The headline may as well be "Rose maintains transactional relationships with tech media after all these years".

At this point I think if a good idea walked up and smacked him on the head, the name alone might doom it. It has been an also-ran in a confusing number of categories, so depending on your age you may remember it as a very different kind of failure than I do. Sort of the converse of trademark dilution - it is clear what the name is and who owns it, what's muddy is what the service is supposed to be.

"I just put my models on a usb drive then plug said drive into the printer."

You must have a lot of spare time on your hands.

"It works great locally" - Um, no it doesn't?

They've made a nice easy-to-use ecosystem. For $400 you can get a P1S that supports adding an AMS, auto bed leveling, enclosed-chamber printing, high precision, high print speeds, and 300/100C nozzle/plate temps, and has an easy cloud print service and a robust ecosystem of models you can just download and print with no extra config straight from the app.

But yeah, their behavior is increasingly entering bad-actor territory. I wonder how long it'll be before they lock entry-level printers into their branded filament?

My home storage setup is currently is two 8 20TB drive arrays - one live, one a remote backup.

I was buying drives to add another stripe when the pricing started to ramp up - I try to buy them over time to get different drives from different lots. Now I wish I'd just bought a bunch.

This time last year they were $369, sometimes cheaper. The most recent one I bought was $500. The cheapest I see them right now is $769.

I think I'll be waiting on that new stripe, but at least I have four spares to keep the existing system running.

Can anyone name under what authority this would operate?

I'll wait.

(Executive orders are orders to the executive branch. If you aren't an executive branch employee, they have as much authority over you as a postcard from me does.)

Also a good time to remember that a big part of the anti-Biden case from the techbro money types was how stifling and onerous the "please don't make dangerous robots" guidance was. Bill Ackman upside down in clownshoes on a unicycle, with a kazoo up his ass.

I disagree.

1. Backups were stored on the same volume as live data, and were destroyed by the same command. I agree that is a bad design on the vendor's part, but dude's responsibility was to read and understand the system he was using, and he tacitly admits he didn't understand that:

This is the part that should be a red alert for every Railway customer reading this. Railway markets volume backups as a data-resiliency feature. But per their own docs: "wiping a volume deletes all backups."

2. No, I think you misread - he says he didn't understand the token's scope:

We had no idea — and Railway's token-creation flow gave us no warning — that the same token had blanket authority across the entire Railway GraphQL API, including destructive operations like volumeDelete. Had we known a CLI token created for routine domain operations could also delete production volumes, we would never have stored it.

3. DR !=backups. Disaster recovery is is ensuring you have a path back to operational health from disasters. It is a set of plans, procedures and assets that has to be rehearsed. We test our ours once a year; if you are not exercising your procedures, you don't have a DR plan.

Further, the "agent obtained the key itself" - from stuff it was allowed to dig through. It found the credential hardcoded in a script it has access to. This required three different fuckups to happen:

(1) They didn't understand the scope of the token - see above.
(2) They hardcoded the token (which they didn't understand to be 'root' scoped) in a script. This turns any disclosure into a full compromise.
(3) They obviously let the robot root around lots of stuff it shouldn't have access to. Even aside from the disaster that happened, that's an invitation for adversarial disclosure - if this didn't get them, something else would have at some point.

Replace the word "AI agent" with "rogue employee". Would you blame yourself for them going postal and burning your business down?

To start with the utterly obvious, an LLM is not a human, and if you attempt to substitute one for the other, you are necessarily taking responsibility for the robot's actions. This is the same logic as not leaving weapons laying around where kids can find them, except some do kids have the capacity to know better than to use them.

That aside, I do agree that in early-stage companies you're not going to have the safeguards you need to survive a rogue employee or carelessly deployed robot, except probably around the bank account. Which is all the more reason to to be careful and understand your tools, or pay someone to do that for you.

The industry is shoehorning this shit into every product and service out there despite multiple documented examples of safeguards not working.

Oh my god. Tech companies are exaggerating their capabilities. This is a never-before seen crisis - how can other companies possibly be expected to understand that advertised claims may not be accurate or products might even be dangerous? My faith in capitalism is crushed. Please pass me my High Noon beverage so I can drink it while driving my Ford Pinto as my kid uses their Samsung Galaxy in the back seat.

Dude made several WTF-worthy decisions, any of which would have disqualified him from working anywhere near production where I work.

Let us count the ways:

- Did not take the time understand his own infrastructure (the backup issue)
- Did not take the time to understand permission scoping
- Clearly has never heard the term "disaster recovery"
- Let a robot play in production
- with way too many toys laying around
- and no apparent thought to risk/reward tradeoffs beyond "everybody (I know) does it this way"
- when the bullet encountered his foot, his first impulse was to blame everyone else, rather than own his shit. Unless his next Xitter post describes how he hired someone competent to re-architect and manage his technical infra, if I were a customer, I would be looking for a competent alternative.

My other comment in this thread probably makes it clear how I feel about them.

As a way to try to make suggestions instead of just being negative, I propose sidewalk bike guards. Think of a cattle guard with the slats rotated 90 degrees.

Anyone who has ridden a bike around trolley tracks understands how this works. But they should probably be placed in the middle of blocks, not at the ends. Street signals slow them down at the ends, and you want to disrupt use, not just access.

Self-enforcing, no need to convince arrogant, overfed cops to do their jobs.

I'd be fine with them if they used the street. As is, those things are a fucking menace.

I've seen two bad accidents. One was an electric scooter nailing a pedestrian in the ankle, it was obviously a bad break. The other was an electric bike driven by a delivery person, mowed down a kid, probably under 10. Also looked really bad.

In SF, the cops don't give a shit about bikes or pedestrians. (One of several reasons I don't give a shit about them.) But in a functional polity, that would be at least negligent assault, if not a more severe crime.

I can live with human powered conveyance on the sidewalk, especially if it is kids. Add a motor (don't care what the power source is) and you are a menace I hope I get to see you faceplant at a high speed.

Cutouts are easy. Kalshi could sell data to someone who sells it to the IRGC and plausibly deny it. Hell, they might really be unaware of it - the IRGC and third-parties have their own, pretty obvious incentives.

The entire point of prediction markets is to incentivize insiders. The theory is the same as that for public markets - profits incentivize information disclosure, which is assumed to benefit everyone.

These are designed to incent insider trading. The gap between theory and practice is what we see here.

Keep Donnie Dipshit in mind every time you fill up, book a flight or spend more on food. And don't forget his fake hillbilly Thiel-thrall.

This absurd, unnecessary disaster is entirely his.

It'll be easy to remember to keep thanking him, because you'll be paying for his emotional problems up through the 2028 elections and beyond.

You implemented CORS. You managed to get CSP headers to stop throwing errors. You implemented CSRFs. Get ready for the all new LLM-based Cross-Site Scripting.

And underpowered.

(And yeah, it was a fun degree. Just a BA :) Decided to go back to school for a second degree on a topic that had long been of interest to me)