I’m actually somewhat surprised that one of the masked, badgeless officers hasn’t been shot yet. So many of the actions look like a cartel kidnapping and some of them are happening in states with stand your ground laws where the major factor would be whether the person felt threatened.
Security is usually full of incremental improvements like that, however. Reducing the scope from all of NPM to the handful of things like test runners would be an enormous benefit for auditors and would encourage consolidation (e.g. most testing frameworks could consolidate on a single headless chrome package), and in the future this could be further improved by things like restricting the scope of those scripts using the operating system sandbox features.
They’re running the most popular registry but nothing says you can’t use your own to implement whatever policy you want. The default registry has a tricky balance of needing to support inexperienced users while also only having a very modest budget compared to the companies which depend on it, and things like custom authentication flows are disproportionately expensive.
They seem to manage to handle account signups with email addresss from unknown domain names just as fine as for hotmail.com and gmail.com. I don't see how this is any different.
The whole point of standards like OIDC (and supposedly TP) is that there is no need for provider-specific implemenations or custom auth flows as long as you follow the spec and protocol. It's just some fields that can be put in a settings UI configurable by the user.
It’s completely different. An email signup doesn’t involve a persistent trust relationship between PyPI and an OIDC identity provider. The latter imposes code changes, availability requirements, etc.
(But also: for completely unrelated reasons, PyPI can and will ban email domains that it believes are sources of abuse.)
> A third officer, who has been standing on the other side of the road, pulls out a firearm while the car is turning away from him and fires into the car three times. The officer fires two of the shots when the vehicle is already well past him. He is not in front of the car, but to the side. The officer calmly holsters his weapon.
That’s unproven, but suppose it’s true: what’s your alternative? If we are in fact facing widespread unemployment, what’s going to be better than UBI at avoiding societal collapse? Billionaires paying private armies to contain poor people is a straight-up sci-fi dystopia but even that depends on enough people having money to buy things from their companies.
If we truly hit the point where we have more people than jobs. That we hit AI improving at miraculous paces that we cant even reskill people. I think it would be better to essentially have make work programs. Have basic qualification programs where you are guaranteed a job. People need a purpose. Throw every person capable of getting an engineering or science degree into labs. Massively expand teaching, nurseing and medicine so there is extremely personal care just by the sheer numbers.
This is so fucking dumb. I hate when software engineers try to solve problems. You are good at one thing, do that.
The rest of us will struggle without your help because that's what we been doing. We are literally struggling to fulfill our purposes because we have jobs.
Then use it to pay for services like healthcare and education so that everyone has a safety net and opportunity to thrive without just giving everyone enough cash so that they are incentivized to slack.
DDT has been banned, cigarettes are all but banned, leaded fuel has been banned. Nuclear energy has been banned in Germany.
The industry wanted all of that and did not get its way after some time. You can ban "AI", make companies respect copyright. You can do all sorts of things.
Since "AI" can only plagiarize, countries that do the above will have an edge (I'm not talking about military applications that can still be allowed or should be regulated like in treaties for nuclear weapons).
Also the FSF squandered its opportunity being RMS’ hobby / support organization and skipped a lot of important discussions, even before the skeevy behavior they’d been ignoring came to light. I used to donate in the 90s but … really feels like that was just flushing cash.
ChatGPT came into the picture long after the open source issues we’re talking about were apparent. AI companies are making it even worse but solid advocacy in the 2010s or 2000s would’ve been helpful.
The better question is how well they do in a world where you have to pay OpenAI to be included. A local restaurant can likely survive on local advertising, neighborhood traffic, etc. but I’d bet a lot of categories further consolidate to favor larger companies who can negotiate LLM placement deals.
Do you have a source for that? Everyone I know who works outside of tech is complaining about how AI is making their jobs harder because it’s wrong so much of the time that they’re spending more time correcting it than it saves, and it’s been a boon for cheaters looking to remove obvious tells from their attacks.
I'm talking about people who shower after work not people who shower before work.
I have no doubt that people who are having AI foisted upon them by admins at the behest of someone else hate it.
They use AI as basically a leveled up version of the summaries google used to provide for certain search types. Saves them a bunch of obnoxious clicking around on the internet or in software that was never designed for mobile or to make giving up the kind of info they're seeking easily.
These people usually know enough to know when it's "not quite right". Same "don't trust the docs" story that existed in many workplaces long before AI
An example I saw recently was someone asked for a modern equivalent of a grease that's no longer made/relevant and it replied back with some weird aviation stuff. The "real" answer wound up being "just use anything, the builders intent in specifying was to prevent you from using tallow or some other crap 100yr ago"
And never this sweeping: like when Japanese car manufacturers were threatening Detroit, the president negotiated with Congress and the response was targeted, not a random shotgun on other countries and industries.
True. I have not ordered a single product from the Heard Island and McDonald Islands since the tariffs were levied on them. I am champing at the bit for these to be reduced.
Haha, but every coffee, tea, snd chocolate provider I buy from has announced their prices going up and it’s not like there’s an American industry those taxes are supporting. Hawaii doesn’t have enough land to grow even a fraction of our domestic coffee consumption.
Yes: that’s kind of a textbook example of using tariffs strategically — there’s a valid argument that automobiles are a strategic industry worth protecting (just for military capacity alone) but they didn’t threaten to heavily tax coffee and chocolate from other continents at the same time or under the pretense that it would make those crops viable in the United States at scale.
No, not even close. The basis for most of these actions requires novel legal re-interpretations to claim power from Congress for the executive, ignore time or scope limits, and remove expert judgement from what are often supposed to be consensus decisions. The courts cases over tariffs are highlighting the unprecedented claims for both the nature of the purported emergency and the scope of the response, but this shows up in many other areas such as inventing a “power emergency” to force coal plants to stay open over the wishes of the owners, communities, and state governments. We’ve never had anything like this level of direct economic interference in the modern economy - even things like WWII policies were at least targeted and based on a real threat.
reply