Nah, you'll get even more stupidity. Trump is proposing blanket tariffs on everything from China.

If that were the only effect, it would be a bad deal. But the track record of the CHIPS Act investments so far is really good. In just a couple of years, the act (with some help from the IRA) has nearly tripled US investment in manufacturing, with most of the growth focused on semiconductors and batteries. The federal government has provided only a few hundred million in seed money in targeted areas (like this one), but that has produced $150B in new construction of manufacturing facilities. Most new manufacturing employs relatively few people directly (like the 160 in this case), because US manufacturing is heavily automated. But it indirectly employs a lot more, especially in companies that build and service manufacturing robots, and all of their suppliers, etc., on down the chain.

I'm a free market libertarian and I'd generally prefer to see government stay out of stuff like this, but it really looks like these federal programs are incredibly successful, with relatively small taxpayer investments generating 3 orders of magnitude larger private investments, all in high-end manufacturing that will likely generate returns that are another 1-2 orders of magnitude larger than that. If a federal dollar can generate $10,000 in new economic productivity, that's a big win, including for taxpayers since that $10k will be taxed, returning far more than was spent.

Of course, it remains to be seen whether the new manufacturing construction will actually generate the returns. Maybe it'll turn out that US chipmakers can't compete with Asian ones, and they'll all just fold. The fact that the vast bulk of the investment is from private sources, though, indicates that there are people who strongly believe the US can compete.

I don't really understand why the federal money has this effect, though. The large private investments seem to indicate that people think these are good bets, but why didn't they think that before the Biden admin started seeding them? The actual federal cash is such a small percentage that it can't be what's motivating the investments. Perhaps the threats of increased tariffs on Chinese chips and batteries are most of the story? But Trump was doing that six years ago. I don't understand, but won't argue with success.

The discussion was about murdering citizens, not "targeted genocide". You're moving the goalposts. Bad faith responses go to my foe list. Goodbye.

The battery will never need to be replaced. Other than defective units, EV batteries will outlast the rest of the vehicle, though they might only have 75% of the original range by the time the vehicle is recycled.

I'm not sure which aspect of it is worse, the manufactured outrage or the way it dulls proper outrage.

You're making the same mistake Karl Marx did in his economic predictions: assuming technology remains static, and ignoring the knowledge generated by market competition.

If the West were to stop inventing stuff, then what you say would be true. Or if China were to become as good at inventing stuff as the West is. The reason the West is better at inventing stuff than China is exactly because open, democratic societies with competitive marketplaces are better at it than controlled, non-democratic societies with central planning. China made great strides for a couple of decades precisely because they opened up and engaged in capitalism, but Xi Jinping has realized that they can't continue any further down that path without abandoning their political system, and he's putting the brakes on it, hard.

Assuming Xi and the CCP continue in power, the West will retain its technological lead, and Xi's recent moves make it likely that the lead will expand. Or course, China can close the gap if they become an open, democratic society with competitive marketplaces, but the West would largely be good with that.

The big risk right now is that the West has in many ways outsourced its manufacturing to China. Even if we continue doing that it won't enable China to close the technological gap, but it means the West is currently at a huge disadvantage if the conflict turns hot. If we were to go to war with China right now, we'd be in the position Germany was when the US entered WWII, facing an opponent with orders of magnitude greater manufacturing industry. Yes, the Europe and especially the US do still do a lot of manufacturing today, but it's mostly at the high end and depends heavily on inputs from China. We need to mitigate that risk, probably by helping other developing countries build manufacturing capacity. The problem is that sort of thing takes a couple of generations.

You're assuming the mass famines were not exploited for advantage by ensuring it was the people the party didn't like who did the vast bulk of the dying. You're accusing others of committing a crime against history by oversimplifying through conflating different kinds of death, but you're committing a crime against history by oversimplifying through drawing sharp lines that are in fact very broad and fuzzy.

Biometric authentication was found to not be protected by the 5th amendment by a federal appellate court, yes. I think that will stand, although SCOTUS could reverse it. Rulings on password authentication, however, are split. Some appellate courts have held that you cannot be forced to divulge your password because it would be testifying against yourself. Others have held that unless the password itself is incriminating being force to divulge it does not self-incriminate, any more than opening your home in response to a search warrant does.

SCOTUS will eventually have to weigh in on this.

Personally, I'm not expecting passwords to be protected[*]. I also don't think it will work for suspects to claim the password itself is incriminating, since courts can just specify that any incriminating information in the password is inadmissible, and anything derived from that information is fruit of the poisoned tree... but anything found on the device by unlocking with the password is admissible.

[*] Unless SCOTUS has a political reason to rule the other way. If you want to protect passwords from being compelled the best thing you could do is to find some device of Donald Trump's that investigators want access to. The court has shown they'll bend over backwards to protect him.

