I agree with your final conclusion that they're screwed, but your understanding of encryption and software is a little off.

Assuming that they are using widespread password encryption practices (i.e. only storing a salted, hashed version of the password) then they never convert the encrypted data back into plain text for authentication. Instead, they salt/hash the password that the user has entered using cryptographically strong but publicly known algorithms (no secret keys) and compare the result to what is in the database. Brute-force or dictionary attacks can be used against this, but there is no such thing as a decryption key that can reverse a hash operation.

I disagree that their encryption scheme would be unsophisticated for the reasons you provide. Applications do not typically examine the password field on a substantial portion of database calls. Applications do typically use strong cryptography during authentication calls and the overhead is not prohibitive. If they are using XOR to encrypt passwords, it is not for technical reasons.

I have implemented PCI compliance solutions. 30% only means that the hackers are lazy. You should be more frightened.

When you are talking about 77 million people, you will have thousands of people with their credit card data already compromised for various common reasons, but they will blame this Sony breach for their problem rather than admitting that maybe their local bartender learned to write or that their personal data has already been for sale for years. Unless it is found that Sony was storing unencrypted credit card numbers or that their encryption keys were compromised, people reporting unauthorized transactions from a sample size that large doesn't mean much.

Sorry for being a few days late, but I noticed a schism between those who know PCI-DSS and those who don't. I won't insult you with the obvious things you can search online, but the basic idea is that if you are storing credit card info, you have to encrypt it strongly and keep the keys safe. As I implement PCI-DSS for a living, I would bet that somebody definitely had access to (but might not have found) encrypted credit card data, and since Sony can't be sure who it was they had to cautiously tell everyone about the worst case scenario. Since the only true protection in today's encryption is time, just change your password and credit card number today (I know it sucks), and you will be safe for now. - j

The syntax from socket programming, like send, receive, and listen, seems well suited for situations where both sides can act as clients or servers. Both sides would use the same syntax, each naming things from its own perspective.

In response to those quoting studies recommending complete tech abstinence, I respect your goals and welcome your information. However, as with many things, while fools should abstain, some can use wisely. My 1 year old spends most of her time playing with peers, playing with toys, and acting silly. In small doses we count, write, play music, read, use laptops, stargaze, philosophize (yesterday she suggested that wild animals might move into barns if we offered them noodles), and I am constantly amazed at her. Her IQ is off the charts, she is already in age 3 classes, and while we can debate whether technology helped or hindered, my deep opinion is that everything I expose her to increases her sense of wonder, and that is what is giving her this wonderful momentum. If you just shove a computer in a kid's face and walk away, you're likely doing it wrong.

My 22 month old mostly plays with physical toys, but after seeing her love banging on a piano, I decided to let her play with my midi controllers (supervised, no liquids). I will load up a virtual synth, put on an arpeggiator sometimes so she can make more structured sounds, or put on a drum kit, and then she'll go wild on the keyboards/drumpads. You can find used midi gear dirt cheap, especially if a few keys are broken (toddler won't mind). She also has figured out the controls for VLC (video player) on her own. If you have gear that you don't mind breaking, you'll be amazed what they figure out so young. Just be sure to spend way more time outside than inside and they should be fine. She also likes to play with touchscreen drawing apps on my droid, but she has even dialed 911 by accident so I can't recommend it without constant supervision.

All you need to code Twitter is any language that can wrap SQL....

Add tweet: INSERT TABLE x (x) VALUES (@x, @userId)

Retrieve tweets: SELECT * FROM x WHERE UserId = @userId

I do respect some aspects of Scala, but using Twitter as a mark of success is worse than Hello World.

What is more likely:
1. China is conducting military hacking activities against allies in such a way that will attract negative attention.
2. China has a lot of easy-to-hack computers that more sophisticated non-Chinese hackers are using as relays for their own hacking.

Perhaps it is both, but I would bet that there is a whole lot of #2 going on.