This vulnerability is in a TON of software. Python 2.X (which most people are still using) doesn't even allow you to verify the CN without adding a bunch of code to make it happen yourself. http://bugs.python.org/issue1589 Most APIs allow you to do it both ways, but I think it is time that they stop making it optional. If you want to use SSL, use it properly otherwise it isn't worth wasting your time with it.

http://www.androidauthority.com/t-mobile-carrier-strategy-dual-4g-164618/ T-mobile is rumored to be doing just that. They already kind of do with their value plans and having you bring your own phone. We switched to it recently from Verizon and bought two Nexus 4 phones. I have calculated that if I keep the same phone for three years which I feel is reasonable we will have saved $1200 over the three year period. The only issue is we had $750 to lay out up front which most people probably don't have. Our new plan has 1000 minutes which we will never touch vs. Verizon's unlimited and 2GB per phone vs 2GB shared on Verizon (which we probably would have broken that mark occasionally). So far the coverage has been fine but we live in a major metropolitan area so I have no idea what it it is like outside of that.

The real question should be... what games do you want now, and in the future. Just getting all games to work that I want now doesn't really help me when Awesome cool game 15 comes out and I really want it. This is coming from a person who has been using Linux for years.

When the developers leave and their is no documentation and the thing blows up... No one will know how it works. With handing the product and the documentation off to someone else this provides a final check on the documentation to ensure that the documentation doesn't suck. Developers tend to intimately know their product well and therefore will be likely to leave out steps in the documentation, because they know how to do it anyway. I have seen this a number of times. When they leave it takes reverse engineering to figure out what was done. I am a big proponent of documentation. Here is how I think it should be done:

-Development happens where they are able to test using a test environment
-Developers hand off everything to the System Admin (SA) who will install it. They then install it on a test environment as well.. If there are issues found work with the developers to solve the issue, correct the documentation and proceed to step 3.
-Install in production.

The only issue with this is step 1 and 2 can sometimes become filled with accusations. SAs think the product sucks and Developers think that the SAs are idiots who need everything spelled out for them. It becomes a lot worst when the developers are contracted out (which is common). This needs to be avoided, both parties should see themselves as working together to create a better product.

It exists in the DoD, all contractors are rated yearly in a process called CPARs (I think it is Contractor Performance Assesment Review). The basic idea is that each contractor is rated and then all future contracts, this rating is considered. They have formulas that take into account cost, CPAR, and other methods (I don't think that this is the best way to do this). The CPARs are a very big deal to large contractors, because a bad rating will harm all future contracts. I feel like smaller companies care less because they can simply just become a new company.

I personally have a Master in Information Security and Assurance that was given by the Computer Science department which meant that it had a lot of programming in the curriculum. I also have a CISSP and a few other certs, some security related and some not. I can say for this field that CISSP is far more valuable and took far less time to obtain. When I got my Masters degree I can't say I saw a large upswing in Linkedin activity. I got my CISSP and Linkedin went crazy sometimes to the point of being annoying (which is a good problem to have). Now you can blame this on recruiters just seaching for keywords, but that is how it is. Many jobs require CISSP, I don't think I have ever seen anything that required the Masters. My Masters I am sure would help me if there was a competitive position between two people and I am hoping that my Masters will help me in the long run more. Obviously your mileage will vary depending on location, chosen field, etc.

Is you can tell the truth, and still completely misrepresent the information. To see how this works, I will differ to Jon Stewart... http://www.huffingtonpost.com/2012/07/26/jon-stewart-you-didnt-build-that_n_1705264.html Recently I saw someone post on facebook "how ridiculous it was that olympians needed to pay $9K in taxes to the US". I though.. man that is ridiculous, I am sure very few athletes are going to go and sell their medals, though some athletes would have difficulty paying for that tax bill. Then I do 5 seconds of googling and find out, that they are payed $25K for each gold medal, and are simply paying on that... to top it off, to pay that the athletes would need to be in the upper tax bracket meaning they aren't struggling for cash. In other words, it is simply income and therefore they need to pay taxes on it. I mentioned it and they commented back thanks, that makes more sense though usually people get pissy because it doesn't fit with their idealogy. Then you find out that Romney, Foxnews and everyone trying to convey taxes are evil are repeating this same mis representation of the facts.

I didn't see him advocating getting rid of copyright, therefore even without the patent law, he still couldn't "pirate".

Yes because Unix is inherently secure with magic pixie dust. There is nothing special about Unix that makes it secure. Just because the implementations tend to be more secure (which in some cases is debatable) doesn't mean all Unix systems are secure. Most attacks aren't even against the kernel anyway, they are against the applications that run on top of the kernel and there is little that "Unix" does about that. Linux, Windows, and now Mac (though most people agree their implementation sucks) use things like ASLR to make vulnerabilities harder to exploit but that has nothing to do with its Unix heritage.

No problem with being the best at something and trying to sell it for more, that is called healthy competition. The problem is Apple is trying to put the Flank Steak people out of business by saying that they are the only ones who should be allowed to BBQ. They are saying that the invented the beef and the bbq and no one else should be able to do this. Just because you are good at perfecting something, doesn't mean you should take credit for inventing something and claim broadly that no one else should be able to make any product remotely similiar to yours.

The rule in security is one thing.... if I can touch it, I can break it... period. The problem with the voting process is you have to trust A LOT of people who all have very mixed motives. These machines need to to be transported to their polling place, set up by humans, then used by people. And to top things off, there is a lot of payoff if you can tamper with these machines. Voting also has a major problem, you don't want to be able to monitor them. Securing these systems well (not perfectly) could be done and the damage could be limited when they are tampered with it just isn't monetarily practical nor does it fit in well with democratic ideas such as anonymous voting. Implementing policies such as a device must be locked in a secure location at all times in a box that requires multiple keys to open and is guarded by at least 2 people would help fix a lot of the problems but would make the process so ridiculously expensive it would be insane. The answer to "securing" the vote is TO NOT TRUST THE MACHINES. Something simple like a printout that the user is given that can then be verified by the user and is then run through a well guarded tally device would go a long way to fixing a lot of the problems.

All packages are signed by Fedora or whoever the distro is, unless you turn off the gpgcheck feature then it won't install the package if it hasn't been signed. The gotcha is that if you can steal Fedoras gpg key or somehow create a collision attack, they are also screwed as well so they have the same issue.

$900 a month? That is cheap to me! I live in DC and am paying not quite double that and I know that there are some areas that are even more! I think $900 a month is about average for most major metropolitan areas.

Just out of curiosity, do you have to travel a lot with your job. I do Security Engineering now and have done IDS and Log monitoring in the past and was thinking that I would enjoy incident handling, but the thing that has kept me out of it was the 100% on call, get on a flight now to fly who knows where.