Or worse yet, the performance load of anti-malware software that has to look inside ZIP files.
Look, most of us realized around 2004 or so that if you had a choice between Norton and the virus you would pick the virus. In the Windows world we standardized around Defender because there is some bound on how much Defender degrades the performance of your machine which was not the case with competitive antivirus software.
I've done a few projects which involved getting container file formats like ZIP and PDF (e.g. you know it's a graph of resources in which some of those resources are containers that contain more resources, right?) and now that I think of it you ought to be able to virus scan ZIP files quickly and intelligently but the whole problem with the antivirus industry is that nobody ever considers the cost.
> So per that messaging, the UDP-Lite code really hasn't been used in years and doing away with it can net some measurable (+3~10% packets per second) for other UDP workloads.
Often times removing deprecated code is purely for developer purity. You just don’t want it lying around.
But 3-10% pps improvement is quite an achievement for removing some branches.
They're not so silly as to have any personal or professional liability, they probably spin up a special purpose vehicle or llc to hold the bag if it all goes south
It’s analogous to a mortgage in a non-recourse state. If the borrower defaults the bank (or non-bank lender) gets the leveraged company, but can’t usually go upstream.
Ohhhh a live one! Sir do I have a wonderful bridge in Brooklyn to sell you! :)
Fun fact: banks fund this sort of nonsense constantly. I've asked about this before: why they do it. They must be making money I just don't know how. The LBO guys pay themselves massive management fees and dump the debt on the company so they walk away scott free.
My wild guess was the banks offload the eventual IPO onto investors and so make their money on the IPO fees and funneling their own clients the dead-man-walking shares. But I honestly don't know.
> wild guess was the banks offload the eventual IPO onto investors and so make their money on the IPO fees and funneling their own clients the dead-man-walking shares
The banks get paid back their debt when the next PE fund buys the company or the company pays it off. Unless an IPO is being done to pay off debt, which it never is, the mechanism you describe doesn’t occur.
The list of companies imploded by LBO/PE is quite high though. Why do banks keep lining up to fund such deals? They must be making money somehow. These companies aren't worth much in liquidation. Are they able to extract enough value during the dead-man-walking period to make it worthwhile? Especially for retail or similar deals where the bank isn't going to foreclose on a bunch of real estate or assets worth selling.
I was not saying this is how they make money - I was saying I honestly don't know. If you do know please share. I would love to understand why the banks are so keen to fund what looks to my eyes like super shady vulture capitalism. We start with a profitable company and end with a smoking husk. The Wall Street guys are doing it to steal as much value as they can before it all blows up. Someone is eating the eventual loss. Who? Or are you saying the majority of these deals don't end up with the company being eviscerated?
The usual arrangement for an LBO is to saddle the bought company, the vet in this example, with the debt,or spin off a secondary company from the vet with the poorest assets and most to all of the debt. It's all a scummy business.
Pro tip for devices that refuse to simply remove working WiFi credentials (cough Samsung), is to connect them to a different “dummy” WiFi and then simply turn that off.
I’ve yet to see a device that caches more than one set of credentials. But I suppose it’s only a matter of time.
Then we shall only ever connect to a throwaway wifi ssid created for the sole purpose of setting up that TV and deleted promptly afterwards.
Samsung will then use NFC / QuickShare transient hotspot to helpfully sync all useful info from your Samsung phone nearby.
Then we block that IP address or MAC ID from router side.
Then smart TVs will switch to open mesh networks hosted by unsuspecting ISP customer boxes in neighborhood.
And maybe even starlink.
=====
Maybe wifi standard should stop using static passwords and create a device specific hash to let it connect. Wifi admin should get to approve each device connection request.
I have a TCL so maybe it's different, but did your TVs require connection to set up?
The TCL can still act as a HDMI switch with CEC, and that can be labeled through the remote if you want, so there was never any need to connect to a network.
With the widespread move to OLED across the TV and monitor manufacturers, this might not be the case for much longer. They look and perform great, but are ultimately a consumable product.
Copy that. I have a 2007 Kuro Elite 50" Plasma whose picture is still so beautiful after 19 years it's almost 3D. Not.One.Repair/Problem/EVER. I dread ever having to buy a new TV.
