A Brief Memo to a Nation of Cattle

greenspun.com : LUSENET : Unk's Troll-free Private Saloon : One Thread

Notes from a backwater planet

A Brief Memo to a Nation of Cattle

[28 April 2002]

In his philosophical polemics, the oft-misunderstood Nietzsche often warned of the dangers of a ‘herd mentality’ in a technologically advanced society. It seems America has yet to heed the warning.

Since 11-Sept., pollsters around the nation have documented a dramatic shift in public opinion regarding big brother and individual privacy. For example, in a national survey (28 March 2002), J. Zogby found some 55% of those polled actually favored legislation which would allow police to search purses, handbags, backpacks, etc. at random, anywhere; 48% said they would allow their cars to be searched without probable cause, 36% favored having their mail arbitrarily searched, while 26% said they wouldn’t mind having their telephone conversations monitored by authorities. (source: Newhouse News Service, retrieved from http://www.newhouse.com/archive/story1a041002.html)

For those who responded in favor of eviscerating civil liberties in this country, I would direct them to the words of Milton Mayer:

What no one seemed to notice... was the ever widening gap ... between the government and the people... And it became always wider... the whole process of its coming into being, was above all diverting, it provided an excuse not to think for people who did not want to think anyway ... Nazism gave us some dreadful, fundamental things to think about ...and kept us so busy with continuous changes and 'crises' and so fascinated ... by the machinations of the 'national enemies,' without and within, that we had no time to think about these dreadful things that were growing, little by little, all around us... Each step was so small, so inconsequential, so well explained or, on occasion, 'regretted,' that unless one understood what the whole thing was in principle, what all these 'little measures'... must some day lead to, one no more saw it developing from day to day than a farmer in his field sees the corn growing. ...Each act... is worse than the last, but only a little worse. You wait for the next and the next. You wait for one great shocking occasion, thinking that others, when such a shock comes, will join you in resisting somehow. You don't want to act, or even talk, alone... you don't want to 'go out of your way to make trouble.' ...But the one great shocking occasion, when tens or hundreds or thousands will join with you, never comes. That's the difficulty. The forms are all there, all untouched, all reassuring, the houses, the shops, the jobs, the mealtimes, the visits, the concerts, the cinema, the holidays. But the spirit, which you never noticed because you made the lifelong mistake of identifying it with the forms, is changed. Now you live in a world of hate and fear, and the people who hate and fear do not even know it themselves, when everyone is transformed, no one is transformed. ...You have accepted things you would not have accepted five years ago, a year ago, things your father... could never have imagined."
Source: They Thought They Were Free, The Germans, 1938-45 (Chicago: University of Chicago Press, 1955)

What I think most people don’t realize - even those people who oppose czarist policies of search and seizure in the name of protecting ‘national security’ - is the very real trend of privacy-invasion occurring regardless of the current ‘war against terrorism’. For example, the relatively new computer science field of data mining could take the thousands of tiny scraps of information left behind by you in the digital world and compile a very disturbing picture. (see http://www.ipc.on.ca/english/pubpres/papers/datamine.htm#Final for more on data mining)

Consider the data compiler who could get your weekly grocery list through the local shopping store’s card, then turn around and sell that information back to big business - say, your employer or health insurance provider, who then raises your insurance rates or drops your policy all-together because you eat too many fatty foods like hamburgers and Hagen Daaz.

EZ Passes for highway and bridge tolls, along with a long trail of credit, debit, or checking card transactions, can already paint a good picture of where you go and what you do - to say nothing of extensive phone and internet records.

For those who have to subject themselves to piss-tests by their employeers, you might want to realize that handing over your urine is like signing over your personal medical history. And we’ve already seen hundreds of discrimination cases nationwide crop up over the past decade where companies misused the genetic information of their employees in an attempt to minimize their health coverage costs. (Imagine loosing your job because of a possible genetic predisposition to cancer, or any other number of ailments or afflictions that you might develop in the future!) Is anybody else getting this?

