Also, themes are difficult to update. Compared to plugins and the Wordpress core, theme updates have these problems:

1. First, themes do not notify you when they have updates available.

2. It takes an expert to merge a theme update with the existing customization of the theme. (Plugins and core updates are one click.)

3. Theme vendors limit their support. I dealt with a well-known theme vendor which charges some small amount for a subscription to all its themes. It refuses to provide archive versions or changelogs. So the expert is left guessing what customizations have been made, unless some previous person working on the site has keep a copy. (Plugins are more commonly from the WP site, with changelogs and archives.)

4. Users keep unused themes lying around online and see no reason to update them. (This can also be a problem with inactive plugins.)

5. Wordpress core can do nothing to protect against bad code. A theme can run arbitrary PHP, as can any admin user from the admin interface, as mentioned by parent. (Plugins are similar, though runtime the active theme has priority over plugins.)

Maybe something similar is going on with autism. What would be a hygiene hypothesis for autism? Probably the amount of time we spend alone or plugged into video games, the usual suspects. But the alone thing is interesting. Such as: kids who have their own bedrooms vs. kids who share.

A quick google on "autism own bedroom" shows a bunch of parents complaining the child wants to sleep in their bed, and parents in subsidized housing demanding an extra bedroom so the child can have his own room. Who knows.

How many case of allergy were there 200 years ago? None. Hay fever was only known among the wealthy, and only since the early 1800s. Supposedly. It's similar the the autism phenomenon. Either over-diagnosis, environmental conditions, or some kind of hygiene hypothesis, who knows.

As long as the # of decent browsers surpasses the # of evil mega-corporation web services I want to use I guess I have some privacy. Fifteen years ago there were two browsers and both were broken, either by crashes or security. Now we're in a golden age of good browsers. The only way the evil megas can break browser separation would be by IP, which is fuzzy, or by Flash cookies, which I hope are not shared across browser. (Or by behavioral analysis, also fuzzy.)

Mozilla even has two browsers you can install with the profiles automatically separate and runnable simultaneously: FF and Seamonkey. Same should be true of Chrome and Chromium. Opera is fast, Safari is special, IE is ok these days.

Android phones in the U.S. come with apps that cannot be deleted, depending on the service. Typically: Facebook, Twitter. You can choose to decline updates, but you cannot remove the app. Look at the comments on this app: https://market.android.com/details?id=com.virginmobileusa.vmlive&hl=en Of them 90% are along the lines of this one: "This program is garbage I wish I could get this crap off my phone."

Peat is not talking to you, he's spouting CEO-happy-talk for his investors who do not understand the simplest thing technically. Peat will not answer the question everyone here knows is at issue, the confirmation to YouTube. Just look at the astroturfing responses that started popping up after Peat's comments.

The happy-talk thing seems to be generational, fake it to make it. I ran across it today on the OpenID project at Mozilla. I guess it's how you get ahead in a no-offense way. Thankfully, the Mozilla guy did reply substantively after I scrolled down a bit.

The worst thing you can do in these people's view is to get peeved & worked up about something. The office environment must be terrible these days for any thinking person. No wonder people watch Mad Men, Sons of Anarchy, Sopranos, Curb, Breaking, all those shows where the reality of being super careful about what you say does not exist. Even the Office (U.S.) is one big H.R. joke.

Apache has an input filter mechanism. Could also proxy I guess. Easy to detect the bad input, just a question of how to hook.

The RC version of PHP has a new directive, max_input_vars. Should be easy to implement. The POST data come in as a string, just like a query string, as I recall it. So just count the number of ampersands.

Article says the DoS happens as the hash table is populated, so there is no easy fix for the PHP user. A patched version of PHP must be compiled. Or maybe some apache magic can be applied before the data hits PHP. Something in mod_rewrite in the .htaccess?

Opera has been free with no ads for many years. They make the majority of their money from the mobile version (free to individuals, though), and some from other embedded devices and search partners (Google). I don't know if the cloudy thing, Opera Unite, or Opera mail makes money.

He hears rumors in Calif. of a new trust system to complement PKI. That's all he will say when the interviewer questions him repeatedly about a solution to the problem he goes on at length about: that browsers have PKI roots built in. I agree it's a terrible system, but asking the clueless user to select trusted roots would have its own problems, in, say, Iran. Or more precisely, clueless users in the US make it hard to deploy a system for careful users in Iran. The UI has to be both easy & difficult.

Monopoly €1000 certs, that's a not a biz model you can fix. Someday I will understand Slashdot editing.

can fix. Also amazing how complex CA authority has become. The concept is fairly simple, but the niceties of the trust bits have become so arcane that Mozilla is having to fix erroneous understandings of the bits in their own code, without breaking legacy. Then the people working on security code have highly resistant personalities and so all kinds of nonsense gets frozen in for years.They sort of have to be that way, to keep their code gov't certified... what a mess. Crowd-sourced verification of self-signed certs is starting to sound better & better.

The practical results of the way the code works at least at Mozilla were mystified complaints about the fake revoked Digninotar certs put in Mozilla to block real fake certs! That is not a model for the future. They are working on it, but it's glacial.

The Probably Most Popular Shopping Cart plugin for wordpress had developers who decided to write their own parser for the wp config file instead of using include/require. Consequently, salts and passwords like "foo);bar" break all product images. Now that is a hard bug to find!
https://shopp.lighthouseapp.com/projects/47561-shopp/tickets/970

Whoops, the Kleenex analogy is backwards. Oh well. What if Kleenex would only supply your drug store if you gave them drugs? It's more like that.

No, they are being punished by a semi-monopoly. What if Kleenex refused to supply drug stores that stole cases of the truck... and Kleenex was a semi-monopoly whose name was synonymous with tissue... or something like that.

What if you ran a web site Google was lifting content from, enough content that people stopped buying your paper product (newspaper) and visiting your website? And then you lost your remaining traffic when you complained? A company as big as Google has to play by different rules. And corporations are only entitled to the rights we give them; they have no natural rights.

The newspapers, by the way, need to charge because the only way they make real money is on print. When they don't charge for online access, print subscribers drop out. People even want to pay! Look at iPad & Kindle & Nook.

When the NYT first tried charging, a few years ago, online hits dropped fast. They panicked at went back to free. But that was exactly what was supposed to happen! The point of Times Select was to save print subscribers, not make money off online viewers.