Touching a button is not user authentication, it's confirmation. The difference, as you observed, is that anyone can press the button, including the attacker who stole your security key. There's also no way to tell which authentication request you're confirming.

That helps. It still doesn't provide any way to tell which authentication request you're confirming. I'm sure the FAR on that device is terrible, but that's probably fine in this context.

I suppose that depends on what CaptainDork's own prose is like. If it's bad enough, "bland average" could be quite eloquent by comparison.

Maybe. The facts that security keys generally don't require user authentication and are often left plugged into devices all the time are weaknesses under some threat models.

I have specific ideas about what the best solution is, but it hasn't yet been implemented. I'm working on it :-)

Yep. This is the way to treat your crown jewels, which is what your primary email address is. At least until we finally move away from passwords and therefore from password reset flows.

That will, of course, create other problems :D

You can copy your Google Authenticator token to other devices quite easily. Of course, the more places you put the seed secrets, the more opportunity there is for someone to steal them.

They're not usernames, nor are they passwords. They have very different security properties from both, and don't fit into the username/password model.

The main difference from usernames is that usernames are not inherently bound to the person, but biometrics are. If I know your username, I can type it in and claim to be you. If I know your fingerprint, I cannot submit it to a proper fingerprint scanner (note that "proper" is carrying a lot of weight here). Said another way, in the context of a proper scanning and matching environment, biometrics do provide authentication. Very strong authentication.

This highlights, though, that all authentication value in biometrics comes from the integrity of the scanning process, which is why I said that it doesn't provide much when the scanning is done remotely, unobserved, with a scanning device under the control of the person allegedly being authenticated.

While biometrics fail as authenticators in uncontrolled environments, they fail as identifiers in nearly all contexts. The main requirement of an identifier, like a username, is that it be unique. Biometrics aren't.

Well, probably they are in some absolute sense, except for identical twins in some cases, but in practice all biometric matching is fuzzy because measuring bodies and matching them against templates is less precise than matching the bits of a username. Biometric matching is always testing whether the the livescan is close enough to the stored template under some complex distance metric. This means that given a large enough database you will get false positives. And thanks to the Birthday Paradox, this happens with a much smaller database than you might think.

To illustrate with some very rough and approximate numbers. Suppose that a biometric matching scheme has a 100,000:1 false accept rate (FAR). Suppose that this rate is absolutely consistent across individuals (pipe dream, but reality is way too complicated). So, you can think of it as a scheme that creates 100,000 pigeonholes and slots every individual into one of them. The probability of you falling into the same pigeonhole as me is 1 in 100,000. That's actually a very, very good FAR, BTW. I don't know of any commercially-available fingerprint or face systems that good.

Now, suppose I put a bunch of people in the database, and then you present your biometric and we try to identify you from the database. How many people can we put in the database and still have reasonable odds of uniquely identifying you? If we have 250 people in the database, odds are >50% that we'll hit at least one false positive. We'll match you, but also one or more others. What FAR would we need to guarantee a low probability, say 1/1000, with a database of a 1000 people? 500,000,000:1, or thereabouts. Nothing is that good.

The reason that biometrics are useful for identification in, for example, criminal trials, is that you don't (or shouldn't, anyway, it's happened, c.f. Prosecutor's Fallacy) convict a person based only on biometric evidence. You also need to have some other reason to believe they were in the vicinity, or had some motive, or something. They work extremely well as proof that an already-identified suspect was the perpetrator, though.

One other way in which biometrics are not like usernames, BTW, is that biometric scan templates are not really standardized. There are some standards, but they apply only to a subset of scanner types. In general, it is not possible to scan your fingerprint on your phone and send that to an off-device relying party for identification. It could work with face or iris imagery. Sort of. Face identification is much less precise than fingerprint. Iris could be good, I think. Also retina, except retinas change over time. Good identifiers should also be constant.

So, no, biometrics are not good identifiers. They are very strong authenticators, but only in the right contexts.

This is equally true of almost every other use case people have dreamed up for globally distributed ledgers. Unless there is no one who can be trusted to operate a centralized transaction database, the database will always be cheaper, faster and better. And it's even fine to have a set of centralized databases that get mutually reconciled on a regular basis -- which is how the financial systems work.

The only truly good application of distributed ledgers I've seen is for transparency-related projects where you want the data to be fully public and to make it impossible for any party or even large group of parties to subvert. Things like Certificate Transparency. I expect some future systems to be stood up that focus on binary transparency, making it easy to verify in an automated way that the binaries you're running are the ones they're supposed to be and that they're reproducibly-built from a specified version of the source code.

I've yet to see any other use cases where the cost, complexity and overhead of globally-distributed ledgers is justified.

(Distributed ledgers do make a lot of sense in highly-scalable systems under the control of a single entity. For example many eventually-consistent web-scale databases are built on some form of distributed ledger.)