A nasty local kernel vulnerability

a) Your analogy to the physical world is inapplicable as the potential for exploitation at a massive scale changes the economics considerably.

b) The Average Joe has no clue about the severity of a vulnerability or about the sophistication of the current generation of attacks. It would be good news if your Average (I assume, Professional) Joe did an actual cost/benefit analysis but, at least in my experience, they generally have neither the expertise nor the professionalism to do that.

67 billion a year in the US only, according to the FBI in 2006.

You are correct in stating that you don't have to have perfect security. But it's like the bear/shotgun joke goes: you don't have to outrun the bear, you have to shoot your mate in the knee so you can outrun *him*. When PaX && Brad "cry wolf", they are actually showing you that your mate can outrun you, so you're bear snack!

Bonus: mixing two animal-world metaphors... :-D

sure, if you're talking about your own ;). you see, you didn't answer a single question of mine. do you have stats or not? you don't. do you have examples where we cried wolf? you don't. facts speak, strawmen don't.

> You assume people want to know about all security bugs for some reason.

quote me back on that or you just made this up. seriously, do find a quote from me where i said anything even remotely close to that. you won't because you can't because i never said anything like that (never mind that right in the very post you responded to i said myself that there're people who care to whatever extent and there're people who don't care). making reality fitting your distorted world doesn't work without backing up with (preferably less distorted ;) evidence. so go find some (this goes for all your other posts too, but i'll address some of them there).

> And Joe Average is the same: security bugs which have little chance of
> affecting him directly are of no interest to him!

you're wrong, did you even read my post you responded to? it's not only that the average user (most people) don't care about bugs that don't affect them, they don't care about *anything* whatsoever because they don't even *know* that such things can exist (and the few who the mass media manages to reach with this information still don't *understand* so they're not in the position to be able to care)!

> From that POV you "cry wolf" all the time and you are much, much, MUCH closer to 0% then to 100%, sorry.

here we go again, without any shred of evidence of what exactly we did that you think was crying wolf? a single example pretty please (although i'd still prefer that stat of yours ;)? and i mean examples that exist on the internet, not in your head only.

> When you bait these people [...]

evidence please or you made this up.

> [...]ridicule them because they don't diligently study all your patches

yes, we critize people who should care about security but don't. you also critize everyone who doesn't think your way, what's your point then?

> you just show your hypocrisy, nothing more, nothing less.

i suggest you look up that word, it doesn't mean what you think it does (hint: it'd apply to us if we expected others to care about security whereas we wouldn't care at the same time, i think even you admitted that that's not the case ;).

> That's about what people expect from discussions on LWN

provide evidence or you made this up. be careful 'cos i have my own quotes directly from lwn posts where people explicitly asked the exact opposite of what you're suggesting here ;).

> and that's what you expressly refuse to discuss.

what i discuss is not up to you to decide mon ami, it's up to me. you don't have to like my choices any more than i or anyone else has to like yours or anyone else's. welcome to the real world. with that said, i think i provided about 1000x more useful information about security bugs over time here and elsewhere than you ever will (your whining doesn't count ;).

> You show some snippets of information

did you even read what i posted? it was *public* information, linked straight from the article. you know there's some irony in that you're showing the exact symptomps of the twitterbrain that you so critized in the past yourself ;).

> and then laugh on people

evidence or you made this up too. if anything, i was worried about them destroying their systems by being so careless when they ran an exploit they didn't understand (the loaded gun example, see somewhere above).

> who can try to understand if they actually should care about it or if
> they should expect their more or less regular system updates to fix
> problems.

khim, if you don't understand a topic, can you please stay out of discussing it, never mind giving out advices to the laymen? i wrote about this before in this very thread but let me repeat it: your kernel is *not* exploitable because someone posts a working exploit to the public! your kernel is vulnerable because it has an exploitable bug! can you digest that? do you understand that testing your system this way would only give you a false sense of security? yeah, i don't expect you do. so please take it on faith that you should not care because you see an exploit in the wild, you should care because there is an exploitable bug in your system, don't wait with the upgrade till an exploit appears.

> After few such repeats

more evidence wants to be seen.

> people learn that it's more-or-less impossible to receive useful
> information from you[...]

first, i didn't know i was supposed to provide such a service. second, when spender or me did provide such information in the past, we were criticized for *that*. i don't think you can have it both ways ;).

> and they know that after bazillion of your "wolf" cries wolf didn't come

this is again the same lie you keep repeating and based all your rants on. so prove it or admit you made this up.