I've seen comments like this a couple of times now and I have an easy way to demonstrate that bullying was (and is) illegal. I believe Aus and US law are not too far apart on this - either the bully hits the bullied, or does not. If he does, he can be found guilty of battery. If not, he can be found guilty of assault, (if the bullied person feels his safety is at risk that's technically enough).

Sure they do - all the major web servers and hosting platforms can use and define vhosts (it's just that the mechanism for creating them differs on each platform). IIS for example, if you create a new site, using "All IP Addresses" port 80, will require that you designate a host header so that the HTTP engine can route the request to the right Web Site (and corresponding content). All IP Addresses port 80 with an empty Host Header acts as a "catch-all" and is assigned to the Default Web Site. Which you generally disable, and create your own config for, if you know what you're doing. Apache, on the other hand, configures those vhosts in text files (nowadays under sites-enabled, as I recall). But the functionality is all there on pretty much all major platforms.

Now if you're arguing that the administrators of IIS servers are exponentially less likely to have a clue about host headers, when compared to their Apache/nginx counterparts - well then from my experience you're absolutely right (my history is MS consulting, and the number of IIS admins who want 20 IP addresses for 20 sites because they don't get how to do host headers, DNS resolution etc, cannot be counted - the reverse can be counted on both hands over 20 years of doing this stuff).

No, it means anecdotal evidence is to be taken as better than no evidence whatsoever. Not everything is black and white, one side of the fence or t'other.

Consider this as a scale - Peer reviewed, multiple-source reproducible trumps anecdotal evidence, but anecdotal evidence is still better than the absence of any evidence on either side.

Cop 1: "He looked like he was hiding something, yer onner". When we stopped him he kept looking around and acting strangely."

Cop 2: "Yeah, yeah, wot he said."

You: "I did no such thing, your honour."

Judge: Both cops say you did, 2 trusted public officials with no reason to lie against 1 obvious reprobate, probable cause, case dismissed with prejudice.

Do you really think the telcos would be able to charge full monthly fees for each car despite it sending a few dozen kB a month? Most likely something like the kindle model - where I'm guessing Amazon pay the telcos 20c a month or something, because while the total data amount is huge, the amount of data per device is so small and only the aggregate so large. Same with FROD. 50M extra data streams, once a day spread country-wide? Noise to the telco's existing data streams. Frod and all the others will negotiate the rates down to SFA, they get the data, the telcos get more revenue/profit and the only loser is you, the consumer.

Citation needed, since I recall no such major outcry. Your machine is probably one of the ones with 25 browser toolbars, or ten download accelerators, or fifty outdated browser plugins, or a couple of undetected rookits etc., which is usually the reason behind a security patch "crashing your machine".

And if Windows closed the app with unsaved work, you'd be here whinging that Microsoft destroyed your work. And if you really gave a crap, you'd go in and change the Windows Update setting from "Automatically install" to "Ask me first".

Microsoft has done some seriously stupid stuff. And some bad stuff. But if you want to abuse them, at least abuse them for the stupid stuff not the sane stuff.

So what you're saying is that it's Microsoft's fault your business held out for post-Win7, despite the knowledge that the end date was 2014 (and heck, that's been moved out by 2 years from the original date!). And it's also Microsoft's fault for not planning your app upgrades (what, you thought Win8 would be more compatible than Win7 for your XP apps)? Sounds to me like you think your lack of planning should constitute an emergency on my part. Bzzzzzt. Wrong. You made your bed, now you get to lie in it.

That comment in no way changes what was said in the GP post (though for clarity, while you could still buy WinXP about 4-5 years ago you are still not a current customer). The other point to consider though is the customer (company) who has 20x WinXP machines, 100x Win7 machines and 50x Win8.1 machines. They still are a customer, obviously, but IT moves so much faster than most older industries - it's like complaining your 1955 Studebaker isn't getting new parts made any more because it's 2013, and the original moulds/specs have been lost. The only difference is that you can't even retro-fit a cloned part.

Actually - that their software is open is irrelevant to the problem. Are they running their own servers with openssl/openvpn/??? or using third party appliances? Did THEY create and build the hardware from the ground up or purchase it from a third party? The balance of probabilities may say their inter-DC encryption is done on a secure, up-to-date and built-and-operated-to-best-practices RH server, but it's not a guarantee.

And just like this scenario with Microsoft, how is anyone going to audit the deployment? RH will most certainly not allow twenty million users to tour their datacentres and audit each and every device. So just like Microsoft's environment, and despite RH's code potentially being open, there is absolutely no way to vet the environment. You have to trust the organisation (and each and every person involved in the decision tree). I really don't see a significant and meaningful difference - the open code has no bearing whatsoever on what's actually running (both code-wise and configuration-wise).

He probably works in OH&S (Occupational Health and Safety - or your local equivalent) or at an employer who has been burned in the past and now requires every possible risk to be itemised and managed (even if it makes a project cost 300% more).

I'd guess the potential killers have higher moral standards than the execs, and don't want to inflict the mental pain / sorrow on the not-guilty family members. Sadly this means the morally bankrupt studio execs can't be expunged from the gene pool.

That and there's a huge line of contenders to replace the execs anyway, all with moral compasses permanently set to "screw everyone except me".

Think of it more like a reminder and a chance to begin the education of those who were suckered in by their friends/colleagues (and who aren't/weren't privacy-conscious to start with).

I don't have a Facebook account now because of privacy concerns. But I didn't get one originally (04-05 I guess?) because frankly I'm a bit of a loner and I couldn't think of a group of people I'd rather avoid than those with whom I went to school. Yes, I've missed out on staying connected to people with whom I'd want to continue to associate (Uni friends), but I'm not sacrificing my privacy for it now. I'd rather be detached and a little boring. It's a choice - but I hope an informed one.

True also for Dell, Intel and HP. And the KVM switch vendors (e.g. Avocent). Problem is that while they'll pay for certs for the newer stuff, they're not going to release any new firmware for the older "not supported anymore" stuff. So all those console switches in your datacentre? Worthless, unless you stick with old Java. Same for managed PDUs hosting a little Java applet. Possibly even some rather large web-managed UPS. Same for thousands upon thousands of other supporting appliances of God-knows how many types. Heck, there are companies still rocking servers that are 4, 5 years old; those aren't getting updates to sign the Java applet either, let alone the 10 year old stuff that still hosts the NT4 app that no-one knows how to replace or migrate.

So basically this is going to force companies to replace perfectly good infrastructure or deal with losing remote access to things, as well as screw with hobbyists who have older stuff in their basement/garage/closet/bedroom.

The GP included a direct link to the paper, and you blindly state that it's not out!? I know it's fashionable to comment fast and defend the almighty Apple, but you might try more reading comprehension first.

The quote from the paper is on page 566 (remember this paper forms part of a greater work, and therefore the page numbers are a little strange) just above Figure 9. (I do note that the quote above is missing a space between "our" and "app", but that's no excuse for not finding it).

Oh sure, that'll be the same build that finally figures out that some organisations have web servers with names that don't end in .com.

It's woefully consistent - type a server name that is a "recognised external" URL (so something ending in .com, .co.uk, .fr, etc) and it'll go straight to the site. Type an internal server name (either a plain server name or an internal DNS name) and it will insist on searching Google, because quite obviously the user DIDN'T want localsite or site.network.internal after all. No if you want an internal server, you'll need to get the users to type in the full URL including protocol (because then the same keystrokes that were obviously wrong are suddenly obviously right).

Couple that with the new "requirement" for Chrome if you want to download the Google Talk [wait no it's Hangouts now] on the desktop (they can pry the desktop Talk client from my cold dead fingers) and the continual forcing of Google+ to view an image in a chat, it's clear Google has already turned into Microsoft V2 and is working on digging in deeper. (Hangouts? Seriously? No, it's not a "hangout" when I send an IM to my son to put the damn garbage out!)