Forgot your password?

Comment: Re:What snapchat claimed to do was a form of DRM (Score 1) 90

by pem (#48121175) Attached to: Snapchat Says Users Were Victimized By Their Use of Third-Party Apps
If a bank were to make a claim that their credit card is perfectly secure, they would be claiming that you can actually use it as you expect, and even if you buy something at a bad merchant, or a merchant that has been hacked, you are protected.

Even though they disclaimed it in the fine print, Snapchat's entire premise was that you could send you pictures to people, and they could only see them once, for a little bit.

The analogy about the cash is off-point -- the entire reason people use credit cards instead of cash is security; same as the reason they use snapchat instead of email.

The difference between the bank and snapchat is this: with the bank, although they didn't promise and you didn't expect perfect security, they will make you whole financially by refund money taken due to fraud, while snapchat is completely the opposite -- they effectively promised better security than they delivered, and none of their users will be made whole.

Comment: Re:What snapchat claimed to do was a form of DRM (Score 2) 90

by pem (#48116439) Attached to: Snapchat Says Users Were Victimized By Their Use of Third-Party Apps

I'm not sure if this has always been the case, or was added later, but for a very long time now, at least the Play Store's description has included:

Yeah but that's like the really fast voice at the end of the drug commercial talking about death.

So nobody should have been under the illusion that it was, in fact, impossible to save these images even if they lived a sheltered life and never imagined the analog loophole.

Snapchat's entire premise when it started out was that things were transient. Everybody told the founders it was a stupid idea, because, well, it's a stupid idea. But the people saying it was a stupid idea were making those statements based on impossibility, that the concept was akin to founding a company that would rent out genies that could give out wishes to people.

Obviously, the founders have the last laugh, because one way to make a lot of money is to rely on a gullible public and ignore the laws of reality. They aren't the first, and won't be the last, to make fortunes based on snake oil.

Comment: Re:What snapchat claimed to do was a form of DRM (Score 1) 90

by pem (#48116401) Attached to: Snapchat Says Users Were Victimized By Their Use of Third-Party Apps

No, it's like a bank telling you that it's not their fault when you make a check out to "cash" and someone other then who you intend cashes it.

I don't think that analogy is right at all; OTOH, I think I can improve mine a bit: it's like the bank telling you to use their credit card for all your transactions because it's safer than any other banks' credit card (never mind cash), but then disclaiming all liability when there is a hack that makes that not true.

Comment: What snapchat claimed to do was a form of DRM (Score 1) 90

by pem (#48115743) Attached to: Snapchat Says Users Were Victimized By Their Use of Third-Party Apps
And we know that can't work. Snapchat's wasn't even any good, anyway.

Snapchat's response was "they captured images by violating the TOS".

That's like a bank telling you it's not their fault if you lost money because the bank robber violated their posted TOS.

Comment: Re:Don't over generalize (Score 1) 717

by pem (#48114717) Attached to: Why the Trolls Will Always Win

I was pointing out the hypocrisy of saying that the trolls win simply because you take some measures to avoid them.

You didn't point that out. You used a poor analogy. Because most people would consider burning a Koran on TV to be trolling itself, rather than a normal, everyday thing that people do until they are themselves trolled.

I didn't start with the extreme IF/THEN logic.

Umm, yes, you did. The trolls are looking to cause a behavior change, so yes, they have "won" if they cause it. You didn't refute that. Instead, you gave a very poor, extreme "Because you are so concerned about getting beheaded by some crazy person that you wouldn't dare burn a silly book." when nobody who is not themselves trolling wants to publicly burn such a book.

The other party in this discussion said if I change my behavior in any way to avoid the trolls it has a chilling effect and the trolls win. that's just bullshit.

It's not bullshit if your original behavior wasn't something that a normal human being would not consider incendiary. It probably is bullshit if your normal behavior is to burn books on TV for the lulz.

Next issue. This is boring.

Yeah, I get it. You've had your say. And so have I.

Comment: Re:Don't over generalize (Score 1) 717

by pem (#48111505) Attached to: Why the Trolls Will Always Win

... and you "do your best to avoid being a target", they've won.

Really? Then burn a Koran on national TV right now...

Oh wait... then the extremist muslims have won. Because you are so concerned about getting beheaded by some crazy person that you wouldn't dare burn a silly book.

Judging from the rest of your comment, you probably didn't mean this, but this makes it look like, from your viewpoint, the only alternative to "doing your best to not be a target" is "doing your best to be a target."