2008 Kuro Pro 111FD here; not a single issue to report, either. I honestly don’t know what I’ll do once something eventually happens; I’m seriously considering hoarding any similar Elite models within drivable distance.
My parents got a new smart TV; if you don't give it wifi access it will nag repeatedly about it. Very annoying, and it only takes one time for it to go "Yay! I'll store these forever now."
(It will also wheedle you to re-enable the AI features and telemetry if you turn those off. Which you do like eight levels of confusingly and scarily named submenus.)
The best course of action here seems to return the TV. Any TV that cannot be permanently switched to HDMI input without nags is unfit for purpose and should be rejected.
Why is this needed at all? As the decrypted key is in memory before the reboot, can’t it just be written to a know location in memory and have kexec be instructed to read it early on?
> As the decrypted key is in memory before the reboot, can’t it just be written to a know location in memory and have kexec be instructed to read it early on?
I set up what you are suggesting (sort of anyway[1]) on a personal VPS to reboot after updates, that require one. I just generate an initrd in tmpfs that contains a keyfile[2] and kexec with that ephemeral initrd; The newest kernel can be found by looking at what the /boot/vmlinuz symlink points to. Been running this for years. It is 100% reliable, and simple. And, for the purposes of this box, secure enough.
For remote unlocks from initial power on, Debian has had that since forever using keyscripts and dropbear in the initrd.
[1] You could pull the key from memory, and use that to unlock the disk from within the generated initrd, but it would be more work than just setting up a keyfile in advance. It was my first thought as well.
[2] Easiest way was to use a mount namespace to use a diff crypttab file that points to the keyfile, since cannot specify crypttab location when creating the initrd. E.g.,
Oh for sure something is needed for a full start from zero. But the much more common case for a computer with backup power is regular restarts after applying patches that require a reboot. Would be much more pleasant for that to work out of the box with no manual interaction at all.
We already charge different rates for residential vs industrial water usage. Why not do the same here and simply charge them more? The state could also impose a direct data center surcharge on their usage.
How is it extortion? They could have gotten a different deal from anybody else or no deal at all. Nobody was twisting there arm or forcing them to deal with this one company to sell their tariff claims.
If two companies come to you with an offer to sell the refunds, and one has strong ties to a central figure in the administration — which can, in the future, subject or exempt you from new tariffs and otherwise use the Federal government’s powers to mess with you - are you truly free to choose either offer? Or is there a risk and a benefit to taking the one that’s tied to the administration? (And frankly, can you even be certain either way?) This kind of conflict (even the appearance of this kind of conflict) is why we generally don’t want government officials or their families to be profiting directly off the policies they oversee. It is at best unseemly, and that’s being kind.
Thank you. Yes, this is the reason to be concerned. Not because it's extortion, or anything else like that, but because having to evaluate a counterparty's degree of connection to the State before doing a deal is not the way that free enterprise or open markets are supposed to work. Lutnik Jr's involvement puts every other bidder for these contracts at a disadvantage (even if it's illusory, and he's not personally acting badly), and distorts pricing signals. It's unfair not (or not primarily / directly) to customers, but to the rest of the legitimate players within an industry.
Yes, I know this isn't the first time this has happened, and that people likewise benefit from connections to governments led by other political parties. Those instances are also bad!
> If two companies come to you with an offer to sell the refunds, and one has strong ties to a central figure in the administration — which can, in the future, subject or exempt you from new tariffs and otherwise use the Federal government’s powers to mess with you - are you truly free to choose either offer?
Yes, because tariffs, like all taxes in the USA, are not imposed on individual people or entities. They’re on industries and specific materials.
If a company truly thought the chance of winning was low and needed the money now, they would pick the best offer. Regardless of who is making it.
This is naive. For larger firms, targeted product and industry-specific tariffs can be a game-changer. For example, Trump created a set of exemptions related to smartphones built in China that weren't officially aimed at Apple, but since Apple sells approximately 50% of US smartphones (for a much larger slice of profit) and 80% are made in China, this disproportionately affected a single company. But there are other areas where the administration can also use Federal power: see, for example, Trump's use of Federal approval to block the Netflix/WB merger as one example.
