Hacker Newsnew | comments | show | ask | jobs | submit | itistoday's comments login

Why isn't this on the front page given the number of upvotes it's gotten (12 in 32 minutes?).

Yet this is?

  Show HN: New Fwix Local API (from the team at Fwix)
  4 points by goo 56 minutes ago | flag | 1 comment

-----


Because mob rule would turn HN into a reddit without the option to remove mob strongholds from view.

-----


That this story is being silenced out in so many places... blows my mind. HN should be ashamed to participate in the censorship.

The President of the United States is blatantly violating the Constitution (in one of the worst ways), and nobody cares.

-----


The submission needs a less inflammatory title. I don't see any evidence in the article that Obama is specifically calling for this or that he has any say in Manning's treatment.

-----


Your decision to turn a willful blind eye to this is part of the problem. If you know nothing about how the government works, perhaps you should listen to the law professors linked above.

In an indirect way, you are also helping contribute to Manning's continuing detainment and torture. Sleep with that.

-----


I'm asking for the lines in the constitution, a law, or some court ruling that gives the President the power to make the Pentagon to do something. That's not turning a blind eye, it's asking for more than bold words and demands for action.

The article doesn't provide that.

-----


Article 2 section 2. He's the commander in chief of the military and as such the military has to do what he says. It also offers specific provisions for pardons and reprieves.

-----


Just sent the President a letter and asked for a reply. Let's see what happens.

-----


The President is sworn to uphold and protect the Constitution (by law, and upon accepting office). He can do this through whatever means are available to him, including executive orders, and rallying public support for legislation.

BTW, the title is "inflammatory" because the situation justifies it. It's an inflammatory situation, as it should be!

Find whatever excuse you want though for not approving this. Whatever helps you sleep.

-----


I'm trying to find something that will let me take action. A letter to the President politely asking him to make the Pentagon be nice would be filed right next to all the letters asking him to ban Martians.

It's not actionable. I can't do anything with it. I've gone through the wiki on Presidential powers and don't see it.

-----


BTW, HN has already turned into reddit, and the fact that this didn't make it to the front page is further evidence of that.

-----


Everything on your website that in any way addresses "Dropbox's security" should make absolutely clear the extent to which users can expect their data to be "secure".

In Dropbox's case, users can expect the following:

  - Data is probably secure from sniffers
That's it.

It matters little whether "Drew has physical access to our storage servers anymore". Your code obviously has easy access to the keys used to encrypt and decrypt the data. This means all of the following scenarios are possible:

  - User's data is obtained via the government (users 
    aren't necessarily even informed about this)
  - User's data is obtained by rouge employee (potentially
    leaking to _anyone_ or _anything_)
  - User's data is obtained by hacker (again, implies ZERO 
    assurance of data security).
So don't flash around "AES this or that" without making it absolutely clear to the average user that what you are doing is the equivalent of storing their data in a shed guarded by a lock that can be accessed by anyone who can find (or demand) the key that you've hidden under a rock somewhere.

-----


you're right in that all these things are theoretically possible in a system where the encryption key is not stored client-side. I don't know of many services that advertise every way in which their systems could be compromised. I think you'd be hard pressed to find a company doing this. in the case of google - is there a document explaining all the places your email could end up?

we believe that what we advertise is in our userbase's best interest. in theory, we could generate a lengthy document attempting to explain every possible way dropbox could be compromised. but in practice, discussing these extremely unlikely theoretical vulnerabilities would generate undue fear. as an ironic sidenote: this thread was spawned by an attempt we made to clarify our handling of court orders (see: http://www.businessinsider.com/dropbox-updates-security-term... )

I say "undue fear" for a couple reasons. first and foremost because we are vigilant about making sure that user data is never compromised. our reputation would be permanently damaged if dropbox is compromised. we have a lot of smart, security conscious people making sure data in dropbox is safe.

