I don't doubt that the previous requirements were effectively impossible for nontrivial portions of the industry and their customers; though, given the wall-to-wall dumpster fire that is IT and IT security; I can only see the attempt to treat that as evidence that the regulations were unrealistic and unduly burdensome as either myopic or deeply cynical.

Commercial software and both commercial and institutional IT operations are much more an example of the fact that you can absolutely run on dangerous and unsustainable shortcuts so long as there are no real consequences for failure than it is a case of a competent and successful industry at risk of being stifled by burdensome regulation.

The reasoning is honestly just baffling. Apparently the old requirements "diverted agencies from developing tailored assurance requirements for software and neglected to account for threats posed by insecure hardware." by requiring that people keep track of what software they were actually using.

Aside from the...curious...idea that knowing what your attack surface looks like is a diversion from developing assurance requirements; the claim that the old policy about SBOMs is being revoked for not focusing on insecure hardware is odd both on the obvious point that basically anything with a sensible scope only focuses on certain issues and leaves other issues to be handled by other things and the only slightly less obvious issue that most 'insecure hardware', unless you've qualified for a really classy covert implant or have high sensitivity TEMPEST issues or something, is not actually hardware problems; but firmware problems; which are just software problems that aren't as visible; exactly the sort of thing that SBOMs help you keep an eye on.

Not like anyone expected better; but this is exceptionally poor work.

Gondor lit the beacons before it was under siege, because to do so after is far, far too late.

For the IT industry to start speculating AFTER it has lost a third of its workforce is to start debating whether to light the beacons only after a third of the city is taken.

This is a crisis that has been expected for a very long time. Long enough for you to have experience in fighting the bean counters. Sorry, but this is a mess of your own making. In more ways than one.

1. AI is good at a few basic tasks, but it is not good at being innovative or fresh. Nor is it ever going to be capable of being so, because you can't have the future in the training set. So regurgitating a few simple themes repeatedly was never going to be in the interests of humans, only in the interests of accountants (most of whom seem to have used the daleks and cybermen as a training manual on conduct) and short-term profits. Accountants don't care if a company goes belly-up, they work many accounts, so short-term profits (even if it causes medium-term collapse) are all that matter.

2. AI cannot write decent code. How could it - it was trained on Stack Overflow and abandoned github projects. But this only matters if the humans bother themselves to write reliable code. You can replace one bug-ridden pile of carp with another without users caring too much.

3. AI cannot write tightly-optimised code. But, then, I doubt most humans ever bothered to learn that skill, when they could simply instruct the user to install more RAM and a beefier CPU.

As part of Win11, that sounds an awful lot like the task bar. Why not just allow the task bar to be positioned at the top as well as the bottom? If it's application-specific, doesn't that belong in the application window as part of it's menu bar or status bar or as a side bar?

Until now, I had never realised that, with something as sophisticated as the human brain, it was possible to achieve an IQ that was not only on the imaginary number line but also a negative value.

It is depressing how this is actually the single-most informative post anyone could possibly write on the subject.

Their argument boils down to "well if it's a synthetic actor, we represent them too, so we are entitled to $".

No, no you aren't.

By that logic, if I draw a stick figure, I "owe" someone some $. If I sell it, I owe them some of that.
To be fair, congress has already laid the ground for this, with the idea that if I draw a big stick figure sexing a little stick figure, that (to some in Congress) is borderline kiddy porn.

Using them for linear separation of states in order to classify results is precisely how they should be used.

I did security consulting for 15 years, all sorts of industries. Banks are among the worst. It's not because they don't lose money, it's because banks view security entirely through a financial lens. It's always about "how much fraud will this mitigate, and does the security cost more than eating the fraud", plus they also use a lot of procedural mitigations -- plus of course they're always looking to see if there's some other party they can shift the fraud cost to, though that's less effective than you might think.

Anyway, I always chuckle when I hear someone use the phrase "bank grade security", because I mentally translate it to "Not quite shitty enough to get hurt too bad".

I also did lots of defense work, even working directly with various militaries around the world. US military security varies wildly. By far the best I saw was the Israeli Ministry of Defense. They were serious. But "military grade security" is also good for a laugh, not so much because militaries have terrible security (it's mixed), but because the phrase has no real meaning and it's strong evidence that the speaker doesn't know anything about security. If I see "military grade security" in a product description, I immediately classify it as snake oil until proven otherwise. And it takes a lot of evidence to prove otherwise. Though sometimes stuff is actually good and it's just the clueless marketers who slap the label on it -- though it's still a bad sign the the clued-in don't have enough power in the company to get them to change it.

