I have no idea where that list is coming from but many top games are missing. Fortnite, League of Legends, Valorant, Roblox, FC26, and Battlefield 6 all do not run at all on Linux due to anti-cheat.
It's based on Steams numbers, so yeah games like Fortnite, LoL, Valorant and Roblox won't show up at all since they aren't distributed through Steam. Battlefield 6 should be on there though, maybe ProtonDB just hasn't refreshed the stats in the few weeks since that came out.
A "little indie developer" hasn't been able to write a web browser in several decades. An implementation of 2005-era CSS and JS would be a complex task surely requiring a fairly sizable team to implement.
The fact is, all three major browser implementations are open-source and that has allowed any company to come in and release or embed their own browser with minimal effort. Chrome/Blink is dominant but that is not due to technical barriers that make it difficult for other companies to ship their own browsers. In fact it is now easier than ever to do so.
> A "little indie developer" hasn't been able to write a web browser in several decades.
IMO that's a major problem.
> The fact is, all three major browser implementations are open-source and that has allowed any company to come in and release or embed their own browser with minimal effort.
And they're all beholden to Google's decisions, for example to wreck the web browser extension API. Of course you can fork the code, but forks become increasingly difficult to maintain as they diverge significantly from the original code. Google can make things extremely difficult for forks.
Being able to call an Uber or Lyft when I need it has made it much easier to live without a vehicle. I have tried to call a cab company using the phone before, but even they have transitioned to using apps for dispatch now.
Would add airports. If I’m not checking a bag, I can walk straight to security, do an iris scan at CLEAR and show my digital boarding pass to security and at the gate.
That said, there are manual workarounds to almost everything requiring a smartphone. They’re simply less efficient.
OTOH it only takes you thirty seconds to transmute your confirmation number into a paper boarding pass at the check in stations, which are empty now that everyone uses apple/android wallet. Maybe that would actually be better even if you have a smartphone, if you are concerned about battery life or roaming charges.
In the US--I can't speak to CLEAR--but even with TSA Pre you have to show your ID. (I'm not sure they've even looked at my boarding pass when I've flown recently. I assume the computers are correlating my ID with the flight reservation in the system.)
If I can conveniently print out a boarding pass either at home or at the airport I tend to do so. That way I'm not fiddling with my phone when I don't need to.
(I think I've seen it the other way around in London at least.)
> I can walk straight to security, do an iris scan at CLEAR
I'm sorry, what? Outside the US I just show my boarding card prior to going through security. I'm pretty sure my ID doesn't get checked until I board the plane, so hearing that you show biometrics is a bit jarring.
I was in the US a few weeks ago, but I can't remember if I had to show ID when going through security on leaving. I tend to work on autopilot when navigating airports.
It's been a while since I have flown anywhere, but I don't think we check ID at the gate here? So it's not really any better or worse, it's just at a different point in the process.
You might be right. I'll be honest, my approach to airports and flying is to have a few drinks once I get past security and then sleep my way as best I can through the flight. I can't remember if my passport was checked when I boarded on leaving Seattle.
What's the New York Times supposed to do for their readers? Not publish anything? De Becker, AMI and Amazon were asked for comment and declined. Besides, only a few paragraphs from the story are quotes from the blog post.
Yes exactly that. It's proof though that they're just an entertainment rag looking for eyeballs.
Do some digging, find out more context, get relevant legal precedents, or any precedents for this kind of action. Reference Gawker case, all of the stuff that talks about WHY this is important.
They basically just reposted Bezos' letter but in their own words with some of his quotes thrown in.
> The agent said Tan handed the flash drive over to the US company, and the firm found that the deleted files would have allowed his new employers to recreate the product in question. The files had been deleted from the flash drive the day before Tan resigned, the affidavit said.
Call me confused, but I don't really see a crime here? The defendant turned over the data before his resignation and is not accused of actually making an attempt to transfer or sell the data to another party, or conspiring to do so. The only accusation is that he had some files that weren't part of his job to have, apparently. But presumably the internal corporate system allowed him access to it and thus he obtained it without breaching any computer system. Perhaps his workplace policy barred him from downloading files onto a USB drive. But is that considered theft?
As dguido posted below, the details are a bit different than the tiny pair of sentences you're basing your analysis on.
> On 12/12/2018 at approximately 10:30 a.m., Tan contacted his supervisor, advised he was resigning from Company A, and gave his two weeks' notice. Tan told his supervisor that he was returning to China to be with his family as he is the only child to aging parents. Tan told his supervisor that he did not currently have a job offer, but was negotiating with a few battery companies in China.
