As an experiment / as a bit of a gag, I tried using Claude 3.7 Sonnet with Cline to write some simple cryptography code in Rust - use ECDHE to establish an ephemeral symmetric key, and then use AES256-GCM (with a counter in the nonce) to encrypt packets from client->server and server->client, using off-the-shelf RustCrypto libraries.

It got the interface right, but it got some details really wrong:

• It stored way more information than it needed in the structure tracking state, some of it very sensitive.
• It repeatedly converted back and forth between byte arrays and the proper types unnecessarily - reducing type safety and making things slower.
• Instead of using type safe enums it defined integer constants for no good reason.
• It logged information about failures as variable length strings, creating a possible timing side channel attack.
• Despite having a 96 bit nonce to work with (-1 bit to identify client->server and server->client), it used a 32 bit integer to represent the sequence number.
• And it “helpfully” used wrapping_add to increment the 32 sequence number! For those who don’t know much Rust and/or much cryptography: the golden rule of using ciphers like GCM is that you must never ever re-use the same nonce for the same key (otherwise you leak the XOR of the two messages). wrapping_add explicitly means when you get up to the maximum number (and remember, it’s only 32 bits, so there’s only about 4.3 billion numbers) it silently wraps back to 0. The secure implementation would be to explicitly fail if you go past the maximum size for the integer before attempting to encrypt / decrypt - and the smart choice would be to use at least 64 bits.
• It also rolled its own bespoke hash-based key extension function instead of using HKDF (which was available right there in the library, and callable with far less code than it generated).

To be fair, I didn’t really expect it to work well. Some kind of security auditor agent that does a pass over all the output might be able to find some of the issues, and pass it back to another agent to correct - which could make vibe coding more secure (to be proven).

But right now, I’d not put “vibe coded” output into production without someone going over it manually with a fine-toothed comb looking for security and stability issues.

The awkwardness here actually works in favour of abolishing tips and replacing them with the pay being factored into higher prices.

No one wants to be the sucker - human nature is that people are generous if they think everyone else is generous, but if they feel that others are not ‘pulling their weight’ on generosity and are instead taking advantage, that’s the fastest way to dry up other people’s generosity. Right-wing media use this fact to undermine support for social welfare - e.g. if 0.001% of welfare payments are fraudulently taken, they set editorial policy that makes it seem like beneficiaries are rorting the system instead of being truly needy.

But when it comes to tipping, the dynamic actually works the other way - people feel generous by tipping, even though it is harmful long term. If a few people ahead of someone in the line don’t tip, should they be the sucker who does tip? And for the employee, you want them to be the advocate on the inside for forcing people to pay their share instead of taking advantage - by having the displayed price be the total upfront price that includes the compensation for employees, instead of an optional tip.

There is a minimum amount of total money the employee could make before they’d go and work somewhere else instead. So if, hypothetically, everyone in a country where tipping is common even for non-exceptional service just stopped paying tips, hospitality employers would be forced to pay more to stay competitive with other non-customer-facing industries.

Of course, a drastic shock to the economy like that would probably cause a lot of upheaval, as some employers struggle to accept the new norm.

However, the same thing would work even if the change was slower - e.g. if 5% of people didn’t tip, and did it very obviously and vocally, and then the practice spread as it reached 10% and so on.

Obviously it sucks for the employees who get hit by the first few non-tippers, but over the long term it would be for the better for worker rights. So I could absolutely see it working.

That said, I say this from a country where tipping is not the norm (except maybe the occasional ‘keep the change’ for exceptional service), and the law and expectation is that the most prominent displayed price is the total price you pay - and people react very negatively towards businesses seen as trying to bring in American style tipping culture.

But don’t you see the benefit - the data on your flushes helps our Trusted_† FlushMe Partners ® provide more relevant service to you, and also helps us partially offset the cost of our running our flush servers, allowing us to provide service to you for only $29.99 monthly_††!

†: All FlushMe partners have undergone creditworthiness checks. ††: Limited time one month introductory offer. FlushMe may, but is not required to, provide you with a personalised monthly price for renewal of the service.

Why not donate to a local charity that might not receive as much, rather than a US based one?

TIOBE is meaningless - it is just search engine result numbers, which for many search engines are likely a wildly inaccurate estimate of how many results match in their index. Many of those matches will not be about the relevant language, and the numbers probably have very little correlation to who uses it (especially for languages that are single letter, include punctuation in the name, or are a common English word).

Here’s an idea: if the US wants a say in the ICC, maybe they should sign the Rome Statute.

I looked into this previously, and found that there is a major problem for most users in the Terms of Service at https://codeium.com/terms-of-service-individual.

Their agreement talks about “Autocomplete User Content” as meaning the context (i.e. the code you write, when you are using it to auto-complete, that the client sends to them) - so it is implied that this counts as “User Content”.

Then they have terms saying you licence them all your user content:

“By Posting User Content to or via the Service, you grant Exafunction a worldwide, non-exclusive, irrevocable, royalty-free, fully paid right and license (with the right to sublicense through multiple tiers) to host, store, reproduce, modify for the purpose of formatting for display and transfer User Content, as authorized in these Terms, in each instance whether now known or hereafter developed. You agree to pay all monies owing to any person or entity resulting from Posting your User Content and from Exafunction’s exercise of the license set forth in this Section.”

So in other words, let’s say you write a 1000 line piece of software, and release it under the GPL. Then you decide to trial Codeium, and autocomplete a few tiny things, sending your 1000 lines of code as context.

Then next week, a big corp wants to use your software in their closed source product, and don’t want to comply with the GPL. Exafunction can sell them a licence (“sublicence through multiple tiers”) to allow them to use the software you wrote without complying with the GPL. If it turns out that you used some GPLd code in your codebase (as the GPL allows), and the other developer sues Exafunction for violating the GPL, you have to pay any money owing.

I emailed them about this back in December, and they didn’t respond or change their terms - so they are aware that their terms allow this interpretation.

True, except the difference Israel is still taking occupied land and building settlements, and excluding the people born there from them.

The government at least needs to pick one of the two options to move forward (as well as acknowledging and making reparations for those with traditional connections to the land who were affected by past injustices):

1. The two state solution: Palestine is a genuinely separate sovereign state, with a right to self determination, airspace, control of their territorial waters and so on. Israeli government representatives only enter Palestine on invitation from the government. Anyone born on Palestinian land, even on a former settlement, is a Palestinian unless they find another state to accept them and renounce their citizenship. Palestinians have equal protection of the law, and are expected to follow Palestinian laws on Palestinian land, or face the Palestinian justice system. If they renounce their citizenship, they are subject to Palestinian immigration law and might have to leave Palestine.
2. The one state solution: The entire Israeli occupied ‘river to sea’ area is one state, and everyone born there is an Israeli citizen, with equal rights under the law, power to vote, etc…

The problem is the current right-wing extremists in power in Israel do not want either solution; they want to have it both ways - when it comes to ownership and control, they want to deny the existence of a Palestinian state. But when it comes to citizenship, they want to claim everyone born on the land they occupy is not Israeli so they can deny them rights and exploit them. Their life is substantially controlled by the Israeli state, but they get no say in the leadership of the state - undermining claims it is a democracy. They don’t have equal protection under the law - Israeli authorities protect settlers taking land against people with generational connections to the land.

None of this is new in history, as you point out. Most of the Roman Empire, most of the former British Commonwealth, etc… had similar things in the past, with massacres of the native people, lands confiscated, native people been treated as having fewer rights than the colonialists, etc…

What is different is that those are all past atrocities (although fair reparations have still not been paid in many cases, at least further atrocities are generally not continuing to anything like the same extent), while Israel continues to commit the same atrocities to this very day.

Or use it as a Progressive Web App. This could be a good thing for awareness of PWAs and for them being seen as a killer feature that people won’t buy a smartphone unless they support them well. A transition away from app stores to PWAs can only be good.

If they are doing TikTok, maybe they should do Facebook, Reddit and YouTube next.

While Milei doesn’t have a lot going for himself, in this case it could also be that the companies supplying the fuel have some US component / have more to lose from not having access to American markets than they gain from supplying that airline, and it is the US government to blame.

The US blockade of Cuba is, of course, very hypocritical; there have been human rights abuses in Cuba relatively recently (e.g. the crackdown on peaceful July 11 2021 protestors), but if that is grounds for continuing sanctions of an unrelated industry for links to that country, then if there wasn’t a double standard the US should firstly be sanctioning Israel for years of brutal repression and apartheid in Israeli-occupied Palestine, and secondly be sanctioning itself for the police crackdowns on protestors calling for righting the wrongs in Palestine.

And also the videos were being used to incite people to retaliate. Immediately after the attack, a rioting mob seeking vigilante justice surrounded the church, trapping the paramedics (who were treating the assailant) and the assailant inside. The mob apparently injured dozens of police, damaged about a hundred cars, including writing off a number of police cars, and some people armed with illegal weapons climbed a ladder to try to get into the church.

I haven’t seen any source suggesting it was a pen. Several sources, such as https://www.aap.com.au/news/police-powers-bolstered-as-terror-attack-probe-widens/, describe the weapon as a “flick-knife”. Other sources say that the bishop victim was “seriously injured”, and the assailant was injured in the attack and his own finger was sliced off with the knife.

I think you are right that no one died, but wrong that the weapon was a pen - this was a serious attack with an actual knife.

Unfortunately a probe by Israel will likely result in: “We’ve investigated ourselves and found we did nothing wrong”, no matter what. These are people who deliberately bomb and kill hundreds of civilians for one suspected militants, and who are creating a famine affecting an entire population mere kilometres from places with abundant food through their deliberate policies on aid. Killing people trying to help the people they are genociding is by design in the eyes of the far right extremists who are running Israel at the moment.

Update: It looks like quite a few stories are paraphrases (AI rewrites?) of CNN stories, so the site might just be an attempt at SEO, rather than psyops.

CNN seems to be contorting themselves to not say anything too negative about Israel’s far-right government, hence the bias coming through on other sites based on it.

The history of that site is very interesting, leading me to suspect some kind of psyops operation.

The domain name was registered on 2021-06-13, but until at least 2024-01-01 it was a rather basic Indonesian language news site, with no English content - https://web.archive.org/web/20231228131909/https://www.infoterkiniviral.com/.

The domain name was updated on 2024-03-22. Their sitemap has content going back to 2024-03-09. Old URLs that existed back in January now return 404 not found.

There seems to be no attribution (e.g. who owns the site). It is using Hostinger for DNS, with PrivacyProtect used for WHOIS privacy, and is hosted on GCP.

That said, I haven’t found evidence that the less controversial stories (which psyops likely add to lend credibility to any propaganda by blending it in with real news) are word-for-word copied from anywhere. This could mean they have invested in writing them by hand, or maybe they are AI generated as a paraphrase from another news source.

I’d bet there might be a whole series of them if they are taking this approach, but they seem to have tried to make them hard to link them together.

the most voted for parties

Simple ‘first past the post’ systems like they have in the US are flawed. The biggest problem is that clones (candidates or parties with similar positions) split the vote. For example, suppose 10% of the population wants Evil Dictator, but the other other 90% each want one of 18 different candidates as their first preference, evenly divided on first preferences (so 5% on first preferences), but rank any of the other 17 higher than Evil Dictator. So Evil Dictator has 10% of first preferences, but is the last preference for 90% of the population. The other candidates have 5% each.

First Past the Post would elect Evil Dictator in this circumstance. Better electoral systems (e.g. the Schulze method) would elect one of the other candidates.

This applies still if you elect a plurality of people - e.g. there could be two Evil Dictators, who 90% of the public oppose, but who have the highest vote because there are fewer of them to split the vote. Better systems like the better STV variants ensure proportionality (it avoids a landslide where the same voters determine all the representatives in a winner takes all approach). A larger parliament means more representation of the perspective of smaller minorities - so they are at least heard.

A “score” based voting system, if it is just a ranking of parties, could work like this. But if you are suggesting adding up the votes (so, for example, a 5 is worth 5x as much as a 1), the problem is tactical voting. People will, in practice, vote to make their vote count them most.

Let’s say, for example, there are three candidates, Racist Evil Dictator, Racist, and Progressive. Let’s say we know for granted almost everyone is going to score Racist Evil Dictator as 1. If a progressive was voting honestly, they might vote Progressive as a 5, and apart from the racism Racist might have been doing well, so they’d get a 3. The racist supporters, however, if they were being honest, would give Racist a 5 and Progressives a 3. Let’s say there are 1000 progressive voters, and 600 racist voters. If voting honestly, the scores would be Progressive = 5 * 1000 + 3 * 600 = 6800, Racist = 5 * 600 + 3 * 1000 = 6000, Racist Dictator = 1 * 1600 = 1600. Now the problem is, you can’t really get people to vote honestly. So let’s say Racist riles up their followers to instead vote Progressive as a 1 to, even if they don’t really think that. Now the scores are Progressive = 5 * 1000 + 1 * 600 = 5600, Racist = 5 * 600 + 3 * 1000 = 6000. Racist wins.

In practice, when a system allows people to vote tactically and have an advantage, it becomes a race to the bottom. That’s how you end up with dynamics like the two-party system. A good voting system works by removing incentives to vote tactically - if you put your true preferences down, you will not be disadvantaged in your influence on the election, even if other people attempt to vote tactically. That means that genuine third parties have a chance if the people like them, even in the absence of coordination.

