He's just flaming with the tap water thing, remember he's driving home from work, so not likely to stop at the gas station for a glass of water...now if he were concerned about the environment he'd use a decent canteen bottle and fill it with tap water before leaving work. That would actually help his teeth because of the fluoride in the water, not to mention the chlorine. And he wouldn't be contributing to the soda industry and all of the chemicals required to produce that stuff, nor to the bottle industry and all of the oil that goes into that industry. But that's probably a bit more severe than anyone really needs to be, just some modest changes and we can all be a bit nicer to the planet.

http://www.dentalgentlecare.com/diet_soda.htm and http://www.mayoclinic.com/health/diet-soda/AN01732 for example... 2 liters of any man made liquid is going to be more than you should ingest in a day. All things in moderation. While I'm all for people eating what they want it makes me cringe when I see people consuming chemicals like there's no tomorrow. At least switch to a natural juice if you want something sweet and don't like water that much.

2 liters of soda per day? Dude, stop doing that to yourself. Buy a water tomorrrow, please.

Sorry for the delayed response. I missed out on my daily /. the last few days. My use of the term average was based on the definition of average according the dictionary's (m-w.com is a handy reference) documentation of accepted use, in this case the adjective "average" is defined to mean " a: being about midway between extremes, a man of average height, b: not out of the ordinary".

My intent was to refer to the fact that people tend to fall into the middle ground between the extremes. I believe the statisticians would call this a bell curve, etc. But for a non-technical post I just went with the adjective "average" because most native English speakers understand that definition (and it was the first to my mind). Hopefully that makes it easier for the mathematicians to read the post. I know how frustrating it can be to read a post with technical inaccuracies.

By definition the world is mostly made up of average people. For those of us that were products of public schools and other institutions that accepted everyone regardless of their abilities or backgrounds we can probably think back on groups that showed exactly what "average" means.

This combines with the most common failure of unfettered democracy, the tyranny of the loud (and perhaps underemployed/bored/obsessed), to create a perfect storm of vitriol, ignorance, and selfishness in places like an open forum online.

Quite simply, people without knowledge or experience in a field deserve less speaking time than those with knowledge and experience. If those people that are excluded from a discussion because they are ignorant or inexperienced want to participate than they should take the time to become knowledgeable and experienced in the field.

I always like to see open discussions but I also like to see comments rated and organized so that I can sift through the crap to get to the gold, something that guyminuslife mentions is missing from the Post's website system.

And to speak directly to a comment from the original article, the fact that the comments show the true feelings of the citizens of this country is interesting from a polling/election point of view but the details of those comments don't add much, if anything to the discussion at hand. This is especially true of indefensible positions like racist or sexist comments.

The discussion about colleagues is a critical point and one that most people overlook when they choose a field. I'd put peers as one of the top reasons to choose or avoid a particular career. If you like the people in a field than it's a great area to work in, if you don't like them than it's going to be really tough to go to work (for the next 30 years).

I'd also agree that a generic CS degree is more valuable than a technically specific degree. Concepts matter.

And as for coding 9-5, of wearing a suit as an MBA, those aren't hard coded into the different careers. You can setup a work environment that fits your style if you figure out what that style is and work towards it over time. I know plenty of programmers that have figured out how to balance coding with design and architecture work, and plenty of MBAs that never wear a suit (such as me.)

Look at your work environment just like any other task/goal, layout objectives, figure out what moves you toward those objectives, and execute those actions. It may take time but you'll almost certainly get there because no one is really working against you, it's just inertia that keeps most people from finding a good working environment, imo.

Lastly, keep coming back to focusing on your relationship with your peers. You should use that as a metric to determine the quality of your professional life. If you respect and enjoy working with your peers (even if you don't agree with them) than you're in a good spot. If not, starting moving elsewhere. We are defined in part by the people we choose to associate with, in addition to our actions.

/agree. Don't be afraid of change. People who say change is hard are just speaking from fear not experience. If you're willing to give up your cushy, stable, and known career to restart somewhere else than it'll be exactly like starting out from college.

This is a better question than most here will give credit, regardless of how sleazy it is that MS sales reps are using it as a tool.

The real focus needs to be determined. Is the question whether open source software development methodology is inherently vulnerable? Or is the question whether open source project X is more vulnerable than proprietary project Y?

I'll address my thoughts on the open source methodology, and the argument I use in these discussions.

Software security is reliant on a couple of key factors. Obscurity is the first one most people think of, and despite the prevailing feeling, obscurity is an excellent security control that protects against certain types of attacks. However, reliance on obscurity for security is not a good idea because over time most secrets are disclosed.

Good security architecture relies on robust security controls that maintain integrity even when attackers are fully aware of the mechanism's internal working. Perhaps it helps to think of it this way, imagine two people walking down the street. One is alone and vulnerable but in disguise and very hard to recognize. He's relying on obscurity for security, and it will probably work. The other person is surrounded by bodyguards and the entire region for miles around is swarming with more guards and surveillance teams. He's relying on a robust security control (really controls) and it doesn't matter if attackers no the details, they still aren't going to have an easy time getting through to him.

So open source projects are no insecure because they are open, and in fact many would argue that their very openness provides insurance against stupid decisions to use weak security controls and protect them only through obscurity (a classic move of proprietary systems, just think of the old MS password hashing scheme, or a dozen other proprietary security controls that turned out to be too weak to withstand public scrutiny).

