Wow. Well, thanks for proving me wrong. I can see now that you are nothing but a troll. How does that link in any way address the discussion here?
Maybe your little web admin world doesn't require the same engineering discipline but I can guarantee that any software project with hundreds of developers and life-threatening security implications do require these processes.
I'm glad that you have never been hired to be a part of one of these projects.
Wow. Just... wow.
Looking back through your comment history, you don't appear to be a troll so there may have been a point somewhere in your curt and extremely rude reply. Care to elaborate?
I agree with everything in the parent post but I think the last paragraph needs some clarification. You do not need to buy a tool for process development, but some tools will be required for the implementation of those processes. For example, almost all software projects will need tools for change tracking and version control processes.
I work in a similar environment: CMMI level 5 using DOORS (requirements management), ClearQuest (bug/change tracking), and ClearCase (code versioning). Personally, I don't like any of these tools. They're slow, expensive, and generally a pain to use but they get the job done. There are open source alternatives and, although I have not used these myself, I hear they are faster, easier to use, and cheaper (free). For code version control there is Git, CVS, SVN, etc. For change tracking: bugzilla. For requirements management, any database software should do. Our process documentation is written in Word documents and posted to an internal website.
And you know they'll be charging extra for the window or the isle seat.
I hear Oceanic has great rates!
Everyone on the road has to be attentive to people entering or crossing their lane of traffic. If you're not, then you are not driving safely.
I agree. However, this does not mean that anyone can change lanes at any time with impunity. If it did, passing would be impossible.
You, speeding, are at fault for closing reaction time and so it's got to be your responsibility to be more attentive and react to changing traffic conditions.
No, it is everyone's responsibility to calculate braking distance. The speeder is not the sole party at fault here. The speeder, despite the fact that they were driving at an illegal speed, may have been doing so with a safe braking distance within their lane. If someone begins to merge into the speeder's lane and creates an unsafe braking distance, that is not a safe lane change. Hence, both are at fault: the speeder for driving at an illegal speed and the lane changer for failing to make a safe lane change.
Your quoting ofAutobahn statistics is not a good example. If you've ever driven with someone from germany who drives the autobahn, you would know why.
The quoted statistics compare fatal accident rates on the German autobahn and German rural roads. In both cases, German drivers.
I could not find Dr. John Eberhart's report either, only citations. I agree, the low fuel savings are likely due to the fact that very few people adhered to the new speed limits consistently.
Going 90mph is just flagrantly wasteful.
I agree, but I don't think this justifies an absolute speed limit. Buying desserts/snacks, using extra water to take a long shower, or owning more land than you absolutely need are all wasteful, but there is no legally defined absolute limit to any of these, nor should there be. The amount of gas/oil that a person may use, like any other limited resource, should not be artificially limited. It simply needs to be priced accordingly.
You're inaccurately comparing the difference between a 90 and 70mph speed limit and a 70 and 55mph.
The point is that there does not appear to be any correlation between speed and safety. Different speeds may provide different results and if you know of any study that does show a correlation between speed and safety I would like to see it.
The link above mentions another study that compares safety over a wider range of speeds and actually found the lower speed areas to be much less safe. This study compared fatal accidents on areas of the German autobahn where there is no speed limit with rural German roads where there are speed limits.
For example, in 2008, the overall German road network had 6.5 deaths per billion travel-kilometer, yet autobahn had a death rate of 2.2 while major rural roads had a rate of 9.5 deaths.[38] Autobahns accounted for 33% of German road travel in 2008,[39] but just 11% (495 of 4,477) of traffic deaths.
The point is that the "car in front" should not have been in front had they been safely changing lanes. Just because the car is in front doesn't necessarily mean that it should be.
Not quite sure how you think that was an attempt to justify speeding...
Technically both are at fault.
You forgot that the car in front gets priority.
Not necessarily. It depends on the location. For example, in the California Vehicle Code, there is this:
21658. Whenever any roadway has been divided into two or more clearly marked lanes for traffic in one direction, the following rules apply:
(a) A vehicle shall be driven as nearly as practical entirely within a single lane and shall not be moved from the lane until such movement can be made with reasonable safety.
Obviously, if a car is moving fast enough in the lane that you want to move into that it could collide with your car if you attempt to change lanes, that is not a reasonably safe lane change. However, if you're already traveling at the speed limit then the other guy was obviously speeding. Technically both are at fault.
Yep, and, here in the US at least, that reason is the Emergency Highway Energy Conservation Act. This initially set the speed limit nation-wide to 55 MPH. Contrary to the popular belief that our current speed limits are set for safety, they were actually set in an attempt to conserve energy (which actually reduced fuel consumption by only about 1%). The limit for some roads was later raised to 65 MPH and in 1995 the federal speed limits were repealed.
Studies examining the reduced maximum speed limit's impact on safety showed mixed results:
It was believed that, based on a drop in fatalities the first year the limit was imposed, the 55 mph limit increased highway safety.
Other studies were more mixed on this point, and a Cato Institute report showed that the safety record actually worsened in the first few months of the 55 mph speed limit, suggesting that the fatality drop was a short-lived anomaly that regressed to the mean by 1978.[14] After the oil crisis abated, the 55 mph speed limit was retained mainly due to the possible safety aspect.
There is some evidence that speed limits actually reduce overall safety.
A Moon colony would only suck slightly less, because, presumably, we'd ship air and food and something to protect you from cosmic rays, solar flares, and the vacuum of space.
The point of building a colony on the moon is to learn how to survive away from Earth using only local resources. The goal is to make the colony self-sustainable, not to be completely dependent on Earth for all eternity.
But what's the point? Just so you don't have to live here?
Yes, because eventually we will not be able to.
The GP has a good point, albeit poorly stated. Microsoft has the resources to fix these problems quickly, they simply choose not to because fixing their past mistakes would take time away from producing their next cash cow. No, they don't need to fully patch the problem immediately. But they do need to pass the information about the vulnerability along to anyone that may be using a system that is affected by it. And if they care about their customers at all, Microsoft should also provide a method to temporarily prevent an attacker from using that vulnerability against them.
Let's try another hypothetical...
You're working your ass off getting a project out the door, that new oil well needs to be drilled ASAP. A vendor of yours comes to you on Friday night with a NEW problem that they think is a big deal; apparently one of the wells that you drilled in the past has broken and is spewing thousands of gallons of oil into the ocean every day. You acknowledge their complaint, file it away and go back to working on what you were working on. Two business days later, you learn that your vendor took out ads in every major publication and website touting what an idiot you are for not "responding" to him, even though you did.
Now, before you say that's comparing apples to oranges, give it some thought. Is this hypothetical really so different from Microsoft's handling of vulnerability reports? Both problems require a prompt response because they could cost people/businesses a lot of money if the problem leads to a loss of data/resources. Both problems exist as a result of companies cutting corners. Both companies responded slowly because a prompt response would hurt their bottom line (short-term anyway).
What Microsoft should do with this and all other vulnerability reports is allocate as many resources as necessary to, at the very least, find a way for people to shore-up/disable the affected services, systems, etc. then promptly notify the world of both the problem and a temporary solution even if that temporary solution is just to turn the entire system off.
What Microsoft should not do is keep the information from the public until they release a patch. Just because one guy filed a bug report, it does not mean he is the only guy who is aware of the bug. There could be someone else who not only knows about the bug, but has already written and begun using an exploit for it.
The hardest part of climbing the ladder of success is getting through the crowd at the bottom.
