There is a certain amount of irony that people try really hard to say that hallucinations are not a big problem anymore and then a company that would benefit from that narrative gets directly hurt by it.
Which of course they are going to try to brush it all away. Better than admitting that this problem very much still exists and isn’t going away anytime soon.
If a megacorp wants your help to explain ANYTHING to them, you better be paid handsomely per hour. Wtf are people doing charity for trillion dollar empires.
> As a sole maintainer of an open source project, I was enthused when Microsoft reached out to set up a meeting to talk about Spegel. The meeting went well, and I felt there was going to be a path forward ripe with cooperation and hopefully a place where I could onboard new maintainers.
Seems it isn't the first time Microsoft leads open source maintainers on, trying to extract information about their projects so they can re-implement it themselves while also breaking the licenses that the authors use. Not sure how people fell so hard for "Microsoft <3 Open Source" but it's never been true, and seems it still isn't, just like "Security is the #1 priority" also never been true for them.
Here is the previous time I can remember that they did something similar:
The best advice for open source maintainers who are being approached by large tech companies is to be very wary, and let them contribute/engage like everyone else if they're interested, instead of setting up private meetings and eventually get "forked-but-not-really" without attribution.
Oddly, I thought this discussion would be about actual toddlers.
There is a way to win an argument with a toddler. You find out what's bothering them, usually something emotional, and you validate it. "Yes! It's fun to stay up late! Yes! You don't want to eat your vegetables!" Once they feel heard, you've got a shot at getting them to do what you want.
That's a good way to win an argument with a non-toddler as well. Acknowledge that what they want is legitimate (if it is). Concede points of agreement. Talk about shared goals. Only then talk about a different path to the solution.
I did some digging and the hacker posted which exploit he used.
Apparently some boards allowed uploading PDF files, but the site never checked if the PDF file was an actual PDF file. Once a PDF file was uploaded it was passed to a version of Ghostscript from 2012 which would generate a thumbnail. So the attacker found an exploit where uploading a PDF with the right PostScript commands could give the attacker shell access.
> I wonder what level of compartmentalisation inside DHS means they didn't see this as having sufficient downsides?
This was not a carefully-weighed decision based on a cost-benefit analysis. This was a political order, consistent with the administration's policy of "cut everything, recklessly, indiscriminately."
I always found it interesting how hacker culture is largely propped up on the protections society has carved out for librarians following world war 2 (where certain sections of society had been identified based on what books they had looked at).
The hacker culture of “information wants to be free” is largely predicated on the librarian mantras of the same sentiment and only given protection by western europe after clear and serious abuse.
Librarians are the very forefront of information access and the privacy of looking up certain information, we owe them a lot.
All: The topic of this thread is the passing of a significant public figure. Discussion should be primarily focused on thoughtful reflections on the life of that person, and his influence on the institution he represented and the broader world. Generic commentary about the institution, religion in general, or other public figures or issues, is likely off topic.*
Before commenting, please take a moment to consider whether your comment is within the HN guidelines [1], particularly the first two:
Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes.
Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.
A long, long time ago (within the past ten years), I had to verify my age with a site. They didn't ask for my ID, or my facial scan, but instead asked for my credit card number. They issued a refund to the card of a few cents, and I had to tell them (within 24hr) how much the refund was for, after which point they'd issue a charge to claw it back. They made it clear that debit and gift cards would not be accepted, it must be a credit card. So I grabbed my Visa card, punched in the numbers, checked my banking app to see the +$0.24 refund, entered the value, got validated, and had another -$0.24 charge to claw it back.
Voila, I was verified as an adult, because I could prove I had a credit card.
The whole point of mandating facial recognition or ID checks isn't to make sure you're an adult, but to keep records of who is consuming those services and tie their identities back to specific profiles. Providers can swear up and down they don't retain that information, but they often use third-parties who may or may not abide by those same requests, especially if the Gov comes knocking with a secret warrant or subpoena.
Biometric validation is surveillance, plain and simple.
Google making Gemini 2.5 Pro (Experimental) free was a big deal. I haven't tried the more expensive OpenAI models so I can't even compare, only to the free models I have used of theirs in the past.
Gemini 2.5 Pro is so much of a step up (IME) that I've become sold on Google's models in general. It not only is smarter than me on most of the subjects I engage with it, it also isn't completely obsequious. The model pushes back on me rather than contorting itself to find a way to agree.
100% of my casual AI usage is now in Gemini and I look forward to asking it questions on deep topics because it consistently provides me with insight. I am building new tools with the mind to optimize my usage to increase it's value to me.
Hey! I did this too - CenturyLink wanted an insane amount of money to bring fiber to our place, now we service hundreds and we're growing into a major contender in Boulder County - https://ayva.network
This part is really damning: a real efficiency audit might need a lot of access to look for signs of hidden activity, but they’d never need to hide traces of what they did:
> Meanwhile, according to the disclosure and records of internal communications, members of the DOGE team asked that their activities not be logged on the system and then appeared to try to cover their tracks behind them, turning off monitoring tools and manually deleting records of their access — evasive behavior that several cybersecurity experts interviewed by NPR compared to what criminal or state-sponsored hackers might do.
The subsequent message about Russian activity could be a coincidence–Internet background noise-but given how these are not very technically skilled and are moving very fast in systems they don’t understand, I’d be completely unsurprised to learn that they unintentionally left something exposed or that one of them has been compromised.
We never stopped manufacturing, we just stopped employing people.
> We don’t have the infrastructure to manufacture
That's trivially false given we're the second-largest manufacturer in the world. We just don't want to employ people, hence why we can't make an iphone or refine raw materials.
The actual issue is that our business culture is antithetical to a healthy society. The idea of employing Americans is anti-business—there's no willingness to invest, or to train, or to support an employee seen as waste. Until business can find some sort of reason to care about the state of the country, this will continue.
Of course, the government could weigh in, could incentivize, could subsidize, could propagandize, etc, to encourage us to actually build domestic industries. But that would be a titantic course reversal that would take decades of cultural change.
I grew up in an extremely repressed and abusive household. I wasn't allowed to watch the majority of television or film, and my room was regularly searched for offending non-Christian records and such.
My aunt was the librarian at my elementary and middle school. I was a voracious reader, but I had a collegiate reading level since i was 6 or 7 and the books available to us in our school library just weren't cutting it. I also pined for more adult-oriented themes and plots.
Out of sympathy, my aunt allowed me to access the "forbidden zone" of adult books of which our school apparently had a large cache, hidden in the back rooms. She didn't tell my guardians, and I can't overstate how important this was for me. I've always deeply admired her work and attitude towards information accessibility, and it left an indelible mark on me.
In distant times (before Microsoft's Satya era) I was the maintainer of a popular OSS product that scratched an important itch for specialist people who were doing work in the early cloud days. It solved my own problems, and I didn't want to make a business out of it, so I was content to release it as OSS.
A Microsoft director who ran a portfolio of product teams reached out to ask about a "collaboration". I said I'd be happy to send them my consulting agreement. There was a little grumbling about the rate but I just reiterated that it was my rate. After a lot of legal back and forth, they signed, I answered a bunch of questions for them in a 2-day workshop, and they paid.
If they want you badly enough, they'll pay. Don't work for free.
Very poor take. The author clearly has very limited experience with raising kids. Most kids won't do difficult things if you don't push them. Playing music, learning to spell correctly, doing mathematics, and so on. A very small minority of kids will do all of that easily and for the fun, but you can't rely on it. If you don't push your kid to do their 20 minutes of piano every day, they will half-ass it and will stop after 1 year and conclude they are not good at music. Same for sport. Same for reading books. Same for maths. And you know what? It's your fault. You chose to be lazy and complacent and didn't push them because it's hard to be a good parent. And now you expect me to validate your laziness? Nah.
This kind of news should be a death-knell for OpenAI.
If you've built your value on promising imminent AGI then this sort of thing is purely a distraction, and you wouldn't even be considering it... unless you knew you weren't about to shortly offer AGI.
> “The Grok integration with X has made everyone jealous,” says someone working at another big AI lab. “Especially how people create viral tweets by getting it to say something stupid.”
It's awesome to see the amazing value for society being created by big tech these days.
Even by the standards of this administration...... yikes:
Meanwhile, his attempts to raise concerns internally within the NLRB preceded someone "physically taping a threatening note" to his door that included sensitive personal information and overhead photos of him walking his dog that appeared to be taken with a drone, according to a cover letter attached to his disclosure filed by his attorney, Andrew Bakaj of the nonprofit Whistleblower Aid.
Worth reading in its entirety. The following four paragraphs, about post-WWII funding of science in Britain versus the US, are spot-on, in my view:
> Britain’s focused, centralized model using government research labs was created in a struggle for short-term survival. They achieved brilliant breakthroughs but lacked the scale, integration and capital needed to dominate in the post-war world.
> The U.S. built a decentralized, collaborative ecosystem, one that tightly integrated massive government funding of universities for research and prototypes while private industry built the solutions in volume.
> A key component of this U.S. research ecosystem was the genius of the indirect cost reimbursement system. Not only did the U.S. fund researchers in universities by paying the cost of their salaries, the U.S. gave universities money for the researchers facilities and administration. This was the secret sauce that allowed U.S. universities to build world-class labs for cutting-edge research that were the envy of the world. Scientists flocked to the U.S. causing other countries to complain of a “brain drain.”
> Today, U.S. universities license 3,000 patents, 3,200 copyrights and 1,600 other licenses to technology startups and existing companies. Collectively, they spin out over 1,100 science-based startups each year, which lead to countless products and tens of thousands of new jobs. This university/government ecosystem became the blueprint for modern innovation ecosystems for other countries.
The author's most important point is at the very end of the OP:
> In 2025, with the abandonment of U.S. government support for university research, the long run of U.S. dominance in science may be over.
In 2021, during a visit to the Greek island of Mytilene, Pope Francis delivered one of the finest speeches I've ever read:
> This great basin of water, the cradle of so many civilizations, now looks like a mirror of death. Let us not let our sea (mare nostrum) be transformed into a desolate sea of death (mare mortuum). Let us not allow this place of encounter to become a theatre of conflict. Let us not permit this “sea of memories” to be transformed into a “sea of forgetfulness”. Please brothers and sisters, let us stop this shipwreck of civilization!
> We are in the age of walls and barbed wire. To be sure, we can appreciate people’s fears and insecurities, the difficulties and dangers involved, and the general sense of fatigue and frustration, exacerbated by the economic and pandemic crises. Yet problems are not resolved and coexistence improved by building walls higher, but by joining forces to care for others according to the concrete possibilities of each and in respect for the law, always giving primacy to the inalienable value of the life of every human being
I believe many of the problems in our current social media landscape could be solved by eliminating the "feed" and instead displaying posts, updates, and pictures from friends, family, and those we know in real life. This approach might conflict with the profit models of big tech social media and could go against what most people have become accustomed to. Personally, I would love a smaller social network where I can stay connected with my school friends, college friends, and distant family without having to see irrelevant posts, like some stupid remark from a politician halfway around the world or influencers doing something outrageous just for attention.
I don't think this article explains it well. Google sells ad space on behalf of the publishers and also sells the ads on behalf of the advertisers. It also runs the auction that places the ads into the ad space. See this graphic https://images.app.goo.gl/ADx5xrAnWNicgoFu7. Parts of this can definately be broken up without destroying Google.
If there are any Europeans here, I'd love to make my vulnerability database that's accumulated from all linux security trackers and the CVE/NVD open source if I can manage to find some folks who'd help with maintenance.
Currently hosting costs are unclear, but it should be doable if we offer API access for like 5 bucks / month for private and 100 / month for corporate or similar.
Already did a backup of the NVD in the last couple hours, currently backing up the security trackers and OVAL feeds.
Gonna need some sleep now, it's morning again.
My project criteria:
- hosting within the EU
- must have a copyleft license (AGPL)
- must have open source backend and frontend
- dataset size is around 90-148 GB (compressed vs uncompressed)
- ideally an e.V. for managing funds and costs, so it can survive me
- already built my vulnerability scraper in Go, would contribute it under AGPL
- already built all schema parsers, would contribute them also under AGPL
- backend and frontend needs to be built
- would make it prerendered, so that cves can be static HTML files that can be hosted on a CDN
- needs submission/PoC/advisory web forms and database/workflow for it
- data is accumulated into a JSON format (sources are mixed non standard formats for each security tracker. Enterprise distros use odata or oval for the most parts)
If you are interested, write me on linkedin.com/in/cookiengineer or here.
I'm on the team at Let's Encrypt that runs our CA, and would say I've spent a lot of time thinking about the tradeoffs here.
Let's Encrypt has always self-imposed a 90 day limit, though of course with this ballot passing we will now have to reduce that under 47 days in the future.
Shorter lifetimes have several advantages:
1. Reduced pressure on the revocation system. For example, if a domain changes hands, then any previous certificates spend less time in the revoked state. That makes CRLs smaller, a win for everyone involved.
2. Reduced risk for certificates which aren't revoked but should have been, perhaps because a domain holder didn't know that a previous holder of that domain had it, or an attack of any sort that led to a certificate being issued that wasn't desired.
3. For fully short-lived certs (under 7 days), many user-agents don't do revocation checks at all, because that's a similar timeline to our existing revocation technology taking effect. This is a performance win for websites/user-agents. While we advocate for full certificate automation, I recognize there are cases where that's not so easy, and doing a monthly renewal may be much more tractable.
Going to shorter than a few days is a reliability and scale risk. One of the biggest issues with scale today is that Certificate Transparency logs, while providing great visibility into what certs exist (see points 1 and 2), will have to scale up significantly as lifetimes are cut.
Why is this happening now, though? I can't speak for everyone, and this is only my own opinion on what I'm observing, but: One big industry problem that's been going on for the last year or two is that CAs have found themselves in situations where they need to revoke certificates because of issues with those certificates, but customers aren't able to respond on an appropriate timeline. So the big motivation for a lot of the parties here is to get these timelines down and really prove a push towards automation.
Please add YouTube to the list. I'm watching my kids' brains slowly melt as they go from YouTube short to YouTube short like little crack addicts trying to get their next fix. Throw in a bunch of AI generated bottom of the barrel swill and I'm on the verge of blocking YouTube entirely yet again. I blocked YouTube for years because of all the garbage child targeted auto generated videos that were flooding the platform. It's very frustrating because there is a lot of good content that I would like them to continue to have easy access to, but the cost of entry is way too high.
Which of course they are going to try to brush it all away. Better than admitting that this problem very much still exists and isn’t going away anytime soon.