Why do people tolerate these things from both Google and Apple? Do you use your Macbook Pro without an Apple ID? You can't even functionally use an iPhone without an Apple ID.

Why do you tolerate this from these companies?

Why do you tolerate upsells on web properties from Google to get you to move to Chrome? Or why do you tolerate Chrome's incessant fucking nagging to login to your browser/Google Account while using the browser or visiting any Google websites?

Do you completely use your Google items without any of these things?

What we ultimately need is a digital ID system that can be used to participate in a global open standard for identity verification. With users in control over which information they share with websites. That digital ID system should be government run and operated. Speaking from within the US, what that means is each state needs their own application deployed that meets the standards necessary.

The token, at a bare minimum, should include a completely anonymized cryptographic identifier, and an issuing authority identifier. A trust chain should be established at the IANA level similar to how we do DNSSEC. This at the bare minimum establishes that the account in question *somehow* properly identified to a government agency somewhere. And traces back to the agency that identified that account. This isn't particularly a super duper strong barrier to fake accounts, but it does make it more costly. Those accounts/bot farms will now have to be intertwined with a government somewhere to get properly identified.

The next identifying marker in the above token should be something along the lines of "ofage", "adult", or something along those lines. Rather than specifically marking as "over 18", since many countries have different laws and rules around what they consider appropriate for different age groups. This marker won't actually include your actual age, but whether or not you meet the definition of being of age in that country. The issuing authority could behind the scenes just mark literally everybody as "ofage" if they don't care about it. The decision to determine what "of Age" means rests entirely on the issuing authority, and the only thing returned to the application/website is a boolean value.

So now you've got an asymmetrically signed token with an Issuing Authority; an Anonymous, cryptographically unique Identifier; and a boolean value on whether you meet their country's "of age" definition.

As a user, you should be able to choose which information you provide to applications. The bare minimum should be the Issuing Authority and the Cryptographically-Unique Identifier. But that's about it. Everything else, including whether you wish to share the "ofAge" attribute should be entirely on the end user. And if you want, give users the option to share identifying information if they so choose. Or just leave that out of the spec entirely.

No, it wasn't. But the bot problem has gotten significantly worse than what it ever was. And it's a tough problem to solve without de-anonymizing everybody in the process.

I think there's a very different expectation between "content that's AI-generated" and the expectation that comments sections, review scores, etc. are human. There's a difference between someone posting an AI video and the comment section of said video being nothing but AI bots. Furthermore, it's even more of a problem when those AI bots are dressed up as "real average joes". Hell, it was already a problem before with troll farms in south east Asia, let alone the scale of which AI allows you to build a troll farm. Absolutely unprecedented.

As someone who crosses the border regularly, lives near the border, and travels to other border towns regularly, this is patently not true.

Aside from that, however, the point you made about them being â€oeAmericans without paperworkâ€; has extreme originality in the United States that dates back to before its founding.

And if the Supreme Court is allowed to use historical, pre-American doctrine for its reasoningâ€"we can ABSOLUTELY use post-American, pre-1900 doctrine to define how people come to this country.

No you see it's the democrats causing us to go to war with Iran because the democrats let 2.2 millians of Iranian terrorist Ayatollah sympathizers through the southern border with our open borders policy.

I wish I was joking, but Mike Johnson legitimately said this... Or rather, he threw out a bunch of numbers during his press conference:

1500 Terrorists on the watchlist
2.2 Million people "released", whatever that means.
1500 Iranian Nationals "crossed our open borders"
"the actual number is much higher, we don't actually know. Keep your head on a swivel."

"but noted that AI models still can't process and act on new information the way executives do"

Uh huh. I'd argue that the executive role is significantly more replaceable by AI than the janitor. So, time to go get yourself a mop and learn how to clean toilets, Mr. Exec.

My understanding of these AI agents is they're not running completely autonomously and are running with prompted information from a human behind the keyboard. That is, the AI agent didn't "write a blog", but the human being used the AI agent to write a blog.

Am I misunderstanding how these tools are used? Because everything I've ever toyed with them required me to prompt the hell out of them.

