May be it's time for go to go.

... and I think that is the root cause of their declining profits.

When they hardly have anything I want to watch, even adding advertising will not add to their profits. 70 year old westerns and a shitload of cheap Bollywood movies just don't make it for me.

I use Jenkins on dedicated machines inside my company's own network.

Another option may be to run GitLab, Jenkins or some other CI infrastructure in the "cloud", but with a more reliable vendor than CircleCI (for example AWS, Azure etc) and on a closed down network with no public access (for example by enforcing VPN).

Giving your secrets to any company who is willing to take your money is just incredibly foolish. Unfortunately, it's what lots of company's do today.

If bad actors gets access to your build system - they usually get full access to your code, and potentially your code signing certs and TLS certs (if you deploy directly from the CI pipeline).

Only if the AI is cheaper than the very cheap 3. world "programmers" they already hired to copy and paste lines from Stack Overflow.

If crooks can't monetize the stolen data, there will be no highest bidder, or the bids will be so low that the theft is not worth the effort and risk.

The problem today is that there is an enormous economic incentive to hack organizations, because they are easy to hack, spineless, and likely to pay the ransomware fee rather than restore a backup - because that makes the most "economic sense" in the short term. (Heck, lots of corporations using the "cloud" probably don't even have backups)! This has lead to an exponential rise in incidents. Where crooks a few years ago needed skilled hackers to penetrate the corporations - they can now use criminal SAAS cloud providers to locate the pray, penetrate, steal/encrypt the golden data and probably also to collect and wash the bitcoins.

The only reasonable way to stop this, that I can see, is to make paying extortion-fees a severe criminal offense. It will be tough for the first line of companies that are hacked and punished by the crooks for not paying up, but as the crooks realize that this weld is empty, and corporations start securing their systems, the crooks will look for other, profitable ways, to do crime. May be some of them will make NFT cards and sell them for US$99 a pack. That's a grift that seems to profitable and without legal risk ;)

If you are the CEO of a corporation that handles sensitive data, and that data is stolen from you, then a criminal probe to you and the corporation should be expected and warranted. If you have taken good measures to prevent the theft, then you should be fine, and the corporation should be fine. If you hired a good-talking but clueless friend as CSO, - then there may be a question about criminal neglect. If you de-funded the entire security team in order to boost the quarterly profits, and hence your own bonus, then you should be prosecuted.

I'm not advocating for throwing all the greedy bastards in jail. But after a breach, there should always be a criminal probe. And where a greedy bastard acted in her own interest, and deliberately put other people at risk (by having their data stolen), then I think it would be useful for the general corporate culture to see that person in jail, forcefully and permanently removed from her position and money.

If there is a personal financial and criminal risk attached to collecting and neglecting sensitive data, then the corporate behavior will change. Today there is no risk. No downside. Only more money. That's a terrible incentive for bad people.

The sole value or contemporary corporate culture is greed. In order to do business, corporations have to pretend to take "security" serious, for example by getting a SOC2 certificate. Having this document, the C level people can focus on greed (fucking employees, customers and "partners") and when they are hacked, they pick the standard "talking points" from the latest McKinsey& CO "Greed Is Good 101 Handbook" and lie about how much they value their customers privacy.

I believe the only way to fix the problem is to change the incentives, both for the corporations and for the crooks. The insurance companies are just greedy corporations who aim to maximize their own profits. Changing the coverage will not fix the problem.

The problem is greed. The corporations skip corners to maximize profits (and insane bonuses for the CEO's court), and the crooks (more and more of them) do hacking because it's profitable. In order to fix the problem, I think it must be illegal to for example pay ransoms to crooks. If that's illegal in a meaningful way, then the incentive for the crooks will vanish. If C level people are routinely criminally prosecuted after a breach, and the investigation look at the actual security measures and security competence in the organization, clown-show performances like SCO2 will loose their value. Corporations will need to hire competent security people and implement real security measures and/or limit their exposure by not harvesting non-essential sensitive data. As long as it's legal to pay extortion fees to crooks, and perceived security is cheaper than actual security, the problem will not get better.

The problem is not cryptocurrency. cryptocurrency is a novel and really great invention. It put you in charge of your money, like cash.

Your government can not just freeze your assets if they start to dislike you, like they do if you are foolish enough to keep your money in the bank. The bank can not scam you with sky-high fees and interests, once they convince you to spend more money than you own.

The problem is unregulated banking - in this instance "crypto exchanges". Unregulated banking is always a horrible idea.

Nothing is unforgiveable. This was profitable for the super rich and therefore the right thing to do. That's the only concern in a western country. Now it's less profitable for the super rich, and that is the real concern. There is no right or wrong, forgivable or unforgivable, in politics. There is only greed.

People don't care until it happens to them.