We run an eCommerce platform, have a variety of clients using it, they have a number of customers. At least once a week we get an accusation either from a client or an end-user of some outlandish nefarious behaviour, usually due to some complete lack of understanding of the nature of technology.
Way back when, we responded, tried to help, tried to explain, but it tends to be the case that if someone has made their mind up, they've made their mind up, and anything you say can and will be used against you - confirmation bias is a harsh mistress.
The best response is usually no response, I'm afraid to say. It's a drain on your time, they won't be any the wiser unless you're prepared to sink serious time into educating a stranger, and more often than not responding results in escalation, and people doing stupid things like involving lawyers and law enforcement.
Case in point: About six years ago, we had an older guy phone us up frothing about how we'd hacked his wife's computer and she'd accidentally bought something from one of our clients. We explained that it would be hard to accidentally enter your address and credit card details, and that if they didn't want the order they should contact the merchant, not the web developer (they clicked our "ecommerce by" link in the footer of the client site - we don't do that any more!). We thought that was that. A week later we got a stern phone call from an ombudsman who wanted to know why we were ignoring the distance selling rules and taking advantage of old people... and they didn't understand that we weren't a merchant, didn't place an order on their behalf, either - so months of time were wasted, and we narrowly avoided ending up in court over a non-issue.
Anyway. When you have a conversation with an idiot, nobody watching can tell which one of you is the idiot.
> Anyway. When you have a conversation with an idiot, nobody watching can tell which one of you is the idiot.
A friend of mine who works as a college professor has a fun approach to deal with the kinds of random cranks who contact him out of the blue seeking someone to validate their wild Time-Cube-style theories and "research": he responds to each one by providing an introduction to the previous one. Apparently, he received followups from some of them afterward saying how much they appreciated the introduction and how much it helped them.
This idea terrifies me even more than it amuses me. The notion of the long-term influence that could be gained by a network of cooperating Time-Cube-style theorists is enough to give me nightmares.
Yet helping crackpots (along with every other motivated people) find each other is unavoidably part of what the Internet does. I believe the good coming out of it outweighs the bad, but you're definitely not the only one being afraid.
It seems that many of those scared are those who've learned in a time of knowledge scarcity (it was difficult to find any information at all on any subject. It took at least a trip to a library and some ability to search the index). Today the challenge is to critically navigate in an overdose of information, a lot of it complete rubbish. The hard part is about filtering out, not finding material.
Now what scares me is that, at least in my country, many teachers haven't realised that the times of knowledge scarcity are gone. They tell student that using Wikipedia is cheating, instead of teaching them how to understand and navigate its (wonderful) citation system, to properly assess information quality.
(note: I suspect your comment to be tongue-in-cheek, but I felt like interpreting it 1st degree anyway)
I was only half tongue-in-cheek. I'm not really that worried about obvious crackpots having an effect directly. It is entirely plausible though that they could have an indirect effect. If banded together they could reach more of the public with crackpot ideas, and even if the public generally recognizes these ideas as crackpot, they will have succeeded in shifting the Overton window, enabling public acceptance of less obvious crackpot theories.
I am worried though about the (further) rise of anti-intellectualism and anti-science. The effects of this should be pretty clear just by reading the news. This does worry me more than the concerns you've described.
If one were to look at my Facebook feed at any random time and imagine it representative, one would come away with the impression that vaccines are an evil plot by pharmaceutical companies to make money, that airplane contrails a.k.a. chemtrails are an unknown but surely nefarious conspiracy by the government involving mass quantities of psychoactive chemicals dumped into the air, that "natural" healing using tea and crystals and such is way more effective than doctors and hospitals and pharmaceuticals, and plenty more along those lines.
My mother is deeply into this stuff, and I have some friends through her who are lovely people aside from the part where they believe in this stuff. They don't make up a large proportion of my Facebook friends, but some of them are very loud about their beliefs.
Now imagine if you don't care a whole lot about this stuff one way or another, you get your shots on schedule because that's what people do, you never considered government conspiracies because the news never mentioned them, and you see the doctor when you get too sick because that's what everybody does. Then you become exposed to all this stuff, written very confidently and seeming to be backed up with solid facts, charismatic people, and high production values.
I think there's a good chance you'd start believing it!
This reminds me of "The Three Christs of Ypsilanti":
Rokeach brought together three men who each claimed to be Jesus
Christ and confronted them with one another's conflicting claims,
while encouraging them to interact personally as a support group.
[...]
While initially the three patients quarreled over who was holier and
reached the point of physical altercation, they eventually each
explained away the other two as being patients with a mental
disability in a hospital, or dead and being operated by machines.
That seems a bit... I want to say cruel, but maybe it's not? I'm sure most of these mathematical cranks have various kinds of mental illnesses. Perhaps referring them to each other is creating an ad-hoc support group, or perhaps it's just ridiculing them.
Indeed. He was totally a crank, and also an asshole (which is what got him under house arrest). He was rightfully rejected by contemporary scientific community for pushing a model that didn't even agree with empirical data about planetary motions they've accumulated so far, as opposed to the commonly accepted models.
Yes, be careful in that respect, because the story of Galileo is one of the common historical misconceptions.
Could you please give me some citations, papers or any reference? Was he not an advocate of the Heliocentric model accepted today, that almost got him killed?
Please correct my historical misconceptions.
Will definitely be reading that thanks. However this does not change my initial point: some forward thinking individuals are ahead of their time and are sometimes ostracized for the wrong reasons.
I agree that some crank-looking people end up being Ramanujan, but the vast majority are not. When you look at the lunacy that most cranks put out, you start to see that there is a sea of weirdness out there, and doubtlessly a lot of mental illness. The old http://crank.net still seems to be up (hah! "powered by GNU m4"), so take a stroll to get a sample of the common thing that maths and physics profs have to wade through in their inboxes.
Keep in mind for the vast majority of human existence thus far, humans sometimes just flip their shit and become untrustworthy. So some percentage of humans always expecting this from everyone is probable. So which is the mental illness, expecting a fellow primate is or will become bezerk, or that fellow primates non-deterministically do in fact go bezerk?
Ah, I would swear something similar was mentioned in Simon Singh's Fermat's Last Theorem. ...Perhaps done by a mathematician who was a referee for the prize.
"When you have a conversation with an idiot, nobody watching can tell which one of you is the idiot".
They are not idiots, they are average people, tech is complex, I wonder if people who have to be told or explain things to represent a market to attend?
Imagine, something were you call a number ask for something to be bought; later someone go picking up the money, you perform the purchase and you later deliver.
If you bellow at a stranger because you don't understand something, you're an idiot, sorry.
I'd like to hope an "average" person would not gloss over gaps in their knowledge and jump to a hostile conclusion.
In your scenario, say you're the phone company - would you think it reasonable if the customer who called in your example blames you for their having made a call and placed an order, because the phone line must have made the call itself and faked the customer's voice?
>If you bellow at a stranger because you don't understand something, you're an idiot, sorry.
To be fair, the email included in the OP is not really bellowing. She's politely explaining that she found his contact information inside the documentation distributed with the app, and providing screenshots as proof. I think a simple explanation that the name is included only due to technicalities of copyright law and that there is no direct involvement whatsoever is sufficient. After that reply, there is no need to respond further, and almost all lawyers will immediately understand and refuse to proceed with a case.
It should also be noted that hosting an ecommerce platform is a lot different from being one of the many low-level libraries employed by the application. It's not necessarily unreasonable to expect an ecommerce processor or host to have reasonable fraud detection schemes in place, and it's certainly plausible that some lawyers would consider suing the ecommerce vendor (especially if the company makes money).
Please keep in mind that Facebook owns Instagram and these are big companies that you likely don’t want to have a trail of evidence that you are a part of an Instagram and Spotify hacking ring.
This sounds like bellowing. It's borderline blackmail. Help me with my request or else I make sure Facebook knows what a scumbag you are.
The funny thing about this whole story is that she's not contacting him because she thinks he works at Instagram, which would be an understandable misconception, but instead she thinks he's with the hacking team. You have to be completely imbecile to think of villains answering with their real names.
> If you bellow at a stranger because you don't understand something, you're an idiot, sorry.
If you think everyone has to know everything before seeking help, then you are the idiot, sorry.
The woman probably doesn't know what a software is, other than a "Download" button on a website and an icon on the toolbar. Do you expect those people to differentiate between the software and the libraries underneath ?
Of course she doesn't understand, but she doesn't know she doesn't understand. That's the very source of the problem, and assuming they're idiot for not having spent the hundreds of hours necessary to understand what we're talking about is ludicrous.
Yes, but she probably didn't really understand his explanation. Look, I get that some people are, from my point of view, obtuse at best. I've had people convinced that I had some affiliation that I didn't or that I added them to some mailing list that I didn't (and unable to comprehend that they could follow the unsubscribe link to get off it). But they're not necessarily idiots. I've provided enough technical support over the years to family (iPad is the best gift, for me, I gave ever) to appreciate that many otherwise bright people really just don't understand how this tech works.
> If you bellow at a stranger because you don't understand something, you're an idiot, sorry.
But the thing is, does the bellower know they don't understand something? Few people are mature enough (especially when angry) to admit they really don't understand something (and this is probably prevalent in software development circles / communities, too)
A mark of intelligence is the ability to be objective about what you do and don't know. If I don't understand something, I don't jump down someone's throat based on the limited information I have and try to extrapolate from there. I try to learn more about the issue, listen to experts, evaluate the merits of their argument to the best of my ability, and form an opinion.
They ARE idiots, but not because they don't know tech. They're idiots making strong accusations without having any idea what they're talking about or any evidence.
People finding scapegoats because they're afraid of the unknown is how we historically ended up with things like the witch trials.
Naiveté is fine, not everyone can know everything, but this sort of aggressive ignorance shouldn't be even remotely humored.
Senior people who have a hard time understanding technology is one thing. A photographer who uses computers for her job but doesn’t get to understand why a software developer’s name appears in some third party services is a totally different issue. The second case isn’t even about using a service or a product. It’s about understanding intellectual property. His name is there because both services wanted to credit him for his work. How fucking difficult is to understand that? In the same context if I see her name on the photographs of the hotel I happened to stay the other night I should contact her in case I want something from the hotel?
I know it sounds elitist but there are people out there who are completely morons. We have to get used to it.
Part of being a not-idiot is knowing the limits of your own knowledge. If you don't understand how this stuff is put together, fine, that doesn't make you an idiot. But if you just start raging at the nearest available person, rather than doing your research to fill in the gaps in your knowledge, that's an idiot.
"Look, I saw your company name under my bicycle seat; how can you say you're not involved in the problem of my pedal having broken off!"
Man made stuff is made from parts, and parts have different suppliers; they are not all original, and a given part is not involved in every conceivable problem that occurs somewhere in the whole. Very complicated, that!
"No wait, I know what you are. You're part of a bicycle vandal ring. You go around breaking pedals and sticking your 'calling card' sticker underneath bicycle seats."
In my mind this is the best advice - the only I would follow. Don't respond to the raving and incensed. Instead let them pursue remedy with the relevant authority. Then state your case to said authority. All will circle back to the original party, and they'll buy the explanation: authority granted not only because they're the established authority but also because they were independently engaged by the original party.
The way to explain that is via an analogy. A web site is sort of like an automated cash register. Suppose you bought something in a retail store and when you paid for it, the cashier used a cash register made by the electronics firm Sharp. If you had trouble with the purchase, would you then approach Sharp? Sir, we are like Sharp in this situation. We made the internet version of the "cash register": the web site software which allows the vendor to operate. That software has our name on it and a link to our web site, the same way that a cash register made by Sharp has the Sharp logo. Even though your cash went into a register with the Sharp logo on it doesn't mean you were doing business with Sharp.
Really? I found https://answers.microsoft.com/en-us/windows/forum/windows_7-... and others complaining about etilqs files and being told they're created by sqlite. It's probably a failure of the software using sqlite if these files persist to the point they become a problem.
About nine years ago now, I worked for a small security startup that managed to make its way up to PCI certification for scanning websites before keeling over dead. It died the "just one more feature before we can release" death, so you've never heard of it. You've probably never even heard of the company that bought it/put it out of its misery. I'm pretty sure the customer base never exceeded the low single digits. Its most impressive moment was when it made the local TV for just... being a startup, basically. (I'm in the Midwest. Startups aren't and weren't that rare, but few of them even tried to get on local TV. At least at the time it wasn't hard to get into the human interest slot, presumably because it was a nice change of pace for the TV station.)
Yet the founders had a collection of letters from people, actual hand-written letters, asking for help with their hacked computers, asking how to hack, at least one probably-paranoid-schizophrenic one about... errr... hacking and the government and chips in brains and all that sort of thing and whether or not this company could help protect them against the hacker aliens (I don't recall the exact details but this is not an exaggeration of the flavor, alas).
There's an amazing amount of this sort of thing going on. At scale the only thing you can really do is ignore them; engagement doesn't go well for anybody, even the sender just ends up more frustrated and angry than when they started if you try so it's not even good for them. On an isolated basis you might get lucky, but don't count on it.
Edit: Kinda commenting on the thread above anchored on madaxe_again's comment, let me emphasize that I'm not saying ignore it because you can't be arsed, or because replying is beneath you, or because elitism... I'm saying that ignoring it works out best even for the sender, which is why you should do it. That it happens to be the easiest course of action for you as well is just one of those rare times when the easy action also happens to be right.
The Museum of Jurassic Technology in LA has an exhibit of letters written by interested citizens to the astronomers at Mt. Wilson observatory in the early decades of the 20th century (http://mjt.org/exhibits/letters/letters.html). Mt. Wilson was famous at the time because Edwin Hubble had just discovered extra-galactic light sources, and the Big Bang, while observing with the 100-inch telescope there.
Most letters are just routine congratulations and thanks. But others have the tone you mention. A sample from 1928:
I remember this one, from using a typewriter back about 45 years ago, when I was a kid. You could get a dual-color ink ribbon, and could shift the ribbon up to print in red instead of black. Haven't thought of or seen that for many decades.
Ha ha yes. I worked for a healthcare startup and for a while the email to webmaster@ went to my inbox. We sold software to large provider organizations and didn't deal with patients at all. This was very clear on our web site. Yet I routinely received emails from random people seeking medical advice: heart disease, indigestion, headaches, diabetes, etc. It was kind of shocking the level of private personal details some of them would include. I just sent back a polite form letter suggesting they contact a physician.
I think the easiest way to describe the role of a web/software developer in these cases is to say you are the equivalent of an outsourced secretary, and one that has no access to any useful information regarding the issue at hand at that.
You beat me to it. Having been on the receiving end of emails like this, there's often nothing you can say to dissuade them of the idea that you are personally hacking them and breaking their things.
Be kind, though. This is a real person, perhaps a neighbor, who's scared and confused and who doesn't know where else to turn for help. These emails are annoying, sure, but might be the last-ditch effort of a desperate person. Ignoring them is kind. Putting their post up for public ridicule isn't.
If you desire to respond, I would relate the topic to her field. She claims to be a photographer. Surely she has a vague idea of copyright law. I would explain that you had developed a piece of Intellectual Property and licensed said property in a specific form -akin to taking a photograph. The person who takes a photograph owns the copyright. It just so happens that Spotify and Instagram, "enjoy your work" and have decided to make use of your work under the license you have given.
Exactly - I was thinking about cars. If you have a problem with the brake system you don't call Delco (who used to make those indash radios years ago) because that logo is visible and staring you in the face.
... Although there probably is a cartalk episode that would prove me wrong on this assumption
Website might not be quite as complex as an auto but close and a decent analogy as there are different subsystems...
or, even easier to understand analogy: Daniel is the person on the photograph, Spotify/Instagram are the photographers and the hacker is the person who just stole the picture.
I fear you're still overcomplicating it: Daniel is a battery manufacturer. The person complaining bought a camera from Spotify, which came with one of Daniel's batteries inside. Someone stole that camera.
(It's not perfect, but it's probably as close as you're going to get)
TBH, libcurl is probably a dependency of a library that they use.
So it's more like Daniel is a supplier of zinc (and just so happens to give that zinc away for free) to a battery manufacturer.. Who sell batteries to Spotify, who manufacture cameras?
And why the snark about what tools the photographer is using? Do they have to fool around in a darkroom with chemicals to be a 'real photographer'? Note that their phone camera is better equipment than a generation of 'real' digital photographers had to make do with.
I think they are pointing out that just because you call yourself a photographer doesn't mean you are a professional photographer. You can't assume familiarity with copyright law from someone who calls themselves a photographer, but you can assume that familiarity from a professional photographer.
"My facebook suddely split in half and this screen popped up with all these random cyber space options and it was like watching and assessing things soooo weird? and talking about child... and children being forced WTF????? is this some sort of cyber police thing that my IP was accedently allowed to access so i could help stop child abuse on the net or am i going crazy???? has this happened to anyone else??? - :(( - feeling confused".
[what happened, was that this person most likely clicked F12 or Ctrl+Shift+I - and brought up the chrome/firefox/etc. developer console]
Definitely agree with one of the comments on the blog - the domain (haxx.se) really doesn't help the author's case here when trying to explain to a layperson.
