A1kmm

To save on costs, QAs could be paid in exposure.

As an experiment / as a bit of a gag, I tried using Claude 3.7 Sonnet with Cline to write some simple cryptography code in Rust - use ECDHE to establish an ephemeral symmetric key, and then use AES256-GCM (with a counter in the nonce) to encrypt packets from client->server and server->client, using off-the-shelf RustCrypto libraries.

It got the interface right, but it got some details really wrong:

• It stored way more information than it needed in the structure tracking state, some of it very sensitive.
• It repeatedly converted back and forth between byte arrays and the proper types unnecessarily - reducing type safety and making things slower.
• Instead of using type safe enums it defined integer constants for no good reason.
• It logged information about failures as variable length strings, creating a possible timing side channel attack.
• Despite having a 96 bit nonce to work with (-1 bit to identify client->server and server->client), it used a 32 bit integer to represent the sequence number.
• And it "helpfully" used wrapping_add to increment the 32 sequence number! For those who don't know much Rust and/or much cryptography: the golden rule of using ciphers like GCM is that you must never ever re-use the same nonce for the same key (otherwise you leak the XOR of the two messages). wrapping_add explicitly means when you get up to the maximum number (and remember, it's only 32 bits, so there's only about 4.3 billion numbers) it silently wraps back to 0. The secure implementation would be to explicitly fail if you go past the maximum size for the integer before attempting to encrypt / decrypt - and the smart choice would be to use at least 64 bits.
• It also rolled its own bespoke hash-based key extension function instead of using HKDF (which was available right there in the library, and callable with far less code than it generated).

To be fair, I didn't really expect it to work well. Some kind of security auditor agent that does a pass over all the output might be able to find some of the issues, and pass it back to another agent to correct - which could make vibe coding more secure (to be proven).

But right now, I'd not put "vibe coded" output into production without someone going over it manually with a fine-toothed comb looking for security and stability issues.

• Measles estimated case-fatality rate: 1.3%
• Estimated US population: 346,715,067
• Measles deaths if everyone in the US got measles: 4,507,295
• Upper limit on estimated MMR vaccine caused anaphylaxis: 0.000066%
• Anaphylaxis case-fatality rate: 0.3%
• Estimated vaccine-caused fatality rate: 1.98 * 10^-7 %
• Estimate vaccine-caused fatalities avoided by not vaccinating US population: 0.69
• Net increase in fatalities from switching to measles natural immunity for everyone in the US: 4,507,294

So it would only be better if he wants an extra 4.5 million Americans to die.

Legally, he’s not even allowed to drive.

I think more like the SS advises the president not to drive for their own safety, and to leave it to experts.

Or as Trump probably sees it: The deep state is being insufficiently loyal and trying to tell him - the president - of all people - what to do. So he totally shouldn't listen, and should drive if he wants to, and they should fall in line or be fired.

Years of carefully curated anti-intellectualism in every bit of media they consume, because facts didn't suit the wealthy (smoking is bad for you, fossil fuels are destroying the planet, private prisons drive more recidivism are facts that get in the way of someone making lots of money). Those fighting facts that aren't on their side have embraced a number of other groups with anti-intellectual elements (white supremecists / neo-nazis / anti-woke, religious, anti-vaxxers, natural health advocates) to create alliances of anti-intellectual thought.

This has driven increasing polarisation in the US; 49% of republicans approved of JFK as president, and 49% of democrats approved of Eisenhower. It went down over time - other party approval was 30% of Carter, 31% of Reagan. There was a break in the pattern (44% for Bush Senior), but back on track to 27% for Clinton, 23% for Bush, 13% for Obama, 7% for Trump (first round), and 6% for Biden. So in other words, Americans are so polarised that they'll vote for whoever their side puts up, and for one side, being anti-intellectual is actually seen as a strength.

I think many of the people who started the anti-intellectualism ball rolling on purpose are wealthy neoliberals who believe in laissez-faire free trade as a fundamental value, and so there is a certain aspect of 'leopards ate my face' to this leading to the anti-intellectualism extending back to rejection of mainstream economics (even though the neoliberals' preferred theory is notoriously flawed, Trump's approach to pulling economic levers is wholesale rejection of all theory rather than replacing it with something less flawed).

Traditionally legal tender means that a person / entity has to accept it for the payment of a debt - i.e. they can't refuse cash and say you didn't pay them because you didn't use some other method.

However, in many retail scenarios there is no debt - there is an exchange of payment for goods, and so the traditional common law legal tender rules do not prevent retailers from refusing that exchange (i.e. customer doesn't get the goods, retailer doesn't get the money, the transaction just never happens) on the grounds of payment methods.

Some places have additional laws on top of legal tender that might require retailers to accept cash.

The awkwardness here actually works in favour of abolishing tips and replacing them with the pay being factored into higher prices.

No one wants to be the sucker - human nature is that people are generous if they think everyone else is generous, but if they feel that others are not 'pulling their weight' on generosity and are instead taking advantage, that's the fastest way to dry up other people's generosity. Right-wing media use this fact to undermine support for social welfare - e.g. if 0.001% of welfare payments are fraudulently taken, they set editorial policy that makes it seem like beneficiaries are rorting the system instead of being truly needy.

But when it comes to tipping, the dynamic actually works the other way - people feel generous by tipping, even though it is harmful long term. If a few people ahead of someone in the line don't tip, should they be the sucker who does tip? And for the employee, you want them to be the advocate on the inside for forcing people to pay their share instead of taking advantage - by having the displayed price be the total upfront price that includes the compensation for employees, instead of an optional tip.

There is a minimum amount of total money the employee could make before they'd go and work somewhere else instead. So if, hypothetically, everyone in a country where tipping is common even for non-exceptional service just stopped paying tips, hospitality employers would be forced to pay more to stay competitive with other non-customer-facing industries.

Of course, a drastic shock to the economy like that would probably cause a lot of upheaval, as some employers struggle to accept the new norm.

However, the same thing would work even if the change was slower - e.g. if 5% of people didn't tip, and did it very obviously and vocally, and then the practice spread as it reached 10% and so on.

Obviously it sucks for the employees who get hit by the first few non-tippers, but over the long term it would be for the better for worker rights. So I could absolutely see it working.

That said, I say this from a country where tipping is not the norm (except maybe the occasional 'keep the change' for exceptional service), and the law and expectation is that the most prominent displayed price is the total price you pay - and people react very negatively towards businesses seen as trying to bring in American style tipping culture.

I have submitted a DEIA role report to [email protected] giving my feelings about how DEIA roles are useful, and I'd encourage everyone to do the same. To help ensure it gets read, pick a subject that makes it hard to tell if it is a report of a person vs your feelings.

I believe nothing in the podman rm family worked because the container was already gone - it was just the IP allocation that was left.

Maybe https://en.wikipedia.org/wiki/A_True_Story from the 2nd century - although even that is a parody of existing stories. So the origin dates back a long time!

Google released the stable version of Chrome, and funneled significant resources into marketing it. This was the first stage of their strategy - they focused on firstly making a good product, and the squeeze on users only came later (and is probably only just starting in the scheme of things).