> Tan's resignation prompted Company A to revoke his access to company systems, and conduct a Systems Access review of Tan's computer activity.
> That review confirmed that Tan had accessed hundreds of files, including research reports. The reports included not only how to make Product A, which, according to Company A, is a complicated and technically difficult process, but also Company A's plans for marketing Product A in China and in cell phone and lithium-based battery systems. These files included information that Company A considers to be trade secrets and outside the scope of Tan's employment with Company A. The review revealed Tan downloaded restricted files to a personal thumb drive. In the course of his regular duties and responsibilities, Tan should have used his company issued laptop. Tan did not have authorization to use a thumb drive to download Company A files. Tan's supervisor confirmed that nothing in the downloaded files was within Tan's area of responsibility. Further Company A confirmed, through Tan's supervisor, Tan did not have a work related need to access or download the restricted files.
How does this actually work? Does Windows keep a log of files accessed or copied? Or does the company install additional security software that audits this?
Windows has some of this. But if you want crazy levels of granularity there are plenty of software vendors to choose from.
My company knows every file every person accesses, where it came from, and where it went. They lock down computers down to the individual USB port. If you put a thumb drive in the wrong port Windows machine, a guy from IT Security shows up within 30 minutes.
That was the day I found out that if I try to charge my hotspot at work, it shows up as a USB drive.
> 15. Later that day, on 12/12/2018 at approximately 4:00 p.m., Tan sent the following text message to his supervisor:
... [Another Company A supervisor] was asking if there is anything I have with me associated with company IP. I have a memory disk that contains lab data that I plan to write report on, and papers/reports I plan to read at home. Now that I have been exited from (COMP ANY A), can you check what is the best way of handling the information and how sensitive they are? Can I still read the papers/reports from the memory disk?
> 16. After receiving the above text from Tan, Tan's supervisor asked him to return the flash drive (which Tan's text message referred to as a "memory disk") to Company A.
> 17. At approximately 5:15 pm on 12/12/18, Tan returned to the Research Technology Center at Company A where he provided a USB flash drive to his supervisor. The USB flash drive was Tan's personal property, which he was not authorized to utilize within Company A's space. There is no record of Company A having issued a USB flash drive to Tan.
You just turn on auditing features in Windows on your file servers. There are many third party tools that can help you sift through and retain logs, but the basics can all be done with vanilla windows os.
- Sharepoint access logs (the server side)
- Corp IT has access to your machine, and can activate keyloggers to see what you are doing with the downloaded files. (the client side)
Thanks for the additional details. It was not present in the article, which is why I am glad I asked the question. It seems that the extent of the copying is greater than I had assumed from the original article's text.
I sometimes feel that people who comment here of the Chinese spying stories are the Chinese agents. First comment is always dismissing the story. Is anyone at HN looking where the comments originate?
You're not imagining it. China is executing a full-on "covert" culture/soft-power war. From the Confucius Institutes in US universities to propaganda "news" papers in New Zealand. They have teams of people trying to control the narrative on the internet anywhere China is mentioned. Quora is the worst in my personal experience.
A lot of this is widely reported on by credible news sources. Many current and ex intelligence and defense officials have called out China as the biggest threat to the US over the past year. I can't believe our government is shutdown right now over a "wall" separating us from countries who, in comparison, are our BFFs.
Particularly at the university, I was setting up a GitLab box that wasn’t supposed to be externalized (didn’t realize at the time that LAN utilizes the public addresses instead of NAT). 90K ssh attacks in 3 days, vast majority from the east Asia area. Luckily none made it through. Learned my lesson (and firewalld) from that experience. Nearly had a panic attack from that (first time setting something up like that).
The above was from my naive days before I started getting more deeply involved in sysadmin and networking work. It’s still incredibly annoying to log in to systems with “There have been 173 failed login attempts since the last successful login.”
When I set up my first gateway/router server for the first time, I was truly shocked to see how much traffic comes in searching for vulnerabilities. I knew it happened, but the frequency was wholly unexpected. SSH requests for root, SMB traffic, etc. every second or so.
If you want to see something, install MySql on a AWS EC2 (or any host for that matter), turn on verbose logging and open it to the public internet. I saw thousands of Chinese bots trying every way to get root access
No, I am not a Chinese agent. I don't know how to prove this to you definitively. However, I'd like to ask you if you consider my query legitimate, given that I did not have access to the full affidavit when I asked it, only the original article which was skimpy on the details around the extent of the copying. Mostly, I was more worried that my company could have me arrested either for accessing or copying a file arbitrarily deemed outside of my duties, or for violating their IT policy.
Is it possible that tan deliberately deleted them in such a way that they could be recovered forensically? That might save him from getting caught, and his "handler" overseas could even have recommended it.
But who knows... This article doesn't provide enough information to make a good guess at what was going on.
Tangent: somehow every single one of your comments was downvoted, even this non-inflammatory, informational one where you replied to someone and they ended up agreeing with you: https://news.ycombinator.com/item?id=18740217
I upvoted a few of your comments that were clearly non-inflammatory and useful. But I'd like to tell everyone who's blindly downvoting you, please read comments before downvoting them, instead of just downvoting everything you can that's tied to the person you disagree with.
Well, unvote them, because this makes no sense: "He could not have ever exfiltrated that data to begin with as he gave the drive back"
Think about it. The USB device was for transferring data to something else. That might have been a personal device with a cellular data plan.
Sure, he gave back the USB drive. He didn't physically take that to China, or intend to do so. Those files were on it for a reason though, and that reason is transferring them to something that gets the data to China.
In the post you're replying to, I included a link that does not contain the sentence you quoted. In fact, that link shows the person making a valid correction. If you read it, you'll see why I upvoted it.
The entire point of the comment I made (which you replied to) is not that baybal2 is correct (in fact, I have no idea/opinion of whether they are correct about the defendent being innocent). The point is that ad hominem attacks through downvotes are a bad thing.
PG has maintained from the beginning that HN comments need not be upvoted for civility alone. “I disagree therefore I downvote” is valid etiquette on HN. I’m not going to stop doing that.
I imagine his comments have been downvoted because he's cherrypicking information from the article to defend the man across multiple comments. See the parent comment to your comment where he ignores that he did access and download files he had no right to access and instead states exactly the opposite according to the facts (in point 2).
They found confidential files there, but nothing he had no right to access to
You may have missed this part of the criminal complaint:
“Tan's supervisor confirmed that nothing in the downloaded files was within Tan's area of responsibility. Further Company A confirmed, through Tan's supervisor, Tan did not have a work related need to access or download the restricted files.”
WELL, the main question: WHY THE HECK did he report on himself??? The charge pretty much says that he voluntarily contacted his supervisor and asked what to do with that USB stick.
And there, the parallel with Micron case gets more startling: the alleged "spy" was the very man who said that his cellhpone was missing. Then the police found the cellphone in his coworkers locker. The coworker accidentally put his phone into her back along with papers on the table. Then the police searched his phone, and found out that "he happened to be a spy" on very similar circumstances.
I mean, he deleted the files first. It's reasonable that he thought that was sufficient; given the code I've seen from some scientists, scientist != computer expert.
The innocent explanation is that he was cleaning up company property before returning it, but I expect that will play out in court.
I have done the things before. Before returning the work laptop to employer on the last day, I cleaned out all the company stuff to left my personal things (this is my only laptop with my personal stuff in it), then move them out and clean them finally.
I've always done this. I never leave any important business files on my local PC, for obvious reasons. But there's all sorts of personal stuff on there (mostly from Web browsing). So nuke it all before turning it in. They're going to re-image it before giving it to the next person anyway.
> It's reasonable that he thought that was sufficient;
But aren't it? He surrendered his flash drive. You can't do anything with it if it is not in your possession... What do you think he was supposed to do with it???
And he had an option to not to do so, or moreover, just fly to China without a notice (remember the case of a hedge fund boy who allegedly "stole keys to the kingdom" and then warned his employer that he is leaving the company on a short notice...)
You can obviously copy files off of a usb drive before giving it back. I don’t know anything about this case, and I’m not accusing this guy of anything, but your line of argument is wrong.
The point I want to convey is that if he could've done anything with it (like copying files somewhere else,) he had no point of ever attempting to do any trickery (giving a USB stick with erased files) invariably of circumstances and technicalities.
And there is no proof so far of him doing that (otherwise it will be put in bold letter on his charge sheet.)
That's nothing less than an estoppel condition in hands of a skilled lawyer.
But you can expect that prosecutors will now be trying their best to made up, and attempting to keep him behind bars for the duration of the court proceedings.