Yeah, as conspiracy theorist as it might be, I'm willing to bet that Meta does indeed very easily have the capability to read the content of messages if it so desires. And that's because we don't actually know what is happening with both the E2E key exchange nor the private key generation.

I'd hope that someone inside of Meta would whistle blow on such allegations if they were true, but who knows in today's economy.

I still trust Signal above all else. And if I need something more secure than Signal, I'm dumping immediately to hardware token-backed PGP keys.

Many years ago in the state of Maryland, the state government stood up speed cameras on roadways to help protect the lives of construction workers. People were so upset by this that they were walking up with baseball bats to smash the cameras and threaten the camera operators due to the additional "surveillance" of people driving on the roadways.

Meanwhile, Tesla with its FSD tracks every mile you drive, what you're doing in your car, and sells and shares that information to other entities, in increments of "every second you drive your car", and nobody's bothered by this in any way?

To be fair, this was always going to be the reality. It's no different to when some insurance companies offered a tracker to reduce your insurance rates if you allowed them to track your driving behaviors. But this is now something offered to hopefully reduce your spend on car insurance, which is usually one of the most attractive ways to get someone to do something (hang money over their heads).

Just interesting that we think all of this surveillance is totally okay (Teslas, Ring cameras, etc.)

To be fair, brick buildings and concrete buildings (or more technically known in California as unreinforced masonry buildings) are banned because of the earthquake risk. I would imagine concrete buildings, when not properly built, have similar issues. Wood flexes with the earthquake, and is generally a better material for areas that are at earthquake risk.

This is the dumbest take, seriously.

Wifi does not have any negative impact on your body.

Because they've continued to make changes to the scheduler to the point that Windows 11 is preferable for more modern CPUs. Your 3960X Threadripper might be fine, but most consumers are picking up 9800X3D's which benefit more from the work being done in 11 than Windows 10.

Windows 10 on a 9800X3D puts your system at a performance disadvantage. (Although in raw framerate numbers when you're GPU limited it might not be as noticeable). But certainly the overall OS performance is going to be worse.

I mean, NTLMv1 is basically pushed to be eliminated across most basic security hardening of any Windows AD domain in existence. If you deploy CIS Benchmarks or STIGs, you're nuking NTLMv1 right out the gate and none of this applies.

Now, as far as NTLMv2 versus Kerberos usage, Microsoft is working to purge NTLM entirely from Windows by using things like local KDCs and such on Windows systems. I don't think this full platform is deployed yet. But that'll eliminate NTLM entirely from Windows.

As far as Kerberos goes, you should also eliminate RC4 Kerberos. Which, again, is generally much more difficult to do in boutique Linux deployments that mount CIFS shares.

Most consumers should be on Windows 11 24H2 or 25H2 at this point. And to be fair, so should most enterprise customers. 24H2 is a dramatic shift in Windows 11 to the point that it should be your baseline for OS.

Out of the identified issues, the only bug that affects 24H2 or 25H2 is the Remote Desktop sign in failure bug, which would impact enterprises but shouldn't impact most consumers of the OS. So this out of band update practically doesn't apply to most gamers or home users of Windows. (Unless your company allows you to use your personal computer for Azure Virtual Desktop).

The other issue, which impacts Windows 11 23H2 (which you really should be off of), only impacts System Guard Secure Launch deployments--which at this point are so few and far in between that it's not even worth discussing. I'd wager a good 85% of deployed Windows systems either do not support nor do not have enabled Secure Launch.

For example, to even use Secure Launch on an AMD platform you need to have a "Pro" CPU. Intel's newer CPUs have these features, but AMD does not.

Considering AMD is currently the gamer's CPU choice du jour, you'd have to have a Ryzen Pro *and* Windows 11 23H2 to be impacted, *and* Secure Launch/HVCI/etc must all be enabled. And most internet websites that teach you how to "tweak" your Windows for "peak gaming" tell you to turn all of these security features off anyway.

For what it's worth, in every environment I've ever been in, the only reason NTLM still exists is to support Linux/Open-Source systems that aren't "joined to the domain" and any isolated environment that also wasn't "joined to the domain" for "cybersecurity reasons" but still needed access to an SMB share.

That's pretty much it.