sylver_dragon

Thank you for taking the time to distill the article. Saw that it was New York Times and assumed it was the same rehashed “THE END IS NEIGH!!11!” bullshit.

“I think we need an exit strategy,” [Republican Sen. Josh Hawley of Missouri] said on April 15.

A strategy at all would have been nice. But, Trump is just going to ignore the deadline, maybe even throw up a bullshit smokescreen of legal arguments which make as much sense as pissing up a rope and keep doing exactly what he wants to do. Congressional Republicans will wring their hands and claim there is nothing to be done, Democrats will keep sponsoring resolutions to “force Republicans to vote on the issue” but which ultimately do nothing (in fairness, as the party out of power, they can’t do much more). And maybe we’ll get a court challenge of some sort. Though, I expect the pack of monkeys in black robes will opt out of ruling by claiming that Congress has the power to reign in the President, and it’s therefore a political question. Which is probably technically right, but leaves us with greatly expanded Presidential powers, as a not-hostile Congress now means that the President can run wars with no meaningful checks on that power.

Dealing with any of Trump’s bullshit should have a three drink minimum. Good on these ladies for ensuring they were able to do so.

If this is your regular night time routine, see a doctor and get tested for diabetes. Constant thirst and needing to pee often are some of the indicators.

So they need to review every website?

I’m going to assume you’re just trolling now. I refuse to believe that someone can be this stupid, without actually doing it intentionally. Well done, you got me for a few comments. But, I’m done feeding the troll.

They’re “cutting back” because States are starting to push back by criminalizing civil arrests without a judicial warrant in courthouses.

Google processes over 5.9 trillion searches per year

That number has nothing to do with the problem. They don’t need to review every search, they need to review every advertising link they have been paid to place (not every link indexed). Presumably, they already have the infrastructure in place to track those links and verify that they comply with laws such as CSAM, copyright or other areas where they actually have some accountability in those areas. The number of paid advertisement links will be far smaller than that 5.9 trillion number.

Actually, that’s the start of a solution.

I’ve personally implemented something similar to this in the past. At one site we had an issue with people browsing porn on their office PCs. Some folks got pretty creative in getting around the blocks we had in place. However, we had full packet capture at the firewall; so, all of the evidence was there. I setup a system which pulled images above a certain size out of those packet captures and passed them through an open source image classifier which used a model based on machine learning. Anything above a certain threshold was flagged for human review, everything else was ignored. It wasn’t perfect, I looked as quite a few images of sand dunes, but it did 90% of the work. And sure, some false negatives likely got through. But, it let us run down the worst offenders.

Right now, Google seems to be ignoring the problem and has no incentive to do anything about it. Google is directly profiting from those malvertising links and so should bear some responsibility for ensuring that they are not serving malware to users. We can certainly work out the fine details around their duty of care and how they can meet it (e.g. LLM scanning with human review), but holding our collective dicks with both hands and claiming “nothing can be done” because it would cost Google money is a bad answer.

Dead men have won elections before. In 2000, the people of Missouri had an election for a US Senator. Their choices were John Ashcroft and a dead man. And the people of Missouri said “Sorry John, but the dead guy scares us less”. 1

It actually seems like a good place for an LLM. One of the security tools I work with uses an LLM to scan emails for malicious links and things like Business Email Compromise and Phishing. It’s actually pretty good. It seems like Google, et. al. could use something similar to catch some of the more obvious malvertising links. But, since they don’t have any accountability, they have no incentive. The only way to build that incentive is to start hitting them in the pocketbook. Letting them ignore the problem isn’t working.

And yet, they still serve malicious ads before the actual search results. Just ruined a user’s day over such an ad tricking them into running malicious code. You’d think their AI could figure out when an ad link is impersonating a legitimate site and not serve the malicious ad. But, since they aren’t held responsible for serving malicious links, they have a negative incentive to fix the problem.

If that “national service” includes Mangione’s service to the country, perhaps we should have that conversation.

This is a bit over-wrought. The important question this article doesn’t deal with is: what are those FTP servers hosting? If it’s anything which should be secured, that is a problem. But, if all it is, is a public file repository, then the extra complexity of SFTP or FTPS probably isn’t worth the trouble. My current company has an FTP server which is exactly this. It hosts product documentation and is meant to be public. While they probably should have moved on and just dumped all of it in an S3 bucket with public read, the FTP server is what our customers know and have used for decades. If it ain’t broke and the security isn’t a problem, it’s not really a priority.