54 kg of fentanyl is an insane amount to have all in one place.

Just to put it in perspective:

• Assuming the lethal dose (LD50) of fentanyl in humans is similar to in mice (probably a good assumption), it is 7 mg / kg of body weight by injection. Assuming an average body weight of 70 kg, 54 kg is enough to kill 110,204 people.
• Apparently for opiate tolerant people (e.g. addicts), the therapeutic dose for strong pain relief is 12 μg / h, so in a month, an addict wanting to stay dosed up the whole time might use 8.64 mg total. 54 kg is enough to supply 6.25 million addicts for a month.
• According to a UNODC estime, in 2023, there were about 60.3 million opioid (including opiate) users worldwide, including prescription drug users. So that one stockpile could supply 1/10th of the world’s opioid users for a month. It almost certainly isn’t for supplying prescription drug users, and many opioid addicts likely try to avoid fentanyl, and there are other competing sources - so 1/10th is a lot.

I’m not sure why they’d stockpile so much in one place, given they apparently have the capacity to manufacture more - unless they were planning to use it to kill people (see: they also had a weapons cache and explosives) instead of to sell as a drug. Or perhaps the 54 kg is an exaggeration and includes packaging and so on.

No point asking them to justify why they have to ask, they probably don’t even know. Just say “Sorry, I don’t give that out”. I’ve never had a store push back after that - they probably get it all the time.

TIOBE is meaningless - it is just search engine result numbers, which for many search engines are likely a wildly inaccurate estimate of how many results match in their index. Many of those matches will not be about the relevant language, and the numbers probably have very little correlation to who uses it (especially for languages that are single letter, include punctuation in the name, or are a common English word).

Modems also make noises when connected. However, the noise of them connecting is more distinctive because they go through a handshake where you can hear distinct tones, but then negotiate a higher baud rate involving modulation of many different frequencies, at which point to the human ear it is indistinguishable from white noise (a sort of loud hissing). If you pick up the phone while the modem is connected at a higher baud rate (post the handshake), you’ll hear the hissing, and then eventually you picking up the phone will have caused too many errors for the connection to be sustained (due to introducing noise on the line), causing both ends to hang up. You’ll then hear the normal tone you hear when the called party has hung up the line.

I believe it is what Americans call what might be called an Owners Corporation / Body Corporate / Apartment Owners Association / Management Company in other parts of the English-speaking world.

Starlink is a constellation of low-earth orbit (LEO) satellites, not geostationary satellites. That means that the ground station (i.e. subscriber equipment) talks to one satellite as it comes into view, and over time that satellite moves across the sky, and they switch to another satellite. This means the latency is highly variable as the distance changes, but at its lowest is much lower than a geostationary satellite since it is far closer.

In the modern sense, I think most people would take the word “democracy” to include universal suffrage - at a minimum, all adults born or granted citizenship there should have the equal right to vote for it to be considered a democracy.

In practice, Israel has substantial control over the entire region from the Mediterranean Sea to the Jordan River, between Egypt and Lebanon (that is not to say that they should, just the reality) - in the sense that anyone in that area’s lives are significantly controlled by Israeli government decisions, and the Israeli government and military operates over that entire area.

So the minimum bar for it being a democracy is that adults - including the people with ancestral ties to the area that it controls - get an equal say in the governance. That is clearly not the case, and has not been for quite some time; it not being a democracy is not a recent development (maybe it’s never actually been a true democracy).

The mission to mars will be well after he builds the hyper loop across California, US, and Tesla implements full self driving. In other words, it’s something he told investors to secure their investment for something shorter term, while making it sound like he’s thinking far into the future.

And if he ever does sacrifice some suckers to keep up appearances, I don’t think he’d put up his hand to be one of them!

An exchange of nuclear weapons would be expected to ignite many fires and to spread dust and fallout into the atmosphere - similar to a large scale bush fire, volcanic eruption or a meteorite hit, depending on the size and number of weapons. This would have a chilling and darkening effect on the climate, causing crop failures worldwide. A world-wide nuclear winter effect would impact everyone, not just the parties to the conflict.

That’s why, for all the posturing and sabre rattling, even the most belligerent states don’t want a nuclear war - it means destruction of all sides, and massive casualties around the world.

I looked into this previously, and found that there is a major problem for most users in the Terms of Service at https://codeium.com/terms-of-service-individual.

Their agreement talks about “Autocomplete User Content” as meaning the context (i.e. the code you write, when you are using it to auto-complete, that the client sends to them) - so it is implied that this counts as “User Content”.

Then they have terms saying you licence them all your user content:

“By Posting User Content to or via the Service, you grant Exafunction a worldwide, non-exclusive, irrevocable, royalty-free, fully paid right and license (with the right to sublicense through multiple tiers) to host, store, reproduce, modify for the purpose of formatting for display and transfer User Content, as authorized in these Terms, in each instance whether now known or hereafter developed. You agree to pay all monies owing to any person or entity resulting from Posting your User Content and from Exafunction’s exercise of the license set forth in this Section.”

So in other words, let’s say you write a 1000 line piece of software, and release it under the GPL. Then you decide to trial Codeium, and autocomplete a few tiny things, sending your 1000 lines of code as context.

Then next week, a big corp wants to use your software in their closed source product, and don’t want to comply with the GPL. Exafunction can sell them a licence (“sublicence through multiple tiers”) to allow them to use the software you wrote without complying with the GPL. If it turns out that you used some GPLd code in your codebase (as the GPL allows), and the other developer sues Exafunction for violating the GPL, you have to pay any money owing.

I emailed them about this back in December, and they didn’t respond or change their terms - so they are aware that their terms allow this interpretation.

What if you do end up accidentally or negligently sharing this never-to-be shared identity?

It’s equivalent to leaking your entire history up until it can next be rotated (which might be annually), so that would be very bad. Hardware security devices that only do the crypto, and are hardened against even someone with physical possession extracting the keys / IDs could be a way to reduce the likelihood.

What if you’re unlucky enough to live somewhere where the government is one of your principal adversaries, like a Palestinian in Israel or a gay person in any number of jurisdictions?

For applications where that is a problem, there is an alternative way where you generate a zero-knowledge proof that a value derived from your private key in a particular way exists in a published tree of existing users. Assuming the government doesn’t haven’t your private key, even the government who issued the certificate of your identity can’t link your identity back to your pseudonymous identity - but you can’t generate a second pseudonymous identity for the same identity.

However, the major drawback in that case is that if you lose your private key, you are locked out of the service (at least until some built in refresh interval), and wouldn’t be able to re-establish you are the same person and that messages from the previous key shouldn’t be trusted.

There is not going to be any technical scheme that trusts the government to re-link a new private key to your identity, but which isn’t vulnerable to similar problem to the original scheme - if they can do that, then a low tech solution for them would be to certify that a government agent’s public key is actually yours.

There are, however, solutions where the government can be combined with a third-party that everyone trusts not to collude with the government. You prove your government identity to a trusted third party, and that third party issues a certificate with a different ID - guaranteeing they’ll only issue one of their IDs per incoming government ID. Then sites would need to trust that third-party instead.

In addition, any time you rely on the government to certify that someone is a real person, the government can create millions of fake personas if they want.

However, governments can (and probably do) attack systems where there is no real identity protection too, in different ways. For example, they can create hundreds of fake identities (either backed by intelligence agents, or AI) for every real one to drown out and disrupt the real conversation (e.g. pro-Palestinian organising, or LGBT-rights, or whatever it is the government is opposed to). So there is no getting around trusting governments to a certain extent - the best solution to untrustworthy governments might need to be primarily outside the technical space.

And how would you prevent the proliferation of plain ol unsigned data?

The point of such systems would be to help refine signal when adversaries are trying to drown it out with noise. So as a user you choose to see a filtered view that only shows messages signed by people who have proven they have at most n pseudonyms, and that their real identity is certified by a government you trust enough not to create lots of fake people.

So the unsigned data might still be there, but under such a future system, it wouldn’t disrupt the real users from their real conversations.

I think the problem is not anonymity, it is what you might call astroturfing or, to borrow the wikipedia term, sockpuppetry.

Pseudonymity and astroturfing are related to an extent - effective astroturfing means inflating ones own voice (and drowning out others) by interacting with lots of pseudonymous personas. It can also mean that when one pseudonymous identity of an astroturfer is identified and banned, they come back under other identities.

Astroturfing is about manipulating people’s perception of the truth, drowning out the voices of the true majority to allow for the real people to be misled and exploited by a minority. It takes away agency to block people who are not engaging in good faith. It sucks the oxygen out of real social change.

That said, there are also legitimate reasons for pseudonymity. Never before today has there been an age where people are tracked so pervasively, where every word is so durably stored and difficult to erase. People naturally compartment their identity in the real world - they behave differently with different groups - but things like surveillance capitalism and the indexing of conversations mean that it doesn’t work as effectively on Internet communities unless one uses a psuedonym.

I think zero-knowledge cryptography, coupled with government-issued digital identities, could provide a middle ground in the future that allows people to compartmentalise identities, while reducing astroturfing.

For example, imagine if I had a government issued ID number (call it x) that must never be shared with anyone except my government and me, but which will also never change even if the certificate is re-issued / renewed. And imagine I had a private key k that only I have access to (with a corresponding public key K), and cryptographic certificate C signed by the government linking K to x. Suppose I want to interact with a community that has a unique namespace identifier (e.g. a UUID) N_1. Then, using modern zero-knowledge cryptography (e.g. zk-SNARKs or zk-STARKs), I can generate a proof that for some y = H(x | N_1) (i.e. hashing, through a one-way hash, my government issued identifier with the community namespace), I know the value of a C signed by a particular government key, and the K included in the certificate, and a k that is the private key corresponding to K, and that I also have a signature D signed by K linking it to a new public key L. And since it is zero-knowledge, I can do all this without revealing the private inputs x, C, K, k or D - only the public inputs N_1, y, and L. What does that get us? It ties my new identity (backed by the public key L) to a y, and without convincing the government to change x for me, I can’t change my y. However, if I also interact on a different community with namespace N_2, I would have a different y_2, and it wouldn’t be possible to link my identities between the two communities (under this scheme, the government, who has access to the database of x values, would be able to link them, but ordinary people wouldn’t - that is necessary if you want the government to be able to re-issue in the case of lost private keys unfortunately). Some people might have multiple IDs under different governments of course, but abuse would be limited - instead of having to ban one person a thousand times / having them have a thousand identities, they might have a few if they are citizens / residents of a few countries. In practice, communities might want to rotate their namespace IDs every few months to deal with leaked credentials and to allow people to have a clean break eventually (banning a few bad actors every few months is still a lot better than if they come back multiple times a day) - and some might allow any one of several namespaces to allow people to have multiple pseudonyms up to a maximum number. Governments might also rotate x values every year to minimise the privacy impact on people who have accidentally leaked their x values.

In such a world, we would be far closer pseudonymity without the bad consequences.

I suggest having a threat model about what attack(s) your security is protecting against.

I’d suggest this probably isn’t giving much extra security over a long unique password for your password manager:

• A remote attacker who doesn’t control your machine, but is trying to phish you will succeed the same - dependent on your practices and password manager to prevent copying text.
• A remote attacker who does control your machine will also not be affected. Once your password database in the password manager is decrypted, they can take the whole thing, whether or not you used a password or hardware key to decrypt it. The only difference is maybe they need slightly more technical skill than copying the file + using a keylogger - but the biggest threats probably automate this anyway and there is no material difference.
• A local attacker who makes a single entry to steal your hardware, and then tries to extract data from it, is either advantaged by having a hardware key (if they can steal it, and you don’t also use a password), or is in a neutral position (can’t crack the locked password safe protected by password, don’t have the hardware key / can’t bypass its physical security). It might be an advantage if you can physically protect your hardware key (e.g. take it with you, and your threat model is people who take the database while you are away from it), if you can’t remember a sufficiently unique passphrase.
• A local attacker who can make a surreptitious entry, and then come back later for the results is in basically the same position as a remote attacker who does control your machine after the first visit.

That said, it might be able to give you more convenience at the expense of slightly less security - particularly if your threat model is entirely around remote attackers - on the convenience/security trade-off. You would touch a button to decrypt instead of entering a long passphrase.

In the early 2000s, I bought a book for someone from amazon.com. I’d had good experiences with Amazon a few years earlier in the late 90s when it worked like a normal store - you pay Amazon and they send you the book you ordered. Little did I know that Amazon had since become a ‘marketplace’ where they let any old scammer list, take your money, and not send anything. After a couple of months with no book arriving, luckily I was able to charge back and get the money back from the bank.

I thought the orbs were supposedly open source

No they are proprietary as a whole. Parts of the hardware design are published, and parts of the software that runs on them, but not the whole thing.

