I’ve worked with FreeSWITCH in the past and can confirm it’s a bit of a shit show. We kept running into a problem where its sqlite database kept getting corrupted, presumably because threads kept stomping on eachother’s file descriptors. Our solution: simply delete the sqlite database in a cron job. The database wasn’t important apparently, or maybe it was used as a cache or something? I don’t recall.
The reason we used FreeSWITCH: legend had it that Asterisk was a total shit show. So it must be even worse… Eldritch horrors, alright!
What do fans of (different kinds of) tiling window managers really like about them? I’m earnestly curious since I like my windows to float, pile/overlap somewhat, and be their own best sizes. Is it about putting all pixels to work? Keyboard finesse?
For me it’s an accessibility thing. It’s the best way I have found to use a desktop computer with keyboard only.
I turn off tabs in all programs that have them, so that I can navigate all windows in the same way, using at most one key per hand and keyboard-half.
I do have a nice pointing device for emergencies (drawing memes in Krita or so) but I can’t use it regularly.
There’s a big difference between tools that are merely possible to use with a keyboard, and tools that are easy to use with a keyboard, but I think it’s less obvious to users that can fall back to pointing.
It’s hard to put into words but I’ll try. This is strictly about a work setup with 3 screens, 2 big important ones and 1 smaller laptop screen (on the right). This also assumes xmonad or mimicking its workspace switching in i3.
So I usually have my browser up on the left screen (sometimes 50:50 split with another browser or a shell or whatever), my IDE up on the middle one and then emails or slack or whatever on the right one (all usually in fullscreen).
Now let’s say I share my screen for pairing, then I also want my partner/team visible, so I need Video+IDE+Slack - instead of fumbling around I’d just press win-5 or whatever on the left one and have that up there. Pressing win-5 on the middle one now will switch the IDE workspace with the video one (because my cam is on the right, so I’m more looking into the cam), etc.pp
But a key point is that I am sending all specific apps to their one fixed workspace on open (something like 1=shell,2=ide,3=browser,4=email,….) so I never have to alt-tab to find anything because I just know which app I will get, and I can still temporarily move e.g. the video window to the browser workspace for a split view (or alt-tab in a single workspace, between slack and emails)
So yes, it might sound nitpicky but it’s like laying out stuff on a workbench. I don’t think about it anymore and I don’t even need to look there. Just push the mouse somewhere onto that screen and press an easy key combo and I have everything where I want it, and still dynamically move it around. If I have a second browser window open I can either put that on workspace 3 (so I alt-tab between exactly the 2 open tabs) or put it next to the other one, OR I put it on one of my undefined workspaces (e.g. 8) and have that up somewhere.
If you are a heavy window overlapper then this might not make a ton of sense, from my experience. But even on non-tiling WMs I often do 1:1 or 1:1:1 or 1:1:1:1 splits but then I have to alt-tab a lot. But yes, it’s also very much about keyboard shortcuts, which you can somewhat recreate in e.g. hammerspoon but imho not as nicely.
I like the workbench analogy. I use i3 in the same way: one workspace for terminals with various stuff (email, IRC, current project, maybe a grep/git/logtail/whatever), one with a browser window on the company chat, one with a private chat, one with a “main browser window” for everything else, one with my editor and occasionally I’ll spawn more workspaces for one-off tasks or other things I need open all the time. Right now I’m typing this, I have 7 workspaces active and I know exactly which workspace contains which windows. “A place for everything and everything in its place”, basically.
About ten years before I learned about the existence of tiling window managers, I already knew the bits of window management that I hated:
having important information in one window covered by another window
being forced to constantly rearrange the window stack to see what I needed
each window opening in the wrong size and needing to manually fix it
The first time I encountered a tiling window manager, I instantly saw that it solved these problems, switched, and never looked back.
So I guess that I have the reverse question: what do people really like about floating window managers? Do the annoyances I listed above not bother you or are you getting some benefit from the floating layout that’s worth the price?
Not to steer us off topic, but since you asked: I must not have much frustration about rearranging windows, because I get satisfaction from arranging them.
I think you can avoid needed information being unduly covered by making windows as small as they can reasonably be. It’s not necessary to ensure they never overlap anywhere. For example, my TextEdit windows are about the size of my phone in portrait, which is about 5% of the monitor’s physical area.
I generally use one 27” screen. When idle, I have several stacks of windows. Browsers on the left, terminals in the lower right corner, that kind of thing. I keep each stack neat in sort of a cascade arrangement. With an AppleScript on a key shortcut I can make a window my favorite size, for example, I can reset a terminal to 80x25 or a browser to 1024x768.
The center of the screen is available for a main app like an IDE. Such a window will overlap the side stacks, but won’t cover them.
For a task, I’ll set up my workspace in a second or two, mainly by bringing forward the specific open windows I’ll need. Being in separate stacks, they already don’t overlap. I may hide unrelated apps, too. And then I’ll launch whatever main app I need in the center, or maybe move a browser window there, or just enlarge it from the corner and reset its size later.
During the task, if a center app is frontmost and I need a side window, they’re only half-covered by it anyway, so I have a huge click target to bring that other window to the front. Fitts’s Law is my friend. Command-tab feels fast but is imprecise; I probably don’t want all windows of an app. I’d usually rather click the specific window. And if a window is covered, that’s what exposé is for. It’s on my mouse’s thumb button.
It’s not like I never get caught on this and I do need a unique setup from time to time. On my laptop screen I run a different scheme just due to real estate. But for the most part I have my stuff laid out neatly, or I have in mind a neat arrangement to return to, and I think a mouse is just good at this. (Trackpads are comparatively clumsy.)
Unfortunately, I’m just not very impressed by the examples used in this post. I say this as a daily user of ChatGPT. (I currently use ChatGPT for tasks other than coding, but I have begun to introduce it into my programming in limited ways.)
There are a lot of subtle design flaws, some a result of the prompting and some that seem like a result of something a PyData Amsterdam attendee shared with me last year—“don’t use a high diversity (variance) tool for low diversity (variance) tasks.” His comment led me to embracing LLMs in my own life, by reframing it as something other than a tool of austerity economics. “Instead of using ChatGPT to write a thousand e-mails in one minute, I use it to write one e-mail in one hour, but it’s better than anything I could have written unassisted.”
e.g., I couldn’t write better code than thisexample in 15 seconds… but I’d also probably not actually write code like this at all.
Genuine question: why wouldn’t you write code like that?
I think it’s good code. It does what I wanted it to do, it works, it’s easy to read.
More importantly, it’s exactly what I asked for. The design of the function is mine - the LLM did the work of typing out the code for me.
If you don’t like my design that’s fine, but that’s not a reflection on how well the LLM performed the task assigned to it.
I try to stay honest about the examples I include in these things: I’m not trying to sell LLMs, so I don’t deliberately go for the most impressive examples: I pick recent examples of actual tasks I’ve accomplished using LLM assistance.
If you don’t like my design that’s fine, but that’s not a reflection on how well the LLM performed the task assigned to it.
I definitely think it’s the case that the task is constrained by other (perhaps purposeful) design choices, in which case we can argue that you got what you asked for, but I think the code in that example has mistakes that were not desired.†
The code isn’t terrible by any measure. It accomplishes the task it sets out to. But it’s just not good enough to motivate this style of using the LLM.
I’m not trying to sell LLMs…
Many other LLM-produced examples of Python code that I have seen suggest that these tools are extremely sensitive to their training sets and show how over-represented CS101 homework must be in said training set. The selling point is usually “look how cheaply I can generate output of low/dubious quality”—“austerity economics.”
In my own (heavy) LLM-usage, I’m looking for things that I could not accomplish myself rather than just doing sloppy work faster.
I don’t deliberately go for the most impressive examples…
I’d love to see impressive examples of what an LLM can generate that are robust/reproducible/generalisable!
† Errors & Flaws
Bear in mind, I could not write that code in 15s, and I also didn’t look at it for more than 15s… but I didn’t really need more than 15s to spot the following:
error: bare except on db.unlink is a bad idea; it will suppress MemoryError, SystemExit, KeyboardInterrupt
error: scattering db.unlink throughout this code incorrectly suggests that other errors might not happen (but they can, like on f.write!); this should be a context manager or, better yet, using something like tempfile.TemporaryDirectory
(debatable) design flaw: custom Exception types need a lot more motivation than is present here, and these should (at minimum) extend ValueError or similar
(minor) error: the last try/except that checks the database should use a context manager likely using contextlib.closing or similar (especially because this function is asynchronous!)
design flaw: this much I/O this deep into the code probably suggests a broader design error in this code; this I/O should be superficialised (which ties nicely into the above suggestions for context managers, which strongly encourage superficialisation given the clumsiness in composing them)
Ugh, yeah those bare except clauses are a code smell. I should have reviewed the code more closely and got it to fix those.
I think this is why this style of using LLMs to write this kind of code is so weakly motivating. We would want that we do not have to review the output so closely to find these errors. In fact, we would want that the LLM would not only not make these errors, but provide this kind of feedback absent our careful guidance.
I don’t know if better prompting can accomplish this. Despite being a heavy user of LLMs, I just am not as experienced or knowledgeable about them as you are, and I’m just not as good at prompting.
However, I am very surprised that all these “write code with an LLM” tools fixate on the common modality of the user telling the LLM what it wants, and the LLM spitting out the result. In my use of the LLM, it almost always takes an involved long back-and-forth conversation to get what I want, and I have to present my questions and my responses in a very particular way to avoid going in circles, to avoid getting a “stupid answer” having “asked a stupid question,” and to avoid confabulations. I haven’t really tried using an LLM to write code, so I don’t know if this approach works to achieve that goal.
I think this is why this style of using LLMs to write this kind of code is so weakly motivating. We would want that we do not have to review the output so closely to find these errors.
I think this is similar to “review blindness”: you’d probably not make that sort of mistake yourself, but when reviewing code it’s very easy to overlook. There’s this cognitive bias to read a bunch of code as a fait accompli of sorts, perhaps assuming “it’s been written so it must be (mostly) right”. As long as the “overall shape” is fine you sort of implicitly trust the author for being competent. You won’t be picking apart the code line by line, even if you’re actively trying to review the code. Only when debugging you really look closely at every single line (and only the lines you theorize are leading up to the error), actively looking for errors.
Of course, sometimes you might spot mistakes anyway. Your eye scanning the line might “trip” over a misspelling, or perhaps you have an “attention bias” to certain types of bugs (for me that’d be SQL injections, as I’ve come across those so damn often I’m so scarred that I don’t trust any code dealing with SQL).
Better prompting can absolutely help here. If you add to your system prompt / custom instructions “never use a bare except” then it won’t make that mistake again.
There’s a limit on the size of those instructions though, so whether or not it’s sensible to keep on adding to them every time you find a mistake like this is certainly open for debate!
Better prompting can absolutely help here. If you add to your system prompt / custom instructions “never use a bare except” then it won’t make that mistake again.
There’s a limit on the size of those instructions though, so whether or not it’s sensible to keep on adding to them every time you find a mistake like this is certainly open for debate!
Surprisingly enough, I have had success asking an LLM to “write more fluently and naturally,” but I don’t know if we can effectively ask the LLM to “write better code; don’t make obvious mistakes” and actually get anywhere.
Presumably, if we know exactly what errors to look for, then we could lint the LLM output and reject productions that do not meet our guidelines; however, it seems like the core issue is that we cannot ask the LLM to reliably tell us something we don’t already know.
A lot of this comes down to the models themselves. Claude 3.7 writes better code than 3.5 does, though it’s very hard for me to provide concrete examples of that - it’s just something I “know” from having spent so much time with each model.
I wouldn’t be surprised if Claude 3.8 didn’t make mistakes with bare excepts at all… but in the absence of very robust evals I’m not sure if I would notice or not.
This leads to weird superstitions and habits. Maybe I’ll still be prompting “build HTML and JavaScript (no React)” against Claude 3.17 without realizing that it stopped defaulting to React three releases ago.
I can’t remember the last time I saw Python code that anticipated and avoided errors on f.write()!
It’s fair to point out that we probably can’t do much if the writing fails (e.g., PermissionError or errors related to free disk space, network file systems, &c.) While these are, unfortunately, surprisingly common in practice, it’s true that if we cannot meaningfully handle an error, we should let the Exception percolate to a higher level in our code.
That said, if the f.write is tied to some other operation, we definitely need to perform any associated tear-down. We need to make sure these happen irrespective of whether the write succeeds or fails, and this is what the linked code fails to do.
e.g.,
from tempfile import TemporaryDirectory
from pathlib import Path
with TemporaryDirectory() as d:
d = Path(d)
with open(d / 'some-file', mode='w') as f:
print(..., file=f)
...
My father worked for Guinness for about 25 years. When I was growing up we had prints of the John Ireland calendar “the gentle art of making Guinness”, a splendid series of cartoons in the tradition of Heath Robinson or Rube Goldberg. Guinness advertising art was great.
But, it’s a mass-produced factory beer. I occasionally like a stout or other dark beer, but Guinness is boring.
Guinness was relatively early in the use of statistical quality control over large scale biochemical processes – that is where Student’s t-distribution was discovered.
I visited a brewery for one of the top 5 beer producers worldwide and the effort and care going into producing a consistent, safe product is impressive. The fact that the product itself is rather bland and boring is incidental :D
I like boring beer. Incoming long defense of Guinness:
I didn’t always used to be like, I used to like hoppy IPAs. But as I’ve gotten older my desire to drink beers higher than 5% has diminished so thoroughly that I can count the number of times I drink one per year on one hand.
I certainly would like to drink more complex stouts, but there are barely any brewed in America with the same ABV. For an example, I went to my favorite local brewery’s website, and Stout was always prefixed with imperial https://grimmales.com/menu/
I can’t drink these! They taste like syrup and instantly give me a headache.
Frankly, my go to beer these days is Asahi. I’m tired of complexity. Beer is less for me about complex flavors and more about refreshment and the desire to relax. In the cases when I want something more complex, I go for a cocktail. I make myself a Negroni or a Campari soda (depending on which side of refreshment and flavor I want).
Anyway. I love Guinness. It tastes good (that is to say it doesn’t taste like piss water), has a low ABV, and is served in basically every bar in Manhattan and Brooklyn. It fits my need
Thanks for saying that. I like it fine if it’s what’s available, but it tastes watered down to me compared to other stouts I’ve grown accustomed to. I’ll take it over something lighter, but it’s fairly plain.
If you’re in the US, be aware that the Guinness product sold as Extra Stout 20 years ago is now known as Foreign Extra Stout. Today’s Extra Stout is watered down in comparison (and undoubtedly cheaper to produce).
As bait-and-switches go, this is mild compared to Newcastle Ale…
I’m with you but would add that it genuinely does taste better in Ireland! To the point that I know some Irish people who will not drink Guinness abroad.
The story goes that this is due to the water but I suspect the truth is that Guinness have a lot of control over how it’s stored and served in pubs (temperature etc). Whether that should matter is an exercise left to personal taste.
I had an Irish colleague in France that spun the theory that French Guiness is a lot less bitter, because locals don’t like it.
He refused it.
My personal take on Guiness: I rarely drink and then I only rarely drink Guiness, so I enjoy it as an easy stout that comes with an expected taste. Sometimes, that’s just what I want.
(Fun fact about me: I do, however, have a taste for alcohol, my first job was sysadmin on a wineyard)
When I visited the Guinness Storehouse in Dublin the advertising floor was definitely the most interesting part. The rest was over the top displays or sections for social media tourism. I have to agree about it being boring, although I’ll often order it if there’s no other stout or porters served.
Also, their book of world records was endlessly entertaining when I was in primary school.
Many years after I tried Guinness (which I still occasionally enjoy, because it is boring in quite a pleasant way) I learned that the thing I really liked about it was that it was always a nitro pour. Seeking out interesting beers (mostly, but not all stouts) served on nitro taps has been fun.
I’m a big fan of nitro coffee! In the before times, I worked once or twice a week in an office that had a nitro cold brew tap in the kitchen, and that was enough to make me look forward to those office days. Come to think of it, everyone (of those who didn’t dislike coffee in general) really loved that perk.
I was the tech lead of the internationalization effort for a popular website a number of years back. This was in the US. The site was English-only and we wanted to make it available in a wide variety of languages. We wanted to make it feel as native to each language as we could, rather than feeling like a translation of a foreign site.
My team and I came up with a bunch of internal tools and a flexible library we could use to make our code work in multiple languages. When I say “flexible” I mean it went way beyond simple token replacement; it could do things like look up different variants of sentences depending on whether a caller-supplied place name referred to a city or a country and whether that distinction mattered in the target language, could use different pluralization rules for different languages, took gender into account if a sentence mentioned a person whose gender was known, and so on. We had people with linguistics backgrounds making sure we didn’t fall into any obvious traps.
The code base was far too big for my little team to update on our own, so an early goal was to give the rest of the engineering team all the resources they needed to do a really good job of updating their own corners of the code. In addition to thoroughly documenting our tools and libraries, we wrote up a set of annotated examples of how to change existing English-only code to be translation-friendly, and we made sure it covered all the common patterns in the code base (including visual design things like assuming a button only needed to be exactly big enough to hold an English label) and included examples of what could go wrong in different languages if people decided to just do string concatenation instead.
Then we started rolling it out. My expectation going into it was like yours: that the monoglot American devs would struggle to embrace all the techniques because English-specific assumptions would be too deeply ingrained.
But once I started doing code reviews of people’s changes, the reality was different. It turned out there was no measurable relationship between how good someone was at making their part of the site translatable into a wide variety of languages and which language(s) they spoke. Americans who’d never spoken anything but English were just as good at it, on average, as trilingual Europeans or people whose native languages were very different from English.
The thing that floored me was seeing people from other countries repeatedly make mistakes that would have made it impossible to correctly translate part of the site into their own native languages. This happened a lot, and it happened across multiple native languages. It seemed to me like some people were able to put their brains in “human language is highly variable and the code needs to act accordingly” mode, and some people were stuck in “I am working in English right now, so everything is English” mode, and it barely mattered if they happened to speak some other language or not.
Maybe the situation would have been different if the site had been in more than one language from the get-go; I don’t know. But that experience really shattered some of my preconceptions about the advantages of speaking multiple languages. (For the record: I still think it’s worthwhile to be multilingual!)
The first job I had in Germany, having moved here as a fresh-faced monolingual foreigner, was kind of like this. We were building an internal tool that was used by warehouse workers in various European countries. We knew we had a lot of fairly monolingual users in a variety of different languages, so when we decided to redesign the tool, I pushed really hard for making sure that every part of the UI was fully translated into all the relevant languages. I was amazed by how much my German colleagues pushed back against this, saying it would be a lot of effort, and people could just learn what the different English-language messages meant over time.
There were things a decade ago that my non-American English native speaker coworkers (Romanian, Croatian, Indian [Hindi & Marathi]) learned alongside me who’d been doing localization for a while — back then, I spoke natively American English but had six school years of Latin, 10+ years of self-driven Esperanto, and smattering of (Mexican) Spanish and (Canadian) French — when we did a big project targeting 10 languages on release days and 22 within four weeks in a patch release. I’ve picked up Dutch and some Korean since then and I’m constantly learning new things about language having gotten into linguist sector of Instagram, Threads, Bluesky, and the fediverse.
Unless you’re a linguist, you’re always learning surprising new things about language, discovering new tools in the toolbox, per se. If you’re a linguist, you’re learning which has/does what because you’re more familiar with what’s in the toolbox.
Cool you’ve learned so many languages. I’m currently trying to learn a new language and struggling a bit so maybe you can help. What are your preferred ways to learn a new language and make it stick?
Consistent practice. Try to experience all modes - reading, writing, listening, speaking, and conversing.
Find media you like. You don’t have to be even at 50% comprehension to listen to some audio, but obviously you’re only going to get little bits.
Adverts are much simpler than anything except children’s media.
Experiencing the language is generally the best way to internalize the rules, but reading up on complex rules to help you practice them is also important.
Regular practice. Duolingo is fine if all you can put into it is 10-15 minutes per day. That’s better than 0 and 5 minutes isn’t doing much. Most of my focus is on reading and writing until I started learning Dutch in 2023. You have to read a ton and listen a lot. I don’t listen as much as I should, but there are plenty of Dutch teachers and comedians on social media that I’ve come to enjoy.
I think it’s important to remember your purpose. I like learning languages because I like linguistics and language, not because I have an acute need to interact in another language. Honestly, some trips to Belgium and The Netherlands in the last few years have been the most immersive foreign language environment I’ve been in… and any Belgian or Dutch can tell you that you can get along just fine in most both of those countries speaking just English. I was able to use nothing but Dutch to get lunch in my great grandmother’s small hometown, though!
Absolutely not, I’ve seen a couple of these with German software, with English/French just an afterthought. And that’s already two languages where half of the stuff doesn’t even apply because they are both LTR languages in latin script. I will admit that it’s of course more likely to be a US/UK dev team.
There does seem to be a bit of a chicken-and-egg problem. A bunch of people (myself included) are eager to work on EU alternatives to American services, but having things that are comparable requires a lot of initial funding and reasonable expectation of usage, which just isn’t there. In the meanwhile, public organizations don’t want to make a move until they see something that inspires confidence, which would require a player to already be set up.
I do wonder how things would go if the article’s recommendation (divert a % of government funds towards setting these things up) would go. The closest we have right now are the tech sovereignty funds / nlnet / similar, which are great, but much smaller than you’d need to compete with (say) AWS. (OVH and similar try, but if you’ve ever used their cloud offerings rather than just a couple of random dedicated servers, the limitations become apparent pretty quickly.)
I think what’s needed is a mandate, rather than a subsidy. Given the level of regulatory capture in democracies around the world including in Europe it’s hard to see that happening, but without a mandate using Google Workplace, AWS EU or similar will always be the easiest route to follow for the large proportion of people who are less ideological.
AWS itself is a product of a mandate that all communication about mechanics should occur via API rather than email.
What AWS actually is in practice right now is a way to bypass a bunch of regulations. SoC Type 2? We’re on AWS, it’s there already. HIPAA? They have a document. So on and so forth. It completely abstracts away company structure as well, leaving only the product, which means the software architects don’t need to learn about, say, network theory, and can just have a checklist that says, “we get our own VPC”, for example.
I recently won a public contract at work that ended up being worth multiple million euros (less than it was supposed to, but I had no part in the charge negotiations). It was originally planned to be hosted on OVH, but due to a bunch of extraneous requirements from them, it became strictly impossible to do (not in any reasonable amount of time, anyway), so it got moved over to AWS Paris instead. This is how it tends to go in my experience.
Agreed. And in 4 years the tides may shift again and everyone will have forgotten how close to the brink we were, and therefore the demand for purely EU services might never materialize.
No,. there’s a lot of policy discretion. The US government has access to any data stored in the US belonging to non-US persons without basic due process like search warrants. The data they choose to access is a policy question. The people being installed in US security agencies have strong connections to global far right movements.
In 2004 servers operated by Rackspace in the UK on behalf of Indymedia were handed over to the American authorities with no consideration of the legal situation in the jurisdiction where they were physically located.
/Any/ organisation- governmental or otherwise- that exposes themselves to that kind of risk needs to be put out of business.
I seem to remember an incident where instapaper went offline. The FBI raided a data centre and took a blade machine offline containing blade servers they had warrants for, and instapapers, which they didn’t. So accidents happen.
Yes, but in that case the server was in an American-owned datacenter physically located in America (Virginia), where it was within the jurisdiction of the FBI.
That is hardly the same as a server in an American-owned datacenter physically located in the UK, where it was not within the jurisdiction of the FBI.
Having worked for an American “multinational” I can see how that sort of thing can happen: a chain of managers unversed in the law assumes it is doing “the right thing”. Which makes it even more important that customers consider both the actual legal situation and the cost of that sort of foulup when choosing a datacenter.
The US government has access to any data stored in the US belonging to non-US persons without basic due process like search warrants.
Serious question, who’s putting data in us-west etc when there is eu data centres? And does that free rein over data extend to data in European data centres? I was under the impression that safe harbour regs protected it? But it’s been years since I had to know about this kind of stuff and it’s now foggy.
It does not matter where the data is stored. Using EU datacenters will help latency if that is where your users are, but it will not protect you from warrants. The author digs into this in this post, but unfortunately, it is in Dutch: https://berthub.eu/articles/posts/servers-in-de-eu-eigen-sleutels-helpt-het/
Serious question, who’s putting data in us-west etc when there is eu data centres?
A lot of non-EU companies. Seems like a weird question, not everyone is either US or EU. Almost every Latin American company I’ve worked for uses us-east/west, even if it has no US customers. It’s just way cheaper than LATAM data centers and has better latency than EU.
Obviously the world isn’t just US/EU, I appreciate that. This article is dealing with the trade agreements concerning EU/US data protection though so take my comment in that perspective.
I haven’t personally made up my mind on this, but one piece of evidence in the “it’s dramatically different (in a bad way)” side of things would be the usage of unvetted DOGE staffers with IRS data. That to me seems to indicate that the situation is worse than before.
Not sure what you mean—Operational Desert Storm and the Cold War weren’t initiated by the US nor were Iraq and the USSR allies in the sense that the US is allied with Western Europe, Canada, etc (yes, the US supported the USSR against Nazi Germany and Iraq against Islamist Iran, but everyone understood those alliances were temporary—the US didn’t enter into a mutual defense pact with Iraq or USSR, for example).
they absolutely 100% were initiated by the US. yes the existence of a mutual defense pact is notable, as is its continued existence despite the US “seeking to harm” its treaty partners. it sounds like our differing perceptions of whether the present moment is “dramatically different” come down to differences in historical understanding, the discussion of which would undoubtedly be pruned by pushcx.
This isn’t true, as the US has been the steward of the Internet and its administration has turned hostile towards US’s allies.
In truth, Europe already had a wake-up call with Snowden’s revelations, the US government spying on non-US citizens with impunity, by coercing private US companies to do it. And I remember the Obama administration claiming that “non-US citizens have no rights”.
But that was about privacy, whereas this time we’re talking about a far right administration that seems to be on a war path with US’s allies. The world today is not the same as it was 10 years ago.
hm, you have a good point. I was wondering why now it would be different but “privacy” has always been too vague a concept for most people to grasp/care about. But an unpredictable foreign government which is actively cutting ties with everyone and reneging on many of its promises with (former?) allies might be a bigger warning sign to companies and governments world wide.
I mean, nobody in their right mind would host stuff pertaining to EU citizens in, say, Russia or China.
And this is one of the many reasons why it’s important to have a diverse set of viable and capable implementations for any standard. And standards that are not so convoluted as to make that nigh-impossible.
When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.
That’s… wow. Thank you for highlighting that. I am seriously considering using something other than Firefox for the first time in… ever. Regardless of how one might choose to interpret that statement, it’s frightening that they would even write it. This is not the Mozilla I knew or want. I’d love to know what alternatives people might suggest that are more community focused and completely FOSS, ideally still non-Chromium.
Isn’t it? Most GDPR consent screens have an easy “accept to everything” button and requires going through multiple steps to “not accept”, and many many more steps to “object” to their “legitimate interest” in tracking for the purposes of advertising. As long as these screens remain allowed and aren’t cracked down on (which I don’t foresee happening, ever), that’s the de facto meaning of “consent” in GDPR as far as I’m concerned: something that’s assumed given unless you actively go out of your way to revoke it.
It’s not what the text of the GDPR defines it as, but the text isn’t relevant; only its effect on the real world is.
Yes, definitely. Consent in GDPR is opt-in not opt-out. If it’s opt-out, that’s not consensual. And the law is the law.
Furthermore, for interstitials, to reject everything should be at least as easy as it is to accept everything, without dark patterns. Interstitials (e.g., from IAB and co.) first tried to make it hard to reject everything, but now you usually get a clear button for rejecting everything on most websites.
As I mentioned in another comment, the DPAs are understaffed and overworked. But they do move. A real-world example of a company affected by the GDPR, and that tries testing its limits, is Meta with Facebook. For user profiling, first they tried the Terms of Service, then they tried claiming a legitimate interest, then they introduced expensive subscriptions for those that tried to decline, now they introduced a UI degradation, delaying the user scrolling, which is illegal as well.
Many complain, on one hand, that the EU is too regulated, suffocating inovation, and with US’s tech oligarhs now sucking up to Trump to force the EU into allowing US companies to break the law. On the other hand, there are people who believe that the GDPR isn’t enforced enough. I wish people would make up their mind.
Many complain, on one hand, that the EU is too regulated, suffocating inovation, and with US’s tech oligarhs now sucking up to Trump to force the EU into allowing US companies to break the law. On the other hand, there are people who believe that the GDPR isn’t enforced enough. I wish people would make up their mind.
Those are different people, all who have made up their mind.
I thought I made it reasonably clear that I don’t care that much about what the text of the law is, I care about what material impact it has on the world.
To be fair, @mort’s feeling may come from non-actually-GDPR-compliant cookie consent forms. I have certainly seen where I couldn’t find the “reject all” button, and felt obligated to manually click up to 15 “legitimate interest” boxes. (And dammit could they please stop with their sliding buttons and use actual square check boxes instead?)
The facts you provided aren’t relevant. I’m talking about the de facto situation as it applies to 99% of companies, you’re talking about the text of the law and enforcement against one particular company. These are different things which don’t have much to do with each other.
You even acknowledge that DPAs are understaffed and overworked, which results in the lacking enforcement which is exactly what I’m complaining about. For what I can tell, we don’t disagree about any facts here.
I’m talking about GDPR as well, focusing about what impact it has in practice. I have been 100% consistent on that, since my first message in this sub-thread (https://lobste.rs/s/de2ab1/firefox_adds_terms_use#c_3sxqe1) which explicitly talks about what it means de facto. I don’t know where you got the impression that I’m talking about something else.
But there is enforcement, it’s just slower than we’d like. For example, screens making it harder to not opt in rather than opt in have gotten much rarer than they used to be. IME now they mostly come from American companies that don’t have much of a presence in the EU. So enforcement is causing things to move in the right direction, even if it is at a slow pace.
There is a website tracking fines against companies for GDPR violations [1] and as you can see, there are lots of fines against companies big and small every single month. “Insufficient legal basis for data processing” isn’t close to being the most common violation, but it’s pretty common, and has also been lobbed against companies big and small. It is not the case that there is only enforcement against a few high profile companies.
it’s the other way around - most of the time you have to actively revoke “legitimate interest”, consent should be off by default. Unfortunately, oftentimes “legitimate interest” is just “consent, but on by default” and they take exactly the same data for the same purpose (IIRC there are NGOs (such as NOYB, Panoptykon) fighting against IAB and other companies in those terms)
“Legitimate interest” is the GDPR loophole that ad tech companies use to spy on us without an easy opt-out option, right? I don’t know what this means in this context but I don’t trust it.
It is not, ad tech has been considered not a legitimate interest for… Ever… By the Europeans DPAs. Report to your DPA the one that abuse this. There have been enforcement.
Every website with a consent screen has a ton of ad stuff under “legitimate interest”, most ask you to “object” to each individually. The continued existence of this patterns means it’s de facto legal under the GDPR in my book. “Legitimate interest” is a tool to continue forced ad tracking.
I don’t think you’re disagreeing with me. It’s de jure illegal but de facto legal. I don’t care much what the text of the GDPR says, I care about its material effect on the real world; and the material effect is one where websites put up consent screens where the user has to “object” individually to every ad tech company’s “legitimate interest” in tracking the user for ad targeting purposes.
I used to be optimistic about the GDPR because there’s a lot of good stuff in the text of the law, but it has been long enough that we can clearly see that most of its actual effect is pretty underwhelming. Good law without enforcement is worthless.
De facto illegal for entities at Facebook’s scale? Maybe. But it’s certainly de facto legal for everyone else. It has been 7 years since it was implemented; if it was going to have a positive effect we’d have seen it by now. My patience has run out. GDPR failed.
I just gave you a concrete example of a powerful Big Tech company, with infinite resources for political lobbying, that was blasted for their practices. They first tried hiding behind their Terms of Use, then they tried claiming a legitimate interest, then they offered the choice of a paid subscription, and now they’ve introduced delays in scrolling for people that don’t consent to being profiled, which will be deemed illegal as well.
Your patience isn’t important. This is the legal system in action. Just because, for example, tax evasion happens, that doesn’t mean that anti tax evasion laws don’t work. Similarly with data protection laws. I used to work in the adtech industry. I know for a fact that there have been companies leaving the EU because of GDPR. I also know some of the legwork that IAB tried pulling off, but it won’t last.
Just the fact that you’re getting those interstitials is a win. Microsoft’s Edge browser, for example, gives EU citizens that IAB dialog on the first run, thus informing them that they are going to share their data with the entire advertising industry. That is in itself valuable for me, because it informs me that Edge is spyware.
I agree that the “we’re spying on you” pop-ups is a win in itself. I’m just complaining that it’s so toothless as to in practice allow websites to put up modals where each ad tech company’s “legitimate interest” in tracking me has to be individually disabled. If the goal of the GDPR was to in any way make it reasonably easy for users to opt out of tracking, it failed.
I agree that the “we’re spying on you” pop-ups is a win in itself.
I’m not so sure. I’ve even seen this used as an argument against the GDPR: The spin they give it is “this is the law that forces us to put up annoying cookie popups”. See for example this article on the Dutch public broadcasting agency (which is typically more left-leaning and not prone to give a platform to liberals).
“Alle AI-innovaties werken hier slechter dan in de VS. En waarom moet je op elke website op cookies klikken?”, zegt Van der Voort.
Roughly translated “all innovations in AI don’t work as well here as in the US. And why do you have to click on cookies (sic) on every single website?”
I’ve even seen this used as an argument against the GDPR: The spin they give it is “this is the law that forces us to put up annoying cookie popups”.
I have seen that as well, and I think it’s bullshit. The GDPR doesn’t force anyone to make any form of pop-up, nobody is forced to track users in a way which requires consent. The GDPR only requires disclosure and an opt-out mechanism if you do decide to spy on your users, which I consider good..
The GDPR only requires disclosure and an opt-out mechanism if you do decide to spy on your users, which I consider good..
I agree, but at the same time I think the average user just sees it as a nuisance, especially because in most cases there’s no other place to go where they don’t have a cookie popup. The web development/advertising industry knowingly and willfully “complied” in the most malicious and obnoxious way possible, resulting in this shitty situation. That’s 1 for the industry, 0 for the lawgivers.
I agree that it didn’t have the desired effect (which, incidentally, I have spent a lot of this thread complaining about, hehe). I think everyone was surprised about just how far everyone is willing to go in destroying their website’s user experience in order to keep tracking people.
has to “object” individually to every ad tech company’s “legitimate interest” in tracking the user
I’m not sure if you’re deep in grumpy posting or didn’t understand the idea here, but for legitimate interest you don’t need to agree and companies normally don’t give you the option. If you’re talking about the extra options you unset manually, they’re a different thing. The “legitimate interest” part is for example validating your identity through a third party before paying out money. Things you typically can’t opt out of without also refusing to use the service.
If you get a switch for “tracking” or “ads” that you can turn off, that’s not a part of the “legitimate interest” group of data.
I’m sorry but this isn’t true. I have encountered plenty consent screens with two tabs, “consent” and “legitimate interest”, and where the stuff under “consent” are default off while the stuff under “legitimate interest” is on by default and must be “objected to” individually. Some have an “object to all” button to “object” to all ad tracking in the “legitimate interest” category.
Here’s one example: https://i.imgur.com/J4dnptX.png, the Financial Times is clearly of the opinion that tracking for the purpose of advertising counts as “legitimate interest”.
I’m not saying that there’s any relationship between this pattern and what’s actually required by the GDPR, my understanding of the actual text of the law reflects yours. I’m saying that this is how it works in practice.
Mozilla updated the article with a clarifying statement:
UPDATE: We’ve seen a little confusion about the language regarding licenses, so we want to clear that up. We need a license to allow us to make some of the basic functionality of Firefox possible. Without it, we couldn’t use information typed into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice.
the problem is it doesn’t clarify anything. “basic functionality” is not defined. my guess is they want to be able to feed anything we type or upload to a site, to also be able to feed that into an LLM. “anything other than what is described” doesnt help because what is described is so vague as to mean anything “help you experience and interact with online content”
Mozilla updated the article with a clarifying statement:
UPDATE: We’ve seen a little confusion about the language regarding licenses, so we want to clear that up. We need a license to allow us to make some of the basic functionality of Firefox possible. Without it, we couldn’t use information typed into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice.
That is… not clarifying. And not comforting. “What is described” in the ToS is “to help you navigate, experience, and interact with online content.” That’s absurdly vague. And what is described in the Privacy Notice is absurdly broad:
To provide you with the Firefox browser
To adapt Firefox to your needs
To provide and improve search functionality
To serve relevant content and advertising on Firefox New Tab
To provide Mozilla Accounts
To provide AI Chatbots
To provide Review Checker, including serving sponsored content
To enable add-ons (addons.mozilla.org, “AMO”), including offering personalized suggestions
To maintain and improve features, performance and stability
To improve security
To understand usage of Firefox
To market our services.
To pseudonymize, de-identify, aggregate or anonymize data.
To communicate with you.
To comply with applicable laws, and identify and prevent harmful, unauthorized or illegal activity.
I’m glad we have this contextless legalese to clarify things. I wonder if there’s some kind of opt-in data collection in Firefox that Mozilla might have legal obligations to clarify their rights to? Couldn’t be that… No, let’s put a pause on critical thinking and post stupid TOS excerpts as if Mozilla are going to steal our Deviantart uploads and sell them as AI training data.
I’m glad we have this contextless legalese to clarify things. I wonder if there’s some kind of opt-in data collection in Firefox that Mozilla might have legal obligations to clarify their rights to? Couldn’t be that… No, let’s put a pause on critical thinking and post stupid TOS excerpts as if Mozilla are going to steal our Deviantart uploads and sell them as AI training data.
If they need a ToS for a particular feature, then that “contextless legalese” should be scoped to that feature, not to Firefox as a whole.
This is precisely why the same organization should not do all of these things. If they want to do non-tool stuff to continue funding their mission they should start up independently managed companies that can establish these consents for a narrow band of services. They can give the existing organization control as a majority shareholder, with dividends flowing back to the main organization. That is the way to ensure that incentives don’t become misaligned with the mission.
The hubris and arrogance displayed here is amazing. Getting ignored as a security research is almost standard practice, and things silently getting fixed as well, but responding like this is just insulting for no good reason.
I don’t know the exact time lines, but object-oriented everything was definitely a bubble that lasted quite a while (maybe that matches “java” in your list, but I feel like the hype was there way before Java).
Also, “business people programming” (COBOL, SQL, etc)
I’m as suspicious as anyone of Apple’s “high regard” of privacy, but all of these accesses are legitimate.
App Store Connect is sending the bundle ID to Apple, to automatically fetch provisioning profiles based on your account.
The images domain is checking for newer versions of the iPhone, iPad, iThing, [etc.] emulators.
This isn’t some “mysterious boogeyman”, it’s all noted and in public. Frankly, anyone fussed enough about their bundle IDs being sent to Apple probably shouldn’t be developing for the Apple platform anyway, considering all the documentation they require to open an Apple Developer account these days. And if you don’t have an Apple Developer account, then you aren’t signed in, and none of this matters anyway as there is no identifiable information.
Yes, dissidents and activists should be aware of this, but I’d expect that sort of developer to run air gapped anyway. Not doing so is going to spell trouble from a lot more than a bunch of connections to Apple.
A lot of times when I am downloading little projects to play with from GitHub or wherever, rather than fire up Xcode I will use xcodebuild at the CLI just to test it out. I believe there are ways to do nearly everything from the CLI. One doubt I have is deploying to device; that might require the GUI. I’ve been meaning to look into it more.
I don’t use Mac and I won’t touch app development with a 10 foot pole so I can’t check, but just because it’s CLI-based doesn’t necessarily mean it doesn’t phone home. It’s still part of XCode, right?
For xcodebuild, no, it’s not doing anything network-related. It’s mostly an XML Xcode project parser and an LLVM frontend for building projects. Everything as far as dependencies (SDKs, headers, libraries, etc.) must exist on the filesystem but all of that is put there by “Xcode Command Line Tools” which can be independent of the Xcode IDE.
Doing device provisioning stuff for iOS/iPad is a different story, as that requires crypto-based profiles and certificates and such, which Xcode frontends and is much of this “phoning home”, as mentioned above.
But the configuration and building of projects and such still feels very UNIX-y with these CLI tools.
As a person in tech, my only advice for future generations is avoid adding tech to your daily life. More than anything, Big Tech’s main purpose is to add rent seekers to your life.
This always gets me - as a technologist, people are always so surprised to hear I use a dumb phone, hate AI and typically go for the low-tech option when there is one. Why is this still surprising though? I guess “normal” humans don’t spend a single second thinking about the negative sides of technology…
Pushing updates instead of user-initiated updates is one of the worst things that human kind have ever invented, and I am only moderately hyperbolic about that. I think almost all modern tech problems, and even many tech industry problems, can be directly tied to it.
Why care about bugs? We can just push out an update! No one will notice! Until their phone randomly reboots while they need to call 911 (which actually happened to me on my Android).
Why care about UX consistency? We can just push out A/B updates and experiment directly on our users! (which meant an app I was trying to teach my grandmother to use was completely different on her system than mine.)
Consistently applying important security updates is something you can most definitely not expect the average user (or even technically sophisticated but lazy users) to do. Bugs are inevitable, no matter how hard you try.
Btw. I guess we can assume that UK wants similar data access from other cloud providers. So if people store data in some other big cloud and expect it to be encrypted securely, they are quite likely wrong.
And I wonder about smaller cloud setups. I guess UK will go after the largest providers first (Apple, Google, Office365, Backblaze…); but after that they might make the same demands (i.e. “accessing stored data without the victim knowing”) from personal Nextcloud instances?
E2EE doesn’t say a lot about how many ends there are. I suppose the UK gov’t (and many others) are fine if they are one of those ends as well.
In a system that handles both E2EE and storage, that’s painfully simple to do.
My reading of @pgeorgi’s comment is they’re suggesting Google have perhaps stretched the definition of “end-to-end” beyond generally accepted limits. That is, in such a way that if legally challenged Google may respond, in floral legalese, “the number of ‘ends’ were never defined”.
But maybe I’m reading too far :) It’s a plausible theory in any case, albeit conspiratorial in the absence of evidence. Conspiratorial thinking can be a fun and beneficial exercise, sufficiently constrained.
“E2EE with key escrow” would add a miniscule amount of data and complexity but provide a NOBUS interface into the data for whoever owns the escrow key:
A government compels the software provider (say, with a National Security Letter) to encrypt all E2EE keys with a public key provided by the government and send that encrypted data along.
Those encrypted keys are of no use to the software provider, all they can do is pass them along.
The government can decrypt the E2EE data once they get hold of it using the E2EE keys they decrypted after receiving them from the software provider.
If the software provider is the same organization as the storage provider, they can hide the matter even better: for example, increase session id length and encode the encrypted keys in those spare bits in an https header that looks pretty random to begin with. Filter out bits that represent the encrypted key on the server and pass them to the government as they come in.
From everybody’s perspective except those controlling the escrow key (that government), it still looks like a complete E2EE scheme. In particular, the storage provider can’t access the data, so that’s stronger than wire encryption.
Those encrypted keys are so small, relatively speaking, that they won’t necessarily raise red flags in transit or at rest. The only way is a complete audit of the software.
Between “app stores” as preferred delivery mechanism and “auto updates” being applied whenever the distributor wants (or is asked to), at least on platforms like Apple’s/Android that sparked the discussion, you rarely can be sure that you’re running what you audited.
That’s the context of the article, and it’s the reality of most computer users these days.
My important data is air gapped, which sidesteps the entire issue, but that’s far from the reality of most, and so is compiling your own E2EE system software after carefully auditing it, from the firmware and kernel upwards.
You have to wonder if they’ll outlaw encryption entirely. I mean, you would expect the true criminals to simply move to some homegrown system where they encrypt things themselves. It’s only the lazy/dumb criminals they’ll catch with this Apple thing.
IMO this presents a false dichotomy - you really don’t have to write shitty SQL injection-prone unmaintainable code to “make it scale”, or to make it useful and usable for real users.
However, there is a tension between usability and clean separation of concerns, and speed (either of delivery, or performance/scalability) and maintainability. And if you set out to build something “reusable”, it will either end up way overengineered (like dependency injection) to allow for all the weird things people try to do with it, or with limited use cases (like the Django example).
Working in isolation, without users, led me down a path of over-engineering.
I’ve been there before, many times. I’m not even sure it’s the “without users” part that necessarily leads there, although that’s often a contributing factor because there’s nothing to distract you from going off the deep end. With users you feel the pain of actually making your creation do something realistic and with decent performance. Without users, you can lull yourself into a false sense of security by making pretty-code demos and unrealistic scenarios.
The author of this piece wrote a month ago a piece called AI is Creating a Generation of Illiterate Programmers which enjoyed some success and even got featured by ThePrimeagen. In that article he mentioned that once ChatGPT was down he couldn’t code anymore and went on to say:
this is the new reality for software developers
No, it’s not. This may be true for a group of developers who are overusing these tools for mainstream languages and frameworks, but using your singular experience and claiming it to be the reality of us all is purely selection bias.
Now, the author writes a rather identical similar piece, lacking nuance and empathy, this time throwing under the bus a whole group of developers and the ones who struggle the most to find a job nowadays. But hey did you already subscribed to his newsletter? Did you know Elon Musk reads his articles? Or that he’s also working on an AI tool?
It’s funny nobody noticed the other inconsistencies, like the mysteriously changing inventory and such. You’d think with such an “impossibly lucky” speedrun, people would pay attention to things like that.
Article was rather more tolerable than I was expecting, so good on the author.
I will highlight one particular issue: there’s no way to have both an unbiased/non-problematic electric brain and one that respects users’ rights fully. To wit:
it feels self-evident that letting a small group of people control this technology imperils the future of many people.
This logic applies just as much to a minority pushing for (say) trans-friendly norms as it does for a minority pushing for incredibly trans-hostile ones. Replace trans-friendly with degrowth or quiverfull or whatever else strikes your fancy.
Like, we’ve managed to create these little electric brains that can help people “think” thoughts that they’re too stupid, ignorant, or lazy to by themselves (I know this, having used various electric brains in each of these capacities). There is no morally coherent way–in my opinion!–of saying “okay, here’s an electric brain just for you that respects your prejudices and freedom of association BUT ALSO will only follow within norms established by our company/society/enlightened intellectual class.”
The only sane thing to do is to let people have whatever electric brains they want with whatever biases they deem tolerable or desirable, make sure they are aware of alternatives and can access them, and then hold them responsible for how they use what their electric brains help them with in meatspace. Otherwise, we’re back to trying to police what people think with their exocortices and that tends to lose every time.
This is just free speech absolutism dressed up in science fiction. There are different consequences to different kinds of speech, and these aren’t even “brains”: they’re databases with a clever compression and indexing strategy. Nobody is or should be required to keep horrendous speech in their database, or to serve it to other people as a service.
Nobody is or should be required to keep horrendous speech in their database, or to serve it to other people as a service.
Isn’t that exactly the problem @friendlysock is describing? This is already a reality. One has to abide the American Copilot refusing to complete code which mentions anything about sex or gender and the Chinese Deepseek refusing to say anything about what happened at Tianenmen square in 1989.
The problem is powerful tech companies (and the governments under which they fall) imposing their morality and worldview on the user. Same is true for social media companies, BTW. You can easily see how awkward this is with the radically changed position of the large tech companies with the new US administration and the difference in values it represents.
It’s not “free speech absolutism” to want to have your own values represented and expressed in the datasets. At least with more distributed systems like Mastodon you get to choose your moderators. Nobody decries this as “free speech absolutism”. It’s actually the opposite - the deal is that you can join a system which shares your values and you will be protected from hearing things you don’t want to hear. Saying it like this, I’m not so sure this is so great, either… you don’t want everyone retreating into their own siloed echo chambers, that’s a recipe for radicalisation and divisiveness.
The problem is not the existence of harmful ideas. The problem is lack of moderation when publishing them.
And yeah, nobody should be required to train models in certain ways. But maybe we should talk about requirements for unchecked outputs? Like when kids ask a chatbot, it shouldn’t try to make them into fascists.
On the other hand, when I ask a chatbot about what’s happening in the US and ask it to compare with e.g. Umberto Eco’s definition of Fascism, it shouldn’t engage in “balanced discussion” just because it’s “political”.
We need authors to have unopiniated tools if we want quality outputs. Imagine your text editor refusing to write certain words.
This is just free speech absolutism dressed up in science fiction.
Ah, I guess? If that bothers you, I think that’s an interesting data point you should reflect on.
Nobody is or should be required to keep horrendous speech in their database, or to serve it to other people as a service.
Sure, but if somebody chooses to do so, they should be permitted. I’m pointing out that the author complains about bias/problematic models, and also complains about centralization of power. The reasonably effective solution (indeed, the democratic one) is to let everybody have their own models–however flawed–and let the marketplace of ideas sort it out.
In case it needs to be explicitly spelled out: there is no way of solving for bias/problematic models that does not also imply the concentration of power in the hands of the few.
I’ve worked with FreeSWITCH in the past and can confirm it’s a bit of a shit show. We kept running into a problem where its sqlite database kept getting corrupted, presumably because threads kept stomping on eachother’s file descriptors. Our solution: simply delete the sqlite database in a cron job. The database wasn’t important apparently, or maybe it was used as a cache or something? I don’t recall.
The reason we used FreeSWITCH: legend had it that Asterisk was a total shit show. So it must be even worse… Eldritch horrors, alright!
What do fans of (different kinds of) tiling window managers really like about them? I’m earnestly curious since I like my windows to float, pile/overlap somewhat, and be their own best sizes. Is it about putting all pixels to work? Keyboard finesse?
For me it’s an accessibility thing. It’s the best way I have found to use a desktop computer with keyboard only.
I turn off tabs in all programs that have them, so that I can navigate all windows in the same way, using at most one key per hand and keyboard-half.
I do have a nice pointing device for emergencies (drawing memes in Krita or so) but I can’t use it regularly.
There’s a big difference between tools that are merely possible to use with a keyboard, and tools that are easy to use with a keyboard, but I think it’s less obvious to users that can fall back to pointing.
It’s hard to put into words but I’ll try. This is strictly about a work setup with 3 screens, 2 big important ones and 1 smaller laptop screen (on the right). This also assumes xmonad or mimicking its workspace switching in i3.
So I usually have my browser up on the left screen (sometimes 50:50 split with another browser or a shell or whatever), my IDE up on the middle one and then emails or slack or whatever on the right one (all usually in fullscreen).
Now let’s say I share my screen for pairing, then I also want my partner/team visible, so I need Video+IDE+Slack - instead of fumbling around I’d just press win-5 or whatever on the left one and have that up there. Pressing win-5 on the middle one now will switch the IDE workspace with the video one (because my cam is on the right, so I’m more looking into the cam), etc.pp
But a key point is that I am sending all specific apps to their one fixed workspace on open (something like 1=shell,2=ide,3=browser,4=email,….) so I never have to alt-tab to find anything because I just know which app I will get, and I can still temporarily move e.g. the video window to the browser workspace for a split view (or alt-tab in a single workspace, between slack and emails)
So yes, it might sound nitpicky but it’s like laying out stuff on a workbench. I don’t think about it anymore and I don’t even need to look there. Just push the mouse somewhere onto that screen and press an easy key combo and I have everything where I want it, and still dynamically move it around. If I have a second browser window open I can either put that on workspace 3 (so I alt-tab between exactly the 2 open tabs) or put it next to the other one, OR I put it on one of my undefined workspaces (e.g. 8) and have that up somewhere.
If you are a heavy window overlapper then this might not make a ton of sense, from my experience. But even on non-tiling WMs I often do 1:1 or 1:1:1 or 1:1:1:1 splits but then I have to alt-tab a lot. But yes, it’s also very much about keyboard shortcuts, which you can somewhat recreate in e.g. hammerspoon but imho not as nicely.
I like the workbench analogy. I use i3 in the same way: one workspace for terminals with various stuff (email, IRC, current project, maybe a grep/git/logtail/whatever), one with a browser window on the company chat, one with a private chat, one with a “main browser window” for everything else, one with my editor and occasionally I’ll spawn more workspaces for one-off tasks or other things I need open all the time. Right now I’m typing this, I have 7 workspaces active and I know exactly which workspace contains which windows. “A place for everything and everything in its place”, basically.
Thank you for all the details!
About ten years before I learned about the existence of tiling window managers, I already knew the bits of window management that I hated:
The first time I encountered a tiling window manager, I instantly saw that it solved these problems, switched, and never looked back.
So I guess that I have the reverse question: what do people really like about floating window managers? Do the annoyances I listed above not bother you or are you getting some benefit from the floating layout that’s worth the price?
Not to steer us off topic, but since you asked: I must not have much frustration about rearranging windows, because I get satisfaction from arranging them.
I think you can avoid needed information being unduly covered by making windows as small as they can reasonably be. It’s not necessary to ensure they never overlap anywhere. For example, my TextEdit windows are about the size of my phone in portrait, which is about 5% of the monitor’s physical area.
I generally use one 27” screen. When idle, I have several stacks of windows. Browsers on the left, terminals in the lower right corner, that kind of thing. I keep each stack neat in sort of a cascade arrangement. With an AppleScript on a key shortcut I can make a window my favorite size, for example, I can reset a terminal to 80x25 or a browser to 1024x768.
The center of the screen is available for a main app like an IDE. Such a window will overlap the side stacks, but won’t cover them.
For a task, I’ll set up my workspace in a second or two, mainly by bringing forward the specific open windows I’ll need. Being in separate stacks, they already don’t overlap. I may hide unrelated apps, too. And then I’ll launch whatever main app I need in the center, or maybe move a browser window there, or just enlarge it from the corner and reset its size later.
During the task, if a center app is frontmost and I need a side window, they’re only half-covered by it anyway, so I have a huge click target to bring that other window to the front. Fitts’s Law is my friend. Command-tab feels fast but is imprecise; I probably don’t want all windows of an app. I’d usually rather click the specific window. And if a window is covered, that’s what exposé is for. It’s on my mouse’s thumb button.
It’s not like I never get caught on this and I do need a unique setup from time to time. On my laptop screen I run a different scheme just due to real estate. But for the most part I have my stuff laid out neatly, or I have in mind a neat arrangement to return to, and I think a mouse is just good at this. (Trackpads are comparatively clumsy.)
I would guess:
Keyboard finesse mostly follows from that IMO.
Unfortunately, I’m just not very impressed by the examples used in this post. I say this as a daily user of ChatGPT. (I currently use ChatGPT for tasks other than coding, but I have begun to introduce it into my programming in limited ways.)
There are a lot of subtle design flaws, some a result of the prompting and some that seem like a result of something a PyData Amsterdam attendee shared with me last year—“don’t use a high diversity (variance) tool for low diversity (variance) tasks.” His comment led me to embracing LLMs in my own life, by reframing it as something other than a tool of austerity economics. “Instead of using ChatGPT to write a thousand e-mails in one minute, I use it to write one e-mail in one hour, but it’s better than anything I could have written unassisted.”
e.g., I couldn’t write better code than this example in 15 seconds… but I’d also probably not actually write code like this at all.
Genuine question: why wouldn’t you write code like that?
I think it’s good code. It does what I wanted it to do, it works, it’s easy to read.
More importantly, it’s exactly what I asked for. The design of the function is mine - the LLM did the work of typing out the code for me.
If you don’t like my design that’s fine, but that’s not a reflection on how well the LLM performed the task assigned to it.
I try to stay honest about the examples I include in these things: I’m not trying to sell LLMs, so I don’t deliberately go for the most impressive examples: I pick recent examples of actual tasks I’ve accomplished using LLM assistance.
I definitely think it’s the case that the task is constrained by other (perhaps purposeful) design choices, in which case we can argue that you got what you asked for, but I think the code in that example has mistakes that were not desired.†
The code isn’t terrible by any measure. It accomplishes the task it sets out to. But it’s just not good enough to motivate this style of using the LLM.
Many other LLM-produced examples of Python code that I have seen suggest that these tools are extremely sensitive to their training sets and show how over-represented CS101 homework must be in said training set. The selling point is usually “look how cheaply I can generate output of low/dubious quality”—“austerity economics.”
In my own (heavy) LLM-usage, I’m looking for things that I could not accomplish myself rather than just doing sloppy work faster.
I’d love to see impressive examples of what an LLM can generate that are robust/reproducible/generalisable!
† Errors & Flaws
Bear in mind, I could not write that code in 15s, and I also didn’t look at it for more than 15s… but I didn’t really need more than 15s to spot the following:
exceptondb.unlinkis a bad idea; it will suppressMemoryError,SystemExit,KeyboardInterruptdb.unlinkthroughout this code incorrectly suggests that other errors might not happen (but they can, like onf.write!); this should be a context manager or, better yet, using something liketempfile.TemporaryDirectoryExceptiontypes need a lot more motivation than is present here, and these should (at minimum) extendValueErroror similartry/exceptthat checks the database should use a context manager likely usingcontextlib.closingor similar (especially because this function is asynchronous!)Ugh, yeah those bare except clauses are a code smell. I should have reviewed the code more closely and got it to fix those.
I can’t remember the last time I saw Python code that anticipated and avoided errors on
f.write()!I think this is why this style of using LLMs to write this kind of code is so weakly motivating. We would want that we do not have to review the output so closely to find these errors. In fact, we would want that the LLM would not only not make these errors, but provide this kind of feedback absent our careful guidance.
I don’t know if better prompting can accomplish this. Despite being a heavy user of LLMs, I just am not as experienced or knowledgeable about them as you are, and I’m just not as good at prompting.
However, I am very surprised that all these “write code with an LLM” tools fixate on the common modality of the user telling the LLM what it wants, and the LLM spitting out the result. In my use of the LLM, it almost always takes an involved long back-and-forth conversation to get what I want, and I have to present my questions and my responses in a very particular way to avoid going in circles, to avoid getting a “stupid answer” having “asked a stupid question,” and to avoid confabulations. I haven’t really tried using an LLM to write code, so I don’t know if this approach works to achieve that goal.
I think this is similar to “review blindness”: you’d probably not make that sort of mistake yourself, but when reviewing code it’s very easy to overlook. There’s this cognitive bias to read a bunch of code as a fait accompli of sorts, perhaps assuming “it’s been written so it must be (mostly) right”. As long as the “overall shape” is fine you sort of implicitly trust the author for being competent. You won’t be picking apart the code line by line, even if you’re actively trying to review the code. Only when debugging you really look closely at every single line (and only the lines you theorize are leading up to the error), actively looking for errors.
Of course, sometimes you might spot mistakes anyway. Your eye scanning the line might “trip” over a misspelling, or perhaps you have an “attention bias” to certain types of bugs (for me that’d be SQL injections, as I’ve come across those so damn often I’m so scarred that I don’t trust any code dealing with SQL).
Better prompting can absolutely help here. If you add to your system prompt / custom instructions “never use a bare except” then it won’t make that mistake again.
There’s a limit on the size of those instructions though, so whether or not it’s sensible to keep on adding to them every time you find a mistake like this is certainly open for debate!
I run a custom project for Claude Artifacts purely to discourage it from writing React code by default and to make sure it uses
box-sizing: border-boxin its CSS (which fixes a bunch of mistakes it otherwise makes): https://simonwillison.net/2024/Dec/19/one-shot-python-tools/#custom-instructionsSurprisingly enough, I have had success asking an LLM to “write more fluently and naturally,” but I don’t know if we can effectively ask the LLM to “write better code; don’t make obvious mistakes” and actually get anywhere.
Presumably, if we know exactly what errors to look for, then we could lint the LLM output and reject productions that do not meet our guidelines; however, it seems like the core issue is that we cannot ask the LLM to reliably tell us something we don’t already know.
Here’s one fun example of demanding that an LLM “write better code”: https://lobste.rs/s/txkfm4/can_llms_write_better_code_if_you_keep
(All the usual genAI disclaimers apply, and additionally I am not minimaxir.)
A lot of this comes down to the models themselves. Claude 3.7 writes better code than 3.5 does, though it’s very hard for me to provide concrete examples of that - it’s just something I “know” from having spent so much time with each model.
I wouldn’t be surprised if Claude 3.8 didn’t make mistakes with bare excepts at all… but in the absence of very robust evals I’m not sure if I would notice or not.
This leads to weird superstitions and habits. Maybe I’ll still be prompting “build HTML and JavaScript (no React)” against Claude 3.17 without realizing that it stopped defaulting to React three releases ago.
It’s fair to point out that we probably can’t do much if the writing fails (e.g.,
PermissionErroror errors related to free disk space, network file systems, &c.) While these are, unfortunately, surprisingly common in practice, it’s true that if we cannot meaningfully handle an error, we should let theExceptionpercolate to a higher level in our code.That said, if the
f.writeis tied to some other operation, we definitely need to perform any associated tear-down. We need to make sure these happen irrespective of whether the write succeeds or fails, and this is what the linked code fails to do.e.g.,
My father worked for Guinness for about 25 years. When I was growing up we had prints of the John Ireland calendar “the gentle art of making Guinness”, a splendid series of cartoons in the tradition of Heath Robinson or Rube Goldberg. Guinness advertising art was great.
But, it’s a mass-produced factory beer. I occasionally like a stout or other dark beer, but Guinness is boring.
Guinness was relatively early in the use of statistical quality control over large scale biochemical processes – that is where Student’s t-distribution was discovered.
I visited a brewery for one of the top 5 beer producers worldwide and the effort and care going into producing a consistent, safe product is impressive. The fact that the product itself is rather bland and boring is incidental :D
I like boring beer. Incoming long defense of Guinness:
I didn’t always used to be like, I used to like hoppy IPAs. But as I’ve gotten older my desire to drink beers higher than 5% has diminished so thoroughly that I can count the number of times I drink one per year on one hand.
I certainly would like to drink more complex stouts, but there are barely any brewed in America with the same ABV. For an example, I went to my favorite local brewery’s website, and Stout was always prefixed with imperial https://grimmales.com/menu/
I can’t drink these! They taste like syrup and instantly give me a headache.
Frankly, my go to beer these days is Asahi. I’m tired of complexity. Beer is less for me about complex flavors and more about refreshment and the desire to relax. In the cases when I want something more complex, I go for a cocktail. I make myself a Negroni or a Campari soda (depending on which side of refreshment and flavor I want).
Anyway. I love Guinness. It tastes good (that is to say it doesn’t taste like piss water), has a low ABV, and is served in basically every bar in Manhattan and Brooklyn. It fits my need
Thanks for saying that. I like it fine if it’s what’s available, but it tastes watered down to me compared to other stouts I’ve grown accustomed to. I’ll take it over something lighter, but it’s fairly plain.
Completely agree about the watered down flavor. The Extra Stout, however, is quite tasty…
If you’re in the US, be aware that the Guinness product sold as Extra Stout 20 years ago is now known as Foreign Extra Stout. Today’s Extra Stout is watered down in comparison (and undoubtedly cheaper to produce).
As bait-and-switches go, this is mild compared to Newcastle Ale…
I still find it funny, that the main UK production plant for Newcastle Brown Ale is on Sunderland.
That was a notorious bit of management fuckery https://en.wikipedia.org/wiki/Geographical_indications_and_traditional_specialities_in_the_European_Union#Within_the_European_Union
I’m with you but would add that it genuinely does taste better in Ireland! To the point that I know some Irish people who will not drink Guinness abroad.
The story goes that this is due to the water but I suspect the truth is that Guinness have a lot of control over how it’s stored and served in pubs (temperature etc). Whether that should matter is an exercise left to personal taste.
I hope to put that theory to the test one day!
I had an Irish colleague in France that spun the theory that French Guiness is a lot less bitter, because locals don’t like it.
He refused it.
My personal take on Guiness: I rarely drink and then I only rarely drink Guiness, so I enjoy it as an easy stout that comes with an expected taste. Sometimes, that’s just what I want.
(Fun fact about me: I do, however, have a taste for alcohol, my first job was sysadmin on a wineyard)
When I visited the Guinness Storehouse in Dublin the advertising floor was definitely the most interesting part. The rest was over the top displays or sections for social media tourism. I have to agree about it being boring, although I’ll often order it if there’s no other stout or porters served.
Nothing wrong with mass-produced factory beer. Writing this from Germany and I’m always up for a good Maß of Augustiner.
Also, their book of world records was endlessly entertaining when I was in primary school.
Many years after I tried Guinness (which I still occasionally enjoy, because it is boring in quite a pleasant way) I learned that the thing I really liked about it was that it was always a nitro pour. Seeking out interesting beers (mostly, but not all stouts) served on nitro taps has been fun.
I had never made the connection between the beer and the books before. Thanks!
You should also try nitro (cold brew) coffee. It has that same silky mouthfeel and bitterness. Plus, you can drink it any time of day guilt-free :)
I’m a big fan of nitro coffee! In the before times, I worked once or twice a week in an office that had a nitro cold brew tap in the kitchen, and that was enough to make me look forward to those office days. Come to think of it, everyone (of those who didn’t dislike coffee in general) really loved that perk.
More like American programmers
You’d think so! I did too.
I was the tech lead of the internationalization effort for a popular website a number of years back. This was in the US. The site was English-only and we wanted to make it available in a wide variety of languages. We wanted to make it feel as native to each language as we could, rather than feeling like a translation of a foreign site.
My team and I came up with a bunch of internal tools and a flexible library we could use to make our code work in multiple languages. When I say “flexible” I mean it went way beyond simple token replacement; it could do things like look up different variants of sentences depending on whether a caller-supplied place name referred to a city or a country and whether that distinction mattered in the target language, could use different pluralization rules for different languages, took gender into account if a sentence mentioned a person whose gender was known, and so on. We had people with linguistics backgrounds making sure we didn’t fall into any obvious traps.
The code base was far too big for my little team to update on our own, so an early goal was to give the rest of the engineering team all the resources they needed to do a really good job of updating their own corners of the code. In addition to thoroughly documenting our tools and libraries, we wrote up a set of annotated examples of how to change existing English-only code to be translation-friendly, and we made sure it covered all the common patterns in the code base (including visual design things like assuming a button only needed to be exactly big enough to hold an English label) and included examples of what could go wrong in different languages if people decided to just do string concatenation instead.
Then we started rolling it out. My expectation going into it was like yours: that the monoglot American devs would struggle to embrace all the techniques because English-specific assumptions would be too deeply ingrained.
But once I started doing code reviews of people’s changes, the reality was different. It turned out there was no measurable relationship between how good someone was at making their part of the site translatable into a wide variety of languages and which language(s) they spoke. Americans who’d never spoken anything but English were just as good at it, on average, as trilingual Europeans or people whose native languages were very different from English.
The thing that floored me was seeing people from other countries repeatedly make mistakes that would have made it impossible to correctly translate part of the site into their own native languages. This happened a lot, and it happened across multiple native languages. It seemed to me like some people were able to put their brains in “human language is highly variable and the code needs to act accordingly” mode, and some people were stuck in “I am working in English right now, so everything is English” mode, and it barely mattered if they happened to speak some other language or not.
Maybe the situation would have been different if the site had been in more than one language from the get-go; I don’t know. But that experience really shattered some of my preconceptions about the advantages of speaking multiple languages. (For the record: I still think it’s worthwhile to be multilingual!)
The first job I had in Germany, having moved here as a fresh-faced monolingual foreigner, was kind of like this. We were building an internal tool that was used by warehouse workers in various European countries. We knew we had a lot of fairly monolingual users in a variety of different languages, so when we decided to redesign the tool, I pushed really hard for making sure that every part of the UI was fully translated into all the relevant languages. I was amazed by how much my German colleagues pushed back against this, saying it would be a lot of effort, and people could just learn what the different English-language messages meant over time.
There were things a decade ago that my non-American English native speaker coworkers (Romanian, Croatian, Indian [Hindi & Marathi]) learned alongside me who’d been doing localization for a while — back then, I spoke natively American English but had six school years of Latin, 10+ years of self-driven Esperanto, and smattering of (Mexican) Spanish and (Canadian) French — when we did a big project targeting 10 languages on release days and 22 within four weeks in a patch release. I’ve picked up Dutch and some Korean since then and I’m constantly learning new things about language having gotten into linguist sector of Instagram, Threads, Bluesky, and the fediverse.
Unless you’re a linguist, you’re always learning surprising new things about language, discovering new tools in the toolbox, per se. If you’re a linguist, you’re learning which has/does what because you’re more familiar with what’s in the toolbox.
Cool you’ve learned so many languages. I’m currently trying to learn a new language and struggling a bit so maybe you can help. What are your preferred ways to learn a new language and make it stick?
Consistent practice. Try to experience all modes - reading, writing, listening, speaking, and conversing.
Find media you like. You don’t have to be even at 50% comprehension to listen to some audio, but obviously you’re only going to get little bits.
Adverts are much simpler than anything except children’s media.
Experiencing the language is generally the best way to internalize the rules, but reading up on complex rules to help you practice them is also important.
Regular practice. Duolingo is fine if all you can put into it is 10-15 minutes per day. That’s better than 0 and 5 minutes isn’t doing much. Most of my focus is on reading and writing until I started learning Dutch in 2023. You have to read a ton and listen a lot. I don’t listen as much as I should, but there are plenty of Dutch teachers and comedians on social media that I’ve come to enjoy.
I think it’s important to remember your purpose. I like learning languages because I like linguistics and language, not because I have an acute need to interact in another language. Honestly, some trips to Belgium and The Netherlands in the last few years have been the most immersive foreign language environment I’ve been in… and any Belgian or Dutch can tell you that you can get along just fine in most both of those countries speaking just English. I was able to use nothing but Dutch to get lunch in my great grandmother’s small hometown, though!
Thanks, I’ll keep practicing! :)
Absolutely not, I’ve seen a couple of these with German software, with English/French just an afterthought. And that’s already two languages where half of the stuff doesn’t even apply because they are both LTR languages in latin script. I will admit that it’s of course more likely to be a US/UK dev team.
Here’s a post by the guy who initiated the FOIA request
There does seem to be a bit of a chicken-and-egg problem. A bunch of people (myself included) are eager to work on EU alternatives to American services, but having things that are comparable requires a lot of initial funding and reasonable expectation of usage, which just isn’t there. In the meanwhile, public organizations don’t want to make a move until they see something that inspires confidence, which would require a player to already be set up.
I do wonder how things would go if the article’s recommendation (divert a % of government funds towards setting these things up) would go. The closest we have right now are the tech sovereignty funds / nlnet / similar, which are great, but much smaller than you’d need to compete with (say) AWS. (OVH and similar try, but if you’ve ever used their cloud offerings rather than just a couple of random dedicated servers, the limitations become apparent pretty quickly.)
I think what’s needed is a mandate, rather than a subsidy. Given the level of regulatory capture in democracies around the world including in Europe it’s hard to see that happening, but without a mandate using Google Workplace, AWS EU or similar will always be the easiest route to follow for the large proportion of people who are less ideological.
AWS itself is a product of a mandate that all communication about mechanics should occur via API rather than email.
What AWS actually is in practice right now is a way to bypass a bunch of regulations. SoC Type 2? We’re on AWS, it’s there already. HIPAA? They have a document. So on and so forth. It completely abstracts away company structure as well, leaving only the product, which means the software architects don’t need to learn about, say, network theory, and can just have a checklist that says, “we get our own VPC”, for example.
I recently won a public contract at work that ended up being worth multiple million euros (less than it was supposed to, but I had no part in the charge negotiations). It was originally planned to be hosted on OVH, but due to a bunch of extraneous requirements from them, it became strictly impossible to do (not in any reasonable amount of time, anyway), so it got moved over to AWS Paris instead. This is how it tends to go in my experience.
Agreed. And in 4 years the tides may shift again and everyone will have forgotten how close to the brink we were, and therefore the demand for purely EU services might never materialize.
It’s just as safe as it’s always been.
No,. there’s a lot of policy discretion. The US government has access to any data stored in the US belonging to non-US persons without basic due process like search warrants. The data they choose to access is a policy question. The people being installed in US security agencies have strong connections to global far right movements.
In 2004 servers operated by Rackspace in the UK on behalf of Indymedia were handed over to the American authorities with no consideration of the legal situation in the jurisdiction where they were physically located.
/Any/ organisation- governmental or otherwise- that exposes themselves to that kind of risk needs to be put out of business.
I seem to remember an incident where instapaper went offline. The FBI raided a data centre and took a blade machine offline containing blade servers they had warrants for, and instapapers, which they didn’t. So accidents happen.
Link: https://blog.instapaper.com/post/6830514157
Yes, but in that case the server was in an American-owned datacenter physically located in America (Virginia), where it was within the jurisdiction of the FBI.
That is hardly the same as a server in an American-owned datacenter physically located in the UK, where it was not within the jurisdiction of the FBI.
Having worked for an American “multinational” I can see how that sort of thing can happen: a chain of managers unversed in the law assumes it is doing “the right thing”. Which makes it even more important that customers consider both the actual legal situation and the cost of that sort of foulup when choosing a datacenter.
The FBI has offices around the world.
https://www.fbi.gov/contact-us/international-offices
Serious question, who’s putting data in
us-westetc when there is eu data centres? And does that free rein over data extend to data in European data centres? I was under the impression that safe harbour regs protected it? But it’s been years since I had to know about this kind of stuff and it’s now foggy.It does not matter where the data is stored. Using EU datacenters will help latency if that is where your users are, but it will not protect you from warrants. The author digs into this in this post, but unfortunately, it is in Dutch: https://berthub.eu/articles/posts/servers-in-de-eu-eigen-sleutels-helpt-het/
I re-read the English article a bit better and see he addresses it with sources and linked articles. Saturday morning, what can I say.
A lot of non-EU companies. Seems like a weird question, not everyone is either US or EU. Almost every Latin American company I’ve worked for uses us-east/west, even if it has no US customers. It’s just way cheaper than LATAM data centers and has better latency than EU.
Obviously the world isn’t just US/EU, I appreciate that. This article is dealing with the trade agreements concerning EU/US data protection though so take my comment in that perspective.
I don’t see how this is at odds with the parent comment?
That is the one good thing. It has always been unsafe, but now people are finally starting to understand that.
Because it’s dramatically less safe. Everyone saying “it’s the same as before” has no clue what is happening in the US government right now.
And everyone saying it’s dramatically different has no clue what has happened in the US government in the past.
I haven’t personally made up my mind on this, but one piece of evidence in the “it’s dramatically different (in a bad way)” side of things would be the usage of unvetted DOGE staffers with IRS data. That to me seems to indicate that the situation is worse than before.
yeah could be
You’re incorrect. The US has never had a government that openly seeks to harm its own allies.
What do you mean? Take Operation Desert Storm. Or the early Cold War.
Not sure what you mean—Operational Desert Storm and the Cold War weren’t initiated by the US nor were Iraq and the USSR allies in the sense that the US is allied with Western Europe, Canada, etc (yes, the US supported the USSR against Nazi Germany and Iraq against Islamist Iran, but everyone understood those alliances were temporary—the US didn’t enter into a mutual defense pact with Iraq or USSR, for example).
they absolutely 100% were initiated by the US. yes the existence of a mutual defense pact is notable, as is its continued existence despite the US “seeking to harm” its treaty partners. it sounds like our differing perceptions of whether the present moment is “dramatically different” come down to differences in historical understanding, the discussion of which would undoubtedly be pruned by pushcx.
My gut feeling says that you’re right, but actually I think practically nobody knows whether you are or not. To take one example, it’s not clear whether the US government is going to crash its own banking system: https://www.crisesnotes.com/how-can-we-know-if-government-payments-stop-an-exploratory-analysis-of-banking-system-warning-signs/ . The US governmant has done plenty of things that BAD before but it doesn’t often do anything that STRANGE. I think.
the reply was to me
Oh, yeah. Clearly I’m bad at parsing indentation on mobile.
Just because it was not safe before, doesn’t mean it cannot be (alarmingly) less safe now.
And just because it logically can be less safe now doesn’t mean it is.
It is not. Not anymore. But I don’t want to get into political debate here.
I suspect parent meant it has never been safe
This isn’t true, as the US has been the steward of the Internet and its administration has turned hostile towards US’s allies.
In truth, Europe already had a wake-up call with Snowden’s revelations, the US government spying on non-US citizens with impunity, by coercing private US companies to do it. And I remember the Obama administration claiming that “non-US citizens have no rights”.
But that was about privacy, whereas this time we’re talking about a far right administration that seems to be on a war path with US’s allies. The world today is not the same as it was 10 years ago.
hm, you have a good point. I was wondering why now it would be different but “privacy” has always been too vague a concept for most people to grasp/care about. But an unpredictable foreign government which is actively cutting ties with everyone and reneging on many of its promises with (former?) allies might be a bigger warning sign to companies and governments world wide.
I mean, nobody in their right mind would host stuff pertaining to EU citizens in, say, Russia or China.
Which is to say: its not safe at all and never has been a good idea.
And this is one of the many reasons why it’s important to have a diverse set of viable and capable implementations for any standard. And standards that are not so convoluted as to make that nigh-impossible.
https://www.mozilla.org/en-US/about/legal/terms/firefox/
:)
That’s… wow. Thank you for highlighting that. I am seriously considering using something other than Firefox for the first time in… ever. Regardless of how one might choose to interpret that statement, it’s frightening that they would even write it. This is not the Mozilla I knew or want. I’d love to know what alternatives people might suggest that are more community focused and completely FOSS, ideally still non-Chromium.
Thankfully, the lawful base for data use is spelled out in their privacy policy:
https://www.mozilla.org/en-US/privacy/firefox/#lawful-bases
e.g. Browsing, Interaction and Search data are “Legitimate interest” and “Consent”-based.
Consent being the kind that I haven’t given, but I’m supposed to actively revoke? Until the next update?
That unfortunately seems to be the current usage of the term “consent” in the tech industry.
Fortunately, that’s not consent as the GDPR defines it
Isn’t it? Most GDPR consent screens have an easy “accept to everything” button and requires going through multiple steps to “not accept”, and many many more steps to “object” to their “legitimate interest” in tracking for the purposes of advertising. As long as these screens remain allowed and aren’t cracked down on (which I don’t foresee happening, ever), that’s the de facto meaning of “consent” in GDPR as far as I’m concerned: something that’s assumed given unless you actively go out of your way to revoke it.
It’s not what the text of the GDPR defines it as, but the text isn’t relevant; only its effect on the real world is.
Yes, definitely. Consent in GDPR is opt-in not opt-out. If it’s opt-out, that’s not consensual. And the law is the law.
Furthermore, for interstitials, to reject everything should be at least as easy as it is to accept everything, without dark patterns. Interstitials (e.g., from IAB and co.) first tried to make it hard to reject everything, but now you usually get a clear button for rejecting everything on most websites.
As I mentioned in another comment, the DPAs are understaffed and overworked. But they do move. A real-world example of a company affected by the GDPR, and that tries testing its limits, is Meta with Facebook. For user profiling, first they tried the Terms of Service, then they tried claiming a legitimate interest, then they introduced expensive subscriptions for those that tried to decline, now they introduced a UI degradation, delaying the user scrolling, which is illegal as well.
Many complain, on one hand, that the EU is too regulated, suffocating inovation, and with US’s tech oligarhs now sucking up to Trump to force the EU into allowing US companies to break the law. On the other hand, there are people who believe that the GDPR isn’t enforced enough. I wish people would make up their mind.
Those are different people, all who have made up their mind.
I thought I made it reasonably clear that I don’t care that much about what the text of the law is, I care about what material impact it has on the world.
I corrected you with facts, and you’re replying with your feelings. Fair enough.
To be fair, @mort’s feeling may come from non-actually-GDPR-compliant cookie consent forms. I have certainly seen where I couldn’t find the “reject all” button, and felt obligated to manually click up to 15 “legitimate interest” boxes. (And dammit could they please stop with their sliding buttons and use actual square check boxes instead?)
I think the worse case is you click “reject all”, but you don’t actually reject all, and the legitimate interests are still checked.
The facts you provided aren’t relevant. I’m talking about the de facto situation as it applies to 99% of companies, you’re talking about the text of the law and enforcement against one particular company. These are different things which don’t have much to do with each other.
You even acknowledge that DPAs are understaffed and overworked, which results in the lacking enforcement which is exactly what I’m complaining about. For what I can tell, we don’t disagree about any facts here.
Well, other people in this sub-thread are talking about GDPR. You might have switched the topic, but that isn’t alexelcu’s fault.
I’m talking about GDPR as well, focusing about what impact it has in practice. I have been 100% consistent on that, since my first message in this sub-thread (https://lobste.rs/s/de2ab1/firefox_adds_terms_use#c_3sxqe1) which explicitly talks about what it means de facto. I don’t know where you got the impression that I’m talking about something else.
But there is enforcement, it’s just slower than we’d like. For example, screens making it harder to not opt in rather than opt in have gotten much rarer than they used to be. IME now they mostly come from American companies that don’t have much of a presence in the EU. So enforcement is causing things to move in the right direction, even if it is at a slow pace.
There is a website tracking fines against companies for GDPR violations [1] and as you can see, there are lots of fines against companies big and small every single month. “Insufficient legal basis for data processing” isn’t close to being the most common violation, but it’s pretty common, and has also been lobbed against companies big and small. It is not the case that there is only enforcement against a few high profile companies.
[1] https://www.enforcementtracker.com/
Why do you lay this at the feet of GDPR?
it’s the other way around - most of the time you have to actively revoke “legitimate interest”, consent should be off by default. Unfortunately, oftentimes “legitimate interest” is just “consent, but on by default” and they take exactly the same data for the same purpose (IIRC there are NGOs (such as NOYB, Panoptykon) fighting against IAB and other companies in those terms)
“Legitimate interest” is the GDPR loophole that ad tech companies use to spy on us without an easy opt-out option, right? I don’t know what this means in this context but I don’t trust it.
It is not, ad tech has been considered not a legitimate interest for… Ever… By the Europeans DPAs. Report to your DPA the one that abuse this. There have been enforcement.
Every website with a consent screen has a ton of ad stuff under “legitimate interest”, most ask you to “object” to each individually. The continued existence of this patterns means it’s de facto legal under the GDPR in my book. “Legitimate interest” is a tool to continue forced ad tracking.
Yes, all of that is illegal under GDPR.
The problem has been that DPAs are understaffed and overworked.
I don’t think you’re disagreeing with me. It’s de jure illegal but de facto legal. I don’t care much what the text of the GDPR says, I care about its material effect on the real world; and the material effect is one where websites put up consent screens where the user has to “object” individually to every ad tech company’s “legitimate interest” in tracking the user for ad targeting purposes.
I used to be optimistic about the GDPR because there’s a lot of good stuff in the text of the law, but it has been long enough that we can clearly see that most of its actual effect is pretty underwhelming. Good law without enforcement is worthless.
No, it’s de facto illegal a well, law enforcement is just slower that we’d like. Ask, for example, Facebook.
De facto illegal for entities at Facebook’s scale? Maybe. But it’s certainly de facto legal for everyone else. It has been 7 years since it was implemented; if it was going to have a positive effect we’d have seen it by now. My patience has run out. GDPR failed.
I just gave you a concrete example of a powerful Big Tech company, with infinite resources for political lobbying, that was blasted for their practices. They first tried hiding behind their Terms of Use, then they tried claiming a legitimate interest, then they offered the choice of a paid subscription, and now they’ve introduced delays in scrolling for people that don’t consent to being profiled, which will be deemed illegal as well.
Your patience isn’t important. This is the legal system in action. Just because, for example, tax evasion happens, that doesn’t mean that anti tax evasion laws don’t work. Similarly with data protection laws. I used to work in the adtech industry. I know for a fact that there have been companies leaving the EU because of GDPR. I also know some of the legwork that IAB tried pulling off, but it won’t last.
Just the fact that you’re getting those interstitials is a win. Microsoft’s Edge browser, for example, gives EU citizens that IAB dialog on the first run, thus informing them that they are going to share their data with the entire advertising industry. That is in itself valuable for me, because it informs me that Edge is spyware.
I agree that the “we’re spying on you” pop-ups is a win in itself. I’m just complaining that it’s so toothless as to in practice allow websites to put up modals where each ad tech company’s “legitimate interest” in tracking me has to be individually disabled. If the goal of the GDPR was to in any way make it reasonably easy for users to opt out of tracking, it failed.
I’m not so sure. I’ve even seen this used as an argument against the GDPR: The spin they give it is “this is the law that forces us to put up annoying cookie popups”. See for example this article on the Dutch public broadcasting agency (which is typically more left-leaning and not prone to give a platform to liberals).
Roughly translated “all innovations in AI don’t work as well here as in the US. And why do you have to click on cookies (sic) on every single website?”
I have seen that as well, and I think it’s bullshit. The GDPR doesn’t force anyone to make any form of pop-up, nobody is forced to track users in a way which requires consent. The GDPR only requires disclosure and an opt-out mechanism if you do decide to spy on your users, which I consider good..
I agree, but at the same time I think the average user just sees it as a nuisance, especially because in most cases there’s no other place to go where they don’t have a cookie popup. The web development/advertising industry knowingly and willfully “complied” in the most malicious and obnoxious way possible, resulting in this shitty situation. That’s 1 for the industry, 0 for the lawgivers.
I agree that it didn’t have the desired effect (which, incidentally, I have spent a lot of this thread complaining about, hehe). I think everyone was surprised about just how far everyone is willing to go in destroying their website’s user experience in order to keep tracking people.
I’m not sure if you’re deep in grumpy posting or didn’t understand the idea here, but for legitimate interest you don’t need to agree and companies normally don’t give you the option. If you’re talking about the extra options you unset manually, they’re a different thing. The “legitimate interest” part is for example validating your identity through a third party before paying out money. Things you typically can’t opt out of without also refusing to use the service.
If you get a switch for “tracking” or “ads” that you can turn off, that’s not a part of the “legitimate interest” group of data.
I’m sorry but this isn’t true. I have encountered plenty consent screens with two tabs, “consent” and “legitimate interest”, and where the stuff under “consent” are default off while the stuff under “legitimate interest” is on by default and must be “objected to” individually. Some have an “object to all” button to “object” to all ad tracking in the “legitimate interest” category.
Here’s one example: https://i.imgur.com/J4dnptX.png, the Financial Times is clearly of the opinion that tracking for the purpose of advertising counts as “legitimate interest”.
I’m not saying that there’s any relationship between this pattern and what’s actually required by the GDPR, my understanding of the actual text of the law reflects yours. I’m saying that this is how it works in practice.
So when I login to lobste.rs (or any other important website) do I grant them the permission to use my credentials? ;-)
Pretty much
this comment remains property of the Mozilla Foundation and is presented here with their kind permission
Mozilla updated the article with a clarifying statement:
the problem is it doesn’t clarify anything. “basic functionality” is not defined. my guess is they want to be able to feed anything we type or upload to a site, to also be able to feed that into an LLM. “anything other than what is described” doesnt help because what is described is so vague as to mean anything “help you experience and interact with online content”
That is… not clarifying. And not comforting. “What is described” in the ToS is “to help you navigate, experience, and interact with online content.” That’s absurdly vague. And what is described in the Privacy Notice is absurdly broad:
Yes. That’s the fucking point.
I’m glad we have this contextless legalese to clarify things. I wonder if there’s some kind of opt-in data collection in Firefox that Mozilla might have legal obligations to clarify their rights to? Couldn’t be that… No, let’s put a pause on critical thinking and post stupid TOS excerpts as if Mozilla are going to steal our Deviantart uploads and sell them as AI training data.
If they need a ToS for a particular feature, then that “contextless legalese” should be scoped to that feature, not to Firefox as a whole.
This is precisely why the same organization should not do all of these things. If they want to do non-tool stuff to continue funding their mission they should start up independently managed companies that can establish these consents for a narrow band of services. They can give the existing organization control as a majority shareholder, with dividends flowing back to the main organization. That is the way to ensure that incentives don’t become misaligned with the mission.
They’re future-proofing their terms of service. That’s even worse than future-proofing one’s code, Though for different reasons.
That language comes off a bit … onerous
But what does it mean? To “navigate”.
That’s it I guess. Thanks for the find! Firefox is dead to me now. What’s the non-evil browser to go to nowadays?
librewolf seems to be the rage now: https://librewolf.net/
On MacOS/iOS there is the Kagi browser Orion: https://kagi.com/orion/
The hubris and arrogance displayed here is amazing. Getting ignored as a security research is almost standard practice, and things silently getting fixed as well, but responding like this is just insulting for no good reason.
Good on OP for exposing their shitty practices!
I don’t know the exact time lines, but object-oriented everything was definitely a bubble that lasted quite a while (maybe that matches “java” in your list, but I feel like the hype was there way before Java).
Also, “business people programming” (COBOL, SQL, etc)
I’m as suspicious as anyone of Apple’s “high regard” of privacy, but all of these accesses are legitimate.
App Store Connect is sending the bundle ID to Apple, to automatically fetch provisioning profiles based on your account.
The images domain is checking for newer versions of the iPhone, iPad, iThing, [etc.] emulators.
This isn’t some “mysterious boogeyman”, it’s all noted and in public. Frankly, anyone fussed enough about their bundle IDs being sent to Apple probably shouldn’t be developing for the Apple platform anyway, considering all the documentation they require to open an Apple Developer account these days. And if you don’t have an Apple Developer account, then you aren’t signed in, and none of this matters anyway as there is no identifiable information.
Yes, dissidents and activists should be aware of this, but I’d expect that sort of developer to run air gapped anyway. Not doing so is going to spell trouble from a lot more than a bunch of connections to Apple.
It wouldn’t be as bad if you weren’t required to use XCode to even build anything targeting iThings.
But anyway, I suppose this sort of thing has become “the New Normal”.
A lot of times when I am downloading little projects to play with from GitHub or wherever, rather than fire up Xcode I will use
xcodebuildat the CLI just to test it out. I believe there are ways to do nearly everything from the CLI. One doubt I have is deploying to device; that might require the GUI. I’ve been meaning to look into it more.I don’t use Mac and I won’t touch app development with a 10 foot pole so I can’t check, but just because it’s CLI-based doesn’t necessarily mean it doesn’t phone home. It’s still part of XCode, right?
For
xcodebuild, no, it’s not doing anything network-related. It’s mostly an XML Xcode project parser and an LLVM frontend for building projects. Everything as far as dependencies (SDKs, headers, libraries, etc.) must exist on the filesystem but all of that is put there by “Xcode Command Line Tools” which can be independent of the Xcode IDE.Doing device provisioning stuff for iOS/iPad is a different story, as that requires crypto-based profiles and certificates and such, which Xcode frontends and is much of this “phoning home”, as mentioned above.
But the configuration and building of projects and such still feels very UNIX-y with these CLI tools.
As a person in tech, my only advice for future generations is avoid adding tech to your daily life. More than anything, Big Tech’s main purpose is to add rent seekers to your life.
This always gets me - as a technologist, people are always so surprised to hear I use a dumb phone, hate AI and typically go for the low-tech option when there is one. Why is this still surprising though? I guess “normal” humans don’t spend a single second thinking about the negative sides of technology…
No, they really don’t! It’s a temperature controlled bed, it should be a dead simple closed system.
Pushing updates instead of user-initiated updates is one of the worst things that human kind have ever invented, and I am only moderately hyperbolic about that. I think almost all modern tech problems, and even many tech industry problems, can be directly tied to it.
Why care about bugs? We can just push out an update! No one will notice! Until their phone randomly reboots while they need to call 911 (which actually happened to me on my Android).
Why care about UX consistency? We can just push out A/B updates and experiment directly on our users! (which meant an app I was trying to teach my grandmother to use was completely different on her system than mine.)
etc etc…
Consistently applying important security updates is something you can most definitely not expect the average user (or even technically sophisticated but lazy users) to do. Bugs are inevitable, no matter how hard you try.
Btw. I guess we can assume that UK wants similar data access from other cloud providers. So if people store data in some other big cloud and expect it to be encrypted securely, they are quite likely wrong.
And I wonder about smaller cloud setups. I guess UK will go after the largest providers first (Apple, Google, Office365, Backblaze…); but after that they might make the same demands (i.e. “accessing stored data without the victim knowing”) from personal Nextcloud instances?
I wonder about Google’s Android backup service: it’s supposedly E2EE.
Any changes to that service in the UK lately?
E2EE doesn’t say a lot about how many ends there are. I suppose the UK gov’t (and many others) are fine if they are one of those ends as well. In a system that handles both E2EE and storage, that’s painfully simple to do.
It’s very accepted at this point that the Ends in E2EE must all be end user-controlled or it’s wire encryption and not E2EE
My reading of @pgeorgi’s comment is they’re suggesting Google have perhaps stretched the definition of “end-to-end” beyond generally accepted limits. That is, in such a way that if legally challenged Google may respond, in floral legalese, “the number of ‘ends’ were never defined”.
But maybe I’m reading too far :) It’s a plausible theory in any case, albeit conspiratorial in the absence of evidence. Conspiratorial thinking can be a fun and beneficial exercise, sufficiently constrained.
It’s basically impossible to ensure, though.
“E2EE with key escrow” would add a miniscule amount of data and complexity but provide a NOBUS interface into the data for whoever owns the escrow key:
If the software provider is the same organization as the storage provider, they can hide the matter even better: for example, increase session id length and encode the encrypted keys in those spare bits in an https header that looks pretty random to begin with. Filter out bits that represent the encrypted key on the server and pass them to the government as they come in.
From everybody’s perspective except those controlling the escrow key (that government), it still looks like a complete E2EE scheme. In particular, the storage provider can’t access the data, so that’s stronger than wire encryption.
Those encrypted keys are so small, relatively speaking, that they won’t necessarily raise red flags in transit or at rest. The only way is a complete audit of the software. Between “app stores” as preferred delivery mechanism and “auto updates” being applied whenever the distributor wants (or is asked to), at least on platforms like Apple’s/Android that sparked the discussion, you rarely can be sure that you’re running what you audited.
so by “basically impossible to ensure,” you meant specifically under the regime of mobile app stores and auto-updates.
That’s the context of the article, and it’s the reality of most computer users these days. My important data is air gapped, which sidesteps the entire issue, but that’s far from the reality of most, and so is compiling your own E2EE system software after carefully auditing it, from the firmware and kernel upwards.
I think there’s a middle ground where source code is available and builds are signed and reproducible.
You have to wonder if they’ll outlaw encryption entirely. I mean, you would expect the true criminals to simply move to some homegrown system where they encrypt things themselves. It’s only the lazy/dumb criminals they’ll catch with this Apple thing.
IMO this presents a false dichotomy - you really don’t have to write shitty SQL injection-prone unmaintainable code to “make it scale”, or to make it useful and usable for real users.
However, there is a tension between usability and clean separation of concerns, and speed (either of delivery, or performance/scalability) and maintainability. And if you set out to build something “reusable”, it will either end up way overengineered (like dependency injection) to allow for all the weird things people try to do with it, or with limited use cases (like the Django example).
I’ve been there before, many times. I’m not even sure it’s the “without users” part that necessarily leads there, although that’s often a contributing factor because there’s nothing to distract you from going off the deep end. With users you feel the pain of actually making your creation do something realistic and with decent performance. Without users, you can lull yourself into a false sense of security by making pretty-code demos and unrealistic scenarios.
The author of this piece wrote a month ago a piece called AI is Creating a Generation of Illiterate Programmers which enjoyed some success and even got featured by ThePrimeagen. In that article he mentioned that once ChatGPT was down he couldn’t code anymore and went on to say:
No, it’s not. This may be true for a group of developers who are overusing these tools for mainstream languages and frameworks, but using your singular experience and claiming it to be the reality of us all is purely selection bias.
Now, the author writes a rather
identicalsimilar piece, lacking nuance and empathy, this time throwing under the bus a whole group of developers and the ones who struggle the most to find a job nowadays. But hey did you already subscribed to his newsletter? Did you know Elon Musk reads his articles? Or that he’s also working on an AI tool?I’m glad I’m not the only one who raised eyebrows at those things…
It’s funny nobody noticed the other inconsistencies, like the mysteriously changing inventory and such. You’d think with such an “impossibly lucky” speedrun, people would pay attention to things like that.
Article was rather more tolerable than I was expecting, so good on the author.
I will highlight one particular issue: there’s no way to have both an unbiased/non-problematic electric brain and one that respects users’ rights fully. To wit:
This logic applies just as much to a minority pushing for (say) trans-friendly norms as it does for a minority pushing for incredibly trans-hostile ones. Replace trans-friendly with degrowth or quiverfull or whatever else strikes your fancy.
Like, we’ve managed to create these little electric brains that can help people “think” thoughts that they’re too stupid, ignorant, or lazy to by themselves (I know this, having used various electric brains in each of these capacities). There is no morally coherent way–in my opinion!–of saying “okay, here’s an electric brain just for you that respects your prejudices and freedom of association BUT ALSO will only follow within norms established by our company/society/enlightened intellectual class.”
The only sane thing to do is to let people have whatever electric brains they want with whatever biases they deem tolerable or desirable, make sure they are aware of alternatives and can access them, and then hold them responsible for how they use what their electric brains help them with in meatspace. Otherwise, we’re back to trying to police what people think with their exocortices and that tends to lose every time.
This is just free speech absolutism dressed up in science fiction. There are different consequences to different kinds of speech, and these aren’t even “brains”: they’re databases with a clever compression and indexing strategy. Nobody is or should be required to keep horrendous speech in their database, or to serve it to other people as a service.
Isn’t that exactly the problem @friendlysock is describing? This is already a reality. One has to abide the American Copilot refusing to complete code which mentions anything about sex or gender and the Chinese Deepseek refusing to say anything about what happened at Tianenmen square in 1989.
The problem is powerful tech companies (and the governments under which they fall) imposing their morality and worldview on the user. Same is true for social media companies, BTW. You can easily see how awkward this is with the radically changed position of the large tech companies with the new US administration and the difference in values it represents.
It’s not “free speech absolutism” to want to have your own values represented and expressed in the datasets. At least with more distributed systems like Mastodon you get to choose your moderators. Nobody decries this as “free speech absolutism”. It’s actually the opposite - the deal is that you can join a system which shares your values and you will be protected from hearing things you don’t want to hear. Saying it like this, I’m not so sure this is so great, either… you don’t want everyone retreating into their own siloed echo chambers, that’s a recipe for radicalisation and divisiveness.
Why if you want to write a movie villain?
The problem is not the existence of harmful ideas. The problem is lack of moderation when publishing them.
And yeah, nobody should be required to train models in certain ways. But maybe we should talk about requirements for unchecked outputs? Like when kids ask a chatbot, it shouldn’t try to make them into fascists.
On the other hand, when I ask a chatbot about what’s happening in the US and ask it to compare with e.g. Umberto Eco’s definition of Fascism, it shouldn’t engage in “balanced discussion” just because it’s “political”.
We need authors to have unopiniated tools if we want quality outputs. Imagine your text editor refusing to write certain words.
Ah, I guess? If that bothers you, I think that’s an interesting data point you should reflect on.
Sure, but if somebody chooses to do so, they should be permitted. I’m pointing out that the author complains about bias/problematic models, and also complains about centralization of power. The reasonably effective solution (indeed, the democratic one) is to let everybody have their own models–however flawed–and let the marketplace of ideas sort it out.
In case it needs to be explicitly spelled out: there is no way of solving for bias/problematic models that does not also imply the concentration of power in the hands of the few.
I’m not claiming this is feasible at this point, but is “delete all the models and research and stop all R&D in ML” a counterexample to this claim?