I have sympathy for the desire but that isn't something you actually get through google's surveillance-ware.
You can change the information you put into the hash in my example to get them one go per site per day or one per year or even one per site ever. But without giving cross site linkablity that does you no good or giving google visibility into everyone all the time.
But that still doesn't get you to your desired unevadable bans, but with suitable parameters it can get as close as google's spyware approach while being much more private.
I think time a time oriented rate limit makes the most sense considering the limits in practice (attacker just gets access to another discarded phone, or tricks someone into authenticating for them via theirs)-- basically means the best you can do against dedicate attackers is rate limit them. So why subject honest users who may have good privacy reasons to use multiple accounts over time to worse effective limits than attackers?
But you don't have to agree with that to accept that schemes much more private than google's are possible.
I’d very much love to have an option to waive that cover though! Just give me a scary warning “hey, we’ve determined your device is unsafe; so if you get hacked through that device, you agree not to hold us liable for that. proceed? [y/N]”
For more specific mitigations, they could issue shorter-living tokens to such devices, in case it gets stolen and it didn’t store the token properly (say, the user did something stupid like “hey I’ll substitute secure enclave with a shim that writes secrets to an SD card”). And they could limit certain critical functions that do require attestation for some reason (e.g. Host Card Emulation, aka “tap your phone to pay”, which they usually delegate to Google Wallet/Pay/Wallet anyway).
Wise seems to do it correctly. It works on rooted phones, even, just gives a scary warning and blocks some app functions. They also have a fully functional webapp, so you mostly don’t need the app anyway. Revolut, on the other hand, has outright blocked me from my account – so I’m not using it anymore.
You may waive that cover, but when (not if) you get hacked and your money gets stolen, someone still has to pay it back or you will die. Neither of those options are okay with the government and only one is okay with your bank.
I've dug around the TempleOS codebase a bit, and while it certainly is impressive for a single guy's work, I think there's been an overcorrection where people act like Terry was some hyper genius instead of "a pretty smart guy".
I kind of got the impression that whenever Terry didn't know how to do something, he would just convince himself that that's not what God wanted anyway and stop doing it.
I don't think most people actually believe he was one of the smartest people of all time or anything. He was obviously a seriously talented programmer, and impressively so: when you consider the number of humans that can program at all on earth, and then the number that can write a compiler, and a complete operating system/desktop environment/shell/games, while suffering from severe mental illness no less—you end up with a vanishingly small group.
Most of the people we think of geniuses are not smarter than the average smart person, but they persevered more. Terry had the ultimate driver of perseverance: severe mental illness.
Given that Terry described the manic episodes as "a revelation from God" I think theopneustos is an accurate description. It just means "God Breathed" or "Inspired by God"
The announcement blog post (https://blog.orhun.dev/introducing-ratty/), which would've been a better submission URL, unsurprisingly says that TempleOS was the direct inspiration of the project.
Some courts [which?] have read things into open source licenses that aren't actually there, usually on the side of the user because that's obviously what the people who wrote the licenses intended. It's not impossible that GPL could force Amazon to give out their software.
Hackers were moving fast and breaking things first. Faster than any corporation in fact. We didn't notice because their computers weren't powering anything useful. How do you think projects like GNU happened?
I don't actually believe this. People don't actually believe every car should have a GPS tracker so that if a pedophile drives a car, the police can track it. That is a ridiculous argument, and if they make it, there should be something you can say to make it blow up in their face. Unfortunately, as we've all now discovered, winning arguments isn't about being right, so I don't know which words you can say to make the obviously stupid argument sound obviously stupid.
> People don't actually believe every car should have a GPS tracker so that if a pedophile drives a car, the police can track it.
It's not about what people believe, but what they are willing to publicly push back against. If such a law was proposed today, I bet it would pass because the only discussions around it would be whether the data can be kept safe and what punishments to dole out if the car owner access this data. Arguments about privacy will be waved away or dismissed without debate.
In fact, let's make a pointless bet: I bet my imaginary internet reputation that the US or EU will pass a law within the next 10 years that requires the continuous recording and collection of data that not only includes GPS, but also face and audio data whenever a car is in motion. This law will impose severe punishments on any owner that accesses this data or deletes it.
I desperately fear for my family and want things to improve, but we are going to lose this battle.
Since July 2022, Driver Drowsiness and Attention Warning (DDAW) systems have been required in all new vehicle types within the European Union (EU). They will be mandatory for all newly registered vehicles from July 2024.
I think most people would think, and say, that giving every car a GPS tracker so that if a pedophile drives a car, the police can track it, is a terrible idea.
People already showed that they will swallow anything as long as it's attached to "protect from the terrorists" label. Protect the children is an even more powerful extension. Few people ever really have to worry about terrorists but kids, that's a different story.
My logical assumption is that all terrorists and pedophiles will concentrate in the areas where they have legal exceptions from being monitored by multiple different parties at any given time. Legislators and the like. To play one of their cards, why would people who love to say "innocent people have nothing to hide" have something to hide?
If you've got an idea that you need assembly language for, you can use a compiler to create that assembly language. It'll probably do a better job than an LLM. Assembly projects are interesting because they're written in assembly, not because they contain assembly.
You'd be surprised, again.... most compilers don't generate very good code, mostly because
1. the time for optimisation is limited
2. the constraints are overlapping and just completely intractable beyond a single function (do you want to inline this, saving on the call and increasing binary size, or not do it because it's cold?)
3. they don't have domain-specific knowledge about your code, and even with PGO, they might incorrectly decide what's hot and what's not - typical example are program settings. You didn't enable a setting during PGO instrumentation, compiler sees you didn't call that path, shoves it out of line. Now your PGO-optimised code is worse than -O2. And compilers have different levels of adherence to manual branch hinting - on MSVC you get a reorder at best, Clang and GCC try much harder at [[likely]] and [[unlikely]].
4. There's still quite a bit of low-hanging fruit left, mostly because progress is jagged ;) For example our calling conventions generally suck - this is actually why inlining is so helpful - and the inertia makes everyone emit the default calling convention and that's it.
For example, did you know that compilers have very inconsistent support for struct unpacking? It can be much faster to write
because the first one goes through registers on the MSVC ABI, the second one gets lowered to the caller passing a pointer to the stack. Before someone says "oh this just means MS sucks" - fair, but for std::unique_ptr the situation is the other way around... on the MSVC ABI the callee cleans it up so it's truly zero-cost, but on the Itanium ABI using it is worse than using T* as a raw pointer... see the GCC codegen :)
These examples might seem a bit cherrypicked but this is only scratching the surface, not to talk about the codegen in higher-level languages, which is even more dreadful. Manually optimising your code can usually get a magnitude worth of free performance, which is just tragic.
I wouldn't even rule out LLM codegen in the future - although they're quite unreliable today so you'd get miscompiles like crazy - but there's just so much low-hanging fruit left on the table that it wouldn't be too out of step...
> It is also not even required to show that that single byte was uploaded, your IP getting logged as part of the swarm suffices
What if someone would release software that would connect to random swarms and not upload or download anything? Would they still be criminally liable? You could disguise the purpose by saying it's measuring swarm diversity.
It's a mistake to assume courts need "proof" for a ruling. It's totally sufficient if courts find that it's just the most likely. "Not guilty until proven innocent".
If you receive child porn in your mailbox and the package is caught, you better have a really good story. Like, prior documented proof of harassment.
In regards to your question, and Germany specifically: Media companies hire specialist lawyers. These lawyers prefer to sue in Hamburg, where the courts are known to be very media company friendly. It's just not likely that you ran some experiment and didn't upload anything, so you better have it documented well enough to convince the court.
Back in the day, this would 100% get you letters from law firms that extort money from you (usually around €400 to €2000). Failure to pay had a fair chance to get the case in front of a judge. You will have argue with him that you did it for fun and did not actually up/download anything.
If the judge does not believe you, expect to pay something like 3-6 months of income. If he does, you only have to pay your lawyer (the opponent will not). Back then, I'd say it was a 50:50 chance, provided you have excellent documentation and a good lawyer.
That's awesome! So a media company technician can plant IPs and ruin their competitors lives. No wonder this country keeps failing to get a tech industry.
reply