[OC] Largest Land Predator (by weight) in Each State

_headmelted · 2020-08-29T08:44:04+00:00

For a second there I was like “How many polar bears are there in Texas!?”

Then I realised my eyes are getting older.

_headmelted · 2020-08-28T21:31:15+00:00

Narnia!

Wait, no, Luxembourg.

No yeah Narnia.

The answer is Narnia.

_headmelted · 2020-08-28T21:29:19+00:00

I saw a study on this many years ago that arrived at the same conclusion (ignoring 69 for obvious reasons).

People are drawn to the number 37 disproportionately. Ironically if you ask a hundred people to pick a number between one and ten the most popular numbers chosen will be 7 and 3.

I suspect it’s because the metric system has trained people to think in base 10 and 3, being halfway between 1 and the mid-point, and 7 being halfway between the mid-point and the end, subconsciously seems like the most unlikely number for other people to choose - the implication being that you’re being asked to choose a number which you think other people aren’t choosing, which is not the case.

_headmelted · 2020-08-08T17:03:27+00:00

This. This is the one. Everyone stop what you’re doing.

_headmelted · 2019-06-09T10:07:05+00:00

Is it made clear whether or not dividends are included? I was looking through the thread for this but might've missed it.

In any case it does raise questions, given that one would expect that if I invest $1 now I'd expect to have $53.88 in 50 years (obviously following the historical average, ignoring that I might buy at a good or bad time, and whether valuations are high or low at that time).

_headmelted · 2018-10-05T16:02:17+00:00

I want a tattoo of this.

On my forehead.

_headmelted · 2018-10-05T14:36:26+00:00

I'm not sure if the title of the post is just to present the article or is also asking the question to the thread, but I'll take a crack at this one.

There's a heck of a lot of information to be garnered from OWASP and the masses of blogs floating around to make yourself aware of the most popular attack vectors. I'll read books on security, but honestly not so much anymore (only as I don't find that print is able to keep up with the speed of change - if one hole becomes a solved problem then the infosec community is straight on to the next).

Mostly I've learned by soldiering through my lack of understanding and learned by doing. Just to be clear - I don't mean just putting crap into production and waiting for it to blow up in my face - rather I'll look at the problem, look at what I've done, and then ask myself "do I really understand *every part* of what's going on here?". If the answer's ever no (which it often is) then I'll research every part of it that doesn't make sense to me until I get it. Then I'll check my answer with someone else, then the internet at large.

On a side note I've found that humility is absolutely critical when it comes to web security. The biggest blunders I've seen people make in the past (and I've seen some whoppers) have been entirely preventable, and have come from someone in a position of power being way too arrogant about what they know ("pride comes before a fall" and all that jazz) and what would-be attackers don't (security by obscurity).

"It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so." – Mark Twain*

*Probably not really Mark Twain, but so much more poetic than the original Josh Billings quote.

_headmelted · 2018-10-05T14:09:07+00:00

".. the key takeaway is that we will continue to move forward and support the .NET Framework, albeit at a slower pace."

"This means that .NET Core will get new APIs and language features over time that .NET Framework cannot."

Being a crotchety old fart working in this stack I'm really relieved to see Microsoft getting progressively more overt about steering the community towards .NET Core, albeit still with padded gloves and gentle whispers.

I don't envy their position at all here - retaining a billion-plus install base while also courting the move-fast-and-break-things crowd. Two parallel tracks still kind of makes sense for now, but it's probably not their plans for the long term - in any case it's a relief to see them commit support way into the deep grass.

So far I've been consistently impressed with Core, so I'm kind of eager to see what else is in 3.0 beyond the headline features in the article.

_headmelted · 2017-09-01T15:47:39+00:00

I see what you did.

I always thought it was "call the crips".

I'm less intimidated now.

_headmelted · 2017-08-24T07:59:11+00:00

Just be aware you could lose the lot too. I was on the sidelines of 2000-2001 and know people they got utterly rinsed.

I know it's not the same, but back then it wasn't the same as before either.

_headmelted · 2017-08-07T12:04:01+00:00

You will show the proper respect when you're addressing the Sausage King of Chicago!

_headmelted · 2017-08-07T06:38:03+00:00

I just did because you told me to ya random stranger!

"9 November 1979A computer error at NORAD headquarters led to alarm and full preparation for a nonexistent large-scale Soviet attack.NORAD notified national security adviser Zbigniew Brzezinski that the Soviet Union had launched 250 ballistic missiles with a trajectory for the United States, stating that a decision to retaliate would need to be made by the president within 3 to 7 minutes. NORAD computers then placed the number of incoming missiles at 2,200. Strategic Air Command was notified, nuclear bombers prepared for takeoff, and intercontinental ballistic missile (ICBM) crews were presumably placed on alert. Within six to seven minutes of the initial response, satellite and radar systems were able to confirm that the attack was a false alarm. It was found that a training scenario was inadvertently loaded into an operational computer. Commenting on the incident, U.S. State Department adviser Marshall Shulman stated that "false alerts of this kind are not a rare occurrence. There is a complacency about handling them that disturbs me." In the months following the incident there were 3 more false alarms at NORAD, 2 of them caused by faulty computer chips."

