The poster is a troll, and I completely disagree with the framing that Thomas is some devout defender of the Constitution, but there is actually a point here. The point was highlighted by Justice Sotomayor in the oral arguments for Trump v Slaughter.

The TL;DR is that we've been pretty egregiously violating the Constitution's separation of powers for a century, and everyone has just quietly agreed to look away. We've been looking away for very good reasons, and what we really *ought* to do is amend the Constitution, because this is an area where the Constitution's 18th-century design does not work for the 20th (or 21st) century reality.

The longer explanation:

The Constitution sets up a strict separation of powers. Only the legislature can make laws. Only the executive has the wherewithal to enforce the laws. Only the judiciary can interpret the laws, and their constitutionality. Each serves as a check on the others. The president can veto legislation. The legislature can refuse to fund the executive's initiatives. The judiciary can invalidate laws and issue orders to the executive... but the judges have to be nominated by the president and approved by the Senate. It's solid partitioning of power, designed to prevent the monarchical abuses the founders were familiar with, abuses that occur when one man (or woman, or small group) has the power to make the laws, enforce the laws and interpret the laws.

Very nice. But it doesn't work in the modern world.

The reason is that the US is much, much bigger and the world is vastly more complicated than it was in the 18th century. Regulations need to have a level of detail and sophistication that just isn't feasible for generalist legislators, and we don't want to leave the drafting of regulations to lobbyists. What we need is government experts in focused areas (fisheries, energy, mineral policy, telecommunications, etc.) whose full-time job is understanding the minutiae. Then lawmakers can write laws providing broad guidelines for the experts, who study the issues, write the regulations, subject them to rounds of public review and then enact them.

On the judicial side, the courts, all the way up to the Supreme Court, remain the final line for adjudication, but they're designed to grind very finely, which means they grind very slowly, and at great cost, especially since judges are also generalists so the litigants need to educate them on the detailed issues. To make enforcement of the detailed regulations practicable, we also need, effectively, specialist judges. The way we've handled that is by authorizing the same federal agencies who make the regulations to adjudicate their application.

Oops. Does this sound like we've lumped lawmaking, law enforcement and adjudication all together inside the federal agencies (in the executive branch), in clear violation of both the letter and the spirit of the Constitution, directly defeating the founders' work in dividing them up, re-enabling tyranny?

The letter, definitely. The spirit... not exactly. The other thing we did was to divide those powers up not by category (rulemaking, enforcement, judging) but by subject matter. So while each agency holds great power over its little fiefdom, that power is limited in the aggregate because the potential fisheries tyrant is completely separate from the potential telecoms tyrant. This limits the total power of each and prevents them from getting so big they can't be slapped down.

Unless it doesn't.

This scheme only works if those agencies are independent within the executive branch. And they cannot be independent if the president is free to fire anyone in the executive branch at will, which is what Slaughter is all about. If the president can fire anyone, then the whole of the executive is subject to his will, which means all of those subject-matter-isolated threads of power get gathered up into a single pair of hands.

And if that happens, we're back to monarchy. An elected monarch, perhaps. And possibly with a limited term, and with a few gross checks on power, slow and uncertain in application. But we have a single person with the power to control nearly all of the federal government's power to make, enforce and adjudicate the law, relegating the formal legislative and judicial bodies to backstop positions, generally unable to act fast enough to prevent tyrannical abuses.

So... what we ought to have done is to have amended the constitution to bake the independence of the executive branch agencies into the system. Or, we ought to have created parallel legislative and judicial sub-branches so that each area had its major functions isolated within the Constitutional framework.

This wouldn't have been difficult in the case of the judiciary, though we'd probably have had to create a different hiring process for the thousands of low-level adjudicators required -- going through presidential appointment and Senate confirmation for all of them would be impractical. But on the legislative side, we'd have needed a Constitutional amendment to enable the massive numerical expansion of the legislature necessary for all of the expert rulemaking roles, and those people would also need an entirely different hiring process. Voting on all of them would be impractical.

But fixing the problem correctly in either of those ways was hard, while just ignoring the issue was easy. And ignoring it worked fine for a while. We saw the first potential issues with Nixon, and ever since Nixon almost every succeeding occupant of the White House has chipped away at agency independence. Until Trump 2.0 when we have a president who has smashed a battering ram through all of the norms that maintained it, and is trying to get judicial blessing (the Slaughter case).

If you think the presidential immunity ruling was bad, that's nothing compared to what will be unleashed if SCOTUS finds fully in Trump's favor in Slaughter. We'll have a king with the power to (among many, many other things) unilaterally direct the imposition and enforcement of regulations that impose hundreds of millions of dollars in fines on telecoms companies. In this case, for what I think is a good reason. But whether it's a good reason won't matter if the president wants to do something for a bad reason, he'll have the power.

Particularly dangerous is the combination of:

1. The immunity ruling, plus
2. Absolute authority over the executive branch, plus
3. The unlimited pardon power.

The president can order anything at all done, federal employees will have to do it or be fired, and if it's a crime (a) the president is immune and (b) he can pardon everyone who does his dirty work.

I think the final backstop of impeachment and conviction by the legislative houses is likely to remain in that case as the only real limitation on presidential power. For the conservatives who think this is a good thing, they should think really hard about what a president AOC who decides to fully use the power of the Unitary Executive might do.

Fully-decentralized trust systems just don't work. PGP failed primarily for this reason, while SSL Certificate Authority system succeeded -- which shows that you don't need perfect centralization, a federation can do it, but the federation has to contain a sufficiently small set of authorities that it's practical for those who need to trust them to do so. The SSL analogy is useful in another way, too. Note that end-users don't know or care about CAs, they only have to trust their browser; the browser authors package the list of trusted root CAs, and they're moderately well-positioned to make those trust decisions on their users' behalf (the certificate transparency log is another layer, a global, fully-decentralized oversight mechanism -- but I don't see an obvious analogue for caller ID).

Applying this structure to caller ID trust, the most obvious points of control are the network operators first and phone makers second. Clearly the MNOs should be taking responsibility. They each know the accuracy of the IDs originating in their networks, and they are in a good position to validate the trustworthiness of IDs from outside their networks. Ideally, they should probably just refuse to forward an ID from a network that doesn't commit to anti-spoofing.

However, they're not doing that, and they're not going to do that, and we all know why: It's more profitable for them to permit spoofing.

One possible market-driven solution to this would be if some sufficiently-large networks decided that consumers cared enough about caller ID accuracy to make it a selling point for their services, committing to send only trustworthy IDs, either because they know the origin within their own network, or because the ID came from another operator who made the same pledge. My guess is that this would require renegotiation of interconnection agreements, but it could be done. More importantly, it would require users to care enough about caller ID spoofing to be willing to switch networks to get away from it. I don't know if that's in the cards.

So, what about the phone makers? They're in the next-best position... and Google by itself can put a big dent in caller ID spoofing globally. If Apple does the same thing between their devices, and then if they collaborate with Google (not an outlandish idea; Google and Apple often collaborate on technical standards), they could ensure that any call originating from a mobile phone provides accurate caller ID, and block the rest. And then they could also collaborate with the dumbphone makers and any new entrants to the smartphone market.

I think this is actually not a bad solution, and the market-driven motivations are clear. Phonemakers benefit from happy phone users and don't profit from phone spam.

Sarcasm noted. So... you think this fake call check is a bad thing? Or do you have a different design to suggest that would work better?

UCS32 is certainly an option. It would probably turn me off from Rust entirely, though, at least for my current work. When your device only has a few KB of RAM, quadrupling the size of your strings would be really painful. I'm unhappy that my pointers and register-sized integers are each 8 bytes, so a slice consumes 16 bytes (pointer plus length), minimum. I hate it so much I might consider creating my own string type that only handles strings < 64kb in length, so I could use an 8-byte pointer and a two-byte length -- but ARM has pretty strict alignment requirements so the compiler would pad the u16 out to eight bytes anyway. And all of my strings are error messages which are seven-bit ASCII.

As for your abstracted version... note that in my code I not only don't have GC, I don't even have a heap... no dynamic allocation :-)

With Rust as-is, that means I don't actually have String, but I *do* have &str.

You can certainly argue that one language shouldn't try to address the requirements of tiny microcontrollers to servers with hundreds of GB of RAM... but it's actually really nice that it does.

Rust doesn't try to prevent devs from writing bad code, it tries to prevent devs from writing unsafe code (i.e. code that can exhibit undefined behavior), and the approach to strings is safe. If you index a string at byte offsets, and try to use that data as a string and it's not valid UTF-8, your program panics in a safe, well-defined way :-D

Perhaps not "as easy", but certainly not hard. Spend some time thinking about what kinds of covert and overt pressures might be brought to bear.

Aside: As an American, I think it's very sad that people lump the US and Russia together in this way. I think it's even sadder that I can't honestly argue that they're wrong. At most I can try to argue that there is still a significant difference of degree, if not kind, but it's not really worth making the argument because the degree of different is heading rapidly to zero. I deeply hope we can turn it around, and I'm doing what I can in that direction, but...

The latter. I'm pretty confident that TLS is secure. The modern ciphersuites are tight and things like the certificate transparency log make it so that while the TLAs might be able to subvert the CA process, they can only do it in small-scale, tightly-scoped ways. If you are a personal target of interest of any national security agency, you're screwed. They absolutely can get into every aspect of a private citizen's life if they want to put some effort into it. But the transparency log means that if they attempted to do this in any kind of large-scale way it would be discovered and publicized, so the fact that we don't hear about it truly does mean that they're not doing TLS penetration at scale.

However, even if they can't get the content of the connections, they can see where you're connecting to, and when. That sort of traffic analysis provides a surprising amount of information, and it can be done at scale -- and using a third-party VPN generally makes it easier, not harder. Layering VPNs can help a lot. Done carefully, you can structure it so that someone would have to control all of the layered VPN servers in order to track your connections. Layering plus multiplexing (using multiple providers and picking different routes and exit nodes for every connection) could make it really hard.

And if you don't really believe that traffic analysis is a concern, then there's really no point to using a VPN at all (except for location shifting), because TLS really is quite secure. It's definitely silly to, for example, fire up a VPN before connecting to your bank while at a coffee shop or an airport, which is exactly the pitch that many VPN services make. "Be wary of untrusted networks" is their pitch, and it's stupid[*]. If you're concerned about your online activity being tracked it's the "trusted" networks you're on most of the time that are the point of concern for traffic analysis. And the "trusted network" that may be the biggest concern is your VPN provider.

[*] Note that it's not stupid to be frightened of untrusted networks, but kinds of risks that exist with untrusted networks are generally not mitigated by VPNs. The best solution to those risks is keeping your device patched up.

There are a few ways to do it. The most common is to use the chars() method, which gives you an iterator over characters. So, for your example, something like "s.chars().skip(5).take(5).collect()". If you really need to do heavy unicode text manipulation (e.g. you're writing a text editor or something), you probably want to use some of the available crates, e.g. unicode-segmentation.

Clearly, as you say, this isn't what a lot of people would consider full, native support for UTF-8. Really doing it right would impose a heavy runtime penalty on the vast majority of simple string usage that doesn't need it, so Rust compromised: If you have a &str or a String in Rust, you know that what it contains is valid UTF-8 -- which means that when you create one you're paying the validation penalty, even if you don't need it... however, the penalties scale in an unsurprising way. When you create a string from bytes, the validation is an O(n) operation, but you also have to copy the bytes, so it's already O(n). When you slice a string, the slice validation only has to check the first and last characters of the slice, so it's O(1), as you would expect slicing to be. You might not naively expect slicing to panic with a UTF-8 validation error, but you should expect that it might panic with a bounds-checking error so the fact that it might panic isn't surprising. And, of course, you can use the get() method to get Err() instead of a panic.

Full native UTF-8 support would be a lot heavier. Many common String operations would be O(n) rather than O(1) -- including indexing! The APIs would be quite confusing to people accustomed to C-style strings, too, another cost. So, Rust doesn't do that. Instead, if you want the length of a string in Unicode characters, you use s.chars().count(). If you want a substring with character offsets you use s.chars().skip(n).take(m).collect(), or similar. These operations do not look like they're O(1) which is good, because they're not. They're also not nearly as slow/heavy as they look.

Like most compromises, this one makes no one really happy, and many people will disagree that it's the right choice. But I don't really see a better option, do you? Keeping in mind that everything from device drivers and bare-metal microcontroller code to browsers and editors is included in the target space, and that having different wide and narrow string types has proven to be a bad idea.

I should have included organized crime syndicates in that list, though thanks to Google's TLS-all-the-things push traffic sniffing is less useful for stealing money, and criminals generally have less interest in spying on people by doing traffic analysis.

Because Russia and the US are incapable of compromising or suborning providers from elsewhere?

Those are all ways to avoid installing questionable software on your primary machine, which is good, but they don't address the fact that you're still routing all of your traffic through someone else's server -- a server that tends to concentrate lots of potentially interesting traffic in one place, making it a much higher priority target than your typical ISP.

If the various intelligence and law enforcement agencies around the world don't own or at least have significant hooks into all of the major VPN service providers, someone should be fired for not doing their job.

Really? I've never, ever heard that pitch for AI.

Try saying that. /s

Also, the amount of energy required to reverse it... it's hard to see where that could possibly have come from.

The name of the product is "Bomb", and "Bomb" is the default Bluetooth name.

I don't know whether that makes you advice invalid, or all the more salient.

ROTFL

Social engineering redux... except now you only have to convince a sycophantic and overly helpful AI.

Many people incorrectly think of proxies and VPNs (especially VPNs) as a security and privacy enhancement, but unless you're operating the proxy/VPN server yourself they're just as likely to be a massive security and privacy risk. The problem is that they concentrate all of the traffic you'd most like to keep secret in one server, and depending on exactly how the system works, may require installing software on your local machine with ~root permissions. If the operator is malicious, this is a really dangerous combination.

These are useful tools for location shifting and -- in fairly rare cases, and with VPNs only -- from hiding traffic from malicious. But third-party proxy/VPN services should always be viewed with suspicion. Obviously this is even more true when the provider is Russian... though it's pretty likely that wasn't made clear to the people who used the service.