Or SuperCryptMan who is able to find weaknesses in popular methods of generating RSA keys, OR the actual symmetric keys[1] used to encrypt the data.
[1]Some software may ask you to wiggle your mouse etc when generating your public keys, but they don't do it for every message (where symmetric crypto is usually used), so that 128 or 256 bit key that's used might actually have a far more limited keyspace.
ping tests. Keep two pings running overnight, one for small packets and one for big packets (you can specify the size/length of the packet). Compare packet loss and latency.
Test sustained download speeds. Download an ISO. Some ISPs actually throttle after X megabytes of download or Y seconds.
We've also informally tested some wireless tech before by streaming internet radio, when the music stops you know the connection has stopped, and it did stop often, too often;).
I second that. You should test (try get a free test;) ).
However just because the test is great doesn't mean it will be great months down the line when more users come on board.
If they have been providing wimax for a while in your area then your test would be indicative of what it might be even a year or so later. Otherwise if it's just been released, a test might not be useful.
With ADSL and leased lines the users tend to fight for their share of bandwidth (aka have contention) at the ISP's gateways to other ISPs.
With wireless tech, the users start contending for their share of bandwidth immediately after their wireless modem/device (and they still have to contend at the gateways to other ISPs).
Until the tech improves till it's cheap to add wireless capacity, this will be an important difference. For stuff like ADSL, it's actually not that cheap to add capacity - but it's typically paid for already.
Note: a lot of wireless tech doesn't do very well if it rains very heavily, I think that's not a problem for SF, but might have been for some posters here.
I observe that many parents just "leave it to the system" (and think it's the system's responsibility), but the foundation for a child is set by the time they are 7 years old (or even earlier).
If you want children to be better, then people who intend to be parents should be taught (or at least be offered to be taught) some basic teaching skills.
There may be debate over material etc. But I hope by now people would be able to figure out a good "basic teaching skills" course for parents.
I'm not a teacher but teachers for public schools (public money schools) should get benefits like:
1) Their children get better subsidies for education (they still have to make the grade). 2) They get subsidies for further education (if they are a good teacher).
Also, sometimes it's not just that more teachers are needed. If someone can figure out a system where the teachers can spend more time teaching and less time doing administrative crap, things might work out better.
Parents could just install it so that their kid's account can't use it. The kids might still have physical access to the machine, but parents could still try to do their job of bringing up kids:).
With Windows XP Pro you can install stuff or change permissions so that not all users can use the application.
With XP Home, you've got to find a way to install the game "for this user only", and not all games are like that. With XP Home you can actually use the commandline tools to change the permissions but that might be too hard for most.
"Responses among the eight subjects varied with the person and stimulus. "
"For example, a single neuron in the left posterior hippocampus of one subject responded to 30 out of 87 images, firing in response to all pictures of actress Jennifer Aniston, but not, or only very weakly, to other famous and non-famous faces, landmarks, animals or objects. The neuron also did not respond to pictures of Jennifer Aniston together with actor Brad Pitt.
In another instance, pictures of actress Halle Berry activated a neuron in the right anterior hippocampus of a different patient, as did a caricature of the actress, images of her in the lead role of the film "Catwoman" and a letter sequence spelling her name."
So to me it indicates their brains organize stuff a bit differently.
Then when stuff happens, if the corporations go under the people running it get a golden parachute - not their fault since it was industry standard practice. And move on to some other company.
If the corporation doesn't go under, they'll just start cloning and perhaps modifying your breeds. You won't have such a great headstart on them.
He thinks the latency problem is because the P2P client sends lots of packets out in a go, and the way to to fix the latency problem is to talk to the bittorrent people to fix it at their end.
It'll be hilarious if it weren't for many people believing him.
It's more a matter of whether the router decides to send those packets out your 512kbps WAN link before your VOIP or online game packets. Each 1500 byte packet takes 23ms to send out that link.
Your online game latency will go down even if your router naively decides to maintain a simple queue of packets where P2P packets always go to the back of the queue, and online game packets go to the front of the queue, and when the queue is full, drop packets at the end.
The max hit you will take in this case is 23ms - that is if the router is busy sending out a 1500 byte P2P packet while your "VIP" game packet is waiting.
Now if you are really desperate for lower latency what you can do is get the router to break the 1500 byte packets to smaller 500 byte fragments (this is what routers do). Then the first packet fragment could be sent out, then your VIP packets go next, then the rest of the frags go out when there are no more VIP packets to be sent. This cuts the maximum latency hit to 8 ms. However this approach can cause problems if your firewalls or any stuff in between you and your destination decide to drop all IP fragments - while they are doing things wrong (breaking standards), you are the one who suffers.
George does say:
"Now it is possible to solve this problem on the network level by prioritizing VoIP and gaming packets in the home DSL modem upload queue. Unfortunately, I don't have administrative access to the modem and implementing VoIP or gaming prioritization on my home router seemed to have no effect because there is nothing in the transmit queue of the home router since it connect to the DSL modem at 100 Mbps. "
He does not need admin access to the modem. What he should do is configure his home router to assume the uplink is 400kbps or whatever is a bit lower than what his uplink is. Or get a router where he can do that.
Case #1 You go to an "All You Can Eat Buffet" and the restaurant stops you from eating all you can of your favourite stuff. Or starts taking hours to replenish the food.
The restaurant is doing something wrong in this case. Sure you might be a glutton, but if the restaurant wants to advertise "all you can eat", they have to provide the food.
Case #2 You buy a few pizzas and share them with your friend. You now decide to share out the pizzas in a way that you think is fair.
If you can't see the difference, believe me there really is a difference, keep trying to see it and maybe it'll do you some good.
If you have multiple users, assuming that the users only get to use one IP each, you might want to achieve some sort of fairness amongst the users.
Linux tc does not do traffic shaping per IP automatically, so if you do not want to dynamically create rules on demand, a kludge is to mask off everything but the lower bits of the user's IP address, and then use that to decide which qdiscs to put those packets in.
You've got the main point right though - you MUST set YOUR maximum bandwidth limits (inbound and outbound) to be LOWER than what the ISP can provide you, the ISP might say they can provide you XMbps, but they might be lying.
The analogy I often use is: the skinniest part of the straw controls the flow.
To find out what the ISP's real limits are: first test the latency while the link is not loaded at all. Next saturate the link, and see how much the latency goes up by, if it goes up to some crap level, reduce your max limits till the latency goes down to an acceptable level.
Not setting correct max limits is the most common reason for latency and control being bad. Once you get that right you can do the priority queues for traffic. A quick and dirty way is to just prioritize small packets that aren't fragments. Most latency sensitive applications use small packets (and there's DNS, tcp-acks etc). But some online games might use large packets to send a sudden burst of information, so if they do that you'd need to hand prioritize their traffic too.
It can get complicated to decide how to split the bandwidth up amongst many users and maintain low latency.
If you split to different users first, then only do the "traffic type" shaping per user, you may not get as low latency. Whereas if you split by traffic first, then shape per user for each traffic category, you might get better latency. That could depend on what sort of queuing you use.
One man's impedance mismatch is another man's layer of abstraction or "protocol".
An OODBMS is fine for a program to use to work on a problem (possibly a "large" one) in a more efficient manner.
But an RDBMS is often more convenient to chuck the results to, so that many different entities (programs, people, etc) can _easily_ do stuff with them.
You could have a central OODBMS to do that sort of stuff - but if you're going to have to take an "overhead" hit anyway, might be preferable to use a popular RDBMS because lots more stuff can talk to it.
1) for the download to be called www.google.com (or similar) 2) for the person to open up IE one day. 3) type www.google.com (or similar) into the location bar of IE and press Enter. 4) Screw up and click Open when the prompt appears (you won't be expecting the pop up, so you might press space or enter or something else that causes "click through" ).
I'm sure there are lots of other naughty things people can do.
A nuclear reactor is not WMD. There is a very big difference between a reactor and a bomb. A certain sort of nuclear reactor can be used to make bombs, but you don't use bombs to make a reactor, you might use bomb material to _fuel_ a reactor but that is a _disarmament_ process - that's one of the things you can do when you want to reduce the number of bombs! It is also claimed by the US Gov that Syria was going to use that reactor to make WMD.
In short: You do not ship WMD across borders to build a nuclear reactor. You do not ship WMD across borders to build nuclear reactor to make WMD. Doh.
There is plenty of evidence that Bush was lying.
As for your real enemies. Believe me - your enemies are Diebold (what kind of democracy can you have with those sort of voting machines?), the people who proposed Diebolded elections, and last but not least the ones in the US Gov who are stomping all over your precious Constitution.
