"A lot of programmers may not know this, but frontend used to be a highly specialized skill, requiring knowledge of semantic HTML, CSS, the differences of various browsers, accessibility, progressive enhancement, network performance, interface design and user testing – to just name a few. To distinguish what they’re doing from what “frontend” has become, practitioners of this arcane art nowadays often refer to it as the “front of the frontend”."
that "knowledge" we held was to combat the absolute shit that was the browser ecosystem 20 years ago lol. you could argue it was a time of great experimentation and creativity, but no unified ui/ux patterns, adding in css hacks and doctypes blah blah to try to catch all these weird edge cases, if you're still reminiscing that time not sure what to say. today's tooling while also messy in it's own way is 1000x bettter. also i've never in my life referred to it as "front of the frontend".
If there’s anything I don’t mind being done with AI, it’s a product landing page. There are only so many ways to creatively design one, so who cares how it was made?
"yes" heh. more a human problem i'm slowly figuring out, spend enough time on this earth and it's honestly tiring. social media and modern new cycle prob just accelerates it.
LOL that's some super heavy duty optics framing on what basically amounts to "we paid out a ransom but don't worry the bad guys assured us things were okay"
They said “received digital confirmation of data destruction (shred logs)” - is this supposed to fool users into thinking the hackers didn’t keep any of the data?
I thought it was illegal to pay ransom to hackers. I guess it is legal or maybe it isn't very clear? I thought that there were certain conditions that the company had to check together with law enforcement so that at least the ransom money doesn't go to a hacker group that is on a government payments sanctions list.
Also, does anyone know the root cause of the attack? I read a rumor online (but it's not really confirmed anywhere) that it may have had to do with the common pattern of ShinyHunters where they use a vulnerability in a Salesforce Experience Cloud site. What is confirmed for sure is that the vulnterability involved the feature of Canvas called "Free-For-Teacher accounts".
Not only is it not illegal, there are insurance policies set up to take care of this very scenario. It's almost always handled by a third party, not the company themselves, that would deal with any such concerns.
It is illegal to pay terrorists. As bad and annoying as hackers are, I'm not familiar with any government recognizing any hacking group as a terrorist group. If they did, would they be able to send in SEAL Team 6 to handle the hackers?
> As bad and annoying as hackers are, I'm not familiar with any government recognizing any hacking group as a terrorist group.
If you’re sending a large sum of money to $anonymoushacker, how do you ensure they’re not on some OFAC list? Or do your AML checks? Or make sure you’re not on the wrong side of Foreign Corrupt Practices act? The third party probably turns a blind eye to that cuz there’s no way of really checking.
the people who do "AML checks" are the ones processing the transaction.
i don't do that every time i want to send money. private individuals don't just "run checks" - it would make commerce untenable and possibly unconstitutional.
say you get a passport, an address, a photo, a signature, a phone call - how do you verify any of this is real?
Cryptocurrency mitigates most of those concerns. That's why the flourishing of crypto payment systems has been an unalloyed blessing for cybercriminals.
No it does not. It makes some things harder and some things easier. The public ledger means you can track where then money flowed - you might not know who had it but you know how it flows which is interesting. I don't know if it has happened, but I've heard of proposals to make any bitcoin the traces to some transaction illegal to have, and that means nobody who might get caught will have anything to do with those.
If they were in Iran a drone would’ve paid a visit, based on current events. Most of them are in Russia or former Eastern Bloc like Belarus. USA and the west doesn’t want a direct conflict so the drones never pay them a visit.
Instead, they trick the hackers into going on a vacation in a country that will let them grab them.
It often is illegal to pay them. They are often on sanctions lists, or indeed in embargoed countries. And it's just generally not allowed to pay unidentifiable parties for basic anti-money laundering reasons. And a lot of countries are bringing in new legislation to make paying illegal, starting with public sector organisations. I'm sure that will only expand.
Frankly, you pay a ransom at your peril. If it turns out it was North Korea you may well go to jail for it.
I don't know where you are getting your information from. For one, it's very often unknown, by virtue of how these groups operate, where they are from or who they are affiliated with in the first place. For two, as I stated, it is such common practice to pay ransoms that there are insurance policies specifically for doing so, it's very common to purchase these as part of a SOP of a company's security policy. A business is required, often by the board/shareholders, to maintain business continuity, which is why these exist.
For three, by the FBI's own source, they don't mention anything about it being illegal, they merely advise against doing so[0] -
> The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity. If you are a victim of ransomware, contact your local FBI field office or file a report at ic3.gov.
I am not saying I support paying ransoms, or take any position here, I am just saying quite factually it is an extremely common practice to pay these, often via third parties that take care of any potential legality issues (which I am not aware of being super common at all, and if you are being targeted by a nation state on a sanctions list, you probably are well aware and have your own legal team/police liasons to deal with any such issues). Most ransomware attacks come from small, unknown groups.
If the bad guys get paid and release the info anyway, they not only make it less likely they'll get paid in the future, they make it less likely anyone will get paid in the future.
Even other bad guys have an incentive to stop these bad guys from leaking the info after getting paid.
The deal becomes a subscription not indifferent from any other cost of doing business. Great for the hacker. Bad for the IT team incapable of anticipating these attack vectors.
in korea u can literally leave ur wallet, laptop, expensive bag at your table and go eat lunch or do something else for an hr and come back and it'll still be there (and people are used to it). one of the few places that surprised me more than japan lol.
South Korea has CCTVs all over the place (especially in the cities), and even small-scale robbery is treated as a very serious crime that often it's not worth the risk.
It’s not only the CCTVs, haha. In Korea, even petty theft is culturally treated as a pretty serious offense. People generally see stealing itself as crossing a big line.
i was "cto" at 26 (lol). point being outside of securing a better pay package and using it for job networking purposes your "title" is largely irrelevant as a measure against yourself. don't rely too much on some company handing you a title to determine how skilled you are.
i don't think it's an either/or or "best". highly dependent on industry and application. if you're application is complex no amount of "good ux" can replace a good overview/tour (watch people, they will go in click around to get the lay of the land then be confused usually).
after that its determining how people to digest info, some like docs (me), others want to sit thru a video, others NEED a person to guide them in person, some like tooltips, checklists, etc.
i'm not saying you need to litter your app with this stuff, but i don't think there is some magical UX pattern that always works.
someone probably made this same argument against certain frameworks over the years and juniors still figured it out. we need to stop trying to babysit learning for hypothetical situations.
the bar to "start" is lower and the bar to actually competency is higher now, juniors who want to actually learn instead of just pressing enter over and over again will do so regardless of whatever you do to "help" them.
It's not really a hypothetical. I work with one junior who's submitted an incorrect bugfix 3 times and counting; he seems genuinely incapable of processing the idea that there's a correctness issue he has to resolve, rather than a prompt engineering issue that will allow Claude to figure it out if only he asks in the right way.
that's not the tooling's fault i feel. i've used LLMs to help explore and debug issues, point me to the right documentation to investigate, etc. I WISH i had something like this 30 years ago.
this is pointless without knowing what they are measuring. you could genuinely moving faster or you could be optimizing for engineers in a rat race to push more code because all their peers are now doing it because those are the metrics you are measuring for "ai productivity".
that "knowledge" we held was to combat the absolute shit that was the browser ecosystem 20 years ago lol. you could argue it was a time of great experimentation and creativity, but no unified ui/ux patterns, adding in css hacks and doctypes blah blah to try to catch all these weird edge cases, if you're still reminiscing that time not sure what to say. today's tooling while also messy in it's own way is 1000x bettter. also i've never in my life referred to it as "front of the frontend".
reply