Hacker Newsnew | comments | show | ask | jobs | submit | Deestan's comments login

This looks like a rehost page that missed half the content when they copy-pasted the original.

Parts of the content is missing, and plain text saying "click here" without being a link.

-----


Be aware that Hipchat are now rolling out a new "feature" in which the account admin can read all private 1-to-1 chat: http://help.hipchat.com/forums/138883-suggestions-ideas/sugg...

This could be a significant issue for some, both morally and legally.

If you are using / are going to use Hipchat with this enabled, at least make sure you are aware of any legalities you need to conform to because of this. E.g. gather consent from employees.

-----


I don't see where it says it's already a feature. The note itself (not that post) says it might be available in the future but it's not there right now:

Messages and files shared in 1-1 chats are only browsable and searchable in HipChat by the two people involved.

"While admins do not have access to browse or search 1-1 chats through functionality within HipChat, this is an option we may provide in the future for organizations to opt-in to. If made available, it will not be retroactive, and we will be sure to address how affected users can be notified that their chats are subject to viewing by their admins" http://help.hipchat.com/knowledgebase/articles/358098

It does say the organization can email them and ask for that so while technically possible it's not so easy for the admin to snoop.

-----


I mentioned earlier in this thread, privacy was already kind of broken. Given your account was registered with organization email, admin could reset your password and look at your private chats (like when you leave a company). Doing that would perhaps be violation of terms, but I don't think many would care particularly in developing countries where legalities of such things are joke.

-----


if said service is provided by the employer, they own the data/communications and have every right to monitor the service. same goes for work email: employers have access to this. it isn't illegal for them to access these communications done on a work account.

-----


That depends heavily on local laws and you really can't make a blanket statement like that.

-----


And laws be damned, it's often employee moral that takes a hit when employers snoop without consent, and that can be just as costly (if not more so) than a court case in many companies.

-----


largely depends on the industry you work in.

a lot of us work in small dev shops, where we really like our privacy.

a lot of us also work in regulated industries, where if your employer is NOT logging, then your company gets fined by $government or $regulatingbody.

-----


"Promotes", not "guarantees" or "forces".

-----


Trade dominance is soft force, so when that fails or is denied war is inevitable.

-----


If you want to create a maze on paper as a rainy day kind of activity, the process is basically the same but manual:

1. Mark a start point and an end point, and draw the solution using yellow marker. A moderately windy path will do fine. Don't overdo it, or you'll actually make it too easy.

2. Using the same yellow marker, draw branching paths off from the solution path, and make branches off the branches until the maze area is too cramped to draw more.

3. Draw walls with black marker between and around the yellow paths.

4. Amaze your friends.

-----


It makes sense to question the company's structure/policy/organization if it allows destructive behavior to run wild.

-----


> or you trust them to send you JavaScript that does the encryption in the browser

I don't need to give trust in that case, as I could verify the encryption myself.

-----


I doubt that most users of a service are in any position to audit complex crypto code.

-----


That doesn't really matter, because they don't need to. All it takes is one crypto-savvy person taking an interest and finding a fault, then posting about it.

Even if they do actively cheat and provide some obscure not-really crypto to give an impression of security, they need to put in an effort, whereas with serverside encryption they could cheat for free. There is also a constant risk of some techie discovering their lack of security.

Anyway, it doesn't matter if you consider auditable security imperfect. Auditable security is objectively more trustworthy than non-auditable security.

-----


You won't though.

-----


every time you use the app.

-----


It would be able to tell if the move was a mistake if playing against a computer. A move that would be bad against a computer opponent might throw a human opponent off balance through surprise, or take the game into a type of board state which was unfamiliar and disorienting to the opponent.

-----


I suspect that's precisely why the computer can measure it. This is the scenario:

1. Player A makes a move the computer considers suboptimal.

2. Disoriented player B responds with another move the computer considers an important mistake.

3. Player A capitalizes with moves the computer thinks improves his position, even relative to the original baseline.

4. The computer concludes that A is nettlesome.

So it's measuring the delta of what it considers optimal with what actually happens against real humans.

-----


From the James T. Kirk school of chess.

-----


Interesting how it handles cyclic references only if the chrome dev console is not opened.

-----


> MS had a terrible rep for being aggressive and with bad ethics in the 80s and 90s

That's a really important consideration. Hackers have long memories, and a lot of us don't consider "it's just business" to be in any way a relevant defense.

-----


Also, cookies are perfectly fine for saving progress.

-----

More

Applications are open for YC Winter 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: