I am very familiar with White Hat. They use a combination of internally developed tools and real live thinking human beings really actively trying to exploit code and logic flaws in the environment.
In my experience, they are very sharp and very (exhaustively) comprehensive.
This is not a handful of "audit kiddies" who barely know how to install and run their tools let alone understand what those tools find.
.... you realize that he is not trying to convince you to hire him but rather trying to decide if he wants to work for you.
I work with people young and old and I find that there is different value in what each bring to the team. Young, bright kids tend to have more energy, enthusiasm and inspiration. Older usually means family which reduces their enthusiasm for long hours and travel. Young engineers will usually have the "hard skills" (as in technical ability, programming knowledge, etc) and they learn very quickly. On the other hand they often lack soft skills such as the ability apply systematic troubleshooting to an unusual problem, the experience to instill calmness and focus in a crisis, the ability to "stealth manage" a project with an inept PM or the ability to fix a really stupid customer's problem while managing to make that customer look like a hero to his management.
Yes, often older engineers will be instinctively guided toward solutions they have seen work--which is sort of the opposite of innovation. Some older guys do fall behind on current technology. Others realize their only job security is their ability to learn new skills and seek out new problems. You want to hire the latter.
Youthful enthusiasm vs age and experience? I think you need both for a well-rounded team.
I don't want the dead weight dragging me down. I want my employer to be free to fire anyone, anytime. Nothing is worse than having to pick up the slack for people who don't get it or won't do it.
I don't want to have to wait in line behind some dull C- lifer to get a senior position. I want to move my career at my pace, not the pace dictated by some one-size-fits-all collective bargaining agreement.
I don't want to have a "shop steward" or analogue who butts into the operation of the business. I want the business to be run efficiently based on business goals and profitability because if my employer succeeds I will either benefit fiscally or at the very least my marketability will improve.
I don't want a standard payscale based on seniority and bogus paper credentials. I want the freedom to negotiate my job based on my value.
And for the people who have bad working conditions where their employer is taking advantage of them, you have three choices:
1) Renegotiate your job. 2) Get a better job. 3) Accept that you are not good enough do 1 or 2 and be happy someone lets you pay your mortgage for populating a cubical.
Unions protect the B and C players at the expense of those who excel. We don't need them in IT.
I agree that if an e-commerce site has a broken cert we should make it less than super-easy for novice users to bypass it. I think the interface should look *different* than a mere website error because it will be misreported to tech support by confused users and because a bad cert is a much worse problem than a temporarily inaccessible site. If the intent is to improve user behavior by forcing them to think about and undertstand what is going on, then the error page should be clear, concise and unique.
And there needs to be a way for expert users to go back to a one-click. I have no problem with the default being intrusive, but for god's sake let me turn it off so I can get work done.
The arrogance implied in some of these responses is astounding. "It's not a problem with Firefox. Everyone else just needs to change how they do things."
There are two problems with the feature:
1) It looks like a broken website and is not intuitive. If you want to make it clear to users that the site is suspect then say so in clear language that they can understand.
2) You can't get it out of the way. This feature alone is going to drive me away from Firefox as an everyday tool because I work all day long with devices that are manufactured with a self-signed cert so this is a pain in the ass until you replace it. Also, I work routinely in environments that set up new applications using self-signed certs for test instances which are often on IP's that don't resolve to the CN, etc. Not every customer has the infrastructure or expertise to run their own CA, the money to purchase trusted certs for thousands of internal devices or the foresight to obtain them before they are needed. The number of clicks is just a major pain in the ass that is making Firefox more irritation than joy.
Just give me something in that lets me choose the old behavior. I *know* enough to be able to distinguish between a bad cert at a supposedly legitimate site and a testing or temporary cert that was shipped with a device or which I just created two minutes earlier. And no, I'd rather not import tons of bogus signing certs into my browser and thereby pollute and clutter up the set of trusted certs. Just let me choose the old behavior thank you very much. Make it easy for me to bypass when I know it should be bogus. Make it easy for me to examine the cert if I am uncertain. One of the fundamental principles of security is that if you make it too hard to understand the controls or too much work to comply with users will find ways to circumvent the mechansim. In this case, circumvention will mean that users become irritated and stop using Firefox which is a net loss to the internet and to internet security.
Hey, I was just there to plug the network together. If I had to learn the application framework of every single thing I've had to touch I'd never get anything accomplished. And frankly, by the time the application gets to the network guys, it's usually got so much development time invested that you can't redesign it even if it is the worst turd to roll out of a programmer since Hello world. You take what the devs have churned out and you try to make it work and reasonably secured. Would it be nice to have application folks work with the infrastructure and security people before they devote thousands of man-hours to coding an application? Yup! Does it happen? In my experience this pretty uncommon.
Maybe my bitch is with DCOM and pinheaded developers and not.Net. I'll accept that.
By MS consultant I mean he was a Microsoft employee from their professional services division acting as a consultant to help resolve issues with the application. So call bullshit all you want.
Yes, we restricted the port ranges but guess what? When you do that on a SQL server box it crashes under load and MS was never able to resolve the issue. These was true even if the restricted range was very large or very small.
Where did I ever say "one box"? I said flat which means in one network segment.
As I said in my first post, "there may be a better way to implement.Net". I guess it would have been too much for someone to just post information instead of resorting to calling me a liar.:)
Bad form to reply to myself but leaving for the weekend. By routeable IP's I mean internally routeable (the app and db layers needed to communicate between sites). But I don't trust the corporate network much more than the internet so it is still a problem in my book.
I notice the article did not talk much about the implications of having a.Net implementation on your network.
The one (and only) multi-tiered.Net implementation I have had to work with was a networking nightmare. The whole thing used DCOM which is a total pain in the ass. No NAT'ing (DCOM doesn't function across NAT) means that production DMZ's had to have routeable IP's. DCOM uses RPC which means that firewalls have to allow the entire high port range (>1024) between tiers. The transaction protocol in the framework likes to talk all the way from web layer to db layer so defense in depth is pretty much thrown out the window.
It may be that there is a way to use.Net without running into these issues, but the developers and the MS consultant all insisted this was standard and typical. Of course, they all also insisted that the environment would be better off flat and the MS consultant strongly urged not doing multi-tiered. So I suppose if you don't mind having your SQL server in the DMZ.Net is great.
Between traditional employment and contracting and consulting I've seen alot of managers in action that run the whole gamut of technical knowhow and I've noticed almost no correlation between technical skills and good management. We all bitch about the clueless boss, but sometimes the clueless boss *knows* he is clueless and sticks to the things that he can do and lets his engineers make the decisions he can't which actually gives us *more* control over our lives since it frees us to implement processes and technologies that actually work instead of those that some hottie saleschick convinced the boss he had to have.
Most of the things a manager needs to do are not technical or are things he should not be doing without input from his top engineers. He needs to:
Manage people (set schedules, manage vacations, do performance evaluations, distribute bonuses, etc)
Make strategic decisions (choose technologies, distribute budgets)
Fight up the chain for needed resources (people, rasies!!, budget)
Protect his team from outside groups so that they can enforce rigor and process and keep his engineers sane and hopefully not overworked or in perpetual fire-fighting mode.
Stay out of your way so you can get things done (enough with the status reports already!).
If you have a non-technical manager who can get your team the resources it needs, keep others off your backs, lets you self-prioritize and self-schedule as much as possible and gets you raises and cool toys, then KEEP HIM. Just convince him that he needs to defer technology decisions to the senior engineers. He probably isn't really that comfortable making those decisions anyway and I have found mba-types to often be quite easy to guide to the realizition that making a tech decision is not a managerial task.
On the other hand, I have had some highly technical managers who couldn't keep their little fingers out of every little situation--often with dated knowledge since they can't stay fresh like a practicing engineer. I once had a manager who had been out of the trenches for a decade but who insisted on logging in and "looking around" during really hot problems. Inevitably he'd walk in every 30 minutes and ask about something we had already seen and discounted or taken care of. Once as a joke we modified his shell so that it just said "Everything is working fine, sir." no matter what he typed.. lol:)
The problem with lots of MBA-mill managers is that they apply the crap they learned in school to managing developers and engineers and don't understand that what we do IS NOT MANUFACTURING! Most high-tech work is highly creative and hours worked does not always correlate to productivity. Problem solving, coding, etc all require focus and inspiration and do not respond well to traditional management techniques. So that is the main upside to a technical manager is that he at least has been there and has some idea what it is like. Unfortunately many technical managers can be so lacking in management skills that are clumsy for a long time before they learn how to manage engineers. This can be compounded since so many of us have had bad managers--it's like child-abuse, even if they know the a-hole boss method doesn't work on engineers it's the only thing they've experienced and so they revert to it out of desperation because subconsciously that's how they think a boss is supposed to act.
The ideal manager is one who understands *engineers* since that is what he is managing. If he understands the technology that is a big bonus if he is able to do all the other stuff. But I'd trade a technical boss who can't protect his people or wage corporate war effectively for a "clueless" MBA who can wrap the C-level executives around his little finger any day of the week.
Not so simple. You are correct that anonymity and secrecy are highly feasible with current technology but you forget the matter of verification. Any responsible journalist gets at least two credible sources to independently confirm a fact before printing it. Usually if there is only one source it has to be highly credible and usually senior editors sign off on it.
With pure anonymity you get a possibly great scoop that has no credibility.
In some cases it might be possible for a source to demonstrate credibility because of the information they transfer (ala Deep Throat) but that will be rare.
If the reporter knows who the source is--a basic requirement for the reporter to establish that source's credibility in most cases--then the reporter can be subpoenaed to divulge that identity. And the prosecutor will know that there is a source because the reporter claims it *right there in the story* ("senior administration officials confirm blah blah blah"). If they don't use the commonly accepted jargon for credible anonymous sources then the story has trouble getting legs and the reporter might as well not write it.
Now of course it is possible that newspapers will be able to use encryption, agressive shredding, etc to make investigation of sources more difficult and possible crimes harder to prove in court, but I am not sure if that will fly in the face of GLB and SOX, not to mention whatever
Congress cooks up after the first time a really high profile "traitor"-type case comes along.
Oh. I think we agree on long-term benefits and anyone who works for a wise company/manager with reasonable policies needs to realize how fortunate they are. Just saying lots of managers won't see it that way. The *like* work-a-holics cause it lets them keep headcount and expenses down long enough to get promoted out of the job *they* hate.
I was thinking of continental europe, particularly Germany and France, which have relatively short work-weeks (not sure exactly--I have heard as low as 32 or 30 hours) and very high unemployment.
If a co-worker sees you surfing porn they can sue you or the company or both claiming a "hostile work environment". The company at least would have to absorb the cost of defending themselves and even then would have to prove that they had taken reasonable steps to prevent such "harassment".
If you think this is ridiculous I will have to point out that there was a sexual harassment case brought against someone I used to work for in which one of the complaints was that he had a Rolling Stone magazine with Gillian Anderson on the cover at his desk and said she was "hot". Yes, stupid. Didn't prevent the company from having to spend money defending the suit (not to mention carrying the complainant--who was totally inept--for almost two years after she would have been fired while the case was arbitrated and then adjudicated). I have worked with people who seemed to have HR on speed-dial and were willing to use that weapon to advance or protect their positions.
Now if you happen to veer off into kiddie-porn or snuff or other illegal activities, the risk is greater as the IT assets of the corporation (firewalls, proxy servers) could be siezed as evidence.
Funny anecdote. I was doing some work on the proxy servers at one place (mgmt wanted to start getting reports on what surfing people were doing to questionable sites) and noticed a guy going to swingers sites (with nudity) and other sites that were prohibited by policy--but not well enforced at the time--between 7 and 7:45. He was a low-level tape jockey and my guess was that his boss tended to show up just before 8. So, I called the number in his profile and just said "Hey, just a friendly call. You do realize everything you do on the internet is logged?" That was the last day he hit those sites.
"Secondly there's nothing wrong with his attitude, the agreement you have with your employer is that they pay you to provide certain services to them. If they aren't paying you for something then you shouldn't be doing it. This is not a bad attitude and shouldn't affect your chances for promotion or anything else."
I agree. But until that is the point of view of most IT professionals and until most of them are willing to stick to their guns it is never going to change (in the US--not sure about things like this balance across the pond in the land of 30 hour work weeks and double-digit unemployment). From a management point of view it *will definitely* affect your chances of promotion.
It's really quite simple. If a manager has to choose between Bob, who does good work for 40 hours but leaves at 5-sharp every day or Fred, who also does good work but burns the midnight oil and carries a pager without compensation he's going to choose Fred 9 times out of 10. And since IT professionals only stick with one employer for an average of, what 4-5 years, "burnout" isn't an issue from a cynical management point of view since the guy who burns out quits and becomes someone else's problem (never mind that we all know we wouldn't burn out and would stay longer if things were more reasonable).
