What if someone who privately knows about the vulnerability gets the idea to exploit various installations of competitors (or even common users!) during the embargo period? Do you trust large enterprises not to misuse their knowledge to their own advantage?

Of course that's a risk. But again, is it worse to have a handful of people who are trying to be secretive know about the vulnerability while vendors update and carefully test their software, or for for the entire world to know about the vulnerability while vendors scramble to get something out the door as soon as possible?

Since Open Source projects communicate in the open (even if just version control commits), I find it quite likely that all major security-related projects are monitored by black hat hackers. The few weeks waiting period gives them ample time to use the security hole.

That's why the Xen Project doesn't put the fix into version control until after the embargo period is over. Only people on the predisclosure list (or those able to listen in) would be able to learn about the vulnerability without doing their own audit of the code to find the bug themselves (which is very expensive).

There's basically a balance to be struck. All users not on the predisclosure list (and thus who cannot update their systems until the embargo period is over) will continue to be privately vulnerable during the embargo period: anyone who happens to have dug deep enough and found the bug can still exploit it. But as soon as the announcement is made, everyone who hasn't yet updated is publicly vulnerable: Nobody has to search to find the bug, they just have to write an exploit for it. Being privately vulnerable is certainly bad, but being publicly vulnerable is far worse. The goal of the embargo period is to try to reduce the time that users are publicly vulnerable by extending the time they are privately vulnerable. Two weeks has been found to be a reasonable cost/benefit trade-off in our experience.

The XenProject security process gives them time to patch their systems (in this case, 2 weeks). If you don't have your stuff patched by then, they won't wait for you.

"It's not you, it's me."

"It" here still isn't (or shouldn't be) referring to a human. Normally it means, "The problem in our relationship isn't you; the problem is me."

nrén = woman

Hmm, Slashdot seems to have eaten the characters it wasn't familiar with. That should be nuren and nuhaizi (tone 3).

Regarding "they", English speakers have been using "they" as an ungendered third person singular for hundreds of years.

Language is defined by its speakers, not by some committee somewhere; each of us gets a vote. In some cases I persistently vote against change if I think it's a bad idea (for example, I will make fun of people who use the word "literally" when speaking figuratively as long as I can get away with it); but in this case, I think it's a perfectly reasonable thing to do, and I have purposely chosen to use "they" in this way.

English is perhaps the most gender neutral language currently in use.

I cannot tell you how ignorant that sounds to me. Of the four languages I know to various degrees (English, French, Turkish, Mandarin), two of them are far less gendered than English. In both Turkish and Chinese, there is no "he/she" distinction -- there is a single pronoun which can be used for any person. Additionally, in the base for "person" and for "child" is ungendered, and to specify "man/woman" or "boy/girl" you have to add a gender tag. Chinese: rén = person, nánrén = man, nrén = woman. háizi = child, nánháizi = boy, nháizi = girl. (Turkish was too long ago for me to remember the actual words.) Turkish is the same for brother/sister. (Chinese have cutesy reduplicatives for sibling relationships -- gge, dìdi, mèimei, jijie -- so the "add a gender" thing wouldn't fit.) I never got to actor/actress, waiter/waitress, &c in Turkish, but in Chinese they're all ungendered as well. (And nouns are genderless in both languages too.)

Seriously dude -- if you don't know Chinese or Turkish, that's fine; but then don't make a claim about all languages "currently in use".

Indeed: if you look at m-w or any other dictionary then you may notice that the modern use have two opposite meanings. That belongs to the richness and sophistication of modern language.

No, that's because most dictionaries are descriptive rather than prescriptive: they're trying to help people understand what someone might be saying, not trying to tell you what the right answer is. And in general, I agree with them -- language is defined by its speakers and develops over time.

But the fact is that using "literally" when you actually mean "figuratively" is stupid. It's not only evidence of sloppy thinking, but it actively degrades the language. The fact that it's in M-W reflects the fact that a significant minority of people use it this way; but the fact remains that the majority of speakers oppose this change and think that it's stupid and wrong. By making fun of people who use the word "literally", I am "voting" to keep the old definition and keep the new definition from becoming accepted, and I will do so as long as it is practical.

There were two answers common to all of us: project management and English writing. We are all in management now, not practical engineering, and need words more than we need numbers and formulae. An English writing course should be required for all pure and applied science majors, in my opinion.

I represented computer science at an elementary-school tech fair a few months ago. Many of the students had been given papers they were supposed to fill out by asking us questions; one of the questions was, "How often do you use writing in your job?" And they were all surprised when I answered, "Every day". I need to discuss design, bugs, performance, releases, strategy, &c &c, and all over e-mail. Writing (and typing) is a core skill for me.

Note that the studies do not say multivitamins are worthless, nor does it address any other health areas except those three. That is just the headline sensationalism.

Did you miss the part where the TFA's title said "Stop wasting money on supplements"? The article itself is trying to make the argument that it's a waste for most people to take multivitamins. But the reason given is that it doesn't prevent death, heart attacks, cancer, or dementia.

Guess what? Hiring policemen don't prevent natural death, heart attacks, cancer or dementia either. Neither does wearing a seatbelt. Neither do all those safety regulations on cars and aircraft. Are they going to write an editorial next saying that we should "Stop wasting money on police, seatbelts, safety regulation", and cite studies showing that they don't prevent natural death, heart attacks, cancer, or dementia?

Vitamin deficiency causes all kinds of random problems that are often not quickly diagnosed. Do a cost-benefits analisys. It's a low probability that I'll have a vitamin deficiency, but if I do, vitamins will help a lot. Given how little they cost, it seems like a no-brainer.

What would be better is if the US patent office had to repay the royalties (or perhaps a percentage of them). Then there would actually be incentive for them to be careful about the patents they approved. As it is, they get money for any patent they approve, and no negative consequences for approving patents which are later overturned.

Cuts and scrapes get soap and bandages.

Of course, and that's the right thing to do -- until such time as you discover that your leg has actually been infected, and that you need antibiotics. It doesn't happen very often, but when it does, it can be incredibly dangerous. I don't know what the rate of bacterial infection is for falling out of a tree, but let's say it was 1 in 1,000. No antibiotics means that goes from "1 in 1000 children who scrape their knee hospitalized" to "1 in 1000 children who scrape their knee die", which is pretty bad.

And of course, there's the insane requirement enacted in 2006 that the USPS pre-pay healthcare benefits 50 years in advance

According to the Times, the real financial problem facing the Post Office may have been created by Congress in the first place through the 2006 Postal Accountability and Enhancement Act. The law required the service to begin prefunding the healthcare benefits of future retirees 50 years in advance. The requirement costs about $5.6 billion a year, and it caused the Postal Service to lose $5.1 billion the first year after it was enacted.

So for the last 7 years, they've had a $5B handicap -- limiting what they can do wrt expanding into other markets, upgrading services, and so on. I'd say they're doing pretty amazing.

It would be akin (because of the vast separation in time) to our finding forty thousand versions of "Damn, Og just missed small deer. ... No, wait, he return. ... Damn, Og just missed small deer."

Your example contains "damn", which could help you track exposure to religion, attitudes towards swearing, and so on. The existence of "small deer" could help you track the change of population and determine exactly when a species became extinct / sacred / in high demand. Even when not mentioned, a historian might be able to deduce that Og was using a ranged weapon here rather than a close-combat one, to help study ancient technology, correlating it with other evidence to track the rise and fall of different tribes or races. That all sounds like a potential treasure-trove of information to me.