cat slave diary

Blog

  • Results not typical: Evidence based weight loss

    I am a bit of a science freak. I play experiments with myself to see which things work, and get rid of things that don’t. For example, since becoming diabetic I’ve tested the following things:

    • The effect on my favorite breakfasts on my post meal blood sugar level. It turns out that I can only have minute quantities of any form of sugar, whether fructose from a slice of banana (!) to heaped tablespoons of white sugar on lemon pancakes (not good!). So I’m essentially stuck eating unrefined oat meal for breakfast, with no added sugar or salt.
    • The effect of my favorite drinks. I can’t have OJ any more – it puts me in near-hospitalization blood sugar levels. I’ve settled on drinking essentially nothing but plain old filtered water, mineral (sparkling spring) water, and black coffee. Alcohol was already somewhat denied to me, so I am currently having a dry spell. Pretty bland, but good blood sugar control
    • The effect of my previous day’s food on my fasting blood sugar level. No noticeable effect, so that value comes from my liver’s overnight excess production of blood sugars from probably a decade or more of excess insulin production
    • The effect of exercise on my blood sugars. Excellent results – generally pulls me under 100 in the first hour of exercise, and stays that way for some time.
    • In an on-going experiment, I am currently working on how to avoid my personal hypoglycemia in the late afternoon. For those of you who don’t have diabetes, anything under around 50-60 will give you the shakes. I get that when I’m under about 90-95 as my body is sugar tolerant. The effects of low blood sugar are terrible, and I need to fix it. I am settling on a low GI pick-me-up of a serve of oatmeal with some fruit as chocolate and sugars give me temporary (and fast) relief but a worse low, yoghurt and nuts seem to do nothing, and not doing anything just makes it worse.

    From these ongoing experiments, I now have a relatively stable set of things that work, that don’t suck too much, and I have a bit of wiggle room when I must have something like a carrot cake or ice cream.

    I am starting to get this thing under control – my fasting blood sugars are starting to get closer to the high end of “normal”, and my post-breakfast reading is usually not too bad. For my efforts, I am losing weight even though I am not doing anything in particular but constraining my carbohydrate intake to low GI type foods (salads, meat and other proteins, wheat (brown) breads, oatmeal, and wraps).

    This brings me to my main point – the uselessness of well advised but crap advice. Being seriously overweight (nearly 75 kg – equivalent to the weight of a healthy man of my height) means following a diabetic path along with weight loss is actually incredibly hard. I look at all the things that work for others, and try them out. But I need to find my own special thing that will work for me, for I am in a race with my body to get rid of diabetic symptoms before I get insulin dependent and the host of bad things that can happen, like kidney failure, body parts amputated, and permanent eye damage.

    I expect evidence based medicine to have sorted out what is necessary by now. However, the same old, same old mantra of “eat less, exercise more” is given. And as recently as this last Saturday when the nutritionist balanced a neurotic path telling us to not eat high GI foods, and then said don’t eat things heavy in protein or fat. Folks sticking to this same old same old adage of “eat less and exercise more, you fat lazy b…” have a less than 10% success rate. Placebo is better than that. Everyone loses a little bit and then they gain it all back and then some in no time. I certainly did and no less than 20 times.

    Last week’s New Scientist had a nice little commentary on this exact thing. The author argues that the above mantra to “eat less, exercise more” alone has failed, and was the given received wisdom during a time of massive obesity growth. He calls for more research into things which will do better than placebo and to discard the current approach unless it is part of something that actually works for the majority of folks. I don’t think that is unreasonable at all, especially as I have a 100% failure rate at losing weight. 

    Eat less and exercise more works – if you’re a machine. The folks on Biggest Loser do exactly this, and you know what, they really do lose the weight. But under the relentless eye of sadistic personal trainers, doctors, and nutritionists with gobs of daily exercise and essentially no outside food challenges. You and I can’t do “Biggest Loser” style weight loss without entering full time medical care. The human factor must be included in any solution as well as better nutrition advice beyond “eat less”. Exercise will always be a part of losing weight – there is no escaping it.

    I am surprised that given all the research, the sheer profits that big pharma could make if they had a wonder drug, and that every weight loss program, even Weight Watchers, has “Results Not Typical” disclaimers, that science has yet to come up with answers for folks like me who need to lose more than the average bear. It turns they have, but they don’t enjoy widespread support:

    • Bariatric surgery. This forces you to eat less. It works, but you can still undermine it. There’s no “Results Not Typical” disclaimers with this path. Often seen as the easy way out as you have no choice but to eat less or you’ll throw up. The author beings up “lack of fortitude” in dieters, and obviously this is a failing of more than 90% of us. Bariatric surgery gives you fortitude – you have no choice. 
    • Low fat, high protein carb diets, such as CSIRO Total Well Being Diet are looked down upon by nutritionists. The nutritionist I showed the actual scientific research to essentially dismissed the diet with saying that I should investigate the American Diabetes Organization’s website. Sure enough, they’re still in low fat, low carb land, recommending against the satiety that protein can bring. 
    • High fat, high protein diets, like Atkins. Atkins is the only diet I’ve done where I lost more than 15 kg, essentially through not eating any carbs. I hated the diet as it was a bit monotonous and difficult to do. Worse, it made me feel weird. I now know that this was most likely due to hypoglycemia and if I had been able to measure my blood sugars at that time, I think I would have succeeded.

    As I am not keen on undergoing surgery, I have to keep going on the CSIRO diet. So far, I’ve lost seven kilograms on it since November, and despite really hurting my foot to the extent that I could not go to the gym. This weight loss is approaching the half way point that I lost using Atkins. Unlike Atkins, it’s keeping my blood sugars okay as I’ve been able to work out through experimentation what works and what doesn’t. But I know in my heart of hearts than unless I lose enough to keep diabetes’ ravages at bay, I probably will have no alternative than to go for option number one. I’d rather have a little bit of surgery than to lose my kidneys, eyes or parts of my body. It’s incredibly motivating to keep on going either way.

    I just wish that scientists researching in the field would really get their fingers out of their rectums and work out a way to get better than the placebo effect. Giving advice that provably does not work and will not work for the overwhelming majority of folks, whilst squishing and dismissing alternatives which may work better is simply not evidence based medicine. Nutrition is not pseudo science, like homeopathy – it’s actual science. Nutritionists should have figured out what needed to be done and stopped giving advice that clearly has failed. We deserve better, and before everyone becomes fat and ends up dying of preventable diseases all the while following their stupid and useless advice. 

  • Fresh starts and modest changes: DMZ E-mail Day

    In 2007, I realized I am not particularly good at prioritizing what time I have available. In true geek style, over the Christmas break I looked at all the recent time management fads to ensure I picked the laziest/easiest/geekiest (pick two), and found 43 Folders, which is based upon a slightly older – and dead tree form fad – Getting Things Done (GTD). The only downside to this particular fad is the fan boys are positively frothing at the mouth, which is what scared me off Python and Ruby on Rails. Rabid adherence is never a good sign. However, the things they want you to do are pretty simple, which is what attracts me to it.

    43 Folders is a bit structured for this unstructured procrastinator. With procrastination, it’s not about “doing X now, but sometime in the future”. As any true procrastinator knows, there is an infinite range of substitute activities instead of “doing X now”. So don’t think I’m lazy, for I’m not. I just don’t achieve as much of the things I actually care about as I want. And with married life and a new daughter in a new country, the time I have available is dramatically reduced to when I was a bachelor cat slave back in Melbourne.

    So far, I’ve:

    • Cancel Something I’m no longer on the OWASP Board. I have totally given up the idea of writing another book for a while. I’m seriously thinking about giving up updating the next edition of the OWASP Guide as it’s just as much work (if not more) than writing a 300+ page book from scratch
    • Replace a Project. I’ve picked a few things I love doing, and I’m going to find ways to do these first instead of things which interest me less. Obviously, family time comes first, but in what time I have remaining, my life should be fun and enjoyable. There’s no point in busting a gut to do something I don’t really enjoy. I’ve still yet to really do the maths to work out what makes me happiest, but once I do it, there will be a few more departures
    • Time to declare DMZ E-mail Day (again)

    So today, it’s DMZ E-mail Day on my renewed quest for Inbox Zero. I’ve archived all my work and personal e-mail for 2007. If you haven’t got a response from me for something, it’s time to re-send. 

  • Sayonara 2007, Konnichiwa 2008

    It’s that time of the year again. In my previous list, it turned out I did some of the things I said I would, and a lot more besides.

    In 2008, my desires are:

    • Be a good dad to Mackenzie my gorgeous daughter, and a wonderful (hopefully less chubby) hubby to Tanya, my beautiful wife
    • Lose some weight and mean it this time. What New Year’s Resolution is complete without this one?
    • Finish at least one piece of first class research in the web app sec field

    Although my time will now necessarily be limited out of hours, I think it’s better to complete one or two really good ground breaking ideas than to spurt the same old, same old things over and over again. I think many of you know what I’m currently researching, and I hope to finish that by the end of the year.

  • Video of Mackenzie

    Enjoy!

  • Reaching for the high hanging fruit

    My current research is mainframe security as it applies to web applications. This is where the high hanging fruit (the golden apples) lie. If you can

    a) fake or bypass authentication
    b) fake or bypass authorization
    c) spoof logging or otherwise destroy accountability
    d) interact directly or indirectly with a deeply nested service of value
    e) manipulate data to violate integrity (creation, update or delete)
    f) view data (read)

    you are most likely to pwn the high hanging fruit. It’s actually amazing to me how LITTLE information is available on securing this stuff, and how often products which are marketed as “enterprise ready” and “secure” are actually not worth running a faulty bidet let alone left in charge of multi-trillion dollar a day roles.

    Then there’s the dumb architectures which often use clear text protocols, unauthenticated transfers (often using ftp or worse), batches with no integrity and no accountability controls, and so on. This field is amazing that no one has taken the time to really learn how to do it properly. It is not 1969 any more. The days when the data center was guarded and that’s how the punch cards arrived and the tapes left no longer apply.

    However, there’s a few protocols and common transports which need some help first. I’m going to blog on those in the near term future.

  • What a week!

    After the emergency caesarian, Tanya needed me quite a bit, so I ended up staying in the hospital with her until Friday. The rooms in the MCU are nice, but the fold out arm chairs which become a bed for the odd stay here and there are not so good for my back. Things were a bit strange as we didn’t have Mackenzie in the room with us, but down at the NICU where she was being closely monitored.Mackenzie was a little irritable in the first few days, but in the end, she didn’t need any medicine to help her over the meds that Tanya had to take to make it through the pregnancy.I had my diabetic nurse appointment at 9 am, so the commute two floors down was pretty easy. It turns out I have type 2 diabetes, which is not so good, but the prognosis is good if I can lose the weight, which should also help the high blood pressure and the sleep apnea. We talked about a bunch of stuff, but the main thing is behavior modification, along with diet and exercise changes. I have way more to learn about living with diabetes, including learning to live with pricking my finger four times a day.However, during the diabetic appointment I started having the sniffles, and soon enough it’s turned into quite the rotten cold. I’ve been unwell now for a number of days, which is no good when all I really want to do is hold Mackenzie. I still feel a bit disconnected from it all as we didn’t have her in the room, and because of the cold, I really haven’t had a lot of opportunities to bond with her beyond a feed here or there.

  • We’re fully baked! Welcome to Mackenzie Lynne van der Stock

    What a week!

    Today, we came in for a nice ultrasound with the in-laws so they can see, and maybe beg our obgyn for an earlier inducement. We sort of got what we wanted, and then some! We never made it to the obgyn appointment as things had moved on!

    In a whirlwind, it turned from being low on amniotic fluid to immediate inducement followed by lots of pain then to much earlier than expected epidural to … well, let’s just say a lot of folks rushed in and thirty minutes later we are the proud parents ofMackenzie Lynne van der Stock!


    family-portrait.jpg

    Awesome! She might have come a little early (38 weeks), but that’s not a day too soon for Tanya, who has had a very difficult pregnancy.

    Mackenzie weighed 2.75 kg (about 6 lbs 1 oz after conversion – even the US folks measure in metric for babies now!) and is 50 cms long today.It’s been very exhausting and I’m using a tiny connection to the Internet via my mobile phone, so things will have to wait until tomorrow. We have photos and movies.

    UPDATE: Photos here:

    http://picasaweb.google.com/vanderaj/Mackenzie/

  • Another year draws to a close

    Well, I’ve been extraordinarily busy this year. Far too busy to do much beyond scratch myself. I feel bad as I:

    • Didn’t end up writing a book, much to my wife’s relief
    • Failed to blog as much as I wanted to, particularly on the layer 7, 8 and 9 issues such as business logic flaws that I love so much
    • Left the OWASP Board without achieving anything major organizationally in the last twelve months. I never intended to stay on the board forever, but I achieved far less than I could have in the time I had, such as adopting a proper Foundation / Core / Leaders
    • Failed to release any new releases of UltimaBB through complete inactivity
    • Failed to lose any weight. In fact, I put on 15 kg since arriving in the USA, the single largest one year bump ever
    • Failed to work on the OWASP Guide (much)
    • Failed to improve my (weak) Japanese or learn Spanish even though that would be handy as you hear it so much here. My iPod is bursting at the seams with hundreds of Japanese and Spanish lessons, and I’ve listened to like five episodes all up