I think you have a reasonable outlook but not everyone is fortunate enough to work at a place that allows you to escape. And, the problem is that "IT Decision Makers" routinely expect well in excess of 40 hours per week from their employees. My current position is with a company that has a good work-life balance but when I was working in major corporate IT divisions I was *expected* to work more than 40 "if needed". And since we tended to get projects assigned with unrealistic deadlines, "if needed" meant "damn near always".
So if I am expected to put in extra effort and extra hours it is up to *me* to determine whether I want to do a couple surfing runs each day so long as I'm not doing things that put the company at risk (surfing porn, emailing competitors, etc). As long as I meet deadlines and my productivity is good, it's none of their business how I divvy up my time. And this doesn't even touch the fact that it is almost impossible for a senior IT worker to get a real "day off" anymore.
That being said, there is a serious problem with a minority of people who do things like daytrading, fantasy sports, shopping, etc all day long while doing the absolute minimum to avoid losing their jobs. But that is a management problem not a technology problem and it is wrong and short-sighted to punish 95% of your employees because mid-managers are too lazy (or too busy daytrading and playing fantasy football) to stay engaged in their employee's tasks and responsibilities.
I wish there were some surveys to compare the relative productivity of companies with liberal internet policies to those with a "total lockdown" mentality. My suspicion is that good management + a liberal policy would result in greater productivity (from improved morale) than an IT policy that treats the employees like untrustworthly spoiled children.
"As I said, I come from a south-american country. I don't think anybody from the US has any right to speak about "tinpot dictators" after all the military dictatorships the US have supported "in their back garden"."
I agree that the US has at times acted in a short-sighted fasion in the name of geopolitics and I did not intend to offend by using a term that might be offensive to someone from a region of the world where military and other dictators are a very real possibility and not just a foreign policy consideration. But that does not invalidate my right to speak my mind. Nor does it change the fact that the overwhelming majority of the UN General Assembly delegates are appointed by non-democratic autocrats. I will not relinquish the ability to tax me to such an entity without a fight and neither will most Americans. We are sorta feisty about taxation by unrepresentitive foreign entities:)
"And as for the US not changing what I can do on the net... I'm not sure, seeing how your president and government behave. The fact that the US people reelected him gives me even less certainty."
I respectfully disagree. Bush's administration is not as internet-age saavy as I would like, but as at least it's free market instincts have helped to keep the encroachment of taxation on Internet businesses down (most of that is being pushed by the States and opposed by the Bush Admin and congressional Republicans). There is not much difference between his and Clinton's administration on most Internet-related issues.
I respect the participation of the people of the world in the Internet. I have friends all over the world. But the point is that you *don't* see the US government telling you what you can and cannot do on with the Internet. They tend to intrude a bit too much into what *I* can do (coercing ISPs into housing carnivore, etc), but that would be true for traffic passing through assets on US territory no matter who is doling out domain names and running the root servers.
Domain registration is the only cost and it is cheap and relatively efficient.
The UN just wants to grab this because they see it as a way to finally get an independent revenue/tax base.
I DO NOT want the UN to ever become the "World Government" until such a time as every person in every country is free to vote in a liberal democratic society with an independent judiciary and free press.
And until then I don't want the diplomats appointed by the tinpot dictators that govern 2/3 of the worlds population to be able to levy at tax on me.
The theft was systemic over an extended period. Yes, I do expect that employees should not be able to perpetrate this sort of crime over an extended amount of time.
If they discover that the theft used formal egress channels (corporate email or personal webmail via proxy servers, for example) the banks are probably liable due to negligence in securing their environment.
Banks, hospitals, and other organizations of "high public trust" must be held accountable to a higher standard when it comes to which employees have broad access to personal data and what information they allow to leave their premises (phyiscally or electronically).
This is pure garbage. We *have* contracted banks to safeguard our personal information. Banks have a host of legal obligations regarding the safeguarding of personal information. And even if they didn't, their websites and agreements are full of statements like:
"Keeping financial and personal information about you secure and confidential is one of our most important responsibilities. Our systems are protected, so information remains secure." (Bank of America, Online Privacy and Security Policy)
I'm sure there are similar statements in the microprint contracts we all threw away the day after opening our checking account.
Did anyone read the second article?
"One former executive of a top-ranked computer maker alleges the organization is asking a $4 licensing fee for each chipset using OFDM technology, amounting to up to 70 percent of a chipset's price"
Personally, I think CSIRO's patents should be observed. But I found very little except this tidbit to explain the actions of the companies brining the action. Big groups of competing companies don't band together to bring an expensive legal action unless they have a very clear incentive.
(speculating here) It may very well be that this step is being taken because while $4 doesn't sound like very much it is inhibiting putting wireless technology in very simple low priced devices or devices with a very low margin? Does anyone know if CSIRO was approached about altering the price structure and refused? A $4 skim off the top of a $1500 centrino-equipped laptop isn't much. But a $4 skim off a $12 USB Wireless fob is pretty harsh.
Slashdot Mirror
I am very familiar with White Hat. They use a combination of internally developed tools and real live thinking human beings really actively trying to exploit code and logic flaws in the environment.
In my experience, they are very sharp and very (exhaustively) comprehensive.
This is not a handful of "audit kiddies" who barely know how to install and run their tools let alone understand what those tools find.
.... you realize that he is not trying to convince you to hire him but rather trying to decide if he wants to work for you.
I work with people young and old and I find that there is different value in what each bring to the team. Young, bright kids tend to have more energy, enthusiasm and inspiration. Older usually means family which reduces their enthusiasm for long hours and travel. Young engineers will usually have the "hard skills" (as in technical ability, programming knowledge, etc) and they learn very quickly. On the other hand they often lack soft skills such as the ability apply systematic troubleshooting to an unusual problem, the experience to instill calmness and focus in a crisis, the ability to "stealth manage" a project with an inept PM or the ability to fix a really stupid customer's problem while managing to make that customer look like a hero to his management.
Yes, often older engineers will be instinctively guided toward solutions they have seen work--which is sort of the opposite of innovation. Some older guys do fall behind on current technology. Others realize their only job security is their ability to learn new skills and seek out new problems. You want to hire the latter.
Youthful enthusiasm vs age and experience? I think you need both for a well-rounded team.
I don't want the dead weight dragging me down. I want my employer to be free to fire anyone, anytime. Nothing is worse than having to pick up the slack for people who don't get it or won't do it.
I don't want to have to wait in line behind some dull C- lifer to get a senior position. I want to move my career at my pace, not the pace dictated by some one-size-fits-all collective bargaining agreement.
I don't want to have a "shop steward" or analogue who butts into the operation of the business. I want the business to be run efficiently based on business goals and profitability because if my employer succeeds I will either benefit fiscally or at the very least my marketability will improve.
I don't want a standard payscale based on seniority and bogus paper credentials. I want the freedom to negotiate my job based on my value.
And for the people who have bad working conditions where their employer is taking advantage of them, you have three choices:
1) Renegotiate your job.
2) Get a better job.
3) Accept that you are not good enough do 1 or 2 and be happy someone lets you pay your mortgage for populating a cubical.
Unions protect the B and C players at the expense of those who excel. We don't need them in IT.
I agree that if an e-commerce site has a broken cert we should make it less than super-easy for novice users to bypass it. I think the interface should look *different* than a mere website error because it will be misreported to tech support by confused users and because a bad cert is a much worse problem than a temporarily inaccessible site. If the intent is to improve user behavior by forcing them to think about and undertstand what is going on, then the error page should be clear, concise and unique.
And there needs to be a way for expert users to go back to a one-click. I have no problem with the default being intrusive, but for god's sake let me turn it off so I can get work done.
The arrogance implied in some of these responses is astounding. "It's not a problem with Firefox. Everyone else just needs to change how they do things."
There are two problems with the feature:
1) It looks like a broken website and is not intuitive. If you want to make it clear to users that the site is suspect then say so in clear language that they can understand.
2) You can't get it out of the way. This feature alone is going to drive me away from Firefox as an everyday tool because I work all day long with devices that are manufactured with a self-signed cert so this is a pain in the ass until you replace it. Also, I work routinely in environments that set up new applications using self-signed certs for test instances which are often on IP's that don't resolve to the CN, etc. Not every customer has the infrastructure or expertise to run their own CA, the money to purchase trusted certs for thousands of internal devices or the foresight to obtain them before they are needed. The number of clicks is just a major pain in the ass that is making Firefox more irritation than joy.
Just give me something in that lets me choose the old behavior. I *know* enough to be able to distinguish between a bad cert at a supposedly legitimate site and a testing or temporary cert that was shipped with a device or which I just created two minutes earlier. And no, I'd rather not import tons of bogus signing certs into my browser and thereby pollute and clutter up the set of trusted certs. Just let me choose the old behavior thank you very much. Make it easy for me to bypass when I know it should be bogus. Make it easy for me to examine the cert if I am uncertain. One of the fundamental principles of security is that if you make it too hard to understand the controls or too much work to comply with users will find ways to circumvent the mechansim. In this case, circumvention will mean that users become irritated and stop using Firefox which is a net loss to the internet and to internet security.
Hey, I was just there to plug the network together. If I had to learn the application framework of every single thing I've had to touch I'd never get anything accomplished. And frankly, by the time the application gets to the network guys, it's usually got so much development time invested that you can't redesign it even if it is the worst turd to roll out of a programmer since Hello world. You take what the devs have churned out and you try to make it work and reasonably secured. Would it be nice to have application folks work with the infrastructure and security people before they devote thousands of man-hours to coding an application? Yup! Does it happen? In my experience this pretty uncommon.
Maybe my bitch is with DCOM and pinheaded developers and not .Net. I'll accept that.
By MS consultant I mean he was a Microsoft employee from their professional services division acting as a consultant to help resolve issues with the application. So call bullshit all you want.
Yes, we restricted the port ranges but guess what? When you do that on a SQL server box it crashes under load and MS was never able to resolve the issue. These was true even if the restricted range was very large or very small.
Where did I ever say "one box"? I said flat which means in one network segment.
As I said in my first post, "there may be a better way to implement .Net". I guess it would have been too much for someone to just post information instead of resorting to calling me a liar. :)
Bad form to reply to myself but leaving for the weekend. By routeable IP's I mean internally routeable (the app and db layers needed to communicate between sites). But I don't trust the corporate network much more than the internet so it is still a problem in my book.
I notice the article did not talk much about the implications of having a .Net implementation on your network.
The one (and only) multi-tiered .Net implementation I have had to work with was a networking nightmare. The whole thing used DCOM which is a total pain in the ass. No NAT'ing (DCOM doesn't function across NAT) means that production DMZ's had to have routeable IP's. DCOM uses RPC which means that firewalls have to allow the entire high port range (>1024) between tiers. The transaction protocol in the framework likes to talk all the way from web layer to db layer so defense in depth is pretty much thrown out the window.
It may be that there is a way to use .Net without running into these issues, but the developers and the MS consultant all insisted this was standard and typical. Of course, they all also insisted that the environment would be better off flat and the MS consultant strongly urged not doing multi-tiered. So I suppose if you don't mind having your SQL server in the DMZ .Net is great.
Didn't like it. No sir. Not at all.
Technical knowlege != good technical manager.
Between traditional employment and contracting and consulting I've seen alot of managers in action that run the whole gamut of technical knowhow and I've noticed almost no correlation between technical skills and good management. We all bitch about the clueless boss, but sometimes the clueless boss *knows* he is clueless and sticks to the things that he can do and lets his engineers make the decisions he can't which actually gives us *more* control over our lives since it frees us to implement processes and technologies that actually work instead of those that some hottie saleschick convinced the boss he had to have.
Most of the things a manager needs to do are not technical or are things he should not be doing without input from his top engineers. He needs to:
If you have a non-technical manager who can get your team the resources it needs, keep others off your backs, lets you self-prioritize and self-schedule as much as possible and gets you raises and cool toys, then KEEP HIM. Just convince him that he needs to defer technology decisions to the senior engineers. He probably isn't really that comfortable making those decisions anyway and I have found mba-types to often be quite easy to guide to the realizition that making a tech decision is not a managerial task.
On the other hand, I have had some highly technical managers who couldn't keep their little fingers out of every little situation--often with dated knowledge since they can't stay fresh like a practicing engineer. I once had a manager who had been out of the trenches for a decade but who insisted on logging in and "looking around" during really hot problems. Inevitably he'd walk in every 30 minutes and ask about something we had already seen and discounted or taken care of. Once as a joke we modified his shell so that it just said "Everything is working fine, sir." no matter what he typed.. lol :)
The problem with lots of MBA-mill managers is that they apply the crap they learned in school to managing developers and engineers and don't understand that what we do IS NOT MANUFACTURING! Most high-tech work is highly creative and hours worked does not always correlate to productivity. Problem solving, coding, etc all require focus and inspiration and do not respond well to traditional management techniques. So that is the main upside to a technical manager is that he at least has been there and has some idea what it is like. Unfortunately many technical managers can be so lacking in management skills that are clumsy for a long time before they learn how to manage engineers. This can be compounded since so many of us have had bad managers--it's like child-abuse, even if they know the a-hole boss method doesn't work on engineers it's the only thing they've experienced and so they revert to it out of desperation because subconsciously that's how they think a boss is supposed to act.
