nullymcnull's comments

> Why do the country's accountants need guns or bullets?

If you've actually inspected a reasonable subset of the multiple sources you found on this, you'd understand that these are purchases for their Criminal Investigations Division, a division with a narrow remit which has been armed for over a century.

The only reason why this is suddenly shocking news is because right-wing media has been increasingly hyping this up as some unprecedented and dangerous overreach since ~2020, cynically playing into the enduring paranoiac belief that govt stormtroopers are just around the corner (yet somehow never actually materializing). You're dancing to the tunes that your echo chambers choose for you.

No surprise at the MS non-response here. Anyone forced to use Teams every day can see that it's being maintained by a skeleton crew (at best) on the dev side. Every single day I miss basic features (like global message linkability) that I came to love in Slack, and suffer 101 little bugs and annoyances that never seem to improve much.

MS clearly thinks Teams is "good enough" - enough of the feature checkboxes ticked that they can focus mostly on aggressively marketing it, making it seem crazy to use a separate third-party chat platform instead of Teams if you're using Azure.. even if does happen to be a buggy bloated beast, with almost unusably wretched mobile apps.

If there's just one area I wish we hadn't switched to MS-brand dogfood after making the move to Azure, it's chat/calling. It's a deceptively tricky domain to get it right in, and one where you really want as little friction as possible for all users.

"We should have stuck with Slack." - every team that ever switched to MS Teams.

> Not that I want to give them any ideas, but surely the best solution would be to just lock the account down to the region the billing account is from?

I'm pretty sure (based on dealing with DRM/geoIP restriction requirements in other spheres) that it's because the media companies are incredibly anal about enforcement on strict geographic lines. They don't care if your account is linked to a US credit card at a US billing address, despite how effective that is at ensuring that you are a US user (and how difficult it is to spoof). They are hellbent on the idea that no US-only content should ever be streamed to an IP address terminating at a non-US location. For them it's absolutely not about people or accounts - it's entirely a matter of geography.

Netflix could easily apply a rule based on the region of the billing account, and I am sure it would be vastly more effective than playing whack-a-mole with individual IP addresses. However, the media companies would undoubtedly still insist that they do strict geoIP restriction as well. And if Netflix did both, anybody who is traveling outside of their home country would find Netflix to be bereft of content; anyone who travelled frequently would find Netflix to be perfectly useless. By going all-in on geoIP, Netflix keeps the geoIP-fixated media companies happy, while ensuring that users see plenty of content even as they move from country to country.

I'd guess that Netflix is only upping their game on residential IPs etc now because the media companies are no longer happy and are leaning on them - VPN services are simply becoming too brazen about advertising the ability to bypass Netflix geo restrictions by clicking flags. Whenever it becomes this obvious to the media guys that anyone with a pulse and a credit card can circumvent Netflix's controls, they'll be pressed to 'do better' or lose their rights to content. Netflix takes some steps, catches some backlash, and the media companies are placated for a while.

I've been in largely the same situation as OP - early-stage startup, rushed work on an MVP requiring far too many bells and whistles, CEO doing a crucial demo before potential investors who would likely make or break the company.

The crucial difference in my case was that the CEO was whipsmart, and a natural salesman; he knew his market, he knew his audience, and he knew our work. He ran through the app enough times in advance of the demo to know it inside and out, and he prefaced his demo with boilerplate warnings that it was an MVP/prototype and that bugs were to expected - he did this so effectively that it almost seemed like he had them excited about the prospect of seeing bugs. When the inevitable faults in the application / backend did occur, he was able to gracefully roll with the punches and sustain the momentum: he joked his way past it and adjusted his approach as he ran through the failed step again (having correctly guessed at what the problem was with his input the first time around). The investors could see - as our CEO had emphasized up-front - that the shortcomings were superficial, and that both the app and underlying system were fundamentally solving the problems they were meant to solve - and doing so in novel ways for the vertical we were in, with much better UX than that vertical was accustomed to.

That company succeeded by any measure, and is still running strong today. And at least 80% of why it succeeded, imo, is because of the quality of its earliest employees, both C-level and technical. A CEO may not need to be a one-in-a-million kind of guy or gal, but they definitely do need to be one-in-a-whole-lotta-thousands, at the very least - if they're just another thoroughly average individual with an oversized ego and a 'fake it till we make it' ethos, you are screwed - no amount of unpaid blood, sweat and tears in the trenches will save you. We were lucky enough to have an inspiring and intelligent CEO who brought in critical voices rather than yes men, and who at the early stages of the company's life would often directly interface with the coders who were designing the apps and systems he and his sales people would be pitching to potential investors, partners, and customers. And when your company has ~5-20 employees, that's absolutely how it should be - all doors should be open. Rigid management hierarchies are no more than adult make-believe at this stage, and indulging in them is inherently toxic.

Anyways, I suppose OP's story is really just an old and universal one: bad management will fail, and it will always find someone else to blame for its failures.

> This [2] post also documents Cliqz being covertly auto-installed with .NET Framework.

No, it documents the same thing as the other link - that unrelated chip.de downloads (including .NET Framework, though I have no idea why anyone in their right mind would source that from chip.de) are by default wrapping any downloads in a "secure CHIP installer" which is chock full of dodgy adware installations, apparently including Cliqz without any mention or option to remove.

Read it again:

> would only be able to travel 2–4 miles on that amount of electricity… in an hour. Most people could walk faster.

The specific UK mechanism that is the subject of this subthread was introduced in July; it's not what your wikipedia link describes (social engineering to get a number ported).

The majority of people on Earth who use languages that aren't covered by ASCII may also appreciate it, I'm guessing.

> In 2008 Facebook itself was in infancy

That's quite an overstatement, to put it very mildly. Facebook was allowing open non-.edu signups by 2006, and the buzz around it from it's school success was immense. By 2008 it certainly wasn't seeing a critical mass of boomers and other late(st) adopters, but it was still huge by any measure - 100 million users, and growing with unprecedented speed.

People were absolutely already uploading phone pictures to FB and other sites by then; I think there may even have been Facebook apps shipping on non-smartphones by that time, it was one of the earliest things carriers used to flog data plans. I agree that "the majority of the world" wasn't uploading phone pictures anywhere by then, but then I'd be surprised if that rather high bar has been reached today either.

You're really reaching now. People were regularly using phone cameras long before smartphones. By the time smartphones were a few gens in it was ultra common, and a big benefit of them (that even non-technical people could understand) was that you could use wifi whenever possible and avoid data charges (which really weren't much higher then than now in most markets; "unlimited" plans were more common too). Also the 3g has a 2mp camera, so we're talking about pictures that are 2-3MB at most. The suggestion that people were shy about uploading relatively small photos to Facebook circa ~2008, and that this supports this flimsy story in any way, is sheer nonsense. I'm no fan of Facebook - am a long-term outright refusenik actually - but the conspiracy theories are getting out of hand. There is zero substance to this article, it's wildly speculative clickbait.

This article appears to be from June 2017.

That's a good hot take, and I don't really disagree about (some of) the tendencies of this article, but this is still a pretty shady / unethical company by most measures.

> I was told it has 50 mil nic and my jaw hit the floor. Those that vape knows that's a crazy number

Since the earliest days of vaping, it's been easy to get liquids at varying nicotine levels, downright common to have them without nicotine at all, and it's been understood practically as a first principle that one can gradually taper down the nicotine levels as an effective means of smoking / overall nic cessation.

Along comes Juul, with patents for more effective nic delivery, a $16B valuation and >$1B capital, trying to reach people who aren't necessarily tuned into this niche at all, coming to market with exactly one nicotine option: ultra freaking high, apparently over double what for a long time was the standard 'highest' option available from most e-liquid vendors (18mg/mL). These guys seriously only plan to start selling "lower-dose pods" at some later point.

I'm not so sure that any significant portion of the market they're angling for (virgins to the product space) is likely to progress to "more advanced setups", not if Juul is their point of entry. In any case, Juul's rising will probably lead to higher median nic levels in the market at large, as competitors whose product would otherwise seem "weak" try to reach Juul's customers.

Makes sense, I guess, that the guys in this space getting funded would be those who are the most amoral - cranking nic levels up while aiming to deliver it with more punch, not even pretending to support tapering off nic entirely, keeping them on the tit for now while probably offering unspecified lower levels in the future. On one hand they talk about their noble mission to get people off the hated cigarettes and their outreach to keep everything above-board and 21+, on the other they make sure social media is carpet bombed with cool young guys + gals vapin Juuls.

Don't get me wrong, I'm not outraged or clamouring for them to be legislated to their doom or anything. I'm truly impressed by how brazen and full of shit these guys are.

> I am saying that if you look at Wikipedia history you can find plenty of places where an anonymous user/occasional editor fixes a spelling mistake that was then reverted.

You're essentially refuting yourself by making the same claim again, and yet still without offering a single example of something you are claiming is rampant. If there are "plenty" of examples, it should be easy to link a few.

I'm skeptical, because I've made many small, always anonymous edits over the years, mostly correcting spelling mistakes and bad grammar. Most of these edits were even made from dynamic IPs - and yet none of them were reverted.

Neither the fact that Weev is a gigantic asshole, or your conjecture about what he might have been convicted of since, retroactively erases the injustice of the DOJ's absurd prosecution of him for the AT&T 'hack' - which was imo more about AT&T's wounded pride, and unwillingness to admit that they had effectively given that customer data away.

The AT&T hack is a perfectly good example, probably the most relevant one we have, of someone doing exactly what the GP suggested. Which undoubtedly would face much the same kind of overzealous prosecution, if not much worse given the current climate.

I do agree with GP though, and wish more researchers would be a lot less polite and well-behaved with their disclosures, sow a little more chaos even. This really was a golden opportunity to have a real national impact, and to give a huge number of non-tech people an unprecedentedly effective wake-up call.

I am curious as to where you are getting the idea that "unionization in Canada is still as strong as the strongest years in the US". That's pretty much the opposite of my personal experience and observations, and it's not the consensus I've been hearing (which is that organized labour has been at an absolute nadir in the past few decades, as much in decline as in the US). Unions have shrunk, membership are down, political clout is down, and a newly unionized company is a rare bird indeed. Perhaps the high rate of unionization in the public sector skews the stats here, because in the private sector, things are pretty much a mirror of the US situation.

From what I can tell, all of the same factors that are driving down wages in the US - increased consolidation, far more 'temp' positions brokered by temp agencies - apply to Canada as well, and have had the same effect.

I'm going to assume that you are just reaching out for counterfacts without being particularly well-versed on the history here, because the Russian Duma was, from inception to the revolution, a very bad joke. It was only barely tolerated by Nicholas, and dissolved for years at a time whenever it tried to compel the autocracy toward meaningful reforms. That parliament has a very great deal to do with why events took the radical course they did - it effectively discredited everyone who tried to work within the system.

The post kind of dances around exactly what 'information' was exfiltrated from the targeted user, but it's pretty clear from a close reading that it has to have included his Chrome passwords.

  unfortunately we could not be able to enter the registration-only web sites he was using to provide this information to other pirates.

  We found ... that the particular cracker had used Chrome to contact our servers so we decided to capture his information directly

  .. to dump that cracker's information needed for us to gain access to those illicit web sites

  this method worked, in fact, and we were able to receive this information

This all followed by screenshots from the "registration-only web sites" they could not previously reach.

Also, at least one of the initial reddit reports which set off this whole thing was due to A/V software detecting an executable file included in the installer (which was dropped but not executed on all user installs) as "Chrome Password Dump" malware.

Edit: The earliest responses about this from FSLabs seem to confirm that they were running the password dumps on anyone who was using known pirated serials; it looks safe to say that the linked post is overstating how targeted their actions actually were.

  This method has already successfully provided information that we're going to use in our ongoing legal battles against such criminals.

If they truly believe that they have any hope of using any information thus gathered to aid them in their 'legal battles' against crackers and pirates, this is one deeply confused company.

> On Windows, once the file is open, it is that filename that is open; You can't rename or delete it

It's simple for any application to open a file in Windows such that it will allow a rename or delete while open - set the FILE_SHARE_DELETE bit on the dwShareMode arg of the win32 CreateFile() function. In .NET, the same behaviour is exposed by File.Open / FileShare.Delete.

Google found these vulnerabilities in the first place, and many serious ones before Spectre/Meltdown too. We don't know if state or other actors found them first, but we know that if Google was not in fact "doing things for the community" here by finding and disclosing them, they'd still be unknown to us, and there would be no mitigations at all. To rubbish all of that defacto contribution, because they didn't disclose it the way you might prefer, is asinine - talk about looking a gift horse in the mouth!

All you're really doing here is confirming that you are typical of the HN userbase these days (far past its prime and filled with reactionary tinfoil hat types with a raging hate-on against one company or another) - that Google is on your personal shit list, and that you'll characterize just about anything positive about them as "fluffy garbage". And that's just not very interesting - it's tiresome, practically-writes-itself noise to everyone other than the choir you are preaching to.

Google just can't seem to win with some people. Notifications like this have an obvious benefit, in that they make the degree of tracking that is happening very clear even to the non-technical end user (and if they aren't comfortable with the tradeoffs involved, they can disable it). But apparently simple acknowledgement of what the phone (any smartphone) already knows is "creepy", and it's more comforting to bury your head in the sand and pretend it isn't going on ("I'm going back to an iPhone"). Out of sight, out of mind, I guess.

This whole post just gets sillier as it goes. It's dire and creepy and "robotic" for Google to acknowledge that your phone, the internet, and their business are machine-driven, and to be open + straightforward about the fact that said machines can make good use of your human judgement + opinion, for the benefit of other humans? They need to "soften this blow"? Really?