The site just emailed me my password in cleartext when I used the "forgot password" option, so they must not be hashing them on their side. Seems like a terrible security practice.
The incident notification states "website user names and passwords could also have been accessed", so I guess this means cleartext passwords.
Really? If you want these plugins, just do the one-time install when you first encounter the Missing Plug-In message, and then everything will "just work" again. (Well, perhaps you'll have worse battery life and maybe a less secure system.) There's a reason why that error message has a button next to it that makes it really easy to install the missing piece, as opposed to hunting for the right software on the Internet.
Can you be more specific about needing to "manually futz around with flash every two weeks"? I'm guessing you mean software updates, but I have a hard time believing that Flash stops working unless you update it. If you don't value the added security of having Flash updates decoupled from OS X releases, then you can just tell Flash to stop prompting you to update (or better, just tell it to do so automatically).
It's not just startups. Why does Google get away with this with their "Name Here wants to chat" invite emails? I have an address that at this point must have received hundreds of these emails, none of which have instructions on how to block them. Partial example: http://cl.ly/image/3y3D0f2r0W0q
I don't know whether this is a separate case under the relevant laws, but you're getting that email because your contact explicitly clicked the "Invite to chat" button in Gmail. Arguably, Google is sending those emails on behalf of your contact.
Speaking of Google, every mailbox I have is subscribed to a dozen Google Groups full of Arabic-language spam. These are mailboxes on my own domains, that don't have Google Groups or Google Account accounts. Anyone can add you to a group and start spamming you through Google, repeated "report this group as spam" reports don't stop new mails from arriving, and the only way to unsubscribe is to create a Google Account with that mailbox then leave the group.
That is using Facebook, and it makes use of the implicit, non-consensual Facebook shadow accounts that Facebook creates for all anonymous users, who are extensively tracked across the internet.
Many people have blocked all domains associated with Facebook in order to maintain privacy and thwart their internet-wide tracking.
I came here to say exactly this. Whoever was in charge of their video design failed majorly. The constant head shaking was very disconcerting to me and I felt like he had no confidence in his own product.
Did you read the contents in your standard web browser, like I did? What if it sent back a different set of commands if the user agent matched that of cURL?
Well, you're still free to curl the contents of the URL into a standard text file, and view it with the text editor of your choice (maybe even TextMate!).
It’s probably nicer to schedule this with iCal instead of crontab. Create a new iCal event, and add an alert for that event that runs your script. You can easily and visually configure the event to repeat only on weekdays, and the best part is that you can simply delete or modify single instances of the recurring event to deal with exceptions like holidays.
Damn. I was honestly hoping I'd just found a way to get rid of an old Facebook account that I no longer use, and despite having requested it be deleted on numerous occasions, still get email from.
Thank you for pointing that out, but I tried that and it didn't work. The network simply doesn't appear in my list of networks. Other developers haven't been able to get this to work, either.
Sorry, you're right, I just confirmed that it no longer works. I'm pretty sure that method worked just a few weeks ago though. =\ The changes are probably related to the test user overhaul that Facebook has been working on for the past few months. https://developers.facebook.com/blog/post/429
I'm glad they made the new system -- it looks really clean and useful. I just wish they hadn't left the old system halfway operating, so you can fall into it but not climb out.
And they really, really need to edit that blog post to point people to the new system. It is in the top place of the google results for "Facebook test account," and I'm sure it is misleading a lot of people. At the least into using the clumsy old system, and at the worst into destroying their accounts.
The incident notification states "website user names and passwords could also have been accessed", so I guess this means cleartext passwords.