brandon_wirtz's comments

Really? What does encrypted mean? Hashed is not encrypted. You can't unhash. You can find a known source of that hash, but you can't "decrypt".

Knowing this. Salted and Hash and Encrypted doesn't make any sense. So either they are BSing because they are stupid. Or because they are dishonest.

From where I stand it doesn't really matter which of the two they are. When it comes to privacy I have no tolerance for Stupid or Dishonest.

As for the statement that they aren't legally required to notify you... That's not true. If any of the people on the list live or access their account from North Carolina, or any of the 14 other states that use NC's breach terms then they would have to. Since it is nearly impossible to tell that this is not the case they legally have to give notice. A company that deals in Reputation Management should know this.

PS Friendly Tip regarding credible sources I can already buy the list online. With passwords in decyphered. This doesn't lend well to they were Hashed and Salted.

Reputation.com has always been smarmy. It wouldn't surprise me if they sold the passwords and then claimed they lost them. (Really)

For the things Reputation.com does you have to ask why they used encrypted rather than hashed passwords. Not that hashed passwords would make me super excited to be lost, but why did Reputation.com need to keep the password around? They don't really interact with accounts, and if they do those should be stored separately from the access to the site. So the message should have been "we lost users bank account passwords" or something along those lines.

Because I know that Reputation.com is practically in the extortion business this password storing rather than hashing issue makes me think even less of them, which is difficult to do.

We make an app written as HTML5 CSS3. We made this decision because with limited dev resources it allowed us to write once deploy many. That is powerful. Our app required more testing than a native app, and less.

With a native app if you write your code for Version X of the OS you can be 99% certain that Version X.1, X+1, and X+1.3 are all going to treat it the same. With HTML5 "fixes" to the renderer can mean that what was working will stop working. Or stop looking like it used to.

With an HTML5 app you should be able to write once and deploy many, but Mobile Safari, and Mobile Chrome, that do the renderings on IOS and Android don't handle all JS and CSS quite the same. So you may have slight differences. Much less than you would have with ObjectiveC vs Java, but differences none the less.

PhoneGap makes much of the stuff you want to do with the hardware easier, but not perfect. If you want to send a Text, or make a call or access the contacts you will have to at least touch a plugin, if not write some native code. Most of the time you can just clip a snippet from someone else, but if you want to do anything awe inspiring you will have to still get your hands dirty with native code.

http://tldrstuff.com shows what we were able to do with a single UI Core across Windows Phone 8, Android, and IOS.

We hit all of the platforms, and had less code to change, but our app doesn't "Feel" native. We don't have a UI that looks integrated with the OS, but we have concistency across platforms. Was our decision "right"? Hard to say. We spent less resources which was a major driving factor so I say yes. Did it keep us from being Wavii or Summly? I hope not. But it is hard to say. I don't know if we traded dev resources for glory, or if we saved money we will want and need to be bigger than either.

It's not that they don't care, they are managing support headaches, and balancing risk to reward.

6 Character AlphaNumeric for Schwab is because they use the same password for phone, and this is a throwback to a "Pin". They could at least be honest that this is why it is what it is. The Fobs they send that generate a random number to go with your login make this not a deal breaker for me.

Microsoft is balancing support with security. If you can have a 32 character password it is more likely to be forgotten. But that isn't the real "Support" cost it is DDOS attacks. Computing a hash of a 128 character password is more expensive than doing a 16 character password. This makes it possible to bombard their servers with a Hotmail address you know to be real, and an imaginary password which they have to compute and check the hash for.

Most people don't have Alkaline soil. That's why you put lime on fields, because it is too acidic.

We don't use Iron Sulfate as a fertilizer because it is absorbed by the plants and in things like corn the increase in Iron can make the things raised in the soil poisonous to Children and pets.

This isn't "new". And and it isn't patentable because it is a chemical that has been used for fertilizer in Kale and Spinach for 100+ years.