To paraphrase a bit:

Those who give up some security for some efficiency deserve neither.

Seriously, you don't engineer CRITICAL INFRASTRUCTURE to be insecure simply because you don't want to run 2 sets of wires. It's simply a cost of doing the job correctly - which we haven't yet.

Presto nuttin. Disabled USB ports don't give you much

Attaching it to the PUBLIC INTERNET is bad. Said 'laborer' can still happily sit in his office making a change to an air-gapped system that IS connected directly to the substation.

There's simply no point in having the same system that runs critical stuff also be able to browse Facebook.

Not quite. Gtk and Gnome appeared because Qt was originally proprietary. The reason why Gnome became "the default", though, was because enterprise distros like RedHat pushed for it - and that was because Gtk and Gnome were both LGPL, so closed-source software could link against them. This was not the case with Qt, which was open sourced for a long time, but was GPL rather than LGPL.

If by this you mean the various limitations surrounding Windows Store (aka "Metro") apps, then those happened very much under Ballmer. Hell, the guy have only just recently left, so what exactly has disappeared since then?

At the same time, Satya was heading Cloud & Enterprise business before becoming CEO. And C&E, among other things, includes DevDiv - and Satya has a lot of supporters there. Furthermore, note the meteoric rise of Scott Guthrie, who was always one of the more passionate advocates of a solid and modern developer story for MS (in particular, embracing F/OSS).

Did you miss the entire recent .NET cross-platform push, what with the Xamarin partnership and all?

So, basically, tax oil production - we could call that, say, "carbon credits" - and then invest those into R&D necessary for clean energy and geoengineering?

I think if James Clapper or Keith Alexander joined the board of DropBox you'd see the same issues. But they haven't.

Being a donor to one of two political choices (or often both) is one thing. That's very, very far removed from power. Actually having started wars whilst being Secretary of State is entirely different.

She gave speeches strongly advocating war in Iraq, and was an integral part of the whole process that led to a war which killed over 100,000 people. It was later solidly established that the people at the very top of the Bush administration knew their excuses for war were BS and kept repeating them anyway, and ignoring all the evidence that they were wrong.

I keep reading about how intelligent this woman is. But given the things she's done, she sounds pretty goddamn dumb to me. It's not everyone who can say their mistakes led directly to mass death.

Much though I love NSA related conspiracy theories, especially lately, I think "the NSA writes a pile of crap and gives it away for free in the hope it becomes inexplicably popular" is perhaps not the best one available. OpenSSL has been around for a loooong time with virtually no resources put into it, which is one reason it sucks. The other reason being that the original author wrote OpenSSL in order to teach himself C (and it shows).

Recall that SSL was not very widely used up until a few years ago, and it's only in the last 18 months that suddenly every man and his dog wants a secure website. It's not surprising that core libraries that do it are subpar. Even very large companies like Google or Microsoft have typically only had one or two people who really understood and cared about SSL.

Unpopular though it is, if you can take a small(ish) performance hit, you could use a Java HTTPS server that proxies to your app. The Sun/Oracle JSSE SSL stack (in the Oracle VM, not Android) is pure Java and thus immune to these sorts of errors. In JDK8 it supports TLS 1.2, ECDSA, perfect forward secrecy and the use of AES-NI for hardware accelerated constant time stream ciphering.

I would say it is a problem with mailing lists. They are taking mail, rewriting it to say something different, then delivering it in such a way that they claim they didn't change it (with broken digital signatures). This isn't Yahoo breaking mailing lists. This is just mailing lists doing something stupid. The fix is for them to stop doing MITM attacks on people's mail or to do it, but to resign the mail themselves so they take responsibility for it.

It's not like DKIM is new by the way, mailing list developers and admins have had this coming for years. But you won't find a more backward or stubborn bunch than crusty postmasters who ran mailing lists the same way since the 80's.

Blah blah blah.

Java 8 has a full SSL stack written in Java itself, so no buffer overflows there, and which uses AES-NI for hardware accelerated encryption if available. It also supports perfect forward secrecy and other modern features (no session tickets though).

If you look at the CVE history of JSSE what you will find is that occasional bugs like the Heartbleed attack (not checking length fields correctly) get reported as denial of service issues because they cause managed exceptions that might, if you wrote your code non-defensively, cause your server app to quit. Or they might just cause the connection to drop, which is the right behaviour.

It's about a million times safer than an ancient piece of 1980's style C like OpenSSL.

I don't think Chrome uses OpenSSL, although they are thinking about switching to it. They use NSS, same as Firefox. I'm not sure any browsers use OpenSSL - it's mostly used on the server.

Context matters. I never said he didn't do anything for space exploration. In response to a statement saying NASA only wants 'manned' missions, I showed an example where even a small unmanned program was heavily defended by NASA.