What webmail service do you recommend if you run your own machine? My hosting company provides horde, roundcube, and squirrelmail - all 3 are mediocre, especially on a mobile client. Any suggestions?
I used to triple-boot Windows, Linux, OS X. I put my email on an NTFS partition that all 3 OSs could read, and Thunderbird could work flawlessly across all 3 platforms. It was great.
I just moved 2 people to it. 1 from MS Outlook, and the other from Apple Mail. They both want private email on their own domains, but those domains don't offer the greatest webmail apps. They don't want to forward their email through Google to use their webmail. Microsoft Outlook is becoming too hard for me to support. The other moved to Windows. So Thunderbird + IMAP it is! One even paid a monthly fee to increase their web site storage capacity so they can keep all their mail on the IMAP server. And if the second client moves back to a Mac, I can just copy Thunderbird onto there. Thunderbird added a calendar package, so it has becomin more capable as an Outlook replacement.
The important question is why the data was stored on VTech's servers in the first place.
THIS ^^^^^^^^ THIS
This corporate culture of "store everything" needs to go away. At least in the past, we had storage limitations that made this infeasible. But dammit, as a software engineer, if the system requirements tell me to store something that would be bad if it was released, then I'm not storing it unless there is a damned good reason AND it is well encrypted.
My kids have some vtech stuff. I downloaded their app that lets the toy know the child's name, birthday, and favorite food. But that's it. It never occurred to me that they would have any reason to store that information. Let alone storing photos and chat logs from devices that have that capability.
WTF!!!!! I am anxious to hear about this. This is why I used to use a personal firewall years ago. Everything phones home. But now they are impractical.
Which part of this policy did they violate or otherwise fail to implement, and how?
Good question. I guess we will found out as the case unfolds.
The second bullet point is interesting. It means that truly anonymous sites can't meet the safe harbor provision. But my guess is that #3 is their complaint. Cox is saying the copyright holders are spamming them with DMCA requests, so it seems like Cox could be considered to be not responding. This is part of the problem with the DMCA. I wonder what "actual knowledge" means since many of these requests are completely automated.
Read TFA closer. They do have a repeat offender policy.
I never said they didn't.
(I'm glad it got someone to read the article. teehee!)
The article shows Cox's stance, which is that they have a repeat offender a policy. The judge, for reasons we don't know yet, thinks that their policy is inconsistent. For all we know, Cox has no actual policy, and merely drafted up something right now on the fly, then used previous cases of banning users to support the claim that they had a policy all along. Cox claims that their policy it is not inconsistent, it is discretionary. Is their policy sufficient to meet the criteria for a repeat offender policy as described in the DMCA? *shrugs* We don't know. The judge will decide that. DMCA itself isn't super clear on the topic, which is why I looked it up and linked to the EFF's opinion on those policies.
IMHO, Cox is right. Those copyright trolls send a gzillion notices with little to no supporting evidence. Neither the ISPs, nor the individuals, should be obligated to respond to them. The trolls should have their errant and unsupported DMCA claims discarded, and they should be held liable for damages. Hopefully that is what will happen here. Even if Cox's repeat offender policy was not sufficient, it does not make the DMCA claims valid. But if Cox didn't follow the DMCA rules than it puts a wrinkle in things and makes this a bad case and increases the chance for the trolls to succeed. This is a lesson to other ISPs: Get your repeat offender policy in alignment with the law, or fear losing your safe harbor status. That would be a huge ball of suck.
My post was not a criticism or a defense of Cox. It was to point out that there is a lot more nuance than the overzealous Slashdot summary would have us believe. The summary implies that the judge threw-out safe harbor for arbitrary reasons. The article indicates otherwise.
The DMCA gives Safe Harbor to ISPs who implement the rules. If Cox never implemented the "repeat offender" policy then they are no longer entitled to the safe harbor provisions. Since the trial has not yet begun, it remains to be seen if they actually did so. We also don't know anything about the DMCA filings that Cox received.
Short passwords are easier to remember than longer passwords,
Are you sure? Short complex password, or long dictionary passphrase? Until someone points to a study on the topic this will remain a matter of opinion. But I suspect that people find short passwords hard to remember because of the arbitrary and inconsistent rules on character case, symbols, numbers, and length. If it was just a matter of comparing biscuit' to 'I ate biscuits for dinner last Tuesday" then shorter would be better. But when it becomes 'B1scu!t' the scales tip toward the passphrase. More evidence of this is that people take passphrases, and create rules for turning them into short passwords. Ex: 'I ate biscuits for dinner last Tuesday' becomes 'i8bfdlT'
if it is done correctly on your phone, they don't get your phone number
Oh, you are referring to using OTP algorithms. I find most online services don't support that: They just want your cell number and they text you something.
As for the rest of your post: I agree.
Side question: Could you help me understand something that happens with online discussions? I find that people seem to reply to posts, and restate something that I said, but in a way that implies I disagreed with it. Is a debate technique to try and discredit someone? For example, you posted "two-factor capability makes it more secure, not less." That statement implies that I said two-factor capability is less secure. I did not say that, I said short passwords are less secure. I even pointed out, albeit indirectly, that two-factor is more secure when I said "I *might* reconsider for my bank." Another example is your statement that the other factor could be a a phone or a token. Was there something in my post that implied I didn't know that? I specifically mentioned both phone and keyfob. I'm just trying to understand since this seems to happen a lot.
Dangit! I lost my mod points because I commented. I have wanted this for years. I hate signing-up for electronic delivery of anything important (tax forms, bank statements, credit card statements) because I fear something technical will go wrong, or I'll get massive spam. Those problems are largely eliminated with postal mail. The government backs it, so it is reliable enough to be used for legal purposes. And it has a cost so the volume of spam is limited.
Wow, that sounds like the exact opposite of what I want.
1. Short passwords = harder to remember and less secure. 2. Two factor authentication means I have to give my cell phone number to everyone and have it on hand, or I have to carry 500 keyfobs. I can't login quickly because I have to wait for a text, and if I lose my phone I can't login to anything. I personally choose never to use 2-factor authentication, and instead have good passwords. I *might* reconsider for my bank.
Good point. Perhaps the OP meant "login by email address." Although if you have a display name, and can login by email, then the username can just be a hidden guid.
1) In general, criticizing a citation is only valid if you can provide a better citation. In this case, a newer article would qualify. 2) People still use 7-year-old electronics. 3) Newer articles seem to indicate this is still a problem. Ex: PS4: 10 watts XBOX One: 13 watts (Source: http://arstechnica.com/gaming/...) "Is standby growing or shrinking? It's probably growing." (Source: http://standby.lbl.gov/faq.htm...) Displays: 12 watts (Source: http://www.energysavingsecrets...)
Hmmm... then I reword my question: "I'm curious to know why a senior programmer was writing code to concatenate strings of SQL." Fortunately, you answered it already when you said "It's a natural way for someone who doesn't realize the risks to do it." That is probably the most common reason for SQL injection vulnerabilities. But that statement concerns me. I expect someone labeled "senior engineer" would already know about these risks. Exceptions might be someone with a very narrow but deep focus like an embedded C programmer, or a PHD with little real experience. Am I off-base in my expectation that senior engineers would know this? I work in a place that has a mix of embedded engineers and higher-level programmers, so I am tempted to take a survey.
Another area that I think many "senior" engineers don't know is security. Lots of them find an encryption library and call Encrypt(data, key="12345" + "abcde") and think they are secure because they used 256-bit encryption and obfuscated the key.
I'm curious to know why a senior programmer was writing code to handle apostrophes in the first place when that is probably built-in to whatever library you use. I'm legitimately interested, if you wouldn't mind following-up with a reply at some point. The answer is probably to the heart of why SQL injection continues to be an issue.
