I assume that (barring some of the really fly-by-night ones who focus on being gone by the time anyone goes to investigate; rather than just being technically legal) do sport some variation on the "Not Intended to Diagnose, Treat, Cure or Prevent Any Disease" quack-Miranda you see on every "dietary supplement".

It seems likely that the FDA is concerned(probably not entirely unreasonably) that the 'it's not a medical device; it's just for quantified wellness!" tech guys, mostly harmless when selling new numbers to obsess over to the basically healthy, are going to cause some real trouble if their technically-not-illegal marketing claims sway anyone whose life does, in fact, depend on accurate blood glucose numbers and responding to them appropriately.

It wouldn't be surprising if, as a cultural thing, cautious FDA validation wonks don't really much like the people selling lightweight lifestyle hypochondria at tech gadget prices; but they don't have regulatory authority and if it's just mostly-healthy people fretting over numbers that normally take care of themselves it's a pretty low priority. If actual diabetics get into it, though, (as you could see them wanting to; noninvasive is definitely a compelling sales pitch) any shortcomings are going to turn into bad outcomes fairly quickly.

I'm not sure what the grant landscape looks like for optical CGMs, or related technology, specifically; but I don't think that the FDA does much medical research funding. Lots of food safety and some laboratory standards and development for the sort of wide-scale testing that food safety requires; but for drugs and medical devices they are mostly just in charge of judging clinical trials and postmarket reporting; not running their own.

The Feds as a whole do a fairly substantial amount; but FDA research money is largely for food safety related stuff. Not entirely, I had a quick poke through taggs.hss.gov and there were some FDA grants and cooperative agreements for 'prospective' and "phase 2" trials of a few directly medical things(didn't see blood glucose, might have missed it, I'm not a huge federal database wonk); but one of the other HHS divisions is probably a more likely bet(CDC has a slightly epidemiological bent; but enough interest in public health stuff that diabetes is probably on the menu. HRSA looks more closely focused on capacity to handle specific difficult patient populations; but you might be able to sell low-invasiveness CGM improvements as a major boon to telehealth-based diabetes management. NIH is probably the best bet if you want to do some straight medical R&D.

Thereâ(TM)s probably some pure organization problem: not all the equipment is going to even be from the same vendor, so coordination of different alarm sounds for different purposes or severity is going to be a challenge; and then thereâ(TM)s the asymmetrical incentives: everyone knows that alarm fatigue is bad, in a vague theoretical way, and that we should be minimizing noise to avoid distracted mistakes; but being the guy who signed off on disabling the cardiac anomaly beeper because itâ(TM)s mostly nonsense is real awkward when it turns out that this time it was a real event and now the dead patientâ(TM)s family is suing.

Itâ(TM)s certainly possible that some genuinely useless alarms have snuck through; but my suspicion would be that most of the noise is competing alarms that are poor UX in context; but just meaningful enough to be defensible in isolation.

Is this study actually telling us anything about the sounds, or just about response to novel sounds vs. overwhelmingly habituated ones?

I donâ(TM)t doubt that novel musical tones got better response that that-spurious-out-of-range-alarm-thatâ(TM)s-never-worth-checking; but would that remain the case if you started hammering people with spurious musical alarms?

This guy can do whatever he wants, of course, he doesn't work for them anymore and the license allows forking; but it seems like a bizarrely small dispute to take such action over(unless it's just the proximate cause and there were longer-running togetherness problems).

Both parties agreed that there was a bug; corporate said that the affected code was in use by some customers and wanted to issue a CVE; devs apparently wanted to treat it as a just-a-bug-that-has-security-implications-but-doesn't-need-a-CVE-for-reasons; and that is the corpo oppression that shows that nginx is no longer in the public interest?

I could see if it were the other way around, and F5 was demanding silence and secrecy in order to downplay their vulnerability numbers; but how could warning whoever is using the experimental feature that they'd better take mitigation steps until it is fixed be a problem? If it's really that experimental almost nobody will care, and a few people will be helped. Is there something I'm missing?

It's not a huge surprise that the general response to Altman's scheme would be that it's grandiose puffery(even aside from his "I will create the machine god, but in a responsible way" vibes; leaving a price estimate of 5-7 trillion creates the impression that you've not really nailed the details down if the window of uncertainty is quite large relative to both the low and high values; and stupefying large in absolute terms); it seems a bit more interesting that Nvidia would be publicly pushing for a markedly smaller figure when they are one of the ones who would seem to stand to benefit.

Disagreement between Altman and Huang over whether 'AI' is the emerging superintelligence or just a tool for churning out 'content' real fast, with correspondingly different estimates for how much people will actually want to spend on it? Nvidia perturbed because they think that Altman's plan involves trying to expand fab capacity enough to making taking his pick of second-tier fabless designers, rather than paying Nvidia a premium, the preferred strategy? Fundamentally greater optimism on Nvidia's side; with assumptions that improved efficiency will actually deliver as much 'AI' as the market wants for $2 trillion or so without huge shakeups in the supply chain; while Altman thinks that only maximum brute force will deliver what the problem requires?

Basically all the hypervisors support PCIe passthrough(except the 'desktop' ones, neither vmware workstation nor win10/11 hyper-v do); though there's a risk of...complications...because doing that relies on the platform's IOMMU and PCIe ACS support to both exist and not just be a buggy stub that's enough to tick some checkboxes.

Had to do some of that a little while back; and found that getting anyone to confirm the presence or absence of PCIe ACS was like pulling teeth; and that there were PCIe peripherals that outright weren't passthrough capable, ones that were; and the fun ones that claimed to be and brought the system down hard if you believed their lies and actually tried it.

Nope. The problem is manufacturing billions of tonnes of plastics. They can be recycled a couple of times, of which about 2% actually gets recycled, & then they're only good for polluting landfill & oceans.

Who cares? There's enough landfill space to store it all, securely in a way that doesn't leak or pollute, thousands of times over. We don't lack the ability to do that, only the will and the coordination.

It's a complete non-problem.

To which I say, "What? Your freedom to pollute the land & oceans that everyone else depends on?"

With all due respect, I love this premise and hate this conclusion. Absolutely no one has the right to pollute the oceans.

At the same time getting a plastic bag and putting it in a sealed trash bag that goes into a garbage truck that goes into a sealed landfill is not rocket science. It requires effort on the part of citizens to ensure trash makes it into the stream and it requires diligence on the part of the bodies that regulate landfills to ensure they are built and operated according to best principle.

Ultimately I guess I'm just sad. There is nothing in principle that prevents us from having plastic bags and plastic straws and disposing of them responsibly. But we just can't mange and so, like children, we can't have those nice things. Which is a sad juxtaposition because even my little kids can successfully get most of their trash into the bin.

To their credit, the store we used to go to tried all kinds of alternatives. The sad fact is that none worked to the satisfaction of the customers and they went back to plastic.

It doesn't. The cost of a plastic milk or yogurt container is quite a bit lower than glass, and it is much lighter during transport where costs are proportional to weight.

You'd really be surprised how little oil is required to make some things. Those thin plastic bags are barely a thimbleful of oil.

[ And in before, it's utterly craven and irresponsible for them to be disposed in a way that goes in the river or oceans. If we as a species can't learn to put our trash in bags and securely get those bags to a landfill that is isolated from the environment, then we deserve the cost of having to go paper/reusable. It's a "this is why can't we have nice things" scenario IMHO. ]

Part of it is.

Digital signature support is pretty widespread across productivity software. Where the fun begins is managing the signing keys.

Docusign isn't really selling the signature feature(indeed, to be worth using, they pretty much have to use the standardized options mentioned in the various standards that give e-signatures legal force); they're selling abstracting the key management away from you; and the service of offering a 'free' barebones setup that the people you send forms to can use to sign them regardless of whether or not they are set up properly in terms of software, signing keys, etc. That's why accounts that can send stuff out for signature are $$(with stuff that has full workflow integration for hooking into ERP systems and stuff being $$$); but it's free to create a basic login if someone sends you something requesting a signature.

It's hard to hold out too much hope for them, or at least their margins, longterm; since the signatures are standardized, productivity software vendors already support them, and (aside from people who are looking to offer basically the same thing as Docusign, like Adobe's offering they push with Acrobat) the people trying to set themselves up as big players in authentication(eg. facebook and google serving as logins for a variety of 3rd party websites; Apple having IDs tied very closely to their users on all Apple devices; MS' AAD-related stuff on the corporate side and MS accounts on the consumer side); would find it relatively simple; were they interested; to generate a signing key tied to their accounts and offer that as another feature.

"Which is not to say there isn't a gradient of "fake"; obviously some are more manipulated ( or fabricated ) than others. Doesn't change the underlying point, however."

That's arguably why it deserves to be classified as 'malarkey'. He's responding to accusations that his just-hallucinate-in-details-the-optics-can't-gather system is faking by making the (true) statement that all photos are fake in order to change the subject from whether all photos are fake in the same way and to the same degree(which is obviously untrue; and presumably why he doesn't really want to mount a defense there).

A lot of the best deception is achieved when you can avoid telling outright lies, with the accompanying risk of being called on them, and focus on misleading truths instead.

Arguably it depends on whether you are expecting sudo to act as a rigid security barrier that you can use to create accounts if intermediate privilege; or whether you are treating it mostly as a tool for people you'd give root to reduce the amount of stuff they actually run as root.

It's pretty tricky to use it as a security barrier, even when it works perfectly, because so many of the tools that you'd potentially want to use sudo to grant access to are not really designed to restrict the user: once you have a package manager running as root you can use it to do basically anything by installing a package that imposes the changes you want; all kinds of utilities can just pop a shell or be used to edit files; etc. Even if sudo itself is free of holes; you'd really need a whole set of deliberately constrained utilities in order to prevent it from being used for privilege escalation. At that point it probably makes more sense to rethink the security model from the other direction; and focus on reducing the number of operations that are root-only in favor of ones that can be delegated to groups.

Where it's much more useful is allowing someone who is basically trusted as root to not just log in as root and run giant chunks of software that don't need(and probably shouldn't be trusted with) high privileges with high privileges just because they logged in as root and so everything they do is running as root.

That's what amazes me.

Maybe I'm just old; but "Signature Authority List" is supposed to mean what it says(possibly blue pen if you really are old; cryptographic if you aren't); it doesn't mean "verbal authorization in a video chat that may or may not even be being recorded somewhere with retention policies set".

I'd be more sympathetic if this were one of the low-value ones where someone impersonates the CEO and tells a random executive assistant or other fairly low-on-the-food-chain employee to make a relatively petty cash transfer to the scammers: you have to feel bad for the person who doesn't want to hassle the big boss, even if they have doubts; but someone with approval authority in the multiple millions is someone whose job description(implicitly or explicitly) is to be slightly prickly about actually approving things.