.gif)
(source: Ars Technica)
Friday, August 31, 2012
Monday, August 27, 2012
Re: Apple hitting Samsung with $1 billion patent fine
(via imgur)
Yeah, now that they've come out with that verdict, I'm going to start being shameless myself about shaming Apple.
Maybe I'll just keep yelling "Xerox PARC!"
Thursday, July 5, 2012
Re: Apple's import ban on Android phones
A reference if you aren't up on the news: Apple may seek U.S. ban of Samsung Galaxy S III today - CNET
Oh, and instead of repeating myself, I'll point to a previous post that makes clear what I think of some (j/k- most) software patents: Apple swings +6 mace of multitouch at enemies
UPDATE: This post was about the import ban, but oh man, even better is the ongoing trial between Apple and Samsung over the very essence of Android: Apple is accusing Android of outright ripping off the iPhone. It's basically a repeat of the Apple vs. Microsoft case in the 90's where Apple accused Windows of copying the Macintosh. Except if Microsoft ripped off Apple, then Apple ripped off Xerox PARC. But maybe that's another can of worms.
Wednesday, June 13, 2012
Breach update: eHarmony and Last.fm also hit, also idiots
Following up on my report of LinkedIn's password leak, I thought I should note that eHarmony and Last.fm were also hit. And speaking of the thoughtless security practices of LinkedIn, apparently these guys were worse.
Now, I'm not as mad about them because they don't handle user information nearly as important and sensitive as LinkedIn's. But while the SHA-1 hash function LinkedIn was using was weak, the MD5 hash function eHarmony and Last.fm were using has been known to be bad practice since 1996! Apparently they've managed to ignore good advice since the first Clinton administration!
Anyway, another interesting thing about the breach is that the Last.fm database has been floating around the dark parts of the Internet since 2010, so be sure to change your password there too.
Now, I'm not as mad about them because they don't handle user information nearly as important and sensitive as LinkedIn's. But while the SHA-1 hash function LinkedIn was using was weak, the MD5 hash function eHarmony and Last.fm were using has been known to be bad practice since 1996! Apparently they've managed to ignore good advice since the first Clinton administration!
Anyway, another interesting thing about the breach is that the Last.fm database has been floating around the dark parts of the Internet since 2010, so be sure to change your password there too.
Monday, June 11, 2012
Closed my LinkedIn account
In case you haven't seen, last week it became known that LinkedIn had been hacked. 8 million passwords had been leaked to the public, and who knows how many the infiltrators kept to themselves. The passwords were obscured by a hash, but they used a hash function with vulnerabilities that have been known for years, and worse, they didn't use a salt. Normally it wouldn't be a big deal if a password database was leaked if its designers weren't clueless. Instead, with the incredibly weak hashing done by LinkedIn, over half the passwords have been cracked and are known to hackers in their original, unobscured form. So if you haven't yet, change your password at LinkedIn (also, eHarmony may have been hit). Or, if you don't really need it, you can take the approach I did and delete your account.
Here's the issue: LinkedIn has proven that they cannot be trusted with sensitive information. First we find out that its Android app has been storing users' passwords in plaintext, a truly bone-headed and reprehensible security practice. This is the security equivalent of failing kindergarten. Then last week we find out that when you enable a certain calendar-integration feature, its mobile app mines your phone's calendar data and sends it back to its servers, again all in plaintext. And now this password database appears on the internet, showing that not only have they been hacked, but their storage of our most security-sensitive information is once again failing at the most basic security practices. And, I note, I haven't received a single email or intra-site message alerting me to the event. Looks like they're not notifying their users at all? I guess they're now showing that they can't even respond in a responsible manner that shows any care for their customers' data.
So my advice: if you find LinkedIn provides you with real professional advantages, proceed with caution. But if you're not really getting enough out of it to justify putting up with these idiots, consider following me to the exit.
Thursday, May 17, 2012
Bubble 2.0 - details on the eve of Facebook's IPO
Okay, so back when Facebook was first valued at $50 billion I wrote a post proclaiming a new tech bubble.
But then a friend mentioned that it's not very meaningful to just say that we're in a bubble. The useful thing is to say when it will end, how much prices will drop, or at least what phase of the bubble we're in.
Touché. I didn't have an answer to that. But now I just ran into an interview on (shudder) TechCrunch that was actually very informative. It was with a tech investor, and I know what you're thinking, but he actually seems quite grounded and well-versed in the economic history of bubbles. I think he gives a pretty realistic picture of where we are.
In short, we're in the second or third phase of a bubble that was kicked off by Yuri Milner and Microsoft investing in Facebook at a $10-15 billion valuation. Then the second phase was high valuations of competitors like Twitter. And yes, the third phase will follow high-price purchases like Instagram at $1 billion. But I guess what really matters is the fact that it's not going to really get crazy (and crash soon after) until people stop worrying that it's a bubble and it's all fake. Buuuut I'm not sure that'll ever happen, given the memories of the last bubble. So I don't quite know how that plays out. In the end it seems we still have a few years before it all crashes to earth.
The video: “In the Studio,” CRV’s George Zachary Discusses Bubbles on the Eve of Facebook’s IPO - TechCrunch
But then a friend mentioned that it's not very meaningful to just say that we're in a bubble. The useful thing is to say when it will end, how much prices will drop, or at least what phase of the bubble we're in.
Touché. I didn't have an answer to that. But now I just ran into an interview on (shudder) TechCrunch that was actually very informative. It was with a tech investor, and I know what you're thinking, but he actually seems quite grounded and well-versed in the economic history of bubbles. I think he gives a pretty realistic picture of where we are.
In short, we're in the second or third phase of a bubble that was kicked off by Yuri Milner and Microsoft investing in Facebook at a $10-15 billion valuation. Then the second phase was high valuations of competitors like Twitter. And yes, the third phase will follow high-price purchases like Instagram at $1 billion. But I guess what really matters is the fact that it's not going to really get crazy (and crash soon after) until people stop worrying that it's a bubble and it's all fake. Buuuut I'm not sure that'll ever happen, given the memories of the last bubble. So I don't quite know how that plays out. In the end it seems we still have a few years before it all crashes to earth.
The video: “In the Studio,” CRV’s George Zachary Discusses Bubbles on the Eve of Facebook’s IPO - TechCrunch
Friday, May 11, 2012
Oh Hulu
Chainsawsuit puts it well, and then comically, as usual. To be clear, this isn't Hulu itself pushing for this, but instead the major studios (once again) trying to strangle it through restrictions. And it's not necessarily actually going to happen. Still, it's one more reason I suspect they're never going to learn, and we'll be forced to find some way to make them irrelevant.
Friday, May 4, 2012
Friday, March 2, 2012
Google's new privacy policy: Nothing new
Or at least, nothing we didn't think was already happening.
Yesterday, Google's infamous new privacy policy went into effect. I've seen so much ranting and catastrophizing about this, I feel like I have to add to the few voices clarifying what's actually changing:
Which is why I'm kind of surprised at the uproar. I thought everyone already assumed they did that! Especially after the Wall Street Journal's big "The Internet is Scary"* series. Google is supposed to be the worst offender, right? Why wouldn't they be using every bit of information they can suck up? Honestly, when the privacy policy thing hit headlines I was kind of impressed that they'd kept this stuff separated.
But really, I'm not surprised. This just reminds me of moments like when the internet started focusing on ACTA after SOPA/PIPA were defeated. There were all sorts of scare stories going around, talking about how ACTA was SOPA squared, when there was absolutely no truth to that. It turns out, people on the internet will dump a ton of effort into getting outraged about something, without spending half that effort to actually find out what that something is.
*Disclaimer: Yes, there are many problems with the level of personal tracking on the web and the lack of user consent or knowledge. We need a lot more of both. I think the Do Not Track header has potential, as long as it's done correctly. But most stories, including the WSJ ones, just come off as "Watch out! They eat people out there on the internet!"
Yesterday, Google's infamous new privacy policy went into effect. I've seen so much ranting and catastrophizing about this, I feel like I have to add to the few voices clarifying what's actually changing:
They aren't collecting more information on you.
They aren't sharing more information with others.Is that clear enough? All that's happening is that they're pooling the information they already collect through different sites like Youtube and Google Search, instead of keeping it compartmentalized. So instead of Youtube ads being personalized based only on what you search at youtube.com, they'll also use what you search at google.com. That's what's new.
Which is why I'm kind of surprised at the uproar. I thought everyone already assumed they did that! Especially after the Wall Street Journal's big "The Internet is Scary"* series. Google is supposed to be the worst offender, right? Why wouldn't they be using every bit of information they can suck up? Honestly, when the privacy policy thing hit headlines I was kind of impressed that they'd kept this stuff separated.
But really, I'm not surprised. This just reminds me of moments like when the internet started focusing on ACTA after SOPA/PIPA were defeated. There were all sorts of scare stories going around, talking about how ACTA was SOPA squared, when there was absolutely no truth to that. It turns out, people on the internet will dump a ton of effort into getting outraged about something, without spending half that effort to actually find out what that something is.
*Disclaimer: Yes, there are many problems with the level of personal tracking on the web and the lack of user consent or knowledge. We need a lot more of both. I think the Do Not Track header has potential, as long as it's done correctly. But most stories, including the WSJ ones, just come off as "Watch out! They eat people out there on the internet!"
Thursday, March 1, 2012
Subscribe to:
Posts (Atom)
