HackerLangs
TopNewTrendsCommentsPastAskShowJobs

AnthonyMouse

38,896 karmajoined 14년 전

comments

AnthonyMouse
·17시간 전·discuss
> Doesn't your argument hinge on the fact that roads and sidewalks are public works anyway?

Not at all, it just happens that we're already doing the right thing in that case because it wasn't possible to stick the wrong party with the bill.

> The fact that compliance costs outprices some smaller companies rather shows that we as a society prefer to have accomodations, than live in one where such accomodations are only affordable to the affluent.

It isn't the consumers being priced out, it's the producers. Which in turn causes the market to consolidate so that only the affluent can afford the big company monopolist's product anyway, and everyone else not only doesn't get accommodations but can't even afford the product or service anymore. Housing is a solid example of this; unfunded mandates make construction significantly more expensive and now millions of people can't afford a home.

Whereas if the taxpayer had to fund everything the government mandates, the mandates would have to account for the cost directly rather than hiding it inside the price of everything else, allowing people to make better choices about which ones are worth what they cost.
AnthonyMouse
·20시간 전·discuss
> the curb cut effect

Which itself is kind of an interesting example of how these things should work, because the curbs are maintained by the government, so the compliance cost is getting paid by the taxpayer.

Which is as it should be, because if something is to be required as a public benefit then it should be paid for out of public funds rather than as an unfunded mandate. Then thing like curb cuts continue to be a good deal so people are happy to fund them, whereas measures that cost more than they're worth get the level of opposition that they should because the taxpayer has to pay for them. And either way you would stop stressing smaller companies and causing market consolidation by increasing compliance costs.
AnthonyMouse
·어제·discuss
> The problem with describing it in terms of cost-effectiveness is that you now have to put a price on how much we can justify spending on child sex trafficking.

The problem with not doing this is that you in fact actually have to do it, or else what are you going to describe as the problem with the proposal that would spend six trillion dollars to save one life?

> If we believe that these tech companies have through their software and platforms made it easier to exploit children, that justifies taxing them to offset the negative externalities they create. We then take that money and use it to increase funding for investigation and enforcement.

The problem with that proposal is that it's foolish. Special-purpose taxes should only be used if you're specifically trying to discourage something (e.g. cigarettes) since a) they're inefficient because you need a wasteful new collections bureaucracy instead of using the existing already paid for apparatus for collecting general revenues (money should go to protecting kids, not tax bureaucrats) and b) you're then targeting a specific industry for a new disadvantage which will oppose it much more strongly than trying to get the same amount of money from the general fund.

The actual meat of that proposal is to increase funding for law enforcement to investigate child exploitation. But that's exactly the sort of thing where if it's cost effective to do that then it will have no meaningful opposition and then will either be enacted without controversy or already has been. At which point they immediately go back to trying to pass Chat Control.
AnthonyMouse
·어제·discuss
> Riot Games relaxed the requirements of their Vanguard anticheat by requiring TPM attestation among other things

Only on Windows, and then we're back to the thing being a net negative for the consumer again. Also not proven that it's actually effective, in which case we get the cost without the benefit.

> Cheats like these are not as devastating to the game as the ones that read or manipulate memory in the game process itself.

It allows aimbots and the like which are the most common form of cheating and more than enough to destroy the game for other players.

> You can't see people through walls with cheat hardware acting as a user input device (IOMMU should prevent DMA cheats but those aren't user input devices).

For which they can use different cheat hardware.

It's unclear how IOMMU is supposed to prevent this since many hardware devices actually need to access the relevant memory locations, e.g. your drive is going to write directly to the game's memory because that's how the game's code/data gets into memory to begin with or gets reloaded after being evicted when the user doesn't have unlimited RAM.

On top of that, the cheat hardware could attach to the memory slots. Consumer PCs often don't support memory encryption and it wouldn't work for this anyway, since memory encryption is meant for cold boot attacks or similar rather than live analysis/modification. The performance requirements of RAM require block modes like XTS which allow replay attacks (undo cheats) and data flow analysis. Or worse, they just use a replay attack to get ACE on the device that passes attestation.

Attempting to secure a device in the physical possession of the attacker is very challenging and in general should not be the basis of anything you intend to actually be secure.
AnthonyMouse
·어제·discuss
The best way to do it would make all persistent storage in the device modular so that the storage device can be attached to a device that isn't booting from it which can thereby verify its contents.

Notice also that remote attestation doesn't enable that. The device can never do that itself since if it was compromised it would just display "attestation passed" on the screen without actually doing it.
AnthonyMouse
·어제·discuss
> It was a claim that since the iPhone isn’t bulletproof then all security must be pointless.

