procurement, management, finance, and others you need to appeal to
They don't need to appeal to any of these suits. Just the technical decision-makers, whose express job it is to choose solutions on their technical merits, not their spurious emotional reactions.
There is a sad fact though is that there are many organizations do not have technical people at the decision making level.
So these Suits you speak of, won't be able to get past the product name, enough to hear any technical merits of why this technology should ever be considered. Due to disfunctional leadership not even having a role of Chief Technical officer, or Chief Informational officer at the senior leadership level. A lot outsource because they don't want to hire/pay for this in house. It also shifts responsibility away, giving the CEO,COO,CFO, etc... the ability to point fingers at an outside entity.
That is a double whammy! internal can't sell/justify it to management, and outside IT providers/contractors can't sell it either.
So while they may be surviving with the current name they have, that does not mean they wouldn't be crushing the market share with a different name. If they are getting negative comments about the product name, then that's a warning that they should do market research to find out how many people would avoid the product because of the name.
But what the hell do I know, I'm making yet another HN comment post.
If you make technology stack decisions based on your feelings rather than what the product actually does, then you shouldn't be employed as a decision-maker.
Feelings become reality. People care about what things are called. You just don't care because it doesn't bother you. But if it was a topic you were sensitive about or something you feel is inappropriate, you would feel otherwise. Everyone has their limits of what is going too far. It's almost as if we live in a society with people from different backgrounds. What this really hits on is subjective relativism, and that's dangerous for an entire society to operate on. Maybe Cockroach isn't that bad, maybe it grosses some people out. Fine, not that big of a deal here. What if it was called "BondageDB"?
My point was that the job of a technology decision-maker is to make decisions on the actual technical merits of various options, the costs and tradeoffs thereof.
If you are in that role, and you permit the name of a vendor to trump the actual merits of the vendor's product, you should never have been trusted with decision-making authority in the first place, and any competitors who don't harbor your particular emotional hangups will get the better of you, and you won't be long for your position anyway.
Cockroach Labs is not selling to the end-consumer. They're selling to people whose job it is to behave like Vulcans. In this particular market, it doesn't matter what the name is.
I think the problem is worse: marketing / business people have convinced the worker that this surface level analysis is all we can expect of anyone. As said by other commenters: if the name of the DB solution influences your choice then you're probably gonna get what you deserve.
(Within reason. Someone on here actually said this argument is reasonable to have "because what would you do if they named it 'n-word'DB." Seriously.)
Until they figure out a better way to bridge to Slack and other popular walled gardens, it will remain in the realm of those universal IM chat programs of yore, always chasing proprietary protocol changes.
what's the problem with the slack bridging btw? the fact it needs webhooks? (a puppeted bridge is on the horizon that logs you in natively as your slack user)
Why exactly is HackerOne drawing a distinction with this software producer?
The truth is: because a H1 rep went on Risky Business and did not deliver a very good performance.
Patrick, who is absolutely okay with H1 having FiveEye clients like the US DoD, has a very serious problem with them also servicing an obscure spyware application provider. Because, I suppose, being murder-droned by a panopticon hegemony is much better than getting yelled at by an angry spouse?
The purpose of the DoD is not to spy on people, it is to protect people. That some actions by some programs and and departments may cross the line legally during certain periods is not that same as an entity whose sole, or majority of goods or services are for, or marketed as being for, an illegal action.
The same patterns kept happening over and over from there. The politicians got to play politics. The big, war contractors made billions. Their CEO's millions. After the drafts, the eventual "volunteer" army of mostly poor or working class kept dying for their BS about protecting "freedom" and "democracy." Look up Operation Ajax and compare to how that event is treated today to know plenty about what DOD does in the world. ;)
In the first case, you have an entity that has a proven record of breaking the law (on purpose) using technology. I can also argue that the purpose of DoD now is to protect the elites, from the people, but that's another story.
In the second, the legal line is not crossed. It may be crossed at some point by an adult person that can bear responsibility for his actions.
I would not work with both; I can understand how can one not be a hypocrite by choosing to work with the latter and not the former, but not the other way around.
Is it the right moral choice to protect the privacy of a cheater? Maybe, I don't know, I'm struggling to answer that to myself, let alone judge others.
> Is it the right moral choice to protect the privacy of a cheater?
Is this spyware used to find out if someone is cheating?
If so, it means you'd install it, and violate their privacy, without knowing if they are a cheater, so the point is moot.
I was not referring to the app, but in general to discover a cheater you'll most likely violate their privacy.
My point is that privacy in a relationship is a relationship thing, and the moral choice for me would be to not interfere in other peoples relationships. This includes not judging you if you use spyware on your wife.
This is going to earn me huge downvotes, but not all surveillance is equally illegal or equally unethical.
To me it seems that groups that run spy satellites and look out for nuclear missile launches are in a different ethical category than people who make software for perpetuating domestic abuse.
Clearly, I picked two extremes. That was just to show that not all surveillance is equally bad and that some can be better than others. I will leave other kinds of surveillance are just and unjust for other discussion.
They literally make tools to spy on people without their knowledge. How is there any situation where that is ok outside of law enforcement? Parents monitoring their kids don't need to be secret about it.
(And to be honest even that sounds super creepy. I thank god my parents didn't know my complete internet history and track my every movement 24/7. I can only imagine the helicopter parenting horrors that modern technology is enabling.)
Hell this software goes well beyond that. It records every text, every phone call, every keypress, hijacks the webcam and microphone to secretly record them, etc.
It's extremely common for domestic abusers to use this. I'm having trouble finding it, but I recall in article on HN that domestic abuse shelters are requiring victims to turn off their phones because it's become a problem.
As larger proportions of the infosec community get hired or contracted by law enforcement, intelligence, and other government agencies, you'll find that the respect for liberty that the hacker manifesto espoused is increasingly hard to find.
The prescient Upton Sinclair: “It is difficult to get a man to understand something, when his salary depends on his not understanding it.”
Are you sure it's not the other way around? It appears that the commercial opportunity for infosec has increased drastically in the last 10 years.
I mean, yeah, it's not the early 1990s anymore, where mostly academics and enthusiasts were on the internet. But is the hacker manifesto a standard to hold infosec practitioners who likely were in diapers during the halcyon days you refer to?
I don't understand how a professional in infosec couldn't see the necessity of anonymity in myriad use cases. Overlay networks seem to be the only viable option in many scenarios....?
for asynchronous messaging, agl had something really promising with pond, but for "reasons" decided to abandon it, and nobody bothered to continue its development.
I read about this a while ago. Apparently Intel's Management Technology which is built into like every Intel CPU now listens directly on the network interface so it can still send/receive data in case the OS is borked. It hooks in at ring 0. Like a rootkit the OS can't see.
It's common in the datacenter to come across motherboards with a switched eth0, with the BMC behind one leg and the user system behind another. You don't have to get that creative to get IPMI out of a machine when the OS is hosed -- to be honest, I think that is what you're actually thinking of, because "hook[ing] in on ring 0" is difficult to imagine working. You'd need driver awareness for when the management plane wants to transmit, at the least.
Not just SANs, pretty much their entire product line. iLO is a very common IPMI deployment at companies with HPe gear, which is a number of very large ones.
It's pretty much standard at large companies to never bother running the installer on the machine (if it even has one and isn't procured without an OS) they bought but instead to use a provisioning tool to re-image the machine before it first gets booted. Think of it as a DRAC card with some fancy tricks in a regular desktop (or laptop) and without occupying much space or a slot.
They don't need to appeal to any of these suits. Just the technical decision-makers, whose express job it is to choose solutions on their technical merits, not their spurious emotional reactions.