Beyond the crypto architecture debate, I don't really understand how could anyone imagine a world where MS could just refuse such a request. How exactly would we draft laws to this effect, "the authorities can subpoena for any piece of evidence, except when complying to such a request might break the contractual obligations of a third party towards the suspect"?
Do we really, really, fully understand the implications of allowing for private contracts that can trump criminal law?
They could just ask before uploading your encryption key to the cloud.
Instead they force people to use a Microsoft Account to set up their windows and store the key without explicit consent
That's a crypto architecture design choice, MS opted for the user-friendly key escrow option instead of the more secure strong local key - that requires a competent user setting a strong password and saving recovery codes, understanding the disastrous implication of a key loss etc.
Given the abilities of the median MS client, the better choice is not obvious at all, while "protecting from a nation-state adversary" was definitely not one of the goals.
While you're right, they also went out of their way to prevent competent users from using local accounts and/or not upload their BitLocker keys.
I could understand if the default is an online account + automatic key upload, but only if you add an opt-out option to it. It might not even be visible by default, like, idk, hide it somewhere so that you can be sure that the median MS user won't see it and won't think about it. But just fully refusing to allow your users to decide against uploading the encryption key to your servers is evil, straight up.
I really doubt those motives are "evil." They're in the business of selling and supporting an OS. Most people couldn't safeguard a 10-byte password on their own, they're not going to have a solution for saving their encryption key that keeps it safer than it'd be with Microsoft, and that goes for both criminals (or people otherwise facing law enforcement scrutiny) and normal grandmas who just want to not have all their pictures and recipes lost.
Before recently, normal people who get arrested and have their computer seized were 100% guaranteed that the cops could read their hard drive and society didn't fall apart. Today, the chances the cops can figure out how to read a given hard drive is probably a bit less. If someone needs better security against the actual government (and I'm hoping that person is a super cool brave journalist and not a terrorist), they should be handling their own encryption at the application layer and keeping their keys safe on their own, and probably using Linux.
The OOBE (out of box experience) uploads the key by default (it tells you it’s doing it, but it’s a bit challenging to figure out how to avoid it) but any other setup method specifically asks where to back up your key, and you can choose not to. The way to avoid enrollment is to enable Bitlocker later than OOBE.
I really think that enabling BitLocker with an escrowed key during OOBE is the right choice, the protection to risk balance for a “normal” user is good. Power users who are worried about government compulsion can still set up their system to be more hardened.
The last time I've installed windows, bitlocker was enabled automatically and the key was uploaded without my consent.
Yes, you can opt out of it while manually activating bitlocker, but I find it infuriating that there's no such choice at the system installation process. It's stupid that after system installation a user supposed to renecrypt their system drive if they don't want this.
How would you even know that your opt-out request isn't silently ignored? Or your re-encrypted drive's key got backed up to the cloud because an update silently inverted a flag?
It's been legal in Australia since 2018 and frustratingly nobody seems to give a shit except for yanks trying to point out any government's injustices other than their own.
If they honestly informed customers about the tradeoff between security and convenience they'd certainly have far fewer customers. Instead they lead people to believe that they can get that convenience for free.
> tradeoff between security and convenience they'd certainly have far fewer customers
What? Most people, thinking through the tradeoff, would 100% not choose to be in charge of safeguarding their own key, because they're more worried about losing everything on their PC, than they are about going to jail. Because most people aren't planning on doing crime. Yes, I know people can be wrongly accused and stuff, but overall most people aren't thinking of that as their main worry.
If you tell people, "I'll take care of safeguarding your key for you," it sounds like you're just doing them a favor.
It would be more honest to say, "I can hold on to a copy of your key and automatically unlock your data when we think you need it opened," but that would make it too obvious that they might do so without your permission.
They're not doing them a favor. They're providing them a service.
Trust is a fundamental aspect of how the world works. It's a feature, not a bug.
Consider that e.g. your car mechanic, or domestic service (if you employ it), or housekeeping in hotel you stay, all have unsupervised access to some or all of your critical information and hardware. Yet, these people are not seen as threat actors by most people, because we trust them to not abuse that access, and we know there are factors at play to ensure that trust.
