Rob Rix:
Applying the runtime techniques we described above yields a function, TESSValueize
, which takes a block and swizzles it to be a member of a subclass (dynamically created if it does not already exist), copying in methods from the TESSValue
class which conforms to the TESSValue
protocol (remember that protocols and classes have different namespaces).
Arash Ferdowsi:
A very small number of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password.
It sounds like there was a four-hour window in which anyone could access your account. I’m not exactly sure what “very small” means here. Doesn’t Dropbox have more than 25 million users?
I still think Dropbox could be more transparent. In the past, they posted important stuff only in the private forum. This was posted on the public blog, but people who would want to know about this don’t necessarily follow that. Customers should have been notified via e-mail.
More generally, I think every Web service should have a test suite to make sure that login authentication works, and users should be able to see a log of the IPs that have accessed their account.