Please tell me more. I'm looking at the VIVA and I really don't get why would anybody contribute to the "internal linkedin" and other features. Where did it come from? Where does it go?
I think you're right on the luxury brands being less durable.
To address the second airplane example, we really have to go through all that you're buying. Namely: more leg space, faster airport queue processing, more luggage, better in-flight service. Do I value these at 3x the cost? Maybe yes.
Both me and the richest person on the flight are going to the same destination. They're not getting there any faster or safer. Everything else is a fleeting luxury.
Not saying it's a bad to spend money on temporary comfort, but it's the opposite of the Vimes boot problem.
If you are over thirty and still this strong, then you have my respect and envy. I’m not even forty and even I would say a >7h economy flight (middle seat particularly) can take about two days to recover from.
How much money would you pay for two extra days of life? In the end, time itself is also “fleeting”, if you want to put it that way. But I sure as heck would fork over the money if I had it.
The funny thing is that from what I heard with the antiques markets (which is admittedly possibly a decade or so old) it is antique luggage of all things which is 'in' and antique furniture which is out relatively speaking to the past.
The grandkids not wanting it may still apply if they are still minors, there would be plenty of time for tastes to shift again.
It’s not suitable for air travel, but I treat anything for air travel as disposable. I still use it all the time for car-based travel. It’s larger and nicer than what I fly with.
The core point is of course solid. By not updating on day 0, maybe somebody else spend the effort to discover this and you didn't. But there are plenty of other benefits for not rolling with the newest and greatest versions enabled.
I'd argue for intentional dependency updates. It just so happens that it's identified in one sprint and planned for the next one, giving the team a delay.
First of all, sometimes you can reject the dependency update. Maybe there is no benefit in updating. Maybe there are no important security fixes brought by an update. Maybe it breaks the app in one way or another (and yes, even minor versions do that).
After you know why you want to update the dependency, you can start testing. In an ideal world, somebody would look at the diff before applying this to production. I know how this works in the real world, don't worry. But you have the option of catching this. If you automatically update to newest you don't have this option.
And again, all these rituals give you time - maybe someone will identify attacks faster. If you perform these rituals, maybe that someone will be you. Of course, it is better for the business to skip this effort because it saves time and money.
AFAIK the idea is to have backups so good, that restoring them is just a minor inconvenience. Then you can just discard encrypted/infected data and move on with your business. Of course that's harder to achieve in practice.
If the important data is in a web app and the Windows PC is effectively a thin client, this lowers the ransom value of the local drive. Of course business disruption in the form of downtime, overtime IT labor cannot be mitigated by just putting everything online.
The next step is just to move to security by design operating systems like ChromeOS where the user is not allowed to run any non-approved executables.
If tricking a single employee can cause an entire company to stall out, it's a process issue. Just like how a single employee should not be able to wire out $100,000.
Getting rid of Windows in favor of an OS with a proper application sandbox like Android would solve so, so many security issues, but that's not viable in most cases because so much software depends on the outdated user-based permissions model most desktop OSs are built around.
Please don't. It's bad enough that companies running windows have all the data on win premises. Dumbing down what the users can do with their machines seems like the end of personal computing.
I don't think Android is "dumber" or less capable than Windows. In many ways the application sandbox actually gives owners a lot more control over their devices than a less locked down OS would, allowing them to restrict what information installed applications are allowed to access.
But what I think you're concerned about (and I agree) is that the flip side of that is that giving device owners more control over their apps also gives the OS developers more control, and Google's interests are not always perfectly aligned with the device owner's. There's a much wider market for apps than there is for operating systems, so sometimes app developers' interests will actually be better aligned with the device owner's than the OS developer's interests are.
One possible saving grace here is AOSP. In theory you could have multiple competing AOSP-based desktop OSs, each catering to a slightly different set of users. This would be close to the ideal situation in my opinion. Either that or Chrome, Firefox, Edge, and Ladybird all evolve into full fledged OSs with WASM-based apps.
I see your point, I do. It seems like all external software is going in the SaaS direction, where the vendor is keeping all of the data, so they are available over an API. So there are genuinely solid cases for Chromebooks.
The issue is how much power this gives to the vendors. I think we should be able to survive a vendor going poof, taking all our data with them. Having a general computing platform capable of mixing files and privileges seems to me like the only way of keeping this capability.
Sleeper agent malware is a thing especially in high risk situations. If somebody has a dormant RAT installed since year X-1 it’s going to be impossible to solve that in year X by using backups
That does not work. They just infect you and do not demand a ransom for a few months as they encrypt all your data going to the backup. Now your backups are also encrypted going back multiple months and you have to discard months of work.
Modern ransomware are not just encrypting data but uploading them somewhere too, the victim is then threatened with a leak of the data. A backup does not save you from that.
Well yes, if you get breached, you have problems. At least in good backups scenario you can continue to operate, so you have money incoming to fix this.
I don't think you can enforce such a rule. I think it's a good approach too.
Another issue is that not paying up and risking restore from underfunded ops dept. might be more expensive than paying up AND making a selected executive look bad. And we can't have that, can we.
It would make the ransomware statistic go down without actually stopping crime. Any company that considers paying the ransom would have a strong incentive to never report the security incident to avoid being punished for ransom payments
Plus it gives the ransomware gangs a whole new angle they can use.
So, remember how you illegally paid us a ransom a few months ago? Unless you want to go to prison, then you better...
We're already seeing this against companies who pay ransoms and fail to report the breaches when they're legally required to - but it would be much worse if it's against individuals who are criminally liable.
Make employees criminally liable for making ransom payments, along with whistleblower protections. Very few employees will risk going to prison to protect their employer. You can always get another job.
I don't think this helps anybody. There will always be some poor soul taking the blame for the crimes of the higher ups. And what exactly the crime would be? Using company money to pay an unspecified third party? Also pretty hard to enforce.
It should be a crime to knowingly transfer money to criminals for any reason. And it wouldn't not hard to enforce: offer bounties to whistleblowers who turn in their colleagues.
It likely is in many places, under laws relating to dealing with proceeds of crime, but I’m not aware of any prosecutions having ever been made on this basis.
Agreed - it’s not that it’s a bad point but it would be an ineffective rule which is usually an excuse to forgo other more effective (usually more expensive) options
Unfortunately the actual solution will probably have to mirror real world, which means balkanizing the Internet to clarify legal jurisdiction, maybe some international police task force to aid with cross-border investigation, but ultimately it all hinges on whether and how much the countries with most nuclear aircraft carriers are willing to pressure other countries to take this seriously.
"I could have done it better, it's not a big deal, oh, they had women and non white people on board, what even is the shareholder value of this mission, oh it was almost done 50 years ago..."
These people went literally to the moon and back. Furthest anyone has ever been. That's an achievement.
I know things suck right now. Even more reasons to appreciate what is possible with technology.
I agree with the premise of this article. This achievement is inspiring and re-assuring that competency brings results. The alternative is way too depressing AND it mostly is our reality right know.
Throughout the years we've heard concerns that we could no longer go back to the moon because of skill atrophy. This is, at a minimum, a great step towards recovering some lost skills while developing new ones.
People are too lost in their political hysteria to appreciate what a amazing achievement that was.
We're in this mix of living in a time of mass hysteria and so many bots on the internet that it's tough to tell if the comments are real. I want to hope most comments I see aren't real people. It's sad if they are.
TBF there’s very little change on what we can do more than what was achieved in the 60s. The current space boom is a re-do with better tooling. We can put better computers in space and that’s what gives us anything more than what we had before. The moon and Mars are PR stuff and would be cool and maybe inspire engineers or scientists but its still slight incremental upgrade to what we had so far since 60s.
Even the photos are not that much better so far, people compare the OG and many like the old stuff better. Obviously its impressive engineering but we have seen it before.
I will be impressed when we have a large city sized space station with a large transparent dome.
> TBF there’s very little change on what we can do more than what was achieved in the 60s.
People could do backflips and write moving poetry and memorize thousands of digits of pi in the 60s too. Such things were impressive then and they're impressive now.
I could understand someone thinking that the Apollo program was more impressive than the Artemis program, but to think that the Artemis missions are not impressive is completely foreign to me.
Doing it the second time is so less impressive that soviets cancelled their whole human moon landing and Americans stopped paying attention on Apollo 13 and cancelled the program after 17.
Obviously it is huge engineering achievement each time, just not as impressive as it was done before.
We have an incredible eclipse photos with multiple planets in the background. If you don't find photos like that incredible to see I'd guess you need to do some soul searching.
They are impressive photos, the earthrise is my background on my phone and the eclipse is my background on my laptop but they are derivatives of what we had before.
Is one picture of a mountain derivative of another? Are two pictures of a specific human being derivative? No, they are individual creations, even if made using the same camera by the same photographer. Each is an individual work of art, the vision of a particular person capturing a unique, unrepeatable moment.
They are not derivatives, because the photographers are different people and the time and place were decades separated from one another. To call them derivative is to belittle the humans experiencing the events.
In the same way that Cassini was a derivative of Galileo, but around Saturn and with a working antenna. Or Perseverence is a derivative of Curiosity, which is a derivative of Opportunity. Or philosophy is just footnotes on Plato. Or classical music is everyone trying to escape from the shadow of Bach. Or fantasy is just a poorer version of Tolkien.
I suppose there's truth to that, but it unfairly and unhelpful minimizes the accomplishment, and it collapses the awe that the article talks about. If you are viewing the photos as essentially the same, you are shortchanging yourself, because Artemis was not a means for producing photos, those are more like artifacts of production. Again, that would collapse the awe of Artemis.
(Also, technically, I don't think that Artemis is a derivative of Apollo, more like a re-implementation from scratch.)
They are not essentially the same, just not as big deal as the first ones.
Armstrong is the only cooler astronaut than Gagarin even though other astronauts technically achieved much more
than Gagarin. Even Gene Cernan isn’t as cool as Gagarin despite spending more than 3 days on the surface of the moon and probably doing much more things outside of the earth than anyone. He’s cool in other ways of course.
Those not impressive/'I don't see progress' images were sent across a brand new optical downlink. Far from boring or 1960s stuff and very much expanding our capabilities type stuff.
https://www.nasa.gov/goddard/esc/o2o/
'I want the I can feel it exponential curve part of progress without the slow, long, hard work part at the start of the curve like new boring optical space communication capabilities'
Most things we do are slight incremental upgrades until we put in enough to get to the more exponential/experiential progress that people 'think' is what progress has too look like. Look at cars. They were pretty basic shit boxes with sheet metal/slight tire changes forever (basically my whole life) and suddenly they got way way way better to the point a grocery runner station wagon Rav4 can have insane performance specs and good mpg from a fairly affordable 250,000 mile capable boring vehicle. It took boring incremental work/infrastructure to make workable, slightly larger tires/brake rotors/pads/engine tolerances, then now with toxic components, then slightly larger again, then a little less toxic, repeat.
Are you expecting one day 'Bob's Refractory' decides you know what, let's start making city/county sized impact resistant high stress transparent domes light enough to ship to the moon for dirt cheap, that would be cool, why haven't we been doing that yet?
ofc very much the american way, outside of the region maybe its more read like propaganda... not in all regions people are like this, but its not a bad thing i suppose. Good things can also be leveraged for bad things etc. (not by the ppl involved ofc, but by others and their framing of the facts)
it'd be nice if people gave eachother a little space to be :) and look past the politics of things.
maybe then we would not feel the need to go the furthest out into space ever done and we can remain sometime in each other's proximity without feeling the need to develop nuclear weapons.
While it is obvious that the fact that except for the commander, the crew was composed of a woman, a Canadian and an African-Caribbean-American, cannot have happened by chance, I think that for this kind of mission also achieving a diversity target is perfectly fine.
There is no doubt that the members of the crew were at least equally qualified with the possible members of a less diverse crew, even if their provenance must have influenced the final selection.
Perhaps instead of doubting that it was right to choose crew members belonging to historically disadvantaged minorities, like Canadians :-), one should wonder why only the crew members are diverse, but not their chief, which is a more stereotypical American, as chiefs are expected to be in USA.
A conspiracy theorist can argue both ways, either that choosing a diverse crew was done as a favor to those kinds of people, or on the contrary, that choosing a diverse crew was done as a disfavor to them, to show them who is really their boss.
So no matter what choice is done, people can criticize it for more or less imaginary reasons.
> While it is obvious that the fact that except for the commander, the crew was composed of a woman, a Canadian and an African-Caribbean-American, cannot have happened by chance
It’s easier for them to believe in the fantasy superiority of a rocket which hasn’t achieved orbit than the real achievements of NASA and other space agencies.
It’s supercharged by a desire to politicize science to defend their sexist and white supremacist worldview. It pains them to see people they dismiss achieving great things. There are no able minorities. Just unfairness. A fair world to them is white men on top, everyone else below.
What’s funny is how different they are from the people they idolize. Just as SS officers would be disgusted by your average ICE recruit, you average NASA engineer from Apollo would have seen through Musk in an instant.
A rocket that requires tens of fueling trips to make a single moon run would be an anathema to them and they would call it out of the bad engineering it is.
There is so much anger that reality is stronger than prejudice and whatever they say and do women, brown and disabled people will be increasingly prominent, powerful and influential whatever they wish the case was.
I thought this was a straw man, because surely wtf is even the point of this comment, but nope, sure enough, ctrl+f and there are comments like that here. Wow.
you should not ask why they went to the moon again, but ask about why they went to the moon again NOW.
you will see why the whole ordeal was super polished etc.
not to the detriment of nasa nor astronauts or anyone involved. they are doing science and pretty epic things.
so then maybe you can allow to detach your sentiment from the science and acheivement and place it on the appropriate point. (us leadership and their wars needing to give ppl a bit of dopamine because the populus is getting saturated with bad news).
Also, i kinda doubt as a nation or humanity you would do better. i dont know who you are , but this is saying you will be better than some of the brightest minds working at esa, spacex, nasa and chinese, indian, russian equavalents etc
as humanity ... yeah. good luck getting people to work together more than they already do... do you think no one is trying it??? what is your grand plan? how would you do it better?
you cant just make such claims willynilly..show credentials and proof you can do it.
This sounds like a nice principled stance, but you won't get any traffic with this approach. That's demotivating - to me blogging is a tight balance of exploration, learning, improving and feedback. I'm not able to write without considering how this impacts the reader - removing all readers breaks the process for me.
Hi, security here. We've tried, but the amount of people you need for this vs the amount of people you have trying to review and click the big button always means that this step will be a bottleneck. Thus this step will be eliminated.
A much better approach would be to pin the versions used and do intentional updates some time after release, say a sprint after.
Why not just release escrow? If I try to push a new release version another developer or developers have to agree to that release. In larger projects you would expect the release to be coordinated or scheduled anyways. Effectively we're just moving "version pinning" or "version delay" one layer up the release chain.
xz has dozens of contributors and two active maintainers. It was the actual example I was thinking of. The code was submitted by a third party and not a result of a developer machine compromise.
left pad wasn't a security incident. It was a capitalism incident.
Pinning, escrowing, and trailing all help, but I'm not sure "this step will be eliminated" is inevitable.
Package manager ecosystems are highly centralized. npm.org could require MFA (or rate limit, or email verification, or whatever) and most packagers would gripe but go along with this. A minority would look for npm competitors that didn't have this requirement, and another minority would hack/automate MFA and remove the added security, but the majority of folks would benefit from a centralized requirement of this sort.
Yup. As someone who's been on both the eng and security side, you cannot improve security by blocking the product bus. You're just going to get run over. Your job is to find ways of managing risk that work with the realities of software development.
And before anyone gets upset about that, every engineering discipline has these kind of risk tradeoffs. You can't build a bridge that'll last 5,000 years and costs half of our GDP, even though that's "safer". You build a bridge that balances usage, the environment, and good stewardship of taxpayer money.
Yeah, I am looking at that on the use end. It sounds like on the python side this type of thing will be more standard (uv now and soon pip supported with version date requirements). I think time is a big missing element in many security in depth decisions. It can be time until you adopt like use no package newer than xx days or time it takes to deploy etc etc. Unfortunately the ecosystem is getting really diverse and that means ever more sophisticated attacks so we may need to do things that are annoying just to survive.
I thought it's quite good. Of course, I'm not taking 100% of output, but it takes care of my grammar blindspots (damn you commas and a/an/the articles!).
Can you please share what and how gets degraded? Sometimes I don't like a phrase it selects, but it's not common
> it takes care of my grammar blindspots (damn you commas and a/an/the articles!)
There are plenty of pre-LLM tools that can fix grammar issues.
> Can you please share what and how gets degraded?
I'm not the person you asked, but IMO LLMs suck the style and voice out of the written word. It is the verbal equivalent of photos that show you an average of what people look like, see for example:
As definitionally average the results are not bad but they are also entirely unremarkable, bland, milquetoast. Whether or not this result is a degradation will vary, of course, as some people write a lot worse than bland.
Well, for one example, it inhibits your desire to improve against those very blind spots. In exchange for that your audience gets 3-4x length normalized bullshit to read instead.
AI can take a rough draft, clean it up and shorten it as much as you want. The suggestions very often expose ambiguities in the original text. If you think the LLM got it wrong, it’s nearly often the LLM overreading some feature of the original that you failed to catch, which is precisely what you’d want out of your proofreader.
Yes, LLMs reduce the individual charm of prose, but the critique itself carries a romantic notion that we all loved the idiosyncratic failures of convention and meaning which went into highly identifiable personal styles, and which often go missing from LLM-edited work.
> Well, for one example, it inhibits your desire to improve against those very blind spots.
I'd contend this is not true. Even professional authors go to an editor who identifies things that need to be fixed. As the author of the text and knowing what it should be, it can be difficult to read what you wrote to find those mistakes.
> In exchange for that your audience gets 3-4x length normalized bullshit to read instead.
This is not at all what is implied by having an AI act as an editor. Identifying misplaced commas, incorrect subject verb agreement (e.g. counts), and incomplete ideas left in as sentence fragments.
You appear to be implying that the author is giving agency to create the content to the AI rather than using it as a tool to act as a super-charged grammerly.
> Even professional authors go to an editor who identifies things that need to be fixed.
Yes, and these people are good at it. What’s your point?
If you need grammar checking, there are thousands of apps including word processors, web browsers and even most mobile devices that will check your inputs for grammar and spelling mistakes as you type. All of that without burning down the rainforests or neutering your thesis.
I believe you are confusing what an editor does and proofreading.
In the time before LLMs, for some of my occasional blog posts I'd first post it to whatever messaging system my colleges used and ask them to read over it. Identifying that "this word is confusing in this context" or "you're using jargon here that I'm unfamiliar with" is helpful. There's also stylistic items of "this sentence goes on for far too many words and thoughts without making a single punctuation mark indicating where it is complete or delineating two or more different ideas leading the reader to have to keep back tracking the thought to try to keep it all in their mind which can be confusing and makes it more difficult to read."
Proofreading tools pick up some typos and punctation errors in that previous bit. https://imgur.com/a/oqqoEGV None of them called out its structure.
The overly long example sentence introduces unintended humor or self-parody, which may dilute the seriousness of the point.
Now, one could argue that taking its advice for the structure and that I have incompletely formulated some arguments would change the tone of my writing. However, any changes that I make are changes that I intend to make and are not the result of the LLM rewriting my words.
In many kinds of writing, perhaps most, communicating your state of mind to the reader is a primary goal. Even a smart LLM fundamentally degrades this, because to whatever degree that it has a mind it isn't shaped like yours or mine. I've had a number of experiences this year where I get to the end of a grammatical, well-structured technical document, only to find that it was completely useless because it recited a bunch of facts and analyses but failed to convey what the author was thinking as they wrote it.
(Of course, that may well be exactly what you're looking for if you're writing an audit report or something.)
This sounds like an ESL issue. LLMs are good at proof reading ESL-written English text. They are not as good at proof reading experience English writers.
reply