we're also listening to feedback we've been hearing from the community on things we can do to improve security. a couple concrete examples: we're working on better protecting the authentication token (config.db) so that gaining access to a dropbox account on a compromised machine is much more difficult. similarly we're working on a performant way to transmit file metadata over SSL on the mobile apps.

secondly, we believe that storing data in dropbox is far more safe than the alternatives. we've designed dropbox to protect user data against threats of all kinds, but we've focused the most on helping users avoid the most common threats to their data: not having any backups at all, not having current backups, accidentally deleting files, losing hours of work, leaving files on the wrong computer, losing a USB drive with sensitive info, protecting from curious snoopers on the dorm network, etc.

for all the talk of security issues in the last few weeks, we're not aware of anybody having been affected by these theoretical vulnerabilities. on the flip side, we have (literally) saved thousands of college kids from losing their theses :-).

-----


Arash good security is about mitigating theoretical risks before they become actual.

I am most disappointed in Dropbox because you had made statements like all our data is AES encrypted and our staff do not have access to your data. These are clearly incomplete for the former and are plainly not true for the latter. They are misleading and un-ethical in that they have assisted you in gaining you all these customers. As stated above you should clearly stop using security as selling point and only state you provide security in transit (https) or actually put in place technical measures to make those statements true.

Personally I will no longer be recommending Dropbox and will instead recommend your competitors including changing my answers on Quora: http://www.quora.com/Dropbox?q=dropbox

-----


Really, dropbox is probably more secure than most complainers' computers; but when you say things like

    - All transmission of file data occurs over an encrypted channel (SSL).
    - All files stored on Dropbox servers are encrypted (AES-256)
and this turns out to mean "file metadata may not be encrypted" and "all files stored on Dropbox servers are encrypted with the same key (AES-256)"... well, people are going to call "snake oil".

-----


This is a discussion of the consistency of advertised security claims with disclosures about availability of data to government subpoena.

In that context, statements like "we believe that what we advertise is in our userbase's best interest" make my ears prick up. I'm not a crypto expert, but this sort of thing does not seem like a straightforward response to the OP.

-----


The point is that these are the kinds of claims you should be making in the marketing. Users are smart enough to understand "We are vigilant about making sure that user data is never compromised". You shouldn't be trying to bamboozle them with official-sounding acronyms like AES - that when it comes down to it, mean little.

-----


There are classes of users who will consider it snake oil if well-known encryption algorithm names aren't used, because it implies home-grown encryption.

-----


"Our reputation would be permanently damaged if dropbox is compromised."

This is why I trust DropBox with my data: because I'm a paying customer. That means our goals are aligned.

-----


But you are not Google, and I expect you to have higher standards. Don't take Google as the reference data point, it's a fairly low one as far as reference data points go.

On a related note, Dropbox is not the only company that advertises security even though what really is offered is kind-of-security. See Backblaze, for example — yes, the data is (supposedly) encrypted using my private key, which (supposedly) only stays on my machine, but I can't be sure because it isn't auditable, and to do a restore I have to supply my private key to the Backblaze website, instead of using a local decryption tool. Not good.

-----


>we're not aware of anybody having been affected by these theoretical vulnerabilities. on the flip side, we have (literally) saved thousands of college kids from losing their theses

I like the idea of what your service does, but this statement just advertizes the success of one feature to back up the failings of another.

If you just want to offer file storage, just set up an http-only svn server and be done with it.

If you want to offer proper encryption, do so, or don't say that you do.

-----


Add Dreamhost to this list.

-----


law enforcement would need a warrant to get the information

No, it doesn't.

https://www.eff.org/issues/nsa-spying

-----


The NSA isn't a law enforcement agency. Rightly or wrongly, US intelligence agencies seem to have a rather different set of rules these days than the rest of us are following, including most law enforcement. Bottom line is if they're wanting to use it to convict you of a crime they'll need a warrant for it (before most judges, at least).

If you're worried about NSA (llegal) spying in general, presumably the carriers retaining the data only makes it a bit easier for them. Since the info will need to be traveling around the network while you're active, they could easily just intercept that like they intercepted the voice calls.

