As a matter of fact I never directly used Bitcoin.

Because you're not goofy.

Personally, I do all of my transactions in Darknet Credits, which is the new monetary system based on reputation and righteous deeds. I can't actually buy anything, but I'm in on the ground floor.

You've obviously not used Bitcoin a lot.

You could accurately say that everyone has obviously not used Bitcoin a lot.

Projects at power stations, oil refineries, steelworks and chemical plants for example

Those are not R&D projects, they are implementation projects where there is no science left. Three hours for backup, one hour to physically replace the old server, three hours to restore, one hour to test and put online. Everything is known, everything had been practiced before in dry runs, and there are plans B, C and D just in case.

Government projects that (I suspect) were mentioned are blue sky R&D projects. Take, for example, a new fighter airplane. It doesn't exist. How much will it cost to design one? How long? Nobody can tell for sure; it's a "pay as you go" work - and that's how these projects go over budget and over schedule. Some bugs are still haunting F-22, for example - like that oxygen supply system. Seemingly an easy system to build, isn't it? But several pilots are dead because of it. You can plan all you want, but if an essential team member gets hit by a bus you can throw those schedules away. How much time do you need to debug a fault that happens only once in a month, and you strongly suspect that it is caused by unexpected interaction between 120 threads that your system is spawning and joining in real time? Can you predict the date when the bug will be identified and squashed?

Did you ever write a program? Did it work the first time, doing exactly what it was supposed/specified to do?

Did you ever figure that was an adequate excuse?

Of course not.

Not in what you say isn't the truth, because any software that hasn't been shaken down is usually pretty bad, but using the "first time" as an actual reason for insecure software? Completely unacceptable. If you worked for me with that attitude, you might end up in the mail department where you could have an easier job.

You obviously both misparsed my statement and aren't aware
of how *I* do software development.
It includes beating the HELL out of any piece of software before
releasing it (with a full coverage test suite built into the make
mechanism in a way that causes the build to fail if a unit test
fails.)

I've developed a methodology that lets me deliver such a fully
debugged software components, with test suite blazingly fast,
as well. It takes me about three times as long as it takes a
more typical programmers to get a new component of similar
size and complexity to successfully compile and link (but not
run correctly) after a moderate feature change.

And I'm thus familiar with some of the pathologies of
people who administer programmers with insufficient
insight into what they're doing and their modes of talking
about it. Because I'm so fast I don't generally report
progress until a component is DONE. Result: Some
administrators have compared my delivery of a complete,
polished, from-scratch, component to one debug iteration
of other team members. This lead to actual publication of
a statement to this effect: "[Ungrounded Lightning Rod]
takes three times as long as anyone else, but his stuff
usually works the first time."

I've been referred to as "a god" in hushed tones (over a
nearly non-existent bug rate in a ten thousand line application),
and had a colleague comment that I was the only person he'd
rust to program an artificial heart for him.

So I'm quite aware of how to make software solid.

My point was not making excuses for poor programmers.

My point was that commercial software operations usually
have management pathologies that lead to measuring
function and not measuring (or rewarding) security.
There's a lot of WORK involved in making software secure
and doing it is usually penalized rather than rewarded. So you
have to expect commercial software to USUALLY be riddled
with security bugs.

(Which is why I migrated to hardware design about 15 years ago.
The non-recurring costs of a bug-fix respin as SO high that
administrators often appreciate and reward solid design and
execution.)

They would want to use automatic weapons

What for? Could you please elaborate? What gangbanger would want to carry a replica of M16 and a few magazines full of ammo? What target would that be useful against? Handguns are far more practical for what criminals are doing. Full auto weapons are only useful for laying suppressive fire, preferrably against a massed enemy. A terrorist might want one (see Mumbai,) but a common criminal, IMO, has no use of it.

My mom was a legal secretary for 17 years, with the result that she loathes most lawyers. From her description of the bozos that she worked with over the years most of them think that changing their default password to their pet's name or their brat's birthday is all the security that their laptop will ever need. After all, they only browse the vanilla porn sites on their work laptop, there shouldn't be any malware on those, right?

I find this true of a lot of professionals. They can earn a ton of money, but they also can be extremely cheap. And even worse, their "superior" knowledge in one field makes them believe that they're superior in all other fields - thinking everyone else not in the same field

It applies to all fields - be it IT, medical, legal, educational, etc. It seems just because someone spent a few years learning something specialized, they're suddenly above everyone else.

