IF the people in charge are asking for it, find and suggest a solution that can do it safely.

I'm with you so far.

If they are not willing to pay for your solution, find another, albeit less safe solution and present it with a list of assumed risks. Rinse and repeat until you have a solution they are willing to pay for with risks they are accepting, then do that.

In my experience, any "solution" that you present will be understood to do everything that they wanted.

Even if you say that they cannot have X at $Y. They will give you $Y and then demand X.

When you cannot do so, a contractor will be brought in to set up a flawed implementation that will reduce your security BUT will provide X at a price point that you said could not be done.

Which is why we see this story pop up over and over and over again.

We are primarily a government contractor, and our main contract had a Siebel-based client management system (only a government would have the combination of money and stupidity to invest in an ancient technology like that, but oh well), and up until late last year, we had to run IE in the lowest security mode and IE7 compatibility mode just to make the ActiveX components function. The new version is by and large HTML5 compatible, and though they recommend Firefox, we've had only a few bumps running Chrome. I doubt more than a handful of our staff even use IE now.

Yes, well, we often hurt the ones we love.

About the only place I still see IE is on some web-based applications from the late 90s thru the mid-00s that were built using IE 5 and 6's very insecure ActiveX architecture. Up until last year, we were forced to use such software on one of our government contracts, and it literally meant viewing the site in Compatibility Mode with security settings cranked down to nothing. They finally updated the underlying Siebel engine to the HTML5 version, and after that everyone just seemed to go to Chrome. I suppose at that point where we start rolling out Win10 desktops, Edge might end up being used, but I have a feeling that MS has missed the bus here, and Chrome is king.

I think Firefox dealt it the mortal blow, and then Chrome finished the job.

Well given that on his news website he says:

In fact if you go right to stallman.org it's current front and center at the top.

Time and time again I see news articles that seem to herald the idea that users are willing to sacrifice something like privacy for the use of software. Take Facebook for an example. You get a robust and snappy storage and website for communication at the cost of control over your life and privacy. And as I try to explain to people the tradeoffs most of them seem to be complacent. Even I myself use GMail, there's just no better mail service. Even if there were, I'd have to run the server from my home to be sure that I'm in control in it and it's truly free (by your definition). So given that much of the populace isn't even prepared technologically to harness truly free software, don't you think they have slowly accepted the trade offs and that the pros of your arguments -- though sound -- are only possibly realized by those skilled enough to edit source code or host their own mail server from their home?

I know when I get angry I hold down shift... I have disabled caps lock on all my keyboards via software.

Correct me if I'm wrong, but multiple tapping (5x) of the shift key still enables de-facto "caps lock" via Sticky Keys for the rare users who do want it, use it on a regular basis, and are too lazy to map a keyboard shortcut themselves.

I found your piece on selling free software to be pretty logical on paper. However, has it ever worked in the wild? Can you name companies or revenues that currently operate on this idea (and I'm not talking about services or support of the software)? I simply can't come up with a widely used monetized piece of software licensed under the GNU GPL whereby the original software was sold at a single price and shipped with the source code -- free for the original purchaser to distribute by the license's clauses. Can you list any revenue generation from that? I must admit I'm not exactly enamored with paying for free software (as in your definition of free) before it's written yet I cannot think of any other way this would fairly compensate the developer.

Hey, I hardly ever press the power button, lets get rid of that one.

Idiots

Perhaps that is because it was written by SS-Oberscharführer Lennart Poettering.

So you regularly float at an altitude of 20 to 100 feet, do you?

I'd say if it's over my property at a low altitude, yes, I should have the right to shoot the thing out of the sky, and further, if I can determine who was flying it, I should have the right to sue them.

Drone operators are getting an incredible sense of entitlement out of playing with their toys. I think it's time for some serious and substantial financial penalties.

Keep your fucking toy way from my fucking property.

Worth adding is that the answers to someone's "security" questions often are easily obtained with just a small bit of social engineering.

Yep. Even easier if the information ("correct" answers) are available via Google.

But also, since you're already using unique passwords ... and the crackers managed to get your password ... how did they do that and would that have also yielded your "security" answers.

Their thinking seems to be:

1. So, one username / password isn't enough.

2. A second password should be enough, but it will use the same username as in #1.

3. And that second password should be SUGGESTED to be based upon something that can be researched / socially engineered / tricked out of the person.

4. And entered using the same channel as #1.

Okay, if you cannot get two factor authentication then at least use a different email address for each bank AND ONLY FOR THAT BANK. Email addresses are free. And always use completely unique passwords. Not bankname1 and bankname2.

The same for the "security" questions. Always completely unique.

If you have to write them down, do so. Just keep the paper in a secure location. It's far less likely that someone will break into your house to look for passwords than it is that someone will crack your computer.

I was just being mischievous. I think the editors are... adequate.