There is one other thing too: If you can show (eventually) some significant contribution (not just bug fixes, etc) to a project, that gives you an additional point to sell your experience. There is a tremendous difference between "I fixed a few bugs in TuxRacer" and "I built an MRP module for LedgerSMB which is now used by over a thousand users." Obviously you can't do that at first, but at some point.....
One nice thing about this approach is you can pick something which leverages the skillset from your old career and provides something unique and useful based on your unique point of view. This sort of thing can also highlight why your old career should not be held against you.
A circular load bearing device where a bent-wood rim is suspended around a hub with wooden segments of equal length. This is useful as a method of facilitating the motion of wagons, chariots and the like. Optionally a metal (bronze or iron) rim can be placed around the wooden rim adding greater durability at the expense of weight.
Just to be clear. the numbered items were cuases of mismatches. A wildcard certificate gets rid of that problem but the misconfiguration I mentioned is still a source of such an error. Also generally if someone IS doing an MITM with a cert from the same TLD it is an inside job anyway. In general, that is the least of my worries (you know that the cert was issued to the same company at any rate).
The first thing to note is that SSL covers the host-to-host connection and is ignorant of higher-level protocols. There are a couple of things which can cause SSL mismatches:
1) SSL cert is set up to one hostname that the machine services, but site is on another. The SSL negotiation happens prior to the host headers being processed. This could be solved by browser controls (i.e. do a rDNS lookup on the cert's host and make sure it matches the IP you are connecting to), but this ends up causing other, more serious issues, because different sites on the same server could be controlled by different parties. Hence if you have a shopping cart, I could re-use your cert on my shared site on the same box, spoof your page, and steel credit card numbers. So the browser behavior is correct.
2) The SSL cert could have been accidently re-used (unlikely).
My general rule is that if the hostname's TLD matches with the cert (capitalone.com), but the most host-specific portion does not (servicing vs online banking), this is reasonably (though not completely) safe to ignore. Revoked certs should ALWAYS be treated with suspicion because you don't know why it was revoked. Expired certs.... Well, it depends. There are other things that can cause certs to be improperly shown as expired so that demands more careful consideration.
Generally the treatment for this sort of bit consists of corticosteroids which reduce the inflamatory response. This may have a role to play too, but it seems unlikely that after 20 years that corticosteroids themselves were the primary cause of the improvement.
However, my working thesis is that the loss of use of the legs in this case may have been cause by scar tissue pressing against the spinal cord. It seems to my mind that the necrotizing enzyme might be able to reduce this mass slightly, esp. when combined with the immune response, and that might be the cause for the initial improvement.
This doesn't mean that necrotizing enzymes should be injected into the bloodstream of folks such as him so that we can hope for an improvement, but it might mean that there might be new methods of treatment for such injuries that might come out of it. For example, if there is scar tissue in a place that is difficult to operate on, perhaps such an enzyme might be useful as a less invasive option?
I would hope that medical scientists are willing to pay the guy to do MRI's of his spinal cord (or if he has pins from surgery relating to the accident, some other methods), so that we can hopefully get an idea of what the actual cause of the recovery was.
The recluse's venomn iirc is an emzyme which starts to break down cell walls. Unfortunately, it tends to be aided by the inflamatory response to it, which is why treatment for systemic poisoning tends to involve corticosteroids.
This leads to two questions: 1) Could the enzyme have actually removed something that was interfering with weak functioning of the nerve? 2) Could the corticosteroid have provided some relief from something that was chronically inflamed, thus allowing some nerve function where there hadn't been before?
Either way, it suggest new directions for research.
Recluse spiders don't have nerve toxins, and the bites aren't as deadly as people suggest.
They have a necrotizing venom which breaks down cells around the bite (and sometimes can get into the bloodstream to cause more widespread damage). I think it is too soon to say what exactly the mechanism is here, but it seems quite interesting to me. It makes you wonder if the spider bite destroyed some scar tissue that was impinging on a nerve or something.
I think there might be some serious scientific possibilities to this sort of episode.
You know, it is funny. Over the last two years, I have taken on more technical challenges than I have at any other time in my life. This includes things like philological challenges as well as engineering ones. I believe I have made a couple of original discoveries regarding Old Norse literature. Although my aptitude with certain aspects of the material has gone downhill a bit, other aspects have more than made up for the difference and I am better at this than I was a decade ago. I seem to be discovering new things at a higher rate than I ever have in the past.
I think I am going to have to write a book looking at formuleics of Sigdrifumal and how it connects to other poems, archaeological inscriptions, and the like.....
Certain skills peak early. We know this. I know I am not as good at some sorts of tasks as I was at the age of 22 and I am only 32. However I am better at others. "How quickly can you process this information?" is something that peaks early. Memorization skills can also peak somewhat early. Interestingly, 22 would be the age where most Bacchelors' Degrees are issued, so I don't know if school might be a factor in that age breakdown. It would be interesting to add post-doc students to the sample and see if their reactions were different.
Personally I think that a big part of the issue is that our brains change how we process information as we age. So this may go well beyond environment. I am now studying harder than I have since I can remember (harder than I did in college), and reading over 150 academic books per year. One thing I am noticing though is that my ability to learn has changed. It hasn't diminished, but it has taken a different form.
Actually, I have had more luck with emails than with physical letters. Physical letters get delayed for an unreasonable time while they are quarantined, etc. Even then it is hard to get something to rise the the level of personal attention of the congressmen. There are ways to do this including responding with good information to a form letter and citing sources.
I expect another set of emails to go out this week over the ACTA issue.
In my experience, companies will spend on Linux what they think they can get out of it. I actually think the freedom that comes with open source provides opportunities (and job creation) in the IT sectors at the expense of other sectors. I.e. if you can hire consultants to optimize and automate so you can lay off a bunch of data entry folks, you very will might do that. If you can hire a couple of developers to help make sure everything always runs smoothly, that makes sense to do.
In the end, I think that Linux taking over will actually mean more IT jobs, and a greater role for IT within companies.
Well, for a 10TB database, PostgreSQL may (or may not) be perfectly capable, depending on what you need. Most certainly MS SQL is not capable if PostgreSQL isn't though. In that case, you can purchase Greenplum DB (proprietary extensions on PostgreSQL), Oracle, or DB2. I suppose Terradata would be an option too.
The question generally has to do with parallelism in queries and processing of results. PostgreSQL for all its strengths doesn't do any parallelism so if you are running through a 1TB table for a big aggregate, you are going to have to wait a while. With GreenPlum, Oracle, DB2, it can divide up parts of the query onto other nodes and then re-assemble, so that parts of the query run parallel.
What would be WAY cool would be an official compilation option for PostgreSQL to use distributed locking and parallel execution options in compilation but I wouldn't hold my breath.
I am actually far more worried about human safety stuff. You REALLY don't want to have satellites shining lethal lasers on mosquitos. The only justification for such a system is a battlefield weapons platform for use against soldiers (blinding, etc), or against high-flying aircraft. The atmosphere will distort the beam also making this sort of thing.... unusuable for disease control.
So if you have a ground-based system you still have a lot of safety issues, and limited utility. This is not a technology I would want to support.
The basic issue is that you have a laser system capable of reaching down into the atmosphere to kill things close to or on the ground. There are two basic problems:
1) That takes a LOT of power. If refueling the original star wars system was likely to be a problem, this is a million times worse. 2) Theoretically such a system could be revised to hit other targets. Who would control it? Suppose terrorists hacked it. Suppose the military co-opted it. All manner of bad things could happen with such a system. For example, imagine if you could blind even a small fraction of New Yorkers, especially those driving on the roads on rush hour.... The effect might be far worse than 9/11.....
I smell a cover for a new more powerful and destabilizing weapons platform in space. The thing simply can't be useful against mosquitos and the only real use I can see would be on the battlefield.
If you could make satisfactory arrangements with your spouse, would you be willing to work part time on web development from home in the evenings when your kids are young?
Are there things that can be done to allow more flexibility?
If you make paternity leave mandatory, that will help.
However, that only gets you so far. The other issue is whether a family decides that one parent will stay at home to manage the household and raise the kids or whether the kids get stuck in day care. My own thinking is that it is also important to provide more options for work for parents who choose to do this.
The simple fact is that having a career in software development is not incompatible with staying at home and raising kids. It is a lot easier when you can work at home, make arrangements with one's spouse as to some work time, etc.
My wife expects me to bring home a steady amount of money. So the deal is that she takes care of the kids during business hours, and I take care of them in the early morning and the evening.
For better or worse the man as bread-warden (OE Hlaefward -> Mod. Eng. lord) and the woman as bread-maker (OE Hlaefdige -> Mod. Eng. lady) are deeply entrenched in expectations of both genders.
Were it that simple. In practice, I think the following practices are best for security issues:
1) Within 1 week contact the individual that reported the bug and provide a timeline that a fix will be in place. 2) Within a month, unless there are mitigating factors, there needs to be a fix available, security advisories filed, etc. 3) 2 weeks after the initial patch, there needs to be a full disclosure email describng in detail the original issue as well as how to exploit it.
For most security bugs, though, I shoot for initial confirmation and estimation within 1-2 days, and a patch within a week (a simple oversight could be corrected within that first day, but sometimes we need to think through conceptual problems). The 7/30 day expectation gives some slack and avoids problems if something turns out to require deeper changes than expected.
This is based on the fact that one generally finds more robust patches when people aren't working under pressure to get something fixed within the day, and can think through it.
Look, if the person who makes the report feels we aren't being responsive, they can issue their own security advisory. Our policy is aimed at trying to ensure that everyone is on the same page and coordinated moving forward so that people are not at more risk than normal.
The last thing one wants to do is issue a statement like:
"Warning: We have discovered an arbitrary code execution vulnerability in the login screen. It can be exploited by the following method.... We are working on a fix." That serves nobody except the bad guys.
However there is a second case for some closed-door development. A few years ago, some PostgreSQL developers discovered a patent that IBM held over a caching mechanism that Pg used. So they replaced the caching mechanism before publicizing the problem. If you go around saying "Our software may infringe on a patent and may pose liability issues for the user" that isn't good either because now every user might be guilty of WILLFUL infringment including treble damages.
Beyond those sorts of cases though, I agree with you. There are some LIMITED exceptions to the transparency rule, but they need to be kept as limited as possible.
I think it is important to keep lots of communication between end users and developers, but htis needs to be appropriately partitioned.
End users don't need to see technical discussions of bugs. These don't belong on a -users list. They do need an opportunity to provide feedback on feature requests, etc. and these should be discussed on the -users list.
Also a few bugs really should be hidden from the public. Security or other sensitive issues ought to be discussed behind closed doors among the core deveopers. These should then be discussed publically AFTER fixes are available in release versions. However, this should only be the case where public discussion can put the project at risk (security exploits, patent search results, etc).
Slashdot Mirror
There is one other thing too: If you can show (eventually) some significant contribution (not just bug fixes, etc) to a project, that gives you an additional point to sell your experience. There is a tremendous difference between "I fixed a few bugs in TuxRacer" and "I built an MRP module for LedgerSMB which is now used by over a thousand users." Obviously you can't do that at first, but at some point.....
One nice thing about this approach is you can pick something which leverages the skillset from your old career and provides something unique and useful based on your unique point of view. This sort of thing can also highlight why your old career should not be held against you.
If it was an MITM attack it would have been an inside job. I think it is more likely to be human error in this case than malice.
A circular load bearing device where a bent-wood rim is suspended around a hub with wooden segments of equal length. This is useful as a method of facilitating the motion of wagons, chariots and the like. Optionally a metal (bronze or iron) rim can be placed around the wooden rim adding greater durability at the expense of weight.
Just to be clear. the numbered items were cuases of mismatches. A wildcard certificate gets rid of that problem but the misconfiguration I mentioned is still a source of such an error. Also generally if someone IS doing an MITM with a cert from the same TLD it is an inside job anyway. In general, that is the least of my worries (you know that the cert was issued to the same company at any rate).
The first thing to note is that SSL covers the host-to-host connection and is ignorant of higher-level protocols. There are a couple of things which can cause SSL mismatches:
1) SSL cert is set up to one hostname that the machine services, but site is on another. The SSL negotiation happens prior to the host headers being processed. This could be solved by browser controls (i.e. do a rDNS lookup on the cert's host and make sure it matches the IP you are connecting to), but this ends up causing other, more serious issues, because different sites on the same server could be controlled by different parties. Hence if you have a shopping cart, I could re-use your cert on my shared site on the same box, spoof your page, and steel credit card numbers. So the browser behavior is correct.
2) The SSL cert could have been accidently re-used (unlikely).
My general rule is that if the hostname's TLD matches with the cert (capitalone.com), but the most host-specific portion does not (servicing vs online banking), this is reasonably (though not completely) safe to ignore. Revoked certs should ALWAYS be treated with suspicion because you don't know why it was revoked. Expired certs.... Well, it depends. There are other things that can cause certs to be improperly shown as expired so that demands more careful consideration.
You have a point.
I think the girl in the Novell Youtube Mac/PC/Linux commercials is the best spokesman ;-)
In another post I noted this.
Generally the treatment for this sort of bit consists of corticosteroids which reduce the inflamatory response. This may have a role to play too, but it seems unlikely that after 20 years that corticosteroids themselves were the primary cause of the improvement.
However, my working thesis is that the loss of use of the legs in this case may have been cause by scar tissue pressing against the spinal cord. It seems to my mind that the necrotizing enzyme might be able to reduce this mass slightly, esp. when combined with the immune response, and that might be the cause for the initial improvement.
This doesn't mean that necrotizing enzymes should be injected into the bloodstream of folks such as him so that we can hope for an improvement, but it might mean that there might be new methods of treatment for such injuries that might come out of it. For example, if there is scar tissue in a place that is difficult to operate on, perhaps such an enzyme might be useful as a less invasive option?
I would hope that medical scientists are willing to pay the guy to do MRI's of his spinal cord (or if he has pins from surgery relating to the accident, some other methods), so that we can hopefully get an idea of what the actual cause of the recovery was.
The recluse's venomn iirc is an emzyme which starts to break down cell walls. Unfortunately, it tends to be aided by the inflamatory response to it, which is why treatment for systemic poisoning tends to involve corticosteroids.
This leads to two questions:
1) Could the enzyme have actually removed something that was interfering with weak functioning of the nerve?
2) Could the corticosteroid have provided some relief from something that was chronically inflamed, thus allowing some nerve function where there hadn't been before?
Either way, it suggest new directions for research.
Recluse spiders don't have nerve toxins, and the bites aren't as deadly as people suggest.
They have a necrotizing venom which breaks down cells around the bite (and sometimes can get into the bloodstream to cause more widespread damage). I think it is too soon to say what exactly the mechanism is here, but it seems quite interesting to me. It makes you wonder if the spider bite destroyed some scar tissue that was impinging on a nerve or something.
I think there might be some serious scientific possibilities to this sort of episode.
You know, it is funny. Over the last two years, I have taken on more technical challenges than I have at any other time in my life. This includes things like philological challenges as well as engineering ones. I believe I have made a couple of original discoveries regarding Old Norse literature. Although my aptitude with certain aspects of the material has gone downhill a bit, other aspects have more than made up for the difference and I am better at this than I was a decade ago. I seem to be discovering new things at a higher rate than I ever have in the past.
I think I am going to have to write a book looking at formuleics of Sigdrifumal and how it connects to other poems, archaeological inscriptions, and the like.....
Certain skills peak early. We know this. I know I am not as good at some sorts of tasks as I was at the age of 22 and I am only 32. However I am better at others. "How quickly can you process this information?" is something that peaks early. Memorization skills can also peak somewhat early. Interestingly, 22 would be the age where most Bacchelors' Degrees are issued, so I don't know if school might be a factor in that age breakdown. It would be interesting to add post-doc students to the sample and see if their reactions were different.
Personally I think that a big part of the issue is that our brains change how we process information as we age. So this may go well beyond environment. I am now studying harder than I have since I can remember (harder than I did in college), and reading over 150 academic books per year. One thing I am noticing though is that my ability to learn has changed. It hasn't diminished, but it has taken a different form.
but I voted for Obama because he was promising the least amount of change.
Actually, I have had more luck with emails than with physical letters. Physical letters get delayed for an unreasonable time while they are quarantined, etc. Even then it is hard to get something to rise the the level of personal attention of the congressmen. There are ways to do this including responding with good information to a form letter and citing sources.
I expect another set of emails to go out this week over the ACTA issue.
What? After they already settled on HURD as the platform of choice?
In my experience, companies will spend on Linux what they think they can get out of it. I actually think the freedom that comes with open source provides opportunities (and job creation) in the IT sectors at the expense of other sectors. I.e. if you can hire consultants to optimize and automate so you can lay off a bunch of data entry folks, you very will might do that. If you can hire a couple of developers to help make sure everything always runs smoothly, that makes sense to do.
In the end, I think that Linux taking over will actually mean more IT jobs, and a greater role for IT within companies.
Well, for a 10TB database, PostgreSQL may (or may not) be perfectly capable, depending on what you need. Most certainly MS SQL is not capable if PostgreSQL isn't though. In that case, you can purchase Greenplum DB (proprietary extensions on PostgreSQL), Oracle, or DB2. I suppose Terradata would be an option too.
The question generally has to do with parallelism in queries and processing of results. PostgreSQL for all its strengths doesn't do any parallelism so if you are running through a 1TB table for a big aggregate, you are going to have to wait a while. With GreenPlum, Oracle, DB2, it can divide up parts of the query onto other nodes and then re-assemble, so that parts of the query run parallel.
What would be WAY cool would be an official compilation option for PostgreSQL to use distributed locking and parallel execution options in compilation but I wouldn't hold my breath.
Not to mention, the espionage capabilities of system capable fo targetting a mosquito from space would be quite impressive.
