Bartz v Anthropic is not a binding precedent. It could have been binding in the 9th circuit, but they settled before the appellate court could consider it. And, of course, it's always possible that the appellate could have reversed Alsup.

I think this question is still very much in undecided. It's trending against Meta's interests, but AFAIK isn't there yet.

Put the tinfoil hat down and step away...

There's really no irony here. TPMs serve a different purpose, that of ensuring that the software you're running isn't maliciously modified.

It's really no different from keeping the password database encryption key in RAM, or the capability which grants access to the database encryption key (however many layers of that you want to go down) which is what you have to do if you want to be able to use the passwords on-demand without an authentication step.

If Chrome has access to them without user authentication, then so does any attacker who can dump Chrome's RAM.

If you have a process that provides a service that hands out passwords, it's irrelevant whether the passwords are plaintext or ciphertext. An attacker who compromises a rendering process can only query -- but can probably query a lot. An attacker to breaches the process separation, well...

Note that this is separate from whether the on-disk database needs to be encrypted. There are additional threat vectors there.

Nah. You just try all the bytes. It's not that many.

Windows? The last version of Windows I used was Windows 2000.

If the browser can decrypt it without you entering a password or doing a biometric authentication to a secure enclave, then so can an attacker who controls the browser. Encrypting the database achieves something useful against an attacker who can read the browser's files, but not against an attacker who can dump the browser's RAM.

Er, I meant if they have enough control to dump RAM. Thinko because what I was thinking is that if they can dump RAM they can dump your password database, too (unless user authentication is in the loop and that authentication relies on secrets not in the device).

I'd love to trash Edge, but it's hard to argue against Microsoft's analysis here. It's hard to come up with a practical threat model which Edge would fail but Chrome or Firefox or any other browser with a built-in password manager would meet, unless the browser required authentication for every password retrieval.

If an attacker has enough control of your machine to dump the password database, they have enough control to get it to retrieve the plaintext passwords unless every retrieval requires user authentication in the loop -- which would be pretty annoying, which is why they don't do that.

For that matter, an attacker with that much control over your system can even get your passkeys, unless those are stored in some OS-managed secure enclave and they require user authentication in the loop (e.g. a biometric which is matched in the secure enclave, and ideally with a secure path from scanner to enclave).

Still, if it were me writing the code, I'd do it Chrome's way, just because leaving secrets sitting around in plaintext in RAM makes me uncomfortable.

Property taxes are not levied by the federal government for reasons that are partly constitutional and partly practical.

In order to levy a property tax without a constitutional amendment, the federal government would have to apportion the taxes to the states. In fact, Congress did this several times in the 18th and 19th centuries. The way it worked is that Congress determined a revenue target, apportioned that target among the states proportional to population, then required the states to collect money and hand it over.

Congress could do that again, and could subject different kinds of property to the tax... but it would get very ugly, because the tax would have to be apportioned among the states purely on a population basis. A 2021 analysis of Warren's 2% proposal found that different states would have to apply wildly disparate state wealth taxes to pay their apportioned amount. West Virginia would have to institute a wealth tax 20X higher than DC.

This is why Congress has not instituted apportioned property taxes since the Civil War, because they were pretty unfair. The 16th amendment provided a much cleaner, fairer way to directly tax the population... but only on income.

And as for the Article III point... Moore v United States (2024) pretty strongly indicates that at least the current SCOTUS is very hostile to wealth taxes, and not just the conservatives.

That is indeed an interesting loophole. I think the only reason it passes constitutional scrutiny is because it's optional. You have to choose to take the 475(f) election.

Ah, yes, I missed the different verb. Except "pirating" isn't really a legal concept. What is the specific precedent you're referring to?

I'm inclined to agree, except for one thing: The LLM can be duplicated infinitely, at near-zero cost, while the trained human cannot. That's a crucial difference. In the case of a textbook, for example, an LLM that has learned the whole contents can act as a full replacement for the book, to an arbitrary number of users, which might severely impact the commercial market for the original book. A human who learns it can write their own and sell it to many people, but that takes a lot of effort and significant creativity, especially if the new book wants to displace the original. Or a human who learns it can teach others, but the scale at which they can do this is limited, unlike an LLM.

These two statements are mutually contradictory. Is it infringing or not?