Shanea93 (u/Shanea93)

Shanea93 commented on Ask HN: Has Duckduckgo gotten worse recently? · Posted by u/pmoriarty

bsstoner · 8 years ago

Disclaimer: I work for DDG.

I'd be interested in looking into any examples of searches where the results aren't good enough or where it seems to have gotten worse recently.

As far as I know there haven't been any changes over the past few weeks that would have made things worse.

Shanea93 · 8 years ago

Why does DDG only seem to search videos via Youtube, even with Safe Search set to off?

I live in the UK and with our internet laws here becoming more and more strict over the last few (and coming) years, I wanted an alternative to Google or Bing who both actively cooperate with the governments existing proclivity to censor things like Porn.

Bing's video search for pornography is absolutely fantastic, it's legitimately the one thing I use Bing for.

Shanea93 commented on Uber Founder Travis Kalanick Resigns as C.E.O. nytimes.com/2017/06/21/te... · Posted by u/java_script

smt88 · 8 years ago

We should also believe men, but that isn't a historical problem the way it is for women.

As an exercise, ask a few men and women you know if they've ever been harassed or attacked at work. If they didn't report it, ask them why.

Shanea93 · 8 years ago

Anecdotally, I'm in the process of being sexually harassed by a director at the company I work for and choosing not reporting it. I plan to leave in a couple of months, my startup is in the final stages of closing a seed round - getting in to a sexual harassment lawsuit right now is the last thing I need in terms of stress and career.

The power dynamics are significantly different though, I don't feel at all in danger, I'm a 6'2 man who lifts weights in his spare time, so it's more of an annoyance than anything truly worrying. I understand that this person may go on to harass the next person who fills my role, but I simply have too much personally riding on the outcome of the present to leverage it in that way.

Shanea93 commented on Amazon Prime Wardrobe lets you try on and return clothes free techcrunch.com/2017/06/20... · Posted by u/janober

maccard · 8 years ago

I'm in the UK, and ASOS does this already. My partner regular orders the same clothes in multiple sizes, and sends back the ones she doesn't want in the bag they're sent in, with the prepaid return label.

Shanea93 · 8 years ago

Adding to the UK perspective, the following companies all do it as well and are representative of both older and younger shoppers:

* Boohoo

* Pretty Little Thing

* Missguided

* Marks & Spencers (non-food)

* House of Fraser (under 20Kg)

* Debenhams

Outside of these, with "Collect Plus" now being next-to ubiquitous in the UK (over 6,000 participating stores) any store using Collect Plus (or DPDs Ship-to-shop) can offer free returns via the stores. As an example of how useful this is in general, the tiny corner shop on my street is a Collect Plus collection point.

Shanea93 commented on The problems with Youtube’s restricted mode wired.com/2017/03/youtube... · Posted by u/DiabloD3

Shanea93 · 8 years ago

This article is so unusually biased that it's twisting the truth to the point of presenting a false story.

The persisting idea that this was to protect children is such a lie, this was absolutely to protect Youtube from the backlash they've been receiving from advertisers who don't want their advert for toothpaste showing up next to a video discussing the best uses for anal beads or any US political opinion which doesn't firmly conform to being hard left (before I'm down-voted for saying that, as a British leftist, my personal brand of over-the-top semi-communism would make even the left-est of Americans feel a bit sick).

"It’s tried to enlist users to flag problem videos, and that backfired when trolls heard about the plan." - This is discussing how Youtube wanted to give users the ability to mass-flag groups of videos, as in flag multiple videos at once instead of individually. Trolls? This only effects content creators.

"But despite YouTube’s efforts, it didn’t notice YouTube megastar PewDiePie going rogue." - Almost straight away after the story broke, they canceled Felix's "Scare Pewdiepie" Youtube series contract before he had even had a chance to publicly respond to the (frankly ridiculous) claims that he was a Nazi sympathiser.

Shanea93 commented on Intent to Deprecate and Remove: Trust in Existing Symantec-Issued Certificates groups.google.com/a/chrom... · Posted by u/ehPReth

CountSessine · 8 years ago

Well, just looking at the Bank of America example, they don't seem to use HSTS in their landing page. How widespread is HSTS? How long is the expiry period typically set for (I would guess a long time?)

Does anyone still use browser bookmarks?

Actually, just thinking about it, it might be even simpler than this. If Bank of America wanted to, couldn't they still host their redirect landing page over SSL with a valid non-Symantec certificate, and then redirect to the ie6.bankofamerica.com page which will continue to use the bad Symantec cert? If switching certs for their web infrastructure was really difficult and they didn't want to do it, they could just build a simple little front-end web server with a valid certificate to redirect people to an IE6 download page or ie6.bankofamerica.com.

