Re:Punitive Damages (this is insightful how?)
on
Racism At Microsoft?
·
· Score: 1
The plaintiffs do. Functionally, a punitive award is the same as statutory or compensatory (actual) damages, it just has no real bounds. But unlike actual and statutory damages, punitive damages can be tied up endlessly in court, appealed, set aside or reduced, etc.
Re:Punitive Damages (this is insightful how?)
on
Racism At Microsoft?
·
· Score: 2
Why don't you learn how to read? After the
quoted sentence, I said,. "and punitive damages". Punitive damages can be of any amount the jury feels is justified to punish the offense, as opposed to actual damages or statutory damages (legislated fines).
Obviously, punitive damages. People suing over job discrimination can sue for actual damages (lost wages, promotion opportunities, backpay, etc), and punitive damages (ow).
That said, how is this insightful? How many posts can get moderated to 4+ for screaming "$5B??!#" incredulously?
Why? I'd say its more fun to make $3000/mo
off playing a game. He and I roomed together
in college, and paid for a lot of our college
expenses (and he paid his tuition, to boot),
trading and selling Magic: The Gathering cards.
Fun? yes. And a hell of a lot better than
McDonalds, or the computer lab. And it paid
much better, too.
First, for those who play and haven't heard:
your best defense is to make a new mule character,
with a non-guessable but not obvious name. (don't use the name jwiefiasjda, because ppl can see you
entering and leaving chat, and that name is a giveaway). Mule your equipment over to that character.
What's insane is that blizzard took the Realms down last night for 'emergency maintenance'. After a couple hours, they came back up, with no mention of the reason they were down or mention of a fix. A lot of people mistakenly thought things were repaired -- and paid the penalty. What we can't figure out: why haven't they said ANYTHING? Why not just shut the realms off? Or say ahead of time: all characters will be rolled back until as of now, so you can play, but it will be rolled back, along with all the thefts. Only Blizzard knows what's going through their heads, and they aren't saying.
I have one friend who makes $2500-$3000 systematically acquiring, trading, and selling on ebay the best items you can get in the game. He anticipates his income will be devastated by this incident, because people used to trust that their stuff would remain their stuff -- and now, who could trust the realms?
Another interesting point is that because
MUDs use 'antiquated' technology, there's more
out there to help people with disabilities.
Years ago, I spent a lot of time coding to
create the features that produced Avendar,
a MUD descended from the ROM (Rivers of Mud)
code. A few weeks back, there was a post
on our forum written by a player who had been
in a party, out doing what parties do, and
had a member moving slowly. He said something
to the effect of, "I was getting impatient,
asking him to cast X for the 3rd time. Finally,
he said, 'Sorry, please be patient. I have
to wait for the computer to read me everything
and catch up, I'm blind.'" And so, the blind
player was lagged because the leader had
led them running through so many rooms. Apparently, the guy has voice software reading
400 words per minute. We were all duly impressed.
Our own mud (which I really no longer have the
time or inclination to spend working on, but
still host) is home to hundreds of regular
players, and is just one of hundreds more like
that. I will say, too, that a well designed
mud can not only be an incredible RPG (because
you can still imagine from text a lot better
than you can see from art on Everquest), but
a much better balanced game, as well.
The Recourse box I mentioned in the original post actually generates fake data on the system in an effort to make it look more usable. Part of its config is to input some executive names, and it does (beyond that) the random generation of a lot of other data -- you could never tell, since the data is input into the cage from the outside. The goal is to make the box look like a mailserver. When I first saw it, it wasn't very sophisticated, but I've heard that the spoofed content has grown more convincing. It probably still wouldn't stand incredible scrutiny.
Of course, there are entirely different rules for bastion-sacraficial-lamb-host honeypots and virtual-machine/chroot()-cage honeypots -- one is just meant to be hacked and postmortemed -- the other is much more of an audit tool, and preferably doesn't need reinstalling after a hack.
On the former, you can clean up your tracks easily; on the latter, well, most have several dead giveaways -- if people bother to check. (the pid of init, for example) But many don't -- especially the script kiddies that may mass-hack a whole corporate block (hopefully starting with that wide-open honeypot).
Recourse's first product was a honeypot. They have a remarkable technical team, which, commercially, makes them the one to watch in this space.
Honeypots are some of the fluffiest of security products, imo, far less useful that firewalls, integrity verification software, etc. But having a cage environment to examine the activities and practices of a cracker can be useful in determining how to post-mortem a bad situation, as well as help gather evidence to get law enforcement involved.
Honeypots that want to provide maximum auditing and usefulness tend to try to run a virtual machine -- either by virtue of chroot'd cages, or virtual machines. The problem is keeping a sophisticated attacker in the cage. As was pointed out on Bugtraq, it is fairly easy, owing to kernel behavior, to detect that one is in a cage. You can send kill signals to pids that aren't in your visible process list, and the kernel responses will tip you off that you are only being shown part of the process table (the Recourse product simulates a live/proc fs within the cage). Other tipoffs include memory locations, pids for processes like init, etc.
Nonetheless, my real-world experience tells me that your greatest risk is an attack from the script kiddies, with the fresh d/l from bugtraq or the like, or even unreleased exploits, not sophisticated crackers seeking entry into specific boxes. In this case, the honeypot can be very valuable -- first as an easily-cleaned distraction (a good honeypot LOOKS like it is a machine at work, but isn't) -- then as a trace of activities, so you can prevent further incidents. Properly placed, it can help lure in attacks first, providing a warning that can be responded to before other real product boxes get compromised.
It has been pointed out, and bears repeating, that the right place for a honeypot is on a DMZ, where it does not have priveleged access to protected hosts. People have put honeypots behind firewalls in protected nets, and then had them be used as jump-off points for much more serious compromises.
(1) If you're a bulk provider, with hundreds of web sites, it isn't even worth batting an eye to keep hosting a spam software provider. If they wanted to follow the money, they may refuse to remove them, but they certainly wouldn't defend them when MAPS came knocking. MAPS scares providers.
(2) How much is enough? Should MAPS block every single IP address that the provider has, just to force them to stop hosting the software seller? How many innocent sites have to be taken down in the name of shutting down the spammers? And do you really think people looking for spamming software won't be able to find it because you shut this down? When these software sellers move, should we shut down a thousand more? Will you feel the same when its YOU?
(3) No one ever stops to think how insidiously powerful MAPS has grown. As their filters have become useful, it has gone far beyond good sysadmins using them to protect their users -- it has gone corporate, with millions of addresses obeying the filters MAPS dishes out. What happens when it is abused?
Think that won't happen? Wrong, it already has.
MAPS blocked 209.211.253/24, because it hurt a lot more than just blocking 209.211.253.68-89, or even 209.211.253.64/27. I shouldn't need to repeat it, Jamie made a great point: Paul Vixie said MAPS contacts all blocked websites before blocking them. Ah, but that must date back to before MAPS was so powerful, such an icon of internet protection, with supporters lining up to buy them lawyers.
(4) MAPS is tied far too closely with AboveNet. The fact that Vixie was an Abovenet VP (who knows what he is with Metromedia, who bought Abovenet), should absolutely chill people. There's something absolutely creepy about the power to block email to 40% of addresses being thus controlled. I'm sure the small-time sysadmins would remove MAPS configs from sendmail if it were abused -- but would corporations be so quick to follow? With change control procedures, possibly even total apathy?
At this point, a lot of these points have been intentionally sensationalized to provoke a bit of thought. I think that MAPS has just selected an overbroad block to filter this time -- and I agree with filtering spam software sales. You support spam, down you go. But I also think that the cheerleading, here and elsewhere, and the lack of concern over the fact that MAPS has run roughshod over so many innocent sites, shows that people have a tendency to follow net luminaries far too blindly. If you're going to run MAPS filters, then you're handing that project power. Best keep an eye on that, if you don't want to contribute to the abuse of that power.
I'd guess that employer-sponsored daycare, even if the costs were passed on dollar for dollar to employees, would be very welcome if they made room for it onsite. Even if most techies remained male, they still may well want daycare down the road, because they may have wives who work in other industries that aren't so obliged to provide good benefits to attract employees.
That said, let me add that in many tech jobs, a cell phone isn't a 'perk' anyhow. It's just another way for your employer to harass you after-hours, and keep you working 24x7.
From an economic standpoint, daycare makes sense if you can make considerably more than your daycare costs. I haven't had a chance to face this particular dilemna yet, but imagine this scenario:
Husband: $110k/yr as an engineer manager
Wife: $65k/yr as, say, a sysadmin, or QA tester
Let's say, for the sake of argument, this is California. With the marriage penalty in place on their income, all her income (if you consider her working vs not working) is taxed at 31, then 36% for a small portion, federal. 9.3% CA tax. So, her $65k, just assuming a 41.3% effective tax rate (which is low, factoring in Social Security and other payroll-based taxes), has dropped to 38k. Now she has to pay for daycare. She's working full time, so that's 200 days per year. Let's say that 1/4 of those are during summer. That's 150 days of childcare for 3 hours, say, and 50 days of childcare for 10 hours. Assuming $7/hr for
daycare, she's now paying $6650/yr per child.
On 2 children, that means $13300, a cost of
working, lowering her net income to $24500.
Again, these numbers are generous. Daycare could easily cost more (especially in the valley), taxes take a larger bite. And then the parents have to ask: is it worth not having one full-time parent for the income? In the silicon valley, they may be so tight there's no choice, because of soaring housing costs. Of course, this analysis changes a lot for single parents who must have daycare, and either way, I think many large employers can become more attractive to 'established' workers, because you have to be fairly sizable to do daycare in house. But I live 10 minutes from Dell HQ, and their campus is colossal. Several of my neighbors work there. Having daycare (which they probably do) would undoubtedly go over very well, and help them to compete for workers against fresh startups with enticing options and chances for advancement.
So, in the end, the question I have to ask is: will daycare attract workers only? Or will it actually create them? (by drawing stay-at-home parents into the workforce they left behind because the childcare is a reasonable option)
Much of the beneficial backlash Linux has gained at Windows NT's expense will dissipate by 2002, forcing the Linux community to refocus and re-energize its campaign for wide corporate acceptance.
Gartner factors in the transition to windows 2000, but clearly has failed to factor in the replacement of the Windows NT backlash with newer, improved Windows 2000 backlash. Even more users upset that previous versions!
