I like it how Facebook doesn't mention anything in the WhatsApp changelog about this.

Apple won't let you change a changelog after the binary is built and put on the store. So if you want to get a fix out, but not alert people that you're on to them, you have to put out a changelog that just says something like "Bugfixes". Then you have to build another build and submit another changelog, but Apple probably won't let you issue builds that are duplicates...

So basically every AV vendor denied getting hacked

No, you're right. Portal is effectively iframe without all the security protections.

It's kinda the opposite actually. iframes didn't provide sufficient security to do the sort of things Google wanted to be able to do with them, so they had to design a new standard with better protections: https://github.com/WICG/portals/blob/master/explainer.md#why...

Well you certainly can't raise a stink after it's in the standard.

My point is, portal isn't "an iframe without all the security protections." portal is a demo of animating between pages. What it becomes from there is completely flexible.

Animation isn't the point of the portal element, it's to allow cross-site navigation to an embedded page without reloading.

Things are not "flexible" once they have been shipped on by default, typically. Changing behavior or removing at that point becomes very hard, requiring usage measurements, etc.

This is not on by default.

Yes, I am aware. But that's related to how happy Google is with it, not to whether it's standardized in any way.

IE5 has proprietary page transition animations, works pretty nicely actually.

https://people.apache.org/~jim/NewArchitect/webrevu/1998/12_...

when you are google, unilaterally releasing and pushing a major new feature for “the web” has an entirely different meaning and implication to it compared to, sadly, mozilla, or some other player (even apple to some extent) because of their huge market/mind share.

in that scenario “wouldn’t it be cool” is not a good enough reason, and for a major feature such as this, skepticism is healthy and warranted... the “web browser” is slowly being transformed into “the google browser” and we have no one to blame but ourselves

The consensus opinion seems to be, from this thread and elsewhere, "While Google is not doing anything wrong by standards in this case, because they have the power/potential to do something wrong by standards we must oppose this as well."

Search results don't include private repos.

Wonder how many of those got hit.

Lots of security people will be up tonight reviewing logs.

Good point, we have no idea how many private repos have been compromised and I assume people won't come forward either.

The messed up part is that the repos are probably worth waaaay more than the ransom, especially if the companies are making money.

I wonder how many security people will be walking out the door TBH.

I tried searching for keywords on Google and Twitter and couldn't find anything to suggest this was the case. Do you have a source that you can suggest for this?

Hope the guy doesn't get an Upwork account now. He'll be really screwed then.

The article doesn't say, but is the teen black?

His name (Ousmane Bah) sounds African in origin.

This of course means nothing as I'm no clairvoyant, but we know face recognition tends to favour some colours over others.

Because some real life systems are unintentionally racist, provide more precise results for light skinned people.

That's not racist. The Wikipedia definition is the belief in the superiority of another [0], which this doesn't fit.

Has nobody considered that blacks are a minority and therefore there is less data available for training or testing? This might always be the case, simply because there are fewer in America (where Apple designs it's phones).

[0]: https://en.m.wikipedia.org/wiki/Racism

Biased systems != racist.

Biased systems are just WRONG.