Well, let's explain it right: the compare function uses a variable type cast that paired with certain compiler flags will improperly reduce a larger number storage to an 8 bit interger. memcmp returns 0 when there's a match, any other value otherwise. When some larger number is interpreted as a character and that number is mod(256), then you get a zero when you truncate the leading numbers.

Since the hashing function in MySQL has some variable used every time, you get a different number every time that returns a mismatch. 1 in 256 of those mismatches gets reduced to a number that is represented by a zero... which is appropriate to the cast function, but causes issues when used with memcmp.

3. There has been, up until 2008, and attitude in the U.S. that any college degree is good enough. My state only graduated 40,000 people from community colleges/trade schools this year. Everyone with higher aspirations just went to a 4 year school. To do less is to view oneself as a failure(and employers do too).

There has been too much emphasis on college degrees, I think. This idea that everybody should start with getting a degree out of school seems to lead to many folks with a load of debt who may not be in the field that suits them at the end of the degree. Further, a degree in CS seems to have little correlation with the ability to effectively program. I'm sure there exist some programs that might relate to other fields of IT, but I don't personally know of any that properly convey the skills required for other IT disciplines.

Latency depends on your destination. It is limited by the speed of light, and governed by how lousy the link itself is. It's how you sometimes get stories like the 500 mile emailFor some reference points:

A map of expected United States latency from some place in Texas.

Often times your first hop on DSL will be slower... my own network right now shows 40ms to my ISP's gateway. 300ms is my ping time from Maine in the US to Australia.

Another helpful source of references are looking glass servers that will let you drop right into another provider's system and see ping times from their perspective.

This was brought up when kernel.org was compromised last year. The decentralized nature of git makes that really hard to sneak by, especially if you use the kind of process controls that the Linux kernel uses. Legitimate commits go through maintainers, and maintainers will definitely flip if they see code pulls into their repository that they didn't commit. Some deeper discussion about how you can't just sneak things into the past history is here: http://security.stackexchange.com/a/6771/836

Hell, I joined the Ops team at Shmoocon this year without any credentials or signup. I tell you that isn't part of their plan. http://storyinmemo.com/?p=48

I spent a day at my first DEFCON missing my badge and managed to keep going all over the conference. Every year at DEFCON I make it a point to get into a guest-listed party that I didn't have access to. Why would RSA be different? I guarantee the DEFCON goons care more and the RSA ticket funds aren't going to making the conference more secure.

Their cost / benefit for tightening things down would be basically nothing.

As this school is not part of the public school system, there are other public schools as an alternative for the student to attend.

Compulsion to attend a school is different from compulsion to attend this school.

This has a very military / boot camp feel to it, and it is obviously have some sort of affect.

Students aren't required to go to the school, and the fines are relatively small. $5 seems enough to be discouraging to the students without breaking anybody's back.

More than anything, somebody is experimenting with a system, and education needs that. I don't know if it's right, but it's not a compulsory place to be and it's not wrong. Good on them.

Using it to knowingly misrepresent for fraud, even to a vending machine or kiosk, definitely isn't legal. I doubt advertising a tool as such is acceptable either.

Europe.

Bite me, AT&T. Auto repair is competitive.

  * Cell phones in the US have a small pool of providers, especially the nation-wide crowd.
  * They primarily operate with 2 year contracts, and it's hard to get a phone without one.
  * There's a financial disincentive for buying a phone without a contract.
  * Text message rates (for which there is very little data usage, being measured in bytes) have been increasing.
  * Data plans have been increasing in price and providing tighter bandwidth restrictions at the same time.

I loathe AT&T, and I'm stuck with them. Competitive? I'd get out in a heartbeat if I felt I had somewhere to go. T-Mobile has been the closest saving grace to AT&T, so I really don't want to see that absorbed.

Thanks to the Fed did -- they did one right there.

• Private PGP key printed out as a QR code and placed in a safety deposit box. Why? Because it's a durable medium and the electronics can't go bad. You can put it on a USB key too for convenience.
• Publish your list encrypted with the public keypair of that somewhere your relatives know and can get to.
• Bank will keep them from snooping by only letting them access your box with a death cert.

... "there" isn't a mixup on their part. Honestly, it'd be great if the Slashdot API reacted in the same year that I clicked on preview.

Does this story come with any indication that their isn't a mixup on Netflix's part?

With what libraries and languages what you worked in C? Won't those change? If you're a games person, are you up on DX9? DX10? 11? Database backends? SQL? NOSQL? Have your version control skills expanded to match existing systems? Still using CVS? SVN? Git? "The Cloud" ... have any of your applications been designed with that kind of focus in mind of starting and stopping at any point and being part of a model with dynamically changing resource allocations?

Evolving skills are a demonstration of the ability to continue tackling new problems. I personally don't care less what knowledge you're exhibiting as long as I see things that are on the leading edge still showing up on your resume.

I suppose I mis-stated myself. They have nothing special in the trade-secret sense; ostensibly nothing that can't be derived from looking at their website.