In this context, I see Microsoft as belonging to the cohort above for most people. Both MS and your house cleaner will turn over your things to police should they come knocking, but otherwise you can trust them to not snoop through your stuff with malicious intent. And if you don't trust them enough - don't buy their services.
I hope they don't wake up because they deserve to lose a lot of business after decades of abusing their monopolistic position to push software that prioritizes their own interests and not that of their customers.
It makes sense if you consider the possibility of a secret deal between the government and a giant corporation. The deal is that people's data is never secure.
The alternative is just not having FDE on by default, it really isn't "require utterly clueless non-technical users to go through complicated opt-in procedure for backups to avoid losing all their data when they forget their password".
And AFAICT, they do ask, even if the flow is clearly designed to get the user to back up their keys online.
> The alternative is just not having FDE on by default
yes, it would be. So, the current way, 99% of people are benefitting from knowing their data is secure when very common thefts occur, and 1% of people have the same outcome as if their disk was unencrypted: When they're arrested and their computers seized, the cops have their crime secrets. What's wrong?
No, encryption keys should never be uploaded to someone else's computer unencrypted. The OOBE should give users a choice between no FDE or FDE with a warning that they should not forget their password or FDE and Microsoft has their key and will be able to recover their disk and would be compelled to share the key with law enforcement. By giving the user the three options with consequences you empower the user to address their threat model how they see fit. There is no good default choice here. The trade offs are too varied.
Always on FDE with online backups is a perfectly reasonable default. The OOBE does offer the users the choice to not back up their key online, even if it's displayed less prominently.
>By giving the user the three options with consequences you empower the user to address their threat model how they see fit.
Making it too easy for uneducated users to make poor choices is terrible software design.
Disagree. If the path is shrouded behind key presses and commands which are unpublished by MS (and in some instances routes that have been closed), it may as well be.
Im going to shoot you unless you say the magic word - and technically Im not even forcing you into it, you could have said the magic word and got out of it!! Whats the magic word? not telling!
Anyway Microsoft and any software developer can be compelled to practically do anything, you don't want to be blocked in some jurisdictions (even less the US) and the managers do not want to go to jail to protect a terrorist, especially if nobody is going to know that they helped.
Some even go that far that they push an update that exfiltrates data from a device (and some even do on their own initiative).
And even if you are not legally compelled. Money or influence can go a long way. For example, the fact that HTTPS communications were decipherable by the NSA for almost 20 years, or, whoops, no contract with DoD ("not safe enough"...)
Once the data is in the hands of the intelligence services, from a procedure perspective they can choose what to do next (e.g. to officialize this data collection through physical collection of the device, or do nothing and try to find a more juicy target).
It's not in the interest of anyone to prevent such collection agreement with governments. It's just Prism v2.
So seems normal that Microsoft gives the keys, the same that Cloudflare may give information about you and the others. They don't want to have their lives ruined for you.
> How exactly would we draft laws to this effect, "the authorities can subpoena for any piece of evidence, except when complying to such a request might break the contractual obligations of a third party towards the suspect"?
Perhaps in this case they should be required to get a warrant rather than a subpoena?
A subpoena (specifically a subpoena duces tecum[1]) is the legal instrument that a court or other legal agency uses to compel someone to provide evidence. Seems entirely appropriate in this case.
[1] The other kind is subpoena testificandum, which compels someone to testify.
And they do. But if they want to compel your accountant to provide evidence (say) they use a subpoena. So if they want to compel Microsoft to provide evidence they should use a subpoena.
A technical difference being that your key/password is not itself "evidence" of anything. A practical difference being that the relationship is more akin to that of a landlord rather than an accountant.
Encrypt the BL key with the user's password? I mean there are a lot of technical solutions besides "we're gonna keep the BL keys in the clear and readily available for anyone".
For something as widely adopted as Windows, the only sensible alternative is to not encrypt the disk by default.
The default behavior will never ever be to "encrypt the disk by a key and encrypt the key with the user's password." It just doesn't work in real life. You'll have thousands of users who lost access to their disks every week.
It works for macOS. Filevault key is encrypted by user password. User login screen is shown early in boot process, so that Filevault is able to decrypt data and continue boot process. It sure works fine for a about a decade. No TPM nonsense required. Imo, the TPM based key only makes sense for unattended systems such as servers.
While this is true, why even bother turning on encryption and making it harder on disk data recovery services in that case?
Inform, and Empower with real choices. Make it easy for end users to select an alternate key backup method. Some potential alternatives: Allow their bank to offer such a service. Allow friends and family to self host such a service. Etc.
Stolen laptops would be my one idea here to always encrypt, even if MS / Apple has your key and can easily give it to the government? This way you have to know a user's password / login info to steal their information if you steal their computer (for the average theif). You still get their laptop, but you don't get their personal information without their login information.
This is a bit tricky as it couples the user's password with the disk encryption key. If a user changes the password they would then need to change the encryption key, or remember the previous (possibly compromised) password. A better option is to force the user to record a complex hash, but that's never going to be user friendly when it comes to the average computer user.
Basically, we need better education about the issue, but as this is the case with almost every contentious issue in the world right now, I can't imagine this particular issue will bubble to the top of the awareness heap.
The system handles these changes for the user automatically. The disk key is encrypted by user password, when user changes the password, the system completes disk key rollover automatically. Which means it will decrypt key with old password and then encrypt key with new password.
In practice, there's some bugs around this. There's no way to force Windows to update your password when you change it via Microsoft; I went through the password change due to Microsoft locking my Microsoft account, and Windows didn't update the password locally until I played around with group policy settings (that I'd never touched before) for password expiry and signed in via PIN and rebooted a dozen times (over the course of about 2 weeks).
I thought this was what happened. Clearly not :( That’s the idea with services like 1Password (which I suppose is ultimately doing the same thing) - you need both the key held on the device and the password.
I suppose this all falls apart when the PC unlock password is your MS account password, the MS account can reset the local password. In Mac OS / Linux, you reset the login password, you loose the keychain.
On Linux the typical LUKS setup is entirely separate from the login password. You don't lose anything if you forget the login password. You can just reset it with a live USB or similar.
If you mean the secure boot auto-unlock type of setup and you don't have a key backup, then you cannot reset your login password at all. You have to wipe the drive.
At this point, end-to-end encryption is a solved problems when password managers exist. Not doing it means either Microsoft doesn't care enough, or is actually interested on keeping it this way
I wouldn't call the problem "solved" just because of password managers.
Password managers shift the paradigm and the risk factors. In terms of MFA, a password in your manager is now "something you have" rather than "something you know". The only password I know nowadays is my sign-in password that unlocks the password manager's vault. So the passwords to my bank, my health care, my video games are no longer "in my fingers" or in my head anymore, they're unknown to me!
So vault management becomes the issue rather than password management. If passwords are now "something you have" then it becomes possible to lose them. For example, if my home burns down and I show up in a public library with nothing but the clothes on my back, how do I sign into my online accounts? If the passwords were in my fingers, I could do this. But if they require my smartphone to be operational and charged and having network access, and also require passwords I don't know anymore, I'm really screwed at that library. It'd be nearly impossible for me to sign back in.
So in the days of MFA and password managers, now we need to manage the vaults, whether they're in the cloud or in local storage, and we also need to print out recovery codes on paper and store them securely somewhere physical that we can access them after a catastrophe. This is an increase in complexity.
So I contend that password managers, and their cousins the nearly-ubiquitous passkeys, are the main driving factor in people's forgetting their passwords and forgetting how to sign-in now, without relying on an app to do it for them. And that is a decrease in opsec for consumers.
Microsoft killed local accounts in Windows 11 and made this the default path by users: Your private encryption keys are sent to Microsoft in a way that requires no other keys. This is a failure and doesn't happen on systems like LUKS. I understand Microsoft wants to be able to look nice and unlock disks when people forget their passwords, but doing so allows anyone to exploit this. Windows systems and data are more vulnerable because of this tradeoff they made.
Sure that's valid, they do need to conply with legal orders. But they don't need to store bitlocker keys in the first place, they only need to turn over data they actually have.
I don't think that many people here are naive enough to believe that any business would fight the government for the sake of its customers. I think most of us are simply appalled by this blatantly malicious behavior. I'm not buying all these "but what if the user is an illiterate, senile 90-year-old with ADHD, huh?" attempts to rationalize it away. it's the equivalent of the guy who installed your door keeping a copy of your keys by unspoken default - "what if your toddler locks himself out, huh?"
I know the police can just break down my door, but that doesn't mean I should be ok with some random asshole having my keys.
This is being reported on because it seems newsworthy and a departure from the norm.
Apple also categorically says they refuse such requests.
It's a private device. With private data. Device and data owned by the owner.
Using sleight of hand and words to coax a password into a shared cloud and beyond just seems to indicate the cloud is someone else's computer, and you are putting the keys to your world and your data insecurely in someone else's computer.
Should windows users assume their computer is now a hostile and hacked device, or one that can be easily hacked and backdoored without their knowledge to their data?
The Bernardino incident is a very different issue where Apple refused to use its own private key to sign a tool that would have unlocked any iPhone. There is absolutely no comparison between Apple's and MS conduct here because the architectures of the respective systems are so different (but of course, that's a choice each company made).
Should Apple find itself with a comparable decryption key in its possession, it would have little options but to comply and hand it over.
> Apple refused to use its own private key to sign a tool that would have unlocked any iPhone.
This is a misrepresentation of what actually happened: the FBI even argued that they would accept a tool locked to the specific device in question so as to alleviate this concern.
This is still forced labor/creative work/engineering work/speech and not okay, but it was not a "master key."
Firstly, Apple does not refuse such requests. In fact, it was very widely publicized in the past couple of weeks that Apple has removed Advanced Data Protection for users in the UK. So while US users still enjoy Advanced Data Protection from Apple, UK users do not.
It is entirely possible that Apple's Advanced Data Protection feature is removed legally by the US as well, if the regime decides they want to target it. I suspect there are either two reasons why they do not: Either the US has an additional agreement with Apple behind the scenes somewhere, OR the US regime has not yet felt that this was an important enough thing to go after.
There is precedent in the removal, Apple has shown they'll do the removal if asked/forced. What makes you think they wouldn't do the same thing in the US if Trump threatened to ban iPhone shipments from China until Apple complied?
The options for people to manage this stuff themselves are extremely painful for the average user for many reasons laid out in this thread. But the same goes for things like PGP keys. Managing PGP keys, uploading to key servers, using specialized mail clients, plugging in and unplugging the physical key, managing key rotation, key escrow, and key revocation. And understanding the deep logic behind it actually requires a person with technical expertise in this particular solution to guide people. It's far beyond what the average end user is ever going to do.
That was before Tim Cook presented Donald Trump with a gold and glass plaque along with a Mac Pro.
We live in far different times these days. I have no doubt in my mind that Apple is complying 100% with every LE request coming their way (not only because of the above gesture, but because it's actually the law)
> don't really understand how could anyone imagine a world where MS could just refuse such a request
By simply not having the ability to do so.
Of course Microsoft should comply with the law, expecting anything else is ridiculous. But they themselves made sure that they had the ability to produce the requested information.
Right, Microsoft have the ability to recover the key, because average people lose their encryption keys and will blame Microsoft if they can't unlock their computer and gain access to their files. BitLocker protects you from someone stealing your computer to gain access to your files, that's it. It's no good in a corporate setting or if you're worried about governments spying on you.
I'm honestly not entirely convinced that disk encryption be enabled by default. How much of a problem was stolen personal laptops really? Corporate machine, sure, but leave the master key with the IT department.
> Do we really, really, fully understand the implication of allowing private contracts that trump criminal law?
...it's not that at all. We don't want private contracts to enshrine the same imbalances of power; we want those imbalances rendered irrelevant.
We hope against hope that people who have strength, money, reputation, legal teams, etc., will be as steadfast in asserting basic rights as people who have none of those things.
We don't regard the FBI as a legitimate institution of the rule of law, but a criminal enterprise and decades-long experiment in concentration of power. The constitution does not suppose an FBI, but it does suppose that 'no warrant shall issue but upon probable cause... particularly describing the place to be searched, and the persons or things to be seized' (emphasis mine). Obviously a search of the complete digital footprint and history of a person is not 'particular' in any plain meaning of that word.
...and we just don't regard the state as having an important function in the internet age. So all of its whining and tantrums and pepper spray and prison cells are just childish clinging to a power structure that is no longer desirable.
I think legally the issue was adjudicated by analogy to a closed safe: while the exact contents of the safe is unknown beforehand, it is reasonable it will contain evidence, documents, money, weapons etc. that are relevant, so if a warrant can be issued in that case compelling a locksmith to open it, then by analogy it can be issued against an encrypted device.
Without doubt, this analogy surely breaks down as society changes to become more digital - what about a Google Glass type of device that records my entire life, or the glasses of all people detected around me? what about the device where I uploaded my conscience, can law enforcement simply probe around my mind and find direct evidence of my guilt? Any written constitution is just a snapshot of a social contract at a particular historical time and technological development point, so it cannot serve as the ultimate source of truth regarding individual rights - the contract is renegotiated constantly through political means.
My question was more general: how could we draft that new social contract to the current age, how could we maintain the balance where the encrypted device of a suspected child predator and murderer is left encrypted, despite the fact that some 3rd party has the key, because we agreed that is the correct way to balance freedoms and law enforcement? It just doesn't sound stable in a democracy, where the rules of that social contract can change, it would contradict the moral intuitions of the vast majority.
> so if a warrant can be issued in that case compelling a locksmith to open it, then by analogy it can be issued against an encrypted device.
But it isn't a warrant, it's a subpoena. Also, the locksmith isn't the one compelled to open it; if the government wants someone to do that they have to pay them.
> Any written constitution is just a snapshot of a social contract at a particular historical time and technological development point, so it cannot serve as the ultimate source of truth regarding individual rights - the contract is renegotiated constantly through political means.
The Fourth Amendment was enacted in 1791. A process to change it exists, implying that the people could change it if they wanted to, but sometimes they get it pretty right to begin with. And then who are these asshats craving access to everyone's "papers and effects" without a warrant?
It's dismissive because most of the requests open source developers get need to be dismissed.
"Where can I send some cash for your hard work" is much rarer than "Here's my very complex edge use case that I need to support ASAP, I think it's quite shameful you don't support this already must not take you more than 5 minutes, come on people do it already my clients are waiting".
It would be, if it were true. I'm not going to cast the entirety of a very large community in a single light, but there are great deal of people in the open source community who are afraid of money, or more specifically, that someone else might be making some, especially using open source code that they didn't personally hand write.
Another symptom is most projects don't have an easy way to donate money to them.
see, that's the problem, you immediately jump to a combative stance + assume the current maintainer is always right, which is exactly how the situations i presented happen in the first place
An alternative to ever extending the deadline is a Dutch auction model, where a bid consists of the maximum price you are willing to pay. It's a bit like integrating the snipping bot in eBay and allowing everyone to use it on fair terms.
For example, suppose the current price is $1 and the current winner is someone who bid $2 as their maximum bid ceiling. If I bid a $3 maximum, then I become the winner at a price of $2.
In this model, there is no need for snipping and those who honestly declare their maximum ceiling from the start are in no disadvantage compared to those who frequently update their bid, nor do they overpay.
This is exactly how eBay bidding works now. Sniping still works because your satisfaction with the outcome of an auction isn’t just determined by “I got the item below my price ceiling” but by _how much_ below my price ceiling I got the item.
Early bids make you commit to matching other bidders’ exploratory bids. You lose out on the (naive) dream of a “great deal”. Sniping (without paid-for bot assistance) is a costless way of not revealing your ceiling until the last moment (and it commits you to actually sticking to your ceiling because there isn’t time to rebid later).
If everyone bid rationally, this wouldn’t matter, but it’s very easy to convince yourself that you can stomach bidding just a little more than your ceiling just to win the item. This cuts two ways: last-minute bids prevent this behavior from others while also stopping it in yourself.
Unless I’m missing something this is exactly how eBay works. You set a max bid and then it auto bids up to that amount so you can’t get sniped unless they bid higher than your max.
Not that this is perfect either, often it means you can push other people’s bids up to their max even though you have no intention of buying the item. I’ve seen it as a seller and felt bad for the buyers
Yes, almost all online auction sites (or even offline absentee bidding) work this way. You set your maximum price and the auction house bids for you. However, in any case, bidding early gives other bidders information on how much you're willing to bid and allows them to nibble their way up to your max. So bidding late is always advantageous, even when you're setting a max bid.
I've never quite understood why people get so upset about sniping on eBay. Anybody can snipe. That's just the best play. Any time I want to bid on something on eBay, I just set my max bid on the sniping tool instead of on eBay, and then forget about it.
Ebay works like this too. But because sniping is still permitted, I like to bid 'uncommon' amounts, like $3.17, so if someone else tried to bid a max of $3.00 even at the last moment, the bid for the few cents more wins.
So, cloudification: lock the customer into a complex cloud dependent solution they can't easily migrate to some other commodity infrastructure provider.
I essentially do a 1 click deployment for my personal site with Cloudflare.
I don't want to deal with the cloud infra for my personal site.
I could, I've done it in corporate, I've done it for my startup 2 years ago.
But I'm rusty, I don't know what the latest people are using for configuration, etc.
Because there is 1 click with CF or Vercel and I don't have to think about it—I don't.
If they increase their price it likely wouldn't be enough friction for me dust off the rust.
I think this is the relation.
I'm not locked in, it's just HTML pages, but I am through my own habit energy, tech changing, and what I want to put effort into, which is not infra and serving my site.
They can stay open source, but stop putting any effort into supporting deploying to cloudflare's competitors, including accepting PRs for such improvements.
Or they could add features that only work if you deploy via cloudflare.
I also take anything said in an acquisition announcement with a grain of salt. It is pretty common for companies to make changes they said they wouldn't a few years after an acquisition.
Vercel does not make Next.js hard to deploy elsewhere. Next.js runs fine on serverful platforms like Railway, Render, and Heroku. I have run a production Next.js SaaS on Railway for years with no issues.
What Vercel really did was make Next.js work well in serverless environments, which involves a lot of custom infrastructure [0]. Cloudflare wanted that same behavior on CF Workers, but Vercel never open-sourced how they do it, and that is not really their responsibility.
Next.js is not locked to Vercel. The friction shows up when trying to run it in a serverless model without building the same kind of platform Vercel has.
Can you describe what you mean here? Because I have heard this about 100 times and never understood what people mean when they say this. I am hosting a NextJS site without Vercel and I had no special consideration for it.
Did YOU even bother to look at their site? They support more than static generation, including SSR and even API endpoints. That means Astro has a server that can run server-side (or serverless) to do more than static site generation, so it's not just a static site generator either.
And yes I can see you're posting the same lie all over the comments here.
They can say whatever they want, and then do whatever they want. They have no contractual or legal obligation.
Almost every (it seems) acquisition begins with saying, 'nothing will change and the former management will stay on'. A year later, the former managment leaves and things change dramatically.
That's always been true. Perhaps even more so as Astro constantly faced an existential battle for a working business. Now they don't have to do that and Cloudflare makes their money on their infra business. Locking Astro up now or in the future gains them very little compared to how much they make with hosted upsell services. [edit: clarity]
It's a static site builder. It creates a static site. HTML, CSS, and JS. That you can then upload literally anywhere.
Once again, what lock in? There is literally nothing to lock in. Explain exactly how they are going to lock somebody in, moreso than the lazy "for now" which you seem to constantly repeat.
No? It's still the same Astro that you can move to any other provider that supports it - and it's just Javascript, so pretty much everyone supports it.
It's an archetypal social coordination problem that can't be solved at a local level. If relaxed zoning pushes all new buildings into my neighborhood, because all other vote against it, then I'm going to end up with 20 stories of balconies hanging above my property but see no benefits, not even indirect ones like lower rents leading to lower inflation and prices etc. Some developer will simply capture that rent - both in the rent extraction sense and the real estate rent meanings.
A smart central planner can act for the shared benefit, they are sensitive to the votes of renters in some other high density area that also can't solve the problem locally etc.
if your neighborhood gets denser you will see the benefits
if you want to live there you can pick from more options
developers capture value, but the buildings are there
obviously the usual problem is that the land value goes up, and thus the rent goes up too (because suddenly the neighborhood becomes more desirable - which again is a sign of benefits for those who already live there)
I would summarize the central claim of the paper as: the widespread use of AI to mediate human interaction will rob people of agency, understanding and skill development, as well as destroying the social links necessary to maintain and improve institutions, while at the same time allowing powerful unaccountable actors (AI cabal) to interject into those relations and impose their institutional goals; by "institution" we mean a shared set of beneficial social rules, not merely an organization tasked with promoting them, "justice" vs. "US justice system".
The authors then break down the mechanisms by which AI achieves these outcomes (that seem quite reductive and dated compared to the frontier, for example they take it as granted that AI cannot be creative, that it can only work prospectively and can't react to new situations and events etc.), as well as exemplifying those mechanism already at work in a few areas like journalism and academia.
And I think that's about right. Despite the marketing, I think AI (especially if the hyped capabilities arrive) will be one of the most destructive technologies ever invented. It only looks good to blinkered and deluded technocrats.
Yes, I don't understand how such an experiment could work. You either:
A). contaminate the model with your own knowledge of relativity, leading it on to "discover" what you know, or
B). you will try to simulate a blind operation but without the "competent human physicist knowledgeable up to the the 1900 scientific frontier" component prompting the LLM, because no such person is alive today nor can you simulate them (if you could, then by definition you can use that simulated Einstein to discover relativity, so the problem is moot).
So in both cases you would prove nothing about what a smart and knowledgeable scientist can achieve today from a frontier LLM.
It seems the issue boils down to what the Greenlanders want: to become some sort of Venezuela of the north in Trump's imperial crown, and be used to maximize the profits of the American corporations that ultimately get to own it; OR full rights as EU citizens and local autonomy to decide who gets the mining concessions, under competitive terms open to all countries that maximize their profits, which stay in their hands.
The historical path of Greenland in DK is irrelevant.
if it becomes US territory would it not be more like be more like Alaska than Venezuela?
> full rights as EU citizens and local autonomy to decide who gets the mining concessions
There is no such thing as an EU citizen - people are citizens of EU states. Would an independent Greenland join the EU? Would it join NATO? I can see advantages for a small (in population) country with rich national resources playing the big powers against each other.
Indigenous Greenlanders have also been treated pretty badly by Denmark, even very recently, not just a long time ago when it was a colony:
Alaska received statehood a century after it was acquired, and only after being substantially colonized by Americans. It's entirely laughable to suggest that US will grant 2 seats ~= 4% of the Senate (plus one representative and 3 electors) to basically a small city of Inuits and Danes, most of which won't even speak English for a good many years to come.
One of the tricky situations now is that full independence for Greenland now would leave it weak to more aggressive imperialist predation from the USA.
Not that Denmark (or even the EU) is capable of militarily defending it now. But politically it carries more clout than a tiny population in its own state.
I think the situation of Quebec here in Canada does show it's possible for regions/provinces to become somewhat more sovereign in their own land without full legal independence. Even if that has been fraught with all sorts of ridiculous conflict.
There was an election in 2025. https://en.wikipedia.org/wiki/2025_Greenlandic_general_elect... Pro-independence parties won a supermajority. The only party whose leader said that he trusts Trump in the debate before the election got 305 votes and no seats.
The next parliamentary elections are scheduled for 2029, too late for a pro-Trump swing unless he manages to stay in office somehow.
In the case of Scotland the state resources (those of the Scottish govt) were promoting the leave side.
Both of those have very different histories and circumstances Greenland was a colony and in thr current (or at least very recent) treatment of indigenous people.
