I remember someone proposing to add salt to the ocean water to counteract the effects of ice melting. Why can't we just get salt from the dead sea and dump it gradually where the AMOC's water is loosing it's salinity?
Trying to think of a single movie or tv show which I love so much I would be happy if they did this to make more... Nope. Can't think of any.
One thing for sure: this will result in a lot more incredibly lame plotlines like "somehow, Palpatine returned".
Sigh. Well, at least I'll save a lot of time and money not going to see movies.
Someone did an AI live action recreation of Johnny Quest, and it looks totally cool.
That's sorta' the reverse of the current article - instead of taking a no longer available actor and recreating him, they're making an actor (who never existed) from scratch to play the part of a cartoon character.
Just saw the trailer and...
I have no idea what the movie is about, whether it looks good, or whether I want to see it.
It reads "some stories were too hidden to be found" (and wtf does that mean? And the story was too hidden to be found but you're making a movie of it?), and it's based on a real story.
And a bunch of seemingly disconnected action shots.
Hard pass. I'll stream it if the reviews are any good.
Yep. OnlyOffice wants their hosting money. They want control. They're the assholes.
Maybe that's true, but I'm not getting that from the summary. What I'm getting is:
If EuroOffice removed attribution requirements only on code that was created by someone else other than OnlyOffice, and did not use the code authored by OnlyOffice, then they're fine. But I think courts have already ruled that the AGPL term about being able to remove conflicting terms applies only to someone other than the author adding those terms, so if they used code authored by OnlyOffice, they may have a problem.
Finding Nemo is one of the funniest movies. I can never again hear whale sounds without thinking of that flick, among other memorable scenes.
I seem to remember the Iraq-area wars that the US was involved in going on far longer and less of an oil crisis happening this fast.
That would be because even during those wars and conflicts, we didn't have an orange-painted pedophilic retard with delusions of grandeur causing a weekslong blockage of the major shipping lane through which ~35% of the world's crude oil trade flows.
The closest we've seen recently was when the Ever Given got stuck in the Suez during 2021, and even that only lasted for 6 days. Plus, it wasn't as big a deal because less oil was being used worldwide during pandemic countermeasures.
The closest in the past 100 years is when Treasonous Klanbitch Ronny Reagan betrayed the USA and convinced the Iranian Ayatollah to cut off shipping to hurt Carter in the 1980 election, in trade for guns and other military supplies that the Treasonshit Republicans paid out later during Reagan's terms.
Second, when the EU says you can verify your age without revealing your identity, they seriously mean it. I worked on the ISO 18013-5 mobile driving license standard, and its protocol is the basis for the age verification scheme (18013-5 also supports privacy-preserving age verification).
The spec contradicts itself in various places, with sections saying that the app interacts with the attestation provider only once and that the attestation cannot be reissued, and other sections implying that the attestation gets reissued every three months and that the tokens are single-use.
It also isn't clear about whether they are actually using 18013-5 or are just requiring companies to implement a few tiny fragments of the spec.
I was left more confused after reading the spec than I was before.
Looks like I spoke too soon. The specification massively contradicts itself. 3.4.2 requires reissuance every three months, and requires that it issue 30 attestations at a time, and that they be single-use.
That part is architecturally correct, though allowing access to only 30 adult sites per three months is dubious. And if getting a new proof requires a new request at some point, then it becomes possible for the trusted list provider, conspiring with the proof of attestation provider, to cross-correlate the timing of requests and unmask a user with high probability.
And then, there's this:
3.4.1 Issuing of Proof of Age batches Since Proof of Age Attestations are designed for single use, the system must support the issuance of attestations in batches. It is recommended that each batch consist of thirty (30) attestations. Since the timestamps in the ValidityInfo structure of the mdoc encoding of a Proof of Age Attestation can provide linkability clues, the Attestation Provider should set these timestamps with a precision that limits the linkability information. For this reason the ISO/IEC 18013-5 recommendation should be followed, i.e., setting the hh, mm and ss information to the same value on each Proof of Age Attestation.
So you still have a value that is potentially usable for tracking across multiple websites. It's just a timestamp. I'm not sure if I'm reading what they're saying correctly. If they mean all 30 in a batch have the same value, this is a disaster. If they mean always set the value to 00:00:00 so you get only one day of precision, that's better than nothing, but when the request comes from an area with low population density, it is still potentially inadequate for anonymization.
I can't make heads or tails of this specification. It contradicts itself in too many places, and it buries you in minutia while lacking a clear overview. It's the kind of spec only a bureaucrat could love, because it is perfect for verifying compliance, but makes it nearly impossible to quickly verify that the spec makes sense. It lacks a section on threat models and how it addresses those threats, which is the first thing I'd expect to see.
At this point, I have no idea whether this protects privacy or not. And that's perhaps more disturbing.
I sure don't believe the "completely anonymous" part.
It is possible, in theory. But calling this "completely anonymous" is hopelessly naïve, IMO, unless I'm missing something *huge*.
Announcing that this is "technically complete" is laughable. I have not seen a single public white paper on the subject. We should have seen years of back and forth between academics, crypto experts, operational security experts, privacy experts, and other groups, as they all tear apart the design over and over again until it is refined into something that actually provides the claimed anonymity.
The lack of this public discourse leads me to the inevitable conclusion that it almost certainly provides the illusion of protecting privacy, while in fact massively violating it to a greater degree than ever before.
And sure enough, I started skimming the technical specification, skipped the whole first section, which was mostly justification, and almost immediately found a fatal flaw.
Unless I'm missing something, this is a show-stopper, and points to the entire architecture being fundamentally unusable:
2.2.3 Revocation and Re-Issuance
In its current form, the solution does not support revocation or re-issuance. Adding support for these features would introduce additional complexity, which could hinder the rapid adoption of the solution.
What this means is that a user gets a magic token that proves that the person is of a particular age, then submits that token to sites for verification. Here's a list of problems with that approach:
Using the words "privacy rape" to describe this technology is not nearly a strong enough statement, but it is the strongest phrasing I could come up with.
Protects anonymity, my ass.
About the only good thing that can be said about this is that because they didn't specify minimum requirements for storage protection, chances are it will get hacked in the first week, and a few adult users' attestations will show up on the dark web and will get used by a few million underage users' devices, making it useless as proof of age, and hopefully resulting in the folks who thought this approach was adequate quickly shutting it down.
Like I said, give us a public comment process, articles published in multiple reputable journals, etc. and in five to ten years, this will be ready. It's not ready. It's not close. It's not even in the right ballpark.
For this to be completely anonymous, it must not be possible for a government actor with control over infrastructure to perform timing attacks on anonymity, e.g. user requests auth token from government, government knows who that user is, government sees unencrypted DNS request to porn side ten seconds earlier, correlates the requests.
Doing this correctly is genuinely really, really hard. You need:
This starts by the verification authorities outsourcing the verification to the "RP" (relying party). Public keys used to verify the signature. That way, the government entity doing verification does not have any record of verifications to correlate with requests.
This continues with the client queueing up a thousand or so pre-signed certs from the signing authority, and requesting replacement certs on a time-based schedule (once per day, with randomization of the replacement rate, with the client silently discarding excess certs so that you maintain a consistent pool size).
This is a starting point. I'm not saying that these things are sufficient, just that they are necessary.
Is it the lobotomized model that they made Open 4.6? The one that came in 9th in the rankings? Yeah, probably.
AEG is the holding company where brands go to die.
IMO, that's redundant. Holding companies are where brands go to die. Nothing specific to AEG.
Is Allbirds even real?
Everybody knows all birds aren't real.
I'm trying to remember when we gained sovereignty over Sweeden, but can't come up with a date.
Donald says he only has to think about it, and ownership becomes law, just like "declassification".
Dot-Com Bubble: "We'll move X to the Internet and do X on the web! Invest!"
AI Bubble: "We'll move X to a data warehouse and do X via AI! Invest!"
The number of arguments is unimportant unless some of them are correct. -- Ralph Hartley
