Mtgox has neither of those assurances.

They have absolutely no credibility on the security front. They were using MD5 with no salts at one point in time. They then moved to MD5 with salts. Now they are at "SHA-512 multi-iteration, triple salted." That seems more like they're trying to say "Oooohh! Look at us! See?! We're being secure!" Triple salted means what, exactly? (Other than the fact that it makes it clear these are people who read about salting online and then though "more is better.")

Next: "we have actively been patching holes." Oh no. You mean, you're just going through the code and looking for bugs and hoping you get them all? That might work for normal programs just fine, but even ONE vulnerability is enough to take an entire database. A database hosting just passwords may not be all that bad (it usually is, but it doesn't have to be). A database which hosts thousands and thousands of dollars? Now that is something to worry about. It truly does look like they got lucky on this attack.

As for the guarantee that banks give -- that if they get broken in to, I will still have my money -- there is no way mtgox provides this. Anyone who still has money on mtgox is asking for trouble.

Edit: That's with the "Dense" view. Regular is even worse.

"That's pretty easy," he said, "I just look for something that parents will hate."

That this is a successful strategy is self-evident. (American) kids want to differentiate themselves from their parents and will pay money to do so. They'll probably latch on in some form to anything as long as it fits the criteria that their parents don't like it.

I think it's a safe bet that the social networking site that replaces Facebook will have fewer features, be ugly, be more difficult to use, and have no redeeming qualities other than nobody's parents are going to participate in it, and kids will identify with it as the cool thing for that reason.

Some might object that private firms will have incentives to cut corners on safety. It is a legitimate concern, but competitive mechanisms tend to weed this out.

Ugh, how are they going to 'weed this out' exactly? Seems to me competitive pressures would lead private firms to do exactly what the TSA is doing i.e. give the appearance of being serious about security. And do it cheaply. Christ, all these high-profile hacks against big corporations recently and this guy really expects anyone to believe that competition will 'tend to' force businesses to take security seriously? The author hasn't given this a lot of thought, I strongly suspect.

The TSA is awful. But the idea that competition and the free market is a panacea for all problems financial and social is too often used as a crutch by bureaucrats and politicians who don't want to do their god damn jobs, and as a cudgel by idiot pundits on the payroll of big business, as we see here.

Just fix the TSA.

Edit: and it appears Forbes stores your passwords as plaintext. Really shining example of the free market and competition magically solving all our problems, fellas.

Edit: Actually, apparently parts of the stack have been open-sourced:

http://code.google.com/closure/

http://code.google.com/p/protobuf/

http://code.google.com/p/google-guice/

The key points to identify;

a) The TSA does not make flying safe. The FAA makes flying safe. The TSA allegedly keeps bombs off planes but going by their press releases they've never actually done this. It's always some kid with a pen-knife.

b) For years Customs have been attempting the opposite goal, detecting stuff coming off planes. They have a good success rate, but clearly plenty of stuff gets through. Is there any evidence that the TSA has a better success rate?

c) It's not hard to get forbidden items onto a plane. It just isn't. All the TSA does is make it harder to do it via the main entrance hall. Given the amount of merchandise, and number of people who work on the "other side" of the security barrier, does anyone think it's hard? For example it's easy to take liquids on a plane, just buy them in the departure hall. [edit - It's also not hard to get a job as a TSA agent. Quis custodiet ipsos custodes?]

d) Given that the TSA doesn't make us any _safer_, it's hard to find a reason for it to exist. But large govt. departments do not go softly into the night.

It takes sustained, broad-based pressure to make this sufficiently important for politicians to get involved. Until that happens _nothing_ will change. No, I lie, until that happens the TSA will spend more money, and intrude on our lives more, but won't actually provide any benefit.

[1] Who wrote In the Plex.

[2] http://www.wired.com/epicenter/2011/06/inside-google-plus-so...