Messages

Golden Applesauce:

Okay, fuck me. Do you know why you were suicidal?

Yes, and I've even posted it to the forum before. But I don't really feel like sharing it with you, because you'll probably call me and my loved ones "sorry losers."

Where are all the people who say, "I believe in treating the whole person. That's why I have thorough training in psychology, psychiatry, special needs education, endocrinology, regular education, relationship counseling, physical therapy, gynecology, career counseling, oncology, nutrition, and the top seven most common religions in my area." ???

That sounds like some serious schooling.

I'll admit I was thinking of the comic book character Dr. McNinja, who earned a Ph.D. in every field except Agriculture by cloning himself (with the help of Ben Franklin), having each clone get a different doctorate, and then merging them all together. (The clone with the doctorate in Agriculture was late to the merging party, and decided to live on a farm instead, calling himself "Old McNinja".) That absurd level of education, in one person, is clearly fantasy.

On the other hand, a lot of regular folks are in school from 4 to 24. That's twenty years of schooling, but you can't really claim that results in twenty years of education. A high school diploma means nothing, and you'd hardly call someone a "scholar" just for attaining a 4 year degree. There's room for improvement here.

The other thing is that we suck at educating adults. Once you've acquired enough job skills to get hired, there's little to none institutional support for continued education. If you're lucky your job gives you time off to attend seminars and workshops. But if your'e working 40-60 hours a week, when are you supposed to make time to practice new skills and do exploratory learning?

[including my own brand of woo (which does NOT include "Chinese traditional medicine").]

People aren't just chemicals, they're also the sum of their experiences and their internal narrative of self. A proper holistic approach to treating mental illness would be therapy AND drugs (as needed) AND exercise AND diet AND accessing environmental problems AND, yes, a dash of woo, because woo is actually pretty effective at some mental health problems and pain management. The problem is the current crop of morons are ALL WOO and very little else. and refuse to acknowledge that what they're doing is woo and that woo is only effective in a very narrow scope of cases. Woo will not cure your damn cancer, but it may help you get through chemo happier, and that's a valuable thing.

If I have strep throat, I don't need any woo or any counseling.  The "whole person" approach is a waste of time.

If I have heart disease, then I probably need everything including my own brand of woo (which does NOT include "Chinese traditional medicine").

If I have stage 4 pancreatic cancer, then I need the clergy.  And morphine.  Lots and lots of morphine.

So, yeah, the "whole person" approach is sometimes useful.  "Holistic medicine", taken literally, is not a bad thing, if by "holistic" you mean "all facets approach" and not "some filthy hippie shit".  Unfortunately, when people say "holistic", they almost certainly mean the latter.

That's another often overlooked point. You can't specialize in one kind of woo and then expect to be able to bend your patients to fit it. Someone who was actually serious about woo as a component of holistic therapy would learn as many different styles & traditions of it as they could, figure out the core structural elements, and be able to produce a woo-system tailored to each specific patient's expectations and needs. I.e., treat the specific patient in front of you instead of the disease in your book, which exactly the thing they accuse the establishment of not doing. But that requires the ability to distinguish between "stuff that works" and "stuff that is true" and critical thinking skills, so I'm not going to hold my breath.

Building on what Regret said - I'm one of the "other risk factors" exception. The drugs I take stop my arthritis from eating my finger bones are immunosuppressants. So I'd definitely need to consult with my rheumatologist. She'd probably yank me off the immunosuppressants, maybe switch me to something else for the duration, or something. That's within the amount of overhead that I as a patient can manage, but it's still a pain in the butt and it would be nice and less error-prone if I didn't have to do that manually.

Sorry, that was sarcarsm.

What about someone who is a POW priest victim with an eating disorder? I don't suspect that happens often but why would three different specialists be silly at that point?

Here's the really crushing thing: it's not all that uncommon. Eating disorders frequently accompany child abuse. Everything from the oral stimulation of eating triggering associations with being forced to perform fellatio, to victims of forced pornography and prostitution needing to maintain an specific figure or else they'll be handed over to even more sadistic clients, to mundane relational abuse that incorporates body image as just one more way in which the child is worthless trash.

The other thing is that we're learning that trauma is, statistically, normal. The DSM-III was wrong when it defined trauma as "outside the realm of normal experience." Humanity has had a war going on somewhere at any given time for longer than we have recorded history. Psychologists have just had the luxury of living in a not-war-zone for a while, until having to treat all the Vietnam War vets made them sit up and pay attention. The priest abuse scandal is similar: it used to be really easy for people to dismiss stories of child abuse as delusional, attention-seeking fantasy, especially if the person is already crazy enough to be in psychiatric treatment. A big argument in the recovered memory controversy was that doctors were allegedly "uncovering" child abuse victims at a much higher rate than there could possibly be child abuse. If there were that many adults going around abusing children, surely we'd have heard of more cases? And the priest scandal comes out, along with some other nasty scandals involving institutional abuse, and suddenly anonymous phone surveys are putting the rates of child abuse and incest at 15%, minimum. It turns out that all along it was easier to believe in the existence of one attention seeking liar than to admit the existence of all of the good people who would have had to turn a blind eye to people raping and torturing children. It's starting to look like child abuse is more common than, for instance, homosexuality.

Sorry, my head is in a really depressing place right now.

So, I've been doing some heavy reading on the treatment of trauma recently. There's obviously a lot of literature in psychotherapy about it, but what really struck me was how non-psychological fields dealt with the issue.

Take therapeutic massage / bodywork. "How do you massage someone who has traumatic memories of being raped?" is an important issue in that field. So is "What do you do when a client has a massive emotional meltdown on your table?" I've seen (not yet read) books and articles targeted towards people doing professional therapeutic bodywork that advance the position that they should learn more about the mind-body interface, but from the dust jackets they seem not to be required reading to become an LMT. The standard advice seems to be "remember that you are a physical therapist, not a psychologist, and respect your professional boundaries." And that's true - playing at being a doctor (or playing at being a different kind of doctor) will harm your patients. In particular there are an awful lot of ways that you can do serious harm to someone in the vulnerable state of having dissociated and started to relive memories of being raped and tortured. Problem: doing nothing, or trying ignore the abreaction, is one of those things.

At the other end, we have psychologists treating patients who have been so abused that they can't understand touching a human being in any way but sexually. Problem: they still have the the basic human drive for reassuring physical contact. The therapist can't let them hug him, because they start grinding or groping. But they still want (need?) to be held as they work through all of their experiences, and they definitely need to desensitize themselves to touch at some point. If only there was a class of professionals who specialized in therapeutic and rigorously non-sexual touch who might be able to help... But that would mean at least two professionals from different backgrounds collaboratingone one patient, and that's just silly.

Which is why it's important to weed out the non-science minded by creating a large rocket, putting all the WRONG PEOPLE in it and launch it into the sun.

Which, in a holistic sense, would be beautiful.

Regarding the OP, the NIH is way ahead of you. They've been promoting an interdisciplinary approach to biomedical research and medical treatment for several years, but you have to recognize that thorough training along the lines of your statement would take... let's see...

"I believe in treating the whole person. That's why I have thorough training in psychology, psychiatry, special needs education, endocrinology, regular education, relationship counseling, physical therapy, gynecology, career counseling, oncology, nutrition, and the top seven most common religions in my area."

For "thorough" training in all those areas, you'd be talking about 36 years of school, if I'm being generous. So you probably will never see that kind of practitioner, at least not without some serious modification to the human lifespan. You have what, three medical specialties listed that typically take eight to ten years of training each? Even if you knock those back to four and only allot one year each to career counseling and nutrition, it's still kind of impossible for a person with a normal life span.

But even being more realistic, MDs and PhDs who are currently receiving the interdisciplinary training that the NIH considers vital for the future of medicine are probably, optimistically, six to ten years from graduation. And that's just the first wave; all  the oldschool practitioners are still going to be around for a while, and most medical schools haven't even started shifting their programs to adapt to the new paradigm yet. I would anticipate 20 to 30 years before the change is fully effected. In the meantime, though, at least the earliest waves of research should be emerging and helping to change the way the old guard thinks about medicine and health.

Well that makes me hopeful. I've definitely seen doctors complaining about other doctors in field Y making mistakes that were solved years ago in field X, so I knew the establishment was aware of the problem, but I hadn't heard that there were any plans to seriously emphasize interdisciplinary training beyond just throwing seminars at it.

For the massive time investment required - yeaaaah forty years is probably being optimistic for that much stuff. What I'd really like to see is more cross-discipline teamwork. Right now, if you're lucky, your general practitioner, your therapist, and the specialist treating you for your specific physical ailment might pass notes to each other if you're lucky. It'd be cool if instead of a practice that had 6 different dentists or whatever, individual practices would have doctors from a variety of fields that all collaborated on everything.

People aren't just chemicals, they're also the sum of their experiences and their internal narrative of self. A proper holistic approach to treating mental illness would be therapy AND drugs (as needed) AND exercise AND diet AND accessing environmental problems AND, yes, a dash of woo, because woo is actually pretty effective at some mental health problems and pain management. The problem is the current crop of morons are ALL WOO and very little else. and refuse to acknowledge that what they're doing is woo and that woo is only effective in a very narrow scope of cases. Woo will not cure your damn cancer, but it may help you get through chemo happier, and that's a valuable thing.

Just wanted to emphasize the social relationships under "environment" category. If someone is depressed because they're actively being abused at home, no amount of SSRIs is going to solve their problem.

I've finally put my finger on what pisses me off about "holistic healers" or whatever they call themselves. It's that they understand the problem: modern/western/capitalist/whatever doctors elevating diseases in their particular specialty over the people who have them. And they understand the solution: treat the whole person.

And after having both of those insights what they actually do is crystal-flavored drivel. It is entirely fair to criticize psychiatrists that try to solve every problem by throwing drugs at it, regardless of what the problem actually is. But the exact same criticism applies to so-called healers who try to blast everything with spirit energy. The drug obsessed shrink is reducing all of his human patients to a puddle of chemicals, the holist is reducing his patients to waves of colored aura. Both refuse to recognize or treat any aspect of the patient that wasn't already their specialty.

Where are all the people who say, "I believe in treating the whole person. That's why I have thorough training in psychology, psychiatry, special needs education, endocrinology, regular education, relationship counseling, physical therapy, gynecology, career counseling, oncology, nutrition, and the top seven most common religions in my area." ???

I really don't want to have to pioneer this shit. Becoming a polymath sounds suspiciously like work.

With recent NSA/Snowden leaks about the NSA potentially compromising Internet encryption standards, is SSL/TLS still considered to be safe/not backdoored? If there are backdoors, how likely would it be that they would be in the implementing application vs in the SSL/TLS standard itself?

Basically, is SSL still theoretically secure against an organization like the NSA?

Yes.*

The NSA had to work very hard to get data that was protected by SSL/TLS. They siphoned a ton of user contacts information from Yahoo! by tapping cables. They got much, much less of that same type of data from GMail, because GMail has users use SSL by default. They actually man in the middled a Google datacenter to bypass their SSL.

You might have seen this slide:


It was easier for them to sabotage the servers that Google was using to encrypt things than it was to break the encryption.

The weak point in a communication secured with SSL/TLS is everything except the SSL/TLS part. Malware on your computer**, malware on the server, stolen SSL certificates.

*SSL/TLS is a protocol for for two computers to agree on an encryption scheme, not encryption itself. Some of the older encryption algorithms are starting to show weaknesses, so those specific algorithms should be deprecated, but that doesn't affect TLS as a whole.

**Encryption makes it impossible to cache things, which makes thing slow. If you're an IT guy at a company and you have 1000 people hitting the same encrypted external website 100 times a day, you have to make 100,000 requests. If you cache it, you only have to make 1. But if you let the browser and the external server encrypt things, you can't tell when someone is making a duplicate request. So a lot of networks will actually man in the middle themselves to improve performance, by doing all encryption stuff at the point where the internal network connects to the internet. This includes some smartphone networks / browsers, where bandwidth is at a premium. You need less infrastructure, and it only comes at the expense of your user's security!

Why is our utility and security infrastructure ("our" in my case being the United States) accessible through the Internet at all? Has humankind forgotten that computers can be built to work without being accessible to four billion random humans over a wild west frontier network where no one has ever had a good intention ever?

It honestly strikes me as collusion with hackers in a new world order way, which sucks because all that is nonsense and is not what's going on, meaning I actually have no clue as to why this is so.

So if a power line shorts, engineers can configure the nearby lines to route the load around it from their office in realtime, rather than having to send guys out into a hurricane to fix it. If enough power lines short you need to turn down the various power plants in the area to avoid overloading the whole grid. They could build a dedicated, secure network for it... but we're talking about an industry that is still being outwitted by squirrels and tree branches.

The larger problem is that nobody ever, ever, ever invests until security until they absolutely have to. The incentives just aren't there, especially if you can pass all the costs of an attack onto someone else.

How in the hell would a virus on a windows vm jump to a linux host or vice versa?

Exploiting a bug in the VM.

[stupid]

I think cross site scripting has hit enough blogs and forums that developers are pretty aware of it, even if they're not entirely aware of every way the issue can emerge from their code. There are a lot of noble stupid attempts to sanitise input to remove anything that might be interpreted as instructions for the browser, but Pratchett said it best with "Ninety percent of most magic merely consists of knowing one extra fact" which is all an attacker needs to have to thwart your defences.

It's starting to become understood that perfect defence of a system is not possible and all over infosec people are assuming compromise has occurred and putting their focus into detection and mitigation.

It is possible to sanitize input: HTML encode all user input before putting it in a browser, XML escape all user input before putting it in XML, etc. Every modern language has a nice simple built in function to do this for you correctly. But instead, every single developer things "Oh, I'll just take out <script> tags and we'll be fine" AND GUESS WHAT THAT DOESN'T WORK MORON. ARRRRRG.

<ScrIPt>
<    script>
<scr    ipt>
<scr\ipt> (forget which browser this works in)
<&#115;cript>  ('s' is 0x115 in Unicode)
<&#00000115;cript>
<img src="IsMaliciousScriptNotActuallyPictureLOL.js" /> (for some old, buggy browsers cough cough IE cough cough)
<img onload="<script goes here>" />
<a ref="http://site.with.malware.example" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%; z-index: 1000000000;">
<object>
<meta>
ad infinitum.

Plus you have to know every single browser rendering / parsing quirk - older versions of IE let you put script instead of images, and it would actually run them. And that includes quirks of browsers that haven't been invented yet - if your users have a coffeescript plugin then <coffee> tags will work on them, etc.

Or you might just use TinyMCE for your user text input needs. TinyMCE is an HTML editor in HTML, and guess what? It lets people write HTML, including embedding Flash, Java applets, ActiveX controls, whatever scripts they want, redirects to other sites etc etc etc. The Pagan Place used TinyMCE in its forum software, and yes, I verified that it has script injection vulnerabilities.



Sorry, this is a little of a sore point with me. About ~2 years ago we found a pretty gaping script injection in some software my company uses. For about 3 months their most junior dev would tell me he'd fixed it and I would do a quick google search and "one more fact" them and tell them to do it properly instead. After I showed them the unicode character escape they just started ignoring me.

The flood looks fun, anyway.

I don't get the logic behind a "luxury" hotel with plastic chandeliers and fake bagels, unless they were going for Dolly Parton plastic-jewelry tackiness. There needs to be a category called "kitschy-disturbing". 

Have you ever been to Tennessee? We have an entire theme park dedicated to Dolly Parton. (I think she owns it, actually.)

It's exactly as you'd expect.

Dear Holist:

Fuck you.

GA,
Former suicidal child, awesome and amazing parents