Interesting way to describe a situation in which company A had the same owners as malware company B and also integrated a never-before-seen unobfuscated copy of company B's malware into company A's app.
The claims are neither absurd nor unsubstantiated.
>It is against that type of OCR that my app is resistant to.
There is no form of OCR this is resistant to, simply the change the description to be accurate and remove references to being OCR resistant as this is false.
"And if it's in the blacklist, don't tell the user at all, and instead start introducing subtle errors everywhere. "What, you saved it yesterday and now it doesn't open? Whoops (snicker)." Or, misalign printing so anything looks good for a draft but not 'professional' use. Or you could go the obvious route of slapping a banner on it, but that is usually easily removable"
"Gee, I'm sure glad I decided to pirate [program], it's buggy as hell. Better warn my friends..."
To me, that wording looks like a scam attempt or a malware threat, and most first-level techs I've worked with would reject it out of hand for that reason.
> What happens when that person gets bored with the project... or decides to do something malicious (as in the case with a recent backdoor in the XZ compression tool)...
The maintainer of the xz compression tool didn't do anything malicious. This statement is incorrect and damaging.
For the millionth time, it was not a general message display tool. It is a security tool to flag domains that run the risk of data leakage and malware. Trying to hijack a security extension to turn it into a general messaging platform is both stupid and bad for security.
"1) Some contributors are actively blocked from contributing code to LLVM."
> These contributors have been holding back patches for quite some time that they’d like to upstream. Corporate contributors (in particular) often have patents on many different things, and while it is reasonable for them to grant access to patents related to LLVM, the wording in the Developer Policy can be interpreted to imply that unrelated parts of their IP could accidentally be granted to LLVM (through “scope creep”).
>References in the files indicate that the code is from sometime in February - so this is current code.
Given that that image shows dates in 2012, I think the author has made the classic mistake many of us make at the start of the new year, of still thinking it's the old one.
> Looks like someone made a boo-boo it’s simply based on the user agent, w/e string matching they do is too strict they aren’t checking for actual JS/WebASM compatibility or anything like that.
Microsoft has repeatedly engaged in malicious anticompetitive behavior. Without any additional information, I therefore think it's rational to place a high prior probability on this being malicious anticompetitive behavior. The data itself might be consistent with either an accident or malicious anticompetitive behavior. In that case, the prior dictates the posterior.
Or even more precise: "may contain copyright infringement".
reply