I can see a younger version of myself making something like this and intentionally letting it slip to the media for attention. I th8nk this line is telling: "Since there are no known victims/ targets for the ransomware group, their Tactics, Techniques and Procedures remain unknown."
I don't think there's a risk if any great outbreak here. A bunch of scriptkiddies took some open source project and modified it with some silly instructions.
Alternatively, I could see this used in one of those scam calls. They set up remote accesslike normally and then months laltrr the6 infrct their victims and the "trusted Microsoft technician" gives them a call to steal even more off their money. This time there's an actual piece of malware that gets removed, solidifying trust in the scammers even though they were the ones to infect the victims in the first place.
Don't be dismissive of script kiddies, they can cause a lot of chaos, and often do it because they feel like no amount of self education or self improvement will improve their chances of stable full time employment.
(Hence many of them operating out of the former USSR.)
They certainly can cause a lot of chaos. In fact, I'd say that most malicious chaos normal internet users may be subjected to is done by these scriptkiddies.
Theres a difference, though, between an extensive ransomeware attack and an experiment by a bunch of amateurs. The chance of key recovery is much greater if there are dedicated criminals behind the attack, but amateurs also don't get the widespread reach that the media coverage might suggest.
I think the characterization of scriptkiddies as hopeless people is a bit romantic. I was something of a skiddie when I was young and I think a lot of their behaviour can be attributed to teenage recklessness.
The former USSR certainly has their fair share of scriptkiddies but they're around in every country. When the USSR was still around, the west had its fair share of phreakers that developed into the hacker subculture and established the code of honour that evolved into the cybersecurity communities of today.
Hospital IT soaks in a special set of impossible choices.
Vendors lock them to insecure OSes and inflexible contracts. Regulations are equally inflexible. In general, security is in tension with providing patient care, especially in emergency situations. And all this stuff is super expensive, which means making do with old gear in a lot of places.
I am in no way defending incompetence. But the reality is grim.
Sorry but I was being unclear. The MRI machine's supplier designed it using Windows XP and they don't offer anything else. Sure it should be either airgapped or networked on some type of VLAN / quarantined by outside access but that's not my point.
I was thinking the exact same thing, as former (and reformed) lightweight teen hacker. My motivations? Employment? More like for the sheer joy of discovery and fascination with working through ideas. And maybe the slightly sketchier teen hackers: lulz.
That was one thing that became pretty apparent with smartphones - those blurred "photos" of UFOs were scams. If they weren't, there would be tons of high quality alien vehicles footage available by now.
I'm not sure about that. I have a pretty good phone, but I still can't take a decent picture of the moon, so I'd have no hope with a suspicious airplane-sized light in the night sky. The cameras are optimized for selfies and meals.
I question the bias of your sample. Almost every one I've known who possesses any self-taught coding knowledge has gotten there specifically because they don't buy the "wage slavery" narrative and wanted a valuable skill. I'm from a very low income community and family so I imagine that if the type of person you're claiming exists were so predominant I'd have run into at least a few of them.
agree. the freelancer / gig economy is dominate by script kiddie / template churner companies in India for whom $2/hr is a good wage. there's no competing with that
this is a feature, not a bug, of globalization. Work that can be done in cheaper countries is allocated there.
On a related note (and I get negative feedback whenever i say this, but) this is the future of all software developers as i see it. If you can do your entire job remotely, then "remote" is going to get optimized over time.
It does not make sense to spend your time in USA (for example) coding when you can stop at developing the specs and send it overseas to be coded for half the cost or less. Architects dont lay bricks, and brick layers dont need to understand architecture. Accumulating knowledge of many different types of syntax for expressing the same principles is something that is only going to depreciate in value over time.
"Just" sending it overseas to be coded is more likely to end in failure than success, unless you have a lot of experience and know what the pitfalls are (which is a very expensive education). I'm not picking on developing countries; the same goes for big enterprise contractor providers in the U.S. They have no incentive to write stable, maintainable code. Their incentive is to make it just stable enough to not get sued and get it out the door as quickly as possible. An employee that will have to live with that code for several years will focus on maintainability purely out of self interest if nothing else. As to whether overseas firms are able to undercut domestic firms, it's a possibility, but anyone that has dealt with time zone issues and cultural barriers most likely knows what they are sacrificing to get that discounted rate.
Why wouldnt an overseas employee have all the exact same incentives and challenges to maintain their code as a more local remote worker?
I think you are assuming I was implying overseas work to be all short-term contract work but I am not saying anything about the paperwork. The paperwork will write itself such that the relationship between a remote worker and the company is identical whether they are in texas or india. And itll happen that way because of financial incentive to do so
It's already happening. People from NY and CA are moving to Texas and Georgia, and then their salaries are being reduced to adjust for cost of living - but they still make really good money for Texas or Georgia. Maybe those SWE think they are irreplaceable, but what they have effectively demonstrated to the company is that the work itself can be done entirely remote, and so when it comes time to replace them - they will look for a cheap remote worker. Maybe today it is tough to find good replacements in India, Ukraine, etc, but over time (on the order of 1 generation would be my bet) those replacements will be much easier to find over there.
I suspect you've never been a technical liaison to an offshore team. I believe your vision is to replace all satisfying work with soul-crushing work. If all your work is done by people who don't want to work there, including the supervisors, then what kind of quality can your company expect?
>I believe your vision is to replace all satisfying work with soul-crushing work. If all your work is done by people who don't want to work there
I am hesitant to believe what I think you are implying here. Do you think everyone in cheaper countries would prefer to live in more expensive countries? Even if provided a stable income far above everyone in their area?
I also dont know what would be soul-crushing? It's doing what we do here, just over there.
Yeah, so the details really matter here. A lot of people hear "In country X they live on $2 per day," and think that you can experience the same standard of living in that country as you do in the US. But that's really not the case. Even in places that enjoy a relatively high standard of living, while things like food and rent are cheap, all the things that are imported from the developed world cost exactly the same, and it just means that people can't afford them. Everyone may not want to live in America, but they all want to have the luxuries we enjoy, and which are enabled by American salaries.
But standard of living isn't really the reason someone would be miserable at work -- the real thing that makes this a bad arrangement is loss of agency, both for the off-shore contractor, and for the supervisor. This is where I accused you of not having done this before, because in my experience, and several friends' experiences, working with lower-paid, lower-experience software teams is extremely frustrating.
As others have pointed out, coming up with specs is a frustrating and unsatisfying process, and is akin to writing code, except that you don't actually get to run the code and see the fruits of your labor. Because of your working arrangement, the people actually making the product don't have the agency to take ownership of its architecture, and instead you get a whole bunch of copy-paste. If you push back and say, "no, this isn't what we agreed to," then they push right back and say that your requirements are unreasonable, because they don't have the expertise to architect the project right.
But suppose you decide you don't care about architecture, because that's what expensive people do, and you're hiring cheap people, then what's the harm? They can do things their way, even if it's less efficient, right? Except that now the team living with the bad architecture is responsible for fixing all the inevitable bugs that come up, and every time a bug is "fixed," another bug pops up somewhere else, and you, the supervisor/customer, are now responsible for all of it. You can keep filing the bugs, but you can't fix them yourself. Or maybe you can fix them yourself, but you can never improve the overall design, because your decisions will always be overridden by the copy-paste brigade doing the "real" work.
It's a world where all the code bases are awful and nobody gets any job satisfaction.
I think you're right about the state of leveraging over seas labor today, but the gap is so large between life over seas and life for SWE in USA that I have no doubt that a middle ground can be found to put SWE in USA out of a job once overseas experience reaches a satisfactory threshold. There is a lot of negotiation to be found between $2 and $50 per hour.
If nothing else, Land Price will be a big driving factor. If both sides have equal budget for commodities and investments, overseas wins on home budget.
>off-shore contractor
this does not need to be a contract arrangement. The person hired overseas could be hired indefinitely to support the product, with typical transition plans in place. same as today with local workers.
>coming up with specs is a frustrating and unsatisfying process, and is akin to writing code, except that you don't actually get to run the code and see the fruits of your labor
We might be operating with different levels of "specs". I am not saying you need to tell them exactly what to write.. it would be the same as a manager talking to a subordinate at a tech company today. You tell them what needs to be done and they have the skill and autonomy to do it.
I agree that this arrangement does not work with low-experience overseas workers. However, the point I am trying to make is that I think overseas experience will catch up way faster than the local need will become more complicated. So even if local employees maintain a lead in skill and experience, overseas does not ever need to catch up to them - they only need to catch up to necessary qualifications. Local people can offer more, sure, but this is a field that discourages over-engineered solutions. That implies there will be significant diminishing returns on all the extra skill local employees provide.
Again, this is not the case today because the lower experience workers are not just lower experienced but too inexperienced in general. Some time in the future they will still be lower experience, but they will be experienced enough. the only question is when, which is a gamble, but i think soon. On the order of 5 - 20 years would be my bet. It already happens but is a rare exception to the rule - so that timeframe is how long for it to become a common occurrence.
> when you can stop at developing the specs and send it overseas to be coded for half the cost or less.
Good luck with that. Please, do try it and report back to tell us how it went. My prediction:
No matter what you do, the spec will be incomplete, and if it's large enough, it will contain contradictions. The culture of not questioning superiors in many of "overseas" will make it hard to notice and only after substantial time without progress someone will realize the problem. That person or group of people will start communicating with clients and overseas to work out the problems in the spec, accumulating additional overhead. The changes and additions to the spec will render a lot of work already done unusable, so the overseas team will have to start from scratch. Then, they will work on the code, while you will be wondering if they're working or not. If it turns out they do, sooner or later they will provide you with some results. The result is going to be pretty bad, because competent people don't want to work for $2/h, no matter where you go. But you will get some result, and will begin testing it. You will discover a lot of bugs, and then you will have to fight tooth and nail to have them fixed, because nobody will want to take responsibility for the failures. At this point, the project will be a year late, and will have flown past all reasonable estimates in terms of required funding. In the end, you're forced to contract consultants - you'll have to sell your kidney to pay them - who will make the product barely-usable some 2 years after anticipated launch date.
Yes there would be logistical issues if we tried to actualize this future today, rather than allowing it to naturally progress over time as I stated. Foreign culture is irrelevant, as you can bring people in to train them on-site and then let them go back home to work.. or send someone from here over there. Also remote workers will evolve to meet whatever is necessary to make the arrangement work because the financial incentive is HUGE and isn't going anywhere.
the point is that lower cost of living areas will promote remote work to transition there from high cost of living areas over time. The pandemic already showcased this.
Youre right that the end result will probably be worse than what we have today, but that will not stop it from happening. they will figure out how to be good enough
yes today. overseas is still behind on raw skill. they will catch up, and SWE does not promote complicated work - it does the opposite. it promotes the simplest code that works, because that makes it easiest to maintain.
I love it when people come to me because their big spender investment in bottom dollar software they splurged for on fiver is failing and they're in panic mode. Like what did you expect performing an act of labor exploitation, a working machine? Loyalty?
> I’ve met tons of script kiddies over the years and none of them were concerned about employment. They do what they do just to show that they can.
Even worse: when I was a kid trying to hack around everyone had some (probably false or based on rare occurrences) where the hacker/script kiddie would get caught but employed for their skills instead of prosecuted.
What do you expect when the world is run by criminals? Seriously!?!
Look at the people who make laws, they dont have the intelligence or morality to even teach a TL;DR to everyone at school. Talk about set up to fail!
And when they upgrade the laws they dont even inform each and every member of the public, let alone let the public debate whether its a good law or not.
Democracy is the ultimate criminal act because people are tricked into having laws forced upon them by a small minority of criminals who decide what is best for you. Democracy is parenting of adults.
And yet the stupid keep holding up the law as an example of righteousness without knowing ALL the laws. What is the definition of stupid? A law abiding citizen.
I don't dismiss. And while I don't specifically encourage anyone to do anything illegal, script kiddies are probably on balance a good thing. That's just free pentesting.
(This is part of my broader idea that "cybersecurity" will remain nearly entirely impotent until we figure out a way to inject real liability. When something breaks, someone needs to pay or be punished. It's that simple. Perhaps start with Microsoft.)
I mean, you're trying to create an off-topic thread on a topic you know will be divisive. No need to sugar coat that you're going out of your way to harm the community.
I guess I must've missed the autocorrect suggestion. Too late to edit now. The curse of relying on modern tech, my mobile typing has become lazier as autocorrect learned to understand me better...
I don't think there's a risk if any great outbreak here. A bunch of scriptkiddies took some open source project and modified it with some silly instructions.
Alternatively, I could see this used in one of those scam calls. They set up remote accesslike normally and then months laltrr the6 infrct their victims and the "trusted Microsoft technician" gives them a call to steal even more off their money. This time there's an actual piece of malware that gets removed, solidifying trust in the scammers even though they were the ones to infect the victims in the first place.