I would hope that a non-credentialed "citizens scientist" could submit work to a journal, with the caveat that he would not be given the presumption of competence and presumption of integrity that a well-known professional scientist or someone employed as a scientist with a reputable institution or company would get.

In other words, if your no-established-reputation friendly neighborhood citizen-scientist did some high-quality, valuable research and submitted it to an on-topic journal, they should at least look at it. If it looks to be as high-quality as they usually get and there's nothing in it that screams "fake" or "sloppy" they should take a second look. Since they don't know the person and nobody can vouch for him, they should make more than the usual effort to have the author defend his work and provide the back-up material to demonstrate that the research is real. In practice, this might involve reaching out to a reputable university that is physically close to the citizen-scientist and "outsourcing" some of the vetting to that university.

If this keeps up, the academic-journal industry will need to find a way to authenticate primary authors' identities and, for authors who don't have a proven track record, authenticate that the primary authors actually did the research behind the paper or (for lead authors on a large team) at least that they are familiar enough with the research to defend it and supervised the work closely enough that they can attest that it was done ethically.

Authors who can't be authenticated against a passport or similar ID will be presumed to be hiding their identies or fronts for AI-paper-mills and won't get published by a reputable journal. Authors who are caught publishing papers that are ethically dubious will be similarly blackballed.

Well, I read just enough to make sure "reject" really means reject the cookies not reject the opportunity to reject the cookies.

When the engineering managers came from the engineering ranks you can get non-slop content from managers. It's not guarenteed, but it can happen.

Common sense says if you have your staff prepare a document for court but you sign off on it, you are 100% responsible for everything in the same as if you did all the work yourself.

IANAL so I don't know if the actual law agrees with common sense. If it doesn't, change the law.

In the modern era, "AI" is the new "staff member."

Not disagreeing with your argument, but even if all of that could be fixed, fundamentally any anti-cheat that isn't going to be defeated relatively easily needs some sort of privileged access to stop you modifying the game or running other software that interferes with it in some way. That necessarily requires a degree of access to your system that is dangerous, so anti-cheat software will rightly be told where to shove itself by any operating system with a security model worthy of that title.

I don't see the Linux community ever accepting that it's OK to deliberately undermine that security model just for anti-cheat, as a matter of principle. With so many games even at the highest levels already running very well on Linux, I doubt it will ever be a big deal for most Linux users, even keen gamers, to play the 90+% of titles that work and skip the few that insist on more intrusive anti-cheat/DRM measures either.

It sure would be nice to reach a critical mass where the games companies actively catered for that market, though, instead of mostly relying on tech like Proton to make what is essentially a Windows game run OK.

Wine runs in user space. I don't see how Wine could ever run drivers, such as peripheral drivers required by things like the iPhone sync functionality of iTunes or kernel-level anti-cheat required by major online games supporting pickup matches with strangers.

People who use software that requires Windows are "forced" to buy Windows along with a new PC. An OEM Windows 10 license that came with a PC is locked to that PC. A new PC purchased to replace a PC that cannot be upgraded to Windows 11 will come with a new Windows license.

Start with stage0 (whose binary seed is about 1 KiB) and GNU Mes. Use mescc to build tinycc, then GCC 2.95, then GCC 4.7, then fairly modern GCC, and then use mrustc to build some version of Rust. The time-consuming part is that each version of the Rust toolchain uses fairly new features in the Rust language, so yes, you'll probably have to build the world a couple dozen times starting with the most recent version supported by mrustc.

If I had to guess, we let this happen by the USA electing George W. Bush in 2000. His incoming Attorney General settled United States v. Microsoft Corp., 253 F.3d 34 (D.C. Cir. 2001), with a wrist slap instead of a Windows division breakup.

You probably guessed correctly: equitable relief in the form of an injunction against Disney bringing a trademark lawsuit. I haven't read the complaint, but I'd be surprised if it didn't cite Kellogg and Dastar.

The Supreme Court of the United States has decided a few cases about the interaction between the Lanham Act, which inclues trademark law, and exclusive rights pursuant to the Copyright Clause. Key cases includes Kellogg Co. v. National Biscuit Co., 305 U.S. 111 (1938), and Dastar Corp. v. Twentieth Century Fox Film Corp., 539 U.S. 23 (2003). In both cases, the Court ruled that the Lanham Act cannot be used to extend the effective term of exclusive rights in an invention whose patent has expired or a work whose copyright has expired. Disney's legal counsel ought to be familiar with the latter case, seeing as it involved a company that is now a subsidiary of Disney.

From the article:

The Go project recently arranged for Go itself to be completely reproducible given only the source code, meaning that although a build needs some computer running some operating system and some earlier Go toolchain, none of those choices matters."

[...]

The Multics review is famous for pointing out the possibility of adding a back door to a compiler to insert back doors in critical system programs during compilation [...]. Reading the report inspired Ken Thompson to implement exactly that attack on an early Unix system, probably in early 1975. He later explained the attack in his 1983 Turing Award lecture, published in Communications as "Reflections on Trusting Trust."

David A. Wheeler described a defense against a back door that propagates through the compiler in a 2009 PhD dissertation titled Fully Countering Trusting Trust through Diverse Double-Compiling . Diverse double-compiling (DDC) involves choosing two or more other independently developed compilers A and B for a language, bootstrapping compiler C from source code through each of them (building C with A or B and then building C with itself), and ensuring that the output is byte-identical. This relies on previous effort to make builds reproducible.

However, DDC also relies on having more than one implementation of a particular language. Go and Rust each have only one widely used implementation. This means someone trying to wrangle a supply chain has to do one of three things: trust a particular old version of a compiler not to have a back door, compile every version since the dawn of the language (such as when Rust was prototyped in OCaml), or implement a usable subset of the language in a more widely implemented language. This is why mrustc is so important, as it's a way to skip forward by several years' worth of versions when bootstrapping a Rust compiler.

From the article: "The only problem left is key distribution: The verifier must know who should have signed the code. [...] To the extent that questions of identity can be solved, having authors sign their software can provide even stronger guarantees." It goes on to describe how Debian and Go package repositories include the expected hash value of a package, so that package downloading tools can reject a package that has been replaced.

However, the approach used by Debian to verify developers' identity, that of new developers physically meeting existing trusted developers at key signing parties to exchange OpenPGP public keys, doesn't scale very well. A lot of contributors are disconnected from the strongly connected set of the web of trust because they cannot travel to key signing parties. This can be because of cost, work or child care scheduling, regulatory restrictions related to geopolitics, or regulatory restrictions related to public health (most recently during 2020-2021). These disconnected contributors must forever rely on the bottleneck of "sponsors" (trusted developers who forward packages from the maintainer to the distribution) to get their work into a distribution.

And sponsors are indeed a bottleneck. From the article: "And then you need to be ready to update to a fixed version of that dependency." When a package's upstream maintainer releases an updated version of a package, the package's sponsor in a particular distribution may be too busy with other tasks to handle it the same day. This can mean that there is no available labor to forward the update to the rolling distribution and backport the fix to the version of the package in a stable distribution.

Unfortunately, there is another possible explanation for the emphasis on TPM that is much more sinister. It's possible that Microsoft and its allies are making a concerted effort to lock down desktop clients in the same way that the two major mobile ecosystems are locked down, to kill off general purpose computing and reduce the desktop PC to a machine that can only run approved apps and consume approved content. It already happens with things like banking apps that you can't run if you choose to root your phone to arrange the privacy and security according to your wishes instead of the vendor's or OS developer's. It already happens on open source desktops, where streaming services will deliberately downgrade the quality of the content they serve you when on the same plan you're already paying for they'd serve higher quality streams to approved (read: more DRM-friendly) devices, and where a few games won't run because their anti-cheat software behaves like malware and the free platforms treat it accordingly.

I am worried that we may be entering a make-or-break period for the survival of general purpose computing with the artificial demise of Windows 10. If the slow transition to Windows 11 as people replace their hardware in the coming years means almost everyone ends up running Windows or macOS on desktops and Android or iOS on mobile devices, there won't be enough incentive for developers of apps and creative content to support any other platform, and all the older versions that didn't have as much built-in junk and all the free alternatives will be reduced to irrelevant background noise because they won't support things that users want to do any more. Your own devices will force updates, ads, reboots, AI-driven "help", covert monitoring and telemetry, any other user-hostile junk their true masters wish upon you, and there will be nothing you can do about it.

Governments should be intervening on behalf of their people at this point because the whole system is blatantly anti-competitive and user-hostile, but most of the Western nations are either relying on the absurd valuations in the tech sector to prop up their otherwise precarious economies or watching with envy while their more economically successful allies do that. So our best hope is probably for the legacy platforms to hold out long enough for some free platform(s) to reach critical mass. And frankly, there aren't many realistic paths to get there. Our best hope might be for Valve/Steam to show that many of those Windows 10 boxes in people's homes can now play most of the same games if they shift to Linux and possibly run some of them better than on Windows as well.

That's one possibility. Another is that the companies will offshore the labor. Another is that they will simply shut down that part of their business because it's no longer economical.

That said, some jobs simply must be done and they must be done locally or in-country for an economy to funciton. If you don't grow your own food, someone has to transport it from the farm to your table. Some medical work simply must be done where the patient is. If you have roads, then repair crews must be local. Anything dealing with highly-classified/state-secret material should be done by loyal citizens of that country and, where possible, in the country itself.

You get the idea.

But most other jobs are vulnerable to either offshoring-to-cheaper-labor and/or we-can-do-without-it if local/domestic labor is too expensive.