It's open source and there's no liability whatsoever, but that's nothing other than malware. Just not in a regular programming language, but with a specific instruction for a machine. With premeditated, intended malicious consequences.

In other words: It's malware, plain and simple. The flak the guy is getting is understandable.

Everyone knows that 10x engineers validate inputs and carefully manage dependencies; so clearly there's no risk of unexpected behavior.

It seems worth noting that one of the items in Wyden's rather pointed inquiry is the fact that the feasibility of doing this is known to have been demonstrated for the DoD by outside people familiar with it at least as early as 2016; so while this is the first confirmed case of adversarial use it's the outcome of at least a decade of just ignoring the problem; and a significantly longer period of failing to reasonably anticipate the problem. It's not like there's No Such Agency you could ask about "how could you spy on someone with the internet even?" if you wanted to know how well or poorly readily available information matched a nation state signals intelligence apparatus.

Purely as a matter of cellphones being expensive and somewhat tepidly capable in the before times I assume that there was a period within living memory when merely telling people not to Gordon Gekko on their DynaTAC where the russians can hear you was good enough; but that would have clearly and rapidly been getting less true for at least a quarter century.

I hate to tell you this, but tubers, grains, and even beans are ALL vegetables.

The whole 'responsible disclosure' preaching and the not-terribly-subtle threats seem particularly bad given that there's an entire industry of actively more dangerous people who are not only treated as legal but actively courted by state agents and cops(and often even less savory customers, though they tend to be cagey about those); the ones who actively seek to keep vulnerabilities quiet so that they can continue to sell exploit tools and services based on them. Throwing zero days on github isn't ideal vs. getting them fixed; but it gets them fixed faster than if Cellebrite wants to hang on to a bitlocker bypass or Trenchant, and L3Harris Technologies Company, wants to keep selling 'network investigative techniques' that can bypass default windows defender configurations or whatever the situation is.

From the outside it's hard to know whether MS actually mistreated the researcher badly enough to justify their displeasure(the consensus appears to be that MSRC was never the best to deal with and has actively gone downhill; but this person's position seems significantly angrier than average) or whether they are perhaps wound a little tight; but implying that their legal status is the same as people actively running attacks against user systems is blatantly false and totally ignores the class of researchers who do actively run attacks while being treated as respectable.

It's a particularly bad look when at least Facebook got into a public legal fight with the NSO group over their nerd-merc work against their users; not like that actually solved the problem of attacks on cellphones; but it was an all-too-rare case of industry pushing back against the 'respectable' arms dealers; and not one that MS has an analog to.

IIRC this class of substances is won from venomous animals. If it's a toxin that enhances brain function that would be cool. Perhaps something with the effect of stimulants, but permanently.

However, I'm not taking these new drugs just yet.
I'd rather wait a little longer and see if the Ozempic crowd turns into a bunch of blind Zombies or a bunch of Superhumans.

Then I'll make my call.

We'll all pretend that nuclear-tipped VCs will remain cool-headed and cooperative when the AI debts start to go sour.

No, the reason the FBI arrested him was because the CIA reported him to them.

I'm not an expert on rebuilding massively exploded launch infrastructure; but I have a suspicion that a 2026-2029 plan is now going to involve less Blue Origin than previously believed.

Of course if those aren't securities, then the entire site is illegal as it's operating as a securities exchange. That's their legal argument for why they aren't gambling sites, and shouldn't be regulated by state gaming commissions. So expect the full might of all those prediction market sites to be lining up against that argument and for finding him guilty.

You are heading down the right path.

A book that made things more clear for me is "Non uniform random variate generation" by Luc Devroye (https://www.cs.fsu.edu/~mascagni/Devroye.pdf).

The generation of different distributions can be done algorithmically, but the algorithms get to the core of the processes making the noise. E.G. 1/f noise can be made from summing many exponential decaying functions. Electrons falling in holes in silicon - same thing. So we have 1/f noise in silicon. The type of process determines the type of noise whether quantum electron events or rain or insects chirping.

While noise does emerge from quantum things, it also can emerge from higher level processes.

Claims of perfect randomness from quantum physicists are always wrong.

1) The claims rely on some detector being 50/50 (they never are), always detecting individual events (they often see multiple or none) .
2) Randomness amplification is a subfield of entropy extraction and it cannot give you full entropy (aka perfect randomness).

... _very_ fundamental way.

[Disclaimer: Passionate multi-decade Senior Web Developer here]

And that is *drumroll*:

Always online, no standard default way for offline.

Seriously, this is the biggest downside (and perhaps eventually downfall) of the Web and ist it's protocols. It's the reason I initially thought "Who needs this crap?" back in the 90ies when the Web first appeared.

In this regard Fidenet and other BBS networks are technically superior(!!) to the modern Web.

Solid crypto-based Ident/Auth/Authed DNS and a set of document-centric offline capable Web protocols on top would be the right way to do this. Most security problems and this tracker garbage we have to deal with _every_ _single_ _day_ would vanish in an instant. As would quite a few other problems of the modern Web along with it.

The Web is awesome. It won for very good reasons. But it _that_ way the Web is epic shit by design. If the Web eventually fades away it will likely be because of that flaw.

Until then it's paying bills, so not many too hard feelings on my end. But the general IT expert in me sure wishes we had better protocols for solid offline capability.

Oh, they know; it's more that you can't really put "fuck palantir!" in an encyclical; but you absolutely can choose which perfectly plausible catholic author to quote in your piece on how weaponized AI is bad; and going with Tolkien over the other options seems deliberate.

That's a fine google, but the citation request was for the following text: