This is one of the downsides of forcing everyone to _register_ just to report a bug. (The other downside is the tremendous pain in the user's butt.) If they only used a simple solution like Request Tracker or so.

Mozilla Foundation Top 20 Excuses for Not Fixing Firefox Bugs (Last updated in 2009.)

...

This looks awfully similar to my KDE bug tracker experience.

The article also said that they used the virus as a delivery vessel to inject genes of their own choice into the white cells. So not much to do with the real HIV. And ultimately not that "HIV cancels out cancer". Using virii to change genes seems to me as a "normal" thing to do, as it has been noted in press before.

I know what monoculture in security context is. Let me restate my opinion: presenting 10 or so choices of popular distro's is not going to render a significant difference from only 1 choice.

As for botnets or harvesting data: they are doing it. Run a honeypot and you'll get yourself an IRC based botnet in 2-3 days average. Faster than snail mail!

I don't see what you were trying to say about servers. Obviously, the user factor will vanish on a headless machine, but OTOH servers get usually reaped via buggy webapps. The OS role in this is relatively minor.

Your monoculture argument is wrong. From the dawn of times, linux exploits come tailored for the most common distrubutions and some are even intelligent enough to determine the environment at run time. Some can even adjust for non-standard parts replaced by the user. And they have a very good success rate indeed. The number of possible combinations for a typical linux server or workstation is not by a long shot high enough to pose any problem due to environment diversity.

You have a far better point than the other reply to my comment, but nevertheless...

Kernel or other patches are a reactive measure, not proactive such as micro kernel, sandboxing, mandatory access controls, and shifting drivers to userspace (of which linux has the least).

One of the pillars of good security, i.e. ex-post detection of malicious behavior, is completely missing from linux installations, and seemingly from the mentality of the linux community, whereas on windows it is the norm to have an "anti virus" software, which can be pretty efficient in detecting userspace threats and sometimes even stands some chance against kernelspace intrusions.

The point of being able to run a VM legally in linux is valid, but no wide-spread practical application of that is currently available. In fact there's a lot of fine security solutions for linux (unfortunatelly sans the kernel itself) but they all are brutally under-utilized. From that perspective linux desktop is only at the very beginning of the road towards security. I stand with my previous assessment that the lack of linux based malware is from its greater part caused by minimal interest on the part of the criminals.

And yes, when linux becomes so popular that it will attract malware enough, the plan to move to another less known OS is pretty good ;-)

Somehow this has slipped into a linux distro debate. You guys assume that linux is somehow superior in security against botnets, but I don't see why would that be so. Linux browsers, flash, and other apps, are as crappy as on windows, and there is really no obstacle in making a botnet/spyware/... run on linux. In fact it's going to be a lot easier because all distros have things like perl or python. The only thing that protects linux from this is its tiny market share, but see android ... linux based, thus uber secure, right, right?

This rule concerns external quality of the product - as perceived by the customer. The problem with bad code is the *internal* quality - which has impact on the "quotient" for the 3 part rule. The worse the internal quality, the smaller the overall pile from which you "pick two". Eventually with very bad code the development just grinds to a halt.

Yeah and internal quality (bad code vs good code) would then be the tools with which the furniture is made. Poor shops would assembly every piece by hands of unexperienced workers, great shops just have experienced guys working on top grade machinery. Both poor and great shops can still do the "pick two" tradeoff although it is obvious how their overall productivity would compare. And thats the way it is with shitty code (bunch of cowboy coders working on a yesterday deadline) and great code (tests, refactoring, good planning, experienced people).

Yeah, I've been using Jitsi for some time now, it seems to "just work" for audio/video calls and desktop sharing. It works over xmpp (jabber), which is massive plus, and it supports encryption of transfers in quite easy way. It also crawls over NATs, albeit not as aggressively as skype.

35% of technology professionals said they would sacrifice up to 10% of their salaries for full-time telecommuting. The average tech pro was paid $79,384 last year, according to Dice's annual salary survey, which means a 10% pay cut is equivalent to $7,900 on average

Wrong calculation -- the average pay of the 35% who are willing may not be equal to the average of all tech pros. So the 10% cut might be far from the said figure.

It's not that. It's key distribution. Without that HTTPS is simply not secure. I'm surprised that TFA does not mention it. In fact, it talks nonsense. "Everyone knows HTTPS is more secure." Secure from what? Mosquitoes?

Well, bugs can be fixed. But if you make it a deliberate feature to recklessly run anything that comes into your computer then there's little hope.

It's ok to start playing the movie or load up a slide show of the photos, because all that is just data. What's not ok and where the autorun FAILS is the possibility to execute arbitrary software without user's consent or notice. The same distinction goes with HTML vs Javascript.

Wasn't there some story about Apple bricking all the jailbroken gadgets some time ago?