That's not true. Script kiddies have to wait for someone to write a tool for them to use to actually exploit it. It takes a few days for these things to get out there in mass.

When an upstream has a security advisory, I have to run around in circles to get the patch out to my users and then they have to run around patching everything. That's just how it works. When you don't get enough information to make a decision, it makes it hard to know if you should risk patching. For some folks, they're in system freeze for a busy time of year or have a lot of other risks by patching something. You really need as much info as possible to make this decision sometimes.

For example, at work we have a vendor who recently told us they had a huge security issue. Anyone on the internet can change a setting and that in turn can change a link to an admin area of our product. The catch is that we never use the admin link it changes. They threatened to drop support of their product for us if we didn't patch immediately. However, we don't use that admin link. Further, the number of users in our org that uses it are on one team of 10 people. A huge risk in general does not mean a huge risk for one org.

The OpenSSL team did the right thing on their end, but there are two dimensions to vulnerabilities, the severity in terms of the software and the number of users impacted. The latter in this case, was small.

Did your credit card "used" credit amount go up. If it's more than 25% of your credit line, it will cause a drop.

This can't be accurate. My boss at the time had an NT4 server running SQL Server that he left on for a year. It only had SP1 installed. No security updates.

It was kind of a nightmare to patch when we finally did. Did I mention it was the billing database and that was back when we didn't have the PCI compliance standards of today.

You never owned an iomega zip drive then. The NT4 kernel would BSOD constantly with an external parallel version of that. I've experienced a BSOD on every OS through Windows 7. In windows 8, it's now a :) so I don't know if that counts. (i've seen it too)

Windows tends to crash now due to hardware problems. Most BSODs in NT are from bad hardware or bad drivers.

Look at the massive amount of IPs that Amazon and Microsoft use for their cloud solutions. If AWS actually supported IPv6 properly, people could start migrating. Last I checked, Amazon didn't even offer IPv6 as an option for their DNS services.

ISPs are starting to move on IPv6, and now we need the big hosting companies to step up. Today, that's mostly cloud providers.

QA is another option. I think it's the goto for people that are logical and don't actually enjoy writing software. Instead, they get to try to break it.

You can't make something expensive "free," but you can force people to pay for something they wouldn't voluntarily pay for via taxes.

By taxing goods up front proportionally to their reclamation costs (and the costs of their packaging) we could fund "free" recycling and even encourage manufacturers to adopt more environmentally-friendly designs.

I think the who problem with LAMP or MEAN is that it's trying to define one web stack. The world has moved on. Some companies deploy nginx now instead of apache or in combination with it. Netflix sends 33% of all Internet traffic on FreeBSD rather than Linux. I've seen so many people replace the P in LAMP to be python. We can't even agree on the P.

My current stack at work is FATAPJ - FreeBSD, Apache, Tomcat, AngularJS, PostgreSQL, Java

I wouldn't be surprised if PHP already works this way.

It's believable that someone could get a B+ in an entry level CS class even without a good understanding of arithmetic. Entry level CS is more about understanding flow control and variables than it is about mathematics.

If she got a B+ in Calculus, that would be concerning. And since all university-level CS programs require Calculus, the student in your story likely never graduated... unless this was a for-profit college, perhaps.

Deus Ex

If they don't have enough people to help, maybe they should consider some H1B's to augment the staff?

Supergreen.

While you were busy 'reading articles', he was busy getting a low ID. BTW, UID 1 never read an article.