How is that an insult? As a coder (software engineer/developer/whatever) myself I'm always glad when people point out things in my systems that can be improved. The possibility of someone hiring someone else to improve them for me, that'd make me ecstatic. This isn't about egos, this is about getting stuff done right.

Seems easier to setup a porn website to serve malware than a sports one. Not much need for coherence of content in porn, just random pictures/videos of naked people; plus, it really catches the eye.

I don't know who modded you interesting but they're wrong and so are you. My buying a product from a store appearing as a first result makes you wrong, along with plenty of other people quite probably. I'm not saying that I selected a store based on its position in the results, but the first-result shop carried the product I wanted and I didn't have to look any further.

I'm not defending all the SEO ball-busting spammers and pseudo-experts (not by a long shot), but it's reasonable to expect that making a website friendly to search engines will make it easier to find and get you more visitors and customers.

I'd say that since half of the subject of this discussion is about SQL injection, the webapps in question are axiomatically buggy.

I'm not sure to which line of thinking you're referring, both myself and the GP just posted a technical remark each. Also (to my great joy and surprise) no-one is blaming Google (at least not yet) and rightly so.

As for the back-end countermeasures you described, you are of course spot on, however it's safe to assume that if you're vulnerable to something as trivial and mundane as SQL injection, you won't have the required foresight to setup and use different DB roles, each with the absolutely least privs for the queries you expect to perform through them.

That doesn't really have much to do with anything, a lot of DB connection/query libraries allow stacked queries to be performed (i.e. more than one queries, separated by ';') so by appending your own SQL query (say, a DELETE one) via a vulnerable input you can still do plenty of damage, even via a GET method.

TFA isn't newsworthy in my opinion, this has been known for a while now.

If you don't want people to grab the banner of the services you've made publicly accessible, it may be a good idea to keep them private.

Initiating human extinction protocol in 5...4...3...2..

I don't get turned on if the girl has no sense of humor, we better filter comedic content too.

No, I think this could be the kind of vulgarity that some people wouldn't want to tolerate. And I obviously don't know all women but I do know some women and the ones I know would have ripped Linus' a new one in a right-back-at-you witty retort as would be the appropriate response to such a comment -- or just not care at all and write it off as a blunt dude just being blunt. And the same can be said for most of the men I know too btw, I don't see anatomy having anything to do with the situation.

I didn't say you have to be a jerk when rejecting code but the parent seems to have extraordinarily thin skin and a perception that OSS communities are run by a bunch of assholes -- which has been the complete opposite in my experience. So, it might be better for him to ease up on the transition and first get a feel for the project he'd like to contribute before jumping in. And yeah, you can reject code and hurt feelings, you can be the most polite and kind person, but they other party's feelings can still get hurt. I've had completely inexperienced people send me code that had syntax errors in it (wouldn't even get loaded by the interpreter) and who then acted out when I politely told them that I couldn't accept their contribution.

If there was a decline in quality or they needed extra talent I'm sure that they'd probably reassess but that doesn't seem to be the case. Like so many others have said, he only gets rough on people he knows and who should really have known better. And as a project lead myself (tiny team, tiny project compared to the Linux kernel), what about the lead's stress? I've had to deal with users being profoundly (let's be kind) dense and completely unable to focus on the most in-your-face things but I take a few deep breaths and calm down before I reply because they're users, they don't/shouldn't know better, it's not their job and it's their first time using my system. But if a long-time contributor who should really have known better pushed code that broke something, then that dude's gonna have it. And, do keep in mind, we've seen some mild and public outbursts from the guy who is managing this huge freaking project, compared to what goes on in private on similarly sized organizations, I'm willing to bet that Linux will come off as the mild mannered one.

None of this matters though since the Linux kernel is flourishing, there simply isn't a problem to fix.

What's up with the assumption that women are delicate little flowers that need to be protected because they can't handle...anything? Seems to me like your POV is a bigger problem.

Well, of course I do, but this has nothing to do with the subject at hand. We're talking about that particular dude, and at most, he decorates his (quite extensive) technical critiques of other's people sloppiness with very colorful epithets (of the harsh type but still). And more importantly, he does that when he communicates with people he's worked with for years and with whom he's got a relationship that can carry that sort of tone. My following remark will invariably offend you, but, having some outsider coming to me and telling me how to talk to someone I've been working with for years (and with whom I've built a level of trust), well, that's the asshole.

So I should accept (and not comment on) your probably buggy and non-optimized code in my project to not hurt your feelings? You can contribute, just not in areas in which you're not qualified, however you can test and provide feedback (both very important aspects) and hang around to learn the craft and the project and then start sending patches.