Is there any info on the impact of such tools, like do they have any specific performance improvements (startup time, memory use)? How much Gb of bloat is actually removed?
You can visualize performance using Windows' built-in Performance Monitor.
It's not a comparison app, but you can check different resources in detail both before and after disabling un-needed features.
Disk activity is one of the things reported in real time, as well as memory usage, but the Gb of bloat on the OS drive is not a consideration.
Inhibiting things which are useless to you from occupying memory, may be less than 1 Gb but may still be worth it, but that is different than disk drive bloat which can really get massively out-of-hand.
Drive Gb is expected to grow with each additional program you install, but further drive bloat has often dwarfed that as preinstalled apps have proliferated, written by those who do not have experience using limited resources to a serious degree of efficiency.
And then after non-security updates became mandatory, each year this lack of professional experience has an accelerating impact across-the board, and by now you are expected to accomodate a dozen or more gigabytes than last year.
And both Windows 10 and Windows 11 were more functional in some ways than a year ago too.
Cut back on memory waste by keeping things from loading until an event when you yourself really need it.
Cut back on drive bloat by uninstalling things you know you are never going to need.
> The web has supported these basic functions for over a decade. Surely in the year 2025, I thought, HTML5 is a good choice for these simple needs.
> What really happened was, I hit over 50 surprising problems related to gaps in web standards, requiring me to spend over half of the total development time
The half part might be surprising, but the fact that the web is broken in all the big and little places shouldn't really be, isn't that part of deep web lore that you get even by looking at the omnipresent dom tree, but especially if you're a druid and forest-native?
Like, "No you can't control the real size of anything" has been one of the many fundamental cascading flaws of that peculiar joke of a design system since forever, no?
Also had this first thought, but then a hack could just be a way around a limit/lack of authorization, doesn't have to be unknown/sophisticated, so copy of black boxes fits
By serving up the PDF file I am being authorized to receive, view, process, etc etc the entire contents. Not just some limited subset. If I wasn't authorized to receive some portion of the file then that needed to be withheld to begin with.
That's entirely different from gaining unauthorized entry to a system and copying out files that were never publicly available to begin with.
To put it simply, I am not responsible for the other party's incompetence.
For starts, wouldn't it be kind of ironic to set up limits and authorization in a context that is about making some content available to the public?
I'd say any technical or legal restrictions or possible means to enforce DRM ought to be disabled or absent from the media format used when disseminating content that must be disclosed.
Censorship (of necessary) should purge the data entirely,ie: replace by ###
That's not true, you can mistakenly receive data you're not authorized to have (might even be criminal to have!)
> That's entirely different from gaining unauthorized entry to a system and copying out files that were never publicly available to begin with.
That's not the sum total of hacks, if you have publicly accessible password-protected PDF and guess the password as 1234, that's a hack. Copy& paste of black boxes is similarly a hack around content protection
> To put it simply, I am not responsible for the other party's incompetence.
To put it even simpler, this conversation is not about you and your responsibility, but about the different meanings of the word "hack "
> you can mistakenly receive data you're not authorized to have (might even be criminal to have!)
Not the layman, at least to the best of my knowledge.
Yes, certain licensed professionals can be subject to legal obligations in very specific situations. But in general, if you screw up and mail something to me (electronic or otherwise) then that is on you. I am not responsible for your actions.
> if you have publicly accessible password-protected PDF and guess the password as 1234, that's a hack
Sure, I'll agree that the software to break the DRM qualifies as a hack (in the technical work sense). It also might (or might not) rise to the level of "lack of legal authorization". I don't think it should, but the state of laws surrounding DRM make it clear that one probably wouldn't go in my favor.
However that isn't what (I understood) us to be talking about - ie legal authorization as it relates to black box redaction and similar fatally flawed approaches that leave the plain text data directly accessible (and thus my access plainly facilitated by the sender, if inadvertently).
> this conversation is not about ...
You are the only one using the term "hack" here. Please note that I had responded to your "limit/lack of authorization" phrasing. Nothing more.
That said, while we're on the topic I'll note the ambiguity of the term "hack" in this context. Illegal access versus clever but otherwise mundane bit of code (no laws violated). You seem to be failing to clearly differentiate.
> Not the layman, at least to the best of my knowledge.
Are you not aware of content that is criminal to possess? Like CP is the most common example.
> I am not responsible for your actions.
I've already addressed this confusion of yours - this is NOT about your responsibility for someone else's actions, but about your own actions and whether they constitute a "hack".
> You are the only one using the term "hack" here. Please note that I had responded to your "limit/lack of authorization" phrasing. Nothing more.
Please open a dictionary for the word hack to understand this conversation! And note the word "authorization" in the definition.
> However that isn't what (I understood) us to be talking about - ie legal authorization
Understandably you're confused, the legal limit is your own making, authorization is way broader than that.
