I can't imagine that the DoD would be happy with DHS clowns guarding something that they actually cared about. Though, if the alternative is G4S, maybe they'd take it. I'd certainly want to be rid of whoever thought that training with doctored MILES gear was adequate.

The 'feature' occurred on Windows Phone first, not sure exactly what version. I assume that it made a great pitch to prospective carriers, since they all love offloading customers onto anything that isn't their data network as often as possible, and typing passwords into your phone is a pain, so automating it likely increases network offload considerably.

Just as they say, in the context of backups, that 'if it isn't automated it won't happen'; there is likely to be a considerable difference in the rate of unintended leakage between a 'yeah, I guess I did tell Bob the password, he could pass it on' and 'the password spreads through your entire social group like a bad chain email'.

This sort of 'friend/acquaintance' attack attack is also exactly where slightly-too-automatic automation makes it really easy to bypass what limited good sense about security humans do have.

If, say, Alice and Bob have just had a messy breakup; it would be fairly obvious to any mutual friend of the two that sharing one's wifi password with the other, or a known friend/agent of the other, is something that they wouldn't like. They might do it anyway; because people are assholes like that sometimes; but it would be deliberate. Social-engineering somebody in that situation into telling you the password might be vaguely tricky. Social-engineering them into making you enough of a contact/friend/whatever on the services that this 'wifi sense' system uses to receive the password should be absolutely trivial; quite possibly already done.

I suspect that it isn't for nothing that this 'feature' first appeared on Windows Phone; carriers adore the idea of getting the filthy customers off the cell data networks they pay for and onto wifi as often as they can, and don't much care about a bit of collateral damage inflicted by dumb implementations.

What I would like to see explained in more detail is the claim that 'wifi sense doesn't reveal your plaintext password' during the sharing process.

My understanding was that(except WPA2 with RADIUS and a suitably chosen EAP) there isn't any provision for authenticating to a password protected AP without knowing the password. The AP itself might be able to destroy the password after it has been set, saving only a hash, as is good practice to keep more important sets of usernames and passwords from being compromised; but the client requesting authentication needs the password. The non 'enterprise' cases were designed to be easy to use, not particularly clever; and MS has limited room to get creative without causing nasty breakage on large numbers of variously dysfunctional legacy APs.

With a proper full WPA2 setup, or with one of the 'no authentication at the AP; but captive portal and/or VPN is the only way to access anything interesting' arrangements, you have more options; but how can you 'share' authentication to a WPA-PSK or WEP network without also sharing the key? Did they actually come up with something really clever, or does the UI just not show you the password, thus 'hiding' it?

Surely this is the logical place to insert "In the public sector, they cut corners to waste money!" and then talk about military contracting for a while.

Did you bother to even skim the article? It was essentially entirely focused on human and organizational risk factors, the sort of thing that anthropologists do actually study, in US nuclear facilities and preferred methods of securing them.

If the concern is "will the roof resist a hardware-store-improv mortar attack?", sure you don't want an anthropologist on the job. If the concern is "so, will the guards notice, give a damn, and do something about it; or will I just have to walk past a token force optimized for cheating its way to passing grades during perfunctory audits at lowest possible cost?", that's an anthropological question. And the answer appears to tend toward the latter.

The are a good modern alternative (and cheaper than a BBC was, back in the day!). The LPC1768 has the same amount of RAM as the BBC and a bit more flash than the BBC had space on a floppy disk, and has analogue and digital I/O pins, as well as serial (which the BBC had with RS-423), and a few things the BBC lacked (Ethernet and USB).

I also use Safari, though I'm still pissed off with them for combining the URL bar and search box (which means that I keep typing one-word search terms and having it try to resolve them as domains, which then go in my history and so become the subject of autocomplete. The only way to avoid it is to get into the habit of hitting space at the end of a search, which is no saving on hitting tab at the start to jump to the search box). Chrome doesn't properly integrate with the keychain. I use Firefox on Android (self destructing cookies makes it the first browser I've used with a sane cookie management policy), but overall the UI for Safari does exactly what I want from a browser: stay out of the way.

TFS is nonsense though. Developers don't know what's going to be in the next version of Safari? Why don't they download the nightly build and see?

Or maybe XOFF then XON (Ctrl-S, Ctrl-Q), although that might not count as keyboard activity.

Surely the proposal will be scuttled when the realize that driving the gambling operations out of the province will sharply reduce the number of them that give due prominence to French language text; and acknowledge the right of the people to lose money without brutalizing exposure to anglicisms.

Technically the gun 'works'; but the vendor is too half-assed to actually provide drivers for the gun until some later revision, for which we will presumably pay more.

Optimists prefer to focus on the fact that, in order to preserve the oh-so-sexy-low-radar-signature design, the system only holds 200 rounds, so nobody expects much of it even when the pilot is able to use it.

Meh. When I was an undergrad, you really needed to understand netmasks if you wanted to set up a network for multiplayer games. Now, it's much easier (although Windows makes it stupidly hard to create an ad-hoc WiFi network. No idea how people think it's ready for the desktop), and you can do a lot without caring. I can't remember the last time I needed to know about them.

The point of this is not to enforce it, it's so that you can justify doing the right thing to management in the name of standards compliance.

Is there anywhere that the 'Warrior' design actually exists in any form more advanced than internal or very-select-partners-only engineering samples?

Based on what is written about them, they seem fairly interesting; but they don't actually seem to exist anywhere. You can get relatively low end MIPS cores in a lot of routers and such (ramips based devices and some broadcom) and much punchier hardware from outfits like Cavium; but the field is pretty empty of the 'warrior+powerVR' SoCs that are proposed in various slide decks. The CI20 is still based on the JZ4780, from Ingenic's 'if you really can't afford a fancy Allwinner' line of penal CPUs; but no warrior.

It seems like a commonplace that not every line-of-business java slinger is going to make use of the more elegant mathematics being worked out on the edges of 'computer science'; but isn't this issue already addressed by the fact that things like 'software engineering' are distinct courses of study, with a different emphasis?

Also, why do we care what a former biologist, now sci/tech article writer for the WSJ has to say about technology-related education? Is there some connection that I'm missing?