Nobody was ever claiming that. The claim is that because it isn't bulletproof, remote attestation is pointless, since it has a different failure mode where once keys can be extracted the attacker can't be deprived of them, so there is no way to return the installed base of existing devices to a state of being able to trust their attestations.
AnthonyMouse
·어제·discuss
When there is a 0-day in the kernel, you patch it. When there is a vulnerability in SGX, the attacker extracts the key from their own hardware from as many devices as they want and can permanently make whatever attestations they want with those keys.
AnthonyMouse
·그저께·discuss
That's the use case it can't really work for.

With enterprise devices you can enroll a specific device and only allow its key. Someone who finds a vulnerability in a different device model, or even the same device model when they don't have one of your actual devices, can't use it because it's not enrolled. (That doesn't actually require remote attestation, the same works without any kind of TPM, but it mitigates a gaping hole that remote attestation has otherwise.)

Because in the video game case the cheater can choose whatever device they want, so they choose one with a vulnerability, which the developers can't prevent without blocking the millions of innocent people who have the same hardware. It's also the solution to yesterday's problem because cheaters are now using cheat hardware that acts as a user input device, and then attesting to what software is running buys you nothing because the cheating is happening in hardware.
AnthonyMouse
·그저께·discuss
https://9to5google.com/2026/06/15/google-chromes-next-update...
AnthonyMouse
·그저께·discuss
> The most likely attacks on Signal involve trusted insiders or configuration errors, and SGX mostly prevents these, since to exploit it, you'd need to bribe insiders in both Signal and Intel, or find configuration errors in both of their software stacks.

Since there have been multiple SGX key extraction vulnerabilities already, all you would have to do is compromise Signal and then use the key extracted from any of those devices, and "compromise Signal" is the same thing you would have to do if they weren't using SGX at all.
AnthonyMouse
·그저께·discuss
Now explain how any of that requires remote attestation.
AnthonyMouse
·그저께·discuss
When you access a service with your own device, you control what your device does with what they send. You can block ads or malware, inspect code they send you or network traffic you send them to see if it's exfiltrating your private data, extract the data to analyze or keep as evidence when the service is violating a law or contract, write or use third party code to process the data when the service is trying to force a dark pattern interface on you, etc.

If your device will attest that it's running their code then they refuse access to the service under any other conditions, and then you can't do any of those things because their code won't allow it.

It's also a huge antitrust problem because it precludes new independent platforms from being used, since it cements the chicken and egg problem that people won't use a device that can't access existing services and the services won't support a system nobody uses. In other words, WINE is banned and Firefox is banned and everyone is stuck with IE/Edge on Windows forever.
AnthonyMouse
·그저께·discuss
> Genuinely, how do you expect someone concerned about child sex trafficking to receive this? "Oh, good point, I guess we can't do anything more to protect children because it isn't 'cost-effective'." Do you think that will be a common response?

I'm taking it as a given that we shouldn't do things that aren't cost effective, because that's what "cost effective" means. There are things we could do that would cost six trillion dollars in order to save one life, and we're not going to do those things, because it would be patently unreasonable and cost dramatically more lives than that as a result of what those resources would have to be allocated from.

It's possible that there are cost effective things we could do that we're not currently doing, but those things tend to be uncontroversial, so when someone uncovers one it generally does actually get enacted and becomes the status quo. That's the issue: Name any given thing you suppose we should do instead of Chat Control. Enact it, as many of them already have been. Tomorrow they propose Chat Control again, so what now? Offering and even enacting an alternative hasn't satisfied them, they keep trying to pass it anyway.

> You can't just call your opponent bad especially when your opponent is promising to address people's concerns, you need to actually engage with people about their concerns and offer solutions.

What are you supposed to do when you've not only offered solutions but enacted and implemented them already and your opponent is a fear monger who will never be satisfied because they have an ulterior motive for their dangerous and ineffective proposal?
AnthonyMouse
·그저께·discuss
There is an obvious way to do this that doesn't impose high regulatory costs. A simple rule: The customer (and their independent mechanic) has access to anything the company has access to. Now you're not forcing them to write new service documentation, only to not restrict documentation they wrote anyway to their own dealers. You're not forcing them to support third party replacement parts, only preventing them from inhibiting it through software locks etc.

You don't have to force them to do anything, all you need is for them to not prevent others from doing certain things. Which is easy, because it's preventing documentation from being copied around or preventing independent third parties from making compatible replacement parts which requires active effort.
AnthonyMouse
·그저께·discuss
> If John Deere values it more than farmers, then they will sell tractors that farmers can't repair on their own, hoping to earn more on repairs rather than easier to repair tractors that are more expensive up front. Basic market economy.

It isn't possible for that to happen without one of your other concerns also being true, because the profits from preventing repairs come from the customers. So it's at best zero sum and in practice it's negative sum, because the manufacturer isn't always the most efficient party to do the repair, e.g. because the farmer who is already on site and does it themselves can get the equipment back in service faster than waiting for the company's mechanic to arrive.

Meanwhile in cases where the manufacturer is the most efficient party to do the repair, the customer could still use them even if nothing forced them to. So the fact of it happening is by itself proof of this:

> It only needs to be litigated when there is a threat to the market itself (ex: monopolies)

Moreover, notice that this keeps happening with tech products. Since customers don't like it, you would expect a competitor to show up and make the exact same product but without the locks, so why don't we see that? The answer, of course, is copyright, a government-granted monopoly. The law prohibits a competitor from copying their design/code. So there's your monopoly.

But copyright is only meant to prevent the competitor from making a direct copy of their software and competing with them in the market for the original product. They're only supposed to have that monopoly. Leveraging that to monopolize the separate market for repairs is monopoly abuse, and applies equally to every company selling a product covered by a patent or copyright monopoly.
AnthonyMouse
·그저께·discuss
> You could cut the legs out of this effort by capturing the part of the population that does have an honest desire to protect children by offering an alternative that actually protects children.

There are many, many things we can do that actually protect children -- and we generally already do them. That's the nature of the problem. After you do all of the things that are reasonable and cost effective, it solves 90% of the problem, 95% of the problem, 99% of the problem, but never 100% of the problem.

So you can't give them something that does that. The thing they're proposing doesn't even do that. Nothing does. And then disingenuous opportunists keep proposing the thing that should never be done because they know it lets them paint you as the bad guy for having to tell them no again and again.

What you need instead is to identify and strip power and resources from the people who keep proposing it.
AnthonyMouse
·그저께·discuss
What budget incentive does a wealth tax create for Congress when considering a non-tax policy that would reduce the wealth of billionaires by allowing more small and medium businesses to compete with them in their industries?
AnthonyMouse
·그저께·discuss
> This is more a disagreement of values than facts, I think.

It's a disagreement over policy. Increasing inequality is bad, the question is what's the best way to do something about it? There are many alternatives with better characteristics than a wealth tax, like antitrust enforcement to break up concentrated industries and lower corporate profits through increased competition, zoning reform to reduce housing costs so that ordinary people keep more of what they earn instead of paying it to banks or landlords, tax reform to remove existing advantages in the tax code for huge multinational corporations over domestic small businesses owned by ordinary people, etc.

> High marginal income taxes (it was 91% in 1963, 70% until 1981, there's your compelling case where they turned out to be right, inequality was not growing then like it is now)

The high marginal rates in the mid-20th century were fake. The tax code at the time had so many loopholes that nobody really paid them. When the rates were lowered in the 1980s, many of the loopholes were closed at the same time, resulting in the "federal receipts as a percent of GDP" chart looking like this:

https://fred.stlouisfed.org/series/FYFRGDA188S

Which is to say, you'd have trouble using that chart to even guess when it changed.
AnthonyMouse
·그저께·discuss
> Is that assuming the tax money is going into the void?

It assumes that it's going somewhere else, which, if it wasn't, would cause it to have no purpose or effect.

> shouldn't someone be getting the money and potentially using it to buy Apple stock?

Going from "predominantly what happens" to "it's theoretically possible occasionally" is a question of magnitude rather than direction.

> Most of them may waste it on silly things like food and rent, but some might end up with a surplus and become investors.

Or their spending it on food and rent results in an increase in rents, even for the people who didn't get any, which rents go in part to foreign investors who remove it from the jurisdiction, and then domestic people have even less to invest than before.

Compare this to the thing where you e.g. relax zoning rules to reduce housing scarcity so that rents come down and then domestic people have that money to invest.

> Same effect if say the income tax is lowered to make the wealth tax revenue-neutral.

Which is to say, same problem -- you've now created a preference for spending rather than saving/investing while increasing your reliance on the taxation of saving/investing.

> It's hard to for me to imagine a way to spend taxes that doesn't help someone. Even if the money is used on war—a net destruction of value and lives—there are some people selling missiles better off a result.

Things have both opportunity costs and externalities. If you take a billion dollars from a company building grid battery storage whose investors would will the profits to a malaria charity then the grid burns more fossil fuels, consumers pay more for electricity, more people get malaria, the pointless war kills innocent people, those populations get pissed off and commit acts of terrorism, and the defense contractor gets a billion dollars (this is supposed to be the benefit) which it uses to bribe the government to increase the amount of bombings. This is obviously a massive overall net loss and would be better off not happening notwithstanding that the defense contractor likes it.
AnthonyMouse
·그저께·discuss
They passed a rule waiving taxes on commercial real estate but only if it's empty? That's one of those "any sufficiently advanced incompetence is indistinguishable from malice" polices.