The man in the video is Chris Razer and he explains everything very well. I wish he had more long form content online for people to learn and understand
This generates a really annoying features with some browsers. Suppose I want to select "United Kingdom". I open the drop-down and there are all the countries in alphabetical order, plus "United States" at the top of the list. I hit the 'U' key. It does not take me to the alphabetically listed countries beginning with 'U', it takes me to the "United States" entry at the top of the list. I might be able to type 'U-N-I-T-E-D-K' and get to the "United Kingdom" entry, but there are browsers where that does not work. (Nor does repeatedly hitting 'U' bring me to the later 'U' entries.)
This is extremely disappointing. The insurer in question has a very good reputation within the dive community for acting in good faith and for providing medical information free of charge to non-members.
This sounds like a cultural mismatch with their lawyers. Which is ironic, since the lawyers in question probably thought of themselves as being risk-averse and doing everything possible to protect the organisation's reputation.
I find often that conversations between lawyers and engineers are just two very different minded people talking past each other. I'm an engineer, and once I spent more time understanding lawyers, what they do, and how they do it, my ability to get them to do something increased tremendously. It's like programming in an extremely quirky programming language running on a very broken system that requires a ton of money to stay up.
Could you post on HN on that? Would be worth reading.
And are you only talking about cybersecurity disclosure, liability, patent applications... And the scenario when you're both working for the same party, or opposing parties?
I'm talking about any situation where a principled person who is technically correct gets a threatening letter from a lawyer instead of a thank you.
If you read enough lawyer messages (they show up on HN all the time) you will see they follow a pattern of looking tough, and increasingly threatening posture. But often, the laws they cite aren't applicable, and wouldn't hold up in court or public opinion.
> they follow a pattern of looking tough, and increasingly threatening posture. But often, the laws they cite aren't applicable, and wouldn't hold up in court
And it takes years to prove that and be judged as not guilty, or if guilty (as OP would likely be for dumping the database), that the punishment should be nil due to the demonstrated good faith even if it technically violated a law
Wouldn't you say the threats are to be taken seriously in cases like OP's?
I'm curious to hear your take on the situation in the article.
Based on your experience, do you think there are specific ways the author could have communicated differently to elicit a better response from the lawyers?
It would take a bit of time to re-read the entire chain and come up with highly specific ways. The way I read the exchange, the lawyer basically wants the programmer to shut up and not disclose the vulnerability, and is using threatening legal language. While the programmer sees themself as a responsible person doing the company a favor in a principled way.
Some things I can see. I think the way the programmer worded this sounds adversarial; I wouldn't have written it that way, but ultimately, there is nothing wrong with it:
"I am offering a window of 30 days from today the 28th of April 2025 for [the organization] to mitigate or resolve the vulnerability before I consider any public disclosure."
When the lawyer sent the NDA with extra steps: the programmer could have chosen to hire a lawyer at this point to get advice. Or they could ignore this entirely (with the risk that the lawyer may sue him?), or proceed to negotiate terms, which the programmer did (offering a different document to sign).
IIUC, at that point, the lawyer went away and it's likely they will never contact this guy again, unless he discloses their name publicly and trashes their security, at which point the lawyer might sue for defamation, etc.
Anyway, my take is that as soon as the programmer got a lawyer email reply (instead of the "CTO thanking him for responsible disclosure"), he should have talked to his own lawyer for advice. When I have situations similar to this, I use the lawyer as a sounding board. i ask questions like "What is the lawyer trying to get me to do here?" and "Why are they threatening me instead of thanking me", and "What would happen if I respond in this way".
Depending on what I learned from my lawyer I can take a number actions. For example, completely ignoring the company lawyer might be a good course of action. The company doesn't want to bring somebody to court then have everybody read in a newspaper that the company had shitty security. Or writing a carefully written threatening letter- "if you sue me, I'll countersue, and in discovery, you will look bad and lose". Or- and this is one of my favorite tricks, rewriting the document to what I wanted, signing that, sending it back to them. Again, for all of those, I'd talk to a lawyer and listen to their perspective carefully.
> which the programmer did (offering a different document to sign). \n\n IIUC, at that point, the lawyer went away
The article says that the organization refused the counter-offer and doubled down instead
> he should have talked to his own lawyer for advice
Costing how much? Next I'll need a lawyer for telling the supermarket that their alarm system code was being overlooked by someone from the bushes
It's not bad legal advice and I won't discourage anyone from talking to a lawyer, but it makes things way more costly than they need be. There's a thousand cases like this already online to be found if you want to know how to handle this type of response
Sounds very usa-esque (or perhaps unusually wealthy) to retain a lawyer as "sounding board"
> This sounds like a cultural mismatch with their lawyers.
Note that the post never mentions lawyers, only the title. It sounds to me like chatgpt came up with two dozen titles and OP thought this was the most dramatic one. In the post, they mention it was a data protection officer who replied. This person has the user's interests as their goal and works for the organization only insofar as that they handle GDPR-related matters, including complaints. If I'm reading it right, they're supposed to be somewhat impartial per recital 97 of the GDPR: "data protection officers [...] should be in a position to perform their duties and tasks in an independent manner"
The report further states that the part included in the original design (part of the kit) was made of a carbon fiber composite where the epoxy had a listed glass transition temperature of 84⁰C. If there is an element to be critical of along these lines it's that the part as originally designed is supposed to include an aluminum tube at one end that may stiffen the part - the report makes no conclusions whether it truly would have, but notes that the actual glass transition temperature was found to be much lower than listed, and lower than that of the epoxy used in the original design.
Indeed, my dad was a research scientist at a large chemical company, and every scientist had a Friden mechanical calculator, which was capable of multiplying and dividing. But it was not a programmable computer.
When the HP 35 came out, it was cheaper than the annual maintenance contract for the Friden. They bought one, and passed it around to try out for a week, then all of the Fridens went into the dumpster. Of course he brought one home, and we got to play with it.
Ha ha, the rich kids when I was in high school Physics had these calculators. It was the first I had seen them. At over $100 (as I recall) they were completely out of reach for me and half the class.
(Ands they had to either have an extra set of batteries handy or access to an outlet to plug in the cord since the possibility of the batteries dying during a test was a real likelihood.)
This article is quite frustrating, since all that it really tells me is that their system "generates thrust without using any propellant and without expelling reaction mass, by directly converting electrical energy into thrust through controlled electromagnetic impulses".
That's rather non-specific. My first thought was that they're using photon momentum, but thinking about that a little harder rules it out. The ratio of energy to momentum doesn't change with any properties of the photon (they're both proportional to frequency) so there's nothing to really develop there: so long as you waste very little power as heat, you might as well be shining a well-collimated flashlight.
Options 3 and 4 from [this paper](https://arxiv.org/pdf/2510.21743), _magnetic sails_ and _solar sails_, seem more promising. Is that what Genergo are doing? I have no idea. The article doesn't tell me.
> But if you offer paid servies, collect money from UK citizens, you must have a business representation in the UK
I don't think that's true at all. You be taking payment by credit card, which doesn't require you to have any local presence.
I think your bigger risk is that you get a judgement made against you by a UK court, which a court that has jurisdiction over you is willing to enforce. I'm not sure under what circumstances that is the case, but I believe that it being the case with libel judgements has been an issue for a while (since plaintiffs can 'forum shop').
> You be taking payment by credit card, which doesn't require you to have any local presence.
But you're offering an online product, plus you are taking money from people from all over the world, whose governments have different regulations and points of view, your own business charges differently for different countries, and credit card providers are bound to different fees and/or extra charges for international transactions.
How, if at all, would you fund the federal government?
Are you suggesting you don't think the current way taxpayers interact with the IRS is very functional, or you'd like to actually get rid of having any agency responsible for federal tax collection?
One could imagine a world in which taxes are paid only to the states, which then must all pay to fund the federal government. Not saying it's a good idea, but it would certainly be different from what we have now.
In Australia we only pay federal taxes, and get distribute to the various states.
The tax is wonderfully simple for us, and I THE MAIN seems to work ok for states. Every now and then one state gets a bit tetchy about it, but it appears to work out OK.
Actions can be accomplished using a 'big knob' button that can be turned or pressed. The driver can still distract themselves, but I believe it's to a lesser extent that the touch screen.
Personal anecdote: I have mazda and tesla and drive both regularly.
I’ve got many more times distracted with mazda knob trying to turn on album than doing the same in tesla.
I used to think knob is safer until I started to see difference every day.
