Re: For the enlightenment of a right-pondian
Addressing your question more directly, it's usually at least one of chlamydia, gonorrhea, or syphilis.
1175 posts • joined 14 Oct 2015
In the seminal 1980s hit comedy Revenge of the Nerds, the supposed heroes of the piece join a fraternity and use tactics such as doxing and rape to gain the advantage over the more conventionally attractive and successful college students who have tormented them throughout the movie. One expects the culture is something like that.
Sorry, you fail to understand "Cancel Culture." According to the right wing, the real victim of "cancel culture" here would be Shane Sonderman, who was just using his free speech rights as carved into stone by God Himself when He wrote the US Constitution and handed the tablets down to Jefferson Davis at Stony Mountain.
For me at least, it's because I have people with whom I would like to share calendars and documents. To forestall the obvious objection, yes it is possible to send docs and calendar invitations and whatnot via email, but these applications make it a lot simpler, and they enable seamless collaboration in a way that conventional standalone applications do not.
To forestall the inevitable hand-wringing about how people today are lazy and stupid and don't value their privacy as much as they should and shouldn't be allowed to even use computers, etc.: we use computers and their software to enable capabilities that we wouldn't have otherwise or to make our lives more convenient. There's nothing wrong with that. There's not even anything inherently wrong with trading convenience for privacy. What's wrong is that the terms of that transaction are obscured from the user: we don't know with any great degree of accuracy or precision where our data is going, and the approaches detailed in the article attempt to at least put more control back in the hands of the end user.
The Mozilla test group is a pretty self-selecting bunch: people with the discernment to be running Firefox and the willingness to install this add-on and participate in the test. I would guess this population is not representative of YouTube consumers as a whole. Which is not to say they don't have a valid point, but I suspect that most people will happily stare slack-jawed at the screen until Wall-E comes around with a soda.
Arguably, the problem is not that robots are dumb, the problem is that we don't know how to teach them or to give them appropriate sensory apparatus to learn. One huge advantage for the robots will be that they can exchange information much more rapidly than we can, so whatever they do learn can be disseminated across the entire population or a significant subset thereof. We can therefore assume exponential learning capabilities.
That should be fun.
"I guess you would say that the US government should get rid of the law banning payment of ransom for US citizens kidnapped overseas."
Such a law does seem inhumane to me. It also seems unconstitutional, since the Citizens United decision has firmly established that spending money is speech and hence subject to First Amendment protections.
In any case, I recognize the incentives created by paying off ransomers, whether through insurance or one's own funding. My objection is to the mindset a lot of people in these comment pages seem to have, which is that the businesses afflicted by ransomware deserve to go out of business (businesses which include places like hospitals, lest we forget), and I was calling attention to the difficulty of defending against ransomware, but I suppose that point was difficult to see from the great height of your horse.
You know what . . . I've seen the light. In fact, I think merely making the payment of ransomware illegal and the jailing of corporate executives do not go far enough. In fact, we should summarily execute everyone who has ever worked for a company that paid ransomware. After all, just losing their jobs when the company goes under is clearly insufficiently punishing to the workers; we need sterner measures! I'm thinking something appropriately medieval like drawing and quartering or public gibbets.
"but once the criminals are unable to make any money off ransomware, it will stop."
One theory about the source of these ransomware attacks is that they come from state-sponsored actors, essentially making the ransomware scum the equivalent of privateers raiding maritime shipping. Seizing some or all of the cargo on a commercial ship was obviously ideal for the privateers, but sinking enemy shipping was also acceptable. What you're advising is the equivalent of demanding that a ship's captain refuse to strike colors and surrender to a privateer and instead allow his ship to be sunk. Either way, the adversary wins, but in the former case, at least the merchant ship can continue to sail while in the latter case both ship and cargo are lost. Which is better depends on your outlook; it might be better in the long term for the privateers to be denied their spoils, but it sure sucks for the crews of the sunk ships, and as long as a nation-state is willing to pay the privateers, they will continue to operate; the ransom just provides an additional (significant) incentive.
While I agree that many, if not most, companies should have a greater focus on security, I think the following facts should be considered:
1) Bulletproof security is, in fact, difficult. Retrofitting security to systems or environments which weren't designed for maximum security is even more difficult.
2) Finding qualified staff and/or consultants to build a secure environment is both difficult and expensive. Good security people are in high demand, the more so because of the current elevated threat environment.
