I wrote advisories on that more than 10 years ago, so please go ahead and lecture me.

Your home network should not allow a request with an IP that doesn't belong to it out. If I'm the router that connects 1.2.3.0/24 to the Internet, I shouldn't put a packet that claims it originates from 5.6.7.8 on the wire.

The only places where a package that isn't part of my network should be routed through is when my network is a transit network.

I know from my own experience how right you are, but that, exactly, is the problem. This "it didn't crash in 10 minutes, ship it" approach is utterly horrible. It's become industry standard instead of being taken out back to be shot, and that is a really serious problem.

People shouldn't be used to computers crashing - they should demand that they don't do so.

Am I the only one who read this initially thinking that "supercharger" meant a pump that forces compressed air into an internal combustion engine?

Not my choice, we got them in a deal with a VC. And I will tell you from experience that they're not all great programmers. A *few* of them were very good programmers, most of them were OK, and a few were very *bad* programmers. Just like everyone else. The idea that the H1B program just brings in technical giants is pure fantasy. This isn't 1980; if a CS genius living in Bangalore wants to work he doesn't have to come to the US anymore, there are good opportunities for him at home..

H1B brings in a cross section of inexperienced programmers and kicks them out of the country once they've gained some experience. I have nothing against bringing more foreign talent into the US, but it should be with an eye to encouraging permanent residency. I think if you sponsor an H1B and he goes home, you should have to wait a couple years before you replace him. Then companies will be pickier about who they bring over.

I have to say, managing a team of H1Bs was very rewarding, not necessarily from a technical standpoint but from a cultural standpoint. Because I had to learn about each programmer on my team and the way things are done in his culture, I think I became closer to a lot of them than I would have to a team of Americans.

No, it proves that the network you are connected to is braindead because it still allows IP spoofing.

It used to be really easy to knock someone off the Internet. It's not so easy anymore. For some of the really big targets, being able to muster the bandwidth alone would be an impressive demonstration of power. Keeping them offline for more than a few seconds while their Anti-DDoS countermeasures deploy would be something that few players smaller than a nation state level can pull off.

Not really. I hate them as much as most people with three working brain cells, but they've both done quite a lot about security. It's just not enough and - like every company - they make decisions to not invest in some security measures because the ROI simply isn't there.

Nonsense. On their gaming systems you are unlikely to find any data that the companies would consider valuable. And 10+ years of experience show that "oops, we leaked customer data" isn't really a game-changer.

But cries from customers can be. Denying them the joy of their freshly gifted gaming console can be very powerful. It's not the nice way, definitely not, but it makes headlines.

I doubt it's going to change anything, because customers are too used to computers not working. That is the real damage that 30 years of Microsoft dominance have done to the world.

If I didn't know that, I'd give back my nerd credentials.

But there's a difference between making a prequel movie and a story that is set before. The Hobbit tried too hard to get as much from the LOTR movies into it as possible. For example, WTF is Legolas doing in the movie? He's not even mentioned in the book.

Which means absolutely nothing because you can't actually use any of that firepower in any conflict short of "Civilization as we know it is coming to an end." That's not to dispute the rest of your points, which are mostly valid, but let us leave the SSBN out of the calculation of modern naval firepower. They have a specific mission: deterrence. The day they are called upon to loft their birds is the day that mission has failed.

There is an argument to be made that we need more ships, particularly attack submarines and surface combatants. The former will prove decisive in any conflict with the PRC and the latter are needed for missile defense, amongst other missions. Unfortunately most of the shipbuilding budget is going to the Gerald Ford CVNs while the looming Ohio replacement is going to consume billions more. Both are needed at the end of the day, so unless we're going to throw more money at the Navy I'm not sure what the solution is. I'd opt for throwing more money at them, since it takes decades to build a modern Navy, and it can't be used (as easily) for interventionist adventures in the same manner as a standing army....

They've released propaganda films about nuking us. We didn't mobilize the cyber or real armies over the matter; I guess that's the difference between a modern nation-state and one held together with a pygmy's cult of personality....

Are they guaranteeing throughput? Then it's meaningless for most folks. It's like putting tires rated for 200 MPH on your care and assuming it will now go 200 MPH.