I would assume it's just sent through the API with the iOS App's app credentials (they are open and out there). That specific set of app credentials allows the OAuth endpoint for email + password sign in through the API. Maybe some other database got hacked and the user credentials were used on twitter.
While it is very generous, I doubt they would give a sum like that if it wasn't for the publicity. I'm sure news like this can help their image quite a lot in their target audience (security-aware computer people).
I actually have a theory that this is all a scam... the person who found the bug is actually the authors (or a friend) of the Telegram protocol. They published the security issue and reward themselves so that 1) they don't have to pay anyone else; 2) they get good publicity by doing this; 3) shut others up up front as this is really a very easy bug to figure out (a few others hinted the possibility as the key exchange is unautenticated DH, which is bound to flaws like this)
Do you know if T-Mobile has improved in the Phoenix area? The website shows 'excellent' coverage around here, but all I read online is horror stories of not having any signal in buildings etc.
Apparently they wanted to work on that in the last 6-10 months, but I haven't heard anything about it since.
T-Mobile is great in the east valley for me - the only place I can't get a signal is in my home office in my house, but that seems to be some kind of odd wireless signal black hole in general. Most of the time I have a 4G signal with quite decent speeds.
I travel all around the valley, and rarely ever have any signal issues with T-Mobile, in the places I do have issues Verizon phones are the only ones with signals.
Where I live(Sun Dance) Verizon phones have little to no signal while I have 3-4 bars.
Good suggestion, I've been using Amazon Glacier with the CloudBerry backup software which supports client-side AES encryption (http://www.cloudberrylab.com/amazon-glacier-backup-software....) and couldn't ask for more. Of course you will have to trust CloudBerry not to put a backdoor in their Software, but it seems there are no OSS alternatives right now that work as easily.
From their website, it seems that tarsnap can't be counted as OSS:
"The Tarsnap client code is built around the open source libarchive archive handling library. While the Tarsnap code is not distributed under an open source license..."
Unless specified otherwise in individual files, the contents of this
package is covered by the following copyright, license, and disclaimer:
Copyright 2006, 2007, 2008, 2009, 2010, 2011 Colin Percival
All rights reserved.
Redistribution and use in source and binary forms, without modification,
is permitted for the sole purpose of using the "tarsnap" backup service
provided by Colin Percival.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
My reading of that is that you aren't allowed to redistribute any modifications or use it for anything other than accessing the tarsnap service.
So not really open source software in any sense that I understand.
[NB My comments is not intended as a criticism of tarsnap or Colin's licensing policy - he wrote it so, in my book, he can license it any way he wants.]
Free to distribute is one of the fundamental defining things about open source [1]. Lets not water it down to the point of meaninglessness like words like `open' currently are.
The Tarsnap client code isn't Open Source, but the source code is available, which means it can be audited.
s1kx's caveat ("Of course you will have to trust CloudBerry not to put a backdoor in their Software") therefore doesn't apply (as strongly, anyway) to Tarsnap.
Theoretically yes, but ngResource is kind of the achilles' heel of AngularJS right now. You're often better off using a different library or making your own class with $http requests.
I'm using AngularJS 1.1.5 and ngResource in my project and it works quite nice. I wouldn't discourage people from learning the hard way. However, +1 for Restangular.
Is there no hardened version of Psych which lets you either disable object deserialization, or whitelist classes? That would seem like the safest option right now to guard against coming vulnerabilities in Rails in this regard.
