If the network is set up properly, each wired guest machine can be on its own vlan"
The problem is that it takes time and effort, thus money, to configure that way. Since it takes money an obvious question arises: where's the ROI?
If it can be shown that the extra risks and management time and money due to allow foreign devices on the network pays back, well, no problem.
Remember it won't be done because it can be done but because it pays back.
"On the other hand, requiring project management entries, and change control tickets, and manager signoff, and hours accurals, etc etc etc for a bugfix that simply has to go to production ASAP is just silly, and doesn't help matters at all."
But then, when you are overwhelmed you'll damn your manager because he is unable to bring some more hands where they are so needed. It is your tickets and your hour sheets what will allow him to show higher managment that the case is that your work load has increased 50% last year so some more hands are needed instead of you being a lazy one hidden on dark corners to avoid working as needed.
The more ASAP and firefighting work you find yourself doing, the more all that managerial stuff is needed to bring a solution to the table.
"It's among one of the older tricks in the book to pass a law which cannot reasonably be followed to the letter, typically enforce it in a reasonable way, but then bring the hammer of selective strict enforcement down later."
Yeah, that's the thesis from Michel Foucault. It's only that privacy laws are in fact enforced to the letter. It's not so difficult since they are quite reasonable and not such a big burden.
Just think critically about what would you consider fair about how others should manage your personal data and you won't be too far away from 95/46/CE which is the basis of privacy laws for all EU countries.
"No, it's the "a gun-range should monitor the weapons it gives out, and how all weapons on the grounds are used - or be liable for any killing/injuries incurred on it's land or with it's property" argument."
So a cab driver is responsible if he happens to drive an assassin to his victim. Quite understandable.
"We want the same laws here in Europe. No selling of Information to third parties, no lending etc without proper authorization."
Are you an Anonymous coward or an Ignorant coward?
Those are exactly the kind of laws we have here in Europe since 1995.
"did I mention that in practice Apache's default configuration is illegal?"
It is not. It is only that you should consider Apache logs as containing personal data and take care of them accordingly. As long as you plan to use those logs for its obvious purpose (technical maintenance) you don't need explicit consent: it is implicit by the fact you reached them with your browser.
"Notice how the EU has forced most (even US-based) ad networks to work around that by at least masking the last byte of the address."
That's only a mid-true: add servers collect IP address in order to process them as personal data (i.e. to focus their message), so they need explicit consent for collecting them: they don't get explicit consent for that, they can't collect them. Quite simple.
"Yeah, but to put credit where credit's due, it started in Germany, with other countries following in, which ultimately lead to the EU directive 95/46/EC."
It couldn't be Germany alone, then. EU directive 95/46/EC is from 1995; Spanish LORTAD, which was basically the same, is from 1992.
(Spanish LORTAD had the only miss in that it focused only on "automated files" while 1999's LOPD following 1995 EU directive is executive over both computer and paper files).
"The problem with this law is that when company A collects personal data and gives it to company B to have it maintained and processed, company B is responsible to follow the provisions of this law."
Within legal jargon it is one thing "processing" and a different one "giving away". Basically, when "processing" the data can't be used for anything different than that it was collected for. The main responsible it is still the company that gathered the data but of course, due dilligence that those processing the data are going to follow proper procedures is expected.
If company A *gives* the data to company B, then company B will be able to do with it whatever it see fit, so a new explicit consent is needed.
Again, processing data is different from owning data.
"Illegal!"
Only it is not.
"Their server logged your IP address"
Which is a fair business asumption, so no need of explicit consent. *But* you will need to take care of it as the personal data it is (so you can't pass it away to a third party to process it for different purposes than proper technical web site function). No problem.
"You then registered for a forum on that website, entering your name and email address."
And then you are advised what those name and address are going to be used for, which is for the sole purpose you collected them to start with -accessing that forum or web site and nothing else, and ask for your consent. No problem.
"you tried to buy something, giving out your credit card number."
And, again, you are advised what your credit card number is going to be stored for, and reassured it is not going to be used for any other purposes but those needed to properly complete the transaction and those based on legal requirements. No problem.
You seem to forget EU has been living under these kind of laws for more than a decade and the sky hasn't still fallen over our heads.
"Well India is using this as a way to stop data from being outsourced away from India."
Or maybe as a way to be able to insource from EU?
For the look of it, these regulations seems to be basically the same we've had here in Europe for about a decade, so that would mean India could gain a "safe harbour" status.