-----


OK, but the link seemed to have a happy ending, so I'm not sure if what you're saying is still true:

As a result of a settlement in the case, the FBI lifts the gag on Nick Merrill, the ACLU's client and the first NSL recipient to challenge the records demand.

-----


On this topic, would you switch telecom providers for privacy?

http://news.ycombinator.com/item?id=2385463

-----


The Color bashing is amusing, really, but at this point it's quite literally becoming marketing for them (perhaps that was their real genius). The more Yes upvotes it gets to flunk, the less likely that is it seems.

If this app is really so outrageously bad, then it seems odd to devote several of the top stories on HN to it; perhaps leave that to Reddit. ;)

-----


The "no publicity is bad publicity" marketing strategy doesn't actually work if your product is crap. Take Cuil for example: they launched with a disastrous product with massive hype, and became the target of endless jokes. Regaining credibility after that must have been impossible, even if they'd managed to fix their search engine.

It's even worse if your product depends on network effects; poison the well early on, and you reduce the chances of going viral later even if the issues are fixed. It seems a safe bet that whatever chance Google Buzz had died with the initial privacy controversies.

-----


Is it really HN's place to attempt to influence the fate of Color? I'm not a fan of the app by any means, but I'm not sitting here hoping for it to fail.

-----


> Is it really HN's place to attempt to influence the fate of Color?

Certainly that is not HN's place or purpose. HN's purpose is to provide high-quality Hacker News. Its readership gets to decide what that is.

(Sidenote: A side effect of that is, yes, a force that can influence the fate of one project or another.)

-----


I'm not sure why people are upvoting your comment.

Actually, I do know why. It's a depressing disenchantment with government.

They don't understand that government is not going anywhere, and that government can be as good as it can be bad.

The quote zmblum posted is brilliant, and it is an example of what Good Government is capable of. It is not just for your 5th grade civics class. It's for RIGHT NOW. Read the quote, understand and respect it and its authors, and take action. The government is not just them, it's also you, and sitting on the sidelines being cynical is supporting them.

-----


>The government is not just them, it's also you, and sitting on the sidelines being cynical is supporting them.

One can be cynical without being resigned. Cynicism is recognition of the depth and breadth of corruption and not necessarily equivalent to apathy.

But you're right that the corruption we see in the government is a reflection of our own corruption. The mess we now find ourselves in wouldn't be possible without generations of self-deception, apathy, and twisted values. We let ourselves be conned into building the world that the founding fathers warned us against. We'll likely only wake up when survival itself is at stake.

-----


Tongue-in-cheek.

-----


They don't understand that government is not going anywhere, and that government can be as good as it can be bad.

No way in hell. Where, in either the future or the history books, is the saintly leader who will counterbalance a Stalin or a Mao?

-----


I think the point is government that is not necessarily led by a single person. Though the president of the US is the 'leader,' he does share power with the Supreme Court and Congress. Just because everyone likes to point to the president when things go wrong doesn't mean there aren't others that share in the blame...

The current problem with the system is that: 1) the Federal government has grown too large, and 2) the US is ruled by only two political parties that are both (at their core) about the status quo and not all that different from each other.

-----


May I suggest that the current US political debate is virulently polarizing and unproductive?

Perhaps the issue Good Governance vs Bad Governance would be effective/useful? (as opposed to the current axis of big vs small)

As was said by Deng Xiapong "it doesn't matter if the cat is white or black.."

-----


Big government has more chance for corruption because the system ends up growing ever-more complex. Parts the of the system that are useless never get culled, they just keep finding ways to retain minimal amounts of relevance, while attempting to maintain or increase their funding levels.

It's harder to have 'good government' when there are more ways for it to fail.

-----


Which is great and fine in a theoretical world. You guys just had your economy blow up. IT doesn't matter if its big or small. It matters if it works. Ignore size.