I don’t think it is fair to say that there was ever 100% agreement over what some of those terms meant.

Like or hate it, language means what the people think it means, and as GP suggests, choosing terms that disambiguate differences is a far better approach that allows people to find common ground rather than have a knee-jerk reaction to a policy because they associate with one ambiguous label and are told that the policy is associated with another.

Adding more dimensions to the policy spectrum help. One dimension (left/right) covering all manner of social and economic policy leads to confusing outcomes.

A two dimensional view - economic left-right on one axis, and libertarian/authoritarian - is one view that is popular now, so giving four quadrants, left lib, right lib, left auth, right auth - and that is already a lot more granular. With any quadrant view of course, the dispute is always going to be where the centre is… it is something of an Overton window, where extremists try to push in one direction to shift the Overton window and make positions that were firmly in one quadrant seem like the centre.

However, there are other dimensions as well that could make sense to evaluate policy (and political viewpoints) on even within these axes. One is short-term / long-term: at one extreme, does the position discount the future for the benefit of people right now, and at the other extreme, focusing far into the future with minimal concerns for people now. Another could be nationalist / globalist - does the position embody ‘think global, act local’, or does it aim to serve the local population to the detriment of global populations?

That is already a four-dimensional scheme (there could be more), and I believe that while real-world political parties often correlate some of those axes and extremes on one are often found together with extremes on another, they are actually near-orthogonal and it would be theoretically possible to be at each of the 16 possible points near the edges of that scheme.

That said, even though they are almost orthogonal, an extreme on one might prevent an extreme on another axis in some cases. For example, I’d consider myself fairly economically left, fairly socially libertarian, fairly far towards favouring the long term over the short term, and fairly far towards globalist (think global, act local) thinking. But some would say that an extreme left position requires no private ownership of the means of production. In the modern world, a computer is a means of production. I would not support a world in which there is no private ownership of computers, because that counters my the social libertarian position. So, I draw the line at wanting public ownership of natural monopolies and large-scale production - I would still want to live in a pluralistic society where people can try to create new means of production (providing it doesn’t interfere with others or the future, e.g. through pollution, safety risks, not paying a living wage, etc…), rather than one where someone like Trofim Lysenko has the ear of the leader and no one can disagree no matter how stupid their beliefs are. But I’d want to see the ability for the state to take over those new means of production in the public interest eventually if they pan out and become large scale (and for research to happen in parallel by the state).

I think putting one’s viewpoint on multiple dimensions makes it far clearer what someone believes, and where there is common ground, compared to picking labels with contested meaning and attacking the other labels.

I think it is a positive sign - although obviously hypocritical when they are providing lethal aid to the Israeli government while it’s controlled by genocidal extremist parties like Likud and Mafdal-RZ, who are using it to create the very situation for Palestinian civilians in the first place.

The bombing of civilian homes and infrastructure, combined with shootings and so on has already killed or wounded about 2% of the population in only 5 months. However, a famine could kill far faster than that; to avoid that, the IDF would only need to not interfere with the distribution of aid, allowing NGOs to provide it. Instead, they have interfered with the entry of aid at the Egyptian-Palestinian border, bombed places where aid is being distributed, and shot at civilians seeking aid on the street with machine guns.

So anything that makes that 2% of casualties not grow to 80%, for example, and frustrates the plans of Israel’s far right to depopulate Gaza of Arabs is a good start, but not really enough.

A blood clot doesn’t mean there is no foul play. There are plenty of poisons that cause clotting: https://go.drugbank.com/categories/DBCAT000113 - including some that are snake venom components.

It could also be a consequence of prolonged confinement without much movement. It could also be an eventual consequence of the 2020 poisoning (there is no evidence that Novichok specifically or mild poisoning with other acetylcholinesterase inhibitors causes clots; however, severe poisoning causes respiratory paralysis which causes hypoxia, and that can cause platelet and vascular dysfunction/damage that increases the risk of thrombosis. Not many people ever have been poisoned with Novichok and survived, so the exact sequelae are uncertain).

Now, there is a question of whether the FSB would want to do a subtle execution or an ambiguous one. They did attempt an obvious one in 2020, given it involved an agent which is clearly associated with the Russian government (although perhaps if he hadn’t made it overseas, that would have never come out). Since then, perhaps Putin and the FSB have less incentive to be brazen. If they didn’t want to send a message, they could have just kept Navalny alive. But maybe ambiguous was a compromise they wanted - it keeps would-be dissidents fearful, but provides the cover of plausible deniability for those who would criticise the killing of a political opponent.