And what does "follow the science" mean? After all, according to the very respectable World Health Organization, last February there was no evidence whatsoever of human-to-human transmission. None at all, according to the very respectful Chinese scientists. That was the Science(r)[tm](C) at one point.

Although sendgrid is a large outfit, it's not like they provide service to a notable fraction of commercial E-mail senders on the interwebs.

Given that established fact, we can draw one of two possible logical conclusion:

1) Someone ran a large randomly-targeted phish/hack campaign. And it just so happens that (nearly) everyone who got compromised ended up being a sendgrid customers, with account credentials ex-filtrated from their PCs.

2) Sendgrid itself has been hacked, and had some portion of their customer base/credentials stolen.

So, which one is more likely, folks?

I too noted a sudden onslew of Sendgrid spam, a few months ago. Same cookie-cutter phish bait, over and over again. After no response to abuse, I shitlisted their IPs. I thought that someone's churning through Sendgrid's trial accounts, but looks like those clowns were themselves hacked.

a user has paid for a VPN account with the ability to connect a public static address to OVPN

And once the user had paid for it, that record is gone. Someone ordered a static IP address. You take a payment, make an accounting entry in your accounts receivable, and mark one of your IP addresses, on one of your servers, as in use for X months. No record exists of which user paid for which IP address. Your only permanent record is that a given IP address and/or virtual server, is paid until such and such date.

When the time comes, someone comes in, says that I wish to pay for this IP address, for another X months. The IP address's record is updated, and the payment gets logged in accounts receivable. Lather, rinse, repeat.

No idea whether this is how that particular VPN provider runs their business, but it's entirely possible that they keep no identifying records of who owns a particular IP address, just that it's paid for until such and such date, and nothing else. That's all they need to do. And they don't log connections to their servers, and have no records who logs onto which IP addresses.

This expert is a clown./p.

Who wants to bet that as part of obtaining a license for all the development tools on the Mac, access to Apple's tools for signing and distributing Mac software, there are at least four or five instances of the fine print indemnifying Apple from all damages, no matter how much they fuck up?

No, the reason why it takes two months is because before there were planes, trains, and automobiles, after the nationwide election took place all across the fruited plain it took that long for all the delegates to get on the horse, and make their way to Washington DC.

There is another explanation. When people actually sit down and watch the boob tube, they're starting to wonder why they should be paying over a hundred a month for this crap.

When you're busy working, and have a full time job, the cable bill is just another bill that comes once a month, you pay it on cruise control, without giving it much thought. True, you don't watch much of it. You're busy with your day job. But you figure that if you have a spare a moment or two you'll always find something good to watch.

Well, you have plenty of time to watch, and you discover that it's utter shit. Suddenly, cable seems way too overpriced. Why am I paying for this?

And, not to mention the obvious: your number one priorty right now is to put food on the table. And cable television is an easy target for savings. The hundred bucks you're paying them each month could buy a week's worth of groceries. You could probably stretch it longer than that, too.

I'm aware of Windows Search and I already have it disabled, and Windows still grinds away doing whatever crap it thinks it needs to do. If it were only search, you'd think that without you doing anything, it would eventually index everything it wants to index, and then go to sleep. No, this is something else. Task Monitor shows various things constantly waking up, burning CPU, then going away to be replaced by other services that feel the urge to do something.

I run Windows 10 in a basic, no-frills, qemu VM. That thing is a bloated pig. Even when I'm doing nothing, something always eats 20-25% CPU, according to virt-manager. Something is always scribbling to disk. What is it doing? Who knows. And that's the best case, after leaving Win 10 idle for at least 20 minutes to settle down, after boot, when it calms down to its 20-25% CPU baseline. Before anyone claims malware: this is a stock Windows 10 image, with only one accounting application, and a bunch of tax preparation software that I manually installed (this is the only use I have Windows for), and this VM is not used for browsing or the interwebs, at all.

