It really inconveniences the recipient. They cannot copy and paste the email. This can sometimes be important. Often private emails contain usernames, passwords or urls.
You cannot view emails on multiple computers without first yourself going out of the way to register multiple devices..
There are many scenarios where forwarding the email is important. You may want your solicitor to look at it whatever.
It seems to me the best use of this service is just to send people some hate mail as it makes it difficult for laymen computer user to forward it to someone who can do something about it.
Email isn't a secure platform, if you don't want what you write getting out there don't send it, use another medium, avoid sending emails to untrusted people.
Making the email an image means I probably won't read it.. I guess that is one way to stop me from forwarding it.
It's all down to ignorance really isn't it. Isolated incidents by themselves aren't really a big deal. Idiots are everywhere. Sometimes people just don't think before speaking.
Sometimes the odd jibe is actually amusing. Of course when the jibe has been heard a hundred times before it never is.
I have a stutter and the amount of crap I have had over the years is rediculous. It isn't people taking the piss, I am used to that. Its people being 'kind'. People assuming I cannot do something or wouldn't want to do something on account of my speech. People being 'protective' or finishing sentences...
The outride rudeness of people is easy to confront and challenge. It is the subtle stuff which is very difficult to deal with. Often people genuinely do not understand that they have done something wrong. They were just asking someone to take notes and you have become the defacto note taker... whats wrong with that?
I have always thought the best thing to do is stand your ground but if you do that every time you get a reputation of being a stickler and being less approachable. The trouble is finding the right balance between letting the odd thing slide without just leaving yourself open to taking crap.
I feel for Katie and think it is a shame that she has been effectively forced out doing she something she enjoys by the ignorance of others.
To me it doesn't even make sense. What is this 'Women:' bit about?
If you discount the 'Women colon' I think if anything it offends programmers. Are we really so geeky that we would go to an event just to get a beer from 'female' event staff?
Perhaps they think their audience is locked in some underground lair 364 days of the year and women have become nothing but a mythical creature to a programmer. The promise of seeing this rare and mysterious creature serve beer would make someone like me want to go? I think not.
There are 3 things that bug me about this.
1) The quote makes no sense and if you try to rationalise it attendees should be most offended.
2) People have got into such a kerfuffle which in scheme of things shows the inexperience of the hosts rather than their malace.
3) The event might not go ahead at all because of this... which seems like a bit of a shame.
This looks like a storm in the tea cup brewed by people who don't get out enough.
I came here looking for the standard, oblivious, "Hey, what's so sexist about being completely sexist?" comment.
As usual, HN did not disappoint.
So let me explain:
"Women" are not a perk. Women are humans with as much value to contribute to software development as men. To list them as a "perk" and to relegate them to a service role minimizes women in two ways beyond the obvious, gross objectification:
First, by saying "hey, all women are good for at this event is serving beer."
Second, and much more toxic, listing women as a perk reveals the unspoken understanding that heterosexual males are the intended audience for the event and that anyone else is secondary.
> I think if anything it offends programmers.
But yeah, by all means, muster up some indignation for all the poor, privileged, over-represented men who should be offended by this.
I definitely agree with you, but I think men should be offended by this! What many heterosexual men don't seem to get is that sexism against women usually hurts them too. TV commercials that treat women as objects are usually also sending the message that men are drooling hormonal morons. If a sitcom wife is portrayed as a shrieking harpy, she's usually berating the dopey, inept man who screwed everything up.
It's bad for all of us. Sexism (or any -ism) is a net negative for anyone who values the intellectual growth of society, regardless of sex, gender, or orientation.
pfft... like I said "What is this 'Women:' bit about?"
I didn't realise that they had listed women explicity as a perk. I just thought it was a bad bit of copy. I didn't see their original site and as it has now been taken down.
I thought they had listed it in a less obvious way noting the servers would be women to bait males to attend.
Perhaps this is a bit more than a kerfuffle then.
While what they wrote turned out to be sexist I don't think at all this was there intention. They fell into the trap of sterotyping their audience. If your a hacker your probably a pale introvert with little access to women. The trouble is a hacker/programmer/whatever is just a job title. The people who do these jobs have variety personalities and genitals.
If anything they misunderstood their audience which is a shame really and managed to generate some copy that could offend just about everyone.
Are you serious? "Generate some copy?" Copy doesn't just appear out of nowhere. Someone wrote that, and meant to write that, you're kidding yourself if you think they didn't.
I have no idea what you are on about to be honest.
Surely in this context generate == produce. I don't really get how you could take what I wrote as 'these guys made content "magically appear" in their event description'.
In context, the "Women:" part denoted the title of a perk in a bulleted list of perks, which absolutely makes this more offensive. The idea that you would put "Women" in the same list of perks as "Food", especially in a widely public way, is sort of mindblowing.
After food, shelter and possibly respect from one's tribe, women are probably next on the hierarchy of needs for most men. Interestingly, even women tend to prefer looking at beautiful female forms to beautiful male forms.
This isn't the kind of language that should be used by an event trying to attract female participants, but on the other hand I don't think many men would object to being listed as a "perk" at an event for elementary school teachers, flight attendants or some other female-dominated field. There certainly wouldn't have been a lynch-mob reaction as there was in this case.
The real world is asymmetric... and that holds for every human culture.
The difference between your conceptual examples and what has happened here in reality is in part a matter of history. There is the history of women being objectified to promote and sell things, and the better part of society has decided that this history is in poor taste and is something to rise above, especially for a professionally affiliated event. There is no comparable history for men, and any event objectifying them as a promotion would clearly be seen as being tongue in cheek - the kind of joke the backpedaling event organizers here would like to be seen as having made, but one that cannot be made honestly in such a straightforward way because of the asymmetry of the social treatment of women and men historically. You might think it would be nice to make a clean break from this history, but it will never be as simple as everyone suddenly agreeing to clear off the scoreboard and start from scratch.
Actually, I think you may have misinterpreted me. It's not simply a matter of history or culture. There will be a greater market for looking at attractive females than for attractive males in the greater human culture until we have the ability and the will to re-engineer our biology. I would be very surprised if any level of condemning men and/or other social manipulation changes this in our lifetimes.
Sex sells. While there are good reasons for restrictions in many situations, the successful strategy will be to walk up to the line of what's acceptable, whether that is booth babes or simply having attractive people (particularly women) in PR and advertising materials. This isn't an ideal situation, but unfortunately we don't live in an ideal world.
I can respect people who wish we were built to value competence or altruism like this instead of sex. It's very hard to make progress without addressing reality, though. One of the more unfortunate things about political fads is that they make it difficult for people to even discuss issues. It's far easier to write-off, downmod or brand dissenting opinions as immoral, heretical, communist, sexist, divisive, etc... than it is to really probe them.
I don't think the quality of their writing is the problem. Their "apology" comes across as the same kind of apology a child gives when their parent forces them to apologise for something, but they don't really think what they did was wrong. But hey, nobody can complain anymore because they apologised, right?
And your suggestion is that they say or do nothing until they believe all the same things you believe? Sometimes people have a real disagreement or contention.
I think there is some value to "I'm sorry that upset you" -- obviously the apologizer is not sorry that the thing was done, but they are indicating they did not mean it maliciously.
2) If you're putting on an event where you have paying sponsors, "inexperience" is a pretty lame excuse. If you're going to play in the big leagues, you get held up to the standards of professionalism of the big leagues. As far as i'm concerned, they're being accorded the appropriate level of respect & deference.
"""The slope of this graph is the whole story. The complicated general purpose computers are at the bottom, and the simpler specialized computers are at the top."""
This is a terrible graph. The Mac has always been a premium niche computer. 28 years ago computing was in its infancy and computers were expensive, unnetworked with limited benefit to the average household.
Compare this the iPad / iPod Touch and iPhone. These are main stream devices that achieved immediate traction. It is unrealistic to compare Mac sales with those of main stream devices.
You then have the desktop market as a whole. If you compare any single company or brand of desktop against iPad sales, desktop sales would look in trouble. However, if you compare desktop sales to tablet sales it is clear that tablets are still only in their infancy.
BUT TABLETS ARE SELLING FASTER THAN DESKTOPS!
I don't know if this true but it doesn't matter and it doesn't say much about the state of desktops. Everyone has a computer, the market is saturated. No one has a tablet. It makes sense that tablet sales would rocket.
Buying tablets also make a lot of sense for people who just consume content. The fact is though that the iPad isn't great for productivity. It is far better for consuming content. This is what most people do.
However if you want to program, edit images, write a novel, maintain spreadsheets, make movies etc a desktop / laptop is what you need.
