Mark Tomczak @mtomczak@qoto.org

@hasmis Personal anecdote; take from it what you will.

I never got into open source because I get too easily frustrated by developers failing to document their build environment (assuming they bothered to document anything at all).

"Hey I tried to build your giant library, but I'm getting an error where it says it doesn't recognize the --c++20 flag and suggests I mean --c++2a?"

"Oh yeah, you need to use g++ 11, and we do mean g++, Clang definitely won't work. Also you want openjdk 17 or later, and the specific version of python Guido von Rossum compiled in a drug-fueled haze at a rager in Burbank in 2013, which I can mail to you on thumb drive if you don't have."

@ocdtrekkie I think we're done on this topic if your response is "Well, search had a good run."

The value provided by having search engines outstrips the harm done by bad actors leveraging ads to vend malware. Point me to one counter-example of a general-purpose search engine that isn't ad-backed if you're going to demand we collapse the ecosystem.

Or, as I said, you're actually advocating for just handing search on the web to Microsoft. A hilarious solution for checking Google's power.

@ocdtrekkie That's not expensive; it's completely unscalable. It would collapse Google's ability to offer search as a service (it would collapse *all* search engine's abilities to offer search as a service, except possibly for Bing if Microsoft treats it as a loss-leader).

... and it wouldn't solve the problem, because the bad actors would provide a clean front to the humans.

@ocdtrekkie Ars reporting on the problem will certainly light a fire under the team to do more about it than they already are.

I'll be interested to see if that has effect or if the problem is actually fundamentally intractable.

ETA: Ars does a good job of breaking down why Google's been struggling with this problem. So Google employs all manner of out-of-band detection to suss out bad-faith advertisers. Problem is, this new wave of malware vendors is savvy to Google's methods and is cloaking the endpoints from those scans, which means when Google tries to decide if those sites are malicious, they vend a clean front.

(I'm aware of several tricks Google has up their sleeve for this issue, which I choose not to divulge, but if *I* know about them, I assume people who generate revenue by breaking them *definitely* know about them).

In any case, it all circles back to square one again: it's worth it for these folks to optimize their attack against Google's countermeasures because Google is the largest target. This is the "Viruses on Windows" problem again.

@philipncohen Oh don't worry. In 2023 you can still be run out of town. The town just has global span now. ;)

@Popehat It does, but so does the entire adversarial / common-law / Constitutional judicial system, so 🤷‍♂️

@lauren From their point of view, this *is* retaliation.

For Project Loon. ;)

@ocdtrekkie You've never worked with or in Google have you?

I ask because your perception of what the ad team actually does is so far removed from reality that I have no idea what your source is.

@ocdtrekkie USPS is also a private corporation that makes ~20% of its money on ads.

https://facts.usps.com/top-facts

@ocdtrekkie Cool.

So what *is* your recommended alternative to phone companies and USPS?

https://www.npr.org/2022/02/03/1077766541/usps-checks-mail-fraud-bank

@ocdtrekkie It's a scale problem. You can make similar accusations of phone companies regarding scam calls.

The consequences of being biggest is you become the largest fraud vector by virtue of scale, no matter how much counter-with you do. That doesn't imply you stop doing the work, but it will never be enough.

@ocdtrekkie Yes. I am not surprised that instances occur every single day in an ecosystem with 200+-billion-clicks per day.

Ever heard the statistics on how many of Google's datacenter machines burst into flames per day? Yet Google doesn't sue their vendors for mis-manufacturing; they know how scale works.

@GIMP > Also the GIMP project doesn't buy ads!

This is probably fine as long as the main way people try to get GIMP is through package management.

Does the project have enough numbers to know what the ratio is of people who install from package managers vs. people who install from search engines? If it starts to tilt towards "search mostly," might be time to invest in some ads.

@ocdtrekkie You're trying to build a case on individual datapoints for a service that serves 237 billion ad clicks per day.

I think you may find your numbers less than convincing to those of us who know how statistics work, even though we agree that the number should, ideally, be zero.

@Popehat If you have to ask, you already know the answer. ;)

@mmasnick Elon: "the scammers are abusing our API!"

Steve Scammer, spinning up another virtual machine with an auto-clicker script running: "What, and pay someone who understands API keys?"

@timbray Yes. Basically because the margins on both of those (compute capacity and ads) are obscene; it's free money for moving electrons around. Way, way cheaper than money for moving all the molecules in boxes of stuff around.

@lauren Back in the day I wrote a "Candlejack bot," based on an old joke from a Warner Bros cartoon series... It just did a low-cost search for anyone mentioning "Candlejack" and interjected into their conversation (IYKYK ;) ). Just one "hello," then did not continue to engage.

... I got off the Twitter train long before they would have decided that was ban-worthy behavior.

(Hm... it occurs to me I should resurrect it on Mastodon. ;) ).

@dangillmor @Popehat It's hard to do otherwise when the US House of Representatives includes "conservative" members who are active conspiracy theorists.

At some point, the media can't ignore that and has to describe the political movement based on the behavior of its highest-ranking members (including, obviously, the one that thinks a massively-distributed electoral process run at local and state levels was somehow "stolen" from him).