Why don't you READ before you type? I saw the price tag for Visual Studio, which is not just the visual C++ compiler, but the whole integrated suite, including interdev, for $800 to $1000, locked in a glass case, at Frye's. I personally paid like $70, through a friend who bought it at the Microsoft store as an employee. Is that clear enough?
I was thinking of visual studio 6, which was retailing at fryes when I saw it for at _least_ $800, if not $999. I think I paid $79 for it, through the Microsoft store. (through a friend, not myself;))
Agreed. The moment the CueCat was mentioned, it became absurd, because he referred to it as though everyone would know what he was mocking. The intended audience really wasn't M$, but/. readers.
I wonder...what did happen to Vinod?
Anyhow, whoever did it DID make a lot of interesting points, from the beer vs speech holy war to Gnome vs KDE.
I did think of something though - we owe a lot to the young people contributing. There's a lot of people with a lot of ability who can't afford to pay $1000 for a compiler, who are contributing a lot of labor to various OSS causes, and largely, I imagine this is because their careers haven't handed them a full plate; personally, they don't have a lot of life's hassles yet (kids, etc); they thrive on better technology, and enjoy it; they have a lot of energy and not enough stimulation (especially for talented students in unchallenging CS programs and the like). And as they go, there will be a new crop, and with OSS much more ingrained on the way now, I think they may keep it as a hobby as the community grows. There's certainly a truth in the fact that OSS suffers from mythical man month problems just like everything else, except that sometimes the most important things are big ideas wrapped in small packages, and so genius can be spread out among more projects with the implementation being done by others. The best techies I've ever known spend more and more time just telling other people how to do things right, rather than doing it themselves.
Also, its not as though this is generic hardware doing generic btree lookups. Ciscos routers implement caching systems which speed up the routing immensely. This, in fact, is the reason why you can't just "apply filters" to routers handling tons of traffic, because filtering and the fast cache processing aren't compatible, so the performance loss from implementing access lists is orders of magnitude. Also, never mind
45Mbps. Big routers now are taking way, way more bandwidth than that. But algorithms are great this way. With a simple btree (balanced, granted), 16 operations nets a sort through 65536 items. Increase your cycles by 50% (to 24 operations), and now you're getting through 16777216 items, or a gain of 256. Or, put another way, an increase of X operations in a binary tree yields an additional sort capacity of 2^X. This is aside from the fast caching which can bypass these full checks.
There's a problem with route aggreggation, and while bigger providers are more responsible, its still an issue. But lets put gigabytes of memory in perspective, here: my biggest personal box is sporting 512M of ram. Is a few gigs of ram
any sort of shock for routers that cost hundreds
of thousands of dollars?
It also wouldn't surprise me to see more auto-aggregation being done with spare cpu cycles as the routes propagate, which would probably help.
Because it must take a lot of lawyer dollars to go and file with WIPO and get the domains. And there are nearly endless variations on the suckiness experienced.
Someone mentioned a boycott. Never mind a boycott -- how about a protest. Everyone go spend $12 on registering a related suck domain, make it its own authoritative name server, and point it at the original IP for the domain. They'll have to file hundreds and hundreds of WIPO complaints, since each domain with have a separate Respondent. Heck, you could do it yourself just by inventing aliases the WIPO would have to 'contact' for a response.
On a related note, there's another way to handle this entirely -- alternate domain name systems. No one ever said you had to use ICANN/internic/etc's infrastructure. It would be fairly easy to put some alternate servers first in root zone files, and only let stuff fall back to icann servers after failing. Owners of appropriated domains could register with the alternate service, and people who wanted to see alternate non-corrupted registrations could view them.
The quality of employees in a company have a huge, huge impact on its would-be success, as do some other factors.
(1) Companies with great people and good business models attract more great people. Generally speaking, the best people in this industry only switch jobs by referral. Unless I switch careers laterally pretty far (say, moving from security work that I do now to, game programming, which I've always thought would be fun), I will never again be 'seeking' a job. I'll just be asking friends who's got the best place to go.
(2) The inverse is also true. Companies with weak people attract weak people, especially technically. For example, a lot of companies know what they need technically, but they can't find it. They hire consultant after consultant, and they fail again and again because the consultants being pimped out by consulting companies these days are pathetic. Having interviewed a great number, you run across situations where people claim to be 'expert' in Solaris, for example, but can't tell you the simplest things, like, say, where you set name servers for name resolutions, how to turn on ip forwarding, or where you would change a mount point on a drive. Yet, clearly, the companies sent these would-be consultants in thinking we'd hire them. This reflects, in my mind, either an expectation that the interviewing company cannot discern applicants, or an expectation that mediocrity is acceptable to acquire a warm body.
(3) Making money was just optional for far too long. Too much watery-eyed technochasing, or, in many cases, watery-eyed garbage chasing, was going on. Let's consider our old friend, the CueCat. For those in the industry, how many companies do you know of who's ideas were about as technically deep? And for every one of these fairly-simple ideas that pans out (Hotmail for free email, for example), how many failed? (And here, you could insert a dozen startups doing internet 'briefcases', chat this, doc-share that, etc)
Then there's people who seemed to think that anything could be sold online -- UserPaperMacheHotTub.com, etc. All these extra ventures created demand that brought more people into the industry, but too many people (in it and joining it) were underqualified, but able to make good money because people had to hire someone (and then fail, because 'someone' isn't good enough).
(4) Too much money spent when it wasn't needed. Bruce Perens recently said that programmers were wasting half of their time reinventing the wheel. I've seen this firsthand way too many times. Companies blow tens or hundreds of thousands of VC dollars on solutions to problems that could be solved with a visit to Freshmeat. The problem of overconsumption of technology takes other forms; companies who buy Oracle ASP services when they should have run linux and php, etc.
(5) The Certification Myth. This is my personal favorite. In one office I've visited, they have a chart up on the wall, showing the number of employees who have various certifications -- CCNA, MCSE, MCP, MCP+I, A+, etc. People place an enormous amount of faith in these certs. At one recent recruiting event, one company was acquiring sysadmins with the following: "Do you have an MCSE?"; if they did, hired; if not, thanks anyhow. Meanwhile, the very best people I know are not certified. They're generally also not college educated. Those who are are educated in other fields (for example, degrees in English, now doing hard core tech work, or even a former lawyer turned techie). Meanwhile, sappy companies hire morons with some letters after their names.
Again, this sort of ignorance begets the same. The bright people will avoid working for companies that value certs above skills, because why should a truly expert BGP guy work for a company who pays him less and treats him as less senior than a relative fool with a CCIE (although of all the certs, the CCIE has the smallest number of lamers with one).
All of this is compounded by the fact that some of the best technical people are also those with the least people skills. They recognize their treatment, but they are simply bitter and condescending, and instead of being tapped for their good traits they are relegated to ineffective corners of organizations.
Overall, its no wonder companies are failing all around. And this is why there IS a shortage of IT workers -- its not that there aren't enough, there just aren't enough good ones. It shouldn't come as a surprise. It's become a real industry. Other real industries have schooling followed by training. They have fellowships or internships that are required, or apprenticeships to reach journeyman level. This isn't the way of the tech field, and thank goodness, because it interferes with the meritocracy that draws such bright people into the field and keeps them there and working hard. But it leads to a bunch of bogus credentials, and the worst are book test based certifications.
That's fine, too. Obviously, it has lost its traditional meaning. If you want to replace it with something else, do it, but in the mean time, I don't think that denying a gay couple the right to marry is, 'preserving' marriage. I keep my eye out looking for good logic on why not, but most arguments I see against it are simply along the lines of, "that's not what marriage is about."
Of course, you're absolutely right about that. In one post, I mentioned that I agreed with one sig floating around -- I'm voting for X because I'd rather be right than win. And if we all felt that way, we WOULD be winning. But we need meaningful compaign finance reform. I'm all for everyone contributing X dollars to fund a campaign, and they can't spend a dime more, anywhere, any time.
Although I think your analysis of Clinton's motivation is correct, polls show a frightening number of americans support the basic principle that marraige is between a man and a woman only. Personally, I think that gay couples should absolutely be able to marry, and that it should be binding in every way as a normal marraige -- for example, division of assets and alimony.
As far as welfare reform, that was a very, very bipartisan move that an insanely high percentage of people, left-wing or right, approve of. In fact, the need for welfare reform was probably pushing a lot of hardworking americans further right in voting than they would have, just as I think many Americans are more leftist than they feel because of gun control.
Nader is honest, and if I were only voting for a man, I've been very impressed by him. However, the green party platform is absolutely insane to my eyes -- a sort of collectivist nightmare which I envision immediately evolving into a totalitarian state. It's a sort of planned society that can never work out right. If government could solve problems, we wouldn't have education and crime issues after the focus on them for so long.
Meanwhile, my own bent is libertarian, and I'm finally going to vote it. I have the luxury, at least in the presidential race, of voting for whomever I want, because GWB is a lock for Texas if he's a lock anywhere, but I tend to agree with a certain Nader supporters.sig who's been posting to slashdot. As he says, "I'm voting for Nader because I'd rather be right than win." And you know, I think if everyone felt that way, we'd have a lot better government.
If people are ignorant of the candidates, the parties, and the process, they don't have any business voting. Voting is a civic duty that every American should participate in. But the duty of voting does not consist of going to the ballot box and just checking off whatever comes to mind, what your friend thought was a good idea, etc. Responsible citizens explore and try to understand the issues, the differences between the various candidates, and then vote in the best interests of the nation. While the founding fathers recognized that factionism would likely occur, they still regarded voting for the best candidate for office as a civic responsibility, rather than simply voting self-interest.
People who can't name vice-presidential candidates or who don't know the issues shouldn't be voting. They should be learning.
Actually, that's the point: the toshiba ram from Frye's was actually good stuff. It was the crap ram from a hole-in-the-wall parts dealer that was no good. They mostly sold name brand stuff, just bulk and deep discounted (Hi-Tech USA), and obviously a p3 from them is the same as a p3 from anyone else, but the RAM they included in the packages by default just didn't cut it.
I built a box from a hole-in-the-wall parts reseller that did volume, volume, volume in the silicon valley, and started having some stability issues. So I started doing mass kernel recompiles (100 at a time) as a test, and sure enough, gcc exited with errors, at random points. However, I've heard that this is not necessarily 'bad bits' on the memory sticks, but rather an inability of the memory to actually keep up with the 100Mhz bus, even though it was billed as pc-100 RAM. Anyhow, after that, I always sprung for the premium Toshiba lifetime-guarantee ram at fryes, and I just got the other parts elsewhere.
