August 2006

So I drew up plans to quietly step back from Flickr. I'd already paid for a year, so there was no real value for anyone in making any immedate move. Just when my account was coming up for expiry, I'd extract my photos from the site, find some convenient way to host them myself, and feel that warm glow of low barrier-to-entry middle-class social consciousness.
Often, full disclosure is explained as a way to make sure vendors are responsive, using "naming and shaming" to force a faster patch schedule. This is certainly one aspect of the practice, but far more important is the fact that it gives those people who might be running the vulnerable software enough information to make informed decisions about their security.
Just in front of us in the crowd at yesterday's baseball game were dozen or so young lads and lasses, all dressed in green t-shirts with "Add me" on the front, and their myspace IDs on the back. Well, all except this guy.
The prevalence of any bug is directly proportional to how much extra work a programmer must do to avoid introducing it. Writing software is 90% attention to detail, but programmers are human and the more details there are to pay attention to, the more likely one will be missed.
