I work in an organization that struggles with this. One of my guys is a very competent technical resource who deserves to be paid more than we are "allowed" to pay him based on his current title / position. Our company is a consulting company and the compensation model was designed to reward managers who are leading large teams of people on client engagements. The model is not flexible enough to reward people in technical positions who do not have direct reports.
In order to hack the system, we had to setup a bunch of dotted line reports for him on the organization chart. He does not technically "manage" them because he is not responsible for performance reviews and all of those other fun managerial tasks. But since he could technically delegate to them, they count towards his head count requirement.
They are probably all selling access to the same set of DSLAMs at the CO.
The de-regulation of DSL was a mixed bag. On one hand, it produced competition and lowered prices. On the other, there was so much competition that companies were folding left and right. When I was doing SMB consulting in the mid-2000s we had one client who had to change providers four times in three years because they always went with the lowest priced provider and those providers kept folding.
Agreed. I was with Charter for about a decade and had good service. I always got more bandwidth than I was paying for and the service was stable. In ten years, I never had an outage.
It is a bit of an interesting situation because the Century Boulevard exit shares the transition lanes from the 105 onto the 405. So from the Waze POV it probably saw it as the "105 Freeway" and noticed that it was less congested than the 405. Having said that, the instructions were "Take Century Boulevard exit" and not "Merge onto 105 transition".
This should link to the area. The exit is basically at the 105 and I merged back onto the 405 near W Arbor Vitae St
We see them on electronic billboards over the freeways. I received one on my phone once upon a time, but it came with the option to unsubscribe from future alerts and I did that.
I am not sure how big of a problem child abductions really are. My sense is that nine times out of ten they are just custody disputes. Mom / Dad gets upset with their spouse and takes the kid out to run errands / go to the bar. Spouse freaks out and calls the cops. Cops over react and issue Amber Alert.
They also seem to have implemented what I am calling the "Dick Move" algorithm. The dick move is using the exit lane to pass people.
For example, I was traveling north on the 405 to Santa Monica. When I got to LAX, they told me to take Century Boulevard off ramp.... and then merge back onto the 405. It was a great move and let me bypass about a mile of bumper to bumper traffic. At the same time, I think most people agree that doing that is a dick move.
Yes. We usually see Amber Alerts at least once a month. They are usually 'child abductions'. The authorities share the year, make and model of the vehicle plus the license plate number.
I agree with you that you are not anonymous to Google. That is easy enough to deal with. Stop using their services.
The bigger question is whether or not Google anonymizes your data before sharing it. Just because the data is all there does not mean that it is being shared.
While Google might provide data along the lines of, "Within the last 30 minutes, 5000 people have averaged 35mph over this 0.1 mile stretch of road"... They are not going to provide a detailed list of who those 5000 people are, the last time they bought gas, the brand of car they drive, or what they ordered for lunch to any random person who wants that information.
Are you certain that the data is not being anonymized? In the case of traffic data, it is trivial to do technically. Just write a function to replace the unique ID (cell phone number, ESN, IMSI, whatever) with a random primary key and retain the rest of the data (position, speed, time, etc.)
Maybe they are breaking it up into two buckets. One is used by Google Now for personal consumption (daily route suggestions). The other goes into the public consumption data (traffic reports).
I have an Evo 840 for my OS and I put my games on a RAID1 array built from 2, 1TB Western Digital black drives with 64MB of cache. The Windows pagefile and temp directory are on a second RAID1 array with older drives that have 32MB of cache.
I play a lot of Battlefield 4 and I am frequently one of the first players to join the map, even when I am playing on a server with others who have SSD drives.
When I am moving files around my system, I often get ~120MB/s read speed out of the RAID1 array.
While this is obviously not an apples to apples comparison, I am happy to be getting similar performance and more space for considerably less money per gigabyte. I am using the built-in Intel SATA RAID controller.
Nor is it clear that anyone other than some classes of users who are forced by law or employer dictate to use a trusted system actually would do so. No or very restricted email, social networking, etc.
This is the environment that I work in. We use a combination of Citrix and VMware 'non-persistent disks' to provide a locked down environment that reverts to a clean, known good configuration every time a new session is established. We have to maintain that kind of environment because we work with sensitive data.
I think that the fact that banks and merchants appear to be unable to secure their transaction flows...
I am not sure that this is accurate. In two of the more recent major breaches (Target and Home Depot) it was acknowledged that the internal security controls and systems management strategies (patches, etc.) were inadequate. That leads me to believe that it is not that they are "unable" to secure their networks, but that they simply refused to do so.
Between hardware layer access controls (think MAC white listing), firewall controls and PKI technologies, it is possible to secure a network and the data that traverses it. All of those controls are worthless if the data is being held in a 15 year old SQL database that has not been patched in 3 years with an admin who is browsing porn from the console.
It is going to get to the point where the only viable solution is a trusted sandbox. It will be something along the lines of a TPM chip to make sure that the OS image / boot loader has not been compromised, combined with a white listed set of applications and trusted content sources.
People are either going to give up computing freedom for security, or they are going to become desensitized to and accepting of the fact that their "private / personal data" is neither.
Right now I do not have a well formed goal in mind. My initial goal was to relieve the sciatic nerve pain. Then it was to learn kung fu. I have pretty much plateaued and am trying to get over the hump, but lack the motivation or goal to do so. Right now I am on auto-pilot, just training seven to eight hours a week and working to refine the techniques and skills that I have. Teaching a few classes a week helps too because I enjoy helping others, but I am definitely stuck in a rut with my own training.
Mine still flairs up from time to time, but only when I slack off and stop exercising. It is definitely manageable.
I tried the whole "rest and pain killers" routine and that just made it worse. I am fully convinced that the only way to deal with sciatic nerve pain is with exercise / stretching.
About fifteen years ago I was starting to struggle with sciatic nerve pain due to years spent driving a car with a heavy racing clutch in traffic, and a lack of exercise. I considered my options and decided to start practicing tai chi. I caught a bit of a break and found a legitimate sifu. After a couple years of tai chi, I started training kung fu as well. It has been over a decade and I train on a daily basis. I can eat whatever I want because I burn it off.
None the less, it is a struggle. Despite all of the benefits, there are plenty of days when I would rather go home after work and play video games instead of heading over to the temple to train or teach classes. I still have not overcome the "exercise sucks" mentality. Sure, the endorphins are great and being able to defend myself is great, and have a strong and healthy body is great... but it is still work for me, not fun.
The question was specifically how to deal with people who only offer criticism and do not contribute anything themselves.
Criticism is a part of development or any creative effort. Development is an iterative process and requires feedback and input from lots of people.
However the person who should leave the team is the person who does not have anything to offer. If someone's only "contribution" is to suggest how other people "should" be doing the work, that person is not really contributing.
There is an old Chinese saying that is tangentially related here. "The person who says it cannot be done should not bother the person who is doing it." Similarly, the person who says it should be done another way should either demonstrate that by doing it themselves, or STFU and leave the team alone.
Open Source is developed by and large by volunteers. While critical individuals are able to offer their criticisms, the people are doing the actual work are equally able to ignore them. Either a person is contributing code, contributing to the effort through things like documentation, wiki support, what ever... or a person is just a hanger on leeching off of the efforts of others. If that person is the worst kind of hanger on; the topping from the bottom, back seat driving, wanting to be in control but lacking the talent to do things themselves type of hanger on... well then fuck them.
If a person is living an area of the world that lacks the bandwidth to view online videos, are they really the kind of person who will be accessing content about how to build and deploy multi-tier applications into a IaaS stack?
While this might not be the most subtle way of handling things, it could be quite effective to repeat the same question every time they are critical. "What have you contributed?"
Just ignore their arguments and ask them what they have contributed. Over and over and over again.
They will either go away, stop posting so much, contribute, or perhaps realize that the whole point of the movement is to contribute actual code and functionality.
On the Internet, ignore them. In real life, talk about them every time they open their mouth and complain. "Oh there goes Joe again, whining and NOT CONTRIBUTING." Then return to your regularly scheduled activities of doing things.
How do you deal with things like re-tests and conflicting priorities for remediation? For example, client wants vulnerabilities patched in one week but the next maintenance window is for two weeks.
I work for an organization that hosts PII for a number of large public companies. We are constantly asked about vulnerability scans and about 50% of the clients want to scan our networks themselves. We do not allow that.
The compromise is that we conduct bi-weekly scans with Rapid7, and hire from a rotating list of third parties to conduct yearly vulnerability assessments of our applications and infrastructure. We make the high level results of those scans (number of vulnerabilities found) available to the clients. We also have to put up with the occasional fire drill like Heartbleed. During those situations, we deploy the patches as soon as we can test them, and then provide letters of attestation to any client who wants / needs one.
While some clients complain, they eventually come around when we explain to them that it is for their own safety and the protection of their information. We are in a situation where we retain data for companies who are in direct competition with each other. When push comes to shove, we sometimes have to explain that, "Just like we will not let you scan our network for vulnerability, we will also not allow your direct competitor to scan our networks either."
Slashdot Mirror
I work in an organization that struggles with this. One of my guys is a very competent technical resource who deserves to be paid more than we are "allowed" to pay him based on his current title / position. Our company is a consulting company and the compensation model was designed to reward managers who are leading large teams of people on client engagements. The model is not flexible enough to reward people in technical positions who do not have direct reports.
In order to hack the system, we had to setup a bunch of dotted line reports for him on the organization chart. He does not technically "manage" them because he is not responsible for performance reviews and all of those other fun managerial tasks. But since he could technically delegate to them, they count towards his head count requirement.
Well played sir
They are probably all selling access to the same set of DSLAMs at the CO.
The de-regulation of DSL was a mixed bag. On one hand, it produced competition and lowered prices. On the other, there was so much competition that companies were folding left and right. When I was doing SMB consulting in the mid-2000s we had one client who had to change providers four times in three years because they always went with the lowest priced provider and those providers kept folding.
Agreed. I was with Charter for about a decade and had good service. I always got more bandwidth than I was paying for and the service was stable. In ten years, I never had an outage.
It is a bit of an interesting situation because the Century Boulevard exit shares the transition lanes from the 105 onto the 405. So from the Waze POV it probably saw it as the "105 Freeway" and noticed that it was less congested than the 405. Having said that, the instructions were "Take Century Boulevard exit" and not "Merge onto 105 transition".
This should link to the area. The exit is basically at the 105 and I merged back onto the 405 near W Arbor Vitae St
https://www.google.com/maps/@3...
We see them on electronic billboards over the freeways. I received one on my phone once upon a time, but it came with the option to unsubscribe from future alerts and I did that.
I am not sure how big of a problem child abductions really are. My sense is that nine times out of ten they are just custody disputes. Mom / Dad gets upset with their spouse and takes the kid out to run errands / go to the bar. Spouse freaks out and calls the cops. Cops over react and issue Amber Alert.
They also seem to have implemented what I am calling the "Dick Move" algorithm. The dick move is using the exit lane to pass people.
For example, I was traveling north on the 405 to Santa Monica. When I got to LAX, they told me to take Century Boulevard off ramp.... and then merge back onto the 405. It was a great move and let me bypass about a mile of bumper to bumper traffic. At the same time, I think most people agree that doing that is a dick move.
Yes. We usually see Amber Alerts at least once a month. They are usually 'child abductions'. The authorities share the year, make and model of the vehicle plus the license plate number.
I agree with you that you are not anonymous to Google. That is easy enough to deal with. Stop using their services.
The bigger question is whether or not Google anonymizes your data before sharing it. Just because the data is all there does not mean that it is being shared.
While Google might provide data along the lines of, "Within the last 30 minutes, 5000 people have averaged 35mph over this 0.1 mile stretch of road" ... They are not going to provide a detailed list of who those 5000 people are, the last time they bought gas, the brand of car they drive, or what they ordered for lunch to any random person who wants that information.
Are you certain that the data is not being anonymized? In the case of traffic data, it is trivial to do technically. Just write a function to replace the unique ID (cell phone number, ESN, IMSI, whatever) with a random primary key and retain the rest of the data (position, speed, time, etc.)
Maybe they are breaking it up into two buckets. One is used by Google Now for personal consumption (daily route suggestions). The other goes into the public consumption data (traffic reports).
I have an Evo 840 for my OS and I put my games on a RAID1 array built from 2, 1TB Western Digital black drives with 64MB of cache. The Windows pagefile and temp directory are on a second RAID1 array with older drives that have 32MB of cache.
I play a lot of Battlefield 4 and I am frequently one of the first players to join the map, even when I am playing on a server with others who have SSD drives.
When I am moving files around my system, I often get ~120MB/s read speed out of the RAID1 array.
While this is obviously not an apples to apples comparison, I am happy to be getting similar performance and more space for considerably less money per gigabyte. I am using the built-in Intel SATA RAID controller.
The embedded link does not work.
Good job Tim!
As will .blows and every other domain that aligns with a negative connotation in the English language.
I wonder if the Farsi equivalent of .sucks will have the same problem.
Nor is it clear that anyone other than some classes of users who are forced by law or employer dictate to use a trusted system actually would do so. No or very restricted email, social networking, etc.
This is the environment that I work in. We use a combination of Citrix and VMware 'non-persistent disks' to provide a locked down environment that reverts to a clean, known good configuration every time a new session is established. We have to maintain that kind of environment because we work with sensitive data.
I think that the fact that banks and merchants appear to be unable to secure their transaction flows ...
I am not sure that this is accurate. In two of the more recent major breaches (Target and Home Depot) it was acknowledged that the internal security controls and systems management strategies (patches, etc.) were inadequate. That leads me to believe that it is not that they are "unable" to secure their networks, but that they simply refused to do so.
Between hardware layer access controls (think MAC white listing), firewall controls and PKI technologies, it is possible to secure a network and the data that traverses it. All of those controls are worthless if the data is being held in a 15 year old SQL database that has not been patched in 3 years with an admin who is browsing porn from the console.
It is going to get to the point where the only viable solution is a trusted sandbox. It will be something along the lines of a TPM chip to make sure that the OS image / boot loader has not been compromised, combined with a white listed set of applications and trusted content sources.
People are either going to give up computing freedom for security, or they are going to become desensitized to and accepting of the fact that their "private / personal data" is neither.
Right now I do not have a well formed goal in mind. My initial goal was to relieve the sciatic nerve pain. Then it was to learn kung fu. I have pretty much plateaued and am trying to get over the hump, but lack the motivation or goal to do so. Right now I am on auto-pilot, just training seven to eight hours a week and working to refine the techniques and skills that I have. Teaching a few classes a week helps too because I enjoy helping others, but I am definitely stuck in a rut with my own training.
Mine still flairs up from time to time, but only when I slack off and stop exercising. It is definitely manageable.
I tried the whole "rest and pain killers" routine and that just made it worse. I am fully convinced that the only way to deal with sciatic nerve pain is with exercise / stretching.
This is spot on and should be modded up.
Enter personal anecdote...
About fifteen years ago I was starting to struggle with sciatic nerve pain due to years spent driving a car with a heavy racing clutch in traffic, and a lack of exercise. I considered my options and decided to start practicing tai chi. I caught a bit of a break and found a legitimate sifu. After a couple years of tai chi, I started training kung fu as well. It has been over a decade and I train on a daily basis. I can eat whatever I want because I burn it off.
None the less, it is a struggle. Despite all of the benefits, there are plenty of days when I would rather go home after work and play video games instead of heading over to the temple to train or teach classes. I still have not overcome the "exercise sucks" mentality. Sure, the endorphins are great and being able to defend myself is great, and have a strong and healthy body is great... but it is still work for me, not fun.
The question was specifically how to deal with people who only offer criticism and do not contribute anything themselves.
Criticism is a part of development or any creative effort. Development is an iterative process and requires feedback and input from lots of people.
However the person who should leave the team is the person who does not have anything to offer. If someone's only "contribution" is to suggest how other people "should" be doing the work, that person is not really contributing.
There is an old Chinese saying that is tangentially related here. "The person who says it cannot be done should not bother the person who is doing it." Similarly, the person who says it should be done another way should either demonstrate that by doing it themselves, or STFU and leave the team alone.
Open Source is developed by and large by volunteers. While critical individuals are able to offer their criticisms, the people are doing the actual work are equally able to ignore them. Either a person is contributing code, contributing to the effort through things like documentation, wiki support, what ever... or a person is just a hanger on leeching off of the efforts of others. If that person is the worst kind of hanger on; the topping from the bottom, back seat driving, wanting to be in control but lacking the talent to do things themselves type of hanger on... well then fuck them.
If a person is living an area of the world that lacks the bandwidth to view online videos, are they really the kind of person who will be accessing content about how to build and deploy multi-tier applications into a IaaS stack?
While this might not be the most subtle way of handling things, it could be quite effective to repeat the same question every time they are critical. "What have you contributed?"
Just ignore their arguments and ask them what they have contributed. Over and over and over again.
They will either go away, stop posting so much, contribute, or perhaps realize that the whole point of the movement is to contribute actual code and functionality.
On the Internet, ignore them. In real life, talk about them every time they open their mouth and complain. "Oh there goes Joe again, whining and NOT CONTRIBUTING." Then return to your regularly scheduled activities of doing things.
How do you deal with things like re-tests and conflicting priorities for remediation? For example, client wants vulnerabilities patched in one week but the next maintenance window is for two weeks.
We are in the same situation and we have data centers spread around the globe to deal with data privacy and jurisdictional considerations.
I could have made that more clear. We license Rapid7 and use their tools to conduct internal tests of the systems on a bi-weekly basis.
I am curious about this as well. What are the potential risks of maintaining focus on a point a few inches away from the eye for hours upon hours?
I work for an organization that hosts PII for a number of large public companies. We are constantly asked about vulnerability scans and about 50% of the clients want to scan our networks themselves. We do not allow that.
The compromise is that we conduct bi-weekly scans with Rapid7, and hire from a rotating list of third parties to conduct yearly vulnerability assessments of our applications and infrastructure. We make the high level results of those scans (number of vulnerabilities found) available to the clients. We also have to put up with the occasional fire drill like Heartbleed. During those situations, we deploy the patches as soon as we can test them, and then provide letters of attestation to any client who wants / needs one.
While some clients complain, they eventually come around when we explain to them that it is for their own safety and the protection of their information. We are in a situation where we retain data for companies who are in direct competition with each other. When push comes to shove, we sometimes have to explain that, "Just like we will not let you scan our network for vulnerability, we will also not allow your direct competitor to scan our networks either."