Archive for February 25, 2014

Tuesday, February 25, 2014

Opt Out of Dropbox’s Arbitration Clause

Dropbox:

We’ve made a lot of changes to Dropbox since we last updated our Terms of Service, Privacy Policy, and online Dropbox for Business Agreements. So today, we’re starting to email users to let you know about some updates to these policies. The updates will be effective on March 24, 2014.

[…]

We’re adding arbitration clauses to our Terms of Service and Dropbox for Business online agreement. Arbitration is a faster and more efficient way to resolve legal disputes, and it provides a good alternative to things like state or federal courts, where the process could take months or even years. If you prefer to opt out of arbitration in the Terms of Service, there’s no need to fax us or trek to the post office — just fill out this quick online form.

Tiffany Bridge (via Christopher Turner):

No matter what they do (delete your data, privacy breach, overcharging, whatever), you don’t get to sue. Instead, they get to choose the arbitrator according to whatever criteria they want, and thus any dispute is decided by someone they’re paying.

[…]

The agreement we make with Dropbox is too important to be enforced only by an arbitrator of their choosing. You have 30 days from the date of notification to opt out of the arbitration clause.

Update (2018-01-17): See also: Hacker News.

Software Update Backdoor?

Nat!:

Another question I asked myself was: Is Software Update actually contacting Apple servers or am I being served a compromised update with even more security holes by the NSA?

Does it matter where the update comes from if it’s signed by Apple?

Update (2014-02-26): Nat!:

To get at the meat, use xar -x -f which will get you eventually to a file called Payload. That is a bzip2 encrypted tararchive. Now I find this quite hilarious. After all the hoops Apple went through, with xar, cpio, pax and what have you, they finally use tar to install, as they maybe should have right from the beginning.

Apple Releases iBeacon Specification

Doug Thompson (via Sven Read):

Apple has quietly rolled out its iBeacon specification as it starts to certify devices that carry the Bluetooth LE standard.

Under their MFI program, manufacturers can now request that Apple permit them to attach the iBeacon name to their devices so long as they meet certain criteria.

The specifications are available after signing an NDA. Applying to the program in order to register to carry the iBeacon name, we’re told, is free.

Starting to Demo the Wolfram Language

Steven Wolfram:

We’re getting closer to the first official release of the Wolfram Language—so I am starting to demo it more publicly.

Here’s a short video demo I just made. It’s amazing to me how much of this is based on things I hadn’t even thought of just a few months ago. Knowledge-based programming is going to be much bigger than I imagined…

Update (2014-02-26): An older post from Stephen Wolfram (via Ole Begemann):

In a sense, the Wolfram Language has been incubating inside Mathematica for more than 25 years. It’s the language of Mathematica, and CDF—and the language used to implement Wolfram|Alpha. But now—considerably extended, and unified with the knowledgebase of Wolfram|Alpha—it’s about to emerge on its own, ready to be at the center of a remarkable constellation of new developments.

[…]

There are plenty of existing general-purpose computer languages. But their vision is very different—and in a sense much more modest—than the Wolfram Language. They concentrate on managing the structure of programs, keeping the language itself small in scope, and relying on a web of external libraries for additional functionality. In the Wolfram Language my concept from the very beginning has been to create a single tightly integrated system in which as much as possible is included right in the language itself.

Cocoa Script “Shaders”

Gus Mueller:

I also played around with Cocoa Script “shaders” for shape graphics in Acorn. This won’t ship in 4.4 (or maybe ever?), but it was fun to code up and might be something awesome some day. How it works is a little hard to explain, but I'll try. Basically, instead of a rectangle having just a stroke and a fill when it draws, it will call a snippet of Cocoa Script code in place of the normal drawing routines. That snippet of code then has access to a bunch of libraries, and can do whatever it wants in the context it is drawing into.

Working With Woz

Randy Wigginton:

Working with Woz was like working with the smartest person you’ve ever known kicked up a couple notches combined with a practical joker. The best times Woz and I had were not coding, but rather playing jokes.

[…]

I was not yet out of high school and immature; yet he was always willing to deal with my mood swings, and answer every technical question I gave him (and there were a lot!) He loved explaining things — I’ll never forget one evening at Denny’s when he explained how parsers and lexical analysis worked. He was never too busy to explain concepts that were new to me.

iOS Keylogging Vulnerability

FireEye (via Ashkan Soltani):

We have created a proof-of-concept "monitoring" app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.

Note that the demo exploits the latest 7.0.4 version of iOS system on a non-jailbroken iPhone 5s device successfully. We have verified that the same vulnerability also exists in iOS versions 7.0.5, 7.0.6 and 6.1.x. Based on the findings, potential attackers can either use phishing to mislead the victim to install a malicious/vulnerable app or exploit another remote vulnerability of some app, and then conduct background monitoring.