Hacker News new | past | comments | ask | show | jobs | submit | w0m's comments login

I feel called out.

agree with you on all fronts there aside from lazygit; I see it as a different tool that makes it a bit easier to inspect change trees with less typing.

I can do it on straight git-cli; but 100 characters typed vs 5 makes my fingers ache thinking. Same reason I have fugutive/diffview installed in nvim.


> publicize hitherto-unknown (or barely-known) shenanigans

It's disclosed on a banner across the top of literally every cnn-uncensored page that's being 'outed' here. He could have saved the entire research/dig by simply screenshotting the top of any of the pages. That wouldn't have the same energy or 'Ahah!' though.


the disclaimer is at the top of every page, and OP here is pretending his sleuthing anything other than an (idealogically/politically motivated?) disingenuous hit piece.

"look at the HTML it catches the lie!" - meanwhile, the 'lie' also exposed in clear text in a banner across the top of page. 1337 h4xing indeed.


Also make sure you take those same youtubers as what they are; raw, independent, and with less accountability than larger platforms insofaras accuracy of content. That isn't to say a smaller creators/channels are bad or not worth while, but being aware of context as you consume is important. We've unfortunately stopped caring about accuracy or accountability in many instances.

honestly the base concept of 'mainstream media' is simply dumb. It's just a convenient way to group 'the other guy' up with conveniently ignoring 'not mainstream' media doing the same or worse.

"they control the media you can't believe anything they say!" being spewed on the platform with by-far the largest market share/reach.


Yea... I think I'm failing to understand the Gotcha here. If you go to underscored main page; It's disclosed in a banner across the top of every underscored page.

I agree them functionally selling ad-space is annoying; but it's also exposed in clear text as such at the top of every underscored page and article.

Giant nothingburger.


I disagree that this is a nothingburger. I would say it's more like the side of fries you get with your nothingburger.

It's an expose showing how deep the rabbit hole goes on this one topic, a reminder that people with money are using their money to make more money by taking control of the internet, to keep all eyes on them, to lie, cheat, manipulate, and inveigle their way into your eyeballs by any means necessary, and that they will continue to do so as long as there is a penny to be made by it.

It shows that Google is implicitly permitting this system of deception, that there is a financial conglomerate that is eviscerating the corpse of a once-proud financial giant like FORBES in order to wear its skin and work its mouth like a Muppet advertising face creams and cockroach repellents.

If you're not viscerally affected by this inhuman grotesquery, you are made of sterner stuff than I. It's appalling and a powerful metaphorical reminder of our individual insignificance against the power of money, how nothing is sacred, and nothing is safe and sane on the internet.


Your statement is that that ad space is 'viscerally inhuman grotesquery'. Like... Where have you lived for the last 100 years?

I do agree Google should punish clear paid advertising in ranking though; that is a clear problem. Maybe because of this article, but the sample queries from the article now show the underscored links on page 5, so it seems 'fixed' now at least.


I didn't say ad space is 'viscerally inhuman grotesquery", I said that flaying a company and wearing its skin like a suit is.

I dislike ads, sure, most people do at some level, but the idea that Forbes sold out just so people would view more ads is a modern day retelling of the plot of some weird 1980's movie of the week villain right before the heroes step in and save the town with the power of friendship and a giant vat of chemicals.


It's legit. Fully Remote can be seriously isolating/depressing.

Hybrid is probably the ideal; but even so I live 15m from the office and when I go in it's empty 90% of the time anyway. I don't know if I'd take a 45m commute until the kids can get themselves home from school (daily pickup/dropoff) - but I do miss 2h beer lunches on a Tuesday after closing a ticket to blow off stress.


yeouch. sorry man. I've been running in AKS for 3-4 years now and never had an auto-upgrade come in I wasn't expecting. I have been ontop of alerts and security bulletins though, may have kept me ahead of the curve.


I was once on a nice family holiday and broke my resolve and did a 'quick' check of my email and found a nastygram billing reminder from a provider. On the one hand I was super-lucky I checked my mail when I did, and on the other I didn't get he holiday I needed and was lucky to not spill over and impact my family's happiness around me.


I wonder how much of the negative connotation in ~every GitHub thread comes from the MS buyout vs the actual topic under discussion. Do people really dislike 2FA on something as important as source hosting?


> something as important as source hosting?

But it's not important for a lot of people. Lots of people just create the occasional issue or some such. Almost no one is a maintainer of something important.

And overall it's just a hassle that adds zero security for me; I just have the tokens in the password manager next to the passwords (where else do I store it? I just have my laptop).

It's something that should be the user choice, based on how important the account is, personal factors, etc.


I would actually be far more frustrated by mandatory 2FA at login than if my GitHub account were compromised. I use it to star projects, and because you can't code search without being logged in; it's a bottom-tier account for me and 2FA means I'll probably just not bother. Why can't they gate sensitive features behind 2FA?

As an aside, I'm surprised I've never seen an async authentication system whereby PW gets you in, 2FA code is sent, and you can continue accessing the system in a limited way until you submit your 2FA code, instead of sitting on some intermediary page waiting a few minutes for the code to arrive.


2FA is a bigger problem to me than Microsoft. I'm not having electronics on me most of the time.

If i have to log in to Github from somewhere else, i call my landline and have SO read the 2FA code to me. But since this is cumbersome i try to get my stuff done without the Github login.


Google "TOTP tokens on my wrist with the smartest dumb watch" for a fun project.


I meant "no electronics" literally.


I do dislike it. I'd take back my only occasional contribution to a project not to be bothered by 2FA and I'm not submitting issues anymore to anything. Basically I'm using github in read only mode without logging in. When another customer of mine will use github I'll be back on it and I'll use 2FA, but at least they'll be paying me for the trouble. All my current customers are on bitbucket.


> Do people really dislike 2FA on something as important as source hosting?

"important" is a per-person individual decision.

A phrase that used to be very common is "mechanism, not policy".

The role of a vendor is supposed to be to enable mechanisms so that customers can implement whichever policy that best fits their needs.

The role of a customer is to choose and implement the policy that best works for them personally, using the mechanisms that the vendor provides.

It is fundamentally wrong for a vendor to impose policy, that's not their job. Nor do they have the information to correctly make that decision.

Some (few) people have important source code in their github account. I'd highly encourage those people to enable 2FA. Most people don't have anything important that anyone else uses, so adding the overhead of 2FA for them is beyond silly and purely obnoxious.


> The role of a vendor is supposed to be to enable mechanisms so that customers can implement whichever policy that best fits their needs.

this is where GitHub isn't a vendor; it's almost a social network as one account getting compromised could potentially cascade through projects. If you want to manage the risk profile that best fits you; you'd localize on GitHub Enterprise or other selfhosting.


Very well put. I work in info sec and I find Githubs 2FA requirement completely obnoxious.

Because you can't use passwords anymore, you have to set up tokens, which are often stored in the clear. It's actually less secure for me than a reasonable password and a lot more hassle to maintain.

Should be a choice I make. I use GitHub a lot less now than I did before, it's a pain to use now. Maybe I'll move to something else that respects my choice and threat model.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: