Check your spam folder for many messages from providers who'd be more than happy to register a .cn for you. They'll also sell you bulletproof hosting if you need it.

So the last sentence in the summary should have read "We've heard time and time again how insecure passwords are, and Microsoft is aiming to replace them with a password-equivalent where you can never change your password when it's compromised, you leave copies of it on everything you touch (or look at), and which can be defeated with a bit of gelatin or a printout of a photo".

Yay, Microsoft!

While I don't agree with the OP, it does seem to be gratuitous bashing of Cruz. AFAIK what he's pointing out is that NASA was chartered to explore space (the NOAA, not NASA, was chartered to do climate research), and yet in my entire lifetime, apart from the 1970s-era Space Shuttle, the only thing of note they've managed to do in this area is launch a few remote/robot probes. Holy fsck, this is an organisation with an $18 billion/year budget that's done basically nothing to further getting mankind into space since the Apollo program ended over forty years ago. They've been busy dicking around with various expensive toys for the last several decades, cancelling one pie-in-the-sky project after another, and presumably will be relying on some of their huge budget to eventually rent room on Russian, or Chinese, or Indian, or whoever else gets there, missions to the moon or Mars.

Looked at another way, if some pro-science senator came along and told them to get their s**t together, would there be such an outcry?

Installing Window Blinds and Start8 as a one-off doesn't seem terribly cumbersome, and then you have the UI that Microsoft should have given you in the first place (best ever response to this was taking my laptop in to Microsoft and having a MS person staring over my shoulder and eventually asking "what is that and where can I get it too").

Exactly (no mod points left, sorry). Auditing OpenSSL makes about as much sense as auditing Windows 95, we already know it's broken beyond repair, and any further effort expended on it is just throwing good money after bad. Focus on something that's worth going with, like LibreSSL, or something that was never OpenSSL to begin with.

Same here. I have an Atmos clock, which is entirely mechanical. You're supposed to get it serviced every 30 years (mine has just gone in for its second service, the first in the time I've owned it). The standard models are meant to run for about 400 years, the fancier ones like the du Millenaire are calibrated out to 3000 AD, although I'm not sure whether civilisation will still be around then if something goes wrong.

I'll bet the $10,000 Apple watch will be a piece of expensive inanimate jewellery long before my clock goes in for its third servicing.

Had an interesting discussion about this with some fellow geeks over steak recently, one of them proposed firing the bottom 80% of all your developers. Reason: Not only are they not contributing much that's useful, they are in fact a negative input on productivity since the other 20% who are useful have to go round cleaning up the mess they make.

I'm not sure if it's 80% (I'd say maybe 50%), but I know too many situations like this, where the clueless/incompetent are not only not doing anything useful but actively preventing the competent from getting their work done.

(The problem, which was pointed out at the time, is identifying who the incompetent 50% are. Many of them are where they are today because they know how to manipulate the system, rather than because they're any good at what they do).

The reason for using this alternative to the alternative is because any kind of blacklist-based security doesn't work. It rates #2 in the six dumbest ideas in computer security, with default-allow (which arguably is the problem that blacklists are trying to deal with) at #1. First there were CRLs, which don't work. They were replaced with OCSP, which doesn't work. Now we have cert blacklists, which are fairly recent so they haven't failed often enough for it to be obvious to everyone that they don't work, but give it time...

Once they fail, the browser vendors will come back with version 4 of the dumbest idea, then version 5, and then version 6, and they'll just keep on doing the wrong thing over and over and over until eventually it starts working, dammit!

Starting? What would it take for you to realise that the whole browser PKI mess is the steaming pile of dung that it actually is?

Already exists, Google "telecrapper 2000".

What dress?

FIPS 140 certification, which I assume is what you're referring to, is almost worthless in terms of determining how resistant to real-world attack a product really is. It would have done nothing to prevent the problem discussed here. Its main use is as a measure of how desperate a vendor is to get government contracts, which is also why no-one asks for it outside government procurement.

Applications are going to have to support both for years, possibly eternity. The whole HTTP 2.0 process was driven mostly by Google, who wanted HTTP changed to reduce the load on their servers (heaven knows what sort of uproar would have resulted if Microsoft had tried this sort of thing). Unfortunately the resulting design, while it may make Google's job easier, is incredibly difficult to implement for things like embedded devices. The HTTP 2.0 WG's response when this was pointed out, repeatedly, was "let them eat HTTP 1.1".

In other words there will be two HTTP's, 2.0 for Google and in general content providers and whatnot, and HTTP 1.1 for everything else.

Sadly, things look like they're heading in the opposite direction. The first thing I do with a new install of Chromefox is download a pile of extensions to turn it back into Firefox, but it seems like every new release requires even more extensions to undo the Chromefox braindamage. So at least for that browser, the developers are making changes that force you to download more extensions, not less.