Hacker News new | past | comments | ask | show | jobs | submit login

Again, this is poor reporting. It's newsworthy that Google+ found and disclosed a vulnerability in its own code, but there is no norm for reporting internally-discovered vulnerabilities and few companies reliably do it, especially in SAAS platforms where there's no end-user patching activity that needs to be motivated.

There's a colorable argument that you don't even want this to be a norm, because of the incentive problems it creates:


Regardless: bear in mind that you haven't even heard about a fraction of the horrible vulnerabilities internal teams at tech companies have discovered over the years.

As someone in the heart of trying to help people get off G+, what's particularly newsworthy is that after two full months (and two days) of radio silence on the Google+ sunset, the first substantive comment from Google is ... that the sunset has been advanced by four months.

We'd be recommending people be starting their migrations by Feb - May, and now they've got to complete them by April. That's something of a PITA.


There are 7.9 million Google+ Communities. Sure, 3.9 million of those are 1 (or fewer) users, but that leaves tens of thousands of 1,000 or more members. Even at only a few percent of those as active, that's a lot of communities and people involved. And Google+ has no effective community migration process.

Source on communities: I counted them myself, well, via sampling: https://old.reddit.com/r/plexodus/comments/9zx67d/google_com...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact