vivan | 3 years ago | on: Australian Federal Police hacked, classified documents on drug cartels stolen
The source article provides much more detail: https://www.smh.com.au/national/secret-agents-targeting-drug...
vivan's comments
vivan | 3 years ago | on: Toyota suffered a data breach by accidentally exposing a secret key on GitHub
I used to report things like this that I had found, including cases where I can see people used the default "sample" config for security purposes, but I found that either people would not care at all, or massively overreact and somehow blame me.
If an organisation is disorganised enough to leave critical details in public, they're probably too disorganised to handle someone reporting it.
vivan | 3 years ago | on: Integrating with Fastmail
Other email providers don't allow recycling of account names - once they're gone, they're gone.
That said, I do agree that using a domain you own is better practice. However, I have been burned there before - I used a .eu domain for pretty much all of my email sign-ups for over a decade, then had the domain yanked away because of Brexit. Yes, my fault for not realising that this would happen (I lay some of the blame with my domain provider for not mentioning it to me at all).
vivan | 3 years ago | on: Integrating with Fastmail
I cannot recommend fastmail to anyone for the simple reason that if your account expires and gets deleted, anyone can create an account with the same email address and take over your identity. This seems like a massive security flaw.
vivan | 6 years ago | on: GitHub was down
What do you guys recommend as a good way to continue work undisrupted when GitHub goes down? A second remote mirror?
vivan | 6 years ago | on: Ask HN: What's your latest failed side project and why?
Outlook add-on to give the ability to "undo" sending email. It just mimicked the functionality in Gmail where it holds your email for 10/30/60 seconds before sending, which gives you a chance to stop the message being sent if you notice an issue. For some bizarre reason Microsoft built this in their web app but never in the desktop version of Outlook, which is what most people in big corporate environments use.
Finished the project, built the tool and it worked great, had a bunch of people using it. Then I got to the point of having to actually distribute/market it and I gave up - the idea of having to actually support a desktop application was just too much for me.
I'll probably throw the code up on GitHub at some point so people can still get some value out of it, since a lot of people have been asking.
vivan | 6 years ago | on: GitHub: Increased Error Rates
I guess it's a bad time to make a presentation to let us move from an on-prem SVN repo to GitHub...
vivan | 6 years ago | on: Your balance is $0.30000000004
In this case, the value is the "surge_multiplier", which is indeed a float: https://developer.uber.com/docs/riders/references/api/v1.2/e...
vivan | 6 years ago | on: Your balance is $0.30000000004
That was the main plot of Office Space.
vivan | 6 years ago | on: Docker for Windows won't run if Razer Synapse driver management tool is running
It also has macroing functionality with profile switching. You could achieve the same with something like AHK but the Razer interface is easier for simple tasks.
vivan | 6 years ago | on: Your balance is $0.30000000004
You would think that this is a fairly rookie error and that big companies would know better, but I regularly see this on Uber: https://i.imgur.com/qDACtG0.png
vivan | 6 years ago | on: Ask HN: Is SQL a primary tool of choice for doing ETL pipelines in 2019?
As with most questions about stack choice: it depends.
vivan | 6 years ago | on: Vulnerability in the Mac Zoom client allows malicious websites to enable camera
Huh, I'm on Windows and it auto-joined the meeting too, with video enabled. I wonder if this is because at some point in the past I opened a Zoom meeting and allowed Chrome to open the Zoom URI in the Zoom app?
vivan | 7 years ago | on: Ask HN: Did offering a money-back guarantee help your business?
How does this work in line with your views on registration systems? I'm about to be releasing a product which also is a one-time digital purchase and I plan on just having a generous guarantee. I was planning on having no licensing system because frankly it's more headache than it's worth - the target audience will be happy to pay for the product and people who don't want to pay won't be paying anyway. Do you think this is a fair assessment? Do you think it's worth having a very basic registration system or none at all?
vivan | 7 years ago | on: Ask HN: What is an example of a super simple SaaS that is profitable?
My biggest inspiration is https://www.placecard.me/ by Cory Zue (https://news.ycombinator.com/user?id=czue).
He has been documenting the whole process very well both on Twitter (https://twitter.com/czue/status/958993008543830017) and his blog (http://www.coryzue.com/writing/).
vivan | 7 years ago | on: Deliveroo users are getting defrauded
Interestingly the same author had a very different opinion when the same was happening to someone else. https://www.newstatesman.com/science-tech/internet/2018/09/g...
> Although what Spotify has done, or failed to do, by handing over data to whoever is logged in on an account, could be considered irresponsible, it is in no way illegal – and, in all likelihood, is generally the norm.
vivan | 7 years ago | on: Deliveroo users are getting defrauded
I'm not saying Deliveroo isn't in the wrong here - they absolutely should have more defenses, but I still think this argument makes little sense. What if they have the defences in place but you choose to disable them? Who is liable then? I personally have 2FA on my GMail, but plenty of people choose not to - is it Google's fault for not forcing it on them?
vivan | 7 years ago | on: Deliveroo users are getting defrauded
So if someone hacks your email because you didn't have sufficient protections in place, does that make the email provider liable? Seems like an argument that falls apart very quickly.
vivan | 7 years ago | on: Deliveroo users are getting defrauded
Standard security practices: not allow delivery to a new address without reconfirming credit card details, sending email confirmation upon login from a new location/device, and in the more extreme cases, 2 factor auth.
vivan | 7 years ago | on: Deliveroo users are getting defrauded
Do you have a source for that? If that is the case then pretty much every major website is in breach. Credential stuffing is rampant and very easy to do these days. It's not the website's fault that the user gave out their password.
However, I do agree that Deliveroo needs to do more to protect users against this. 2-factor authentication, email confirmation from a new IP, re-entry of card details when ordering to a new address are all simple ways to handle this. Deliveroo has not prioritised this because their main priority is growth.
page 1