Face the facts, Iraq posed very little military threat to the USA. Iraq had no missiles capable of reaching the USA. Same goes for Iran and the rest of the current bogeymen the US Gov tries to frighten their people with. Only China has the capability to hit USA with WMD. But why would China do that? China is doing well in the economic war.
The US Gov can do a lot more damage to the USA than Iraq ever could, and the US Gov has most certainly damaged the USA a lot. Go look at your recent history with your eyes open and brain engaged.
That said, Iraq did hurt the USA by switching from selling oil in Dollars to selling oil in Euros. As long as the rest of the world holds billions of US Dollars just to buy oil and other commodities, the US Gov can print tons of US Dollars (directly or by bonds) and _instantly_ tax the rest of the world - and make them poorer. Normally when a country prints more money, it devalues its own currency, however when the USA prints more money, it gets a free ride - since the rest of the world holds more US dollars than the USA itself.
Iran has started to sell oil in Euros, so go figure. But don't ever forget Iran had a democracy, before the USA and UK decided to make them a dictatorship. Guess how many Iranians who know their history feel about the USA's talk of "democracy".
In contrast, the Saudis are good friends of the USA, so as long as they don't get "uppity", it does not matter how repressive and undemocratic the Saudi regime is (and they really are), the USA will continue to help keep them in power.
The 9/11 hijackers were not from Iraq, or Iran. Most of them were from Saudi Arabia. But Bush kept going on about 9/11 and Iraq in the same breath.
I don't blame you for not knowing what really is going on, since you are probably living in the USA and only have access to controlled media (aka the best free press money can buy;) ).
You don't have to believe me. Feel free to look up my claims.
As far as i know Paris Hilton did actually end up in jail for about 20 days. I don't know the typical sentences, is 20 days jail too short for what she did?
Anyway why bother so much about Paris Hilton?
How about George Bush - anyone actually remember the WMD claims? There are lots of people dead because of him. Or Diebold - anyone remember those voting machines? The best democracy money can buy:)..
In the past you could view other people's emails, take control of other people's gmail accounts, post blogs on other people's blog. There's also the recent open relay problem with gmail. Plenty more if you bother googling.
Looking at the details of some of them, it's rather sloppy work with respect to security. Won't be surprised if there are design errors which will be hard to fix (or may never be fixed - just worked around every time someone gets clever). When you design stuff securely, some of these things just can't happen - yes there'll still be bugs, but different classes of bugs. You don't have to believe me, but I've been in the IT security line before and also written webapps and other stuff.
And the rate they are acquiring new staff and new companies (see the various opensocial hacks), it will be even harder for them to improve security (assuming they're really interested in the first place).
You may say ah some of them are old bugs. But in my experience, code quality is very dependent on who the programmer is, if they're still around, they'll be doing similar things. Just look at the various programs infamous for security problems, as long as the coders were the same, they continued producing problems. It could take 5-10 years for people to get a clue, you think the bosses can wait for them to get a clue? They'll just release anyway - they have to, I don't blame them.
Or SuperCryptMan who is able to find weaknesses in popular methods of generating RSA keys, OR the actual symmetric keys[1] used to encrypt the data.
[1]Some software may ask you to wiggle your mouse etc when generating your public keys, but they don't do it for every message (where symmetric crypto is usually used), so that 128 or 256 bit key that's used might actually have a far more limited keyspace.
Tests you can do:
;).
Compare with your existing connection.
ping tests. Keep two pings running overnight, one for small packets and one for big packets (you can specify the size/length of the packet). Compare packet loss and latency.
Test sustained download speeds. Download an ISO. Some ISPs actually throttle after X megabytes of download or Y seconds.
We've also informally tested some wireless tech before by streaming internet radio, when the music stops you know the connection has stopped, and it did stop often, too often
I second that. You should test (try get a free test ;) ).
However just because the test is great doesn't mean it will be great months down the line when more users come on board.
If they have been providing wimax for a while in your area then your test would be indicative of what it might be even a year or so later. Otherwise if it's just been released, a test might not be useful.
With ADSL and leased lines the users tend to fight for their share of bandwidth (aka have contention) at the ISP's gateways to other ISPs.
With wireless tech, the users start contending for their share of bandwidth immediately after their wireless modem/device (and they still have to contend at the gateways to other ISPs).
Until the tech improves till it's cheap to add wireless capacity, this will be an important difference. For stuff like ADSL, it's actually not that cheap to add capacity - but it's typically paid for already.
Note: a lot of wireless tech doesn't do very well if it rains very heavily, I think that's not a problem for SF, but might have been for some posters here.
Yeah. I mean look at TF2, they intentionally made it look cartoony.
:). Making the graphics more realistic can be counter productive.
Duke Nukem _is_ a cartoony character
That said, trailers can be very deceptive, you might have just seen all the best parts and that's it.
A little bit of editing goes a long way, for example:
http://www.youtube.com/watch?v=KmkVWuP_sO0
http://www.youtube.com/watch?v=2T5_0AGdFic
http://www.youtube.com/watch?v=ekXxi9IKZSA
Once you've failed to restore from a backup you realize the importance of working restores ;).
Best to realize a lot of things before they happen to you.
Seems there are (were?) some performance issues with innodb when it comes to concurrent inserts into tables with a "autoincrement" primary key.
I'm not a US citizen but I actually think Obama might actually improve things a bit if he wins (or at least slow the decline/rot ;) ).
That is if Obama lives long enough. Maybe some racist guy will conveniently kill him.
Obama seems less fake. Clinton seems so fake - the stuff she says and actually does.
It seems unlikely that the US voters will vote for anything other than R or D.
I think parents should be taught to teach.
I observe that many parents just "leave it to the system" (and think it's the system's responsibility), but the foundation for a child is set by the time they are 7 years old (or even earlier).
If you want children to be better, then people who intend to be parents should be taught (or at least be offered to be taught) some basic teaching skills.
There may be debate over material etc. But I hope by now people would be able to figure out a good "basic teaching skills" course for parents.
I'm not a teacher but teachers for public schools (public money schools) should get benefits like:
1) Their children get better subsidies for education (they still have to make the grade).
2) They get subsidies for further education (if they are a good teacher).
Also, sometimes it's not just that more teachers are needed. If someone can figure out a system where the teachers can spend more time teaching and less time doing administrative crap, things might work out better.
Parents could just install it so that their kid's account can't use it. The kids might still have physical access to the machine, but parents could still try to do their job of bringing up kids :).
With Windows XP Pro you can install stuff or change permissions so that not all users can use the application.
With XP Home, you've got to find a way to install the game "for this user only", and not all games are like that. With XP Home you can actually use the commandline tools to change the permissions but that might be too hard for most.
"And I can never remember how to do it"
Use Google.
e.g. http://www.google.com/search?hl=en&q=0F+in+C
It does other unit conversions kph to mph, US gallon to UK gallons, currency conversion.
And also stuff like how long it takes to transfer 700MB over a 512Kbps link:
http://www.google.com/search?hl=en&q=700+MB%2F+512kbps
http://www.google.com/search?hl=en&q=700+MB%2F+512Kbps+in+seconds
Some parts of India. Some parts of Australia. And it seems quite a lot of places on the map you linked to.
There's always a chance that seismic activity could break stuff. But that hasn't stopped people from _rebuilding_ stuff in earthquake zones.
Probably not.
Otherwise these guys would certainly have noticed and made a big noise about it:
http://www.physorg.com/news4703.html
"Responses among the eight subjects varied with the person and stimulus. "
"For example, a single neuron in the left posterior hippocampus of one subject responded to 30 out of 87 images, firing in response to all pictures of actress Jennifer Aniston, but not, or only very weakly, to other famous and non-famous faces, landmarks, animals or objects. The neuron also did not respond to pictures of Jennifer Aniston together with actor Brad Pitt.
In another instance, pictures of actress Halle Berry activated a neuron in the right anterior hippocampus of a different patient, as did a caricature of the actress, images of her in the lead role of the film "Catwoman" and a letter sequence spelling her name."
So to me it indicates their brains organize stuff a bit differently.
So it's you who has been posting those goatse links! I doubt most of us here interested in goatse links either.
Lastly, read my mind now...
Thank you.
That's not such a fair test. You have to cook and prepare it first.
You could similarly say: go to your local European food store and ask for Potato. Eat it (note that Potatoes are usually cooked first).
Raw potato isn't very nice. Cooked it's not bad. So cooked plantain might be nice.
You missed the "On the other hand" bit.
But why? They'd say "let someone else do it".
Then when stuff happens, if the corporations go under the people running it get a golden parachute - not their fault since it was industry standard practice. And move on to some other company.
If the corporation doesn't go under, they'll just start cloning and perhaps modifying your breeds. You won't have such a great headstart on them.
George Ou is clueless.
He thinks the latency problem is because the P2P client sends lots of packets out in a go, and the way to to fix the latency problem is to talk to the bittorrent people to fix it at their end.
It'll be hilarious if it weren't for many people believing him.
Fact is it does not really matter that the P2P client sends say three 1500 byte packets at a go. If you have a 100Mbps LAN connection to the router, the router can take those three packets in less than a millisecond. Google says: 1500 * 3 * 8 bits / 100 megabits per second = 343 microseconds ( http://www.google.com/search?num=100&hl=en&safe=off&q=1500+*+3+*+8+bits++%2F+100+megabits+per+second ).
It's more a matter of whether the router decides to send those packets out your 512kbps WAN link before your VOIP or online game packets. Each 1500 byte packet takes 23ms to send out that link.
Your online game latency will go down even if your router naively decides to maintain a simple queue of packets where P2P packets always go to the back of the queue, and online game packets go to the front of the queue, and when the queue is full, drop packets at the end.
The max hit you will take in this case is 23ms - that is if the router is busy sending out a 1500 byte P2P packet while your "VIP" game packet is waiting.
Now if you are really desperate for lower latency what you can do is get the router to break the 1500 byte packets to smaller 500 byte fragments (this is what routers do). Then the first packet fragment could be sent out, then your VIP packets go next, then the rest of the frags go out when there are no more VIP packets to be sent. This cuts the maximum latency hit to 8 ms. However this approach can cause problems if your firewalls or any stuff in between you and your destination decide to drop all IP fragments - while they are doing things wrong (breaking standards), you are the one who suffers.
George does say:
"Now it is possible to solve this problem on the network level by prioritizing VoIP and gaming packets in the home DSL modem upload queue. Unfortunately, I don't have administrative access to the modem and implementing VoIP or gaming prioritization on my home router seemed to have no effect because there is nothing in the transmit queue of the home router since it connect to the DSL modem at 100 Mbps. "
He does not need admin access to the modem. What he should do is configure his home router to assume the uplink is 400kbps or whatever is a bit lower than what his uplink is. Or get a router where he can do that.
The thinnest part of the straw controls the flow.
Here's an analogy I hope you can understand:
Case #1
You go to an "All You Can Eat Buffet" and the restaurant stops you from eating all you can of your favourite stuff. Or starts taking hours to replenish the food.
The restaurant is doing something wrong in this case. Sure you might be a glutton, but if the restaurant wants to advertise "all you can eat", they have to provide the food.
Case #2
You buy a few pizzas and share them with your friend. You now decide to share out the pizzas in a way that you think is fair.
If you can't see the difference, believe me there really is a difference, keep trying to see it and maybe it'll do you some good.
Your config seems to be more for a single user.
If you have multiple users, assuming that the users only get to use one IP each, you might want to achieve some sort of fairness amongst the users.
Linux tc does not do traffic shaping per IP automatically, so if you do not want to dynamically create rules on demand, a kludge is to mask off everything but the lower bits of the user's IP address, and then use that to decide which qdiscs to put those packets in.
You've got the main point right though - you MUST set YOUR maximum bandwidth limits (inbound and outbound) to be LOWER than what the ISP can provide you, the ISP might say they can provide you XMbps, but they might be lying.
The analogy I often use is: the skinniest part of the straw controls the flow.
To find out what the ISP's real limits are: first test the latency while the link is not loaded at all. Next saturate the link, and see how much the latency goes up by, if it goes up to some crap level, reduce your max limits till the latency goes down to an acceptable level.
Not setting correct max limits is the most common reason for latency and control being bad. Once you get that right you can do the priority queues for traffic. A quick and dirty way is to just prioritize small packets that aren't fragments. Most latency sensitive applications use small packets (and there's DNS, tcp-acks etc). But some online games might use large packets to send a sudden burst of information, so if they do that you'd need to hand prioritize their traffic too.
It can get complicated to decide how to split the bandwidth up amongst many users and maintain low latency.
If you split to different users first, then only do the "traffic type" shaping per user, you may not get as low latency. Whereas if you split by traffic first, then shape per user for each traffic category, you might get better latency. That could depend on what sort of queuing you use.
One man's impedance mismatch is another man's layer of abstraction or "protocol".
An OODBMS is fine for a program to use to work on a problem (possibly a "large" one) in a more efficient manner.
But an RDBMS is often more convenient to chuck the results to, so that many different entities (programs, people, etc) can _easily_ do stuff with them.
