Can anyone name under what authority this would operate?

I'll wait.

(Executive orders are orders to the executive branch. If you aren't an executive branch employee, they have as much authority over you as a postcard from me does.)

Also a good time to remember that a big part of the anti-Biden case from the techbro money types was how stifling and onerous the "please don't make dangerous robots" guidance was. Bill Ackman upside down in clownshoes on a unicycle, with a kazoo up his ass.

I disagree.

1. Backups were stored on the same volume as live data, and were destroyed by the same command. I agree that is a bad design on the vendor's part, but dude's responsibility was to read and understand the system he was using, and he tacitly admits he didn't understand that:

This is the part that should be a red alert for every Railway customer reading this. Railway markets volume backups as a data-resiliency feature. But per their own docs: "wiping a volume deletes all backups."

2. No, I think you misread - he says he didn't understand the token's scope:

We had no idea — and Railway's token-creation flow gave us no warning — that the same token had blanket authority across the entire Railway GraphQL API, including destructive operations like volumeDelete. Had we known a CLI token created for routine domain operations could also delete production volumes, we would never have stored it.

3. DR !=backups. Disaster recovery is is ensuring you have a path back to operational health from disasters. It is a set of plans, procedures and assets that has to be rehearsed. We test our ours once a year; if you are not exercising your procedures, you don't have a DR plan.

Further, the "agent obtained the key itself" - from stuff it was allowed to dig through. It found the credential hardcoded in a script it has access to. This required three different fuckups to happen:

(1) They didn't understand the scope of the token - see above.
(2) They hardcoded the token (which they didn't understand to be 'root' scoped) in a script. This turns any disclosure into a full compromise.
(3) They obviously let the robot root around lots of stuff it shouldn't have access to. Even aside from the disaster that happened, that's an invitation for adversarial disclosure - if this didn't get them, something else would have at some point.

Replace the word "AI agent" with "rogue employee". Would you blame yourself for them going postal and burning your business down?

To start with the utterly obvious, an LLM is not a human, and if you attempt to substitute one for the other, you are necessarily taking responsibility for the robot's actions. This is the same logic as not leaving weapons laying around where kids can find them, except some do kids have the capacity to know better than to use them.

That aside, I do agree that in early-stage companies you're not going to have the safeguards you need to survive a rogue employee or carelessly deployed robot, except probably around the bank account. Which is all the more reason to to be careful and understand your tools, or pay someone to do that for you.

The industry is shoehorning this shit into every product and service out there despite multiple documented examples of safeguards not working.

Oh my god. Tech companies are exaggerating their capabilities. This is a never-before seen crisis - how can other companies possibly be expected to understand that advertised claims may not be accurate or products might even be dangerous? My faith in capitalism is crushed. Please pass me my High Noon beverage so I can drink it while driving my Ford Pinto as my kid uses their Samsung Galaxy in the back seat.

Dude made several WTF-worthy decisions, any of which would have disqualified him from working anywhere near production where I work.

Let us count the ways:

- Did not take the time understand his own infrastructure (the backup issue)
- Did not take the time to understand permission scoping
- Clearly has never heard the term "disaster recovery"
- Let a robot play in production
- with way too many toys laying around
- and no apparent thought to risk/reward tradeoffs beyond "everybody (I know) does it this way"
- when the bullet encountered his foot, his first impulse was to blame everyone else, rather than own his shit. Unless his next Xitter post describes how he hired someone competent to re-architect and manage his technical infra, if I were a customer, I would be looking for a competent alternative.

My other comment in this thread probably makes it clear how I feel about them.

As a way to try to make suggestions instead of just being negative, I propose sidewalk bike guards. Think of a cattle guard with the slats rotated 90 degrees.

Anyone who has ridden a bike around trolley tracks understands how this works. But they should probably be placed in the middle of blocks, not at the ends. Street signals slow them down at the ends, and you want to disrupt use, not just access.

Self-enforcing, no need to convince arrogant, overfed cops to do their jobs.

I'd be fine with them if they used the street. As is, those things are a fucking menace.

I've seen two bad accidents. One was an electric scooter nailing a pedestrian in the ankle, it was obviously a bad break. The other was an electric bike driven by a delivery person, mowed down a kid, probably under 10. Also looked really bad.

In SF, the cops don't give a shit about bikes or pedestrians. (One of several reasons I don't give a shit about them.) But in a functional polity, that would be at least negligent assault, if not a more severe crime.

I can live with human powered conveyance on the sidewalk, especially if it is kids. Add a motor (don't care what the power source is) and you are a menace I hope I get to see you faceplant at a high speed.

Cutouts are easy. Kalshi could sell data to someone who sells it to the IRGC and plausibly deny it. Hell, they might really be unaware of it - the IRGC and third-parties have their own, pretty obvious incentives.

The entire point of prediction markets is to incentivize insiders. The theory is the same as that for public markets - profits incentivize information disclosure, which is assumed to benefit everyone.

These are designed to incent insider trading. The gap between theory and practice is what we see here.

Keep Donnie Dipshit in mind every time you fill up, book a flight or spend more on food. And don't forget his fake hillbilly Thiel-thrall.

This absurd, unnecessary disaster is entirely his.

It'll be easy to remember to keep thanking him, because you'll be paying for his emotional problems up through the 2028 elections and beyond.

You implemented CORS. You managed to get CSP headers to stop throwing errors. You implemented CSRFs. Get ready for the all new LLM-based Cross-Site Scripting.

And underpowered.

Or the brief period in the 90s when they hosted the most popular web search engine as a demo of the Alpha.

It amazes me how many people use shitty banks - I assume people just don't know how much better credit unions can be.

Far better interest rates on loans/credit cards, they don't nickel and dime you over everything, and services that are actually useful instead of stupid promotions designed to goose this quarters' bonus. They'll give you basically the best rates you can find on mortgages, too.

One downside is slower clearing, but I don't use them as my primary account, so I don't care about this.

They also tend to be more cautious about lending. The longer you have an account, the more comfortable they'll be with you on that front. (Assuming you are financially competent, of course.)

And what they offer varies - mine, for instance, does not have a money market account, so that is at a different institution.

But especially for younger folks or folks who carry credit card balances, they're so much better. My credit union CC rate is a few points hire than current inflation.

i kinda wanted to think it was drunken kung fu, crazy wisdom, or 4d chess

That's always the claim.

It is rooted in the "madman" theory, and it isn't complete bunk, but vastly overrated. Acting like (or being) a crazy asshole is its own form of predictability.

And in Piggy's case, it is a cope masquerading as a boast. When he can't bully, the dipshit just has nothing else. He's strategic about nothing except protecting his fragile ego.

So he does utterly stupid things like attacking Iran while claiming the goals were secret so he could retcon whatever he wanted. The reality is he's decompensing - he's losing badly in court and public opinion. The weird kidnapping of the Honduran president made him think he knows better than all those egghead generals, and he stuck his dick in a meat grinder. And all the while he gets a little more demented, retreating up his own ass, mincing about the drapes in his oh-so-pretty ballroom/citadel from which to claim he can't be ousted as Supreme Ruler.

Which would be fine, except he's taking the rest of the country with him while making everyone hate us.

Trump is a shit stain on the underwear of the nation. He needs to go.

And it didn't even really pull the heat of the Epstein stuff, so it failed there, too.

On the bright side, the dipshit also badly damaged his coalition.

But yes, Stumpy: - spent upwards of 12 digits on war porn without any plan,
- got badly outplayed by Iran on one side, Israel on the other, and China playing adult in the room,
- destroyed the Freedom of Navigation the world depends on for trade the US used to guarantee,
- spit in the face of our allies, yet again,
- demonstrated to the world that the US cannot be trusted to keep commitments,
- turned the most active Iranian protests against the regime in decades into very public demonstrations defending it.

Oh - and we're not done. Iran says the ceasefire isn't on yet, because US/Israel is violating several of the provisions, and the Strait is not, in fact, open.

This is that fucking idiot failure Don Trump's gift for Americans.

This is an attempt to reduce fear, but it seems like a pretty sophomore effort.

They have enough money for really good PR, so I have to imagine there are... personalities interfering. Or maybe just one.

Going to be fun watching the hustling as they try to IPO with a CFO who says it won't work.

That's an extremely short-term analysis.

Your red-pilled lawyer will soon have a reputation. They'll find their client pool shrinking, judges not giving them the benefit of the doubt, and other lawyers not referring work to them.

They'd better do a lot of slop cases quickly and hope the money lasts, because that strategy is going to tank their practice faster than they graduated law school.