Fwd: confirm 9a85e83e9531356d37cfd8581573d167b99c16f8
Steven Schveighoffer
schveiguy at yahoo.com
Fri Apr 11 20:30:23 PDT 2014
On Fri, 11 Apr 2014 21:32:57 -0400, Manu <turkeyman at gmail.com> wrote:
> On 12 April 2014 11:16, Manu <turkeyman at gmail.com> wrote:
>
>> On 12 April 2014 11:11, Brad Anderson <eco at gnuk.net> wrote:
>>
>>> On Saturday, 12 April 2014 at 01:09:45 UTC, Manu wrote:
>>>
>>>> This. Also, I have more than 1 computer (including a phone)... what's
>>>> the
>>>> solution there?
>>>>
>>>
>>> LastPass is cloud synced (including with phones).
>>>
>>
>> ... how does that work?
>>
>
> Ummm, yeah no, I'm soooo not enthusiastic about *paying* some
> closed-source
> company to hold every password I have for everything I am.
> Re: Walter's single point of failure comment. And once money's on the
> table, all bets are off wrt ethical behaviour.
I know this topic is going into the weeds, but I have to say, there is
quite the aversion to money on this thread, even for those of us who get
paid to write code.
I find it interesting that I have the exact OPPOSITE view. Paying for
something gives a company incentive NOT to f*** their customers over.
People who *require* money for service are not automatically corrupt, and
IMO are less likely to be corrupt. The software industry is an oddball,
where people are willing in droves to do free work, but people are still
people, and you typically get what you pay for.
> Are they an american, canadian, australian, NZ, UK company? The NSA
> probably insists a backdoor. If not, I bet NSA already has known exploits
> in their infrastructure... they'd be one of the hottest targets out
> there!
They have a statement on that, I'll post it again:
http://blog.lastpass.com/2013/09/lastpass-and-nsa-controversy.html
Of course, it means you have to accept their word, and trust their
competency. I tend to doubt that somehow this is all a ruse and they are
in cahoots with the NSA.
And the final irony of course, is that I have heard several people tout
their aversion to anything they are not able to scrutinize the source code
to the encryption, to see if any NSA back doors exist, etc. And some of
these same people did not scrutinize the disclosure statement before
signing up for a service that emails them their password in clear-text.
Keep in mind that even if the system is 'fixed' not to email you your
clear-text password, where do you think it got that password from?
-Steve
More information about the Digitalmars-d
mailing list