This is article is contradicting itself although it may not be so obvious. I imagine dwelling on regrets can be classified as a bullshit activity. It certainly does for me. I am sure you can infer the rest of my argument.
Just do the best you can with your time. If you become unhappy with how you spent it you can use that to inform you on future decisions but you can't change the past.
The pain of having missed significant time with someone you care about is severe, but it is also a thing you can't change.
I am not saying pg is wrong, I am pointing out a problem.
Life may be too short to worry about how you are spending your time.
If you're in the United States you should call the National Center for Missing & Exploited Children[1]. They already work with internet service providers to help identify unencrypted images depicting abuse transported over their network. They do this, I think, at an automated level. They should have the information you need. You should probably also call the FBI.
But, should he/she contact legal counsel prior to contacting the FBI or anyone else? Personally, I think I would want to understand my potential culpability and other factors here.
You should definitely consult legal counsel before and during talking to the authorities (which you should also do). The laws surrounding CP in particular are outdated and do not fit well into the digital world. For example, simply looking at CP can be a crime, which can make it difficult to report unless you know the right words to say. Always consult counsel in these cases.
Definitely talk to legal counsel, but I can already tell you what the FBI told me when I asked them about this exact situation in a hypothetical:
"You didn't ask for it or seek it out did you? Someone else uploaded it to your server and you don't want it? Report it to us, then delete it once we've collected our evidence."
That's probably representative of the average agent's disposition, but make sure your ass is covered first.
Part of what makes it ominous is that the agent is too casually requesting that the host open the gates, and suggesting that the host has zero-risk, simply because he/she states his/her innocence.
This, when it seems pretty obvious that they'd have to do some investigation of the host, if only to rule out his/her degree of involvement.
Yes, you're right, like I said in my other reply, I'd assumed the parent poster's engagement with the agent had been trimmed down for the sake of the story, that there was more substance they left out because that was the overall thrust of the story.
And I think you're also right that they'd do some investigation, but I imagine the investigation would be over very quickly. This "people are uploading filth to my website" situation isn't so uncommon like it once was (back in my day, sonny!!).
The chance that that individual is trying to buddy up to the FBI in order to escape detection is more of a Hollywood fantasy than how real life would play out. These agents are human beings too, and they know that if someone's coming to them to ask for help, they're all on the same page.
>I imagine the investigation would be over very quickly
You're most likely correct. I'd add that even with the agents being human beings, there may still be some protocol that they are compelled to follow in vetting the host. I'd want to know that going in.
That's still not to say that this would end badly for the host. It's just that, given that the tone of the response is correct (even if shortened) , there is clearly more involved. And, when you have a representative of an agency with pretty broad powers, deep resources, and potential mandates soft-pedaling what's at stake, it can have a pretty ominous feel to it.
Something written from the FBI, like a receipt that the FBI has received the evidence and it is therefore of no consequence if the files are deleted. Something that will keep him out of jail if by chance another unrelated law enforcement agency happened to be investigating and became upset or suspicious because evidence was disappearing.
Ok, fair enough. I assumed that that was a somewhat trimmed-down version of the actual discussion, for the sake of telling their story briefly.
I didn't imagine that the FBI would literally have a 30-second conversation with someone who claimed to have child porn in their possession, with no actual follow-up or action steps discussed.
But I can see how that would seem problematic if you did take it literally.
"Collecting evidence" seems extremely broad. What is the evidence collection process? Access granted to servers, wire sniffing, seizing of hardware? How long will that process take? What recourse is available should the FBI seize hardware?
I know the parent commenter said they would speak with a lawyer, I just wouldn't take comfort in a casual remark by an FBI agent.
Never never trust the FBI. That's how they nailed DotCom, instructing him to let them collect 'evidence' against someone else, then they used it against him. Seems like you're in a hornet's nest, and you're not even making any money for your trouble.
Guilty people also self-report crimes to which they are obviously close and for which they assume they'd fall under suspicion anyway. A fairly heavily trafficked, public website featuring CP images may well already be under investigation.
In any case, self-reporting does not absolve one of suspicion; else it'd be easy to get away with pretty much anything.
One might self-report if they were involved, suspected they were under investigation, and wanted to give the appearance that their involvement was unwitting.
Exactly. Beyond my own liability, the other question I would want answered is whether I could potentially be compelled to cooperate in some long-term investigation. If so, then what could that mean in terms of time and expense, and is it worth it?
- take a 'wait and see' approach. Then one day during the course of a bigger investigation they find that your server is hosting CP. Also, you apparently knew about it and didn't do anything (admittedly proving this will be quite difficult and unlikely, but still). In that case, they'll come down on you like a hammer.
Better be proactive. And if you're paranoid about the feds jailing an infrastructure provider who actively came to them asking for help (do you have any examples of where this happened? even just an investigation?), then all you have left is option 1.
Volunteering to help stop child abuse and being compelled to participate in an investigation of unknown depth, breadth, duration, and resource burden (time, money, etc.) to you are two completely different things.
If you've never been involved in litigation or other legal situation wherein you couldn't just stop the process whenever you chose to, it might be more difficult to imagine the stress and costs involved, as well as the loss of control over one's own life.
It's nice to think that it's worth it at any cost (and at the sacrifice of one's other life responsibilities). But, of course, given that one can volunteer to make such a sacrifice without waiting to be compelled by a police investigation, then anyone who has not already chosen to do so might be wise to consider whether it's really a manner in which they can afford to help.
In the US, you're likely to be left alone with all the associated costs. Help the cops all right, but if I do their work for them, I don't want to bear all the costs.
That abuse has already happened sure but it will probably continue. You want to follow any trace you can find to suppliers. Shutting down demand might also help in eliminating any economic incentives that might exist on the supply side.
Nobody is talking about donating all time, money and resources of anyone towards that goal.
In any case if you create a platform (you possibly profit from) that is used to distribute child pornography you are faced with restrictions that the rest of the public understandbly isn't.
I see no reason OP shouldn't be legally compelled to cooperate in an investigation in at least the same way a witness can be.
> Nobody is talking about donating all time, money and resources of anyone towards that goal.
That is exactly what you implied by mocking the fact that the OP even asked the question.
> I see no reason OP shouldn't be legally compelled to cooperate in an investigation in at least the same way a witness can be.
This is irrelevant to the question of whether the OP should look out for personal interests. You implied that one should not be so selfish as to even ask the questions about personal risks and costs. You mocked the very idea that he might ask such a question.
Before you make such a callous and judgmental comment, you should really think about what you would yourself sacrifice to cooperate with law enforcement. If you had, you would not have been so myopic. You would't question the seriousness of the question, even if you still thought that cooperation was necessary.
You say that as if the cost of helping is near zero. What if authorities decided that your hobby project's server was interesting to their investigation, and subsequently showed up at your home with a warrant to seize every electronic device in your home/business, including the server that hosts your business, as well as unrelated things like cell phones, video game consoles, etc?
So instead of going to the authorities directly, describing the situation and offering to work together you propose sticking your head in the sand, trying to deal with the problem on your own and hoping the authorities won't ever come across child pornography on your site?
Especially at a scale where you need automated systems to deal with the problem, law enforcement will inevitably notice sooner or later. I can't help but fell that it's not going to go over well with them (and it shouldn't), if they notice you deleted that content and possibly destroyed evidence in the process.
Technology companies and law enforcement have cooperated on this issue for a long time very successfully. They have experienced people working on nothing but this kind of thing and you're not going to deal with some local low level idiot that barely manages to deal with noise complaints. There is no reason to be paranoid and to believe they are going to act stupid.
NCMEC has protocols around how to report the images/video, and how to delete it on your end.
I would highly recommend against calling the FBI. You should work with NCMEC, as they have experience working with this stuff and their CyberTipline is one of the major ways that Congress has mandated that online service providers should report this stuff. Plus talking to law enforcement employed by the federal government has a host of risks associated with it:
I don't see why that makes it a terrible interview question, though. Maybe you want to hire people who read about this kind of thing for fun. They may also have read about other things.
Colleges pick their students based on basic vocabulary and 9th grade math questions.
Effective practices can work even if you have no idea why you're doing it that way. In fact, I'd say that that state of affairs is more the norm than the exception.
These questions are good if and only if you get to see the person think through the problem. If they just regurgitate they might get the right answer but they'll probably mess up the explanation
> I'm not sure that bodes well for smart watches selling at 4+ figures.
I'm pretty sure the smart watch makers don't expect them to last for too many years, definitely not decades. After all, they want to be selling you a smart-er watch in just a few years.
This consumerism drives the whole thing, if your new watch was to last decades it would be designed in a whole different manner. And it's not only the chips, you won't be able to get a compatible display, battery, PCB or case or anything to replace a broken/worn out one in just a few years.
This sad state of consumerism is why I do woodworking to balance my mind. The pinewood dovetail box I built last week will still be there when I'm dead.
To be fair, if you don't use the latest and greatest manufacturing processes - which you don't really need to do in smart watches - chips can be very robust and long-lasting. Plus, given the battery requirements, you don't really want to use high-performance components in watches anyway, Apple's ridiculous battery life notwithstanding.
As for the whole market segment of "this watch will pass through generations", I guess the honest thing to say is that we just don't have that kind of experience with integrated circuits yet... besides, does this type of traditional watch never need repairs? They must have failures as well.
It's different for simple BT notification buzzers, but "maximalist" smartwatches like the Apple Watch surely call out for the latest and greatest semiconductor processes. They face harsh trade-offs between capability, size and battery life, harsh enough to help make them still marginal as mainstream consumer products, and those dilemmas would be significantly eased if performance-per-watt and size were improved. They're also high-margin products so manufacturing at fancy fabs should be affordable.
It'll be horribly obsolete in five years. It would cease to be a status symbol, like trying to impress someone by being able to get Outlook on your Blackberry. The purchasers at 4+ figures generally know this.
I think the problem with "forgiving" the debt is that 1. someone is going to pay for that debt, the debt that is owed to someone is on their balance sheet as (rapidly declining) value they possess. That is the debt doesn't magically disappear, someone has to pay for it one way or the other. 2. Those in position to pay that debt fear Greece is just a bottomless pit that they'll be "forgiving" debt for a long while to come since Greece's social programs aren't sustainable and there aren't any indicators that Greece's economy will grow fast enough to support them. The problem isn't just debt that's owed now, but the money Greece will owe in the future (and can't pay) given Greece's situation.
People that are going to have to pay for Greece's problems don't just want an end to Greece's current problem just to fall into the same trap soon here after, lurching from one crisis to another. I think that's a pretty fair concern to have.
This points to the real problem. When Greece was originally "bailed out" in 2010 what actually happened was that the debt was moved from German and French banks to EU taxpayers. The banks were paid in full by the EU and IMF for all the bad debt they had made. But capitalism cannot work that way, when lenders make a bad loan they're supposed to take the losses, that's how interest rates are set. If they can lend without any risk then the whole market gets out of whack.
On your point #2, Greece has been running a primary surplus for several years now, meaning the government takes in more than it spends before debt payments.
Say you're a homeless junkie multiply convicted of petty theft. Then say I lend you 20$, with 50$ due a year hence. Who made a bad decision? And who's going to be surprised I haven't got my money back in a year?
I don't think it's as simple as that with Greece, but obviously at some point creditors need to bear the risk as well. It can't be an "always win" situation for them, and I don't think it has been. Question is where to draw the line?
The Marshall plan was preceded by the Morgenthau plan which would have destroyed Germany's ability to ever create war again, reducing Germany to subsistence level farming. The Allied occupiers actually began destroying the German infrastructure, but it didn't work out however as Europe's economy had historically depended on Germany's industrial base and America and Western Europe needed to counter growing Soviet power in the first beginnings of the cold war.
It other words it had nothing to do with "deserved", Germany was rebuilt out of strategic necessity to face two looming threats to international stability and peace.
I'm currently playing my first game of Diplomacy. Anyone with the slightest interest in world politics should play it once. It's teaching me more about how the world works than 2 years of reading The Economist (sadly canceled due to lack of time).
I now associate a feeling and experience to the words "strategic necessity".
