How do you deal with the permissions on using Shortcut?
With the new macOS Spotlight improvement and the window management getting better, I thought I will get rid of Rectangle Pro (I use only that custom window resizing) and tried a window Resizer Shortcut. I’ve tried giving it as much freedom as I can but it keeps bumping into more and more gates.
Btw, I think I jumped too early on that Spotlight thing. I remember, I got back to Alfred last week.
in my experience i get prompted on first launch but then it runs well afterward. can you tell me the permissions prompt it's asking for? i'll see if I can reproduce and help with insights.
Can those of you writing off half of America as “ignorant “ or “anti -science “ please move those comments back to Reddit. And what conclusions did you draw when obvious left leaning apps were breached ? FB, LI , Washington Post , twitter (pre Elon) all had breaches . Does that mean left and right leaning Americans are all ignorant ?
I don’t take any offense , but I do have high standards for this forum and cringe comments make me less likely to hang out here
On a site called Hacker News, we need more analysis of one of the classic hacker skills, social engineering. Our first luminary hackers, and their first books, and our first movies, are about manipulating your average office worker or security guard. It doesn't work every time, but those people vote and hackers illuminated some early tools at automating the manipulation.
The turning point was smartphones. No, they don't clandestinely listen to the audio, or smuggle tower locations of unimportant people. But (all of our) behavior changes when we rely on an app and give up those other liberties because app. Some social engineering was required for mass adoption thereof, and most of us here are acquainted with the analytical means to concentrate delivering that. Half of our society has weaknesses that we euphemize as "gaming habits" or "addictive personalities". Maybe they know it; I'm not down here haughtily scoffing that they cannot know it.
China and Russia and North Korea don't show those weaknesses because those people are down in the mines. The powers learned social engineering within their closed societies, not in our open societies. They promote a nation and a people unified with one personality. The United States and similar freedom exponents have to contend with attracting the world's talent by explicitly tolerating any personality. At least for now
None of the sites you mentioned are (or were) left-leaning unless you are saying anyone less politically correct than Fox News is leftie, but that’s missing the bigger reason why the MAGA connection matters: MAGA is at its heart conspiratorial, obsessed with the idea that the “elites” are against the common man. That war on expertise has been there from the beginning and it makes followers unusually vulnerable to scams because it normalizes this way of thinking that everyone’s opinion deserves equal weight. Sure, security experts say to use Signal but why should you trust them any more than the scientists who say the earth is warming or the economists who say that gold has drawbacks as the basis for an economic system?
It would waste my breath to try to convince you that MAGA Americans actually are intelligent. My point is that all apps have breaches , and a great many of them are run by liberals (who love climate change and inflation, as you do ) , so what does any of this have to do with a tech forum
> It would waste my breath to try to convince you that MAGA Americans actually are intelligent
Definitely, because I never said they weren’t and certainly don’t believe that — I know too many smart conservatives for that. That’s a big part of the problem: smart people can put a lot of effort into constructing rationalizations so when they’re immersed in a culture where political correctness trumps objectivity they’ll construct elaborate narratives to support the ideologically useful outcome.
The relevance to security is that these people are more vulnerable because they can’t tell charlatans who appear to be on their side apart from people who actually know what they’re talking about. There are tons of right-leaning people in tech but as we saw with election fraud claims, the competent ones know it’s risky to contradict the narrative and stay quiet rather than being accused of being RINOs. It’s similar to how things like MLM scams spread in religious communities if you have experience with that, where things usually have to get pretty bad before someone is willing to criticize a friendly member of their congregation.
don't you see how this perspective is the same tribalism (all my leaders are benevolent, all of theirs are tyrants / grifters)?
For every example of Maga group think, I can think of an example of Obamaphile group think.
And if the contrarian / doubtful end of the spectrum ( all elites are nefarious) is bad, doesn't that imply that the gullible / trusting end of the spectrum (all elites & academics are benevolent) is also bad?
The roles are just a mirror of each other. You're just picking sides -- which is how things usually operate.