    Listing it out like this, it’s like 2007 was a big fat failure. But that’s not entirely true:

    • Moved to the USA and settled down. This doesn’t sound like much, but only if you’ve never moved country.
    • Made a baby with my lovely wife. Our daughter is coming real soon now – we’ve had several close calls and she can’t wait to get out by the looks of things
    • Saw about 25 of the 58 possible states*. The USA is awesome. I’ve been from Miami to Boston, from NYC to LA, and it’s so totally different and yet familiar. I can’t wait to see more.
    • Got the job of a lifetime. The guys at Aspect are everything I thought they’d be and more. It’s a wonderful work environment with great people at the top, funny co-workers, and the work is challenging and varied, which is just up my alley.
    • Lead Author and Editor of the Top 10 2007. That was a huge undertaking – incorporating all the other folks efforts. I’m glad it’s out there
    • With my OWASP and Aspect hats on, worked on the SANS GSSP for Java with a bunch of other folks. We need certifications to get rid of the unqualified cowboys from our field. I am reasonably certain that multiple choice exams are NOT the way to do this, but it’s not likely my way (a master’s like dissertation or practical project) would fly
    • Worked on the SANS Top 20 again (and got Jeremiah in on the act – he updated the first draft this year – much kudos to him!)
    • Got the XMB folks back up on their feet with a dynamic set of programmers… which sort of took the wind out of UltimaBB, but that’s okay. XMB deserves all the success in the world after so many years of being effectively mismanaged
    • Worked on researching mainframe security for web apps, which seems a total blank slate, yet vital to the world’s financial industry.

    So next year, I plan to revisit some of my favorite themes, but I will only blog once in a blue moon by design. The blog entries will be farther apart, but I plan to make them content rich. Many of them will be previews for new OWASP research. In the meantime, I’m sure my life is about to completely change by a small 3 to 4 kg baby girl. We’ll see what happens next year!

    * I say 58 not because I’m geographically challenged, just that Australia is the 51st through 58th (puppet) states. We’ll see if the new PM is a bit more independent or whether we trade one colonial master we ignore for another

  • Australia has a new government! Yay for democracy!

    The old guard has been thrown out. In true Australian style, if you stick it to the battler, attacking and destroying the very fundament of Australian society – “a fair go”, you’re out. And the Australian people have spoken, and it looks like soon to be ex-PM John Howard may even lose his seat. It couldn’t happen to a nicer person so out of touch with the modern day reality. The 1950’s were a long time ago, and we needed a modern government for these last twelve years, not someone who denied climate change despite a 9 year drought right in front of our very eyes. We needed someone who does not think that economic growth is more important than society itself. The Montgomery Burns world view simply does not work.

    Good luck to Kevin Rudd. It’ll be awesome to have a Prime Minister who can speak two languages for once. As an ex-diplomat, I wonder if he has the cojones necessary to stand up to the Unions so it doesn’t go too far the other way. Whitlam lost that battle, and that was a worse disaster than even Howard, even though his heart was in the right place and most of his policies (free tertiary education for all, free health care for all) made him one of Australia’s best Prime Ministers, and a legacy that to this day is unsurpassed in Australian history.

    I only wish I wasn’t disenfranchised at the moment by being in the USA. I missed out voting entirely as we’re now off the electoral roll. In the future, I can’t say to my daughter that I had a hand in getting rid of one of Australia’s worst ever governments, one which let power go to its head and conduct ideology experiments on an unwilling public. Oh well.

    Let’s hope that if Rudd gets power in both houses, or at least Greens as the balance of power, the same thing that happened to Howard’s government doesn’t happen to the Labor party.

  • Two new OWASP Board members

    As it’s nearly time for Tanya and I to welcome our first (and probably only) child into this world, it’s time to simplify my life. To that end, I am no longer on the OWASP Board, and OWASP has selected two new board members: Tom Brennan and Sebastian Deleersnyder.  This takes effect pretty much immediately. 

    This is a great fit for OWASP – two very active community members, and widens the Board membership to another member from the EU as well as the leader of the busiest OWASP chapter of them all.  

    Over the next few weeks, I’m probably going to simplify my life even further as I have no idea how much time (or little) I will have for out of hours pursuits. 

    Anyway, I welcome Tom and Seba to the Board, where I am sure they will do great things for OWASP.