The only scripts I’ve seen still leave a giant empty box at the top… Are there any that fix this too?

where it won’t obscure passwords. But, surprise, it will obscure DRM content

Yeah, we all know where the priorities really are.

How have our consumer protections gone so fucking far.

it includes logging things you do in apps, tracking communications in live meetings, remembering all websites you’ve visited for research, and more.

Yeah, uh, no thank you.

Is Microsoft this out of touch? Or are we doomed to be constantly monitored by our corporate overlords?

Seems we’re just still charging directly into 1984.

I had a programmer lead who rejected any and all code with comments “because I like clean code. If it’s not in the git log, it’s not a comment.”

Pretty sure I would quit on the spot. Clearly doesn’t understand “clean” code, nor how people are going to interface with code, or git for that matter. Even if you write a book for each commit, that would be so hard to track down relevant info.

Why not just sort me out of the Mailing-list?

Because that would cost their time instead of yours

Problem 2 also shows they have no double checks on access to private video feeds. Mixing up what’s being requested at any step and not reverifying anywhere after that point just reveals fucking terrible security practices.

No, this does actually sound like a solution. But it’s a solution that should be scattered all throughout the process, and checked at multiple steps along the way. The fact that this wasn’t here to begin with is a bigger problem than the “client library failure” as it shows Wyze’s security practices are fucking garbage. And adding “one layer” is not enough. There should be several.

To give a bit better context, which I can only be guessing at by reading between the lines of their vague descriptions and my first hand experience with these types of systems…

Essentially your devices all have unique ids. And your account has an account/user ID. They’re essentially “random numbers” that are unique within each set, but there appear to be devices that have the same ID as a some user’s user ID.

When the app wants to query for video feeds it’s going to ask the server “hey, get me the feed for devices A, B, and C. And my user ID is X”. The server should receive this, check if that user has access to those devices. But that server is just the first external facing step. It then likely delegates the request through multiple internal services which go look up the feed for those device IDs and return them.

The problem that happened is somewhere in there, they had an “oopsie” and they passed along “get me device X, X, X for user ID X”. And for whatever reason, all the remaining steps were like “yup, device X for user X, here you go”. At MULTIPLE points along that chain, they should be rechecking this and saying “woah, user X only has access to devices A, B, and C, not X. Access denied.”

The fact that they checked this ZERO times, and now adding “a layer” of verification is a huge issue imo. This should never have been running in production without multiple steps in the chain validating this. Otherwise, they’re prone to both bugs and hacks.

But no, they clearly weren’t verified to view the events. Their description implies that somewhere in the chain they scrambled what was being requested and there were no further verifications after that point. Which is a massive issue.

It doesn’t even need to go that far. If some cache mixes up user ids and device ids, those user ids should go to request a video feed and the serving authority should be like “woah, YOU don’t have access to that device/user”. Even when you fucking mix these things up, there should be multiple places in the chain where this gets checked and denied. This is a systemic/architectural issue and not “one little oopsie in a library”. That oopsie simply exposed the problem.

I don’t care if I was affected or how widespread this is. This just shows Wyze can’t be trusted with anything remotely “private”. This is a massive security failing.

Amongst many other reasons, my biggest is it’s not searchable by search engines.

Well gee, I hope you don’t use texting, phone calls, emails, private forums, social media DMs, or talk to anyone IRL, because those aren’t searchable either!

This argument seems like reaching for something to complain about rather than having a legitimate problem with discord. If anything, you don’t like the “large group chat” paradigm, but that’s like hating a screwdriver because it’s not a hammer.

I think discord is primarily just useful for voice chat, yes.

But:

It’s a closed ecosystem that locks what would otherwise be searchable knowledge on the web, with an unsearchable, proprietary lockdown of that information.

Yeah, no. Proprietary, sure, but you can say that about almost communication mechanism that’s not a website with an API. It’s not like people would otherwise be posting these things somewhere else if discord didn’t exist. If it wasn’t discord it’d be slack or something. Discord is an entirely different medium and complaining that it isn’t a forum is just not a legitimate argument. They’re entirely different things.

This whole comment/complaint is just the pros and cons of different types of communication. None of this is discord specific, it’s just complaints that real time chat isn’t indexed by search engines and isn’t organized into clear topics.

Sure, some IRC chats were logged/posted, but that still has all the same searchability problems, and that process can still be used within discord search. It’s just not useful because real time chat doesn’t have any sort of topic organization.

This whole thing is like complaining that signal is worse than email because it’s not as organized. It’s not worse, it’s just a different medium with different goals and purpose. And you’re not giving any specifics as to why signal/discord is bad, just that you don’t like direct messaging/chat rooms.

That’s great and I’m glad that works for you.

But most people buying portable gaming handhelds are not doing that. And the people looking for things like that are likely landing closer to a surface or standard laptop, which Windows already supports well.

I don’t know that Microsoft has any business trying to make Windows support these devices better…

Windows is entirely built around two pillars:

1. Enterprise support for corporations, and team machine management
2. Entirely open compatibility so they can run almost any hardware you put into it, plug into it, and backwards compatibility for all that for as long as possible.

Portable game machines are not an enterprise product. Nor do you care about broad hardware support or upgradability. Nor do you care about plugging in your parallel port printer from 1985. Nor do you care about running your ancient vb6 code to run your production machines over some random firewire card.

Windows’ goal is entirely oppositional to portable gaming devices. It makes almost no sense for them to try to support it, as it’d go against their entire model. For things like these, you want a thin, optimized-over-flexible, purpose built OS that does one thing: play games. Linux is already built to solve this problem way better than Windows.

But, Microsoft will probably be stupid enough to try anyway.

Now we just need that GFX software from intel / amd / nvidia that is available on windows, taking advantage of that newly supported hardware

Stop, you’re making me too hard. I might be able to like, ditch Windows if that happens.

Exactly this. Amazing engineers can still be run by brain dead management. Turns out being a manager gets you more decision making power though.

What? You don’t like a little adventure of “where the fuck did that contact go” or “where the hell is that app icon and why has it changed themes entirely again?”

The thing I’ve never understood about this…

Why are they willing to pay for the visit with the doctor if they don’t think the doctor’s opinion means anything?

Genuine question… What defines “under insured” here?

I’ve heard bits about this before, but I always assumed it meant it was for if you’re totally uninsured or on some shitty basic coverage insurance. I’ve always had extremely expensive “best care you can get” type packages, but always end up getting shit declined anyway because the insurance claims shit “that medication isn’t on our list of meds for the diagnosis/disease you have”. After rounds and rounds of contacting the doctors office and having them the insurance company about how it IS actually a drug for that diagnosis, the last thing I have the patience for is more phone calls that seem hopeless.

It’s so frustrating seeing so many people repost this shit thinking that repeating the same garbage is helpful.

No one gives a fuck about the “legal” definition of why this is “allowed”. Looking at this with basic common sense, what Apple is getting away with is much worse than what Google is getting pegged for.

People complaining don’t care that there’s a stupid loophole in the legal definitions as to why Apple is allowed to do this. If the laws and definitions make that OK, and Google’s actions are held to be more “anti competitive” then the laws and definitions need to change.

That’s what people are complaining about. Not that “oh what’s the legal loophole that allows this”. No one cares about the legal shit that allows this. That’s why they keep complaining “even after this has been answered”.

Yeah… How the fuck is Google action here “monopolistic” and Apple literally refusing to let anyone in at all somehow isn’t? What a joke.