Where's the money here? It's not a subscription based service, so what financial sense does it make to dump this data straight to a server?
I can't imagine there's complex data processing being done that a smartphone can't handle, so I assume the data is being sent back because it's somehow useful or valuable to Microsoft.. but how?
The network effect. Fitbit has a huge advantage right now because the user base is so large. A lot of people use its social features to compete with their friends, office mates, etc. This encourages more people to buy the hardware to participate.
From a user perspective, it makes sense to upload the data so that you're not constrained to your phone for viewing your info.
And Microsoft gets a good use case for Azure - I imagine they might use this in promoting Azure services.
On a an unhardened SMTP server, nothing. But there's not a huge amount of value for them in sanitizing those lists either, as they already deal in such high volumes of mail a few retired accounts don't matter. There are anti-spam products from places like GFI that can apply heuristics to incoming requests and filter out anything suspect though.
The bigger risk is directory harvest attacks, where spammers dictionary generate RCPT TO requests and use any 250/251 replies to compile new mailing lists.
Tarpitting combats this to some degree and is considered best practice when allowing RCPT replies. The receiving server is configured to pause for a few seconds before replying to each RCPT TO. 5-10 seconds is fast enough to not impact mail flow while rendering dictionary based directory harvest attacks non-viable.
Cognitive dissonance, just-world fallacy and hammers and nails.
It's difficult to read a story a soul-crushingly horrible as this and just wallow in the hopeless unjustness of it all. Coping mechanisms kick in. To preserve the comforting world view that people are in charge of their destiny, tragedy is avoidable and the world makes some sense it becomes necessary to demonstrate that the outcome was predictable and avoidable. That the victim failed themselves.
With HNs user base that manifests as a critique of information security practices.
I wash my hands because I use them to interact with the world and to eat. Keeping them clean is necessary.
The day I push an elevator button or place food in my mouth using my soiled anus is the day I agree washing it constantly is required and not just pleasant.
He didn't say "open source doesn't solve problems", he said "open sourcing doesn't solve problems". The verb is very different to the noun.
Yes there are open source softwares that once completed are efficacious in solving the problems they were designed to solve. The point yeukhon was making was the act of open sourcing a project alone doesn't somehow inherently solve problems in its development. At least in this case not the two enumerated problems he sees with the healthcare.gov project.
Open source is a development model that encourages sharing and redistribution of source code. It is not a term that can be applied to the making public of government secrets, which has nothing to do with the encouragement of information sharing.
When Wikileaks gets their hands on government secrets and puts it on a website, they haven't made those secrets 'open source'. That word doesn't even make sense in that context.
Even if I get my hands on the source code of Windows and put it in a GitHub repository, I still haven't made Windows open source.
Either we hold everyone responsible for what they say publicly, or we don't.
On one hand a person was having a conversation that was over-heard and caused offence. We admonish him and hold him responsible. Is this right and fair? Consensus seems to be yes. Whether it was a private conversation or not, and whether it was intended to cause offence or not is irrelevant. He spoke publicly and whatever the result was was his responsibility.
If this is the standard we want to live by then it is absolutely immaterial whether or not Adria intended for the man to be fired. She spoke publicly and his firing was the direct result of that, hence she is responsible.
>Either we hold everyone responsible for what they say publicly, or we don't. On one hand a person was having a conversation that was over-heard and caused offence. We admonish him and hold him responsible. Is this right and fair? Consensus seems to be yes.
What consensus? I find it absolutely horrifying and terrible that this thing happened for a private conversation (that the conversation took place in a public place means nothing. People talk privately in public places: restaurants, city parks, whatever, offices, all the time).
And judging from the comments I've seen, most people agree.
Only Adria spoke in public: on twitter and her blog, and intending the posts to reach a wide audience.
I can't imagine there's complex data processing being done that a smartphone can't handle, so I assume the data is being sent back because it's somehow useful or valuable to Microsoft.. but how?