What's the right way to make sure you've implemented a payment service integration correctly?
Do payment processors provide services (or checklists to go down) to make sure you haven't made any of the common mistakes? Or is the answer a professional pentest? In an ideal world I feel like you'd want two layers of defense in case one team miss something...
The First Amended Complaint linked in the article indicates that Google required a subpoena (paragraphs 112-114) and were unwilling/unable to provide information informally.
> While Bungie’s legal department, management, and executives were attempting to negotiate the byzantine procedural labyrinth Google required before it would address the fraud Minor was committing, let alone identify him to Bungie, Minor was gloating, confessing, and threatening
I'm guessing there was something more going on here...
This seems more like difficulty getting in touch with a human at YouTube in the first place. Once they got that, the practical issues were resolved with YouTube undoing the takedowns, but the PII of the involved accounts needed to go through the legal process.
Just poke around rtings.com and you’ll see the difference. It reminds me a bit of what wirecutter was in it’s pre-nyt days before it became a click generator.
I have done in the past, but I'm not sure what to make of the differences - let's take wireless keyboards as I'm currently thinking about getting one. If we look at Rtings[1], the first one it recommends is the Logitech MX Keys. On the Wirecutter[2], it first recommends the Logitech K380. To be clear, I've only skimmed both reviews right now.
Both go on to recommend the other's first choice as a good alternative pick (the primary difference being whether compact or full-size is better for most people). So that tells me for at least one specific category, they're in agreement.
Does Rtings go into a lot more detail about each keyboard? Absolutely. But that isn't necessarily useful to me--part of the reason I use the Wirecutter is so that I don't end up spending days trying to find the perfect item in a category[3]. I read the review, seeing if there are any caveats for its top pick that matter to me, and make a choice based on that.
So what I don't want to do when buying something that both review is to read through both reviews, because either:
(A) they agree, like on the wireless keyboard, in which case I've wasted a little bit of time, but in the grand scheme of things, it's fine, or
(B) they disagree, because now I'm tempted to go through and weigh each detailed point which is something I'm trying to avoid!
Reporting from a K380. That thing is great. Also they keys are backed by a metal plate, so the whole thing is pretty hefty and stable. Its simple looks are deceiving.
I see where you are coming from. Sometimes I feel the same as you where I just want somebody to give me a recommendation and a few pros and cons. Other times I want to deep dive into the review. I think it boils down to how big of a commitment the purchase is.
Wirecutter is (in my opinion) enough for getting a "good enough" recommendation for a low-budget purchase where there isn't much difference across offerings. I used them when I bought a powerline adapter set to make sure the product worked roughly as advertised.
rtings, on the other hand, offers much more in-depth reviews. I've used them to decide on monitors, TVs, and higher-end headphone purchases so far and their reviews were excellently detailed and accurate.
> Please note that this message was sent to the following e-mail address: [email protected]
Anyone else get this at the footer instead of their email address? I have no knowledge of how mail merges work in practice, but it does seem a bit odd.
I wouldn't say it's delegated necessarily, but we consider a tech lead's goal to be unblocking the rest of the team, and if there's nothing specific to deal with at any point (hah!), dealing with these points is often the most obvious way of unblocking for the future.
Which isn't to say that the rest of the dev team can't do any of these things, but the tech lead is almost always the most experienced dev, and a lot of the DevOps type points aren't concrete ticket items, and a ticket which basically says "Explore [X] to see if it'll help" is (a) potentially too abstract for a very green dev and (b) the tech lead is probably best positioned to judge whether there'll be any meaningful help in practice.
By way of example, I might write a dev ticket along the lines of:
Background/Goal: With a larger userbase, we would like to add a moderator role. Users with this role would be able to hide posts, but not have any other elevated privileges.
Suggested Implementation:
* Add Moderator to the UserRole enum
* Split the post hide/deletion privilege into two separate privileges
* Associate the post hide privilege with Moderator and Admin roles
* Associate the post deletion privilege with only the Admin role
But a "improve the deploy process" ticket would probably look more like:
Background/Goal: Deploys currently take fifteen minutes on average, from start to finish. We would like to cut this down if feasible.
Potential Lines of Inquiry:
* Can we build things in parallel?
* Can we add more CPU/memory to our build environment?
* What would implementing blue/green deploys look like in terms of cost and benefit?
Comparing the two, you can see that the second is a lot more abstract--and maybe this is just me being bad at ticket writing!
Conversely, I'd expect it to be licensed out to a renewable operational contract by a major chain who has the experience and domain skills to run a hotel. If they don't meet Apple standards, they can be dropped at the end of the contract.
Most chains have their own design guides and standards that you must meet (everything from room layout to down to carpet tile choice, millwork for the front desk, etc) that make suddenly dropping into a building not really as easy as you might think.
It makes more sense to contract someone else to run it without their brand, unless they're paying for the opportunity to have their brand there.
I'd have thought they could get a chain to run it, but using custom Apple branding. Similarly, they could probably pay the chain/management company a flat fee/fee based on performance standards, rather than letting them do market pricing.
It won’t be Apple branded. More likely a generic brand, or something that’s linked to Apple without using the name. Like how their campus cafe is Caffé Macs.
(Best hotel name I can come up with is “Energy Saver” in the style of macOS System Preferences. Cute, and comes with a free logo. But I doubt the Apple of today would dare to be so whimsical.)
Wow really? I've never seen a company actually employ canteen staff, it's always been either totally subcontracted (eg Sodexo), or in very rare cases, managed by the company but with agency/contracting staff, definitely not official hires.
I guess it's pretty good for the cafeteria staff then, do they get the same health and bonus/stock perks as other staff?
If the system were relatively reliable, 10 seconds is actually a lot of time. During the day, it's enough time for many people to take cover. During the night, it's enough time to at least get people up and semi-oriented.
The other thing to note is that earthquakes are much shorter than most people think, usually about a minute long. 10 seconds is quite a bit of time compared to that.
I think the point is that 10 seconds of warning really translates to 0-5 seconds of warning given the time it takes to send out the warning (text, radio, emergency broadcast). Then add in time to wake and get oriented.
Unlikely. The Bay Area is an area of "tectonic activity" (as evidenced by Loma Prieta in 1989, and now the the 6.0 from yesterday) - but I"m willing to wager fewer than 1 in a thousand people anchor their fridge to the wall.
Hot water heaters and book cases - Yes. But not fridges. They rarely tip over in earthquakes.
I'm not really afraid of what happens if my fridge tips over, either. I spend very little time in front of the fridge, and never when anything but fully alert. If the room started shaking, I could probably step a little to the left or to the right and be fine. I'm probably more concerned about all the glasses on high shelves, or the knives, etc., in terms of floor hazards after the quake.
The thing which terrifies me is that I'm in a 1971-construction building with a soft story, in a city with a defective police department. My car is parked in that soft story. Assuming the entire building doesn't collapse and kill me, there's nothing above my-standing-height except one projector, which even from projector-height, would be unlikely to kill me. But I'd probably have fallen to my death and been crushed by huge volumes of unreinforced masonry before that.
(Please, please, if there's going to be an earthquake while I'm in the Bay Area, let it happened while I'm in the office, or even better, in a datacenter. The new office is being fully retrofitted right now, so it should be pretty good.)
But there's no way to reliably get information to all people within ten seconds. Even if a text message alert was sent out as soon as the system was triggered, that time, plus the time for even the most phone-ready people to pull out their phone and do the necessary steps to read a message leads to basically no warning at all.
In Japan, all phones (even the iPhone) are setup to emit a loud alarm sound when an earthquake warning is sent, whether your phone is on manner mode or not. The alarm sound is very distinctive and the same for all phones as well as all TV channels.
Right when the guy in that last video said 'sugoi' is about when I said 'oh shit' and crawled under my desk. The amazing thing is that I sat at my desk for about 30 seconds beforehand wondering when this 'rather large' earthquake was going to start to slow down rather than escalate.
After feeling a lot of them, you start to be able to guess their distance and severity based on the P-wave vs S-wave timing of what you feel. It's kind of like counting seconds after seeing lighting until you hear thunder except you have 2 components:
Here's a matrix of the 6 big TV channels. Top left is the national broadcast (of the public broadcaster, NHK), the others are local commercial Tokyo broadcasts. The earthquake was initially not estimated to be big enough to affect Tokyo so Tokyo stations didn't automatically broadcast the initial alert. https://www.youtube.com/watch?v=eOrAwvJLKxo
It says something about Japan that the sound is kind of sweet. In the US, we have the Amber Alert sound specially hand-crafted to make you think the world is ending.
In the US, amber alerts hijack phones and emit an alarm. Had it happen in the middle of a college lecture.. although some phones received it 5 minutes later than others. I'm guessing this functionality could be used for earthquakes.
I've got to say that my experience with Amber Alerts is strongly negative.
For a while they were triggering various alerts (including EBS interruptions on radio and TV), with a frequency that lead me to strongly discount such warnings.
Emergencies should be reserved for circumstances in which the recipient of a message can and should take immediate action. An alert is just that: an advisory. Run these was an item in normal newscasts, or in advisory systems (including if you absolutely must, highway signage). But not distracting people.
The fact that, at least in my recollection, a huge number of Amber Alerts appear to involve immediate family / partner situations (boyfriend/girlfriend, other parent, husband/wife, modulo estrangement). Most seem to resolve reasonably well. And I'm not sure that a full-on aggressive response benefits the situation. Again, that's a recollection and personal perception. But overall, I'm underimpressed by the system.
This seems to have improved somewhat in more recent years.
And yet, at least once, the alert on the phone specifically (rather than a newscast or highway signage) appears to have saved at least one life[0]. Of course, we don't know what would have happened, and it did wake up the whole state, too. But I think the argument in favor is that the probability of success for these searches decreases quickly with time, so there is substantial value in getting word out quickly.
The argument isn't whether the alert alerts, but whether over-usage conditions people to ignore the alert.
If this kind of usage of the alerting system causes people to ignore alerts in the middle of the night, and then an earthquake happens, then the system is counter-effective. Based solely on the situation as laid out in the article, the people deciding on using the system in this case should be strongly reprimanded for squandering trust like that.
If using the system in such cases is actually desirable, a lower tier of alerts that doesn't make more noise than a regular text message should be introduced. It's not like someone sound asleep at 1am is going to go searching for a Suburban just because they were woken up. Indeed, the car was only found by someone going about their regular business in the morning.
Also, the system can't really be said to have saved one life in this case - it probably contributed to reuniting the child with its parent quicker, but there's no evidence suggested in the article that the kid would have died if not for the alerting system.
There's a discussion on reddit at the moment concerning cycling, where one of the interesting assertions of recent research is that overall public health would benefit from no helmet laws and more bike lanes.
That is: adults are less likely to ride bikes if they're required to wear a helmet (as I understand, laws for minors would remain), but the health benefits of increased activity and cycling outweigh the risks of injury.
I'm open to arguments over flawed methodology or other issues, but the point is that sometimes there are apparent safety measures that, when taken, increase risks. Another case in point would be TSA airport security measures, which by encouraging more trips to be made by automobile, have arguably increased overall death risks to travelers (as reported by Bruce Schneier and others). I'm among those who've either foregone or elected to drive on journeys rather than fly, even aware of the risks (and, frankly, if you've got the time, it's often far more interesting and enjoyable).
The US Department of Justice reports 685 successful recoveries, though it doesn't list the number of activations of the Amber Alert system, nor whether or not the recoveries were materially aided by the system.
According to that, there had been 190 activations (fewer than I'd thought), 77 were parental abductions (about 35%), acquaintances 55, strangers, 37. Another 355 alert requests were made but not activated.
The Wikipedia article on the Amber Alert system raises a number of the points I've mentioned above:
"A Scripps Howard study of the 233 AMBER Alerts issued in the United States in 2004 found that most issued alerts did not meet the Department of Justice's criteria. Fully 50% (117 alerts) were categorized by the National Center for Missing & Exploited Children as being "family abductions", very often a parent involved in a custody dispute. There were 48 alerts for children who had not been abducted at all, but were lost, ran away, involved in family misunderstandings (for example, two instances where the child was with grandparents), or as the result of hoaxes. Another 23 alerts were issued in cases where police did not know the name of the allegedly abducted child, often as the result of misunderstandings by witnesses who reported an abduction."
On stranger abductions:
"Seventy of the 233 AMBER Alerts issued in 2004 (30%) were actually children taken by strangers or who were unlawfully travelling with adults other than their legal guardians."
Regarding effectiveness:
"Some outside scholars examining the system in depth disagree with the "official" results.[60][61][62] A team led by University of Nevada criminologist Timothy Griffin looked at hundreds of abduction cases between 2003 and 2006 and found that AMBER Alerts actually played little apparent role in the eventual return of abducted children. Furthermore, AMBER Alerts tended to be 'successful' in relatively mundane abductions, such as when the child was taken by a noncustodial parent or other family member. There was little evidence that AMBER Alerts routinely 'saved lives'"
There are further concerns with AA as "crime prevention theater" (much as the TSA is seen as homeland security theater), of the "crying wolf" effect, over 4 a.m. cell-phone alerts, over use where the Alert criteria aren't met, of distraction effects of highway signage especially during rush hour, and more.
Contrasting AA with a widespread and imminent natural disaster or civil emergency alert:
In the case of an Amber Alert, a very small number of individuals are likely to be in a position to assist at all, let alone actually assist, in a recovery. Risking "alert fatigue" should be a very real concern. I am not opposed to forms of widespread message propagation, but these should be done through nonemergency channels (e.g., a news or other scheduled statement or alert), rather than by distracting drivers, waking sleeping people, or interrupting people engaged in other activities, the vast majority of whom have no bearing on the outcome of the incident.
In the case of an earthquake, tornado warning, tsunami alert, flash flood, landslide, wildfire, or similar event, people over a widespread area have seconds or minutes to act and take measures which will directly and materially benefit them by saving lives, preventing or reducing injury, and reducing harm or damage to property.
To be honest, that exact alert is what made me turn amber alerts off in Android.. I live so far from Charlotte that there is no way it might be relevant..
That system is really poorly implemented in the US. I've received alerts for things happening in different states and haven't received alerts for things I know are happening in the county.
I would expect if they used it for earthquakes as it is I would get the alert on the East Coast and someone in California wouldn't.
It's actually not a japanese-specific setup. I got a japanese earthquake alert on my french Nexus 4. (and it was, fortunately, a false alarm; rare event, but that happens)
> But there's no way to reliably get information to all people within ten seconds.
This is HN, right? Come on folks. If I can send packs transcontinental and back in 100ms, then you can get a message out to the people of CA in under 10s. This is not a moon shot project. Our entire telecomm infrastructure operates in ms increments, not 10s increments.
Now, if only the SF startups could work on something useful like this, rather than yet another cat video app. You could even show ads for home repair companies and insurance adjusters during the warning/quake.
In tornado country, there are loud outdoor sirens that go off when a tornado is sighted. The sirens are audible to anyone indoors or out, and they are tested at a given time once a month.
Amber Alerts are pushed to my phone and I do not have to do anything to see them or know they are there. They sound an alarm tone and change the display. I also receive tornado warnings this way.
As far as the NY attorney database shows, there is only one licensed attorney with that name, and he works for a bank, and so likely does not deal with IP law. Plus, the fact that a home address is used on the letterhead suggest that he may have written it as a favor to a friend.
Although admittedly, an attorney practicing in a area that isn't his area of expertise is not much better (and maybe worse).
Interestingly, most of the letter seems to have been taken from [1] and [2]. Yes, it's copyright infringement. No, most lawyers don't care if copyright of their legal documents have been infringed.
EDIT: Actually, it appears that my university access may be providing the link. However, cing's link, though slightly different presumably due to being pre-journal formatting, is the same paper.
Do payment processors provide services (or checklists to go down) to make sure you haven't made any of the common mistakes? Or is the answer a professional pentest? In an ideal world I feel like you'd want two layers of defense in case one team miss something...