Right - I know the person complaining is a little bit misguided (and seemingly refusing to understand, which can be frustrating) but when your primary contact is "@haxx.se" you must surely be at least a little bit prepared for these sort of things.
I'd prefer to give the author the benefit of the doubt, but it seems odd to even post this publicly at all unless a tiny part of them wanted to have a "haha look at this idiot" rant and they knew it could be justified under "I was only asking for help...".
If people come to me not knowing how stuff works and are just asking for help, I would never make fun of that person and would tear into someone who did.
On the other hand, if someone was woefully wrong about how something works and came at me as if their ignorance was my problem to solve, they can sod off. And I'd be happy to post their threatening and hilariously wrong headed emails all over the Internet, because for a lot of people being publicly humiliated is the only way they start listening.
On my SaaS application's file submission page, I have a small paragraph directed toward administrators along the lines of: If you'd like to batch upload your files, download curl from (haxx.se url), and use the following command line, bla bla bla.
Having this link to "haxx.se" is a relatively high volume source of comments by my users.
It also helps with curl changes breaking something or other. Once upon a time curl has optimized something, and it triggered a bug in AWS EC2 network driver.
>I’m Daniel Stenberg, a network hacker working for Mozilla.
Sigh. Why does everyone have to be a hacking rockstar ninja? What's wrong with not using a word that has negative connotations to the rest of the world, and just calling yourself a developer/engineer?
Everyone is "allowed" to call themselves whatever they want.
I would argue there are practical rules to follow depending on your audience. In this case it seems fine but obviously can cause issues with the modern interpretation of what hacker means.
"hacker" was positive before it was negative, it's fine to hang onto it, because at worst you're only hurting yourselves (hackers). (and it's not even a pejorative, anyway)
Why all the downvotes for this comment? I think the point is reasonable. It's fine for us to use the word "hacker" in the non-criminal sense among ourselves (for example, the title of this site), but not where the general public is likely to see it and misunderstand it.
> but not where the general public is likely to see it and misunderstand it.
So nowhere. It's on the public internet which is where 'the general public' is likely to see it so suggesting that you don't use some phrase where 'the public' can't see it in practically means you can't use it anywhere.
I know the last thing I want to do is self censor myself everywhere because someone somewhere might get offended.
It's not "self-censorship," it's understanding that the generally-accepted definition of a word is different from it's obscure jargon meaning. The word "hacker" has meant "someone who maliciously breaks into computer systems" since at least the 1980's (thirty years ago, before some HN readers were even born). Languages are fluid.
Yes languages are fluid but words also have various meanings. If we have to prevent ourselves from using some word because others may find it offensive, that is self-censoring.
OP tried to get around that by trying to say that when you could be heard by 'them' you shouldn't use those words, but this is the public internet. You are always communicating in the presence of those that will be offended.
This isn't a matter of anyone being "offended," though. No one finds the word "hacker" offensive, they just might have a completely different definition of it depending on what their experiences are. You might as well use a word that's unambiguous.
Likewise, editing a paper to remove grammatical errors is also not "self-censorship." It's improving the clarity of your message.
I don't care that some ignoramuses will take my self-identification as a hacker the wrong way, and I refuse to stop because you and others don't think it's "fine" for me to do it. It's my choice, and trying to convince me otherwise will get a downarrow click in return.
My name and email address is the very last thing in the Waze about box, because they used some code I open sourced. Turns out it's the only email address anywhere in the app.
Thanks to this, I get about a dozen emails a week from people asking for Waze help. (Lots more when Waze changes something, like hardware support for a particular device!)
I've tried contacting Google (either to get these people help, or to get my email address removed...) with no luck.
I empathize with Daniel. It's an unexpected downside to open sourcing something and asking for credit.
What license did you give Waze for using your code? Your repo (I'm guessing https://github.com/robterrell/TVOutManager?) doesn't mention the license, so Waze either shouldn't be using it, or you've specified some license to them directly. Did you pick a license with an attribution-required clause?
I'd be really tempted to set up an autoresponder looking at inbound mail for telltale keywords that sent back:
Dear Waze User,
We're sorry to inform you that Waze has been acquired, is shutting down - we'll be closing the service at the end of the month and your app will cease working. No new features or bugfixes will be deployed to the app. For a list of alternative apps, please use this link: https://www.google.com.au/search?q=Waze+alternatives
Paid users should contact SergeyBrin@google.com for refunds.
