Security for a web app is about understanding that people will be breaking your system and hacking your system, so the goal is to reduce what will be able to be hacked, control the fallout at each stage, control the separation of duties between the web developers, database admins, and says admins with root, and alerting when anything happens on a system.

Security is only as good as your ability to make it work without any one person trusting the other. The system has to be built on lack of trust of any one person in the system. You have to assume that some new-hire is going to a potential problem.

Social engineering or internal crime rings are way worse of a problem for "secure sites" then a hole in some java code.

But with that said, the way you make a secure site starts with a multi-tiered approach having web front ends, an application tier, and a backend database.

Separation of the web front ends, which you assume will be hacked. You remove any and all potential vulnerabilities, services, processes running unnecessarily, compilers, and anything else not necessary to run your web application. Put in place a high alerting system triggered whenever anything changes on a system and potentially rebuilds the servers upon reboot at the most extreme end of things. Have the network rules setup to only allow the single application port from the web servers to the application servers. Don't allow any other traffic.

Next the application layer has a similar lock down removing anything and everything not required to run your app. Only allow the network traffic for the specific ports for the database from the application server.

On the database server maintain adoquite backups and lockdown proceedures for all data.

With all that said, your application needs to go through a security review with several people making sure you're not doing stupid stuff such as: making system calls leveraging variables supplied by end users, make sure to verify every one of the users inputs scrubbing any potential SQL injection, and make sure to double and triple check any time input is leveraged by the user along with a system call, database call, and of opening files or pipes or anything of the sort. The use input is where the hacking takes place.

Anyway, that's how it's done by the big boys. Good luck.

Um, no duh! Of course Google would prefer to get rid of all patents. If you look at their business model it's all about 'ad revenue'. What do they care what software or hardware you run their ads on? The more software and hardware that hits their ads instead of other people's ads, the better.

So if they abolished all apple's patents (and everyone else for that matter) and people could make the best mobile device for free and not pay homage to any license (ie. java, or other), then there would exist more, cheaper mobile devices running android, and thus, hitting their ads.

So Google has nothing to loose and everything to gain if the patent system were dissolved over night.

I don't think it's fair that it is just assumed that people will choose to do bad behind closed doors. I think the problem is the reward system is off balance. If a game truly implemented a true eco system of consequences and rewards for doing good vs evil you would see a different picture.

I, for example, played the game "Black & White" and your kingdom would morph to how you portrayed yourself. I actually was good "all the time" while I played that game. I slowly learned that the rewards for being good the whole time was limiting vs what could happen when you were evil. I only tried being evil once the reward for being good seemed to stop the gameplay.

If a game fully implemented repercussions for hitting civilians or doing evil, people would choose to do good. But when there are either no repercussions or just pure "cool eye candy" for killing people without consequence, people are really just looking to explore the dynamics of the game, they're not trying to do evil. So ultimately it comes down to the game designers making evil actions more appealing than doing good. That's the paradigm that would need to shift ...

Just think, if you killed a civilian in a mission you had to sit out a round or two in multi-player ... or if you had to go through an extra training course... This could also playout to be repercussions for 'friendly fire', instead of just disabling friendly fire all together. People would pay more attention to the goals of the game and stay more true to the role they're playing.

With "counter-strike", people choose (or get selected) to be on either the terrorists or counter-terrorist groups... same thing with most all multi-player games. In a way the "counter terrorists" are the good guys, and the terrorists are the bad guys... The bad guys kill the good guys here. Why not put civilians in the terrain and in the city? If a terrorist killed a civilian they would leave a blood trail behind or have to hide the body, or someone would scream and they would be easier to find, etc... There would be real repercussions for doing this. And if a 'counter-terrorist' killed a civilian by mistake or because it was a hostage or something, he would need to sit out for like 2 minutes or something before being allowed back in....

