Interesting note at the end about offline playists having to be re-downloaded. That, and the phrase 'internal company data' has me curious if the breach was some kind theft of media, as opposed to user credentials and info.
I don't think the playlist thing is related to the breach at all.
This is likely just a side effect of the new version being an entirely new Android app instead of an upgrade to the existing one. If the local playlist data and/or offline settings were sandboxed to the old app, a new app wouldn't be able to access it.
Offline playlists are encrypted by Spotify. Presumably this change means that the encryption keys used by Spotify to store offline data were compromised.
Actually, it looks like the "upgrade" is actually a new app entirely, so it's probably just that since it's a new app, the offline data has to be regenerated.
The makes sense to me as it's unusual to make such a public announcement when just one users data has been compromised and it didn't include and personal or payment information. It sounds like something Spotify are worried about that likely won't harm actual users and media theft seems like a decent conclusion.
If that was the case I don't think they would bother writing that blog-post. Why on earth would a user 'care' about another user 'stealing his digital media', when it's just 'songs' that are not even owned, by basically 'rented' on a monthly fee.
This is actually about as good as it gets for password hashes, so kudos to eBay.
Since these are salted and require 12000 iterations, cracking individual passwords will be quite time consuming. The preferred method in this case, though, is to go after low hanging fruit.
The way one would do this is to try something like the 500 most common passwords against all entries in the table. This won't take very long (compared to trying to brute force a bunch of individual passwords), and will probably yield a ton of passwords.
I disagree. We are talking about instances where both you and the government have all the information necessary to compute your tax exactly. It doesn't matter who does the calculation, the rate is fixed in advance. Even if you let them calculate the number for you there is no reason you can't double check it.
For more complicated tax situations where you are trying to minimize your tax based on information not available to the government this type of a system wouldn't be applicable.
Your (and others) comment is about income and taxes paid only. However, the US tax system is not just about income and taxes paid; it is also about deductions and tax credits. Yes, the IRS can calculate accurately (based on company reporting/history) what you've earned (income) and paid into the system for the tax year (taxes paid). Is that all you want them to do though? Of course not. Anyone who says, "Yes!" to that simply hasn't either thought this through or doesn't understand the concept of tax deductions and credits. See my comment above for more detail.
I think that, while the "5 minutes and you're done" thing can be understood as marketing spin, it would not be tremendously hard for any IRS service to provide the same kind of itemized listing that most tax softwares do to handle credits and deductions.
My tax experience is light–it takes me maybe an hour of data entry after all my stuff is gathered–so this wouldn't actually help me at all. But for others? If you could shave off as little as 20% from time spent on taxes, that sounds worthwhile to me.
While I think this sort of analysis is really cool and potentially interesting, there really isn't anything non-obvious in this article, assuming one is familiar with basic music theory. Hopefully this is part one and the more interesting material is being saved for later.
