I guess it is still an assumption when they use Russian emails, submit through API, and are so formulaic as to be near identical ... but maybe it was legit. Sure.
You probably didn't realize but the post is (I think) referring to comments on the FCC website, where several investigations have shown beyond all doubt that many "repeal NN" comments came from automated bots (though whether Russian in origin is not known).
This is absolutely valid criticism. Of course the devteam is "good people", but the issue remains that Edge created yet another browser fork while IE11 is still around and actively used. Also Edge is still behind with several features (like server-sent events).
For those saying Edge is different than IE, is there even an IE team anymore or did they just become the Edge team now? Either way the development strategy is not great.
The way Microsoft likes to shuffle project teams, it's a bit of a ship of theseus. It's a very strange philosophical debate if the Edge team is the "same as" the IE10/11 team. The Edge team is definitely not the IE7/8/9 team, that I'm sure of. The Edge team can't possibly be the IE6- team, because that team was entirely disbanded. The IE10/11 team inherited the mistakes of the IE6- team by way of a need for backward compatibility and the backward compatibility plan put together by the IE7/8/9 team. Does that backward compatibility arc define what was the IE team? If so, then the Edge team is definitely not the IE team, having for finality killed the backward compatibility story of IE7/8/9.
IE11 traffic includes Windows 7 users. Windows 8.1 users is a tiny fraction of that 7.5% as most of that is likely Windows 7 since that's the new Windows XP that corporations will use for as long as it has security support because they are afraid of change.
ETA: Plus the people that missed the Windows 10 free upgrade for Windows 7 (intentionally or accidentally).
Well, if Microsoft would quit spying on people and quit intentionally breaking things they might not have to fight to get people to upgrade.
As things stand, Windows 7 is probably the last Windows several companies I know are going to use unless Microsoft coughs up something before they get forced to upgrade. Win 10 is sufficiently different that they are actually considering Linux.
And, with the fact that everybody is moving to WebApps (hack, spit), it probably doesn't matter.
The Ghost Stories of Windows XP we will tell around the campfire for decades to come seem to indicate that companies will always hard-headed stick with Windows versions beyond their useful lifetime. "Quit spying" seems like a red herring in that regard, because if that wasn't the easy excuse there are more right behind ("our apps don't work"; "the new app system is hard"; "we hired a VB6 programmer once in 1999 and we know this app is critical to our business but we don't expect to put our money where our mouth is and hire someone to update it for 2017"; etc).
My city (Louisville) would be a prime candidate due to proximity to UPS WorldPort, and Amazon already has a bunch of facilities here.
That said, screw these guys. I'll make sure to have my voice heard if my city tries to offer them tax rebates to come here. Everyone needs to pay taxes, especially gigantic corporations. I hate that companies like this even have the nerve to expect these sorts of breaks.
Honestly, because it's a race to the bottom. On top of that, there have been many instances of companies negotiating massive tax breaks only to relocate again after a few years.
Those tax dollars are better spent making the city more attractive to people and improving the universities. This will provide for more organic growth through startups founded by people anchored to the city by their social network.
I could see why a city wouldn't want to pay real money and then have the company move, but what's the problem if they agreed not to tax Amazon and then Amazon relocates?
The key here is that the incentives appear to be for a certain company and are not fairly applicable to all companies. Giving those with the best economy of scale yet another advantage. People are often against unfair advantage.
Louisville has a local payroll tax, even if Amazon Corporate gets property or other tax breaks, 50,000 highly paid employees would bring in a lot of local tax revenue.
You cannot effectively ban market activity, see war on drugs. Only this time it's even more difficult because no physical goods are involved.
Also such prices are a good indicator of app security, you'd only want apps whose exploits cost north of "pocket money for a state actor", so IMO > 100 mn?!
> You cannot effectively ban market activity, see war on drugs.
I'm not saying you can ban market activity perfectly, but legalization certainly makes things easier, lowers prices, and increases activity.
> Also such prices are a good indicator of app security
Are they? Surely the price reflects the value of the exploit?
This would to a much greater extent reflect the user base of the app (high variation) than its relative security (lower variation; though the two would have an interactive effect). The larger the user base of the app the better, though more wealthy and insecure (e.g. rich retirees) would have more value to criminals, where as politically engaged young people would have much more value to governments and spies. I would think that the price would be a pretty noisy/poor indicator of the security of the app, relative to the user base.
> but legalization certainly makes things easier, lowers prices, and increases activity.
I agree partially that the fear of being caught is a disincentive. However, higher prices make less people buy it but more people offer it. In a way, illegal drugs with its high potential profits (due to higher risk) attract more dealers (and less consumers). This again puts pressure on the risk premium, so consumers benefit from more supply. So high prices are not really a solution IMO.
> price reflects the value of the exploit
I think it reflects both the reach (~ number of users weighed by their wealth and gullibility) and the "safety" (an open-source app, audited by some well-known company vs. some prototype closed-source app). Since the reach can be reasonably estimated, the safety can IMO also be estimated (as price / estimated reach). I am pretty sure we should not try to agree on a clear metric but I personally would find that info useful when choosing e.g. a messenger app or some piece of hardware (say a router)
Maybe because it increases the security significantly. Say a large government pays top $ for an exploit. Chances are pretty good that the vast majority of the black hats on the planet will not have it.
Additionally publicity generates incentive to fix the problem. More apps/OSs/libraries will try harder to be secure. Apps could start wearing high exploit bounties as badges of honor.
Much like how ransomware likely has increased security more and changed user behavior than an infinite amount of suggested security training. Some users even gasp ask about how to protect against ransomware and as a side benefit actually protect against mistakes, dying disks, and other flavors of malware at the same time.
Seems better to trot this kind of stuff out in the open than to hide your head in the sand and try to hide security problems from the public.
But why incentivize the weakening of secure systems? I honestly don't think that black hat hackers would find much utility in cracking an app like Signal (except maybe for street cred). Relatively few of it's users would be "soft targets" in terms of susceptibility to phishing, social engineering, weak passwords, lack of 2FA, etc.
Governments on the other hand would pay lots of money to increase their mass surveillance capabilities. Signal users are disproportionately young, sophisticated, and politically engaged.
Given that Signal's budget is raised from donations and grants, and is much more fixed than an open market to undermine it, how would such a market incentivize them to increase funding on security? It's already their top priority.
That's what first-party bug bounty programs do now.
The extra thing that a free market does is incentivises people to find weaknesses and sell them so that they can be maliciously exploited. When vulnerabilities are exploited instead of patched, secure systems are by definition weaker.
Let's tone down the McCarthyism a bit shall we?