They're even stupider than you think. The police didn't have a search warrant, so they just asked if they could come in, and the people in the apartment said yes. Can you believe it? They've got $35mm worth of meth and they invite the cops in? They must have been under the influence of drugs at the time...

By the way, to give credit where credit is due, it was detectives from Palo Alto who found the meth, not San Jose police, although the apartment was in San Jose.

This software doesn't work at all! I downloaded it and it installed fine. Then I ran it, and waited for like hours, and no beer yet! Here I am sitting with my mug under the USB port, and nothing is coming out. Jeez. Damn open source software. The USB port is for input / output, right? Well, where's the damn output?

It said something about hops, so I did lots of hopping and even a little jumping, but to no avail.

Wait a minute, it's saying something about adding water. Let me go pour some water into the keyboard and see if that helps...

This is BS. I'm posting this from my mobile phone while speeding down the freeway at 80 mph, and look no problems whatsoev (*&$&*# NO CARRIER

I think "properly written" is the key phrase there, which applies to any technology implementation.

Ideally, they would have used the gpg libraries or gpgme and called it directly from the Ruby code. But that's harder, so they chose the easy way and got burned.

Yeah, and I believe you. That's why I can't find any experience RoR developers to hire. Our recruiters can't find anyone either. They're all busy.

I agree. Asking the community to test the system out does show remarkable common sense and good intentions, which seems to be lacking in e-voting community.

Unfortunately, they did not have the common sense (or perhaps judgement) to hire a technical team that knew what they were doing when comes to security. Which is not good in any project, but seems like a huge lapse of judgement in an e-voting project.

They also appear not to have hired an independent security review group to scan the code and review the implementation, or if they did hire one, they hired one that was no good.

Nice troll. Actually, it's kind of a lame troll. I suppose, as is normal on /., you didn't read the report from Prof Halderman.

The initial problem was a string interpolation vulnerability in a modified Ruby library that executes a shell command to encrypt PDF ballots. That's a pretty basic mistake that has nothing really to do with Ruby or Rails. If you interpolate into a string (or concatenate data into a string) without sanitizing the data, and then execute it, you're asking for trouble, no matter whether it's Rails or Java or C. This is also pretty basic security stuff, and there are tons of guidelines and tutorials in the Rails community for avoiding this kind of mistake. There are also plenty of code vulnerability scanners that would pick this up. It's amazing that the DC team didn't use one of these to check their code.

But they had plenty of other problems such as easy-to-guess passwords and a lousy IDS configuration.

So the real problem was with the people who developed and implemented the system, not with the tools. I've seen plenty of similar mistakes in systems developed using all sorts of technologies. The developers clearly didn't have a very solid background in security. That's OK actually, as long as you have someone on the project who does and who can check their designs and implementation. Sounds like they didn't have anyone well versed in security, which seems a bit odd for an e-voting project. I'm certainly no expert on security, but I am RoR coder, and even I know not to make these mistakes.

But I suppose it's fun to bash the Rails programmers because they are in really high demand and able to command very high billing rates :-) I'll take the bashing along with the money and the ease of programming!

In other news, U.S. radars were not responsible for the highly confusing and contradictory summary posted this morning to a Slashdot story about Russia's Phobos-Grunt probe. A thorough investigation has determined that the story's chips should have been able to withstand the radiation received when the story was transmitted through the intertubes and routed over northern Alaska. Instead, investigators blamed a typing failure on the story editors. "A series of tests showed that the editing was lousy and sloppy, and disciplinary action will be taken on those responsible," a spokesman said.

Everyone who's met the guy knows that Pincus is a class A a**hole. No one I've met actually likes working there. They're just sticking around to cash out. I don't see a bright future for Zynga. All the key employees will jump ship once they can sell their stock. And what's to prevent them from copying all of Zynga's games and marketing them for less? They've got the knowledge and the experience, and they'll have the capital too. Plus the big boys in gaming are jumping in, and they will copy Zynga's games too. EA and so on will hire away all of Zynga's key people once they're free to move on. It will be a race to bottom, with everyone copying everyone else's games, probably farming out development to India or China. That will favor whoever can run the games the cheapest. I think Zynga's best hope is to get bought while they're still riding high. Of course, Pincus will do fine no matter what.

What the article doesn't say is that they're only installing this on metered parking spots. So the app will guide you to a spot where you have to feed $8 an hour into the meter, or whatever ridiculous rate SF is charging today, but won't tell you about the free spot 1/2 a block away. Of course, at the rate SF is installing new meters on previously unmetered streets, there won't be any free spots left in the city in a few years. This is all about raising city revenues.

Where is that funny & insightful mod button when you need it?

Great that they're switching to Ubuntu. I've got Ubuntu running on a little Asus EeeBox in the kitchen for the past two years. It came with some Asus-branded version of Linux that was terrible; but I dumped that right away for Ubuntu. It works great; never had any problems. It's a nice, small box, humming away under the cabinet, connected to a monitor mounted on the wall. My wife and kids use it primarily for email and web stuff, and play music on it. None of them have ever complained about Ubuntu or asked how to use it. I'm not sure my wife even knows it's not MacOS or Windows...

I'd add Kazuo Ishiguro to the list for "Never Let Me Go", which was very well accepted by the literary establishment, and was somewhat science fiction.

Most lists I've seen of the best books of the last 150 years or so include some science fiction such as Orwell's '1984', Huxley's 'Brave New World', Vonnegut's 'Slaughterhouse Five', and Burgess' 'A Clockwork Orange'.

I think literary establishment acceptance depends on several factors:
-- Writing other 'literary' books that aren't science-fiction
-- Using SF to set or enhance the situation, rather than having it be the focus of the book
-- Serious topics
-- Plain good writing
-- A setting that is closer to present-day. Seems like the farther out in the future the book is set, the less 'literary' it will be considered.

Sure, a mindlessly entertaining SF book is not going to be accepted by the literary establishment, but then again, neither is a mindlessly entertaining present-day book. The bar is probably higher for SF though; it's going to take a more highbrow SF book to break into 'literary' circles than a present-day book.

I do find it interesting to note that about 10-20% of the books that my (non-geek) wife's bookclub reads could be considered SF.

Yeah, thanks for the summary with no explanatory information whatsoever for anyone not familiar with this case already. The Ars article didn't really explain much about it either. Not sure how I missed such a huge news story, maybe I was reading about minor stuff like tsunamis...

But hey, it's /., so the summary has at least met my expectations. ;-)

I fail to see what is funny about that. If I had mod points, I'd mod it 'insightful'. I thought the movie was barely OK, but I might have to watch it a few more times now that I remember she's in it...