@PenguinWrangler said in Fitness and Weightloss:

Okay okay geez.... you guys made me get back on the healthy eating wagon. I have about 75 pounds to lose. I am getting about a mile walk in a night, even though it hurts. Orthopedic doctor wants to do surgery on my leg/back, once my weight gets down.

I am not a doctor, nor do I pretend to be one. I simply have had back surgery, and several people in my family have as well and this is what I have seen. From my research back surgery to eliminate pain has a low success rate, but surgery to fix motor function is often a requirement. I was to the point I was loosing motor function in my left leg due to nerve damage. Best decision of my life. Everyone else I know that went to an orthopedic doctor for pain has been through multiple surgeries and left dependent on pain meds, and is still in pain, and often as bad or worse than they started. I encourage you to do your research first, and wait until you get the 75lbs off. You will feel a ton better from that alone. It is a long road, but you can do it.

I just got a new ASUS Chromebook flip about a week ago. I love it, and it is my at home, no heavy lifting, consumption device of choice. I wouldn't want to do much development on it, but for a home PC it is about perfect.

@guyinpv said in Fitness and Weightloss:

My weight steadily went up with each major event in my life. Namely, job change from outdoor/active to indoor/tech, marriage, kid1, kid2.

Currently 5'10" and about 60lb overweight. Now we're preggers again so need to not add any more!

My problem is simply food volume and calories. I feel far too stuffed after far too many meals, but at this weight you really feel the hunger!
Spending hours and hours a week away from family doing jogs and gyms and stuff just doesn't work very well. So diet is key. And not eating too much for a desk job is very important!

I've enjoyed the Strava app for tracking walks, hikes, and bike rides.

Diet is key for sure! About 80-90% of weight lost is through diet. Just look at what @JaredBusch just posted, a 40 min outdoor walk burned 300 calories. That is about a bottle of soda. Just having a water for lunch, and sitting in a chair does the exact same amount of good for calories in calories out. That being said, drinking water, and going for the walk is where you get the big losses.

Also, this is why I play Pokemon Go, It gives me the same information give or take as a walking app, but I get to catch things, and it turns the whole process into a game to pass the time.

Not sure if I have posted this before around here, just wanted to put my two cents in. I did a little over a year of fat free vegan, and I lost 80 lbs. but I started having some health issues from not watching my micro nutrients. I quit that diet. I decided after a couple years that I still wasn't where I wanted to be, so I have tried a new diet and my wife and I love it. It is The Wilfe Diet from Able James. I do well with strict rules and structure around weight loss, so it works for me. It is basically paleo with less restrictions, a focus on quality food, and intermittent fasting. I have lost another 20 lbs between this a just watching what I eat then about 6 weeks ago changing over to this diet and loosing another 10-15lbs. My new fitness addition is putting Olympic Gymnastic rings and a ceiling mounted pull up bar in my garage and giving up the gym membership to work out at home. I work out there 3 days a week doing the Reddit Bodyweight Fitness RR, then yoga 2-3 days a week on my off days, and walk 1-2 miles a day on my lunch break playing Pokemon Go! So far so good, and I am by far in the best shape of my life.

Feel free to hit me up if you are interested in trying out any of this stuff, I would love to help someone else get in shape.

@scottalanmiller I sat down when this was first posted and watched the whole thing. I know the future is heading in this direction, I guess it didn't sit in until witnessing it first hand and seeing how real a threat like this can be.

I came across a virus the other day, and I am just brainstorming how it could have been prevented or mitigated. The virus infected a computer, and started looking for AD user names by looking at folder names in C:\Users. It would then attempt to spread to other local computer and repeat. It kept spreading and brute forcing login attempts with these user names and slowly locking out all user accounts. Critical systems were not affected, and this variation was not caught by anti-virus software when it first hit. The question becomes, what if critical systems were hit. What can you change from a design standpoint that would help prevent this kind of attack. My first thought is maybe having a separate domain for critical systems that has a one way trust to the primary domain. My other thought is critical systems shouldn't rely on active directory, but that seems counter intuitive. I just wanted to open up a chat about what best practices exist for mitigating internal brute force attacks.

@scottalanmiller said in Verizon's $70 Gig Internet Plan is Actually $200, Oops:

This is why I left Verizon originally. Service was good but they actively punished you for being a loyal customer. They actually called it a "loyalty fee" or something on the phones. I refused to pay it and left their service (now I can get it cheaper because I left them... they are literally willing to give me a better deal because I wasn't loyal!) Looks like the same here. If they think you are too lazy to leave them, they will treat you more and more badly until you change your mind.

I see this with Verizon, but I have a decent relationship with my local shop. When they show adds on TV, we just call them and ask if we can have it too, and so far they just switch us over to the new plan. So far this has just been for the "Now get XGB of data and month for only $Y." It sucks we have to call, but they are nice about it and they are by far the best quality of service for my local area.

