ricecake

Alright. I didn't see any gotchas or argument, and didn't make the comment. That being said, reading the context I assume you're referring to, it hardly reads like anything more than talking about the implication of the idea you shared. Disagreeing because applying the argument consistently results in an undesirable outcome isn't objectionable.

I don’t really see it as a divergence from the topic, since it’s the other side of a developer not being responsible for the code the LLM produces, like you were saying.
In any case, it’s not like conversations can’t drift to adjacent topics.

Besides, closed-source code developers could’ve been stealing open-source code all along. They don’t really need AI to do that.

Yes, but that’s the point of laundering something. Before if you put foss code in your commercial product a human could be deposed in the lawsuit and make it public and then there’s consequences. Now you can openly do so and point at the LLM.

People don’t launder money so they can spend it, they launder money so they can spend it openly.

Regardless, it wasn’t even my comment, I just understood what they were saying and I’ve already replied way out of proportion to how invested I am in the topic.

I believe what they're referring to is the training of models on open source code, which is then used to generate closed source code. The break in connection you mention makes it *not* legally infringement, but now code derived from open source is closed source. Because of the untested nature of the situation, it's unclear how it would unfold, likely hinging on how the request was formed. We have similar precedent with reverse engineering, but the non sentient tool doing it makes it complicated.

I don’t love an abstract legal identity. I’m capable of being happy with institutions, the culture composed if the people living there, and adoring the natural splendor. Right now I’m actively angry at the institutions, a huge number of people have taken a sharp turn towards fascism, and I’ve got no problems with the forest still. Me and the forest are cool, and that’s part of why I’m mad at the institutions. I have no desire to live in the forest because, if nothing else, that’s not good for the forest. Then the people who opted to live there became insane, and decided to largely gut all of the institutions, and make it easier to destroy the forest. “I live in a state of natural splendor, and I’m willing to fight to let you cut it down, splash me with mercury , and blot out the sun with smoke because I don’t have healthcare and fuck you for asking. It’s the refugees who are the problem”.

It can totally be fine for your needs, and secure while it does so, and not be two factors. It's a question of what's required for access. In this case, they would need your password and to have had some manner of device access at some point to steal the value used by 1password to verify you at one point had the secret key. Someone with a keylogger from a random untargeted malware infection could plausibly get sufficient information. It's really good 1 factor. To be two factor there would need to be a requirement for two factors to be demonstrated at auth time. For example, if 1password encrypted the passkeys in such a way that the passkey could not ever leave the device, like via certain types of hardware backed key storage, then unlocking the vault is proof of something you know, and the usage of the signature is proof you have the chip. The trickery comes about in the techniques available to move the passkey between encrypted hardware devices without it ever being exposed or loosing the "device you control" assurances. For the record, I use 1password. Just not for passkeys on desktop. I prefer the Bluetooth connection to my phone, since phones currently do a much better job providing uniform targets for what's needed to provide the proper two factor for something like passkeys.

There are secure ways to transfer the key that preserve the properties that make it useful as two factors in one. Basically, the device will only release the key in an encrypted fashion readable by another device able to make the same guarantees, after the user has used that device to authenticate to the first device using the key being transferred. A backup works the same way.

You can do that without an extension. There's a bunch of different protocols that let you, for example, use your phone as the authenticator. You can log in with your phone on a computer you've never used before by scanning a QR code and credentials never leave your device.

My passkeys are tied to my phone, which I use via the browser and OS. I keep them in my password manager running on the phone. My password manager supports the open spec for securely migrating credentials between vendors. It may be difficult to believe but they want you to use them because they're legitimately significantly better. Users are silly. They blame Microsoft for bad passwords. They blame Google for forgotten passwords. They blame Facebook when they click on a phishing link. They blame apple when apple "lets" someone who they gave their password to see their pictures. They blame apple when they don't let the user in just because they forgot their password and every recovery mechanism. Everyone involved has a significant issue with passwords because they cost them user satisfaction, credibility, or money directly. The reason cross vendor transfer has been slow is because everyone wants to be the leader, since if everyone follows your lead you get to make it work better with your stuff.

That ones because users like choice. They need to look up who you are to know how you've chosen to authenticate. At least, that's how it started. Some could be doing it because the big kids are, but that's why the big kids do. And they support choice because businesses want to use their login infrastructure and refuse to share. So you enter "user@businessOrUniversity.com.edu" and it forwards you to your institutional login.

They inevitably didn't write it for that reason. They wrote it to say the field is invalid until the user changes it to be valid after someone landed on the page holding the enter key down and instantly locked themselves out after submitting the form 50 times in 3 seconds. Unless you know otherwise, it's easy to think that "form interaction" is the same as "form changed", and one of those is much easier to check. I'm unsure what you mean about passkeys. I don't think I've heard anyone mention significant concessions to os makers and I'm pretty tuned in on the topic.

Depends on the system. The thing where your password manager is managing your passkeys? That's a single factor unless it's doing something tricky that none of them do. When it's the tpm or a Bluetooth connection to your phone? That's actually two factors, and great.

So, not agreeing with the premise but: this article is from 2014, written by a legit historian, and is specifically not discussing the short term. Their premise is effectively that war consolidates power and minimizes violence at scale inside the unified territory afterwards. Further, the things nations do to be ready for conflict, like build roads, administrative statates and all the social structures that accompany a standing army facilitate trade and prosperity. It’s less that he’s arguing for war, and more just … Describing the historical consequences of war in aggregate. It was certainly only titled the way it was because he was publishing a book and this is more eye catching.

Nah, it’s cool. We’re clearly talking at cross purposes. Have a good one.

It was bought by Microsoft after becoming established. Most free software projects don’t care enough to move if they don’t self host.

And I’m just letting you know that link bombing isn’t, and it’s actually a discussion if you explain your point rather than dropping someone else’s novel. If for no other reason than because you don’t have to dig for what part of what was posted is related to what they were saying, and you can much faster say “ah, you’re talking about something totally different than I am”.

Just so you know, from looking at the wall of text you pasted by proxy: those are arguments against the notion that a tpm can make the device itself secure, not that it is untrustworthy for the notion of signing and storing encrypted data. Next time, make your point and provide references (or not), rather than just link bombing.

I take your point. :) It’s worth mentioning in my opinion though, because if someone were to say “we should ban chemicals” it’d be worthwhile to point out what that actually means. I don’t actually think the broadness of the category is intentionally abused, it’s just that it’s an incredibly common thing to remove anything from the AI category that’s explicable. I feel slightly more hanlons razor about it since there’s people in my city talking about and petitioning on the popular notion of banning all data centers from the state, and how it would be awful if s data center came here. I know what they mean, but it’s not what they’re trying to get the law to do, and our city already has six data centers I know of off the top of my head. The language drift is fine, but when it starts to conflate with policy it’s another issue.

Contrary to popular belief, the US isn’t actually unusually litigious. European countries are just as litigious and Germany, Sweden and Austria all have higher numbers. The reason we have more “nonsense” lawsuits is because we have a culture that says caveat emptor is a sound defense and negligence on one parties side is equally the fault of the injured party. “Why didn’t you look at your food before biting the metal fillings? It’s your responsibility to make sure what you eat is safe” and “you walked on my icy sidewalk, you slipped, and now you want me to pay for your ambulance? I should have put down salt, but you should have known better than to walk there” are both reasonable statements to a lot of Americans. Hell, we have special derogatory terms for lawyers that work with individuals who have been non-criminally injured by someone else. On paper, paying the other parties legal fees if you lose sounds good, but what it does it keep individuals who can’t afford to pay legal someone else’s fees to withold valid legal complaints. In an ideal world they would proceed because they were right, but we live in a world where sometimes the person in the right looses, or they reasonably thought they were and were wrong. Due diligence or actual correctness is no assurance of justice, so a lawsuit is a gamble and a more expensive one if you also have to pay the other parties costs, and if they’re a business which has lawyers on staff they might not even view a crippling legal cost as an increased expense. On the other side that business just tells their lawyer to file the paperwork, they’re already paying for the legal consult so they’re advised going in if it’s a good idea, and if they lose they’re out a few weeks of lawyer salary. Lawsuits are a mark of people using societies tools to resolve disputes. There being more in places with higher trust in social institutions makes sense. People are willing to use the system and they trust it’ll deliver justice. The US is up there because people need to use lawsuits to make up for our lack in social safety nets, and our preposterous number of businesses are constantly using them to settle disputes. We should eliminate the court fees entirely and provide the trial lawyer equivalent of a public defender. A bolt in your oatmeal is a good reason to sue, and if you can’t afford a lawyer to help you pay to get your tooth put back in it doesn’t seem unreasonable for society to give you access to someone to help you find a path to remunerations.

99% agreed, but I’d increase the number a bit. With inflation and rising costs $10 million in net worth isn’t always an obscenity. It’s unquestionably wealthy, but still in the realm of attainable by an individual without being a bastard. Owning a single family home and a gas station in the San Francisco region and planning for retirement could put you in that realm. I don’t begrudge someone who worked hard having nice things. I don’t even begrudge luck, inheritance, or nepotism getting luxury. It’s when it’s beyond luxury and no one could get it with any amount of work. Tie it to the consumer price index or some such.

Right? I work for an actual megacorp and our policy is almost the exact opposite on every point. Sick workers make more sick: don’t work and feel better faster. Distracted workers makes mistakes and cause problems: don’t work and take care of your kid. Rested workers work better: take the time around the holidays off entirely. Productivity is crap then anyway and with so many vacations it’s easier to plan around a block where nothing happens than to deal with random teams having unpredictable delays. Car broken? Expense a Lyft. We have a corporate account and your ride to work is a rounding error compared to the sales visits. If you’re going to invoke money you should actually understand how big companies function and view money.