It is all about how you say things and where you say them. Take any dumb position you like and it won't automatically get a response from the trolls.

To some extent you're right. If you're rambling over in the corner and nobody notices you, you're good. But if you have something useful to say and a forum where you can get noticed, you will definitely be noticed by people who don't like what you say, and if they happen to be trolls, they will troll you.

Comment: Re:Makes Sense (Score 1) 225

by pem (#48063231) Attached to: Google Threatened With $100M Lawsuit Over Nude Celebrity Photos

Jesus Christ, did you read what you just wrote?

Why, yes, yes, I did.

Google Search exists to help people find what they're looking for,

There's your problem, right there. Google exists to make money. They do this by doing a good enough job to make most people use them first for search. If you think that google exists to make your job as a website administrator easier, then you've got a huge sense of misplaced entitlement.

and you're saying it's our job to tell Google how to help people find our site?

There seems to be a bit of projection going on here -- you're getting on my case for not reading what I wrote, then turning around and claiming I wrote things that I didn't.

But even though I never wrote that, if it's your job to help your customers find your site, and a lot of your customers are miffed (and complaining, and defecting and/or wasting your time) because they can't find you through google, then (assuming 2+2 still equals 4) yes, of course, it behooves you to spend a bit of time to understand google's crawler well enough to make sure that google dumps your customers on the page you'd like to see them on.

For example, if it were my site, the very first thing I would do is check to make sure that I didn't have a misconfigured robots.txt anywhere in the search path. Then I would figure out what, if anything, google is actually serving from that site (using the site: option in the search), and then I would google (yes, the devil!) for SEO techniques for my exact situation. Finally, if I figured out that google really did have difficulty reconciling two different email web pages for the same domain, then I would probably chalk it up to competence, rather than incompetence -- on a web host, figuring out the primary webmail portal and always directing to that could probably cut down on a lot of phishing attacks -- and then either unify the webmail portals, or put a link from one to the other, or separate the domains, or anything else that was required to prove to google that my second webportal wasn't just a phishing site.

But since you're entitled to google doing all your shit for you even though you're not paying them to babysit your customers, you probably can't be bothered to do any of that stuff.

If people want to find our web mail portal they can come to the website we print on their damn bill, or they can call and ask us how to get to it.

That's a perfectly lovely attitude, and I wish you and your company all the success in life you both deserve.

Comment: Re:Makes Sense (Score 1) 225

by pem (#48056817) Attached to: Google Threatened With $100M Lawsuit Over Nude Celebrity Photos

What if it hadn't been the same company? What if it was a phishing site?

Google's actually pretty darn good about warning about phishing. Which means that the usual warning you get from them is extremely helpful, especially in comparison to the complete lack of warning you would ever get from typing raw URLs into the browser.

All these people who thought they had reached the right destination

Why should google cater to companies that are so technically backward that they can't figure out how to unify their email portals?

If I were one of your company's customers, I would rightfully be blaming you, not google, for your inability to make google understand how I should get to my email.

Comment: Re:Makes Sense (Score 1) 225

by pem (#48056775) Attached to: Google Threatened With $100M Lawsuit Over Nude Celebrity Photos

Maybe but Google is no more at fault for that than the phone companies are for texting while driving.

This is damning with faint praise.

Phone texting is the direct descendant of phone conversations.

Do you realize how much hard technical work went into making cell-tower handoff work seamlessly at highway speeds? Do you think the phone companies did that merely to capture revenue from the conversations the passengers were having?

Comment: Re: That explains a lot (Score 1) 336

by pem (#47959771) Attached to: Apple Locks iPhone 6/6+ NFC To Apple Pay Only

Real bug, hypothetical exploit, of course.

I sincerely doubt the exploit was merely hypothetical, but I know for a fact that that's exactly the sort of thinking that leads to real exploits.

Who cares? It was real, not hypothetical.

"Pics or it didn't happen" is a cute saying that has no bearing on reality. Are you from that generation? Any security expert will tell you that an 18 month unpatched hole like the Apple one is, in fact, a huge deal.

Speaking of pics, it's my understanding that more of those surfaced recently from iCloud.

Never remotely said that

Who never remotely said that? The original post I was responding to was from macs4all -- are you him? His argument was essentially that your data is safer with Apple, ostensibly because of their privacy policy, and that their business model is the perfect one because everybody is tired of being data-mined, so Apple is who you should trust your data with.

That's a bit disingenuous -- if you read more of the articles about the Apple bug, you will find insiders that claim, basically, that it was bound to happen, because of the culture inside Apple.

And a couple of months later, it happened again -- Apple patched 26 bugs, each of which could allow remote code execution, and half of those had been reported to them by google.

Look I don't care whether or not you believe that at some point enough anecdotes stacked end to end amount to data.

But I still think it's stupid to say Apple is incented to do a better job with your data. Google absolutely needs people to be able to trust the internet, and AFAICT, it is in their DNA to take this seriously and to work hard to try to find and report flaws in, e.g. Apple's browser, as well as in their own stuff, because if enough Apple users stop doing stuff online, yes, google will be hurting.

Apple absolutely needs this trust too, in order to have the market keep growing. But they weren't born an internet company, and although they are learning, IMHO, their security is nowhere near as mature as Google's.

My point is a bunch of anecdotes don't make an argument

Which is obviously why you keep focusing on the anecdotes and ignoring, e.g. the study I pointed to, which says, for the typical user using applications from the exact same well-known companies, more data gets leaked on Apple than on google.

Which says it's not just their security model. I would say that Apple is still learning about how to use data properly, Facebook and linkedin are focused on exactly how far they can go, and google has internalized some sort of compromise on data handling that nobody who uses Facebook should bat an eyelash at, and that even a lot of people who hate facebook can accept.

More to the point, google actually tries to apply this consistently as much as possible, which only nets them grief because of their universal privacy policy.

Apple's privacy policy may be "better" than google's in some theoretical fashion, but if more user data is leaked via iOS apps than Android apps, how is that better in the real world for a typical phone user?

Comment: Re: That explains a lot (Score 1) 336

by pem (#47956669) Attached to: Apple Locks iPhone 6/6+ NFC To Apple Pay Only
The blaze was just the first one that came up when I searched on terms I remembered from last winter.

You can easily google for it on lots of other sites, but you knew that right? We may never know if it was exploited, but it was certainly extremely easy to exploit, so it doesn't fall anywhere near the realm of a "hypothetical" bug.

As far as google serving up ads with malware, (a) that didn't go on for 18 months, and (b) while I don't condone javascript in ads (or ever have this enabled), this is actually, generally, a lot safer than it used to be. This particular malware, which made the news precisely because it is rare for google to serve malware, requires either an ancient flash install or an unpatched XP/IE installation, in order to infect a system.

Trying to serve others' javascript safely is a much more complex problem than implementing SSL correctly, and that this attack for ancient systems went on for half-a-month, while Apple's exploit for all current iOS systems was available for 18 months, may not be making the point you think it is.

cherry picking is not a good argument

No, much better to make blanket assertions that Apple handles data better because that isn't its business (which is the original assertion that I was responding to).

Those examples were just that -- examples. Did you bother to read the link I gave about how apps from the same companies leak more user data on Apple than on Android?

Comment: Re: That explains a lot (Score 1) 336

by pem (#47942877) Attached to: Apple Locks iPhone 6/6+ NFC To Apple Pay Only

Citation, please.

Well, you can read all the headline news about how all the malware is on Android because Apple keeps it off of iWhatever, or you can try to figure out which system is better for the stuff you're actually going to use:

You can read the false equivalence narrative about how both Apple and google suffered data breaches recently, or you could use your brain and realize that you have seen evidence that it's pretty easy to get "private" stuff out of Apple's cloud, but there's not much evidence of getting it out of google's cloud:

You can read about how Apple is going to revolutionize payments, or you can read some of the user stories here about how people have been using google for payments for a long time with no problems, and you might think about how, even a few months ago, Apple had a major https problem:

And finally, you can ooh and aah about how iOS is now encrypting everything in a way that only the user can decrypt it "unlike [Apple's] competitors" and google is playing catchup, or you can dig deeper and find out that this has been an option on Android for three years, and all google has to do to match Apple is turn it on by default. (They probably had it off by default simply so Apple wouldn't be beating them in storage benchmarks.)

So you actually approve of a Business Model based on Tracking (and Selling) your every online move?

Now I have to ask you for a citation. Google targets ads to you, but AFAIK, unlike, say, Facebook, they don't actually sell your data directly to others. That's because, believe it or not, it is precious to them. Whether or not I approve the business model is immaterial, but I reject the premise that Apple is capable of handling data better because their business isn't based on handling data. Seriously, doesn't that sound like a stupid claim?

...and people think Apple aficionados are delusional???

That's only because enough of them are that it's a thing.

"Our vision is to speed up time, eventually eliminating it." -- Alex Schure