Hive Social got popped already

Warning: do not use Hive Social:

We found a number of critical vulnerabilities, which we confidentially reported to the company. After multiple attempts to contact the company we finally reached them by phone and they acknowledged the report. After multiple days and multiple reminders by us, they claimed to have fixed all issues. However multiple vulnerabilities we reported still exist at the time of writing.

The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages. This also includes private email addresses and phone numbers entered during login.

Attackers can also overwrite data such as posts owned by other users.


The Hive team has become aware of security issues that affect the stability of our application and the safety of our users. Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience

To their credit, it sounds like pulling the plug entirely was the right move, and most companies would not have done that. Even if they only did it not when they found out, but only after someone created a PR disaster to force their hand. One takes what one can get.

However, that does not change the fact that (as I said earlier this week) they are yet another data silo whose lock-in design is antithetical to the principles of openness and interoperability that are the good things that the Internet and the World Wide Web brought to the world.

Previously, previously, previously.

Tags: , , , , ,

SF Board of Supervisors approves police murder drones.

Supes approve killer robots, 8-3:

Only Sups. Hillary Ronen, Dean Preston, and Shamann Walton voted against the plan. So much for a progressive majority. Even Sup. Gordon Mar, who already lost his re-election and has nothing more to lose, voted with the police.

[...] It's a huge precedent that has received national attention. San Francisco, the progressive city, has approved a policy that gives the cops another potentially very dangerous tool to use in what are, frankly, vague situations.

Yes, the rules say that only very senior officers can authorize the killer robots -- but given the way senior cops have authorized and defended a lot of completely unacceptable killings in this town, that doesn't blunt the impact of the decision.

It does suggest that the media-hyped Fear of Crime that led to some of the worst criminal-justice policies in modern history in the 1980s is back, in this city, right now.

These supervisors voted in favor of allowing SFPD to execute people by remote control:

Connie Chan, Catherine Stefani, Ahsha Safai, Aaron Peskin, Myrna Melgar, Gordon Mar, Rafael Mandelman, and, to the surprise of nobody, Matt Dorsey.

Dean Preston's dissenting statement:

Today's vote approving the San Francisco Police Department's dystopian military equipment policy -- which will allow SFPD to use robots to kill people -- is deeply disturbing. It is frankly embarrassing that the Board approved this policy based on nothing more than nonsensical hypotheticals [...]

This is a sad moment for our City, and one which shows how far the City has strayed from the reckoning on police violence in 2020. Allowing police to arm remote-controlled robots on the streets of San Francisco is dangerous, and like any other weapons used by police, will place Black and brown people in disproportionate danger of harm or death.

In contrast to the SFPD's fear-mongering hypotheticals, we don't have to look far to see why this decision could put San Franciscans in danger. We have plenty of examples of police using questionable or unjustified deadly force here at home. We also have examples of misuse of bombs and other explosives all over the country. Those include...

SFPD clarified that it would not arm robots with guns. Instead, they would be equipped with explosives.

Update: After a week of press, letters, and an in-person protest, the supervisors voted to send it back to committee for rewrites. Mandelman, Stefani, and Dorsey voted against that, holding firm on their position that it's cool for SFPD to murder suspects by drone.

Previously, previously, previously, previously, previously, previously.

Tags: , , , , , , , ,

GrubHub gonna Grub

If your business uses GrubHub, you must contact them or they are about to double your service fees:

Dear Restaurant Partner,

In April 2020, San Francisco enacted emergency COVID legislation capping commission rates for third-party delivery services at 15%. The San Francisco Board of Supervisors recently adopted a new ordinance updating this legislation, which will become effective in February 2023.

This means that on February 1, 2023, Grubhub will place all restaurants at their previously contracted rates. If you'd like to make any changes to your contract, please contact your Account Advisor. You continue to have the option to select our "Basic'' 15% package inclusive of delivery and marketing.

In June, the Board of Supervisors made the pandemic 15% cap on delivery fees "permanent", but then DoorDash and GrubHub sued the City, with the usual line of implausible bullshit that without higher fees they "might have to completely eliminate their operations in San Francisco." Suuuuuuure. But the Board of Supervisors blinked anyway, and said, "Wellllllll I guess it's ok if you continue to dark-pattern-hoodwink everyone into your extortionate 30%-and-higher rates, so long as there's still technically a way to get 15%."

Hey, I've got a question! Given that it takes exactly the same amount of time, effort and gasoline to deliver my $10 meal as my $100 meal, why does GrubHub get to charge 10× as much for the second one?

Followup question, does the delivery driver also make 10× as much on the second one? This question is rhetorical.

Anyway, please buy our pizza, it's really good! We make more money if you call us and order for pick-up, but deliveries are good, too.

Previously, previously, previously, previously, previously.

Tags: , , , , ,

  • Previously