How critical is the bug for the particular server? That will vary. For example, my little mail server is running CentOS 4, and does not have the HeartBeat "enhancement" because the updates to that particular distribution stopped before that little throb was introduced. (Sometimes is pays to stay away from the "bleeding edge" of progress!) Yes, it's time to upgrade, but I'm taking my time and doing it slow, because I want to use CentOS 7 when it's released. I'm replacing hardware, too, and I'm testing that hardware before I place all my marbles there. (Not that it matters much.)

Also, I have SSH locked down to specific IP address, no Web service of any kind -- indeed, it's a "mostly closed" system with public-facing holes only for SSH (limited by tcpwrappers), SMTP (not SMTPS or SUBMISSION), DOMAIN (severely rate-limited and with blocks for ANY), NTP, and TRACEROUTE. This effectively blocks any access to heartbleed.

When the first alerts came out, the first thing I did was run the web-based exploit detectors. They didn't get through. At that time, I reviewed the services not blocked by the firewall, and to the best of my knowledge, none of the services I list above use the Secure Shell library. So I satisfied myself that my mail server was tight.

Everything else on my network is behind the same firewall, using NAT to gain access to the outside world. There is no open path to my desktop computers or internal-only servers.

I'm very much of the school "if it ain't broke, don't fix it in a hurry." In my case, I'm rebuilding servers (some celebrating 10 years of service or more) with the latest proven software one at a time, with the mail server being last in the chain. I'm replacing hardware as well as software, one by one. (I'm probably going to update the old hardware so I have standbys if the new hardware experiences infant mortality, but that's a detail.)

So, in come cases carefully researched, there isn't any need to take action against Heartbleed, because the exploits are blocked upstream.

Remember when we had a Debian system on the biosciences mission? They scrubbed the whole mission after they were already in space due to a fuel-cell issue that I think turned out to be a faulty sensor, and flew the entire mission a second time.

Secret from the general populace: yes. Secret from large corporations and lobby groups: hell no.

I'm not sure whether you've ever tried influencing a non-binding agreement that was reached in diplomatic circles and which supposedly still needs to be ratified by politicians in public. I can tell you that by the time a completely negotiated deal ends up in a parliament, senate or council of ministers, there is an enormous amount of political pressure to approve it because of all of the efforts that went into negotiating that text. At that point, the negotiating parties have basically all said "yes, we agree with this and are willing to defend this text before our national politicians", and a very much used argument (that also carries a lot of weight) is then "we don't want to seem unreliable to our negotiation partners".

Sure, they may sometimes make a little bit of fuss about small details to "demonstrate" they're not just rubberstamping it, but actually completely changing positions on a matter of substance almost never happens (unless there is a huge public outcry, or a very big business interest). And even if that happens, it means all those negotiations were largely for nothing, which could have been solved by having more transparency in the first place.

With regard to this, one helpful thing in the ruling is that the Court says that old and ubiquitous technologies don't count when judging if an abstract concept has been transformed into a patentable application of said abstract concept.

(Patent lawyers are up in arms about this, complaining that the Court has "mixed up article 101 (subject matter) with articles 102 (prior art) and 103 (obviousness)". To get more patents, they want to reduce the "abstract ideas" exception to a theoretical concept that only happens inside people's brains any patent application can pass.)

So Timothy's right (as usual), but still, at least we have the Justices acknowledging that algorithms shouldn't be patentable, and that "on a computer" doesn't make a non-patentable concept patentable. All we have to do is bridge that last gap and show them that all software is math:

http://en.swpat.org/wiki/Softw...

For Alice v. CLS, more analyses listed at the end of this page:

http://en.swpat.org/wiki/Alice...

I know the headline is correct because Gene Quinn is hopping mad. Quinn makes a living by obtaining software patents and always says he can draft around any limits imposed by the courts, but here's what he's saying today:

"an intellectually bankrupt opinion ... will render many hundreds of thousands of software patents completely useless ... On first read I donâ(TM)t see how any software patent claims written as method or systems claims can survive challenge."

http://www.ipwatchdog.com/2014...

I didn't want to trust my own reading, but I knew it was a big victory when I read Quinn's reaction.

Sorry, all you've got is me.

If anyone can help, I've been building this wiki for five years now without a break:

http://en.swpat.org/

(And I'm working on campaigns against software patents since 2003.)

Fantastic news.

I mention my Wikipedia activities in the "Other interests" section of my CV but I'm always worried that employers will misinterpret it as an offer to polish their image. With this rule change, if an employer does ask me to "Hey, since you know how this wiki thing works, can you correct some stuff?" I can say that I could but I'd have to declare it as being paid work.

That'll make them less interested, so I'm less likely to get put in that situation to begin with.

(Some other comments rubbished the idea because it won't get 100% compliance but they're missing the point. Improvement is improvement.)

Over the years, I've tried to use Unicode for math symbols on various web pages and tend to revert back to GIFs or LaTeX-generating tools due to problems with symbols missing from the font used by this or that browser/OS combination, or even incorrect symbols in some cases.

IMO the biggest problem with Unicode is the lack of a public domain reference font. Instead, it is a mishmash of proprietary fonts each of which only partly implements the spec. Even the Unicode spec itself uses proprietary fonts from various sources and thus cannot be freely reproduced (it says so right in the spec), a terrible idea for a supposed "standard".

I'd love to see a plain, unadorned public-domain reference font that incorporates all defined characters - indeed, it would seem to me to be the responsibility of the Unicode Standard committee to provide such a font. Then others can use it as a basis for their own fancy proprietary font variations, and I would have a reliable font I could revert to when necessary.

Consider yourself lucky, then, and pray that it lasts. The people around you are not made of such strong stuff, and I can't be sure that you are either.

It actually is a bit different for the Republicans, in that they are caught in an internal party schism of a scale we've not seen on either side since desegregation, if even then. It's difficult for the less right to look good to the more right, undirected pushing against the Democrats is one of the few ways they have to do it.

Do not forget that ObamaCare was rammed through without a single Republican vote in the House or Senate.

It's the unfortunate case that Republicans don't generally support Democratic bills. Witness the recent student loan bill. There is not much question that a better educated populance means a better economy and a stronger nation. It's a truism that we could just pay for college education in a number of fields and reap economic benefits of many times the spending. Indeed, we used to do more of that and the country was stronger when we did.

You meant "you wouldn't approve" rather than "you wouldn't understand".

Positioned correctly, it isn't all that socially reprehensible to state the sentiment that you don't believe you should pay for people who drive their motorcycle without helmets, people who self-administer addictive and destructive drugs, people who engage in unprotected sex with prostitutes or unprotected casual sex with strangers, and people who go climbing without using all of the safety equipment they could.

You don't really even need to get into whether you hold human life sacred, etc., to get that argument across. It's mostly just an economic argument, you believe yourself to be sensible and don't want to pay for people who aren't.

The ironic thing about this is that it translates to "I don't want to pay for the self-inflicted downfall of the people who exercise the libertarian rights I deeply believe they should have."

OK, not a bad position as far as it goes. Now, tell me how we should judge each case, once these people present themselves for medical care, and what we should do if they don't meet the standard.

Citation needed.

I just looked for a minute and found This NIMH study. If you look at the percentages per year they are astonishingly high. 9% of people in any particular year just for mood disorders, and that's just the first on the list. Then they go down the list of other disorders. The implication is that everyone suffers some incident of mental illness in their lives. And given the number of psychiatrists, psychologists, and lay practitioners in practice, it seems like much of the population try to get help at times, if only from their priest or school guidance counselor.

You are not a rock. Can you honestly tell me that you haven't ever suffeed a moment of irrationality?

I'm curious what his stance is on most martial arts practitioners.

I've never heard of one invading a school and karate-chopping a dozen young kids to death. Have you?