Yeah, I remember going on https://filterlists.com/ one day all mad and just adding a ton because of how many ads and manipulative patterns I was dealing with
Yes, it is indeed not always clear what constitutes forgery (Germany).
> A document in the classic sense requires an embodied declaration of intent that identifies an issuer and is suitable for providing proof in legal transactions. In the case of a lawyer's letter, the signature is an essential part of the standard repertoire of authenticity.
So removing some parts to make it _could_ make it safe, to Not create a "risk of confusion":
> Even if computer processing creates the appearance of a genuine document, the typical characteristics of the original must be present to establish a serious risk of confusion. Likewise, the BayObLG did not consider the offense of forging evidential data according to Section 269 of the German Criminal Code (StGB) to be fulfilled.
Off topic, but I love how every country has its weird abbreviations that seem obvious but really aren’t, like BayObLG for Bayerisches Oberlandesgericht (Bavarian State Superior Court) or something close to that. Or how every British cop show assumes its audience knows exactly what a DCI is, as in “This is DCI Foxwaddle and I’m DCI Rugby-Botherington, may we have a word?”
The donation is more or less virtue signaling rather than actual insight.
The problem can not be helped by research research against cybercrime. Proper practices for protections are well established and known, they just need to be implemented.
The amount donated should've rather be invested into better protections / hiring a person responsible in the company.
(Context: The hack happened on a not properly decomissioned legacy system.)
> The donation is more or less virtue signalling rather than actual insight.
I see it more as a middle finger to the perps: “look, we can afford to pay, here, see us pay that amount elsewhere, but you aren't getting it”. It isn't signalling virtue as much as it is signalling “fuck you and your ransom demands” in the hope that this will mark them as not an easy target for that sort of thing in future.
It also serves as a proxy for a punishment. They are, from one perspective, paying a voluntary fine based on their own assessment of their security failings.
For customers it signals sincerity and may help dampen outrage in their follow up dealings.
Yes but I think it's a good virtue to signal considering the circumstances. If they paid the ransom that would signal that ransoming this company works, incentivizing more ransoms. If they refuse to pay the ransom it might signal that they care more about money than they do integrity. Taking the financial hit of the ransom, but paying it to something that signals their values, is about the best move I can imagine.
What is the problem with virtue signaling? By all means signal virtue! Perhaps you are concerned by cheap virtue signals, which have little significance.
The point here is that this is an expensive virtue signal. Although, it would be more effective if we knew how expensive it was.
Virtue signaling is an insult that you can for example use against greenwashing or against someone who pledged to donate a lot of money to some charity but actually donated none or much less.
Hypocrisy is also a form of virtue signaling.
It's also a term you can use against political opponents because it's much easier to speak well than to actually do good.
Refusing to negociate with criminals and help fund security seems like the proper long-term reaction for everyone.
Requiring everyone to implement proper practices is one way of addressing the problem, I might call it Sisyphean & impossible.
Making it illegal to pay ransom is likely a much easier to implement and more effective solution.
And this isn’t virtue signaling - they literally did the virtuous thing that is better for society at the expense of their bottom line. That is just virtue.
It is virtue signaling, especially considering the fact that doing the hard to swallow thing of paying the ransom would probably be the best outcome from a customer perspective.
Yes there are negative externalities in funding ransomware operations, not paying is still much more likely to hurt your customers than paying.
Doing the positive externality thing at expense of your bottom line is to be praised. It is not ‘virtue signaling’ - it is actually doing a virtuous thing.
Very small positive externality at the expense of their customers. Probably doesn’t even come close to balancing out.
Besides, if they were genuinely interested in positive externalities they would be spending the money lobbying for a ransomware payments ban and not donating to universities.
Paying ransomware fines is never the smart move to do unless you happen to trust what cyber criminals tell you.
You send them the payment, they tell you they deleted the data, but they also sell the data to 10 other customers over the dark-web.
Why would you ever trust people who are inherently trustworthy and who are trying to screw you? While also encouraging further ransomware crimes in the future.
Sidenote, it's interesting how the term "virtue signaling" is arguably objectively an individualistic right-wing dog whistle these days.
I would argue that it is being used all over the media to complain about anyone showing any signs of not being purely individualistic, as if individualism is the only true thing people actually honestly feel. This is obviously incorrect, empathy, professionalism, a desire for a sense of purpose, are all things that people objectively feel in the real world, everyday, everywhere.
I would argue that the expression "virtue signaling" is used systematically in individualistic right wing media by the right about anyone who say, for example, that they care about minorities or less fortunate people or to take action to support them, as if it was false. I would argue that this is harmful.
People do care a good fraction of the time, and they should be recognized for their positive actions, and encouraged. I would argue that we should definitely strive for a culture where individualism is not seen as the only true emotion that people can feel.
So, knowing the negative political and philosophical baggage, I would not use that expression, especially if you don't have actual proof that they don't care about security, professionalism, etc.
Refusing to pay a ransom and instead giving the money to the "ennemies" of the attackers isn't "virtue signaling" (as someone already commented: it's a "fuck you" to the attackers).
In french we call that a "pied de nez". "Turning the table" / "Poetic justice" / "Adding insult to injury" would all be more correct than "virtue signalling".
If there was no attacker and the company gave half a mil out of nowhere to a security company (or a charity) and boasted publicly about it, that would be virtue signalling.
But refusing to pay the ransom and giving the exact same amount to security researchers is just a big, giant, middle finger.
If they wanted to meaningfully give a middle finger to the attackers they’d be spending the money lobbying for a ransomware payments ban, not throwing away money by giving it to universities that have a plenty of money and will probably do absolutely nothing to reduce ransomware attacks in the foreseeable future.