This is basically the government doing a protection racket. I swear, the amount of neoliberals in here lauding the move is a recession indicator. Did we all forget what corruption is?
Corruption is so endemic now that people stop seeing it. This was the same in the former USSR, when I was there I would be utterly amazed by the degree to which everybody had normalized corruption, it was not considered anything wrong or special at all, it was just the way business was done. You could effectively buy your way into or out of anything.
> If only it wouldn't collapse by itself after clicking anywhere (clicking seems to activate physics) this would be 10/10
I think that's the other metaphor here.
It's not just standing on the tiny shoulders of one forgotten maintainer. The entire system only appears stable because we're looking at a snapshot of it.
> I'm more concerned about what happens to US now, because I think the attack indicates a complete failure and collapse of the legislative branch of the US government.
Why now? Why not when they took out Soleimani in 2020? Or when they invaded and took out Gaddafi in 2011? Can keep going all the back to Truman invading Vietnam.
I don't know. Have Congress and Senate always been this ineffective? I don't remember Obama, Biden or even Trump 45 act with this much impunity. I obviously can't go further back because I have been here since Obama's second term.
The Iran-Contra scandal from the Reagan administration comes to mind. Congress explicitly de-authorized the executive from funding the Contras in Nicaragua. The executive kept doing it anyway. Nobody faced any consequences, though Congress at least made a lot of noise about it.
That's kind of ineffective, but not to this level where Congress is just fine with blatant illegality.
Way too risky to use Google services like this tied to your primary account. There’s too much risk of cross damage. Imagine losing access to your Gmail because some Gemini request flags you as an undesirable. The digital death sentence of losing access to your email with a company that notoriously has no way for the average human to contact a human is not worth the risk.
Use a custom domain and don't use google for email.
And if you do use your gmail address just forward it and start to transition to something else. With time everything of importance has been transferred.
Use your own domain to sign up for a paid email service, provided by a company that focuses on email. I use Fastmail, but there are many other options.
Set up forwarding in Gmail to your new address.
Then, whenever you log in to a website or app with your Gmail, take a moment to change it to your new address. In a few weeks, most of your important accounts will be covered. In a few months, almost everything you still actively use will be done.
I did this ~5 years ago and the only thing that still arrives at my Gmail is spam.
You can mitigate/speed the process using your password manager too.
I still use a filter in my email so that if something comes in under my Gmail, it gets a special tag that I can filter on and treat those as a todo list. Rarely happens beyond the occasional Google Meet connection.
> Use your own domain to sign up for a paid email service, provided by a company that focuses on email.
Note you don't need to pay. just use zoho mail or any other free email that lets you bring your own domain. Switch email providers as needed without changing your domain
The trouble with paying is that if you forget to pay, you may lose email. (arguably this is also a problem with domains, generally you should pay some years in advance)
You can buy a domain name for like $10 per year; I recommend getting it from porkbun.com.
Cloudflare.com is good too, EXCEPT if you buy your domain from them, you'll be required to use their nameservers until and unless you transfer your domain elsewhere (which you won't be able to do for a while). Though to be fair, their free DNS is good and lots of people use it anyway. It makes email setup slightly more complicated, but it's still doable.
Spaceship.com also has a pretty good reputation, but I think their customer service isn't as good, they're quite new, and they're owned by Namecheap (a bigger domain registrar with a much worse reputation).
Whatever you do, DO NOT buy from GoDaddy. Do not even search for the domain you're considering on GoDaddy. Literally any option is better than GoDaddy.
By far the most reliable TLD options are .com, .net, and .org. These will look relatively trustworthy for email, and the price stays very very stable from year to year. If you don't want to think about it, just get one of these. You can even still find single dictionary word domains for .org or .net relatively easily.
Do not buy any domain marked "premium". This means the owner of the TLD can change the price at renewal as dramatically as they want, for any reason (e.g. if you have a website hosted at that domain that becomes popular). Your $20 per year domain might suddenly become a $300 or $3000 per year domain for no reason but greed, and you wouldn't be able to do anything about it.
Non-premium nTLD's (.club, .horse, .rocks, .theater, etc) can increase quite dramatically in price, BUT the price is required to be set the same for all domains using that nTLD, so they can't target any individual person for having a successful website or whatever. Also, you can pre-buy up to 10 years, which locks in your price for those 10 years. I'd still not recommend them for a primary email, but it's better than buying a "premium" domain. Just be aware that the yearly price might unexpectedly increase in the future.
Some country code TLD's are also good, but for email, probably stay away from the ones that spammers like to use.
___
Anyway, what I actually originally meant to comment about is: if you set up forwarding from gmail and don't check that account regularly anymore, I recommend setting up a gmail filter rule that forwards all your gmail spam to you (their regular forwarding setting leaves it out and just sends it to the gmail spam folder). It's a little annoying to have to re-flag some of the spam as spam in your new email, but gmail has a habit of marking non-spam as spam for me, and if you're not regularly checking that spam folder you can easily miss important email.
Porkbun have started demanding ID verification for registrations, which depending how you feel about current events might make you reconsider having them on your list
When I started using them, they did this by checking against Paypal, with whom (admittedly to my regret) I had already verified myself. I wasn't asked to provide a copy of my ID to them directly, at least, or to provide it anew to one of those random ID verification companies that are popping up out of the woodwork.
It also just bothers me less in this case than in most because, no matter who you buy from, if you ever need to verify ownership of your account/domains, you may eventually be asked to show ID/verify your identity anyway, and if you can't prove you're the person who bought the domain then you risk losing it (say, by not being able to regain control of it after it is stolen). And if it's a domain you've tied your email or business to, and you've pre-payed 10 years, that would suck majorly.
So I feel about it more or less how I feel about my bank needing ID, personally. But I definitely get why others may not agree/may have a different use case to begin with.
I think also there is a big problem with scammers using stolen credit cards to buy domains, which they use to send phishing email or operate malicious websites. Preventing this at least makes way more sense as a motive than "protect the children by identifying all of them".
If you buy from elsewhere, you can find a way to avoid the ID verification, but most places will only take digital payment, so they still probably end up with your card number and name.
I'm not a fan at all of age verification laws and websites requiring ID, but this one I tolerate, personally. But I won't blame anyone for not doing the same.
> Your $20 per year domain might suddenly become a $300 or $3000 per year domain for no reason but greed, and you wouldn't be able to do anything about it.
For quite some time (approx 8 years) I've used an email forwarding (Blur, but any works) to avoid spam.
This looks like perfect case for change of email, since lot of these accounts can be moved out from Gmail by changing the address that email is forwarded too.
Looks like all this hassle with generating a new email for each service pays for the second time (by ease of changing the main mail), in addition to spam and privacy protection.
I did this but don't forward. Instead, every new email in Gmail I got would prompt me to go update that service's contact info for me.
It probably doesn't matter, but it made me feel a little better because that way Google wouldn't have direct info on to which email/domain I transfered (ignoring other Gmail contacts that start emailing me at my new address(es) ).
I switched to a password manager (bitwarden) about 7 years ago. I have over 200 accounts (not all of them use my @gmail). it would take me weeks to convert those accounts to a new domain, if the application could even support it.
I will admit, many of the accounts are not needed any more. but the process will still be emotionally boring to filter through that.
> ... it would take me weeks to convert those accounts to a new domain ...
I did the same with about the same amount of accounts and it took me the better part of a Saturday. Even if you were really slow and needed five minutes per account, 200 accounts would still only take about 17 hours.
I don't think that's a lot of effort. You could easily spend that time fixing something around the house or garden, which often might not have nearly as big of an impact on personal agency.
Do you use single email address on your domain or multiple for different purposes? Or do you have one main address and throwaway aliases for the one-time registration purposes? I see that the Fastmail provides a single inbox that can handle multiple addresses and wonder how does it work.
I just sold a domain I had for 25 years and used for everything including API endpoints, email, authentication, etc. It took a couple weeks to transition myself and my family/friends.
Pretty sure just moving emails would have take a lot less effort. I had the advantage of keeping the domain until I was ready to move, now imagine Google just turned it off one day and what your workload would be. I shudder to think about having to deal with that.
Register your own domain, use a third-party provider to handle actual sending and receiving (I use proton, which makes the setup very easy), forward your Gmail to your personal domain address and as renewals and reminders come in switch your email on services to your personal domain.
