Self censorship requires a threat or risk of detriment if the party doesn't self censor, right? Where is that here?
What Radix does has no impact on Google, and I don't see how Google would be incentivized to pressure Radix. So I don't see how to make the leap blaming Google for Radix's incompetence. Yes, Google should recognize the risk of this happening, but they'd have to balance that against the rewards (or at least what they consider rewards)
Google is making false statements about the safety of a domain and it has significant collateral damage. Google is the cause. They should be liable for losses.
I had my main family domain put on Google's safe browsing block list and it has a massive impact. No one can visit the site. I think apps using system browser runtimes (ie: mobile) may stop working. I've seen reports that it can impact email deliver-ability. And, now, we see that it can get your domain put on serverHold so the problem becomes impossible to rectify.
Google should have to pay for the damage. In my case, it was about 4h of work to figure out what was going on and how to fix it, so not much, but I've seen small businesses that rely on their primary domain to drive most of their sales via web and email. In those cases, having your domain placed on server hold because of Google's false statements can have a serious, detrimental financial effect.
That's fair, if your domain is erroneously put on the block list, Google should be liable for the consequences.
But my point is that any knock on effects like domain suspension, email deliver-ability, etc. stem from 3rd parties misusing the safe browsing list outside the scope of safe browsing.
I don't see how Google can be blamed for other companies erroneously treating the safe browsing list as a source of truth for generally malicious domains
A lot of laws use the phrase "known, or should have known"
Google should not have known that someone would misuse their block list to block domains. But now that someone is misusing their block list to block domains, if someone brings it to their attention, the next time this happens, they will have known it.
I am not a lawyer, I am not your lawyer, and this is not legal advice.
> But my point is that any knock on effects like domain suspension, email deliver-ability, etc. stem from 3rd parties misusing the safe browsing list outside the scope of safe browsing.
That's fair and I agree. My opinion is that both should be liable in a case like this. If I had to attribute it, my starting point would be that Google is liable for the loss of website traffic and the registry is liable for the loss of email and all other lost services due to the domain suspension.
It spirals though because, like you pointed out, no one forced (ex:) Mozilla or Apple to adopt the blacklist. They did that voluntarily, so they should be responsible for their share. That's why nothing ever gets fixed. It's broken, but there's so much potential for finger pointing that no one gets pinned down and held responsible.
The answer is always the same IMO. Break up big tech companies into a million little pieces.
> My opinion is that both should be liable in a case like this.
I totally agree, but if I went after every company I felt to be incompetent to the point of criminal negligence I'd be up to my eyeballs in lawsuits just over password requirements.
> The answer is always the same IMO. Break up big tech companies into a million little pieces.
Generally I agree, but in this case I think there's an even simpler solution: 1) hold Google accountable for entries in their safe browsing lists (as an adjacent poster pointed out, the legal precedent may be there) and 2) make companies legally liable for misusing 3rd party data.
Really just the second part would suffice, and frankly it's purely good for society. The inevitable outcome is that no one exposes data they can't guarantee, and maliciously consuming 3p data would nearly disappear
Theoretically, the easiest way is to use a sub address (more commonly/colloquially known as email aliases or plus addresses, they're described in RFC 5233). You should be able to add a separator character (usually a plus, sometimes other characters instead/in addition) and arbitrary text to your email address, i.e. "myemail+somecompany@example.com" should route to "myemail@example.com"
In practice, this works about 95-99% of the time. Some websites will refuse the + as an invalid special character, and the worst of the worst will silently strip it before persisting it, and may or may not strip it when you input your email another time (such as when you're logging in or recovering your password).
I also suspect spammers strip out subaddresses frequently, very little of the spam I receive includes the subaddress.
So the only 100% reliable way is to use your own domain, but you don't need to run your own custom mail server
I recognize that not everyone makes big tech money, but that's somewhere between entry and mid level at anywhere that can conceivably be called big tech
You might want to review the commenting guidelines, notably the first few.
Like you mention, big tech gravitates to a handful of tech hubs across the US, which drives up salaries for every company in the area. Which is more data suggesting something is wrong with BLS' numbers.
My expectation (based on anecdotal/personal data - if you have better data I'd love to see it) is that the median developer in a tech hub makes more than an entry level big tech kid. So unless there's either an error, omission, or unexpected inclusion in the BLS data, the data implies that nearly all of big tech, plus ~50% of developers in tech hubs, accounts for about 10% of the workforce.
That doesn't make sense. What does seem plausible is that this data doesn't account for bonuses, options, RSUs, and the like, which would put big tech entry level jobs right around the median for developers. I'm not certain if that's the case, but it at least passes the sniff test.
Actually, it's really important to me to have a network of atomic clocks available to verify the times I clock in and out, I want to make sure I get paid for an accurate duration of time down to the nanosecond
> Researchers analyzed coroner records from Montgomery County in Ohio from January 2019 to September 2024, focusing on 246 deceased drivers who were tested for THC following a fatal crash.
This paper would need to go into way more detail to be at all useful.
40% is a staggering number, which makes me suspect that all it measures is Montgomery County police's pretty good track record for deciding when to test someone for THC during an autopsy
Containers are never a security boundary. If you configure them correctly, avoid all the footguns, and pray that there's no container escape vulnerabilities that affect "correctly" configured containers then they can be a crude approximation of a security boundary that may be enough for your use case, but they aren't a suitable substitute for hardware backed virtualization.
The only serious company that I'm aware of which doesn't understand that is Microsoft, and the reason I know that is because they've been embarrassed again and again by vulnerabilities that only exist because they run multitenant systems with only containers for isolation
Virtual machines are never a security boundary. If you configure them correctly, avoid all the footguns, and pray that there's no VM escape vulnerabilities that affect "correctly" configured VMs then they can be a crude approximation of a security boundary that may be enough for your use case, but they aren't a suitable substitute for entirely separate hardware.
Yeah, in some (rare) situations physical isolation is a more appropriate level of security. Or if you want to land somewhere in between, you can use VM's with single tenant NUMA nodes.
But for a typical case, VM's are the bare minimum to say you have a _secure_ isolation boundary because the attack surface is way smaller.
In the end you need to configure it properly and pray there's no escape vulnerabilities. The same standard you applied to containers to say they're definitely never a security boundary. Seems like you're drawing some pretty arbitrary lines here.
What Radix does has no impact on Google, and I don't see how Google would be incentivized to pressure Radix. So I don't see how to make the leap blaming Google for Radix's incompetence. Yes, Google should recognize the risk of this happening, but they'd have to balance that against the rewards (or at least what they consider rewards)
reply