> Also, why would GET & POST requests be involved in security?

If you have to ask that question, please don't apply for a job with me.

It depends on what I'm looking for. One excellent place is the support forum for your favorite Linux or BSD distro. I'll go to the OpenSuSE or CentOS forum, for example, and ask: "has anyone tried this with a Dell Poweredge?" I get some really good responses from people who use my software, on similar hardware.

I Google, too, but I did have to learn to recognized the obvious junk sites. Far more useful to me are the user reviews at the Websites that sell the equipment. It's really not that hard to sort out the useless reviews from the good ones.

By the way, you people who reflexively dump on Slashdot all the time ... I don't know who you're trying to impress with your smug sense of superiority. I have also picked up plenty of good tips here, some of which have saved my bacon and made me look good. :)

Once again, you have to overlook the cruft and the off topic rants -- same as in any other public forum -- but there are some nuggets buried in here. Slashdot has a very eclectic mix of geeks and other professionals with a wide range of experience.

> MarkLogic's NoSQL managed to land a giant lucrative contract for the venture capitalists ...

+24 insightful and informative. This.

Here's another angle on it. Haven't you ever wondered why everything associated with the government takes longer and costs more?

I once worked with a guy who did government contracts all the time. He said, "you deliberately underbid* to make sure you get the deal. Just be sure to put a clause in there protecting yourself when the government (which is Rule By Committee, remember) makes changes. After you get the contract, you KNOW the government will make changes. You can charge whatever you want and take as long as you want."

* he also said, and I quote: "and you buy the people making the decision a bunch of hookers and get them drunk." Basically his exact words. You'd probably have to update that now to a government that includes many females in management positions, but you get the idea. :)

> Flat out it's a failure of leadership to have this many cooks in the kitchen

And remember, when you're dealing with bureaucrats (and I fully agree that they're the same, private sector or government), they're covering their butts. They do everything by consensus and committee meeting. No one wants to stick his or her neck out.

So, for example, when they were designing the ACA Website: Even though I wasn't there and have no direct information on this, I would bet you any amount you want to name that I KNOW what happened. First, a committee got together and decided (after weeks and weeks of discussion) what the main page should look like. "We need a smiling face!" Then, they spent MORE weeks (if not months) vetting images and tweaking things just to make that smiling face appear as they thought it should. They would have suggested a zillion changes.

In this particular case, knowing how a government agency works, I can guess what happened at the IRS. Middle-to-upper management is judged primarily on case counts: how many cases they turn out. If there's a backlog, they get scolded. Since (as I noted elsewhere) there are many employees who don't do much work, the relatively few who do are pressured to turn out more and more cases. "Security" to them means, "do only as much as I have to to satisfy this hornet who is yelling at me. Just enough to make them go away. Whatever."

> For the 0.3% of Americans that were paying for inadequate coverage ...

We're getting off topic here (I'm tired of Obamacare arguments myself), but according to the latest Congressional Budget Office figures, the eventual number who will lose plans because they don't meet ACA standards will be anywhere from 50-100 million. That's considerably more than .3%.

Provide a believable, authoritative cite for your figures.

> The only means of preventing incompetence and corruption is the rigorous application of transparency and accountability.

And you're right, middle management in the US bureaucracy fights this tooth and nail. Their natural inclination is to go after the whistleblower for "rocking the boat."

Another true story: guy was a middle manager, had been there for years. Did virtually no work. Sat at his computer and played Solitaire for an hour or so, then went down and smoked his pipe for an hour or so. Came back up and played more Solitaire.

If his division manager tried to yell at him, he would just grin. He knew they'd never go to the trouble of firing him, and besides, he knew enough dirt on some of those who might try to do so, it would get ... messy. He didn't care.

I remember reading a quote from a Soviet defector years ago. He said that the KGB actually LIKED it when you had a few skeletons in the closet, because they'd have a way to control you. They hated an idealistic, squeaky-clean person.

I'd like to believe our government hasn't reached that point, but some of the stories I've heard honestly make me wonder.

> The US government - which in its current form has led the world's leading/only superpower for over a century - is "incompetent?"

Yes. The fact that you can point to other governments that are worse don't make me feel any better. I can be shot by a bow and arrow or a .45, either way, it's really gonna hurt and I'll probably be dead. You could argue that the bow isn't quite as bad, but that's small consolation to the one being ventilated. (I.e., me.)

Any large organization will be corrupt. (That's the answer to those who inevitably -- invariably -- answer a post like this with, "but .. but ... big business is worse!") It is the nature of the beast. And if you then make it to where that large beast cannot easily purge itself of that incompetence, well, you really have a problem then.

That's where we're at now.

Only people who've never had to deal with the government OR a large business to resolve a problem think that either is competent. :)

Other side of the coin: I once had a problem with my state (Alabama) income tax. I was able to speak directly with the person who was working my case, by phone, and we ironed it out in short order. Problem solved.

There is no way I would attempt to do the same with the IRS without at least three lawyers and two CPAs behind me.

> So the punishment for not securing taxpayer data is... nothing? So why bother fixing anything?

Exactly. It is very, very difficult to fire someone who works for the Federal Government. One case that I knew of: there was this woman in a wheelchair who pinched butts, stole things from the cafeteria (in plain sight, right in front of everyone) and did so little work they had to search for it with microscopes. True story. They had to apply to the regional office in Atlanta, have several hearings, go through several "counseling sessions," and finally, after about A YEAR ... this worthless piece of flotsam was terminated.

Then she sued them for discrimination and they were tied up for another year in court. She lost, of course, but it cost time and money.

Ergo: the strong inclination, when you have incompetents, is just to leave them in place. If they're doing too much damage, you try to transfer them to where they can't do as much harm. Barring that, if you think it'll work at all, you PROMOTE them. (Again: true stories. I'm not kidding.)

So ... now you end up with incompetents in middle management. The problem gets worse.

Rinse. Repeat until the entire building is like a M.A.S.H. episode, with a few who will actually do their jobs, and who can only stay sane by either taking drugs or joking about it incessantly.

(And in real life, by the way, if you're not careful, such "joking" will actually result in counseling and a reprimand.)

I am not kidding. There is no hyperbole in the above. Re-read it and let it nourish your brain. There's at least part of your answer.

(The other parts are so unpalatable -- such as outright nepotism and granting favors to friends and supporters -- that I shall spare you.)

OK, let me try one more time. I knew what I wanted to say in my fevered brain, but it came out badly. The key word I wanted to use was CLEANLINESS.

I mentally compared my wife's experience in this small operating room to surgery that she had many years ago at a large hospital in Birmingham, AL. The large hospital was an assembly line. Literally. The next patient was rolled into the operating room as the previous one was being rolled out. They cleaned between procedures, but it wasn't hard to imagine people getting tired and "missing a spot."

In that environment, no wonder they need prophylactic antibiotics ... and no wonder the bacteria eventually develop resistance.

Likewise in agriculture. When you're cramming chickens and cattle into cages and allowing them to live in their own filth, they WILL get sick. So, once again: tons of antibiotics, and no wonder the bacteria become resistant.

The doctor that I mentioned who ran his own operating room did NOT use prophylactic antibiotics unless he thought it was a high-risk case. He controlled infection with tons of chlorine bleach and autoclaves. He and his staff checked each other during wash-up before and between procedures.

Ergo: with a few simple, common-sense procedures, he is able to use a fraction of the antibiotics as the big hospitals, with a very low post-operative infection rate.

There. Now I'm off to work again. :)

> Polysporin contains antibiotics ...

Of course, I know that. But thanks, anyway. :)

I should have been more specific; I think you missed my point. The use of Polysporin (or Neosporin, or similar over the counter antibacterials) isn't comparable to the prophylactic use of oral or injected antibiotics. Polysporing is a topical antibacterial/antibiotic that isn't taken internally. It's comparable to using Betadine or the old Mercurichrome(sp?) that we used to use as kids.

> If this is a threat that "should be ranked alongside terrorism" then I'm not even going to waste my time reading about it.

I agree. We have Godwin's Law to invoke on those who make comparisons to Nazis, it's time to craft a law or people who invoke terrorism.

Look: antibiotic resistance is a serious problem. I've argued for years against the prophylactic use of these drugs in agriculture. No disagreement there.

But my wife has had surgery now -- twice -- and both times she remained infection free, even though she was not prescribed antibiotics. How? She had the surgery in a private clinic, not a public hospital. This particular doctor runs his own operating theater and personally ensures that everything is sterilized between procedures. It's squeaky-clean. (And actually, it cost LESS than going to a big-brick hospital.)

To keep infection off of the wound after the surgery, we were simply told to keep it clean, to change the bandages, and to at most use Polysporin. If we saw signs of infection, THEN the doctor would prescribe antibiotics.

Again: yes, it's a serious problem. We need to work on it. But this pandemic, "worse than terrorism" stuff is a little over the top.

> You will save far more by actually understanding the tax law, and restructuring your financial life to take advantage of that knowledge.

I agree, but to be fair to the parent poster, a good tax accountant and/or financial counselor will offer advice specifically targeted to you and your needs.

We have a guy on one of our talk stations here in Birmingham who shares all sorts of tips to save money like that, things I never would have thought of. For example:

1. Buy a stock that you expect to decrease in value in the short term, but to make money in the long term. You pay, say, $10,000.

2. It drops to $5,000. Sell, you can mark off the $5,000 loss on your taxes.

3. Wait 30 days, then take that $5,000 and buy the same stock again. You can still take the $5,000 loss, but if (when) the stock finally appreciates, you make money there, too. :)

He calls it "tax harvesting." I'd never heard of such a thing, but then, I ain't that sophisticated. :)

I've been using OpenSuSE since the 9.0 era. I had tried it prior to that and found it unusable on my system simply because it defaulted to some gosh-awful resolution. The icons were the size of fly specs. I didn't have time to figure out how to fix it, so I went back to my old OS. They fixed this in the 9.0 release and I've used it ever since.

One of SuSE's key features, whether you're using the community version or the paid/enterprise release, is the configuration tool (YAST, "Yet Another Setup Tool"). That thing is worth its weight in gold. It presents the same configuration options whether you're logged into a GUI or text-based via SSH. Sure, the latter is NCurses-based, but everything is where I expect it. I have been absolutely spoiled by that thing. It's the # 1 thing that I miss when I go to something else.

Red Hat, for example, while excellent and rock-stable, leaves me using command line tools for configuration when I'm in a secure shell. They've been reducing the utility of those tools (or eliminating them entirely) with each successive release, too. Plus, I don't completely trust ANY "easy-to-use" tools, but insofar as I've been able to confirm, SuSE wins.

(Example: the 5.x releases from CentOS -- I'm told that this was true with RHEL as well, of course -- would automatically open some ports in the firewall without telling you ... most notably, CUPS. I hate to dump their "system-config-securitylevel-tui" tool and do it myself. Good thing I always run an "iptables --list" before I expose something to the Internet at large ...)

YAST, YAST, YAST for me. Love it. I realize that a lot of this is just what you get used to, but I'm used to it, and I love it. :)

> I'd really like to find a place I could get pure gasoline.

Ask around, do some Web searches. Here in central Alabama, there are a few stations that offer it at a higher price (about 10-20c per gallon). There's a Valero station at my Interstate exit that sells pure gas, no alcohol.

I don't program for a living anymore, and I've always been more of a system-level, hardware driver kind of guy, so C/C++ work fine for me.

But especially coming from that background, my need isn't for another programming language, it's for better documentation of available libraries. For any common task that I want to do, somebody has probably written a great library that I can just strap in and use.

The problem is when I start trying to use it. The documentation has blank "TBD" pages, or really helpful comments like, "init_lib() -- initializes the library. You can specify the # of flickers per bleem ..."

Or ... and this is my 2nd favorite ... the documentation is out of date. "Hey, I tried to do this the way your tutorial said and it didn't work?" "Oh, yeah, that tutorial is out of date; we've changed some stuff ..."

My very most #1 favorite is automatically generated documentation that looks at (for example) a C++ class and then creates an HTML page. I might as well just look at the source code ... hoping, of course, that the people who wrote that source actually inserted more than a few, "does what it says" comments. Or that I don't have to play the Spaghetti Trace(tm) game, bouncing from one .c file to another .h file and back to a third .c (and this is after repeated greps in the "src" directory) to try to figure out what's happening to my poor variable while it's inside a function.

Not criticizing FOSS, per se; I understand that it's written by volunteers (for whom I'm very grateful). But this, rather than needing a new way to "PRINT" or "SORT" in a programming language, is the far bigger problem, in my book.