You should report to his family and his details should be publicized should their response not be sufficient. Even then it's likely he won't stop. Only take back what he stole as anything else is likely stolen goods. The point here is to provide assistance for any other victims in locating who scammed them as well as making the scammer painfully aware of the damage he will cause himself by continuing with this behavior.
Why am I deprioritizing police? Police really don't handle this sort of thing well. They'll likely consider it a civil matter or just won't make the stretch to pursue. It doesn't help the victim is not in the US (lower that priority some more) Sure you can log the complaint, but unless he's brazen and lots come forward about him, they likely will not bring charges. (go read up on bitscotty scamming bitcoin-otc'ers, he did it for years even after being doxxed and reported to police) I'm not saying not to report though. Make sure his details are accessible so others can follow your report.
If you want another fast track, he said he's in college so report to their administration. Without rights or due process in the way they'll probably sanction his ass immediately. Did he scam from the school's network? If so it is now a school issue and they don't like looking bad. :)
You should note that he's from austria (based on his domain name), I would assume it would be quite a feat to go to visit US police from Austria and not worth his $500.
"Because OS X is secure by design, there’s no need for IT to install additional tools or lock down functionality for employees. And with an automated zero-touch deployment process, they don’t even have to open the box."
By that level of standard, nothing is secure. Linux has vulnerabilities. Windows has vulnerabilities. I have a deadbolt on my door and the package read "Keep your home secure!" but someone could still get through if they really wanted to.
"Secure by design" doesn't mean 100% secure no matter what. Part of that design is the update/patch process that addresses vulnerabilities quickly, and mitigating controls like lower default permissions and application signing.
The fact that you're so quick to call everyone an astroturfer because you made a ridiculous statement just proves that your only interest is trolling.
Me saying this is downvote-worthy in itself and I'll gladly take my lumps because I'm only adding to the noise, but let's break this down:
(1) You claim that because someone wrote malware that requires root access to install, but can't be used to get root access to a system in the first place, that the vendor who makes that system should no longer publicly state (in their marketing materials no less) that they care about security and design their operating systems with security in mind.
(2) When people downvote your incredibly astute, mature, and insightful comment, you feel the need to follow up on it and complain publicly about people giving downvotes. Because everyone knows that the most appropriate response to downvotes is to complain about getting downvoted.
(3) You don't stop there, though! Why would you? You are so confused as to why someone would disagree with you that instead of reconsidering your original opinion, you assume that a huge corporation must be paying people to downvote the deep, deep wisdom you've chosen to express here. You don't keep this suspicion to yourself though- you are so certain of its veracity that you publicly state your conspiracy theory as well, because of course you will.
Any one of these things is incredibly downvote-worthy. All of these things combined are a perfect storm of comically stereotypical Internet forum asshattery that everyone has seen a million times over during the past 20 years and has no desire to ever, ever see again. Sadly, it will never completely go away because there's always a new generation to keep the traditions of Slashdot circa 1997 alive (or Usenet after September 1993). All anyone can do is downvote on sight and hope that each generation learns these lessons a little more quickly than the one that came before it. Honest critical thinking == good, mindless hateful tribalism == bad, that's all there is to it.
Overeating is a psychological disorder. Few Americans would have any ill effects not eating for a few days -- especially the 66% of Americans who are obese or overweight.
The "Body Positivity" movement that encourages people, especially young woman, to be obese or overweight, and tries to criminalize images of slender people in advertising may be the most unhealthy political movement there is.
Obesity kills 300,000 people in the U.S. each year, and with the exception of several hundred people suffering with psychological disorders who manage to starve themselves each year, being slender or even a bit "underweight" has no negative health effects and may have some positive ones.
I wonder if this is in response to out-of-control GitHub employees enforcing arbitrary "Codes of Conduct" on their users, including flagging repositories for using language that's not inclusive enough, or might offend someone?
Seems like without management, an employee with an agenda--especially on that's not related to technology--could go off unchecked for a long time.
No, it's almost the opposite. This kind of thing started happening for the same core reason they added management: because of the Tom Preston-Werner / Julie Ann Horvath scandal two years ago.
It made them understand the importance (and risk for the business) of such issues, so added HR and middle-management with a focus on them. As a side effect we ended up with things like this happening.
The people with an agenda are not random employees in a flat company here, it's the management.
Seems unlikely that an organization of GitHub's size would overhaul the entire management structure to deal with problems brought about by a single employee (or even a few).
I think this might be a reference to the "WebM for Retards" repo which was banned. After that event, someone ran a search and found myriad other repos containing "problematic" language which were ignored.
I do that too! I have the same "suffix" that's on all of them that I leave off the written version for a tiny bit of extra security. It's just a few characters that I've been using consistently for years on written-down passwords.
These types of issues come up a lot in well-meaning organizations. What they don't realize is: "You an include the most people by having the narrowest platform."
So if you're a "privacy technology" group, anything not related to privacy technology should not be part of your focus.
Ever Civil War, for example, has two (or more sides). Now the Tor group has to pick one. If they were simply interested in privacy technology, they wouldn't have to.
You see a similar thing with Codes of Conduct, or "inclusiveness" initiatives. Why can't a Python conference be about Python and only about Python?
