You do? What, you have late night heart-to-hearts with Tim, him spilling his hopes and fears, you providing a shoulder to cry on and gentle guidance from your decades of experience in product development and operations?
Just ask John Galt.
Or most slash-dotters who rant about unions.
Link to Original Source
Well, no, not exactly. The Guardian published the password. Wikileaks failed to secure the encrypted payload. They both had to fail for the security breach to have happened. Irresponsibility is shared there, and as best I can tell, Julian is embarrassed and attempting to salvage ego with a dumb "I meant to do that" sort of maneuver.
The Guardian is being a bit silly in complaining now, after the data is already out there - anyone with an interest has already found a torrent.
But really, the whole thing is silly, given that the cables were available very widely to (as I understand it) millions of US folks already. I simply don't believe that documents shared with 7 figures of people, security cleared or no, don't find their way to people who have an interest in such things.
Most of the hot air being puffed about this has to do with what is public-public, instead of private-public. It makes a difference. (To pick a different example: "everybody knows" that many cops in the US arrest routinely people who annoy them on bullshit charges. This is private-public knowledge. Now imagine documents hypothetical leaking about this being policy. That would make it public-public.
End of an era.
I don't know why this particular change feels so big, but it does.
I know you're not dying or anything, but golly.
Thanks for making the joint the kind of joint it has been.
You can't copyright/patent/trademark facts.
In the U.S. You might notice that Trinidad and Tobago (and England, for that matter) happen to not yet be an official vassal of the empire, and is still a sovereign nation that makes its own rules.
It isn't clear from the article what rules and agreements govern here, but it certainly isn't U.S. copyright.
Who the hell cares about corporate winners (modulo folks with stock, or other stakes)?
I care about good tech.
Eat it. It tastes good, if you chew a bit. No, there's a bit on your chin, see, there. No, well, let me help.
Jim, me need a helmet.
I'm sure this is just an episode.
Well, whatever, then. We'll need VB coders until we can't pay the cooling bills on those boxes, so... Can't fix everything.
I'm not writing this from the perspective of an enterprise architect or a protocol designer, I'm talking about risk and incentives wearing the hat of an individual user.
Put all your eggs in one basket with an OpenID provider that *does* take security seriously (Google, Yahoo, etc. can function as OpenID relying parties - and you can also use two factor authentication with Google now), so that basket is extremely well protected, and dodge the issue of giving random sites on the internet a password entirely?
That's easy. I would rather use per-site passwords.
Even if you trust Google's security without qualification, which you shouldn't, as they've been compromised before both internally and externally, there is the problem of interest alignment. Your interests are not the same as Google's.
As for deducing per-site passwords, well, if you can, then I'm doing it wrong, or you have either my master key or broken SHA2. And I don't remember any of them That is what password managers are for.
Final thought- if you've convinced yourself of the wisdom depending on the almighty Google (or Yahoo, or whoever), you might want to watch and see if they happen to upgrade their OpenID system in the next little bit. Just a thought.
How does Dropbox define "valid legal process"?
Well, you'd have to ask Dropbox about their definitions. And I am not a lawyer. But in terms of various things to answer your questions, you might want to read up on National Security Letters, which allow demands for metadata pretty much on nothing more than the FBI thinking they want to see it. (Yeah, I know that's not what the law says, but read up on how NSLs have actually been used.) Of course, metadata in this context doesn't require decrypting the documents - it likely is going to refer to file names, IP addresses and times of connection, etc.. Also of note is the Stored Communications Act. The rules are complex and are being contested in various ways, but among other things documents held in storage for over six months can be grabbed simply on a court order, no warrant or subpoena required. It isn't clear to me if "held in storage" would mean unmodified since uploaded - the rules were written primarily to cover email, which it typically not modified after reciept, other than changes to metadata.