Posts by doublelayer 10519 publicly visible posts • joined 22 Feb 2018
"Paper and people to shuffle it are cheap and plentiful."
We live in different worlds. In mine, paper is cheap, and everything else is expensive. People to move forms manually when a computer can move thousands per second are a lot more expensive than that computer. Finding the people who want to do that work is not easy either. Dealing with errors caused by, for instance, someone misreading handwriting is not fast. Space to store all that paper is not free.
I think this would be illegal pretty much everywhere as theft, but in order to prove it, you'd have to file a court claim. I imagine that any company that has and acts on this policy would respond to any filed claim or possibly even the threat that you would file one by returning the device immediately. They're expecting that there will be many people who won't file a claim who will end up buying new ones and that, for those who do threaten it, they won't be at a loss because all they have to do is actually return the broken unit.
If you are reading it that way, it also means that I should be able to set up as many broadcast stations as I want, even if it means no other radio or TV signals can get through to you, because that is a medium by which one can express opinions. The same logic would apply to standing in your bedroom with a megaphone while you try to sleep. I think it's clear that that is not what they intended when they wrote that.
"But what does comparing their chess-playing ability do for us?"
It demonstrates that they are not general intelligences. And I don't agree that he believes they have one. I think he was attempting to demonstrate the extent to which they can solve problems that weren't the purpose of their training data, because that's what a lot of LLM-based products claim to do. By pointing out how often they fail at something that is relatively easy to make a computer do, it demonstrates the failure in a simple, practical, easily-understood way. That might be more convincing to someone who believes that LLMs can reliably solve problems than a theoretical discussion.
"But seriously, is anyone actually surprised at the complete failure of ML to play chess?"
Was that a typo? ML, as in machine learning, does play chess well. A specific model trained on the rules of chess to play actual chess moves is quite good and routinely beats the most skilled of humans. LLMs, on the other hand, are crap at that because they weren't intended to play chess, but there are lots of people who think that they're something that they're not. I don't think many of us are surprised that an LLM can't play chess, but there are some people who might, but probably won't, understand why this means their conception of an intelligent program is flawed. They see a program write a paragraph with correct grammar that looks to be answering a question, and since they can't answer that question, they assume it must be intelligent. Also because they can't answer the question, they may do that even if the provided answer is wrong. It looks convincing and that's good enough for them. I'm hoping we can show them what the tool can actually do before they unleash some LLM-powered thing on us which annoys everyone with constant wrong answers.
I think it's even simpler. I think people just don't care. They see nothing that Windows 11 has that Windows 10 can't do. I've been running Windows 11 for years now, and it's fine, but there's not much that is different from Windows 10 that affects what I do with it. People will replace broken things and get updates that way, and they won't care at least until security updates stop. I predict that there will be a spike after those updates end from people updating the Windows version on machines that could have supported it any time since 2021, but even then there will be lots of people running 10 because they see an optional update and always cancel it.
Your argument might work if their problem was a server capacity error, although not very well because, as everyone including you must know by now, putting your resources on a cloud service doesn't automatically provide resiliency, just provides you more tools so you can have it cheaper. However, with the internal server error messages, you have to wonder if maybe their problem is that they screwed something up. Cloud does not save you from configuring something the wrong way.
There are two options:
1. You are right, they get it from a UK organization that is breaking GDPR and is liable for it. The Florida people have no requirement to identify who that UK entity is, so unless you can find out in some other way, how are you going to file a complaint?
2. They do it to UK citizens who have provided some information and collect it, with permission, from a UK company that has legitimate reasons under GDPR to process it. Then, unlike that company, they keep it and thus your objection only applies to them. Theoretically, you can still hold them liable under GDPR, but if they don't have operations in Europe, they will likely not pay a penalty.
"Does NIST not understand that 'region of birth" has only tangential bearing on physical attributes,"
It doesn't matter. If you put region of birth into your analysis and it points out that accuracy is different on that basis, that indicates a problem. Whether that problem is due to a racial difference or if there is some other regional factor is important if you're the writer of the thing wanting to improve it, but as a user wanting to know if it's good enough, you don't need to care, because either way the answer is that it is not good enough.
I'm not sure you'll be able to make it system-wide because it generally relies on the application to search for you. If you made it common enough, people might adopt it voluntarily, but it wouldn't change the situation where an application decides to reinterpret what it does even if you'd be happier with using the previously standard behavior. For instance, I can see a browser using those keys as back and forward buttons, then because they've implemented behaviors for the keys, they don't bother implementing the hold and type method.
I also have an ergonomic objection to your suggestion, which is that holding one key and typing out a string means either using one hand to type while holding it or performing finger acrobatics to use the remaining four, and the latter only works if you put it close to the character keys which probably requires moving more keys. You could implement it differently. For one example, not necessarily the best, press both leap keys to enter a term, then press one of them to move by that term. The term can be saved so subsequent presses of a single key jumps between them.
If this was just an argument about whether the Cat should have had a mouse, that is relevant. However, with Liam suggesting similar restrictions today, it no longer is. The separate CAD machines in the 1980s had a point: the software and hardware on general purpose computers at the time was insufficient. That no longer applies today, and what was a minor problem in the 1980s would now be a major problem.
That also assumes that CAD is the only reason why a mouse would be recommended. CAD is just one use case where mice are considered useful. I speak as someone who tends to avoid using one when possible, but Xerox and Apple didn't put mice on their GUI computers for CAD which neither of them could even run at launch. They were needed for lots of classes of applications, and those computers succeeded because they could run lots of classes of applications.
Single-purpose devices will always remain niche, and where they take similar amounts of hardware and software to build, niche is very expensive when you have to pay people to build them. When you add in the extra proviso that the niche thing can't even do something that a different computer can't do, then you reach the fatal zone. For instance, people buy book reader devices with e-paper screens. Those can't do a lot, and therefore you spend a lot more for a relatively low-resolution screen, a cheap low-end SoC, and one application than you would for anything else. People still buy them because they like the screen. Now try to make and sell a book reader device with an LCD on it and I guarantee you a failure. People won't have to look far to realize that you're selling a tablet that's locked down to one app, and they could have any other tablet and run this app on it rather than buying your device. The standalone word processor is similarly doomed.
This is where I think it is good to make a distinction between a computer system and an application. By computer system, I mean not only the hardware, but the kernel, the UI(s), the tools available for developers, and all the things that, as a non-developer, you don't want to have to deal with. Computers should not be designed for a single purpose, because for everyone who has slightly different priorities to you, it won't be worthwhile. So they won't buy it. So the company making it will have to increase the price so that only those with your priorities can support their development efforts. So you won't buy another one and people like you won't either. So your version won't get updates or support. So the entire thing will be seen as a failure and dumped into the dustbin of computing history.
The computer system should be designed in such a way that as many applications are possible, and then the applications can be written to fit your requirements. What you appear to want is a really full-featured word processor. If you had that, you could stay in it for almost all your time. The problem with making something only that word processor is that there might come a time when you need to do something that it can't, and then you'll want some other application and you probably don't want to buy new hardware to get it.
That's why you need general purpose tools like a mouse. You may not need it very often in your word processor, but other applications will, and the computer will only be useful to anyone, including you, if those other use cases are possible with someone else's applications. If you don't want to use the mouse, you can always unplug it. Removing those things won't help you even if you don't use them.
That's also why ditching the filesystem doesn't work, because in order to move data around in an organized way, you have to be able to find the specific chunk of data you're looking for. The highest-profile attempt to hide that recently was Apple's IOS, and it kind of worked for a while because you can't create that many things on an iPhone and, in the early days, Dropbox was a de facto filesystem for a lot of IOS apps. Of course, it didn't work forever and there's now a partially available file system and a client on every IOS device.
Of course almost anything can be learned like that. The problem is that people wouldn't try to learn to fly a helicopter like that because there's always a chance that what you've just learned how to do as often as you want is to crash the helicopter containing your squishy self into something that is far less squishy. I think most people learning to fly helicopters take a safer approach to learning, and those who don't are pilots I'd rather not fly with if they managed to survive it.
People see computers and assume that, because no body parts will end up in a different place as the rest of the body, they don't have to. And they're sometimes right because we (programmers) put up lots of guardrails and convenience modes to make it as easy as possible. That's what we should do. Still, it might help some people to put at least a little effort into deliberately learning what is happening rather than trial and error their way through any computer-mediated activity, because although it won't cause you as much harm as a helicopter crash, it's still a system with lots of parts which has the capability to do things you really don't want.
"Took more than 3 days to get it out in order to save 4 hours of testing.."
Correct me if I'm wrong, but couldn't a tool still have been dropped there with the whole console out, since removing the console wasn't enough to retrieve it? The attempt to save time was definitely unsuccessful, but it doesn't seem like it introduced a new way of causing a delay, and therefore not necessarily a reason not to do the same fast removal next time.
They use fake sites to store the information and various tactics, often bots on social media, so that anyone actually looks at them. Does it really need to have more of a connection? Also, are you really telling me that you couldn't understand that an article with the headline "Russia takes gold for disinformation as Olympics approach" was going to be about Russian propaganda and need a special category to help you manage that?
"I don't know why this National Service thing seemed a good idea. Those my age grew up with that as a looming threat over our teenage years, were lucky enough to have been just young enough to avoid it and can see no good reason to let it interrupt our grandchildren's careers."
You've put your finger on the important difference: you care about your grandchildren, present or future.
That's kind of what I said: a rock is a mixture of minerals, but not a superset of minerals. Especially as mineral itself is a pretty vague term. What we're really dealing with are compounds, or even substances, but that's so broad as to be no longer a distinction. Sodium chloride is definitely a compound, when found in the ground is classified a mineral, but I can make it out of metallic sodium and chlorine gas if I have those and then it's probably not, and although it can be found in rocks, it is so far from that that classifying it as a rock only works if I can classify almost every other solid substance as one too. This plum is a rock, just one with a lot of water in the middle bit.
Are they? I'm not sure that's true. The set of minerals could contain specific substances only, whereas rocks can be made up of a mixture of those. A set containing a sheet of paper and a puddle of ink is not a subset of a book, even if books can be made from those things, and importantly, if you ask for stationary, it would not be acceptable if I gave you an already-printed book instead.
No, it won't, but nobody doing anything here cares about that. The people suggesting to ban it aren't worried about users' mental health, but about Chinese spying/propaganda/whatever other thing they think the Chinese government could do with it. They would like it sold to someone outside of China, but don't care if those people keep the algorithm with any risks to its users that it might have. TikTok, of course, doesn't see a reason to change the purpose of their algorithm either. Either way, that part is not changing.
The question is not whether they are responsible in theory, as that's what having that position means. The question is whether the level of blame attached to this person is correct. If they had named someone with more security experience, do we have reason to believe that would have improved things? If the answer is no, then focusing on this is distracting from a different and larger problem. Of course, this depends on lots of little points that we don't have information on, which is why most retrospective examinations take a long time and produce long reports.
For example, if the lack of MFA issue is determined to be an important issue, did the CISO know about it? If he did, was he trying to do something about it or not? If he was, did he have enough time between finding out about the situation and the attack that he should have completed his actions or not? If he didn't know, why didn't he? If he should have been told but wasn't, why not? If he shouldn't have been told because it was being managed by a lower level, repeat all these questions with the manager of that group.
It's boring work, but if you need a problem to stop, it is not enough to fire the person nominally in charge and put someone else in. That someone else will probably change something, but without asking all these questions, it could end up being the wrong thing and that person just becomes the responsible party in the next breech. In this case, there actually appears to be several technical failures involved, but exactly the same blame is ascribed to anywhere that had a negative event, no matter how much responsibility the tech areas had for causing the event. Did someone in sales get bribed to get the customer list, to which they had access because sales needs to annoy the customers to keep having more sales, and send a copy? Fire the CISO, that's what they're there for. It can easily be the right response, but it shouldn't be an automatic one.
Probably because they needed an engineer who could fix something, not general support. They might well have had someone who could replace broken parts, but not someone who could fix something that was wrong for all units. Then the problem got reported to someone stupid who brought in someone who could fix the problem but didn't understand that, to fix the problem, they had to know what the problem was.
There wouldn't have been an error code or message from the sound of it. The problem was incorrect results. If they had had someone there who was thinking, that person would have figured out a calculation with random numbers that gave an inaccurate result, and they could just send that. Apparently, that's not what they did.
There's a time problem, a data storage problem, and a general security problem with using paper instead of hard drives.
Time: To use paper, budget time for printing every document modified during the day, filing each paper copy, putting the drive in the wiper, wiping it if you're supposed to stay watching it, retrieving the papers from the file, scanning them in, and editing OCR errors, which ideally should be rare because you're scanning a fresh print but they still happen and it's very important that you don't order the 15l part when you need the 151. Compared to removing the drive and locking it up, that's probably at least an hour of extra work, which means a lot less gets done each day.
Data storage: You're doing this so the sensitive data isn't on the drive, and in order to do it, you're putting the same data through many other systems that could theoretically be used to try to access it. Sure, probably nobody is going to break in to try to get copies off the printer's cache, the scanner's cache, or to modify the wiper to read before wiping, but anything is possible. Also, I've assumed that you have a data drive that you're wiping and a system drive that you're not, mostly because if you only had one drive then reimaging a fresh version every morning would extend that time problem to ridiculous levels, but if you do, there's a chance that some parts of the data files will be on the system drive in temp files, so you'd still have a hard drive to secure. More points where the data is stored won't make the process worthwhile.
Security: Locking up a hard drive is no more complicated than locking up papers, and in fact you can use a smaller box to store it with less risk that someone will get it. Among other things, you don't have each day's stack of paper to deal with. It will probably be shredded, but never having been printed makes it even harder to reconstitute. Paper is also easier to steal. If I, your colleague who's also a spy, manage to get into your office while you're in the morning scan process and steal some of your sheets from the already-scanned pile, then you might not notice, allowing me to sneak your documents away, and if they get caught any time after I drop them, you get the blame.
That's true. A lot of these people have senses of humor but have somehow developed the ability to turn them completely off. This leaves two large classes of people. One looks like two completely different people whether they're working or not. If they're at home, they look like normal people. If they're at work, they look like those old science fiction shows where the robot has killed the person and worn their skin as a disguise. The other is a bit scarier: they look like normal people with senses of humor, even at work. Then you say something and they instantly switch to robot mode and don't come out.
As I'm sure you're aware, this has only been raised for review because a court rejected it, because, according to the court, the original award was given to Musk by biased parties. So it's more that I decide to give you an award to be paid for by someone else, you meet my terms, and you therefore get to take their money. They didn't get to vote on it then, so they get to now.
The statement you're disagreeing with and the statement they made don't appear to be the same statement. They didn't say that it was irrelevant because it was old. They said it wasn't perfect, and one of the reasons was that it was old. It wasn't perfect at the time, which many contemporaneous documents will demonstrate, so we shouldn't expect it to be perfect now.
All your other examples are subject to the same critiques. None of them were perfect, and many of them are less relevant now than they were at the time, if only because the things they talked about are different, and their discussion of them only considers the past situation. That doesn't make any of them worthless. Putting a document on a pedestal will not help because you need to rigorously consider which parts are still relevant and which ones could do with an update, and neither dismissing it as obsolete nor extolling it as perfect will help do that.
It can be changed back, but their points usually include the following:
1. You can't just pass a law, because it will be invalid. If you want to change something, you have to pass an amendment first.
2. It is hard to pass an amendment, so you need to plan for how you're going to accomplish that.
When people argue on that basis, they aren't saying that it is impossible to change it, but that you cannot act as if that change has already occurred.
They are legal to buy. They are readily available on sites like Aliexpress and Amazon. People don't buy them because it involves spending more money to use more electricity to get the same performance. Usually, low-end things either go for cheapness or power efficiency, so to buy Zhaoxin and get neither is not a popular decision. You can, though.
I recently tried to access a Linux device that's quite old (about twenty years old), only for my SSH client to refuse to connect because it did not support any modern encryption algorithms. Is it arrogant and dictatorial for OpenSSH to have decided not to include encryption that can be easily broken, exposing my connection to the vulnerability that someone could break in and impersonate me with a little effort?
Unlike Windows and SMB1, that wasn't a setting. If I wanted it to connect, I was going to have to recompile OpenSSH. OpenSSH was right to remove that. Microsoft is right to disable this.
Except that the billions of devices referred to include the following:
1. Windows computers that don't need SMB1, and therefore are no longer vulnerable to problems with it.
2. Devices which weren't updated from SMB1, but their manufacturers fixed this because they didn't want to deal with user complaints.
It does not include these, which were not referred to by the statement:
3. Devices whose manufacturers can't be bothered to use a secure version of the protocol.
4. People who re-enable SMB1 to continue using devices in section 3.
So yes, if you look at the devices he wasn't talking about, you're quite correct that they're no more secure.
Quite true, but that's not something that should decide how something is designed. Someone can't be bothered to do a simple Google search and, even with Google's reduced quality, the instructions will be the first result if it's not printed right there on Google's page, so therefore we should leave the insecure protocol enabled by default on everyone else's machines? Come on, that's exactly the kind of thing for which Microsoft would be blamed any time someone used that to do something malicious. Insecure protocols get disabled. Manufacturers should stop using them. People should override this if they need to after actually checking if they need to and what other actions they should take, but that shouldn't and doesn't stop us from disabling them when we do not.
The workaround that will consist of the following complicated steps:
1. Turn it off.
Changing the default setting doesn't make something obsolete if the previous setting is still there. You can use any insecure thing you want, and it's not anyone's responsibility to leave everything else insecure so you can do it without effort. There are times when something is really intended to make you have to buy new stuff. This isn't one of them.
If playing the piano badly caused people to die, I'd seriously have to consider whether it was worth it. There are many things that have been automated because they have safety implications. In some cases, the older machines are so dangerous that they are no longer considered legal to operate in the way that they once were.
This is far from saying that cars have reached that point or that the replacements are sufficient, because so far the replacements are not good enough. Comparing deaths caused by human drivers to bad pianists is a faulty comparison, and I think you already know it.
It may be worth noting that, while they lend out one copy per paper book now, they haven't always done that. In 2020, when the lawsuit was filed, they had removed that limitation and were lending out unlimited copies. They had a reason they wanted to do that, but they probably should have known that this was almost certainly illegal. Unfortunately, their decision to do that has landed them with a lawsuit that might be used to deny them lending out even the limited copies. I can't know whether they would have had the same attention if they hadn't tried that, but I think it might affect their current legal situation.
No, it's nothing like that. It's a paid VPN, which presumably actually functioned like a VPN, not Tor, because all the VPN endpoints were controlled by the same organization. The malware giving them access to the victim's computers has no parallel in Tor. It was what the article described it as: a botnet attached to a VPN program.
If they're in 1980s Word Perfect format, they don't contain that much that can't be handled in plain text. Nowadays, PDF is a more expected format, and that will likely be easily read years from now. As much as I dislike it as a format, it's a format that, due to our powerful computers, puts a lot of weight on backwards compatibility and one for which lots of software exists. That is if they use the typical, unencrypted subset of PDF. If they insist on putting in the weird Adobe additions that only Adobe software* understands, then it's less likely to work.
* Well, one piece of Adobe software. Everything else will break. Well, a subset of versions of one piece of Adobe software.
"By comparison Microsoft Word documents I wrote in 1990 can't be opened in M$ software today!!"
But, as I'm sure you know and your comment suggests, you can easily get software that can read them, for free, which runs on your computer in a free VM program, which can convert them to something else which can be opened. We haven't lost that data. Not only could you have easily converted them at the time as people do with their backup media, but unlike that media, it's also easy to recover them on demand today. Recovery taking minutes instead of seconds is not the same as the permanent loss of the data.
Not as much a conflict of interest as just useless. Safety isn't a regulated thing like some governance issues. Whatever they set up, the board was always going to have final control. All this means is that they don't care enough to have someone else look at things before they ignore them, which should already have been obvious, but they think having a named group will assuage fears that they aren't going to do anything. Maybe they think that some employees are truly worried about safety issues but will be dumb enough to trust that, because a committee exists, it does something.
"Do any of their customers cite the risk of price-hikes by third parties and the cost of extrication in their annual reports? Surely they ought to."
Whether they aught to is one thing, but I can virtually guarantee that they don't for the same reason that they don't report the extrication from anything else: they don't know it until they need to. How costly would it be to, for example, get rid of VMWare products following the licensing and price changes? It's not a simple calculation because you have to know what you're switching to to know the license costs and you have to estimate the work required, but the IT department is kind of busy doing work they know they need to do.
Now do the same calculation for every other heavily-used piece of technology. What would it cost to change out Red Hat if IBM chose to do something intolerable to it? That's a long research plan for something that's speculative at best, but could be pretty cheap or extremely expensive depending on how much you rely on it and if you can change to something similar or not. In some situations, the likelihood of wanting or needing to change is high enough that you would calculate that cost in preparation, but doing it routinely is not an easy or cheap process, whether you're talking about a cloud provider or any other piece of technology.
You will end up having to build a lot of things yourself, for example the way to let multiple users continue to deploy things without stepping on each other. Tools built into or around Terraform already exist to do some of this. When I've used it, I often have thought about building some of this myself, but I am a programmer and I deploy infrastructure when needed, not as my primary job. There are plenty of people who can use these things that would not be able to write the management components, either to an acceptable quality or at all, but are perfectly good at knowing what needs deploying and may know more than programmers do about managing it.
No matter how tightly they couple the devops role, most people I know tend to be better at one or the other. I am stronger on the dev side, although I flatter myself that my ops skills aren't too bad, but I know devs who are bad at admin and admins who can't write software, and prebuilt software can help with both. Terraform isn't great, but it is an established tool in that area and probably won't go away.
Now you're fighting against making nouns into verbs, but that's not going to stop. Do you ever phone or email someone? What, you don't always say "use a phone to talk with someone" or "use email to send a message to" someone? You don't have to because those verbs are easy to understand. Thus, if you agree that there is a difference between an incentive and a motive, then it shouldn't be very surprising that people who frequently use the concept of "offer an incentive for the following behavior" would shorten it.
There are lots of invented words that fit into your category. The one I've heard more often (in complaints anyway, I don't hear that many people actually say it in real conversation) is "burglarize", which wouldn't appear to say anything that "burgle" doesn't. I don't think that "incentivize" hits the same mark. Not to mention that English also has plenty of synonyms, and we don't need to channel the Newspeak dictionary and start eliminating them.
Incentivize and motivate mean different things. A motive is a reason to do something. An incentive is a specific reward for doing something. You can be motivated to do something by wanting the incentive you'll get if you do it, but you might also be motivated just because that's what you enjoy doing, because you'll feel good at the end, because having the thing on your list of tasks is getting annoying, all without an incentive being present. Therefore, when we talk about incentivizing a behavior, we mean that there is a specific, external thing motivating someone to take an action. This could be intended (let's incentivize people to do this task because motivating them without one is not working) or a problem (people are incentivized to lie about their progress because we give bonuses if you say you're done but we don't check, and we could try to fix that problem by removing the incentive).
The article indicates that there is a misdemeanor against impersonating a candidate, so depending on how that works, he could be charged with that. I don't think he will though. My comment was less that he definitely has legal culpability but that he at least knew or should have known that there was a plan to do something like this. After all, making a fake version of a candidate say something that they definitely wouldn't suggests that someone is going to try to use it. Compared to other links in the chain, the creator of the audio had a reason to suspect that something would be tried, whereas various other service providers didn't have that and would be even harder to charge.
Not all of those parties have to know what's going on. The guy making the fake audio had to know that was dodgy, so you can make a case for them, but the intermediaries in the phone system didn't know what message was going to be sent, so they can't be as responsible as the one doing the spoofing.
"I find it amazing that they found and fined the guy that was doing something political but can’t stop the ones calling me about a car warranty."
One guy versus about a thousand shell companies in multiple countries. I'm not surprised that they can manage the former but can't the latter because they seem to get bored after finding one of those companies, fining it, and letting it file for bankruptcy. A new company will take over within hours, but they'll spend a while before they start to track that one down. This goes for lots of countries' authorities.
"How about stopping ALL the political text they are sending me. Let’s see some fines for that. Most political notifications are misleading if not outright lies. What is the difference here?"
If you're referring to political spam sent by actual campaigns, the difference is that they're explicitly excluded from laws about spam, they identified the true source, and that's basically it. Both of those mean they're not going to be fined for doing it. Sorry. Maybe you can get yourself off the lists, but I don't know how.
Probably it doesn't have that much of an effect, but that's not enough to justify doing it. The point of a zero-day is that IT having antivirus up to date won't stop it. There are other possible problems with it as well, and of course clicking the link informs the attacker at the very least that your address exists and you sometimes click links in them.
The rules are pretty simple and there is a reason for each one. Phishing email: don't reply, don't click links, don't enter information, don't open attachments, send it to the reporting mechanism provided. I think we would both agree that someone saying "How much harm did it really do when I entered my username and password on the phisher's form" is not making a convincing argument. Yours is not that convincing either. The response to you doing it was probably larger and more annoying than it needed to be, but still, don't click the links unless you have a specific reason why you need to.
"real phishing messages are more obvious."
No, the phishing messages you have gotten are more obvious. Phishing messages can take a lot of forms. Just because you've seen plenty of spam sent out in bulk doesn't mean it all looks like that. That's spam sent to millions of email addresses. They have to use broken English for at least one and possibly both of the following reasons:
1. They are sending out millions, so they can't afford the time to filter out lots of people who will eventually smell a rat. They want all the people who get that this looks scammy to ignore them on the first message so they can focus their attention on those that appear the most gullible.
2. They don't have the time or money to make their messages look convincing and don't have that ability themselves either.
Swap both around. If they're targeting your company, which probably has plenty of money, and are using you to get to that, they are no longer sending out millions and losing you at the start is no longer acceptable because you only have so many colleagues for them to try. They need you to respond a lot more. If they can write convincingly, they will. If they cannot, they may well get someone to help them. I've been sent phishing messages, and not only did they have the grammar worked out and the visual design matching, they went to the effort of figuring out who in the company I was likely to know and impersonating them.
I don't know why I'm arguing someone else's point for them, and one I don't necessarily agree with, but your evidence against it is not actually arguing against some of their points. For example:
"Tesla's share price will have little effect on its ability to do business as long as it doesn't have to raise finance."
Correct. However, they referred to Musk's personal loans, and they suggested that the thing that collapsed first would be X. Their theory would appear to involve banks requesting more collateral that Musk did not have, then presumably either the banks trying to take Twitter away from him or Musk trying to extract funds from it to pay the loans, either of which could have an effect on that being able to conduct business. In turn, Musk might do various things to Tesla to attempt to get more funds from them which could have a deleterious effect on that business.
Would any of this happen? I don't know. I have no way to know what the banks would do or how Musk would respond. However, if I intend to disprove it, I have to do more than say that the stock price has been lower, it didn't happen then, therefore it won't happen now.
No, they have not just been given that evidence. They didn't say that, at any time, if the price of Tesla stock fell to 50% of the value it had then, that it would collapse. They said that, if it fell to 50% of what it is today, they think something, Tesla or X, would collapse. Presumably, if they were making the same prediction when the price was double what it is today, they would have said that if it fell to 25% of its value, things would collapse. I don't have any reason to think that they're correct, but you can't disprove it based on something that wasn't the same and happened at a different time. Proving something like that would work best if you knew how many shares were pledged as collateral, what value they would need to have for a lender to demand more, and what actions Musk might take, but they can speculate without having that information just as you and I can.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