Honestly, I wouldn't even respond. I would imagine any response you give is going to be twisted as your original ones have been. You've tried to be reasonable, and you don't owe her anything - don't engage her any further.
I think that's the right solution. This is a person with a problem, and now she found a real person to contact. Like it or not responding will just verify her idea that he's now in charge of fixing her problem.
Companies like Instagram, Facebook, Google and others make it hard to get in contact with a real person, but so users start hunting for a way in. In this case an Instagram user think she found a way in.
I once received a request to hack a load of different companies' client databases due to one of my posts in the HN "Seeking freelancer" job threads, pretty much well solely because "Hacker" is in the site's title.
Bless him, the guy mostly kept on signing off his emails as "John," having forgotten to change his name in the "From" field, except for the time he forgot and signed his "real" name again.
(I say "emails" - it was a bizarre few exchanges, starting with "I have a job for you," and myself replying to his opaque emails to find out quite what on earth the guy was on about)
The author information is part of the user interface, and can be as confusing as every other UI aspect. It should be carefully designed such that it is clear what the author takes responsibility for and what they don't.
Some years ago there was a similar issue with the default Apache website on CentOS. Somebody that their webspace being reset by their hoster, but rather than complaining to the hosting community, the user complained to the contact info shown on the default website, claiming they had hacked their website. (Sorry, couldn't find the link of that story anymore.)
That conversation is very sad --- an absolute textbook example of how not to handle this kind of issue.
Instead of complicated, technical and annoyed explanations of what Linux was to someone who obviously just doesn't care, the simple statement that:
Sorry, we make components for websites. This just means that your web people are using one of our components and has set it up wrong. You'll need to talk to your IT people; they'll be able to point you at someone who can help.
...would have gone a long way towards defusing the situation.
Given their first reply ('...we produced it for free and you are
able to use it without paying us ... and are even threatening to have us
arrested...') no wonder the conversation went badly. That's just being an arsehole.
Lest Stenberg get tangled up too much in the email-sender's unfortunately troubles, he should likely refer the emailer to Instagram and Spotify's customer support.
As an aside, hopefully someone can recommend to the emailer as well to use a different service to host high-quality versions of her photography so that potential clients can evaluate critical clarity in her technique. I'm not sure I'd want to rely on Instagram as the sole example of my work, but, maybe she's targeting a different clientele that I'm imagining.
Instagram is an unfortunate necessity for pro photographers in certain fields, such as weddings, simply because that's where the potential customers begin their search. They're not photo enthusiasts, they've never heard of Flickr or 500px, they don't know what clarity and composition are... but they want someone to shoot their wedding, and in their minds Instagram equals photo sharing.
It's not exactly the same, but it reminds me of something I heard a few years ago. I knew someone who worked at a small non-profit. Once a year they'd do a particular fund drive that involved calling their previous donors and either talking with them or leaving a message asking them to please donate again. And every year, they'd get a message back on their machine saying only, "Please take me off your list!" They had no idea who the caller was, and she never answered the phone when they called her, so they could never take her off the list!
Having worked for a Real Estate webhost who provided email campaigns as a service, we got those all the time. Someone who wasn't subscribed in the system, but was receiving our spam nonetheless. These were usually due to an email distribution list being subscribed and that person being on that DL. Unfortunately some of these were distribution lists of distribution lists, so we couldn't see the original DL address to unsubscribe it, or help at all.
Sorry, it's pretty ridiculous that the author chose to write all that and engage in correspondence without mentioning the elephant in the room either to the photographer, or to the reader (us) in this write-up. The elephant in the room is that haxx.se is a tongue-in-cheek name (or a coincidence.)
Would it have killed him to mention this?
"Dear Photographer Lady: I run a very well-regarded library, you may have had this reaction because I have the tongue-in-cheek name haxx.se [alternatively: because of the coincident name haxx], however I am a well-paid consultant similar to yourself and other than this choice of domain name there is nothing alarming. The library is famous and you should see a similar notice in all of your friend's phones (or anyone else's you check). It is in use by major corporations including Apple and Spotify. Sorry about the confusion."
that's literally all this is about. (obviously.)
