My home storage setup is currently is two 8 20TB drive arrays - one live, one a remote backup.

I was buying drives to add another stripe when the pricing started to ramp up - I try to buy them over time to get different drives from different lots. Now I wish I'd just bought a bunch.

This time last year they were $369, sometimes cheaper. The most recent one I bought was $500. The cheapest I see them right now is $769.

I think I'll be waiting on that new stripe, but at least I have four spares to keep the existing system running.

Pretty sure he meant 2 1/2 feet thick. I had the same thought when I saw it, but the poster just mis-typed.

Can anyone name under what authority this would operate?

I'll wait.

(Executive orders are orders to the executive branch. If you aren't an executive branch employee, they have as much authority over you as a postcard from me does.)

Also a good time to remember that a big part of the anti-Biden case from the techbro money types was how stifling and onerous the "please don't make dangerous robots" guidance was. Bill Ackman upside down in clownshoes on a unicycle, with a kazoo up his ass.

That sounds awesome. Do you have any references for that? I tried just now, but am not getting any hits on that from Google.

I disagree.

1. Backups were stored on the same volume as live data, and were destroyed by the same command. I agree that is a bad design on the vendor's part, but dude's responsibility was to read and understand the system he was using, and he tacitly admits he didn't understand that:

This is the part that should be a red alert for every Railway customer reading this. Railway markets volume backups as a data-resiliency feature. But per their own docs: "wiping a volume deletes all backups."

2. No, I think you misread - he says he didn't understand the token's scope:

We had no idea — and Railway's token-creation flow gave us no warning — that the same token had blanket authority across the entire Railway GraphQL API, including destructive operations like volumeDelete. Had we known a CLI token created for routine domain operations could also delete production volumes, we would never have stored it.

3. DR !=backups. Disaster recovery is is ensuring you have a path back to operational health from disasters. It is a set of plans, procedures and assets that has to be rehearsed. We test our ours once a year; if you are not exercising your procedures, you don't have a DR plan.

Further, the "agent obtained the key itself" - from stuff it was allowed to dig through. It found the credential hardcoded in a script it has access to. This required three different fuckups to happen:

(1) They didn't understand the scope of the token - see above.
(2) They hardcoded the token (which they didn't understand to be 'root' scoped) in a script. This turns any disclosure into a full compromise.
(3) They obviously let the robot root around lots of stuff it shouldn't have access to. Even aside from the disaster that happened, that's an invitation for adversarial disclosure - if this didn't get them, something else would have at some point.

Replace the word "AI agent" with "rogue employee". Would you blame yourself for them going postal and burning your business down?

To start with the utterly obvious, an LLM is not a human, and if you attempt to substitute one for the other, you are necessarily taking responsibility for the robot's actions. This is the same logic as not leaving weapons laying around where kids can find them, except some do kids have the capacity to know better than to use them.

That aside, I do agree that in early-stage companies you're not going to have the safeguards you need to survive a rogue employee or carelessly deployed robot, except probably around the bank account. Which is all the more reason to to be careful and understand your tools, or pay someone to do that for you.

The industry is shoehorning this shit into every product and service out there despite multiple documented examples of safeguards not working.

Oh my god. Tech companies are exaggerating their capabilities. This is a never-before seen crisis - how can other companies possibly be expected to understand that advertised claims may not be accurate or products might even be dangerous? My faith in capitalism is crushed. Please pass me my High Noon beverage so I can drink it while driving my Ford Pinto as my kid uses their Samsung Galaxy in the back seat.

Dude made several WTF-worthy decisions, any of which would have disqualified him from working anywhere near production where I work.

Let us count the ways:

- Did not take the time understand his own infrastructure (the backup issue)
- Did not take the time to understand permission scoping
- Clearly has never heard the term "disaster recovery"
- Let a robot play in production
- with way too many toys laying around
- and no apparent thought to risk/reward tradeoffs beyond "everybody (I know) does it this way"
- when the bullet encountered his foot, his first impulse was to blame everyone else, rather than own his shit. Unless his next Xitter post describes how he hired someone competent to re-architect and manage his technical infra, if I were a customer, I would be looking for a competent alternative.

My other comment in this thread probably makes it clear how I feel about them.

As a way to try to make suggestions instead of just being negative, I propose sidewalk bike guards. Think of a cattle guard with the slats rotated 90 degrees.

Anyone who has ridden a bike around trolley tracks understands how this works. But they should probably be placed in the middle of blocks, not at the ends. Street signals slow them down at the ends, and you want to disrupt use, not just access.

Self-enforcing, no need to convince arrogant, overfed cops to do their jobs.

IIRC, Joby opened a school for pilots a year ago. I don't think they wouldn't have not thought of that.

I hope that some of your questions point out that there may be 2 or even 3 distinct things wrong with you. As a few decades in my industry have shown, some of the most intractable problems are actually multiple problems that affect each other - once we identified that, things got a whole lot easier.

It is rare for multiple things to go kerfluey (that's the technical term) at once, but it does happen.

Good luck! Hope you get past it.

I'd be fine with them if they used the street. As is, those things are a fucking menace.

I've seen two bad accidents. One was an electric scooter nailing a pedestrian in the ankle, it was obviously a bad break. The other was an electric bike driven by a delivery person, mowed down a kid, probably under 10. Also looked really bad.

In SF, the cops don't give a shit about bikes or pedestrians. (One of several reasons I don't give a shit about them.) But in a functional polity, that would be at least negligent assault, if not a more severe crime.

I can live with human powered conveyance on the sidewalk, especially if it is kids. Add a motor (don't care what the power source is) and you are a menace I hope I get to see you faceplant at a high speed.

To be fair to Pelosi, that's not a high bar to clear. I'm no genius investor by any means (I make plenty of missteps), but even I make most professional investors look like amateurs.

Cutouts are easy. Kalshi could sell data to someone who sells it to the IRGC and plausibly deny it. Hell, they might really be unaware of it - the IRGC and third-parties have their own, pretty obvious incentives.

The entire point of prediction markets is to incentivize insiders. The theory is the same as that for public markets - profits incentivize information disclosure, which is assumed to benefit everyone.

These are designed to incent insider trading. The gap between theory and practice is what we see here.

Seriously though, this is something of a gray area:

"Yes, states can regulate areas already regulated by the federal government, provided the state regulation does not conflict with federal law. Under the Constitutionâ(TM)s Supremacy Clause, federal law takes precedence, but states often share concurrent powers (e.g., taxation) or set stricter standards than the federal minimum.

Key points on state vs. federal regulation:
1) Preemption: If a federal law conflicts with a state law, the federal law overrides (preempts) the state law.

2)Stricter State Standards: States can often impose stricter regulations, such as higher minimum wages, stricter environmental standards, or stricter gun laws, than federal regulations.

3) Areas of Sole Federal Authority: States generally cannot regulate areas designated strictly for the federal government, such as foreign policy, interstate commerce, or declaring war.

4) Dual Regulatory Systems: In many areas, such as banking or environmental protection, both state and federal agencies regulate simultaneously, with federal rules acting as a floor.

If a state law is deemed to conflict with federal law, the state law may be deemed unconstitutional or inapplicable. "
2) and 4) above may be the best bet (pun intended) for pushing the courts - NY may not be able to ban prediction markets, but may be able to tax them at the same rate (total coincidence!) as those that provide gambling. Also, NY may regulate prediction markets within the state to enforce a 21 year old minimum age to use them.

I could see one or both of those making it through. Outright banning, maybe not because of 1) above. I see 3) as being pretty hard to win by, for the fed that is, but I can see them trying that too.

Betcha I get first post!