This feels more like an old problem getting reframed as an AI problem.
people were already diffing kernel commits and figuring out which ones were security fixes long before llms. if a patch lands publicly, the race has basically already started.
also not sure shorter embargoes really help. the orgs that can patch in hours are already fine. everyone else still takes days or weeks.
if anything, cheaper exploit generation probably makes coordinated disclosure more important, not less.
Its still crazy to me that everyone has a pocket AI-hacker ready to inspect firmware and modify their devices now. You just put the agent on it and it gives you access in minutes. You would have to be a Hotz tier hacker if you wanted to do anything close to this only last year, or at the very least extremely patient for long hours.
Recently bought an apple watch for my mom and got it set up with her iphone. Almost instantly she notices that she cant accept WhatsApp calls on her watch, and after looking into it I found out that it was another one of those apple things where they assume youre obviously using facetime so that functionality isnt available for any other app. For context, in europe Whatsapp is the dominating messaging app and alot of people use it for calling as well as messaging. The apple watch is, as far as I can tell, a simple Bluetooth wearable with a speaker and a microphone, so the only reason its like this is that apple has a concept of how the device is "supposed" to be used and only lets you use it that way. After that experience I fully support all the regulations the EU is putting on apple to open up.
You seem insanely miscalibrated. $90 gets you a dedicated server that covers most projects' needs. data durability isnt some magic that only cloud providers can get you.
Im confused, did the update from last week for the RCE bug also include fixes for these new CVEs or will I need to update again? npm audit says theres no issues
Selfish how, because he clearly does not say that upgradability or customizability are bad things? Its also not like hes proposing something that isnt reality for most manufacturers, especially Apple.
Letting go of x86 was just one of the first steps on the road to a world completely dominated by mobile devices. Macs just caught up with all the progress that mobile devices had made when apple made the switch.
"training on our data" has turned into a catchphrase like "taking our guns" or "banning our books" - dumb propaganda for anti-AI crowd to enrage people. Whether personalized AI-based experience is useful can be debated but everything has to be twisted into culture wars, thats just how media is nowadays
I'm more confused by the fact that the OP freely submits a PR into an open source repo but then wants to use "copyright" because the code he submitted ended up being used under the wrong name, which was then corrected.
Thinking about "constraining cost" is the last thing I want to do. I pay a fixed 200 dollars a month for a dedicated server and spend my time solving problems using code. The hardware I rent is probably overkill for my business and would be more than enough for a ton of businesses' cloud needs. If youre paying per GB of traffic, or disk space, or RAM, you're getting scammed. Hyperscalers are not the right solution for most people. Developers are scared of handling servers, which is why you're paying that premium for a hyperscaler solution. I SSH into my server and start/stop services at will, configure it any way i want, copy around anything I want, I serve TBs a week, and my bill doesnt change. You would appreciate that freedom if you had the will to learn something you didnt know before. Trust me its easier than ever with Ai!
"show of goodwill" is politician-speak for capitulation. Taking over Nexperia caused a chip shortage for the german auto industry, which was an unintended consequence that they couldnt handle.
It doesnt make any sense to you that I would like to avoid a potential 60K bill because of a configuration error? If youre not working at faang your employer likely cares too. Especially if its your own business you would care. You really can't think of _one_ case where self hosting makes any sense?
Alot of things shouldnt be happening. Fact is that no one forced half the internet to make CF their point of failure. The internet should ask themselves if that was the right call
people were already diffing kernel commits and figuring out which ones were security fixes long before llms. if a patch lands publicly, the race has basically already started.
also not sure shorter embargoes really help. the orgs that can patch in hours are already fine. everyone else still takes days or weeks.
if anything, cheaper exploit generation probably makes coordinated disclosure more important, not less.