The vast majority of commentors I've seen on both /. and the article itself are all kinds of cynical and this does not help /., and it doesn't help the community. It makes me sad.

Yes, we realize that you are an amazing h4X0r capable of creating code devoid of buffer overflows, race-conditions, (all sorts of) injection attacks, etc. Perhaps you've forgotten there is a spectrum of programmers and like it or not, you are probably an AVERAGE coder. (They don't call it average because everyone thinks they are great.) A programmer will always make assumptions about the underlying environment and will always have to sacrifice security functionality in the name of time/resource-savings. And in case you haven't noticed, some systems do not actually require DoD-level security with zero vulnerabilities. They merely require a level of security commensurate with the environment it runs in. It's one thing to design a system for physical attacks or reachable through a public IP and another thing entirely to protect against measured threats within a managed network environment or air-gapped system.

There is a wide spectrum of security risks and a wide spectrum of programmers and development practices. Corporations generally match them up appropriately, which is why you don't see outsourcing of internal top-secret DoD systems out on rent-a-coder.

There's nothing I can say that others haven't already said. I was introduced to this site in 2000-2001 and by then the uids were already in the high 5 digits. I also remember actually being able to have an email conversation with cmdrtaco about some bug or another on /. and being a little amazed at receiving an actual response within 15 minutes. It was - it *is* - the seeming connectedness of us nerds on /. that makes it one of the true cornerstones of the Internet.

How much of this is attributed to excessive tweets due to, and in conjunction with, a highly volatile market?

You do realize that PCI compliance covers things like the PoS terminals and the like, right? PCI Compliance is a security guideline document that is supposed to be used if you receive customer credit card information at all.

Period.

Do you use a PoS to process those cards? Is it secured? Is it connected to an open network or on a dedicated line? Is the credit card number printed on the slip? Are those slips secured in a safe place? Does the minimum number of people have access to this slips? etc.

It is NOT a system just for web e-commerce, but most people seem to think that it is.

You can already do this with Amazon's Elastic Beanstalk. Yes, it costs. So would insurance.

If you've rooted your phone, then what guarantee does ANY question posed to the phone have of being legit?

Actually, TFA states that if you purchase an MP3 from Amazon, it is automatically synced to their service. But other content will have to be uploaded, yes.

This is a valid point and underlines that automated testing can only be as good as the test designers. If the test designers fail to take into account proper bounds-handling, error conditions, interactions, etc. between modules, then you can -- at best -- protect yourself from regression issues.

I think of testing as an evolutionary process: keep with the tried and true (automation), but throw in some mutations (manual testing) to ensure you are capturing the full spectrum.

I recently saw a bamboo bicycle and was blown away by the look and feel. A biodegradable frame built out of material known for thousands of years to be highly durable and strong.

Cookies have legitimate uses that have nothing to do with "tracking". Perhaps the issue comes with trying to interpret the specific language used rather that knee-jerk "everyone must opt-in". If your cookies are not used to track -- if you do not use, for example, Google analytics -- then you are not in violation. The article basically states this.

Have you even used Google Docs before? Every document has a detailed versioning history with full support to revert back.

Now I feel like an idiot. It turns out that the story is still there -- it's just that having clicked on the comments brings me to the start of the comments in that story. I just have to scroll up to see the summary. Clicking on the story headline brings me the whole shooting match .

Awesome.

Looks like when submitting a comment, there is some missing css on the "Comment submitted" string. It still appears in 8 point (?) Times New Roman rather than a larger sans font that slashdot is using.

User agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 (.NET CLR 3.5.30729)

I think the new look is very nice. Kudos. One thing that is missing in the new version is that the story summary is missing in the comments section. I generally fire up a tab for each story on the main page. In the mornings or after a particularly long spell, I might open 5 or 6 tabs. In the old edition, the story summary would be replicated at the top of the comments where I could read the story, and then read the comments. Sometimes I would go back and forth from comments to summary if there is something in the summary being discussed. Please bring back the story summary!