LurkersWillLurk's comments

You should talk to an employment lawyer before you go to HR or anyone in your company. You also have the right to file a complaint with the EEOC, but I would not do that until you talk to a lawyer.

The reason why you need to talk to a lawyer is that your lawyer is ethically obligated to represent your best interests, not your company's.

You can contact a consumer law attorney to get this fixed. There is an attorney's fees provision in the FCRA which will make it economical to pursue the remedy.

So basically, an integer overflow causes the whole mess. I wish I could say that I was shocked, but here we are.

This is astonishing.

> We determined that the issue was being caused by unintended interaction between the Microsoft Teams app and the underlying Android operating system.

As someone whose organizational policy signs my Teams client out after a couple hours of inactivity, I would love to know how on earth this is possible. I truly am at a loss, and I am furious at the thought that I have been unable to dial 911 for who knows how long.

At least I know the ten digit number for my local emergency services, but the average person probably doesn't. This is unacceptable.

I don't have a written source, but I think it's safe to say that the majority of elected offices in the United States are local/municipal, and many (most?) of those are unpaid. And if they're not unpaid, they usually only pay a few thousand a year, if that.

Could you explain what Signal is doing to discourage contributions?

Just going to point out - ending single family zoning doesn't mean building a single family house is prohibited, it just means that you can build things other than a single family home on a particular plot of land.

They also don't support wheelchairs, which in the United States would tend to violate the ADA.

Yeah. I'm sorry your parents didn't know better. I've seen a bunch of young people being given the horrible advice by their parents of talking to the police, which is a huge no-no in the United States.

> Now that I'm a misdemeanor(er?)

The proper word is misdemeanant. ;)

> if you try to sit down and try to start the work and just CANNOT emotionally bring yourself to do the work or get your brain to engage, then it's probably something more than just normal procrastination

I've had so many problems with this in high school and college, it's unreal. I've only started to fully comprehend my problems with anxiety this past semester but reading all of this makes me wonder if there's something more to it than just that.

No, you're absolutely right. The author complains that with physical possession of the device that it's possible to transfer Signal's private key material to a new device, leaving the old safety number intact.

The author apparently expects the safety number to change in order to alert the person on the other end that there "might be a hostage situation," evidently not realizing that the attacker could just, well, use the unlocked phone right in front of them.

TL;DR of article: Signal transfers key material upon migrating to a new device if you use the "transfer messages" workflow. As a result, safety numbers do not change.

I don't see how this is a problem at all. This was actually a feature that many Signal users wanted to use - they didn't want to re-verify safety numbers every time that they had to reinstall Signal or switch to a new phone.

> We don't want anyone to get hurt by way of trusting privacy guarantees which may be more conditional than they appear from the docs!

> If Bob notices the chat safety number with Alice has changed and then Alice sends a bunch of suspect-sounding messages or asks to meet in person and Bob has never met Alice in person before, for example, Bob should be wary. After Alice for example is forced to provide device passcode or unlock their device with their fingerprint or face, Alice's device could be cloned over to a new device by way of quick transfer functionality without Alice's consent, and the messages could be coming from the cloned device rather than Alice's actual device.

Respectfully, this doesn't make any sense. Signal provides security from device to device, it doesn't stop someone from pointing a gun to your head and looking at your messages or pretending to be you after stealing your phone. If someone has the physical possession of your phone necessary to perform a device transfer, then you're already screwed. The idea that a safety number change would alert the person on the other end that you're being held hostage is outlandish and is completely divorced from any normal use of Signal.

You don't have to associate with anyone as a private individual if you don't want to. In the present case, the school district is an arm of the state and cannot punish a student for constitutionally protected speech.

Are new residents not as much of a resident as existing residents?

I don't think the city council is oppressing anyone by having the police issue citations to people who wake me up at night with their obnoxious mufflers.

The personal satisfaction from having a loud muffler is actually less important than my ability to sleep at night.

I feel like this would be the one legitimate criticism of Section 230, but I don't really know how you would "solve" this problem. Maybe a DMCA-esque system for defamation, but on the other hand I feel like that's also ripe for abuse and would hamper online anonymous speech. Is it fair use to post a picture of someone if the text accompanying that picture is libel?

The unstated assertions that a person simply visiting Parler or Gab is a form of harm to others is astonishing.

Respectfully, how exactly would federation have helped with this outage?

Signal's own official clients failed to properly back off from spamming the server with incessant requests. I'm not entirely sure how more third party clients would have helped with this issue.

Can somebody clarify if I'm correct in believing that feature flags are client features that can be activated server-side (as opposed to an app update)?