The worst excesses of "modern" web presentation, coupled with a complete lack of actual gardening info...I'm completely baffled. 1% "here's your zone", and 99% "your zone is almost no use for gardening"
I had (probably still have) a similar-ish problem. I have an old nVidia Shield handheld that I bought a wired ethernet adapter for. Something about that adapter would kill my network dead after a random interval. It took a while to figure out what device was causing it, and unplugging the adapter would instantly cause the network to come back to life. I never figured out what the root cause was, I just stopped using the adapter.
It's unlikely that "regulators" had anything to do with it, given the quick resolution. I'd be more inclined to think that Epic went back to Apple hat-in-hand and begged to be let back in, probably promising to muzzle Sweeney.
>It's unlikely that "regulators" had anything to do with it, given the quick resolution.
Disagree. EU regulators act quickly.
Here's the commissioner for Internal Market of the Eu:
"I take note with satisfaction that following our contacts Apple decided to backtrack its decision on Epic exclusion. From Day 2, #DMA is already showing very concrete results!"
https://twitter.com/ThierryBreton/status/1766167580497117464
Yes very unlikely, that Apple didn't want to try out the new 10% penalty of global turnover, after the commission said she is looking into it and days after Apple was bonked with a 1.8bn fine for violating antitrust regulations
It's good scrutiny to have, but I'm surprised that there are now at leat 3 users here that really believe that Apple reversed course in 3 days out of the goodness of their hearts. I can't even get a response from many customer services in 3 days. No company thst big turns on a dime without extreme arm twisting.
Can confirm. I've been waiting for Apple's developer support to reply to me since before this debacle. I finally got a response 2 hours ago – after I resolved my issue – that stated they are busy right now.
> The EU told Apple that breaking the law would have dire consequences. That's the only reason Apple backed down.
You have no idea that this is what happened. You're the one spreading propaganda.
Why propagandize it at all?
EPIC hates Apple and wants to see the App store dead. Apple reasonably didn't trust EPIC not to play games with the DMA. The EU asked EPIC to give an assurance that they would play by the rules and then forced Apple to accept that assurance. Neither of them won anything. Apple is forced to let EPIC in, and EPIC is forced to accept that Apple is complying with the DMA.
That fits the facts. EPIC isn't a good guy. Apple isn't a good guy. The EU isn't a hero. Why try to paint any of them this way?
> The moment credit agencies started running their own monitoring services, it seemed like they were openly admitting that they were defaming people. I still do not understand why this is legal.
If you're signed up for credit monitoring, you get notified when your credit info gets changed, so you have a chance to react if it's an error (or fraud). How is that defamation? Why would it be illegal?
It's defamation because they know their information is frequently incorrect, that it is trivial for people to get outright fraudulent transactions attached to people's "credit report". Knowing that, they then present that information as fact to others, despite knowing that the information they provided is used specifically for purposes where false information will add significant costs to the people they're reporting on.
Now you're right, I can get credit monitoring, in which I pay money so that I can spend my time verifying they're not publishing fraudulent information. So now it goes from defamation to extortion: we'll defame you unless you pay us and do the work of ensuring we don't defame you.
They do not publish fraudulent data. They publish data provided by the credit grantors. If the credit grantors don't do their due diligence, that's on them, not the CRA. And if credit grantors fail to due that due diligence often enough, they get kicked out.
g051051? The guy who keeps trying to post porn all over this site? I can't believe you've got the guts to go posting here. I've told everyone about your disgusting behavior.
What's that? You never did that? Well, for just $5/month you can sign up for my monitoring service and we can investigate your claims. In the mean time, I'm going to keep warning everyone about your behavior.
I feel like most people would consider the above behavior unacceptable, but it's okay because I'm a big company dedicated to stopping perverts like you.
(hopefully it is clear that I'm not actually serious. Unlike the credit agencies)
You told a reporter that story. The reporter, _without verifying it_, then tells his newspaper that the story you told is true and he's verified it (which is a lie). Now the newspaper publishes it. Who's responsible?
> They have successfully convinced the public that identity theft is a separate and distinct crime done exclusively by one person to another rather than simply fraud that they are aiding and abetting.
This demonstrates a fundamental misunderstanding of how credit reporting works.
When "identity theft" occurs, it's important to realize that the credit reporting firms are not involved. That is solely due to failures, at the institutions that actually grant credit, to verify the identity of the person they are interacting with.