Slashdot Mirror
The plaintiffs do. Functionally, a punitive award is the same as statutory or compensatory (actual) damages, it just has no real bounds. But unlike actual and statutory damages, punitive damages can be tied up endlessly in court, appealed, set aside or reduced, etc.
Why don't you learn how to read? After the quoted sentence, I said,. "and punitive damages". Punitive damages can be of any amount the jury feels is justified to punish the offense, as opposed to actual damages or statutory damages (legislated fines).
Obviously, punitive damages. People suing over job discrimination can sue for actual damages (lost wages, promotion opportunities, backpay, etc), and punitive damages (ow).
That said, how is this insightful? How many posts can get moderated to 4+ for screaming "$5B??!#" incredulously?
Why? I'd say its more fun to make $3000/mo off playing a game. He and I roomed together in college, and paid for a lot of our college expenses (and he paid his tuition, to boot), trading and selling Magic: The Gathering cards. Fun? yes. And a hell of a lot better than McDonalds, or the computer lab. And it paid much better, too.
First, for those who play and haven't heard: your best defense is to make a new mule character, with a non-guessable but not obvious name. (don't use the name jwiefiasjda, because ppl can see you entering and leaving chat, and that name is a giveaway). Mule your equipment over to that character.
What's insane is that blizzard took the Realms down last night for 'emergency maintenance'. After a couple hours, they came back up, with no mention of the reason they were down or mention of a fix. A lot of people mistakenly thought things were repaired -- and paid the penalty. What we can't figure out: why haven't they said ANYTHING? Why not just shut the realms off? Or say ahead of time: all characters will be rolled back until as of now, so you can play, but it will be rolled back, along with all the thefts. Only Blizzard knows what's going through their heads, and they aren't saying.
I have one friend who makes $2500-$3000 systematically acquiring, trading, and selling on ebay the best items you can get in the game. He anticipates his income will be devastated by this incident, because people used to trust that their stuff would remain their stuff -- and now, who could trust the realms?
Another interesting point is that because MUDs use 'antiquated' technology, there's more out there to help people with disabilities. Years ago, I spent a lot of time coding to create the features that produced Avendar, a MUD descended from the ROM (Rivers of Mud) code. A few weeks back, there was a post on our forum written by a player who had been in a party, out doing what parties do, and had a member moving slowly. He said something to the effect of, "I was getting impatient, asking him to cast X for the 3rd time. Finally, he said, 'Sorry, please be patient. I have to wait for the computer to read me everything and catch up, I'm blind.'" And so, the blind player was lagged because the leader had led them running through so many rooms. Apparently, the guy has voice software reading 400 words per minute. We were all duly impressed.
Our own mud (which I really no longer have the time or inclination to spend working on, but still host) is home to hundreds of regular players, and is just one of hundreds more like that. I will say, too, that a well designed mud can not only be an incredible RPG (because you can still imagine from text a lot better than you can see from art on Everquest), but a much better balanced game, as well.
The Recourse box I mentioned in the original post actually generates fake data on the system in an effort to make it look more usable. Part of its config is to input some executive names, and it does (beyond that) the random generation of a lot of other data -- you could never tell, since the data is input into the cage from the outside. The goal is to make the box look like a mailserver. When I first saw it, it wasn't very sophisticated, but I've heard that the spoofed content has grown more convincing. It probably still wouldn't stand incredible scrutiny.
Of course, there are entirely different rules for bastion-sacraficial-lamb-host honeypots and virtual-machine/chroot()-cage honeypots -- one is just meant to be hacked and postmortemed -- the other is much more of an audit tool, and preferably doesn't need reinstalling after a hack.
On the former, you can clean up your tracks easily; on the latter, well, most have several dead giveaways -- if people bother to check. (the pid of init, for example) But many don't -- especially the script kiddies that may mass-hack a whole corporate block (hopefully starting with that wide-open honeypot).
Recourse's first product was a honeypot. They have a remarkable technical team, which, commercially, makes them the one to watch in this space.
/proc fs within the cage). Other tipoffs include memory locations, pids for processes like init, etc.
Honeypots are some of the fluffiest of security products, imo, far less useful that firewalls, integrity verification software, etc. But having a cage environment to examine the activities and practices of a cracker can be useful in determining how to post-mortem a bad situation, as well as help gather evidence to get law enforcement involved.
Honeypots that want to provide maximum auditing and usefulness tend to try to run a virtual machine -- either by virtue of chroot'd cages, or virtual machines. The problem is keeping a sophisticated attacker in the cage. As was pointed out on Bugtraq, it is fairly easy, owing to kernel behavior, to detect that one is in a cage. You can send kill signals to pids that aren't in your visible process list, and the kernel responses will tip you off that you are only being shown part of the process table (the Recourse product simulates a live
Nonetheless, my real-world experience tells me that your greatest risk is an attack from the script kiddies, with the fresh d/l from bugtraq or the like, or even unreleased exploits, not sophisticated crackers seeking entry into specific boxes. In this case, the honeypot can be very valuable -- first as an easily-cleaned distraction (a good honeypot LOOKS like it is a machine at work, but isn't) -- then as a trace of activities, so you can prevent further incidents. Properly placed, it can help lure in attacks first, providing a warning that can be responded to before other real product boxes get compromised.
