In 10 years as a software developer, I've had an almost countless number of passwords, credit card numbers, highly sensitive documents, and more sent to me via unencrypted email. Almost on a daily basis.
No matter how hard I try, people just won't use encryption. I managed to convince everyone in the office to use S/MIME, but this lasted about a week before people decided it was too much work.
It's not like they don't understand the risks so much as there doesn't seem to be any 'easy' turnkey systems out there that are cheap or free. S/MIME is included in all major email clients, but it's a pain in the arse to setup - I ended up having to do it for everyone myself.
Personally I think email clients should automatically (without user intervention) generate an s/mime key and sign all outgoing mail, and encrypt all outgoing mail where a signature is known. This way you'd end up encrypting all email without even realizing it. (Of course you'd still require user intervention to copy private keys between your different computers......)
This is a story I've seen plenty of times on projects I've worked on personally.
90% of the time the problem is a client that won't cooperate with developers, don't understand their own requirements, have a constantly moving target, and are difficult to deal with.
I've gotten pretty good at figuring out these clients before we start, and usually just decline the project if I think it's going to be too painful - but you can't pick them all.
Of course this doesn't mean that's what happened in this case, but I'd wager it was a significant factor.
The universe is massive, both in space and *time*.
Earth is around 4.5 billion years old, the universe almost 14 billion years.
Human civilization has existed for a few tens of thousands, if that. We've had radio technology for around 100 years, and who knows how long until we move on to something else?
It's entirely possible that tens of millions of advanced civilizations have risen and fallen throughout our galaxy alone, but the chances that they were also broadcasting on radio at exactly the right time to hit earth from one of the few star systems SETI has actually looked at, with enough strength for us to be able to detect it... seems pretty small.
True - but I can do that now through dozens of different music stores available in my country without VPN hacks and fake billing addresses.
The selling point for Google Music is the 'Cloud Storage' - I can redownload whenever I like, and access on any device. Without that feature, I might as well just stick with existing stores.
Proxies and VPNs are a pain in the arse to use, and I certainly don't want to be buying music only to lose access to it because Google closes the loophole. (It's like a game of whackamole sometimes, as many services will block known proxies and VPNs to stop this happening).
I presume once it's out of Beta they'll work at bringing it to other countries, so here's hoping it eventually makes it to Australia.
I had to do this a while back with a stack of old drives. I ended up just smashing the circuit board and breaking off the connector pins.
This of course will only stop a casual attacker. I'm not so concerned about the government recovering the platters and accessing my tax documents, mostly because they already have a copy.
By now I suspect they are buried in a tip somewhere, ready to be dug up in 2000 years by an archaeologist trying to infer information about the period in history where everything was lost in the terrorist EMP attack of 2150.
Not really. An open facebook invite could show up in anybodies feed, and most people take "Open Invitation" to mean "I can go if I want".
A lot of people actually organize open parties like this intentionally, and so a lot of people assume an open invitation is designed to handle larger numbers of people.
It's no different from slapping "Open Party" banners on signposts and having 5,000 people turn up - I'm pretty sure the police would hold you responsible for the turnout and any resulting carnage.
As such, why not make the host responsible for posting an open party invite? A few hefty fines for likely convince people to make events private unless they really mean it.
Facebook should also do more to encourage private events... but that's another story.
Emulator Performance is the big problem. I've tried to develop a HoneyComb app, but the emulator is so slow it's absolutely unusable. Until that's fixed, developers are far less likely to flock to the new version.
He gained access to photos from a womans Facebook account, and published them on the Internet. This woman then made a complaint to the police, which they followed up. No charges have been filed.
Nothing to see here people. This isn't a big conspiracy. Facebook themselves didn't send the goon squad. Simply the police following up a complaint by another citizen.
rsync based solutions are a dime a dozen, however they don't really replace a full Dropbox implementation.
One of the key features of Dropbox is versioning (the ability to restore deleted files, and roll back files to previous iterations). There are very few solutions out there that do this at all, yet alone as well as dropbox does
They didn't reset the password, they reset the account. (Essentially they deleted the account and allowed me to sign back up again under the same email address).
Naturally none of the data was been recoverable, however they happily deleted the account without verifying I was the owner.
SpiderOak has some serious security issues of its own.
1. The desktop client allows you to change the password without entering the old one. This means that if somebody steals your laptop, they can lock you out of your own account. Permanently.
2. I forgot my password on an account, and emailed support requesting an account reset. They happily complied without verifying in any way, shape, or form that I was the owner of the account. I didn't even send this request from the same email account that was attached to the account.
Major issues like this make me think their understanding of security is not as rock solid a they think it is, and makes me question how good their encryption is.
The desktop software is also woefully bad to the point of being unusable, their service is slow (at least from Australia), and their "Sync" support doesn't work particularly well.
Microsoft don't generally have a habit of being a Patent troll, so are unlikely to be overly concerned if some of their patents are invalidated.
Just like IBM, they would generally only hold patents only as a defensive measure against being sued themselves. It's "Mutually Assured Destruction" applied to patents.
What the fuck? I've just checked them out and am flabergasted. You're probably right about the subsidy thing; the shipping alone would be more expensive than many of the items they sell.
Slashdot Mirror
I nuked my home city with a population of 2 million. It reported 20 fatalities.
I'm guessing it's using aggregate population density data for Australia.
Like a big pizza pie?
In 10 years as a software developer, I've had an almost countless number of passwords, credit card numbers, highly sensitive documents, and more sent to me via unencrypted email. Almost on a daily basis.
No matter how hard I try, people just won't use encryption. I managed to convince everyone in the office to use S/MIME, but this lasted about a week before people decided it was too much work.
It's not like they don't understand the risks so much as there doesn't seem to be any 'easy' turnkey systems out there that are cheap or free. S/MIME is included in all major email clients, but it's a pain in the arse to setup - I ended up having to do it for everyone myself.
Personally I think email clients should automatically (without user intervention) generate an s/mime key and sign all outgoing mail, and encrypt all outgoing mail where a signature is known. This way you'd end up encrypting all email without even realizing it. (Of course you'd still require user intervention to copy private keys between your different computers......)
This is a story I've seen plenty of times on projects I've worked on personally.
90% of the time the problem is a client that won't cooperate with developers, don't understand their own requirements, have a constantly moving target, and are difficult to deal with.
I've gotten pretty good at figuring out these clients before we start, and usually just decline the project if I think it's going to be too painful - but you can't pick them all.
Of course this doesn't mean that's what happened in this case, but I'd wager it was a significant factor.
> So where is everybody?
The universe is massive, both in space and *time*.
Earth is around 4.5 billion years old, the universe almost 14 billion years.
Human civilization has existed for a few tens of thousands, if that. We've had radio technology for around 100 years, and who knows how long until we move on to something else?
It's entirely possible that tens of millions of advanced civilizations have risen and fallen throughout our galaxy alone, but the chances that they were also broadcasting on radio at exactly the right time to hit earth from one of the few star systems SETI has actually looked at, with enough strength for us to be able to detect it... seems pretty small.
True - but I can do that now through dozens of different music stores available in my country without VPN hacks and fake billing addresses.
The selling point for Google Music is the 'Cloud Storage' - I can redownload whenever I like, and access on any device. Without that feature, I might as well just stick with existing stores.
Proxies and VPNs are a pain in the arse to use, and I certainly don't want to be buying music only to lose access to it because Google closes the loophole. (It's like a game of whackamole sometimes, as many services will block known proxies and VPNs to stop this happening).
I presume once it's out of Beta they'll work at bringing it to other countries, so here's hoping it eventually makes it to Australia.
*Sigh*. Yet another fantastic music service not available in my country.
I had to do this a while back with a stack of old drives. I ended up just smashing the circuit board and breaking off the connector pins.
This of course will only stop a casual attacker. I'm not so concerned about the government recovering the platters and accessing my tax documents, mostly because they already have a copy.
By now I suspect they are buried in a tip somewhere, ready to be dug up in 2000 years by an archaeologist trying to infer information about the period in history where everything was lost in the terrorist EMP attack of 2150.
Not really. An open facebook invite could show up in anybodies feed, and most people take "Open Invitation" to mean "I can go if I want".
A lot of people actually organize open parties like this intentionally, and so a lot of people assume an open invitation is designed to handle larger numbers of people.
It's no different from slapping "Open Party" banners on signposts and having 5,000 people turn up - I'm pretty sure the police would hold you responsible for the turnout and any resulting carnage.
As such, why not make the host responsible for posting an open party invite? A few hefty fines for likely convince people to make events private unless they really mean it.
Facebook should also do more to encourage private events... but that's another story.
I'm running it on Linux. Default VM Heap size was set to 96, just upped it to 128 and it didn't make any difference.
Can you clarify which setting you've changed to improve performance?
Emulator Performance is the big problem. I've tried to develop a HoneyComb app, but the emulator is so slow it's absolutely unusable. Until that's fixed, developers are far less likely to flock to the new version.
He gained access to photos from a womans Facebook account, and published them on the Internet. This woman then made a complaint to the police, which they followed up. No charges have been filed.
Nothing to see here people. This isn't a big conspiracy. Facebook themselves didn't send the goon squad. Simply the police following up a complaint by another citizen.
rsync based solutions are a dime a dozen, however they don't really replace a full Dropbox implementation.
One of the key features of Dropbox is versioning (the ability to restore deleted files, and roll back files to previous iterations). There are very few solutions out there that do this at all, yet alone as well as dropbox does
It was definitely Spideroak.
They didn't reset the password, they reset the account. (Essentially they deleted the account and allowed me to sign back up again under the same email address).
Naturally none of the data was been recoverable, however they happily deleted the account without verifying I was the owner.
Give Wuala a go. It supports client side encryption, and is much more polished then Spideroak.
SpiderOak has some serious security issues of its own.
1. The desktop client allows you to change the password without entering the old one. This means that if somebody steals your laptop, they can lock you out of your own account. Permanently.
2. I forgot my password on an account, and emailed support requesting an account reset. They happily complied without verifying in any way, shape, or form that I was the owner of the account. I didn't even send this request from the same email account that was attached to the account.
Major issues like this make me think their understanding of security is not as rock solid a they think it is, and makes me question how good their encryption is.
The desktop software is also woefully bad to the point of being unusable, their service is slow (at least from Australia), and their "Sync" support doesn't work particularly well.
Sure, but absolutely any software on (a windows) machine could be a keylogger by that logic.
Microsoft don't generally have a habit of being a Patent troll, so are unlikely to be overly concerned if some of their patents are invalidated. Just like IBM, they would generally only hold patents only as a defensive measure against being sued themselves. It's "Mutually Assured Destruction" applied to patents.
Wait, what? The hivemind has started hating Ubuntu now? Damnit, why didn't anybody tell me, I need somebody to tell me how to think.
Can somebody explain to me what Canonical has done wrong? (Other than, you know, being profitable while creating a great distro).
What the fuck? I've just checked them out and am flabergasted. You're probably right about the subsidy thing; the shipping alone would be more expensive than many of the items they sell.
We may laugh, but when I first graduated in 2003 there was a plethora of job advertisements in my area asking for 5 or more years experience with .NET
Perhaps the existing antivirus companies can stop making bloatware and start making an antivirus that actually works. Just like Microsoft has done.
Australia has unlimited plans, and plans with over a TB of quota per month these days.
Can't speak for NZ however.