They certainly were not. The full force of British institutions was ranged against Scottish independence, including the civil service, BBC and even certain businesses like Baxters or Tesco.
Scotland forgets its past. Most people don't know that most of Scotland including non-Jacobite areas was garrisoned in the late 1740s. Or that there was an uprising in 1820. Or famines and rioting around the Moray Firth in the 1840s so bad that the army was brought in. Most of that is forgotten.
"Indigenous" is code for tribal. Scotland was partly tribal into the Middle Ages but is never classed as such. Why the difference?
can you clarify on what grounds it is irrelevant? As I see it, most things in the world are arranged in their current way for 'hysterical raisins', so I don't quite follow? There are approximately 200 countries that could carry continued support for greenland,but currently denmark is the one doing it, for HR. By the same logic,greenland could go to China or Russia?
The US officially took over greenland after denmark allied with nazi germany during ww2. People forget that the danes were nazi collaborators. We defended greenland against the nazis/danes during ww2 and the soviets during the cold war. I'd say greenland is more of a US territory than even puerto rico or american samoa is. All trump has to do is make it official.
Seems Greenlanders didn't get the memo, the vast, overwhelming majority still think of themselves as "not Americans".
This is the problem with historical narratives, history is not established fact but a continuous re-evaluation of the past. There is always that wako who will interpret some convenient or made up facts as proof that "Greenland is American in all but name".
Trump was extraordinarily lucky here, the Maduro regime was wholly unprepared and he was immediately extracted from the county; he can claim "mission accomplished", parade Maduro in front of the world media and watch from afar the PSUV leadership tear themselves appart.
But the dice Trump rolled could have easily fell onto a well prepared Maduro regime, which could have downed a few Blackhawks, torpedoed the ship from which they launched, captured and killed a few dozens to a few hundreds US service men, paraded them in the streets of Caracas and used them as human shields protecting the main military targets etc.
I.e, Trump could have easily committed US to a long term war and a ground invasion, without Congress authorization or allied support, and with Iraq or worse long term results.
While I strongly doubt this is true, it still doesn't change the fundamental gamble Trump took: it's impossible to predict how a regime change attempt will go, who will betray and who will rally around the flag. Especially in a resource rich country.
That's a bit like saying AC electricity was just a fancy way of delivering what customers really wanted, DC energy.
I'm sure that DC customers used their Edison DC equipment for decades after the grid went AC only; but in the long run the newer, flexible, lower overhead system became the default for new equipment and the compatibility cludges were abandoned.
Well, yes. Except that AC came to dominance much faster than IPv6, the AC/DC war lasted less than 10 years, with the AC quickly coming to domination. Because AC provides a clear performance advantage over DC.
This is not really true of IPv6. It _still_ has tons of actual operational issues, and in the best case, it does not provide any tangible improvements over IPv4+NAT for the vast majority of users.
For example, in-flight entertainment works by assigning you an IPv4 address and allowlisting it in the gateway rules. This does not work with IPv6 because of privacy addresses and SLAAC. You might think that you just need to do stateful DHCPv6, but Android doesn't support it. Heck, even simple DHCPv6 PD automatic configuration is _still_ not a standard ( https://datatracker.ietf.org/doc/rfc9762/ )!
So to this day, some of the most visited sites like amazon.com, ebay.com, tiktok.com, slack.com or even github.com do not support IPv6. I also keep providing this example, year after year: there are no public VoIP SIP providers in the US that simply _support_ IPv6. Go on, try to find one.
HVDC is enormously expensive even today and completely impractical for bulk transport 100 years ago. You can't look just at corona, capacitive etc. losses of HVAC, you need to factor in the entire economic equation. The total overhead of AC (cost of equipment + energy lost for the lifetime of the line) is still lower for overground transport over reasonable distances and will remain so for the foreseeable future.
I don't think they even had a way to do dc-dc voltage step-up and step-down at high power and efficiency, needed semiconductors for that to do high speed switching in buck and boost converters
Do we really, really, fully understand the implications of allowing for private contracts that can trump criminal law?
reply