It has been pointed out, and bears repeating, that the right place for a honeypot is on a DMZ, where it does not have priveleged access to protected hosts. People have put honeypots behind firewalls in protected nets, and then had them be used as jump-off points for much more serious compromises.
(1) If you're a bulk provider, with hundreds of web sites, it isn't even worth batting an eye to keep hosting a spam software provider. If they wanted to follow the money, they may refuse to remove them, but they certainly wouldn't defend them when MAPS came knocking. MAPS scares providers.
(2) How much is enough? Should MAPS block every single IP address that the provider has, just to force them to stop hosting the software seller? How many innocent sites have to be taken down in the name of shutting down the spammers? And do you really think people looking for spamming software won't be able to find it because you shut this down? When these software sellers move, should we shut down a thousand more? Will you feel the same when its YOU?
(3) No one ever stops to think how insidiously powerful MAPS has grown. As their filters have become useful, it has gone far beyond good sysadmins using them to protect their users -- it has gone corporate, with millions of addresses obeying the filters MAPS dishes out. What happens when it is abused?
Think that won't happen? Wrong, it already has. MAPS blocked 209.211.253/24, because it hurt a lot more than just blocking 209.211.253.68-89, or even 209.211.253.64/27. I shouldn't need to repeat it, Jamie made a great point: Paul Vixie said MAPS contacts all blocked websites before blocking them. Ah, but that must date back to before MAPS was so powerful, such an icon of internet protection, with supporters lining up to buy them lawyers.
(4) MAPS is tied far too closely with AboveNet. The fact that Vixie was an Abovenet VP (who knows what he is with Metromedia, who bought Abovenet), should absolutely chill people. There's something absolutely creepy about the power to block email to 40% of addresses being thus controlled. I'm sure the small-time sysadmins would remove MAPS configs from sendmail if it were abused -- but would corporations be so quick to follow? With change control procedures, possibly even total apathy?
At this point, a lot of these points have been intentionally sensationalized to provoke a bit of thought. I think that MAPS has just selected an overbroad block to filter this time -- and I agree with filtering spam software sales. You support spam, down you go. But I also think that the cheerleading, here and elsewhere, and the lack of concern over the fact that MAPS has run roughshod over so many innocent sites, shows that people have a tendency to follow net luminaries far too blindly. If you're going to run MAPS filters, then you're handing that project power. Best keep an eye on that, if you don't want to contribute to the abuse of that power.
I'd guess that employer-sponsored daycare, even if the costs were passed on dollar for dollar to employees, would be very welcome if they made room for it onsite. Even if most techies remained male, they still may well want daycare down the road, because they may have wives who work in other industries that aren't so obliged to provide good benefits to attract employees.
That said, let me add that in many tech jobs, a cell phone isn't a 'perk' anyhow. It's just another way for your employer to harass you after-hours, and keep you working 24x7.
From an economic standpoint, daycare makes sense if you can make considerably more than your daycare costs. I haven't had a chance to face this particular dilemna yet, but imagine this scenario:
Husband: $110k/yr as an engineer manager
Wife: $65k/yr as, say, a sysadmin, or QA tester
Let's say, for the sake of argument, this is California. With the marriage penalty in place on their income, all her income (if you consider her working vs not working) is taxed at 31, then 36% for a small portion, federal. 9.3% CA tax. So, her $65k, just assuming a 41.3% effective tax rate (which is low, factoring in Social Security and other payroll-based taxes), has dropped to 38k. Now she has to pay for daycare. She's working full time, so that's 200 days per year. Let's say that 1/4 of those are during summer. That's 150 days of childcare for 3 hours, say, and 50 days of childcare for 10 hours. Assuming $7/hr for daycare, she's now paying $6650/yr per child. On 2 children, that means $13300, a cost of working, lowering her net income to $24500. Again, these numbers are generous. Daycare could easily cost more (especially in the valley), taxes take a larger bite. And then the parents have to ask: is it worth not having one full-time parent for the income? In the silicon valley, they may be so tight there's no choice, because of soaring housing costs. Of course, this analysis changes a lot for single parents who must have daycare, and either way, I think many large employers can become more attractive to 'established' workers, because you have to be fairly sizable to do daycare in house. But I live 10 minutes from Dell HQ, and their campus is colossal. Several of my neighbors work there. Having daycare (which they probably do) would undoubtedly go over very well, and help them to compete for workers against fresh startups with enticing options and chances for advancement.
So, in the end, the question I have to ask is: will daycare attract workers only? Or will it actually create them? (by drawing stay-at-home parents into the workforce they left behind because the childcare is a reasonable option)
Much of the beneficial backlash Linux has gained at Windows NT's expense will dissipate by 2002, forcing the Linux community to refocus and re-energize its campaign for wide corporate acceptance.
Gartner factors in the transition to windows 2000, but clearly has failed to factor in the replacement of the Windows NT backlash with newer, improved Windows 2000 backlash. Even more users upset that previous versions!
Maybe, if you think an article is worth moderating, you should actually look at the links first.
Score:4,GoodTroll
Why don't you READ before you type? I saw the price tag for Visual Studio, which is not just the visual C++ compiler, but the whole integrated suite, including interdev, for $800 to $1000, locked in a glass case, at Frye's. I personally paid like $70, through a friend who bought it at the Microsoft store as an employee. Is that clear enough?
