I have personally experienced the taking-down of sites and content by ISPs which were legally bullied (cease and desist orders) by large companies to make the site/content go away. It's possible that for every one site/piece of content that I've seen taken down outside of due process, short-circuiting the burden of proof, there may be many other sites where the ISP referred the matter to a legal department and determined that it was just corporate bullying, and took no action.

In my personal experience, when a big company threatens to take action against a smaller company, unless it's a high-profile case that the EFF is willing to tackle, the smaller company seems to fold and remove the site/content. It simply costs too much to battle it out in court, so the big guy often wins.

Does anyone have any experience with a smaller company telling a larger company to go suck eggs and successfully fighting a suit or threat to sue? Maybe I'm just cynical....

You'd think it would just be cheaper to sue - or threaten to sue (the ISP?) - anyone creating a defamatory web-site for defamation of character. Lawyer letters to the ISP of "offending" web-sites are generally effective, especially from a Big Bank.

I don't consider an item created under a limited production run ("limited edition to 500") made with specialty components ("sapphire-crystal glass monitor...all visible elements...made from solid titanium") a top-of-the-line professional camera. I don't think a lot of serious photographers, professional photographers, are going to be snapping this one up. It's a toy; and at $29,000, is a very expensive toy.

Just don't put this on the Christmas Elves or Elf Bowling sites.... Let's see, risk factors:

* Tech-clueless relative just got their first computer for Christmas. "Chooses" I.E. as browser. Drawn in by Elf Bowling. There's a virus on your computer, click here!

Oh, man....

And related to what an earlier poster said, why is it that we need to use Internet Explorer in order to update our Windows boxes? I still find that a little bit anti-trust.

To borrow from 2001: My God--it's full of holes!

There's not a single item on that list that interests me. When I went to the Smithsonian in DC, I saw a lot of jewel-encrusted items (cell phones, Monopoly board). Once you spend a fortune on having a unique cellphone, what do you do with it when the next model comes out? Toss it away to the peasants? Perhaps donate it to the Smithsonian for others to gawk at? Walk through and take a look at some of the crazy jewelry and precious stones there, and for me, the only thing that comes to mind is: "You can't take it with you!" and "I wonder how many people owned these items before they ended up here?"

The submersible shark seems neat, until you realize that it's just a sub, and requires a lot of upkeep, in addition to a place to use it, and store it when not in use. As if a helicopter needs to be made more elite? Not many of us would have a place to land one, regardless of how it was outfitted. The Kid's walker seems pretty cool, but then I looked at the scale and found it frighteningly large. Would it fit through doors? At least handi-capable kids wouldn't be teased as much. Just need a few shoulder-mounted rockets, grenade launchers and machine guns.

The most expensive TV? Okay, it has diamonds...but what device besides a computer would be able to put out a signal at the native resolution of 4,096 x 2,160? For that price, it better have some sort of specialized Blu-Ray player than up-scales...I actually just realized that it's twice as many pixels as 1080i, so I guess you could watch two HD signals at once? Opulence!

I'm surprised the speakers made the list, as $8,000 isn't out of the price range of a real audiophile. I just wonder what their actual acoustic characteristics are. Glass? That can't be the ideal medium for sound.

In the end, when I see a list like this, at prices like that, I instantly wonder "how many top-of-the-line professional cameras could I buy with that?" or "wouldn't I rather have an observatory?" For the price of that TV, I could have a small secret lair, with hidden entrances, all sorts of bubbling items and at least one assistant with a hunchback for atmosphere!

It always makes sense to operate based on the assumption that you may already be compromised. If you take a look at your data, and you think that impenetrable firewall is going to keep people from accessing it, you're delusional. Security, or lack thereof, is measured in time. If what you're securing is important, the question is not can this information be accessed but how long until it can be accessed. Compartmentalization is an important part of any security plan. Finding ways of keeping people out is something the security field has been working on for ages. Have different passwords for everything. Change passwords regularly. Audit data accesses. Watch for suspicious behavior. Keep off-site backup of data and forensics information. Create different subnets and VLANs to segregate traffic. Train all employees in basic security measures. Ensure that no employees are above security - no backdoors, everything audited. I'd say the most important thing to recognize, though, is exactly what they said: unless a resource is sitting in a heavily-guarded Faraday-cage, inside a vault, turned off, and not connected to anything else, it can not be considered 100% secure. Everything else is risk management.

I love Wikipedia because it's free. I also love Slashdot because it's free.

Why do I pay Slashdot $5 every once in awhile? Because of the cool benefits! I mean, I get a special asterisk, am allowed to see things a few minutes before they're actually posted to the rest of the site, and it just feels cool to donate money to a geeky/techie site. If everyone here donated $5, it would change the face of Slashdot, or something.... I like supporting a community that I believe in.

Why do I not pay Wikipedia anything? Well, I just don't see the benefit. To me, Wikipedia is a community managed product. We're already spending our time keeping things accurate and up-to-date. Why pay to work?

While editing an encyclopedia feels like work, moderating Slashdot actually feels like I'm accomplishing something important. I'm helping other people filter junk, and they are (conversely) doing the same thing. Everyone loves power, but as we know, power corrupts and absolute power corrupts absolutely. So if you give a BUNCH of people a little power, they'll enjoy it, but not really be able to abuse it in any real sense.

If Wikipedia wants my money, they should consider adding cool features like Accomplishments, and making it easier to "moderate" the content. Anyway, more important than all that: Rob Malda is simply more cool than Jimmy Wales. What Mr. Wales needs is a cool name, like CmdrTaco, and then we'll talk. Also, just gut feeling, if I had to choose a guy to fix my computer, or hang out and geek with, it'd be Rob. I wonder if Jimmy is a PC, and Rob is a Mac? Just saying!

I think this is a good step forward. I'd like to see the majority of plugins in a sandbox. I like to use them, but you can't always be 100% sure if you can trust them or not. Sure, there are applications that have been around for ages, are designed by good companies that have decent reputations - but what about that "must have app" that you're not completely sure about? I know on my Blackberry, each application has its own permissions. I can add and remove permissions at will, and even set them to prompt me. I've always found Internet Explorer a bit scary, but have never worried much about Firefox. With some plugins, it should be a no brainer: does a weather application need access to my hard drive, aside from a caching space? I don't think so. Possibly plugins could be vetted and reviewed by a committee, and given permissions within the browser/OS based on what they need to do, and each plugin would have a "safety rating" (red, yellow, green) so you can choose your exposure. If all of your plugins were "green," you'd know that the committee reviewed the code and set the permissions in such a way that your data could not be compromised. If code could not be reviewed, it would automatically be marked yellow or red. I like the idea of choice as equally well as I like safety and security.

I have to say, the new Tron movie has certainly reminded me that I should go back and re-watch the original Tron movie. There's another article on Slashdot talking about how special effects just don't have the same impact now.

http://entertainment.slashdot.org/story/10/12/14/1853200/Why-Special-Effects-No-Longer-Impress

Before CGI was the standard, you actually had to build models, use actual smoke and pyrotechnics. I have respect for vintage movies that had to work for it and that didn't have the same tools we had today. When a 10-year old girl today has a better processor and more memory in her cellphone than any of the computers used during the creation of Star Wars, that turns the tables a bit.

My problem is that special effects should enhance a story-line or visual, not be the story-line or visual itself. As has been proven by many excellent movies in the past, you don't need to render a 3-D space scene to make the audience believe that our actor is in space. Science fiction stories have also proven for decades that you don't need a visual or even much detail about the technology itself, to build a compelling world that people will visit and revisit again and again. In the end, our minds will always have a greater capacity for creativity than anything that can be generated by a computer, and sometimes leaving out details (Hitchcock? Asimov?) can make a piece have greater significance and longevity than one that pulls out all the stops and ends up leaving the audience feeling empty. Storytelling is becoming a lost art, sadly.

Yahoo is a bit weak in the search engine area, but as someone mentioned earlier, they do own Flickr. When signing-in, I've noticed that Yahoo is trying to capture the "portal" status it once had. The campaign talks about having all your stuff in one place, but what it seems like is having all of your passwords stored in a central location, which to me is just a bad idea. Yahoo's not as likely to get hacked as, say, Lifehacker's site - but do I really want to access my bank through Yahoo? Not likely. I use Google for searching and Yahoo because of Flickr - but that's it. When people send me e-mail to my Yahoo account, I summarily ignore it. There have been people who have spoken to me months later saying "hey, did you ever get my e-mail?" It's funny. Then I give them my real e-mail address, and we're good.

