Unfortunately, many of these errors are _not_ subtle. Let's take Subversion as an example. It is filled with mishandling of user passwords, by storing them in plaintext in the svnserve "passwd" file or in the user's home directory. Given that it also provides password based SSH access, and stores those passwords in plaintext, it's clear that it was written by and is maintained by people who simply _do not care_ about security. Similarly, if you read the code, you will see numerous "case" statements that have no exception handling: they simply ignore cases that the programmer didn't think of.

Please upgrade your installed version of SVN.

Yes, at one point that was true, but it hasn't been for a long time. If I recall correctly, SVN 1.3 or 1.4 started using encrypted passwords on Windows, and as others have stated that data has always been stored in your home directory. SVN on Windows doesn't even use the registry (though the CollabNet installer does add some registry entries if you use it, but they are minimal and only useful for locating the installed versions).

Ah. Yeah, I understand you now. Sort of like the old wives’ tricks for telling whether you’re going to have a boy or a girl... people will swear by them, but in fact they’re bound to be correct 50% of the time, and people don’t remember the times they were wrong.

Why?

In any event, hiding the dialogs when GIMP loses focus makes a hell of a lot more sense than dialogs that won’t minimize or hide at all. When I want to see the desktop, I want to see it without any stupid unhideable dialogs in the way.

I don’t want a single window mode. I want the things I mentioned. Unless I maximize the window, and then perhaps yes a single-window mode would be better than letting the floating palettes overlap the image window.

>>>The very reason we HAVE a SCOTUS is to protect the individuals from majority abuse.

But the SCOTUS is part of the U.S. Government. It often acts like a rubberstamp for the Congress and the Executive branches, and when it doesn't rubberstamp, then the president sometimes threatens the court (see FDR and the Court-packing Scandal).

The U.S. Government should not be self-policing itself. That's why it's necessary to have an independent party, i.e. the States, be granted the ability to nullify unconstitutional laws. They created the Constitution - they ought to have at least some power to enforce it and nullify unconstitutional laws - just like any other binding contract.

Given that the maximum cable length under best conditions (I'm not even accounting for cable twisting here) is about 100m, at 0.5c the delay between sender and receiver is about 6.6*10^-9. Not quite 7 nanoseconds, if I am not mistaken. The time it takes your computer to execute about 30 atomic instructions. Considering your reflexes take a billion times longer, I would be amazed if you can hear THAT.

Incidentally, the Spanish Flu (name for 1918 flu) was also a virus strain of subtype H1N1.

http://en.wikipedia.org/wiki/1918_flu

Sir, your logic and information is cramping my attempts at satirical humor. You know that such things have no place on /.

I'd say yes, that's fair. Windows 7 and Vista and XP are all the same amount of secure because the ship date of the problematic code doesn't change. It's the same problem, same code, same ship date.

If you come across a problem in Windows 8 which exists in XP, you're going to say wait, how can an unreleased operating system be rated on its security? How can a new operating system be at the same risk level as something which has been running and exploitable all these years? Because day 0 when it's finally released, you have brand new systems running, which are vulnerable to a 9-year-old exploit. To me, that magnifies the risk in a way that offsets your claim.

Supplier reaction speed is important, but it's hard to tell when someone tells Microsoft about a bug, MS refuses to fix it because it's just a DOS, then someone turns it into an attack vector, suddenly it's a security patch and the turnaround was 1 week. In reality, they have probably been keeping the bug on the back burner, maybe already fixed it and just running through tests. When the DOS turns into a vector, they just pack it up and ship. Relying on vendor response speed is a nice idea, but I don't think we can trust everyone to give us honest data.

So definitions come into play. How long did the vendor know about a problem, which turned into a security issue? How long did the company withhold information in order to pretend they don't have problems? We'll never know most of that with many companies, unless they have a public bugzilla type environment. MS Connect is getting there, but nowhere near where it needs to be.

The movement you're proposing from the public would be influential yes, but the fact is the president we voted into office already made a huge issue on transparency. The pressure on the USTR should be coming on him from the top down, and if the measures being proposed are so draconian that they can't be revealed, then these are not discussions we should be taking part in. Not every movement needs to be grassroots; when the American public has already made a decision on how much they want transparency already. Then again, maybe it's just another forgotten promise by a politician and we were stupid to believe in it in the first place, and we should just annoy their offices until they yield.