Hell, you'll see spending on non-field related things to be extremely cheap as well - a lawyer may spend a lot on nice furniture and stuff to show they're good, but their IT and office assistant spending would be very low. Ditto doctors - I've finally seen the people who use the crappiest of the crappy laptops that get sold at Best Buy. Hell, they'll complain about it but not do a single thing about it - or spending a few more bucks and getting something that would frustrate them less.

And yes, it applies to you, the IT worker as well - see how much money you spend on nice clothes rather than the jeans and T-shirt. Or even if you have a suit and tie (or are you the type that says "clothes don't matter"? Well, to a lawyer, IT doesn't matter, either. That includes security.).

It won't be long until this comes and bites someone in the ass. Imagine a lawyer or doctor gets hacked and ends up violating lawyer-client or doctor-patient privilege. Will said information be allowed in a case? What if it was due to poor security? Who's responsible?

IT workers are lucky though - there's no privilege that depends on them keeping secrets that a court respects. Other than maybe getting discredited because of poor dress.

With a lifetime measured in tens of rounds, it really isn't all that special.

A large number of handguns are used to make either zero or one shot in their entire history. Not everyone religiously, every week, goes to the range with a thousand rounds and comes back with only empty brass. Many concealed carry firearms are never discharged. Barrel durability is not a concern at all. Barrels of big guns (like those on ships) are designed only for a few hundred shots - and they are far more expensive than a few grams of plastic. A printed gun is a problem only if you are a professional who shoots frequently - a soldier, or a target shooter, or a hunter. Even police officers are safe - they rarely shoot; whenever they do, it's a big deal.

primer and powder can also be made by hand I thought

You can make black powder, for all the good it will do to your precious firearm. You cannot make a modern propellant without mastering the chemical and extrusion problems. A few of your attempts will result in an explosion.

You cannot make a primer. The oldest chemistries of primers are known, but they are very unstable. I do not know off the top of my hand what primers are in use today, but Wikipedia lists lead azide, lead styphnate and tetrazene. The technology of producing and loading a highly sensitive substance is quite specific; I recall reading about blending of these crystals under a layer of ethanol, for example, but I don't know if it is in any way related to reality. This is a highly explosive process, and it has to be automated and perfected over a hundred years to get to where we are today. Probably there is no chance of making primers in somebody's garage without *exact* description of *all* technological processes and parameters, and without all the necessary equipment.

In the end, it's not an impossibility. There are hundreds of people in the country who know all about these processes because they run them every day at ammo factories. If need be, those people could become a core of garage-based manufacturing of primers and propellants. So far that hasn't happened, and the real secrets are safe. Wikipedia may describe 90% of the technology, but the remaining 10% always takes 90% of the effort. You can easily classify making of primers and propellants as rocket science.

Where have you seen an engineering project that was (a) completely finished and (b) on schedule? A "Hello, World," perhaps, in Perl?

By law, the government has to give the contract to the lowest bidder. Not the best one, and not the most honest, but to the lowest one. This means that the contractors *have* to bid low, and hope to make it up later on, during the contract. Some contracts (cost plus) allow that. A contractor who bids exact or a little over does not get the job. Fair and honest estimates are bred out of government contracting by laws.

That's what puzzles me about the move: If Google said '95% of 3rd party XMPP servers are spam bots, we aren't doing federation unless you are a Google Apps customer or otherwise verifiably unlikely to do something dramatically stupid', that'd be annoying but not wildly surprising. Dropping XMPP entirely, though, both kills 3rd-party clients and suggests that they were either unable to shoehorn what they wanted into XMPP(even as a proprietary extension, with the standardized subset allowing partial compatibility), or they saw breaking compatibility as a virtue.

I suspect that federation(at least outside of paying customers, who are both more important to listen to, and less likely to be spambots), is viewed as more trouble than it's worth; but dropping XMPP entirely is an entirely different game.

The extra amusing thing about the unrelated case is that he is representing his wife. "Sorry honey, not 'attorney-client relations' today, I'm under investigation for moral turpitude unbecoming the profession..."

A private company operating an enterprise of equivalent size might actually have made a few little 'community investments', possibly scored some sweet 'development incentives', maybe even a 'public/private partnership' to get some of the infrastructure built for them...

Sucks for their smaller competitors; but private enterprises shake down state and local governments all the time. If anything, this particular situation is probably coming up because the location of the NSA datacenter was decided by jockying at the federal level(rather than by the NSA shopping it around and having states beg for it), so once the location was fixed, the state has a strong incentive to soak them just hard enough that they don't actually pack up and leave.

That's not what I said.