Perhaps not "as easy", but certainly not hard. Spend some time thinking about what kinds of covert and overt pressures might be brought to bear.

Aside: As an American, I think it's very sad that people lump the US and Russia together in this way. I think it's even sadder that I can't honestly argue that they're wrong. At most I can try to argue that there is still a significant difference of degree, if not kind, but it's not really worth making the argument because the degree of different is heading rapidly to zero. I deeply hope we can turn it around, and I'm doing what I can in that direction, but...

The latter. I'm pretty confident that TLS is secure. The modern ciphersuites are tight and things like the certificate transparency log make it so that while the TLAs might be able to subvert the CA process, they can only do it in small-scale, tightly-scoped ways. If you are a personal target of interest of any national security agency, you're screwed. They absolutely can get into every aspect of a private citizen's life if they want to put some effort into it. But the transparency log means that if they attempted to do this in any kind of large-scale way it would be discovered and publicized, so the fact that we don't hear about it truly does mean that they're not doing TLS penetration at scale.

However, even if they can't get the content of the connections, they can see where you're connecting to, and when. That sort of traffic analysis provides a surprising amount of information, and it can be done at scale -- and using a third-party VPN generally makes it easier, not harder. Layering VPNs can help a lot. Done carefully, you can structure it so that someone would have to control all of the layered VPN servers in order to track your connections. Layering plus multiplexing (using multiple providers and picking different routes and exit nodes for every connection) could make it really hard.

And if you don't really believe that traffic analysis is a concern, then there's really no point to using a VPN at all (except for location shifting), because TLS really is quite secure. It's definitely silly to, for example, fire up a VPN before connecting to your bank while at a coffee shop or an airport, which is exactly the pitch that many VPN services make. "Be wary of untrusted networks" is their pitch, and it's stupid[*]. If you're concerned about your online activity being tracked it's the "trusted" networks you're on most of the time that are the point of concern for traffic analysis. And the "trusted network" that may be the biggest concern is your VPN provider.

[*] Note that it's not stupid to be frightened of untrusted networks, but kinds of risks that exist with untrusted networks are generally not mitigated by VPNs. The best solution to those risks is keeping your device patched up.

There are a few ways to do it. The most common is to use the chars() method, which gives you an iterator over characters. So, for your example, something like "s.chars().skip(5).take(5).collect()". If you really need to do heavy unicode text manipulation (e.g. you're writing a text editor or something), you probably want to use some of the available crates, e.g. unicode-segmentation.

Clearly, as you say, this isn't what a lot of people would consider full, native support for UTF-8. Really doing it right would impose a heavy runtime penalty on the vast majority of simple string usage that doesn't need it, so Rust compromised: If you have a &str or a String in Rust, you know that what it contains is valid UTF-8 -- which means that when you create one you're paying the validation penalty, even if you don't need it... however, the penalties scale in an unsurprising way. When you create a string from bytes, the validation is an O(n) operation, but you also have to copy the bytes, so it's already O(n). When you slice a string, the slice validation only has to check the first and last characters of the slice, so it's O(1), as you would expect slicing to be. You might not naively expect slicing to panic with a UTF-8 validation error, but you should expect that it might panic with a bounds-checking error so the fact that it might panic isn't surprising. And, of course, you can use the get() method to get Err() instead of a panic.

Full native UTF-8 support would be a lot heavier. Many common String operations would be O(n) rather than O(1) -- including indexing! The APIs would be quite confusing to people accustomed to C-style strings, too, another cost. So, Rust doesn't do that. Instead, if you want the length of a string in Unicode characters, you use s.chars().count(). If you want a substring with character offsets you use s.chars().skip(n).take(m).collect(), or similar. These operations do not look like they're O(1) which is good, because they're not. They're also not nearly as slow/heavy as they look.

Like most compromises, this one makes no one really happy, and many people will disagree that it's the right choice. But I don't really see a better option, do you? Keeping in mind that everything from device drivers and bare-metal microcontroller code to browsers and editors is included in the target space, and that having different wide and narrow string types has proven to be a bad idea.

"Autopilots stay active in the background, understand how work gets done across your apps and systems, and take action without needing to be prompted each time," said Omar Shahine"

Actual autopilots require constant oversight, whether you're on a yacht looking or for shipping containers, or in a plane watching for mountains. That's why it's a good name for Tesla's Almost Self Driving misfeature. On that basis it's actually sort of a good name for this, in that so will these AI agents, though they won't be getting it.

If they wanted to give an air of confidence, though, they would have named it more cleverly than this, and without using a name already in common use for a semi related product.

I suggest general operating LLM enterprise management, or GOLEM ;)

WTS
YMBNH

That's great for you, but irrelevant to users buying laptops, which is the topic at hand.

Yeah, but that's the normal state of affairs, you don't need to point it out.

BUT MUH NATIONAL SECURITY! OF COURSE TRUMP SHUD DO WHUTEVER HE WANTS FOR THAT!

On the flip side, we really ought to get rid of the entire culex genus because of West Nile and various forms of encephalitis, and we also really ought to get rid of other Aedes albopictus as a secondary vector for several other diseases. There are few species of mosquitoes that aren't problematic to humans. This one is just slightly safer to get rid of because it is a recent invader, rather than something that has been part of the ecosystem longer.

Except when they swell up and become dangerous.

True. Most people don't keep them long enough to require a second swap.

I'm not convinced there's any reason you can't have both. As far as I can tell, the main thing preventing easy battery swaps on smartphones is the label on the back case with the IMEI and stuff.

As long as there isn't any legal compliance reason why that has to be on the back of the phone after the repair, you could make battery change-out as simple as "Remove some number of screws on the side, lift the sealed back off like a giant wristwatch, thus disconnecting the battery that's glued to the back, attach a new back with a new battery and new rubber seals, and put the screws back in."

The only challenging parts are designing a self-aligning connector between the battery and the motherboard (if you make the distance between contacts big enough, this is just trivial spring contacts, so when I call it "challenging", I'm being generous) and convincing the companies to stop making the back case and the sides as a single piece and spend an extra half cent per unit on a silicone seal strip between the two. Oh, and convincing the companies that user-visible screws is a good thing instead of a design horror, because form-over-function has been the biggest plague on the tech industry since the 1990s. The point is that it's more a "We don't want to" problem than a "This is genuinely hard" problem.

And even if there's a compliance reason why the numbers have to be on the back case, you could make part of the back case permanent, or make it possible for people to mail order the part customized for their device, or order iron-on decals, or... there are various ways to solve that problem.

That would be a disaster. There are real power and performance wins from having RAM on-die. And by the time you need more RAM, you'll probably want a newer CPU. Now if you mean flash *storage*, then... maybe.

I should have included organized crime syndicates in that list, though thanks to Google's TLS-all-the-things push traffic sniffing is less useful for stealing money, and criminals generally have less interest in spying on people by doing traffic analysis.

Meanwhile, X.AI has asked the EPA for permission to release up to 100 million hyperfecund pesticide-resistant male mosquitoes in California and New York over two years to own the libs.

Because Russia and the US are incapable of compromising or suborning providers from elsewhere?

Those are all ways to avoid installing questionable software on your primary machine, which is good, but they don't address the fact that you're still routing all of your traffic through someone else's server -- a server that tends to concentrate lots of potentially interesting traffic in one place, making it a much higher priority target than your typical ISP.

If the various intelligence and law enforcement agencies around the world don't own or at least have significant hooks into all of the major VPN service providers, someone should be fired for not doing their job.

Holy shit new product idea, you've heard of chocolate milk...

IVERMECTIN RAW MILK

Make sure the cap on the bottle is red. You literally will not be able to keep it in stock.

Too bad about [hect]ares.

They also said they were complying with the GPL, so their trustworthiness is at zero right now. Maybe when they learn not to lie and steal, they can be taken seriously again.

How are those job opening figures corrected for phenomena like positions corporations have no intent of filling whatsoever? It's estimated that up to half of posted jobs are fake.