> ... the problem with security measures that cause too much friction is that users tend to disable them in order to get on with their work. To fulfill its security purposes, a good trust system needs to stay out of your way.

I wish this was understood clearly by more security engineers, but, alas...

At my work when our IT sec org tighten the screws harder and harder, people just have to get "creative" to do their job effectively. For us this meant that some of my coworkers started using their own machines to write code making the whole setup much more unsafe and prone to breaches.

But I definitely feel there's a huge missing part in our setup and lack of accountability in the It sec org when it comes to not hurting productivity unnecessarily. They can just keep putting up barriers without any real consideration to the impact and side effects they may have.

It’s blame shifting. If the security people are allowed to make it impossible to work without breaking the rules, they’ve successfully moved all blame for anything that goes wrong away from themselves. “Oh, you turned your computer on? Well, the security guidelines clearly state that’s not allowed, so that’s your fault.”

"If you're able to do your job, InfoSec isn't doing theirs."

I've worked with some great sec orgs that get this and I'm sure everyone reading this in that role is one of those, but understand there are some that are not.

There are some who, for example, are not given ANY agency whatsoever and have to accept every alert from tool-du-jour as some malicious moustache-twirling evilness from the developer. (And they AI should be taking over _development_ jobs...)

This is how I felt about macOS for my workflow. It was like living in a house where every room autolocks every time you leave the room, great for security but horrible if you need to move from room to room constantly.

Well, but if there's a chance of random attackers walking around your house then the autolocking kinda makes sense (assuming a realistic timeout on it).

It seems weird that Google wouldn't have some kind of observability alert on outgoing email. 10k emails per week is a lot.

I'm not sure it actually is. Free Gmail is limited to 500 emails a day, but Workspace accounts are allowed up to 2000, so this this spammer has to be using a Workspace account.

I've worked at a start up where the marketing team just had a `marketing@startup.com` email that was just like any other email in Google Workspace and used that for all marketing communications. Eventually they bumped up against that limit and a couple of engineers had to help them troubleshoot and there were enough blog and stack overflow posts at the time about hitting the limit to make make me think what they were doing wasn't uncommon.

When you consider the scale of Gmail and that this is almost certainly a Workspace account so they're mixed in with business customers, I'm not sure how much of an anomaly 10k emails a week actually is.

What if someone (Google) used Google suite to send 10k emails to fire people. Wouldn’t that be considered normal for the server for a day let alone a week. Yes I know I could have come up with a better example.

ye olde corporate reply to all bomb .. no more emails this week everyone, we have used up our quota

Those would be internal so I'm not sure they'd even count against your quota.

The example was given to say you could be a gsuite customer and have 10k emails a week be very normal. Something that wouldn’t trigger any alarms unless set. The alarms would probably be set on a curve. Something unusual would be far off the curve.

10k outgoing emails per week it NOT a lot.

Just imagine a weekly newsletter with 100k subscribers.

Yeah, you are using the wrong tool if you send your newsletter from a gmail account at that scale. You can get away with a few tens of people, perhaps a few hundreds.

Above that threshold you should use tools like moosend, benchmarkemail, or similar. And they ask a pretty penny when you reach that scale.

You can’t send bulk newsletters from gmail/outlook.

Well, you can't directly, but you can use SMTP, which you can plug into any garden-variety spamming tool as long as it supports that.

It may not be a single email, they might be using many throwaway accounts.

Might be an idea to switch to a bank or credit union that have better customer service?

That doesn't even include the massacre they did on their own population 2 months back. When it comes to genocides, Iran's islamists have a LONG list of mass-killings to answer for.

No. Iran's islamists have organized plenty "hills", including an attack on Brussels airport and metro. Me and my wife were within 2 km of the shooting.

In the airport, they found a woman pushing a carriage. They shot the baby first and waited, laughing, for the woman to collapse onto the floor, dead, still bleeding baby in her hands, to shoot her. She survived. THAT is who you're dealing with here.

We found out Iran's embassy was involved in organizing these attacks. There is nothing you can possibly to do convince anything done to these islamists, each and every one of them, is immoral in the slightest.

That is pretty bad, but where's the genocide you mentioned?

Many commenters blows up here but you have to see this from the non-informed consumer perspective I think.

What I mean is, yes, WE know Win11 barely works with 4GB and WE know that 6gb is quite generous for a Linux machine, but they don't.

The general public isn't as informed as we think they are (which is proven by 75 million people last election).

Seems a lot of commenters here dislike their decision, I like it though. LLM-generated projects, articles, blogs are low-effort products lacking authenticity.

And the discussion on LLM itself can in the long run be fairly tiring, follow r/LocalLLaMA for a while and you'll see what I mean. But if you are really into LLMs though, that sub is great.

It is simply not fun to go on to a subreddit, seeing 90% being projects and blogs that is obviously created using AI, and authentic content being pushed to the side due to the high volume of artificial works. r/Python was horrible at one point, but the mods have been stepping up their game.

> LLM-generated projects, articles, blogs are low-effort products lacking authenticity.

I think this is mostly true but not completely true, LLMs are a tool and right now we are learning how to use it, how to use it well and more importantly how not to use them.

Donated just now, worth every coin for what Calc and Impress gives me.

This one feels more authentic.

https://www.grymoire.com/Unix/Sed.html

I actually prefer the "organization" of the original article, but could not continue past the LLMisms.

The criticism against this decision seem to often miss the point of it IMHO.

Let's be realistic, there IS a problem with sideloaded apps being downloaded by ignorant people, and they do get scammed/hacked or whatever.

This leads to unhappy people complaining to their banks, politicians and media, these in turn starts lighting a fire under Googles bottom.

So, my point being, how do we solve the ACTUAL problem with rogue apps then?

Budget-wise it becomes impossible.

Coin-operated meters means someone have to come around checking the meter, collect coins, check the parking tickets. One person can only cover so many devices per day.

Then you have mechanical maintenance, with that comes disputes with "it was broken, it didn't accept the money" and so forth.

I've probably forgotten a number of other related things, but compare the above to digital solution.

Parking app, where the customer pays only for the parked time, no fiddling with money or keeping track of time. The parking attendant checks much quicker by just scanning the license plate while walking the rounds (could be done via car and a mounted camera even).

Analog just costs more, and citizens doesn't want taxes to go to things that are not strictly necessary.

It was possible for many decades already, budget and maintenance-wise. You can at least accept a credit card as an alternative. Yes, it's not perfect, but the fully digital alternatives also have drawbacks, as pointed by OP.

Things that were possible become impossible. Once Britain ruled the seas with wooden sailboats. Those boats are not perfect but could they win today’s naval battles? Also no.

I know but you're fighting the cost difference between installing CC terminals and QR code stickers.