TheEskimo's comments

They may choose to "relicense" it under GPL if all the contributed agree.

What you suggest cannot legally be done. However, Apache is GPL compatible, so it can still be used in a GPL project, though its license will not change.

IANAL

I would also like linux support, but it still looks like an impressive suite regardless.

It's pretty simple - Apple owns the hardware and software they're pushing updates for. Sure, they don't own the carriers, but that's not the problem.

In Google's case they neither own the hardware nor all the software because each third party phone manufacturer slaps in its own stuff and maintains its own fork of android.

Microsoft might own the software, but they don't fully own the hardware. Microsoft is a lot closer to managing it than Google though.

This isn't that Apple has more power over carriers and it isn't hard to understand - it's simply that they have more ownership of all the devices and there are far fewer types of devices (very limited set of software/hardware combinations).

I wish they'd release simple sourcecode for a headless sync client or that someone would reverse engineer it enough for that to happen. As it is, you can sshfs mount a folder synced by one of your x86 computers, but that's definitely not ideal.

Other than that complain I've enjoyed using SpiderOak and it's a great piece of software.

I definitely recommend keepass over lastpass.

I used to use z, but I've since switched to fasd. It's much like z, but also so much better. In addition to being able to do "z <part of directory>" you can do "f <part of file>". So, for example, if I've got a rails project I've worked on a lot recently I know its config.ru is high on frecency, so I'll just do "vim `f config`" to edit that file. If I want a file that's not so recent I can always do "vim `f -i config`" to pick from a list of files.

fasd is leaps and bounds above z in functionality, and I've thoroughly enjoyed using it.

The real problem though is chrome's interface really is completely inflexible. I like a thinner browser than either of those. Hence, my firefox setup: http://i.imgur.com/XAyc8Tu.png .. 17 pixels more space than chrome can be gained easily (firefox with only the extension 'pentadactyl'). And further more, since firefox's appearence is all just XUL it can be styled to be as thin or thick as I like.

So yeah, firefox you can change the ui to be vertically thin. It's simply impossible to do that with chrome.

What if someone manages to embed something very much like the EICER string[0] in it? How many people do you think would use the bitcoin client on windows if their AV automatically deleted the blockchain as it downloaded in a misguided attempt to protect them?

Of course, first we have to know if this is possible at all. Does anyone know if there's either a) 20 bytes with a very high AV detection rate or b) some way to embed more than 20 bytes in a row in the block chain?

[0]: http://en.wikipedia.org/wiki/EICAR_test_file

This algorithm makes sense. Since upvotes are supposed to mean something like "I want to see more comments of this type and quality", it is giving the majority what they want to promote people who typically make such contributions.

As soon as you try to value an upvote as something different (here as an impromptu poll) you damage the entire system. What if I would dream of this but don't want to see more comments like yours since it's effectively spam? What if I like the idea and want to upvote it for visibility but would 'never dream' of this somewhat specialized idea?

The point I'm trying to make is that this is a bad idea without even going into how incredibly inaccurate such a poll is. This comment will not give any useful data, actively "abuses" hn's value system by asking for upvotes, and doesn't breed meaningful or intelligent discussion. Good for you I can't downvote yet :-). (notice how I added a smiley so that it would seem childish but friendly? Excellent tactic!)

If you want to do a poll I believe the polling option google docs provides will be much better suited (if perhaps slightly tainted by evil).

Overall, it's slightly overpriced. In addition, OEM hardware is invariably uncustomizable (no extra PCI-E slots, lowest end power supply possible). If you wanted to do scientific computing then there would be much more efficient options. This is no better an option (and probably worse) than other run of the mill OEM hardware. I especially like how your comment began with "I don't know anything about <related topic>. But...".

I prefer firefox for quite a few reasons, but since you bring up the UI, that's the only one I'll mention here.

I do trust Mozilla far more than the other companies that made this list, but I can't help but feel their title is intentionally misleading.

I do find it odd that Mozilla didn't end up higher of course. Out of the listed entities I don't think any of the others are non-profit (nor have something like the Mozilla Manifesto as a guiding principal), and if any are I doubt that they understand crypto anywhere near as well as Mozilla. I trust Mozilla because they not only have the desire to keep me safe, but also have the technical know-how.

Dropbox being a YC company means absolutely zero other than that YC liked their idea and supported them. That doesn't give me any assurance that they won't make a mistake or that an employee won't sell my data.

In fact, Dropbox, despite being a YC company, already slipped up majorly once to the point that every account was completely passwordless. You could just type in random emails at the web login and view some stranger's files. Story here: http://techcrunch.com/2011/06/20/dropbox-security-bug-made-p...

On the other hand, AES has yet to slip up. My AES encrypted data will take a significant fraction of the life of the universe to crack and, YC or no, a single programmer error won't break it.

Another service which is open source is Tarsnap[1]. It doesn't do syncing or have a free tier, but it's definitely trustable online storage.

In both of these cases the encryption keys are not on the servers.

An additional provider which claims to offer cloud storage/backup with zero-knowledge is Crashplan[3]. I wouldn't trust them as much as either of the previous options, but I still think they're telling the truth. I note it partly because I really like their approach. You can a) let them keep the key and thus you can still reset your password etc, b) let them keep the key so you don't have to transfer it manually to all crashplan-using computers, but have it encrypted on their end with a password only you know (can't be reset), or c) provide your own key which they claim they'll never know. These three tiers make sense and at each one you sacrifice some usability (such as the web-interface being unusable at (c) I think) in exchange for security.

So yeah, dropbox and google drive are both obviously able to look at your data, but that doesn't preclude using other cloud storage providers. There's many that are trustworthy and have the code to prove it. In the case of Mega, I'd trust them less than the typical one. They're big enough that the government will notice them... they'll need to make it usable (allow password resets etc), it looks like you upload unencrypted data and then they encrypt it server-side (edit: turns out it's client side javascript encryption. Downside there is it'll probably be a bit slow)... All of these are problems. If it's not sent already encrypted with a key they've never touched then the government could court-order them to alter the software to store unencrypted copies or to keep encryption keys. Since they're the one giving you the key they obviously know it at some point, however briefly, and they are thus vulnerable. Forcing users to generate and supply keys just isn't user-friendly on a web-only application. The only way you can make that work, as SpiderOak did, is have the user download an application which seamlessly does all the crypto work.

[0]: https://spideroak.com/ [1]: https://www.tarsnap.com/ [2]: http://support.crashplan.com/doku.php/articles/encryption_ke...

I would argue that Python would make more sense as a java-killer. It has the write once, run everywhere thing down much better (though still not good enough) than this.

Java is not going anywhere, sadly, and the linked product does not offer a compelling reason to believe that it will kill anything. All I see happening is that people who use mono now will potentially switch to this; honestly this isn't really ground breaking.