Immediately after a boot I see a constant shitstorm of pegged 100% CPU, for at least 15-20 minutes. Whatever's spinning, it's spinning at a lower CPU priority. Apps appear to run with only a minor, but observable performance degradation. Windows does yield the CPU to user-facing apps, in preference to all of its built-in telemetry and spyware that it needs to start at system boot. But it still has a performance impact.

So it does not surprise me to see degraded performance in apps, if they run soon after a system boot, since they have to compete with Windows built-in telemetry/spyware initialization, for the CPU.

Amazon's very deceptive ordering process tries every trick in the book, and every possible misleading UI to get you to click the button that automatically adds their "Free Trial" of Prime to your order. In the last two years my dad accidentally signed up for Prime twice. Fortunately, we've caught it and cancelled it before the free trial ends, ended up paying nothing.

Although our initial impression was that it wasn't ethical to intentionally take advantage of the free trial period, that impression faded quickly after considering Amazon's slimy tricks to get you to sign up for Prime. So, we had no compulsion to taking advantage of Prime's free trial to the fullest. We have no intention of signing up for Prime, and will not sign up with an explicit intent to cancel. But if we accidentally get signed up again, we'll just cancel, and won't have any qualms about taking advantage of the free trial period.

After the free trial runs out, Amazon's misleading tricks stop for a while, then they're back to their old tricks 3-6 months later. I wonder how many of those "150 million" are currently on their free trial period, and the membership numbers stay stable only because they keep tricking new people to order prime, replacing the ones that cancel.

I updated to Firefox 69 yesterday. Out of curiosity, I browsed to the settings page, and I already see that it has a "DNS over HTTPS" setting already appears there. And it is turned off.

Does this mean that, at some point in the next month, the good Firefox folks will helpfully turn it on for me?

If someone wants to send me some free stuff, even if it's electronics, and even if it's not, shall we say, of the highest quality, there's no need to go to extreme measures to try to steal my Amazon info. Just drop me a note and I'll gladly provide it.

"how poorly Indiegogo was equipped to deal with it."

Excuse me, it's Indiegogo's fault that someone was fleeced because they swallowed a fancy song-and-dance routine?

I must admit I never used Indiegogo, but I'd be shocked if they make any kind of claim, guarantee, or warrantee that the independent enterpreneurs that use their web site to seek donations and pitch their product are actually pitching a real product, and are not scammers and two-bit fleecers.

The only one who's responsible for your money is you. Indiegogo has no fiduciary obligations, whatsoever, to their donors. It's up on them to evaluate and judge the merits of each proposal or product that seeks funding on their platform.

What I'm really shocked here is that the major browser vendors didn't go in the opposite direction. By that, I mean an approach where plain, garden-variety SSL certs get incrementally devalued. Right now, a password field on a non-SSL page will have most browsers showing all kinds of scary popups about transmitting passwords in clear.

I fully expected, at some point, browsers also starting to show the same scary popups on pages that use standard SSL certs, and only be content by password fields on pages that use EV-SSL certs. Next, I expected the search engines starting to rank pages with EV SSL certs higher than pages with standard SSL certs, etc... LetsEncrypt pretty much destroyed the standard SSL market. The other day, to my surprise, I discovered that my web host automatically provisioned an SSL cert for my web site (it wasn't via LetsEncrypt, but from a similar automated source). I didn't pay a cent for it. I expected this to be the next logical progression -- an attempt to make standard SSL certs "not good enough", because LetsEncrypt, and a few other CAs, have succeeded in the race to the bottom.

But, I'm guessing that the EV SSL cert market wasn't bringing in enough revenue to offset the costs of manual extended validation paperwork.

LG seems to be the only one remaining manufacturer of moderately premium, non-castrated phones. After almost five years of reliable service my Nexus 6 died. I replaced it with an LG G7. Headphone jack. QI charging. NFC. Their Android build appears to be mostly crapfree. The missus already had a G6 which replaced some Samsung model whose keyboard app mysteriously shat all over itself and started crashing, making it impossible to type anything, and after a factory reset started having other problems. Samsung seems to have been sliding for a while. This does not surprise me.

What a blatant rip-off of Futurama.