There is a great misunderstanding in all these comments. The question isn't "How long does it take to change 3 lines of code", of course that only takes a few minutes. The question is: "How long does permission to change 3 lines of code take to wend its way through the agency from the Secretary to the contractor?" That typically takes weeks or months, but in this case was done quickly because no one between the Secretary and the coder thought to interfere. That is very unusual. Another question (not answered) is how long does it take for a request from the coder to the Secretary? Typically that would be "forever", which is why most things never get done. It would help if someone below the secretary were authorized to make a decision, but typically that isn't the case.

It would seem foolish to trade within milliseconds of 2pm without knowledge of the Fed decision, since the other party could be in DC and in legitimate possession of the information. So it is surprising that the criminal got a counterparty to accept the trade. This trick will probably only work once. There was a time when this sort of information was released after the close of markets.

No, the claim that intelligence agencies can read overwritten data is not true. See
http://www.nber.org/sys-admin/overwritten-data-gutmann.html

It isn't really a scandal until the cases of plagiarism are confirmed. I once tested some plagiarism software on published academic economics, and it produced many false positives, many of which required some knowledge to interpret. Notice that a grant application may seem to be a somewhat "safer" place to plagiarize, since only a few people will see the application. However, those few might well include the borrowed from author - the granting agency will be sending the proposal for review to many researchers who have written on the topic before..

I don't know if it is still true, but in years past the Florida AG had a reputation for ignoring scams where the victim was out of state.

They say the false accept rate is .001, or one in a thousand. That is, they can extract about 10 bits of information from a picture. From those 10 bits they claim to get the SSN? Or, they have the picture of a person, and need to identify them in a sample of a million people, they will get back 1000 possible matches.

The complaints about privacy seem greatly overblown. In essence they are saying that if you post a picture with your name, and then another picture without your name, someone with a million dollars of software might recognize the similarities. Of course they might without the computer too. This is just another in the long line of "security" scares which presume that items of public knowledge such as your appearance, name, DOB and SSN can be turned into a secret passwords after 40 years of being public knowledge. The security experts should be spending their time convincing banks not to pretend an SSN is a secret, rather than enabling them by agitating for legislation to make it so.

According to the article, the defendent is not distributing code containing GPL code. Rather, they are distributing a program that reads from a DSL router and modifies the (perfectly legal) GPL code on the router, reinstalling the modified code. The defendent doesn't think this is a violation, since he does not distribute any GPL code to users, only the binary "diffs". The modified code is never "distributed", only installed on the individuals own router. Since the GPL limits distribution, but doesn't affect "internal" use, there is an argument that the GPL is not violated. However, there is a further section in the GPL that takes up just this point, which is quite orthogonal to any of the arguments posted here. Even if this section of the GPL was not enforced in Germany, it wouldn't be the end of the GPL, as this is an extremely inconvinient way to distribute software, and the liklihood that the "diffs" didn't include GPL code is very small.

IPv6 will be very slow in coming, and there will be no crisis. As ISPs run our of v4 address space, they will offer natted rfc1918 space by default, and charge a few dollars extra for public addresses. Only a few people prefer a public address if charged $5/month for it, and they won't miss anything either. While lots of public servers will be offered in both v4 and v6 space, nothing interesting will require v6. v6 will grow slowly based on its use in purely internal networks. The things lusers need will always be available in v4 and there aren't enough clued users to create a real shortage.

Maybe sweeps are in November because that is when the elections are? Anyway the problem with electronic voting is not only that it is hard to do right, but also that it is impossible to show the average voter that it has been done right. With paper ballots and each party having a representative at the polling place and at the counting, voters are willing to believe the count is accurate. The offer to examine the source code is less convincing. Saying that the source code has been examined by someone paid for by the company that wrote the code is nothing at all.

The good news is that the Marvel chip won't support Windows.

The bad news is that the child with an OLPC while she may learn to do art on her computer, won't learn to do anything helpful in any labor market on earth. With a tablet, she won't even learn to touch type. I know that the project wants to prepare her for more self-actualizing career, such as poet, designer, president or CIO, very few will have that opportunity if they can't get an entry level job in the urban sector.

You can use the ITA engine at http://matrix.itasoftware.com/cvg/dispatch and it is really quite good compared to most airline/agency websites. However, it won't actually sell you a ticket.

I have been amazed over the last few years that both the general public and security professionals think that email addresses and social security numbers can be made confidential, like passwords. Surely that is impossible to achieve. If spam is to be stopped, it will certainly be another way. If identity theft is to be stopped, it is certain to be another way.

I am not sure where the idea that PXE boot files are limited to 32KB comes from, but we are booting FreeBSD 8.0 with a 240KB boot file with PXE and tftp and have not had to do anything special. We also boot Linux (Fedora 11) with a 4MB initrd over tftp and that has not posed any difficulties either. Our FreeBSD experience is documented at http://www.nber.org/sys-admin/FreeBSD-diskless.html - it works quite well for us. I looked at gPXE and it doesn't really solve any problems we have had. Actually, we have had only one problem - sometimes the OS boot code doesn't support the motherboard ethernet, and we have to add a different ethernet card for post-boot LAN access.

Yes, in fact there is no evidence that any password has ever been brute-forced, except in a demonstration. (Dictionary attack is not brute-force).