Hacker News new | ask | show | jobs
by trhway 1407 days ago
Why would a high suit shmoozing media partnership manager have access to user info? Seems like an issue of data access at Twitter.
1 comments
josh2600 1407 days ago
For a long time many social networks were just any employee god mode.

Access controls are just not a priority while blitz scaling and then very difficult to patch on after the fact.

link
ChrisMarshallNY 1407 days ago
> Access controls are just not a priority while blitz scaling and then very difficult to patch on after the fact.

That's why the app that I'm writing now, started off as seriously tinfoil. In fact, I've had to [reluctantly] loosen some of the armor, in order to add a few features.

I won't say that it's Fort Knox, but it ain't gonna be easy to crack.

The demographics of its target user base are pretty paranoid, so I have to do my homework.

link
techdragon 1407 days ago
Is there somewhere we can learn more about the app?
link
ChrisMarshallNY 1407 days ago
I am not at liberty to disclose the app, itself, but it uses many of my open-source contributions.

The backend is a modified version of my BAOBAB server[0], which was actually a "learning" project, for me, but it works quite nicely.

This is the Security document[1] for the generic BAOBAB server. The customization was to add support for a specific workflow that is designed for the app, itself, and the customization is proprietary, as is the source for the iOS app.

This is the dependency manifest of the iOS app:

    // MARK: -
    // MARK: - DO NOT TRANSLATE BELOW THIS LINE -
    // MARK: -
    "SLUG-VERSION-BMLT"                             =   "BMLTiOSLib: 1.5.3";
    "SLUG-VERSION-KEYCHAINSWIFT"                    =   "KeychainSwift: 20.0.0";
    "SLUG-VERSION-LGVCLEANTIME"                     =   "LGV_Cleantime: 1.3.5";
    "SLUG-VERSION-UICLEANTIME"                      =   "LGV_UICleantime: 1.1.1";
    "SLUG-VERSION-AUTOFILL"                         =   "RVS_AutofillTextField: 1.3.0";
    "SLUG-VERSION-GCD"                              =   "RVS_BasicGCDTimer: 1.5.0";
    "SLUG-VERSION-CHECKBOX"                         =   "RVS_Checkbox: 1.2.1";
    "SLUG-VERSION-OBSERVER"                         =   "RVS_GeneralObserver 1.1.0";
    "SLUG-VERSION-GST"                              =   "RVS_Generic_Swift_Toolbox: 1.10.1";
    "SLUG-VERSION-MB"                               =   "RVS_MaskButton: 1.2.0";
    "SLUG-VERSION-PP"                               =   "RVS_Persistent_Prefs: 1.3.2";
    "SLUG-VERSION-UKT"                              =   "RVS_UIKit_Toolbox: 1.3.2";
    "SLUG-VERSION-WHITEDRAGON"                      =   "White Dragon SDK: 3.2.2";
It's from my Settings bundle localization file, so the syntax is strange. These are all open-source. I did not write KeychainSwift, but I wrote everything else (I have control issues. I don't like using code that other people wrote, unless it's really good, absolutely necessary, and is something I completely trust). They should be easy to find on GitHub. They are all SPM modules.

The app, itself, is fairly large, at over 30 screens (it was a lot more, but I'm doing the "Thoreau" treatment -Simplify, simplify, simplify- to it). I have been working on it for over a year and a half.

[0] https://riftvalleysoftware.com/work/open-source-projects/#ba...

[1] https://riftvalleysoftware.com/BAOBAB/PDFs/Security.pdf (Downloads a PDF).

link
dboreham 1407 days ago
1. Pass law. 2. Put people in jail. Oh...wait this is America..
link