What prevents these rulings from happening is usually standing. That is, the plaintiff must have evidence that the NSA was surveilling them in order for the case to go to court at all. In this case, Snowden's documents specifically showed that Verizon customers were being monitored. The original plaintiff added J. J. Little to the case for the specific reason. But it did them little good because the ruling can then only apply to Verizon customers.
I wonder if they could then make this a class action by enjoining all Verizon customers into the suit.
I thought of that two, but I don't know what is in those Facebook APIs. Can you actually do this? Who do they give access to it? How would they tie that to a social security number?
THIS IS A REALLY IMPORTANT QUESTION! How can the article not address this?
Do they pay Facebook for unlimited access or something?
I can think of a few ways:
First, if you install any Facebook games/apps, they mine your data. I believe that is the entire purpose of them. You would have to read the individual EULAs to see what they gather. This seems like the easiest way because they can get everything.
According to this article from 2012 "Facebook is Using You" they do give out aggregate data, which can affect your credit score.
Your application for credit could be declined not on the basis of your own finances or credit history, but on the basis of aggregate data — what other people whose likes and dislikes are similar to yours have done. If guitar players or divorcing couples are more likely to renege on their credit-card bills, then the fact that you’ve looked at guitar ads or sent an e-mail to a divorce lawyer might cause a data aggregator to classify you as less credit-worthy. When an Atlanta man returned from his honeymoon, he found that his credit limit had been lowered to $3,800 from $10,800. The switch was not based on anything he had done but on aggregate data. A letter from the company told him, “Other customers who have used their card at establishments where you recently shopped have a poor repayment history with American Express.”
Slashdot Mirror
What webmail service do you recommend if you run your own machine? My hosting company provides horde, roundcube, and squirrelmail - all 3 are mediocre, especially on a mobile client. Any suggestions?
I used to triple-boot Windows, Linux, OS X. I put my email on an NTFS partition that all 3 OSs could read, and Thunderbird could work flawlessly across all 3 platforms. It was great.
There are others of us!
I just moved 2 people to it. 1 from MS Outlook, and the other from Apple Mail. They both want private email on their own domains, but those domains don't offer the greatest webmail apps. They don't want to forward their email through Google to use their webmail. Microsoft Outlook is becoming too hard for me to support. The other moved to Windows. So Thunderbird + IMAP it is! One even paid a monthly fee to increase their web site storage capacity so they can keep all their mail on the IMAP server. And if the second client moves back to a Mac, I can just copy Thunderbird onto there. Thunderbird added a calendar package, so it has becomin more capable as an Outlook replacement.
The important question is why the data was stored on VTech's servers in the first place.
THIS ^^^^^^^^ THIS
This corporate culture of "store everything" needs to go away. At least in the past, we had storage limitations that made this infeasible. But dammit, as a software engineer, if the system requirements tell me to store something that would be bad if it was released, then I'm not storing it unless there is a damned good reason AND it is well encrypted.
My kids have some vtech stuff. I downloaded their app that lets the toy know the child's name, birthday, and favorite food. But that's it. It never occurred to me that they would have any reason to store that information. Let alone storing photos and chat logs from devices that have that capability.
WTF!!!!! I am anxious to hear about this. This is why I used to use a personal firewall years ago. Everything phones home. But now they are impractical.
Would diamond/carbon nanofibers be sufficient for a mars or lunar space elevator?
Which part of this policy did they violate or otherwise fail to implement, and how?
Good question. I guess we will found out as the case unfolds.
The second bullet point is interesting. It means that truly anonymous sites can't meet the safe harbor provision. But my guess is that #3 is their complaint. Cox is saying the copyright holders are spamming them with DMCA requests, so it seems like Cox could be considered to be not responding. This is part of the problem with the DMCA. I wonder what "actual knowledge" means since many of these requests are completely automated.
Read TFA closer. They do have a repeat offender policy.
I never said they didn't.
(I'm glad it got someone to read the article. teehee!)
The article shows Cox's stance, which is that they have a repeat offender a policy. The judge, for reasons we don't know yet, thinks that their policy is inconsistent. For all we know, Cox has no actual policy, and merely drafted up something right now on the fly, then used previous cases of banning users to support the claim that they had a policy all along. Cox claims that their policy it is not inconsistent, it is discretionary. Is their policy sufficient to meet the criteria for a repeat offender policy as described in the DMCA? *shrugs* We don't know. The judge will decide that. DMCA itself isn't super clear on the topic, which is why I looked it up and linked to the EFF's opinion on those policies.
IMHO, Cox is right. Those copyright trolls send a gzillion notices with little to no supporting evidence. Neither the ISPs, nor the individuals, should be obligated to respond to them. The trolls should have their errant and unsupported DMCA claims discarded, and they should be held liable for damages. Hopefully that is what will happen here. Even if Cox's repeat offender policy was not sufficient, it does not make the DMCA claims valid. But if Cox didn't follow the DMCA rules than it puts a wrinkle in things and makes this a bad case and increases the chance for the trolls to succeed. This is a lesson to other ISPs: Get your repeat offender policy in alignment with the law, or fear losing your safe harbor status. That would be a huge ball of suck.
My post was not a criticism or a defense of Cox. It was to point out that there is a lot more nuance than the overzealous Slashdot summary would have us believe. The summary implies that the judge threw-out safe harbor for arbitrary reasons. The article indicates otherwise.
The DMCA gives Safe Harbor to ISPs who implement the rules. If Cox never implemented the "repeat offender" policy then they are no longer entitled to the safe harbor provisions. Since the trial has not yet begun, it remains to be seen if they actually did so. We also don't know anything about the DMCA filings that Cox received.
The EFF has an article on what the DMCA repeat infringer policy means.
I thought the same. Perhaps they aren't counting that because White Knight was essentially the booster rocket, which never made it to the 100km mark.
I have questions!
Registration is mandatory prior to operation of a UAS in the NAS not at point of sale.
UAS = Unmanned Aircraft Systems AKA "RC aircraft"
NAS = ???
Persons must be 13 years of age to register.
I don't think you have to be 13 years or older to purchase or operate one, so this seems like a loophole.
Short passwords are easier to remember than longer passwords,
Are you sure?
Short complex password, or long dictionary passphrase?
Until someone points to a study on the topic this will remain a matter of opinion. But I suspect that people find short passwords hard to remember because of the arbitrary and inconsistent rules on character case, symbols, numbers, and length. If it was just a matter of comparing biscuit' to 'I ate biscuits for dinner last Tuesday" then shorter would be better. But when it becomes 'B1scu!t' the scales tip toward the passphrase. More evidence of this is that people take passphrases, and create rules for turning them into short passwords. Ex: 'I ate biscuits for dinner last Tuesday' becomes 'i8bfdlT'
if it is done correctly on your phone, they don't get your phone number
Oh, you are referring to using OTP algorithms. I find most online services don't support that: They just want your cell number and they text you something.
As for the rest of your post: I agree.
Side question: Could you help me understand something that happens with online discussions? I find that people seem to reply to posts, and restate something that I said, but in a way that implies I disagreed with it. Is a debate technique to try and discredit someone? For example, you posted "two-factor capability makes it more secure, not less." That statement implies that I said two-factor capability is less secure. I did not say that, I said short passwords are less secure. I even pointed out, albeit indirectly, that two-factor is more secure when I said "I *might* reconsider for my bank." Another example is your statement that the other factor could be a a phone or a token. Was there something in my post that implied I didn't know that? I specifically mentioned both phone and keyfob. I'm just trying to understand since this seems to happen a lot.
Dangit! I lost my mod points because I commented. I have wanted this for years. I hate signing-up for electronic delivery of anything important (tax forms, bank statements, credit card statements) because I fear something technical will go wrong, or I'll get massive spam. Those problems are largely eliminated with postal mail. The government backs it, so it is reliable enough to be used for legal purposes. And it has a cost so the volume of spam is limited.
Wow, that sounds like the exact opposite of what I want.
1. Short passwords = harder to remember and less secure.
2. Two factor authentication means I have to give my cell phone number to everyone and have it on hand, or I have to carry 500 keyfobs. I can't login quickly because I have to wait for a text, and if I lose my phone I can't login to anything. I personally choose never to use 2-factor authentication, and instead have good passwords. I *might* reconsider for my bank.
Good point. Perhaps the OP meant "login by email address." Although if you have a display name, and can login by email, then the username can just be a hidden guid.
1) In general, criticizing a citation is only valid if you can provide a better citation. In this case, a newer article would qualify.
2) People still use 7-year-old electronics.
3) Newer articles seem to indicate this is still a problem. Ex:
PS4: 10 watts
XBOX One: 13 watts
(Source: http://arstechnica.com/gaming/...)
"Is standby growing or shrinking? It's probably growing."
(Source: http://standby.lbl.gov/faq.htm...)
Displays: 12 watts
(Source: http://www.energysavingsecrets...)
Hmmm... then I reword my question: "I'm curious to know why a senior programmer was writing code to concatenate strings of SQL." Fortunately, you answered it already when you said "It's a natural way for someone who doesn't realize the risks to do it." That is probably the most common reason for SQL injection vulnerabilities. But that statement concerns me. I expect someone labeled "senior engineer" would already know about these risks. Exceptions might be someone with a very narrow but deep focus like an embedded C programmer, or a PHD with little real experience. Am I off-base in my expectation that senior engineers would know this? I work in a place that has a mix of embedded engineers and higher-level programmers, so I am tempted to take a survey.
Another area that I think many "senior" engineers don't know is security. Lots of them find an encryption library and call Encrypt(data, key="12345" + "abcde") and think they are secure because they used 256-bit encryption and obfuscated the key.
I'm curious to know why a senior programmer was writing code to handle apostrophes in the first place when that is probably built-in to whatever library you use. I'm legitimately interested, if you wouldn't mind following-up with a reply at some point. The answer is probably to the heart of why SQL injection continues to be an issue.
I recommend you read "The Diamond Age" by Neal Stephenson.
http://news.slashdot.org/story...
I've been hearing that legend for decades. Is there any actual evidence of this other than paranoia?
Just guessing:
Why bother to guess, when the answer is in the article, and someone already posted the correct answer?
What prevents these rulings from happening is usually standing. That is, the plaintiff must have evidence that the NSA was surveilling them in order for the case to go to court at all. In this case, Snowden's documents specifically showed that Verizon customers were being monitored. The original plaintiff added J. J. Little to the case for the specific reason. But it did them little good because the ruling can then only apply to Verizon customers.
I wonder if they could then make this a class action by enjoining all Verizon customers into the suit.
Agreed. Even simpler: "Plastic toxic to some fish"
I thought of that two, but I don't know what is in those Facebook APIs. Can you actually do this? Who do they give access to it? How would they tie that to a social security number?
THIS IS A REALLY IMPORTANT QUESTION! How can the article not address this?
Do they pay Facebook for unlimited access or something?
I can think of a few ways:
First, if you install any Facebook games/apps, they mine your data. I believe that is the entire purpose of them. You would have to read the individual EULAs to see what they gather. This seems like the easiest way because they can get everything.
According to this article from 2012 "Facebook is Using You" they do give out aggregate data, which can affect your credit score.
Your application for credit could be declined not on the basis of your own finances or credit history, but on the basis of aggregate data — what other people whose likes and dislikes are similar to yours have done. If guitar players or divorcing couples are more likely to renege on their credit-card bills, then the fact that you’ve looked at guitar ads or sent an e-mail to a divorce lawyer might cause a data aggregator to classify you as less credit-worthy. When an Atlanta man returned from his honeymoon, he found that his credit limit had been lowered to $3,800 from $10,800. The switch was not based on anything he had done but on aggregate data. A letter from the company told him, “Other customers who have used their card at establishments where you recently shopped have a poor repayment history with American Express.”