They are left leaning and run predominantly by left leaning staff and boards . FB and X have pivoted opportunistically to Trump , and still only slightly
i tried to see if it has any ties to the actual GOP national or any state parties and it's unclear. I'm guessing it's not affiliated and GOP is not trademarked.
I asked because both political parties have chapters at national, regional, state & local levels so "GOP job board" on the face wasn't clear which organization was running it. Some parties cover rural counties of just a few thousand people.
I back up regularly using Google Takeout and similar tools, but I don’t think it’s fair to shame this author . Even if you have backups , your recent and essential content and credentials will be locked out . 1% of your content is the most important
We all depend heavily on cloud storage and sso . Everything works fine until you are locked out .
And using them isn’t fully voluntary. They are necessary for collaboration . You end up using what your team uses .
You can try to be that “own cloud” snob but it only works if you live in a basement
Every normal person has content in Google , iCloud , OneDrive , Dropbox and maybe more. That’s 4+ single points of failure
You’re just not imaginative enough if you think you’re safe .
Lot of arrogant people here who think they are safe and better than anybody and blame OP.
It is totally normal in today’s world to depend on cloud services and reasonably difficult to do without it. In China: no WeChat you are practically dead. Here try to join meetings without account, try to send a message on WhatsApp without account, etc… a lot can go wrong very fast. What if you used your Apple account as SSO to other services ?
> Lot of arrogant people here who think they are safe and better than anybody and blame OP.
You see this a lot in the Apple "community". Apple can _never_ do wrong. Apple can _never_ make a mistake. Apple's choices are _always_ the best choices.
I don't understand why people put corporations on pedestals.
Commentators here presumably work in the industry, possibly even for 'the big companies' (I'd say FAANG but any big, life-depending, big-architecture corp, but you know what I mean, basically)
They should be tripping over themselves of "How can we fix our corporate incentives to actually deal with customer problems". Not "lol OP, sux"
The root issue/risk is from cascading service dependencies, and I'm 99% sure this is done unintentionally at Apple et al.
Team builds service. Service depends on first party identity/authentication because it's easier.
... Fast forward 20 years, and no one at platform company even understands the dependency graph from a customer perspective anymore. Especially in the case of rare events like account locks.
Consequently, those customers face a sudden Kafkaesque maze of edge cases that don't line up, as the customer service processes people are funneled through are literally incapable of solving the problem.
Which means the entire "normal" customer support apparatus is unavailable to them. (The same apparatus companies aggressive shove all support through)
This is why there should be regulatory requirements for identity platforms mandating the ability to speak to a human who's empowered to fix your issue + an option for customer-choice decision arbitration + continuous random sample audits with penalties for falling below KPIs (timeliness, correctness, etc).
It should literally be illegal for a company to have their banning system 'oops' and then pretend they don't know you.
Because it's only going to get worse as more AI / probably correct methods infuse account security functions.
Honestly it seems like nobody under this entire post has actually fully read the TOS for any Apple service.
I have once for iCloud... and the impression I got was that they must think close to 100% of the population on Earth are potential scoundrels for them to put in so many clauses and escape hatches.
I don’t think it’s possible to fully read any modern TOS from a bigco and not get an inkling of that.
The real issue is why are people signing up to TOS they haven’t fully read, and if they have… why are they signing up for something that directly spells out they are possible scoundrels who need to be dominated.
It’s like some kind of mass self humilitation ritual.
Wasn’t them finally implementing competent (if overly annoying) iCloud MFA the result of this kind of thing, with social engineering/photo leaks from celebrities or something?
So let me try to understand you. You have 200 friends on whatsapp and FB locks you out . Now you can start sending them letters ? And how do you get their number .
WhatsApp,WeChat , messenger , telegram all use private addressing
Reminds me of a story:
When Facebook was launched I created an account.
Fast forward 10 years, account got permanently locked for suspicious activity.
Unsuccessful appeal. So permanently lost contact with some of my childhood friends and no way to recover them as they are in private mode.
