How a sex site left member data open to anyone
January 27, 2017 5:44 AM Subscribe
"...the editors found that at that time, thousands of personal images that members had uploaded in order to join Skirt Club were accessible to non-members – photos of users partially or fully naked, often recognisable, sometimes even with their names mentioned in the image. You didn't need to hack the site to see – they weren't password protected and anyone curious enough to make a bit of an effort could view and download the photos." [nsfw]
I'm less surprised that there was a security error in the first place than I am that they were not quick and thorough about fixing it.
posted by Dip Flash at 6:18 AM on January 27, 2017 [2 favorites]
posted by Dip Flash at 6:18 AM on January 27, 2017 [2 favorites]
Wow, fuck that woman. Aside from the fact that she's literally running a closet as a business, she then had like...zero respect for that closet.
An attack on women in general? Fuck yoooooouuuuu.
posted by schadenfrau at 6:20 AM on January 27, 2017 [7 favorites]
An attack on women in general? Fuck yoooooouuuuu.
posted by schadenfrau at 6:20 AM on January 27, 2017 [7 favorites]
"I'm less surprised that there was a security error in the first place than I am that they were not quick and thorough about fixing it."
I'm not surprised by their inaction at all.
For one, it was user's private photos, not financial information, so a company would have less incentive to deal with it (even though those photos can in some ways be more damaging, since a credit card can be cancelled but a picture can never be rescinded).
For two, for years we've seen company after company deny and refuse to deal with it (even when it is financial data) until the moment when it seriously starts to pinch their bottom-line (a few companies are responsive and open about what has happened, but most aren't).
posted by mystyk at 6:25 AM on January 27, 2017 [4 favorites]
I'm not surprised by their inaction at all.
For one, it was user's private photos, not financial information, so a company would have less incentive to deal with it (even though those photos can in some ways be more damaging, since a credit card can be cancelled but a picture can never be rescinded).
For two, for years we've seen company after company deny and refuse to deal with it (even when it is financial data) until the moment when it seriously starts to pinch their bottom-line (a few companies are responsive and open about what has happened, but most aren't).
posted by mystyk at 6:25 AM on January 27, 2017 [4 favorites]
Also, I was already familiar with Skirt Club because I matched on tinder with someone who turned out to be recruiting for them. I dutifully googled, saw that they are weirdly homophobic (only femmes! And only if you're just experimenting, ha ha ha, not any of that weird lesbian stuff! It's totally cool if you go home to your man!), and seemingly intolerant of actual queer-identified people*, and went NOOOOOPPPE.
So this level of assholery is not totally unexpected.
*They didn't mention trans folk specifically in any material I saw, but I am not inclined to give them the benefit of the doubt there, for hopefully obvious reasons.
posted by schadenfrau at 6:33 AM on January 27, 2017 [17 favorites]
So this level of assholery is not totally unexpected.
*They didn't mention trans folk specifically in any material I saw, but I am not inclined to give them the benefit of the doubt there, for hopefully obvious reasons.
posted by schadenfrau at 6:33 AM on January 27, 2017 [17 favorites]
Wel, yeah, it's seriously creepy that you have to sent in a full body picture with your application in order to be judged worthy of allowance to this club. [*]
Which makes the security breach all that more obnoxious. Not only was the company incompetent in ensuring security and then even more so in not fixing it promptly, to add insult to injury, it was their joining policies that required those pictures to be there in the first place.
[*] Not judging anybody who signed up nonetheless
posted by MartinWisse at 6:47 AM on January 27, 2017 [4 favorites]
Which makes the security breach all that more obnoxious. Not only was the company incompetent in ensuring security and then even more so in not fixing it promptly, to add insult to injury, it was their joining policies that required those pictures to be there in the first place.
[*] Not judging anybody who signed up nonetheless
posted by MartinWisse at 6:47 AM on January 27, 2017 [4 favorites]
Might be worth adding a warning that there are some quite NSFW illustrations on the link.
posted by firechicago at 6:55 AM on January 27, 2017 [1 favorite]
posted by firechicago at 6:55 AM on January 27, 2017 [1 favorite]
starts to pinch their bottom-line
How apropos.
posted by fairmettle at 6:55 AM on January 27, 2017 [5 favorites]
How apropos.
posted by fairmettle at 6:55 AM on January 27, 2017 [5 favorites]
They didn't mention trans folk specifically in any material I saw
An earlier Vice article linked to the one above said that they were cis only.
posted by Halloween Jack at 6:57 AM on January 27, 2017 [2 favorites]
An earlier Vice article linked to the one above said that they were cis only.
posted by Halloween Jack at 6:57 AM on January 27, 2017 [2 favorites]
I have friends who are members. I applied myself, some time ago, out of some kind of masochistic curiosity (not being a skinny conventionally-pretty femme I was fairly sure I'd not get in, and I was correct). You didn't have to add a full-body naked photo, just one that showed you weren't a terrible fatty.
posted by corvine at 8:22 AM on January 27, 2017 [2 favorites]
posted by corvine at 8:22 AM on January 27, 2017 [2 favorites]
Given the vulnerability was broken htaccess on a Wordpress site, with photos in standard wordpress directories, I guarantee that other people, or at least their automated tools for finding wordpress vulnerabilities, found these directories, because every site on the internet gets probed with wordpress requests that look for these configuration mistakes.
posted by zippy at 8:22 AM on January 27, 2017 [8 favorites]
posted by zippy at 8:22 AM on January 27, 2017 [8 favorites]
In the Skirt Club's case, however, a small file that regulates access rights to images, information and data on a page was configured incorrectly – the so-called htaccess file was just eight lines long, but with some serious mistakes in the code...So they turned directory browsing on at some point and didn't turn it off. This is kind of like saying you "patched a security flaw" when you went back to your car and grabbed the keys that you left in the ignition.
Before the security flaw was patched by Skirt Club, in order to see the members' images it was enough to type in the browser the regular website address, followed by the common names of WordPress subfolders. That opened up the possibility to browse through photos uploaded on the Skirt Club's server...
Urbach and VICE passed that information on to the founder of Skirt Club, who thanked them for flagging it and said the issue should be considered resolved. It wasn't. Now, a few weeks and some messages back and forth later the issue is finally mostly fixed – at this point, the folders can't be opened and the image files can't be clicked anymore.
posted by XMLicious at 8:25 AM on January 27, 2017 [7 favorites]
I'd like to make a cynical comment that only financial info is safe on the internet, but honestly it seems like not even financial info is safe on the internet.
So here's my real cynical comment: It seems like porn sites have even less incentive to invest in security than a lot of others. What with the stigma about porn viewing, never mind porn participation, who's actually going to side with the victims of a disaster like this? Seems like your safest course of action, if you're affected by this kind of accidental disclosure, is just to keep your head down and hope nobody notices you in the pile.
posted by tobascodagama at 8:45 AM on January 27, 2017
So here's my real cynical comment: It seems like porn sites have even less incentive to invest in security than a lot of others. What with the stigma about porn viewing, never mind porn participation, who's actually going to side with the victims of a disaster like this? Seems like your safest course of action, if you're affected by this kind of accidental disclosure, is just to keep your head down and hope nobody notices you in the pile.
posted by tobascodagama at 8:45 AM on January 27, 2017
At the end of their correspondence, LeJeune asked VICE Germany's editors to reconsider publishing a story about the issues with the security on her website. "[W]hat exactly will you achieve? I am forced to question your true motive, and whether this is an attack on a minority group? Or even women in general?"
I agree. Would this be as 'hot' of an article if it involved anything else other than naked photos of women and illustrations that objectify women?
Sure, an community uses technology, makes a big mistake and accidentally leave everyone's naked photos accessible. When someone tells them about it, they don't have the resources or know-how to understand the issue / respond quickly, and they fix it within weeks. They made a big mistake, sure.
But anyone familiar with a small organization should be very very familiar with these issues and should know how, often, these organizations rely on the help of a single member, or a friend of the organization. I'm technically savvy, and have often been that 'friend' or member.
'Be careful when you put your personal info online' is like the most banal of conclusions to be drawn about this article. To publicize this is like fanning the flames. What good does this do? Who does this benefit? The members of Skirt Club? The organizers? No -- this is purely a click-bait article for people on the internet who will be snagged by lurid headlines along the lines of "A Sex Club for Bisexual Women Left Intimate Photos of Its Members Freely Accessible Online".
This is pretty low journalism.
posted by suedehead at 9:47 AM on January 27, 2017 [6 favorites]
I agree. Would this be as 'hot' of an article if it involved anything else other than naked photos of women and illustrations that objectify women?
Sure, an community uses technology, makes a big mistake and accidentally leave everyone's naked photos accessible. When someone tells them about it, they don't have the resources or know-how to understand the issue / respond quickly, and they fix it within weeks. They made a big mistake, sure.
But anyone familiar with a small organization should be very very familiar with these issues and should know how, often, these organizations rely on the help of a single member, or a friend of the organization. I'm technically savvy, and have often been that 'friend' or member.
'Be careful when you put your personal info online' is like the most banal of conclusions to be drawn about this article. To publicize this is like fanning the flames. What good does this do? Who does this benefit? The members of Skirt Club? The organizers? No -- this is purely a click-bait article for people on the internet who will be snagged by lurid headlines along the lines of "A Sex Club for Bisexual Women Left Intimate Photos of Its Members Freely Accessible Online".
This is pretty low journalism.
posted by suedehead at 9:47 AM on January 27, 2017 [6 favorites]
I wonder how much the tickets cost.
The low level of technical investment/competence combined with the for-profit nature and the, uhh, interesting boundaries on who can be included. My (cynical/paranoid) intuition is that this is/was a scam to collect nudes and videos of women hooking up while making money.
posted by Matt Oneiros at 9:59 AM on January 27, 2017 [2 favorites]
The low level of technical investment/competence combined with the for-profit nature and the, uhh, interesting boundaries on who can be included. My (cynical/paranoid) intuition is that this is/was a scam to collect nudes and videos of women hooking up while making money.
posted by Matt Oneiros at 9:59 AM on January 27, 2017 [2 favorites]
When someone tells them about it, they don't have the resources or know-how to understand the issue / respond quickly, and they fix it within weeks. They made a big mistake, sure.
But anyone familiar with a small organization should be very very familiar with these issues and should know how, often, these organizations rely on the help of a single member, or a friend of the organization. I'm technically savvy, and have often been that 'friend' or member.
All the more reason that such an organization which has decided to wing it shouldn't be handling sensitive information in-house in the first place, and should be held to account when they entrust their customers' security to some part-timer or unpaid friend. And they won't be held to account if it's all swept under the rug.
If you're agreeing that simply reporting the facts about their carelessness after waiting months until they got around to fixing it may be "an attack on a minority group or even women in general", just what does making money off of brokering the personal information and nude photos of a minority group while cutting corners on security a year and half after the Ashley Madison leak (and necessarily the whole way through the process of setting up the site, if they didn't even have checklists to catch something that simple before they went live, much less actually testing or auditing their security) constitute?
posted by XMLicious at 11:12 AM on January 27, 2017 [14 favorites]
Every site ever is one fiddly checklist away from being vulnerable. The problem isn't to my mind why didn't they do everything right, it's that to know how to do everything right you have to be extraordinarily good and organized.
The big problem imo is that internet server software doesn't make it hard for you to shoot yourself in the foot.
posted by zippy at 1:46 PM on January 27, 2017 [2 favorites]
The big problem imo is that internet server software doesn't make it hard for you to shoot yourself in the foot.
posted by zippy at 1:46 PM on January 27, 2017 [2 favorites]
Configuring htaccess really is on the level of "Well, did you remember to lock the door?" where web security is concerned, though. We're not talking about a flaw that only a full PCI compliance could have turned up, this is something that literally every person with responsibility over a web server ought to know about because it's a well-known and totally solved problem dating back 20 years or so.
posted by tobascodagama at 2:06 PM on January 27, 2017 [5 favorites]
posted by tobascodagama at 2:06 PM on January 27, 2017 [5 favorites]
Sure, an community uses technology, makes a big mistake and accidentally leave everyone's naked photos accessible.
Photos that are only there because the Skirt Club required people wanting to sign up to provide them with a full body picture and no other reason. They were only used to enforce their "no fat chicks" rules, yet they were incompetent enough to even fuck up the most basic of online security measures.
So I have little sympathy for them and their problems, much less so for any attempt to keep silent about these problems because their customers need to know how serious they take their security, not to mention that their private pictures have been stolen.
Come to think of it, it might not just be current members that are in danger: I wonder if the site kept the data from failed signups or lapsed members.
posted by MartinWisse at 2:32 PM on January 27, 2017 [8 favorites]
Photos that are only there because the Skirt Club required people wanting to sign up to provide them with a full body picture and no other reason. They were only used to enforce their "no fat chicks" rules, yet they were incompetent enough to even fuck up the most basic of online security measures.
So I have little sympathy for them and their problems, much less so for any attempt to keep silent about these problems because their customers need to know how serious they take their security, not to mention that their private pictures have been stolen.
Come to think of it, it might not just be current members that are in danger: I wonder if the site kept the data from failed signups or lapsed members.
posted by MartinWisse at 2:32 PM on January 27, 2017 [8 favorites]
I'm technically savvy, and have often been that 'friend' or member.
I've been that friend a lot of times, too, and let me tell you: If you don't know how to be really damn sure that you're handling it correctly, you shouldn't be agreeing to do this for anybody who's handling sensitive data. Because you're the tech-savvy person who should know better. Not you specifically but any one of the thousands of people who do, yeah, wind up building websites for friends and loved ones.
Anybody savvy enough to set up a site of this size should have been savvy enough to either do it right... or know that they needed to tell somebody that hey, I'm not up to this. As easy as things have gotten, it's not like you can stub your toe and find yourself managing a website like this.
There's no way that at this point in the history of the internet, this happens purely by accident despite the actual best efforts of people who knew a reasonable amount about what they were doing. "We were too cheap to pay someone who knew what they were doing" is only the sort of thing I buy anymore if it's a charity and they were literally using that money to feed orphans in Somalia. Anything else, there's a choice about how to devote resources or whether the project is plausible at all, and somebody chose wrong.
posted by Sequence at 2:54 PM on January 27, 2017 [5 favorites]
I've been that friend a lot of times, too, and let me tell you: If you don't know how to be really damn sure that you're handling it correctly, you shouldn't be agreeing to do this for anybody who's handling sensitive data. Because you're the tech-savvy person who should know better. Not you specifically but any one of the thousands of people who do, yeah, wind up building websites for friends and loved ones.
Anybody savvy enough to set up a site of this size should have been savvy enough to either do it right... or know that they needed to tell somebody that hey, I'm not up to this. As easy as things have gotten, it's not like you can stub your toe and find yourself managing a website like this.
There's no way that at this point in the history of the internet, this happens purely by accident despite the actual best efforts of people who knew a reasonable amount about what they were doing. "We were too cheap to pay someone who knew what they were doing" is only the sort of thing I buy anymore if it's a charity and they were literally using that money to feed orphans in Somalia. Anything else, there's a choice about how to devote resources or whether the project is plausible at all, and somebody chose wrong.
posted by Sequence at 2:54 PM on January 27, 2017 [5 favorites]
Configuring htaccess really is on the level of "Well, did you remember to lock the door?"
Yes, and ... the application should check it for you. I don't know if Wordpress does, but the fact that borking one line in a config leads to a pants-down situation for a site means it's going to statistically happen more than zero times. Probably a lot more.
Software in the door locking example is more like: "when you installed the door, for the model sold by Ace Hardware in 2015 with the deadbolt, did you delete the line that says "use deadbolt?" If so, well, it makes total sense for that to be an option you can choose, we're going to disable that deadbolt and not ever mention it to you again, good luck!
posted by zippy at 3:32 PM on January 27, 2017
Yes, and ... the application should check it for you. I don't know if Wordpress does, but the fact that borking one line in a config leads to a pants-down situation for a site means it's going to statistically happen more than zero times. Probably a lot more.
Software in the door locking example is more like: "when you installed the door, for the model sold by Ace Hardware in 2015 with the deadbolt, did you delete the line that says "use deadbolt?" If so, well, it makes total sense for that to be an option you can choose, we're going to disable that deadbolt and not ever mention it to you again, good luck!
posted by zippy at 3:32 PM on January 27, 2017
But the door doesn't shout at you if you prop it open with a wooden wedge because you want to feel the breeze on a pleasant day. I suppose there are sophisticated security systems with sensors everywhere that can alert you, just like there are the automated Wordpress vulnerability scanning tools you mentioned yourself; but if you can't afford that, you shouldn't be off the hook for it if you leave the door open and your customers' stuff gets stolen because "the door should have told me."
And in every web server I've used in this century, just deleting the relevant line in .htaccess would trigger the default behavior of not publishing a map to all the files openly. Someone would have had to do the equivalent of propping the door open with a wedge: added the line or altered the setting to turn directory browsing on, either without bothering to understand what they were doing, or without putting a post-it note on their monitor to pull the wedge out and shut the door before they go home.
Compare it with storing medical records under HIPAA—even in the U.S., and even though the exposure of medical records in general probably presents a lower risk than nude photos of being propagated everywhere, doctors' offices, no matter how small, don't get to say "Shucks, how do computers work again? I had a friend do it."
Nor do tech startups get to simply say "You don't understand, man, we're disruptive! We don't play by the rules!" I wonder if some sort of clever legal approach could put Skirt Club in a situation where they either have to characterize the photos they're collecting as HIPAA-regulated medical information or admit that they're accumulating pornography for free at the expense of their customers as tobascodaga suggested.
posted by XMLicious at 7:57 PM on January 27, 2017 [3 favorites]
And in every web server I've used in this century, just deleting the relevant line in .htaccess would trigger the default behavior of not publishing a map to all the files openly. Someone would have had to do the equivalent of propping the door open with a wedge: added the line or altered the setting to turn directory browsing on, either without bothering to understand what they were doing, or without putting a post-it note on their monitor to pull the wedge out and shut the door before they go home.
Compare it with storing medical records under HIPAA—even in the U.S., and even though the exposure of medical records in general probably presents a lower risk than nude photos of being propagated everywhere, doctors' offices, no matter how small, don't get to say "Shucks, how do computers work again? I had a friend do it."
Nor do tech startups get to simply say "You don't understand, man, we're disruptive! We don't play by the rules!" I wonder if some sort of clever legal approach could put Skirt Club in a situation where they either have to characterize the photos they're collecting as HIPAA-regulated medical information or admit that they're accumulating pornography for free at the expense of their customers as tobascodaga suggested.
posted by XMLicious at 7:57 PM on January 27, 2017 [3 favorites]
The relevant part of the article:
I'd go beyond propping the door open, though. This is more like you actually opened up the lock mechanism, removed a few pieces, then closed it up and treated it like the lock was going to work as originally intended just because the key still turned afterwards. That's the reason they're talking about it as negligence and to this degree.
posted by Sequence at 3:23 AM on January 28, 2017 [4 favorites]
This file can usually be found in any web shop and WordPress website – it's usually automatically installed and configured so that no one can access the server without the appropriate rights. Yet, somehow, this file was configured incorrectly in the Skirt Club's case. "On a scale from 1-10 in regards to negligence, this is an 11," says Stephan Urbach, a tech expert and online privacy activist who analysed the security flaw together with editors from VICE Germany.Which is to say, the application generally does check it for you, so yes, to echo XMLicious, this is something somebody had to do deliberately. Not necessarily maliciously, but deliberately. They don't check to be sure you didn't do this because the software usually handles this file, so they assume if you're actually getting into text file configs on the server and editing them by hand, you know what you're doing. If you don't know what you're doing, you shouldn't be touching them.
