About 25 years ago, I began to take a serious interest in climatology. I started buying textbooks and reading them - and for the most part, that went smoothly, because I could easily understand the math and physics. (I struggled a bit with some of the organic chemistry, and had to spend a couple of years coming up to speed on that.) After a while, I could read all the reports and some of the papers being published, so I made my way through things like the IPCC reports -- which are thousands of pages. Eventually, I got to the point where I could read almost anything published in the field -- but admittedly, some of the material still takes me a long time to get through.

And the single biggest takeaway from all that work is: climatologists, as a field, have been consistently underestimating how bad things are and how bad they're going to get. This is because they're scientists, and all scientists are trained to be conservative in their assessments. Whereas a non-scientist might write "X proves Y", a good scientist will write something like "X suggests that Y may be happening" or the equivalent. This approach implicitly acknowledges uncertainty and the possibility that future work will yield different results: it's how science self-corrects over time.

This mindset is commendable: it shows intellectual honestly. But unfortunately in this particular discipline, at this particular time, it doesn't ring the alarm bells loudly enough. We need a Samuel L. Jackson moment: "The world is on fire, mXXXXrfXXXXXrs" We need radical changes, e.g. all fossil fuel production and consumption must end. We need vast reductions in energy consumption. We need sweeping societal changes, e.g., an end to daily commuting as the norm, it should be an exception. And even if we do all of that, it may still not be enough, because this is an exponential process with a huge amount of momentum -- in other words, we're going to keep sliding up the curve for some period of time even if we do everything that we should have done decades ago.

I've said, for all these years, that I'm not going to live to see the hellscape that's coming - the mass starvation, the killer megastorms, the wars over water, the refugee crises, the political, economic, and societal chaos. Now I'm not so sure.

"[...] Sanger invited his 91,000 followers on X to influence that discussion."

should read:

"Sanger invited 91,000 racists, misogynists, bigots, homophobes, xenophobes, and fascists from a well-known Nazi bar to influence the discussion."

Get back to me when places like NY and CA stop letting repeat violent offenders out on 'cashless' bail.

If you're accused of assaulting someone for the 2nd (or 3rd and more) time before your first case even makes it to court, you should not be free to continue your rampage.

Equally, we should not make any conviction a lifetime sentence of un-/under-employment. People need the ability to rejoin society and a normal, productive person who made a mistake.

Lastly, when a significant portion of the money spent on prisons is going to corporate profits, we are doing something very very wrong. It's a race to the bottom for everyone but the shareholders.

The irony of you being the only one here going on about the n-word and calling people fascists.

Assuming anyone who rejects this unhinged nonsense is a bot is just another way to reinforce your echo chamber. It's much easier to label someone a racist and dismiss them instead of considering the garbage you're spoon fed (lol AP) is unbiased and accurate.

It's easier to just believe and repeat than take a few moments to think...and then possibly disagree with your "friends".

This is made even worse by the pervasive way cancel culture has seeped into every day life. It's not the rock star getting canceled for hospitalizing their wife for the 3rd time. Sadly we skipped right over that and went to cancel someone unknowingly using a commonplace but mildly offensive term.

Now it's people deciding you can't be friends because of an all-or-nothing approach to every political belief they hold - with zero room for a nuanced discussion.

I'm more worried about the 2/3 (actually much less) that you didn't mention ... who mindlessly believe any nonsense that comes their way if it aligns with their political (dis)beliefs. The idea that the left has a monopoly on "the truth" is comically out of alignment with reality. Worse, the pseudo-religious dedication prohibits any kind of rational, neutral conversation. This isn't to say the right is always...right. They've got plenty of stupid too but generally seem more open to conversation or even criticizing their own without being excommunicated.

That aside, flock cameras need to be broadly outlawed. Otherwise illegal surveillance shouldn't suddenly be legal if a private company does it then sells the data to police/gov't officials. Honestly the same for revenue cameras...aka "speed cameras". If pols actually followed what the public wants, none of this would be permitted. But when there's reelection money on the table we all get told what we want. The only choice is if your moron's name is highlighted in red or blue.

Kind of waiting to see the large-scale rejection of surveillance/plate readers where people "adjust", cover, or otherwise disable them.

All true - but also a young arrogant engineer who completely failed to read and learn from people who have entire closets full of computing awards (including Turing Awards) for a reason.

There are only two valid use cases for systemd: first, as an interview question. I use it as a fast and easy way of classifying candidates; anyone who thinks systemd is in any way, shape, or form a good idea may safely be dismissed from any further consideration. Second, as a security wedge: there is so much new, poorly-written code in systemd -- with more being shoveled in all the time by Poettering's submissive kneeling fanboys -- that it provides all kinds of opportunities. (I'm being snarky but also serious: read the damn code. It's absolute crap, so much so that one could argue that the number of security holes exceeds the corpus of useful code.)

Every single person involved in Polymarket is a scumbag -- to the bone. They should be shown no pity or mercy when the scam they're orchestrating turns on them -- and it will.

How would it have damaged Google to (a) give credit where it's due and (b) cut a $50,000 check?

Answer: not at all.

In fact, it would help them, because it'd go a little way toward repairing the reputation they've spent the past several years damaging. And it'd be a far better choice -- in every possible way -- than trying to weasel out of it as they've done in this case.

What Google (and Microsoft, and others) have done by abusing the good faith and trust of security researchers has convinced a lot of them that they're better off just selling information to anyone who can/will pay. It's less aggravating and it has a higher payout. This isn't good for anyone, and 100% of the blame lies with these enormously wealthy corporations -- who could easily afford the expense, but are too greedy and too short-sighted to understand the damage they're doing.

The solar-scam model is well established by now and has lots of creative permutations. It's at the point where finding a legitimate company to install them without shenanigans is ... difficult.

All the rebates and other incentives played a huge part in creating this of course. Shocking how 'free money' drives up prices and brings corruption so consistently. /s

This isn't the first, or the tenth, or the hundredth time this has happened to some security researcher dealing with some company. And even when their research is properly acknowledged and credited, the payouts are pitifully small. The entire concept of "responsible disclosure" is to guilt people who don't work for companies into free labor for them, donating it, and then receiving neither credit nor fair compensation.

It's time to discard not just the practice, but the entire concept, because the industry has proven that it concocted this nonsense as a one-sided deal, and that it will screw anyone/everyone at every possible opportunity. It's time for researchers to abandon any attempt to collaborate with companies, because it doesn't work.

What should they do instead? Just drop the vulnerabilites and let the companies deal with the fallout. They're too cheap, too lazy, and in too much of a hurry to make sure their products/services are secure before they start selling them, so they deserve what they get. Let them burn.

1. The list of "1 million fraudulent domains". I'd like to drop that list into the appropriate configuration files. I'd also like to see which registrar(s) are involved and who's providing DNS services for them.

2. The list of "9,000 fake websites". Same for these, and I'd like to see who's providing hosting for them.

This is a pet peeve of mine: reports like this come out, but the original source (Google in this case) doesn't publish the fundamental factual information that everyone needs to defend themselves AND to gain some understanding of how the threat works, so that everyone can defend themselves against the inevitable copycats. Instead we get a bunch of corporate PR-speak, which is utterly useless. So if you're reading this, Google: pony up.

The very concept of a 'wealth tax' is just retarded.

I start a company. It grows. I hire more people. More growth. It's popular, great place to work, sells a bajillion widgets. One day someone decides it's worth $500mm. The next day they seize 80% of my company?

Now who runs it? Why do I have any interest in it's growth anymore? Heck, it would make me want to keep my company poor and smaller...and incapable of doing the things at scale that our society needs. Things like launching an electric car company or developing viable, cost-effective, reusable space launch capabilities...or providing internet to the underserved parts of the world?

What companies SHOULD be forced to do is give back a much larger portion of their net income and equity to their employees. Stop with the 'let's steal labor and wealth from people and make it taxes' and turn it into 'people collectively building valuable companies should be rewarded much more in proportion to their contributions in building them - not just if they invested $ to start it up'.

The person(s) behind this series of disclosures are clearly highly intelligent, knowledgeable, and industrious. Microsoft should be paying them the minimal acceptable bug bounty -- per bug, which is this case is $1M USD. (Anything less than that is an insult.) But of course Microsoft is far too accustomed to lying, cheating, and screwing other people, it's so embedded in their corporate culture, that it has never occurred to them to even try to do the right thing.

Now to turn my attention to the Subject of this posting. Surely nobody thinks that the person(s) behind this particular effort are the only ones conducting such research. And it is importable that they are the most intelligent, most knowledgeable, and most industrious -- in other words, there are probably people out there somewhere who are even better. And, rather ominously, who aren't doing the world the enormous favor of making these known publicly.

That's an easy speculation to make, of course, but it's also congruent with history. "There's always someone cleverer than yourself" is a wise maxim because in all but a very, very cases it's accurate. So unless this one of those cases -- and I very much doubt that -- then there are one or more other person(s) out there discovering bugs of similar severity and consequences, and doing....well, we don't know what they're doing with them. If they're working for national intelligence agencies, then likely stockpiling them for future exploitation. If they're working for themselves, perhaps packaging and seller them on the open market. There are all kinds of possibilities and none of them bode well.

TL;DR: we have reached the point where it has become painfully obvious that Microsoft can't secure its own operating system for any even minimally acceptable value of "secure"; every day it becomes more obvious that they're losing.

The only way I'm giving AI access to that level of personal information/interaction is if I own - and retain EXCLUSIVE access to the data.

Basically, the AI and data are mine and no one but me ever has access. No spying. No viewing. No data mining, anonymous or not. ZERO access during normal use unless I intentionally share something with a specific person or company. Think zero-knowledge encryption, but for my 'personal AI'.

Granted, companies want you to use AI largely so they can mine your data and it's gotten so expensive all the advertising/data-mining can't pay for it anymore...so they want to charge now. Nope. No thanks.