could be copied and hosted elsewhere, how could Adobe reasonably claim to have corrected the vulnerability at all?

Think of it the same as if GCC had a bug that caused it to generate machine language code containing a vulnerability, when you were compiling a project. The bug was fixed, but all binaries previously compiled are vulnerable until rebuilt using a version of the compiler after the bugfix was made.

The vulnerability is a same-origin policy violation affecting only the site that hosts the SWF file; I guess it's not a RCE or other vulnerability in the Flash player itself; the binary code placed into the SWF file is executed faithfully, but in fact there's an issue in the particular bytecodes that were being generated when you compiled your project, so the compiled SWF file contained the vulnerability when correctly interpreted by the Flash player, if that makes sense.

It's up to them if they think it is acceptable to host that kind of thing in a public repo, or if they think it creates a bad impression because for them.

Not really.... legally, yes. Just in the same way, that your landlord could kick you out of the apartment, because he doesn't like the color of your bedsheets visible from outside your open window, or a web hosting provider can shutdown your site, because you posted a recipe for making something that calls for sugar, and the CXO finds sugar-laden foods offensive.

These are legally possibilities, but widely considered an overreach / improper behavior on the part of the service provider. Which could very much come back to haunt the provider and have negative consequences.

I would point out that Github has had plenty of time to act, if they intend to commit that overreach, and yet the project's still online, huh.

In a couple months it will probably fade into obscurity, and we'll have forgotten it ever existed ---- noone dare use the library in their serious project now.

I tried to visit that website.... alamobroadband.com, but my endpoint security software indicates that site is unsafe and contains malware.

Anyways.... the $50/mo minimum is just about what a small ISP would need to charge; however 2Mbps down/1 Up is hardly any better than T1 speeds.... that would be no good

Honesty.... who looks up random projects on the internet they don't like and then tries to build a 'shit' list of employees they have prejudged to advise not to hire? It sounds like agenda-driven hiring, or attempts to conform hires to your personal view of the world, rather than good judgement on what is best for the employer.

The joke project is not egregious. If the applicant has the good judgement to not bring it up, and not conduct such things in the workplace or professional settings, then it should be ignored, And I would not want to hire or promote any staff member to reviewing resumes who would be so petty.

It is not a crime, but it does indicate an attitude which makes me believe that a person who revels in such behavior will make a poor team player.

This appears to be a fundamental attribution error on your part. Their commits do not demonstrate for sure any basic attitude; you thus attributed apparent action to attitudes which do not necessarily exist. The only thing we really know here is they participated in a personal capacity in a non-professional setting on a project containing some sort of joke that someone else deemed as violating some current or past social taboo, And, possibly they might have made the mistake of failing to use a separate private or semi-private pseudonym while doing so.

I would infer that that persons 'sense of humor' and attitudes would make it difficult for them to integrate into a team of mixed genders, religious beliefs, and moral attitudes.

This appears to be a rush to judgement for your part, but there actually is not enough information to appropriately judge. One example of an instance of someone's personal sense of humor does not say how they will (or would not) integrate into a team.

I sure wouldn't want to hire you as a referee for resumes, or as a judge in general. The guilty verdict would come down, before the defendant even got to made their case repudiating all the apparent "evidence" from the prosecution.

While i agree that the world should not have to make itself safe for overly sensitive people, does anyone really think a project named "DICSS" is remotely professional

I don't know.... Based on the article description, you would think there were explicit references to genitalia and something much more offensive than just naming some operators inspired by human anatomy and using words that could be interpreted with dual meaning, such as "Finally, Sass has some _stiff_ competition".

I would describe the level of supposed 'unprofessionalism' as greatly exaggerated. Apparently they are treading near historic religious and victorian-era taboos still represented in describing functions of the human body, or it's seen as taboo, because they made it into an obvious joke, and it's seen as uncouth to make any kind of reference to bodily functions as a joke, but if they left out 3 or 4 lines from the README, then nobody would have ever noticed.

This project is 100 lines of Javascript.... I don't see an issue with naming a method "putIn" and "pullOut", in regards to pushing or removing CSS code.... I think even basing a Class/Object metaphor on human body parts would be fine.

inclination would be to just ignore the implicit jokes. There doesn't seem to be anything actually overt or sexually explicit in there, now does there?

Racism is ok outside of the workplace? Thought not...

The workplace is a special situation where people's freedoms and rights are heavily restricted, and some conformist norms are imposed upon them, greatly limiting what actions and speech they are allowed, as people in a workplace are expected to behave in a "professional" prim-and-proper manner while they are present in a workplace, to promote productivity, successful business, and productive worker-coworker relationships within the environment.

The same constraints generally exist with employee-customer relationships outside the workplace and employer functions, But when the employee is off the clock and not representing the boss --- they can go to the bar and get drunk.

So long as they don't break any laws and get arrested or otherwise make themselves into a figure of infamy among the public or their coworkers/business associates, outside the workplace people can do pretty much what they like, without affecting their employment or business arrangements required to support themselves or their family.

Racial discrimination is not okay, period, but racially prejudiced comments would be possible in a personal code project, and such speech would fall under 1st amendment protection and free speech.

Such comments would presumably reflect their beliefs, and they might as well make those comments. That way other people have a chance to embrace the matter of fairly rebutting the comments using rational arguments, to help persuade the person the error of their ways.

On the other hand, if they didn't make the comments: they are likely still feeling the same way, and noone sees the need or does the work to help reject the comments and let everyone learn what some racist people are thinking exactly and help make sure everyone understands that the particular thinking is wrong.

Said "ANYTHING I consider to be offensive is sexual harassment."

Just because a woman says it is so does not mean it is. Sexual harassment has a specific definition.

And she is doing women a disservice by trying to argue that frivolous offenses would be harassment. This kind of abusive behavior on the part of some women could ultimately lead into many claims of harassment being rejected, even when harassment claim was actually legitimate

There is no right to create a hostile working environment for women.

Someone's personal non-employer-owned git repo on the internet is not a working environment.

It's only a working environment if you pull the code into a professional software development project and then incrorporate the inappropriate comments into a codebase where both yourself and coworkers or employers have access to it as part of the working arrangement.

Or, maybe you could just be a little bit professional and don't use software projects to make jokes about anyone's anatomy.

Not all software projects are professional ones. There are projects "just for fun", as well. I think that's where this project lies.

Nobody should use it as-is for a professional project.

If you want to do that, then fork it first and clean out the inappropriate comments.

Quantum crypto. Isn't of much use to the industry.... compared to say....... getting 100 Terabits of second worth of data down a single fiber optic cable.

They can keep their big business buyers happy by distributing an exclusive 500k file under Non-Disclosure Agreement they will run pre-imaging to unlock their BIOS for the desired OS.

As for a compromised OS bricking the system? Well, that's probably actually a good thing for most people. Much better than their bank account getting siphoned.

Secureboot is not and never was a hinderance to the bad guys. Once malicious code is run; secureboot can be defeated. It's security theatre.

I'm not making any point on whether or not you should or shouldn't use 1and1 for DNS registration in general. I'm just affirming that the above post's promo "$0.99 for the first year" is not a great reason to register with 1and1. Looks like a promotional trap, where they bet you'll not take the time and effort to chase the next promo Similar to a line of credit with 0% interest on purchases for 12 months and then 30% normal.

Assuming no grace periods. Is that CC a better deal than a 8% credit card? Sure, as long as you end the relationship when the promo runs out.

Domain registrars are basically selling a commodity, and for the most part the experience is comparable across registrars, but there are some that are really great (Especially for large numbers of domains), and there are some that really suck.

If you avoid the lower end of the spectrum, then there's really not much worth paying for more than market value on a commodity domain. At the high-end registry lock features may be worth it, but the average consumer doesn't want to pay an extra $200 a year per domain for a registry level lock and special security features.

gOh wow, a whole $15 difference for 10 years. Big whoop.

No. It's a $4 difference per year, with a -$10 difference for the first year.
Over 10 years it's a $40 difference, less the original discount. Imagine if you 5 domains, then it's a 40 * 5 = $200 difference over 10 years.

Beyond 10 years: we cannot assume the different remains the same. But you can see pretty clearly the 1st year discounted is designed to bait customers into their service, and their normal pricing is not highly competitive.

Maybe in 6 years domain names will only be $5.99/year for renewal and then you screwed yourself!\

This is not happening for .com or .net domains, in fact... VeriSign has made it somewhat apparent through their pattern of behavior that they are raising registry prices the maximum amount that their contract allows them to do without justification, which is about a 10% annual price increase every 2 out of 3 years.

Due to the ICANN settlement over Site Finder fiasco; they are essentially guaranteed that their contract as registry operator will renew perpetually.

The .Com and the .Net TLDs are the least expensive, and other TLDs are basically considered "premium", so they take their pricing cues from what .com and .net pricing are.