I was thinking of visual studio 6, which was retailing at fryes when I saw it for at _least_ $800, if not $999. I think I paid $79 for it, through the Microsoft store. (through a friend, not myself ;))
Agreed. The moment the CueCat was mentioned, it became absurd, because he referred to it as though everyone would know what he was mocking. The intended audience really wasn't M$, but /. readers.
I wonder...what did happen to Vinod?
Anyhow, whoever did it DID make a lot of interesting points, from the beer vs speech holy war to Gnome vs KDE.
I did think of something though - we owe a lot to the young people contributing. There's a lot of people with a lot of ability who can't afford to pay $1000 for a compiler, who are contributing a lot of labor to various OSS causes, and largely, I imagine this is because their careers haven't handed them a full plate; personally, they don't have a lot of life's hassles yet (kids, etc); they thrive on better technology, and enjoy it; they have a lot of energy and not enough stimulation (especially for talented students in unchallenging CS programs and the like). And as they go, there will be a new crop, and with OSS much more ingrained on the way now, I think they may keep it as a hobby as the community grows. There's certainly a truth in the fact that OSS suffers from mythical man month problems just like everything else, except that sometimes the most important things are big ideas wrapped in small packages, and so genius can be spread out among more projects with the implementation being done by others. The best techies I've ever known spend more and more time just telling other people how to do things right, rather than doing it themselves.
Also, its not as though this is generic hardware doing generic btree lookups. Ciscos routers implement caching systems which speed up the routing immensely. This, in fact, is the reason why you can't just "apply filters" to routers handling tons of traffic, because filtering and the fast cache processing aren't compatible, so the performance loss from implementing access lists is orders of magnitude. Also, never mind 45Mbps. Big routers now are taking way, way more bandwidth than that. But algorithms are great this way. With a simple btree (balanced, granted), 16 operations nets a sort through 65536 items. Increase your cycles by 50% (to 24 operations), and now you're getting through 16777216 items, or a gain of 256. Or, put another way, an increase of X operations in a binary tree yields an additional sort capacity of 2^X. This is aside from the fast caching which can bypass these full checks.
There's a problem with route aggreggation, and while bigger providers are more responsible, its still an issue. But lets put gigabytes of memory in perspective, here: my biggest personal box is sporting 512M of ram. Is a few gigs of ram any sort of shock for routers that cost hundreds of thousands of dollars?
It also wouldn't surprise me to see more auto-aggregation being done with spare cpu cycles as the routes propagate, which would probably help.
Because it must take a lot of lawyer dollars to go and file with WIPO and get the domains. And there are nearly endless variations on the suckiness experienced.
Someone mentioned a boycott. Never mind a boycott -- how about a protest. Everyone go spend $12 on registering a related suck domain, make it its own authoritative name server, and point it at the original IP for the domain. They'll have to file hundreds and hundreds of WIPO complaints, since each domain with have a separate Respondent. Heck, you could do it yourself just by inventing aliases the WIPO would have to 'contact' for a response.
On a related note, there's another way to handle this entirely -- alternate domain name systems. No one ever said you had to use ICANN/internic/etc's infrastructure. It would be fairly easy to put some alternate servers first in root zone files, and only let stuff fall back to icann servers after failing. Owners of appropriated domains could register with the alternate service, and people who wanted to see alternate non-corrupted registrations could view them.
The quality of employees in a company have a huge, huge impact on its would-be success, as do some other factors.
(1) Companies with great people and good business models attract more great people. Generally speaking, the best people in this industry only switch jobs by referral. Unless I switch careers laterally pretty far (say, moving from security work that I do now to, game programming, which I've always thought would be fun), I will never again be 'seeking' a job. I'll just be asking friends who's got the best place to go.
(2) The inverse is also true. Companies with weak people attract weak people, especially technically. For example, a lot of companies know what they need technically, but they can't find it. They hire consultant after consultant, and they fail again and again because the consultants being pimped out by consulting companies these days are pathetic. Having interviewed a great number, you run across situations where people claim to be 'expert' in Solaris, for example, but can't tell you the simplest things, like, say, where you set name servers for name resolutions, how to turn on ip forwarding, or where you would change a mount point on a drive. Yet, clearly, the companies sent these would-be consultants in thinking we'd hire them. This reflects, in my mind, either an expectation that the interviewing company cannot discern applicants, or an expectation that mediocrity is acceptable to acquire a warm body.
(3) Making money was just optional for far too long. Too much watery-eyed technochasing, or, in many cases, watery-eyed garbage chasing, was going on. Let's consider our old friend, the CueCat. For those in the industry, how many companies do you know of who's ideas were about as technically deep? And for every one of these fairly-simple ideas that pans out (Hotmail for free email, for example), how many failed? (And here, you could insert a dozen startups doing internet 'briefcases', chat this, doc-share that, etc) Then there's people who seemed to think that anything could be sold online -- UserPaperMacheHotTub.com, etc. All these extra ventures created demand that brought more people into the industry, but too many people (in it and joining it) were underqualified, but able to make good money because people had to hire someone (and then fail, because 'someone' isn't good enough).