@Mike-Davis said in US Lawmaker States that Privacy Doesn't Matter Because No One Has to Use the Internet:

I used to think that it was only people that had something to hide that should be concerned about stuff like this. When the IRS started targeting conservatives, that changed. It doesn't matter what your affiliation, if the political wind changes, you could be on the receiving end of what ever group is in power.

Well if you don't make mistakes on your taxes, what does an audit matter?

@DustinB3403 said in Amazon Go and the Future of Shopping:

The only issue I see with something like this is now you'll hire security to confirm purchases as people are entering / leaving.

Should be less staff over all, but a bit more police state shopping.

The companies who start moving in this direction are not the same ones who will treat their customers like criminals over the possibility that one item didn't get rung up.

I have worked on projects to try and do warehouses this way, but time and time again, the RFID ends up being just too expensive per tag to make it worth it. We already have the technology to fill a cart with items then as a customer walks out, a gateway over the door can count it all, and bill them. I am betting Amazon has just found a way to bring cost down slightly on existing technology.

@scottalanmiller said in Apple Completely Redesigning the Mac Pro Again:

@coliver said in Apple Completely Redesigning the Mac Pro Again:

Trashcan didn't sell like they were hoping to?

That was actually a really neat piece of hardware. That and the mini make a lot of sense. Their lack of middle ground is the biggest problem, I think.

This for sure. We have one being used as a webhost and build server for our iOS projects, but honestly a mini could do everything we use the pro for just as well.

YUS, my 2 year old daughter loves foxes and yells in excitement any time she see's one especially in public. The only problem is she can't pronounce it right, so instead she yells out Fau-ka.... it is adorable and horribly embarrassing. Like for example when a stranger has a fox on their shirt and she is pointing, calling them a F#!&er.

I put a little money in bitcoin every week. I have a friend who went full in retirement and all, and preaches the gospel all the time. I'm not that crazy, but I first bought in at $268 a BTC, and as of right now we are at.... $1,178 and down almost $100 from last week, so I'm having fun. It is a way for me to play with some spending money on the side and learn and try the technology behind it.

@scottalanmiller said in Website to Database Security:

@s.hackleman said in Website to Database Security:

@scottalanmiller said in Website to Database Security:

@s.hackleman said in Website to Database Security:

@scottalanmiller said in Website to Database Security:

@s.hackleman said in Website to Database Security:

@scottalanmiller said in Website to Database Security:

@s.hackleman said in Website to Database Security:

@scottalanmiller said in Website to Database Security:

@s.hackleman said in Website to Database Security:

The other department says this is a security risk, and is requiring passthrough security. This means that every user would be added to a AD group with rights to the website and databases.

Well no. I'm not sure where passthrough security is coming from to begin with, maybe some more clarity there. But I'm not seeing it.

The users would need to be in an AD group with access to the website, yes. But none of them would have ANY access to the database, of course. Only the application would have access to the database. So something is wrong with that description compared to how you described it above.

I know, but no I described it right. That is what I am fighting. I am in the process of making my case for sanity.

So the other department doesn't know how applications or databases work? Just ignore them then, you won't be able to convince them without teaching them way too much to be worth it.

I wish I could, but in this case I have to get them on board. I wish I had a better response than office politics, but I know you understand how silly it can be sometimes.

I'd go to management and discuss the security risks of "random, non-technical input" and list this process as "social engineering endangering the company at an endemic management level." This is a reckless process that someone (maybe the CEO) should know about.

That is the case I am building, just checking my own sanity, and looking for information that is easy to digest.

Anything else will be impossible because defending against "random inaccurate statements" isn't really plausible. But why would someone be introducing this risk at any level is a serious question. What's their purpose in doing this?

In short non technical middle management making rules and enforcing them down on technical people.

But how did they get that power and why is the security head not stepping in to fix a problem? Why are their managers not protecting the company from them?

Next time I see you in person, I'll buy you a beer, and we can break it all down.

@scottalanmiller said in Website to Database Security:

@s.hackleman said in Website to Database Security:

@scottalanmiller said in Website to Database Security:

@s.hackleman said in Website to Database Security:

@scottalanmiller said in Website to Database Security:

@s.hackleman said in Website to Database Security:

@scottalanmiller said in Website to Database Security:

@s.hackleman said in Website to Database Security:

The other department says this is a security risk, and is requiring passthrough security. This means that every user would be added to a AD group with rights to the website and databases.

Well no. I'm not sure where passthrough security is coming from to begin with, maybe some more clarity there. But I'm not seeing it.

The users would need to be in an AD group with access to the website, yes. But none of them would have ANY access to the database, of course. Only the application would have access to the database. So something is wrong with that description compared to how you described it above.

