1. The list of "1 million fraudulent domains". I'd like to drop that list into the appropriate configuration files. I'd also like to see which registrar(s) are involved and who's providing DNS services for them.

2. The list of "9,000 fake websites". Same for these, and I'd like to see who's providing hosting for them.

This is a pet peeve of mine: reports like this come out, but the original source (Google in this case) doesn't publish the fundamental factual information that everyone needs to defend themselves AND to gain some understanding of how the threat works, so that everyone can defend themselves against the inevitable copycats. Instead we get a bunch of corporate PR-speak, which is utterly useless. So if you're reading this, Google: pony up.

(Disclaimer: I'm an Israeli, though rather opposed to the genocidal attempt at ethnic cleansing currently being conducted by my country. That said, keep that in mind in terms of potential bias in this post).

It's not precisely correct to say that the US has sent hundreds of billions of dollars to Israel. it's a bit more of a 'closed ecosystem' than that -- the vast majority of financial support the US has provided Israel has been in the form of weapons and munitions, which Israel has then purchased from US companies. In other words, while in some respects this absolutely is financial and military support of Israel, in addition to that it's also a vast transfer of tax revenues from us (I'm a tax-paying US citizen these days) to the military-industrial complex and more specifically American companies.

So most of this money has stayed in the US, it's just been transferred from the people and their representative government to commercial entities.

The person(s) behind this series of disclosures are clearly highly intelligent, knowledgeable, and industrious. Microsoft should be paying them the minimal acceptable bug bounty -- per bug, which is this case is $1M USD. (Anything less than that is an insult.) But of course Microsoft is far too accustomed to lying, cheating, and screwing other people, it's so embedded in their corporate culture, that it has never occurred to them to even try to do the right thing.

Now to turn my attention to the Subject of this posting. Surely nobody thinks that the person(s) behind this particular effort are the only ones conducting such research. And it is importable that they are the most intelligent, most knowledgeable, and most industrious -- in other words, there are probably people out there somewhere who are even better. And, rather ominously, who aren't doing the world the enormous favor of making these known publicly.

That's an easy speculation to make, of course, but it's also congruent with history. "There's always someone cleverer than yourself" is a wise maxim because in all but a very, very cases it's accurate. So unless this one of those cases -- and I very much doubt that -- then there are one or more other person(s) out there discovering bugs of similar severity and consequences, and doing....well, we don't know what they're doing with them. If they're working for national intelligence agencies, then likely stockpiling them for future exploitation. If they're working for themselves, perhaps packaging and seller them on the open market. There are all kinds of possibilities and none of them bode well.

TL;DR: we have reached the point where it has become painfully obvious that Microsoft can't secure its own operating system for any even minimally acceptable value of "secure"; every day it becomes more obvious that they're losing.

Wait, they require you to provide a phone number to get a phone number? So people who don't already have one can't ever get one? :P

EU should just order META split up as an illegal garbage monopoly.

Ah yes, the "I'm going to take my toys and go home" threat, uttered by children and oligarchs everywhere.

Companies unwilling to abide by a country's laws are welcomed to not operate in that country. These threats happen all the time and so far what it takes to get a company to not operate in a given country is pretty much a legal order (see: Russian and Iranian sanction laws).

Unless all the Tahoe shit that should've had the MacOS design team fired gets removed from Golden Gate, all of my Macs will be quite happy to remain on Sequoia thank you very much.

Researchers have been trying to solve this problem for a very, very long time -- using the same approach. Nobody's cracked it yet, and throwing a huge pile of money at a bunch of researchers seems unlikely to crack it in the kind of short timeframe amenable to investors.

I cited the 1940's in the Subject because that's when Hebbian learning was hypothesized. It's only one of the waypoints in the history of neural networks, and one could easily argue for any of the others, but in my view it's the one that marks the transition from systems that couldn't learn to systems that could. Of course current researchers have the advantage of all previous research and superior tools, and that will certainly help. but this is still largely unknown scientific territory.

There's also a major ethical question here: is this a good idea? That is, suppose they succeed: is that going to be good for humanity? What happens to every one of us if all of our labor, all of creativity, all of everything we do with our minds can be replaced? Particularly if it can be replaced with something that never gets tired, never gets sick, never grows old? How is this good for anyone except the billionaires - the same people building their climate-catastrophe bunkers, the same people funding life extension research, the same people funding cloning research, the same people exacerbating global warming? Are all of us just supposed to...die?

To many that coherence you speak of it bad. Jobs went against everything that made consumer computers popular and went against the entire open culture of everything. Specifically configuration options. It was the Jobs way or the highway, the ability to configure things to function the way the owner wanted it to was ditched. You operated the way jobs wanted it to or it didn't allow it. Also the entire concept of suites of apps is anathema to open computing. Small dedicated apps that do one thing and do it well was also ditched for integrated suites. Jobs created a consumption based environment, not a creation based environment. And many people think that is still a bad thing and always will.

