What stops someone from designing a blue team technique that is just red team techniques applied to your own product prior to release? I suspect MS does exactly that, but red team productivity varies.
This is known as "purple teaming". You have security team segments actively trying to attack your own systems, using both established tooling/techniques, but also developing bespoke attacks that are specific to your systems.
Then, and this is crucial, they not only teach the blue team from their findings - they also rotate out to blue teams, to become the defenders themselves. At the same time, some of the blue team rotates in. Rinse and repeat. The whole point is that you have to understand both sides properly, and continuously work with the teams involved. Otherwise you're nothing more than a consultant.
Nothing stops that; it is one of the most routine things you could do. NCC Group exists to provide this service. HackerOne exists to provide this service. Having an external team periodically attempt to penetrate your defenses is legally required for anyone who processes payment card information (in the US; I don't know what PCI requirements are like elsewhere).
Sure, I'm not lobbying the law to be changed on my feelings, but someone able to risk _infinity_ money in the hopes of a company's value decreasing does "feel" dangerous and wrong.
I'm not even sure Robinhood is falling. Yes they had to take out a billion dollar bridge loan, but that means their assets under management just shot up massively. And now that the frenzy is over, they repay the loan and keep the assets under management.
There are innocent users outside China who like to view innocent websites inside China. If you block the connection, you make the innocent users, and the innocent websites, mad. They might very well interpret it as censorship.
That's not the issue. The issue is that there is speech accompanying the malware, which should not be systematically censored. (Though any individual is free to do so for themselves.)
> The issue is that there is speech accompanying the malware
I'm either misunderstanding what you're saying, or it doesn't make sense. If a bunch of people take signs (with legitimate messages, free speech) and hang them off a bridge over the highway (causing accidents), then those people go jail. The fact that their message is free speech is irrelevant. The source of the message is being punished/jailed, not the message.
Another iteration of this and we'll have bullets with text on them and killing someone with those bullets will be an expression of free speech. The degree to which the 'free speech' analogy is contorted is amazing, more so because the original scope was quite narrow, both legal and geographical.
The problem is closer to a ne'er-do-well taking someone else's signs and hanging them off a bridge over a highway. The person producing the speech is having their speech hijacked for malicious purposes by an MITM; that doesn't mean that it's not censorship when the sign's/webpage's creator gets caught in the censorship crossfire during the attempt to take down the malicious actor.
To put it another way: if someone steals my car and uses it to rob a bank, even if that car is now evidence in a criminal investigation, it's still my car. The police have every right to confiscate it from the thief—it's not their car—but that doesn't mean that it suddenly belongs to them; it belongs to me. In both this case and the above case, I have a right to not be unduly punished for the actions of an unrelated third party (by having my website taken down; or by having my car permanently confiscated, respectively.)
The context here is very similar to a story that was on HN just yesterday (https://news.ycombinator.com/item?id=21671579). Banning a site from the internet for happening to be MITMed by China is very similar in its ethical implications to banning a site from the Internet for happening to have a domain-name that fits a pattern used by a botnet.
At this point we really need to start doing the "You wanted a Great Firewall? Enjoy. You now have no connection."
Removing China from the internet would also likely cause things that phone home to China to break. That would actually create some consumer awareness to boot.
> In order to ensure that changes to systems can be attributed to responsible individuals, there is usually some kind of system that tracks and audits changes. One person will raise a ‘change record’, which will usually involve filling out an enormous form, and then this change must be ‘signed off’ by one or more other person to ensure that changes don’t happen without due oversight.
And in any other planet, we call that a 'Pull Request.' My first real tech job was a community college that really bought into the whole ITIL framework. Important changes typically had to go through a Change Management Board, which met weekly. Meanwhile, key authentication systems involved passing passwords from PHP to perl to bash to vbscript in cleartext, in such a way that dollar signs and other string interpolation sigils would be processed, and therefore were banned. The person who wrote this kludge is now in charge of IT security for the college. And there was no version control to speak of anywhere, definitely no puppet or chef or ansible. It worked, but there were pretty much monthly fuckups along the lines of 'and then the utility truck backed into our power distribution cabinet' or 'the SAN vendor's technician mentioned this is the third time this week he's been on site with a client to deploy this emergency stability patch,' or 'the new guy upgraded the antivirus running on our databases, and we can't roll back because nobody has the old installer anymore' or my personal favorite: 'this position requires oncall duties 24/7/365.'
My company uses ITIL. Definitely a four letter word. I feel like Peter Gibbons much of the time. For me to deploy a server, I need to create a Change Request, have it reviewed by my local Change Review Board. They know nothing, and are a rubber stamp. Next it goes the the Main Change Review Board. They are higher up, and know even less. I have to have my CR into the LCRB a week before they meet, and then it takes an additional week for the MCRB to approve it. So at least two weeks to deploy a new VM. Retirement can't come soon enough.
The California model of rent control limits the amount you can raise rent on a tenant, and the reasons you can evict someone. Surprisingly, you can often transfer a lease to a family member, leading to situations where someone is living in a rented house originally rented to their grandparent.
It also leads to situations where an empty nester has spare bedrooms but cannot afford to move into a smaller rental unit, effectively taking bedrooms off the market and making prices higher for everyone. Presumably AirBNB relieves some of this pressure, though I seem to recall some landlords running sting operations in order to evict long term tenants and reset the market rate.
Over the past 30 years of SF rent control, this dynamic has created a group of people for whom in-fill redevelopment would be disastrous: they'd lose their rent control, and definitely can't live here anymore. Much of SF is pretty low density, and housing supply would come from building up. Doesn't need to be a 60 tower millenium tower deal. But you'll need to tear up some buildings to make it happen, and the cheapest properties are the ones under rent control. So anyone campaigning on a 'build baby build' platform is more or less running a platform of evicting the poor and/or elderly.
At it's core, rent control is treating the symptom of high prices rather than the disease of tight supply.
> But, I actually use vector layers with layer styles ALL THE TIME. I actually use text layers with layer styles ALL THE TIME. I actually use non destructive adjustment layers ALL THE TIME.
I think you misanderstood. He does not only use vectors, he just always needs to have vectors on his projects. Inkscape won't be a solution.
Apart from that, Inkscape seems to be a good solution for pure vectorial work. But my non-techies friends hate the UI. It is not that it is different of Illustrator, they just found it ugly and unpractical.
> Do you think Sergey Brin ... is thinking to himself, "I'm really satisfied with how many people found trivial information about pop stars with our technology" or is he thinking, "how can I get even more people to click the top-most served ads?"
He's probably scared shitless that he has exactly one revenue stream worth talking about, and has no idea how to supplement it.
