HackerLangs
TopNewTrendsCommentsPastAskShowJobs

lol768

no profile record

Submissions

Ask HN: NordVPN "Threat Protection Pro": intercepting and breaking our web-app?

1 points·by lol768·il y a 3 mois·0 comments

comments

lol768
·il y a 12 jours·discuss
If you have a decent IDE, it'll offer you the ability to swap between the "old" and newer way of doing things when you encounter code written in one of the styles.

I can't say I've had any issues getting code using the new syntax through code review though. C# 14 has been out long enough that the team is familiar with much of it, and the IDE is helpful at reminding you to consider adopting new syntax. That aside though, the collection expression syntax is pretty familiar for anyone who's ever written e.g. JavaScript.
lol768
·il y a 21 jours·discuss
> Because Google has more resources to secure their browser

They've kneecapped ad-blockers, when ad networks are perhaps one of the biggest causes of malware installs/page hijacking/other unwanted behaviour. I'm not sure how you can consider Chrome remotely secure in this light.
lol768
·il y a 2 mois·discuss
Same, my Dad ordered it for me at the time; sits on my desk :-)
lol768
·il y a 2 mois·discuss
Yes; many (Alpine/Debian) containers in K8s on GKE for production rail ticketing infra in the UK.

There's not tons of noise being made because for the most part it all, Just Works and that's fairly boring. Perf, memory usage etc gets better every release. As an ecosystem, I'm pretty happy with it. I reach for other languages for smaller microservices.
lol768
·il y a 2 mois·discuss
> The alternative would be that each school develop their own platform for this

I worked at a university which did exactly this, in the UK.

It was a bespoke platform which integrated incredibly well with the rest of the systems the university used because it was designed from the ground-up to meet the institution's needs, there were regular user groups involving academics to understand what features needed to be built/worked on etc. At one point it was all OSS on GitHub too, in case other universities could've found it useful. It handled plagiarism detection (integrating with Turnitin), marking, exam grids, coursework submissions and feedback, seminar allocations, personalised timetables & mitigating circumstances.

The in-house dev team was vastly cheaper than anything SaaS would've cost, as well. It also maintained software for on-campus parcel deliveries, online exams, opinion surveys, a mobile app for students/staff, the SSO system, the course catalogue, car parking permits, a content management system and more.
lol768
·il y a 3 mois·discuss
They already prevent advertising the sorts of foods that contribute to obesity to children, and encourage you to drink less sugary drinks by applying tax to them (though unfortunately manufacturers have responded to this by reducing choice and adding artificial sweeteners instead of selling something at a higher price that can be enjoyed once every few weeks.

I don't think any of this is unreasonable in a country that picks up the tab through both subsidised dental care and completely free-at-point-of-use healthcare.
lol768
·il y a 3 mois·discuss
> They're great for big business at scale

> They are wonderful for big business

I (sadly) completely disagree with this. There are still so many basic things they don't expose, and it feels like you're fighting an abstraction designed for a start-up that doesn't want to think about the complexities of payments at all. For example, you have to fight a battle to get the card IIN exposed to you. There's no way to see the electronicCommerceIndicator (ECI) for Wallet payments (it clearly has it, since it's shown in the dashboard if you dig deep enough, but it's kept from you). For their Direct Debit integration, they apply limits on the payment amounts you can initiate, but there's no way to actually see the current value of what these limits are. The same Direct Debit integration also doesn't let you customise the payment references used (GoCardless lets you do this to identify e.g. individual invoices on customer bank statements).

Some of the APIs clearly haven't been thought through - e.g. for disputes you can't programmatically retrieve the evidence submitted by the card issuer. Which means you can't build any sort of sensible custom integration for handling disputes. And besides, they don't even support pre-arbitration (which the card issuers know about and take advantage of frequently because they know their decisions outwith the card scheme chargeback guidelines cannot be challenged effectively).

Their Google Wallet integration is worse that Braintree's and doesn't support the web-based flow.

There's not nearly enough visibility when things go wrong, particularly with their 3DS integration (which was failing for Samsung Internet browser users for us, and we had to fight to get looked at - nothing ever got published on the status page despite the fact this significantly affected your chances of securing liability shift) and you have to escalate via an account manager to get any sort of useful support case response.
lol768
·il y a 4 mois·discuss
One of the first things I did when I was involved in the set-up of online support ticket system for a GB rail retailer was https://xkcd.com/806/ compliance. If the support request body contains the phrase "Shibboleet" the ticket will be assigned to an engineer.

Equally it's not hard to teach front-line when to escalate, and ensure L2 and beyond are approachable. Even better if L2/L3 can keep half an eye on tickets that come in for anything that looks particularly interesting.
lol768
·il y a 5 mois·discuss
I'm confused, many of these examples state that they don't work in my browser (Firefox) - but the live demo works fine? Are the demos poly-filled?
lol768
·il y a 6 mois·discuss
I've found it to happen much more frequently than that, unfortunately. Usually it's because the modal is two DOM elements - a backdrop, that fades out the rest of the content and sits on top of it/prevents interaction; and the actual consent modal. Websites then use various mechanisms to prevent scrolling. uBlock is often only removing the actual dialog, so you end up with a page you can't scroll up or down and can't interact with.

If you're going to turn the filters on, it's worth being aware of this because it's far from flawless.
lol768
·il y a 6 mois·discuss
Jeez, what a mess. Some of those issues have over 5000 events on them.

I really hope that didn't send emails out to people.
lol768
·il y a 6 mois·discuss
I don't. YouGov's data suggests 77% of the UK populace has a negative view of the brand. Musk has destroyed its credibility.
lol768
·il y a 6 mois·discuss
This looks very cool, some immediate thoughts though:

- "TiXL is an open source software to create realtime motion graphics" - pedantry, but software is an uncountable noun. You cannot have a software.

- It wasn't immediately clear to me from the homepage that it's Windows-only. Appreciate it appears to behave under WINE, but it'd be good to make clearer.
lol768
·il y a 6 mois·discuss
Barclays have always played silly games with this stuff, they used to fund a whole team whose job it was to waste time on security theatre (this was nearly ten years ago).
lol768
·il y a 6 mois·discuss
Plenty of UK banks that don't require this, and whose apps will also work on a rooted device. Monzo will display a warning that sets out the fact there's an increased risk, and then lets you be an adult and choose to continue to use the app if that's what you want to do.

The best part is that the Current Account Switching Service makes it very easy to make the jump from a legacy bank like HSBC.
lol768
·il y a 8 mois·discuss
I thought this initially too, but there's a comment on https://bugzilla.mozilla.org/show_bug.cgi?id=2001758#c5 that suggests a belief it doesn't affect Firefox at all. So I don't know if the surface for these is particularly obscure such that browsers are insulated?
lol768
·il y a 8 mois·discuss
> This is consistent with photo licensing

On the contrary, I would say this is increasingly unusual nowadays. There are print restrictions on e.g. iStock content, but there's no attempt to "ration" the number of visitors that see a stock photo at a specific price point.

It's something that's generally put me off from licensing paid fonts - despite the work that has gone into them, because you're almost signing a blank cheque and it's not easy to know how many visitors are scraping content for LLMs.
lol768
·il y a 8 mois·discuss
This occasionally causes breakage though; because many cookie notices open up modal dialogs and disable scrolling.
lol768
·il y a 8 mois·discuss
> We are seeing failures for some git http operations and are investigating

It's not just HTTPS, I can't push via SSH either.

I'm not convinced it's just "some" operations either; every single one I've tried fails.
lol768
·il y a 8 mois·discuss
What is the deal with Ubuntu and this version of .NET?

Every since they got rid of the Microsoft packages feed, it's just been a complete mess.

Ubuntu's own documentation states:

> .NET 10 will be available in the Ubuntu archive for Ubuntu 24.04+ and included in main upon its official release

But it isn't available?