[WoodenChair]

I feel like Hacker News has become home of the "security exploit du jour." There have always been new exploits being found daily, what's changed is the severity and wide reaching nature of said exploits.

You might ask, when will we learn? Well, the truth is making secure systems is incredibly hard work and often comes at the price of flexibility/usability/programmer productivity. We know how to do it, it's just not easy to incorporate.

[vezzy-fnord]

There have always been new exploits being found daily, what's changed is the severity and wide reaching nature of said exploits.

Actually, what's changed is a tendency to now give scary names to exploits and to insist on the importance of "branding and marketing" them to increase end user awareness, or something.

It's gotten a little farcical, I think. It's also lead to a lot of ignorant impressions about free software, as of recent. In spite of the fact that everything is business as usual.

[spindritf]

I like hearing about the big ones. I'm subscribed to announcements from the projects I rely on but it's good to have the bigger picture.

[pessimizer]

>I feel like Hacker News has become home of the "security exploit du jour."

When wasn't it? Whenever there's a big security advisory that will affect a large percentage of people who browse HN, you see it voted up on HN, explained in detail, and the media using the thread as a source.

[thejosh]

900k+ sites with Drupal, including many government sites. This is a pretty major exploit - any site running unpatched can be shelled.

[mgkimsal]

Isn't this just a Drupal 7 issue? Still will affect a lot, but I know plenty Drupal installations from that 900k+ figure that are on 5 and 6.

[fabian2k]

The 900k+ number is from the official statistics and includes only Drupal 7 installations (https://www.drupal.org/project/usage/drupal).

[mgkimsal]

D'oh!

Thanks.