Was?

Did you ever write a program? Did it work the first time, doing exactly what it was supposed/specified to do?

Did you ever figure that was an adequate excuse?

Of course not.

Not in what you say isn't the truth, because any software that hasn't been shaken down is usually pretty bad, but using the "first time" as an actual reason for insecure software? Completely unacceptable. If you worked for me with that attitude, you might end up in the mail department where you could have an easier job.

You obviously both misparsed my statement and aren't aware
of how *I* do software development.
It includes beating the HELL out of any piece of software before
releasing it (with a full coverage test suite built into the make
mechanism in a way that causes the build to fail if a unit test
fails.)

I've developed a methodology that lets me deliver such a fully
debugged software components, with test suite blazingly fast,
as well. It takes me about three times as long as it takes a
more typical programmers to get a new component of similar
size and complexity to successfully compile and link (but not
run correctly) after a moderate feature change.

And I'm thus familiar with some of the pathologies of
people who administer programmers with insufficient
insight into what they're doing and their modes of talking
about it. Because I'm so fast I don't generally report
progress until a component is DONE. Result: Some
administrators have compared my delivery of a complete,
polished, from-scratch, component to one debug iteration
of other team members. This lead to actual publication of
a statement to this effect: "[Ungrounded Lightning Rod]
takes three times as long as anyone else, but his stuff
usually works the first time."

I've been referred to as "a god" in hushed tones (over a
nearly non-existent bug rate in a ten thousand line application),
and had a colleague comment that I was the only person he'd
rust to program an artificial heart for him.

So I'm quite aware of how to make software solid.

My point was not making excuses for poor programmers.

My point was that commercial software operations usually
have management pathologies that lead to measuring
function and not measuring (or rewarding) security.
There's a lot of WORK involved in making software secure
and doing it is usually penalized rather than rewarded. So you
have to expect commercial software to USUALLY be riddled
with security bugs.

(Which is why I migrated to hardware design about 15 years ago.
The non-recurring costs of a bug-fix respin as SO high that
administrators often appreciate and reward solid design and
execution.)

And the other side of that coin is finding it and reporting it. Then checking back x time later. Where they did nothing then say, why were you looking again?

How about:

1) To find out if the data was pulled down yet.
2) To be even nicer guys by waiting until the data WAS pulled down to run the story that would give tens of thousands of identity thieves a valuable present.

Or you know... people could start writing decent secure code to begin with... :)

Did you ever write a program? Did it work the first time, doing exactly what it was supposed/specified to do?

Took a lot of debugging and error correction, didn't it? Even if you are a programming expert.

Now write a program where "what it's supposed to do" includes "not get cracked and used by any malware, known or unknown, past or future".

Think you'll get THAT right the first time? Even if you are a security expert?

Some people are needle-phobic, and will refuse an injection for anything less than death, severe pain, debilitation, etc.. Some people think the time and expense is a waste. In recent years, only enough influenza doses have been manufactured for about 45% of the United States population, so a majority doesn't use them. I don't, and probably never will.

The safe version for the very young and stronger version for healthy older children is a reasonable approach. Lifetime immunity achieved in youth should be the goal for many diseases.

I'm sure millions of Americans are malnourished, but the number of Americans who are involuntarily undernourished due to the inability to get enough food from their family's money, charity, or government handouts is very small. Literal starvation usually implies someone who is mentally defective, physically injured and isolated (an oldster who has broken a hip and can't reach a phone), or other situations where tax money won't make a bit of difference.

Or are you a member of a community none of whom, yourself included, will help a person in need?

Why couldn't you get this angry at Bush Corp when it was doing similar or worse stuff?

Lots of us were down on Bush, too.

You just probably thought we were lefties. B-)

Correcting typos:

Spun out of Internal Revenue in 1886.
Shot and killed the son and sniped and killed the (nursing at the time) wife over a FIVE dollar tax matter, not a five hundred buck bill.

(ATF is also noted for throwing a pregnant woman against a wall - she later miscarried - and stomping a kitten to death just to drive home how powerless a raid target was to make them responsible for their actions. Shooting the family dogs at the start of a raid, for the raiders' convenience, is routine.)

When will the IRS start issuing jack boots to all agents?

Why not jackboots? ATF and Secret Service are also part of Treasury.

ATF has been the classic "jackbooted thugs" for most of their existence - ever since they got spun out of Internal Revenue in . They're "the revenuers" that enforced alcohol taxes with machine guns even before they and the FBI burned down a church camp in Waco over a $200 tax bill and shot a man's son and wife on Ruby Ridge over a $500 claim, inspiring the original NRA "Jackbooted Thugs" ad.

Secret Service has a history of incarcerating people and holding them incommunicado if they think they might be possibly be a threat to a high government official. (I knew one '60s radical who BECAME a '60s radical, a nice Jewish girl who, when still underage, was playing spy/counterspy with a friend in Grosse Point using their new toy CB walkie-talkies, totally unaware that JFK was passing through the Detroit area on his way to speak at a university graduation ceremony 50 miles away. Scooped off the street, thrown in a cell overnight, no mention of why, no phone call, no notice to parents, ...) They also harassed someone who, during the Vietnam protests, wrote "Piss on JFK" on a postcard. Reason given: "If enough people pissed on him it would kill him."

Why should the IRS be left without appropriate footwear?

I was expecting the CDC to pull this stunt, but the IRS?

They're just getting a head start on Obamacare - which they will be administering.

Ten million people's medical records? They now have a mandate to have EVERYBODY's.

In the vacuum tube era they'd get stacked up to tens of thousands of volts, and they went even higher for particle accelerators (which are a big fancy vacuum tube when you get right down to it).

There's no inherent limit to how many capacitors you can put in series.

Yes, the "balancing tricks" do cause a LOT of leakage. Series caps are more for storage times measured in seconds or fractions thereof than weeks.

Oh no!

The second experiment added some Linux laptops that ping-flooded to generate lots of network activity. The second experiment showed a clear increase in plant "damage" /lack of development.

Were the laptops located so that their fans wouldn't be blowing hot air past the seeds, heating them and sucking the moisture out of them?

You've cited an interesting article: 10 minute exposure, 900 MHz, intensity low enough not to cause heating. The authors refer to the radiation level as "low", however 5V/m, while not high, is not what I'd call low. Response to radiation, if I read the article correctly, was dose-dependent.

It lends credence to the student's results, and suggests lines of inquiry with variables like frequency and intensity. Seeing a trend or threshold effects would be instructive.

Thanks.