joshmn (u/joshmn) - Readit News

joshmn commented on Checkout.com hacked, refuses ransom payment, donates to security labs checkout.com/blog/protect... · Posted by u/StrangeSound

ants_everywhere · a month ago

> (he wasn’t fond of GitHub's automated scanner

Do you mean they thought the scanner was effective and weren't fond of it because it disrupted their business? Or do you mean they had a low opinion of the scanner because it was ineffective?

joshmn · a month ago

He would complain that it disrupted their business, and that it doesn't catch all keys—it catches the big ones that he certainly found to be very valuable.

joshmn commented on Checkout.com hacked, refuses ransom payment, donates to security labs checkout.com/blog/protect... · Posted by u/StrangeSound

joshmn · a month ago

It’s notable that there were ShinyHunters members arrested by the FBI a few years ago. I was in prison with Sebastian Raoult, one of them. We talked quite a bit.

The level of persistence these guys went through to phish at scale is astounding—which is how they gained most of their access. They’d otherwise look up API endpoints on GitHub and see if there were any leaked keys (he wasn’t fond of GitHub's automated scanner).

https://www.justice.gov/usao-wdwa/pr/member-notorious-intern...

joshmn commented on Lessons from Growing a Piracy Streaming Site prison.josh.mn/lessons... · Posted by u/zuhayeer

lippihom · a month ago

You should reach out to Scott Chacon - he's very accessible and I feel like he'd be sympathetic to your situation and could fix everything up quite quickly.

joshmn · a month ago

Thanks for the advice, I sent him a note on LinkedIn.

joshmn commented on Lessons from Growing a Piracy Streaming Site prison.josh.mn/lessons... · Posted by u/zuhayeer

twentyfiveoh1 · a month ago

I was just just interested in how your "say no" lesson came from the streaming site. I am sure they asked you for all sorts of channels, but from their perspective, I kind of understand it. I had really wondered what kind of crazy of stuff you were shooting down. I didn't expect anyone to go too crazy on expecting feature requests on a pirate site.

joshmn · a month ago

The typical ones were things like MMA/UFC/boxing, and those I'd say no to because their business model revolves around PPV; things like NCAA sports I said no to because I refused to profit off children (NIL didn't exist at the time) and that the implementation would have required me to "integrate" more than 5 different services just to attempt parity; I'd get the occasional EPL or UEFA requests, too.

I really didn't have any significant demand for these. One of my litmus tests, besides demand, was "okay, can this be as good as the other sports' implementations?" I was always concerned about feature parity—I could have provided radio feeds for MLB but not for NBA, and that would cause people to say "well they have radio feeds for x but not y" and create confusion as to what is what. Being consistent in this regard was important.

The run-of-the-mill IPTV requests came and went, and I just wasn't interested in that. Ultimately I made the site for me so I could watch sports, I just had some other people watching with me.

joshmn commented on Lessons from Growing a Piracy Streaming Site prison.josh.mn/lessons... · Posted by u/zuhayeer

dormento · a month ago

Btw you ever got you gh acct back? Really shitty situation, best wishes

joshmn · a month ago

Thanks for asking. No, not yet, I'm working on introducing myself to their legal team with hopes that they might be able to take that as serious enough to believe I am me.

joshmn commented on Lessons from Growing a Piracy Streaming Site prison.josh.mn/lessons... · Posted by u/zuhayeer

msh · a month ago

I don’t understand how people think that they have a good chance of getting away with something like this?

There must be safer ways to make good money?

joshmn · a month ago

It wasn't about the money whatsoever.

joshmn commented on Lessons from Growing a Piracy Streaming Site prison.josh.mn/lessons... · Posted by u/zuhayeer

freedomben · a month ago

> I went so far as to tell the person my situation and they told me that because I'm providing a service I have to do better.

IMHO that's an asshole and not somebody you want as a customer anyway.

joshmn · a month ago

That was one of the lessons I took away was that not every customer is a good customer. While I did have really accessible customer service, I didn’t want to be everything to anyone, even if it left money on the table. The quirks and features of the site where enough for the typical Reddit user (at the time) to discern, more so than those who were accustomed to official services, sports or otherwise.

joshmn commented on Lessons from Growing a Piracy Streaming Site prison.josh.mn/lessons... · Posted by u/zuhayeer

jimmydorry · a month ago

> Streit indicated his work was worth $150K but was also informed there was no ‘bug bounty’ program at the baseball league.

Sounds like a bug that would have been better off anonymously leaked for the other IPTV providers to pick up, after said bug was valued at 0 in greyhat dollars.

joshmn · a month ago

The bug couldn't have had less to do with streaming, and in the wrong hands would have been worth a significant amount of money—exponentially more than what the Shopify CVE calculator spit out and I replied with at the time. There's more here: https://prison.josh.mn/charges

There's a lot of nuance, and what was ultimately reported about the bug isn't how things played out—there's tons of context missing. I won't talk more of the bug, or the handling of situation. I realize it was the leading headline (more so than the "guy had streaming website") but it was, in my opinion, also the most far-fetched.