Tag: info

Where to put an “Activity Log” affordance on a page with fairly high info density?

Rule Builder page

Hey!

I’m designing a rule builder tool and trying to figure out where to put an “Activity Log” affordance – basically a place where the user can click and see a complete list of the edits that have been made to a specific rule, as well as their timestamps.

Right now it’s located in the “Queue” button (see screenshot), which, when clicked, displays a modal list of all the changes to the rule. However, this doesn’t seem right, because the rest of those CTA’s on the top right are reserved for explicit actions, not necessarily “locations” where the user will be taken.

So I’m wondering where else this affordance can be on the page where it makes sense in terms of UI best practices + principles? It doesn’t really matter if it opens up in a modal or another page.

Also, making it a third tab next to “Live” and “Draft” is not workable because, prior to making a draft, there’s a little “+ Create Draft” button next to the “Live” tab, which creates the Draft tab – so squeezing the Activity Log in there with that interaction happening is kinda tricky.

Anyways, I hope that all makes sense. Thanks for taking a look! Looking forward to your input 🙂

Is it confusing to link to another section of a site for more info?

I want to create a portfolio site for my team. I have two goals: 1. Create a section to showcase our projects 2. Have a blog where we can provide updates and talk about the “behind the scenes” of our projects.

Here is my question:
If someone lands in the project section and sees a project, would it be confusing to also have articles in the blog talking about the same project? Is that redundant? Would a user expect to see ALL information for a project in one place?

Or…am I doing too much with the blog? Should blogs on sites like this be reserved for updates only?

How do I sell critical vulnerability info to private company?

Here is the story. There is a private company, that has some software product that is used by thousands of its customers. After spending few sleepless nights on reverse engineering that product, I identified a critical flaw in it. The reason I explored this product was pure sport – reverse engineering is my hobby and nothing more.

But during my exploration I identified a very serious flaw that I did not expect. Exploiting it will mean extracting big money from the users of that software (customers of the company).

Now I’m not going to exercise that idea to steal money from other people, that’s way beyond my moral principles. Though somebody not really bound with such principles could make “big” money, permanently (for months or years), without trace.

I think it makes sense to mention, that this is the company that makes money when its customers lose money, basically. Imagine financial trading, money lending, gambling, etc. that type of industry. So nobody really “loves” them (incl. their customers), and they know it, and they’re ok with it.

I think it would be fair, that I could sell this vulnerability info to the company for a large sum, but I’m not sure how (if at all) this can be done. Just revealing the exploit to the public, even proving (without revealing the details) that such a vulnerability exists (and has always been existing!) would be a HUGE blow to the company, as they will probably lose big portion of the customers. Nevertheless, (and even considering that company makes millions of dollars per annum) I’m almost sure they won’t be willing to pay me anything unless I provide 100% proof.

The dilemma is – how to explain them the magnitude of that vulnerability, without disclosing hints about where to search for it. If I disclose the software product, and what kind of action contains what kind of vulnerability, I’m pretty sure they will try to investigate the particular possibility in a particular use-case, and eventually find the vulnerability themselves. On the other hand, if I’ll be vague (“I found something in one of your products, that can be used to steal money from your customers”), I’m pretty sure they won’t believe and won’t pay anything.

If I disclose the info to them without demanding anything, i.e. for a bona fide reward, I’m sure they won’t issue any reward. They’re just that kind of company – they don’t care about bona fide security researchers. They will fix it even without replying with a “thank you” mail.

Any kind of advice will be greatly appreciated. Is it not fair to expect some sort of payment from the company in such a situation? I’ve never dealt with such a situation before (as I mentioned, RCE is just a hobby for me).

EDIT/CLARIFICATION:

“If you can prove it and they still will not pay, what will you do? The answer to that will determine if this is blackmail.”

I will not, under any circumstances:

  • Use the exploit myself to benefit.
  • Reveal the vulnerability details to the public (without giving opportunity to the company to fix it), so that other people can exploit it.

What I could do (and I’m still not sure whether this is a good or bad thing), is to tell public about the mere existence of such a vulnerability. Something like a video demonstrating that such thing is doable. As I mentioned, such an action would result in company losing many customers, but if they do not bother to care, if they say “we don’t want to pay for that info”, would it be morally wrong or right thing to do?

I don’t care about the company. They make millions by exploiting their customers, so they don’t deserve any respect from me. I did some work (spent some significant hours), and if the company wants to benefit from my work, it makes sense for them to pay for it, doesn’t it? OTOH, you might say that I have responsibility about their customers to warn/protect them, but I fail to understand why I am obliged to do it for free(?) I.e. even doctors don’t cure you unless they get paid, right? Medicine for cancer treatment cost big money, because somebody spent their life researching it and now demands/deserves to be paid. In this light, I don’t understand why some comments are hinting I should do this for free. Could you please elaborate, am I really wrong to seek financial benefit for my work?

How can I get *ALL* the info for available packages in apt at once?

I would like to get the details about all the available packages in apt without installing them. I know that apt-cache search . would give me the list and description of all the available packages. However, I’m interested in the same list but with the most recent version. Is it possible?

I also know that I can loop over the package names and run apt-cache show pkgName, but I do not want to make multiple queries to apt-cache. I want to query it only once or use another tool or another available resource that could give me this info.

cd autocomplete displays tons of info

I use a lot of folders to organize my classes in school and often I simply have a folder inside another one all by itself as I know in the future I’ll add more. For example Folder0 -> Folder1 by itself -> multiples files.

My question is when I do cdthen try to autocomplete with Tab in my shells with nothing behind it, it shows me a lot more than expected and as such doesn’t directly work, as shown in this screenshot.

enter image description here

Is this normal ? If yes how can I disable it so I can autocomplete directly into my unique folder ?

Thanks already

First Clickbank Sale – Here’s All The Info!

So I wanted to share all the info that helped me make my first Clickbank sale. I made $ 20.61 – here is a screenshot I just took as proof: View attachment 244862

Now the whole idea of me using Clickbank is because I want to build my list with solo ads and I want a cheap offer on the front end to make some money, no big deal if I make no sales or break even after a solo ad run… the money is in the follow up.

Now a bit about my back story, I made money before but I never used…

First Clickbank Sale – Here's All The Info!