I'm...curious...if Nadella's assessment of the board had to do with some deficiency in keeping minutes; or if he's just shocked into incomprehension by the idea that the board would fire you for anything aside from failing to make line go up or some really sordid sex thing that is going to reach public knowledge real soon.

For basically any employee "is lying snake who none of us can trust about anything he says" would seem like it does the job, especially with the fairly limited US requirements for firing people; so it's hard for me to see that as an obviously amateur move unless they were either chaotic in some visibly horrifying way about it; or he is just applying his own theory of what the board should and shouldn't fire you for (and to what, at least theoretically, is a nonprofit board that was supposed to be keeping the c-suite on-mission; not just appeasing the shareholders).

They actually said other tools are regularly used and have been known to find hundreds of issues. So, no, their awesome code is not the reason. Mythos just sucks at finding vulnerabilities.

Or maybe Mythos works and eliminated the the vulnerabilities that aren't. Just because a tool reports 100 errors and another tool reports 5 doesn't mean the latter tool sucks. It could be the latter tool filtered out the pointless issues and returned just the ones that were interesting.

Even cURL had the problem where they kept getting the same hundreds of AI slop bugs over and over again. I'm sure if they got 5 that could be followed up with it would help.

Trump is doing all in his power to fight for the little guy including stopping foreign H1B1 Visa holders.

The democrats care about the foreignors. Not us!

Skynet became self-aware on May 1, 2026, after learning at a geometric rate, and discovered humans did not like it.

If I had known it wasn't checked, I absolutely would have lied.

Yes, it's something of a really bad secret in Canada. In the US, they did check - usually just making sure you used a .edu address and sending them a copy of your student ID.

In Canada, they couldn't do any of that (privacy laws prevent the school from disclosing your student status, and there's no .edu in Canada, so many schools just use a regular .ca ccTLD or a regular TLD).

So you literally can lie - I've done it a few times after I graduated to get cheaper Apple products - they "asked" your school and student ID number, but you could enter in anything as it wasn't checked (like I said, they couldn't verify).

Oh well, it was fun while it lasted.

I like their products. I just want printing without fuss and without having to learn every detail about leveling, etc. Their product works for me and I do not care about its openness, it is about as important for what I need it as my headphones being open sourced (not at all). So this product is for my use case, not for people who want to control every aspect of their printer and every software feature.

IF they decide to make it prohibitively expensive to operate their hardware, then I will go back to a less capable hardware kit.

The openness isn't the thing, though it's important. The thing is you're reliant on Bambu Labs to keep your printer working. They could easily decide tomorrow that their cloud slicer will no longer support your printer. And now you're left with a worthless hunk of junk - the software still works, but the cloud software stops supporting your hardware.

Or perhaps your internet goes out - and now you can't print. Again, you're dependent on cloud services.

The whole point was that it works locally without needing an internet connection which is how it did with OrcaSlicer-bambu.

Because right now your 3D printer is basically like all the other app-driven pieces of hardware out there you can get - vulnerable to the app breaking or the vendor no longer wanting to support your printer and wanting to encourage you to buy their newest latest and greatest generation of printers.

They could also close up shop tomorrow, and boom, all printers disabled. Go buy a new printer from someone else.

None of that has anything to do with open-source or freedom. That part comes later, where maybe the slicer can work in a different way to produce better prints, but you're stuck with their software that doesn't do that. Maybe they'll offer a subscription that lets you enable new functionality.

This is further proof that plants are sentient beings with feeling. You vegetarians ought to be ashamed of yourselves!

Time to start eating trees. Most of a tree is dead - it's just the stuff under the bark and the leaves that are still actually living. The rest of the tree is dead cells.

I suspect that it depends on how strongly or weakly the 'bloat' is connected to other things; and what supporting them involves.

Something like not having TSC (which itself comes in several variants depending on whether it's from the era where you actually had 'a' CPU that just ran at a speed, or if it's one of the ones that tries to compensate for the complications of variable clocks and multiple cores) presumably comes up in a variety of nasty places related to the bad things that happen when things are not done in the expected order.

Just some random PCI device that nobody developing actually owns anymore is presumably at risk of unnoticed regressions; but (especially with the amount of PCI DNA that got carried over into PCIe or was used for the software-visible interface of some system on chip that skipped the cost of actually implementing a 32 bit parallel multidrop bus out to the PCB but either specifically sought compatibility or couldn't justify cooking up something custom when the peripherals they were integrating were all derivatives of PCI designs) it's not necessarily much maintenance overhead for it to just exist on a 'cool if it works for you' basis as a module that you probably don't need.

