Just FYI, the credit/debit card company is often stylized as "VISA", and the travel document is a "visa".

True. I stand educated and corrected. [can't edit the post anymore though]

Keep in mind that the requirements for an IV drug are much higher than those of nootropic enthusiasts. All compontents have to be within a narrow concentration range (consistently, across batches) and very low levels of byproducts are allowed.

I'm not saying it's as expensive as Valeant claims, but it might be more expensive than you think.

What's the rationale for disclosing vulnerabilities to for example Google before going public (unless the bug is in Google's software)?

When you release a patch, anyone who gets it can see what you changed and figure out an exploit from that. Because it's good for people to be patched /before/ that happens, some vendors give certain major customers early access to patches - so long as they maintain a proven track record of not disclosing anything about them.

For example, Xen has a 'pre-disclosure list' [1] so if they have a critical security patch, Amazon, Google, Linode, Oracle, Rackspace, and several Linux distro developers [2] get the patches early.

Obviously, we can debate the morality and wisdom of this policy - personally as I haven't discovered any critical security bugs, I've never faced this particular moral conundrum.

[1] https://www.xenproject.org/security-policy.html [2] http://www.securityweek.com/several-flaws-patched-xen-hyperv...

Because big players can take remedial action prior to the bug being disclosed to protect users - for example, banning a specific framework from browser extensions.

Yes. Fair is often not optimal.

After reading it twice I'm still not sure what the horizontal axis represents. Is it time in days?

I know this is probably meant to be read by people who know more about the subject than me, but adding some axis labels wouldn't hurt.

Time is on the vertical axis (labeled with kernel versions that were released at that time instead of date). Horizontal axis is just an arbitrary bug number. It seems bugs are ordered first by severity and then by time they were fixed.

Those polls don't necessarily mean that people aren't choosing the lesser of two evils. Those questions aren't asked in a vacuum. Most of the polls ask about people's opinion of the candidates in a Clinton vs Trump context. Even if that wasn't the case, people might still feel that they have to support one candidate over the other.

It's hard to make people throw away their biases and ask themselves why they really support something.

> It won't resolve everything but it's a lot nicer than naming&shaming businesses who have effectively done nothing wrong.

They are putting their users at risk through negligence. Many would argue that's wrong.

According to the article, the stores were running malicious javascript which grabs people's credit card info. This obviously means they are vulnerable in some kind of way, but I fail to see how this is reasonably likely to be exploited. Even if it was, you also have to consider the benefit of warning the users.

I am not a security expert though, and I might be missing out on something.

The responsibility of GitLab and GitHub is not to investigate if those 1000 sites are indeed running malware and how dangerous the malwares on these sites are, and who could be harmed by these malwares.

The responsibility of GitLab and GitHub is also not to judge if it's "more important" to protect the site owners' businesses or the people going to the sites.

If some sites are running malware, the site owners are responsible for fixing it and not harming the people using their sites, not GitLab or GitHub.

On the contrary if site owners could be harmed by the name of their sites being on such list on GitLab or GitHub, then GitLab or GitHub are responsible according to the DMCA.

So GitLab and GitHub are just acting on what they are held responsible for according to the law.

Disclaimer: I am working as a contractor for GitLab and I am not a lawyer. I took no part in GitLab's decision to censor the list and this is just my own opinion.

> On the contrary if site owners could be harmed by the name of their sites being on such list on GitLab or GitHub, then GitLab or GitHub are responsible according to the DMCA.

Nope. DCMA is about copyright, and we have not gotten to the point where someones URL is copyrighted.

The human genome and body are extremely complex. Concluding that something is caused by environmental factors just because a few genetic markers can't be found, would be a massive over-simplification.

Isn't this correct though? That the probability of picking only four asians (if you chose at random) is just over one in a hundred million

Yes - but the objection is that no one in his/her right mind should be making hiring decisions at random. So, comparing it to choosing at random in rather obtuse (and clearly intended only to score cheap points by the person who filed the lawsuit.)

There might be a good reason why they use glass ceramics instead of for example stone. Maybe because it's harder to manufacture consistently (ferromagnetic impurities?), has a larger coefficient of expansion or because it's harder to implement touch controls for them. It might just be more expensive.