This is called the Ferber method and it worked very well for us as well.
Note to others considering using it, the method is just as much about the ritual leading up to sleep (bath, reading a book, etc)
“Solve your child’s sleep problems” by Richard Ferber, M.D. is the book which includes this. It also includes a lot more, including an overview of sleep physiology including phases, as well as lots more like details about night terrors and other “partial arousals”.
The big thing he says for going to sleep is to set up the desired sleep associations (eg, alone in the crib in a dark quiet room if that’s what you choose) and then ensure the child falls asleep in that situation and it doesn’t change while they sleep. So for instance, don’t let them fall asleep on your lap then move them to the crib, because when the next normal sleep cycle ends and they partially wake up, they will discover something is different and get upset.
A clinical consensus on whether addiction is a choice? Perhaps you are thinking of a clinical consensus on how best to treat addiction?
This is often glossed over by the "addiction is a disease" crowd. The efficacy of treating addiction as a disease does not make it any more "true" as an explanation for the circumstances leading up to it.
MITREs response to this is a perfect example of the old-school security team mindset.
If I had a nickel for every security team I've worked with that a) treat reporting as gospel and don't validate it, and b) don't talk to the developer.
From my experience the key issue is they don't understand the issue enough to engage in a meaningful discussion with the developer
Not allowing CNA seems to be the biggest issue. Long time ago we had issues where getting a new cve for an open source project was really rare and hard to achieve. Now anyone who asks gets one without validation. Two extremes, likely due to lack of resources, but they won't share the load...
Why can't you be an authority of your CVEs without consulting an American gov agency? I'm sure, VLC org is way more trustworthy for nine out of ten people on the Earth.
I think that this CVE issuance problem is getting worse recently where as in prior years there was just a smaller volume of CVE's being assigned. This VLC issue is the kind of CVE that could have been resolved by looking into it (or better assigned/described), and instead turned into a problem. There are also a string of people using security fuzzers to find issues but instead of them being triaged with security in mind they are getting CVE's issued. Some of the CVE's after investigation are test/utilities, pieces of code that are uncommon to be distributed, and a couple times code that is never called at all and was a function that never got cleaned up but when isolated had a stack overflow.
As someone who was recently a security engineer the treating as gospel is a real problem. In reviews of new CVE's you always ended up having to do the legwork to see if it was even relevant. Older CVE's I felt like usually were at least tied to something mostly concrete but the number of times I find the security report and it's just basically a valgrind/fuzzy lop output I am frustrated in the quality of reporting.
The other half of it is the journalists chasing clicks and researchers who name vulns to increase their status. That practice has really been a lot of crying wolf and it's starting to show. We had to create a special categories for vulnerabilities that were named/publicly visible and may or may not even be relevant to us just to respond to inquiries (especially things that were named but mediums on a NIST 90 day timeline but people expected resolved day 0-1).
Indeed, and they've been doing the same thing with projects like jackson-databind. 10s of completely meaningless CVEs issued for each new deserialization gadget that someone finds and gets added to a blacklist designed to protect a known-unsafe use-case (deserializing user input whilst defaultTyping is enabled).
It causes a huge waste of resources on the blue side.
This doesn't work so well for video games. Reviews come out saying its thin on content with a score to match and can kill a game before its had a chance to expand.
Developers have started trying to do this more often lately with mixed results, DICE and Blizzard are high profile examples of this.
Blizzards latest World of Warcraft expansion was heavily criticized for the lack of content on release day and has yet to shake the bad blood even after two big content patches.
DICE tried this with Star Wars Battlefront but couldn't keep fans long enough with the limited maps it released with.
Then they just kept releasing every week for 7 years, and now you have people building CPUs and explaining Apache Kafka with it.
Ostriv is another recent game that comes to mind as having a similar development cycle. Also many F2P MMOs - most of the non-Blizzard online games I know do regular releases that frequently change the game mechanics (often, to a big player uproar) but still keep their userbase. Fortnight and Pokemon Go are two big ones here.
Lots of games come out in early beta now and raise money through sales as they are developed. It is a better model than crowdfunding for games, because you start from a demonstration of competence in game development and you (usually) have direct view into the development process.
While we're on the topic of Factorio, I find that even from a Factorio player's perspective, the OP is good advice. I've wasted so much time trying to build the perfect base and starting over after building myself into a corner, when really I should have just built something that works "right now" and make iterative improvements over time.
Not just videogames, it's also a terrible strategy for something like self-driving cars or medicine, where "Move fast & break things" ends up breaking people.
You are right, but the situations with wow and battlefront are a bit more complex than that. Wow was more due to unfun mechanics and poor reward systems than lack of content (though that was a factor). Also battlefront had a size-able protest due to pricing disagreements. Both of which are dependent on community so as it diminishes it rolls downhill fast.
I'm trying it with my indie game. We'll see it works, but I realized Danger World (https://danger.world) at the end of January this year, and multiplayer is still under active development.
From my experience the issues with this study have been well known for a long time.
A first year Psychology paper I took over 10 years ago was at pains to point out the flaws in the study - not that this was unusual, a good lecturer will critically analyse any scientific study they present.
Perhaps it has more to do with the increasing popular appeal of the study?
Similarly, I was told very early on in my studies that Maslow's hierarchy of needs isn't actually supported by much evidence. And yet I still find it referenced everywhere.
I highly recommend pentesterlab.com.
The Web for Pentester course is a great intro for first timers if you read the PDF and play with the VM
When training newbies I will start with this and get them to play around with google-gruyere.appspot.com.
These are only relevant for web app testing, I haven't been able to find a suitable free resource for network testing but for paid resources OSCP is a great practice course if not pretty challenging for first timers
I'm not sure what in that quote isn't covered in the parent argument. Unless you are suggesting that Apple have never been guilty of following others popular design trends.
You may have had an auth token compromised.
I used a dodgy third party Spotify Connect for Raspberry Pi library and had the same issue. Changing my password and expiring all current auth tokens returned my Discover Weekly back to normal after a month
So is there some library author out there, stealing people's auth tokens and playing German and Portuguese songs on our accounts, cackling to herself with glee, and waiting until we discover (today might be the day!) her utterly-harmless mischief?
As much as I love the notion, I have to conclude that Discover Weekly's mediocrity is just another piece of evidence that the world actually did end in 2012, and ever since, we've been living in a simulation. A simulation where the level of petty annoyance is carefully adjusted to a maximum, remaining ever so slightly within the bounds of believability. (In November 2016, someone spilled coffee on the controls.)
Also explains why Swiftkey (keyboard app) stopped working around that time. They say it's their new deep learning framework that provides superior feedback, I find it pretty useless compared to the old version.
The hype around rapidly increasing values on Pop Vinyls has largely gone, the market seems to have chilled and the reason it hasn't crashed likely to be because of the value attached to the licenses.
The most interesting part of the whole thing I found was the effect valuing sites had on the market (i.e. poppriceguide). They significantly lowered the effort in determining value for existing collectors and attracted a lot of people whole wouldn't normally collect to get into it purely for the profit to be gained. I am not suggesting others wouldn't have been attracted to the market without them but having the data readily available rather than having to trawl eBay completed sales lowered the barrier of entry.
