"I realized I have this incredibly powerful device, why can't it figure out the right size for me?" he said. So, he challenged his team to make the software automatically size the text into the center of the screen when he double-tapped around a webpage."

This is why we're in such a sad state with regard to software patents. This guy genuinely believes that he "invented" something. And that it should be patentable.

Of course, anybody who has actually built anything knows that what he actually did was "decide how something should work". You do this dozens of times when putting out a new product, and it's not in any way a big deal. Certainly not something you should call "inventing", and absolutely not something that you should consider patenting.

It's just one of thousands of design decisions you make. It's just sad to watch people who don't understand that making things worse for everybody.

I also enjoy that he has to attend a 'coaching session' where they teach him that University policy is sacrosanct -- and he has to pay for it as well as write a "spelled-checked [sic]" research paper about his coaching session (WTF is there to 'research' about an hourlong chat?)

What's even more bizarre is why this app exists at all. PeopleSoft's "SA" module that UCF is using for registration includes a waitlist feature that already does all of this -- actually, it's better, because it just pops people off the stack when a spot becomes available.

So, let's be clear:

- UCF willfully refuses to enable the waitlist option in PS

- Student uses a public interface to replicate the functionality

- Star chamber declares the student broke a nebulous IT policy and that he has to write humiliating 'research papers' as contrition.

And people wonder why higher ed is less and less valued...

I'm pretty curious about the initial break-in on his .mac account. I suspect that either he's misremembering and he has used the password elsewhere (and it was compromised there -- easy to happen over so many years of use), or it wasn't very strong to begin with and it got guessed after a handful of attempts.

There are a handful of takeaways from this:

- Backups, obviously. A lot of people here so far are mentioning online backup services, but those would be just as vulnerable to this kind of attack, since they're accessible online and use an email account for password resets. Online backup services and physical offline backups solve different problems and it's a good idea to use both.

- Since I haven't seen this mentioned anywhere else: I wonder if it's time to consider keeping a "secret" email account that's only used as the password-reset account for all of your services? Something that you never use for communication, never publish anywhere, something with its own entirely separate password.

- Be careful about owning multiple devices from a single vendor that provides remote access and other kinds of control to those devices. Mobile devices are inherently insecure; they shouldn't carry sensitive personal information, ever. There are a lot of really good reasons for going with a single vendor, and remote wipe is a really valuable tool in case of theft, but the downside is ... well, this.

- Use some kind of password storage mechanism. (I prefer something that's not tied in to a publicly-accessible service.) I've made a game out of memorizing horrible passwords, and can recall quite a few without any patterns or mnemonics or the like. Still, I use KeePass every day anyway.

And maybe most of all: I doubt there's a single one of us that has a moral high horse to ride on this. Everybody always has something better to do than set up a new backup system or dick around with something that will only maybe hurt them someday. I'm constantly harping on other people about backups, but only a couple of days ago got my development machine on our network backup system; I'm pretty anal about passwords, but still I'll panic pretty badly if my laptop is ever stolen, because in there, somewhere, is probably a plain text password stored in a file that I've forgotten about, and there'll be a chance that I'll forget to change that particular password if I find myself having to suddenly change every single password for everything I've got access to.

By way of example, several years ago I sold tools at Sears. Sears had spent decades building consumer confidence, particularly in their Craftsman brand. If you bought a Craftsman tool, and it broke for any reason, they replaced it, sans receipt. As a result, this warranty was transferable - there were no questions asked. While this policy certainly did not extend to every product sold at Sears, it did exemplify a commitment to service and quality: in the words of one older person I talked to once "if you bought it at Sears, you didn't have to worry."

As time went on, Sears was able to increase profit margins by slowly restricting the tool warranty, and using crappier parts. The obvious problem was that once Sears lost its reputation as a "you don't have to worry about it" store, it had to compete with stores like Wal-Mart on price[0].

The interesting problem here is not the Sears strategy, but the fact that it takes years for the effect of reduced quality to become obvious: in the short term, consumer confidence in the brand is still high, so the worse products are bought for the same prices, under the assumption that the quality is still high. By the time consumers on the average figure this out (when your drill wears down in 3 years instead of 10), someone that made the change has been able to demonstrate clear savings to the company and move on.

Several people have suggested solutions. The first one I hear thrown around is "get rid of executives." I think this is shortsighted in the same way that getting rid of a good IT department is. Certainly some executives are useless, but "get rid of the bad executives" is vacuous. A more compelling solution is to create incentive structures that encourage "bad executives" to be good ones, such as incentives which outweigh the short-term gains gotten by reducing, say, IT spending. For instance, I've heard it suggested that companies use long-term equity, say 15 years out. I'm not sure how that squares with moving from company to company, but it's interesting.

[0]This is not to say that the Sears quality-first business model was sustainable, merely that there was certainly a tradeoff, the effects of which take a long time to see in total.