Just for the record, I gave you the benefit, and no results. You sound like a crazy person, and should stop posting content-free comments on public sites.

I assume you had a point, but given that you are a crazy person, it must have been as valid as Nick Cage's hair.

That seems low in my neighborhood. It seems like most people under 30 have one. It also seems to be a requirement to work in food service or graphic design.

I guess you are a representative sample, and the people charged with acquiring such data are wrong.

I don't get this at all. Is this because military men used to be the group that mainly had tattoos? If so, is the author telling us that he/she never knew that many people who served?

Have I ever seen my uncle's tattoos? No, because he covered up his arms because he was in the minority and didn't want to explain his tattoos to family. Knowing people who served, and seeing tattoos, are not mutually exclusive.

You sound particularly ignorant, and I'm only observing this because it is a fact, not to emasculate you in a public forum. Please, consider that you are not the only person who has ever lived, and the people you know are not analogous to the people that other people know.

1) Be inspired by Bible
2) Get tattoo
3) Read the rest of the chapter
4) Feel bad for having said tattoo
5) Get mocked by everyone, ever
6) Butthurt
7) Like the butthurt
8) Go over to the dark side

Wait, what were you intending to insinuate? Or inseminate? Whichever is the right word?

Order Of Operations matters, that's my point, in case you were going to ask.

OOO.

Pronounce it like this: "A secretly gay but outwardly homophobic recipient of anal intercourse."

The NYPost link was basically an afterthought, and that is important information. Also, I would not have clicked on the afterthought had you not brought it to my attention. Turns out, it was the beverage.

Are you a shill for the Post, trying to get more clicks?

Because there are no edits, I'm going to ask for a citation. For the record. Otherwise, AC can fuck right the shite off.

It is generally believed

by whom? Citation needed.

Can anyone explain

Relative to the limits of your understanding, yes. Otherwise, I suppose you should ask the European Space Agency, because it would seem that they are, as of now, the experts in such questions.

Free Windows upgrade for testing sounds like barter system. If you want to provide feedback, you will sign on. If not, you won't. If you get paid to test, then don't participate.

Are you going for insightful? Or interesting? Or maybe informative?

Glad to know that you are not part of the ecosystem involved, based on your answer, so, and I say this with the utmost respect because I have no other basis to tear you a new aresehole, fuck off and die please for the betterment of humanity.

Microsoft's Gabe Aul confirmed this method on Twitter yesterday as part of a new blog post detailing some new changes to the way the company tests Windows 10. "As long as you are running an Insider Preview build and connected with the MSA (Microsoft Account) you used to register, you will receive the Windows 10 final release build and remain activated," says Aul

Who the fuck cares about Facebook?

All of the people who use it. And that's a lot of people. Let them do whatever they want? That affects a lot of people. Fail to sound the alarm? Then how do you differentiate you vs. the enemy?

Knowing, but not warning, that makes you feel superior? What about knowing and warning?

I say tell everyone you know, and let them decide. I would prefer to let them wrestle in Jell-O, but time is short and I have other priorities.

But if you have links to Jell-O wrestling where this is a solved problem, do share.

DotSlash does not attempt to conflate user with identity. So unless I see the exact same thing on BookFace, which I won't since I don't use it, you are noise.

If you intended to make a point, you are logically impaired and you should try again.

A coworker got infected by visiting a reputable programming reference site. He didn't know, and virus scan didn't pick it up. Other employees did get detected malware from the same site, so the security folks examined everyone who visited the site, and detected an anomaly.

Our security settings do not allow us to disable scripting in Internet Explorer, which is the only allowed browser. Nor Flash, because it's needed for training.

This is not hypothetical, and security best practice does not solve the problem. Because best practice should be to only enable scripting when absolutely needed, and that should be never.

I realize web 2.0 has a lot to offer, and I have no issues enabling worthwhile content. Slideshows no. Loading chrome and doing everything else by script no. Crapping out a bunch of absolutely positioned DIVs and fixing up the UI with script, no. But only your site, no advert business, nothing external.

There's a NOSCRIPT option for a reason, and your server should be able to inject a dynamic IMG SRC in that section unless you really don't deserve advertising money.

For the same reason I do - to yell at stupid people? Because there's not really much else to offer.

Some of us are exceptional, however. Your name is missing an 'r' and you left your end anchor just dangling out there, so...

Are you refuting any of these claims?

#1: Corporate policy on open source is extremely difficult, mostly based on the legal teams who have to approve not being familiar with the idea, terms, language, or really any part of it. "This opens us to risk," they say, and the initiative is killed.

#2:

When asked about how well their organizations control which open-source components are used in software development projects, 24 percent did say, "We're completely locked down: We can only use approved components." However, 44 percent answered, "Yes, we have some corporate standards, but they aren't enforced," and 32 percent said, "There are no standards. Each developer of team chooses the components that are the best for their project."

When asked about whether their company's open-source policy addressed security vulnerabilities, 24 percent answered, "We must prove that we are not using components with known vulnerabilities." But the remainder of the respondents indicated a weaker effort on security, saying they simply had a policy to avoid known vulnerabilities or their policy does not address security vulnerabilities.

#3 and #4, pretty much what this article is about.

Wouldn't you want people to be aware of these potential issues and avoid them? You can't avoid problems that you don't know about. And finally, you have 4 examples. I'd like to know how many articles they published in the interim, and why you didn't include any information on them.

What's the flaw? That an organization is not earning enough cash flow or pathos to fix critical flaws in their product?

Or that people choose reusable components poorly?

Or that humans are humans? I suppose that kind of is a flaw, unless you assume from the start that that's kind of true, but if you don't then isn't the flaw on the ignorant?

Or that you are mixing some sort of political statement with asking people to stop whining? Because no matter your politics, someone is either going to whine or feel so unsafe doing so that, while unhappy, they don't.

Why don't you collect your thoughts and try again?

Wait, what?

If you write code, part of the documentation before you start should be a "risks" statement, where you state that a dependency on X external, third party library, exists, and that any vulnerability could cause issues in your application. Also, that substantial upgrades to the library interface will affect maintainability if any interfaces are changed, or are deprecated.

When someone throws a pile of libraries at a problem, that risk statement gets lengthy.

Rewriting from scratch is not the best solution when you use a robust, mature library like zlib. They had vulnerabilities, fixed them, and upgrading was no chore.

Management loves risk statements, because they hate risk and want to know where they are exposed. Written correctly, the risk will analyze the maturity of the library and the guarantee that it makes.

Kernel calls in Linux are not guaranteed to break ABI, but some things in Linux do have a level of guarantee. And as much as I hate to say it, COM/ATL interfaces where you can choose which version of the interface to use, but it can be patched behind the scenes - which turned into the idea of a "service contract" that can't be broken.

Your problem isn't with using external libraries, it's using ones without service contracts, or immature ones. And you're reacting by throwing out the baby, bathwater, bathtub, house, plumbing infrastructure, and electrical grid.

You can put a stop to that shit by explaining what a contract is (management should be familiar) and what happens when it breaks. And things diverge, since the answer isn't "lawsuit them to death." Now you research the maturity level of each library, starting with the ones you hate, and make a case for removing some of them.