Dan is talking about paying money as a routine, like a salary. The security exploit pay is like a reward, you don't get paid for the effort, anybody can make the effort but only 1% of the people who would try are capable of finding a real security hole. The effect doesn't apply.

20% of school leavers in the UK are functionally illiterate

You mean graduates?

I can't stand self righteous a**holes like you... you'd be the first to complain about your ad free cable costing $500/month

Actually I think your specialty, if you do get the prize money, will be subtraction (from the pool of money). No adding will occur at all.

If you had anything to do with this setup you should be shot, you've broken two fundamental rules for developers.

1. You've taken away their root access to their own boxes?
That's like taking away a construction worker's toolbox and handing them a hammer and a screw driver because it's "all they'll ever need". I'm a web developer, I need to test my stuff in upcoming betas, testing your web stuff AFTER the browser has launched is too late, because users willl already have it.

2. You're running a browser so f#$%ing old, it makes IE8 look good (or at least, not so bad).
That's great for testing, but for developing, you're either; evil, naive or both.

Funny, but on a more serious note, during the time of the Bible, people had no way to access the oceans depths needed to reach lobster, shrimp and crab (ok, there are some land crabs). So anything they could access in the upper parts of the water with a net, that didn't have scales & fins were unsafe to eat (ex: jellyfish).

You do realize the DS outsold the iPhone & Android put together? Why would N bother copying a loser, in regards to gaming sales?

Teenagers are really really stupid.

You do know many spam/exploit bots use your robots file to look for admin logins or sensitive info. Just because the browser agent was the same as Google doesn't mean it really was, you have to check the agent's IP to be reasonably sure it's legit. Considering that Google even says they have previously only indexed sites every 10 days, it's much more likely you have 3 Google indexes and 29 exploit scans.

Just one sip of this magic elixir will invigorate, exacerbate, collaborate, and dilate every muscle in your body. An old man will feel young, a young man will feel wise! I didn't know it was the 1800s all over again.

Make it a misdemeanor criminal case. Download a movie and get the same first warning / week in jail plus a $100 or so fine that you would get for physically stealing the movie from Best Buy.

Of course, since in this country most crimes are defined at the state level, this wouldn't really work.

On a tangent, and a somewhat interesting experience I had...

In 1992 I saved up enough allowance to buy a Sound Blaster, my first sound card. After I made my AUTOEXEC changes I tried out my favorite game of the time, Space Quest 4. What I experience was this annoying ringing that made me stop the game, quit, tweak the settings, reboot and start the game again. This went on a few times until almost an hour had passed.

Then out of defeat I started the game and didn't quit it, only to discover the annoying ring was the beginning of the soundtrack. Mind you, it's an MIDI instrument to the sound isn't as annoying on better sound cards, but on a SB it was pretty annoying, check it out for yourself:

http://www.youtube.com/watch?v=EKE4YExWcy8

Sounds like you want your appeal to be hired to rest on how many boy scout badges you got. The reason you are treated so well is because you have management that understands what makes a good programmer, and then rewards them accordingly. So no, you should get brownie points for having a degree, they prefer skilled people who have proven their ability to do the job they were hired for.

It doesn't work for either institution, but they sell it like it does anyways.

I'm starting to really think that we're making a mistake putting full-fledged computers in everything we build. They allow for an amazing array of features, but it makes fully understanding our machines much more difficult. Security problems like this one are inevitable.

A dumb analog xerox machine is pretty easy to understand, and one that runs on a microcontroller and a few KB of ram (if that) isn't much harder. But who but the most dedicated hacker has any real idea about what is going on inside a modern Xerox. It *might* not have any undocumented "features," but you have no way of knowing. Security has gone from being a matter of applied common sense to involving a large amount of blind trust in these manufacturers.

It's a symptom of a larger issue though. We're rapidly getting away from having a society where a well educated and technically minded person can understand the actual inner workings of the technology they interact with every day. The tradeoff might be worth it, I'm not a luddite. But we should remember that we are entering into a new kind of relationship with our machines,