But otherwise, what of human safety issues? I think there are plenty of those sorts of issues with this sort of system.
I am actually far more worried about human safety stuff. You REALLY don't want to have satellites shining lethal lasers on mosquitos. The only justification for such a system is a battlefield weapons platform for use against soldiers (blinding, etc), or against high-flying aircraft. The atmosphere will distort the beam also making this sort of thing.... unusuable for disease control.
So if you have a ground-based system you still have a lot of safety issues, and limited utility. This is not a technology I would want to support.
The basic issue is that you have a laser system capable of reaching down into the atmosphere to kill things close to or on the ground. There are two basic problems:
1) That takes a LOT of power. If refueling the original star wars system was likely to be a problem, this is a million times worse.
2) Theoretically such a system could be revised to hit other targets. Who would control it? Suppose terrorists hacked it. Suppose the military co-opted it. All manner of bad things could happen with such a system. For example, imagine if you could blind even a small fraction of New Yorkers, especially those driving on the roads on rush hour.... The effect might be far worse than 9/11.....
I smell a cover for a new more powerful and destabilizing weapons platform in space. The thing simply can't be useful against mosquitos and the only real use I can see would be on the battlefield.
question:
If you could make satisfactory arrangements with your spouse, would you be willing to work part time on web development from home in the evenings when your kids are young?
Are there things that can be done to allow more flexibility?
Last time I checked women were more likely to be of average IQ than men, while more men had either very low or very high IQ's.
So the statement about more men having low IQ's is probably valid, but then so is the converse about more men being geniuses.....
I agree 100%.
If you make paternity leave mandatory, that will help.
However, that only gets you so far. The other issue is whether a family decides that one parent will stay at home to manage the household and raise the kids or whether the kids get stuck in day care. My own thinking is that it is also important to provide more options for work for parents who choose to do this.
The simple fact is that having a career in software development is not incompatible with staying at home and raising kids. It is a lot easier when you can work at home, make arrangements with one's spouse as to some work time, etc.
My wife expects me to bring home a steady amount of money. So the deal is that she takes care of the kids during business hours, and I take care of them in the early morning and the evening.
For better or worse the man as bread-warden (OE Hlaefward -> Mod. Eng. lord) and the woman as bread-maker (OE Hlaefdige -> Mod. Eng. lady) are deeply entrenched in expectations of both genders.
Were it that simple. In practice, I think the following practices are best for security issues:
1) Within 1 week contact the individual that reported the bug and provide a timeline that a fix will be in place.
2) Within a month, unless there are mitigating factors, there needs to be a fix available, security advisories filed, etc.
3) 2 weeks after the initial patch, there needs to be a full disclosure email describng in detail the original issue as well as how to exploit it.
For most security bugs, though, I shoot for initial confirmation and estimation within 1-2 days, and a patch within a week (a simple oversight could be corrected within that first day, but sometimes we need to think through conceptual problems). The 7/30 day expectation gives some slack and avoids problems if something turns out to require deeper changes than expected.
This is based on the fact that one generally finds more robust patches when people aren't working under pressure to get something fixed within the day, and can think through it.
Look, if the person who makes the report feels we aren't being responsive, they can issue their own security advisory. Our policy is aimed at trying to ensure that everyone is on the same page and coordinated moving forward so that people are not at more risk than normal.
The last thing one wants to do is issue a statement like:
"Warning: We have discovered an arbitrary code execution vulnerability in the login screen. It can be exploited by the following method.... We are working on a fix." That serves nobody except the bad guys.
However there is a second case for some closed-door development. A few years ago, some PostgreSQL developers discovered a patent that IBM held over a caching mechanism that Pg used. So they replaced the caching mechanism before publicizing the problem. If you go around saying "Our software may infringe on a patent and may pose liability issues for the user" that isn't good either because now every user might be guilty of WILLFUL infringment including treble damages.
Beyond those sorts of cases though, I agree with you. There are some LIMITED exceptions to the transparency rule, but they need to be kept as limited as possible.
I think it is important to keep lots of communication between end users and developers, but htis needs to be appropriately partitioned.
End users don't need to see technical discussions of bugs. These don't belong on a -users list. They do need an opportunity to provide feedback on feature requests, etc. and these should be discussed on the -users list.
Also a few bugs really should be hidden from the public. Security or other sensitive issues ought to be discussed behind closed doors among the core deveopers. These should then be discussed publically AFTER fixes are available in release versions. However, this should only be the case where public discussion can put the project at risk (security exploits, patent search results, etc).