Shanea93 · 8 years ago

HSTS is currently used by 2.8% of all websites, up from 1.2% this time last year. [1] If people are using Qualys SSL Labs tool to check their "grade", they won't be awarded an A+ grade unless their HSTS max-age is at least 6 months [2], so I'm going to assume the average is somewhere close to that due to how common usage of that tool is.

My grandma still uses browser bookmarks, but I have no none-anecdotal source for this.

BoA could absolutely do all the things you just mentioned, but all of them are more difficult than simply replacing their certificate using Comodo or some other trusted root CA.

[1] https://w3techs.com/technologies/details/ce-hsts/all/all

[2] https://community.qualys.com/thread/15972

Shanea93 commented on Intent to Deprecate and Remove: Trust in Existing Symantec-Issued Certificates groups.google.com/a/chrom... · Posted by u/ehPReth

nailer · 8 years ago

EV certificates have the same level of confidentiality and integrity as DV certs, but they have different authentication - specifically, they tie the certificate to a legal entity rather than a domain name.

ie.

    https://paypal.com-customerservice.ru

vs

    PayPal Inc [US] | https://paypal.com

I run https://certsimple.com. We sell EV certs. But you can verify the above pretty easily by checking out the EV guidelines, the additional requirements that apply only to EV certs (https://cabforum.org/extended-validation/). You can also see the difference with openssl pretty easily:

Here is a DV cert:

    openssl x509 -in domain-validated-example.com.crt -noout -text | grep Subject
     OU=Domain Control Validated
     CN=example.com
     DNS:example.com

Here is an EV cert:

    openssl x509 -in extended-validated-example.com.crt -noout -text | grep Subject:
       jurisdictionOfIncorporationCountryName=GB
       businessCategory=Private Organization
       serialNumber=09378892
       C=GB
       ST=City of London
       L=London
       O=example Limited
       CN=example.com
       DNS:example.com -

Shanea93 · 8 years ago

Your pricing is very reasonable and I've just placed your website at the top of my to-do list tomorrow morning, thanks for posting.

Shanea93 commented on Intent to Deprecate and Remove: Trust in Existing Symantec-Issued Certificates groups.google.com/a/chrom... · Posted by u/ehPReth

hannob · 8 years ago

I for one find it totally neat that people realize their expensive EV cert was a waste of money. Although that was true before, too. EV certs are a waste of money, the only thing they do is show a green bar. They don't improve security.

Shanea93 · 8 years ago

Absolutely, I totally get that, it's worth mentioning that we take our TLS implementation seriously (HSTS, no TLS1.0, etc) and score an A+ on SSLLabs test: http://i.imgur.com/QbH4YZS.png

The green bar with our company name in it translated in to a measurable conversion increase week for week from guest checkouts, so saying it's a waste of money isn't strictly true in our case.

Shanea93 commented on Intent to Deprecate and Remove: Trust in Existing Symantec-Issued Certificates groups.google.com/a/chrom... · Posted by u/ehPReth

ChristianBundy · 8 years ago

How recently did you renew? This has been in the works for over two years,I'm surprised that anyone is still giving them business.

Shanea93 · 8 years ago

We renewed recently, through our hosting provider who have Symantec in their certificate chain.

Shanea93 commented on Intent to Deprecate and Remove: Trust in Existing Symantec-Issued Certificates groups.google.com/a/chrom... · Posted by u/ehPReth

musicnarcoman · 8 years ago

> Intent to Deprecate and Remove: Trust in Existing Symantec-Issued Certificates

When I read that something like this popped up in my head:

"Google is using the nuclear option on Symantec. Neat!"

Shanea93 · 8 years ago

Perhaps it's neat for you, I just found out that our newly issued EV certificate status is being revoked in the next build of Chrome, so our expensive EV certificates may as well be $5 StartSSL certificates.

I imagine that there will be a lot of angry customers asking for refunds from Symantec/Verisign for certificates already issued which no longer conform to the offered product.

Shanea93 commented on Pam-ussh may be tricked into using another logged in user's ssh-agent hackerone.com/reports/204... · Posted by u/zdw

tomohawk · 8 years ago

js; dr

Shanea93 · 8 years ago

I copied the content here for anyone in a similar situation to the parent commenter: https://justpaste.it/14pz7

The HTML hidden in that mountain of div tags is remarkably well formed for the standard I see around on the "modern web".