They mention terminal passwords on their privacy page (short story, they don't read passwords if they aren't echoed on the terminal)
The ability to exclude files that I know contain sensitive data would be a very nice step. Even better if you explicitly state that retroactively excluding files will result in a deletion of the file from your servers.
A few of my friends found multiple copies of ssh_config lying around, so I wrote this one-liner that looks at 3 separate known ssh_config files & patches any vulnerable ones that it finds.
$ for SSH_CONF in /etc/ssh/ssh_config /etc/ssh_config /private/etc/ssh_config; do [ -f $SSH_CONF ] && ! grep -q 'UseRoaming no' $SSH_CONF && echo "Patching $SSH_CONF" && echo -e '\nHost *\n UseRoaming no' | sudo tee -a $SSH_CONF > /dev/null; done
I'm not terribly familiar with blackbox, but based on the blackbox Readme it seems that this critique from Vault's website [1] addresses why HashiCorp thinks Vault is a better solution.
> Chef, Puppet, etc. all solve this in a similar way: single-key encrypted storage. Chef has encrypted data bags, Puppet has encrypted Hiera, an so on. The encrypted data is always one secret (a password, a key, etc.) away from being decrypted, and this secret is generally not well protected since in an elastic environment, every server needs to somehow get this secret to decrypt the data. Additionally, access to the encrypted data isn't always logged, so if there is an intrusion, it isn't clear what data has been accessed and by who.
I'd say nearly every move the CAH folks make is some form of nontraditional marketing. Sure, buying an island may seem like just throwing away profit, but the amount of buzz and fan loyalty generated by that sort of stunt is a big part of what keeps their brand relevant & growing.
You could argue that their entire holiday promotion is really an exercise in marketing, and that they've already written off any profit from it as part of their marketing budget. Their business is selling the boxed card game, rather than gimmicky promotions.
Danilo, I loved the article & thought it was much needed. Agreed that it's not the job of the marginalized to educate oppressors. Agreed that it's frustrating and exhausting for anyone to take on the task of educating others, and that your writing is an attempt at making others aware of the problems that exist. I agree that BrandonM's classification of your article as "cherry picking" demonstrates a lack of awareness of the difficulties of minorities and women in tech & at HN. However, simply because a person doesn't express a certain level of self-awareness or education about the disadvantage others are experiencing doesn't automatically quality them as an enemy nor a bad human.
BrandonM, I'd encourage you to keep educating yourself. I'd suggest reading resources like http://juliepagano.com/blog/2013/11/02/101-off-limits/ and following some "social justice warriors" via your platform of choice.
I, personally, am still very much in the process of learning about how my own privileges (white, middle-class, male, cis, het) affect me and others, which is why I find article's like Danilo especially useful.
I appreciate your level-headed response, metavida. I think you're taking the right approach in trying to quell hostility (rather than create it) and in providing links to follow up with. I am in full agreement that everyone should have an equal opportunity to do what they love, and I am quick to stand up to oppressors and bullies. I recognize the problem and agree that we need to address it.
That's the main reason why Danilo's actions bothered me so much today. My initial post basically boiled down to, "The article misrepresented Hacker News: it's no worse than other communities with similar demographics. And when bigots make themselves visible, it gives us a chance to change minds." Even I can come around to the idea that those are shitty points.
But we didn't have that discussion. Instead, Danilo used his Twitter privilege (where I have none) to level an attack at me, threatening my livelihood. To me, that seems like a different version of the exact problem he is purporting to solve.
If the "warrior" in "social justice warrior" is literal, then I suppose that tactic makes sense. But I think there's a better way. I read this today:
The biggest crime of fear is getting my mind so wrapped up in itself, I forget that that I’m not the only one who is afraid. We’ve all got things that haunt us.
Did I really deserve what Danilo threw at me today?
> Did I really deserve what Danilo threw at me today?
> Twitter privilege
Goodness. If anything, you got off easy, bub. Even now, oblivious, invoking concepts like "privilege" you clearly don't understand.
You don't get to run your mouth about things you don't understand and then escape accountability. You don't get to excuse a terrible status quo as being acceptable because it serves to educate people at the expense of the marginalized.
You are exactly the problem. Not the bigots. Not the overt sexists. Not the children posing as grownups, too young to know their indecency. The problem is mealy-mouthed folks who mistake differences of power for differences opinion. And who forgive the unacceptable on that basis.
And feel so righteous doing so.
Sorry if that's not the sort of coddling you're used to. But I'm not here for you. I'm not here to make you comfortable and I'm certainly not here to persuade you. I'm here because what you said was wrong and dangerous.
I'm a lot more concerned with the feelings of people who are being driven out of this industry because of exactly the sort of chicanery you're excusing.
Working for you sounds damn crummy. If you don't want that sort of observation leveled in public in the future, I have one suggestion:
read some books
Do the right thing because it's the right thing. Not because someone was nice to you or not on Hacker News.
> threatening my livelihood
And where is the threat to your livelihood, exactly?
If what you said was as acceptable as you claim, you face no danger.
If what you said was problematic, then why did you say it? Publicly? Flying under the banner of "Lead Software Engineer for Everlaw."
And why would you expect a public wrong to pass with impunity?
You're arguing both that you were perfectly reasonable—and that I was unreasonable to call you out for saying something crummy.
I'm female, and I work in this industry. I usually lurk, but this bothered me enough to warrant saying something. Which is this: whatever the merits of the original discussion or dissent, this level of attack is not helpful; I don't want it done on my behalf. What it has served to make me feel is precisely what I think you are trying to avoid: like I can't hold the opinions I do, because women are only allowed to think that HN is a unilaterally awful place. I feel like I have to defend how I could possibly have the chromosomes I do and yet have mixed feelings about this website - or anything else. Trying to help women doesn't make a person automatically right any more than me being a woman makes me automatically right about all questions pertaining to women. But I at least get to have an opinion on my own experience, and some of this conversation has made me feel like that's not the case. In other words, none of us (you included) has the right to feel righteous: we all have something to learn.
I'm here to fight marginalization. That's my fight, too. In quite a big way.
I respect that your approach may be different from my own—as marginalized individuals, we do have common cause.
You can and should view HN however you'd like. But there's a lot to be angry about on the merits. And a lot to be angry about when those problems are excused or dismissed. I can't apologize for that. And I must maintain my original position: I would loathe to work with someone who is this unaware.
Where I do apologize is if my tone carried a righteousness you found alienating, and if my frustrated words denied you the sense of solidarity I would aspire to offer. That's crummy and worth examination.
I'm sorry, Danilo. I did not realize that you personally felt marginalized. That certainly puts my comments, and your reaction to them, in a new light. My sincere apologies.
The story I got from your public persona was that you came up from nothing to be a web programmer who calls the Bay Area home. That story could describe me.
I hope you will forgive me for my incorrect assumptions.
>And where is the threat to your livelihood, exactly?
>If what you said was as acceptable as you claim, you face no danger.
Take anything he says, interpret it in the most uncharitable way possible, and then get him mobbed online. His company cuts off the limb to save the body by firing him. This is a tactical way of shutting somebody up, not a sign of their moral deficiency. Anybody with some numbers behind them can do it. I also got a sorta "I know where you live" vibe from how you repeated back his job to him, so I think you know this.
His words speak for themselves. His profile announced his role and place of work.
So, for me, as a person who's got a couple layers of outsider-ness from the typical tech workforce, I would be extremely uncomfortable working with this person. This is a person who made clear they supported public forums being open for bigots to say what they like.
So they can be educated.
Dang. That's awful. It suggests a terrifying lack of empathy. It's something I would want to know about. And certainly not something I'd want in a colleague.
Freedom to speak is not freedom from accountability.
You know nothing about me except that I criticized your post for being misrepresentative. That's all. You have no idea what I do in my daily life to promote equality, what I do in my workplace to make it more welcoming for all, how important it is to me to "do the right thing." You have no clue, at all.
And yet you're comfortable saying that I'm "exactly the problem", that I'm "desperately" defending Hacker News, that I'm crummy to work with. You don't know me.
When I say that I feel victimized by you, you call me more names, say that I'm running my mouth, that I'm used to being coddled, that you can't possibly have more privilege than me. Sound familiar?
Please try to have a bit of perspective on your own behavior. There are much more effective, humane ways to win the hearts and minds of others and achieve your goals.
> You know nothing about me except that I criticized your post for being misrepresentative. That's all.
I know you made the top comment on my article say you're glad when people say bigoted things so that the folks most impacted by them have to donate time to educating them. 'Bout all I really need.
> There are much more effective, humane ways to win the hearts and minds of others and achieve your goals.
Did you miss the part where I said that wasn't anything close to my goal?
Again: I expect people to demand the right things because they're the right things. Not because people are "nice" or not.
> you call me more names
Citation needed.
> When I say that I feel victimized by you
Whew. The privilege to call being disagreed with "victimization." Incredible. Tech in a nutshell, right here.
> you're glad when people say bigoted things so that the folks most impacted by them have to donate time to educating them.
What I actually said:
> It gives others a chance to provide them with some perspective.
When I said "others" I didn't intend that to mean the victims of their bigotry. I was referring to myself and the many other Hacker News members that disagree with those views. I can certainly see how my comment was unclear on that front, and I regret making such a contentious statement without making my intended message as clear as possible. ("Open views can be criticized and corrected. Subversive hate or discrimination is much harder to address," as I later clarified.)
There's a difference between a disagreement and a personal attack. We both disagreed with each other's messages, certainly. But I did not attack you or your character.
> I see no actionable suggestions for how to solve the problem
Here are a few actionable suggestions from OP's article:
* "[Create] a Code of Conduct for Hacker News." This helps all community members share clear expectations of appropriate & inappropriate behavior.
* "After providing clear guidance for what kinds of comments are acceptable to its values, YC must fund a means of consistent enforcement when content is posted outside those bounds."
* "[YC] must publicly accept its complicity in building and maintaining a business asset with these negative externalities."
* "YC must submit to accountability for improvement."
> "[Create] a Code of Conduct for Hacker News." This helps all community members share clear expectations of appropriate & inappropriate behavior.
Hacker News has a set of guidelines that provide clear expectation of appropriate and inappropriate behavior as it regards submissions, comments, and flagging.
Presumably, the author of this piece isn't just complaining that the "Guidelines" aren't titled "Code of Conduct", and actually prefers different specific expectations than those that are currently specified. But, to make an actual actionable suggestion, concrete changes need to be identified.
> "After providing clear guidance for what kinds of comments are acceptable to its values, YC must fund a means of consistent enforcement when content is posted outside those bounds."
Heavy handed centralized moderation rather than relying primarily on community moderation is an actionable suggestion, but there is no concrete evidence presented that (1) community moderation isn't working, or (2) heavy-handed centralized moderation would work better.
> "[YC] must publicly accept its complicity in building and maintaining a business asset with these negative externalities."
Except for handwaving at vague anecdotes and stating the authors personal opinion, there's no support for the existence of the asserted "negative externalities". But, yes, while it lacks justification for action, this is certainly an actionable suggestion.
> "YC must submit to accountability for improvement."
This is a vague statement, not a specific, actionable suggestion.
That's fair. The first two are pretty good suggestions. I wish he hadn't buried them at the end of an article that was very one-sided (e.g., "Hacker News is a cesspit"). I wish he had made a nice summary like the one you provided.
@_danilo: The sad thing is that I actually agree with your goals and the first two suggestions. I disagree with your tactics. I apologize if my viewpoint sounded like, "There is no problem." That was not my intent. I only intended to offer a counterpoint to what I felt was a misrepresentation of the overall character of Hacker News. I definitely agree with you that there are issues.
But in the process of responding to me, you attacked me. I literally feel like a victim at this point. You took the conversation to Twitter, where I don't even have an account, and aired your grievances about me at my employer.
Please consider your actions in the future. You are not helping your cause when you alienate others and make them feel helpless. You could have tried a little bit harder to convince me instead of attacking me (cf. this post).
Agreed that HN is not facing a unique problem of *ist comments/members. However, as the OP points out, given that the leadership of Y Combinator say that "Sexism in tech is real. ... We—the tech industry as a whole—need to fix this. ... And speaking for YC, it’s also in our best interest."[1] it makes sense that HN should be taking concrete steps to make the community a safe place for diversity. It doesn't really matter whether or not a representative portion of the community is behaving poorly. If a subset of the HN community is making HN inhospitable to the diverse members HN seeks to support, that is the problem that the leadership & the community should be trying to solve.
> Visitors who are XFINITY Internet subscribers can simply select the XFINITY WiFi network “xfinitywifi” on their device and open a Web browser to get started. They will be able to sign in with their XFINITY email or username and password.
So now anyone can create a hotspot named "xfinitywifi" and phish for passwords from folks who doesn't look for an https connection. I hope Comcast does some good training beyond "connect and enter your password."
Somebody should team up with the Better World Shopper folks (http://www.betterworldshopper.org) to make this happen. They do currently have an iOS app, but it's still way more manual work than it sounds like the author of this article is looking for.
The ability to exclude files that I know contain sensitive data would be a very nice step. Even better if you explicitly state that retroactively excluding files will result in a deletion of the file from your servers.