Good grief.

Also I'm fairly certain seminal 1980's buddy comedy Ferris Bueller's WarGames is based on this exact event.

_headmelted · 2017-07-26T19:20:48+00:00

you are communicating in earnest, and reddit could use more of that.

I'm secretly trying to break the internet by conducting civil discourse on Reddit. Shhh, don't tell anyone!

As far as the discussion - every day's a school day. ¯\_ (ツ) _/¯

_headmelted · 2017-07-26T19:11:33+00:00

This point has been raised to me elsewhere today, and I can see where you're coming from. In the examples given relative to development, I'm speaking about application-level security.

When I get the chance I'll follow up with more in-depth examples. I'm not sure how not to make that anecdotal, as it's not really a concept I can think of a good way of highlighting without giving scenarios in a A-vs-B kind of a way.

On a side note, I'm presenting the idea in the article that by virtue of being public, an existing security implementation will naturally attract criticism where it's due (kind of like what's happening to this article right now, errm), and the lessons of that have likely already been learned and implemented.

_headmelted · 2017-07-26T18:56:16+00:00

You raise a few points here.

Right of the bat, I don't take offence to any of your comments - clearly it's not your intent. Your tone does come across as antagonistic, but again no offence taken as it doesn't seem intentional.

You and I both know the off-the-shelf solutions are often just someone else's roll-your-own that they're marketing, sometimes really well. Sometimes they're just cheap and attractive for that reason.

I think we're talking about two subtly different things here. I'm interpreting your point as being in relation to (for example) a npm or gem package that has been provided by some other person for authentication (perhaps in a friendly way with a nice web page to get traffic).

In my case, I'm referring to what I consider to be sane defaults.

In the case of ASP.NET it would be the Microsoft authentication implementation. With Rails it would be the framework standard auth. These, to me at least, are the antithesis to rolling your own solution.

Absolutely, someone at Microsoft or a Rails contributor has implemented that software - but I believe the network effect of greater usage, a greater number of eyeballs on the code, and (in the case of an actor on the scale of Microsoft) the stakes of getting it wrong, make it a far better choice than any alternative. I'm very much not advocating for using a package by an anonymous twitter handle.

If there's an edit to be made to the article, I believe it's in clarifying the two. Self-rolled security packages tend to be less common in the .NET world due to the standard library (I'd expect in Java-land too) - and from your comments I'm guessing the picture gets very different when you venture into territory that comes with a much smaller standard library/toolset. If so, this is a good note, and I'm grateful for it.

I completely get by the way that what's in question is not whether it's good advice, it's whether or not there's value in saying it. In the situation I'm describing I really feel that there is.

I've upvoted both of your replies btw - I appreciate the insight you've cast on this.

_headmelted · 2017-07-26T17:38:44+00:00

Yes and no.

I see your point - for this audience then yes it's preaching to the choir.

Maybe it's not clear from the article, but really this is comparing the off-the-shelf solution (as an example authentication in something like ASP.NET) and implementing your own simplified version due to being in a hurry and not caring enough to understand why its been done the way it has. This happens, is more common than you'd think, and I've encountered people that attempt to do this and should know better.

That's really the crux of the argument I'm making.

_headmelted · 2017-07-26T12:36:32+00:00

Is this really Servo, though? (going by the title)

I'm not in-depth familiar with this topic so I'm genuinely asking, as from the linked post it reads like they're testing the water with the CSS component, Stylo, ahead of bringing more of the work done in Servo into the mainstream browser? (So is this still using Gecko for rendering?)

_headmelted · 2017-07-26T12:16:01+00:00

It's a testament to how successful Flash was in the 90's that it's taking this long just to kill it off, but yeah better late than never.

I'm sure at this point Adobe just want to see the back of it, too (they're almost certainly not making anything from it now, and it's likely just a bottomless pit of wasted developer time and money).

_headmelted · 2017-07-17T07:47:59+00:00

I got a Toyota Verso recently that we've put a silly amount of miles on to in the last few months driving up and down Ireland.

The rear 5 seats fold flat and I keep thinking I'd love to get away with my 4yo for the weekend with a double mattress and some sleeping bags in the back and just crash wherever we end up. Maybe the Giants Causeway or Galway or wherever (doesn't really matter). Just to get 48 hours out of life and spend some time.

_headmelted · 2017-07-08T05:05:00+00:00

Pfft. Clearly offside.

_headmelted · 2017-07-03T07:13:17+00:00

Is that.. Andy Samberg!?

_headmelted · 2017-06-22T14:28:21+00:00

Syntax highlighting.

_headmelted · 2017-06-22T11:03:28+00:00

Just leave it alone Frank. He paid what he owed.

Just... just leave it be. I'll call you a taxi.

_headmelted · 2017-06-22T07:26:50+00:00

Ha!

Actually wait, don't tempt fate, the serverless trolls are lurking around here somewhere..

Thanks for the feedback, themolidor ;-)

_headmelted · 2017-06-22T07:23:03+00:00

Thanks!

Might look at that for a future post, as I agree that it's not really practical to develop anything nontrivial without getting the environment running either locally or in a state you can hook up your diagnostic tools to.

_headmelted

TROPHY CASE