The PC isn't dead and it isn't dying. It has reached a point where people only buy replacements. Now yes, some people may switch perminantly to a tablet. Thats fine. For the forseeable future though there will be a large market of business and consumers who require more than a tablet can provide.
------
The article also touches on how great the new iPad screen is. I don't think its all that. I walked past the demo of 'the new iPad' twice before asking a sales guy to point to which one was 'the new iPad'. Yes, if you put the screen close to your face you see less pixelation on icons. For general web surfing though I saw no perceived difference. Hell, I don't really see any pixelation on my iPad2. Perhaps I am not holding it close enough to my face...
As has been pointed out in the replies about 30 times already, PostPC doesn't mean the PC is dead, it only means that the PC market is mature and innovation slows way down as everyone focuses on newer more dynamic markets. The fact that people feel no need to upgrade their PCs anymore yet they are still rushing out to buy the new iPad is symptomatic of that. Surely I'll buy a new PC in the future to replace my old one, but I don't expect my sister or dad to do the same.
I once had a workmate in 1999 whose sentiment was similar to your post, just focusing on a different device. We got into an argument about whether the desktop PC market was over or not. He didn't really believe that laptops were really more than niche devices, they were too slow, displays were too small, that most people would use desktop PCs for decades to come. That you could never do more than surf the web on it, you couldn't hack serious code with it.
That tablets are for consumption only...really? Diagramming (e.g., OmniGraffle), vector graphic production, sketching, mixing and producing music, editing images, updating a spreadsheet...why not? Many are using tablets for production already. Every year someone says iPad can't do X, the next year someone releases something that does X and it actually doesn't suck.
I often use my iPad 2 in bed (~1 foot distance), the screen is really close and I can see the pixels. The new iPad is absolutely frigging amazing, I'll never look at my crappy DELL/HP monitors at work in a positive way again (yes, I can see the pixels!). Why have we been stuck at the same crappy 1920x1200 pixel resolution for at least 5 years now? Could it be that no one care about innovating in the PC market because they can't make any money? That a 10" iPad has a higher resolution than my 24" PC monitor is totally Post PC.
Simply wait ;-) probably with age your sight will decrease and at one point you simply will stop to see difference.
I guess that 70% or more of people in theirs 30's will have problem with seeing difference (except brighter colors). Of course in one or two years everything will have screens with more pixels, but from some point it will be always only marketing thing.
As for now if you look on 22 cm long screen with resolution 1280 pixels for width, and you keep screen in 0.5 m distance it means that one pixel have size of 1.17 minute, so some, and maybe even most of people aren't able to distinguish single pixels.
Some people are using tablets for work, some are doing the same on phones, but for many computers are much more comfortable. It is very personal thing, for me tablet is cool for playing in some addictive games like Cut the Rope or Where's my water? but I will kill anybody who will propose to change my computer which I'm using for development for any tablet. The same, after reading several books on tablet I much more like reading on Kindle, it hasn't this ugly glossy screen when I can see me instead of text ;-)
Higher PPI is more important, not less, as your eyesight degrades. Turns out pixelation is bad for your eyes. The advantage to having a higher PPI is that things are clearer, not smaller as some windows aficionados have come to expect.
Nobody is significantly investing in desktop pc display technology right now as far as I know, not samsung or LG, it's very stagnate. That's the point, PC R&D seems as good as dead. It's a big shame, I would really love a decent display for my workstation.
Back in The Day, they had some nice quality dot-matrix printers. They were pretty nice, much more flexible than my parents' letter-quality daisy wheel printer. You could print out cool banners with Print Shop! You could even play music on them. I'd guess they were about the same resolution as the iPad1. I don't remember anybody complaining about being able to see the pixels.
When 300 dpi laser printers arrived, nobody looked back. You could almost imagine that your school reports were typeset. It looked so professional! (If only the writing had been professional...) With 300 dpi iPad's you can almost imagine you're reading a book. People who are visual will care about this. I can see the subpixel coloring on my 20" monitor. If I turn it off, my antialiased text still has blurry vertical lines. It drives me nuts!
Or maybe the best example (again, back in The Day) was when my friend got his 32-bit Nintendo. He demoed a game and I said, "meh, it doesn't really seem all that better." Then he brought out Super Mario 3 on the 8-bit Nintendo and wow, was it painful.
I'm assuming prewett meant 16 bit, which would be the SNES. The only comparison I've seen people make between the N64/Gamecube and NES/SNES is that sprite-based games aged better than early 3D games.
He might be talking about the N64 (which IIRC most games used the set of 32-bit instructions because they were faster and "accurate enough" at the time. - Not sure, though.)
> This is a terrible graph.
I suppose it depends on the perspective. From an investor's perspective it's actually a very interesting graph that visually (partly) explains the ongoing explosion of AAPL profits.
I feel the same way unfortunately. I really wanted to like DDG but compared to Google I just found it a little too slow.
I really like the bang syntax and well.. the search engine as a whole I guess. I think it is the lack of Google style ajax fast content loading which makes adjusting searches just seem really slow.
I agree that a person doesn't need to actually visit a country to face extradition. I agree that the US should be able to extradite people who break their laws and harm American citizens and business.
However this doesn't look like a legal action to me. It looks like a political one.
The guy never hosted the content. He simply created a resource that made content already hosted on hundreds of websites elsewhere easier to find.
Where does it stop? If my website links to a site like The Pirate Bay or whatever does that mean I am helping people infringe copyright? If a US citizen verbally asks me where they can 'aquire' photoshop and I say.. "Oh you could probably find a torrent at blah address" does this book me a one way trip to the states?
US silliness aside it is demoralising that the UK Government provides so little protection to residents. This guy didn't physically harm anyone. He didn't make a site that specifically targetted the US. He didn't host the content. He didn't visit the US or host his site there. He didn't even break a UK law...
How you can send a resident to - potentially - be incarcerated in a foreign country for commiting an act which your own legal system doesn't believe is a crime is beyond me.
Nobody is going to extradite you for putting a link on your personal website to The Pirate Bay. In fact: they can't; even if that link technically does establish contributory infringement, your liability for posting that link is civil, not criminal.
That's not what this guy did. He made 15,000GBP/mo placing ads on a site that prominently featured first-run movies and included promotional copy he himself added suggesting that the site would save you money because you didn't have to go to a theater. It's the running a business on copyright infringement that gets you charged criminally.
107(2A) Copyright, Designs and Patents Act 1988:
“A person who infringes copyright in a work by communicating the work in public
(a) in the course of business, or
(b) otherwise than in the course of business but to such an extent as to affect prejudicially the owner of the copyright commits an offence if he knows or has reason to believe that, by doing so he is infringing copyright in that work”.
What's meant by 'communicating' here then? And wouldn't the second clause---by the same standard---make linking to copyrighted material that is illegally distributed unlawful in any case? What a terribly written law.
Are you a UK lawyer? I'm not. I don't feel like I can productively argue this point with you. What I can say is that the citation of that law and the conclusion that O'Dwyer should be tried for violating it came from a UK judge; I linked to the ruling upthread.
Careful! You're openly talking about "Th3 Pir4t3 B4Y"! If someone looked up the site mentioned in your comment, they might infringe, and you've contributed. Giving the name of the place to find pirated material is a very short jump from an http link.
maqr, I actually googled "Th3 Pir4t3 B4Y" and got to "The Pirate Bay" website. Thanks, brother! Just learnt about this site! boy I was soo naive buying all those CDs and DVDs and BluRays!! I say: no more!
This makes you wonder about the current supply of talented developers. Where has that supply gone?
I see no reason why Twitter would aquire Posterous for any reason other than the experience that the staff have. As far as I am aware Posterous doesn't hold any valued patents. It doesn't appear to be leading the way in pioneering technology. I don't really see how the site itself fits in with Twitter's strategy.
It looks like a smash and grab to get more staff. Is this a statement about the typically applicant Twitter recieves when looking to hire? Its also a shame as aquisition's like this are happening more and more often killing off fairly popular websites in the process.
I think they just want to add more coupling between the two platforms. Sure enough, Twitter could write such a platform on their own but perhaps it's more time-efficient to just buy legacy technology and adapt it. Even more so when you get the staff who built the said technology along with it.
Another aspect is the user-base that will come with Posterous.
This is the least exciting thing I have seen today. There are hundreds of these throw away games which are nothing more than a time sink and contain no more depth than an A4 sheet of paper.
So there is an new/improved platform store to buy/sell these apps. Greeeaatttt....
I completely agree with the article though I think it misses what the iPad 3 is. I think most tech commenators miss the point.
Apple isn't a traditional tech company. The majority of Apples 'new products' aren't new at all. They are just a new iteration of an existing product.
Many tech commentators look at the iPad 3 and see it as make or break. They want reason's why you would toss aside your iPad 2 and buy an iPad 3. The fact is though, if you don't want to piss away your money you will not get an iPad 3 if you own an iPad 2.
Its like like if you own a 2010 iMac you didn't buy a 2011 iMac (I assume there was a 2010/11 iMac). While the latest model is superior, quicker, has better gizmo's etc. The one you have is just fine.
The iPad 3 will be the continued evolution of the iPad product, just as the iPad 2 was. This isn't a new product, Apple is just continuing to keep its product up to date.
> if you don't want to piss away your money you will not get an iPad 3 if you own an iPad 2
I don't want to piss away my money, but that Retina display is what I'm after. I sold my iPad when I bought an iPhone because the display was just too damn ugly in comparison... I am excited about the iPad 3 for just this reason.
> The fact is though, if you don't want to piss away your money you will not get an iPad 3 if you own an iPad 2.
The sad other fact is that people who upgrade the iPad 1 may do so for much more frustrating reasons than blogs want to write about. iOS5's Safari and sometimes even Springboard are so slow on my iPad 1 that I am really tempted to upgrade to the iPad 3 just for that. Frustrating mostly because iOS 3.2 felt like riding a rocket and I don't use any new features introduced since then.
I agree with you but I think your iMac analogy is exactly is the one of main sources of the "controversy" regarding iPhone and iPad product updates. When you update your desktop Mac after 3-4 years for $1500, you expect to see obviously visible improvements for your money. The upgrade cycle for phones and tablets is probably much shorter, due to lower product prices and physical limitations such as battery lifespan. Even though the prices are lower and upgrades are more frequent, I think some people expect to see the same kind of improvements they enjoy with their desktop computers or notebooks; notably, much faster CPU, much more RAM, much more storage space and so on.
Huh? All their PCs improved little in 3–4 years, definitely on a level (or maybe even a bit worse) with what you get when you upgrade your iPhone or iPad every other year.
There is nothing happening with PCs, only boring spec-bumps and maybe a port more or less. The only interesting thing that did happen was the introduction of ultra-books – and even that was years ago.
CPUs and GPUs get faster, but PCs are already extremely fast. There is much more headroom for improvement with mobile devices, their spec bumps are actually good for something.
I don’t see the point you are making at all. Upgrading every other year gets you loads of improvements.
If you buy an iMac now you get the same old boring thing you could get three years ago. Do you really think non-nerds will be able to tell the difference? Heck, even I think that there is little to no practical difference between a 2012 and a 2009 iMac. They are the same goddamn thing (for all intents and purposes).
Agreed. I have a 2008 MBP that is still more than adequate for any task I require of it. And believe me, I put that thing through the ringer on a near-daily basis.
Unless you're a professional film editor or a gamer (and, in the latter case, I'm not sure why you'd be using a Mac), you really don't need to replace Macs every 3 to 4 years. Especially desktops. The desktop market has matured, and it is moving along at a relatively incremental, unexciting pace. There's surprisingly little difference between a 4-year-old iMac and today's iMac, aside from some relatively minor spec upgrades and a new port.
I'll be getting an iPad 3 (got a '2 on launch last year)
The main reason being I can probably sell my iPad2 for £250-£300, Apple products tend not to depreciate in value (much) so the cost isn't that prohibitive when you're on the iOS device ladder
>Apple products tend not to depreciate in value (much) so the cost isn't that prohibitive
Don't you think there are many iPad owners out there who are thinking the same thing ? Were are you all going to dump your iPad 2 at the same time ? Especially if it has a killer feature that makes a lot of people want to upgrade and also makes the old iPad less desirable. Also include the original iPad users who will be upgrading. My guess is second hand iPad market is going to take a dive when iPad 3 comes out, so selling before that point might be a better idea, if you can live without your iPad for few weeks or so.
> The iPad 3 will be the continued evolution of the iPad product, just as the iPad 2 was. This isn't a new product, Apple is just continuing to keep its product up to date.
The branding seems to contradict that idea. If it's just an update, then why not just keep calling it "the iPad", without appending a Big Shiny Version Digit? You know, like they do with all of their other desktop and notebook products?
> If it's just an update, then why not just keep calling it "the iPad", without appending a Big Shiny Version Digit?
Because eventually there's going to be an iOS version or an application that only runs well on version X of the iPad. It's a lot easier for a user to understand "Only works on iPad 2 or better" then to understand "Only works on iPads manufactured on or after March xth 2012".
It’s a slightly different situation but that’s essentially what they are doing with Macs, saying this-and-that is compatible with the MacBook Pro (early 2009) and such.
It is also common to refer to the Macs with their iteration+variant number, e.g mine is a MacBook Pro 5,5
System Information was actually the easiest way to get such a specifier before Lion, which now shows the "MacBook Pro 13-inch, Mid-2009" in the brand new "More Info..." of "About This Mac".
Really? You complain about the name†? Are you serious? How petty is that?!
Apple rarely does radically new devices. That happens maybe once every three years or so. They also support older devices for a relatively long time when it comes to mobile devices (and for a relatively short time – but still not really short, but short compared to Microsoft – when it comes to PCs).
Look at what they do, don’t try to read something into their product names.
Only 8 accounts were affected. Do not worry. Minor breach. Not much harm done.
It seems to me the truth is the attacker looked for bitcoin wallets and emptied them. The fact he could identify 8 accounts and access them suggests the attacker could have accessed far more accounts if they wished. I think this is the most worrying thing about the breach.
I don't really understand how bitcoin works but it seems that people with wallets need to set up multiple wallets on multiple providers and limit the amount of bit coins in each wallet to limit any losses from breaches like this.
If I was a linode customer I would be thinking about moving. This message, while fairly open, doesn't give me much confidence there aren't other security issues with the platform.
Just imagine that BitCoin is like having cash in your wallet, because that's more or less its intended model. There are a lot of 'anti-counterfeiting' measures because computers are very good at copying, and you don't want people to be able to copy BitCoins the way they can copy music -- and when you ask "what is BitCoin?" people basically start to tell you about the anticounterfeiting technology, and the limits on printing uncontrollable amounts of money. But it's essentially stamped paper in your wallet in any other sense, worth whatever people using it on the Internet will pay for it, not backed by anything in particular but its usefulness.
Basically a lot of people were renting storage rooms in an apartment complex run by Linode, you get your own key to enter the door and retrieve and store things -- whatever. Some people left their wallets inside these buildings, with cash therein. Someone else used some unidentified systematic security flaw, but we don't yet know what it was. Maybe there is a ventilation system which is easily navigable once you know how to get in; or maybe all of the rooms have unlocked windows for no good reason; we haven't been told yet. (There are some suggestions that they stole a key from one of the janitors who cleans these rooms up.)
What we have been told is that some burglar stole eight wallets, and that "All activity by the intruder was limited to a total of eight customers, all of which had references to 'bitcoin'." That suggests that the burglar did indeed peek in the windows beforehand somehow, to find out that these 8 rooms had wallets inside. Otherwise, presumably they would say something like, "The intruder broke into many of our customers' accounts but didn't actually do anything in 99% of cases." In that sense I think the scary bit isn't that he accessed the 8 accounts, it is the fact that he identified them in the first place.
Amortizing the loss across many points of failure may be a good idea, but it wouldn't seem to solve the central problem. Suppose I put $20 in two accounts with 5% chance of compromise, rather than $40 in one account with 5% chance of compromise -- either way, I should expect to lose $2. What I've changed is that I am more likely to lose some of my money (9.75%), but I am less likely to lose all of my money (0.25%). This may appeal more to risk-averse people but it is not fundamentally changing the situation.
Perhaps a better approach is to keep a BitCoin wallet encrypted, since that's pretty simple to do in day-to-day life. This is something that you can't do with your wallet -- you cannot turn your wallet into a steel vault with two-foot-thick walls.
> In that sense I think the scary bit isn't that he accessed the 8 accounts, it is the fact that he identified them in the first place.
This isn't all that surprising. There are basically two reasons why you would have a Bitcoin wallet on a server: if you are mining using the CPU power of that machine, or if you need to send Bitcoins from an online application. For example, one of the people who mentioned having coins stolen was from a mining pool; you need some automated system to pay out the earnings to the people who have been doing mining, and so the wallet for that automated system was on the server, and was stolen. I suppose one further reason might be as a backup, but in that case, I dearly hope that it's an encrypted backup without the encryption keys in the sever.
Given these reasons for having your wallet on the server, it's not surprising that people found them. These require network-facing services, that are easy to trace back to the server in question. The mining pool is a public service; anyone can join, and find the address of the server. Furthermore, when you make payments, you announce them to the full Bitcoin network. Someone sniffing transactions can watch where transactions originate, and target that. If they already had a compromised customer service account on Linode, they probably watched the Bitcoin network for a while, made note of transactions originating from IP addresses in the Linode range, and then targeted those accounts.
One way to protect yourself from this would be to proxy your Bitcoin transactions through a host other than the one that has the wallet, obfuscating where the transactions are actually coming from. You could even go so far as to make all of your transactions via Tor, which would probably make it fairly difficult to find where your Bitcoin wallet actually lives.
> Perhaps a better approach is to keep a BitCoin wallet encrypted, since that's pretty simple to do in day-to-day life. This is something that you can't do with your wallet -- you cannot turn your wallet into a steel vault with two-foot-thick walls.
The problem is, if you need to make payouts from your wallet, then the machine that does that needs to be able to decrypt the wallet. That machine can then be compromised to be able to steal your keys. Encryption doesn't buy you all that much, unless you are just doing a backup and don't need the machine to be able to do online transactions at all.
Perhaps another solution would be to encrypt each key in your wallet separately using a k-out-of-n encryption scheme (where produce n keys, any k of which can decrypt the wallet). You can then distribute those keys to independent hosts, which hopefully should not all be subject to the same vulnerabilities. Then any time you do a transaction, k of those hosts will need to produce their key to decrypt the key in your wallet and perform the transaction. That way you would have to compromise several different, independent hosts in order to steal the wallet.
Of course, this would drastically increase the cost and complexity of the system; and you would need to ensure that whatever system that authorized payments was likewise distributed, which if you had, say, a web-facing service would be difficult.
The easiest thing to do to reduce the risk is to only leave enough value in the wallets that are on the servers for a couple days worth of transactions. Then you transfer Bitcoins from a more secure location once a day to keep the coffers full. This is not much different than a physical store; yes, you are at risk of being robbed, but if you only have one days worth of cash there, with the rest somewhere more secure, you reduce how much risk you have.
If they had used 'unlock-at-boot'/true-crypt style disk encryption and kept the password/key off the machine they would have been safe from this attack. (They would also have to provide the password/key every restart.) It is only in hindsight that something like this seems worth implementing!
Your more general solutions would protect from an attack that rooted a live system rather than just resetting the root password while the machine was offline.
Indeed, we are a Linode customer, and this message only helps a bit. Yes, I know now that we are not affected. But little other information is given: were the user accounts compromised by a vulnerability in Linode's VM management software? If so, was this vulnerability found and fixed? Or did the attacker compromise the account of one of Linode's employees?
Yes, but how did they steal the credentials? Did they find a sticky note with the username and password written down? Or was there a vulnerability in the admin interface that allowed someone to sniff credentials? Or did they hack into the personal computer of someone with admin privileges?
Basically, this announcement gives me no confidence that they've done due diligence in fixing this problem. They haven't explained what the vulnerability actually was, nor what they have done to avoid it in the future.
Of course, this does speak to the dangers of using hosted services for anything that needs a high level of security. Anyone with appropriate admin privileges on the host system can compromise any user. That increases the attack area considerably; you don't need to attack the system directly, nor the users of the system in question, you just need to find one person who has admin privileges who is vulnerable, steal their credentials, then attack any users at your leisure.
It wasn't clear from the memo, but how did the attacker know which 8 specific accounts had 'references to bitcoin' if they didn't access other accounts too?
I doubt it's that: I would have worked out the target sites hosts (looking up the IP), made a list, worked out the most popular by value - probably worked out it was linode and gone from there...once in, I'd bet it's a simple task of searching for the IP in their interface.
Ok, asking the other way around, did Linode check out the non-attacked VPSs to determine whether they didn't have bitcoin wallets on them?
I'm not disagreeing with anything else said here - it's just that it seems that the memo was very conclusive in stating something that couldn't be known unless there was more VPS introspection than they claim...
It really inconveniences the recipient. They cannot copy and paste the email. This can sometimes be important. Often private emails contain usernames, passwords or urls.
You cannot view emails on multiple computers without first yourself going out of the way to register multiple devices..
There are many scenarios where forwarding the email is important. You may want your solicitor to look at it whatever.
It seems to me the best use of this service is just to send people some hate mail as it makes it difficult for laymen computer user to forward it to someone who can do something about it.
Email isn't a secure platform, if you don't want what you write getting out there don't send it, use another medium, avoid sending emails to untrusted people.
Making the email an image means I probably won't read it.. I guess that is one way to stop me from forwarding it.