One of the maxims of infosec is that the resources (money, time, expertise, risk, etc.) an attacker is willing to expend to penetrate a target is proportional to the value of that target. Of course "value" sometimes has a subjective component, particularly when attackers are motivated by politics, personal grudges, etc., but for the most part it more-or-less tracks the economic value of the target.

With this move, Microsoft is about to make their cloud one of the most valuable targets in the world. A billion people are going to start saving documents (and drafts of documents) in it, most of them without even realizing it or knowing how to turn it off. It's about to become the motherlode of data and metadata (about people, systems, software, locations, etc.) and everyone knows it. There's no way that Microsoft can defend this. None. There's no way that anyone short of a national intelligence agency could defend this, and I have my doubts about that.

If that seems like hyperbole, then consider: how much would Putin spend to get his hands on this? A billion? In a heartbeat - it'd be a bargain. Or the Chinese. Or the Iranians. Or the Saudis. Or the Mexican drug cartels. Or the....

It's not a question of if this will be hacked, only when and how and by whom and how long Microsoft will try to hide it.

Note: if I were the attacker, I'd get in now. That is, I'd either get my people hired into roles in this operation or I'd bribe/extort the people who are already there. After all: you don't have to break in if you're already inside.

Users: "We need a built-in ad-blocker to protect our privacy and security".

Mozilla: "Hey! We screwed up the address bar!"

Users: "We need a built-in Javascript blocker/enabler to protect our privacy and security."

Mozilla: "Look! Look! We changed the shape of the buttons! New icons!"

Users: "We need built-in anti-tracking a la Privacy Badger and Canvas Blocker to protect our privacy and security."

We're well past the point where we should be filing bug reports and submitting fixes or assisting Mozilla in any way. Mozilla needs to die. And while it may be difficult to find an organization/group to take Firefox away from them, it must be done. The first thing the new caretakers should do is start ripping out code -- there's over a decade of bloat and crap that needs to go. And the second thing is that the browser should have the features of the best extensions -- like NoScript -- built in.

(1) There are all kinds of abusive things going on with AI crawlers, including ignoring robots.txt - or not even bothering to check for it, using faked user-agents, using end-user systems on commercial ISPs, using systems distributed across various clouds, not rate-limiting queries, etc. That's why there are myriad efforts all working toward mitigating the damage that's being done, and unfortunately, no one technique solves the problem entirely. (And the people running the AI crawlers are responding to these defensive efforts by escalating their attacks.) What's happening is essentially a DDoS against every web site, and it's not only costing a fortune in bandwidth/cycles/etc., it's costing a fortune in human time.

I've been here a long, long time. And this is one of the worst things I've ever seen. And it's all to feed the insatiable egos and greed of the tech bros who've bet the farm on AI and have yet to realize that "garbage in, garbage out" still applies no matter how much computing capacity you throw at it.

(2) It's ironic that Cloudflare, of all operations, would whine about someone else's abusive conduct. Here's an exercise for the reader: read the article here Scammers Unleash Flood of Slick Online Gaming Sites - Krebs on Security. Then follow the link he provides to the list of domains involved in this. Now look where they're (almost) all hosted.

The wasteful part: they were too lazy and cheap to properly decommission the servers by pulling the disks and wiping them...before donating all of them to worthwhile projects and organizations. This isn't difficult: I've done it many times, in two cases for much larger operations, and I've done it with far more sensitive data, e.g. medical data, financial data. This is an appalling display of negligence and incompetence, and it's awful for the environment.

The obvious lie: "For security reasons (and to protect the PII of all our users and customers), everything was being shredded and/or destroyed." If they were actually trying to protect PII, then they shouldn't have moved to the cloud. Not only have they thrown everything into a black box, they've thrown it into somebody else's black box that they have absolutely no control over -- and no visibility into. If some offshore contractor working at that cloud company decides to grab all the info and sell it as a side gig, (a) they can't stop it (b) they won't know it's happened until it's much too late and (c) they'll be unable to do anything meaningful about it.

He should be removed from his corporate position and committed to an institution immediately.

That won't happen, of course; as s society we've already decided that it's perfectly fine to have psychotics, sociopaths, megalomaniacs, and morons (e.g. RFK Jr, Musk, Zuckerberg, Trump) in positions of leadership. And we'll go through today and tomorrow and the next day pretending that this is normal and okay while they drive not just IT, not just the US, but the entirety of human society over a cliff.

I have no problem believing that lines of code are being churned out at a much higher rate by Surge's approach.

But is it any good?

Or is it -- as seems highly likely given what we've seen from AI coding tools so far -- unreadable, bug-ridden, unmaintainable, insecure, utter crap?

