The patents in question describe nothing more than perfectly normal combinations of Internet services that any software engineer who knows basic networking would be expected to create as a matter of course. Combining such services into higher protocols is simply algorithmic construction in network programming.

This patent suit illustrates well the chilling effect that software patents have on our ability to use computers and the Internet to best effect. When you allow software algorithms to be locked away in patents, the ability of engineers to use computers and networks as an enabling technology decreases dramatically, to the extreme detriment of our ability to improve our systems.

Each new software patent just adds further bars to the prison. If this disease isn't stopped soon, the profession is going to be worthless except as a feeding pit for lawyers.

This is a really awesome example of dedication to science and engineering by enthusiasts.

They don't mention it (much), but these guys are risking their lives. It's certainly possible for all the tech safeguards and personal attention to safety to go wrong and for someone to die.

I bet the professionals will call this "unnecessarily risk", but that's not really accurate. Sure, it's money-limited, but that doesn't mean that the people involved aren't just as strongly concerned with safety as the professionals. As said in the video, "We have only one life". They do realize what's at risk.

Looking ahead, we will soon be a space-faring species, and that means that we will be going into space not only as a science experiment, which all NASA endeavors have been so far, but simply to go out there for whatever reasons we have. People need to make this technology their own, and that's what these enthusiasts are doing.

Client-side Javascript is already a security disaster because the unvetted JS code bypasses your perimeter defenses (firewall and proxies) and executes deep inside your privacy domain. And it's not only unvetted code but also unvettable, because it changes with every page.

15 years ago, everyone knew that only the clueless download untrusted 3rd party executable code and run it. Now with JS, all that sensible security advice has been forgotten, and everyone is required to behave clueless with their security. (Software sandboxes are no solution, because all non-trivial software like JS and the browser is riddled with bugs, this is inescapable with large software systems.) Add-ons like NoScript and Ghostery help control it a little, but technically unaware people can't be expected to use them, and more and more websites don't work at all without JS.

And now, Google wants to make it especially easy for remote 3rd parties to access other people's desktops, as if JS didn't make it easy enough already (just ask any security pen-tester). It adds to the already hopeless security in Android, where users are disallowed from blocking the wide access typically demanded by an app on installation. Google doesn't want you to be in control.

The whole Google scene is a security disaster by design. It beats me how a company with so many PhDs can be so cavalier with people's security and hostile to their privacy.

For more immediate visual gratification appreciated by a wider audience, the Mars Reconnaissance Orbiter provides wonderfully detailed images of Phobos.

That was the instrument that caught this mind-numbing image of the Phoenix lander as it was descending on its parachute. Words are really quite superfluous.

On our primitive planet with its petty preoccupations over power and money, you showed us a vision of the future in which Mankind has managed to transcend the narrow blinkers of its youth, and reaches out to the stars without material greed nor lust for power.

The Culture gave millions of us hope for the future, at a time when government, business and fanaticism seem intent on moving us back towards the barbarism of earlier ages. Your vision will live on in our hearts, come what may.

Thank you.

to expect EVERYONE to switch over to IPv6 immediately is a bit naive.

"Switch over to IPv6" is a concept that detractors have pulled out of thin air, as it bears no relationship to how IPv6 rollout was planned and expected. Adding the word "immediately" just makes the misconception worse.

IPv6 was always intended to run alongside IPv4 for the foreseeable future, because old IPv4-only equipment will be around for decades until it rots and it will need to be reachable until it is replaced. So, please don't talk about needing to "switch over" to IPv6. Wherever you got that idea from, it's wrong. Talking about it is propagating an invalid concept, and calling the expectation "naive" is just knocking down a straw man.

IPv6 service merely needs to be enabled (without touching IPv4) on an IPv6-capable dual stack home router, and ISPs who offer IPv6 provide routers with it already enabled so you just need to plug them in. (If it's an old router then you'll have to enter the new IPv6 address info that the ISP gives you of course.) Simple home systems don't even need user configuration for IPv6, because IPv6 router advertisements then handle everything. It's as simple as USB for the home user, totally plug'n'play, which IPv4 never was.

And once enabled, IPv6 works totally happily and transparently alongside IPv4 in the home network and at the server end, so there are no "switch over" issues. IPv4 continues to work exactly as it did prior to enabling IPv6. Browsers in particular just use IPv6 by default on a site that has it, and IPv4 if not. It's completely seamless for the end user.

The pain and angst of "switch over" that you describe simply doesn't exist, because switching over was never planned, expected, nor even desired.

The sites that are calling for better password choice need to step back a bit and consider whether their design concept of storing user passwords centrally is a good one. It's not, so they should get rid of it instead of applying band aids to a bad scheme.

It doesn't matter what encryption scheme is used, if authentication secrets are stored centrally on a website then they are at risk. Good sites make it hard to crack, and poor sites make it easy, but they are all at risk, from internal employee corruption if nothing else. Those secrets will leak because when stored at a single point then they are all accessible to the attacker at a single point. Leakage is just a matter of time.

A vastly more secure approach that's been well known for decades is for the user to store their secret locally as a private key, one half of a {private,public} key pair. The server only gets to know the public key (PK), and it's pointless for an attacker to crack that because the PK is public information that can be distributed freely through keyservers. (The PGP/GnuPG keyserver network has been doing this for decades.)

When a user creates an account on some website, she provides the identifier of her chosen PK (she may have lots of them). When logging in to the account subsequently, the server looks up her PK identifier in the info for this account, fetches her PK from the keyservers, then it sends her a random string encrypted with her PK. She decrypts it with her private key (which is only held locally by the user, nowhere else) and sends the decrypted string back. The server accepts the login if the returned string matches the random string that it picked, which is not stored and varies on every login, and rejects the fraudulent login attempt if the match failed.

That's strong distributed security, and it's resistant to MITM attacks and does not store any authentication secrets on the central service so those secrets cannot leak when the service is compromised.

It's not rocket science. Why this old but secure scheme isn't used by websites is quite a mystery.

Our solar system resides in an area of our galaxy called the "Local Bubble", roughly a few hundred lightyears across. This region is very empty compared to the average interstellar medium in the galaxy, as a result of a large number of supernovae that blew out a sort of cavity in our interstellar neck of the woods long ago. In actual structure it's more of an irregular "Local Chimney" going right through the galactic disc rather than a spherical bubble.

As a result, pinning the cause of TFA's observations to a single supernova is not all that simple, as supernovae were very common in the Sun's general neighborhood in our galactic past..

Here's a nice graphic of the larger features in and around our local bubble. It's a fascinating subject if you enjoy understanding our location in a galactic context.

It's clear what lightweight means just from examining its two parts: "light" and "weight" both allude to there not being much there, little mass or volume. The words are of course a physical metaphor when applied to software.

When something has little physical mass and volume then it tends to move fast for any given force, and so as a consequence we tend to associate "lightweight" also with higher speed, but it's only a consequence, not the primary meaning.

In software, being lightweight and being fast are properties that do not always track each other. As a first rule of thumb, smaller code tends to have more locality simply through being smaller, and hence it can run faster through producing fewer cache misses. However, small code is often somewhat dumb code, and a large and complex beast of a program can be designed to have greater locality in its innermost loops and hence to be more cache friendly and run faster. As a result it is hard to generalize whether lightweight also means fast. You have to examine each case separately.

As a counter-example to "lightweight == fast", the browser Midori is extremely lightweight (very small), consisting of little more than a simple graphic Gtk+ wrapper around webkit. Firefox in contrast is a huge monster of a program and could never ever be called lightweight. However, Firefox runs much faster than Midori, because its designers have used its complexity very productively to make its performance top notch.

So, you really can't generalize beyond observing that smaller programs load faster from disk and, everything else being equal, tend to have better cache locality and hence higher speed. However. heavier programs can buck this general rule by using more complex designs and algorithms to boost their runspeed.

[No axe to grind since I use neither MS nor FB ...]

Stories like this one remind me of politicians playing party politics and slagging off everything the opposition does and says instead of focusing on whether it's a good idea or not.

It seems that long gone are the days when the top companies competed on product and politics was (ostensibly) about doing the best for the nation. Doing good work has become quite secondary to politicking (in the worst sense of the word) in both areas.

I suspect that as more malware and backdoors are discovered in systems used by government, the penny will begin to drop more frequently. Closed source is incompatible with security, by definition, since you cannot validly trust what you cannot see.

Companies have the luxury to risk their security by placing their trust in a corporation and in closed source brands, and to pay the price of failure. But governments do not have this luxury, because failure compromises the security and sovereignty of a nation.

The push for open source in government will be gaining impetus in the years ahead as more national infrastructure becomes networked and the security risk becomes evident. Each report of espionage malware found is just another data point highlighting the insecurity of closed source systems.

It's a reasonable guess I think that government perceptions are changing because of this, and open source is slowly becoming non-optional.

To clear up any possible confusion, Voyager 1 doesn't need to enter the "sphere of influence" of another body to avoid falling back to the Sun. It has already escaped the Sun's gravitational field, long ago and by a large factor.

On September 9, 2012, Voyager 1 was measured to be 121.798 AU from the Sun and traveling at 17.043 km/s. At that distance, the escape velocity from the Sun is only 3.817 km/s, which Voyager 1's speed exceeds handsomely.

The dear thing isn't coming back, at least not without help. :-)

This sort of behavior from elected officials should be considered treason.

Treason may be the wrong word if one wants to be precise, but there is certainly something like treason going on. The creationists are willfully trying to undermine the country's scientific future and to infect school children's receptive minds with pure nonsense. As an analogy it's very true.

There's also some very severe professional misconduct occurring there, because non-scientists are pretending to be scientifically competent and dictating school science curricula.

Are carpenters allowed to establish guidelines for how surgeons will do heart surgery? No, they lack the professional competence so they are not accepted as having standing in the matter. What's happening in science education in a few US states is directly analogous. The creationists have no standing in science and so should have the door shut firmly in their faces.

Pretending to have scientific competency when you don't even know how science works is pretty clear fraud. Aren't there controls in education to keep charlatans from taking jobs for which they have no professional competence? Apparently not.

In many consumer electronics industries, it's normal for the lead manufacturers to be continually leap frogging each other. At any given point in time one is ahead, and on the next product cycle their main rival is ahead.

Examples of this are common. For example in cameras Nikon and Canon are changing lead position pretty much every year, and in home theater systems the same has been occurring between Yamaha and Denon for well over a decade. In smartphones and tablets it's currently a two-horse race between Apple and Samsung, and which company has its nose slightly in front should be expected to change often. And of course other companies regularly join in the fun too.

Any "lead" that a particular company might have is actually very minor, because all high tech companies chase each other closely so it's always only by a nose.

Not much of a story really. Continual leap frogging is entirely normal in the industry.

Linux has huge diversity among its many distributions, and yet it doesn't suffer from the security problems described in the article. So-called "fragmentation" isn't really a valid technical reason for lack of security at all. If a system is designed for security then it will be secure, regardless of the number of its variations.

The real reason why Android is lacking in security is because Google hasn't focused on security. They decided not to include iptables/netfilter (the Linux firewall) as a standard facility in Android, which would have been very easy to do. And they haven't allowed users to block privileges demanded by apps after install. Instead you're offered only a package deal, either let the app do whatever it wants or don't install it, period. Android users are hence pressured into a corner, and the end result is often worse security than they would wish.

Don't blame fragmentation. Instead point a finger at Google designers who seem remarkably disinterested in supporting the Android user's security and privacy requirements.