The flow goes: a fraudster uses harvested data to impersonate someone to a credit grantor, such as a credit card company. The credit grantor, accepting this identity at face value, asks the credit reporting agency (CRA) about the credit rating of the impersonated entity. The CRA says "Joe Victim has a relatively low risk of fraud". So the identity theft has already occurred before the CRA is even consulted.
Later on, when the fraudster fails to pay as agreed, the credit grantor incorrectly reports to the CRA that the fraud was caused by Joe Victim. Again, the CRA is just relying on the data provided to them by their clients.
I understood the comment about aiding and abetting to be a reference to the fact that Equifax leaked about half of all Social Security Numbers back in 2017. For 145 million Americans the "harvested data" you refer to was data that the credit bureaus hoovered up and then failed to protect.
If the bank failed to apply industry-standard security techniques then yeah, I'd say the bank leaked money. The criminals are obviously the most culpable, but when you're storing more than 100 million SSNs it's not unreasonable to expect your IT department to:
* Update their dependencies within two months of a critical security vulnerability being patched (Mar 7 to May 12).
* In the event of a breach, detect it within a reasonable timeframe (76 days is not reasonable when you're the Fort Knox of financial information).
* Have a reasonably well-segmented network such that a compromise in a single user-facing web app doesn't lead to your entire network being compromised.
> Update their dependencies within two months of a critical security vulnerability being patched (Mar 10 to May 12).
They thought they did, but failed.
> In the event of a breach, detect it within a reasonable timeframe (76 days is not reasonable when you're the Fort Knox of financial information).
Impossible to guarantee. A sophisticated enough attack might never be detected, regardless of the competence of the security department.
> Have a reasonably well-segmented network such that a compromise in a single user-facing web app doesn't lead to your entire network being compromised.
It is impossible to so completely segment a network. If I can get the data via an authorized program, that means there's a path between networks and a hacker can potentially exploit that path.
Oh, never mind then. Clearly since they thought they updated the dependency it's all good.
> Impossible to guarantee. A sophisticated enough attack ... It is impossible to so completely segment a network ...
While I will acknowledge that this seems to have been Equifax's approach to security (it's impossible to do completely so why bother doing it at all?), this is not widely accepted as a philosophy of security in any industry.
That a bank could still be robbed by a military incursion from a neighboring nation state is not sufficient reason to leave the vault door open overnight. The record abundantly shows [0] that Equifax had security protocols that were weak enough that no sophisticated actor was needed to bypass their protections.
As far as their failure to detect the breach, this is what the House investigation concluded:
> Equifax allowed over 300 security certificates to expire, including 79 certificates for monitoring business critical domains. Failure to renew an expired digital certificate for 19 months left Equifax without visibility on the exfiltration of data during the time of the cyberattack.
And they should have been held accountable, were they?
If such an entity demonstrates gross negligence yet there are no repercussions, perhaps it is worse than negligence, it is outright larceny - Equifax could be characterizes as a govt supported cartel.
It is not unreasonable then we should actually physically destroy their premises and all related collected information as an active threat to the nation, as well as re-issuing all sensitive information to all affected individuals.
As for what to do instead, credit reporting need not be the important solution, rather one part of an accepted solution, such as multiple scores issued to multiple numbers that are not tied together by a single bureau. Then when credit checks are pulled it is not sufficient to use a single service and the incentive to illegally utilize said information decreases, as the relevance is reduced for any one credit check.
> And they should have been held accountable, were they?
Huge stock hit (since recovered, of course), top executives lost their jobs, fines, had to give away a paid product, extra oversight, cost of fixing security, several rounds of layoffs for the employees, etc.
> It is not unreasonable then we should actually physically destroy their premises and all related collected information as an active threat to the nation
This is why we can't get real, meaningful change. No wonder our "leaders" think so little of us.
IMO, Leaked is probably the better word here. Equifax did not steal the data in the first place either, they recorded/copied it from other sources which leaked or sold it to them.
Every data source (such as a bank or credit card) provides that data to CRAs because consumers granted permission to do so when entering into a business relationship. Either that, or it's publicly available data purchased from aggregators.
Wildly unfeasible. The consumer does not have a choice, they do not have an ability to live within their means without incurring credit checks.
Take housing - perhaps it is possible to purchase outright a home with cash, however you will not find generally anyone willing to take payment in cash.
If you cannot afford that and are not taking a loan, then you must rent. However you cannot rent without a credit score.
So no the consumer did not consent to anything. This is a ridiculous and dishonest viewpoint.
Fun fact: Ryzen Master needs a kernel driver installed in order to function. This driver was signed with a cert that expired a while back. For years they required you to disable virtualization based security (because as a side effect it would also disable driver signature enforcement). When this first popped up, rather the fix the signature, they added a check to detect VBS and block starting if it's enabled. Then Microsoft made VBS and DSE separate settings, so now it gives a misleading error message. There was a patcher program that would workaround the issue, but it doesn't work for the most recent versions, unfortunately.
I've never run into that issue with Ryzen Master, but only because using Intel's overclocking tools had already trained me to disable virtualization-based security. Intel's tools also had issues with that feature, and it took them a surprisingly long time to update their error messages to explain what was preventing XTU from running.
Aside from any driver signing issues, I think there's also an underlying common issue that the virtualization layer needs to pass through the CPU model-specific registers (MSRs) that are the hardware interface for tweaking power and clock limits.
I went round and round with AMD support between December 2022 and April 2023, explaining exactly where the issue was, sending the event logs showing the driver was being blocked because of the signature, sent screenshots of the certificates showing the expired dates, etc. I kept getting sent to random articles, told to do useless steps, the usual stuff you get from "technical" "support" nowadays. Eventually they acknowledged the problem, and said that it would be fixed in an upcoming update:
> I've now looked into this and we are already aware of this issue and have an engineering ticket logged against it.
> It is only affecting the older Ryzen and Threadripper parts and it occurred since Ryzen Master Tool (RMT) received a significant update to improve the look and feel of the application.
> We do have a fix planned that will be incorporated into a future release build of Ryzen Master Tool, however I don't have a specific date of when that build will become public for you to download.
> The initial estimate is mid July, however this could change. My recommendation is to periodically check our website for the Ryzen Master Tool release notes as the issue will be documented as a fixed issue when the build becomes publicly available.
I check regularly, and I haven't seen a new version released that mentioned this. Plus, never versions don't work with the VBS bypass hack I was using.
And here's the email that finally got them to even admit it was a problem:
> Again, I'm frustrated. I've clearly explained over and over that the VBS setting doesn't affect this problem. So having you come back and say "this is expected behavior" is infuriating. You insisted I send my system info, which clearly showed VBS is off.
> I say again: even with VBS disabled, the driver won't load unless you ALSO disable the driver blocklist. And once again, forcing users to bypass important security features is borderline negligence, when this could easily be solved by getting the driver signed correctly.
> The true culprit is the expired/revoked signature on the driver. You can see this in the event log (as I included in my last message) showing the driver being rejected from loading into Windows because of the failed signature. The purpose of the VBS check is clearly because this used to cause the driver blocklist to be enabled, so disabling VBS also disabled the driver blocklist. THIS IS NO LONGER TRUE. Recent Windows updates have made the blocklist enabled by default, so that the only way to run Ryzen Master on affected systems is to disable both VBS (to get through the check) and disable the driver blocklist (to allow the driver to load).
It was never appropriate. It was created by consultants to sell consulting services. In that way, it's a huge success. As a practical development methodology, it's always been a disaster.
At the consultancy company i worked for in the past they would rent out dev teams in sprints time periods xD. As a way to get a foothold at a new client. First design do orientating talks about the full product. Start shaving away features for the MVP and sell the MVP as the first shot.
I found it quiet genius move from their sales teams. Because usually customer went well actually i could also use feature x, y and z that didn't made the MVP product.
It was created by consultants to sell consulting services.
This is not how it works. "All revolutions are conceived by idealists, implemented by fanatics, and its fruits are stolen by scoundrels" — Thomas Carlyle.
Congrats to the authors for taking a potentially great article and wrecking it with insane distractions and useless web BS. Pipes was an amazing piece of software and deserves better than that.
The last two organizations I worked for had full QA teams with people who wrote the tests, not just test plans. The devs sometimes provided features to facilitate it, but the QA teams were the ones that constructed the tests, ran them, and decided if the software was ready to be released. Some things had manual tests, but a large percentage was fully automated.
