Maybe it's physically impossible to build a theoretically secure system, just as it's (presumably) impossible to have a cell that isn't susceptible to any virus. Maybe this whole time we've been getting away with a type of security by obscurity, where the obscurity is just no one having the time and focus to actually analyze the code.
1. Any given system has a finite number of findable vulnerabilities.
2. All findable vulnerabilities are fixable (if not in software then with a new hardware revision).
3. Fixing a vulnerability while keeping the same intended functionality introduces on average less than 1 other findable vulnerability.
4. It is possible to cease adding new features to a system and from that point forward only focus on fixing vulnerabilities.
If all 4 are true, then perfect security seems possible, in some sense. I think some vulnerabilities might not be fixable, if you include things like the idea that users can be tricked into revealing their passwords. If you restrict the definition of vulnerability to some narrower meaning that still captures most of what people mean when they say computer vulnerability, then I think those 4 statements are probably true.
Perfect security might be near impossible in practice because vulnerabilities will get more difficult to find and fix over time, but I think we should expect the discovery of vulnerabilities to eventually become arbitrarily slow in a hypothetical system that prioritized security above all else.
I would rather claim that building a theoretically secure system is prohibitively expensive. At the end of the day, Mythos et al. are just better tools for finding vulnerabilities that will eventually be available to both offensive and defensive actors.
If you imagine you had a vulnerability scanner as fast and convenient as a linter, it would be much cheaper to write secure code right away. Probably not perfectly secure, but still secure enough to make sure finding exploits stays expensive.
I would find it funny if one day we found it irresponsable to write hand generated production code. Just like it would be irresponsable to build a significan building without running numerical simulations.
it's probably less about how you write the code to begin with and more about letting a tool hammer on it
if you want to be a one man show handcrafting an artisan iOS app that will be fine, but you should probably let Claude bang against it for a while to shake out whatever bugs
It's surprising that Visa and Mastercard are even private companies. I expected that the government would be in charge of money and not let a group of people impose a 1-3% tax on their population. In the US, credit cards account for "71% of nationwide retail sales dollars".
Governments aren't competent enough to do tech stuff well and they would never make something that works in a different country as well as credit cards do, but still.
> a group of people impose a 1-3% tax on their population.
It seems the consensus is that a taxes are only bad if you have to pay the government. If it's a small set of companies that collectively own a virtual monopoly, it's because they earned it.
It is not only "their" population. Mastercard and Visa captures a % of each sale done globally with their cards. It is perfectly reasonable for all countries to want to develop their own payment systems and stop paying taxes to the USA.
> It's surprising that Visa and Mastercard are even private companies.
Asianometry provides a great summary as to how both of them came to be: For Visa, a 1976 rebranding of the BankAmericard program. For Mastercard, a 1966 meeting of banks as opposition to BankAmericard.
Consider that the largest payment card network on Earth (China UnionPay, 7 billion cards) - decided it was easier just to bootstrap acceptance in the US by a partnership with Discover rather than connecting directly to merchants.
If you want a new scheme to work, distribute something like social security and welfare cheques through it. That immediately forces broad acceptance.
Isn't US EBT card on the same payment network as credit cards? That doesn't count as an independent system. The same set of "they" as Visa/Mastercard gets the fee.
> Governments aren't competent enough to do tech stuff well and they would never make something that works in a different country as well as credit cards do, but still.
There's some counterexamples: Postal systems, GPS and the internet were started as government projects that now interoperate and cover almost the whole globe.
Most countries have some kind of bank wire system that is in charge of the money itself. Cards are pre-authorization system. The movement of money is authorized when you swipe the card, but not actually moved until up to a few days later, through the existing bank wire systems. If there's a currency conversion involved it can be even trickier.
Computers are feedback loops that ultimately are trying to take up 100% of 100% of people's consciousness seconds, so it makes sense that the winning/dominant ideologies on the internet are just whichever ones cause you to not spend time on anything except the screen.
WhatsApp is one of the buggiest UIs I use daily. Random things like images/messages stacking on top of each other, seeing the HD and low definition videos as two separate things in favorites, never being able to view the HD one, sometimes the messages never scrolling quite to the bottom, just amateur level stuff, I'm a bit impressed with how bad it is.
If I'm reading the order book correctly, right now you can "win" $474,746 on Polymarket with a $4,000 bet if Trump "ceases to be the President" by April 30
I had a similar emotional outburst where after contributing hundreds of hours to Stack Overflow, when I asked a question of my own, instead of answering an objective yes/no question people just argued with me in the comments about why I could possibly want to do whatever prompted me to ask my question. I delete my account and quit ever contributing to that site right then and there. I think I was just looking for an out and it was ultimately a good thing.
No idea if this is the case here, but I hope the author sticks with this decision. Although, looking at https://github.com/nvim-treesitter/nvim-treesitter/graphs/co... , it doesn't look like he started this project, so I'm not sure it's his place to archive it.
If you had the option to also delete all your contributions to the side, would you have done it?
If you had the option to exclude only certain people (e.g. those who argues with you) from seeing/using your contributions, would you have done it instead of deleting your account?
I am asking because I've too been burned and it's very commonly how an open source contributor's journey ends. So I've been toying with the idea that contributors should be able to exclude certain people or perhaps even groups of people from using their work.
Basically "I give away my work for free for anyone to use and build upon but if you don't appreciate it, if you treat me like shit, if you do any of X Y Z which hurts me or other people, then you're no longer allowed to use it".
i understand the sentiment, but the nature of FOSS is that i can't really prevent anyone from using it. i'd have to police it, and that would just lead to more misery.
i too contributed to stackoverflow and eventually stopped because it didn't feel worth the effort. i never asked a question though, so i didn't have the experience GP made, but i doubt i would want to delete everything, at least not without moving all my answers to another location.
once or twice when searching for the solution to a specific problem i was lead to a stackoverflow question and had to discover that the answer that solved my problem was my own from a decade earlier. so i too benefit from posting answers. deleting them would reduce that benefit.
> the nature of FOSS is that i can't really prevent anyone from using it
That's my point - maybe FOSS isn't the absolute good we've been lead to believe.
It was a response to locked down proprietary software which increasingly became hostile to its users. And it is (from a user's perspective) better that that for sure. But from a dev perspective, it's not as good as it could be.
> my answers
Exactly, those are your answers, your work. We've spent a lot of our limited time working for other people's benefit because we believed in it or sometimes because it was fun. But ultimately, it's becoming clear other people don't care and will throw us under the bus as soon as we're no longer useful. And then there's people who are just looking for a way to take advantage of us.
And I want to exclude both from benefiting from my work.
We should strive to find methods to make good, productive, pro-social people to benefit while keeping anyone who wants to exploit us away.
Getting free stuff is good for the user of the stuff, yes. Giving away stuff for free might not feel good if you don't like the people you're giving the stuff away to, yes.
People aren't "taking advantage" of you by benefiting from the free work that you voluntarily do. They may be rude towards you, but it's your choice to work for them or not.
If you release your work to the world, there's no license agreement in existence that will prevent "undesirables" from benefiting from your work. See: all of the AIs being trained on publicly accessible code (regardless of its license).
The answer is just, do write open source code if you think it's fun, and you're okay with the worst people you can imagine using your code. If you write a geodata library, it might be used in a targeting module for a bomb, which might in turn be launched towards civilians. That's just a consequence you'll have to accept.
Surely you have to understand that you own a plot of land, a house, the number in your bank account or the clothes on your back only to the extent that somebody is willing to perform violence on those who want to use "your property" for themselves. That might be you yourself but you can't be everywhere at once and you can't be awake all the time either. That protection comes from mutual agreement of people to defend each other's properties, usually through some institution such as the police/army/state.
Why should intellectual property be any different?
Why should I not be able to make an agreement with people like me that we only allow certain people to use our work under certain conditions and if any one of us violates the agreement (or an outsider decides to ignore it) we use violence to stop and punish that use?
> the people you're giving the stuff away to
Not giving it to them, they are taking it. I am making it available with instructions who can use it and how. Some people take it, following those instructions, some take it ignoring them. Would you use the word "give" if it was about leaked source code? What about leaked nudes of your girlfriend or daughter?
> See: all of the AIs being trained on publicly accessible code (regardless of its license).
That's a circular argument.
LLM companies claim what they're doing is legal. At best they're using a loophole - statistical interpolating autocompleters did not exist when copyright law was being written, I doubt many people could conceive of them at that time. At worst they are actively and knowingly violating the law, not to mention consent, of the best most altruistic people in the world to exploit them and bring about a new era of inequality and oppression.
Anyway, just because somebody gets away with something does not make it legal and certainly does not make it right.
> That's just a consequence you'll have to accept.
Or I can build both social and technical means to control the usage. Nothing is perfect but then if you want perfect, why do you lock your car or home?
> doesn't look like he started this project, so I'm not sure it's his place to archive it.
This is a very valid point. It indeed looks like it was done in affect rather than after careful discussion with the (at least) ten members of the nvim-treesitter org.
This is a common issue with tooling used by open source.
Either you alone own the repo but then you're a single point of failure. Or you give those perms to others but then any one of them can abuse it (or get hacked).
I'd like to see tooling which requires consensus or voting to make certain changes such as archiving a repo or publishing a new release.
Profiling[1] your own repository and tweaking as necessary (possibly
disabling auto-status refresh) will likely yield significant
performance improvements.
I use magit with a very large repository (100k files, millions of
commits) it's still not lightning fast like it is with smaller
repositories, I'm still finding it an improvement over the CLI.
My config notes this saves me ~13 seconds in git-status
Facebook is running the same kind of engagement-maximization algorithm on Marketplace postings, so half of my suggested postings when I open Marketplace is girls posing in the clothes they're selling.
reply