The problem here isn't that the data or access or service was controlled by someone else's computer...that's true of all software updates. It's that the process behind the update was controlled by someone else's business model. IoT is much like SCADA, in that there are physical consequences to cyber actions. As such, it's very important to maintain control of your own systems. This played out with Nest thermostats that pulled down updates without notice or warning...some of which bricked them. You had pipes freezing in winter in some homes as a result.

So...when buying something that is IoT, ask the vendor (or look through the documentation) to find out how and when updates are done. Bad news: no OTA update option. Worse news: OTA updates that you have no control over.

They've been called "Time Lords" thus far because their incarnations have all been men. The very fact that there is already a feminine equivalent to "lord" implies that there's nothing odd about there being a "Time Lady."

You're missing a piece of the puzzle. As we speak, Musk's tunneling machine...named "Godot," is tunneling in LA. Oh, and the company under which this work is being done? "The Boring Company."

Why has this not been modded up?

This isn't exactly true. 1, it depends on who's FICO score you're looking at: two of them ding you for having a mortgage that is, essentially, too new. Another also dings you for having too much of a mortgage balance...so if you've put down less than a 20% down payment (if you can, why do you have a FICO of 500?) that will also actually lower your score, not raise it. The concept that FICO is some standardized, monolithic, and consistent measure is false; creditors refer to them as "fake-o" scores. Another way to look at it: if the FICO score were a reliable, end-all measurement, then creditors would only rely on it, and not require an actual credit report for things like opening credit cards, auto loans, or mortgages.

And I get the sense that you don't know what you're talking about on a broader scale...because suggesting that someone with a FICO score of 500 get a mortgage is like suggesting that a registered sex offender get a job at an elementary school. Creditors aren't going to give someone the time of day with that score.

Then the person who posted it has nothing to worry about, right?

Right?

Excellent point...and actually, it's been tried, with mixed success, on a broader scale rather than just medical-expense-related charitable giving. One approach...the United Way...has worked decently though they have had some scandals of their own. Another is the US Federal Government's "Combined Federal Campaign," which kind of serves as a clearing house and also seeks to avoid some other problems as well (like how supervisors used to pressure their subordinates to donate to certain charities.)

I think it's a people problem more than anything else: when you have a lot of money flowing through something, some will inevitably attempt to take advantage. Given that, on a per-family basis, the financial magnitude of need from medical expenses outstrips everything else makes it both a tragedy when real needs are not met and a lucrative target for fraud. And there seems to be a dignity factor with requiring people to produce comprehensive medical and financial records to prove they are in need.

On the whole, people don't want open specifications more than they want something that is well-supported. Open specifications are a good thing, don't get me wrong. But given the choice between something that's a huge hassle to get working (and keep working) smoothly that's open and something that just plain works...well, I offer this survey's results as Exhibit A.

The folks just randomly asking for money are part of the problem, even if you remove them from the study. I found out about them when I went to GoFundMe to give money to a valid cause. A person was injured while volunteering for an event that I was attending (which has a close-knit community) and was injured by an accident. Having a broken ankle and no medical insurance, he put up a GoFundMe to ask for help; it was a textbook example of what the site *should* be used for. I went there, and donated...and then in the course of that I saw just how much insanity there is. It definitely put me off...it didn't dissuade me from donating that time, because I knew about the person involved, knew what happened (I even saw them bringing him to the ambulance), and knew that it was 100% valid. But I also realized that there was absolutely no way to validate any of the other campaigns without that kind of personal connection. My rant is an indictment of GoFundMe in general, because we're talking about the model as a whole.

Which brings me to the issue that I raised but you didn't address: scams. There are tons of scams in GoFundMe, and while some (like those that use stock art for photos) can be uncovered relatively easily with a bit of detective work, I'm willing to be that there is a significant group that are less obvious. How does the study account for them? Looking through the GoFraudMe (I bet you didn't go there, Mr. "Uninformed Rant") site, you'll note that the majority of scams fall within the exact kind of funding campaigns that are the study's focus. And that comes full-circle to my point about funding methods that have some form of due diligence behind them. Yes, I know, you can't start up a non-profit agency just to get your medical bills covered...but there are many non-profit agencies that gather funds en masse and then dole them out for cases like these.

But let's not stop there. Let's put aside the scams, the fact that the whole model is fundamentally broken in that it begs abuse by people who feel entitled to game consoles and whatnot. Let's also include the fact that a significant number of the "medical" campaigns are for things like breast enhancement or bariatric surgery. Or this gem, which has exceeded it's $8,000 goal for hip surgery for a dog...but when I did a Google Image search of the picture, it turns out that the dog pictured belonged to Justin Bieber. How much searching did that take? I typed "surgery" into the search field on GoFundMe, hit return, picked the first item on the first page of results that had a picture rather than a video, and did an image search on the picture. What are the odds of that turning out to be a sign of a scam, if the vast majority of "surgery"-related campaigns are valid? And this case combines both the "this request is bullshit" and "this campaign is a scam" dimensions at the same time.

So...follow the pathway of a person visiting GoFundMe, going for a totally valid reason about which they have no doubts. Add the shocking, rampant, obvious snowflakery and the subsequent discovery of large-scale scamming that goes into the thousands or tens of thousands of dollars per campaign. What do you think a potential donor is going to do? I think they'll do what I do...only give money to people they know, or give it to 501(c)(3) organizations because both cases involve a lot lower risk of the money going to a scumbag instead of a person who is deserving.

