CNN iPhone App Sends iReporters' Passwords In the Clear
I think the real issue is that people tend to use the same login info on multiple websites. So even if having access to the victim's CNN profile is no big deal, having access to Clarence's Amazon login credentials is a whole different matter.
Chicago Red Light Cameras Issue Thousands of Bogus Tickets
A few [states] don't even require you to stop when making a right turn, if the way is clear.
What states are those? I travel around the U.S. *a lot*, and I've never seen this... I'm guessing it's going to be something like Wyoming, North Dakota, etc. (I'm asking sincerely - I think at one time some of those states had no real "upper speed limit" - the law was written to the effect "can't travel faster than the conditions allow" or something like that..)
Critical Vulnerabilities In Web-Based Password Managers Found
I think it's literally called "Elephant" (as in, "an elephant never forgets").
(Honestly, at first I thought you might be thinking of Evernote (apologies!), but then I saw your UID & figured that was very unlikely...)
The First Person Ever To Die In a Tesla Is a Guy Who Stole One
Agreed. And with a Toyota, the car might very well accelerate to 100 MPH, crash and burn all on its own.
Uber Is Now Cheaper Than a New York City Taxi
"Cheaper than a New York taxi"... umm, "What is a bar of gold, Alex?"
Amazon Sues After Ex-Worker Takes Google Job
OK something here doesn't make sense. The company "shut its doors". Maybe we define things differently, but to me that means filing for dissolution; not Chapter 13, not in hibernate mode - "shut the doors". I've personally been screwed over by a company that owed me a significant sum when they dissolved the company... at that point, you can go pound sand, the corporation is the equivalent of a dead body -- scream at it all you want, nothing's going to happen.
Protesters Launch a 135-Foot Blimp Over the NSA's Utah Data Center
"Nice blimp ya got there. Sure would be a shame if something happened to it."
Ask Slashdot: How Do You Ensure Creative Commons Compliance At Your Company?
We don't even use that. We order CDs full of pictures. I dunno where they come from, I don't care. We own the photos outright and they are good for generalized photos (i.e. some support person with a headset smiling, ready to take your order)
Ummmmm.... you might wanna be careful there. Especially the "dunno where they come from, I don't care." You should.
If some scammer from FooVille fills up a CD with images pulled from the internet, images he/she has no right to re-distribute (copyright assignment), you are exposed as well. Even if you can point to the CD, point to the scammer and say, "Here's the order, this person told me he owned all the rights, blah blah blah", I can assure you that the tenet "ignorance is no excuse" still holds. This would be considered mitigating factors, but you would still be on the hook. Particularly if the original source is Getty Images or the like, they'll go after you on principle alone.
Don't get me wrong, you're trying to do the right thing, and the whole flipping copyright law is buggered. I'm just telling you, you are still seriously exposed. Tread carefully!
Overeager Compilers Can Open Security Holes In Your Code
The classic example of a compiler interfering with intention, opening security holes, is failure to wipe memory.
On a typical embedded system - if there is such a thing (no virtual memory, no paging, no L3 cache, no "secure memory" or vault or whatnot) - you might declare some local (stack-based) storage for plaintext, keys, etc. Then you do your business in the routine, and you return.
The problem is that even though the stack frame has been "destroyed" upon return, the contents of the stack frame are still in memory, they're just not easily accessible. But any college freshman studying computer architecture knows how to get to this memory.
So the routine is modified to wipe the local variables (e.g. array of uint8_t holding a key or whatever...) The problem is that the compiler is smart, and sees that no one reads back from the array after the wiping, so it decides that the observable behavior won't be affected if the wiping operation is elided.
My making these local variables volatile, the compiler will not optimize away the wiping operations.
The point is simply that there are plenty of ways code can be completely "correct" from a functional perspective, but nonetheless terribly insecure. And often the same source code, compiled with different optimization options, has different vulnerabilities.
TrueCrypt Author Claims That Forking Is Impossible
Matt Green, the cryptographer leading the TC audit effort, had established contact with one or more developers (somehow) over the last year or so.
So, to most of us, the TC developers are still anonymous, but not to everyone...
Cockpit Revealed For Bloodhound Supersonic Car
Of course it can't turn at full speed in just 240m. 240m is the distance across the circle (diameter) for the vehicle to "Turn Around" (turning radius 120m.)
GM Names and Fires Engineers Involved In Faulty Ignition Switch
I think maybe this is the article (blog post by Miro Samek) that youre referring to?
Ask Slashdot: PC-Based Oscilloscopes On a Microbudget?
Yes, but "oscilloscope" != "logic analyzer". And the Logic 16 (I have one) is 5x the OP's stated price range.
I kinda feel like the OP asked where he could find a cheap, sporty little car, and you're telling him he should consider buying a fire truck.
Google Releases VirusTotal Uploader For OS X
Wow. Just went over to download the Windows version of the Uploader tool - the installer isn't digitally signed. WTF?!?!?
I'm still shocked that so much software from legitimate companies isn't digitally signed. I do a lot of firmware development, and very few companies' installers are digitally signed (IAR, I'm looking at you). Sheesh. Even a tiny company like Saleae and the main developer of TortoiseSVN ,Stefan Küng, have digital certificates for signing code, why can't a bigger company be bothered with this?
Adobe Creative Cloud Is Back
Totally agree. Still chugging away on my 7 year old copy of CS3, bought back when I qualified for the student discount. (Actually if I want to find CS6, I should probably start looking now. Just did some poking around, looks like slim pickings already. Even Fry's, which I normally avoid, is only selling Cloud now, sigh...)
Proton-M Rocket Carrying Russia's Most Advanced Satellite Crashes
CIA: "Hey Putin, nice rocket you got there. Sure would be shame if something happened to it in flight."
FCC Votes To Consider Next Round of 'Net Neutrality' Rules
The old saying goes, "Never attribute to malice what can be adequately explained by stupidity." But if you knew the whole story, you would know that stupidity does not adequately explain Wheeler's actions. It is malice, through and through.
True, but let's acknowledge the fact that Wheeler could be (probably is) a dumb mule as well.
A malicious, conniving mule who's lining his pockets with bundles of cash from Comcast & Verizon etc., but a dumb mule nonetheless. (Speaking of mules, don't they whip mules if they don't do what you need them to do?)
Disclaimer: animal-lover. I just have a lot of contempt for Wheeler and his ilk.
Ask Slashdot: Minimum Programming Competence In Order To Get a Job?
This probably doesn't help you very much, but the places that insist on that kind of interview are probably not the kind of place you want to work, anyway.
I know that's easier to swallow when you're gainfully employed as opposed to looking for a job (I'm not saying you're in either camp), but it's the truth.
BTW, not sure if you're a C++ programmer, but Scott Meyers would agree with you: https://en.wikipedia.org/wiki/...
A Look at Smart Gun Technology
I was recruited by a company working in this area, to help them fix their electronics & firmware. Seemed like the classic case of a product that started as a prototype by one guy in the company as a side-project or skunkworks, then management saw a bandwagon they should jump on.
The quality of the engineering was horrible. Most of my work is in safety-critical or life-critical applications, and I've seen it all, from poor to excellent, but this was appalling. Needless to say, I ran! (Yes, I see the jokes coming a mile away). But seriously, I was worried about getting sued if somebody got injured, and even worse, I was worried about somebody getting injured or killed by defective electronics or firmware. This isn't the kind of industry I work in anyway, but I thought I'd give it a look out of curiosity, and man was I shocked.
I know this is anecdotal, YMMV, blah blah blah... just thought I'd provide a little "real world" insight based on my (admittedly very limited) experience and exposure.
USPTO Approves Amazon Patent For Taking Pictures
The patent office is over worked, understaffed, and runs on quotas) he's supposed to help the company reword the patent to make it acceptable. Almost no patents are simply rejected. The examiners and companies tweak each patent until it fits.
I've heard this from 2 EE (electrical engineering) colleagues I went to school with. One of them is a patent examiner, the other is a patent attorney. Of the 3 of us, I think I'm probably the happiest. (I'm you're typical working engineer, although I work for myself, not a corporation. That might have something to do with it...)
Smerta has no journal entries.