sold out to the suits at Warner Brothers

That's not going to turn out well for them. After the first steaming pile, the subsequent two aren't even on my list. Even if the next two were great, what were we going to do, show our kids only the last half of the story (well, with other random crap thrown in)? It's not like they were going to go back and fix the first one.

Once the copyright fully expires, somebody will make a great TV miniseries of The Hobbit. The folks doing Pratchet's stories would do a good job, for instance.

Oh, and Jackson has blown his cred with everybody. Hope the contract with WB was airtight on this trilogy because that payment's gonna have to last for quite a while.

No, it's not that it doesn't check certificates generally, it's that if there's an additional, extra certificate of a particular form in the list that forms an app's certificate chain (but isn't actually in the chain) then that extra certificate gets included in the list of signatures associated with an app... making other apps that query the signature list believe that the app is signed by a certificate it's not. This doesn't, for example, fool the Play store into believing an app is from developer A when it's really from developer B. But it can fool other apps. There are some apps that load others as plugins, and make decisions about which plugins to load based on whether they're signed by a particular key. This flaw allows malicious apps to subvert that, convincing the plugin-loading apps to execute them, thereby giving the malicious app the same permissions as the plugin-loading app.

It's a serious security flaw, no doubt. But it's a little more subtle and less obvious than the summary makes it appear. Also, it appears that no app in the Play store, nor any of the other apps that Google has scanned, attempt to exploit the flaw. It's very easy to identify them by scanning the certificates in the package.

I've implemented tests for certificate chain validation code several times (not in Android), and it never once occurred to me to test for this particular odd construction, nor, I think, would anyone else think to test for it without some specific reason. This sort of bug requires inspection of the code.

(Disclaimer: I'm a member of the Android security team, but I'm not speaking in an official capacity, just summarizing what I've read of the vulnerability -- which isn't a great deal. Others on my team are well-informed, but I haven't followed this issue closely.)

Yeah, it should be higher. People are so afraid of a credit rating problem these days that they will often pay off a "bad debt" that is fraudulent to get their score "fixed".

Creditors know this and are abusive because of it. I tell them to go suck a big one if they pull that crap. It's better to pay cash anyway, but I've actually had very few try to report bogus charges I refused to pay (90% or so are just bluffing).

Frankly I'd trust somebody with 'very good' credit more than somebody with 'perfect credit'.

Anyone have other theories why this number is so much higher than the 5% of people who are just "late"?

The first window lasts from 0.08 years to 0.5 years, while the second window lasts from 0.5 years to 7.0 years. The relative window width is (7.0 - 0.5) / (0.5 - 0.08) = 6.5 / 0.42 = 15.47. So if each person only had zero or one debts, and no debt was ever paid off, you'd expect there to be 15.47 times as many debt holders in the second window as in the first. 15.47 * 5% = 77%. So the fact that it is at 35% means that there is some combination of people being in both categories and people paying off their debt while it is "In Collections." If it was 5%, or 77%, you'd be able to make a pretty solid guess that something was hinky, but 35% is in the "could be perfectly reasonable" range.

I'll also echo the sentiment that some creditors do a horrible job of billing. I had a large outstanding debt for years before finding it on my credit report. The company had a typo in my address from the original signup, but had been getting copies of my credit report which had my correct address. They sent all the bills to the incorrect address they had on file, never once contacted me at the address on file with the credit reporting company they had been contacting.

If the attacker has sufficient access to install system-level software, you're already completely screwed. Game over. Go home.

I can't find words for how much I hate Congress and the President for this.

I can. But I'm afraid that if I use them in public, I could be put on the secret watch list and have to face extra scrutiny in every LEO encounter when "possible terrorist, report to FBI" pops up on their computer.

Of course, that chilling effect means that the peaceful feedback mechanism that is supposed to moderate government overreach is being attenuated. When that moderation system is weakened, excesses grow. Fortunately, as The Declaration of Independence notes, "accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed." So we have time.

But time grows short; The Declaration does not end with that phrase.

We rewrote this 9 months of Erlang development in 3 weeks (!) using one senior Java developer. it worked like a charm and still runs flawlessly in production today.

Then your project was a very poor fit for Erlang in the first place.

Decentralized Internet is badly needed

Very true, that is the only real solution to this problem. Whether corporations, governments, or criminals, the value in surveillance is too great to be resisted. The only solution is increasing the cost and detecting it when it happens. Decentralization will both make it more expensive to do generalized surveillance, and make it harder to do it without getting caught.

and nothing seems to be in works...

Not as true.

OwnCloud lets you host your own dropbox, mobile-to-desktop sync, etc.
MediaGoblin lets you host your own replacement for YouTube.
Asterisk lets you host an end-to-end encrypted replacement for Skype.
Tor and I2P let you slip past your ISP's surveillance net.

That's just the tip of the iceberg. Learn more at Stop-Prism.org.

Amazon's offering is substantially less flexible than that of existing players (shapeways is the name that comes to mind; but there are others), who already accept basically any STL that isn't horribly munged in some way and spit the result out in a number of different materials.

You still have to model the part, or buy a (currently rather expensive) 3d scanner to do it; but if you are willing to put on your CAD hat, you could have the part by next week, just not from Amazon. I wonder if they are just moving slowly, or worried about the copy cops coming after them once people start knocking off action figures or something...

It lacks the sci-fi appeal of pure printing; but there are a variety of techniques that use the 3d printed part as the first step and then subject it to additional treatment steps in order to make up for those sorts of deficiencies.

As long as the subsequent processing steps don't change the dimensions(or change them in predictable ways that you can compensate for) you can get away with whatever tempering, annealing, and so on your application requires.

Depends on what you pay.

A poorly calibrated fused filament unit will produce stringy junk that delaminates if you look at it funny. A well calibrated one will achieve something reasonably close to what the plastic it is using is actually capable of. Outside the cheap seats, you can print all kinds of things(especially if you count parts that require one or more additional processing steps as '3d printed'. Printing wax, for example, is pretty undemanding, and allows you to do lost-wax casts of more or less any shape that will cast properly, without needing a printer that can sinter or melt metals. Some of the techniques for producing ceramics are in the same vein, the printer just needs to tack the ceramic material together long enough for firing, which takes care of the mechanical properties.)

The one thing that is (relatively) easy with injection molding that 3d printing (to my knowledge) isn't so hot for is overmolds. When injection molding you can use insert molding or multi-shot systems to achieve the (enormously common and fairly popular) combination of a rigid plastic structure with an elastomeric surface treatment for grip or aesthetic reasons. For prototyping purposes you can get paint-like coatings that emulate elastomeric overmolds that you can brush on to 3d printed parts; but the quality isn't as good and production takes longer.

Not a universal compressor, a standard compressor, such as gzip. The metric is ultimately just a comparison between the compressor being evaluated and the compressor chosen as the standard, and it is unitless.

That said, I agree with you that the scaling constant has no reason to be present. As for using the logs of times... I don't know. It's essentially a base change, expressing the time of the compressor being evaluated in the base of the standard compressor, which is then multiplied by the ratio of the compression ratios. Handling the time relationship as a base change may have some useful properties, but I can't see what they would be.

Oh, you're the author of that ?

Thank you, man.
I used your soft back then and liked it !

Are you honestly equating process separation in multi-user OSes with rootkits?

This EA: you only get StarForce if you pre-order at select retail partners or buy the launch-day DLC...