Not quite.

First, sandboxing in Android isn't done at the Java level, it's done at the OS level, by running each app under a different UID and letting the kernel take care of enforcing what that UID is (and isn't) allowed to do. It's the same system that prevents different users on a "conventional" Linux system from accessing each other's private files. This is why Android apps can load and run native code (via JNI) without needing any special security permission or exemption. Native code is still in the sandbox.

Second, the real danger in this flaw isn't malicious apps tricking the user, it's malicious apps tricking other apps. Android's permissions system includes a feature called "signature-level permissions" which allows apps that are signed by the same publisher to grant each other permissions that aren't available to apps signed by other publishers. This bug means that a malicious app can pretend to be signed by Company X in order to gain signature-level permissions to interact with actual Company X apps in privileged ways. Depending on the app, this may allow access to sensitive data.

Brood War had a new campaign, units, maps, and cinematics too. It's an expansion in the sense that you can't buy and play it by itself: you have to own the base game already.

I wonder why they picked that name since it is already what the Raspberry PI's version of Debian [Raspbian] is called.

Because "wheezy" is the codename for the upcoming Debian release, for all architectures, not just a specific system like the Raspberry Pi.

If you can wait awhile longer before buying, Intel's upcoming Haswell processor is reported to have significantly improvied graphics performance, and Intel GPUs are well-supported with free drivers in Linux and Xorg. They're less-powerful than NVIDIA and AMD GPUs, but should be fine unless you need to play high-end games on high quality settings.

Apps can be written to use new features where available but degrade gracefully where they're not.

Every app has both a "minimum SDK version" that identifies which version of Android it requires, and a "target SDK version" that identifies the latest version of Android that it knows about. At runtime, the app can check which version it's actually running on, and enable or disable features as appropriate.

If an app is is run on an Android version newer than the app's "target", the OS itself will do whatever's needed to be backward-compatible with the target version. The developer can update the app and change the target version in order to take control of any new features and differences.

As I recall, Mozilla was willing to grant Debian a license for the Firefox trademark, but they weren't willing to grant it recursively to all Debian users who might want to make (and distribute) their own modified versions of the code they got through Debian. Since Debian doesn't accept licenses that are specific to Debian (DFSG #8), Debian couldn't accept Mozilla's offer of a Firefox trademark license, and thus had to rename it.

The discussions at the time — this is based on my memory from reading the list archives — were all about the fact that Debian applies patches to the code; I don't think the logo issue came about until later.

How long ago was that? In Steam's properties window for a game, there's an Updates tab with the choices "always keep this game up to date" and "do not automatically update this game". That option has been there for a long time.

Looks like it shares more than that. The source for the login button is:

<fb:login-button perms="user_likes,user_about_me,email,user_hometown,user_relationship_details,user_location,user_website,user_work_history" onlogin="oRRQ.login();">

The site has no legitimate need for all that info if it just wants to know that you're a real person.

Software creator is getting market exposure....This is good.

Software creator's good name is tarnished because people installed their software and got malware as a result. Not good.

People get malware, period. Also not good.

In this video, the researcher is looking at debug logs from the phone itself, not network traffic logs showing remote communication. He clearly shows that keystrokes and URLs are being passed to the IQ software running on the phone, but presents no evidence that the data is actually sent to anything outside of the phone.

Has anyone determined what the IQ software does with all this information besides writing it to the debug logger? Is it actually sent somewhere, or saved to persistent storage on the phone? (I'm no Android expert, but I'm under the impression that debug messages are discarded when there's no debugger attached.)

Having this software running in the background is sneaky and certainly makes spying more possible than it would be otherwise, but it's not necessarily the huge immediate privacy violation that everyone seems to be assuming it is.

The article's suggestion of address hashes is kinda bogus, and especially dangerous if the hashed addresses are known to be customers. Assuming a spammer/phisher already has eleventy billion addresses, this is a hash collision attack. All the spammer has to do is hash their list and look for matches. Instant customer list.

That's the intended usage of the list of hashes: for each address that the marketer already has, they can determine whether it's the address of an existing customer so they can exclude it from the ad campaign. No technological measures can avoid the fact that if you want an advertiser to exclude your customers from an ad campaign, you have to give them a way to determine who your customers are. Only trust (and trustworthiness) can resolve that.

But hashing the list would at least prevent the marketer from learning new addresses that they didn't already know about, so it's better than giving them the raw list.

I don't know how timing is normally done for auto races, but I've been part of the staff at a few track & field events, such as the Nike Indoor Nationals, and seen how the timing is done there. There's a special camera that captures a single column of pixels, carefully aligned with the finish line, that records a rapid sequence of images whenever something changes in its field of view. The software assembles all these one-pixel-wide images into a single image whose horizontal axis is time rather than space. You can clearly see each runner, though arms and legs often look a little curved since they're moving as they pass through the plane of the finish line. In particular, the ID number tags worn by each runner are clearly visible.

Recognition isn't automatic, but it doesn't need to be. The operator just clicks on the front of each runner's shoulder (the part that "counts" for finishing the race) and reads the number from the runner's ID tag, and the time value associated with that column of pixels is recorded as that runner's finish time. So there's a human delay involved in matching the time measurements to the runners, but no human delay in the measurements themselves.

The company that did the timing at the races where I worked was CFPI Timing, and the tech page on their website has lots of details. Apparently the camera system I described is made by FinishLynx.

3D at the movies use polarized light, and each eye gets their usual 24fps. No flickering because there is no "black" in between each frame.

RealD uses polarized light, but through a single projector, running at 144fps, switching "sides" six times per (24fps) film frame. Your eyes see left-right-left-right-left-right for each still picture before moving on to the next.

Since each eye sees black while the other eye is seeing a picture, RealD does flicker. It's 144fps flicker, which most people don't notice, but some people are sensitive enough to be bothered by it.

It's the same song, but performed by different singers. The in-game version was performed by (I think) an a cappella group at Stanford; the album version is performed by Ron Ragin and the Soweto Gospel Choir.

Basically, the artist re-recorded the song with more professional talent. Compare:

• Game version
• Album version

Patents protect inventions like McCoy's. Copyrights protect works of creative expression, such as books and music. They're two very different things.

Since a copyright protects only a specific expression (rather than an "idea"), a Tetris-like game shouldn't infringe Tetris copyrights unless the developer copied actual graphics, music, code, etc. from the original Tetris game. A patent on falling-block games, if one existed, would cover Tetris clones, but this isn't an allegation of patent infringement.