Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 20 million monthly users. It takes less than a minute. Get new users downloading your project releases today!
It's fine enough to roll your own if it's your own website and you're decent at security... but if you're contracting someone out you need to think "what if I need to contract someone ELSE out at some point" or "what if I piss him off".
Always plan for contingencies if it's a big contingency.
Is this honestly surprising? This was known but ignored for like a decade now. Remember Google Chrome's original ToS claiming ownership of anything you do using the Google Chrome browser? That was late in this whole debacle... not even early. People just didn't care. Now they do. Poor them?
So... if Apple has a list of publicly known security flaws that can own the machine and they wait 'til they get 1/4 gigabyte patches to bother fixing them... and they don't get infected with a virus... how is it anything BUT lack of interest and obscurity that saved them?
You're forgetting that most virus attacks are for Botnets and Spam Email where the goal is to reach tens-to-hundreds of thousands of machines before it's profitable.
Spearphishing just isn't popular.
Unless they typo either by case or too late in the password... didn't realize it... and the typo is considered your real password... and the time after they try to login they wonder why Amazon isn't letting them in.
But yeah they could have easily *told* us upon login "change your password now as we've switched to a new encryption method".
I think the key is not how fast of a typist a programmer is... more that they know their way around a keyboard... because if they don't, they probably weren't programming for long.