Give some benefit of the doubt. Keep in mind this is a New York Times article -- it is written in way that they feel should be understandable to any 8th grader in the country. Add onto that, that the reporter is almost certainly not understanding anything this guy has to say. Add onto that, this guy is actively working on the investigation, and he might not be willing or able to divulge any actual information. Add onto that that the New York Times readers (staff included) are generally outraged at the banking industry, so there is no doubt a bias to roast a big player in that industry.

Some questions: Is this guy the original source? What does "security expert" mean? CISSP? Manager of the "security department" that is running the investigation? Outside consultant? Who knows, if the article contained this information it did a bad job of conveying it.

The way I read it, it seems to me that this guy is probably referring to the criminals. When I first read it, he was conveying to me, "The last place criminals will look for an entry point is the front door. When they found it, they seemed prepared with a sophisticated and fast way to drain as much info as they could prior to detection." It's almost as if he is suggesting that it was an inside job without coming out and saying it. Correct me if I'm wrong, but there is nothing that suggests that the account numbers were in the url in plaintext. Perhaps they were ROT13ed or similar, or perhaps the key was in a script on the client, or perhaps the key was the remote ip address or something equally dumb. This would still be unforgivable from an architecture point of view, but it easy to see how something like this could escape notice during day-to-day code reviews. "What's that string for?" "Oh, that's our session id."

There are a million contexts and situations where what this guy said could make good sense. Why the New York Times is publishing truncated sound bites of opinion from anonymous sources is the baffling thing here. The New York Times might be able to corroborate facts from an insider, or otherwise trust the information, but in my mind they should not be printing opinion or speculation from an unnamed source with an obvious interest in the outcome.

The use case is this: iPhone 4 comes out, iOS dev team needs to test the app on that device. No team member has an iPhone 4. The only way for the team to acquire an iPhone 4 is to get a 2 year contract with AT&T. It's technically possible to do this, but most IT procurement teams are not set up to do this, so you need exceptions all over the place, it takes forever, etc etc. It's also far more expensive than it should be. It ends up costing $1000s for a ~$600 chunk of hardware.

Again, the locked phone/contract never blocked work getting done, it was just a giant pain to deal with.

I am kind of amazed that Apple's U.S. enterprise/corporate customers have put up with locked phones for so long. I remember some previous models were available unlocked (or at least contractless -- I forget the details). But the majority of the iPhone timeline these phones have required a contract and a phone number. I have worked for two different iOS dev shops, and in each case it was either a complete PITA to get devices, or the devs/qa just used their personal devices because there was no other effective way of getting hardware from a corporate procurement point of view. The provisioning has improved over the years, but getting an actual device has been probably the biggest pain in doing corporate iOS work. Hopefully this will make that situation better.

It's a line from Raising Arizona.

That's a little bit misleading. This project is basically instrumentation that you add to an asp.net 4.0 webapp. It does not seem to be usable by any other kind of webapp. It doesn't even look like it would be easy to port to the other major platforms.

I disagree. I don't mind ads, mostly. But am I ever going to buy Framemaker? Am I ever going to use Groupon? Am I ever going to deploy IBM's application virtualization infrastructure to my cloud? No. The problem is that this ad network sucks, in almost every dimension. I'm pretty sure that this is the worst ad network that I see on regular basis. (OK, maybe Conde Naste's "let's cover the entire page of our own content with an ad" is worse, but not by much. At least it's just one click to get rid of it.) It seems painfully obvious to me, but I'll say it out loud -- If your ads make your content worse, accepting them is a bad move. Find another way.

I am kind of astounded at how easily people give away access to their email accounts, no matter how harmless the intent of the email is. I got swamped by invites from facebook when several of my friends gave it access to their address books. Now that's just annoying, but is this guy's security up to the same level as gmail's? I tend to doubt it...

As an aside, what the hell happened to slashdot? A couple days ago it was its usual tolerable self, but now I have the most garish ads for Adobe authoring tools and groupon and nonsensical cloud virtualization things, and it's slow as hell. I am happy to co-exist with ads if they pay the bills, but these ads kind of ruin everything. Is slashdot on its last legs?

Seems like perfectly solid reasoning to me:

WebP, by Jeff Muizelaar.

I must have mis-represented myself in my original post. I am not talking about buying $1,000 speaker cables. I am talking about buying $25 RCA cables rather than $2 RCA cables. I don't have the willpower to endure an ebay/craigslist trawl for cables to save $10. I just go to amazon and find something that looks decent, and it's usually ~10x the price of the cheapest cable, and I buy that. It's not about the money, it's about the inevitable time and hassle that dealing with junk entails.

Yes, I've had cables that failed. They did not spontaneously combust, but I change the wiring in my stereo about 6 times a year, I have kids, and the crappy stuff breaks down surprisingly fast. I am not trying to make a financial case for this. I am just saying that, in my experience, it worth the extra couple $10s to get decent build quality such that the stuff will last a lifetime, and the stout stuff is inevitably marketed as "audiophile grade".

Thank you for that link, that place looks awesome. I will definitely return there the next time I need a cable.

Sorry if I wasn't clear -- I was not referring to speaker cables. I have plain 16 gauge copper for my speakers, and it works fine. I got it in 1993 or so for about $10 probably, and it's been perfectly durable and sounds great. I was referring to interconnects such as RCA or HDMI or VGA. Cheap RCA cables are junk and break easily. I will gladly pay the $20 premium for "audiophile" RCA cables if they will have superior build quality. I know they do not offer "higher resolution" or "increased dynamic range", but I still end up buying cables marketed as such.

Even if the financial calculus says that it is cheaper to just replace broken cables every 5 years, I just don't want that hassle.

Unfortunately, if you want cables et al that are not complete junk, you often have no choice except for the "audiophile" stuff. Not everyone who buys that stuff is an idiot, some just want a solid cable that will last for 20 years and will not break during normal use.

What flamebait. You may not agree with his politics, and his personal life may abhor you, but it seems perfectly valid to assess someone's intellectual capacity based on something like this. You don't have to vote for him, but this may be an interesting find for someone choosing between Sarah "I read them all" Palin and this guy. He clearly is a sharp man.

I have an Air from a couple months ago, and it came with Java right there in /usr/bin/. I haven't installed Lion yet, but I would be surprised if Java was absent. It's not impossible, but that would be a fairly sudden removal.

I am a marginally affluent adult with children, and I struggle to understand why I should store paper documents at all.

I keep a stack of maintenance records for my car, because I will probably sell it some day, and the future owner may want that. But I will never actually refer to any of these, even if there is a question about the state of my car. I will just have it re-evaluated at that time.

I don't get any financial statements in the mail, because the institutions store them as pdfs for me. I trust them to keep accurate records. Every day I throw out practically everything that arrives in my mailbox. Occasionally I will get a personal correspondence or an actually-informative message from a financial institution.

I don't keep the records of my interactions with the government (parking tickets, licences, etc). It just doesn't seem worth the effort compared to the potential risk of some misunderstanding occurring.

I don't keep medical bills or documents, because I trust my doctors to keep an accurate medical record. And even if they fail to do so, I don't see a strong reason to care about that.

I don't keep correspondences with my children's school, because I can't imagine a reason that I would ever need to refer to that. I read them, respond as appropriate, then they go straight into the trash.

I keep documents regarding real estate ownership, but in the ~10 years of doing so, I have never referred to any of these.

So I have a couple of unsorted write-only streams of files for certain things, but everything else is either digital or thrown away. I can imagine scenarios where magically having a certain document might make things easier or simpler for me, but none of these scenarios have ever occurred to me or anyone I know. Nor do I imagine that is worth the 1-2 hours per week it would take to maintain something like that. I would rather spend that time with my kids or my friends focusing on the present.

Is this unusual?