Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Better avenues that public disclosure (Score 4, Insightful) 230

There are a few avenues I don't hear people talk much about using, which I think would be far more effective and appropriate, without the ethical issues of public disclosure (which I think is rarely ever justified). I'd strongly urge anyone to exhaust all these avenues before even considering the typical public disclosure of a flaw's vulnerabilities. I have a hard time thinking of ANY circumstance in which it would be ethical to publicize an unfixed flaw before there is clear evidence someone else is already exploiting it.

  1. 1. Try to notify technical contacts, who can most efficiently and cheaply understand and fix the problem, with the least embarrassment or hassle.
  2. 2. Notify the legal department, outside counsel, accountants or auditors. They are responsible for dealing with risks to the company, and to certifying proper controls over financial or customer information.
  3. 3. Try to notify executive management directly.
  4. 4. Contact government and other regulatory or certifying bodies, such as PCI (for anyone handling credit cards), SEC (for public companies), FTC, Better Business Bureau, Chamber of Commerce, etc.
  5. 5. Report it to CERT.
  6. 6. If you're a customer, (politely) threaten to take your business elsewhere (or actually do it), or have your attorney send them a letter threatening to sue for putting your information or money at risk. You could threaten to make it a class action too. (Note that you'd need to be an affected customer to have standing to sue.)
  7. 7. Any public disclosure you may be tempted to make, go through a news organization, who will verify the information, contact the company for comment, and weigh the ethical pros and cons of how to tell the story effectively without revealing so much information as to do harm. Some "on your side" segments on local TV news might work well for this.
  8. 8. If you want to publish or comment publicly yourself, consult your attorney, and limit yourself to saying that there is a vulnerability, but not any details about it. But you can particularly publicize the company's (non-)response to it.
  9. 9. If you can document that someone else is already exploiting the flaw, you could report on the exploitation that's occurring, without being the one to expose the vulnerability.
  10. 10. And of course once the flaw is fixed, you could discuss it more widely as well.

(IANAL)

Comment: Always annoyed me but... (Score 1) 425

by matthewv789 (#48971367) Attached to: One Man's Quest To Rid Wikipedia of Exactly One Grammatical Mistake

I've known for many years that "comprise" (usually used as "comprised", "comprises", or "comprising" depending on context) means the same as "composed of", so that "comprised of" means "composed of of" which is ridiculous.

BUT, this has been so heavily misused for so long, and increasingly even in respectable publications that should know better and by otherwise skilled and educated writers, that I'm starting to give up. Not to the point of ever saying "comprised of" myself, but to the point of not bothering to correct anyone who does. These days, "composed of" is starting to become a rarity, as is "comprised" on its own, so I'm starting to see "comprised of" as the most commonly accepted usage. Not willingly, but I don't have much choice.

Comment: Re:Choose a CMS you like (Score 1) 302

by matthewv789 (#48879593) Attached to: Ask Slashdot: Has the Time Passed For Coding Website from Scratch?

This is a great point - a site templating system generating static HTML is a great way to go for sites which don't need user logins or customized content - which in my experience is the vast majority of them. Some advantages compared to a CMS or framework:

  • - FAST. Like, the whole site is 100% cached, all the time. Loading a static HTML file is way faster than running even the simplest PHP (even just loading PHP and parsing an HTML file with no actual PHP to run in it...). (And especially fast if the web server is running nginx instead of Apache httpd)
  • - Low server resources (orders of magnitude less CPU/memory usage than even plain PHP, let alone some heavy database-driven CMS like Drupal). Way less need for multiple servers, load balancing, etc.
  • - Compatible: just upload the HTML files, CSS/JS files, images, etc to the server. Doesn't need to "run" anything except serving up static files.
  • - No security issues (other than bad Javascript or the web server itself): there's nothing to hack, and if someone were to hack the web server itself, restoring the site is as easy as re-uploading the files (all of which can be maintained in version control like git).
  • - No update worries. If you happen to want to update the generator software for new features or fewer bugs or faster compiling or whatever, great, but if it's working for you, no need. Running an old version won't affect speed, security or bugginess of the site itself.
  • - Testable and deployable: update on your local or a test server, and deploying it all EXACTLY to the live server is just a git pull away. WAY faster and easier than deploying Drupal or WordPress changes between environments.

Some of these issues are overlooked when moving to a CMS, and end up eating up a lot of time and money throughout the life of the site.

And compared to hand-writing every page of HTML you get all the benefits of templating and re-usable structured content displayed in different ways in different parts of the site that CMSs give.

Comment: Re:Now all they need to do... (Score 1) 138

by matthewv789 (#47965631) Attached to: New MRI Studies Show SSRIs Bring Rapid Changes to Brain Function

Very good answer. In the case of SSRIs, the brain's reaction, its developing tolerance to the dosage, is exactly how the beneficial effects for anxiety and depression occur. And this physical adaptation takes about two weeks. But it happens by initially introducing something that's pretty uncomfortable, essentially making the problem worse (increasing anxiety, agitation and nervousness) until the brain has a chance to adapt (in this case by making serotonin receptors less sensitive, recessing them into the cell wall or whatever specifically they do).

(And the other beneficial effects - feeling happier and more confident - come over time, weeks, months, years, as a result of being less sensitive.)

And you're right, it's a good question what happens after it's withdrawn. And the answer is usually that eventually the depression comes back.

You're also spot on about the oversimplification and denial and misunderstanding of how they work, and that's lead to all kinds of problems, like all the confusion over "if they make you happier, how can they increase suicide?" question, which is no mystery at all, and even expected, when you understand how they work.

Comment: Re:Interesting (Score 1) 138

by matthewv789 (#47962805) Attached to: New MRI Studies Show SSRIs Bring Rapid Changes to Brain Function

No, you sound normal, that's how they work. The first week is the worst, it gets better after that. But SSRIs are totally the opposite of addictive drugs, they don't give anything resembling immediate pleasure (in fact they can be somewhat to very uncomfortable for a while), and only benefit after weeks or months of use. They're basically giving you constant anxiety and nervousness - which is bad, except that it forces your brain to adapt by making the serotonin receptors less sensitive (which takes about two weeks). After that happens, things get better (for many patients), because their problem in the first place was being over-sensitive to normal everyday serotonin stimuli (which, unlike the drug, is periodic and based on events or situations, not constant) - that is, oversensitive to situations which made them nervous and whatnot. Now that the brain is less sensitive (so it can't hear the constant buzzing drone of the SSRI), it's also much less sensitive to those other stimuli too. It still may take months to years to not only notice this but start modifying behavior based on it (being less afraid), then feeling better about yourself because of what you've accomplished, how you're not afraid any more, made more friends, etc.

But even after that, there may still be this subtle sense of "buzzing" from the SSRI, as well perhaps as a sense of emotional numbness. Neither are very pleasant, so the temptation to stop taking them after a while can be pretty high, though maybe they're both just signs you're getting a higher dose than you need.

Comment: Re:Now all they need to do... (Score 1) 138

by matthewv789 (#47962783) Attached to: New MRI Studies Show SSRIs Bring Rapid Changes to Brain Function

SSRIs can increase suicidal tendencies when initially starting treatment. This is because SSRIs improve motivation before mood,

I am actually 100% sure this is not the reason, that's just the BS response idiot psychiatrists and hopeful medical researchers who have never taken an antidepressant in their life made up.

I never once experienced any change in motivation immediately after starting antidepressants (which I've done several times in my life). What I DID experience a change in, every time, was an increase in anxiety, agitation, and nervousness. More or less the symptoms I already had from feeling anxious, scared and depressed. And that's because the way these drugs work is to basically make the whole thing worse, forcing your brain to adapt, which takes about two weeks (the receptors for serotonin recess and deactivate). It's sort of like the SSRI turns on a loud noise, and over the course of a couple of weeks, the brain turns down the input volume control until it's inaudible again. And after that, the various normal everyday situations which would have made an oversensitive person react negatively or fearfully, are now also too "quiet" for that person to notice (now that the "volume" has been turned down).

And SOME SSRI's have a pretty severe withdrawal effect - Paxil is probably the worst, I don't think it should be prescribed to anyone, it's absolute hell to get off of, even trying to taper very gradually. Probably best to just go cold turkey and know you're going to suffer horribly for a week or so, rather than drag it out and suffer for months. It has to do with its extremely short half-life. Prozac, on the other hand, with a half life many times as long, does not have that problem. If you're going to take an SSRI, get fluoxetine (prozac) - which is generic now anyway, not to mention about the oldest and most tested of the SSRIs. Only try another if Prozac doesn't work for you or has intolerable side effects after a few months of taking it.

Comment: Not surprising (Score 1) 138

by matthewv789 (#47962767) Attached to: New MRI Studies Show SSRIs Bring Rapid Changes to Brain Function

Yes, whenever I started taking antidepressants I could feel SOMETHING happening within a few hours, so that's not a surprise. But as others have said, the depression doesn't lift for a while - weeks to months. In fact, the nervousness and anxiety gets worse than ever for the first week. (No surprise that suicide is common soon after starting them.)

I think the reason is that at least some kinds of depression (anxious depression) are like having over-sensitive ears, and being bothered by the random noises that occur in daily life, which make us fearful and easily hurt, and hence we avoid certain kinds of situations, taking chances, socializing, etc.

SSRIs are like turning on a loud, steady noise, which at first overwhelms those sensitive ears, making us even more uncomfortable. But after a while, the body adjusts, and the ears become less sensitive, effectively turning down the volume until the loud noise is barely noticeable. After that, all the little, random noises that happen throughout the day are also barely audible. And those background noises were what was making us nervous before, but now that we can't hear them, they don't. (Of course I'm not talking about actual noises, that's just an analogy, but rather anxious/emotional/fear-based stimuli.) This process of physical adjustment takes about two weeks. (A number which has been validated directly in other experiments on how quickly the brain adapts by changing receptors. In this case, the receptors for serotonin recess into the cell wall and deactivate - the "turning down the volume", making them less sensitive to stimuli.)

Then, after we're no longer extra sensitive, we start taking more chances, being bolder and more outgoing (maybe without realizing it), because we stop anticipating the fear and hurt of rejection or failure. And after a while, we realize we can actually achieve things, have friends, be confident... and that's when we start feeling good about ourselves. This process can take months or years.

Comment: Re:Batteries? Seriously? (Score 3, Interesting) 491

by matthewv789 (#47869383) Attached to: To Really Cut Emissions, We Need Electric Buses, Not Just Electric Cars
Seattle used to have busses with both pantographs and diesel engines. In the transit tunnel, they'd connect to the wires and go all-electric. When the left and drove on city streets, they'd lower it and start the diesel. They ended up replacing most if not all with hybrids (meaning they do burn diesel in the tunnel too), which I believe turned out not to save any fuel or electricity.

Comment: Summers are not getting shorter (Score 1) 421

by matthewv789 (#47659115) Attached to: Slashdot Asks: Should Schooling Be Year-Round?

I don't think most school years are getting longer, except in cases where there is additional vacation during the school year (a 3 week winter break instead of 2, a week for ski week AND a week for spring break, etc.)

What's happening is that high schools are starting to follow the patterns colleges already did: schools on semesters start earlier (August or very early September at the latest), so that the entire semester can be finished before winter break. (High schools used to have winter break, then come back for a few weeks of instruction plus semester finals, which didn't make much sense.) Schools on quarters start later, since the first quarter is only 10 weeks instead of 15 so is easier to finish before winter holidays, but high schools are not generally on the quarter system.

Comment: Of course they want this (Score 1) 129

by matthewv789 (#47162343) Attached to: Whistleblowers Enter the Post-Snowden Era

By reporting internally:

  • The secrets stay secret. Congress, the Courts, and especially the American public will never know.
  • The problem can be "addressed" without doing anything.
  • The malcontent identifies him or herself to the higher-ups, who can decide how to handle him or her from there and most especially prevent them from doing more damage.
  • If the malcontent is not satisfied with the result and later leaks for real, he or she will be first on the list of people to look at to identify the leak.
  • If there is some shady practice that's becoming too well-known within the agency, it can be quieted down so fewer employees know about it.
  • Maybe, occasionally, there really is some wrongdoing they would like to know about and stop, limit, moderate, or otherwise actually address. (Har har, I know right? lol, rofl, lmao, etc.) More likely just legalize and legitimize.

Comment: Re:Ivy League Schools (Score 2) 106

by matthewv789 (#46795671) Attached to: Minerva CEO Details His High-Tech Plan To Disrupt Universities
In theory, but most of the people from those states don't really know anything about their state government's problems. And they seem to be happy to let the federal government grab every bit of power and money from the states, until suddenly they wake up wondering why their state government is so useless and on the brink of collapse, and the federal government is such an all-powerful bully.

Comment: Re:Ahh Yes the trend continues.. (Score 2) 220

by matthewv789 (#46795615) Attached to: California Utility May Replace IT Workers with H-1B Workers

Manufacturing may be, but what about manufacturing EMPLOYMENT? When you use robots and automation, there aren't so many employees.

And it may look large because US manufacturing is focused on large-ticket items, like aircraft and rockets and tanks. It's still the case that 99% of the routine goods that you buy (whether clothes or household items or toys or electronics) are made in China.

Comment: Re:Tech workers only? (Score 1) 220

by matthewv789 (#46795551) Attached to: California Utility May Replace IT Workers with H-1B Workers

I should also say that, predictably, the Indian workers for the contract companies tended to rarely stay in their jobs longer than a year, so quality tended to be poor and training was a constant battle. And with a 15%+ pay increase every year (vs 2-3% in the US, in the few years they actually gave any pay increases at all), they were going to catch up eventually. But even at the time, other managers admitted privately that management and other costs ate up the difference and they weren't actually saving any money...

...which made me wonder why they continued to do it. Some kind of corruption?I always thought that after the initial wave of super-cut-rate offshore work, that I had to be missing something, not seeing something, to explain why it continued when it decreased quality and didn't save on net costs.

Comment: Re:Tech workers only? (Score 1) 220

by matthewv789 (#46795511) Attached to: California Utility May Replace IT Workers with H-1B Workers
How do you know the managers aren't ALREADY from India? That was the case a couple of jobs ago for me, it was not exactly reassuring to hear from the high-level manager who was pushing for and managing the outsourcing, who happened to be Indian, that "these (offshore) people are not replacing any jobs in the US". It was completely false, of course, unless he meant that the six-month gap between each round of mass company-wide layoffs and adding more staffing to the offshore/outsource location were somehow disconnected. It really meant that each year they laid people off in the US when business slowed down, then added Indians a few months later when business picked up again. Since business was cyclical on an annual basis, it was a pretty predictable way to shift work offshore more and more each year.

BYTE editors are people who separate the wheat from the chaff, and then carefully print the chaff.

Working...