Yes, for both.

Many people in various government and private organizations noticed. People were fired for playing games at work even though the game was inside excel, especially people at strict grunt-level jobs like calling centers where getting caught playing games on the clock was a terminal offense.

The question that many businesses and agencies immediately put to Microsoft were along the lines of "If there is the very large undocumented video game embedded in there without telling us, what else is secretly in your product?", and also "We needed to buy so many thousand machines up to this higher spec to make room for Office 97, how many of those megabytes are spent in the games rather than necessary components?"

I'm sure it was not a comfortable time for those product managers.

For that type of thing I would document it internally as a utility or debugging aid. Then it is no longer an undocumented feature, instead an obscure but documented testing aid.

Undocumented, unapproved, untested functionality is generally a bad thing. But fix it through a tiny bit of documentation, get approval to add a command sequence to get the debug information, and let the test team know the debug command exists, and you're good to go.

It all depends on who they happen to be, and how you define an Easter Egg.

I worked in games for many years and we included quite a few Easter Eggs. But they were not hidden from the studio. They were approved by management, tested by QA, and documented internally. We tried to keep them quiet to see how long it took for them to be found.

The article is right -- large corporations that are risk averse tend to crack down hard on undocumented Easter Eggs. I think that is correct for a business, to crack down hard on undocumented, unapproved, untested features.

The key detail is who knows about it, and how appropriate it is for the product.

Critically: Did it get approved and tested, and is it okay for the user? An Easter Egg that has been approved by designers and product managers, tested by QA, and is a happy surprise to the user is a good thing. If it was not approved, but the programmer intentionally threw in the feature without testing and without documentation, yes, the business should crack down.

The trickier ones are the ones that are approved and tested, but not quite what the customer expects. Microsoft's bouncing text screensaver used to have an Easter Egg that typing "volcano" for the text caused a cycle of volcano names. Fun, for sure, but if your screen savers were used for the machine name, and the machine name happened to be "volcano", then it is an unexpected negative behavior.

Someone working on Excel, a product used inside government agencies and nearly every major business, including secret unapproved features? Yeah, that's absolutely a fire-able offense.

Someone working in a smaller company, with management approval, adding in a small feature to change the color scheme to red and green on Christmas day? Potentially a fun little Easter egg... unless the user is making a major presentation on that day to group that doesn't respect the Christmas holiday, then better make sure there is a way to turn it off.

In strangely relevant news this week: Nevada brothel seeking paid testers; men, women, and couples for quality assurance. Fucking professionals, indeed!

When I interview after seasonal layoffs, one of the questions I ask of my potential employers is: "What is your company culture? What do you do around here?"

Some companies the people look confused for a moment, then say things like "we have standup meetings every morning, that is part of our culture. If you are asking about parties and such, we have a summer party and a christmas party. Is that what you mean?"

Other companies the workers get excited and start talking. "We have a monthly birthday bash with cake and icecream in the lunch room, in the summer months those are barbeque parties out on the grounds. Two or three times a year we go to the movies on a pre-release. Most of the cubicles have nerf guns and the secretary buys bulk packs of nerf darts when too many vanish behind cubicle walls. We have email distribution groups for people who visit the gym for lunch hour, people who play games and Magic the Gathering over lunch, a group for soccer players that usually play on Tuesdays, a group who play Ultimate on Wednesdays, a group who play golf every other Thursday, ...."

I am much more interested in working at the latter.

The frustrating thing is that the EFF knows, or should know, that this was already decided in a previous case. They submitted applications that included both automobile parts and video games. I've contacted their legal team as a reminder, but here it is for the masses:

This was all dealt with in the Lexmark v Static Control Components case. Lexmark accused them of several things, but the most notable were the DMCA 1201 and the Lanham Act. The 6th circuit wrote an opinion on the matter, and the SCTOUTS ultimately held with the opinion 9-0. In the earlier opinion:

Generally speaking, “lock-out” codes fall on the functional-idea rather than the original-expression side of the copyright line. Manufacturers of interoperable devices such as computers and software, game consoles and video games, printers and toner cartridges, or automobiles and replacement parts may employ a security system to bar the use of unauthorized components. To “unlock” and permit operation of the primary device (i.e., the computer, the game console, the printer, the car), the component must contain either a certain code sequence or be able to respond appropriately to an authentication process. To the extent compatibility requires that a particular code sequence be included in the component device to permit its use, the merger and scènes à faire doctrines generally preclude the code sequence from obtaining copyright protection ...

If we were to adopt Lexmark’s reading of the statute, manufacturers could potentially create monopolies for replacement parts simply by using similar, but more creative, lock-out codes. Automobile manufacturers, for example, could control the entire market of replacement parts for their vehicles by including lock-out chips. Congress did not intend to allow the DMCA to be used offensively in this manner, but rather only sought to reach those who circumvented protective measures “for the purpose” of pirating works protected by the copyright statute. Unless a plaintiff can show that a defendant circumvented protective measures for such a purpose, its claim should not be allowed to go forward.

Both the 6th Circuit and SCOTUS were clear in the matter that the DMCA provision referred to copyright protections on creative content like books and movies, and not codes for operations of devices, explicitly mentioning automobile and replacement parts as exempt.

Actually it does work. Just not so well for web sites and servers.

For all their other issues, a CA network works reasonably well for hardware-level communications trust. I can look at the algorithm type selected and trust that math ensures that eavesdropping is hard. I can also have some degree of confidence that the site really is who they say they are... but I also know there is a high risk they may have been hacked or compromised by anyone from government agencies to skript kiddies. There is no need for a fake cert when it is easy for them to infiltrate their networks through legal or illegal means. A CA doesn't mean I can trust the server or their services, only that the connection is slightly more safe from eavesdropping.

A web of trust solves a different problem. It is focused mostly on authentication and social trust, not eavesdropping. I can give corporate secrets to my co-workers because people I already trust connected us, but I don't trust strangers on the street who claim to be co-workers because I cannot authenticate them as being part of the company.

When it comes to authenticating people under a WOT model, I have high trust in those I have personally verified, and progressively lower trust in those I have not personally verified. Those in HR or IT can use their own key to sign all their employee keys and I can set a level of trust on those because I have personally met the HR or IT person. It works much like real life social rules, my direct friends I can trust, the friends-of-friends less so, the friends-of-friends-of-friends I will be skeptical of. Key servers can (and do) provide easy access to see who else trusts an individual, letting me quickly build a web of trust, where just like in the physical world I can decide how much trust I give anybody I personally know, and I can decide to trust no one, to trust only those few people I know well, or to trust anybody who comes along.

The parallel with real life social trust is exactly why they work so well for email and similar social uses. That is how people have been doing it for ages.

The reason it doesn't work too well on random web sites is that the web of trust model cannot be automated, or used to verify servers rather than people.

What does it mean to trust a bank's signature? I may be able to verify my bank's digital certificate matches the card I got in their lobby. I probably have a WOT with a few friends and friends-of-friends that get me connected to individual workers at the bank. But that breaks down on a bigger scale when you are trusting servers rather than trusting people. I may know a teller at the bank as a human, but how does that give me any trust of the servers? Sure I probably know people who work at Discover Card's call centers, but just because I know some people why should I fully trust that DiscoverCard's servers have not been compromised? I may know some people working at Google, but does that mean I can trust that their million servers to not give up information to the NSA? No way, because the WOT method focuses on individuals and people rather than hardware.

WOT works well for social connections and personal identities. It doesn't work so well in other contexts. The need for a 'volunteer CA' is not the reason it breaks down. It breaks down because social trust models do not map well to hardware trust models. And for the interwebs that is okay because my trust level to any web site is incredibly low, I can assume they are likely hacked and NSA-backdoored, all I'm looking for is protection from casual eavesdropping.

I still see them far too often. My normal password patterns are different than the ones presented but still several words long. Many places requiring accounts still greet me with "Password must be between 6-8 characters, and must contain at least one uppercase letter, lowercase letter, number, and symbol."

I also too-frequently get "Passwords must not contain a space". It prevents me from entering my password of "correct horse battery staple", which is really annoying.

Yes, that's the UK, where even farmland has a dense population.

Consider locations in the US like Wyoming (253,348 square km) compared to the entire UK (243,610 square km) but with a population of 584,153 compared to the UK's 64.1 million. Or states like Alaska, North and South Dakota, and Montana.

Wyoming is such a good comparison because the land mass is similar to the UK. Remove EVERYONE from the entire UK except the people of Cornwall, allow those in Cornwall to spread far and wide, wherever they want anywhere on the isles, and then hook them up with new infrastructure regardless of location. That's about how sparse one of the least populated states is.

Most Europeans fail to understand just how sparse the US really is. While the US is nowhere near as sparse as Australia or parts of Africa, except for a few cities most of the US is quite sparse. I've talked with quite a few people traveling from Europe who flew into Las Vegas and traveled to the Grand Canyon. It is a four hour drive -- 120 miles -- of desert, cactus, and sagebrush that most European visitors were shocked could even exist. Where are the people? How could there be so much empty space? Who owns the land? Google finds some images for comparison: Here is Alaska (the largest state) overlaid over Europe. Another, the lower 48 states overlaid over Europe. The trip from Lisbon to Copenhagen is just a portion of historic Route 66, and is less than half the distance of the country.

In these US states hooking up a single remote dwelling might mean deploying many miles, thirty miles, fifty miles, or even more, to reach the single dwelling. Nobody, not even the federal government, is going to mandate that kind of deployment for £130.

Linus is doing systems level work. At systems level work, there are a lot of mediocre and bad programmers who use the common language of C++. Those who know c well are unlikely to be the mediocre and bad programmers.

That is really a truism across all fields and languages.

In the business world with business logic, there are a lot of mediocre and bad programmers who use the common language of Java. You can filter out many of them by adding a skill requirement of some other less-used languages inside that realm of business software development.

In a field where everyone is doing Ruby development and you don't want mediocre/bad Ruby programmers? Require them to also demonstrate proficiency in another language.

In a field where everyone is using C#? Require them to also demonstrate proficiency in C++ or some other language.

If you only require a single thing you can get unskilled individuals with only a single skill. If you require multiple skills you are more likely to get more talented individuals, since the talented, higher producers tend to pick up a wide range of skills.

Not quite. That only applies if the government wrongfully acquired the documents, knew they were wrongfully obtained, and used them anyway. It is typically avoided by claiming they didn't realize they were wrongfully obtained and they were acting in good faith.

Wikimedia learned of the violations through legally available public documents.

The violations were more than just eavesdropping. The publicly available leaked documents claim the NSA falsified records and used the Wikipedia trademarks to help claim the validity of the pages. Even if part of the suit gets dropped, portions of it document clear civil violations.

While the government can do quite a lot to lie and convince others they are not the government, the Lanham Act is clear that the federal government is liable at the very least for their spying program disrupting the site and using their marks. Specifically in 15 USC 1114, it is against the law for "any person" to reproduce, counterfeit, copy, or imitate a registered mark when it is likely to cause confusion, or to cause mistake, or to deceive. Deception is exactly what the government did. The law continues: the term "any person" includes the United States, all agencies and instrumentalities thereof, and all individuals, firms, corporations, or other persons acting for the United States and with the authorization and consent of the United States, and any State, any instrumentality of a State, and any officer or employee of a State or instrumentality of a State acting in his or her official capacity. The United States, all agencies and instrumentalities thereof, and all individuals, firms, corporations, other persons acting for the United States and with the authorization and consent of the United States, and any State, and any such instrumentality, officer, or employee, shall be subject to the provisions of this chapter in the same manner and to the same extent as any nongovernmental entity.

That is quite clear, law twice declares that nobody in government is immune from that law. They stated it twice, just to be clear that it applies to everyone in government. :-)

Yet another reason to push shared providers for ECC memory. The error correcting memory is so far not vulnerable to this attack, all the researchers that have tried it report that ECC memory identifies and corrects the corruptions. Of course some attackers may have found a way, but ECC minimizes the risk

Amazon says it uses ECC in their AWS machines, but other big hosts like Equinix say that ECC memory is "available". Be careful about your hosting, folks.

That is what I see all the time as well, and I know they won't get filled.

Market rate is set by both the buyer and the seller. Or in this case, the employer and the employee.

How do I know they will struggle to get the good people?

Because of employers like mine!

We've got similar skill requirements and six month contracts that on the low end START at about $50/hr, with many going for $75/hr, $85/hr, or more. That's what we pay to get skilled people. Many apply, there are lots of people with documented successful histories, and we can choose among people with fantastic abilities.

While the employer may eventually find someone who will take the contract job for $30/hr, that is below market rate for talented people. Eventually someone will get desperate enough for it, or maybe they'll be gullible enough for it, and they'll take the job. It is not really a shortage of workers, just a market force at work.

Some workers will demand too much money for the skills they offer, some employers will offer too little money for the skills they demand. In both of those cases the market tends to work itself out, with either the workers eventually settling for lower paying jobs or the employer eventually settling for lower quality workers or higher rates.

It is actually kind of sad if you know their history.

Back in the day they were competing with Palm, and had Windows CE and Pocket PC 2000. When PocketPC 2002 came out my employer switched over from Palm and I got to rewrite a bunch of tools. They did pretty good for a while with Mobile 2003, and Windows Mobile 5. It knocked Palm down several notches in the mobile market, with Palm losing value and getting bought out in 2005.

The fun thing about that era is that there were phones with PDAs in them, you can go back to "Pocket PC Phone Edition" for that. Each version of Windows Mobile supported running in phones, but they never took off.

The iPod was getting some power and some apps, but I loved that with a single CF card I could have my entire music library on my device; the Axim x51v used the same audio chipset as the iPod of the era coupled with better playback software where you could mix and such. It also offered all kinds of apps making the device useful for the other common tasks of the time like calendar, email, and web over both wifi and bluetooth.

Again you could get phones running WM5 and WM6 with all their apps, and in late 2006 they had 51% of the market. Blackberry had 37%, Palm was 9%, and Symbian at 9%.

Then came the iPhone. At the time I didn't really see the reason for the hype, when it came to processor power, memory, and even 3D graphics the iPhone was less powerful than my Windows 6 phone.

As the numbers came back, iOS rose and WM feel by the same percent; the other companies were flat in market share. By early 2007 Windows Mobile drooped to 42% and iOS was at 11%. By 2008, WM had 29% and iOS 19% and Android had entered at 2%. By 2010 Windows Mobile devices had dropped to 7% market share, Blackberry had dropped to 25%, Palm to 3%, and Symbian at 2%.

Phones running Windows Mobile continued to exist, but that's about it. Three more versions of Windows Mobile, the three editions as Windows Phone, they have never been able to get their market share back anywhere near 2006 levels.

We see articles about how few people are scientifically literate, and so many on Slashdot decry "We are geeks, we understand science!"

Appearently, nope!

Scientists, the astronomers who spend their days and nights studying the stars and planets, people who are intimately familiar with the definitions, and people whose life work and career funding depend on them, came up with a set of definitions.

The definitions draw a line somewhere, and you can argue they are as arbitrary as a meter and a kilogram, or a foot and a pound. You can spend your days arguing that the measuring stick is the wrong size, or spend your days convincing the rest of the world that they need a different measuring stick, or otherwise be a nay-sayer and contradict the consensus of the scientists.

But to decry that because you learned something one way, therefore that convinces you forever, that's just plain stupid.