The dhcp client in OS X runs sandboxed (I believe), so there's less potential for an attacker to exploit it if they can make it run arbitrary things - it doesn't have general filesystem access.

The issue I'be had with it is that it doesn't really do merging, it does 'server always wins'. This means that if you delete an event locally, on the next sync it will reappear. It's fine for new events created on the device and for events created elsewhere if you just want to view them on the device. I use owncloud on the server and iCal on my laptop and editing things on either of those is fine.

The reason I stopped using the search engine was that they made a UI that pissed me off enough to make me quit. I've not found Google UIs to be particularly well designed in general - I could file a few hundred UI bug reports on the general Android system, including a lot that are regressions.

While I personally see a device like this (sorry... ROBOT!) of rather limited use for testing prepared dishes, I can see great utility for it for testing ingredients. You could have a standardized, unambiguous way to rate the quality or at least properties of a given product, be it meat, fruit, vegetables, etc. I bet cultivar breeding programs in particular could really benefit from this - "Well, I was hoping that this new mango would be a huge innovation, but actually it's almost identical to a Keitt. Though to be fair its mouthfeel is somewhat like a Carrie, and it does have a small amount of a new novel aromatic compound..." Just a single mass produced sensor package that measures a wide range of different properties at once in a repeatable, universal manner. If such a thing could become widespread, I'd bet half of the "cultivars" out there would pretty much disappear, having been shown to be essentially identical to others.

One use case that's often touted for this kind of thing is having appliances that can work on spot pricing for electricity. Over the course of the day, you get spikes from solar and wind (and tidal and so on) production when electricity is cheap. You get periods when power plants need to reduce capacity for maintenance when it is expensive. There are massive power storage facilities that profit from this: there is one near where I used to live that pumps water up a hill into a reservoir when electricity is cheap and then lets it flow down again and generate power when it's expensive. Now imagine if your fridge or freezer could get this information in real time and could run the compressor a bit more when electricity is very cheap, then use the cooled coolant to keep your food cold when the price goes up.

Almost 50% of the electricity generated in the USA is wasted because the supply can't adapt to demand fast enough. There are some very big savings to be made by having demand adapt to supply.

Really? About the only Google app that I haven't replaced with something better (and open source, so money / distribution rights are not an issue) is Google Play, and that's only because my bank and a few other companies only make their app available via Google Play.

A few of the HTC apps were nicer than the AOSP versions and the same is true of the Motorola ones. The problem for people who don't drink the Google kool-aid is that hardly anyone is working on the AOSP versions of most apps. If you buy a new Android device, there's no calendar app that can talk to a CalDav server (which, for example, any iOS device and most open source calendar apps for desktop can do out of the box). F-Droid has one that is designed to, but it has a terrible UI and doesn't integrate nicely with the rest of the system. There are a couple of sync adaptors, but Google has increasingly broken the sync APIs for things that are not Google.

I completely agree. If you try to become involved with an open source project because you think it would be fun, your enthusiasm will likely fizzle out fairly quickly. If you try to become involved with an open source project because you actually want to use it and want want to improve it, then every time that it doesn't do something that you need then you'll find yourself with a project. One of the nice things about a project like FreeBSD (to give an example of a project that I'm heavily involved in - there are others that have this attribute) is that there are enough small parts that it's easy to find small projects in the individual components to keep yourself occupied.

The real problem has nothing to do with types, it has to do with design compromises to work around the fact that UNIX lacked shared libraries. Rather than provide a glob function that everyone could use (as with later versions of UNIX, after shared libraries were added), they put globing in the shell. This meant that the shell became responsible for handling some arguments, the command for handling others. As a natural consequence, you needed to provide a mechanism to escape the command-line arguments that you didn't want the shell to get at. And then you start using shell invocations as your mechanism of running programs (via the system() C library call) and now you need double escaping or triple escaping and so on.

Re-read the latest CVEs. There are bugs in the parsers that can be exploited, so even if you're never invoking the functions they're already run through the parser and the parser is breaking things for you.

On the open source projects I've worked on where Google is a big contributor, they are very keen to push features and randomly refactor large parts of code, but I've never seen them do anything like a security audit. They did, however, do a big audit of libavcodec (which they use) and fix around 300 security holes...

The second vulnerability is a lot harder to exploit. Most vulnerable things only allow attackers to set specific environment variables. If you can set arbitrary ones, then setting things like PATH or LD_LIBRARY_PATH (DYLD_LIBRARY_PATH on OS X) are already exploitable, at least for privilege escalation.

The EPA guidelines are in line with the level of risk: very, very little. If you want to cut your mercury exposure, don't stop using CFLs, stop eating seafood.

As for the Bridges case, you should read the Maine EPA's account. CFLs were new back then, and they had decided to use her case to learn more about what sort of advice they should give for dealing with broken bulbs. So they sent someone with a meter because they wanted to learn more, not because that's standard practice. The carpet was already intended for removal as part of a rennovation. They took readings all over the room. The only place with "high" levels was right where the bulb broke - not in the ambient air, not anywhere else on the carpet, not on the toys, not even under the carpet where it broke. I say "high" because even the levels right where it broke weren't actually high, just over Maine's long-term exposure guidelines (which is obviously not applicable to a temporary event). Moving the meter even six to eight inches away rom the breakage point dropped the levels way down. She was told that the bulb breakage was "of negligible health concern". However "the homeowner expressed particular nervousness about exposures to mercury even in low numbers", so they told her what she could do if it bothered her, one of which was calling a cleanup contractor. And of course any private cleanup contractor will charge you an utter fortune. The Maine EPA came back two days later after the story hit the news, before anything had been done in the house. The area where the bulb broke had dropped down below Maine's limit.

The case was ridiculously blown out of proportion.

I've run all of the updates on OS X and I still got the vulnerable message. A couple of days after the bug was public and the patches were available, I grabbed the source from opensource.apple.com, applied the FSF patches (which required some manual intervention, as they didn't apply cleanly) and recompiled. I'm now running a patched bash that isn't vulnerable, but it's not the one that Apple supplied.

I find this really hard to believe. I've been using CFLs exclusively for over 10 years - mostly buying cheap ones - and I've never seen one that takes more than about half a second to come on. The time taken to get to full brightness I can almost agree with (this was actually why I started using them originally - having a bedside light that took a couple of minutes to get to full brightness was nice) but in recent ones (i.e. ones from the last 4-5 years) the warm-up period has been 5-10 seconds, although growing to about 20 seconds after 3-4 years of use.

Are you reading the same webpage I am? Where does that say you're supposed to bag up your bedding and pillow and toss them into the garbage - "EPA's words"? It says no such thing. It basically says open the windows for 5-10 minutes and shut off your HVAC, scoop up the fragments, use tape to get the little bits, wipe it, put all the waste in a sealed glass jar or plastic bag, and properly dispose of it. Ooooh, terrifying! And at the bottom of the page it says:

What if I can't follow all the recommended steps? or I cleaned up a CFL but didn't do it properly?

Don't be alarmed; these steps are only precautions that reflect best practices for cleaning up a broken CFL. Keep in mind that CFLs contain a very small amount of mercury -- less than 1/100th of the amount in a mercury thermometer.

Clearly you're reading that page from a bizzarro universe where it says something like "If you break a CFL and don't move out of your house and entomb it in a concrete shell then you'll get electro-cancer that will kill you and all of your descendants."