I enjoyed the early ghost recon and rainbow 6 games, but I don't even bother keeping up with news for newer ones.

I totally agree, but if I went after every company I felt to be incompetent to the point of criminal negligence I'd be up to my eyeballs in lawsuits just over password requirements.

> The answer is always the same IMO. Break up big tech companies into a million little pieces.

Generally I agree, but in this case I think there's an even simpler solution: 1) hold Google accountable for entries in their safe browsing lists (as an adjacent poster pointed out, the legal precedent may be there) and 2) make companies legally liable for misusing 3rd party data.

Really just the second part would suffice, and frankly it's purely good for society. The inevitable outcome is that no one exposes data they can't guarantee, and maliciously consuming 3p data would nearly disappear

But my point is that any knock on effects like domain suspension, email deliver-ability, etc. stem from 3rd parties misusing the safe browsing list outside the scope of safe browsing.

I don't see how Google can be blamed for other companies erroneously treating the safe browsing list as a source of truth for generally malicious domains

What Radix does has no impact on Google, and I don't see how Google would be incentivized to pressure Radix. So I don't see how to make the leap blaming Google for Radix's incompetence. Yes, Google should recognize the risk of this happening, but they'd have to balance that against the rewards (or at least what they consider rewards)

In practice, this works about 95-99% of the time. Some websites will refuse the + as an invalid special character, and the worst of the worst will silently strip it before persisting it, and may or may not strip it when you input your email another time (such as when you're logging in or recovering your password).

I also suspect spammers strip out subaddresses frequently, very little of the spam I receive includes the subaddress.

So the only 100% reliable way is to use your own domain, but you don't need to run your own custom mail server

Like you mention, big tech gravitates to a handful of tech hubs across the US, which drives up salaries for every company in the area. Which is more data suggesting something is wrong with BLS' numbers.

My expectation (based on anecdotal/personal data - if you have better data I'd love to see it) is that the median developer in a tech hub makes more than an entry level big tech kid. So unless there's either an error, omission, or unexpected inclusion in the BLS data, the data implies that nearly all of big tech, plus ~50% of developers in tech hubs, accounts for about 10% of the workforce.

That doesn't make sense. What does seem plausible is that this data doesn't account for bonuses, options, RSUs, and the like, which would put big tech entry level jobs right around the median for developers. I'm not certain if that's the case, but it at least passes the sniff test.

And coding agents are making that disconnect painfully obvious

I recognize that not everyone makes big tech money, but that's somewhere between entry and mid level at anywhere that can conceivably be called big tech

https://krebsonsecurity.com/2022/02/report-missouri-governor...

Luckily someone eventually talked sense into the governor, despite him ignoring the FBI originally when they told him it wasn't a hack

The statistics for this seem suspect at best, I'll believe it once it's peer reviewed

This paper would need to go into way more detail to be at all useful.

40% is a staggering number, which makes me suspect that all it measures is Montgomery County police's pretty good track record for deciding when to test someone for THC during an autopsy

But for a typical case, VM's are the bare minimum to say you have a _secure_ isolation boundary because the attack surface is way smaller.

The only serious company that I'm aware of which doesn't understand that is Microsoft, and the reason I know that is because they've been embarrassed again and again by vulnerabilities that only exist because they run multitenant systems with only containers for isolation

And on top of that, Cloudflare's value proposition is "we're smart enough to know that instantaneous global deployments are a bad idea, so trust us to manage services for you so you don't have to rely on in house folks who might not know better"

I won't say never, but a situation where the right answer to avoid a rollback (that it sounds like was technically fine to do, just undesirable from a security/business perspective) is a parallel deployment through a radioactive, global blast radius, near instantaneous deployment system that is under intense scrutiny after another recent outage should be about as probable as a bowl of petunias in orbit