My computer hard drive is pretty messy, i have to admit!

Just how messy is it? Can you beat this?

Couldn't they just have two profile settings, country and currency?

I was wondering about that as well. Might be they just couldn't add that feature to their system at such short notice. Alternatively it might be they are worried about the legal ramifications of such a change.

Couldn't they have offered to pay the developers in a different currency?

Turns out they are sort of doing that. You just have to change which country the account is registered in.

If the problem is caused by Google not being able to buy the correct kind of currency, couldn't they have offered to pay the developers in a different currency?

false positives

That is so true. It takes less than one minute to write a scanner, which never produces a false negative. But of course in that case it would produce false positives all the time.

How is that a fact?

The comment I was replying to, was implying it was a fact. Others have implied that as well, and I haven't seen anybody deny it. If you think they are wrong, you are welcome to present your argument, then I'll watch from the sideline until I know which side to believe.

How would one readily tell whether a transaction has come from, say, a Silk Road wallet?

Silk Road run a mixing service? I have only seen it presented as a market place for trading goods using bitcoins.

Unless they refuse to honor any bitcoins that have passed through a money-laundering service recently

The fact that they can even tell the difference makes bitcoin less anonymous than physical money. Maybe the anonymity wasn't the selling point for bitcoin, maybe it rather was that they can be used without any regulation. Bitcoins can be used without regulation, but what you trade with bitcoins can still be regulated. That holds regardless if that something is goods or real currency. (The large focus on being able to exchange between bitcoin and real currency is a symptom telling us, that bitcoin is not yet a real currency. With a real currency you can have your income in that currency, and you don't worry about exchanging because you can also pay your expenses with that currency.)

I see a problem with the police banning anything in the first place. That decision should be made by democratically elected lawmakers, not the police.

Didn't Token ring evolve into a star topology just like Ethernet did? If things had turned out differently, and we had all been using Token ring today, the only notable difference might very well have been the name. How many people actually remember, what Ethernet looked like back when the technology had any resemblance with the name?

There are many problems with searches for missing people using facebook. The most important problem is the lack of a trustworthy source. I would never take part in such a search, if the source is a person, I don't know. If you want me to take it serious, then link to the police' official page on the search. If the police doesn't want to put up such a page, then don't expect my participation.

Harm can be done by spreading such a search on facebook, if it isn't legitimate.

1. The person may already have been found, in which case you are just spamming. And you are decreasing the value of what could otherwise have been a useful communication channel.
2. The person may never have been missing in the first place, and the entire search is nothing but harassment.
3. The person may be hiding from abusive relatives, and you may inadvertently lead those abusive relatives directly to the victim.

Most importantly, we may finally get a break from the forced permanence of the Facebook and Google world, where everything you do and share is a data point to be monetized and re-sold to the highest bidder.

I would be much more willing to trust Google with my data than any new company showing up. Regardless of what the Internets are claiming, Google does not sell users' data.

Google earned my trust through their actual actions. If a new company want to earn my trust, they have to do the same. It is not hard to create a system, that I would rather trust with my data, than any of Google's systems. All it requires is a system, where it is technically impossible for the company behind to snoop my data. And the system has to be open enough, that those security properties can be independently verified by any third party, who wishes to do so.

It would be great to be able to swap out a dead drive without have to wait for a person to be available to do the same job.

I wouldn't trust a robot to do that job. On one occasion I have had to send a person to repair a drive, that was broken by a robot. A tape robot had literally ripped the front off a tape drive. Not only did that leave us with a broken drive, the piece was now stuck in the robots hand, and it wasn't able to get it out of its hand. So the robot gave up and drove up to the service area, waiting for a human to come and repair it.

This is not even the most spectacular robot problem I have experienced. Four years of dealing with real robots in data centers have made me realize, what a long way to go we have before robots can take over jobs we let humans do today.

That's all nice and everything, but the real issue here is that people expect to receive preferential treatment by calling themselves "reporters".

I have never implied the press should receive special treatment. Anybody who finds a security problem should be free to publish it as they see fit (unless they have entered an agreement about confidentiality, before they found the problem). Of course the right thing to do is to tell the responsible people about it in private, such that they have a chance of fixing the issue before you go public. But that is a matter of ethical conduct, and should not be part of the law.

Companies who want time to fix issues before they become public should give something in return to those who find the problems.

The law of course should impose some limits on how you can legally abuse a security hole. Finding an SQL injection and dropping all tables from the database should not be legal. But perhaps finding an SQL injection and shutting down the database server before somebody else starts dropping tables should be legal. Using an SQL injection to have the database add up two numbers (just so you can verify that there is truly an SQL injection) should definitely be legal.

there needs to be an outside agency or association which rewards those who expose these security holes and maybe even funds the court case against those targeting the messenger.

The law should be modified to ensure the following three properties:

• It should be illegal to deploy a system, which stores personal data in an insecure way. But as long as security holes are only left open accidentally, and are patched when pointed out, violations should only be punishable by fine.
• It should be legal for an outsider to take the necessary steps in order to verify the existence of a security problem in the system, as long as such action cannot be expected to damage data in the system.
• Any attempt by the owner of the system to persuade the finder of a security problem to keep it secret should be illegal. Such action should be punishable, plus the finder should receive compencation.

All of this is only applicable when the security problem is found by an outsider. It is reasonable to apply different rules when the security hole is found by an insider. If the security problem is found by an insider, it is acceptable if the company try to keep the problem secret indefinitely. But it is still not acceptable to leave the vulnerability unpatched.

But the reporter can't be anonymous and trustworthy.

Sometimes the evidence itself is more important than the source. In the particular case, it sounds like the evidence was strong enough that it wouldn't matter which source it came from.

But the trend with threats and lawsuits against those, who discover security holes, must stop. That trend is a major threat against data security across the entire IT industry.

People will keep finding security holes. Sometimes you just stumple upon them, without even looking. What are you going to do, once you have found a security hole? Report it and try to get it fixed? Ignore it? Abuse it? If those who do the right thing are going to be the target of threats and lawsuits, that certainly removes incentive to do the right thing. So fewer people will report security holes. And some of those who would have reported it, might instead decide to abuse it.

If we ever get to the point where doing the right thing is more likely to get you into a lawsuit than abusing the security hole for personal gain is, then the industry is in big trouble.

Luckily a few companies are taking steps in the opposite direction and are offering cash rewards to those who find security holes. At some point users will have to start taking that into account when deciding what software to trust. But it is a very real problem, when the systems you don't trust are those used by any branch of government. You can't just go somewhere else. And the lack of competition has lead to situations where security concerns are just ignored.