Hacker News: vivan

New comment by vivan in "Australian Federal Police hacked, classified documents on drug cartels stolen"

vivan — Fri, 14 Oct 2022 09:37:37 +0000

The source article provides much more detail: https://www.smh.com.au/national/secret-agents-targeting-drug...

New comment by vivan in "Toyota suffered a data breach by accidentally exposing a secret key on GitHub"

vivan — Fri, 14 Oct 2022 09:34:51 +0000

I used to report things like this that I had found, including cases where I can see people used the default "sample" config for security purposes, but I found that either people would not care at all, or massively overreact and somehow blame me.

If an organisation is disorganised enough to leave critical details in public, they're probably too disorganised to handle someone reporting it.

New comment by vivan in "Integrating with Fastmail"

vivan — Wed, 28 Sep 2022 13:10:52 +0000

Other email providers don't allow recycling of account names - once they're gone, they're gone.

That said, I do agree that using a domain you own is better practice. However, I have been burned there before - I used a .eu domain for pretty much all of my email sign-ups for over a decade, then had the domain yanked away because of Brexit. Yes, my fault for not realising that this would happen (I lay some of the blame with my domain provider for not mentioning it to me at all).

New comment by vivan in "Integrating with Fastmail"

vivan — Wed, 28 Sep 2022 09:45:36 +0000

I cannot recommend fastmail to anyone for the simple reason that if your account expires and gets deleted, anyone can create an account with the same email address and take over your identity. This seems like a massive security flaw.

New comment by vivan in "GitHub was down"

vivan — Thu, 27 Feb 2020 16:33:38 +0000

What do you guys recommend as a good way to continue work undisrupted when GitHub goes down? A second remote mirror?

New comment by vivan in "Ask HN: What's your latest failed side project and why?"

vivan — Mon, 24 Feb 2020 10:31:55 +0000

Outlook add-on to give the ability to "undo" sending email. It just mimicked the functionality in Gmail where it holds your email for 10/30/60 seconds before sending, which gives you a chance to stop the message being sent if you notice an issue. For some bizarre reason Microsoft built this in their web app but never in the desktop version of Outlook, which is what most people in big corporate environments use.

Finished the project, built the tool and it worked great, had a bunch of people using it. Then I got to the point of having to actually distribute/market it and I gave up - the idea of having to actually support a desktop application was just too much for me.

I'll probably throw the code up on GitHub at some point so people can still get some value out of it, since a lot of people have been asking.

New comment by vivan in "GitHub: Increased Error Rates"

vivan — Wed, 19 Feb 2020 15:39:02 +0000

I guess it's a bad time to make a presentation to let us move from an on-prem SVN repo to GitHub...

New comment by vivan in "Your balance is $0.30000000004"

vivan — Tue, 18 Feb 2020 17:10:57 +0000

In this case, the value is the "surge_multiplier", which is indeed a float: https://developer.uber.com/docs/riders/references/api/v1.2/e...

New comment by vivan in "Your balance is $0.30000000004"

vivan — Tue, 18 Feb 2020 16:02:52 +0000

That was the main plot of Office Space.

https://www.imdb.com/title/tt0151804/

New comment by vivan in "Docker for Windows won't run if Razer Synapse driver management tool is running"

vivan — Tue, 18 Feb 2020 15:20:24 +0000

It also has macroing functionality with profile switching. You could achieve the same with something like AHK but the Razer interface is easier for simple tasks.

New comment by vivan in "Your balance is $0.30000000004"

vivan — Tue, 18 Feb 2020 15:17:27 +0000

You would think that this is a fairly rookie error and that big companies would know better, but I regularly see this on Uber: https://i.imgur.com/qDACtG0.png

New comment by vivan in "Ask HN: Is SQL a primary tool of choice for doing ETL pipelines in 2019?"

vivan — Wed, 02 Oct 2019 15:06:22 +0000

As with most questions about stack choice: it depends.

New comment by vivan in "Vulnerability in the Mac Zoom client allows malicious websites to enable camera"

vivan — Tue, 09 Jul 2019 09:58:14 +0000

Huh, I'm on Windows and it auto-joined the meeting too, with video enabled. I wonder if this is because at some point in the past I opened a Zoom meeting and allowed Chrome to open the Zoom URI in the Zoom app?

New comment by vivan in "Ask HN: Did offering a money-back guarantee help your business?"

vivan — Wed, 06 Feb 2019 11:02:16 +0000

How does this work in line with your views on registration systems? I'm about to be releasing a product which also is a one-time digital purchase and I plan on just having a generous guarantee. I was planning on having no licensing system because frankly it's more headache than it's worth - the target audience will be happy to pay for the product and people who don't want to pay won't be paying anyway. Do you think this is a fair assessment? Do you think it's worth having a very basic registration system or none at all?

New comment by vivan in "Ask HN: What is an example of a super simple SaaS that is profitable?"

vivan — Mon, 28 Jan 2019 12:50:42 +0000

My biggest inspiration is https://www.placecard.me/ by Cory Zue (https://news.ycombinator.com/user?id=czue).

He has been documenting the whole process very well both on Twitter (https://twitter.com/czue/status/958993008543830017) and his blog (http://www.coryzue.com/writing/).

New comment by vivan in "Deliveroo users are getting defrauded"

vivan — Thu, 24 Jan 2019 19:15:19 +0000

Interestingly the same author had a very different opinion when the same was happening to someone else. https://www.newstatesman.com/science-tech/internet/2018/09/g...

> Although what Spotify has done, or failed to do, by handing over data to whoever is logged in on an account, could be considered irresponsible, it is in no way illegal – and, in all likelihood, is generally the norm.

New comment by vivan in "Deliveroo users are getting defrauded"

vivan — Thu, 24 Jan 2019 17:50:00 +0000

I'm not saying Deliveroo isn't in the wrong here - they absolutely should have more defenses, but I still think this argument makes little sense. What if they have the defences in place but you choose to disable them? Who is liable then? I personally have 2FA on my GMail, but plenty of people choose not to - is it Google's fault for not forcing it on them?

New comment by vivan in "Deliveroo users are getting defrauded"

vivan — Thu, 24 Jan 2019 17:24:36 +0000

So if someone hacks your email because you didn't have sufficient protections in place, does that make the email provider liable? Seems like an argument that falls apart very quickly.

New comment by vivan in "Deliveroo users are getting defrauded"

vivan — Thu, 24 Jan 2019 15:46:43 +0000

Standard security practices: not allow delivery to a new address without reconfirming credit card details, sending email confirmation upon login from a new location/device, and in the more extreme cases, 2 factor auth.

New comment by vivan in "Deliveroo users are getting defrauded"

vivan — Thu, 24 Jan 2019 15:11:21 +0000

Do you have a source for that? If that is the case then pretty much every major website is in breach. Credential stuffing is rampant and very easy to do these days. It's not the website's fault that the user gave out their password.

However, I do agree that Deliveroo needs to do more to protect users against this. 2-factor authentication, email confirmation from a new IP, re-entry of card details when ordering to a new address are all simple ways to handle this. Deliveroo has not prioritised this because their main priority is growth.