Historically, Germany has always been a militaristic country who have repeatedly tried to take over the world (however childish that sounds). Last time around they killed several dozens of millions of people.
Today German industry still makes weapons used to kill people around the world.
While the Greeks haven't really bothered anyone except the Turks and a little bit the Bulgarians. Too busy drinking ouzo I guess.
So the Greeks leave the euro.
And we nuke the Germans to ensure the future of humanity? Or perhaps, instead of bailing them out, the Allies should have made Germany into an agrarian society with the same result.
> Historically, Germany has always been a militaristic country who have repeatedly tried to take over the world
France invaded all of Europe starting in 1803, and pretty much all of the other European powers invaded all the continents of the world, also known as "colonization". Anyway, this thread is such a shit storm of stupidity, ignorance and irate debates that at this point that I'm flagging the entire thing and moving on.
Pie charts are already a terrible visualization, this is way worse. You're supposed to compare the area of these half circle shaped rotated slices easily? Should have just used a bar chart, in fact why wouldn't you use a bar chart? You could just have a single box and illustrate the percentage amounts by dividing the box up into different colors to indicate the percentages of a whole, but this? Nope. Tufte would probably not be pleased.
Pie charts are excellent for showing parts of a whole, and very poor for any other type of visualization. Just because people are misusing a chart type doesn't make it fundamentally useless, regardless of what Tufte thinks.
Honest question, wouldn't you just write a lexer with yacc/bison for a DSL? How does a full programming language act as a base for a DSL, which is usually more limited than a programming language?
Well for a lot of devices I've worked with, you can shoehorn Forth places that most (if not all) other languages short of assembler can not go (Forth is _really_ lightweight). Forth was designed with DSL's in mind (Forth has "vocabulary" which is targeted specifically at this); the language usually comes with a basic syntax and some core primitives built in, but features a really profound ability to define new primitives, even things like "if" that most languages have built-in and have no facilities for constructing variants. You might liken it to macros in Lisp.
I guess the other huge nice thing abort Forth for DSLs is that it is (unlike assembler or C), an interactive language, even on the most stripped down platforms (like bare bones $0.50 8-bit MCU stripped down), and still encourages the sort of REPL experimentation typically only seen in much much higher level languages. All of this comes at a big price though, in that the caliber of developer required to wield Forth in a sane manner tends to be very high.
A typical use case for Forth to launch from bare metal (more like bare silicon) into the application on embedded systems or as the bootstrap mechanism/BIOS for a more advanced OS on a larger, perhaps desktop, system. A Forth console over a serial port can provide a user with tons of low and high level access to a system. I built a 12 processor "parallel" robotics controller back in the '80's using a bunch of Rockwell R65F11 Forth processors (6502's with Forth in ROM).
> Honest question, wouldn't you just write a lexer with yacc/bison for a DSL?
Perhaps this article[1] can help answer the question (BTW, the title of the page belies its applicability). Check out Figure-1 specifically.
> How does a full programming language act as a base for a DSL, which is usually more limited than a programming language?
IMHO, this is what makes Forth both beautiful and mind bending, as Forth is a "full programming language" in which programs/systems written in it are expressed as a DSL defining the system itself. If that sounded recursive, then you're well on your way to grokking Forth :-).
The kernel for FORTH is crazy small. IIRC it's not unusual to shoe horn it into 2K. When people talk about writing DSLs in FORTH, I think what they are really saying is writing an API based on the FORTH kernel. So the DSL is really FORTH, but just with your API. Granted changing how words are compiled and executed is pretty much standard fare for a FORTH programmer, so you can make it work however you want.
FORTH is a bit like smalltalk in that you usually work in an interactive environment and save images. FORTH code compiles down to essentially a jump table and so it is also really, really efficient, space wise. You can decompile code easily and modify it in your image.
If you were trying to write a control language for some small embedded device, it would be ideal. If you were trying to write a DSL for configuring a build system (or something like that) it would be less nice ;-)
My first few paying jobs (when I was in university) was writing FORTH code, but that's a very long time ago ;-) I'm still quite nostalgic about it even though I've forgotten almost everythng I once knew.
the avantage of using a full programming language as a base for your DSL is that you don't have to deal with some of the "simpler" things.
