lol, no, unicode is not broken. Human languages are just complex things, and there is no universal way to upper/lowercase things.

Changing the case of a string is language specific, and thus should not and cannot be well implemented at this filesystem level, because a file system should work for any language.

Linus is right.

> So Signal knows where you are, at what time, and your phone number.

exactly; its a mass invitation to get spied on while thinking you are secure.

Signal also has truly terrible user identification design, as the recent war planning leak shows. Instead of requiring in person exchange of certificates, and having any kind of external certificate validation system, its basically "blindly trust someone based on their phone number".

i dont think there is any safe way to operate signal, due to the lethal combination of closed source parts, centralized servers, and extremely bad user identification and authorization practices.

look at the price of the dollar over the last 110 years. It went up exactly once and almost destroyed the country.

Thats what microstrategy is betting against: the US dollar.

Considering the limits of fed policy, its pretty much a guaranteed win.

Unless the government bans bitcoin or somehow prevents microstrategy from holding it, they cant really lose. The dollar cannot change its stripes.

> LN isn't all that it's cracked up to be. From a strictly technical PoV, a chain that can achieve high throughput on the main chain without sidechains or "payment channels" is going to win out.

Lol, this is such an insane comment.

You think every single micro-purchase of a coffee needs to be memorialized on a world-wide extremely replicated immutable ledger for all of time?

If you dont see why that is a bad idea, then you arent really qualified to have an opinion on the matter.

Obviously, only the most important and largest transactions truly belong there, and mostly everything else small and ephemeral belongs on a second or third layer above that.

Nothing is going to beat bitcoin, ever. Bitcoin is not a thing or even a specific technology even; its an economic concept with a continuously evolving and adapting set of supporting technologies.

> there always needs to be less secure means of authentication because hardware-based authentication must be replaced, sooner or later.

Thats not the case; there is a much better approach which doesnt require a security compromise: spare passkeys pre-configured as fallbacks apriori.

Google already implements this by requiring 2 passkeys when you enable their highest security settings. One is the active/primary, and the other serves as a backup in case your primary passkey gets lost or destroyed. So you can leave one at home in a safe place and keep your primary with you. You can be confident the hardware passkeys have zero ability to export secrets whatsoever, so cannot be cloned nor leaked. And you are not limited to one spare, you can have many spare passkeys if you suspect you will need them.

Allowing secret exports utterly undermines the very foundational security of passkeys in the first place. If a secret can be exported, it can be intercepted. People are going to get phished of their passkeys via the backup mechanism - because a big part of the design of passkeys was that average users are not smart about handling secret keys so they should neither need nor have the ability to leak them.

And the vast majority of passkey hardware devices are not set up with the needed mechanisms to even enable advanced users to do such an export safely. (basically a on-device dedicated screen and keyboard would be needed to safely export with zero risk of intercept)

The real motive for backups is of course to allow centralized service providers to have the option to spy on the secrets and/or monitor user activity across sites for ad farming.

> I mean we talk about linux ransomware very very very frequently.

Oh we talk about it a lot, almost like we wish it was a thing. People do *make* linux ransomware, but it doesnt do much. By by and large, there just isnt much of a real market for anti-ransomware for linux.

Its like trying to sell a special helmet that prevents you from getting your head stuck in a bucket.

People do sometimes get their head stuck in a bucket, its just not very common. And there are no shortage of bucket makers. But most people arent really interested in an anti-bucket helmet, and many of them would argue the helmet is worse than the bucket in the first place.

You either can do a job or you cannot. It does not take 15 years of working at a company to figure out of someone is incompetent unless your company is incompetent from top to bottom.

Lying about credentials is barely a crime; at most it should result in a firing for dishonestly. This prosecution is political revenge for making them look bad and revealing their their promotion track is entirely divorced from merit.

If he worked there for so long and rose through the ranks with no education or skill, the people going to jail should be the executives and/or politicians in charge of the agency, the ones who promoted him and gave him internal evaluations. They are the ones who defrauded the public, not him. He was not in charge of his own promotions nor in charge of evaluating his own work.

The Daniel guy could fake his resume, but he cannot fake 15 years of work. His work record is what it is. Not liking it now suddenly because it was based on a lie makes them look utterly corrupt.

> That *something* should be done is fairly clear, but just what I find much less certain.

Its pretty obvious, imo, and not hard to do. Fix what you broke.