The ideal manager is one who understands *engineers* since that is what he is managing. If he understands the technology that is a big bonus if he is able to do all the other stuff. But I'd trade a technical boss who can't protect his people or wage corporate war effectively for a "clueless" MBA who can wrap the C-level executives around his little finger any day of the week.
With pure anonymity you get a possibly great scoop that has no credibility.
In some cases it might be possible for a source to demonstrate credibility because of the information they transfer (ala Deep Throat) but that will be rare.
If the reporter knows who the source is--a basic requirement for the reporter to establish that source's credibility in most cases--then the reporter can be subpoenaed to divulge that identity. And the prosecutor will know that there is a source because the reporter claims it *right there in the story* ("senior administration officials confirm blah blah blah"). If they don't use the commonly accepted jargon for credible anonymous sources then the story has trouble getting legs and the reporter might as well not write it.
Now of course it is possible that newspapers will be able to use encryption, agressive shredding, etc to make investigation of sources more difficult and possible crimes harder to prove in court, but I am not sure if that will fly in the face of GLB and SOX, not to mention whatever Congress cooks up after the first time a really high profile "traitor"-type case comes along.
Oh. I think we agree on long-term benefits and anyone who works for a wise company/manager with reasonable policies needs to realize how fortunate they are. Just saying lots of managers won't see it that way. The *like* work-a-holics cause it lets them keep headcount and expenses down long enough to get promoted out of the job *they* hate.
I was thinking of continental europe, particularly Germany and France, which have relatively short work-weeks (not sure exactly--I have heard as low as 32 or 30 hours) and very high unemployment.
If a co-worker sees you surfing porn they can sue you or the company or both claiming a "hostile work environment". The company at least would have to absorb the cost of defending themselves and even then would have to prove that they had taken reasonable steps to prevent such "harassment".
If you think this is ridiculous I will have to point out that there was a sexual harassment case brought against someone I used to work for in which one of the complaints was that he had a Rolling Stone magazine with Gillian Anderson on the cover at his desk and said she was "hot". Yes, stupid. Didn't prevent the company from having to spend money defending the suit (not to mention carrying the complainant--who was totally inept--for almost two years after she would have been fired while the case was arbitrated and then adjudicated). I have worked with people who seemed to have HR on speed-dial and were willing to use that weapon to advance or protect their positions.
Now if you happen to veer off into kiddie-porn or snuff or other illegal activities, the risk is greater as the IT assets of the corporation (firewalls, proxy servers) could be siezed as evidence.
Funny anecdote. I was doing some work on the proxy servers at one place (mgmt wanted to start getting reports on what surfing people were doing to questionable sites) and noticed a guy going to swingers sites (with nudity) and other sites that were prohibited by policy--but not well enforced at the time--between 7 and 7:45. He was a low-level tape jockey and my guess was that his boss tended to show up just before 8. So, I called the number in his profile and just said "Hey, just a friendly call. You do realize everything you do on the internet is logged?" That was the last day he hit those sites.
I agree. But until that is the point of view of most IT professionals and until most of them are willing to stick to their guns it is never going to change (in the US--not sure about things like this balance across the pond in the land of 30 hour work weeks and double-digit unemployment). From a management point of view it *will definitely* affect your chances of promotion.
It's really quite simple. If a manager has to choose between Bob, who does good work for 40 hours but leaves at 5-sharp every day or Fred, who also does good work but burns the midnight oil and carries a pager without compensation he's going to choose Fred 9 times out of 10. And since IT professionals only stick with one employer for an average of, what 4-5 years, "burnout" isn't an issue from a cynical management point of view since the guy who burns out quits and becomes someone else's problem (never mind that we all know we wouldn't burn out and would stay longer if things were more reasonable).
I think you have a reasonable outlook but not everyone is fortunate enough to work at a place that allows you to escape. And, the problem is that "IT Decision Makers" routinely expect well in excess of 40 hours per week from their employees. My current position is with a company that has a good work-life balance but when I was working in major corporate IT divisions I was *expected* to work more than 40 "if needed". And since we tended to get projects assigned with unrealistic deadlines, "if needed" meant "damn near always".