If you hope on Instagram to find a girlfriend, it can also have a serious impact on your life to not have access to it. No instagram + no WhatsApp = paranoid weirdo = not dating material
Facebook's actually the only company I've heard of that will ban you for inactivity. Gmail will delete addresses if you don't log in for a while though I think they probably scan for 'one and done' things, and not things that look like critical infrastructure, but that's just a guess
it's not just about cloud service dependency, or his loyalty to Apple, or things like that. for important data you _have_ to have backups, 3-2-1 rule and all that. the fact he put all the eggs in Apple's bucket is beyond me.
sure i am dependent to cloud services as much as he is, much to my own chagrin, but at least i have all my data backed up??
I’ve interpreted it as a sort of head-in-sand coping mechanism for those low-likelihood, high-consequence events people feel powerless over. It’s less distressing to be powerless if you decide that the real issue was a fault by the victim and not a powerlessness you have in common with the victim.
You’re right that nearly all responses are emotional , to maintain internal consistency. Even purchasing large gift cards is a common discounting approach when paying for cloud .
The sad news is when important people get locked out they can call dedicated support . This case was of someone who wasn’t celebrity enough to have that access
Oh I doubt it was his fault. I had something similar happen setting up a phone for a neighbor. Apple decided it was fraudulent after I added her address to the account. It was now dead with no recourse. At least I didn’t spend much on a used phone. Picked up an android and said it’s time to adapt.
I love your comment and I could not just upvote it because it is true with so many things. The technocracy/corpocracy is trying to sell you things that mnake you believe you can have power over everything, even your life. Anyone who "fails" at anything, it is all your fault. I have literally been told my mental illness, and my current homelessness, is my fault because I did not do the right thing. The power and control people think they have over their lives is a paper thin delusion.
Our shared powerlessness should bring us in communion with others, but the technocracy/corpocracy wants to rip that apart and make us dependent on them for profit.
It is possible to suggest preventative/corrective action without blaming OP. I find it kind of sad that you can't make helpful suggestions (to future potential victims) without someone saying you're "victim blaming."
you're right there's a fine line. I interpreted the tone of most as judgmental / critical.
saying "get a lawyer" or "file a complaint" is constructive. saying " it's your fault for not backing up" or "that's what you get by using cloud" is just judgmental. Neither are practical solutions, regardless. Even with perfect backups it would have happened. And for 99% of social people, it's impossible not to cloud.
Using a separate email address for each site is smart, but creating a separate email account for each site is going to be very tedious, and I imagine Google, Yahoo, etc are going to stop you very quickly after you've opened 20+ accounts with the same phone number.
(Use a catch-all to have different email addresses for different sites, because when one gets hacked, then the damage is limited.)
Only if you are not locked out of the registrar. Then your only hope is what nobody would squat your domain when it lapses.
Eg: Dynadot decided what my birthdate is a secure pin two years ago. No combination of it works and I'm not even sure if I'm not shadowbanned for the attempts.
I tried this for a little while but quickly stopped as a critical mass of websites broke when I tried using it to sign in. Special characters in your email address is an edge case that produces inconsistent results even within a single product
YMMV, I think I only tried to sign up on 3 websites where it was not working. You can fallback to the original email address in those case.
The funniest part was that for one it work great for the signup part, but they used a third party tool for licences that broke because of my e-mail.
For another, only the js code was verifying the e-mail, and I could push it by removing the validation. When the owner had to validate my account, they got a message that the e-mail was incorrect when they tried to submit the form. They called me and had a great discussion about web apps security. We had a good time.
I would point out that it kind of prevents you from checking if your email is in a leak database as you need to test each aliases you used.
This has worked for me for nearly 20 years (when I made the account I didn’t know that the dots are ignored). The only time it’s been a problem was with one company whose system stripped the dots out.
You need to send them an email to cancel. When I tried they said “you need to cancel from the same email you signed up with.” :/
I have content on Google and Dropbox but I have live backups. It would be very annoying to be locked out of Google, but I would not lose any data. Anyone can have a NAS, you don't need a while basement or to live inside of one (??!?)
Yes, those companies should absolutely be forbidden to behave like this, and punished heavily when they do. But until it happens (which doesn't look like it will), your data is your responsibility.
You lose the Google content , since the export is lossy (docs , sheets, slides , etc) . And most of the value is collaborative . You’ll lose anything that you contribute to that’s not in your account . You’ll lose credentials (eg sso to third parties ), messaging access .
You’ll lose indexing and metadata , like Google Drive search , Google Photos search , thumbnails .
It’s a myth to assume the value is in the backup. Most of the value you have is in the access and the application
I don't have anything serious on Google drive, just some files I share with third parties that primarily exist on my network; and certainly no photos. Photos are on my NAS which is backed up on several disks; I publish them on a small app that I built, self-hosted (after years with Smugmug I left them two years ago).
Most accounts with third parties use domains I own that are not on Google in any way. Some still use a gmail address and I need to migrate those. But nothing essential.
That’s helpful context . How do you collaborate ? For example when a customer or partner sends a Google Drive / Dropbox folder for you to contribute to ?
You can run rclone every couple minutes on your NAS, it checks mtimes like rsync so it is reasonably efficient for most cases, though you may run into ratelimits with bigger data.
Google Photos deliberately broke all backup tools in March, so there's that.
Yes you can still mostly do Takeout, but it's garbage. (not incremental. Requires me to remember. duplicates files for every album (total incompetence). downloads regularly fail. Requires more room than I have on my mac to decompress so I have to put it on an external drive.)
I am not depending on cloud storage at all. What do I need to upload onto some cloud? And when I need to sync between devices, or rather want to sync, then I have a Syncthing setup on my server running. No cloud. And copies on participating devices.
Sure, it is not directly their fault, when they are treated badly by big tech. Though of course they could have been more careful, and rely less on big tech and cloud. We can all learn from this example, like many others before this one.
How do you collaborate ? Do you have friends ? A job ? I’m not being rhetorical —- it’s very rare to have friends or a job and not have some ties to the cloud. Even my tiny HOA manages its record in the cloud
I commit code. I pair program. I share screen. That sort of thing. Code is mostly set up to have reproducible results. If it is not working on the other machine, then that's a bug and we need to solve it. There is not much collaboration I need to be doing in my free time. What I did on the last job is not what I depend on, but what a business thought they depend on. That's their stuff. If it fails because of some cloud ban or outage, not my problem.
When I need to share files with friends, I send them the files. Or I use Copyparty. Or, if they are more technically minded, I use Syncthing. For not so technical friends, I don't have to share 10k photos at once. Maybe I will send them a few photos via a messenger. Or some files they need via a messenger or have them on Copyparty, if needed often or again in the future. There is no issue.
> Do you have friends ?
Yes.
> A job ?
Had, and probably soon will have again, but I don't know what that has to do with what I depend on. If my job prescribes some cloud usage that is unnecessary, I guess I can try and show an alternative and begrudgingly accept that I have to use shitty tooling. But if somehow it is made impossible for me to use that, then it is their job to find an alternative. I am never the one prescribing it, and I myself don't depend on cloud.
> I’m not being rhetorical —- it’s very rare to have friends or a job and not have some ties to the cloud. Even my tiny HOA manages its record in the cloud
I surely have friends, who probably use some MS or Google cloud stuff. But that's their problem, not mine. I don't depend on that. And they don't share that much stuff with me, that there is sufficient incentive to start depending on it. And if they did, I would tell them, that I don't want to make a shitty account on MS or Google cloud storage thingies.
Presumably, as the GP said, you're not a normal person and you live in a basement. >sigh< (I'm with a lot of what the GP said but they didn't need to be insulting.)
The solutions self-hosting storage for non-technical people are terrible. Presumably there's no market for selling a solution that gives individuals data sovereignty. I would guess the margin isn't there and a recurring subscription for something you own is probably unpalatable to a lot of consumers. So this is what we get.
The main side-effect is the lack of trust and integration. For example, if you self-host your email (or more realistically push it on a VPS), then the moment you want to send an e-mail you are going to be marked as spam.
To register on some websites you may sometimes receive: “please use real email from gmail/outlook/etc”.
When you have a business meeting with a customer: “oh just install Jitsi on your mobile phone” is the best way to lose a sale.
Or no way to pay train tickets because you cannot install the app because your Apple / Play Store account is locked.
I get what you are saying, but the examples are not great:
I've rarely seen (if ever?) a website so stupid and user hostile, to claim that there are no other "real" e-mail service providers out there, other than gmail, outlook, or a maybe a few others. There are services, which reject things like tempmail, that much I have seen, definitely.
Jitsi Meet runs in the browser. Does it not on a mobile phone? Perhaps there is something to this one, if it is the case, that customers in some areas don't even own any working machines any longer and only have phones.
Train tickets, at least where I am from and living, one can always buy, by going to a service center, or online via browser. I never had to use an app to buy train tickets. Even when traveling in China, which is arguably much further in terms of digitization than Germany, I was able to buy train tickets via a website comfortably, upon which the ticket was registered to my passport.
But I get it, there can be such examples.
Though I don't think this really matches the "depend on the cloud" thing. It's more like depending on services, that make use of "the cloud", and not directly using cloud services oneself.
I agree with you, and I think your reasoning is totally understandable. Just that I see additional friction, and friction in a business world is risk :/
(side-note, with Jitsi, it feels like I have a fireplace log in the hands when I use it)
I think Samsung rejected non-"Big Emails", but pretty sure we can find exceptions both ways.
Fun stuff I found while searching:
> https://transportation.ucsc.edu/buses-shuttles/dvs/
>
> The Disability Van Service (DVS) is a shared-ride service that provides on-campus wheelchair ramp–equipped transportation for those unable to use the regular Campus Transit system due to disability
>
> If you are a visitor, please use a Gmail address to complete the form or email dvs@ucsc.edu if that is not possible
and then, the form is behind... a Google login wall
> and then, the form is behind... a Google login wall
Ugh. The people making that should really be informed about the issues they are causing with this. They probably are just uninformed and want to offer a good service, but actually are forcing people to give up personal data to Google, which is a big no-go. This is what happens when digital rights and privacy unaware people are in charge of something like this.
Concert and theatre venues in the US, mostly locked into exclusive agreements with Ticketmaster, practically require a smartphone running the Ticketmaster app. You can load the tickets into the Apple and Google "wallet" apps but you have to have the Ticketmaster app to do that. In the past year I've had to pretend to be a confused elderly person and beg box offices to get me printed tickets because I don't want to load the Ticketmaster app. Eventually I'll have to buy a burner device, assuming I still want to attend live events.
Ah, perfect! One question: is Ticketmaster rejecting non-"Big email providers" ? I suspect they do, due to bots (wouldn't it be the same with Tinder, etc ?)
I don't know. My Ticketmaster account was created in August, 2005, and is a one-off email address at my personal domain. I have no idea if I could create an account like that today (and I'd be afraid to try).
> there's no market for selling a solution that gives individuals data sovereignty
Theres no turnkey solution (of course not, it is prohibitively complex to architect one), but the bits and pieces are there, built on tried and tested software. For example, SMB and rsync and their clients, are practically enough to do backups.
Sovereignty also means responsibility. Either you have to keep your network secure, or you pay someone else do it (not always very well), otherwise you get security problems. Same goes for redundants backups, hardware maintenance, etc.
> Every normal person has content in Google , iCloud , OneDrive , Dropbox and maybe more.
So, fallacy aside, the abnormals would be...
a) people that don't tech, and
b) people that saw the writing on the wall years ago, and either didn't trust the system and didn'tget into it, or those that did for a while, and got tfo.
Not saying this in a derogatory way, but that pretty much means you are not a "normal" user but someone who is tech savvy enough to not rely on someone else's cloud.
"all it takes" is a very naive simplification of how to accomplish this solution and is much more complicated for a non tech savvy person than just hitting "yes" on a backup option their phone prompts them for.
I feel like you must be in a social bubble if you think this is a task the average Walmart American views as easy. These devices also are typically marketed for PC backup and don't usually make backing up their phones "easy". It also is something they'd have to regularly remember to do. It's substantially easier for a user to have their photos immediately and automatically backed up to icloud or Google Photos, and you're being intentionally obtuse if you're suggesting otherwise.
It's also not at all appropriate to claim people are "developmentally challenged" simply because they don't feel comfortable backing up their own data regularly to an external device. As such I have also flagged your comment.
You’re not getting parity to the actual value of the cloud apps. Cloud apps aren’t about syncing your content. They are about adding value on the content by collaboration, indexing, first-and-third-party credentials, and now AI generated content.
If you don’t acknowledge the value in that functionality, I’m assuming you aren’t collaborating with anyone..
First of all, you don't have to care about this, unless you are wanting something from others and you depend on others and their opinion about your writing significantly.
That said, it does make your writing seem very odd. A little bit like the people, who apparently don't know what the shift key does, or how to trigger capital letters on their phones or something, and write only in lowercase letters.
Just because your phone does something silly, and it is not you doing it intentionally, that doesn't mean, that other people will not get a weird impression from you writing like that. In a way, you are letting your phone change the impression others are getting from your writing. And that impression is for many people that they wonder, whether you know the conventions of writing.
Now, like I said, you don't have to care about this. But if you want your texts to not come across like teenager written texts or low effort texts, it would be a good idea to fix your phone's silly settings, so that it doesn't do that to your writing.
For what it’s worth, I remember having this issue with Samsung OneUI keyboard when it was in French. In French there is this rule there that you should put a space before “?” and “!”, so perhaps their developers understood “all punctuation” or something.
The legal Deparment runs most companies . They are the only way to get something bespoke done (like unlocking an account ). And companies are terrified of discovery.
Any lawyer can file a complaint in small claims . OP has paid for a service and has a contract
They booted him for TOs violation, that was their action. A judge can decide whether that action was a breach of the contract, or if the contract itself is lawful.
We live in a common law country. It means that the judgement defines the law, not contracts (and not even statute, strictly)
> Every normal person has content in Google , iCloud , OneDrive , Dropbox and maybe more. That’s 4+ single points of failure
It only means that the content is not valuable for them. I know people who created Google Account only because the phone required them to and they do not even remember the password or username, and do not use Gmail (why use email when there is Telegram). If they lose the phone, they would just probably make a new account.
If you were an investor or trader, managing millions of dollars, would you keep the only copy of critical information in a cloud? I don't think so if you are a reasonable person. Would you keep the only copy of a cryptowallet key in a cloud?
> If you were an investor or trader, managing millions of dollars, would you keep the only copy of critical information in a cloud?
I don't think the idea that they could lose access to their accounts occurs to most people. I've done enough business continuity and disaster recovery work with small business to be confident in saying it doesn't occur to small business owners. I'm not sure why individuals would be any different.
It's very hard to put yourself in the mindset of a non-technical person.
> I don't think the idea that they could lose access to their accounts occurs to most people
Most people do not store anything valuable in the cloud anyway. The only problem is that they won't be able to login into Windows if MS bans the account, and they won't be able to install apps if Google bans their account along with phone serial number.
This is inconsistent with the basic concept. It’s projecting and reading lasers . By default some emissions will hit people in the eye. Even invisible light can damage tissue , especially in the eye
just a few hours ago we found a pretty nice residential desktop use case for proper v6 (with prefix delegation), due to no need for NAT the old router (2013) became less of a bottleneck!
Tesla is the only company making money off of these products .
People keep complaining about the AI bubble but we sustained an EV bubble for 15 years without it popping .
reply