3) The current threat environment is unprecedented. Most companies were able to live with relatively lax security for a long time because the perceived consequences were not as severe as now. Companies and people are still adjusting to the new reality.
A lot of entities have been caught wrong-footed by the sudden spate of ransomware and don't immediately have the resources or the expertise to address the need for a more rigorous defensive posture. Dog-piling on the victims hardly seems warranted.
"The Reserve Bank of India (RBI) warned about Big Tech's potential to dominate the financial services sector and overrun banks in its Financial Stability Report released yesterday."
What rails has that sentence gone off, exactly?
I've administered both Notes and Exchange, and I would rather set my own dick on fire than manage Notes again, and that's not even factoring in the abortion of a client. I can't help but believe that Notes "lovers" have some form of Stockholm syndrome. Notes is a better application platform, I will grant that much, and it is certainly easier to deal with than SharePoint, but on the email/calendaring front it blows goats.
Good luck, IBM! My years of refusing to even look at IBM technology are certainly seeming wise!
No, I'm saying that the insurance companies have a strong motivation (financial profit) not to a) insure risky clients and b) pay out claims. Without getting into the weeds regarding insurance, insurers obviously also have an incentive to insure people and pay claims, but I believe the theory promulgated by El Reg is that the insurers did a piss-poor job of evaluating the risk behind ransomware and now find themselves potentially on the hook for rather more claim money than they anticipated so are balking at paying it. No conspiracy is required: given the incentives involved, it's perfectly possible for multiple insurance companies to come to the same conclusion independently.
Which insurer do you work for, btw?
So your assertion is that insurance companies are not rent-seekers who ideally seek to only take in money without ever paying any out and who will deny coverage and reimbursement on the flimsiest pretext? Because that definitely reflects my experience, and I'm sure I'm not the only one.
"But it strikes me that the best way to fix the problem is to accept that the ransomware gangs are doing valuable work, and pay them for the work - as long as they inform the right people instead of using their access to lock stuff."
There are already red team hackers who do just what you describe. The problem is getting the organization to implement the correct changes to patch the holes, which leads me to my next point ...
The only reason that having such a robust security response is necessary is because of criminal activity in the first place. It's like saying that someone who breaks into my house and steals my stuff is doing me a favor by highlighting the weaknesses in my home security. In fact, the only reason I need security is because of thieving assholes. In practice, it would be much nicer if I could just leave my door unlocked and not have an unsightly iron gate in front of my house, but I can't because assholes.
As an aside, I agree that there is a more complex discussion which could be had in regard to financial and other incentives which motivate the ransomware scum. On balance, however, I just wish they'd fucking crawl into a hole and die.
It seems like there is a ripe market for mercenary hacker bands who will hunt down ransomware scum and their ilk for retainer + bounty. Where are those guys?
Upon consideration, it seems like we're on the verge of a cyperpunk future where one could have a multi-functional mercenary team consisting of one or more offensive hackers (netrunners) combined with boots on the ground whose job is to locate and liquidate the black hats. At some point, it seems like it would become cheaper and more satisfying to put money into a fund to employ these guys rather than pay off the worthless parasites who write ransomware. Hell, I'd throw in a few bucks.
Ah, yes, I remember the good old days of running "./configure; make; make install" and just having it turn out all right with no unresolved dependencies whatsoever, especially not issues with the developer having statically linked to one particular version of a library in another package and thus having the software fail to build. Nope, that certainly never happened. Likewise, I have never struggled with RPMs that fail to install because they depend on a particular micro-version of an obscure package and adamantly refuse to accept that version 1.3.11511516-33 is just as valid as 1.3.11511516-32. Not saying that containers solve all those problems, but they do put more power in the developers' or package-builders hands to ensure that dependencies are resolved before deployment.
"You want to try working with people who moan that they can't still have XP or Widows 7 and bleat on a regular basis that they can't understand why things have to change."
You mean like a sizeable percentage of El Reg's commentards? Don't get them started on the ribbon interface, either, or you'll never hear the end of it!
I have been repeatedly assured by Biden-bashers that he is in China's pocket. Shirley you're not telling me it's all been far-right whackadoodle propaganda? Or is this the work of that nefarious Deep State I've heard so much about, undermining America's supremacy by protecting it from potentially insecure foreign-made network equipment?
Biting the hand that feeds IT © 1998–2021