Sounds like an intranet only sort of in house application. To get an attack surface on it, you first have to break the VPN connection needed to access it. Unless he's providing remote access, it's not a security risk. From the summary, it sounded like merely centralized access, not remote access to systems using public facing web services.

I've been a programmer for 10 years now and usually its in the employment contract that anything you write related to the company's business while employed unless specifically excluded belongs to the company. In this case, it's directly related to their business operations and something they would greatly benefit from, so the copyright would obviously belong to them if he had an IP section in his new hire docs. I think he approached the company initially and they pointed to the employment contract which stated they own the copyright to his work and wouldn't pay extra for that since it wasn't something in their budget and not something they really want, regardless of how much he thinks they need it. The fact that he was paid to work for a lesser role, has no bearing on ownership of the IP if he signed a document granting his employer the copyright (and it's very likely he did).

If he didn't sign something explicitly, then varying on the state, his employer may own it depending on the conditions of his employment. The fact it's outside of his job description usually does not come into the equation since it is accepted that you have privileged access to trade secrets, etc.

I think the Department of Defense would beg to differ. They just designed a new reactor for their latest ship. http://www.fastcompany.com/blog/cliff-kuang/design-innovation/how-does-navy-design-nuclear-supercarrier-future

They're running a life support check for manned capsules, not releasing the worms on the surface. They would send a chimp, but it would be more expensive to build a test capsule that big.

What about a Bachelor of Science in Applied Sciences from the Engineering College at my University? Don't I get to call myself a software engineer? I don't call myself a Professional Engineer, but neither do other recent engineering grads and they have engineer in their titles. It takes several years work experience and an exam to become a PE in the states, and once you get it, you can put it after your name like PhD. I know plenty of mechanical, electrical, and chemical engineers who are not PE's.

In my opinion, the difference between programming and software engineering is the approach. Software Engineering is a discipline; it involves requirements, design, verification & validation of functionality, etc. Programming is just writing code.

Build or download a firmware image for your model router and DD-WRT should let you flash it from the admin webapp same as it would a new version of DD-WRT firmware.

DD-WRT is also an OpenWRT fork from what I heard, hardly an "open source" model Slashdot should be promoting.

Here's a more appropriate link http://www.spirent.com/Solutions-Directory/Avalanche.aspx

Though I would certainly research their competitors products as well before making any purchases, but this is the type of equipment that ISPs and large banks might use to test their infrastructure.

Plenty of companies out there make tools for testing this sort of thing. Spirent, Ixxia, and Agilent, to name a few all have layer 4-7 traffic generation appliance type products for stress testing.

http://www.spirent.com/Devices-and-Equipment/Base_station_testing.aspx

I bet you the engineers have faster cables using ultra-flexible fiber optics, but they likely still cost thousands of dollars to make, or maybe they can't make them durable enough yet. I work with embedded bus analyzers that have transceiver daughter boards for this very reason. It'll be like USB 3.0 devices which are compatible with USB 2.0 & 1.0 ports, though that's just speculation on my part.

This sounds like the same last mile technology I have to my 'fiber' modem, though the modem has better bandwidth at 40d/20u. Thunder bolt has 2 full duplex 10/10 copper pairs for a total of 20/20 GBps at 100% utilization, it's be interesting to see what effective file transfer speeds are after protocol overhead.

Putting the transceivers in the cable itself could mean that upgrading the bandwidth is as simple as getting a better cable and upgrading the thunderbolt driver.

It's all about money, it's expensive to get a device certified for operation during takeoff and landing. I've worked for a couple avionics companies myself, and getting the radiated/conducted emissions down to the approved levels is not always an easy task.

That being said, Amazon should pony up the dough to get the Kindle approved for use during takeoff and landing with the wireless off. I doubt there's much of a difference between the radiated emissions in its standby mode with the screen blank and when reading since it takes no power to maintain the text. They would have to test a bunch of page turns to get worse case radiated emissions and would maybe change some clock frequencies to avoid harmonics that can interfere with communication to air traffic control etc, but I doubt there would be any major hardware changes.

Open field EM testing and modifying the hardware to fix any deficiencies is not a cheap process, and it often takes many hardware revisions even when the design engineers are experienced dealing with the emission requirements.

A better analogy would be the 'hacker' walking on to a secure military facility, in real life, completely unchallenged, collecting sensitive data to prove he got in and out undetected and going to the town hall with it to present his evidence to the community to report the vulnerability.

Do you even know what a SQL injection attack is? A common one is the user/password authentication, you enter in a fake user/pass combo and put

' or '1'='1

at the end to terminate the sql string and inject additional script so after the fake user/pass lookup fails, the or 1=1 test passes and you log on anyway.

The fact that these sort of dumbass errors abound, when these vulnerability classes have been known for over a decade is beyond negligent. The fact the law says that having half ass security makes it a crime to access the computer is fine, but when millions of individuals confidential data is protected by the rule of law instead of actual state of the art security practices, it's a problem.

I'll have you note I referred to both as crimes, one is criminal mischief, the other an act of war.

Attacking the utility infrastructure versus defacing an FBI website and rooting their server without causing any significant harm are 2 very different crimes. Considering the effect the lulzsec group is having on security awareness, it could even be considered a good thing. These guys are operating for the most part transparently, they aren't hacking the servers and keeping it secret to use against the targets. Yes, it's an embarrassingly public data breach, but after compromising the infrastructure, they don't go and exploit this access stealing identities or otherwise engage in criminal activities (from the sound of it).

They're providing a service free of charge that most responsible corporations pay good money for, if anything we should be thanking them for encouraging good security to prevent embarrassment before someone does something truly malicious to all those people effected by these data breaches. Think of it this way, if you were the emperor and wore no clothes, would you persecute the person who pointed it out?