The vulnerability numbers bear out this basic concept with more vulnerabilities relating to Windows systems than to *nix systems despite *nix systems running many more critical systems. I'd have to say that this is in large part because the underlying security controls of *nix systems are dissected by obsessive compulsive geeks, like us.

To convince your boss that FOSS is OK, do some research on vulnerabilities reported in the NVD. A (very) informal check shows about 1200 vulnerabilities tied to Linux and 1400 tied to Microsoft. I'd suggest doing more, and better, research than that before sitting down with the CEO to discuss this but the numbers seem to be on your side.

I'll end by saying that FOSS products are not always secure, and the open source development methodology is not inherently secure if the development community is too small to provide competent, and unbiased, security reviews of the software. A very large project, like Apache or Ubunut, is likely to fair well when compared directly to IIS and Windows. A smaller open source project, like a contributed module to Drupal, may be riddled with problems simply because not very many people took the time to look at it before deployment. That is one advantage of a commercial company, they (should) have a good QC/QA program to make sure bad products don't get shipped (they get sold to Microsoft who can ship crap with impunity ;-)).

Anyways, it should be an easy argument with NVD numbers to back you up and the concept that security through strong algorithms and good architecture is more important than security through obscurity.

I really like this set of ideas and recommend it as a good starting point.
For my piece, I'd suggest the following additions/modifications:

• Use live USB keys to setup customized learning environments for certain classes, like the sciences
• Use the most basic hardware possible with a Linux environment, and consider all hardware throwaway...make no real attempts to maintain hardware
• Assign hardware to students because they'll take better care of something they "own" for the year
• Prohibit Internet access during class periods (a simple Squid proxy solution should handle this nicely)
• Establish an in-school chat/forum infrastructure to cultivate the school's community feel
• Make sure IT services are readily available between classes, lunches, and before and after school

I'm sure I could come up with lots more but I'd say the key is easy maintenance (live USB is awesome for that), throwaway hardware (no way you'll make even the best stuff last too long anyways), no Internet during classes (classes are for learning how to learn, not actually researching stuff), foster a good atmosphere (this is where the kids "work" so it should be as nice as possible).

I'd also strongly suggest letting the kids take laptops home if at all possible. The more time these kids spend on the computer the more likely they are to be able to use one as an effective tool later in life. Obviously they shouldn't be on it all day like a Slashdoter would be...but you get my drift.

About the multisite issue, I've struggled with using a single Drupal instance for this because of SSL limitations within Apache. My understanding is that a single IP is associated with a single certificate, so a multisite install could only have one SSL-enabled site. Let me know if this is incorrect or if you know of a workaround. Updating the sites with a script is certainly possible, and actually the only way I know of to handle it once you get beyond two or three sites, but requiring extra scripts to do an update is a major deficiency. Check out the Wordpress update feature for an example the way I think Drupal should go.

The security mailing list is excellent and I'd strongly agree that anyone managing a Drupal install should subscribe.

I'll check out the devel's moduel. I haven't heard of that yet.

As for update.php, the actual page states this "Drupal database update...Use this utility to update your database whenever a new release of Drupal or a module is installed." So I always run it when I install a module. This makes sense to me because the update.php script is the mechanism that updates the database structure, I believe, and there's no other way for a module's changes to be inserted into the database...again if I'm wrong please let me know.

I've been using Drupal for a variety of website tasks for about a year now. As a novice (at best) programmer I'm more interested in the functionality of the tools than in customizing them or inventing new tools, so for me it's important that my content management tools be fully functional. So far, Drupal's only real gotcha is the lack of seamless upgrades. This isn't a huge problem if you're willing to spend several minutes/hours every week or two upgrading your site, however it does become an issue if you're handling multiple sites. Whereas Wordpress has a built in upgrade function, Drupal requires you to manually delete existing directories and upload the new code every time there is a core update. Modules are a bit easier in that you only need to delete and upload that module's directory, and a well organized site keep the modules away from the core code (e.g., in /sites/all/modules instead of in /modules). Security seems pretty good so far, with just a few core security updates over the last year, I think. Modules often have more security issues, but the most popular modules seems almost as stable as the core. I believe both CCK and Views, two immensely popular modules, are being ported into core for Drupal 7. Drupal's usability is good once you get used to the organizational structure but there is a steep learning curve because of all the options. For example, installing a module requires the upload of the code into the /sites/all/modules/... directory, enabling of the module in the module control section of the site, running of the update.php script (as the root user of the site), and setting of the permissions for the modules (which is often a complex process). Granted you don't do module installation that often but it's a serious process when you do. Too long to proofread! Sorry for the wall of text...Drupal's worth a try and I'll probably pickup this book to see what is has to offer.

If you had read the decision you would realize that at least some of the prisoners were picked up in other countries. Countries such as Bosnia, which are not involved in any way, shape, or form with hostilities against the U.S. Additionally, you would have read that the Bosnian government picked up these individuals on suspicion of terrorist actions but had to free them for lack of evidence, at which point the Bosnian military handed them over to the U.S. military. If this doesn't make you a bit nervous than you're very, very trusting of governments and government decision makers.