crypto is untraceable (mostly)

It is very traceable. It’s just that the government doesn’t have a special position with tracing transactions, so there’s been a bunch of kludges built on top of the very transparent Bitcoin network to try to mask things.

Because it obviously was.

The dashes, the short sentences, the bullet points, the overly familiar tone that seems LinkedIn-ish. All of it sounds like AI.

Driver facing camera systems can be consistent with privacy, as long as they don’t record or transmit any data other than a single dimensional metric of how distracted or drowsy a driver is (or even discrete binary state of yes/no) and timestamps when that state was detected.

A closed loop system that merely keeps that data for the current drive and maintains it solely in the vehicle’s own systems can be consistent with privacy principles that nobody else should know anything about how a car is being used, except what can be observed from the outside.

One real concern I have is that there are now automated tools that can read a patch, and the maintainer’s release notes with a description of a security vulnerability fixed by that patch, and then create a working exploit of the pre-patch vulnerability.

In that particular moment, you know that a vulnerability exists and that it was serious enough to be described in release notes, and you can compare two code versions, one that is secure and one that is not. From there, any AI coding agent is working towards something that definitely exists, with a bunch of description of what it might be.

So that means that the window between when a patch is released and when users actually apply that patch is going to be more important than ever. Downstream maintainers will be under a lot of time pressure to implement changes from upstream, because every new security patch will create a race to create 1-day exploits for everyone using that software.

Yeah if I were starting now I’d be looking at jellyfin. But I paid the lifetime plex pass, and inertia/laziness what it is, so I haven’t found a reason to actually switch yet.

MacOS ran out of cats at some point. Android ran out of desserts.

Ubuntu had no problem rolling over with the letters of the alphabet, but I imagine some letters may pose issues at some point when you run out of identifiable animals that start with that letter. Although they were already going with a lot of obscure animals to begin with.

Ah yeah. Plus apparently Android’s default SELinux configuration blocks this separately, as well.

Android doesn’t have su, which this proof of concept exploit requires. Although rooted Android does, so in theory malware written for rooted Android could escalate to root privileges.

Also, the underlying vulnerabilities might be exploitable without su but I don’t fully understand the AF_ALG and authencesn bug limits things, or what other executables can escalate privileges.

The website could know whether the username actually exists on the system. But revealing that information is a security weakness because someone could at least learn who has an account at that site (especially if usernames are email addresses, as they often are).

What if license and copyright was washed by using an LLM to translate Claude into another language?

The law doesn’t allow you to launder copyright like that. That’s just a derivative work, which can be restricted by the copyright holder in the original. As an example, in fictional writing, distinct characters are copyrighted, and using an LLM to generate new works using those copyrighted characters would still be a derivative work that the original copyright owner would have the right to deny distribution.

So if you have a copyrighted codebase and you try to implement that codebase using some kind of transformation of that code, that’d still be a derivative work and infringe the original copyright.

Now if you have some kind of clean room implementation where you can show that it was written without copying the original code itself, only working to implement its functionality through documentation/reverse engineering how the code worked, you’d be able to escape out of calling it a derivative work and could distribute it without the original copyright holder’s permission (Compaq did this with the IBM BIOS to make unauthorized/unlicensed PC clones, and Google did this with the Java API to make Android without a license from Sun/Oracle and won at the Supreme Court).

Claude can’t be copyrighted because it’s a product of an LLM.

No, because Claude’s code is still created by humans with the assistance of non-human tools. There’s a spectrum from spelling correction and tab completion in IDEs all the way to full vibe coding with a prompt describing the raw functionality (where the prompt is so uncreative that it isn’t itself copyrightable). Anthropic has never claimed that there was no human in the loop, or that the prompts it uses are so uncreative and purely functional so that the outputs aren’t copyrightable.

When I first switched to Linux around 20 years ago, ext3 was the new default on the Ubuntu installer, while a few holdouts on the forums were still recommending ext2 to new users to see whether and how ext3 would hold up to real world usage.

Set default birthday at 1970-01-01.

Jevon’s Paradox is that when there’s more of a resource to consume, humans will consume more resource rather than make the gains to use the resource better.

More specifically, it’s when an improvement in efficiency cause the underlying resource to be used more, because the efficiency reduces cost and then using that resource becomes even more economically attractive.

So when factories got more efficient at using coal in the 19th century, England saw a huge increase in coal demand, despite using less coal for any given task.

Chromium is basically Tyrone Biggums asking if y’all got any more of that RAM, so bundling that into Electron is gonna lead to the same behavior.

Yeah, my impression is that ordinary human activity in a browser creates a lot more http requests than scripted automated activity through command line tools.

One account that can be correlated to place/city, willing to discuss local news and issues.

One account that can be correlated to family status, willing to mention details about relationships.

One account that can be correlated to career, willing to mention details about educational background, industry news, the job market, the workplace, etc.

One account that can be correlated to each distinct hobby or interest. Some interests can correlate among themselves (like an all sports account that discusses multiple sports) and are safe to discuss on a single account. Like my current account that is tech oriented, including some stuff about games or Linux or networking or even the tech industry. But keep the different interests on separate accounts.

Then different accounts for topics that you consider controversial or private.

And, preferably, spread all those accounts across multiple instances so that instance admins can’t link accounts from metadata (client, OS, IP address, email verification), use completely unique usernames, and avoid unique markers like esoteric phrases, unique autocorrect errors, etc.

Even if an adversary can link two accounts, they probably can’t link all of them.

In terms of usage of AI, I’m thinking “doing something a million people already know how to do” is probably on more secure footing than trying to go out and pioneer something new. When you’re in the realm of copying and maybe remixing things for which there are lots of examples and lots of documentation (presumably in the training data), I’d bet large language models stay within a normal framework.

It’s actually pretty funny to think about other AI scrapers ingesting this nonsense into the training data for future models, too, where the last line isn’t enough to get the model to discard the earlier false text.

Yeah, getting too close turns into an uncanny valley of sorts, where people expect all the edge cases to work the same. Making it familiar, while staying within its own design language and paradigms, strikes the right balance.

Kinda off topic, but now I’m wondering whether Europeans think of phone size (and laptops and screens) in terms of inches rather than centimeters?