There’s a lot to be said for the scale of damage that can be done with something, especially relative to the effort needed to do that damage.

These days tech companies are doing enormous damage to people’s brains (saturating our dopamine receptors to the point that many people have depression and executive dysfunction) to turn us all into consumption machines that can only find happiness by consuming content and buying commercial products and services.

Imagine how much more harm they’ll do when they have direct access to our neurons, without even LED pixels as a buffer in between.

This is a very important concern. Tech companies already exert entirely too much power over society through smart phones and their accompanying apps. The damage they would do with direct access to your neurons is incalculable.

The only thing that comforts me is that I firmly expect that society as we know it will entirely collapse before this technology can really be capitalized. It’s not a very comforting expectation, but it somehow bothers me less than the idea of techno-fascist corporate feudal states taking control of everyone’s thoughts.

Probably the most important thing is keeping up with security fixes. I’m not an expert in web security, but my impression is that there’s a never-ending cat and mouse game between hackers and browser developers to find or patch exploits. And since browsers play such an important role in the activity of hundreds of millions… billions?.. of consumers, it has the largest possible attack surface for hackers to target.

Then there’s things like better support for web assembly (how I would love the web dev world to break the JavaScript hegemony), and the constantly shifting web standards that are meant to make websites more capable, easier to program, and more performant. E.g. things like websockets and WebRTC.

I think it’s debatable whether RAII should be called “memory management”. Whether dealing with Rust or modern C++, you don’t need to “manage” the memory beyond specifying a container that will determine its lifecycle behavior, and then you just let it drop.

You could certainly choose to manage it more granularly than that in Rust or C++, but in the vast majority of cases that would be considered bad practice.

That’s a qualitatively different user experience than C or pre-2011 boostless C++ where you actually need to explicitly delete all your heap allocations and manually keep track of which pointers are still valid. Lumping both under “memory management” makes the term so broad that it almost loses its significance.

I’m directing my criticism specifically on the technological advancement which is devoid of communal spirit, not on all technological advancement categorically.

Crediting human achievement to technological advancement is a mistake in my opinion. Technological advancement is not inherently good or bad. Communal spirit is what determines whether technology yields positive or negative outcomes. That’s the real ingredient behind everything humans have achieved throughout history.

Sadly techno-optimism has become a prevailing mindset in today’s world where people and institutions don’t want to take responsibility for the consequences of their actions because of belief that as-yet-unknown technological advancement will bail us out in the future, even when there’s no evidence that it will even be physically possible.

But what I said is that your view is a sad one, not an incorrect one. The truth is, technological advancement may truly end up being the defining characteristic of humanity. After all, when we think about extinct species, we tend to associate them most strongly with what made them extinct. Just as we associate the dinosaurs most strongly with a meteor, maybe an outside observer will some day associate humanity most strongly with the technology that sent us out in a blaze of glory.

What a sad view of humanity to think that our one defining characteristic should be pursuit of technology rather than the ability to intelligently collaborate and thereby form communities with a shared purpose.

I can assure you that the success of human survival throughout the history of our species has had far more to do with community and resourcefulness than with technological advancement. In fact it should be clear by now technological advancement devoid of communal spirit will be the very thing that brings an untimely end to our entire species. Our technology is destroying the climate we depend on and depleting the soil that we need for growing food, to say nothing of the nuclear bombs that could wipe us out with the wrong individuals in positions of power.

If they ever go public then yes, enshittification is guaranteed. As long as they remain a privately held company, there’s a chance they can hold the enshittification at bay.

I’m not trying to shill for Google but I really think it would be a mistake to break up Google without breaking up Microsoft simultaneously if not first. If they actually manage to crack open Google’s search and browser monopoly, who do they really think is going to start filling in that void? Local mom and pop search engines…? No it’s primarily going to be Microsoft with Bing and Edge, and I’m absolutely certain that whatever people don’t like about Google having its monopolies is going to be orders of magnitude worse if Microsoft gains ground there.

I’m not convinced he really believes that OpenAI is going to roll out AGI in the next ten years, but I’m completely sure he’s determined that it’s a good marketing strategy to make people believe that he believes it.

Google is an enormous company which operates flatter than you’d expect for an organization of its size. It’s entirely possible that someone from Google was involved in organizing this (i.e. booking the venue) without having buy-in from leadership. Once leadership became aware after being asked about it, they may have shut the whole thing down because they knew the optics would be bad.

How exactly is an individual supposed to determine which cops will be good and which will abuse their power?

Just as we can’t make a general statement that all cops are definitely bad, you can’t make a general statement that all cops in any particular country or town will be good.

From a basic risk management viewpoint, it doesn’t make sense for anyone to accept the risk that any given cop won’t abuse their position, even if we were willing to accept that very few would actually do so.

Cops have an extremely privileged status in society and the amount of damage that a bad one can do to an individual - on purpose or even by accident - is incalculable, including setting up an innocent person for capital punishment as we’re seeing unfold in Missouri right now.

People just don’t want to believe that China can win at capitalism because it undermines all their internal narratives around the innovation power of liberalism. I say this as someone who does not personally like China and its authoritarianism.

The fact of the matter is with a population of nearly 1.5 billion people, you’re statistically guaranteed to have enormous pools of talent to draw on. Even a relatively modest per capita investment in education, focused on key objectives and funneled into the portion of the talent pool that they’ve managed to identify, will be able to yield massive innovation.

A lot of people will suffer under this authoritarianism. The people from these talent pools will be exploited and burnt out at a young age. This is already happening in China. But as a nation, it will be able to position itself extremely well technologically and economically, and this is a reality the rest of the world needs to be prepared to deal with.

Which is exactly the position that the Rust for Linux devs have understood and accepted for themselves, and yet they still get yelled at (literally, in public, on recordings) by C Linux devs for existing.

Oh and they get snidely told that introducing the Rust language must be a mistake because suggestions to introduce other languages to the kernel turned out to be mistakes and obviously Rust is the same as all those other languages according to C developers who, by their own admission, have never used or learned anything about Rust beyond a superficial glance at some of its syntax (again this was recorded from a public event).

PG&E was literally the villain in the real life Erin Brockovich story.

Nothing is ever better in every conceivable way than the current state of the art.

Probabilistically, sure, but it’s not impossible that there has been some piece of knowledge or understanding that’s been missing, and that massive breakthroughs are possible once the process is figured out.

I think a fair modern example is LED light bulbs. They are better in every conceivable way than incandescent or fluorescent lightbulbs: they last longer, use less energy, shine brighter, use less toxic materials, and are easy to mass produce. But there were several decades where much of the industry believed that LEDs would never be very useful as a light source because we could only produce red and green, and it was generally believed that a blue LED would be impossible to produce.

Then one guy decided it would be his life mission to invent the blue LED, and the sonuvabitch did it. Now LEDs are the only sensible thing to use to produce light.

It’s always possible for this kind of breakthrough to happen, especially in material science where the complexity of how molecules interplay is nearly incomprehensible.

I don’t doubt that in this case it’s both silly and unacceptable that their driver was having this catastrophic failure, and it was probably caused by systemic failure at the company, likely driven by hubris and/or cost-cutting measures.

Although I wouldn’t take it as a given that the system should be allowed to continue if the anti-virus doesn’t load properly more generally.

For an enterprise business system, it’s entirely plausible that if a crucial anti-virus driver can’t load properly then the system itself may be compromised by malware, or at the very least the system may be unacceptably vulnerable to malware if it’s allowed to finish booting. At that point the risk of harm that may come from allowing the system to continue booting could outweigh the cost of demanding manual intervention.

In this specific case, given the scale and fallout of the failure, it probably would’ve been preferable to let the system continue booting to a point where it could receive a new update, but all I’m saying is that I’m not surprised more generally that an OS just goes ahead and treats an anti-virus driver failure at BSOD worthy.

When talking about the driver level, you can’t always just proceed to the next thing when an error happens.

Imagine if you went in for open heart surgery but the doctor forgot to put in the new valve while he was in there. He can’t just stitch you up and tell you to get on with it, you’ll be bleeding away inside.

In this specific case we’re talking about security for business devices and critical infrastructure. If a security driver is compromised, in a lot of cases it may legitimately be better for the computer to not run at all, because a security compromise could mean it’s open season for hackers on your sensitive device. We’ve seen hospitals held random, we’ve seen customer data swiped from major businesses. A day of downtime is arguably better than those outcomes.

The real answer here is crowdstrike needs a more reliable CI/CD pipeline. A failure of this magnitude is inexcusable and represents a major systemic failure in their development process. But the OS crashing as a result of that systemic failure may actually be the most reasonable desirable outcome compared to any other possible outcome.

I think a long time ago a vicious cycle began in the advertising space where predatory ads had more incentive to pay for ad space, so sensible people start to perceive ads in general as predatory. Now no sensible advertiser that’s trying to promote a legitimate product for legitimate reasons will do so by buying ad space, thus reinforcing the increasingly accurate perception that all ads are predatory.

He absolutely has not.

There are two big problems with the point that you’re trying to make:

1. There are many open source projects being run by organizations with as much (often stronger) governance over commit access as a private corporation would have over its closed source code base. The most widely used projects tend to fall under this category, like Linux, React, Angular, Go, JavaScript, and innumerable others. Governance models for a project are a very reasonable thing to consider when deciding whether to use a dependency for your application or library. There’s a fair argument to be made that the governance model of this xz project should have been flagged sooner, and hopefully this incident will help stir broader awareness for that. But unlike a closed source code base, you can actually know the governance model and commit access model of open source software. When it comes to closed source software you don’t know anything about the company’s hiring practices, background checks, what access they might provide to outsourced agents from other countries who may be compromised, etc.

2. You’re assuming that 100% of the source code used in a closed source project was developed by that company and according to the company’s governance model, which you assume is a good one. In reality BSD/MIT licensed (and illegally GPL licensed) open source software is being shoved into closed source code bases all the time. The difference with closed source software is that you have no way of knowing that this is the case. For all you know some intern already shoved a compromised xz into some closed source software that you’re using, and since that intern is gone now it will be years before anyone in the company notices that their software has a well known backdoor sitting in it.