Posts by doublelayer 9378 publicly visible posts • joined 22 Feb 2018
They both store and retrieve data, just badly. It doesn't matter whether it comes back mangled a bit when we all know what you put in and what you got out. By that logic, I can record music onto a cassette, read that into a file, and it's a completely new work because listen, you can hear some static and annoying degradation, so it's not the same as what was put in.
I'm guessing you have enough knowledge to put something in the line to replace the IDs of your adapter with the ID of a keyboard it already likes. Just plug in some USB keyboards you have in your house or office until you find one it accepts, then use the same IDs as that one.
"And having to download twenty megabytes of data to send a ten character patch gets old really fast"
First, that's just git, not any particular frontend. Don't conflate them. Second, have you used the various partial or shallow clone options? You can use them to download less stuff and still get what you need. Git was designed to be decentralized and give you all the data up front, but you don't have to use it that way.
Inspect where you're going. Is the user going to the company-specific site? It's probably fine. Are they going to the company's organization on the normal instance? It's still probably fine. Are they going to some other location? They might not be fine.
Of course, this requires the company to have some plan for what they'll do in that situation which they probably don't have. It's like they assume they can somehow use the internet without the risk that they'll find anything bad up there. It's not going to happen, even if you have a filter for some of the worst stuff.
And they require you to build packages for lots of different systems every time you release, which if this is a small project may not justify the effort to do so. In many cases, the philosophy is here's the code, you install it yourself. You are smart enough to do so.
A custom package repository for small projects also offers you little security benefit over a GitHub account. To use one of those, you add a key which you get from some internet site and you trust that nobody has managed to sign something with it that would be dangerous, whether that involved adding code to the GitHub repo without me noticing it was malicious or directly obtaining the signing key and using it. For larger projects where there is a single trusted source, the repo option makes more sense, but if you're dealing with GitHub user fuzjo949, using their package repository is not likely to be any more secure than cloning their repo and running the install script in it; the package will contain the same script and run it during installation. If new stuff was added to that script without fuzjo949 noticing, the new package will have that in it as well. At least when you know you're going to run a shell script as root, it gives you a chance to decide to read through it first.
"Email sent and received through the corporate MTA belongs to the corporation. If someone is authorized by the corporation to read that email, then they have the right to do so."
There is a difference between my technical access meaning it is possible for me to read that and the business having authorized me to read that. That difference is important to acting ethically, both independently and from the company's perspective. The same thing applies to lots of other situations. For example, if a door is unlocked but high security, then I'm not to blame if I wander in by mistake, but it is a problem if I know I don't have permission to go in there and do it anyway because I can.
In many countries, it is illegal for an employer to prevent you from sharing salary information. Check on your own just in case, but the chances are that you can share it whenever you want, as publicly as you want, no matter what they say about it.
My feelings on it are similar to yours. If someone had reason to think they or someone else were being mistreated, I would share the information. Otherwise, I will not. I know some people who would view it as a competition and would be very annoyed if I earned more than them, and quite smug and annoying if I earned less. That's why I won't just tell anyone the number. I have a few other reasons not to want it visible by default to the general public, which are similar to my reasons for wanting most if not all details about me to be private by default.
I'm not sure your concept of GDPR is the same as its actual contents. If it's about data your business collected, it is probably an issue, but the GDPR issue may be more centered on having collected stuff you shouldn't have. Exposing that information to colleagues could also be an issue under GDPR. If, instead, it's sharing real or imagined details about colleagues, then GDPR is not the law you're looking for. I think most of the workplace gossip the article is talking about is the latter.
Let's assume that you could send a message in 24 hours, guaranteed, based on current or upcoming coverage. That wouldn't work out for most people because, while they're waiting for the satellite to show up, they'd have to be transmitting frequently to hope to catch one. Their battery would not be able to last 24 hours of that unless they brought plenty of backups or use one of the half-a-kilo models designed for it. I'd try it, but the chances are too high that they would lose power before getting a connection. Starlink will put more satellites up so this eventually works, assuming they continue to get permission and money to do so. I wouldn't expect it to be very useful until they have done that.
