Absolutely nothing. I've had my personal site reach the top a couple of times and its been totally fine each time. My site is static and runs on a $5 Digital Ocean droplet. The traffic barely even made it blink.
I'm the original author for this post, and there are a few things I've realised since writing it (despite the fact that it was only 2 days ago).
The first is as allwein says below: Just because I made an assumption that source control is ubiquitous, it doesn't mean that it actually is, and it probably shouldn't be removed from the list.
The second is with regards to quiet working conditions. I've seen here, and on Reddit, that most people seem to vehemently disagree with me. I didn't imagine that there would be this level of disagreement. The popular opinion is that everyone should have quiet working conditions. My statement was that working conditions are tied to open office vs closed office, and it was a personal preference. So, my question to HN is: Am I wrong in thinking that this is a personal preference and that it benefits everyone to have private offices?
What would the alternative be? Allow anyone to request that an account is deleted? Facebook needs some form of verification due to the password being breached (and its great that they are checking for that sort of thing)
This thread is great. Whenever H-1B threads come up on HN, I prepare for the onslaught of what can only be described as hatred. It's the view of many people on this site that all H-1B holders are "cheaters" of the system, and they don't deserve to get a job in the US. As a former H-1B holder, the threads always made me feel guilty, and feel bad about wanting to work for a well regarded, successful company. It's nice, and refreshing, to see that it's not the view of everyone, and that H-1B holders are equals and deserve the same rights as everyone else.
One of the 1Password ones (https://team-sik.org/sik-2016-040/) about leaking URLs is marked as fixed, however, that's a little misleading. It's fixed if you use their newer vault format, which has limitations, and is not selected by default when you create a new vault. I wrote this about it a while back: https://myers.io/2015/10/22/1password-leaks-your-data/
I'm really curious to know how this compares to the rest of HN. I'd expect this to be somewhere in the middle, varying depending on country. However, am I going way overboard on what I'm willing to pay for, or are there services I should be using, which I'm not?
One of the more concerning matters on this is that the BBC, for some reason, are choosing not to report on this at all. Gone are the days when the BBC were the most trusted and reputable news source. http://www.bbc.com/news/scotland
The author quite rightly points out that most of the English speaking countries would treat people exactly the same way, however I find it a little odd that she wouldn't ever go back to the UK, but makes no mention of visiting these other countries. It seems that her opinion of the UK doesn't quite match up with the statement that they are all the same.
The unfortunate problem with this is that while piping directly into bash can be exploited, it remains as one of the easiest ways to install programs.
Taking RVM for example. Their instructions are to run this: `curl -sSL https://get.rvm.io | bash -s stable`. The script that is executed is 887 lines long. The installation is "complex", requiring a lot of different stages. Now, the solution to this is "Use a package manager". Sure, that works in a lot of cases. However, when you have something like RVM which is used across several major operating systems, and hundreds of different flavours, each with their own quirks and package managers it suddenly gets difficult to manage each of these.
The problem we face is, how can we make it easy to install something, while still being safe and maintainable?
Breaking this down further, there are 2 issues to solve. The first is "How do we ensure what we download is what the maintainer says that we should download?". I.e. How do we make sure there are no malicious injections. That one is simple. Use SSL.
The second issue is, "I want to install this thing but I don't know if I can trust the installer". Are you crazy!? This isn't an issue. If you don't trust the installer, you sure as hell can't trust the product. If you don't trust either of them, then you automatically don't trust the other and shouldn't be installing it.
The result is that, yes, people can maliciously serve up code when you pipe the output of curl through bash without you realising. However, this is no different than blindly trusting and installing a script.
When light interferes with itself it creates a "pattern". When the light beams are out of phase, the interference pattern is different. The gravitational waves basically minutely increase the distance that one of the beams travels and causes it to go out of phase with the other, thus changing the interference pattern.
Convenience is great. It's part of why I use 1Password. There is a limit though to convenience. It's not convenient for me if my data is out there. If you aren't willing to automatically push this to users, at least give the users the option. You can outline the pros and cons of each choice.
Also, it's been 3 years since OPVault first came out. How careful can you be?
That's absolutely not the case. My issue is that AgileBits need to push the new format over the old one. The old one is still the default. Most users, my self included, have no idea that the old format is insecure, or that a new format exists.
The article has very limited technical details to avoid confusing people who don't know what they are doing, but the reality is that if they are reading my blog, or are reading HN then they have the technical details to understand something much more complex than what I wrote.
I clearly state at the bottom of the article that the software still keeps your passwords secure and that I will continue to use 1Password. AgileBits still have my full support, I just want them to inform the users the downsides of using agile keychain, and to use OPVault by default.
No, the problem is that they have a new format but the OLD one is the default. It's incredibly difficult to use OPVault as your keychain format if you aren't on Windows. Even if you are on Windows, you still need to change it every time.
That's the hope with the noise. Agile keychain is old and shouldn't be used. I just want them to use OPVault by default and tell users the risks they take with Agile keychain.