Bungie, another tech company, has been making this exact request of its community for years now, and their community has for years now found every excuse under the sun to ignore it. Bungie asks “tell us what’s broken, tell us what feels wrong”, and their community responds instead “recurring feature request X, cynical dismissal of intentions”, and then complains that bugs aren’t getting fixed in Bungie’s products. This self-fulfilling prophecy of refusal, complaint, and outrage repeats on an annual cycle, and yet these users continue to ignore pleas for useful feedback.
As of when I posted this comment, most of HN’s discussion of this post is a stellar example of this Internet forum social behavior. Safari asks “tell us what’s buggy and broken, not about recurring feature requests”, and this community is responding with “recurring feature request X, cynical dismissal of intentions”. There are three or four actual real bug reports in this discussion, but they’re drowned out by the non-curious ‘feature’ and ‘cynical’ repetition.
I’m kind of disappointed that they got a hundred plus viable bug reports on Twitter, but only a couple from HN. Given how much so many of us sneer at Twitter, it’s upsetting to see Twitter dramatically outshine us technically. We’re Hacker News, this ought to be a piece of cake.
For example: I wish that Elon Musk wasn’t prideful and troll-y online (these are feature requests that his personality team has refused us), but if he asked me to name a bug in Tesla’s cars that he isn’t aware of, I’d point out that Tesla cars allow you to drive at unsafe speeds when the fog lights are turned on, which is wasting untold megawatts of Supercharger time per year because drivers either don’t know that fog lights aren’t effective above a certain speed and because there’s no chime or automatic-off setting to prevent energy waste. Yes, Elon’s a jerk, and yes, I have feature requests and cynicism about that — but I’d leap for the opportunity to even have a chance at posting one paragraph that cuts all Teslas’ watts per mile by any amount at all. I wish others here found that as rewarding as I do.
I find it ironic that you criticise feature request feedback for big report requests and then your Tesla example "bug report" is arguably an enhancement request, not a bug.
Maybe the real lesson here is that the line between bug and enhancement is sometimes fuzzy and subjective.
If Tesla said “working as designed”, then that would definitively confirm that it’s not a bug. Apple has said “working as designed, not a bug” about the most common feature requests (such as “uBlock support” and all the underlying capabilities to deliver that), leaving no uncertainty about them. So I do appreciate your point in the generic “any” case, certainly, but that uncertainty can easily be voided in specific cases — yet we’re ignoring that when it occurs. (I assume this is because framing feature requests as bugs is a common persuasion tactic, as any software maintainer would confirm, but I don’t have any certainty on that view yet.)
Bungie does that out of organizational incompetence. You should not have to rely on "community" to tell you your bugs. That's what QA testing is for. From my friends whom work in QA testing it is completely the fault of the game company for bugs and bad changes. They're almost always reported upfront before the game or patch is live. Guess what? Money is more important than a good product.
Have you filed this bug or reported it to the requested Twitter thread? If anything else, a link to your HN comment posted to them would be enough — and then they’d realize there’s bugs here to find.
In the Safari menu, there may be a Feedback option that lets you report the broken site issue to them directly, without having to use Twitter. I’m not sure if it’s a developer thing or not, but if it’s not there, I imagine it’s present in the latest tech preview build.
Doing that form. I figured out that my Mac doesn't have the latest OS. I'm running on 11.3.1 I thought it was supposed to "update" itself. I don't see any new OS updates on the App Store or whatever it's called. I think it's BS the updates just take up more memory space on the computer AND make the computer run slower.
Our computers immediately depreciate like cars. I was able to make my older Mac Laptop from 2012 last 9 years and I am running on version 10. Now it's dying again. A clean install might fix it. I also had some upgrades to the hardware and fixes.
Making your car and computer run as long as possible saves a lot of money. Buying the newest stuff is wow expensive.
I just tried it in my Safari and it seems to give you an "Invalid Date" which it doesn't in Chrome.
Not sure if it's a bug, maybe a design choice. Anyway, in my case I received dates from a backend and was supposed to visualize a chart with them and some supplementary data, so I had to parse them and at some point we learned that the chart was broken for users in Safari because they'd get "Invalid Date" after parsing.
Dates are weird in JS/browsers so I wouldn't be at all surprised if some browser was strictly adhering to a standard, and the other browser... also strictly adhering to a standard, but a different one. Or both being lax. Or one of them being lax. Or...
Would a plasma cutter be able to permanently destroy the engines in each truck rapidly beyond repairability, so that they’re “disarmed” and can be relocated safely without malicious driver interference? I assume these are going to be taken out by demolition crane anyways, and it would provide a simple and immediate on-site tool to turn them into worthless scrap metal.
Not out of spite, but to protect the workers as they remove the trucks, which the article cited as a specific concern. It will have obvious ramifications in decreased value of the truck, but that’s an expected side effect of deploying it as a paramilitary blockade in a large city anyways.
Maybe I missed something, but the way I read it is that the danger is from the drivers and other protestors, not the trucks themselves. Disabling the engines would make it more difficult to move the trucks, not less.
My statement wasn’t in support or opposition to these actions. I’m very carefully not taking a position on this site, on this issue or many others.
What I am saying is that it seems like a large proportion of the Canadian public already support this. Probably not a majority, but still a lot of people. The government can’t just start applying extreme measures without at least considering the reaction of its citizens.
Punitive actions like unnecessarily destroying these people’s livelihoods will not only further radicalize those involved but also sway public opinion toward them.
No it wouldn't work. You'd have trucks with no engines and the brakes still locked. With that many trucks, your "worthless scrap metal" would be millions of dollars in damages.
Have you considered that in the US and in Canada, approximately 80% of all goods are transported by heavy trucks? With the supply chain crippled and broken in so many ways already, these people are simply standing up for their right to CHOOSE if they want to vaccinated or not. They don't want to cripple the economy. They aren't anti-vax; they are anti-mandate. They can stay home, unvaccinated, and lose their homes, trucks, and jobs, further shutting down the supply chain. Or they can stand for freedom, and limit government overreach. And go to work delivering food, medical supplies, building materials, fuel, and other products.
Yeah, and that's a reason to swing swastika flags... Maybe a lot of them are -- rightfully! -- frustrated by the working conditions, that doesn't mean it's all right to side with populists and fascists.
There’s many debit card “send to friend” apps that fill this space, including Apple Cash and Square Cash and etc. but your most likely compatibility app is Venmo. I’ve had zero issues with any of the Cash apps I’ve used to date, though.
Tor provides anonymity without accountability; having some doors closed to all Tor users is the price paid for that anonymity. If that price isn’t acceptable, either modify Tor to allow more granular accountability in some privacy-protecting way, or don’t use Tor when accessing services that are closed to it.
I can use more or less all other websites with Tor fine, though. It's only Stack Overflow that insists on this nonsense. On most other sites, including this one, I can even make an account and post.
Is their site really so sensitive as to make reading with Tor impossible?
In my experience, this has gotten better. That was CloudFlare, and they've stopped now. I can't think of a single site that requires CAPTCHAs for Tor users other than archive.is, actually.
archive.is requires captchas for iCloud Relay users as well as blocking Cloudflare DNS users, so I wouldn’t consider them to be a Tor-specific example.
Is this actually true? I've often used Tor to access Google Docs and Google Maps and to my knowledge have never had a problem. In fact, I'm not even presented with Captchas.
YMMV. Google Search might as well be blocked completely, I guess they don't want to deal with all the SEO-targeting search queries that would otherwise come from Tor.
> Is their site really so sensitive as to make reading with Tor impossible?
Very much so, strange if people here don't understand that, even at the best of times APT's could be discovered down the track by their SO queries, now compare today, with heightened tensions and certain nuclear armed superpowers talking about going to war with each other.
How is this even slightly surprising? SO is vital shit, if you don't agree feel free to null route the site the next time you have a major incident at work :)
Are you actually suggesting that SO/SE are blocking Tor because they intend to track all of their users by their IP addresses (or browser metadata), using national security as a justification?
I still do not understand how blocking Tor helps here. People who are concerned about their security will either use mirror sites, or use data dumps such as what is available at archive.org, or simply not use the SO/SE content at all. The number of users who will abandon Tor and the protection it provides for the express purpose of visiting SO/SE is negligible.
This move will not increase the number of persons who see SO/SE adverts or who are trackable by SO/SE. It will also not decrease the number of persons who will be able to access SO/SE content. So I continue to be mystified about the rationale behind this policy change.
If by 'accountability' you mean the ability for site ops to unilaterally de-anonymise Tor users, then no; Tor users will never agree to that.
If SE executives are really concerned about spam and vandalism by anonymous actors, then SE could Tor users to post assets in escrow (e.g. Monero) before posting. Similarly, if SE executives are concerned about denial-of-service attacks, then SE could rate-limit the sites that are causing the attacks; Tor is not efficient for that kind of attack anyway. There is no sound argument that blocking Tor entirely would further the interests of SE users.
This is the act of a monopolist in secular decline.
Tor is used for shady practices, just like proxies of old. SE has a lot of measures in place already to prevent shady practices. If 90% of traffic from Tor exit nodes is shady, why shouldn't they block Tor entirely?
If you access any website through Tor (or proxies) you're already more suspicious than the average user. If enough people cause trouble through Tor exit node IPs, it's only natural they get blocked.
Actually, there is no evidence that Tor is any shadier than the rest of the Internet, especially given that most attacks and vandalism originate from botnets and other compromised systems, not Tor.
Great resource, a surprisingly clear and detailed introduction to the various attacks faced by websites!
The relevant part:
> "we concluded that approximately 1 in 380 http requests coming out of Tor is verified to be malicious, while only 1 in 11,500 http requests coming out of a non-Tor ip were verified to be malicious. In essence, an http request from a Tor ip is 30 times more likely to be a malicious attack than one that comes from a non-Tor ip."
Pure propaganda. I used to work at a top five web site, Tor never caused us any problems, our problems were 1) hacked university accounts from eastern Europe 2) China 3) Russia 4) super-fans trying to download every video and picture of their favorite porn star at once.
We occasionally had people upload child porn, they did it over the public internet and not tor, our lead counsel was a former US district attorney, his hobby was doxing the uploaders and providing all the evidence and information to the authorities in a "ready to prosecute" package. I forget the exact number but I think he got almost a dozen people prosecuted and jailed.
I think it’s more like Tor traffic is 99.9999% less profitable.
“Legit” Users likely block ads, are unlikely to enter their credit card numbers because of MITM shenanigans and it’s one of the few browsers that takes non-fingerprintability of its users seriously.
If by 'accountability' you mean the ability for site ops to unilaterally de-anonymise Tor users, then no; Tor users will never agree to that.
If SE executives are really concerned about spam and vandalism by anonymous actors, then SE could Tor users to post assets in escrow (e.g. Monero) before posting. Similarly, if SE executives are concerned about denial-of-service attacks, then SE could rate-limit the sites that are causing the attacks; Tor is not efficient for that kind of attack anyway. There is no sound argument that blocking Tor entirely would further the interests of SE users.
A site looking to grow its influence would be more concerned with attracting new users than repelling them. This is the act of a monopolist in secular decline.
Come up with a way for siteops to block someone and all their sockpuppet accounts, without knowing the underlying identity, and you’ll become a billionaire.
Without that, the only option we have today is deanonymization, which is a terrible option. We ought to do better.
It's really just a matter of balancing the difficulty of creating a new "identity", so that legitimate users can occasionally use multiple identities to partition their traffic and make it harder to get doxxed, but are still deterred from creating identities cheaply to engage in sybil attacks or escape blocks. There are various ways of committing real-world resources to an identity to deter such abuse. Actual meatspace identity is of course one way of doing this, but there are probably others.
What you are assuming is possible is a logical contradiction. To be able to recognise two persons as being the same is in fact the definition of de-anonymisation. Please check your math.
I'm not restricting my considerations to "the technology that is implemented and available to Tor users today", given that what's available neither meets the needs of sites, nor the needs of users. If you think that the idea is inappropriate, please state so and make your case for why you believe in your viewpoint. If you think that the idea is impossible, please note why you believe that — and then consider the idea as if it were possible.
This is not the spam or vandalism counter-measure, those work differently and only block posting to the sites. And you can avoid them if you establish a reputable account, they won't affect you anymore then.
Reputation is a feature of identity. Tor users are, by definition and intent, unidentifiable. Opting out of identification naturally opts one out of reputation, as is the case in reality as well — for example, Anonymous using Guy Fawkes masks to prevent reputation from being associated with their citizenship identity.
I don’t understand why Tor users would be interested in reputation at all, given the implicit identification it requires.
I could understand Stack Overflow blocking access to register/signup for Tor users to avoid abuse, as sometimes spammers use Tor, so that kind of makes sense.
But not allowing Tor users to not even read the website? What's the justification for that? You couldn't even perform DDOS over Tor as the network speed is too slow, so Tor activity can't even be a blimp in terms of usage activity for logged out users, so what's the deal here?
It might be interesting to have some sort of cryptographic identity that costs money to generate, and then gets associated with tor in some anonymity-safe way. But the identity would would need to somehow remain unidentifiable, so maybe that's not an identity after all. Tor has enough trouble with maintaining anonymity as is, with the lack of trust in the various routers because government runs many nodes in an attempt to identify tor users.
Of course there is. It depends on who might know you're on a certain website for example. My wife vs my best bud for example. One would hold me a lot more to account for some websites for example whereas my buddy couldn't care less.
