dubious_1's comments

dubious_1 · on April 7, 2011

There should never be an expectation that your data is secure on Dropbox unless you use local encryption/decryption. Your data is sent to the dropbox server where it is encrypted by their server (according to their web site) and stored. They secure the data in transit, and then again for storage, but they have access to the keys. There seems to be strong evidence that some checking is done before file transfer to see if the file you are syncing is already available somewhere on the server, and if so the file is not transferred, but does appear sync'd in your account. I noticed this personally when I placed the Access2007 Runtime installer into a folder and the 52MB file was nearly instantaneously flagged as synced. Insecure authentication of an insecure system is not really a big deal. The lack of convenience for users if stronger authentication was used is probably a bigger concern. If I have access to your local machine such that I can extract your local credential, I would easily copy all of the existing data from that machine, and could install a key logger to catch your password.

limmeau · on April 8, 2011

I use EncFS, a FUSE plugin, to store slightly-more-sensitive data and access it from MacOS and Linux. Works for me.

dubious_1 · on March 11, 2011

Previous major upgrades to XCode released with new versions of OSX and required that newer version to install/run. OSX 10.7 (Lion) has not released yet, so upgrading from 3.6 to 4.0 (Major upgrade) is not considered a maintenance release by Apple's accounting department. Paying members of the Apple Developer network subscribe ($99 per year) and one of the benefits is access to Beta releases of OS and tools. XCode 4.0 was available to members of the Developer network prior to this official release, and after the release, non-subscribers are given access through the App Store. Apple is in no way preventing anyone from developing for Mac at this point since XCode 3.6.5 is still available for download and installation by any users of OSX 10.6 (Snow Leopard), and as evidenced by the availability of the iOS 4.3 SDK for XCode 3.6, they are not forcing anyone to upgrade to the new IDE just to develop for their various platforms.

kstenerud · on March 11, 2011

Ok, but where in this scenario do the SOX compliance laws compel them to charge money for a "major upgrade"?

bzbarsky · on March 11, 2011

The problem is Sarbanes-Oxley requires compliance with certain accounting practices (to be set by regulators; these are not spelled out in the act). I'm not an accountant, but as I understand the problem arises in this situation:

2005: Company X sells product Y to person Z for $1000. Company's books show $1000 in revenue. 2006: Company X gives Z a free significant upgrade to product Y and records no revenue.

The argument could be made that what really happened was that the company actually made two sales to Z; one in 2005 and one in 2006 and that the revenue of $1000 should properly be split across the two years.

Not having such a rule apparently allows various accounting shenanigans in which totally unrelated things are treated as "free upgrades" to something else and revenue can be booked in whatever year you want.

So there are two important things here for all this to be an issue: 1) The initial purchase must have cost money. If you get something for free and then get a free upgrade to it, there's no problem. 2) The magnitude of the upgrade must be such that one could be accused of slipping an unrelated product in as a "free upgrade".

So for example security updates to safari would fail test #2 above. Major updates to iTunes may fail test #1, since iTunes is generally available for free to everyone (even if you don't buy a Mac or MacOS).

It's possible that something makes Apple's accountants feel that XCode is part of the OS in a way that means that when you pay for the OS you're also paying for XCode. And that XCode 4 is enough of a change from XCode 3 that if it were free it would fall afoul of the accounting stuff above.

Again, I'm not an accountant, so I could be getting all this totally wrong...

DougBTX · on March 11, 2011

So, what you are actually saying, is that this is the cheapest major upgrade to XCode that's ever been released?

dubious_1 · on March 9, 2011

You do not need to update to XCode 4.0 to develop for either OSX or iOS (even 4.3 SDK is available for XCode 3.2.6). There may be some great new wistles and bells in XCode 4.0, but it is not essential. For a hobbyist learning OSX or IOS development, it is probably better to wait anyway since all of the existing tutorials, Courses and books are still focused on XCode 3, and changing the IDE this much will probably just confuse.

dubious_1 · on Feb 16, 2011

You are the first to actually hit that point, and I believe rightly so. I don't see how you could actually comply with V3 and release your software on any of these stores. The obtaining of a developer signing key is not free, and there is no guarantee that the derived work would actually be accepted.

nl · on Feb 16, 2011

I think you could on the Android store. Android phones have a setting to "allow installation from non-Market sources", which means there is no restriction on distribution.