He stated the source, and information about his Docker affiliation is readily available. HN guidelines discourage signing comments:
Please don't sign comments; they're already signed with your username. If other users want to learn more about you, they can click on it to see your profile.
There's a huge difference between having a generic signature for every comment you post and disclosing an affiliation that adds validity to the claims made in the comment.
It doesn't say "don't sign all your comments", it simply says "don't sign comments". Also, it should be interpreted in the light of the fact that modern netiquette on other sites like Stack Overflow which have usernames is to never sign your posts.
Here it is to disclose affiliation, which else people would forget to check due to nature of 'battle'.
Also, there is an assumption that the signature contains up to date information and/or does not change over time. The latter situation would else impact historical purpose. The signature has changed and does not refer to the position/information related to the moment of writing.
I agree with how both jwildeboer (Jan) and shykes (Solomon) approached this. Much appreciated in this case.
But yes, in a normal situation, this is irrelevant and the username signature is sufficient.
I don't know that there is a huge difference between those two. What I do know is that in this case there was no difference of any significance.
The comment was signed with his username, and his Docker affiliation was disclosed under said username. That was all that was needed to add validity to the claims in the comment.
All HN comments have that "generic signature". All HN users are free to disclose information about themselves on their profile, and all HN readers are free to click usernames to learn more about the the people who comment on HN.
Give it a rest. This is a semi-anonymous forum where people's identities aren't tied to their usernames. This isn't name dropping, it's providing helpful context.
I have no information here, but it's certainly possible that both sides are not willing to publicly disclose the full extent of the vulnerability. I think that's less wise than usual given what Red Hat is writing and how disputed it is, but that's probably their standard practice.
Some of the comments from Red Hat previously implied that they thought the vulnerability could only be exploited via ptrace, which SELinux denied by default for Docker containers. That's definitely not true; ptrace was used in the PoC because it's easy and likely to win the race condition, but you can also grab file descriptors out of /proc/$pid/fd.
However, the blog post appears to show SELinux stopping attacks that don't involve ptrace, because SELinux forbids writing to an open file or an open network socket that has the wrong context. If Docker believes there are attack vectors that aren't covered by the default SELinux policies (such as writing to something that's not a regular file or network socket), they might be unwilling to disclose that too loudly until Red Hat gets around to saying "Uh, actually please patch".
Your usage is actually correct. Which is great, considering many native English speakers get this one wrong. The heuristic we hear in school is something like "use 'affect' as a verb and 'effect' as a noun," which like many grammar heuristics is of course an oversimplification of reality. Usage of effect as a verb isn't super common in general conversation by native English speakers whereas I think most might choose to say something like "establish authority" instead in this case, but still your intention is still clear.
Because the other comment didn't spell it out: effect is correct there. Effect as a verb means something like "to cause to happen". Don't pretend effect/affect is just a noun/verb split. Both words have meanings as both verbs and nouns. It's best to just learn both meanings of each instead of following some rule that's wrong a fair amount of time.