I know, but no I described it right. That is what I am fighting. I am in the process of making my case for sanity.

So the other department doesn't know how applications or databases work? Just ignore them then, you won't be able to convince them without teaching them way too much to be worth it.

I wish I could, but in this case I have to get them on board. I wish I had a better response than office politics, but I know you understand how silly it can be sometimes.

I'd go to management and discuss the security risks of "random, non-technical input" and list this process as "social engineering endangering the company at an endemic management level." This is a reckless process that someone (maybe the CEO) should know about.

That is the case I am building, just checking my own sanity, and looking for information that is easy to digest.

Anything else will be impossible because defending against "random inaccurate statements" isn't really plausible. But why would someone be introducing this risk at any level is a serious question. What's their purpose in doing this?

In short non technical middle management making rules and enforcing them down on technical people.

@scottalanmiller said in Website to Database Security:

@s.hackleman said in Website to Database Security:

@scottalanmiller said in Website to Database Security:

@s.hackleman said in Website to Database Security:

@scottalanmiller said in Website to Database Security:

@s.hackleman said in Website to Database Security:

The other department says this is a security risk, and is requiring passthrough security. This means that every user would be added to a AD group with rights to the website and databases.

Well no. I'm not sure where passthrough security is coming from to begin with, maybe some more clarity there. But I'm not seeing it.

The users would need to be in an AD group with access to the website, yes. But none of them would have ANY access to the database, of course. Only the application would have access to the database. So something is wrong with that description compared to how you described it above.

I know, but no I described it right. That is what I am fighting. I am in the process of making my case for sanity.

So the other department doesn't know how applications or databases work? Just ignore them then, you won't be able to convince them without teaching them way too much to be worth it.

I wish I could, but in this case I have to get them on board. I wish I had a better response than office politics, but I know you understand how silly it can be sometimes.

I'd go to management and discuss the security risks of "random, non-technical input" and list this process as "social engineering endangering the company at an endemic management level." This is a reckless process that someone (maybe the CEO) should know about.

That is the case I am building, just checking my own sanity, and looking for information that is easy to digest.

@scottalanmiller said in Website to Database Security:

@s.hackleman said in Website to Database Security:

@scottalanmiller said in Website to Database Security:

@s.hackleman said in Website to Database Security:

The other department says this is a security risk, and is requiring passthrough security. This means that every user would be added to a AD group with rights to the website and databases.

Well no. I'm not sure where passthrough security is coming from to begin with, maybe some more clarity there. But I'm not seeing it.

The users would need to be in an AD group with access to the website, yes. But none of them would have ANY access to the database, of course. Only the application would have access to the database. So something is wrong with that description compared to how you described it above.

I know, but no I described it right. That is what I am fighting. I am in the process of making my case for sanity.

So the other department doesn't know how applications or databases work? Just ignore them then, you won't be able to convince them without teaching them way too much to be worth it.

I wish I could, but in this case I have to get them on board. I wish I had a better response than office politics, but I know you understand how silly it can be sometimes.

@scottalanmiller said in Website to Database Security:

@s.hackleman said in Website to Database Security:

The other department says this is a security risk, and is requiring passthrough security. This means that every user would be added to a AD group with rights to the website and databases.

Well no. I'm not sure where passthrough security is coming from to begin with, maybe some more clarity there. But I'm not seeing it.

The users would need to be in an AD group with access to the website, yes. But none of them would have ANY access to the database, of course. Only the application would have access to the database. So something is wrong with that description compared to how you described it above.

I know, but no I described it right. That is what I am fighting. I am in the process of making my case for sanity.

I am in a Active Directory environment setting up an internal website on IIS. I will be using the Active Directory logged in user from browser to determine who the person is and show different information based on this user. I am butting heads with another internal group around here about security, and I would like some best practice information to help settle this disagreement.

I would like to have a single domain account for the web application, and for ownership of the database. Users would have to be logged in to their computer via AD, then when they open the site our internal logic would determine the information they have access too, and the website would have its own internal list of roles and security. Then calls for information would use a single account between IIS and the database.

The other department says this is a security risk, and is requiring passthrough security. This means that every user would be added to a AD group with rights to the website and databases. This ensures that every database access can be tracked back to an individual account. I see this as overkill, and adding an unnecessary layer of complexity. Addition of roles wither it be website security, or active directory security would be done by an administrator, using their personal account.

Does anyone have any citable sources, or just wants to convince me that one way or another is right?

True lesson in this story is do not work on a production system with changes that could take it out of service when time is critical. Better to say, "Next time you have a long meeting at the end of a Friday, let me take a look at your computer."

All personal data including email is 6GB. The wife is a photographer so hers is in the 3-5 terabyte range, but I keep my stuff pretty streamlined.