The penalty for stealing is to pay back what you stole, to the person you stole it from (not the government), plus reasonable damages plus reasonable punitive penalties if applicable.

If you cannot pay it back, you are offered a voluntary live-on-site labor job, including a payment plan to make up for the harm you caused. Typically something like undoing the harm you caused, cleaning up streets, removing grafitti, etc.

If you refuse to pay it back, or skip out on your payment plan, or you are a chronic repeat offender, then you are declared an outlaw, and lose your human rights.

Easy, costs the taxpayers nothing, and solves the problem.

> Please do not confuse document retention with actually being hacked.

You are missing the point, utterly.

In a secure system, documents stored either sit behind high entropy or do not get stored at all. Signal defaults to storing all messages sent, and doesn't require anything more than trivial entropy protecting them. To be secure, it should either default to deleting old messages, or else require a high entropy local password. It does neither, so most people have zero privacy with signal.

And, you blithely ignored the arguable more important points about centralized key swap , and a fundamentally insecure phone platform being used.

Security can be dead easy; it can be so easy anyone can do it. It does have some hard prerequisites however, which most people just dont bother with or even have awareness of.

To wit: Knowing how to remember a 128bit password, knowing of the need to exchange keys in person, and strictly using secure open source platforms that do not use have closed source or centralized servers.

> Whether it's Waterfall or Agile or a various 'dialect' of Agile, the fundamental problem is just pervasive mismanagement.

Isnt that the whole point of agile though?

What it comes down to, at the heart, is less management. To not waste time predicting what cannot be predicted, planning instead of doing, and imagining non-existent overhead into existence where non was needed. To have fewer and fewer ceremonies and meetings, until you reach the state where you have essentially none at all.

Heck, the engineering manager has literally no role in the agile process whatsoever. Managers are completely unneeded.

The key problem with "Agile" is that people arent doing it. If someone claims their company is doing agile, but they still have a pyramid shapes company structure with reporting going up via managers, thats a good hint that maybe they arent doing agile at all.

Having worked at many big firms, their version of "agile" is just waterfall with extra steps, and yes, of course, it doesnt work. But they are politically and mentally incapable of escaping that box.

Moxie can jabber all he wants, but you never hear about people using GPG on a linux getting all their communication broken, meanwhile it seems like the NSA has every last signal message before you even finish typing it.

Signal traffic from Sam Bankman Fried, The Proud boys, The Oathkeepers, and countless others have been on open display as if it is a matter of course that the government has access to all signal messages.

Maybe he should rethink the philosophy of making something so easy that anyone can use it intuitively. Maybe there is a minimum standard of learning needed to be able to safely use encryption, and there is a minimum standard of platform to be able to build securely on top of, and signal meets neither of those.

Cellphones are riddled with backdoors and closed source code. Starting from that platform, then downloading a closed source executable from an app store, then blindly trusting a centralized service to perform key exchange... this is what moxie would have you believe is secure? Both common sense and commonly available evidence would testify otherwise.

> Why is the suggested code terrible? It doesn't look awful to me.

Its pretty bad, with a "precondition" that is mysteriously complex and invariably going to result in invalid Location construction, which will not throw an error at the right point because its numerically stable.

The entire problem design is bad, and the solution worse.

Part of the blame can be laid on Java, which is statically types and object oriented, both of which serve as rocket fuel for suck in this problem definition and that hideously low performing answer.

> since some of the developer skills it teaches are becoming automated.

This is such an inane joke. There is no AI; these machines are not even close to intelligence. Calling deep neural nets AI is all marketing. A more accurate name would be "spit take generator"

While these generators are nice, and certainly help to fill out a first draft of a document or artwork.. their output will invariably be filled with asylum level discontinuities and fundamental errors - so every last bit of it needs to be thoroughly checked before any of it is trusted beyond the aesthetic level.

Neural nets wont be writing working code or lesson plans on their own, but they might be used to help do those activities.

Pluralsight may well be worthless, but it has nothing to do with deep neural nets.

> It uses about 0.3kWh/day compared to an average desktop computer using about 1800kwh

with 24 hours in the day, that means you are running a 75000 watt power supply on the desktop. im going to guess the average desktop uses a bit less than that.

Just from the abstract it sounds like they rigged the parameters a bit.

If they wanted a fair test, one that focuses on frequency, they should have used 3 light settings of identical total flux and a single wavelength.

Comparing a "bright yellow" light to a "dim blue one" is certainly confounding their test for little gain.