Some years ago, Supreme Court Justice William O. Douglas also provided us with a keen warning, which I think a nation of cattle should heed: “As nightfall does not come all at once, neither does oppression. In both instances, there is a twilight. And it is in such twilight that we all must be aware of change in the air - however slight - lest we become unwitting victims of the darkness."


-- Cherri (whatever@who.cares), July 04, 2002


The Price Quote of Freedom


Last time, we looked at the basics of selling a BSD-based system in your company. This time, I'll discuss using a price quote to back your proposal.

Many of us think of a price quote as something a vendor uses to tell you how much money he demands in exchange for a CD, a flimsy box, and a thin booklet translated from the original Sanskrit by a native Urdu speaker. These price quotes don't reflect the actual cost of the product, however. A person responsible for computer systems can use complete price quotes to make a decision. Price quotes can help solidify an argument before you even start talking to anyone.

Realize that this process might very well show that your preferred solution isn't cost-effective. In that case, seriously evaluate why you prefer that solution. Remember, your respectability and credibility is your only currency in selling solutions inside your company. Skewing your results will only cost you in the long run. If you cannot objectively quantify why your preferred solution is cost-effective, perhaps you should choose another solution.

First, list your desired functions. Suppose you need a firewall. You might require stateful packet filtering, Web caching, content inspection, and intrusion detection. Some Google searches will quickly give you a list of reputable products that have these functions. In this case, your list might include Firewall-1 or Gauntlet, RealSecure, or Network Flight Recorder, and BSD with IPFilter, Squid, and Snort.

Software cost is the easy part. Call up your local software vendor or the manufacturer and get a quote. Be sure to ask about the cost of updates to the software! Software updates can be a major portion of the cost. Many vendors will only provide them if you purchase a support contract. Be sure to ask the term of the agreement. Will you receive updates forever, or just for one year? If so, ask for a price on subsequent years.

Then you have hardware. One of free software's greatest advantages is its ability to run on obsolete hardware. You probably have a system in the back that would easily handle the load. Before you do this, think about why that system is on that shelf gathering dust. Did it have undiagnosed problems? They might be caused by hardware issues. If nothing else, you'll probably want a new hard drive that hasn't been run for months straight. How about the network cards? A surprising number of "high-end" systems have cheap network cards. For a network server you probably want some nice 3Com XL or Intel EtherExpress Ethernet adapters. If the motherboard has scorch marks, just start over.

All software comes with recommended minimums of hardware and operating system. Check software reviews and see if those recommendations are realistic. If the reviews recommend buying additional hardware, keep the review to document why you recommend this hardware.

Now that you know what sort of hardware you need, get a price on the operating system. Be sure to include the cost of upgrades! While Microsoft offers free patches, many vendors don't. In any event, you'll want to include the cost of upgrades to newer versions of the core OS.

The above is the easy part of a price quote. You then need to add the cost of your time.

Your time might seem cheap to you, but it isn't to your employer. He is paying you because your presence provides a certain dollar benefit. This is very different from (and much higher than) your salary; most of you reading this column require a desk, heat, light, air conditioning, sick days, health insurance, and so on. If you work in a stuffy, dark room without a desk or a chair, your employer is still paying for the floor space where you huddle and cough. Even if you're in an infrastructure position where you support the sales staff, your presence is part of his cost of doing business. He should have a good idea of what your time is worth per hour. Once you have a good quote for the rest of the material, ask your manager.

In many multi-tier organizations your manager will not know the hourly dollar value of your services. A reasonable guess is that your time is worth 2.5 times what you make in an hour. As your salary goes up this multiplier drops, but it's a good starting point.