-----


Ok, so you determine that it isn't working. Then you try to figure out how and why so that you can fix the problem and you find out that it's death by a thousand cuts.

I'm not so delusional to think that there will be some magical shrinking of the government, but you seem to be telling me that it isn't a worthy goal, which I disagree with. You can have the goal of making the government work now while at the same time trying to trim away the useless pieces.

-----


I have no issue with a smaller government. I just don't see how smaller or bigger government are worthy goals IN and OF themselves. It just needs to be working government.

The debate about big vs small govt. is one of many, pointless hand-wavy, ideas used to harm your debate.

Is it wrong to point out that something is being used to obfuscate discussion, polarize opinion, and detract from getting a solution?

-----


Joe's Good Governance is Bob's Bad Governance. People fundamentally differ on what the government should do; there's no "right answer" that everyone could agree on if only they'd sit down and discuss it reasonably.

-----


True for debates on Governance, but it can't be completely true for specifics and tactical matters. Matter of fact its pretty much the only way you can bring intelligence, experience, vision and ability to bear. True, some things are not clear cut, at which point you can debate.

Besides, even what you said is a sensible start, yet most of America seems far from having a sensible debate about Governance. From outside, every thing that happens is twisted into some sort of attack vector for ... I don't know what.

-----


>As was said by Deng Xiapong "it doesn't matter if the cat is white or black.."

..because "Parkinson's Law works everywhere." - Mikhail Gorbachev

-----


I hadn't read that quote though, thanks for pointing it out - http://en.wikipedia.org/wiki/Parkinsons_Law

the irony is that Quote 1 - China Quote 2 - USSR

-----


Gandhi?

-----


From his site FAQ:

Q: Why doesn't the EFF fund this?

A: Ask them. They have offered to provide some legal help though, which is much appreciated.

-----


I think the events in Tunisia and Egypt show just how wrong that perspective is. Twitter and social media in general are in their infancy and yet already are having such a massive impact on social change around the world.

The ability to communicate thoughts, events, instantaneously, as they happen, and from the people actively involved in those events around the world, is unprecedented in human history.

The revolution has been tweeted. It does not depend solely on twitter and the like, but these are not tools to be underestimated.

Just compare the quality of the content you're getting by following people actively engaged in the revolution on twitter, with what you see on CNN. This is revolutionary.

-----


I think the revolutionary effect you are seeing can be better attributed to the fact that these populations have access to the Internet, especially through mobile phone. These people aren't leveraging the unique features of social media (the web of interpersonal relationships) so much as they are leveraging the ability to quickly get text, pictures, and video out of the country and onto servers hosted in countries sympathetic to the protestors. It just happens that Twitter and Facebook are currently the fastest ways to get something published and seen.

-----


I disagree - because the ability to get text pictures and video out of the country reliese on the fact you're putting it onto a network where plenty of people are linked together. Just posting it onto the internet - with no social network apps - it's much less likely to catch and go viral.

The networking capabilities of these appliations is what makes them useful to protesting organisations. Otherwise there woudl be a deluge of emails going out to notify of each individual update - rather than a simple, distributed notification which people can jump on at any point.

-----


Btw, I should add an anecdotal example of what's possible.

Near the start of the uprising, parts of the protest pamphlet were leaked online (http://j.mp/hZf7uY) before the protest was set to take place. The pamphlet explicitly requested secrecy so that the details of the protest would not get into the hands of the government.

I was lying in bed in San Francisco, watching as news of this broke out on my iPhone twitter stream. Many people, myself included, were able to convince the author of the piece to delete his tweet with the link to the post, and while the post itself wasn't taken down, I wasn't able to find it from the publication's front page, and the post itself was edited to include a link to a video submitted by a twitter user of a man being shot and killed by the Egyptian police.

And that's just a small incident I happened to stumble across. I think that illustrates how profoundly the world has changed, where individuals, anywhere on the planet, can influence people and events in ways that can have significant consequences. All that, through a few tweets.

-----

More

Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: