It's true, I have no idea who I'm arguing with. Who am I arguing with? Do you know?

He is a liar, because he has the ability and skill necessary to check his assertions, and yet he didn't. He presented himself as knowing something that he didn't.

You, on the other hand, are an idiot, because you have no cure for your ignorance. You have no ability to recognize what kind of training Microsoft and Apple have for their programmers regarding security issues. That is something you never learned how to do.

Oh yeah? How many? You lack the ability to quantify it, but you pretend that you have the ability.

If I were in charge of a Computer Science curriculum at a university, I would address the LLM problem like this:

I would offer a class (third or fourth year class) that starts from the basics of Neural Networks, and by the end of the class the students have built their own LLM. By building their own LLM, they will deepen their understanding, have a solid foundation, and avoid a lot of the nonsense that gets propagated about LLMs. The amount of code involved is not huge, it's actually quite doable.

The difficulty with reproducible builds in Java is the timestamps. It's a solved problem now, but I don't think it was 20 years ago.

OAuth isn't an HTTP extension, it's an OSI application level protocol. Also, of all the protocols you could have picked, OAuth is a really simple one. You could code a custom implementation in an afternoon. HTTP isn't even so bad, even with the HTTP/2 modifications, you could definitely do it yourself, depending on your reading comprehension ability (reading code standards is not a skill every programmer has).

Ever since most of JQuery functionality got added to the Javascript standard library, you mostly don't need third party libraries. Something like React can be useful if you are working on a web app with a large team because it gives you encapsulation, but even then, the number of third party library dependencies is small enough that a security team can review them all, which some companies do.

A USB-C connector is the same physically as a Thunderbolt 3/4 connector. That does not mean you can always run Thunderbolt over the connector. This is the a problem with a universal connector that has wildly different capabilities. However in this context, I know of no mobile phone that has a Thunderbolt connector unlike what the OP and the people who replied have said.

This seems like the sort of advice that is going to be exceptionally hard to get followed because it's mostly so dull.

There can be some interesting futzing in principle to keep unnecessary sources of variation from getting folded into build artifacts, normally followed by less-interesting making of those change in practice across a zillion projects; and basically anything involving signing should at least be carefully copying the homework of proper heavyweight cryptographers; but most of the advice is of the "fix your shit" and "yes, actually, have 10 people, ideally across multiple orgs, despite the fact that you can get it for free by pretending that the random person in Nebraska won't make mistakes, get coopted by an intelligence agency, quit to find a hobby that doesn't involve getting yelled at on the internet for no money, or die" flavor; which is absolutely stuff you should do; but the sort of deeply unsexy spadework that doesn't have magic bullet vendors lobbying for it to get paid for.

What seems sort of damning is that the explanation is "our tech sucks".

The 'explanation' is that the demo triggered all the devices within earshot because apparently a device designed to perform possibly-sensitive actions on your behalf was assigned a model line wide, public audio trigger in order to make it feel more 'natural' or something; rather than some prosaic but functional solution like a trigger button/capacitive touch point/whatever; and that the device just silently fails stupid, no even informative feedback, in the even of server unresponsiveness or network issues. Both of these seem...less than totally fine...for something explicitly marketed for public use in crowded environments on what we euphemistically refer to as 'edge' network connectivity.

You obviously have limited control over the network in a situation like this; so nobody expects the goggles to fix the internet or facebook's server resource allocations for you; but having some sort of "can't reach remote system" error condition has been ubiquitous basic function since around the time that dirt was still in closed beta.

I suspect that this is symptomatic of the same phenomenon; but it seems especially weird that they'd be trotting the CTO out to give a, from context, apparently intended to be exculpatory postmortem when the problems with a device you are intended to wear on your face, in public, are 'sensitive to external trigger shared across entire product line' and 'silently fails stupid if network conditions are suboptimal'.

Trademark means that they can't use Mickey Mouse in a way that would confuse people into thinking they are Disney.

You are legally allowed to use someone's trademark. For example, the word "Boston" is trademarked, but we can use it. We can use the word Pentium, and even say "Pentium sux", but you can't fill a box with AMD chips and use the Pentium logo to convince people it's from Intel.

You definitely wouldn't come up with a fresh 10,000 liters of the stuff just lying around somewhere; at least not without resorting to nuclear chemistry or natural gas processing on a pretty heroic scale; but if you purely needed to ship something, anything, to be able to say that the amount provided wasn't zero; the terrestrial supply isn't zero either. I think the US is good for high single thousands of liters on a typical year, from nuclear warhead maintenance; Russia at least theoretically in the same ballpark in terms of warheads that would need their tritium checked, though no assurances either that that is happening or that they'll sell, they had formally stopped doing so at least for a while over a decade back; not sure what the mixture of reasons was between domestic users and not wanting inferences about their weapon maintenance.

Such a sale would be basically ceremonial if it has to come from the existing supply which is already spoken for every year; and there would be no point in Interlune as an intermediary; but if some finance construct wiggles one way if the sales are zero and another way if the sales are merely small, it presumably might be worth someone's time for Interlune to be listed as the supplier to Bluefors, even if it's just them slapping their label over whoever Bluefors normally buys from and doesn't actually change the allocation to different purposes or the total size of the market.

It's adjusting the allocation that would be at least difficult(potentially viable if the VCs doing 'quantum' are paying better than the people doing ultra low temperature MRIs or academic physics, or if you can out-lobby the 'national security' neutron detector market that doesn't get anyone excited but zOMG Dirty Bombs the Homeland!; but probably not cheap); and actually changing the supply that would be hardest, but possibly of actual interest.

You would need to add at least a couple of 0s for it to even begin to seem reasonable.

I'd be a trifle surprised if it's an outright lie; perhaps I'm not properly accustomed to contemporary standards of allowable market manipulation; but it seems to have been carefully worded to make a somewhat exotic but fairly barebones commodity futures arrangement, which could be entirely fulfilled by interlune doing some paper-shuffling resales of helium 3 from any source or simply selling zero liters during some or all years between now and 2038, sound like a tale of Bluefors actively paying to send rockets to the moon because it's obviously only freezer capacity, not any of the other issues, that is keeping 'quantum' from doing whatever it is supposed to do.

"Payable on delivery."