Your base language already has variable assignment, loops, recursion? Great, you don't have to deal with that. Type checking? Wonderful, don't have to go read up on type inference
Well it's lack of security makes it probably not an OS you'd want run untrusted code on. Like if you made a browser for it I'm not sure it would be easy to sandbox it to protect your computer from serious harm. Any program can read from and write to any part of memory if I recall correctly.
Please explain how that's different from today on other OSes. A JavaScript exploit or other browser corruption is still an issue on current browsers, right? (I only see one Firefox process on my machine, so I'm gonna guess if you break the browser, you have code exec with my user access level.)
A Javascript browser exploit is still an issue, however it won't usually be able to read and write to kernel memory. TempleOS runs entirely in ring0. That means any exploit whatsoever and the exploiter can not just access some of your data, they own your machine entirely from the kernel up.
http://www.templeos.org/TempleOS.html is a good explanation of the point and purpose of the project, one which is reasonable and makes perfect sense. It explains why a TempleOS machine should not ever run unchecked third-party programs (let alone be on any kind of network), but could be an excellent OS to use on a remote abandoned island.
It won’t be able to read and write to kernel memory unless it can capture the user’s password and the user has sudo access. Also, as xkcd says, if you don’t have sudo, “If someone steals my laptop while I’m logged in, they can read my mail, take my money, and impersonate me to my friends, but at least they can’t install drivers without my permission.” https://xkcd.com/1200/
Could you elaborate on the difference kernel vs user as far as the end user is concerned? I'm pretty sure that we've seen how damaging CTOs opening Office docs can be.
And web browsers seemed to take off before Windows NT was the more popular desktop kernel.
> Could you elaborate on the difference kernel vs user as far as the end user is concerned?
* No possibility of a secure experience via strict privilege separation (e.g. strict usage of multiple account, inconvenient but protects against alteration of personal data)
* A ring0 program has unfettered access to the hardware, so the machine itself may be compromised, a breach is not "format & reinstall" let alone "run a bunch of antiviruses" it's possibly "throw the whole machine into the bin and buy a new one".
> And web browsers seemed to take off before Windows NT was the more popular desktop kernel.
Windows 98 didn't run in ring0. It was crap, but not that crap.
To elaborate on the reasoning behind why it may be necessary to throw the machine out, for the people who aren't familiar:
Given full access to the hardware, it's possible (though I haven't tested it to be certain) to flash the BIOS. The machine could be bricked by a remote exploit.
That's the difference. TempleOS has no access restrictions. It's not intended for either multiple users or networking so it really hasn't got even basic security e.g. processes having separate address spaces.
For all that, it's still pretty impressive but it wouldn't be suitable for a general purpose OS for most people.
You can still have security even with a single flat address space, provided you create some capability model or enforce communication boundaries in some other way. From then on memory protection is on a different level than the process.
Indeed. I wasn't suggesting it was an unsolved problem. Just that it's not part of TempleOS. Same with file permissions.
I have no idea if it's something that Terry has thought about but, from what I've read, it's just not a priority: he's been writing a single-user, network isolated system.
I'm not sure why this is getting downvoted, the point is very valid. In most cases it's trivial to get root if you can tamper with the environment of a user that gets root at some point.
Chrome runs the rendering engine and JavaScript stuff in a sandboxed process that has almost no privileges. Escaping from that is possible if there's a vulnerability in the sandbox, but now you need to combine at least two vulnerabilities which makes it substantially harder.
There was recent news on the detrimental effects of general anesthesia has on the very young and old. Apparently it can be neurotoxic but healthy adults don't seem to have long lasting problems.
A family friend of mine went under general anesthesia and woke up senile. He was in his late-70s, early-80s at the time. Lives in a nursing home now. Once in a while can have some moments of somewhat clarity but they only last for a minute or two.
Just do the best you can with your time. If you become unhappy with how you spent it you can use that to inform you on future decisions but you can't change the past.
The pain of having missed significant time with someone you care about is severe, but it is also a thing you can't change.
I am not saying pg is wrong, I am pointing out a problem.
Life may be too short to worry about how you are spending your time.