> I'll note the ambiguity of the term "hack" in this context
Exactly!!! Keep looking into the definition to resolve the ambiguity!
You realize we just went from (the legal equivalent of) "I accidentally mailed you my tax return" to "I accidentally mailed you a bomb". Like yeah, it remains illegal to retain possession of said bomb irrespective of the fact that someone intentionally sent it. That is ... not at all surprising?
Beyond that you're clearly just trolling at this point, going to great lengths to manufacture an argument about a term that I never used to begin with. "Lack of authorization" has a clear legal meaning whereas "hack" does not.
For the 3rd time, this conversation is not about YOU and not about what surprises you!
> "Lack of authorization" has a clear legal meaning whereas "hack" does not.
No, you've made up this limit to some "legal meaning" (also wrong here, large variety there as well but wouldn't want to endulge you further). Again, open up a dictionary on "hack", then follow the definition of "authorization" from there, if you only find "legal" in there, get a better dictionary, journalists / commenters are usually not lawyers, so they wouldn't accept your artificial legal limits on meaning!
> Beyond that you're clearly just trolling at this point
I think this is the greatest proof of the simultaneous validity of two different arguments. Disclaimer, I'm assuming (I think fairly) that you're in good faith.
The funny thing is, to me, the other commenter's arguments are quite clear/obvious to me and make sense. Not that your points are wrong - but... I'm 99% sure the other person isn't trolling in the slightest. Y'all are just talking across each other.
Initially, perhaps. However note that my attempts to clarify exactly that are repeatedly followed by misconstruing my position. It's not so much that we disagree as that the supposed disagreement is about things I never said. The repeated failure to respond to what was actually said coupled with the combative tone is pretty much the definition of trolling. Of course that term does assume intent to an extent - if he's just having a bad day I'm not sure that technically qualifies. The end result is the same though.
BTW if you feel I've missed some insightful point of his do please elaborate.
> but smart AF. When Barr’s DOJ released a redacted version of the Mueller Report, they printed the whole thing, made their redactions with actual ink, and then re-scanned every page to generate a new PDF with absolutely no digital trace of the original PDF file.
This is a dumb way of doing that, exactly what "stupid" people do when their are somewhat aware of the limits of their competence or only as smart as the tech they grew up with. Also, this type of redaction eliminates the possibility to change text length, which is a very common leak when especially for various names/official positions. And it doesn't eliminate the risk of non-redaction since you can't simply search&replace with machine precision, but have to do the manual conversion step to printed position
I'm not so sure it's about knowing his own limitations, rather it's about building a reliable process and trusting that process more than either technology or people.
Any process that relies on 100% accuracy from either people or technology will eventually fail. It's just a basic matter of statistics. However, there are processes that CAN, at least in theory, be 100% effective.
So following that strange logic if a dumb person knows he's dumb, he's suddenly become intelligent? Or is that impossible by your peculiar definition of intelligence?
Wisdom would be knowing not to try and exceed those limits
Intelligence would be knowing they exist (I know that I cannot fly by flapping my arms, it took intelligence to deduce that, wisdom tells me not to try and jump from a height and flap my arms to fly. Further intelligence can be applied, deducing that there are artificial means by which I can attain flight)
Knowing your limits has to be a sign of intelligence.
"Dumb" people (FTR the description actually refers to something rather than that which you think it does...) run around on the internet getting mad because they haven't thought things through...
It's an interesting question though. I know quite some "smart" people who lack self awareness to an almost fatal degree yet can outdo the vast majority of the population at solving logic puzzles. It tends to be a rather frustrating condition to deal with.
Not at all. It's a procedure that's very difficult to unintentionally screw up. Sometimes that's what you want.
> you can't simply search&replace with machine precision
Sure you can. Search and somehow mark the text (underline or similar) to make keywords hard to miss. Then proceed with the manual print, expunge, scan process.
If the word you need to redact is also an English verb there is a risk that you accidentally mark the name of person in a context where that redacted word has a clear meaning in that context and can be used as a proof that such a term has been accidentally redacted because a large scale search&mark has taken place.
According to a random dictionary I found:
To trump. Verb. Surpass (something) by saying or doing something better.
You process doesn't make sense, why wouldn't you just black box redact right away and print and scan? What does underline then ink give you? But it's also not the process described in the blog
> that's very difficult to unintentionally screw up.
You've already screwed up by leaking length and risking errors in manual search&replace
Why would I settle for a rough equivalence? The point was about the chance of making mistakes in redaction, so sure, if you ignore the difference in the chance of making mistakes (which the underline process increases), everything becomes equivalent!
They're equivalent in security. The digital method is more convenient (albeit more error prone). What confers the security is the print-scan step. Whether one is redacting in between or before doesn't change much.
