Hacker Newsnew | comments | show | ask | jobs | submit | danielrhodes's comments login

Usually TXT is used to prevent spoofing (SPF etc.). If you can't rely on DNS to be giving you non-spoofed information, going to the wrong app is the least of your worries at that point.

-----


Wide usage of DNSSEC is needed to trust DNS records. DNSSEC would also fully allow PGP keys to be stored in DNS...

See STEED...

http://g10code.com/docs/steed-usable-e2ee.pdf

But, yes! DNS is the correct and appropriate location for items like the OP posted... built-in widely used distributed 'trust'.

-----


On the contrary: you have to assume DNS is always compromised on the client (because it easily is). SPF records depend not on client DNS but on server DNS, so you have control over the lookups. That's a completely different ball-game.

-----


Well, you can't rely on that. In fact, DNS is one of the most trivial protocols to spoof since it mostly runs on UDP.

-----


In theory, and on a lan, yes, UDP is trivial to spoof.

However spoofing UDP packet source IP address is very hard on the open internet due to egress filtering.

-----


Right. The problem that has arisen is creating that mapping between those HTTP urls and the app URL, especially since only the app developer knows that URL and how it is interpreted inside the app, is almost non-existent. What has resulted is a shadow set of URLs which only work if the app is installed (which you can't tell from the web). All the great network effects you get from hyperlinks on the web don't get passed over to the mobile ecosystem because of these properties (hidden URL structure, inconsistent with the web, etc.).

When YouTube came pre-installed on iOS in the first few versions, when you clicked on an (HTTP) link to YouTube it would open the app. It was a great experience because the YouTube app had a nicer experience than the web. It would be great to be able to do this for more apps, if those apps wanted it.

-----


Yeah I've seen things like this before. The problem is that any app could register to listen to those addresses, and that opens up an avenue for mis-leading the user. I'm sure Google would not like it if the Bing app started trying to become the handler for google.com URLs. Likewise on iOS anybody can submit an app which listens to the fb:// URL. Overall it seems unsafe.

-----


> I've seen things like this before

It's actually pretty common in Android. Methinks you're an iOS user :)

> any app could register to listen to those addresses

This is core to the Android IPC design. Apps/Activities describe what they can handle (Intents, actions, filters), and I think it works pretty well. Android will ask you if you want the given app to be the default or not, and you can always un-set the default. Also, if you have a new app that can handle the given link, the next time you try to launch that link you'll be prompted to see if you want to use the new app, and your previous selected default will be highlighted as a reminder.

Also, I'm generally a believer that if an app is registering for an Intent action filter that it does not handle well/shouldn't handle at all, then users will give it a lot of bad review feedback, and apps will trend towards doing the right thing.

-----


> The problem is that any app could register to listen to those addresses

That's a feature, not a problem, and it's the kind of flexibility I expect from Android.

Take the domain reddit.com, for example. There are several Reddit apps, two or three of which are very popular. If the app to open was controlled by the owners of reddit.com, how would my favourite third-party app be able to register to handle those links?

-----


Android already handles this. You get a popup box listing all of the apps that can handle a particular URL. You can choose whether to use that app just this time or to set it as default and not ask again. Defaults can be cleared in the system settings.

This really is a solved problem on Android.

-----


@apple and @google could start domain registrar service for the "AppWeb"

-----


There seems to be a widespread bias in thinking the mean/uncaring/strong individual dominates over the weak. Thus people are more likely to believe these types of stories or at least let it shape their idea of somebody.

Personally I think in any situation where a company strategically outmaneuvers another company it is going to come off somewhat as mean (e.g. Microsoft in the 90s protecting their turf). The idea that a company/person succeeds because they are mean, however, is far too simplistic.

-----


Compared to Hipchat, Slack has handled this compliance issue much better. I am personally uncomfortable with the idea of managers seeing employees communications, and Hipchat didn't put any consideration into this when they released that feature. Slack on the other hand seems quite aware of this issue and done things which make me much more comfortable, at least short-term. It goes to show what careful and empathetic product thinking can do to enhance your customer's experience.

-----


It is absolutely ridiculous to be uncomfortable with managers seeing employee communications. First off, any time you log in to a machine at most corporations you're told that ALL network activities are monitored. It's not a joke. They are monitored. Every packet you send out and every packet you receive CAN BE RETRIEVED. This isn't new. I'm 30 and have seen this since I was in high school. I'm sure older folk have seen it for even longer.

Next off, you are owed NO privacy on services that your company is paying for for interoffice communication. You never have been. The fact that people bitched and moaned over Hipchat allowing history to be viewed is just ignorant and stupid.

You know why managers have the ability to view these things? Harassment. Sexual, physical, altercations, etc. If your company has more than 5 people these things WILL come up and the INABILITY to retrieve this data is BAD.

We have ALWAYS been able to retrieve this data via XMPP (Openfire), MSOffice Communicator/Lync, etc.

This is NOT some mind blowing new development.

-----


This kind of monitoring may be normal in BigCorps but it's definitely not part of startup culture.

I'm also irritated by the mindset that considers this kind of institutionalized snooping a good thing ("INABILITY to retrieve this data is BAD").

-----


I've been a network administrator and had control of everything.

That did NOT mean that I was actively viewing everything and sitting in a tower somewhere cackling at all of the deep dirty news I had. I had to pull data a handful of times during lawsuits or sexual harassment complaints.

You should not be delving into deep personal/sexual conversations on any work tool without having in the back of your mind that it may come up at some point, whether you're at a startup or not. I'm on my 3rd startup and while I know nobody has been monitoring (because I pay for the tools) I still keep the tools somewhat professional. To the point that I couldn't care less if someone looked into my conversations. If we're going to bitch about that, then the fact that my data is on some unknown server at Hipchat is FAR more worrisome to me than my COO looking at my conversations.

You SHOULD trust your employees and if you don't trust one replace them. You should also TRUST your management to not spy on you. But you should also assume that they have the ability, if not, you're daft.

-----


this kind of monitoring is often required by law. when the shit hits the fan, it is bad to not be able to get all the data on _company_ channels. But, if you want to own your communication, use _your_ cell phone.

-----


I know what you describe is how it has been at some companies, but that is not how I think it ought to be. While I am at work, it is my opinion that I am not only owed privacy, I think it should be the default expectation (except for exceptional legal circumstances, of course). I would be hesitant to work at any place which does not share my values regarding these types of things, simply because it demonstrates a lack of trust and lack of autonomy within the organization.

Also legally speaking, a company is not allowed to listen in on/record phone calls I make on a company phone and I doubt they are allowed to open snail mail addressed to me. Thus my expectations of privacy is not something inconsistent with the status quo.

-----


Your last point is completely untrue. I've programmed Asterisk systems for large call centers that specifically had supervisor modes where the supervisor could monitor calls to make sure employees were keeping customer service up to par. If this had been illegal the state Workforce Commission would have had a field day each time an unfair termination case came up.

I'm going to assume that's purely state based, but it definitely is legal in some jurisdictions. I'd imagine moreso than not.

I agree that I don't want to work somewhere where you're monitored. I think we'll all agree to that.

But I've actually saved someones skin before by providing logs when a sexual harassment lawsuit came up and an employee was fired unjustly (manager fired them, but his advances were blatant in the logs).

It protects the employee if you use the communications properly.

-----


Wiretap laws vary state-by-state, but most require at least one party to consent to a wiretap. Some require both parties to consent, which means turning on call recording is a felony in some states, unless both parties are aware. (Which is probably why every call center starts with "This call may be recorded...").

-----


You consented in your employment contract.

-----


You could say they just learnt from the Hipchat announcement and remebered to address the issue head-on which makes it seem like they really care. But in the end the problem is exactly the same and your company will now have access to whatever you write including private chats. Personally that means I'll ensure to avoid private chat on Slack and use external tools again on top of everything I already use which is clearly annoying.

-----


What is the difference between the situations? All I remember of HipChat's change was the same thing: conversations would only be logged moving forward after a particular date (rather than a switch being flipped).

-----


It was my understanding that HipChat would make private logs easily available to any administrator of the company account in the same way that public chat logs were available. It was also made clear that this was not something which could be disabled, otherwise impeded, or a user would be notified of. (somebody correct me on this if things are different)

On Slack, from what they describe, the feature is only available with a certain type of account, you can only export logs in bulk (i.e. it's not something easy to do, it has been made for a specific purpose), and employees will be notified if the feature is enabled/used.

-----


I recall reading an article a few years ago where an entrepreneur was sued by the Spanish government after his company went under. Spain is, as is the rest of Europe, quite hostile to entrepreneurship. It seems like Spain is trying to attract people from outside rather than deal with the problems inside. If they could make it super easy to start a company, relax red tape for businesses under a certain size, and encourage Spaniards to start companies (not just in tech) and soften the blow of failure, I think only then is it time to start inviting in foreigners.

-----


If you would like to register a business in the UK, go here: https://www.gov.uk/register-a-company-online

It says it takes 48 hours and costs £15. You must be at least 16, and you'll need an address -- it could be a rented post box so long as it's a full address.

As far as I can see, you don't need to be resident in the UK.

-----


Indeed but bear in mind you are then obliged to submit annual tax returns for the company for which an accountant would charge you £300+

-----


> as is the rest of Europe

This, as everything, wildly varies among European countries. There's plenty European countries where it's easier to start a business than in many a US state. There's also plenty where you don't even want to think about it (Serbia, anyone?). Don't forget that Europe has about as many countries as the US has states.

-----


Absolutely and that was a generalization.

-----


The whole article is a straw man.

Yes, if things further down your stack are not capable of handling the load in decent time your queue is going to overflow (assuming a fixed capacity). No, it does not make your entire stack faster -- it just defers processing in a way you can manage and tame it. What can become faster is things like front-end requests, which are no longer held up by blocking operations or a starved CPU. Either way, it buys you some time to actually re-engineer your stack to work faster and at greater scale.

-----


1. That's not what 'straw man' means.

2. The author isn't arguing anything opposed to what you're saying; yes, it can speed up front-end requests by deferring work, but if you build an image uploading system that can't handle 10,000 image post-processing tasks per minute, then deferring image post-processing into a queue won't solve your bottleneck.

The author isn't talking about individual components of a system, he's talking about the entire system as a whole. Even when you're using it to speed up your front-end, you still need the capacity to do the post-processing on the backend.

-----


This kind of black and white thinking is just going to cause you to lose your girlfriend. If there's a happy medium, take it.

-----


Your comment is totally reasonable and I'm certainly not suggesting dropping someone the first time compromise is required.

But I don't see why there needs to be so much emphasis on couples staying together. The OP doesn't say, and it is certainly possible that I am making incorrect assumptions, but it sounds like they are young and don't have children together. (no one over 30 would say "gf", right??)

So who cares? If they are meant to be, the work/life balance won't be a big issue. If they are incompatible, better to find out now, before they are older and DO have kids.

I want to add that the readers of this site probably put way more time into work (and work-related activities) than the typical person. If your significant other expects work to be 9-5, you should probably disappoint them sooner rather than later.

-----


Any piece of hardware which is replaced by software is a win for consumers.

In this case, maybe the carrier is gated by Apple. However that's a big step beyond a carrier locked phone at the hardware level like it used to be.

-----


> Any piece of hardware which is replaced by software is a win for consumers.

Replacing physical books and optical media with online DRM was a huge loss for consumers. Being able to remotely revoke the right to use something you bought is incredibly onerous.

> However that's a big step beyond a carrier locked phone at the hardware level like it used to be

"like it used to be"? Unlocked phones have always been easily available.

-----


Whether it's a loss or win is dependent on the consumer's preferences, not your opinion. Consumer votes so far say that you're wrong, very wrong in fact. Consumers on average are having no problems with Amazon DRM.

It's a huge win for me. I will trade the DRM from Amazon in exchange for the hyper convenience, built-in lighting, and numerous other features of a kindle reader that holds hundreds of books, so that when I fly I don't have to lug around physical books. Not to mention I can only carry a few books with me when I travel, whereas with the kindle I can carry practically unlimited. Last but not least, kindle books are cheaper and should always be.

Consumers are overwhelmingly agreeing with me, the kindle is vastly superior to traditional books. They agree so emphatically, within another decade it's likely that over 3/4 of all book sales will be digital. Consumers didn't have to be dragged into that world, they went willingly: they chose the kindle + Amazon while traditional books were still very widely available and easy to purchase.

-----


That's because the average consumer is generally unaware or apathetic of all the negative aspects of DRM - until it inconveniences them massively - and it's to the advantage of the companies that they be kept unaware. The convenience aspect is appealing but you can have even more convenience without DRM. I don't have to "lug around physical books either"; I have a few hundred DRM-free PDFs on my laptop which runs a free and open-source operating system, and I can read or copy between devices or do whatever else I want with those files, whenever I want.

Let's not forget what could happen if we let these companies and their DRM schemes take over completely: https://www.gnu.org/philosophy/right-to-read.html

-----


...until Amazon decides that it doesn't like the publisher of the book you're reading.

http://www.nytimes.com/2009/07/18/technology/companies/18ama...

-----


Stress can really drive people to make bad decisions.

He should step back, take a breath of fresh air, and then get back to work.

-----

More

Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: