Judges aren't perfect and just because they decree something, doesn't mean that the remedy implemented by the ISPs isn't also a violation of some law or regulation. Normally this would be handled by yet another court case, possibly going to a higher court to decide if there are contradictions or conflicts.
The law is no stranger to "damned if you do, damned if you don't" scenarios.
Coal is dirt cheap, to the point where most of the cost is in transporting it and the infrastructure to convert it to power is simple and not very capital intensive to it’s the first thing developing countries reach for when they don’t have strict environmental regulations. It also doesn’t require as much precision manufacturing so a lot can be done domestically even in less developed industries, which is important when foreign currencies are in short supply.
That's fine as long as the company can choose they don't like those terms and refuse to do business. But in this case the government threatened, and carried out the threat, of classifying Anthropic as a "supply chain threat" if they didn't agree to the government's terms.
I want to be clear, I agree. I have no objection to unique government contracts. I'm specifically curious about GPs position that a government contractor should be (ethically?) bound from putting contractual obligations on government use of their service.
Like the various ai providers limit lawful use like creating AI pornography. I think it would be reasonable to keep a contractual restriction against that even when working with the government.
> The biggest problem here is that people have wildly uncalibrated monitors that often have color cast tints. I color calibrate my monitors and even my factory calibrated MacBook has a slight green tint.
Even if anyone actually calibrated their screens, many cheap monitor panels are so shitty the calibration can’t help. I bought two 4K LG monitors at the same time and based on serial numbers, they’re likely from the same batch but LG likes to mix panels on their cheaper products. They have wildly different color spaces to the point where one swallows several points of grayscale*, which means I have to use the right monitor when viewing sites otherwise I lose the subtle gray-on-white that designers love so much.
I'd love to see a photograph of a 32 bit greyscale gradient on both. I wonder if some monitors with similar issues would not be able to represent the photograph properly.
Most electrical engineers use “reference designs” published by the IC manufacturers to design their PCBs, although any open source commercially available design can act as a reference. They essentially copy the schematics from the PDF (or import if file formats/converters allow), ripping out whatever they don’t need, then reroute the PCB using their layers.
In some cases, when their PCB fab layer stack up is similar enough to the original board, they can go a step further and copy paste most of the PCB into their design so that any signal integrity work carries over. Realistically this is only really practical for low speed designs but still useful for a whole class of electronics.
I don’t use KiCad but software like Altium support modular schematic sheets and PCB rooms so theoretically it can imported into that (since KiCad’s format is open source S-expr)
I think it traces back to Henry Avery and his capture of the Mughal treasure fleet [1]. It inspired an entire oral/print tradition and social zeitgeist in England (and the rest of Europe) which IMO directly led to an entire generation of privateers like Woodes Rogers and tied into the whole golden age of piracy, an endless source of drama for fiction authors.
My full name, phone number, and address were leaked by TAP Air Portugal about five years ago, along with the details of my parents who were on the same booking. Since then, my dad has been targeted by those types of scams where a fraudster impersonates me to ask for money.
I never received a notification from TAP; I only found out a year later through my Google One security feature. I certainly didn't get an apology—much less a free travel ticket!
If the scam success rate is 0.1%, and it takes days to comb a phone book and put together a list of potential relationships and takes a human 10 minutes per phone call, the economics of scamming works out a lot less profitable than importing a data leak and emailing or robocalling everyone in the list.
I do use an email alias everywhere. But I don't believe you can do the same with phone numbers. I tried using my twilio rented number and there is a way systems use to figure out if that is a real number for a person or a VoIP one. Though it is sometimes successful in use for signups and hence spam reduction.
Could set up 6 digit long extensions and only ever issue a few hundred of them in total.
Guess wrong 3x and goodbye.
Can also set some/most/all to go to voicemail so they can get in touch with you, but not really.
Or blackhole the invalid extensions to /dev/null voicemail but then you run the risk of legit misdials and you never get some important message.
The real vs “fake” number issue could be worked around by having your cell phone provider forward all calls to your VoIP number. It’s baked into gsm, don’t need a phone after initial setup: https://www.geckobeach.com/cellular/secrets/gsmcodes.php
That TAP data was leaked on a tor hidden service, in multiple files, and download was extremely slow on the days following the leak. One of the files was much smaller, and my friend had the bad luck to have his data in that one.
His phone was spammed so incessantly he had to change his number almost immediately.
I'm dissatisfied about the TAP leak as well! I was affected, and like you, didn't even receive a notification - nevermind compensation for having leaked my personal data to the dark web enabling all sorts of shenanigans that make my personal life difficult.
About 2 million portuguese there. Basically all active portuguese adults that have enough financial conditions to travel by airplane.
It was a fantastic leak, based from an excel file asked by a marketing department which forgot it inside a shared folder on the hacked (private) server. There was far more info there than just that, also included the details of employees and more interesting if they were on medical leave.
Curiously enough many of those employees were family members from politicians and well-known people. Some of those in long term sick leave were receiving a monthly salary while conducting live shows on festivals during the summer.
Nothing happened on the news. They all went silent about this case.
I'm not sure about France, but here in Argentina all this info is assumed to be public. If you want a credit at a bank or shop, they ask for a physical copy of the national ID [1], probably a photocopy too, an electricity or water bill and perhaps other paperwork that is hard to get (verified phone number???).
It's supposed to be identifying information here. Usually, you can just send copies of those documents, which means that if you're looking to impersonate someone, you can easily produce fakes. And since everyone and their grandmother asks for these, people don't bat an eye and send them.
The coup de grace of security in France is signatures, though. Now, since you can't produce a physical signature over the internet, they'll ask for your phone number and send you a text with a code. Once you've entered it on their web form, you've proved undoubtedly you are who you say you are.
Physical signature are as useless anyway. We could just mark an X and it would be exactly the same. It only proves that some anoynmous person had a pen and was not afraid to use it.
You usually register a copy of your signature when you get an ID card or a bank account, so no it’s no like an X; you’d have to actually sign like the person you’re trying to impersonate.
You might find it interesting to learn a bit about information theory. The entire purpose of your specific number is precisely to identify which number in that list is yours. Having the list of all possible numbers is irrelevant. Conceptually you can model that as everyone has that, all the time. But that's not enough to do anything with, because having that list entire list means you have zero information.
If you say "it starts with an 8", you've eliminated 90% of the possibilities. Now you have log2(10) bits of information, but you haven't nailed it down yet. For each additional number you give you give that many more bits until you nail it down.
This is a common misconception people have. I remember someone who claimed to have copyright all possible melodies by virtue of having printed them out and thus enumerated them. But that is meaningless, because the entire job of naming a specific melody is precisely the nailing down of which one you mean. Expanding the list of possibilities you might mean is actually a reduction in the amount of information, despite the superficial appearance of listing more numbers out, and when you expand the possibilities out to "all possible instances of the thing" you're actually at the minimum of information, not the maximum.
> in Argentina all this info is assumed to be public
Same here. You can probably can find my address and phone numbers fairly easily from my name by a number of methods. That doesn't mean it isn't bad when an organisation spews out, or allows to be sucked out, huge numbers of people's data. With a leak like this it is practical to try scam everyone the list, searching for each person's details individually, and having to enumerate those people in the first place⁰, would mean no such attack would scale in a way to make it worthwhile bothering¹.
--------
[0] This seems strange when you first think it, but: the most important thing being on such a list says about you, is that you are a real existing person, whose identity could be exploited somehow. That fact is what makes any other information valuable.
[1] except for high-worth targets, which is why spear-phishing is a thing
Nothing like america though, lots of people (maybe the majority) cruise through life with 1-2 credit cards and occasionally apply for a mortgage without ever really thinking about their credit rating.
Being obsessed or even thinking about your credit rating in the UK is a bit of a minority reddit pursuit not something normal people do.
(Of course if you default on stuff you will need to think about it)
There is no such thing in France (or most countries for that matter). It's a pretty absurd system that gamifies and profits off heuristics, and results in a Kafkaesque nightmare where you can't get a job, rent a place or get a loan because of an arbitrary value assigned by a company with a profit motive. One that has no incentive to get things right or even get the right person.
How things work in France is much simpler and better. When you apply for a loan, the lender checks with Banque de France (national bank) if you have outstanding debts and if you've defaulted on any debts in the past 5 years. That's it, that and your proof of revenue is all they need.
Fairly sure this is an ironic comment. (Credit monitoring is the useless thing companies give people in the US when their information is leaked -- everyone in the industry knows it's laughably unrelated to private information disclosure).
Heh, for real, it's maddening how often this is the "solution" to any breach. It's especially lovely when it comes from multiple companies at the same time, that may or may not have leaked your SSN.
> But yeah, let's just spin-up a shadow IT VM with Debian like GP said, it's easy!
That’s literally how they sold AWS in the beginning.
Cloud won not because of costs or flexibility but because it allowed teams to provision their own machines from their budget instead of going through all the red tape with their IT departments creating… a bunch of shadow IT VMs!
Everything old is new again, except it works on an accelerated ten year cycle in the IT industry.
Indeed. And it stems from the illusion that what works in solo/small teams/scrappy startup works the same when you are bigger, and that a developer can take over all the corollary work to the actual product development.
And yes, a dev that's able to do that properly (stress on properly) is indeed a signal of a better overall developer but they are a minority and anyway as orgs scale up there is just too much of "side salad" that it becomes a separated dish.
And when the datacenter staff show up for work every morning the AI will them “You are employee #5378. Today you are a janitor. You will…” going off on a long list of hyper precise instructions for them to follow, like a human prompt.
The law is no stranger to "damned if you do, damned if you don't" scenarios.
reply