Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

[flagged]


They're always permitted to ask, but there's nothing they can do to stop you.

Maybe it's a bit rude, but their choice not to reward foreigners under their bug bounty is also kind of rude. Neither party has much of a high ground, in my opinion.

The blog post was published half a year after KakaoTalk said they fixed the problem, that's twice as long as most people would give them.


"If you decide to write a blog post about this, we would appreciate it if you could consider masking any information that might reveal our company's identity, as a favor to us."

This seems at odds with not paying a bounty.


Considering stuff like kakao overworking contractors to the point of miscarriage, and then continuing to demand even more work on top of that https://www.reddit.com/r/manhwa/comments/x1e99y/controversy_...

Who cares what they ask for.

https://www.cbr.com/korea-occupational-agency-report-tragic-... combined with the fact that (as far as I know) the vast majority of the industry is owned by kakao, is just abysmal.


So what? The vulnerability was patched. I assume hiding the details only helps the company save-face.

In my last job we literally had "classes" teaching us how to deal with Asian colleagues (specifically in China, but SK has the same culture) who would try to hide things and save-face at literally any corner possible; I remember my old boss' example of "when walking down a street in Beijing, if you ask somebody directions to a street that they don't know, they will adamantly indicate that they know and it's that way (a random direction) in order to not say they don't know the true direction. I didn't personally buy the classes and saw it as a generalization and racist (unsurprising, given the manager leading this class is born and bred in Poland; not exactly known for its diversity or.. external knowledge of the world or Asia; also the majority of the team had never left the country before so had no other viewpoint or angle to base these classes on), but it just confirmed my "trust but verify" approach to things.

The relevance of my story is that if I hacked or found some security issue with the Chinese colleagues, I was instructed to not in any circumstances communicate it in a way that may make them feel like it was an issue of theirs, that their code or infrastructure or whatever was hacked: it was _our_ fault for not telling them in advance that they can't do that specific action or whatever.


> I didn't personally buy the classes and saw it as a generalization and racist (unsurprising, given the manager leading this class is born and bred in Poland; not exactly known for its diversity or.. external knowledge of the world or Asia

Did you call out a generalisation/racism only to then go on to make a generalist/racist remark about people from Poland?


"People from country X do not generally have knowledge of continent Y because nationally they take an insular approach" is not racism, it's an identification of a root-cause which for anybody that lives in Poland, is quite well known.


So basically, you're saying it's not racist if it's true? Still seems like a double standard to generalize your manager's nationality while calling his generalization of another nationality racist. Especially when you're kind of describing your manager's "racist" pointer to hold true in this context.


> So basically, you're saying it's not racist if it's true?

In a context like this, talking about cultural generalities, that seems valid.

> Still seems like a double standard to generalize your manager's nationality while calling his generalization of another nationality racist.

Not really. The problem isn't making a claim, it's about how believable and how extreme the claim is.

That description of saving face is a lot wilder than saying some people are insular enough to be prone to misperception of other cultures.


> The relevance of my story is that if I hacked or found some security issue with the Chinese colleagues, I was instructed to not in any circumstances communicate it in a way that may make them feel like it was an issue of theirs, that their code or infrastructure or whatever was hacked.

Non-ironically, how people even are able to collaborate with the Chinese?


It's more of a communication and cultural style than an actual rejection of responsibility.


> I remember my old boss' example of "when walking down a street in Beijing, if you ask somebody directions to a street that they don't know, they will adamantly indicate that they know and it's that way (a random direction) in order to not say they don't know the true direction.

That actually happened to me in Japan. And now that I have been working here for a few years... let me tell you that communication with (most) Japanese colleagues is quite difficult. They are extremely afraid of taking any kind of personal responsibility, decision processes take forever, and much like you say they don't take any kind of "blame" very well.


> Beijing, if you ask somebody directions to a street that they don't know, they will adamantly indicate that they know and it's that way (a random direction) in order to not say they don't know the true direction

I didn't find this statement to be true at all. Chinese people will just say they don't know and move on.

I think your professor lead you guys on with blatant orientalism. Sad that money was exchanged to hear his opinions.


It was a workplace, not school. My manager, not professor. The even paid me to be there:)


I don't know about the rest but have you ever been to Beijing? that wasn't my experience at all


I feel I would have been purged as a child. I was almost pathologically unable to bullshit or lie, although its become easier in my later years.


Yolo Disclosure




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: