I mean, she spelled my name wrong to. She spelled her own email address differently in two places. Attention to detail does not appear to be this person's strong suit.
I've been poking the internet bear for over 30 years. That's quite obvious if you read the other articles on my blog. I'm not one to back down from a fight when I think someone is in the wrong. And yes, sometimes I've paid for that, such as when a Usenet kook tried to get me fired from my job for having the temerity to disagree with him. But overall I'd rather be the guy who stood up for what I believed was right than the guy who didn't. As always, YMMV.
The user's suggestion wouldn't actually solve the problem the user wanted solved.
If there are scheduled messages queued to be sent when Thunderbird starts up, then Send Later sends them immediately, before the user has a chance to click any "Stop" button. The only way to prevent that is to delete the message when you no longer want it sent, which is what I explained to the user.
There's also a preference the user could have enabled in the Send Later preferences to tell it not to send messages that are past due by more than x minutes when Thunderbird starts up. So there are actually _two_ different ways already in the extension for solving the problem the user wanted solved.
It's FOSS, I don't have unlimited time to work on it, there are a lot of other more important features I'd be working on if I had time rather than adding a third solution to a problem for which there are already two other solutions.
Wow, out of all the things I've written on my blog, _this_ makes it onto the front page of HN. How droll.
BTW, just to be clear, I wasn't the one who posted the link here. I don't think it's particular relevant to what HN is for, but shrug apparently somebody did.
This is all I'm going to have to say about the attacks on my character here...
When some stranger on the internet acts like a dick toward me in private emails, I call it out -- in private emails.
When I decide that someone has acted sufficiently like a dick toward me in private emails, I put them in my burn-before-read file, and I tell them so, because I don't believe in ghosting people.
That's usually the end of it.
When someone, having been told that they are now in my burn-before-read file, decides they're going to go out of their way to email me from a different email address and harass me some more, then that's just what it is -- harassment. If they'll do it to me, they'll do it to other people, and I believe that calling out harassers publicly is, in fact, the right thing to do. That's why I posted the reviews.
I disagree with the claim made below that it was "bad faith" to do so, because having interacted with the business owner, I was in fact in a position to know his character and how he treats people, and that is certainly an appropriate thing to tell people about who might be considering whether to patronize a business.
The last letter I got from them, asking me take down the reviews, was not "fair." It was an attempt to intimidate me into taking down my reviews. It was, in fact, a classic example of an attempt at such intimidation. If you don't recognize it as such, try reading @Popehat a bit. It is perfectly appropriate to respond with public shaming to someone trying to intimidate you into taking down content you posted about them that they don't like (again, see @Popehat). Ever heard of the Streisand effect?
Finally, as I believe I made quite clear in the blog posting, I would have taken down all of the reviews and the blog posting itself in a second if they had simply apologized. I still would, if they apologized today. There's no expiration date on that offer.
I'm sorry to say, but things went off the rails before he used the second email address.
In the email with the GitHub link, the final two paragraphs were an unnecessary provocation, especially the profanity in the first and personal insult in the second. Everything after that was mean-spirited and unnecessary, including your response to the second email address and the reviews.
I got into a lot of verbal fights on the internet over the years before I learned that typing at people only makes it worse. State your case plainly, without name calling, and leave it. If they keep going then 99% of the time they're trolling, and 1% they have no self control.
If you really feel the urge to "give it to them," maybe stop and think about why you feel that way. Nothing good ever comes from trying to hurt someone else to make a point, especially if that point is to make yourself feel better.
The best response is always kindness. If that doesn't work, then walk away. Escalating solves nothing.
Now other people are posting bullshit reviews on yelp and google (and maybe facebook, I’m not checking). Not only are you an asshole, you’ve convinced other assholes to post bad faith reviews of a business they’ve never interacted with as a customers.
And I bet you’re really proud of yourself. Of course, you can explain your actions, that must mean you’re a good person and what you did was right.
I don't have a lot of sympathy. The author was in the wrong for engaging with a crazy asshole, but in the end it is a crazy asshole. If being a crazy asshole comes with collateral damage sometimes, it just means there's a little bit of justice in the world.
What about "mark as spam" and move on? I maintain a few OSS projects and, occasionally, get some of those quite often. I just move on. Or...ask for $(2|5|10)k to do it for him - that also works
I mean, "mark as spam" is basically "burn before read," which is what I did to him. The difference, I guess, is that I told him I was doing it, because, like I said before, I think ghosting people is rude. YMMV.
Regarding quoting a ridiculously large number to add a requested feature, yes, sometimes I do that, and sometimes people even take me up on it and I end up both adding useful functionality to the software that everyone gets to benefit from, and making some money out of it as well. But I won't do that when the feature being requested isn't actually the right way to solve the problem. I've explained in another comment why it wasn't in this case. I'm not going to let someone pay me to make my software worse, and if you quote a price to scare someone off, sometimes they surprise you and say yes.
> ask for $(2|5|10)k to do it for him - that also works
Makes me wish emails had a feature where they took a photo of the reader as they open it, I'm sure we'd get some rather hilariously confused expressions :D
You lied. It only took me 5 seconds, not 30, to find out where you live. Probably because I also have a domain, so I knew where and how to look instantly ;P
The internet will never fully agree with you and at the end of the day you did what was right for you. Sometimes you have to say enough is enough just for your moral compass to sleep well at night. I am certain you have better things to do then call people out for nothing so I do believe this guy had it coming. Other times on HN the sentiment is the opposite and public shaming is encouraged. I don’t think you went over the top with your reaction.
While you have every right to be upset at that dick, you could act more mature by not feeding the troll. There is no victory there to be had. Either way I don’t find this a big deal. The legal assistant email is just asking for it. I’ve dealt with a few of these but some from actual lawyers, you can have some fun with those if you know the law.
My impression is that Kyle cares more about spending time writing software than about hyping his company. ;-)
It's an unfortunate flaw in a founder, but not a fatal one if he hires people to do the communication that he doesn't want to be doing. It feels to me like he's moving in that direction.
In this day in age it is common for a two-year-old SaaS startup not to have an office. I mean, I suppose it's possible that they have one, but my assumption is that the entire company is remote.
I don't see why their location is particularly important, but if you care, you can look on Kyle's LinkedIn profile, which I was able to browse my way to in about 45 seconds from a standing start from their web site.
The article I just linked to makes it perfectly clear "who's behind" Bitwarden, and you can find it out easily with a few seconds of Googling like what I just did. They're not trying to hide anything from anyone who cares to spend 30 seconds trying to find out.
I care a lot more about the fact that hundreds of vulnerabilities have been submitted to LastPass's bug bounty program and they haven't chosen to disclose any of them, whereas a much smaller number have been submitted to Bitwarden's program and they've disclosed several. P.S. I, personally have reported three different security issues to LastPass, none of which have been fixed (https://medium.com/@QuantopianCyber/hi-george-a16d88a37355).
It's clear to me that LogMeIn, which owns LastPass and has a big-deal, flashy "About" page, is much less security-focused than Bitwarden. What you're asking for feels more like security theater than anything that's actually relevant to security.
Google and Github both built their U2F support for Firefox before WebAuthn was released, and as you've pointed out, the U2F support in Firefox is gated out by default. Presumably Google, Github, and other companies that coded to U2F will migrate to WebAuthn eventually.
We didn't use the word "comprehensive", "complete", or "thorough", and obviously we didn't include every password manager in our evaluation, so I'm not sure what reason you have to believe that we were aiming to be "comprehensive."
We were aiming to evaluate the features / issues we care about against the password managers we were most likely to want to use. We published the results of our evaluation because we thought it might be useful to some people, not because we thought or intended for it to be all things to all people.
We didn't include security audits in our evaluation because, we are skeptical of their value and do not consider them a significant differentiator.
For example, in our experience trying to keep our own application secure, our HackerOne bug-bounty program has identified far more issues than the white-box security audits we've commissioned, at far lower cost.
In 2018, we reported nine different substantive security holes to LastPass. At least two of them were security issues. All of them took far too long to fix; some of them still aren't fixed.
There's a tenth bug which impacts many of our users on a regular basis which we haven't bothered to report to them because by the time we started running into it, our users were like, "Meh, whatever, that's just LastPass being LastPass." It's not good when you stop reporting bugs to a vendor because you've become convinced that they just don't care.
They've had 12 outages of varying severities and lengths in the past six months.
Pretty much every time I reported a bug to them -- and believe me, most of my bug reports were extremely detailed and often included videos or screenshots demonstrating them -- their first response was, "Try uninstalling and reinstalling your plugin." I hate that. HATE, HATE, HATE it.
I don't have access to my account anymore, but once I scrolled through my tickets, that I had created over the years. There were like 50 of them. Hardly any of those I felt good about after they were closed.
I've had maybe 2-3 with 1Password, and all but one was resolved quickly and satisfactorily. The one that wasn't: them telling my Basic Authentication dialogs would not be supported any longer. (The same response from LP, just before I quit them.) I can't really hate on either for this, since BA seems to be quite insecurely done and changes all the freaking time in Chrome (it broke regularly when LP supported it, due to Chrome changes).
Yes, my initial evaluation was flawed because I was looking at the free version of Bitwarden, but supports neither U2F nor attachments, but the evaluation grid said that it didn't support U2F but did support attachments. I've updated the grid to fix this. It now says that YubiKey is supported for Bitwarden and has a separate pricing line for personal use without attachments or YubiKey vs. with them.