(One of my degrees is in physics, but string theory is not my lane: I deal with electromagnetic field theory.)

If the scientists are wrong, they will eventually figure out that they're wrong and fix it: that's how science works. For example: Abberation (astronomy). That article contains a paragraph that explains how stellar aberration was observed, explained incorrectly, explained better - but still incorrectly, and eventually explained correctly. Science is designed to be self-correcting, and while sometimes those corrections are difficult and contentious, they inexorably happen.

The assumptions you list are made by physicists because (a) we have no experimental evidence that they're wrong and (b) we have a mountain of experimental evidence demonstrating that they're right. If that changes, if even a single bit of experimental evidence shows that they're wrong then (1) someone will win a Nobel Prize and (2) science will apply the correction. But I strongly doubt this will happen.

As to string theory: my own feeling is that we may be only a few years from being able to conduct experiments that might invalidate it. Please read carefully: I'm not predicting that they will, I'm predicting that they will be capable of doing so. If I'm right about that, and those experiments are run, then either (a) they won't invalidate string theory, leaving the door open for more discussion and research, or (b) they will invalidate string theory. Of course if the latter happens, the people who've invested so much of their lives working on it will be very disappointed -- but because they're scientists, they'll accept it.

Rather than write more about this, I'm going to quote Carl Sagan: "The Cosmos is all that is or was or ever will be. Our feeblest contemplations of the Cosmos stir us -- there is a tingling in the spine, a catch in the voice, a faint sensation, as if a distant memory, of falling from a height. We know we are approaching the greatest of mysteries."

The purpose of the CS department is not to provide vocational training for programmers; it's to teach CS. In turn, CS is far, FAR more than mere programming, and thus requires an understanding of math in multiple areas -- to name a few: graph theory, queueing theory, discrete mathematics, combinatorics, calculus, differential equations, probability, geometry/trigonometry, linear algebra.

Students who are unable or unwilling to learn these things aren't going to be able to learn CS because they lack the foundation(s) required, and thus they're likely to receive low grades. That's how it is, and that's how it should be.

This is not to say that people who only want to learn to program should not do so: they most certainly can. But that's a very different educational path than trying to learn CS. It's roughly the same as someone who wants to learn to be an electrician vs. someone who wants to earn a degree in EE.

The BSA is the sockpuppet of corporations that rely on customers who can't migrate to alternatives because of vendor lock-in. So of course they'll do what they've always done: advocate for expensive, low-quality software with horrible terms and conditions, because that's what keeps the money flowing.

And until the last year, that was mostly working, because the pain/friction involved in changing to something else was too great, and so sticking with bad-but-working crap was preferable to trying to migrate to something else. But that's all over now, baby blue. (Get it?) Now that American companies have repeatedly proven that they'll bend the knee to unhinged orange grandpa and shut off anything/anyone that he wants, the anticipated pain/friction is a much better alternative than risking a complete (and maybe permanent) outage.

The end of American dominance is coming in many ways: Ukraine is now the leader of the free world and arguably has the most advanced military force. China is now the lone economic superpower. Canada is poised to become a raw materials juggernaut. Africa is leading the way on wind and solar power. And it remains to be seen who will become the dominant scientific, engineering, and computing force, but I'm guessing some combination of Europe, Japan, and China.

Well, that kind of depends on whether or not you're the one that owns the capital...

That's a really good question (with bonus Paula Cole reference). I can offer you a hypothesis that might answer it, and that is: default permit.

Almost everyone still configures their firewalls to be default permit (or mostly default permit) because it's the easiest way to avoid breaking things. That's true even when it's desirable to break things so that the root cause can be identified and fixed, because quite often management doesn't care about this: they just want things to work, and when a sysadmin tries to tell the VP of Sales that their email stopped working this morning because it shouldn't have been working for the last eight years...that sysadmin isn't going to be told "do what you have to do to investigate and put in a permanent fix", they're going to be told "just put it back like it was".

This movie plays out all day every day across corporations, organizations, universities, and so over many years the technical debt piles up, and then something like this happens, and NOW of course management wants it fixed. And this is why, despite years (decades now) of jumping up and down and yelling that default permit is bad, it's still in use almost everywhere.

I'm as big of a privacy and security advocate as anyone. Heck, I even disconnect my EV's and only run them over network connections that I fully control. I also rarely use cloud services because they are NOT under my control, but as an IT guy, I fully believe in full control by the OWNER of devices, whether that be a single person or a company. If an employee is using company provided equipment, then they (the company) have a right to know and control every single thing done on it and every single bit of information into and out of that device. If you want privacy and security from YOUR perspective, do it on devices that you own and control. Companies have the same right though.