I'd go beyond propping the door open, though. This is more like you actually opened up the lock mechanism, removed a few pieces, then closed it up and treated it like the lock was going to work as originally intended just because the key still turned afterwards. That's the reason they're talking about it as negligence and to this degree.
posted by Sequence at 3:23 AM on January 28, 2017 [4 favorites]
Not necessarily. I'm assuming it's the 'Options +Indexes' htaccess setting combined with a lack of htpasswd.
Here's a common scenario: someone installs Wordpress into a subdirectory, but wants to access it as if it's in the domain root dir. They copy-paste an htaccess file that enables RewriteEngine rules to do a redirect. The htaccess file has other things in it, including Options +Indexes, which accidentally enable people to see all the directory contents.
To continue my extrapolation - let's say the savvy person helps the site owner make a website, not knowing much about how it's going to be used. In a context of a simple website for an org, being able to see options+Indexes is no big deal.. right?
Another person afterwards decides to add file uploading features and to let users upload naked photos. This person (say, the site owner) doesn't know about the fact that web directories are viewable.
Here's a pretty common scenario along the lines of Hanlon's Razor.
posted by suedehead at 11:20 AM on January 28, 2017 [1 favorite]
Here's a common scenario: someone installs Wordpress into a subdirectory, but wants to access it as if it's in the domain root dir. They copy-paste an htaccess file that enables RewriteEngine rules to do a redirect. The htaccess file has other things in it, including Options +Indexes, which accidentally enable people to see all the directory contents.
To continue my extrapolation - let's say the savvy person helps the site owner make a website, not knowing much about how it's going to be used. In a context of a simple website for an org, being able to see options+Indexes is no big deal.. right?
Another person afterwards decides to add file uploading features and to let users upload naked photos. This person (say, the site owner) doesn't know about the fact that web directories are viewable.
Here's a pretty common scenario along the lines of Hanlon's Razor.
posted by suedehead at 11:20 AM on January 28, 2017 [1 favorite]
"But anyone familiar with a small organization should be very very familiar with these issues and should know how, often, these organizations rely on the help of a single member, or a friend of the organization. I'm technically savvy, and have often been that 'friend' or member. "
Oh, bullshit.
If an organization is taking people's money and promising to be secure with info that has real-life risks associated with its disclosure, they need to hire a fucking professional or keep the info offline. I mean, first off, if you missed this, you're not technically savvy, and this has bigger consequences than having the owner's nephew design a shitty logo. Second off, they're charging people money for this. They're charging enough money to rent two stories of a New York penthouse for an event — they're charging enough money to have someone who has dealt with user info security to deal with their Wordpress install. This is their basic responsibility even if they're not getting paid for it, and doubly so when they are.
This is a business that put bisexual women at risk. Saying that after contacting the business about that, giving them time to correct the issue AS WELL AS THE CODE TO DO SO, then going public to force them to fix that is "an attack on a minority group" or "women in general" is disingenuous bullshit, using an appeal to sexism and homophobia to disguise and excuse negligence.
Even though it's totally understandable how it may have happened, and it may not have been malicious, it was Skirt Club's responsibility to keep it from happening. I mean, Christ, they didn't even notify their membership! They neither adequately protected nor informed the people they put at risk, and you want to complain about this being "low journalism"? Does Skirt Club pay you?
*They didn't mention trans folk specifically in any material I saw, but I am not inclined to give them the benefit of the doubt there, for hopefully obvious reasons.
Another article on Vice mentions that they're cis only.
posted by klangklangston at 12:07 PM on January 28, 2017 [9 favorites]
Oh, bullshit.
If an organization is taking people's money and promising to be secure with info that has real-life risks associated with its disclosure, they need to hire a fucking professional or keep the info offline. I mean, first off, if you missed this, you're not technically savvy, and this has bigger consequences than having the owner's nephew design a shitty logo. Second off, they're charging people money for this. They're charging enough money to rent two stories of a New York penthouse for an event — they're charging enough money to have someone who has dealt with user info security to deal with their Wordpress install. This is their basic responsibility even if they're not getting paid for it, and doubly so when they are.
This is a business that put bisexual women at risk. Saying that after contacting the business about that, giving them time to correct the issue AS WELL AS THE CODE TO DO SO, then going public to force them to fix that is "an attack on a minority group" or "women in general" is disingenuous bullshit, using an appeal to sexism and homophobia to disguise and excuse negligence.
Even though it's totally understandable how it may have happened, and it may not have been malicious, it was Skirt Club's responsibility to keep it from happening. I mean, Christ, they didn't even notify their membership! They neither adequately protected nor informed the people they put at risk, and you want to complain about this being "low journalism"? Does Skirt Club pay you?
*They didn't mention trans folk specifically in any material I saw, but I am not inclined to give them the benefit of the doubt there, for hopefully obvious reasons.
Another article on Vice mentions that they're cis only.
posted by klangklangston at 12:07 PM on January 28, 2017 [9 favorites]
To continue my extrapolation - let's say the savvy person helps the site owner make a website, not knowing much about how it's going to be used. In a context of a simple website for an org, being able to see options+Indexes is no big deal.. right?
I think this is how lots of companies, nonprofits, churches, etc. have had their internal financial documents show up in search engine results, via drag and drop, even decades ago. And besides that, even just granting read access to the hard drive to random passers-by on the internet (or whatever permissions the user the web server is running as is granted) on a server that will be managed by non-technical people is a fundamentally bad idea.
So no, I would say that this is irresponsible; you're giving them rope to hang themselves with, for no particular benefit to anyone. If you don't know what it's going to be used for, all the more reason not to leave the safeties turned off.
Hanlon's Razor doesn't seem to apply—no one is proposing malice, it's negligence in pursuit of profit. Or the "savvy person" not actually being that savvy or having much forethought.
posted by XMLicious at 12:51 PM on January 28, 2017 [1 favorite]
XMLicious - to be clear, I was being sarcastic when I said "no big deal... right?" So I completely agree with you.
As to whether I'm being "paid by Skirt Club", I'll attribute that as humor instead of misplaced anger. Thanks for the Sunday comedy.
posted by suedehead at 8:51 AM on January 29, 2017 [1 favorite]
As to whether I'm being "paid by Skirt Club", I'll attribute that as humor instead of misplaced anger. Thanks for the Sunday comedy.
posted by suedehead at 8:51 AM on January 29, 2017 [1 favorite]
I am unsympathetic to elitists who are hamstrung by their own vanity. It is as simple as that. However, as a net-geek, I am annoyed by poor security practices.
Oh cognitive dissonance, I had hoped you would have left me lying in the dust by now. Instead, hungover, I roll over and have only myself to blame when I try to get up and out of this road by grasping a barbed wire fence. I'd kill myself, but I am curious if the tetanus will get me first. My aging mother made me have the squamous cut out of my head. She didn't want to die before her youngest son did. I wasn't quite sure I wanted to die in pain. I mean, really, death is supposed to be the end of the pain, right? No matter what you do, you disappoint someone, sometimes yourself.
Death is pathetic, just like the rest of it.
posted by Xoebe at 1:34 PM on January 29, 2017
Oh cognitive dissonance, I had hoped you would have left me lying in the dust by now. Instead, hungover, I roll over and have only myself to blame when I try to get up and out of this road by grasping a barbed wire fence. I'd kill myself, but I am curious if the tetanus will get me first. My aging mother made me have the squamous cut out of my head. She didn't want to die before her youngest son did. I wasn't quite sure I wanted to die in pain. I mean, really, death is supposed to be the end of the pain, right? No matter what you do, you disappoint someone, sometimes yourself.
Death is pathetic, just like the rest of it.
posted by Xoebe at 1:34 PM on January 29, 2017
« Older Have you ever wondered what goes on inside a... | Thundercat's new single features Kenny Loggins and... Newer »
This thread has been archived and is closed to new comments
posted by Roentgen at 6:01 AM on January 27, 2017 [5 favorites]