While the broader cybersecurity field has seen rapid advancements, such as AI-driven endpoint security

Ya, about that “AI-driven endpoint security”, it does a fantastic job of generating false positives and low value alerts. I swear, I’m to the point where vendors start talking about the “AI driven security” in their products and I mentally check out. It’s almost universally crap. I’m sure it will be useful someday, but goddamn I’m tired of running down alerts which come with almost zero supporting evidence, pointing to “something happened, maybe.” AI for helping write queries in security tools? Ya, good stuff. But, until models do a better job explaining themselves and not going off on flights of fancy, they’ll do more to increase alert fatigue than security.

While I hate the idea of people losing their jobs, stepping back for a moment and looking at what they are claiming, its not terribly surprising:

Spencer said the roles affect mostly corporate and support functions

When companies merge, this is kinda needed. You don’t need two fully functional HR departments. While the HR staff from the buying company will likely need to expand, it won’t be by the same amount as the HR department of the company being bought. As network functions are merged, you probably don’t need all of the IT staff which came with the merger. A lot of management functions likely end up merged, meaning redundancies. And this sort of thing is going to move through a lot of the non-project work functions of the company.

Yes it sucks. But, it’s to be expected in a merger. Now, whether or not we want this level of consolidation, that’s a different ball of wax entirely. The last thing we need is more studios falling under the sway of these massive companies. That’s the thing which should be drawing our ire.

Not really. IP addresses are really easy to change. And doubtless the threat actors will see that their IPs have been identified and will roll them over soon. The solution is to go after the tactics the attackers are using:

The attack chains exploit known security vulnerabilities and misconfigurations, such as weak credentials, to obtain an initial foothold and execute arbitrary code on susceptible instances.

1. Install your updates. If you have a server open to the internet and you haven’t patched known exploited vulnerabilities, you deserve to have your network ransomed.
2. Many products have either vendor provided or useful third party security configuration guides. While there are situations where business processes prevent some configuration changes, these guides should be followed when possible. And weak passwords should not be on that list.

EDIT: for Oracle Web Logic, you do a lot worse that going through the DoD STIG for it.

It is now functionally impossible to detect anything about the traffic or the Wi-Fi router without some serious or illegal methods.

You should really spend some time learning about WiFi signals. Tracking down rogue Access Points is a pretty common thing and having the SSID turned off does fuck all to prevent it. On the easy end, many enterprise wireless network controllers have rogue AP detection built right in and will show you a map of the location of the rogue AP. Harder, but still entirely possible, is running around with a setup just detecting the signal and triangulating it.

If you are located in the US and aren’t currently a complete fuck-up, the Federal Government can be a way into the GRC side of cybersecurity. Between civilian and DoD sites, they have analysts and auditors all over the place and always seemed in need of folks willing to pour over checklists and OQE artifacts. This first place to look for positions in that vein would be on usajobs.gov. Though unfortunately, the FedGov made the decision to classify both GRC and sysadmin positions under the 2210 category; so, you’ll probably have to dig through a lot of sysadmin listings.

Another path into similar positions is to look for FedGov/DoD facilities in your area. Once you find one, take a drive around the area and look for the names of businesses in the area and start researching those businesses and their open positions. There will almost certainly be the big ones, like Booze-Allen Hamilton, BAE, Boeing (yes, that Boeing. They do a lot outside of crashing aircraft), etc. But there will be a plethora of smaller companies with seemingly random names and little public facing who supply the local site with hordes of contractors. And, while these are contractor positions, they are a lot more stable than contract positions in the private sector. I spent 6 years as such a contractor and only stopped being one when I took a job elsewhere.

I will say that “entry level” is going to be harder. No one wants to hire an train someone without experience, which puts you in a catch-22. For all the suck involved, you may want to consider putting in some time working a help desk. At minimum, it keeps you in proximity to the field, teaches you something about systems and provides related, if not direct, cybersecurity experience.

Best of luck.

Welcome to AI:

Can’t wait for the details to come out. My money is on half the systems running operating systems which are old enough to drink, along with an understaffed, underpaid security team who spends all their time chasing people opening phishing emails. And that will be coupled with management which “cares about security”. And by “care” they mean “don’t have a clue and don’t actually give a fuck”.

Re-read what I wrote, but hop down off your high horse first, it’s obvious you weren’t able to read it clearly from up there. I’m neither promoting nor defending piracy. Quite the contrary, I’m praising the legitimate services (and Steam in particular) for understanding that competition with piracy isn’t all about money, it’s often about the quality of service. Funny enough, your own comments are actually a point in favor of this:

You ever wonder why these companies don’t operate in countries that don’t have strict piracy laws and can’t shut down sites with court orders? Because it’s still easier to pirate than face criminal charges.

Yet somehow, with a lot of time, money and effort put into shutting down piracy, the pirates were able to provide a better service. Seriously, step back from the whole “napster bad” for a moment and think about the dissonance of the situation. Large companies, pulling in millions of dollars a year, with no need to worry about law enforcement or monied interests coming after them, somehow failed to create anything resembling a functional digital marketplace. They were stuck in the physical distribution paradigm and fought tooth and nail to avoid digital distribution. At the same time, a few kids, with little money, and law enforcement trying to shut them down created a pretty good user experience. Sure, some of that is not having to worry about licensing. But, a large part of it is understanding what the users want and giving it to them.

It wasn’t until Apple came along and basically created “Napster, but legitimate” that music piracy really fell off. Netflix pulled off something similar with video (though that is rebuilding some rough edges at the moment) and Steam did it for games. Sure, piracy still exists, and it will always be a problem. But, a lot of piracy can be tamped down by having a good service available.

One thing that we have learned is that piracy is not a pricing issue. It’s a service issue. The easiest way to stop piracy is not by putting antipiracy technology to work. It’s by giving those people a service that’s better than what they’re receiving from the pirates. – Gabe Newell, 2011

Time and again, digital distribution platforms have proved this. Apple Music became a dominant music distribution platform at the height of Napster, LimeWire and other peer to peer sharing apps. They did it, because it was easier to just buy the tracks/albums you wanted than to dig through trackers and websites which may or may not actually have what you want. Netflix became the de-facto source for streaming movies at a time when BitTorrent was common and well known. Again, they made it easy and convenient, while not charging an arm and a leg. Steam also faced competition from BitTorrent piracy. But again, Steam made buying, downloading and running games easier than the pirates. And people are willing to pay for that convenience and not dealing with the crap which floats around the high seas.

And, so long as Steam continues to treat it’s customers right, those customers will keep coming back. And that’s the problem with Pitchford’s whole premise. Developers will go where the customers are. Sure, you’ll get the odd case of a publisher/developer doing an exclusivity deal. But even then, it’s probably limited, because the customers are on Steam. If another storefront wants to draw customers, they need to start with treating customers well. They will still face headwinds, as Steam has a large “first mover” advantage. But, success is going to start with making customers want to come back.

Ok, good luck with that! Can’t wait for this guy to start whining that he can’t find employees.

Unfortunately, you aren’t the US car market. Oversized trucks and cross-over SUVs sell. The top 3 vehicles in 2023 were:

1. Ford F-150
2. Chevy Silverado
3. Dodge Ram

The rest of the list is littered with trucks and cross-over SUVs. Though a couple Tesla vehicles make the list and do quite respectably (The Model Y is at #5). It’s no surprise that US manufacturers are targeting large vehicles. That’s what US consumers want. And sure, there are lots of arguments to be made against land-yachts. But, it made sense that Ford targeted large vehicles for EV sales. If they can get people to accept the F-150 Lightning, that could really move the needle on EV sales and help them scale up. Expecting customers to both buy-in to a newer technology and make radical changes in their buying habits, is a recipe for failure. Though, it also seems that Ford is managing to fail despite chasing consumer trends.

Have you considered just beige boxing a server yourself? My home server is a mini-ITX board from Asus running a Core i5, 32GB of RAM and a stack of SATA HDDs all stuffed in a smaller case. Nothing fancy, just hardware picked to fulfill my needs.

Limiting yourself to bespoke systems means limiting yourself to what someone else wanted to build. The main downside to building it yourself is ensuring hardware comparability with the OS/software you want to run. If you are willing to take that on, you can tailor your server to just what you want.

Unless and until we get regulation which makes holders of PII accountable for it’s protection, with massive fines (e.g. GDPR style, X% of worldwide revenue) , companies are going to keep failing at cybersecurity and we’re going to keep reading about these large breaches. Companies will only prioritize security when the cost of being breached far outweighs the cost of securing the data.

At time of writing, it’s unclear what systems these hypothetical titles will release for, given King’s status as a mobile studio.
Building out bigger series like Overwatch and Diablo would be a boon, too.

You guys have phones, don’t you?

Huh and here I was complaining about the new episode of Futurama focusing on NFTs as being “out of date”. Guess everything old is new.

That sounds like a feature, not a bug.

The Crypto Wars have never ended. Governments dream of a world without public access to encryption and privacy. And many government attacks on encryption are done “for the children”.

Does this mean that the main dashboard will go back to the original XBox 360 dashboard and not the ad laden abomination it quickly became?

Another solution is to accept that mistakes happen and do a phased rollout of updates. Heck, Windows Updates are known to be enough of a crapshoot that every place I’ve worked at, over the past decade or so, has had a plan for updating systems in batches. That CrowdStrike just YOLO’d their updates out (on a Friday, no less) to everyone at once, shows a mindset which didn’t accept that bad stuff can happen.

The company says that files and file passwords uploaded to its servers will be deleted promptly after scanning, and all collected data will be used only to boost download protection for all Chrome users.

Right, and that Nigerian Prince really needs my help moving money.