>The point I want to convey is that if he could've done anything with it (like copying files somewhere else,) he had no point of ever attempting to do any trickery (giving a USB stick with erased files) invariably of circumstances and technicalities.
“The perfect crook would have covered his tracks better” is not persuasive. The perfect crook wouldn’t get caught. People who do bad things are just as fallible as people who don’t.
If he did not commit a crime, would he not do so, and this be the most normal thing he can do?
The answer is yes
Now there is no distinction in between a normal employee leaving the company and a criminal following your logic.
Every time I see people going for such argument, I almost feel my sight getting dark, but people who can shove such line of thought into a legal argument in a criminal case are found left and right in the West.
If all of the evidence the FBI has is what was in the SCMP article, then there is no way the jury is going to come to a guilty verdict.
But it is doubtful that the SCMP has squeezed information out of the FBI before the court case. Once the court case happens we will see all the evidence that the FBI has gathered, which probably demonstrates much more clearly that he is guilty. It doesn't make sense to discuss hypotheticals until we at least have the evidence.
It also doesn't make sense to fear getting convicted based on deleting some files unless he is actually convicted on this flimsy evidence. But again, this is unlikely -- if you would not convict someone based solely on this evidence, then why do you think anyone else would decide on a guilty verdict?
(Keep in mind that the information in the affidavit [1] "is
intended to show merely that there is sufficient probable cause for the requested warrant" and doesn't include all of the evidence that they have.)
Yeah, that line of thinking is absurd. He probably got nervous right before he left the company and gave them the USB after hastily trying to delete the files. In which case, the parent commenter would seem to imply that he should be let go because he got nervous after stealing things he shouldn't have access to.
The article is from SCMP, a newspaper in Hong Kong. It's unclear what the source of the information is and it's very unlikely that the SCMP has the same information that the FBI has (as stated in the affidavit [1], the evidence in the affidavit "is intended to show merely that there is sufficient probable cause for the requested warrant").
As the Department of Justice statement [2] says:
> A criminal complaint is merely an allegation, and the defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.
There will be a court case where the FBI will lay out all the evidence they have and the jury will decide whether or not the evidence is sufficient to demonstrate that he is guilty.
The court case has not happened yet so it doesn't make sense to jump to conclusions without hearing the evidence first.
Sure it makes sense to jump to conclusions, that's why we go on HN! ;)
Seriously though, it's interesting to discuss this case. Clearly we don't have all the information. Some of us may change our minds later. Right now, the evidence that is out there isn't convincing on its own. It's okay to point that out!
Yeah, I agree that it's good to point that out. But I felt that some people might've been losing sight that more evidence would likely be presented in court.
He could easily have exfiltrated the data without ever leaving the premises. All he would have to do is is walk into a lab room with an unsecured terminal to upload the files, or used his phone to upload the drive, there aren't hundreds of ways to pass the data off once it's on a thumb drive.
There's an FBI affidavit linked in another comment that mentions a search warrant found additional copies of the data at his home, and that he'd been in regular contact with a Chinese competitor, who offered him a job and ~$60k US signing bonus based on vaguely phrased information already provided.
Well, if the documents contain trade secrets...
You may see them on your boss’s desk and read them and memorize them. That does not make your making a copy of them (even from memory) right or lawful.
An exec reports "phone stolen," phone found in his "collaborator's" locker who accidentally shoved it into her bag along with other papers on the table. Both the exec who reported theft and his "accomplice" are send to jail, and a "national security" case just sprung up from two completely unrelated cases thanks to prosecutor's creativity.
Same thing here:
1. Apparently they found that he simply had "weird files" on his flash drive.
2. He had full right to access them.
3. He deleted "weird" files he had rightful access to, and voluntary surrendered the physical medium upon his resignation.
On the sole premise of him deleting "weird" files, he was accused of espionage, with the charge constructed from nothing but tangents, but no "corpus" to "habeus."
When you work somewhere, you end up having access to all sorts of stuff. E.g. through the issue tracker, you might be able to see things about projects that are supposed to be secret (as in company-secret, not government-secret). If you resign and your usb drive has a bunch of deleted files about that stuff, that has nothing to do with your job, that’s a reasonable basis for serious suspicion.
You don’t need a smoking gun of a crime to be suspicious that a crime may have been committed. Suspicious facts are plenty to start investigating, and a mountain of “circumstantial” evidence can even be enough for a conviction.
I don’t know anything about this case, and I’m not accusing this guy of anything, but your line of argument is wrong.
