Archive for April 20, 2011

Wednesday, April 20, 2011

Ask Joel Spolsky Anything

Joel Spolsky is answering questions on Reddit. Fog Creek is now his 20% project, but FogBugz seems to be doing just fine. He also links to the High Scalability article on Stack Overflow, which I had missed.

Kindle Lending Library

Lex Friedman:

Once the feature launches, customers will be able to borrow Kindle e-books from their local libraries and start reading them instantly. If you check out a Kindle book a second time, or later purchase your own copy from Amazon, you don’t lose any notes and bookmarks you’ve added; they remain linked to your Amazon account.

This is pretty cool.

Dropbox’s Lack of Security

Miguel de Icaza (via Ben Brooks):

There really are no more details on what procedures Dropbox has in place or how they implement the crypto to prevent unauthorized access to your files. We all had to just take them at their word.

This wishy-washy statement always made me felt uneasy.

But this announcement that they are able to decrypt the files on behalf of the government contradicts their prior public statements. They claim that Dropbox employees aren’t able to access user files.

The way their security works is pretty unsurprising given the sharing and deduplication features, and the fact that you can still access your data after resetting your password. However, this is another instance of Dropbox not communicating well, with the result being that most people think it works better than it actually does. I still think it’s better than the alternatives—and still wouldn’t use it to store sensitive files that aren’t already encrypted.

Of note, 1Password keychains are only partially encrypted. Your passwords and account numbers are theoretically secure, but anyone viewing the file can see which banks, credit cards, and Web site you have accounts with, which software products you’ve bought, etc.

Update (2011-04-21): Co-founders Drew Houston and Arash Ferdowsi respond:

Some concerns have been raised about our Help Center article and other statements that discuss employee access to user data. We agree that we could have provided more details and we will be updating these to make them more clear. Like most major online services, we have a small number of employees who must be able to access user data when legally required to do so. But that’s the exception, not the rule. We have strict policy and technical access controls that prohibit employee access except in these rare circumstances. In addition, we employ a number of physical and electronic security measures to protect user information from unauthorized access.

In my view, the problem is not so much the policy as that the help page categorically says “Dropbox employees aren’t able to access user files,” and yet they very clearly can—under certain circumstances. It’s not that the help page was unclear but that it was untrue, in the same way that the FAQ used to specifically say that metadata was transferred over SSL—when it wasn’t.


Justin Williams quotes Brent Simmons:

In those days, still used a drawer for the accounts/mailboxes list. One of the most common feature requests I got was to put the feeds in a drawer, like Mail, so the app would be more standard. I’m glad I didn’t listen!

NetNewsWire Lite was released in 2002. I’ve been using it and the non-Lite version ever since. The only other applications that have been continuously in my Dock since then (not counting ones I developed) are Finder, BBEdit, Terminal, LaunchBar, OmniOutliner, and iTunes. No Apple developer tools make the cut because Xcode didn’t exist then, and Interface Builder was discontinued with Xcode 4.