> Plus, turning off the ads should more clearly classify my blog as “non-commercial” for the various legal tests that impose greater liability on commercial actors.
Anyone know what these might be offhand? I think federal trademark law may sting more if used commercially. But what else could he be referring to?
Min release age sucks, but we’ve been here before. Email attachments used to just run wild too, then everyone added quarantine delays and file blocking and other frictions... and it eventually kinda/sorta worked. This does feel worse, though, with fewer chokepoints and execution as a natural part of the expectation.
Edit: bottom line is installs are gonna get SOOO much more complicated. You can already see the solution surface... Cooling periods, maintainer profiling, sandbox detonation, lockfile diffing, weird publish path checks. All adds up to one giant PITA for fast easy dev.
Min release age might just postpone vulnerability to be applied few days later in non trivial cases like this. More I think about it, Odin lang approach of no package manager makes senses. But, for that approach won't work for Javascript as it needs npm package even for trivial things. Even vendoring approach like golang won't work with Javascript with the amount of churn and dependencies.
Relatedly, I just registered for PACER to download court documents. It's pretty shocking that to get public legal documents the US Federal Court system requires full name, birthdate, address, phone, email, credit card info... and I THINK (it's past the initial registration page so can't confirm 100%) also mother's maiden name and 2 common security questions. Just a treasure-trove of PII if it ever falls into the wrong hands. (What's esp frustrating is even after going through this, I had to call a number and wait on hold for 1 hour to activate the account.)
It requires SSN or EIN -- almost all situations where you pay the government or they pay you require that as part of a law about enforcing federal debt collection.
Nowadays my writing (and maybe all of ours) has totally devolved into "prompt-ese." Much like days of yore where we all approached Google searches with acrobatic language knowing how to specifically get something done.
Now? I am pushing so much of my writing into prompts into AI where I know the AI will understand me even with lots of typos and run-on sentences... Is that a bad thing? A good thing? I am able to be so much more effective by sheer volume of words, and the precision and grammar is mostly irrelevant. But I am able to insert nuances and sidetracks that ARE passing vital context to AI but may be lost on people. Or at least pre-prompt-writing people.
Ok, but 3 generations ago, shorthand was a core skill that any competent professional could read and extract MORE value from than laboriously typeset prose. Something similar is probably happening now with prompt-ese and human-to-human (vs just AI) writing.
> Nowadays my writing [] has totally devolved into "prompt-ese."
I've noticed this myself. Even in my Obsidian vault, which only I read and write in. I think it's a development into writing more imperatively, instinctually. Thinking more in instructions and commands than the speaking and writing habits I've developed organically over my life. Or just "talking to the computer" in plain English, after having to convert my thoughts to code anytime I want to make it do something.
I've been thinking about the role of "director" in media as an analogy to writing with LLMs. I'm working right now on an "essay," that I'm not sure I'll share with anyone, even family (who is my first audience). Right now, under the Authorship section, I wrote "Conceived, directed, and edited by Qaadika. Drafted by Claude", with a few sentences noting that I take responsibility for the content, and that the arguments, structure, audience, and editorial judgments are mine.
I had a unique idea and started with a single sentence prompt, and kept going from there until I realized it should be an essay. So the ideas in it are mine. The thesis is mine. I'm going back and forth with the LLM section by section. Some prompts are a sentence. Some are eight paragraphs. I can read the output and see exactly what was mine and what the LLM added. But my readers won't. They'll just see "Author: Qaadika" and presume every single word was mine. Or they'll sniff out the LLM-ness and stop reading.
I can make a film and call myself director without ever being seen in it. Is is the same if I direct the composition of words without ever writing any of the prose myself? Presuming I've written enough in prompts that it's identifiably unique from cheaper prompts and "LLM, fill in the blank".
We credit Steven Spielberg with E.T. But he didn't write the screenplay. He probably had comments on it, though. He didn't operate the camera. But he probably told the operators where to put it. He didn't act in it. But he probably told the actors where to stand and where to move and how to be. He didn't write the music. But he probably had a sense of when and where to place it in the audio. And he didn't spend every moment in the cutting room, placing every frame just so.
But his name is at the top. He must have done something, even if I can't point to anything specific. The "Vibe" of the film is Spielberg, but it's also the result of hundreds of minds, most of whole aren't named until the end of the film, and probably never read by most viewers.
His contribution to the film was instructions. Do this, don't do that. Let's move this scene to here. This shot would be better from this angle. The musical swell should be on this shot; cut it longer to fit.
So where, exactly, is "Spielberg" in E.T.? What can we objective credit him with, aside from the finished product: E.T. the Extra-Terrestrial: Coming June 1982?
Uh, Steven Spielberg is all over E.T. For one thing, he storyboarded the big special effects sequences. He collaborated closely on the screenplay because it was drawn from his own childhood experiences. He was the final say in casting. His relationship with editor Michael Kahn is famously collaborative.
I think comparing your telling an LLM what to do and Steven Spielberg directing a movie just shows a total lack of understanding of how movies are made, and also inflates your own sense of your self.
> Uh, Steven Spielberg is all over E.T. For one thing, he storyboarded the big special effects sequences. He collaborated closely on the screenplay because it was drawn from his own childhood experiences. He was the final say in casting. His relationship with editor Michael Kahn is famously collaborative.
That's all meta. Trivia. Decisions he made or feedback he gave, that while influencing the final product cannot be observed in the final product (e.g. show me the actual Spielberg-drawn storyboard in the film; It doesn't exist, because the storyboard turned into a sequence of shots made by the cinematographer, instructing the camerawoman to point the camera at the actors lit by the gaffers, or into a work breakdown strucutre then followed by the SFX team painstakingly drawing it frame by frame). No one but Spielberg could say "That part was me, this part was Kahn's." I can't find any of that out just by watching the movie. When I engage with a piece of media, I presume the author is dead. What is in the media is canon, and what's not in it isn't. The behind the scenes, or the director's biography, or the interviews aren't part of the art. Art shouldn't rely on "Oh it's good, or even better than you thought it was once you know this cool fact or that wild story from production."
Star Wars isn't good only because George Lucas was a genius, or because they spent a lot of time on the models and tried a cool new text intro sequence, or because of any of the other novel effects. Lots of movies spend a lot of time in production, with a lot of experts and a lot of novel ideas, and still fail. Star Wars is good because the finished movie is good. We credit Star Wars generally as being George Lucas' brainchild, but if you know the backstory, it's only good because he had good editors to reign him in. But that's meta. Nobody knew that in 1977. They just knew they enjoyed the movie and it said "written and directed by George Lucas."
When I watch the movie I don't see the storyboard, or the redlines in the screenplay, or the casting notes, or the conversations and discussions with Kahn. All I know from the movie is the credits, and the credits don't say "Written by Melissa Mathison (with close collaboration by Spielberg based on his childhood experience)". Those are, from a lay viewer's POV, 'facts not in evidence.'
E.T. was a single example. I'm comfortable claiming my argument applies to all directors of all films, and all forms of art that are created by more than one person. Another example: "Over The Edge" and "Off The Wall", two books about deaths in US national parks. They each have two authors. Only one author co-wrote both of them. To whom do I credit my love for those books? Only to Ghiglieri, since I can see the consistent tone between them? That would be unfair to Myers and Farabee. Only to Myers and Farabee, because they're the park rangers that witnessed a number of the emergencies and deaths? That would be unfair to Ghiglieri. What about the editors, who surely worked hard to make books that are basically a list of stories about death interesting as a cohesive narrative. My only option is to credit all the authors, and everyone else involved, equally, and not try to break down paragraphs between "this author wrote this one, and that author wrote that one." They didn't distinguish, so I can't either. [1]
I'm all over my essay. I drafted and organized the original outline. I've made substantial changes to the order of paragraphs and what and how the arguments are built and developed based on my personal experiences. I am the final say for whose quotes are included and which ones are cut. My relationship with myself is famously collaborative (famous among my family and friends).
None of that matters to the reader. Whether I wrote it myself or with a friend, or used a ghostwriter, or used an LLM, the audience is going to credit or blame it on the name at the top. My papers in college weren't graded based on whether I spent 300 hours on them and revised them 20 times, or whether it was I or my classmate who coined that pithy line I then used throughout, or because I used niche knowledge about the subject I knew before taking the class. That's trivia. They were graded on the final single copy I submitted. I got once chance.
The only difference between an essay of mine being written by a ghostwriter I hired and an LLM is that the LLM output is always going to sound like an LLM. They are identical in that neither of them are "me". The ghostwriter will sound either like the ghostwriter or like the ghostwriter trying to write like me. But whether I hired a ghostwriter and published their work under my name, or if I used an LLM and the audience didn't notice, at the end of the day they'll credit or blame me entirely, because my name is at the top, no different as if I'd written the entire thing from scratch. I have no excuses except for the final product.
For this essay specifically, If I ever did release it or publish it, it would be under my real name. Firstly because I've never liked being "anonymous" online (I feel I never act or write like myself unless I'm speaking under my own name; opposite of most in my experience), and second because I would want the reader to know that there's a human they can credit or blame for it. I guess for me that's the tradeoff. When anonymous I won't use LLMs, because my ethos comes from being (and sounding) like a human being who merely doesn't want to share their name. Under my real name, however, I feel more comfortable saying "directed and edited by [real name], drafted by [llm]," because then the reader can decide if the ethos associated with my real name and affilations is strong enough to justify reading a logos and pathos that the human freely admits is not entirely from their own fleshy brain.
[1] They do, actually, at times. When one of the authors was directly involved in one of the stories and is recounting their personal experience, they will write "I (Myers)..." or "I (Farabee).." Aside from that they do not say who wrote what, or who influenced who.
That project is half dead now. There are commits, but has been no release in half a year, is missing major features (e.g. MCP server), and I haven't seen people talking about it for quite a while.
Nuts to let a 42k starred project just fade away. Seems like it could really have been something. I remember being supe rimpressed w it when I installed it in its first few months.
A related technique used to work so well for search engine spiders. I had some software i wrote called 'search engine cloaker'... this was back in the early 2000s... one of the first if not the first to do the shadowy "cloaking" stuff! We'd spin dummy content from lists of keywords and it was just piles and piles. We made it a bit smarter using Markov chains to make the sentences somewhat sensible. We'd auto-interlink and get 1000s of links. It eventually stopped working... but it took a long while for that to happen. We licensed the software to others. I rationalized it because I felt, hey, we have to write crappy copy for this stupid "SEO" thing, so let's just automate that and we'll give the spiders what they seem to want.
You didn't 'give the spiders what they seem to want.' You exploited a naive ranking algorithm to inject garbage into search results that real people were trying to use. That you rationalized it at the time is human. That you're still rationalizing it decades later is something else.
British aristocracy has been pronouncing their own surnames wrong for centuries on purpose. Cholmondeley is "Chumley" Featherstonehaugh is "Fanshaw." If you read it phonetically you mark yourself as an outsider. The misstake is the membership card. (Heck, even in Portland we locals hear about misprouncing Couch St probably every year in local press as some bar for membership to our own locals only vibe.)
I don't really see that as the same thing as what the article was pointing out. Those are shibboleths that only an insider would know. You have to get the pronunciation of Cholmondeley or Couch "right" to pass for an insider.
The random misspellings, missing spaces, sloppy grammar, etc in the examples in the article seem different to me. Misspelling "en route" as "enriewu" doesn't show, "look, I know the secret country club spelling for en route". It simply shows that you don't have to care about your mistakes. You write something that approximates what you mean, and you're too important to spend time revising. The mistake could be "enrout" or "n route" or on any other word. But you're not going to be a try-hard who edits and frets over their messages, you're blessing someone with 10 seconds of your attention and they're lucky to receive your correspondence, typos and all.
Or its a simple signifier that the author was human, and that a real person is trying to convince you of something. I've experimented with putting minor grammar mistakes into my work of the sort that would be frowned upon, but are not strictly invalid. The existence of any kind of mistake makes the work sound "human".
Don't know about that as a general rule, since spam messages have had typos and mistakes in them since forever, and its precisely what marks them as not trustworthy.
More like signaling that a specific human wrote it themselves instead of one of their human assistants. The article is mostly about emails from the Epstein files so non-human authorship wasn't really a possibility at the time they were written.
I don't necessarily think it's that... it's just a matter of a rush to respond/send quickly and not take a lot of time. It's pretty easy to either fat-finger when typing on a keyboard, or gesture input on a phone to get the wrong word and you hit send before realizing.
Sometimes I'll notice right after, delete and re-reply (social media) other times I'll just let it be... It's pedantic busy bodies that will single you out for a typo as opposed to discussing the idea at hand.
The "enriewu" thing wasn't a misspelling of "en route", it was someone's name who had arrived in Miami with Jean-Luc and Peggy. It's probably a misspelling of Henry pronounced in French.
We’ve known since Socrates that writing instead of speaking eroded thinking. We seriously need to stop putting packaging, especially writing, on a pedestal. Instead we should put what little lifetime we have in sum towards focusing on what’s actually important: the ideas and concepts themselves.
That's great. What's also amusing is how you felt it necessary to provide the diacritical pronunciation guide for "Vaughan"... because I think to most native English speakers we can't imagine any other pronunciation!
I think native English speaker who had never heard of Vaughan (sure we can find some of those) would likely to pronounce it like "Vog-un" - /ˈvɒɡən/ or "Vog-han" - /ˈvɑːɡən/
This sent me down a mental rabbit hole, I think it's one of those interesting nuances that are rules that native speakers follow without being able to name it, or know it.
I'm a native speaker, and also thought `vawn` was the most obvious pronounciation.
I'm guessing it's because `augh` is perceived as a recognizable vowel cluster where `gh` tends to be silent (daughter, caught, naught, taught). The interesting twist for me is that `laugh` is in obvious counter example, until I realized that gh in final position (laugh, rough, enough) is almost always \f\. And further, in words like laughter, roughness, we immediately distinguish a modified root word from the lexical position.
Maybe there's also an interesting thread to pull on in that the pattern may be more pronounced for names (e.g. Hughes). Just ruminating here though, I don't have a source for any of this.
There are a handful of neighborhood and street names used in Toronto (not necessarily from Toronto) that have unusual pronunciations. Here I'll give some triples of (English spelling, actual pronunciation (IPA), a naive pronunciation (IPA)):
Definitely heard "Alana" in the South. On the West cost right now, got a buddy from West Virginia, and even after 20-30-some-odd-years in California, he still says it like that. Among other things he boomhauers.
In case you're wondering, Couch St. in Portland, Oregon, USA is pronounced "Cooch." It's named for 19th century ship captain and early businessman John H. Couch. It's the "C" street in the so-called Alphabet District north of Burnside, which is the "B" street. There are, or were, other landmarks named after Capt. Couch, but I'm not sure if any still exist.
Note that you only pronounce Couch that way in Portland when talking about the street. You wouldn’t maintain the pronunciation when saying eg “Sorry for spilling wine on your couch”
Sometimes I wonder about the aristocrats who towns and roads in the UK were named after, like Lord Penistone of South Yorkshire, or Lady Sluts Hole of Norfolk.
Featherstonehaugh pronounced Fanshaw is apparently something made up by P.G. Wodehouse for one of his characters. It's just Featherston-haw for everyone in reality.
The character Beauchamp ("BEE-jum") Day in Armistead Maupin’s Tales of the City is a softening of the English aristocratic way ("Bee-chum") of the French spelling Beauchamp ("boh-SHON" as the French would say).
But he's less a British aristocrat than a brittle prep-school martinet in a cheap tie who rants at a secretary over three typos like a duke defending the realm, sneers about Kelly girls and office decor as if guarding the Social Register, treats sleeping with his own employee as proof of authority, and then sneaks off to bathhouses while running his typing pool with equal parts class anxiety, closet panic, and a middle manager's superiority complex.
In New Orleans, protesters against outsiders acquiring and developing real estate hold up signs that read "Say Tchoupitoulas" (/ˌtʃɑp ə ˈtuː ləs/). I give my wife lots of hassle about the pronunciations of Louisiana place names like Tchoupitoulas, Natchitoches (/ˈnæk ə ˌdɪʃ/, really!), etc. especially when she complains about northeastern place names like "Leominster".
Did they? The article[1] seem to be in contradiction to the claim. For centuries it was rather easy to distinguish aristocracy without lingustic conspiracies. I'm really not an expert in British surnames however I know for sure that pop history is full of invented "fun facts" which are not true but persist cause they sound cool.
There's also the British penchant for deliberately mispronouncing French words. I have heard "renaissance" pronounced "reh-NAY-sance", "fillet" pronounced "fill-it", "valet" as "val-it" and so on. I think it's a national point of pride to pronounce the words of their neighbor incorrectly.
I'm always amused by some mispronunciations that stray farther away from the original than necessary.
My favorite is probably crepe, which Americans pronounce like an almost diphthong-y craype (or crape like grape I guess) when crep (like step) would do just fine and be closer to the original.
But as a native French and basically-native American speaker, I also couldn't really care less about it, or about things like Americans pronouncing the t in croissant, or French people being unable to say the.
I notice the variance in british and american pronunciation of especially romance + greek words, correct or otherwise and I'm willing to give credit where it's due, I'm also happy to celebrate the differences rather than mock or correct them, I just won't accept the slander!
I’ve always said that one key difference between British English and American English is that a British speaker will intentionally mispronounce a foreign word, while an American will attempt to pronounce it correctly but get it wrong anyway.
It's much deeper than that probably because the kludge of english is in large part french.
But I also completely disagree, I don't think americans are attempting to pronounce croissant correctly for example, whereas brits will be much closer with no attempt at intentional mispronunciation, it just happens that brits are much closer on some and further on others, and vice versa re americans.
and I don't think there is any malice, in fact it became common among the british aspirational middle-class in the 70s to adopt french words in an attempt to appear cultured and upper, ironically now a clear marker of non-u.
"Valet" and "cadet" is an interesting pair: they rhyme in French (/va.lɛ/ and /ka.dɛ/), but rhyming them in English would be ... unusual.
If there were just French words pronounced in a French way and English words which came from French and are now pronounced in an English way that would be bad enough but in fact we have a whole spectrum of bastardisation.
Those are the standard British pronunciations, if you meant 'I have heard' as though it might be a niche or occasional occurrence. ('fill-ay' et al. are AmE pronunciations.)
It's not always that way though, consider 'niche': it's AmE that decided it's 'nitch'!
Yep. And try "lieutenant" or "herb" on for size. (Edit: I guess "herb" is a bit of a complex one... originally from Latin's "herba" where the H was pronounced, but from UK it came most immediately from French's "herbe" with no H sound. So UK did somehow shortcut back to a more original sound.)
So this isn't the British being deliberate obtuse, foreigners pronounce English words wrong all the time and we don't accuse them of doing it on purpose. They do it because that's how they would pronounce those words in their language.
Fillet/valet are mis-pronounced because of mallet, pallet, etc. Renaissance? Nail, snail, tail, etc.
It really is that simple, we're just pronouncing them as if they were an English word.
not entirely, IOMMU is a thing, that is IIRC how Amazon and other hyperscalers can promise you virtual machines whose memory cannot be touched even in the case the host is compromised (and, by extension, also if the feds arrive to v& your server).
>how Amazon and other hyperscalers can promise you virtual machines whose memory cannot be touched even in the case the host is compromised (and, by extension, also if the feds arrive to v& your server).
Even if we take those promises at face value, it practically doesn't mean much because every server still needs to handle reboots, which is when they can inject their evil code.
This is excellent. The ability to trick remote servers into believing our computers are "trusted" despite the fact we are in control will be a key capability in the future. We need stuff like this to maintain control over our computers.
Well, it kind of is actually. The previous iteration of the design didn't have that vulnerability but it was slower because managing IVs within the given constraints adds an additional layer of complexity. This is the pragmatic compromise so to speak.
Does it count as a conceptual problem when technical challenges without an acceptable solution block your goal?
Hosting tor outbound server at home is stupid idea.
Your home is gonna be raided by Police and you will wait months or year to get your shit back and then if nothing, gonna be charged for having pirated windows and Photoshop lol
These days, every American's threat model should include being v& by the feds, and here in Germany, the situation isn't much better, you can get v& for saying the Minister of Interior is a dick [1].
Yes, this was later on ruled unconstitutional, but it doesn't change the facts, and, worse, Germany doesn't have a "fruit of the forbidden tree" rule.
But the point here is that userspace can use this to bypass kernel protections that would otherwise prevent it from mutating R^X pages for example, not that the kernel can bypass its own.
Those protections are mainly about preventing well intentioned people from accidentally shooting themselves in the foot though, right? So it's not really a big deal that there is a way around it.
No, page table write access allows arbitrary memory access because I can map any PFN I want. It's certainly a vector to execute arbitrary code in ring 0.
Not really, of the security measures on Windows, is exactly to control how kernel can access secure process memory, as possible mitigation to attacks by rogue drivers.
Naturally it is the kind of stuff that requires Windows 11 vlatest with the nice Pluton security CPU, as part of CoPilot+ PCs design.
Anyone know what these might be offhand? I think federal trademark law may sting more if used commercially. But what else could he be referring to?
reply