That's not how criminal investigation works, that's how a witch hunt works. In order to be a legitimate criminal investigation, the first part needs to be that an actual crime was committed, then suspicious activities are used to justify an investigation and possible conviction based on evidence. Otherwise, police could just run around arresting people because "that guy looks suspicious", search all their stuff and activities for something possibly illegal, and then say "look, we were right all along".
I agree, but keep in mind that Hongjin has merely been charged and not convicted yet. The evidence has not been presented in court yet, and it's quite likely that the evidence is going to be much much more comprehensive than the small set of facts that appeared in the SCMP article. If this is really all the evidence the FBI has, though, Hongjin will almost certainly not be convicted.
It is your line of argument is wrong, patently wrong.
That's all about accusing a man of murder without proving that the person being murdered is dead. That's unjust, and is a joke of justice, and most fundamental legal standards of criminal law jurisprudence.
In the U.S., the defendant can only be convicted if the evidence proves guilt beyond a reasonable doubt.
Hongjin has not been convicted yet, so I don't follow the logic in your comment. The criminal case process has only just started and we have not seen the full evidence yet, and there has been no determination by the court system on whether or not he is guilty.
I think there is some confusion because of the differences in the judicial process between the U.S. and other countries like China.
I'm not saying the U.S. judicial process is perfect, but I think it's unreasonable to attack it before a verdict has even been issued.
> ... The defendant turned over the data before his resignation ...
The FBI affidavit contends Tan deleted the confidential data before leaving the U.S. company, not that he turned the thumb drive over to them. The charges suggest Tan kept the drive after leaving the company, though the article doesn't say so explicitly.
Correction: The affidavit does say Tan turned the drive over to them, and of his own initiative, after he was escorted from the company's premises. See paragraph 17 of the affidavit that user baybal2 links to below.
No, he gave up the drive and everything he had from company's IT for review. They are very purposefully avoiding mentioning that, but logically you can't conceive of how they can review the thumb drive without him willingly giving it to them first, nor that he had authorised access to such data in the first place. The charge says nothing about his accessing the data unlawfully, other than saying that he had "no reason" to access it, and it being outside of his immediate responsibility.
I think you're misunderstanding the process in a criminal case.
The affidavit that you linked to explicitly states:
> This affidavit is intended to show merely that there is sufficient probable cause for the requested warrant and does not set forth all of my knowledge about this matter.
The full evidence will come out in a court case, and a decision on whether or not he is guilty will be made based on that full evidence. He has only just been charged and the court case has not started yet.
> The social network allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.
> The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.
This information contrasts with a statement Facebook provided in 2018, stating that such data sharing partnerships ended at the end of 2015. That statement itself was correcting an earlier statement stating that such access had ended even earlier.
> Facebook shared personal information culled from its users' profiles with other companies after the date when executives have said the social network prevented third-party developers from gaining access to the data, the company confirmed Friday.
> The companies had access to the data during a stretch of time in 2015 after Facebook had locked out most developers who build apps that work on its social network. Facebook gave select "whitelisted" companies extensions before they were also blocked from getting its users' personal information.
> Those extensions expired before the end of 2015, Facebook said. The company believes the previously unreported extensions with a select group of companies is consistent with previous statements that Facebook CEO Mark Zuckerberg has made, including in testimony to Congress, about shielding its 2.2 billion users' personal information from third parties since 2015.
> "Any new 'deals', as the Journal describes them, involved people's ability to share their broader friends' lists — not their friends' private information like photos or interests," Ime Archibong, Facebook's vice president of product partnerships, said in a written statement.
No, since the person who's documents were seized was in the UK on a trip. Except for special cases where immunity is granted, physical presence in a country means that one is subject to the laws and jurisdiction of the country. In this case, the UK Parliament had the authority to compel the production of the documents in question, by threat of imprisonment if necessary.
A question for any legal scholars out there: the seizure of the documents would be contempt of court in the US, could it not? The person who was threatened with arrest has the defense of duress, so could the US court charge the MPs who ordered the seizure? I don't think the UK would extradite, but if the MPs were to visit the US without immunity, could they be arrested for violating US law (even though their actions are apparently within their rights under UK law)?
Tencent, surprisingly, is 33% owned by the South African company Naspers, as well as 7% other foreign institutional investors. Alibaba is 30% owned by the Japanese Softbank and 15% owned by a US holding company resultant of Yahoo's sale. [2] Baidu is 35%+ held by a hodgepodge of funds and holding companies. [3]
