I imagine a large part of Thorn's effectiveness comes from exploiting weaknesses in trafficker's infosec. If traffickers could see how the software works they could figure out ways to hide from it. That would likely be a net loss compared to what the open source community could do to help.
How about a simple one time key? I am assuming that your app is not going to store anything and has no backend at all.
So Let's say your app pings the API with the email and a special loooooooong human readable string of a random words:
"A horse is an grass, it feeds on animal!"
Note the phrase (key) should not make sense or be correct grammatically, it could be just a bunch of words jumbled together.
The API sends this to the user, the user enters the same on your page with grammatically correct one.
"A horse is an animal, it feeds on grass!"
Boom, you have a very high entropy, a secure paraphrase that's probably reliably secure and can be enhanced to timeout against brute force attacks. It's really up to you to what you want to do with the API and your app.
Looks complex, but should be a good starting point to build something.
Goodluck!
Have two jobs, CAD and 3D R&D by Day, Open Source (maintainer) by Night. Love both. Happiness level: Day = 9, Night = 10. The work environment in R&D is pretty much cool, co-workers are awesome, pay is not way too great by works for me for now. And the Open Source work is what brings me peace. So yeah I f*ing love my jobs! Thanks for asking BTW.
Thanks, Benjamin, Laurie and everyone else for mitigating this, it feels great to know when the community chimes in together for such highly unanticipated scenarios.
On that note, however, respectfully I believe that features which have the potential of hitting the registry so bad should first be beta tested on a private registry and moved on to the high traffic serving CDNs of npm.
And 10% of the daily traffic is from India??? Whoa, every day is a school day.
I apologize for the incident, disgusted as I am with this, I just can't seemingly imagine what the women in the article went through. These things shove my proud Indian head into my own @#$%@!
Yet would like to lay a different perspective:
I am an Indian, an average tech professional, doing well in a good job, in a good city.
Yes, the majority of my country is conservative.
Yes, we have views that are biased against women.
Do we have laws to protect them? Yes, we do.
Do we have agencies to enforce them? Yes, we do.
Do we have resources to support such agencies? Yes, we do.
Yet we see these incidents happening in tens of villages, towns, cities happening every day.
Sadly "MOST of them unreported", let alone, being investigated, and the perpetrators getting tried and punished. Trust me on this one, most walk away free, and that encourages them to do it yet again.
The BIG question is then why is a basic safety not in place? You would say, isn't it the job of the law agencies to deal with this. Ugh, yeah... But blooper, a very good chunk of them are "corrupt".
We are not backward in tech arena anymore, though we have WhatsApp in villages where we still have 2 hours of electricity per day.
The technology is already in place, govt. orgs are all on Twitter, WhatsApp, etc. Do respond to requests and complaints (yeah you can tweet to our railway minister Mr.. Suresh Prabhu and he responds with immediate action, ex: https://twitter.com/baloomahapatra/status/792361492796637184)
It's just that the majority of masses are not "technically" educated enough to put it in use. They have access to weapons already (WhatsApp, Twitter, Facebook), but just choose to use them against the good use they should be put to. You don't need guns when you have a pen (now internet).
To me there are two possible ways to bring in some change to my sick country:
Yes, bring in the knives/guns, castrate the f@#$%ing bastards.
2) Educate, everyone when giving them access to the technology, the apps, the whole internet what they should be doing with it.
The later is a more important step too. Google started an initiative to provide free high-speed internet access at major railway stations, and here is what Patna (capital of Bihar state) did with their free wifi card:
http://www.huffingtonpost.in/2016/10/17/patna-is-the-no-1-us...
Yes, Porn.
~~~
The whole point that I want to lay on the table, is we DESPERATELY need to bridge the gap between the cultural conservative "backwardness" and the rapid pace at which we are being given these tech gizmos to play with.
I beg with my folded hands to the govt. To please use my tax money (increase it if need be), to educate the agencies, the village elders, the women who go out to those "doomed" towns of mine, and most IMPORTANTLY the god damned f%$#$# bastard perpetrators that the tech is there to make this country a much better place than it is.
I am doing what I am able to, but if you are reading this please wish my country gets well soon.
I am a proud Indian, in just 70 years we are beating the world to Mars, yet we have burning infernos in the towns, villages, and there are no fire trucks nearby.
> I beg with my folded hands to the govt. To please use my tax money (increase it if need be), to educate the agencies, the village elders, the women who go out to those "doomed" towns of mine, and most IMPORTANTLY the god damned f%$#$# bastard perpetrators that the tech is there to make this country a much better place than it is.
May I respectfully suggest that this is the wrong way to try to solve the problem.
Governments do not fix societies--they break them by the ruling class's manipulating society to remain in power. We see this even in the "first-world" nations like the U.S.
In contrast, societies fix governments when the governments are comprised of the societies they govern. Of course, this is only effective up to the level of virtue of the society in question.
Expecting government to fix society is putting the cart before the horse. Thinking that the government is (or should be) the horse that drags along the society cart is part of the problem. It's like expecting the tail to wag the dog. On the contrary, society is like the horse which drags the burden of a cart behind it.
Fixing a society requires the good members of it to get their hands dirty, not to outsource the job to their government. Easier said than done, but no less true.
But when the society is way too huge, it's a different game altogether. Compare 1.25 billion people to 310 million in the U.S
In a complex society as India, the challenge to actually execute a "good" change is closer towards the impossible side.
We have 18 official languages spoken in 27 different states, where the dialects change every 12 km (7.5 miles). We have at least 5 major religions, not to mention countless castes and ethnicities. There are just literally thousands and thousands of groups.
While the common vested interest of staying in power remains the same, the number of good members who can make a significant (practical) impact with honest intent is simply insignificant. And on top of that, these few members are split amongst these many many groups, creating an utter chaos.
This may not be the case for other societies for instance in U.S where most players in the society are literate and educated sufficiently to the leverage tech to get a clear picture of what actually the govt. is up to.
Sadly in India, most well-educated masses including myself lead lives that feed their families, which leaves very few brave members to clean up the mess that we have created.
And of course, the bad members use this opportunity to bend the govt. and the society to their best interests.
So while a perfect solution would be to practically difficult.
But, as an honest citizen, I think that education can do wonders. If people are empowered to challenge the govt. when it fails its job, then I think new good members will be born.
Don't you agree? Sorry about the long post, I agree that asking govt. to educate society is not the solution, but "educating society to use technology correctly" on an emergency basis is. Given the state of the affairs, govt. (at least the current one) is perhaps the best vector to deliver it.
Yes, and thanks for your comment. It is indeed a very complex problem without any simple solutions.
Education seems like a good start, but of course it raises the questions of who will teach and what they will teach. As history shows, teaching the wrong things can have very bad results. If the people making the decisions and doing the teaching are good, maybe it will turn out well. But if those people are not good, the end result could be tragic on a colossal scale.
> If people are empowered to challenge the govt. when it fails its job, then I think new good members will be born.
This is very important and insightful. I think it's also important that government be close to the people, i.e. power being distributed among many smaller bodies.
Yeah, windows laptops have always been shit (considering MS never made hardware early on, until recently), MS has done some blunders in past as well (remember Vista and Win8).
I have been using a Windows laptop for over 5 years (Yeah a Lenovo!) and have went thru the whole upgrade from Windows 7 --> Windows 10.1 Anniversary update (for free), and to much shame of mine, my b!@#ch of a laptop still doesn't cry considering a boot up time of 6 seconds!
Yet I needed a dedicated Unix environment and although Bash is available natively now on Windows, it's not going to be stable soon enough for me (6 months from now maybe, Creators Update is coming in Jan' 2017). So, a week ago I did buy the MBP retina 13" Early 2015, and trust me I am not disappointed, after last night's #AppleEvent.
I might be biased but coming down to your query:
> Are Lenovos worth considering post-superfish-gate?
Oops I forgot to mention, you should clean install Windows 10 on Lenovo, i never liked the crapware that they gave, the hardware does have a great shelf life.
Players like RazorPay and Paytm do not care about small businesses and indie entrepreneurs because it's a volume business.
YOU are not important!
If your turnover is tiny, they do not give a fuck about the SLAs with you.