Why ask whether china is eroding the lead; rather than whether the incumbents are maintaining it?

Maybe my faith is weak and if I were huffing the dumb money I'd understand; but it looks awfully like our boisterous little hypebeasts promised that, this time, unlike all the other times in 'AI' we could totally brute force our way to the AGI Omnissiah; briefly tried copium in the form of hoping that competitors would be intimidated by their capex(because there's basically a generation of VCs who think that failure to reach monopoly is indistinguishable from losing); and finally proceeded to speedrun commodification because it turns out that nobody actually had any plan for what would happen if this alley started looking visually impaired even after we plundered the entire internet to feed it.

I realize that it's more fun to focus on what the sinister chinese are doing than what our glorious golden boys are not doing; but let's do the latter anyway; especially since this is one area where you can't just please chinese factory slaves as an inherent price advantage. The guys mechanical-turking out 'training'/'classification' tasks will all go wherever to scrape up the cheapest labor available, then stiff them on promised payments; and (while the process is pretty porous) being not-china is definitely still the best way to get access to premium TSMC processes; and at least not-worse for most of the rest of the most interesting ones.

Either LLMs are fundamentally a technology where being the first mover is a dumb idea; or the 'leaders' are actively fucking it; because, unlike some of the cases involving rare earths mining or finding fast fashion sweatshop sites, this was theirs to lose.

I assume that there's a research OS somewhere that has discovered that this is much harder than it looks for anything nontrivial; quite possibly even worse than the problem that it is intended to cure; but looking at the increasingly elaborate constructs used when sudo is intended to be a granular delegation makes me wonder if the correct approach lies down the path of better permissions rather than ad-hoc lockdown logic.

There are some cases(eg. password-change or login tools often both reflect granularity limits in credential storage; and make reads or edits on your behalf to parts of files that you wouldn't be allowed to touch directly; but also do things like enforce complexity or age requirements that would require a really expansive view of 'permissions' to encompass) where the delegate program is handling nontrivial delegation logic on its own; but in a lot of instances it's hard to escape the impression that you are basically bodging on 'roles' that can't be or aren't normally expressed in object and device permissions by building carefully selectively broken tools.

I obviously don't blame sudo for that; its scope is letting you run a particular thing as someone else if the sudoers file allows it; but a lot of sudoers files might as well just say "there are no roles on this system between 'useless' and 'apocalyptic'"; and that feels like a permissions design problem.

Of note; probably not one to try to NT yourself out of; I'm not sure that you can build a sufficiently expressive set of permissions on classic UNIX style ones; but I've yet to see an NT-derived system that didn't boil down to 'admin-which-can-be-SYSTEM-at-a-whim'/'little people' regardless of the wacky NT ACL tricks you can get up to.

I'm curious if it's a case of the alternatives being tried and largely found to be worse; or if (along with a number of other OS design/architecture fights) the whole thing has mostly been pushed out of mainstream relevance by the degree to which you can just pretend everything inside a worker VM is basically at a homogeneous privilege level if you don't want to deal with it.

I can't comment on where sudo itself lives on the spectrum from aggressively solid implementation to really-dodgy-smell-around-the-edges; but it seems like its purpose is a fundamentally tricky problem even if its execution were impeccable.

The basic "user is authorized for root; but we'd prefer he be thinking and logged when he uses that authorization" is reasonably cogent use case; but it's more of a reminder than a security barrier. Then you get into the actually-interesting attempts at limited delegation and determine that you'd basically need a different userland for a lot of purposes: aside from the modest number of things(often with setuid already in place) built specifically to carefully do a very particular delegated function on your behalf and provide you with nothing else if they can help it; very little aside from garbage kiosk UIs or web or database-backed applications with user and permission structures mostly orthogonal to those of the underlying OS actually tries to constrain the user's use of the application(within whatever context that user is operating; generally having a privilege escalation is considered bad).

Half of what you run considers having an embedded shell to be a design feature; so including any of that on the sudoers list essentially means being able to chain arbitrary commands from that sudoers entry; and the other half doesn't outright intend to include a shell but would require some really brutal pruning, likely of important features, to prevent being able to chain a couple of interactions into having the ability to run whatever. And that is assuming that sudo itself is working entirely correctly.

I always look to people with degrees in 'community development' to tell me whether there are enough spooks in my computer science or not; it's just good sense.

If it's dissociality and/or disinhibition without an LLM fetish it's just an ICD-11 personality disorder.

Saying that, much less in public in a way that suggests you either think that it will be helpful or that people will view you as being helpful, seems like strong evidence of an AICD-11 personality disorder.

Why, exactly, are we listening to someone who passed through software engineering on his way into management claiming that software engineers(presumably now his direct reports) are the most spoiled profession and how it's just terrible that nobody is willing to spend several years working for peanuts to get experience(because the argument from race to the bottom is persuasive now?)

He then meanders over to the theory that if you are a real actually-good software engineer your job is clearly safe, because AI isn't set to replace you; ignoring the fact that entire teams, competent and all, get wiped out when the money sloshes a different way all the time; and 'AI' has seen some cataclysmic levels of frankly irrational money sloshing by some mixture of conmen, cultists, and the good old 'animal spirits' of that definitely rational market.

It's basically the same story about 'web developers' who learned how to knock together some HTML at a bootcamp somewhere, or 'IT' back when that was something where the money attracted some people who had no interest, warmed over and presented as novel; with a side helping of boundless(but notably vague) optimism about all the cool new AI-things that are being created that will need real engineers at some point.

Honestly, it's almost impressive how he manages to be so grating while being so vacuous.

The word "seems" in the sentence "They are drawn to it because they feel burned by the traditional system and want a fresh start with something that seems more modern and less manipulative." is so load-bearing I can only hope that the author is also a structural engineer.

To a darkly hilarious extent 'fintech' is more or less entirely regulatory arbitrage with a light skin of 'apps'.

So, on the minus side we've got people trying to game the system. On the more-minus side; the way they are trying to game the system suggests that peer review has, at least in part, been farmed out to chatbots because it's easier. Fantastic.

"A tandem charge the size of a solar system" isn't really the reassuring correction I was hoping for; to be honest.

Thankfully, you can sustain national greatness just by shouting belligerently about it; the idea that you actually need competence or execution is just a con; so this should have no side effects whatsoever.

Probably not great news that someone further up the Kardashev scale remains a fan of double tap strikes.

My suspicion is that they are probably in the clear. the USB PD spec includes 'vendor-defined messages'; both 'structured VDMs' that are standardized and 'unstructured VDMs' that are basically whatever the implementer feels like. This obviously doesn't prove that Nintendo are in full compliance with what the USB-IF really wants the USB trademarks applied to; but(along with the reports that it plays just fine with 3rd party chargers) it looks a lot more like a basically-compliant-minus-any-bugs-or-compatibility-hacks USB PD implementation that just doesn't mention DP alt mode unless it likes the unstructured VDM chatter. Dick move; but one you could do in full standards compliance.

Sounds like they are acting all pious over what is basically a workplace dispute over division of margins.

The outfits that do ransomware negotiations remain legal; because for some reason that's one area where nobody bats an eye at you doing business with transnational criminal syndicates; but they are basically just bagmen who take a cut of the deal for interacting with the disreputable ransomware guys for you. In this case, apparently one of the employees wanted a larger percentage of the cut than he was getting from his employer.

I suspect that what he did is some sort of crime in a way that what his employer does isn't; but it's the same business model; just with some disagreement over whether that guy gets a percentage directly as well or whether just the company does.

Eberhart seems like he may be falling for the hype himself. He says "What's happening now isn't innovation; it's aspiration masquerading as disruption..."; but fails to note the fairly profound differences in results between the orbital delivery guys and the moonshot guys; and how neatly that maps onto what is aspiration and what isn't.

Putting satellites into orbit is kind of mundane at this point, too common, too obviously useful; but it's sufficiently obviously useful that more or less anyone with nation-state aspirations wants to at least have a program that executes; and civilian and day-to-day operations want someone who executes but cheaper. And that exists. Going to the moon is cool, and it's a nice prestige project for when the gerontocracy needs to show that they still have it just like when they showed the commies what for; but it's unclear exactly what the point is or the stakes are beyond that. The customer presumably would like to actually land something on the moon, at some point, just to say that they did; but what they are buying is mostly aspiration on the cheap: We get to say that we have a lunar program for way less than Apollo money, you do some open-ended tinkering, honor satisfied.

He can talk about 'accountability'; but it seems like it's a fundamentally hard problem to actually sustain a lie about how serious you are, at an institutional level, in the long term. It's not like do-or-die projects are free of losers(especially because circumstances have a nasty habit of thrusting them on people whether they like it or not; rather than giving them the luxury of choosing whether or not to take on those stakes); but they tend to be animated by a sense of genuine urgency. Stuff that is, fundamentally, kind of optional, by contrast, tends to reflect that in bulk. Timmy Rockets may be genuinely more passionate about stir-welding than you've ever been about anything; but, like is cousin who is really passionate social worker, will soon discover that going to the moon and fighting poverty are open-ended projects we do because they sound nice, not because anyone who matters is actually committing to a deadline.