You'd still want to do a tabula rasa and manual post-pass with both methods.
> point was about the chance of making mistakes in redaction
Best practice is humans redacting in multiple passes for good reason. It's less error prone than relying on a "smart" redactor, which is mostly corporate CYA kit.
They aren't, security is defined as the amount of information you leak. If you have an inferior process where you're substituting the correct digital match with an in incorrect manual match, you're reducing security
> albeit more error prone
The opposite, you can't find all 925 cases of the word Xyz as efficiently on paper without the ease of a digital text search, my guess is you just have made up a different comparison (e.g., a human spending 100hrs reading paper vs some "smart" app doing 1 min of redactions) vs. the actual process quoted and criticized in my original comment
> Whether one is redacting in between or before doesn't change much
It does, the chance to make a mistake differs in these cases! Printing & scanning can't help you here, it's a totally set of mistakes
> Best practice
But this conversation is about a specific blogged-about reality, not your best practice theory!
Absolutely. The other comments replying to your original comment that are nitpicking over implementation details miss the purpose and importance of this step.
The fact that this release process is missing this key step is significant too imho. It makes it really clear that the people running this didn't understand all of the dimensions involved in releasing a redacted document like this and/or that they weren't able to get expert opinions on how to do this the right way, which just seems fantastical to me given who we're talking about.
In other threads people are discussing the possibility of this being intentional, by disaffected subordinates, poorly vetted and rushed in to work on this against their will. And that's certainly plausible in subordinates but I have a hard time believing that it's the case for the people running this who, if they understood what they were tasked with would have prevented an entire category of errors by simply tasking subordinates to do what you described regardless of how they felt about the task.
So to me that leaves the only possibility that the people running this particular operation are incompetent, and given the importance of redacting that is dismaying.
Regardless of how you feel about the action of redacting these documents, the extent to which it's done and the motives behind doing it, the idea that the people in charge of this aren't competent to do it is not good at all.
This is one of the biggest document collections ever released to the public (...or will be when it's finally done) and the redactions were done in a hurry by a government agency with limited resources which would usually be doing more useful things.
So it's likely there simply isn't the time to do extended multi-step redactions.
What's happening is a mix of malicious compliance, incompetence, and time pressure.
It's very on-brand for it to be confused, chaotic, and self-harming.
The blog has no relevance to your claim that the print and scan procedure somehow fundamentally precludes automated search and replace. I refuted that. You remain free to perform automated search and replace prior to printing the document. You also have the flexibility to perform manual redactions both digitally as well as physically with ink.
It's clearly a superior process that provides ease of use, ease of understanding, and is exceedingly difficult to screw up. Barr's DoJ should be commended for having selected a procedure that minimizes the risk of systemic failure when carried out by a collection of people with such diverse technical backgrounds and competence levels.
Notably, had the same procedure been followed for the Epstein files then the headline we are currently commenting under presumably wouldn't exist.
> The blog has no relevance to your claim that the print and scan procedure somehow fundamentally precludes automated search and replace.
It has direct relevance since it describes the process as lacking the automated search and replace
> I refuted that
You didn't, you created a meaningless process of underlinig text digitally to waste time redacting it on paper for no reason but add more mistakes, and also replaced the quoted reality with your made up situation to "refute".
> and is exceedingly difficult to screw up.
It's trivial, and I've told you how in the previous comment
> Notably, had the same procedure been followed for the Epstein files then the headline we are currently commenting under presumably wouldn't exist.
Nope, this is generic "hack" headline, so guessing a redacted name by comparing the length of plaintext to unmask would fit the headline just as well as a copy&paste hack
Now that you've shifted the goalposts back closer to the original discussion, what's your point? Yes, you can leak the "nonexisting" file in multiple ways, including the printed one, and yes, "accidents" happen. So are they more likely to happen if you ban digital search and force paper and ink redaction instead? Are they more likely to happen if you black out digitally before printing or underline digitally and ink out physically?
And the "obvious word needle in a haystack of many thousands of pages" isn't as self-healing as you appear to think it is.
>Sure you can. Search and somehow mark the text (underline or similar) to make keywords hard to miss. Then proceed with the manual print, expunge, scan process.
I suppose a global search/replace to mark text for redaction as an initial step might not be a bad idea, but if one needs to make sure it's correct, that's not enough.
Don't bother with soft copy at all. Print a copy and have multiple individuals manually make redactions to the same copy with different color inks.
Once that initial phase is complete, partner up persons who didn't do the initial redactions review the paper text with the extant redactions and go through the documents together (each with their own copy of the same redactions), verbally and in ink noting redactions as well as text that should be redacted but isn't.
That process could then be repeated with different people to ensure nothing was missed.
We used to call this "proofreading" in the context of reports and other documents provided as work product to clients. It looks really bad when the product for which you're charging five to six figures isn't correct.
The use case was different, but the efficacy of such a process is perfect for something like redactions as well.
And yes, we had word processing and layout software which included search and replace. But if correctness is required, that's not good enough -- a word could be misspelled and missed by the search/replace, and/or a half dozen other ways an automated process could go wrong and either miss a redaction or redact something that shouldn't be.
As for the time and attention required, I suppose that depends upon how important it is to get right.
Is such a process necessary for all documents? No.
That said, if correctness is a priority, four (or more) text processing engines (human brains, in this case) with a set of engines working in tandem and other sets of engines working serially and independently to verify/correct any errors or omissions is an excellent process for ensuring the correctness of text.
I'd point out that the above process is one that's proven reliable over decades, even centuries -- and doesn't require exact strings or regular expressions.
> This is a dumb way of doing that, exactly what "stupid" people do when their are somewhat aware of the limits of their competence or only as smart as the tech they grew up with.
No, this is an example of someone understanding the limits of the people they delegate to, and putting in a process so that delegation to even a very dumb person still has successful outcomes.
"Smart" people like to believe that knowing enough minutiae is enough to result in a successful outcome.
Actual smart people know that the process is more important than the minutiae, and proceed accordingly.
> someone understanding the limits of the people they delegate to, and putting in a process so that delegation to even a very dumb person still has successful
Oh, man, is he the only smart person in the whole department of >100k employees and an >x contractors??? What other fantasy do you need to believe in to excuse the flaws? Also, if he's so smart why didn't he, you know, hire someone smart for the job?
> even a very dumb person still has successful
Except it's easier to make mistakes following his process for both smart and dumb people, not be successful!
> Actual smart people know that the process is more important
So he's not actually smart according to your own definition because the process he has set up was bad, so he apparently did not know it was important to set it up better?
> this type of redaction eliminates the possibility to change text length
This is the only weakness of Barr's method.
> it doesn't eliminate the risk of non-redaction since you can't simply search&replace with machine precision
Anyong relying on automated tools to redact is doing so performatively. At the end of the day, you need people who understand the context to sit down and read through the documents and strike out anything that reveals–directly or indirectly, spelled correctly or incorrectly–too much.
Of course it isn't, the other weakness you just dismiss is the higher risk of failed searches. People already fail with digital, it's even harder to do in print or translate digital to print (something a machine can do with 100% precision, now you've introduced a human error)
> At the end of the day, you need people who understand the context
Before the end of the day there is also the whole day, and if you have to waste the attention of such people on doing ink redactions instead of dedicating all of their time to focused reading, you're just adding mistakes for no benefit
Forget about typoes. Until recent LLMs, machines couldn't detect oblique or identifying references. (And with LLMs, you still have the problem of hallucinations. To say nothing of where you're running the model.)
> if you have to waste the attention of such people on doing ink redactions instead of dedicating all of their time to focused reading
You've never read a text with a highlighter or pen?
Out of curiosity, have you worked with sensitive information that needed to be shared across security barriers?
Reading through material in context and actively removing the telling bits seems very focused to me.
Furthermore, reading through long winded, dry legalese (or the like) and then occasionally marking it up seems like an excellent way to give the brain short breaks to continue on rather than to let the mind wander in a sea of text.
I am for automating all the things but I can see pros and cons for both digital and manual approaches.
The reading is focused, but that focus is wasted on menial work, which makes it easier to miss something more important
> give the brain short breaks
Set a timer if you feel that's of any use? Why does the break have to depend on the random frequency of terms to be redacted? What if there is nothing to redact for pages, why let the mind wander?
> I am for automating
But you're arguing against it. What's the pro of manually replacing all 1746 occurrences of "Trump" instead of spending 0.01% of that time with a digital search & replace and then spending the other 1% digitally searching for variants with typos and then spending the last 99% in focused reading trying to find that you've missed "the owner of Mar-a-Lago Club" reference or something more complicated (and then also replace that variant digitally rather than hoping you'd notice it every single time you wade through walls of legalese!)
> What's the pro of manually replacing all 1746 occurrences of "Trump" instead of spending 0.01% of that time with a digital search & replace and then spending the other 1% digitally searching for variants with typos
Because none of this involves a focussed reading. It's the same reason why Level 3 can be less safe than Level 4. If you're skimming, you're less engaged than if you're reading in detail. (And if you're skipping around, you're missing context. You may catch Trump and Trup, but will you catch POTUD? Alternatively, if you just redact every mention of the President, you may wind up creating a President ***, thereby confirming what you were trying to redact.)
If it doesn't matter, automate it. If you care, have a team do a proper redaction.
> this type of redaction eliminates the possibility to change text length, which is a very common leak when especially for various names/official positions
Increasing the size of the redaction box to include enough of the surrounding text to make that very difficult.
reply