Just for completeness I'll mention that the very best security I've seen was at Google. Google hires smart security engineers, has lots of resources to throw at the problem, and really cares about it. I mean actually cares about making sure it's good, not just checking the boxes. Well, all that was definitely true when I joined Google in 2011. It's still mostly true, though there is some box-checking creeping in... but it's far from harmful as of yet because the security infrastructure is so very, very good. I left Google last year, and that's one of the things I miss, although my new employer also has some really good security people.

A toy company doesn't know how to secure their web site. Nobody saw that coming.

The usual term with things like plumbers is "rollup". Even the most delusional excel jockey probably doesn't believe he has 'operational alpha' vs. a veteran plumber in matters of plumbing; but he(correctly) knows that local plumbing outfits are a fairly heavily fragmented industry with a lot of relatively small players; the sort of quaint folksy thing that looks like one of those competitive free markets they told you about in EC101. And, if you, purely hypothetically, can borrow money for a pittance, you don't need to improve operations when you can just buy a bunch of the small players, consolidate them, and then raise prices to match the newly reduced level of competition.

Same deal works with more or less any business with a lot of mom 'n pop operators; as well as things like rental housing. Maybe there are some marginal efficiency improvements in back office functions because it's not eleventy zillion individual copies of quickbooks; but most of the actual margins come from the higher prices you can command from customers and the lower prices you can offer to suppliers and employees once you consolidate a given sector in a given area. The effect is particularly lurid when it comes to thinks like small medical and dental practices; or care homes; since there it's about the money; but being about the money is also about pushing your employees to recommend unnecessary implant surgery and cutting patient/staff ratios as hard as you can without anyone noticing too many bedsores. Fantastic stuff, really.

"There is existential risk for a number [of funds] because of the fundraising environment,"

I'm not sure words can adequately express the hubris and myopia of someone who blames "the fundraising environment" for the fact that their heavily leveraged buyout of a bunch of things they had no actual plan to improve value of is catching up with them.

In the strict legal sense it might not be a ponzi scheme; you can end up depending on new suckers to pay off your current creditors through incompetence as well as malice; but 'existential risk' because you've potentially run out of new suckers means that you are running a ponzi-tier business regardless of the exact motivation.

It's fairly hard to see why anyone would be contributing to xbox hardware revenue at this point, aside from possibly buying controllers. In pure hardware terms MS and Sony are shipping aggressively similar gear; and in software terms the list of games that are fully exclusive or 1 console + PC but not the other console is overwhelmingly tilted toward playstation(with Nintendo kind of doing its own thing, as ever, with a small but very high exclusivity lineup).

What's the case for buying the xbox under those circumstances? I guess the cheaper Xbox variant is the minimum-viable Call of Duty box; so that's something(though something MS is actively undermining by trying to pitch game streaming on basically anything with a display as the minimum-viable option); but that's a thin list of advantages.

Why no focus on how Waymo prioritized their customer over some non-customer riffraff. impeding their travel experience? 8/10 randroid lunatics agree that Waymo has a duty to prioritize customers over non customers!

This is unfair to us. We have, in fact, repeatedly demonstrated our ability to act intelligently and globally. We have largely ended the worst forms of industrial pollution, solved the problem with the ozone layer and ended acid rain. It's true that we're not doing so well with climate change, but that's because we aren't doling enough not that we aren't doing a lot, because we are. The power grid in my redder-than-red state is 60% wind and solar. China is building renewable energy capacity like crazy, and a lot of the developing world is just skipping the dirty power generation entirely. Yes, we need to do more, and our tardiness in doing it is going to cause us significant suffering. But we are making progress, and will continue.

We've also managed not to detonate more than two nukes on people in the going-on-a-century since we invented them.

I think the biggest risk we pose to ourselves is AI. If we can survive that, I think we'll probably survive the rest. No guarantees, of course, but the outlook is not nearly as bleak as you paint it. I know it feels good to be cynical, but that feeling doesn't make the conclusions accurate.

Also, consider that previous species of homo were incapable of even creating the problems that we're solving. They also could never have reached out population levels, or the level of safety and comfort that we take for granted. We are by far the most competent species of homo... but that is no guarantee. The others didn't get a guarantee either.