So the long and the short of it is, it's impossible to base people's decisions to do good vs evil with the games designed today. There is ONLY reward for doing anything the game lets you do. And people like to push limits to things to see what the developers created. Once they get their hands slapped for doing it, they probably won't do it again -- and if they do, they will have to work extra hard to undo the damage they had done.

Why would anyone need a framerate faster then the refresh rate of the display refresh rate you're using?

I've never understood why anyone would push a graphics card faster then the refresh rate of the display you're using. Why not just cap it off at the max refresh rate, and let the card take more time in rendering each frame.....

It seems as though there should be some sort of "dynamic rendering" option. You want the framerate to match the refresh rate of the monitor, so why can't the rendering engine decide what to spend more or less time on?

For instance, there are the core objects and lights and maps that make up the main scene, then from there there's particle engines, reflections, additional shading, etc. If the card has the capability to do 500 fps, I'd rather it focus on making a REALLY AMAZING 90Hz or 120Hz (or whatever my refresh rate is)....

And the flip side is true as well. If I'm playing a game, I'd rather it keep up with the monitor refresh rate rather then paint a pretty picture. It doesn't make sense for it to a beautiful scene while I'm getting whomped on.

The rendering engine for video games should dynamically choose what to render based on what your computer is capable of. All special effects and anti-aliasing and everythiing should be turned on when it starts up ... and it should scale back the unnecessary items as it can't keep up... and throughout the game one room might have different settings on than another depending on everything going on.

My thoughts exactly. Apparently with how we got modded I'm guessing slashdotters don't share the same opinion.

I really do think this is the right move. Being on the Internet is a privilege not a right. It's like driving on the autoban. If your machine is crippled, get over in the slow lane and stay there or you will get hurt; if your machine is healthy and strong open up the pipes and let 'er rip. Most people with a droned computer won't know any difference if their being filtered and throttled. Who cares??? It fixes the rest of the world and they dont even know the difference. And if they do figure it out, even better cause they can fix their problem and have their service fully restored.

If your computer or your network is doing harm or attempt to harm a 3rd party it's just as though you punched them in the face.

I would be all for it if we could have these drones identified and kicked off the internet until they are proven decontaminated. This could be all handled at the ISP level. Maybe even just an "outbound filter" being put on these connections restricting their access down to HTTP port 80 and 443 traffic. With online web account the typical person uses gmail, yahoo mail, hotmail, facebook or some other form of email that doesn't require an email client configured. And if their email client doesn't work... who cares. They should be shut off the internet until they get their machine fixed.

Being on the internet isn't a right, it's a privilege being governed by the free market and 3rd party private companies.

A typical ISP reserves the right to drop you from service for any reason. They aren't required to keep you as a customer. I believe that greed within these entities keep this from happening. They don't want to risk reducing their customer base even 1%.

So getting back to the typic of this post, if a prescience could be set of what is considered intrusive from one machine to the next, the government could mandate ISPs to shut down these systems at the request of a 3rd party which could provide evidence that this machine is attempting to do something malicious.

If this happens then basically any machine trying to hit ports 139 or spraying ssh connections all over the internet, or smtp email all over the place, all these things could be shown as intent to harm a 3rd party and be shut down... And once it's down, they can resolve the issue and bring it back online.

If I were a cop and saw this dude.. I'd pull him over and say, "Um, let's see how this thing fairs on the freeway.."

I think I have an easy solution to this. I'm not an analog expert by any stretch of the imagination, but I did use modems (300 baud modem all the way up to a 56k).

If you could make a cradle where you slide the phone into it, the purchaser's phone would send it's public_key to the purchasing system, which would then send it's public_key back to the purchaser's phone -- encrypted with the purchaser's public_key. Then the purchaser's phone would send the payment information encrypted with the public_key of the purchasing system -- and the acknowledgement of successful transaction would be sent back encrypted with the purchaser's public_key, then one more final "ack" from the purchaser's device to the system saying that it received the transaction confirmation. DONE.