(4) Too much money spent when it wasn't needed. Bruce Perens recently said that programmers were wasting half of their time reinventing the wheel. I've seen this firsthand way too many times. Companies blow tens or hundreds of thousands of VC dollars on solutions to problems that could be solved with a visit to Freshmeat. The problem of overconsumption of technology takes other forms; companies who buy Oracle ASP services when they should have run linux and php, etc.
(5) The Certification Myth. This is my personal favorite. In one office I've visited, they have a chart up on the wall, showing the number of employees who have various certifications -- CCNA, MCSE, MCP, MCP+I, A+, etc. People place an enormous amount of faith in these certs. At one recent recruiting event, one company was acquiring sysadmins with the following: "Do you have an MCSE?"; if they did, hired; if not, thanks anyhow. Meanwhile, the very best people I know are not certified. They're generally also not college educated. Those who are are educated in other fields (for example, degrees in English, now doing hard core tech work, or even a former lawyer turned techie). Meanwhile, sappy companies hire morons with some letters after their names.
Again, this sort of ignorance begets the same. The bright people will avoid working for companies that value certs above skills, because why should a truly expert BGP guy work for a company who pays him less and treats him as less senior than a relative fool with a CCIE (although of all the certs, the CCIE has the smallest number of lamers with one).
All of this is compounded by the fact that some of the best technical people are also those with the least people skills. They recognize their treatment, but they are simply bitter and condescending, and instead of being tapped for their good traits they are relegated to ineffective corners of organizations.
Overall, its no wonder companies are failing all around. And this is why there IS a shortage of IT workers -- its not that there aren't enough, there just aren't enough good ones. It shouldn't come as a surprise. It's become a real industry. Other real industries have schooling followed by training. They have fellowships or internships that are required, or apprenticeships to reach journeyman level. This isn't the way of the tech field, and thank goodness, because it interferes with the meritocracy that draws such bright people into the field and keeps them there and working hard. But it leads to a bunch of bogus credentials, and the worst are book test based certifications.
That's fine, too. Obviously, it has lost its traditional meaning. If you want to replace it with something else, do it, but in the mean time, I don't think that denying a gay couple the right to marry is, 'preserving' marriage. I keep my eye out looking for good logic on why not, but most arguments I see against it are simply along the lines of, "that's not what marriage is about."
Of course, you're absolutely right about that. In one post, I mentioned that I agreed with one sig floating around -- I'm voting for X because I'd rather be right than win. And if we all felt that way, we WOULD be winning. But we need meaningful compaign finance reform. I'm all for everyone contributing X dollars to fund a campaign, and they can't spend a dime more, anywhere, any time.
Although I think your analysis of Clinton's motivation is correct, polls show a frightening number of americans support the basic principle that marraige is between a man and a woman only. Personally, I think that gay couples should absolutely be able to marry, and that it should be binding in every way as a normal marraige -- for example, division of assets and alimony.
.sig who's been posting to slashdot. As he says, "I'm voting for Nader because I'd rather be right than win." And you know, I think if everyone felt that way, we'd have a lot better government.
As far as welfare reform, that was a very, very bipartisan move that an insanely high percentage of people, left-wing or right, approve of. In fact, the need for welfare reform was probably pushing a lot of hardworking americans further right in voting than they would have, just as I think many Americans are more leftist than they feel because of gun control.
Nader is honest, and if I were only voting for a man, I've been very impressed by him. However, the green party platform is absolutely insane to my eyes -- a sort of collectivist nightmare which I envision immediately evolving into a totalitarian state. It's a sort of planned society that can never work out right. If government could solve problems, we wouldn't have education and crime issues after the focus on them for so long.
Meanwhile, my own bent is libertarian, and I'm finally going to vote it. I have the luxury, at least in the presidential race, of voting for whomever I want, because GWB is a lock for Texas if he's a lock anywhere, but I tend to agree with a certain Nader supporters
If people are ignorant of the candidates, the parties, and the process, they don't have any business voting. Voting is a civic duty that every American should participate in. But the duty of voting does not consist of going to the ballot box and just checking off whatever comes to mind, what your friend thought was a good idea, etc. Responsible citizens explore and try to understand the issues, the differences between the various candidates, and then vote in the best interests of the nation. While the founding fathers recognized that factionism would likely occur, they still regarded voting for the best candidate for office as a civic responsibility, rather than simply voting self-interest.
People who can't name vice-presidential candidates or who don't know the issues shouldn't be voting. They should be learning.
Actually, that's the point: the toshiba ram from Frye's was actually good stuff. It was the crap ram from a hole-in-the-wall parts dealer that was no good. They mostly sold name brand stuff, just bulk and deep discounted (Hi-Tech USA), and obviously a p3 from them is the same as a p3 from anyone else, but the RAM they included in the packages by default just didn't cut it.
I built a box from a hole-in-the-wall parts reseller that did volume, volume, volume in the silicon valley, and started having some stability issues. So I started doing mass kernel recompiles (100 at a time) as a test, and sure enough, gcc exited with errors, at random points. However, I've heard that this is not necessarily 'bad bits' on the memory sticks, but rather an inability of the memory to actually keep up with the 100Mhz bus, even though it was billed as pc-100 RAM. Anyhow, after that, I always sprung for the premium Toshiba lifetime-guarantee ram at fryes, and I just got the other parts elsewhere.