Everyone does not necessarily need a distributed source control system. (Although I use one and am happy with it.) But if you're ever sending your programmers out of the office somewhere and expect them to do work, distributed source control is essential, since they may not have access to the Internet wherever they're going.

You can find the information on Intel's own site: http://www.intel.com/technology/anti-theft/ . The 3G kill switch requires the operating system to keep working, but there are other disable mechanisms, such as a watchdog, that don't.

Generally, policies end up being legally binding. Companies that have had certain non-discrimination policies (say, on the basis of sexual orientation) but ended up violating them have been successfully sued. Basically, if you end up doing anything in reliance on a company policy, it's legally binding.

That, of course, is why most privacy policies are extremely vague and one-sided.

Actually, yes. They were quite pleasant and agreeable. And they were all in Canada.

That's true. But iteration does. For example, WPA requires 4096 iterations of PBKDF to make it prohibitively expensive to attack the passphrase. OpenPGP does something similar to generate a key from a passphrase.

Java is supposed to be cross-platform. But the Java VM and standard libraries need to be ported to whatever architecture and platform. For example, Java needs networking support, which it gets through native code to the Berkeley sockets interface. Code to handle sound is also likely to require native code.

So basically, programs written in the Java language or for the Java virtual machine are only cross-platform because people have already put work into abstracting these differences away by porting the JVM code.

Most (if not all) RIRs require some sort of demonstration of need. If you ask for a /16, you're going to need to show that you really need all those addresses. If you don't, they won't hand them out. So it's unlikely that anyone is going to be able to stockpile addresses.

Yes. Furthermore, the purpose of a trademark is to prevent confusion in a certain field of endeavor. It's completely acceptable to use a trademark to refer to the entity in question. So if I trademarked "bk2204", it's entirely within your rights to use it in pretty much any context as long as you're actually referring to me, whether or not those references are flattering.

If you use "bk2204" to say untrue and defamatory things about me, that's libel (or slander), but that's because they're untrue and defamatory. Whether I have a trademark on that name is irrelevant.

That's not my experience. When I was a kid, the joystick was always on the left side of the computer (because there wasn't any space to put it on the right side). Consequently, I always used the joystick left-handed, even though I'm right-handed. Finding an ambidextrous joystick was exceptionally difficult, let alone one specifically for left-handers.

Basically, the problem here is that ASP.NET leaks information about incorrectly decrypted data. If the attacker can get information about the failed decryption, then that's called an oracle. The secure way to handle any sort of decryption error is simply to say "decryption error", regardless of whether it's a padding error, a MAC (message authentication code) error, invalid plaintext, or whatever. You should never give the user the invalid decrypted data or any information about it.

Some SSL/TLS implementations have this problem, too, because they treat a MAC error differently than other decryption errors. Secure implementations, including OpenSSL, have the sane behavior: simply stating that the decryption failed.

A good way to make padding oracle attacks irrelevant is to design protocols to use cipher modes that don't require padding. In other words, instead of using CBC, use CFB. This does have some tradeoffs, but overall CFB is a good choice. (For example, OpenPGP uses CFB.)

I don't know about the UK, but in the US courts don't take kindly to having their time wasted. Lawyers that pursue obviously baseless and meritless cases can be the subject of an ethics complaint to the bar association. And when the person referring your case to the bar association is a sitting judge, that doesn't look so good.

The diagnostic systems that you plug in are very, very expensive. I once had to do some work on an IBM Thinkpad with an ancient version of SCO OpenServer that was running reverse-engineered BMW/Mini diagnostic software. This unit cost $600. The official unit costs $20,000. That $85 charge seems fairly small in comparison.

Even if the standard is a preponderance of the evidence, any other civil case requires an appearance in a courtroom with both sides present to argue it out in front of a judge or jury. Where red light cameras are installed, the tickets are often mailed to the alleged violator without any sort of appearance in a courtroom by the defendant.

I know in Houston the city is trying to get the county to deny vehicle registrations if the red-light tickets are unpaid. It seems that the city has forgotten about the adversarial nature of our judicial system.

The thing that Apple doesn't seem to get is that trademarks are designed to prevent confusion among products in the same field. If the iPood played music or was electronic in any way, Apple might have a leg to stand on. But nobody is rationally going to think that a trowel can in any way be confused with a portable music player. Not only are the products in question completely different, but so are the respective companies' fields of endeavor. Confusion is not possible here.

While I agree that ZIP confirmation is not particularly secure, there's actually a better reason that Canada doesn't use it: Canadian postal codes are alphanumeric, and installing a QWERTY keyboard at every point of sale just isn't going to cut it.