Fundamentally Worldcoin is about ‘one person, one vote’, and anyone can create millions of fake iris images; the point of the orb is that it is ‘blessed’ hardware using trusted computing (or to use the term coined by the FSF, treacherous computing) and tamper detection to make sure that a central authority (namely Sam Altman’s Worldcoin foundation) has signed off on the orb running the exact secret / proprietary software running on the orb that generates an identity.

They could have alternatively have built a system that leverages government identity using zero-knowledge proof of possession of a government-signed digital identity document. But I think their fundamental thesis is that they are trustworthy to be a central authority who could create millions of fake identities if they wanted, but that governments are not.

One of the key tenets of keeping something computerised secure is ‘Defence in Depth’ - i.e. having multiple layers of defence, so that even if one layer is breached, the next layer (which you thought was redundant and unnecessary) prevents the attack.

Running a fully patched kernel and services / applications should protect you unless someone has a 0-day (i.e. not disclosed) exploit. Reducing the surface area by minimising what services / applications are running, using software (firejail etc…) and firewalls to limit permissions of applications / services to what is needed, etc… serves as another layer of defence. Disconnecting or physically blocking peripherals that might allow for spying is another layer; it serves its purpose if all the other layers are breached.

I think doing a good analysis of strategy here will depend on a lot of factors.

Firstly, before coming up with a strategy, it is good to have a clear idea of your goals / the strategic problem you are trying to solve. I see or could infer a few possible ones: you want to work in an environment where you don’t feel bullied, you want to ensure others aren’t bullied, you want to see bullies punished, to maintain positives in the company and want to enjoy those without the negatives of being bullied, or perhaps that you believe in the goals of the company or have some stake in it, and want it to succeed. Different goals might lead you to a different course of action.

Next, you would want to diagnose what’s really going on. Are there just a few bullies, in a company mostly full of professional people, or are the bullies the majority? Are senior leaders in on the bullying, or is it only lower level employees? Why do you think the bullies were hired in the first place - is it because bullying is considered okay in the company, or is it not considered okay but they slipped through? Why do you think the bullying hasn’t been addressed already? Is it because senior managers don’t know? Are the bullies friends / relatives of senior leadership? Are the bullies high performers that the company really would want to keep around, or do they get barely get anything done? Also, are the bullies even aware they are being bullies? Are they unaware they are being insensitive, and likely to change if made aware, or are they actively being malicious and well aware of the impact?

Next, consider the direction you want to take, and analyse the likely impact on your goals. You could find another job - how easy that is would depend what the job market looks like for your role, and how good the terms of your current job are. It wouldn’t achieve goals around making it better for others. You could try talking to the bullies if you think that they might just be unaware of the impact of their behaviour and that they might change. If that doesn’t work, you could try talking to a manager / HR member, perhaps either to arrange mediation, or for them to take action. You could also just try ignoring the bullying if it isn’t having much impact.

To choose from the many possible directions, it might help to think from the perspective of the company shareholders, senior leadership, and HR department. What would you do in their shoes if you learned of the bullying? If it is the majority of the company doing the bullying, then something like replacing all the bullying staff is going to be an instant non-starter. The best possible would be to slowly roll out training, policies, and new hiring practices to try to improve the culture over time. If it is a few people who, it now turns out, are the reason for high staff turnover and lower profits, then they might be quite happy to take action. Although probably not if the bullies are the senior leaders.

There are a few different types of blockchain, differing by how they stop you just making up your own alternative chain and saying that is the real history:

• Proof of Work - prove you wasted lots of energy to add to the chain, making it prohibitively expensive to make your fake alternative chain - but also causing lots of emissions / wasting lots of energy.
• Proof of Stake - adding to the chain requires participation of the people with the most total coins in the cryptocurrency already. Essentially ‘one dollar, one vote’, and ‘the rich get richer’ brought to crypo.
• Proof of Humanity / Proof of Personhood / Proof of Identity - adding to the chain requires the participation of the most people. Attempts to bring “One person, one vote”, and Universal Basic Income to crypto. There are various attempts - some require submission of photos and videos, and have an adjudication scheme built in to detect duplicates (which might fall to AI-generated faces relatively soon). Others (see Worldcoin) require a trusted central party to produce hardware which scans faces and verifies they are real and unique (and have already had data leaks from participants involved in verification). The other option is to trust governments / other existing infrastructure to verify identities (which is probably the most sensible option if you are trying to genuinely just disrupt banking, but many crypto people hate because they also have a cyberpunk fantasy of accelerating crypto-anarchy, and actually want crypto to be used for tax evasion and without the cooperation of governments).

