It doesn't sound like you read the article, but your questions are still just as valid. TFA states that they had not exhausted all non-GPS solutions to tracking him. But then it fails to go on the say why they felt they needed to track him in ANY capacity in the first place.

...but if I show up on time during the week and do my job

The TFA does indicate the employee "filed improper time sheets" and eluded to the fact that a "...pattern of misconduct and the difficulty of constant in-person surveillance justified the technique". Guess what, folks? It is not justified. Someone should be fired for this.

The vast majority of commentors I've seen on both /. and the article itself are all kinds of cynical and this does not help /., and it doesn't help the community. It makes me sad.

Yes, we realize that you are an amazing h4X0r capable of creating code devoid of buffer overflows, race-conditions, (all sorts of) injection attacks, etc. Perhaps you've forgotten there is a spectrum of programmers and like it or not, you are probably an AVERAGE coder. (They don't call it average because everyone thinks they are great.) A programmer will always make assumptions about the underlying environment and will always have to sacrifice security functionality in the name of time/resource-savings. And in case you haven't noticed, some systems do not actually require DoD-level security with zero vulnerabilities. They merely require a level of security commensurate with the environment it runs in. It's one thing to design a system for physical attacks or reachable through a public IP and another thing entirely to protect against measured threats within a managed network environment or air-gapped system.

There is a wide spectrum of security risks and a wide spectrum of programmers and development practices. Corporations generally match them up appropriately, which is why you don't see outsourcing of internal top-secret DoD systems out on rent-a-coder.

There's nothing I can say that others haven't already said. I was introduced to this site in 2000-2001 and by then the uids were already in the high 5 digits. I also remember actually being able to have an email conversation with cmdrtaco about some bug or another on /. and being a little amazed at receiving an actual response within 15 minutes. It was - it *is* - the seeming connectedness of us nerds on /. that makes it one of the true cornerstones of the Internet.

How much of this is attributed to excessive tweets due to, and in conjunction with, a highly volatile market?

You do realize that PCI compliance covers things like the PoS terminals and the like, right? PCI Compliance is a security guideline document that is supposed to be used if you receive customer credit card information at all.

Period.

Do you use a PoS to process those cards? Is it secured? Is it connected to an open network or on a dedicated line? Is the credit card number printed on the slip? Are those slips secured in a safe place? Does the minimum number of people have access to this slips? etc.

It is NOT a system just for web e-commerce, but most people seem to think that it is.

You can already do this with Amazon's Elastic Beanstalk. Yes, it costs. So would insurance.

If you've rooted your phone, then what guarantee does ANY question posed to the phone have of being legit?

Actually, TFA states that if you purchase an MP3 from Amazon, it is automatically synced to their service. But other content will have to be uploaded, yes.

This is a valid point and underlines that automated testing can only be as good as the test designers. If the test designers fail to take into account proper bounds-handling, error conditions, interactions, etc. between modules, then you can -- at best -- protect yourself from regression issues.

I think of testing as an evolutionary process: keep with the tried and true (automation), but throw in some mutations (manual testing) to ensure you are capturing the full spectrum.

I recently saw a bamboo bicycle and was blown away by the look and feel. A biodegradable frame built out of material known for thousands of years to be highly durable and strong.

Cookies have legitimate uses that have nothing to do with "tracking". Perhaps the issue comes with trying to interpret the specific language used rather that knee-jerk "everyone must opt-in". If your cookies are not used to track -- if you do not use, for example, Google analytics -- then you are not in violation. The article basically states this.

Have you even used Google Docs before? Every document has a detailed versioning history with full support to revert back.