Fwd: confirm 9a85e83e9531356d37cfd8581573d167b99c16f8

Steven Schveighoffer schveiguy at yahoo.com
Fri Apr 11 20:30:23 PDT 2014 

On Fri, 11 Apr 2014 21:32:57 -0400, Manu <turkeyman at gmail.com> wrote:

> On 12 April 2014 11:16, Manu <turkeyman at gmail.com> wrote:
>
>> On 12 April 2014 11:11, Brad Anderson <eco at gnuk.net> wrote:
>>
>>> On Saturday, 12 April 2014 at 01:09:45 UTC, Manu wrote:
>>>
>>>> This. Also, I have more than 1 computer (including a phone)... what's  
>>>> the
>>>> solution there?
>>>>
>>>
>>> LastPass is cloud synced (including with phones).
>>>
>>
>> ... how does that work?
>>
>
> Ummm, yeah no, I'm soooo not enthusiastic about *paying* some  
> closed-source
> company to hold every password I have for everything I am.
> Re: Walter's single point of failure comment. And once money's on the
> table, all bets are off wrt ethical behaviour.

I know this topic is going into the weeds, but I have to say, there is  
quite the aversion to money on this thread, even for those of us who get  
paid to write code.

I find it interesting that I have the exact OPPOSITE view. Paying for  
something gives a company incentive NOT to f*** their customers over.  
People who *require* money for service are not automatically corrupt, and  
IMO are less likely to be corrupt. The software industry is an oddball,  
where people are willing in droves to do free work, but people are still  
people, and you typically get what you pay for.

> Are they an american, canadian, australian, NZ, UK company? The NSA
> probably insists a backdoor. If not, I bet NSA already has known exploits
> in their infrastructure... they'd be one of the hottest targets out  
> there!

They have a statement on that, I'll post it again:  
http://blog.lastpass.com/2013/09/lastpass-and-nsa-controversy.html

Of course, it means you have to accept their word, and trust their  
competency. I tend to doubt that somehow this is all a ruse and they are  
in cahoots with the NSA.

And the final irony of course, is that I have heard several people tout  
their aversion to anything they are not able to scrutinize the source code  
to the encryption, to see if any NSA back doors exist, etc. And some of  
these same people did not scrutinize the disclosure statement before  
signing up for a service that emails them their password in clear-text.  
Keep in mind that even if the system is 'fixed' not to email you your  
clear-text password, where do you think it got that password from?

-Steve

More information about the Digitalmars-d mailing list