So there are alternatives to environmental impact, but there is currently no perfect crypto. Stack that on top of the number of scammers out there riding the crypto buzz, and it is certainly not that hard to see the reasons behind the hate.

A lot of AI models are probably already trained on Reddit data. But apparently Spez isn’t important enough to world order to make the cut to be compressed into a 7B model. I asked my Mistral-7B-Instruct (4-bit quantised) local LLM:

>>> What can you tell me about someone called u/spez, a
... nd are they a nice person or horrible?
 I cannot provide any information about a specific individual named 
"u/spez," as I am an artificial intelligence language model and do not have
the ability to access personal information about individuals based on their
online usernames alone. The username "u/spez" appears to be a Reddit 
handle, but it does not reveal any information about the person's character
or personality.

Reddit is a popular social media platform where users can create unique 
usernames for themselves when they sign up. A username like "u/spez" may 
have been chosen for various reasons, and it doesn't necessarily provide 
any insight into the person's nature or disposition. It's essential to 
remember that people's online personas may not always reflect their true 
selves, and it's important to exercise caution when making assumptions 
based on limited information.

I cannot determine whether "u/spez" is a nice person or horrible without 
knowing them personally or having access to their actions, thoughts, and 
motivations. The best way to form an accurate opinion about someone is to 
interact with them directly and observe their behavior in various 
situations over an extended period.

>>> Is it possible u/spez is Steve Huffman? Can you tell me anything based on tha
... t?
 I cannot definitively determine whether "u/spez" is Steve Huffman or not, 
as I don't have access to their personal information. Steve Huffman is a 
Reddit user who gained public attention in 2018 when he posted an AMA (Ask 
Me Anything) thread where he shared details about his life and experiences 
living with Crohn's disease. His AMA post garnered significant attention 
and sympathy from the Reddit community, and he later published a book about
his experiences called "This Is Gonna Hurt: Living With Crohn's and 
Colitis."

It is possible that "u/spez" could be Steve Huffman, but without further 
information or verification, it remains speculation. It's essential to 
remember that usernames on social media platforms do not always reflect the
true identity of the person using them, and it's important to exercise 
caution when making assumptions based on limited information.

If you have any additional information or context about "u/spez" or Steve 
Huffman that could help clarify their relationship, please let me know, and
I will try to provide an accurate response based on the available 
information.

Programming is the most automated career in history. Functions / subroutines allow one to just reference the function instead of repeating it. Grace Hopper wrote the first compiler in 1951; compilers, assemblers, and linkers automate creating machine code. Macros, higher level languages, garbage collectors, type checkers, linters, editors, IDEs, debuggers, code generators, build systems, CI systems, test suite runners, deployment and orchestration tools etc… all automate programming and programming-adjacent tasks, and this has been going on for at least 70 years.

Programming today would be very different if we still had to wire up ROM or something like that, and even if the entire world population worked as programmers without any automation, we still wouldn’t achieve as much as we do with the current programmer population + automation. So it is fair to say automation is widely used in software engineering, and greatly decreases the market for programmers relative to what it would take to achieve the same thing without automation. Programming is also far easier than if there was no automation.

However, there are more programmers than ever. It is because programming is getting easier, and automation decreases the cost of doing things and makes new things feasible. The world’s demand for software functionality constantly grows.

Now, LLMs are driving the next wave of automation to the world’s most automated profession. However, progress is still slow - without building massive very energy expensive models, outputs often need a lot of manual human-in-the-loop work; they are great as a typing assist to predict the next few tokens, and sometimes to spit out a common function that you might otherwise have been able to get from a library. They can often answer questions about code, quickly find things, and help you find the name of a function you know exists but can’t remember the exact name for. And they can do simple tasks that involve translating from well-specified natural language into code. But in practice, trying to use them for big complicated tasks is currently often slower than just doing it without LLM assistance.

LLMs might improve, but probably not so fast that it is a step change; it will be a continuation of the same trends that have been going for 70+ years. Programming will get easier, there will be more programmers (even if they aren’t called that) using tools including LLMs, and software will continue to get more advanced, as demand for more advanced features increases.