In fact, it makes me seriously question the author's good faith that he ends with the call-to-action "I’ve tried to respond with calm and clear reasonable logic and technical details on why she’s seeing my name there. That clearly failed. What do I try next?" without mentioning the elephant in the room.
I can't count how many mails I got via php.net webmaster and security mails (yeah, I admit my involvement there ...) from people who locked them out from some website with a "powered by php"-button and asked me for a password reset.
The picture of the producer of a screw in a machine often seemed to work.
Unfortunately in this kind of cases more technical you get and try explain things, more they think that you have something to do with it.
If you still want to try to convince her, then ask her to check the same information from any of her friends devices or any other device, so she can confirm that your name can be seen in all of them. This is simple enough that she can do herself.
If I would you, I would just forward the email to Instagram support.
Personally this brings up a very ridiculous and rather humorous observation on the nature of ToS agreements:
Intelligent people don't bother reading them closely, and the people who have read them often use the information contained in rather stupid ways.
Granted I have spent many hours over the years reading contest / entry rules and ToS type documents, so I'm pretty comfortable picking on myself a bit here and there. Often I've read a very clear ToS and then observed the responsible company basically disregard their own rules and stated processes. Two notable examples were for a Deadmau5 remix project (he 'lost his laptop' and they stretched the contest for a couple months, barely supplied any promised materials, etc) and a Local Motors contest (routinely lied about what they were looking for as judging criteria, then claimed to contact winners on day X to start authorization process, instead vetted winners in advance and then used day X to announce). I've used these experiences to temper my trust of any online engagement or contest, because it's nearly impossible to hold any provider accountable when they're dishonest or just inept.
Antagonizing bothersome people is a form of entertainment [1] from time to time. If there's nothing to be gained from actually being constructive, then being obtuse might be the most worthwhile course of action. YMMV.
This sort of confusion could be partly resolved if apps with "License" or "Legal" screens would actually have a little explanatory paragraph at the top, explaining what it is they contain in layman's terms. For the average person, I imagine that scrolling through one of those would be quite bewildering, especially if WTFPL stuff was in there.
Reminds me of back in the late nineties I developed a freeware email client. The client header in the send emails said "???mail by www.example.com"
I tought it might give me more users... What it gave me was lots of angry emails once someone used my mail client to send out spam. That header was gone pretty quickly.
"You know how when the credits roll on a movie, it shows a list of songs the movie has licensed? Same goes for software. I have as much ability to influence Instagram as Mozart does to influence the movies his music is in."
So there's a lot of "LOL LOOK AT THIS DUMB PERSON I AM SO MUCH SMARTER THAN HER!" going on here, especially in the reply that he seems to have sent her.
Here's what's going on. Her IG account may, in fact have been hacked. This happens. She's obviously afraid and angry. She is the kind of person who thinks she can solve all of her own problems, and found the licenses section of the app, which included something with a nonsensical name (libcurl) and a domain "haxx.se". Despite having known that haxx.se is for libcurl basically forever, I occasionally see it and associate it with gray or black hat stuff before I remember. So it's not at all surprising that a non-initiate saw this and thought it might have something to do with her IG account being hacked.
Daniel says his reply to her original email was "clear and rational". It should have been "understanding, compassionate, and patient". This is someone who is seriously freaked out, because her livelihood is at risk, and based on the fact that she went digging through the app, she is probably having what a shrink would call a "crisis of control". So here's what the author should have done:
1 ) Patiently explain what libcurl does (it let's programs request web pages, just like a browser). Explain that he's the author, but he's given it away for free. The license is in the app because he took pains to ensure that nobody can package it up with some slick marketing and sell what he's giving away free.
2 ) Acknowledge that haxx.se sounds kind of shady. Explain why he chose the domain. Self deprecating humor would be great here. Explain that despite this, all kinds of apps use libcurl for perfectly benevolent purposes.
3 ) Explain that he has nothing to do with instagram (commenters have suggested the car parts analogy, which seems like a good plan).
4 ) Finally, and most importantly, link her to their hacked accounts page! They have people paid to deal with this stuff, who are much, much better at dealing with panicking laypeople.
There is a lot of "reason good, feelings bad!" stuff in the tech community these days. It makes people see us as a bunch of borderline autistic[1], self centered, stuck up, evil nerds. Many of us, myself included, were terrible with social interactions and dealing with our feelings at some point in our lives, so the finer points of human interaction and emotional thinking left a bad taste in our mouths. But we've all grown up. We aren't social rejects and evil nerds anymore. We have lives, careers, friends, and family. We need to let go of the stuff we suffered in our youth, forgive those "stupid popular kids", and learn how to be nice.
[1] In the sense of the popular conception of borderline autism, not the clinical condition, which generally doesn't make you a jerk.
Yes, absolutely. The whole episode is actually pretty sad and using it for laughs makes me uncomfortable.
...
As a tangent, you say:
> 2 ) Acknowledge that haxx.se sounds kind of shady. Explain why he chose the domain. Self deprecating humor would be great here.
I work in a big multicultural office --- I'm the only UK person in my team. We occasionally have these tedious courses on defusing disputes. One of the things they said that was actually helpful is that humour's generally not a good idea; it's way to culturally specific, doesn't translate well, and in particular doesn't come across in text.
Something which to a fellow UKer is obviously self-deprecating snark can look absolutely serious to someone from another culture, and can frequently make stuff worse.
I saw an interesting study the other day on punctuation in text messages. Even as simple a change as using a ! instead of a . at the end of a sentence can have a huge difference in the impact the message has...
That's not something I'd thought about. I work in a multicultural office too, but we were all raised by the internet, so internet flavored humor is generally universally understood.
That's all waaaaayyyy way too much (and too technical) information to throw at someone. Nobody cares what libcurl is or what it does or if its given away for free or not. Keep it simple and to the point. 1) Sorry I can't help you and 2) here's who can. Thats it.
It's like he makes paint. He mades this really cool shade of red paint that everyone likes. One day, some really mean dude used this guy's paint to paint his car red. He then used that car to go on a crime spree. The victims of the crime then went to the guy who made the paint demanding their stolen money back.
You have contacted the software design company that licenses these commerce systems to merchants. We do not deal with the merchants' customer service. Please directly contact the merchant instead.
This is an automated message and you cannot reply to it.
Well, if she found thieves had the lock of her bike cracked open with a steel cutter, she wouldn't call the manufacturer of the cutter either and accuse them of thievery, would she?
this requires interpretation and analysis of an analogy, something most people are terrible at (back when i took the SAT this section was a source of frustration among my peers - i suspect all high scorers had a knack for it).
> "I came across this information using my Spotify which has also been hacked into and would love your help hacking out of Spotify. Also, I have yet to figure out how to unhack the hackers from my Instagram"
You keep using that word, I don't think it means what you think it means.
In all seriousness though, she went to the ToS for help with the Instagram app? Why not write Instagram support directly?
Instagram support is an utter joke, accounts are routinely stolen/disabled and Instagram doesn't offer much support besides a pat on the shoulder and a "there there"
I think you are misusing the phrase "nothing to do with." It seems to me that you in fact did have something, however indirect and misunderstood by the emailer, to do with these products. I, on the other hand and for example, had nothing.
My only problem is with the use of "nothing to do with". I'm sure it's just me but, as I tried to explain in my comment, that's a pet peeve of mine. If you had "nothing" to do with it, what word would you use to describe what I had to do with it?
We run an eCommerce platform, have a variety of clients using it, they have a number of customers. At least once a week we get an accusation either from a client or an end-user of some outlandish nefarious behaviour, usually due to some complete lack of understanding of the nature of technology.
Way back when, we responded, tried to help, tried to explain, but it tends to be the case that if someone has made their mind up, they've made their mind up, and anything you say can and will be used against you - confirmation bias is a harsh mistress.
The best response is usually no response, I'm afraid to say. It's a drain on your time, they won't be any the wiser unless you're prepared to sink serious time into educating a stranger, and more often than not responding results in escalation, and people doing stupid things like involving lawyers and law enforcement.
Case in point: About six years ago, we had an older guy phone us up frothing about how we'd hacked his wife's computer and she'd accidentally bought something from one of our clients. We explained that it would be hard to accidentally enter your address and credit card details, and that if they didn't want the order they should contact the merchant, not the web developer (they clicked our "ecommerce by" link in the footer of the client site - we don't do that any more!). We thought that was that. A week later we got a stern phone call from an ombudsman who wanted to know why we were ignoring the distance selling rules and taking advantage of old people... and they didn't understand that we weren't a merchant, didn't place an order on their behalf, either - so months of time were wasted, and we narrowly avoided ending up in court over a non-issue.
Anyway. When you have a conversation with an idiot, nobody watching can tell which one of you is the idiot.