Otherwise it's potentially just a matter of inserting a tiny reprogramable USB stick when there are few cashiers on and the cashier who is on isn't looking for a few seconds (ie two people walking into a Staples store can pull this off really easily).

Indeed, so much this.

I've seen open USB ports on all sorts of POS terminals and it just boggles my mind, especially because I've been in industrial environments in small companies where hot-gluing USB ports shut is a matter of course.

You can buy a USB flash drive that sits almost flush and if you take a little bit of elbow-grease and sandpaper, you can get it to sit flush easily.

So I don't see how big companies like Staples, who have the actual budget to look at security this way, don't even bother to do the basics like this. It's time we start fining/class action lawsuit-ing firms that don't even do the least bit of security, with amounts of money that actually hurt and not take "5 minutes of profits" to pay.

--
BMO

What I really want to know is how did the FBI figure out it was the work of North Korean government agents.

"Never let a good crisis go to waste". They don't seriously think it was North Korea. Instead, there is an ulterior motive for blaming North Korea.

Apparently this critter is so new that by the time we checked, only a few AV companies had caught on to it.

What this shows yet again is that anti-virus scanners are a flawed methodology. There will always be a delay between a virus being released and the signature updates getting to the clients. It's inherent in the concept.

Unfortunately, some early technology journalists were partially responsible for this because, in reviews, they ranked anti-virus products that identified threats by signature higher than ones that identified threats through behaviour -- and this was because signature analysis also provided a name to the threat. In other words, the flawed idea that if you tell the user a name for the threat, you provide better protection than if you just block it. This reinforced the concept of signature analysis and slowed down research of identification of threats based on generic behavioural patterns.

Peer Name Resolution.

The problem is that it's patent encumbered, by Mickeysoft, so it's useless.

There is also something called Hierarchical DHT-based name resolution.

Abstract:

Information-centric network (ICN) architectures are an increasingly important approach for the future Internet. Several ICN approaches are based on a flat object ID namespace and require some kind of global name resolution service to translate object IDs into network addresses. Building a world-wide NRS for a flat namespace with 10^1^6 expected IDs is challenging because of requirements such as scalability, low latency, efficient network utilization, and anycast routing that selects the most suitable copies. In this paper, we present a general hierarchical NRS framework for flat ID namespaces. The framework meets those requirements by the following properties: The registration and request forwarding matches the underlying network topology, exploits request locality, supports domain-specific copies of binding entries, can offer constant hop resolution (depending on the chosen underlying forwarding scheme), and provides scoping of publications. Our general NRS framework is flexible and supports different instantiations. These instantiations offer an important trade-off between resolution-domain (i.e. subsystem) autonomy (simplifying deployment) and reduced latency, maintenance overhead, and memory requirements. To evaluate this trade-off and explore the design space, we have designed two specific instantiations of our general NRS framework: MDHT and HSkip. We have performed a theoretical analysis and a simulation-based evaluation of both systems. In addition, we have published an implementation of the MDHT system as open source. Results indicate that an average request latency of (well) below 100ms is achievable in both systems for a global system with 12 million NRS nodes while meeting our other specific requirements. These results imply that a flat namespace can be adopted on a global scale, opening up several design alternatives for information-centric network architectures.

http://dl.acm.org/citation.cfm...

--
BMO

If we look at jet aircraft, wear depends on the airframe and the engines, and the airframe seems to be the number of pressurize/depressurize cycles as well as the running hours. Engines get swapped out routinely but when the airframe has enough stress it's time to retire the aircraft lest it suffer catastrophic failure. Rockets are different in scale (much greater stresses) but we can expect the failure points due to age to be those two, with the addition of one main rocket-specific failure point: cryogenic tanks.

How long each will be reliable can be established using ground-based environmental testing. Nobody has the numbers for Falcon 9R yet.

Weight vs. reusable life will become a design decision in rocket design.

Until they stop playing games with hidden and required patents, their talk is just BS. They have shown they have no intent to change that model time and time again, this round is no different. You can open source something that requires a DX call but if you don't open source DX and threaten anyone who does with patent suits, is there a point? It is hollow BS for all the same reasons. Don't buy the PR meant to distract, the underlying mechanics are still the same. They are antagonistic to open source and that won't change at a level deeper than the public messaging.

          -Charlie

If this actually turns into an El Nino year (the forecasts for this are mixed, but generally unreliable either way) this may be another flood year

Sorry, but El Nino only brings large rainfalls if there is a very large El Nino event. Since we know that it won't be a big El Nino year, don't look for help from this direction. However, there are other factors that affect the weather on a cyclic basis and, if this winter isn't very wet, California should be in for a wet winter soon.

You can't just build desalination plants overnight,

No, but you can restart mothballed plants.

The real question is, what does an average average californian rainfall look like.

There is no such thing. California is a very diverse state, with very different climates in different areas. California has both the highest point in the lower 48 states (Mount Whitney) and the lowest point in the lower 48 (Death Valley).