Your free solution will take more time than the commercial one, unless you've completed an identical project before and already know every step in the process. Then comes the most difficult estimate of all: How much time will it take you to complete each project? The only way to estimate this is to break the job up into subcomponents. Here's a sample list of time estimates for installing a FreeBSD/IPFilter/Squid/Snort system.

assemble hardware: 4 hours

document installation requirements: 4 hours

install and patch operating system: 2 hours

configure system to support software: 4 hours

configure IPFilter: 4 hours

configure Squid: 8 hours

configure Snort: 4 hours

document IPFilter install: 4 hours

document Squid install: 4 hours

document Snort install: 4 hours

test: 8 hours

deploy in production: 4 hours

total: 54 hours

If my time was worth $50 an hour, I'd be asking for $2,700 in staff time to complete this. That's a significant investment. Add up the numbers for the other products on your list and see what you get.

Some of these times might seem high to you, while others are low. I always document time to gather hardware on the high end, for example. While you might only spend 15 minutes unpacking the freshly shipped server and lugging the empty carton to the trash, more often than not, you'll find yourself spending an hour looking for the PS/2 serial adapter that you recently saw in one of the drawers on the left side of one of the hardware rooms. How often do things go smoothly? As a general rule, I allow 2 hours for a "trivial" task.

Here, I allowed 4 hours apiece for Snort and IPFilter. I know these pieces of software very well, and can probably churn out suitable rules and exclusions in 30 minutes, tops. What if something goes wrong, however? Both of these packages are continually updated, and it's quite possible that I'll stumble across some new behavior that completely blows away my configuration. On the other hand, I don't know Squid as well. I'm allowing twice as much time to configure Squid. I wouldn't be too surprised if Squid soaked up some of the time I allocate to Snort and IPFilter, but I've tried to allocate enough time so that this doesn't happen. My goal is to be accurate, but error on the high side.

Some of these tasks might not be applicable to your environment. Perhaps you don't exhaustively test your systems, or you don't provide documentation. (If you don't document, you should; I'll talk about that some other time.) Also, times vary with your familiarity with the software.

Add up all your pieces, and you have a set of complete price quotes for your project. Which costs less?

Now that you have information, it's easy to create a list of the benefits of each package. Remember, the average manager doesn't consider "open sores" a benefit, and "free" is a suspicious word. Get benchmarks, if you can find them. Compare the benchmarks to your needs. Perhaps Gauntlet can handle 40,000 Web requests a second, and perhaps Squid levels off at 20,000. (These numbers are pulled out of thin air, and do not reflect reality in any way, shape, or form.) Compare these limitations to your needs. If you have 100 users, the chances of you hitting that 20,000 requests/second limit are nonexistent.

This honest appraisal can also help tell your manager exactly what it is they're buying. When you're later asked about some feature, you have documentation to show what you do and do not support. This can also be used as a "contract" between you and management. Worst case, a detailed, realistic price quote will enhance your image with your manager and within your company.


Michael Lucas lives in a haunted house in Detroit, Michigan with his wife Liz, assorted rodents, and a multitude of fish. He's the network architect for the Great Lakes Technologies Group, which is simply a nice way of saying it's all his problem.


-- (glove is thrown @ copy n paste.duel), July 05, 2002.

Choice of article and its contents would seem to indicate "glove is thrown" is either Stephen Poole or Flint. I wouldn't expect it of either of them, but... life is strange.

-- Little Nipper (canis@minor.net), July 05, 2002.

"A Nation of Cattle"!?

This language is an outrageous example of why Americans are universally detested. You are so ethno-centric that you don't even know that there is a country of one billion karmic souls who believe that cattle are holy.

Your insensitivity is appalling. This is worse than the condescending Mother Theresa. Indeed, you are an "ugly American".

-- (Pradeep@Bombay.bombs away), July 05, 2002.

Pradeep = Bigwavedave from timebomb

-- ethnocentrism (his@favorite.word), July 05, 2002.

My bad. Some people really do read all the shit.

-- Carlos (riffraff@cybertime.net), July 05, 2002.

Moderation questions? read the FAQ