After a year or two losing Gmail becomes an inconvenience; after a few more years it is nothing. As everything is now on your own domain name you can switch providers without affecting anything.
That's what I did about 5 years ago and my only regret is not doing it earlier.
I just migrated to Fastmail (on my domain), it’s fantastic. It works just like Gmail in every way I need, haven’t missed Gmail or Google Calendar one bit. It’s clearly made by people who know Gmail well and understand why it works the way it does. I thought it’d be a huge migration but it was actually boring. Search works, 20 years of emails just magically migrated over. Spam detection is better. Couldn’t be happier!
Accidentally typed gmail.com the other day, it took 4 seconds to load (Fastmail is instant) and when it finished loading there was an ad to try some paid Google service. Felt like a flashback to an abusive ex.
I moved away from a gmail address that was that old, dating back to the invitation-only days. It had become more spam than not, mostly other people who share my initials not knowing their own email addresses. But the possible devastation you mention was more worrying. It had become too much of a risk for my banking and identity generally to not own my email address.
I got a custom domain. I still host it on google, because I know how impossible it is for small companies to have a reasonable program to deal with insider threats. Because of that, I think only one of the giant companies can realistically provide secure email. And the google app suite is great. Now that I pay for google workspace, there's support and appeals available, and if they ban me anyway, I still control the domain and can regain access to everything.
I have not been able to delete the old address, even after 3 years. There are some things like Google Fi that can only use a non-workplace google account. Very, very rarely, I still get an email that matters on it. But I got to the point where I could stop checking it in about 2 months, and now I look at it about once a week quickly, more out of habit than anything else.
The switch was annoying, but not "hard". It was worth it.
I had my Gmail for almost 20 years and made the transition. It's annoying and time consuming but I think well worth it. I bought a domain and host it on iCloud. It's like $3/month for 6 email addresses (you can use it with the family). That includes a little cloud data and other services like hidden email addresses. DNS is handled by Cloudflare for free. Then start moving each service/login to the new email address. Every time you log into something, change the email address. I took the opportunity to update passwords and passkeys too, using Vaultwarden. I was lazy and had used similar passwords for a lot of services. Passwords are all long and unique now.
Now, even if Apple bans me, I can move my host within minutes. I never lose access to my email domain. It's much more professional and I can do catch-all. E.g. netflix@[domain.com]. This way I can see who sells my email address to spammers and block it.
Get your own domain so you can easily change providers in the future. Start with your password manager and change the address on all the accounts you have in there.
After a few years you'll notice you stop bothering to check your Gmail and you can delete it to close the address.
If you need motivation, skim the /r/GMail subreddit and see how many people are getting locked out daily.
Do you have a recommendation for a major email provider as a fallback if you have to pick one?
I vaguely recall encountering a service that only accepted addresses from a whitelist of big providers (Gmail, Yahoo, Outlook, etc.), even @icloud did not qualify.
That's a service that doesn't want your business. If you care, message them about it
I've never once run into a service with such a restriction, but I can imagine someone being that short-sighted. I have seen services that only support "log in with Google or Facebook", which is comparably terrible.
Discogs will not let me login with my own domain (of 30 years) and required one of the big providers. It kept complaining about "risky domain". But that is the only incident I can think of.
It is a top 1000 web site according to Alexa rankings. It would take you about 5 seconds to Google about it. Probably less time than it took you to write your post.
I have heard of that, yeah. It's still busted, but marginally more understandable if they're dealing with a lot of scams. For instance, `.xyz` and some others have bad reputations. I've never seen something that'll reject an arbitrary self-owned `.org`, by way of example.
Sign up at fastmail.com, set up forwarding, change your "reply-to" address. A year later, you'll have nothing arriving in gmail except marketing cruft.
I switched to my own domain ages ago; it only took 2-3 years to stop getting relevant mail to the old one (I put a forwarding rule in place and just used the new one for everything).
Imported all my past mail on day one, forwarding meant I had one inbox only, and I only sent mail from the new domain. A few gentle “please stop using my old address” conversations with family.
It's really not that hard. I switched about 10 years ago. Just every time you log in with your old email, replace it with your new one. Every time you email someone, email them from your new one with a note: "this is my new email". In a few months I had migrated everything to the new email.
make another mailbox (another provider - migadu, fastmail, proton, whoever) that has IMAP as well. (selfhosting.. is PITA. only if u really need it).
install some standalone mail-client - thunderbird, clawsmail, applemail, or k9 , aqua on android, whatever. Attach both mailboxes into that. Find out how to copy an e-mail from one folder into another.
Folder by folder, select all mails, copy from one mailbox into the other. Will take time.
(Beware, some clients (apple) will fuckup the mail-date, anything older than 5 years becomes 5 years old. or it shows like that. YMMV.)
i have made this multiple times, for 20+ years of mails...
Although I am increasingly concerned with its longevity since there's a non-zero risk that Proton might shut down SimpleLogin since Proton Pass has its own alias feature.
This has its own risk factors. If your domain renewal lapses due to credit card expiry or something and you fail to notice, it's catastrophic. This is just not realistic advice for the average person.
You can usually purchase 10 years up front. But then you should set a reminder for every 3 years or so to keep topping up, or else you'll forget how to even sign into the registrar.
You're right that having a vanity domain for your primary email address isn't for the faint of heart. There isn't any realistic advice for the average person because it's not for the average person.
There was a time back when we could get generic LoginWIth OAUTH butons along with the social media roster , allowing one to use whichever provider they wanted.
Current state of OIDC should be pretty much standard across most providers - it put it that devs need too make the push to support alt login providers for preventing vendor lockin in identity like were currently barreling towards in hardware/software.
This wasn't due to some random Gemini request. Users were using sketchy antigravity auth plugins to use their antigravity tokens on things like OpenClaw, clearly against ToS. It's great that Google is giving these users a second chance.
Yes, our masters once again embarrass us unworthy peons with their endless grace, generosity and forebearance. How lucky we are to entrust our data and our lives to them!
It's easy to sneer at huge corps getting mildly scammed by people stretching or breaking the rules. Certainly I don't shed any tears for these corporations.
On the other hand, I have learned that people who are willing to find exploits with trust-based systems operated by huge corps are very often willing to apply that same cheating and exploitation mentality without regard for who the other party is. These are very often the same people who try to coerce teenage cashiers at locally owned shops to accept expired coupons or combine them in invalid ways, or take produce from a roadside farm stand instead of paying into the honor jar. The mentality of cheating the system seems great when it's against huge inhumane corporations, but from what I've personally seen it rarely stops there, and on the whole it contributes to a low trust society.
What upsets me is less the fraudsters, though they are bad as you outline, but just the setup.
Google is in unilateral control of a whole pile of things. Some of them are more critical than others - in particular, if you use a GMail address or Google account to identify yourself to third parties, Google has you by the balls. It has billions of people by the balls. At any time, they could completely ruin your digital life. They don't even need a reason. If they lock you out, you have no way to get their actual attention, or to reverse their decision.
That's coercive power. The need of Google "customers" to keep in Google's good books because it can ruin their day at the flick of a switch is a massive boon for Google.
The power of scammers to defraud local shops pales into insignificance by comparison. And yet, we spend disproportionate amounts of time going after petty crooks, rather than directly addressing large corporations who wield enormous power to enrich themselves with little-to-no blowback. They can pay for the best lawyers on the planet to stretch out and thwart lawsuits and regulatory meetings. They are more powerful than us, and we need to reverse that - unless basically we give up and let them rule us with unchecked power?
A society where everyone feels helpless against a tyrannical ruler is bad, so os one where they can't trust their neighbours. I don't know if they're comparable but I'd prefer neither. I'd like thieves and scammers prosecuted, I'd also like large corporations regulated to within an inch of their lives.
> our masters once again embarrass us unworthy peons with their endless grace
Masters who serve you in exchange for money?
be as sarcastic as you want but you demand a thing they did not agree to provide, for the same money = they have a right not to serve you. If you disagree with that and think they owe you something then you are the one playing master here.
If a 3rd party product advertises compatibility with a Google service and you use it to login via a first party Google login page, doesn’t the responsibility fall somewhere between the offending product and Google itself? In practice it’s structured pretty much like a phishing attempt.
Notably some model providers explicitly allow that very flow, while others will ban you without notice.
Why do you call it self-hosting? It appears to be installable app with a fancy homepage. At what point does the software being covered by an open license changes the responsibility model?
That's exactly what self hosting is, you install some app on your own computer host(s).
> At what point does the software being covered by an open license changes the responsibility model
When you agree to an open license that says you're liable for anything and not the author of the software.
> THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
The concern is not losing access to some new IDE for operating outside the terms of service. The concern is when you lose access to the IDE, you also lose access to your 20 year old Gmail account.
A general problem for Google products is that everything is mixed together.
Okay but they were paying customers paying $$$ for the service. Banning your customers without prior warning is not right, however sketchy their behaviour might appear. Even if it's obvious to Google that there's a difference between a Gemini API key and an Antigravity API key, it's not necessarily obvious to others.
The correct and sane thing to do is to send them an email, with at most a 24 hour suspension. If they keep doing it despite being warned then by all means fire them.
I’ll go further: there should be laws addressing account consolidation. Getting banned from an Apple or Google account is an incredibly wide blast radius. It would be like being banned from buying Unilever or Nestle food from your grocery store.
Email providers should be utilities and also legally require a warrant before disclosing any information whatsoever to the government.
Unfortunately the government is full of corrupt geriatrics who do not understand technology and are paid to continue not understanding technology as they sign bills prepared for them by ALEC.
No Google account has been banned for this. People just keep spreading this lie because no one agrees that they have the right to steal the OAuth token.
It's their OAuth token, it's not being stolen. It's just being copied from one place on their computer to another. This is no different than a competing browser importing your localStorage and cookies from Chrome on first launch.
No, the OAuth token is supposed to be used solely with the context of a first-party app only. Clearly, if you need to extract the key by reverse engineering or set up a proxy to spoof requests to a service, you're doing something shady.
> No, the OAuth token is supposed to be used solely with the context of a first-party app only.
The web doesn't work like that. The operators of google.com saying you must only use Chrome to load it is a ridiculous concept. It's not spoofing to use your own access credentials on your own computer to access your own account on an HTTP API.
Technically speaking, they haven’t been able to. There’s really no way of stopping someone using an alternate client if it appears to the server the same way.
The only reason video game cheating is more difficult is because it uses custom protocols and message types, and it needs to be reverse engineered. Usually it’s just easier to reuse the existing game client and patch it to report to the server that everything is normal.
Most people would agree both that getting rid of cheating is desirable and that the methods of control exerted over users to accomplish it is questionable. It's one of the few freedom/security tradeoffs where people generally agree we have to come down on the side of authoritarian, because otherwise it destroys online gaming as a whole. That scenario doesn't apply here. The world is a complex place.
How do so many people think this happened? All of the articles I’ve read have been clear that it did not happen. Yet it’s all over the comments here. Why?
Telling your users they can't use certain software to access your HTTP API is exactly the same as telling people they can't use certain browsers to load https://google.com.
They were banning people and those people couldn’t even cancel their subscription. That’s a rookie mistake and you expect the same company to have a flawless ban system?
yeah exactly have you ever tried to call Google support? it doesn't exist. the only way to contact Google is by posting something on news.ycombinator.com and then hoping that some person who works at that company actually responds to you and logs in somewhere and then changes your access.
> Way too risky to use Google services like this tied to your primary account
As a hedge, you can google.com/takeout on a monthly cadence.
At least a few years ago when raspberry pi nodes were cheap, you could set up rClone to sync the `TAKEOUT` folder of your gdrive account locally and then encrypt it and shove it into backblaze. Then set up a monthly reminder to quickly request a takeout and make sure that you choose the "deliver to google drive" option.
Using Gmail as your primary email has become a serious risk. Email was once a distinct thing but Google tying it to your everything-account makes gmail terrible.
> The digital death sentence of losing access to your email
I agree that the digital death sentence is really bad and doubly so seen that many are using single-sign on tied to their Google identity but...
> with a company that notoriously has no way for the average human to contact a human is not worth the risk
There's definitely phone support for paying Google Workspace users: don't tell me there's not, my wife got Google support on the phone more than once and they've been helpful.
And it's not a crazy expensive subscription either.
reply