So if I am expected to put in extra effort and extra hours it is up to *me* to determine whether I want to do a couple surfing runs each day so long as I'm not doing things that put the company at risk (surfing porn, emailing competitors, etc). As long as I meet deadlines and my productivity is good, it's none of their business how I divvy up my time. And this doesn't even touch the fact that it is almost impossible for a senior IT worker to get a real "day off" anymore.
That being said, there is a serious problem with a minority of people who do things like daytrading, fantasy sports, shopping, etc all day long while doing the absolute minimum to avoid losing their jobs. But that is a management problem not a technology problem and it is wrong and short-sighted to punish 95% of your employees because mid-managers are too lazy (or too busy daytrading and playing fantasy football) to stay engaged in their employee's tasks and responsibilities.
I wish there were some surveys to compare the relative productivity of companies with liberal internet policies to those with a "total lockdown" mentality. My suspicion is that good management + a liberal policy would result in greater productivity (from improved morale) than an IT policy that treats the employees like untrustworthly spoiled children.
I agree that the US has at times acted in a short-sighted fasion in the name of geopolitics and I did not intend to offend by using a term that might be offensive to someone from a region of the world where military and other dictators are a very real possibility and not just a foreign policy consideration. But that does not invalidate my right to speak my mind. Nor does it change the fact that the overwhelming majority of the UN General Assembly delegates are appointed by non-democratic autocrats. I will not relinquish the ability to tax me to such an entity without a fight and neither will most Americans. We are sorta feisty about taxation by unrepresentitive foreign entities :)
"And as for the US not changing what I can do on the net... I'm not sure, seeing how your president and government behave. The fact that the US people reelected him gives me even less certainty."
I respectfully disagree. Bush's administration is not as internet-age saavy as I would like, but as at least it's free market instincts have helped to keep the encroachment of taxation on Internet businesses down (most of that is being pushed by the States and opposed by the Bush Admin and congressional Republicans). There is not much difference between his and Clinton's administration on most Internet-related issues.
I respect the participation of the people of the world in the Internet. I have friends all over the world. But the point is that you *don't* see the US government telling you what you can and cannot do on with the Internet. They tend to intrude a bit too much into what *I* can do (coercing ISPs into housing carnivore, etc), but that would be true for traffic passing through assets on US territory no matter who is doling out domain names and running the root servers. Domain registration is the only cost and it is cheap and relatively efficient. The UN just wants to grab this because they see it as a way to finally get an independent revenue/tax base. I DO NOT want the UN to ever become the "World Government" until such a time as every person in every country is free to vote in a liberal democratic society with an independent judiciary and free press. And until then I don't want the diplomats appointed by the tinpot dictators that govern 2/3 of the worlds population to be able to levy at tax on me.
The theft was systemic over an extended period. Yes, I do expect that employees should not be able to perpetrate this sort of crime over an extended amount of time.
If they discover that the theft used formal egress channels (corporate email or personal webmail via proxy servers, for example) the banks are probably liable due to negligence in securing their environment.
Banks, hospitals, and other organizations of "high public trust" must be held accountable to a higher standard when it comes to which employees have broad access to personal data and what information they allow to leave their premises (phyiscally or electronically).
This is pure garbage. We *have* contracted banks to safeguard our personal information. Banks have a host of legal obligations regarding the safeguarding of personal information. And even if they didn't, their websites and agreements are full of statements like:
"Keeping financial and personal information about you secure and confidential is one of our most important responsibilities. Our systems are protected, so information remains secure." (Bank of America, Online Privacy and Security Policy)
I'm sure there are similar statements in the microprint contracts we all threw away the day after opening our checking account.
Heads *will* roll over this.
Did anyone read the second article? "One former executive of a top-ranked computer maker alleges the organization is asking a $4 licensing fee for each chipset using OFDM technology, amounting to up to 70 percent of a chipset's price" Personally, I think CSIRO's patents should be observed. But I found very little except this tidbit to explain the actions of the companies brining the action. Big groups of competing companies don't band together to bring an expensive legal action unless they have a very clear incentive. (speculating here) It may very well be that this step is being taken because while $4 doesn't sound like very much it is inhibiting putting wireless technology in very simple low priced devices or devices with a very low margin? Does anyone know if CSIRO was approached about altering the price structure and refused? A $4 skim off the top of a $1500 centrino-equipped laptop isn't much. But a $4 skim off a $12 USB Wireless fob is pretty harsh.