This law feels like a battle in The Coming War on General Computation, as Cory Doctorow put it:
> I can see that there will be programs that run on general purpose computers and peripherals that will even freak me out. So I can believe that people who advocate for limiting general purpose computers will find receptive audience for their positions. But just as we saw with the copyright wars, banning certain instructions, or protocols, or messages, will be wholly ineffective as a means of prevention and remedy; and as we saw in the copyright wars, all attempts at controlling PCs will converge on rootkits; all attempts at controlling the Internet will converge on surveillance and censorship, which is why all this stuff matters.
> all attempts at controlling the Internet will converge on surveillance and censorship, which is why all this stuff matters
it really boils down to this sadly, and it should be pretty obvious shouldn't it?
i'm finding it befuddling that even technical audiences seem to resist connecting those dots, but strong motivated reasoning is at play: these are audiences that will often feel it will be them who will be in control, and they're also emotionally nudged by the idea of child safety
CSV can handle commas in fields just fine (quotes are required in that case). The root problem here is not the format, it's a bug in the CSV exporter used.
It is _the_ 2FA device. from SMS, to authenticators, to password managers, etc. It also has access to all of your personal information, your pictures, your contacts, your email. It actively receives notifications and messages from the outside world, from potentially any sender. It's connected through WiFi, GPS, 5G, bluetooth, UWB, every possible connection system imaginable. It can listen to your phone calls, read your text messages, interact on your behalf with pretty much everything in your life, and is a single facial recognition away from automating emptying your bank account. Not to mention the fact that mobile software does tend to want to at least survive a little bit when offline, so plenty of data is stored locally.
It's a key to your life. The perfect target for any attacker.
My Linux laptop is my 2FA device (email), it holds my passwords, and personal data like photos, contacts, email. It receives notifications and messages from outside world from potentially any sender. It connects through Wi-Fi, Bluetooth, Ethernet, 5G (built in WWAN). It even has cameras, microphones and I use it for my online banking and shopping. The only reason why smartphones "need" to be ultra secure is because everyone and their mother have one and the truth is most people can hardly tell a difference between their head and their butt.
Well yes. Security measures aren't for the principled tech saavy scene who is up to date on the latest malware and exploits. That's how Apple rose to power; it put convenience first and told users it'd worry about all the privacy stuff for them.
A bit contradictory, but that's what the people want. They (as a mass) always choose convenience over both freedom and security. So that's why we always converge towards a centralized power, in tech and the larger world.
Because regular users (non-techies) install all kinds of apps on their phones, from all kinds of sources/vendors, but not on their desktop. Most people use only a handful of applications on their desktop (browser, office suite, …) but they have dozens if not hundreds of different apps on their phone.
The harm from social media is at least in part caused by the feed suggestion algorithm being optimized for screen time (aka addiction). Potentially open social media where the suggestion algorithm is not that could be a big improvement.
One difference is that it's an incredibly hard problem to check whether your C code is memory safe since every single line of your code is a risk. On the other hand, it's easy to at least assess where your supply vulnerabilities lie (read Cargo.toml), and you can enforce your policy of choice (e.g. whitelist a few specific dependencies only, vendor them, etc).
I would argue that almost all major rust projects use dependencies. Checking the dependencies for vulnerabilities might be just as difficult as checking C code for memory safety, maybe even worse, because dependencies have dependencies and the amount of code to be checked can easily sky rocket. The problem gets even worse if you consider that not all rust code is safe, and that C libraries can be included and so on
Yes, but I believe that results in a cost/benefit analysis. If there are readily available rust crates that do something you need, and the cost of a possible vulnerability is not huge, most projects might decide (right or wrong) that it is worth it. It's an interesting question why projects tend to make different decisions in different languages, but it does not necessarily mean that you have to make the same decisions.
My point is that if you put a very high emphasis on avoiding vulnerabilities, you can either write the code in C with no/limited dependencies (and still risk memory safety bugs), or write the code in Rust with no/limited dependencies and no/limited unsafe code, and get much stronger guarantees for the same/less effort.
Fair, you see the perspective from someone writing the software and it makes sense. But when I see it though the lenses of someone choosing software to run, I would rather choose a C program with potential memory bugs than a rust program with a lot of dependencies - because I am more scared about supply chain attacks than someone being able to exploit a memory bug. But then again, this obviously changes if the rust program has no dependencies.
Ironically, the phrase that was a bad 2006 google query is a decent enough LLM prompt, and the good 2006 google query (keywords only) would be a bad LLM prompt.
> I can see that there will be programs that run on general purpose computers and peripherals that will even freak me out. So I can believe that people who advocate for limiting general purpose computers will find receptive audience for their positions. But just as we saw with the copyright wars, banning certain instructions, or protocols, or messages, will be wholly ineffective as a means of prevention and remedy; and as we saw in the copyright wars, all attempts at controlling PCs will converge on rootkits; all attempts at controlling the Internet will converge on surveillance and censorship, which is why all this stuff matters.
Full talk: https://www.youtube.com/watch?v=HUEvRyemKSg
reply