I lost faith in Yahoo when they locked down their web-based e-mail service into this Ajax-y, Flash-y garbage. When will companies learn I want to browse using my browser? Also, you can't POP/IMAP your e-mail without paying, and who wants to pay for e-mail when I can have it free elsewhere?

For what I do, Yahoo just isn't relevant for much of anything anymore. The secret to making an award-winning portal site is to create content that people will come back to and visit every day. Heck, Slashdot with achievements has far more pull for me daily than Yahoo's messy cluttered flashy home-page.

As an open-source advocate, I often tell people the "more eyes on the code means improved security." I would say this is true in general, on average, given large values of X. For specific issues, well-buried in the code, you might not catch it. Back when I was in development, they used to use all sorts of tools to find backdoors, hidden code loops, unused code fragments. I'm wondering why after all these years, no one caught it? I guess my pie-in-the-sky fantasy is that my security buddies in the open-source community are ever vigilant, actively seeking this very thing, and squashing any attempts to insert something so malicious into the code base. On the other hand, hardly anyone would have the chance to find this on the closed-source side, so even just the opportunity to review/audit the code is far better, IMHO, than no opportunity at all.

Someone posted a code snippet earlier. I'm not sure if it was a joke or the actual backdoor grepped and shown here. However, this type of backdoor should have a signature, and someone should write an open-source application that constantly searches through the code-base looking for logic that doesn't look right. If that snippet is what all this fuss is about, that could have easily been found with a simple grep command...years ago. I'm not just worried about the government, but what about just malicious people in general? Who's to say there haven't been sophisticated, hacker-friendly vulnerabilities just waiting to be exploited in Linux, BSD or Windows?

On the one hand, I see how important it is to control personal information, whether it's your information or if you are the person entrusted to keep it safe. On the other hand, I see government-style regulations like HIPAA causing nothing but heartache and useless redundant paperwork for service providers and consumers alike. I mean, Jesus, how many times should I have to sign a HIPAA disclosure statement? Multiply that times the number of people in the United States who visit the doctor, times the number of times those people go to the doctor per year; that's a lot of trees, and that's just one single form that everyone is required to fill out. Disaster. In the end, does it really keep your information safe, or is it just the appearance of safety? Would that disclosure keep someone from hacking into a database server and performing a full dump of its contents? I don't think so. I mean, it might compel improved security, better training, and (once again) more paperwork and identification checking - but credentials can be forged, people can be compromised using social engineering strategies and paperwork is pretty much useless except for lawyers to pour through later at $250 an hour.

I do like the idea of a set of standardized, public, standards-based (open-source?) information security guidelines that businesses can follow check-list style, with auditing for maximum benefit, possibly tiers ("Silver" for check-list compliance, "Gold" for annual audits, "Platinum" for monthly audits by a certified third-party). My password was one of the many leaked over on Lifehacker, but that's okay, because compartmentalization is a basic security premise I live by. Compromised in one area? That's okay. The 200+ other places I connect are still secure. But, seriously, how would one know when creating an account for the first time on a service that the place is secure or not?

Take that a step further, and more germane to this discussion, any of these informants could be tracked down and killed. Granted, if someone were to gain access to my "I Can Haz Cheeseburger?" profile, they could wreak some serious havoc. But if local criminals had access to an indexed database of informants, I would consider that a slightly more serious compromise.

The government needs to have some sort of oversight department (Homeland Security, perhaps?) that has the authority and responsibility to randomly audit every agency in the US that stores sensitive information. The data owners need to be held accountable for their fiduciary responsibility for this information, and heads would need to roll if there's a compromise of this nature and depth. In the case of an audited system, why wasn't this caught? What was that, six or seven months? It's a bit scary that it took someone performing an Internet search to fix this leak. An easy way to fix this problem would be to pepper all databases with normal-looking but fake information. Set-up a Google Alert for each piece of information and if that info is seen anywhere by Google, trace the leak. I'll bet Google could have found the leak much sooner, and a large company like that could easily be asked to purge the data and assist with forensics.