Isn't it easier to just take a question at face value?

While you might be right about the motivation, if you're correct then perhaps it's something to be taken up with the editing staff? You could add your voice to the other commenters headed in that direction.

(Aside, the market will ruthlessly sort out whether they provide a service worth the prices they're asking. Me? I find watching the futile struggle from a distance can sweeten that bilious taste in your mouth. But be warned - it can backfire if they succeed.)

I wish you peace.

Because there's no reason to learn programming unless you're going to make a living at it?

Maybe it's a useful set of tools for viewing the world and solving problems.

Or maybe it's just plain fun.

Yeesh.

In the Hadoop space, Microsoft has also worked with Hortonworks to expand the Apache Stinger, Tez, and ORC projects - among others.

Granted, they certainly want to make sure Hadoop runs on Windows servers and Azure; but nobody says that open source has to be an entirely altruistic affair.

Nobody does...

I'd suspect that there's plenty of common ground with the CERT set - good practices are good practices.

What I don't see in this discussion is an honest criticism of the SDL practices being published.

I have directly observed (from my position as a corporate developer that works somewhat closely with Microsoft) that the Microsoft's focus on security since 2003 is sincere and pervasive. They take security seriously.

While I'm no friend of ActiveX, the bleating demands that they scrap the .Net framework (or they're not serious about security) are laughable.

Publishing their internal secure development lifecycle process for all to see is an example of the transparency that is so often trumpeted as a feature of open source development. If you can find flaws in the SDL, I suspect that they'd be happy to discuss it with you. (They've been quite open with our company about their SDL for the past 3 years.)

Having a good process doesn't guarantee perfect results - and I don't think Microsoft is promising perfect results. No sane software development group would. I think this demonstrates an ongoing commitment to security - one that started years ago.

Simply pointing and laughing does not reflect well upon you. Criticize the Microsoft SDL - it's out there, with OSS-style transparency. Start a serious discussion - and offer up improvements, if you can.

Here, in a nutshell, is why a lot of normal, non-technical users have trouble with FOSS...

They don't know anything about how and why Flash crashes their browser - or why Chrome handles it better.

They only know that their browser has crashed.

When someone more knowledgeable says "The problem isn't this, it's something else - so FIX YOUR COMPUTER before complaining" - well... the user just wants things to work, and their browser is still crashing.

Even if they had the time to dink around with their configuration until things were better, I don't think they're especially motivated in that direction. Most people don't enjoy messing around with their computers.

On the upside, your normal, non-technical user might not know enough to be offended by the PEBKAC remark.