Well, not only that, but companies have to make new games every month just to keep up, and don't turn out any decent, playable games... as if another dressed up version of Wolf3D (I haven't found a FPS that *didn't* make me think of it yet) is any different from the one they issued last month... Maybe if some of the game companies made games worth owning, more people would, and if more people bought games, there'd be more good ones. Vicious circle.
I don't play many games, but most of the ones I've enjoyed I've gone out and bought, so I'd know I had it, so I'd have the manuals, and because I like to support good craftsmanship. The next quake rip-off? Whatever. I can do without. A little discrimination goes a long way.
There's a lot of piracy going on with Playstation games ('cos you can easily a PSX to play normal burned CDs) and most of the ones that get pirated are rented... I know people with libraries of 300 games, all pirated. Would they have bought 300 games otherwise? Probably not. Would they have bought the few they valued? Probably. The tech-savvy segment of PSX owners is much smaller than the number of 13 year old warez kids, though.
Kind of unfortunate - I believe in checking out things before you buy it, but I also beleive in paying for what you value (I feel constantly guilty that I've never bought photoshop despite the fact that I use it constantly (albeit recreationally) - I've just never been able to afford it at full price). But then, that's me....
The main thing that concerns me is not that some warez kids got busted - bfd. It's not exactly a human rights event. What *does* bother me is that the law enforcement agencies were easily able to obtain personal information about the warez pups in question. Not that I have much to hide, but out of curiosity are there any decent shell providers you can pay cash to, preserving your anonymity? I think that there is a time and place for such things, particularly as 'controversial speech' will undoubtedly become more and more as a threat. It'd be nice to see a cash-only shell provider that had a TOS that would for instance prevent what is commonly known to be abuse (spam, etc) but basically take a hands off approach from there. I guess the idea of a haven gets messed as soon as you start imposing rules on it though... oh well, just an idea...
The person who replied was correct, toll quality voice takes very little bandwidth. The phone system packs 24 voice calls per T1, and those each only use a small bit of the bandwidth allocated to them. That's part of why VOIP is being implemented by telcos to begin with, becase it's a much more efficient use of resources. Of greater concern is latency, which is highly noticeable in voice conversation, as it's interactive. Compare loading a web page over a high-latency link to using a telnet session to gauge importance of latency, I'm sure you'll agree.:) And most dialup connections *are* high latency.
Like many professionals reading this (I think I can safely speak for many at this level), I'm disappointed both by JP's behavior and methods of operation, and by the community response. While it's pretty clear that JP is far less experienced and far more vindictive than he represents, you have to give the guy some credit for standing up to a wall of immature criticism. For example, the lack of intelligent questions in yesterday's Slashdot interview was very disappointing; I'd have liked to see something along the lines of "What do you see as the next few steps in the evolution of remote NT cracking" or "What would you recommend as a baseline security configuration for deployment of a small XYZ-based ecommerce site?"
In addition to the point you stated in your next paragraph, that the answers would be pointless, the fact is there are LOTS of security professionals who are much more respected who could give interesting answers to those questions. The fact is, the public simply doesn't *care* what JP thinks about security, they want to know why he makes a mockery of the entire security community. And that he has no answer for.
I find it difficult to believe that anyone who wishes to be a respected professional would choose not to defend themselves against the mass criticism of the very community they claim to have insight into. Sure, lots of respected people have many critics, but it is by responding to them intelligently and with genuine insight that they maintain respect. Dismissing your detractors is not the way to fame and fortune, though I guess it could seem that way at 21 when your name has been in all the big papers. The article in Forbes just shows that it won't last, and I hope that John has a second line of work set up for when he's 22, nobody remembers his name except as an afterthought, and he can't get a security job to save his life.
In re: job postings which ask *you* to submit an expectation for salary - ignore it. In the interview, when it comes to money, make *them* offer *YOU*. Never, ever give them a figure first, no matter how much it seems impossible. It's like dealing with buying a car - seriously! Ask them what they feel would be fair for your skillset, or what they had in mind for the responsibilities of the position. Often companies have a set range already, and you can probably get them do disclose that if you're careful - as long as you do NOT throw out a number first! If it's not enough, feel free to counter-offer. The worst thing that could happen is they could lowball you, you ask for more and they say no - oh well, you haven't lost anything 'cos they weren't going to pay you enough anyway, and they *didn't want you that badly*. The best thing that could happen is you can get a salary that meets their expectations *and* yours. Yeah, you may get a couple of bum interviews, but it's a couple of hours of your time, and it's good experience, espeically if you're new to the job market.
Re: Salary ranges - The whole "standard salary" for various positions idea is asinine. It only works for positions which have very specific roles, and usually hourly wages along with them, ie, tech support.
The more high level a job is, the more the job description is going to vary. Also, the job title means *nothing*. Network Engineer means anything from NOC monkey who has heard of TCP/IP once, to NT administrator, to the head design engineer at a telco - and salaries vary wildly depending on which you mean. If I go into a company and they want me to run their entire network single-handedly, work 12 hour days 7 days a week, and have 3 direct reports, I'm sure as hell going to want more money than if I had less responsibility, and they're likely to offer me more to begin with. It's all relative.
As to not getting ripped off, it really does depend on where you live, and it's best to ask people locally how much they're making (if that's too intolerably rude for you - you can also ask them for a range that they think is reasonable, which is a little bit less prying).
Ask people you know what they would pay for someone with *your* skills and experience - that's a much better assessment than a random sampling of coders or admins.
Yes, some people get paid a lot more than others, and it's usually due to scarcity of skillset, experience, and demand. If you're a brand new web designer with only your personal pages in your portfolio, don't expect to get any high rolling offers. But if you're a messaging expert with 8 years experience, you'll do just fine... but you knew that already.:)
This is the typicalargument of "I have nothing to hide, so only if I do would I need privacy/encryption/whatever." To assume that if something is vulnerable that no one will be able to exploit it is ignorant.
Say you're a politician (since this is the kind of arguments politicians love, you very well could be!) and you had a urinary tract infection that was misdiagnosed initially as an STD. Your opponent/the media/your ex wife get ahold of your medical records and tell the NY Post that you had an STD, and your medical records prove it. Or what if your wife had an abortion 14 years ago? Or what if you were on medication for depression? It doesn't take much to smear someone, and medical records are prime bait if left unexposed. This isn't just politicians - anyone who wanted to discredit someone else by character defamation would be likely to try to abuse such a vulnerability.
Granted, I'd be just as anxoius if I were in that position of someone just buying off someone at the hospital - in this age of information security, a lot is left lacking in the *obvious* ways of getting information, nevermind obscure ways like cracking websites made for client/doctor interaction...
The fact is, there is a patient/doctor confidentiality kind of agreement for a reason, which is that matters of health are private. That's all well and great for you that you've never had anything ambiguous, confusing, or embarassing in your chart - but don't assume it for everyone. Hospitals should be taking more care with their clients records *period* not just when it comes to putting them in a digital form.
This is VERY true - anyone you write a check to has your account number, which is basically all you need to do anything to your account. I'm not sure what companies have to go throgh to get authorization to do electronic transfers by account number, but with abuses it could undoubtedly be revoked. One would hope it's fairly difficult to get and has high penalties for abuse, but nonetheless, it's much like systems where people use something public (your SSN, for example, which your employer, educational institution, etc have) and rely on it remaining private. Very, very stupid.
Kaiser's online system reqires your medical record number and a PIN of your choosing. I'm not happy about the fact that that's all it relies on. But then again, pretty much anyone who had my medical record number could call up Kaiser and get my records anyway - it's that easy.
I don't know of a good solution but I think the point is that we're *already* vulnerable due to everyday stupid lack-of-authentication schemes. Yecch.
For years there's been speculation that EMF is harmful to the human body, and that children living under power lines have greater incidences of lukemia and other assorted problems... (I don't have a cite, but I can attempt to find one). Now they do some clinical research into America's favourite toy, the cellphone. Slashdot's reaction is what I'd expect - "My toy can't be harmful, let's laugh about the idea of swimming in milk!"
People have some very strange ideas about health precautions. When it affects their favourite convenience items, they discount it outright. When someone could make a bunch of money off of it (class action lawsuits) suddenly it becomes interesting. Shouldn't we be pushing manufacturers to address real health issues with products (something which took 50 some years for the tobacco industry to do) rather than simply looking for a handout for our brain tumours that result?
I'm not saying the study was valid or invalid, god knows Wired news is never going to report enough detail to determine that, being a sensationalistic media outlet like all the rest. Until the public demands more information and research from the companies making these products, we put ourselves at the mercy of their marketers. Do people really care a lot more about the money they could get from some class actions suit than about the possible damage they're doing to their bodies? My boyfriend uses a cellphone almost exclusively - so this *scares* me more than makes me think of an 'opportunity.'
Devices are required to be adequately sheilded for non-interference with other electronic devices - and yet when a cellphone rings near a computer, observe the monitor flicker, the speakers pop... obviously the signals are strong enough to interfere with properly sheilded devices. Why aren't these phones better sheilded to begin with? To satisfy our obsession with miniaturization?
Oh well, now I'm ranting. I find this quite disturbing, and the reaction even more so.
Has anyone come forward to explain just how this is allegedly done? I have friends who have worked at most major telcos (oh, wait, there is only Worldcom now =]) and every major ISP - the fact is, if something this large was intercepting or diverting or duplicating the traffic, SOMEONE would see SOME effects of it, somewhere. Are all those Cisco and Cascade bugs that make networks flakey around the globe really a government plot? Does the NSA own MCIWorldcomUUnetSprintMFSBrooksfiber? (I think I missed a dozen there...)
Then again, lots of punk kids have at one point or another compromised the switching fabric of the telephone system, I guess it's sort of silly to assume the NSA couldn't top that.;-)
"Common carrier" is a phrase thrown around a lot. It's an actual legal designation, given to a company by the FCC. Here is how it is defined. As far as I know, the rights afforded to common carriers do not extend to other companies unless they are in fact certified as common carriers.
from http://www.cybertelecom.org/notes/def.htm
Common Carrier 47 U.S.C. 153(h)(1991) "Common carrier" or "carrier" means any person engaged as a common carrier for hire, in interstate or foreign communication by wire or radio or in interstate or foreign radio transmission of energy, except where reference is made to common carriers not subject to this chapter; but a person engaged in radio broadcasting shall not, insofar as such person is so engaged, be deemed a common carrier.
Primary sine qua non of common carrier status is a quasi-public character, which arises out of the undertaking to carry for all people indifferently; particular services offered need not be practically available to the entire public and specialized carrier whose service is of possible use to only a fraction of the population may nonetheless be a common carrier if he holds himself out to serve indifferently all potential users; it is not essential that there be a statutory or other legal commandment to serve indiscriminately, rather it is the practice of such indifferent service that confers "common carrier" status. --National Ass'n of Regulatory Utility Com'rs v. F.C.C., 533 F.2d 601, 174 U.S. App. D.C. 374 (1976).
From that same page:
Content providers make information available on "servers" connected to the Internet, where it can be accessed by end users. Major content providers include Yahoo, Netscape, ESPN Sportszone, and Time-Warner's Pathfinder service." In re Federal-State Joint Board on Universal Service, Report to Congress, FCC 98-67 63 (April 10, 1998).
While this all may seem nit-picky, if you're goign to talk about things in legalistic terms, it's nice to have them defined.:)
You know, it's funny. The internet was once a place that was almost entirely an alternative. Except for the explicitly moderated ones, email lists and newsgroups were an open, even forum for all to use. Sites were mostly homegrown ventures, and only actual company sites were owned by large corporations.
Look at us now. People complain because a forum owned by some big company is exhibiting their right as owners of the forum, on another forum owned by a big collective. We've come a long way? Someone needs to revamp some of the older mechanisms to deal with the problems we have today (spam, mostly).
While this is absolutely true, the key phrase is "if yahoo is a common carrier," a status which they would most likely NOT be ruled to have. There was a big din about this when Scientology started suing ISPs to make them cancel posts opposing Scientology. The only one I'm intimately familir with was Netcom, who settled, but I believe at least one or two ISPs went to court and were ruled NOT to be a common carrier. The responsibility for email and usenet posts has been well argued and probably has a similar legal application, the main difference being that most people paid their ISPs for their accounts, which is supposed to include some implicit or explicit right or responsibility. I can't say I know all the details though...
Basically, Yahoo provides a free service and isn't going to spend a million dollars defending it. No surprise there.
I agree with all the assesments that this article had nothing to do with geeks, but everything to do with technology companies being able to buy a piece of your local representative just like everyone else. Very dissapointing, considering there is a surprising lack of political awareness or activism among geeks, one which I always find confusing, and find myself part of as well. I'd love to see a feature on that. After all, aren't college campuses, essentially a similar demographic (though skewed to the younger end) one of the more active spots for political interest? Hmm.
It's not a matter of anarchism, as some would point out, but of indifference. Politics starts at home, that is in your local communities - and I don't ever hear anyone talking about local issues (which are numerous) and when I had cable I rarely saw many from the geek community at city council meetings. These are open to everyone, and anyone who cares can attend, speak their piece, and hear what's going on with local politics.
It sort of seems like if the US is doing something important enough to get Big News coverage, like bombing someone or restricting civi liberties, in general the geek community will become interested. But aside from that, I get the feeling that most geeks don't read outside the business section of the local paper. And I'll say this - it's hard to. I listen to NPR on the way to and from work to at least *try* to know what's going on with the world, but a lot of my time is spent keeping up with news specific to the industry. Global and local politics take a back seat. A lot of people I've asked about this have said the same.
On a last note, something which I don't understand - how come the South Bay area (Silicon Valley to you, I guess) never has any campaign posters or anything? Is there an ordinance against it, or does nobody care here? I always knew when it was election time everywhere else I ever lived, because if nothing else, there was high visibility for even the smallest candidates. I always thought that odd.
While I can definitely see the point behind the article, I think there are two types of people currently going into tech fields - those who are extremely gifted with technical things - be they computer programs, electronics sets, or something else entirely, and then those who are in it for the money.
I have to say, I think the majority is covered by the latter half of that statement. That's true for most industries - most lawyers aren't driven by passion for the law, at least not by the time they get out of law school. Managers and directors in companies aren't driven by an urge to lead. They do it because it provides a good income to support their families. And I'm not saying that the people who are doing it for the money aren't bright, excellent people in the industry - I'm saying if the money was somewhere else, they'd be there instead.
Then there are those who no matter what the money was, they'd be doing what they're doing today. Much like teachers, who are one of the most disturbingly underpaid sectors of our society, they love what they do, they feel it has importance, and they do it regarless of lifestyle issues. Could these people be in other engineering fields? Sure, and lots of them are.
Are there people who are utterly brilliant in all ways, and are in an industry where some would consider them to be wasting their talents, when they could be bettering mankind? Probably. But who is to say that one industry is more important for society than another?
I don't think that the lack of pure research into areas such as space exploration can be attributed entirely to brain drain by the computer industry - I'd be more likely to point to where companies think they're going to be making money in 3 years. For whatever reason, companies are looking short-term, not long-term right now, and space is definitely a long-term endeavour.
Eventually, if the work we are doing in computers and the internet is not of benefit to society, I believe that eventually it will come to pass that something else *will* take over the hearts and minds of our bright people. And those who are in it for love will remain, and those who are in it for money will follow to the next great thing.
I would like to commend this article for pointing out the importance of the 'net in the greater context of the world, something I find myself having to point out to people all the time. It's easy to lose perspective.
So there's another place for people with 10x your yearly salary coming in every month to stash some of it. And? You think this is cool because...?
All it does is make sure that even less of the top.01%'s money gets taxed, so the rest of us working stiffs can pick up the bill. God help me when my obnoxious neighbour, who spends all his time swimming in his money like ScroogeMcduck gets hold of this, and announces he won't be paying any taxes on the million dollars he made this year... I'll have to rip his eyeballs out.:)
That's cool, I didn't know the history behind TLG.
It's my opinion that with the conglomeration of internet service providers into telcos, we'll see more and more of people banding together to find alternate solutions to bandwidth problems, and trying to throw less of their money at telcos.
Most people who have worked with networks can probably explain why a T1 is better than DSL. One, it's not running over j random telco's oversubscribed, badly managed ATM network which they've hacked together to roll this to market (as the guys at the coop mention on their web page, PacBell's is disintegrating by the day - I should know, I am in fact at the end of a DSL line attached to it).
For reliability and QOS, you can't beat a 'real' connection. Ever notice your DSL is strangely slow during peak hours? Well, mine is at least. For folks who were getting by with a 56k modem or other dialup-type device, yeah, DSL is an amazing step. I think it's neat for home use in that same way. But if I was doing anything mission critical (ie, trying to run a small business, or contracting from home) I'd want a T1.
For people used to dealing with real networks, DSL is kind of a nasty kludge that no one has implemented adequately, and can't really replace good reliable network connectivity. It'd be neat if it did, 'cos it is *CHEAP* -- but hey. There is NO such thing as a free lunch.
Actually, while I use fBSD on most all of my machines, I had actually been running linux on one of my laptops. The reason was that the Xircom10/100/56kmodem card didn't have support under FreeBSD yet - at least as far as I could see. Turned out I was wrong, someone had written a driver it just wasn't referenced anywhere useful.:)
I can definitely understand the frustration of not having your hardware supported, having once many years ago tried to get linux to recognize my cdrom drive with *no* success. Hardware bugaboos are one of those things that can turn you off of an operating system entirely, which is unfortunate.
One thing that does make me happy though is that the driver support in fBSD is really solid - they don't include a new driver in the release just because someone wanted it, if it's not ready for prime time, it's not there. The driver for my card was available under Linux, but flakey as hell. Which is the better option? I dunno. It's nice *having* an option, though.
Truth be told, I probably *should* have gone out and spent the 30 bucks on a new card, but oh well.:)
Ok, how about a storefront? If there isn't adequate security to keep a storefront from being vandelized, then there isn't adequate security to keep the credit card receipts in the till inside secure, is there? Is that a more adequate metaphor for you? Or do you think the little pieces of paper that are left lying around your favourite restaurant/bar/phone catalouge ordering place are more secure than the computers attached to backend databases on major e-commerce sites?
I'm not sure how intimately familiar you are with how most web sites are set up - there's usually a front end, and a back end. The front end is often considered practically sacrificable - no real data is there. It's presentation crap. And that's what more often than not seems to get compromised, unless there's some serious work going on that people aren't publicising. Often, different levels of security apply. So the whitehouse's web page got hacked. So what?
Yeah, we all need more security awareness. Sites that really care if their front page get trashed have it get trashed a lot less often (a quick search of attrition.org's archives didn't find any defacements of cnn.com, but about 50 of sites I've never heard off) - Or perhaps the huge list on attrition.org is mostly tiny sites who don't have a security administrator, nevermind the resources to set up adequate firewalling etc? So one big name site gets compromised every now and again, and everyone says "Hmm, those damn hackers are up to it again."
I still don't see why everyone thinks it's exciting. Punks will take cracks at easy targets, and occasionally comrpomise a good target. Wah, wah, wah.
If you're talking about L-trytophan, you're kind of off... turkey has it, and it's a buildling block of seratonin. SSRIs (the class of drug which Prozac belongs to) also affect seratonin production (SSRI stands for selective seratonin reuptake inhibitor, and they help your body keep more seratonin around), but I wouldn't quite say that eating a plate of turkey and eating some prozac will have the exact same effect.:)
References: Mining Company article about L-Tryptophan
Slashdot Mirror
Well, not only that, but companies have to make new games every month just to keep up, and don't turn out any decent, playable games... as if another dressed up version of Wolf3D (I haven't found a FPS that *didn't* make me think of it yet) is any different from the one they issued last month... Maybe if some of the game companies made games worth owning, more people would, and if more people bought games, there'd be more good ones. Vicious circle.
I don't play many games, but most of the ones I've enjoyed I've gone out and bought, so I'd know I had it, so I'd have the manuals, and because I like to support good craftsmanship. The next quake rip-off? Whatever. I can do without. A little discrimination goes a long way.
There's a lot of piracy going on with Playstation games ('cos you can easily a PSX to play normal burned CDs) and most of the ones that get pirated are rented... I know people with libraries of 300 games, all pirated. Would they have bought 300 games otherwise? Probably not. Would they have bought the few they valued? Probably. The tech-savvy segment of PSX owners is much smaller than the number of 13 year old warez kids, though.
Kind of unfortunate - I believe in checking out things before you buy it, but I also beleive in paying for what you value (I feel constantly guilty that I've never bought photoshop despite the fact that I use it constantly (albeit recreationally) - I've just never been able to afford it at full price). But then, that's me....
The main thing that concerns me is not that some warez kids got busted - bfd. It's not exactly a human rights event. What *does* bother me is that the law enforcement agencies were easily able to obtain personal information about the warez pups in question. Not that I have much to hide, but out of curiosity are there any decent shell providers you can pay cash to, preserving your anonymity? I think that there is a time and place for such things, particularly as 'controversial speech' will undoubtedly become more and more as a threat. It'd be nice to see a cash-only shell provider that had a TOS that would for instance prevent what is commonly known to be abuse (spam, etc) but basically take a hands off approach from there. I guess the idea of a haven gets messed as soon as you start imposing rules on it though... oh well, just an idea...
The person who replied was correct, toll quality voice takes very little bandwidth. The phone system packs 24 voice calls per T1, and those each only use a small bit of the bandwidth allocated to them. That's part of why VOIP is being implemented by telcos to begin with, becase it's a much more efficient use of resources. Of greater concern is latency, which is highly noticeable in voice conversation, as it's interactive. Compare loading a web page over a high-latency link to using a telnet session to gauge importance of latency, I'm sure you'll agree. :) And most dialup connections *are* high latency.
Like many professionals reading this (I think I can safely speak for many at this level), I'm disappointed both by JP's behavior and methods of operation, and by the community response. While it's pretty clear that JP is far less experienced and far more vindictive than he represents, you have to give the guy some credit for standing up to a wall of immature criticism. For example, the lack of intelligent questions in yesterday's Slashdot interview was very disappointing; I'd have liked to see something along the lines of "What do you see as the next few steps in the evolution of remote NT cracking" or "What would you recommend as a baseline security configuration for deployment of a small XYZ-based ecommerce site?"
In addition to the point you stated in your next paragraph, that the answers would be pointless, the fact is there are LOTS of security professionals who are much more respected who could give interesting answers to those questions. The fact is, the public simply doesn't *care* what JP thinks about security, they want to know why he makes a mockery of the entire security community. And that he has no answer for.
I find it difficult to believe that anyone who wishes to be a respected professional would choose not to defend themselves against the mass criticism of the very community they claim to have insight into. Sure, lots of respected people have many critics, but it is by responding to them intelligently and with genuine insight that they maintain respect. Dismissing your detractors is not the way to fame and fortune, though I guess it could seem that way at 21 when your name has been in all the big papers. The article in Forbes just shows that it won't last, and I hope that John has a second line of work set up for when he's 22, nobody remembers his name except as an afterthought, and he can't get a security job to save his life.
In re: job postings which ask *you* to submit an expectation for salary - ignore it. In the interview, when it comes to money, make *them* offer *YOU*. Never, ever give them a figure first, no matter how much it seems impossible. It's like dealing with buying a car - seriously! Ask them what they feel would be fair for your skillset, or what they had in mind for the responsibilities of the position. Often companies have a set range already, and you can probably get them do disclose that if you're careful - as long as you do NOT throw out a number first! If it's not enough, feel free to counter-offer. The worst thing that could happen is they could lowball you, you ask for more and they say no - oh well, you haven't lost anything 'cos they weren't going to pay you enough anyway, and they *didn't want you that badly*. The best thing that could happen is you can get a salary that meets their expectations *and* yours. Yeah, you may get a couple of bum interviews, but it's a couple of hours of your time, and it's good experience, espeically if you're new to the job market.
:)
Re: Salary ranges - The whole "standard salary" for various positions idea is asinine. It only works for positions which have very specific roles, and usually hourly wages along with them, ie, tech support.
The more high level a job is, the more the job description is going to vary. Also, the job title means *nothing*. Network Engineer means anything from NOC monkey who has heard of TCP/IP once, to NT administrator, to the head design engineer at a telco - and salaries vary wildly depending on which you mean. If I go into a company and they want me to run their entire network single-handedly, work 12 hour days 7 days a week, and have 3 direct reports, I'm sure as hell going to want more money than if I had less responsibility, and they're likely to offer me more to begin with. It's all relative.
As to not getting ripped off, it really does depend on where you live, and it's best to ask people locally how much they're making (if that's too intolerably rude for you - you can also ask them for a range that they think is reasonable, which is a little bit less prying).
Ask people you know what they would pay for someone with *your* skills and experience - that's a much better assessment than a random sampling of coders or admins.
Yes, some people get paid a lot more than others, and it's usually due to scarcity of skillset, experience, and demand. If you're a brand new web designer with only your personal pages in your portfolio, don't expect to get any high rolling offers. But if you're a messaging expert with 8 years experience, you'll do just fine... but you knew that already.
This is the typicalargument of "I have nothing to hide, so only if I do would I need privacy/encryption/whatever." To assume that if something is vulnerable that no one will be able to exploit it is ignorant.
Say you're a politician (since this is the kind of arguments politicians love, you very well could be!) and you had a urinary tract infection that was misdiagnosed initially as an STD. Your opponent/the media/your ex wife get ahold of your medical records and tell the NY Post that you had an STD, and your medical records prove it. Or what if your wife had an abortion 14 years ago? Or what if you were on medication for depression? It doesn't take much to smear someone, and medical records are prime bait if left unexposed. This isn't just politicians - anyone who wanted to discredit someone else by character defamation would be likely to try to abuse such a vulnerability.
Granted, I'd be just as anxoius if I were in that position of someone just buying off someone at the hospital - in this age of information security, a lot is left lacking in the *obvious* ways of getting information, nevermind obscure ways like cracking websites made for client/doctor interaction...
The fact is, there is a patient/doctor confidentiality kind of agreement for a reason, which is that matters of health are private. That's all well and great for you that you've never had anything ambiguous, confusing, or embarassing in your chart - but don't assume it for everyone. Hospitals should be taking more care with their clients records *period* not just when it comes to putting them in a digital form.
Kaiser's online system reqires your medical record number and a PIN of your choosing. I'm not happy about the fact that that's all it relies on. But then again, pretty much anyone who had my medical record number could call up Kaiser and get my records anyway - it's that easy.
I don't know of a good solution but I think the point is that we're *already* vulnerable due to everyday stupid lack-of-authentication schemes. Yecch.
For years there's been speculation that EMF is harmful to the human body, and that children living under power lines have greater incidences of lukemia and other assorted problems... (I don't have a cite, but I can attempt to find one). Now they do some clinical research into America's favourite toy, the cellphone. Slashdot's reaction is what I'd expect - "My toy can't be harmful, let's laugh about the idea of swimming in milk!"
People have some very strange ideas about health precautions. When it affects their favourite convenience items, they discount it outright. When someone could make a bunch of money off of it (class action lawsuits) suddenly it becomes interesting. Shouldn't we be pushing manufacturers to address real health issues with products (something which took 50 some years for the tobacco industry to do) rather than simply looking for a handout for our brain tumours that result?
I'm not saying the study was valid or invalid, god knows Wired news is never going to report enough detail to determine that, being a sensationalistic media outlet like all the rest. Until the public demands more information and research from the companies making these products, we put ourselves at the mercy of their marketers. Do people really care a lot more about the money they could get from some class actions suit than about the possible damage they're doing to their bodies? My boyfriend uses a cellphone almost exclusively - so this *scares* me more than makes me think of an 'opportunity.'
Devices are required to be adequately sheilded for non-interference with other electronic devices - and yet when a cellphone rings near a computer, observe the monitor flicker, the speakers pop... obviously the signals are strong enough to interfere with properly sheilded devices. Why aren't these phones better sheilded to begin with? To satisfy our obsession with miniaturization?
Oh well, now I'm ranting. I find this quite disturbing, and the reaction even more so.
Has anyone come forward to explain just how this is allegedly done? I have friends who have worked at most major telcos (oh, wait, there is only Worldcom now =]) and every major ISP - the fact is, if something this large was intercepting or diverting or duplicating the traffic, SOMEONE would see SOME effects of it, somewhere. Are all those Cisco and Cascade bugs that make networks flakey around the globe really a government plot? Does the NSA own MCIWorldcomUUnetSprintMFSBrooksfiber? (I think I missed a dozen there...)
;-)
Then again, lots of punk kids have at one point or another compromised the switching fabric of the telephone system, I guess it's sort of silly to assume the NSA couldn't top that.
"Common carrier" is a phrase thrown around a lot. It's an actual legal designation, given to a company by the FCC. Here is how it is defined. As far as I know, the rights afforded to common carriers do not extend to other companies unless they are in fact certified as common carriers.
:)
from http://www.cybertelecom.org/notes/def.htm
Common Carrier
47 U.S.C. 153(h)(1991) "Common carrier" or "carrier" means any person engaged as a common carrier for hire, in interstate or foreign communication by wire or radio or in interstate or foreign radio transmission of energy, except where reference is made to common carriers not subject to this chapter; but a person engaged in radio broadcasting shall not, insofar as such person is so engaged, be deemed a common carrier.
Primary sine qua non of common carrier status is a quasi-public character, which arises out of the undertaking to carry for all people indifferently; particular services offered need not be practically available to the entire public and specialized carrier whose service is of possible use to only a fraction of the population may nonetheless be a common carrier if he holds himself out to serve indifferently all potential users; it is not essential that there be a statutory or other legal commandment to serve indiscriminately, rather it is the practice of such indifferent service that confers "common carrier" status. --National Ass'n of Regulatory Utility Com'rs v. F.C.C., 533 F.2d 601, 174 U.S. App. D.C. 374 (1976).
From that same page:
Content providers make information available on "servers" connected to the Internet, where it can be accessed by end users. Major content providers include Yahoo, Netscape, ESPN Sportszone, and Time-Warner's Pathfinder service." In re Federal-State Joint Board on Universal Service, Report to Congress, FCC 98-67 63 (April 10, 1998).
While this all may seem nit-picky, if you're goign to talk about things in legalistic terms, it's nice to have them defined.
You know, it's funny. The internet was once a place that was almost entirely an alternative. Except for the explicitly moderated ones, email lists and newsgroups were an open, even forum for all to use. Sites were mostly homegrown ventures, and only actual company sites were owned by large corporations.
Look at us now. People complain because a forum owned by some big company is exhibiting their right as owners of the forum, on another forum owned by a big collective. We've come a long way? Someone needs to revamp some of the older mechanisms to deal with the problems we have today (spam, mostly).
While this is absolutely true, the key phrase is "if yahoo is a common carrier," a status which they would most likely NOT be ruled to have. There was a big din about this when Scientology started suing ISPs to make them cancel posts opposing Scientology. The only one I'm intimately familir with was Netcom, who settled, but I believe at least one or two ISPs went to court and were ruled NOT to be a common carrier. The responsibility for email and usenet posts has been well argued and probably has a similar legal application, the main difference being that most people paid their ISPs for their accounts, which is supposed to include some implicit or explicit right or responsibility. I can't say I know all the details though...
Basically, Yahoo provides a free service and isn't going to spend a million dollars defending it. No surprise there.
I agree with all the assesments that this article had nothing to do with geeks, but everything to do with technology companies being able to buy a piece of your local representative just like everyone else. Very dissapointing, considering there is a surprising lack of political awareness or activism among geeks, one which I always find confusing, and find myself part of as well. I'd love to see a feature on that. After all, aren't college campuses, essentially a similar demographic (though skewed to the younger end) one of the more active spots for political interest? Hmm.
It's not a matter of anarchism, as some would point out, but of indifference. Politics starts at home, that is in your local communities - and I don't ever hear anyone talking about local issues (which are numerous) and when I had cable I rarely saw many from the geek community at city council meetings. These are open to everyone, and anyone who cares can attend, speak their piece, and hear what's going on with local politics.
It sort of seems like if the US is doing something important enough to get Big News coverage, like bombing someone or restricting civi liberties, in general the geek community will become interested. But aside from that, I get the feeling that most geeks don't read outside the business section of the local paper. And I'll say this - it's hard to. I listen to NPR on the way to and from work to at least *try* to know what's going on with the world, but a lot of my time is spent keeping up with news specific to the industry. Global and local politics take a back seat. A lot of people I've asked about this have said the same.
On a last note, something which I don't understand - how come the South Bay area (Silicon Valley to you, I guess) never has any campaign posters or anything? Is there an ordinance against it, or does nobody care here? I always knew when it was election time everywhere else I ever lived, because if nothing else, there was high visibility for even the smallest candidates. I always thought that odd.
While I can definitely see the point behind the article, I think there are two types of people currently going into tech fields - those who are extremely gifted with technical things - be they computer programs, electronics sets, or something else entirely, and then those who are in it for the money.
I have to say, I think the majority is covered by the latter half of that statement. That's true for most industries - most lawyers aren't driven by passion for the law, at least not by the time they get out of law school. Managers and directors in companies aren't driven by an urge to lead. They do it because it provides a good income to support their families. And I'm not saying that the people who are doing it for the money aren't bright, excellent people in the industry - I'm saying if the money was somewhere else, they'd be there instead.
Then there are those who no matter what the money was, they'd be doing what they're doing today. Much like teachers, who are one of the most disturbingly underpaid sectors of our society, they love what they do, they feel it has importance, and they do it regarless of lifestyle issues. Could these people be in other engineering fields? Sure, and lots of them are.
Are there people who are utterly brilliant in all ways, and are in an industry where some would consider them to be wasting their talents, when they could be bettering mankind? Probably. But who is to say that one industry is more important for society than another?
I don't think that the lack of pure research into areas such as space exploration can be attributed entirely to brain drain by the computer industry - I'd be more likely to point to where companies think they're going to be making money in 3 years. For whatever reason, companies are looking short-term, not long-term right now, and space is definitely a long-term endeavour.
Eventually, if the work we are doing in computers and the internet is not of benefit to society, I believe that eventually it will come to pass that something else *will* take over the hearts and minds of our bright people. And those who are in it for love will remain, and those who are in it for money will follow to the next great thing.
I would like to commend this article for pointing out the importance of the 'net in the greater context of the world, something I find myself having to point out to people all the time. It's easy to lose perspective.
So there's another place for people with 10x your yearly salary coming in every month to stash some of it. And? You think this is cool because...?
.01%'s money gets taxed, so the rest of us working stiffs can pick up the bill. God help me when my obnoxious neighbour, who spends all his time swimming in his money like ScroogeMcduck gets hold of this, and announces he won't be paying any taxes on the million dollars he made this year... I'll have to rip his eyeballs out. :)
All it does is make sure that even less of the top
That's cool, I didn't know the history behind TLG.
It's my opinion that with the conglomeration of internet service providers into telcos, we'll see more and more of people banding together to find alternate solutions to bandwidth problems, and trying to throw less of their money at telcos.
Most people who have worked with networks can probably explain why a T1 is better than DSL. One, it's not running over j random telco's oversubscribed, badly managed ATM network which they've hacked together to roll this to market (as the guys at the coop mention on their web page, PacBell's is disintegrating by the day - I should know, I am in fact at the end of a DSL line attached to it).
For reliability and QOS, you can't beat a 'real' connection. Ever notice your DSL is strangely slow during peak hours? Well, mine is at least. For folks who were getting by with a 56k modem or other dialup-type device, yeah, DSL is an amazing step. I think it's neat for home use in that same way. But if I was doing anything mission critical (ie, trying to run a small business, or contracting from home) I'd want a T1.
For people used to dealing with real networks, DSL is kind of a nasty kludge that no one has implemented adequately, and can't really replace good reliable network connectivity. It'd be neat if it did, 'cos it is *CHEAP* -- but hey. There is NO such thing as a free lunch.
Actually, while I use fBSD on most all of my machines, I had actually been running linux on one of my laptops. The reason was that the Xircom10/100/56kmodem card didn't have support under FreeBSD yet - at least as far as I could see. Turned out I was wrong, someone had written a driver it just wasn't referenced anywhere useful. :)
:)
I can definitely understand the frustration of not having your hardware supported, having once many years ago tried to get linux to recognize my cdrom drive with *no* success. Hardware bugaboos are one of those things that can turn you off of an operating system entirely, which is unfortunate.
One thing that does make me happy though is that the driver support in fBSD is really solid - they don't include a new driver in the release just because someone wanted it, if it's not ready for prime time, it's not there. The driver for my card was available under Linux, but flakey as hell. Which is the better option? I dunno. It's nice *having* an option, though.
Truth be told, I probably *should* have gone out and spent the 30 bucks on a new card, but oh well.
Errr, sorry AC. I meant Tripod. It's hard to tell one free web service from another, they all look like shit. :)
...that lists geocities sites before others. Because they have more merit? Not exactly... Because they have some affiliation? Mmnhmn.
Is still to aquire a good half dozen to a dozen aibo and program them to hunt as a pack and defend my territory. Now THAT would rule.
Ok, how about a storefront? If there isn't adequate security to keep a storefront from being vandelized, then there isn't adequate security to keep the credit card receipts in the till inside secure, is there? Is that a more adequate metaphor for you? Or do you think the little pieces of paper that are left lying around your favourite restaurant/bar/phone catalouge ordering place are more secure than the computers attached to backend databases on major e-commerce sites?
I'm not sure how intimately familiar you are with how most web sites are set up - there's usually a front end, and a back end. The front end is often considered practically sacrificable - no real data is there. It's presentation crap. And that's what more often than not seems to get compromised, unless there's some serious work going on that people aren't publicising. Often, different levels of security apply. So the whitehouse's web page got hacked. So what?
Yeah, we all need more security awareness. Sites that really care if their front page get trashed have it get trashed a lot less often (a quick search of attrition.org's archives didn't find any defacements of cnn.com, but about 50 of sites I've never heard off) - Or perhaps the huge list on attrition.org is mostly tiny sites who don't have a security administrator, nevermind the resources to set up adequate firewalling etc? So one big name site gets compromised every now and again, and everyone says "Hmm, those damn hackers are up to it again."
I still don't see why everyone thinks it's exciting. Punks will take cracks at easy targets, and occasionally comrpomise a good target. Wah, wah, wah.
References:
Mining Company article about L-Tryptophan
http://urbanlegends.miningco.com/culture/belief
Information about Prozac
http://www.begin.com/redoak/medications/prozac.