On 1/9/2014 1:27 PM, Kanwar Ranbir Sandhu wrote: > I think everyone should assume the entire ecosystem is compromised and > shouldn't trust anything. Code should be reviewed and bugs/weaknesses > removed IMMEDIATELY. The problem is obviously not everyone is a > programmer and not everyone will have the knowledge to understand how to > fix/improve the security issues. Of course, some software is still > good, but who's going to verify that and when? If you don't use free > software, you're a goner because now you have no ability whatsoever to > audit the code! I've programmed for 40 years, and I don't understand encryption algorithms nor can I evaluate their strengths and weaknesses. I know very few programmers who can. None personally, in fact. -- john r pierce 37N 122W somewhere on the middle of the left coast