> If companies want security, they should pay for security.
Or just properly follow best-practise, and their own procedures, internally.⁰
That was the failing here, which in an unusual act of honesty they are taking responsibility for in this matter.
--------
[0] That might be considered paying for security, indirectly, as it means having the resources available to make sure these things are done, and tracked so it can be proven they are done making slips difficult to happen and easy to track & hopefully rectify when they inevitably still do.
This is certainly missing some kind of legend explaining the colors of the lines, and what data is actually shown.
Is "red" high or low velocity?
And as an example, I do not understand what the "Boeing vs. Airbus" selection is trying to represent, as well as how "Altitude & Velocity" are supposed to be displayed at the same time.
Project certainly requires a bit more care if any discussion should happen around it.
count() AS total,
sum(desc LIKE 'BOEING%') AS boeing,
sum(desc LIKE 'AIRBUS%') AS airbus,
sum(NOT (desc LIKE 'BOEING%' OR desc LIKE 'AIRBUS%')) AS other,
greatest(1000000 DIV {sampling:UInt32} DIV zoom_factor, total) AS max_total,
greatest(1000000 DIV {sampling:UInt32} DIV zoom_factor, boeing) AS max_boeing,
greatest(1000000 DIV {sampling:UInt32} DIV zoom_factor, airbus) AS max_airbus,
greatest(1000000 DIV {sampling:UInt32} DIV zoom_factor, other) AS max_other,
pow(total / max_total, 1/5) AS transparency,
255 * (1 + transparency) / 2 AS alpha,
pow(boeing, 1/5) * 256 DIV (1 + pow(max_boeing, 1/5)) AS red,
pow(airbus, 1/5) * 256 DIV (1 + pow(max_airbus, 1/5)) AS green,
pow(other, 1/5) * 256 DIV (1 + pow(max_other, 1/5)) AS blue
SELECT round(red)::UInt8, round(green)::UInt8, round(blue)::UInt8, round(alpha)::UInt8
The redder the pixel, the more Boeing planes there.
The greener the pixel, the more Airbus planes there.
The bluer the pixel, the more non-Boeing/Airbus planes there.
The less transparent the pixel, the more planes in total.
White means all planes fly there, yellow means Boeing and Airbus dominate, red means Boeing dominates, green means Airbus dominates, cyan means Airbus+others, magenta means Boeing+others, etc.
Around Heathrow at least, there seem to be a few paths where Airbus and Boeing both fly, but seem to be reporting slightly different offsets within that path.
I wonder if that's a systemic difference in how they report their GPS position to ADS-B, or an actual real difference caused by slightly different autopilot systems, or something else?
I see you highlight that, but I believe the visualization is designed to be intuitive once you interact with it a bit—no legend stricty needed if you calibrate against what you already know.
Pick a flight you know (maybe one near yer home) and play with the options -- what patterns emerge? Red draws attention, “Boeing vs. Airbus” compares data, while “Altitude & Velocity” combines them. Explore hands-on; discovery often makes insights click better than instructions.
I find it rather strange that so many email providers have to develop their own "app".
There are so many good clients out there, and I'd rather have 1. The team focus on their core offering, and 2. the existing email client is for the same reason (limited developer time, and matureness) a much better choice for security
> I find it rather strange that so many email providers have to develop their own "app".
It's probably because people want easy access, and have all features supported flawlessly. Mail has come a long way, but there are always specific features not integrated well.
Also, most of those apps are more a thin wrapper around the web-interface, adding some interface-sugar for desktop-integration and serving as a playground for devs to test the web-apps offline-abilities.
> There are so many good clients out there, and I'd rather have 1.
I've yet to see any good client for me. They all are kinda flawed and limited, many suffering from age or not fitting modern demands. Thunderbird seems to be the only trustable Linux-compatible one which is still actively developed, and even this is app is lacking on many corners. Add-ons are supposed to fill and round up the corners, but without anyone developing them, what's the worth in having them?
Fastmail at least seems to work on developing the mail-standards, and having their own client is probably helping them in figuring out how well those improvements are working and where they are lacking.
One reason could be that they need one if there are unique differentiators on the roadmap that cannot be added into regular clients. I dont know if this is the case.
This is basically where I'm at. I love Fastmail, but going to the effort of trying to get JMAP standardized and then investing development effort to NOT put it in Thunderbird feels like there's no real intent to make email better for everyone, which is disappointing.
It's very practical when you use a lot of different devices. It's nice to use native built in email apps, but when using multiple different OSes and device types, it can be very annoying to have the different clients play nice with each other.
Immutable as in the message won't be altered/deleted by the sender. This is. This is about user control, as opposed to chat apps or social media, where posts are frequently edited, get taken down after an outrage or links can disappear to link-rot.
From article: "An email is your copy, and the sender can’t revise it later."
I assume, since the statement specifically mentions CERTIFIED devices, that they do intend to further develop the app.
As always with Google policies, this means users will need to jump through more and more hoops (as today with custom ROMs and banking apps already).
I really hope first and foremost that this policy can be reverted, and if not, that the community develops means of technological circumvention (examples mentioned by others include an "app runner" app or letting others identify the app).
It is a sad state the Android ecosystem is heading to.
So true.
In such an LLM-driven game though, I would imagine the player would just ask the NPC: "I forgot what to do" or even "Can you explain it in other terms?" (if the quest description isn't clear enough).
Reading the article further, they do note that "A suspected memory leak in Windows’ OS-buffered cache region could be the problem.", although I concede that no source is provided for that.
reply