Yes.

I'm not a Christian. I have no religious beliefs. And yet I feel like "atheists" are often trying to claim to speak for me, and tell me what I think about things. Well fuck off, with your atheism. I'm perfectly happy to have absolutely zero affiliation with any religious alignment, not even the null alignment.

I would say that where I am (NYC), I meet people of various different mindsets on the issue of religion. Definitely a lot of people who are somehow not-religious, whether they identify as atheist or or agnostic or non-practicing Christian/Jew/whatever. I wouldn't actually call myself any of those, because I think identifying as an "atheist" requires that you first acknowledge gods as real things that you believe in or don't, and then claims, "I don't believe in any of them".

It's like think of all the things where you wouldn't call yourself an "a[oogabooga]ist", replacing "oogabooga" with various things. Are you an awizardist? An ahobbitist? An adragonist? An ajediist? An aspidermanist? Or do those titles sound silly in the backdrop of knowing that all of those things are simply stories-- and perhaps good stories. If anything, I might be a pro-spiderman-ist, since I like the character, but I wouldn't claim to "believe in him".

But when I say this, a lot of people want to say, "No, that means you're an atheist." They want me to belong to their club, so they can count me among the faithful followers of their little belief system. But I'm not part of that club. I have no desire to be.

But here's part of my point: Do all Buddhists agree that their atheists? Do atheists all agree that Buddhists are atheists? Or are we going by your definition of atheism that lots of other people wouldn't agree with? Because I've definitely met people, online and in life, who would argue that Buddhists aren't "real atheists" because they believe in some kind of mystical mumbo jumbo, and atheists know that only science is real!

That's not my argument, mind you. I've just heard that kind of thing before.

I think part of what you're pointing out is that atheism is not a belief system, and so people shouldn't expect atheists to all think the same way or believe the same things.

However, it's a nice little piece of irony that, since people who claim to be "atheists" can believe different things, they can also disagree on what it means to be an atheist. I've talked to quite a few people who identify themselves as atheists, for whom it does seem to be a belief system. For them, being an atheist includes a deep respect for science, a belief in empiricism, a responsibility to proselytize. It's not uncommon for there to be a rejection of morality outside of utilitarianism. There's usually a general belief that there's nothing to this world beyond physics, the math behind the physics, and the application of physics to build up the physical world around us. There's often an associated desire to find awe and reverence in science and physics, and to treat that as a sort of pseudo-spirituality, while talking about how stupid religion is.

I find whenever you start talking about atheism, you actually end up with a fair amount of disagreement from all sides about what atheism actually is. You're confidently saying one thing, and someone else will say something else with just as much confidence. It's pretty much impossible to have a meaningful conversation unless we can agree on our terms somehow.

And then you're pretty much screwed right there, regardless.

I wouldn't bet on that. Apple should be passing credentials over SSL. However, given that the username is the same as your email address, it's not impossible for people to find that out.

Well.... no. They allowed an indefinite number of guesses, or an unlimited number of guesses, but not an infinite number of guesses. It may seem like I'm just being picky with word choice, but it they allowed an infinite number of guesses (somehow) then all of their accounts would be compromised. By allowing an unlimited number of guesses, they only open the door for a given account to be compromised after some kind of investment of time. The investment of time required depends on the quality of the password.

So if your password is extremely weak, then it might possibly get compromised by a general attack-- trying known user accounts with a small dictionary of passwords. If your password is pretty weak, then it might be compromised by a targeted attack on your specific account. If your password is extremely strong, then a brute force attack is unfeasible.

I hadn't heard this exactly, but Apple's public statement did include a mention of security questions. Their statement was pretty vague. They say that there was "a very targeted attack on user names, passwords and security questions".

Still, that's not really an exploit of iCloud's service. If they chose security questions that someone could find the answer to, I wouldn't consider that an iCloud exploit. I do think that the use of security questions should be reevaluated, but they're a pretty standard practice these days. Even if someone forces a reset of your password, under normal circumstances you should notice that the password has changed the next time you log in.

Part of the problem is that these things are being reported badly by the press. A study shows some minor correlation between coffee drinkers and... let's say... people who suffer from heart disease. The news the next day is, "Coffee causes heart attacks".

Another part of the problem is, for a while, we apparently didn't even bother to study things scientifically. Research would show a correlation between being overweight and heart disease, and that was pretty valid. But then the assumption was made: If you want less fat on your body, you should have less fat in your diet. Since you have to eat something, replace meat with bread. Since you want food to taste good, replace fat with sugar. Or replace fat with vegetable products, because vegetables are healthier than meat, right?

Except that we hadn't really studied that stuff. It turns out, the bread and sugar and transfats are probably worse than having some level of meat and fat in your diet.

Finally, the fact is that we have a hard time studying diet. It's rare that you see anything resembling a controlled study, and you certainly don't see controlled studies going over long periods of time. We can't just gather up a couple thousand random people and give them a highly controlled diet for 20 years to see how their bodies respond.

I don't think it was even that simple. I didn't read the article in detail because it seemed dumb, but the author seemed to be talking about spoofing a trusted destination for WiFi iPhone backups.

So if you set up your iPhone to sync over WiFi, and if you connect to a compromised WiFi network, and *if* that network has a machine that manages to spoof the computer that you sync your iPhone to, the iPhone will sync to that computer instead, which might sync sensitive information.

That's a very special set of conditions, and it's not clear how you would spoof the computer that's serving as a sync destination.

First, I don't think that it's known that the accounts were compromised with iBrute. People made the connection because the leak happened shortly after iBrute was announced, but there have been many suggestions that the photos had been acquired months or years before that. That makes it pretty unlikely that the accounts were accessed using iBrute. And Apple seems to deny that the accounts were accessed by exploiting "Find My iPhone".

Second, their comment about "bad passwords" is valid regardless, and would be valid even if the passwords had been accessed through brute force attacks. Brute force attack mitigation is specifically helpful in protecting accounts with weak passwords. If your password is strong enough, a brute force attack should still take a prohibitively long time to succeed.

From what I've been reading, it seems most likely that only some of these photos came from compromised iCloud accounts, and those accounts were probably not compromised due to an exploit of iCloud's service. There was just a news story about 5 million Gmail passwords being leaked, but it doesn't seem that it was from a exploit of Google's services either. Most likely, they were all acquired by phishing, or other non-technical attacks.