We had a family cruise last week. There was a glasshole walking around the ship for the duration. Why? WHY?!

Pretty sure that those things are not problems to do with how these specific laws are written, they're fundamental flaws in the trial process and thus the judiciary itself. If such basic rules are being ignored then by definition you wouldn't know if an accused person was actually a traitorous spy or not, would you, because the system would be unable to come to any trustworthy conclusion.

Er, no. Go read a history of Google. The search engine came first and for several years they had no idea how to fund it at all. They sold search services to Yahoo and Netscape. They put their code in a box and tried to sell the Google Search Appliance. They did a bunch of other random things before they eventually tried out keyword based advertising. To say the search engine was a byproduct of a desire to serve ads just makes you look like an idiot who is making stuff up as you go along.

According to the manpage on OSX, it's ipfw from FreeBSD:

The ipfw facility was initially written as package to BSDI by Daniel Boulet
<danny@BouletFermat.ab.ca>. It has been heavily modified and ported to FreeBSD by Ugen J.S.
Antsilevich <ugen@NetVision.net.il>.

Several enhancements added by Archie Cobbs <archie@FreeBSD.org>.

The SSH that comes bundles with every Mac is OpenSSH, also made by the OpenBSD people. No idea what else has OpenBSD fingerprints on it within Mac OSX.

I'd love to believe that, but I think what did it is more like what the OP said - lots of apps could be bought off the shelf for not much money, that did everything interesting. I mean, I learned programming on a BBC Micro in the 80's, which was a great machine back then, but it was *handwave* 10x as expensive as the game-price-subsidised NES boxes and I couldn't write competitive or even interesting video games for it as a kid, because I didn't have enough skill. So not surprising that most people lost interest.

While he's at it, he may as well install some Twinax in case someone with an AS/400 comes for a visit and needs some Token Ring love.

Sure, they are expensive, but the auto-away feature alone (motion sensor sensing no movement for a set amount of time) has saved us a lot of cash over the past two years. It also knows the outside temperature and learns how long it will take your house to warm up/cool down based on that and adjust its on-times accordingly.

Quite the nice piece of adaptable hardware which has seen our energy usage drop ~15%. Of course it's impossible to say that was all Nest that can take the credit for that.

We have a Nest and love it. The only problem I had until now was the lousy central humidifier support.
Even with the recent cold snap here when temperatures 'as cold as Mars' our Nest never failed to start the furnace.

Ha! Well done!

EMV offers no additional protection whatsoever in a card present scenario unless the customer is required to enter a PIN. Which as you know.. convenience blah blah, speed blah, reasons. And nobody will.

You realize that hundreds of millions of people around the world routinely type in PIN numbers for every transaction, right? I've typed in a PIN for every card payment I've made for years, as have all my friends and family. We're not dead yet. I fail to see why Americans are somehow unable to deal with this when everyone else can.

Anyway, you don't seem to understand how EMV rollouts work. People are not given a choice about PIN authentication. You do it, often into a portable device that is a bit like a specialised mobile phone but with a PIN pad, card slot, display and 3G connection that the waitress brought over to your table. The banks insist on it and so do the merchants. It takes about as much time as signing with a pen does.

Because most of these exploits being fixed are not remotely exploitable unless you deliberately download and run malicious Java code. If you write a JavaScript engine in Java, then you can't have use-after-free exploits in your JavaScript engine, to give an example of once recent Chrome vulnerability. You could have other ways bad JavaScript can escape the interpreter, but memory management or overflow errors won't be amongst them.

I'm hoping it's just ignorance of how EMV actually works that makes you say that. Some people are under the mistaken belief that EMV means account details are encrypted (yes their are private keys on it), or that EMV somehow protects your account details from being used to charge your account - and they're wrong on both counts.

You should read the EMV wiki page. When used with DDA cards, which modern cards all are, it protects against cloning of the card and thus protects card-present transactions. Yes, EMV cards still have magstripe data on them which can be stolen and used for online merchants where the card is not present, but there are other systems that are working on making online transactions more secure as well (like 3D-Secure). The combination of these things is an upgrade.

You're assuming it would have made any difference. Remember that these systems have to store the data whilst the transactions are in flight. No, the solution has been known for decades - it's EMV, and every Slashdot story on these card breaches contains exactly the same discussions about how the USA needs to upgrade. Seriously, the USA is more than 10 years behind by now. It doesn't just dick over Americans. The need to be able to travel to the USA means banks everywhere else still need to support stupid magstripe or chip'n'signature transactions. If the USA upgraded it'd become more easier to start aggressively targeting the remaining magstripe transactions with tougher risk analysis and that would cut card-present fraud everywhere.

No, you haven't understood what these vulnerabilities are about. They're all issues that affect you if you download and run malicious Java programs from the internet, which describes applets that are often disabled in the browser anyway. Not "any Java program that talks to the network is remotely exploitable". So if you aren't a malicious programmer then your code is still secure.

As I said above, I'm thinking of C++. You'll find a lot of C++ programs that use unsafe calls, but even if they are STL only, you can still easily do things like use after free and other bugs.