Which won't matter to Chen because he and his enormously bloated ego will have the opportunity to cash out long, long before the bill comes due for this hype and hubris. It'll be the little people who have to suffer the consequences of this exercise and clean up the mess.

I saw the new one, it seemed like a cheezy generic attempt at he MCU playbook. Faux Ironman and bots, obviously fake CGI (why? WHY???) over and over including the "star" of the movie.

Oh, and at least they skipped the gender politics (kinda) and only threw in mockery of other political topics. Eh. The movie wasn't really that good and seemed very formulaic.

As discussed here already, higher temperatures are stressors on human health, crop viability, etc. But there are further effects. To pick one: increases in local SST (sea surface temperatures) are a driver of more rapidly-intensifying hurricanes. (They're not the only factor: there also needs to be a supply of moist air, there needs to be low wind shear, etc. But they're one of the factors.) This Wikipedia article: Rapid intensification provides a good introduction and notes that improving the models that forecast rapid intensification is a high priority -- because now it needs to be.

On October 22, 2015, Patricia went from a tropical storm to a CAT5 hurricane in 24 hours.

Even with Natural Language (we are not there IMO) interactions it's still easier, faster, and arguably less distracting to turn a knob 2 clicks and make the AC blow harder. Basic interaction works best with basic (physical) controls you can manipulate by feel and never look away from the road.

Semi-complex interaction, like asking GPS for a gas station along your route in the next 20 miles is a decent use case. A human would probably pick a better option, but this falls under 'close enough' and can be faster/easier than doing it manually without any significant distraction.

Once you get to complex operations like scrolling around maps, find adjustments to things, etc. you're back to manual control being far superior to voice control (even if it's on a touch screen) because explaining those actions is too complex to do accurately.

The manufacturers want it. Multiple physical buttons are (apparently) expensive in the context of all the added wiring, etc. vs a single touch-screen that can 'do it all'.

BUT with all the focus on distracted driving the last decade or two, it seems awfully counter-productive to make people look at a screen to find the buttons to adjust climate control. In many ways, it's easier to hold your phone up and thumb thru things (so the road is still in center-view instead of hiding it in your lap like people do now) than look over to the touch screen and try to tap the right spots at arms-length.

Common controls like climate, traction, shifting, signals, and probably basic media control should all have physical buttons. Then just give me a screen for CarPlay/Android Auto and the remaining car controls. There's really no point in any kind of GPS/infotainment in cars anymore other than a pricey, bundled, upsell to pad profit margins. Even grandma has a smartphone.

I spent a dozen years as a certified trainer for first responders/incident commanders and still am one sometimes. Let me break my comments into micro and macro.

Micro: the recent Kerrville incident. The NWS did its job and did it in a timely manner -- despite reckless cuts by Trump/DOGE/etc. The issued an urgent flash flood warning at 1:26 AM, which should have been taken very seriously because that area has a long history of flash flooding. Local officials should have woken everyone up any way they could: tornado sirens, local and state police cars with full sirens and lights, fire trucks, civilian pickup trucks with horns, anything, everything. If possible they should have brought in a helicopter with a loudspeaker.

The river was already rising at that point, but slowly, and rose only moderately (per the USGS gauge, linked below) until 5:15 AM. That's when the flow went exponential. So they had the better part of 4 hours to wake people up and get them moving away from the river. That includes the girls camp that's been so often discussed: local officials knew it was there and knew it was full. And yet they didn't even manage to send a squad car over there to wake up everyone. If they'd done that, those girls could have WALKED to safety in the time they had available. (And of course if there were buses or other vehicles, it'd have been faster.)

Here's the gauge -- note that the left-hand vertical axis is logarithmic. Guadalupe Rv at Kerrville, TX – 08166200

Every responsible locality has plans for this, doubly so if it's something that's happened before -- which in this case, it has. While there's always some improvisation in emergency response, most of this should have come down to "pull out the red binder, open to page 1, and start working through the checklist -- you know, the one we've rehearsed every 4 months for the last 6 years." Every person should already know what they're going to do, like "wake up every school bus drivers, tell them to drive to the X high school, start the buses, and head to their assigned locations to pick up people" or "get someone on the bridge upstream with a spotlight on the river so that we can see the flood coming before it gets here and registers on the gauge". The incident commander should supervise all of this pre-planned activity, making on-the-fly modifications as necessary...and if the plan is a good one, and if it's been kept updated, and if it's been rehearsed well, then there shouldn't be too much improvisation needed.

This by no means guarantees success. Things go wrong, equipment breaks, miscommunications happen. But it gives the best chance, and if even half of this had happened in Kerrville, it would have saved a lot of lives.

Macro: There is never money or time for disaster preparation, avoidance, training, mitigation. There is usually money for disaster cleanup. Oh, and there are "thoughts and prayers", which are (a) useless and (b) an attempt by the cheap, lazy, and incompetent to excuse their complicity in all the death and destruction that just happened. We don't need thoughts. We don't need prayers. We need science (like the NWS and NOAA do), we need data (e.g. the best forecasts they can possibly give us), we need training and equipment, we need plans, we need cooperation, we need clear messaging, and we need the money required to do all these things. Give us that and we have a fighting chance -- and our historical record when given that chance is damn good. Deny us that and you're going to get Kerrville on a regular basis. (Doubly so given global warming and its effect on locally-intensified weather events.)

This is already long, but I want to ask you all to consider one more thing. Right now, as you're reading this, there are people out there who are trying to recover all the bodies. (They know it's not a rescue. Not any more.) They would have much rather been there to evacuate all those people which they could have done if all the stuff I said above had happened. They could have met those little girls and comforted them as they moved them the hell out of the way of the wall of water that came down the Guadalupe River. But they didn't, because they couldn't. And now they're looking for them, and pulling their battered little bodies out of the mud. One...after another. I have done this work, and I hated it. I don't sleep well any more and probably never will again. But it had to be done. And now all those people working on site are going through the same thing. They're doggedly trying to provide closure to all those waiting families, and they're pushing themselves to physical and psychological exhaustion to do it. They're paying the price. So spare a kind thought for them, please. They're going to need it.

Until it's my personal, private "AI" that's doing the 'thinking' about things...which doesn't share back to anyone...I've really limited interest in every cloud provider directly snooping all my data. E2EE is frankly the name of the game, and if you design your apps to access the decrypted in-flight data for 'monitoring' purposes then you've effectively built in the back-door the EU mandated recently.

In a perfect world E2EE should be available for all services - especially with things like cloud storage - and allow for a robust private key/BYOKey approach. Too bad that takes away from all the data mining that actually pays for the services.

Playing it out, you do get to that point. It might be an opt-in function to start but then the "let's do more" crowd gets the idea to background record everything in case if flags nudity and then you can auto-upload that to ... where ever police FYI something something.

Never mind they'll bury in the TOS that every call becomes 'anonymized training data' even if you don't use the service. There's a point where every interaction is scrutinized by some AI or algorithm and we're no longer adults but baby-sat humans. Most cloud storage providers are already scanning all your data/uploads for anything with a verboten hash.

It's a good argument for using BOYKey encryption for ALL your data and interactions. Too bad that's not consumer-ready, largely because it would prevent big brother from snooping on everything to sell more ads. Honestly if someone created a universal API with BOYK encryption to sit between your device and other providers...they'd probably make a killing.

After all, they're building climate refuges/bunkers in places that they expect to survive what's coming and that are sufficiently remote that the probability of a mob showing up at the front door is quite small. They know that climate scientists are right, and they suspect it's going to be worse than predicted. (Which is a good bet, because if you actually take the time to read things like the IPCC reports, you'll notice something that's common to all science in every field everywhere: the projections are never exactly right. You'll also notice something else: time after time, those predictions haven't been pessimistic enough. In other words, the real world gets worse faster than the models predict; the models are adjusted with this new data; and then the real world gets worse faster than the models predict.)

And that's not the scary part. Nor is the part where wars over water happen (because that's right in front of us) or the part where areas become uninhabitable (same) or where hurricanes devastate areas that "can't" be hit by hurricanes (already history) or where record-setting fires, floods, droughts, etc. happen constantly (also already history). No, the scary part -- if you understand stochastic processes -- is that there is nothing anywhere in the mathematics of global warming that guarantees that the process is linear and stable. There are things that strongly suggest that there is a point at which it's neither, and of course there's a lot of debate over what that point is. If it's not clear what "nonlinear and "unstable" mean: imagine a century's worse of warming in a year. Imagine what kind of weather becomes possible if that happens. And then realize that it won't end there. If we go over that threshold, whatever it is, we're not coming back. All the frantic efforts to engineer our way out of it won't work and all the belated changes that we should have made decades ago won't help.

There is no hell hot enough, no torture chamber cruel enough, for the people who are driving us to this future.

enjoy your enjoyment of 'sound'.

as you get older (GOML) the sound of the sound matters so much less.

there were times that listening to a single speaker fm pocket 'transistor radio' was good enough to enjoy the songs.

have your fun with your rumble and explosions. as you get older, that shit becomes SO much less important, you wont believe how irrelevant all that hype really is.