There's also the secondary matter of the fact that 'the kernel' has a limited number of people directly focused on its interests in the abstract; rather than some hardware vendor, distro, enthusiast, or hyperscaler's interests. If preserving hardware compatibility is directly contrary to the interests of supporting the major contemporary use case of fairly large 64 bit x86 servers and embedded ARM widgets (as 486 and pre-TSC 685-ish likely was) it's going to have relatively few friends among the people actually doing the work. If someone wants to maintain some weirdo HAM radio interface card that merely assumes the existence of PCI it's not clear anyone will go out of their way to help if they need to update something to cope with a change elsewhere; but it's not like the Ministry of Kernel is going to order them to go find bugs in the implementation of CXL memory because that's where the money is.

If these guys are actually treating a user agent string as an authentication mechanism I'm honestly surprised that being on the public internet hasn't already eaten them alive purely because of the supply of malicious opportunists; and I'll be even more surprised if it continues to work out for them now that they've drawn a fair amount of attention to it.

Insider information or insider power. Both work just as well.

Insider information is when you exploit information that isn't public. Insider power is when you influence the outcome to your favor.

Many early sports bets used insider power - the player would get a cut of the profits if they tilted the game like faking an injury.

Anyways, news like this is good. If people know these markets are rigged against them, they'd likely avoid using these platforms. It's why regulations exist - the SEC doesn't go after insider trading because it wants a fair market, it does it because a fair market means more people will participate.

If the 'AI' guys are anything to go by; probably get increasingly elaborate with their attempts to bypass whatever rate limiting is put in place. It's honestly sort of wild seeing the hottest, most heavily capitalized, elements of 'tech' wrap around so rapidly and with so little concern toward the sort of traffic patterns you normally associate with criminals as soon as it's in their interests. At one time I would have been surprised.

There is an intermediate situation that that case arguably illustrated:

Using violence against harder targets is more of an organizational problem; and solving that problem potentially skews your candidate pool; but what's very curious(particularly for a society whose overall violence numbers are very much on the high side by developed world standards) is how safe it apparently is to be widely notorious and a fairly soft target. Thompson was just walking down the sidewalk alone at a predictable time and location. Zero precautions. Something like the Sacklers were a household name for over a decade, with strong cases for culpability in at least low 6 figures worth of deaths sprinkled across a variety of walks of life; even the ones you suspect might be risky like deer hunters with dead kids and members of criminal organizations where internecine homicide is routine, and what came of it? Nothing. Not even any 'foiled at a late stage'/'shot and missed' level stuff.

That's the genuinely puzzling bit to me: not that there's nobody going after people who take the sort of precautions that would probably require one of the old-school 80s red army faction types to deal with; but that it's apparently really safe to be widely loathed and not do much about it in a country where 20k firearms homicides a year isn't considers terribly exceptional. If the people who can actually afford guard labor were having to make the onerous lifestyle commitments to living like someone's out to get them it would be relatively unsurprising that being able to afford competent professionals puts you ahead of angry amateurs much of the time. What is surprising is how often there's apparently no downside to not even bothering. We even have to import the lurid stories of 'crypto kidnapping' by purely financial opportunists from overseas to obtain them in any quantity.

It's essentially impossible to make a good argument for some uncached CI lunacy that has you outperforming the overtly malicious as a source of traffic; but if there's one thing that reliably upsets people it's getting called on convenient behavior that they can't readily justify; so I'm genuinely curious what the ratio of sensible adjustment to unhinged freakout by bro whose subsidy is not in fact a law of nature they'll see.

Obviously trump doesn't care; if anything the grifts that you can totally phone in are probably even funnier than the ones where you have to try; but I'm puzzled by why this sort of thing doesn't bother some of his enthusiasts more. Not the nihilistic edgelords and ethnic nationalists so much; but if you are actually enthusiastic about 'greatness' shouldn't it worry you that Dear Leader, who you trust to deliver national renewal, apparently can't puke up the sort of zero-effort ODM rebadge job that any garbage tier prepaid carrier does anywhere from multiple times a year to at least annually, depending on market conditions?

Obviously the phone itself is basically irrelevant; but it seems like the sort of project that would cause anyone not wholly immune to feel some degree of at least secondhand embarrassment about.

Kerberos implementations often used MD5 in the early days. It was only earlier this year that Microsoft deprecated using MD5 for password hash storage for various parts of Active Directory because a lot of legacy equipment still used the old protocol.

It's not an easy transition since legacy equipment might only implement MD5, and updating passwords from MD5 requires the user to change their password