I'm not sure that being in a dead zone is an excuse that works very well for many people. If someone contacts me on the weekend, they send a message which, even if it doesn't appear immediately because my phone is out of connection, will be waiting for me as soon as connection is restored. If the phone being off temporarily is a good enough excuse, you still have the battery dying and someone borrowing it for an emergency call to use.
Whenever I've had people who think I should be contactable at all hours, they generally assume that I'll see their message quickly if not immediately and respond to it then. Fortunately for me, I have relatively few people requiring that of me, although they frequently make other requests such as working outside normal hours for no good reason.
"Why do you think it is called a "neural network"?"
Because it's designed to simulate neurons. Not that neurons simulate it. I can give you a big bucket of neurons and they won't be doing this stuff. Just because that's the inspiration for the model doesn't mean that anything a neural network does is what a brain would do. Similarly, have you heard of genetic algorithms? They're quite cool and sometimes work well, though like neural networks they're pretty compute intensive to get going. They don't act like DNA does, though.
True, but this was a discussion about whether you can claim that training an LLM is similar to human learning. You don't need to prove the method of human intelligence if you just want to make a copyright point, but if your defense to the copyright claim is based in neuroscience, you do. The AI companies have made it clear that they're not going to attempt it, likely because they have experts who know how silly it would be to do. While they might succeed at confusing a jury, they'd have to do it by lying to them. Meanwhile, their fair use defense will be easier to argue, so it appears they're going with that. Their analogies will not be to education and human brains, but to libraries and search engines. I don't think that argument is good, but it's a lot closer to valid than the one about learning.
This is subjective, but I do not think your argument qualifies. Remembering a sentence and modifying it is not the same as remembering the entire book and quoting it. LLMs have frequently done the latter. It's not "It was the best of times, it was the worst of times" but me typing the entirety of the opening chapter into this box. I have read that book, but I cannot do that. I don't think any student could unless they had specifically studied the chapter or if they were trapped in a prison cell with only that book for years and had become obsessive. LLMs frequently do it without that being the desired outcome, and when people do want that outcome, it happens quite reliably.
"Can it be argued that training is similar to a child reading a copyrighted book"
It can be argued, and it has been by many people. I have yet to see it argued successfully, however. Usually, the argument goes like this:
The process of getting text into this model is called training. The process of educating a child can be called training. Therefore they must be the same. The work printed by the model looks like an essay. Students also produce essays. They must be the same. Argument ends here.
Actually arguing that would require you to demonstrate why the training of a model which can and does memorize large chunks of text and sometimes prints it verbatim is equivalent to human reading, and not by resorting to humans with incredible memories who may or may not be able to recount a book back to you on reading it once. It will require you to determine if you think that reading some books and reading millions of books, more than any human could possibly do, are the same or not. It will require you to prove an equivalence between the statistical methods used on the training material and human intelligence, which will be quite difficult. It will require you to prove that the parts of human experience other than reading which affect their products are sufficiently small that they can be discounted when making the comparison to the way an LLM produces its output. Unfortunately for anyone making these arguments, these are all relatively subjective arguments, but to the extent that they can be argued, they usually produce a stronger conclusion that ingestion of text into a model is not at all like a student's learning.
It depends how many options you go through and how many nodes you test from. A truly random 20-character password would be hard, but a predictable 20-character password is less difficult. This is why they usually block people from doing brute force attacks, but that either wasn't in place or didn't work in this case.
The problem with that is that their calculations are just actuarial. They calculate whether paying the ransom in this particular case is more or less expensive than paying to recover without doing one. They probably have someone looking at the details to factor in the need to clean the systems afterward, the likelihood of getting your data, and whether the decryption process will have extra difficulties. What they don't factor in is how much paying this ransom will exacerbate the problem of ransomware in general because they don't care. If it does, they get more insurance payments, and if it doesn't, they will have fewer claims to pay.
When we make regulations, we do care about whether ransomware increases or decreases because we're trying to write them such that it does decrease. Insurance companies' estimations are insufficient to answer that question because that is not the question they are trying to answer.
Their training data will include lots of sites that explain what jurisdiction is. It's a basic concept. It will include plenty of pirated law textbooks as well. If this was a magical brain bot that could do what a human can do but at a much higher scale, it would be able to get an accurate picture of legal reality, store all the tiny legal details, and put them together. It would only be wrong if some major change was made after training, for example a law being passed which invalidates stuff but it wasn't told about that new law.
We don't have a magical brain bot. We have a large language model which takes a bunch of plausible guesses and stitches them together. It doesn't matter what you put in, because the way the bot works is guaranteed to make something up. If you put less in, those errors look like it had some kind of stroke and can't manage language. If you put more in, it looks like it's clueless about facts but the grammar looks acceptable. Either way, it's intrinsic to the way they are built.
Laws are not easily understood, but even if they were, LLMs wouldn't handle them properly because they are LLMs and they can't handle anything particularly detailed. An LLM builds its model by getting a lot of reinforcement, which means if there is a small detail that's important in your situation but not in others' situations, then it's likely to have seen many more sources that don't bother with the detail and try to treat you accordingly. Laws, meanwhile, are a collection of details that apply in some situation and not in others, making them a poor thing to use an LLM to understand.
There are some reasons to expect that it will be even worse at legal situations than at some others, since it is very easy for historical data to be invalid and for tiny differences in the input situation to make a big difference to the accurate answer. While it's not too accurate at anything, law would be one of the worst things to use it for, probably along with medicine. Some things that involve more rote memorization would be more accurate, though likely not accurate enough to use, which is why LLMs have been so useful at cheating at basic schoolwork where you have to learn the same basics that everyone else learned in order to properly manage the advanced stuff you'll learn later.
Not in my experience. When I search for something, I may get something useful, I may get nothing related to what I want, or I might get things that are related but aren't helpful. What I rarely see is something that looks like it's helpful but is actually complete gibberish. For example, I was looking for a source for firmware update files for hardware whose manufacturer does not properly organize and present them, and I got firmware files for a similarly-named but otherwise completely different product. I did not get an essay summarizing firmware updates that didn't exist. I much prefer the former because I can quickly identify that the hardware I'm looking at is not for radio stations, so I don't want that result.
It's not even as simple as the AI being fed garbage data and not filtering it out, but sometimes the AI being fed applicable data and not being able to determine when it is applicable and when it is not. Admittedly, I've seen humans fail that test as well, but they're usually a bit better at it. For example, a person does a search for a legal issue and gets results that describe, accurately, the process for dealing with that issue in a place they're not in. The location where it applies will be written in that article, and most people will find that out and try to find another article. Language models will probably fail to correlate that mention of the location with all the words further along in the article and, if what it says is common enough, give it to anyone who asks about the issue, even if that person specifically mentioned a different location. It got correct data and nonetheless generates garbage. That is what an LLM does, and the sooner people realize that, the fewer idiots they will make of themselves.
Which works a bit better, but may not produce the intended result in the rideshare example:
[1] can refuse an assignment,: Yes.
[2] can decide how to carry it out,: Probably not, depending on what counts, although they can take different routes if they want.
[3] must complete or remediate at their own expense if things go wrong: Yes, I think that's how it works, since the price was agreed on up front.
So this may not classify them as employees.
Yes, generally those ones. You know what I meant, and my comment wasn't necessarily supporting them. They do exist, however, and they're one of the major reasons people are trying to create these tests. Therefore, if the test doesn't even generate the intended result for those people, it's likely to be unsuitable for the general case and needs to be adjusted. The existing test mentioned in the article already has some ambiguous aspects, but it's much clearer than this one-point one.
The test you propose isn't very good at dealing with this question. For example, in the case of the ridesharing companies, the person driving is told how much they would be paid and what they would be doing, but they have the choice to individually accept and reject those occasions. If we were using your test, I think that would not meet your qualification for employees. There would be a lot of arguing from the companies that this makes the workers independent. If that's not what you intended, you may need a different test.
My best guess is that you try to identify customers who don't know about the product, then some who do know but aren't convinced, then those who like it but need to be pushed to buy, then those who already bought who need to be encouraged to buy more of it (even if it's something you buy every decade or two). You write four different ads for the types of customer, then spam them out at random because the targeting system has no good way of determining which of them any given user might be. Eventually, somebody tries to save some money by not bothering to write four ads and spamming the one version out to everyone, and we have the internet ads we know and block today.
It doesn't. You can set it to never lock automatically unless you press the button. It'll kill your battery the first time you think you pressed the button and didn't, it will make a stolen device much easier to keep alive while waiting, but if you want that option, you can select it. Alternatively, maybe they meant that the user had not set a passcode so it could be unlocked by anyone, again a nondefault behavior which you are certainly able to select.
Figure out where the phone came from: a plane. Figure out how high the plane was when the phone stopped being in it: approximately 16,000 feet. Insert the word "apparently" in case this was someone mocking up a fake ticket and planting a phone where debris from the plane would have landed or if a helpful skydiver carefully brought it down.
Which is why I have said, here and in multiple preceding comments, that it would make a lot of sense not to accept a deal which is only for exposure. However, it doesn't mean that someone offering it is abusing them, because they have the freedom to reject the offer, propose a different one, or find someone else.
A lot of this is also based on the concept of a going rate, as if there's some fair value of an artwork. In both software and art, this is not the case. A piece of software might be invaluably precious to one company that really needs that functionality and worthless to most others. I have written some of that. Similarly, an artwork is valued based on subjective estimations of quality, what they expect others to think of it, and whether they think it would look nice next to the other artworks they already have. If we removed all possibility of someone trying to get the artwork on the cheap and everyone actually said the maximum amount of money they'd be willing to pay to acquire it, they would still have a lot of variation and some people would offer really small numbers because they don't like the artwork very much or don't see much value in it. Those people are not abusing the artist by offering below a fair value. They are just customers the artist doesn't want to sell to.
"The Karens of the IT world use exactly this argument - they get to decide what the value is, not the person who has put months or even years of effort into a project."
That is not what I am saying. I am saying that everyone, big company or individual, programmer or buyer, decides what they think the value is. They then suggest some terms to the person they're negotiating with, and if their values are wildly divergent, a sale doesn't happen. If I'm selling licenses to my product and I think the appropriate price for a license is £5k per user per month, you are not being unfair to me by telling me that you don't see any more than £500. I may reduce my price because I want your business, but with a difference like that, the chances are high that I will simply tell you that your price is not acceptable for me, but you are free to come back if you fail to find something at the price you want. Nobody is forcing people to accept lower prices. As disappointing as it might be to find that people are not willing to pay you the value you expect, they have not violated you by not valuing your work as highly as you do. If they offer you something insultingly small, then don't hesitate to tell them you'll find another buyer.
As the buyer of the art, I decide how much value I think the art has. As the seller of the art, you decide how much value you think you are getting from my proposal. That means that if I offer you £50, you consider such things as whether you want payment in pounds and whether 50 is enough of them, and if I offer you exposure, you consider what kind of exposure you'll actually get and how likely that is to result in a benefit to you. You might ask such questions as whether I'm going to display it, and when and where that will be, and for how long, and lots of other questions. Then you put a value on that and decide whether it's worth it.
The same applies to me saying that I'll buy your product if you make it open source. You have to decide how much it's worth to you to keep this closed source, how much you'll lose by making it open source, and see if what I'm offering bridges that gap. If you decide it doesn't, you either negotiate with me for better terms or you decline my offer and find something else. That I offered you terms you don't like is neither abuse nor should it be unacceptable. It shouldn't be unacceptable because the other party is making exactly the same calculations: they decide how much they're willing to pay for something and try to factor in any other options, for example how much value they would expect to gain from having access to the code they purchased. You may find yourself facing an offer like "I'll pay you £50k if you make this open source", and it may well be composed of a "I would pay £2k for the product as is, I would pay £15k if I had a guarantee of support, and I would pay £50k for the ability to support it myself and distribute changes in case the writer disappears". All of those numbers may be too low for you, but they have not violated your rights or the bounds of propriety by suggesting them.
And, like the art world, it's completely acceptable. I can tell someone that I won't pay for their art but I will happily show it to people. If they don't like that, and they have good reason not to, then they shouldn't give me any of their art. If someone refuses to pay the price you think is deserved, then don't give them your product. If everyone isn't willing to pay what you want, then you may have to reconsider what you'll charge or how you'll do it, but that doesn't mean you just do whatever anyone asks for.
"It also (as another poster raised and promptly got downvoted for) can be wildly abused as a mechanism for denying the reward for work done."
They got downvotes because it's not abuse. It's specifically written into the license the person doing the work chose. If I write some code and say you can use it for free, and you can make money from using it, then maybe I should have tried to charge you in the first place. There's a reasonable chance you wouldn't have used my code in that case, but if I choose to give you the right to use it for free, then I should expect that you get to use it for free. There are a lot of options for making software which cannot be used in commercial situations without payment. If you don't choose any of those methods, and you specifically choose one that does allow it, it is not abuse when people do what you said they could.
It doesn't set any precedent. She could do that because she retained copyright to the music itself, just not the specific recording of her singing it. She had the rights to make a new recording of her singing her copyrighted work. Nobody had a claim against her for doing it. Had she signed over the rights to the song, not just the recording, she would not have been permitted to do so.
That's been tried. It doesn't work. Just as you can release every combination of two words into the public domain, and every single word, but that won't eliminate copyright on sentences produced from the words. Music copyright complaints, when they're talking about small similarities between two distinct pieces, are often dubious in quality. A brute force algorithm won't fix it for two reasons:
1. The copyright office in the United States has clearly stated that a dumb program's output can't be copyrighted unless there is significant human effort involved, so they don't have copyright over the tiny chunks in the United States, where many of the lawsuits occur.
2. Most of the sections would be too small to copyright anyway, in the same way that I can't write "I am" (copyright me, you can't use it).
They'll probably try, but I doubt it will work. A lot of musicians and bands have a powerful brand which attracts people to spend money on it. It's not just that they make good music. Most of the popular ones make reasonably good music, assuming you like the genre they're making it in, but others could manage that as well.
Books work similarly. There are several authors I really like reading and, when they publish a new book, I eagerly go out and read it. This isn't because other authors can't write a book of comparable quality, but because I don't know about them yet. The author's name can be a powerful influence on whether people buy it since they know what they're getting. If every book was published under a new pseudonym, I wouldn't already know I liked it and would be less likely to find out about its existence, meaning fewer sales. Publishers might respond to this by trying to sell lots of AI-generated or ghost-written books under the same pseudonym, but if they do it too much, I will figure out that the name is no longer attached to the consistent quality I'm looking for and stop reading books by that pseudonym. The benefit of a brand that conveys a certain message to the people buying the work will probably keep individuals around, both in literature and in music.
That will result in a lot of debates about what counts as a result of. If I can find another factor, would that cancel out the "result of" part? For example, you had to enter your password, but then a software exploit allowed it to gain more control after that. Can the software writers argue that they're not at fault because nothing could have happened had you not entered the password? It will also mean debating the definition of "exploit". One that permits installation or elevation is clear enough, but those are often less common than something less clear, such as malware watching user actions and stealing credentials, which could theoretically be prevented with different system design but in practice wouldn't on any platform. If Microsoft points out that, had this been Linux, the malware would have had the same ability to conduct monitoring, who is at fault then?
If you want to assign blame to someone, you will often find that the blame goes to a very large set of different people, often including people you don't want to see blamed.
Do you want that tested over your house? Are you really planning your international policy on Russia being unwilling or unable to maintain some nuclear weapons to back up the frequent threats, weapons they already had? I'm sure the Russian arsenal is less modern and well-maintained than the American or British ones, but an old nuclear weapon can still kill a lot of people. The reason that nuclear powers usually have a strong line against any use of nuclear weapons is that even one detonation can be catastrophic. Unless you seriously believe that Russia somehow managed to break every nuclear weapon they've ever had, you need to take their ability to use them into account when planning actions against them, which means that nuking them yourself is a really risky thing to do.
But let's assume it's not Russia. It's the People's Republic of Alphia which doesn't have any nuclear weapons. They can't get any meaningful revenge if you decide to attack them. Are you satisfied dropping a nuclear weapon on them when criminals operate from them and they don't do something about it? That will result in thousands to millions of innocent Alphians who didn't do that dying. It will probably cause people in Alphia's neighbors to die as well. It will certainly cause complete chaos in the region. It will likely cause a lot of Alphians to hate your country, so expect some Alphian terrorist movements trying to make you pay. Is that something you're comfortable doing, both from a moral and a pragmatic point of view?
It depends what you have to do to get cut off. If it's really difficult, effectively making yourself a pariah to everybody, then it won't matter. The only country that's achieved that is North Korea, and basically nothing comes from their tiny address space. All their attacks come from other countries' addresses, most of that launched from Chinese proxies (as the first link in a chain to more proxies), and some also committed by people operating from a different country already. If it's really easy to get a country blocked from the internet, what makes you so sure that the one you're in won't get blocked for some reason? Russia may have burned a lot of its bridges with European countries and close allies, but they've got plenty of links with other countries, especially including India and China. How would we ban Russia from the internet if India and China were voting on their side and could easily proxy as much traffic as they needed to. Would we try to ban those two as well for not complying with our ban? The decisions required to implement that and trying to decide who should have the power to make them is a very difficult task.
They do that. For example, from this paper alone:
US offers $10m for info on DarkSide ransomware gang chiefs
US puts a $10m bounty on Hive while Russia shuts down access
US offers $15m for help catching Conti ransomware gang
If you have lots of cash to spend on that, you can keep doing it. I'm not sure the rewards promised in any of those have actually been paid, and I don't know how many useful leads they got from having those programs, but it is a tool and the US, at least, has been using it on occasion.
Let's say you have a server with reliable weekly backups. The server has been infected with ransomware and cannot be decrypted. The last four weeks' backups were encrypted as well because the operators watched you and determined that you do a test of the backup tape every month, so they waited for you to do one, corrupted the backups for the next month, then went through with the full attack. You can't restore any of those, but you can restore the one from five weeks ago. However, if you just hit the big restore button like you would do if the disks had failed, you'll get the server image from that time which still has their malware on it. So you may instead have to recreate a new server and carefully copy only the data back onto that server. Then you have to do something to recover last month's data, which could mean using some incremental backups you have, recreating from other sources, or dealing with unrecoverable data. Deciding which to do and actually carrying it out requires someone familiar with the system and someone familiar with the data, likely not the same person, and some time for each to evaluate the situation, determine the best method of recovery, and carry it out. Carrying it out may require more people to spend time doing so. You also have to make sure that the malware won't be able to reinfect the new server when you have it running, so you'll need to make some changes. I imagine you understand all these actions.
Now you have ten thousand servers, and they're not all the same, and many of them aren't just standalone servers but various types of infrastructure, from networking equipment to functions that get resources provisioned automatically by your datacenter VM management software or your cloud provider. Most of them don't do anything on their own, but work in a big cluster of other things. The data on the resources covers everything your company used to use, so you need many more data experts to determine how to recover it. The scale of the recovery effort isn't linear. Fortunately, your team is likely bigger, but that only goes so far.
In such a situation, it often comes down to luck. Something may have evaded the attack because it was better secured, because it didn't work the way the attackers had planned, or for many other reasons. It can also be a great opportunity to change the systems. I usually have a long list of changes that would probably be good to make, but we don't do it because everything's running right now and making big changes could break something. Now that everything is broken and we're rebuilding from scratch anyway, it might make some sense to make improvements so that the new version is better. That adds delays as well.
"This time [...] with some security" is not something you can just buy. You have to work on doing that better than last time, and that takes time and effort. Insurance covering the costs depends on whether you had insurance that covers that, which not everyone does, and doesn't necessarily shorten the time to recovery; if the insurance lets you hire the most expensive consultants and as many of them as you want, then you can cut down on implementation time to some extent, but it usually doesn't let you do that. Even if it did, there comes a point where adding more people won't speed up the process anymore.
Not necessarily, but it is possible. They may be trying to rebuild something better rather than restoring exactly what they had before, or they might have to rebuild something different because they don't have some of what used to exist. From the statements in the article, I don't think we can know for sure whether either of those apply. Similarly, they may have restored a lot of the content from backups but want to recreate all the systems that handled that content from scratch, which would certainly add to the recovery time. It's often not as simple as did they have unaffected backups yes or no.
They're not dictating it, they're just asking people to do it and those people are following the request. Maybe they're paying for it, maybe not, but you're treating this as a more significant action than it is. We all have that right. If you can convince people who make keyboards to put on another key and they do it, then we will have a new key.
Removing features when you install an update doesn't, in fact, send anyone to jail. It's the reality of software: if you choose to run someone's software, and you choose to install updates, then those updates can break things and they get the right from you having chosen to do that. If you don't want them to do that, you have to make other choices such as copying Word Pad and keeping it around, which looks to be pretty easy to do, or blocking the update, which we've known how to do since Windows 10 introduced the automatic updates feature. It's been around for ten years. Anyone posting here either knows at least three different ways of blocking Windows updates or can find them online. It's been pretty easy with a few minutes' effort since the beginning. You'll have to deal with the consequences of that choice if you choose to make it, which is why I suggest copying Word Pad if you use it and want to keep it.
It's like asking what gave my distribution maintainers the right to remove Python 2 from their repositories, because now old scripts from 2008 which don't run in Python 3 (and might not run correctly anyway) can't be run unless I install Python 2 manually. I gave them the right by using their distribution, or rather they didn't need the right because they choose what they put in it and I choose to take it. If I don't like it, I change what I'm doing so it doesn't happen.
It's a bunch of people from everywhere. One common setup involves Russia, because it and surrounding countries have had a lot of people who have technical skills but few job prospects, and Russia has turned a blind eye to criminals who don't attack Russians and occasionally help them disguise government actions. That's why some of the largest operations are based there. However, even those have a lot of outsourcing. For example, they might write the encryption software themselves and run the negotiations, but they let someone else break into the networks to install it. That person gets a cut and could easily be outside Russia. Similarly, even those who work for the group need not be in Russia, and very commonly are located elsewhere. Ukraine had a lot of participants, and while the Ukrainian authorities were much more helpful in arresting them when identified, it didn't stop it being a country with plenty of participants. A group can form in any country, can have employees or partners in any other set of countries, and can be created by multiple types of people, from those interested in a quick heist to governments trying to disguise military actions as a criminal enterprise.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