Oh, and in closing...fuck you very much for accusing that I actively deny medical care, food, and shelter to sick people and that I seek solace for trampling upon the poor. You don't know me, or anything about me, and I would bet a year's pay that I donate more to charitable causes than you do. Once you start donating money in a significant way, you start learning that not all causes are alike...and you learn to make good choices so that your donations will actually matter.

I assume that the mentality of the person who did the study was to compare it to conventional non-profits and the way they do fundraising. This is an important distinction because, under that model, there's a certain filtering process. If you've ever looked at a grant application, you'll see that the very nature of any of them tends to point out to you that there needs to be a valid reason for your request for funding. GoFundMe has no such filter, and as a result you get people like these three assholes or this snowflake. And those two are just what I came across by searching "Nintendo" on their site and seeing what came up in the first full set of results.

And then there's the other thing that the filtering process does...which is help reduce the level of scamming. GoFundMe also lacks any means to do this; you see a picture and a nice bit of text but there is absolutely nothing done to validate that either are true. As a result, scams are rampant, to such a degree that there's a whole site dedicated to uncovering the scams.

So, in short...I don't think there's anything wrong with the majority of GoFundMe campaigns failing to reach their goals. Most of them are just fucking ridiculous. And yes, I'm quite sure that some valid campaigns don't get funded as well...but 1, I would put some of the blame on the lack of any vetting process around the campaigns, and 2, that happens in the world of legitimate fundraising too. Posting a picture and type a few paragraphs describing your plight does not automatically guarantee you money...whether you are deserving or not...and that's just how life goes.

Yes, but the day is coming when that will change. And they know it. If you were in their shoes, what would you want those regulations to look like? They'll be crafted to deal with what happens before they are written.

They aren't worried about "international law" (which, incidentally, is barely a thing unless you are a war criminal or something else so egregious that most of the world is willing to support a method around prosecuting you.) They're worried about local laws, which are a lot more real. The absence of relevant criminal statutes under international law will not protect you against regulatory or criminal proceedings in nations where you operate.

They're worried about being blamed for money laundering, so they're being proactive and trying to catch anything in their system that they can possibly tie to criminal activity. Unfortunately for everyone, not too many options for doing this exist outside of going after ransomware payments...so that's what they've gone after. I can sort of understand it...bitcoin isn't exactly transparent, and the day is coming when regulators will be deciding who is good and who is bad here. It does make good business sense to demonstrate a "best effort" to steer clear of being designated as "bad," or at least "bad-friendly." I think it's a dick move, but I do understand the motivation behind it.

You're not paying attention.

The security company wasn't accepting payment on behalf of ransomware actors. They were facilitating the payment TO ransomware actors on behalf of companies that aren't familiar with bitcoin and have no accounting methodology to make such a payment before the ransomware runs out. They were a front for the victims, not the criminals.

It's akin, in a rough way, to what K&R companies like Control Risk do when it comes to ransoms in the real world. There are right ways and wrong ways to pay a ransom, and they are intimately familiar with the difference. As a result, they step in when one of their clients has a kidnapping situation and manage the whole thing to help get the person back safely. And yes, this usually does involve paying the ransom.

The real motive by Coinbase is probably a fear that they'll be accused of helping facilitate criminal activity. Bitcoin exchanges are on the narrow edge of falling under regulation, but it could also go another way (*cough*Liberty Reserve*cough*) for any particular exchange if the regulators in their country feel that they are guilty of money laundering. As a result, Coinbase is taking proactive measures to be able to prove that they, well, proactively avoid facilitating crime. I don't necessarily agree with it, but I can at least see where it came from.

The App Store is a marketplace. First and foremost, that is its purpose.

The mandate that it be used as an exclusive avenue for applications supports a broader cybersecurity model. Note that it's not a "security" model, which is potentially broader...it's a "cybersecurity" model. It's not a social solution, and won't protect you from apps that are overpriced, poor in functionality, overstated in their benefit, etc. It's not a "Good Housekeeping Seal of Approval" for apps. It's not a mechanism to prevent lies of scams of a sort that are non-technical in nature, either. Yes, Apple will help out as they can, and pull out apps when they see this kind of thing going too far. But even that is a "best effort" kind of thing, and there are no technical measures that work very well at detecting such issues.

The best they can do is mandate and enforce a standard for in-app purchase notifications (which they do) so that you'll be able to see, in normal print, that you're about to pay $99/week for something. If you're enough of a fucking moron to still go forward with it, that's on you.

You know, a few weeks ago there was a post on reviewing code before pushing it to production, and some people seemed appalled by the idea that another person...who would invariably be a coder, lest they be unable to understand what they were looking at...would be in the process flow for committing a change. I pointed out that this was actually an industry best practice in enterprise organizations, and an inherent part of any SDLC. In any large environment, people with access to development environments do not have the rights to push changes to production. This concept was not well-received.

And now, I see an awful lot of people saying that this problem above was the CTO's fault, for giving a developer sufficient access to change the production environment. I agree with that point...but it's amusing to me how a lot of us seem to live in a fantasy world where we must have access to everything, but when we screw up it's someone else's fault for giving it to us. We have to choose one of the other; either we are justified in having full autonomy and accept the consequences of our actions...for good and for bad...or we accept safeguards that protect both us and the organization we support.