You could have a central OODBMS to do that sort of stuff - but if you're going to have to take an "overhead" hit anyway, might be preferable to use a popular RDBMS because lots more stuff can talk to it.
You don't have to click on a new desktop icon.
All that needs to happen is:
1) for the download to be called www.google.com (or similar)
2) for the person to open up IE one day.
3) type www.google.com (or similar) into the location bar of IE and press Enter.
4) Screw up and click Open when the prompt appears (you won't be expecting the pop up, so you might press space or enter or something else that causes "click through" ).
I'm sure there are lots of other naughty things people can do.
A nuclear reactor is not WMD. There is a very big difference between a reactor and a bomb. A certain sort of nuclear reactor can be used to make bombs, but you don't use bombs to make a reactor, you might use bomb material to _fuel_ a reactor but that is a _disarmament_ process - that's one of the things you can do when you want to reduce the number of bombs! It is also claimed by the US Gov that Syria was going to use that reactor to make WMD.
;) ).
In short:
You do not ship WMD across borders to build a nuclear reactor.
You do not ship WMD across borders to build nuclear reactor to make WMD. Doh.
There is plenty of evidence that Bush was lying.
As for your real enemies. Believe me - your enemies are Diebold (what kind of democracy can you have with those sort of voting machines?), the people who proposed Diebolded elections, and last but not least the ones in the US Gov who are stomping all over your precious Constitution.
Face the facts, Iraq posed very little military threat to the USA. Iraq had no missiles capable of reaching the USA. Same goes for Iran and the rest of the current bogeymen the US Gov tries to frighten their people with. Only China has the capability to hit USA with WMD. But why would China do that? China is doing well in the economic war.
The US Gov can do a lot more damage to the USA than Iraq ever could, and the US Gov has most certainly damaged the USA a lot. Go look at your recent history with your eyes open and brain engaged.
That said, Iraq did hurt the USA by switching from selling oil in Dollars to selling oil in Euros. As long as the rest of the world holds billions of US Dollars just to buy oil and other commodities, the US Gov can print tons of US Dollars (directly or by bonds) and _instantly_ tax the rest of the world - and make them poorer. Normally when a country prints more money, it devalues its own currency, however when the USA prints more money, it gets a free ride - since the rest of the world holds more US dollars than the USA itself.
Iran has started to sell oil in Euros, so go figure. But don't ever forget Iran had a democracy, before the USA and UK decided to make them a dictatorship. Guess how many Iranians who know their history feel about the USA's talk of "democracy".
In contrast, the Saudis are good friends of the USA, so as long as they don't get "uppity", it does not matter how repressive and undemocratic the Saudi regime is (and they really are), the USA will continue to help keep them in power.
The 9/11 hijackers were not from Iraq, or Iran. Most of them were from Saudi Arabia. But Bush kept going on about 9/11 and Iraq in the same breath.
I don't blame you for not knowing what really is going on, since you are probably living in the USA and only have access to controlled media (aka the best free press money can buy
You don't have to believe me. Feel free to look up my claims.
As far as i know Paris Hilton did actually end up in jail for about 20 days. I don't know the typical sentences, is 20 days jail too short for what she did?
:)..
Anyway why bother so much about Paris Hilton?
How about George Bush - anyone actually remember the WMD claims? There are lots of people dead because of him.
Or Diebold - anyone remember those voting machines? The best democracy money can buy
Now that's what I call getting away with it.
Uh go google for them ;).
In the past you could view other people's emails, take control of other people's gmail accounts, post blogs on other people's blog. There's also the recent open relay problem with gmail. Plenty more if you bother googling.
Looking at the details of some of them, it's rather sloppy work with respect to security. Won't be surprised if there are design errors which will be hard to fix (or may never be fixed - just worked around every time someone gets clever). When you design stuff securely, some of these things just can't happen - yes there'll still be bugs, but different classes of bugs. You don't have to believe me, but I've been in the IT security line before and also written webapps and other stuff.
And the rate they are acquiring new staff and new companies (see the various opensocial hacks), it will be even harder for them to improve security (assuming they're really interested in the first place).
You may say ah some of them are old bugs. But in my experience, code quality is very dependent on who the programmer is, if they're still around, they'll be doing similar things. Just look at the various programs infamous for security problems, as long as the coders were the same, they continued producing problems. It could take 5-10 years for people to get a clue, you think the bosses can wait for them to get a clue? They'll just release anyway - they have to, I don't blame them.