I don't know how much bandwidth is there between the microphone and the speakers, but instead of just relying on the 'inaudible space', why not use the whole bandwidth? They're close enough, it won't be that much of a bother if it's in the cradle. I can't imagine this to be nearly as fast as swiping a credit card. But if you consider, swiping the credit card, waiting for the authentication, then waiting for the signature, then waiting for the printing out of the receipt, etc. That whole thing can take a minute or so depending. So if this system basically made it so that your receipts are all electronic (no paper print out required when using this system), no requiring another signature to use the device, and all you have to do is slide your phone in a slot for 30 seconds to a minute to complete the transaction, it nulls out the time and makes for effective use of technology.

It might FEEL like you're waiting forever for the handshake.. but people would just need to realize what busy work they're saving themselves, and plus the store is saving a ton of headaches as well not having to keep track of the physical paper receipt signatures. The credit card processors would appreciate that as well.

To really make this "safe" as well, you could have the software on the phone require a password to be entered on the device to "unlock" the encrypted "credit card information" within the phone for 2 minutes or whatever. After that 2 minutes of you entering the password, it auto locks and requires the password to be entered again. So if you loose your phone or someone steels it, they don't knwo your password to unlock your credit card information in the phone....

Anyway, there's my free $0.02 on how to make this work. :)

Maybe they're the ones causing spam to exist? Wouldn't put it past them.

Um dude, seriously?

Apple is moving to "iCloud" and had invested billions into a new data center promoting this initiative. This wasn't a "new idea because somebody posted an app they thought was cool so they stole it" type thing.

They had been moving this direction for a long long time. Syncing via wifi was next.

As far as the logo, they came up with the logo the same way you did. Take "iSync" + wifi + icloud brushed metallic look and bam, you have their logo. No brainer.

Syncing via wifi had been a much requested and anticipated feature. Not a fly by night ripoff idea from a Joe blow submission.

Jam wifi & cellphone frequencies or put material on the outer walls to not allow the frequencies in.

Lame.. what about game rentals or taking it over to a friends house to play for a few hours? NO way..

I don't think that "forking the internet" is all that bad of an idea if we want to keep it "open".

The way to fork the internet, while maintaining accessibility is through tunnels.

Basically a specific open-source secure tunnel bridge application should be created which can connect to various different portals into the "new internet", and the list of "tunnel portals" should be maintained via some peer-to-peer/signed method much like BGP but with an authoritative signature.

This way servers and websites can join the "new network" exclusively, and have a web plugin which would be able to know how to use this "new internet" and connect to sites through these portals until they're able to join this network by choice through their provider.

I would think it would help create something from the ground up on IPV6, and at the same time I would implement a new form of "sendmail protocol" which leverages encryption and a public / private key system to not allow people to send you spam unless you've added their public key to your email program. People can put their public keys on websites so if you want to send them an email you can grab their key, but unless they've added your public key to their local settings they can't get email to you.

Sure, lots of people want to be able to receive email from ANY source, to attract new business or whatever, but that's where form mail on websites is handy and also having a phone handy. You can call someone and say, "i met you at CES and want to send you an email, can you add my key?" And if they want to talk to you, they can enter your email address and grab your public key from your website. If you dont want to ever talk to anyone or have them talk to you to get emails, use a form email system on your website.

When are they going to switch to a different filesystem? The fat32 4GB file size limitations makes HD video a pain to deal with as well. Currently canon cameras stop recording when the file size reaches the maximum and the user has to see the recording light stop, and hit record again. A better interum solution would be to fill the 4GB file size, increment the filename by one, and keep going. I don't understand why they don't do that... it would be a simple firmware fix.

Ironically I have been following this topic for a while. Today EMH Classical has launched 6 of their newest and most popular recordings as exclusive iTunes releases. A classical first.

http://itunes.apple.com/us/artist/emh-classical-music/id385488162