> it’s prudent to assume that they’ll shift to a “merit based”
There is already a "Merit based" system that supports the arts. It's called the private market.
My initial gut reaction was akin to many responses here but a post that detailed the implementation mitigates many concerns I'd have if I were an Irish citizen. As long as the system has some required 'buy-in' from applicants to prove they are working towards being an artist, and the distribution is random so it's not a guaranteed payout, and possibly the odds of being selected are driven by the number of applicants and so no one could do a cost-benefit analysis of submitting the 'buy-in' purely with hope of receiving a payout, then this seems to be a more fair way of supporting up and coming 'arts' than the government paying some already established artist for a mural or to design a park or to create a sculpture.
> What part of your idea was supposed to stop that happening
The part where people see their money burning away paying maintenance and tax on deteriorating assets.
Why are people holding assets unused?
Because they don't believe that the city will allow sufficient development to allow them to purchase like-assets in the future if they chose to reinvest and the carrying cost is minimal because council taxes are trivial relative to the value of the asset. If my research is correct, Kensington council taxes are under 10k USD per year.
> A server like Marvel Rivals has literally millions of users. Players join that discord to socialize with all of those players and build a community around the game.
Going back to something you said earlier:
> Rocket chat is a Slack alternative for people wanting to host a server for a community. It's not a platform, you need to register and login to each server manually.
So the primary thing is that there is no SSO for each server? No centralized auth system? Because everyone I know that uses discord 'found' the discord via some official means of those million person discord's like the official Marvel Rivals one. If the only purpose of the centralized system is not requiring a new login for every server, then a centralized auth system could be implemented by relying on people's other social media accounts. Login with Google/Facebook/Apple etc.
you could sign into A and your friend could sign into B using the single sign in, but you wouldn't be able to message each other is the problem, there is no platform bridging the logic gap, so you would both need to have A and B open. (afaik. didn't read about Rocket yet)
This really buries the lede. Telecoms are reluctant to do it because 'doing' it isn't aligned with their priorities.
Why would a telecom risk bankruptcy by investing heavily into a system that their competitors aren't?
If you want a back-door to exist (questionable) then the government either needs to have strong regulatory compliance where poor implementations receive a heavy fine such that telecoms who don't invest into a secure implementation get fined in excess of the investment cost or the government needs to fund the implementation itself.
Yes, telecoms should be forced to invest in their own security if they're not doing it. But the focus on the back door misses the point in my opinion. Even if the back door wasn't there, you wouldn't want nation state hackers anywhere near telecoms since they're critical infrastructure.
> Even if the back door wasn't there, you wouldn't want nation state hackers anywhere near telecoms since they're critical infrastructure.
This is only because of the design defect that "lawful intercept" requires.
Telecoms should be completely untrusted because everything is end-to-end encrypted. Compromising a telecom shouldn't allow you to do anything other than bring about a denial of service, and even that would only be effective against anyone who didn't have a redundant link with a different provider, which all actually critical infrastructure should. And a denial of service is conspicuous, as opposed to spying on required-to-be-unencrypted traffic which can continue undetected indefinitely and is a significant national security risk.
Our need to not be spied on is greater than our need to spy on ourselves and requiring designs that assume the opposite of that is a major self-imposed security vulnerability.
Even if let's say lawful intercept is done away with and calls are end-to-end encrypted, the telco would still be in control of key management and distribution... and if those clowns can't secure lawful intercept, why do you think the key distribution infrastructure would fare any better?
Why should they be in charge of key management? They should be in charge of physical plant and leave all of that to someone else. We should be discontinuing the legacy PSTN and making "phone" an IETF protocol where your "phone number" is user@domain.
> They are specifically making it as engaging as possible because that's [how they make money.] ... what people want.
Fixed that for you.
Your argument is basically the same as saying that Banana Ball should be banned because they are intentionally making the experience as fun as possible, because that's how they make money.
You're suggesting that it doesn't matter what children are exposed to / become addicted to because companies should be able to sell what children want? So there's no limits to that in your mind? Should every child be given cocaine because they ask for it? They're certainly given candy, right? You must believe there's no difference between cocaine and candy, I can assure you there is a difference and show you evidence to the contrary, if you're that dense.
sigh... he is saying that addictiveness itself is not a justification to ban something. exercising is addictive to some people, sex is addictive, reading is addictive for some people. everything worth doing in life is addicting.
what matters is the negative consequences of doing something. so the justification for banning tiktok is that it destroys childrens attention spans for life and lets them get propagandized by a hostile foreign government, NOT that its addictive.
Tiktok hasn't been around long enough for the claim that it "destroys childrens attention spans for life" to make any sense.
And children get propagandized by hostile foreign governments everywhere online. And by their own government. The premise that TikTok was somehow more dangerous in this regard than Facebook or Twitter or even Discord is based entirely on sinophobia.
One is knowledge the user has, and the other is a physical key they own.
Providing your 'finger' to unlock a device is no different than providing your 'key' to unlock something. So you can be compelled to provide those biometrics.
Compelling you to reveal a password is not some *thing* you have but knowledge you contain. Being compelled to provide that knowledge is no different than being compelled to reveal where you were or what you were doing at some place or time.
Maybe the two public data points weren't connected before?
I don't use SoundCloud, but if profiles didn't have contact information like Email Address on them then it could be meaningful to now connect those two dots.
Like, 'Hey look, Person A, who is known to use email address X, kept Lost Prophets as one of their liked artists even after 2013!'
SoundCloud is a weird place, people in entertainment have certain strong incentives. They figured out who I am, figured out all the email addresses I have, jacked the account attached to my SoundCloud, stole my account. I still to this day, don't know how they pwned my email (tfa was on but it didn't trigger suspicious activity it let them login without triggering it, no clue how they got the password either and the password is secure enough that it's too hard to brute force, and it's not in a pwned db). Based on what was in my soundcloud inbox when I got access again, someone paid a fair amount to have this done... and now I have to go change my email again I suppose.
You are 100% correct based on article. Not good that you're gray, and your parent of "who cares it was already available and scraped" is the top comment.
But, why care? (Yes, we can “care” that there was a leak - but… why worry? what new risk exists today that didn’t yesterday?)
The data in the leak (other than follower count, etc) was already available for purchase from Zoominfo, 8sense, or a variety of other data brokers or other legal marketplaces for PII.
I suppose the risk now is that the data is freely available and no longer behind a data broker’s paywall?
Let's say you have a $SOCIETAL_TABOO streak and let it out via a soundcloud account that isn't identifiable as you without your email.
Now it is.
Now I can blackmail you or haunt you.
(I'm sure there's other examples, tl;dr people are deanonymized, there are uncountable reasons why people choose anonymity)
> The data in the leak (other than follower count, etc) was already available for purchase from Zoominfo, 8sense, or a variety of other data brokers or other legal marketplaces for PII.
> Ingress being disabled doesn’t really net you all that much nowadays when it comes to restricting malware.
But how much of this is because ingress is typically disabled so ingress attacks are less valuable relative to exploiting humans in the loop to install something that ends up using egress as part of it's function.
Since we're talking about programs that are trying to set up a connection no matter what, I'm going to say "not much". It's not significantly shrinking the attack surface and forcing attackers onto a plan B that's meaningfully harder to do. It just adds this layer of awkwardness to everything, and attackers shrug and adapt.
You block inbound to block inbound. Of course it doesn’t do anything for outbound. Acting like you can just turn inbound filtering off because of that is disingenuous.
> In my opinion most of the people who refuse to believe AI can help them while work with software are just incurious/archetypical late adopters.
The biggest blocker I see to having AI help us be more productive is that it transforms how the day to day operations work.
Right now there is some balance in the pipeline of receiving change requests/enhancements, documenting them, estimating implementation time, analyzing cost and benefits, breaking out the feature into discrete stories, having the teams review the stories and 'vote' on a point sizing, planning on when each feature should be completed given the teams current capacity and committing to the releases (PI Planning), and then actually implementing the changes being requested.
However if I can take a code base and enter in a high level feature request from the stakeholders and then hold hands with Kiro to produce a functioning implementation in a day, then the majority of those steps above are just wasting time. Spending a few hundred man-hours to prepare for work that takes a few hundred man-hours might be reasonable, but doing that same prep work for a task that takes 8 man-hours isn't.
And we can't shift to that faster workflow without significant changes to entire software pipeline. The entire PMO team dedicated to reporting when things will be done shifts if that 'thing' is done before the report to the PMO lead is finished being created. Or we need significantly more resources dedicated to planning enhancements so that we could have an actual backlog of work for the developers. But my company appears to neither be interested in shrinking the PMO team nor in expanding the intake staff.
Life doesn't have down time. Should we avoid learning new things because no one is paying us to learn?
One of my favorite uses of AI is to quickly make some simple 'hello world' level application that I can run using a given technology.
Don't know what an MCP server is? Boot up Kiro and tell it you want to make a sample MCP server and ask it for suggestions on what the MCP server should do. A relatively short while later, with a lot of that time being spent letting AI do it's thing, and you can have an MCP server running on your computer. You have an AI waiting for you to ask questions about why the MCP server does x y or z or how can you get the server to do a, b or c etc
As someone who learns a lot better from doing or seeing vs reading specs, this has been monumentally more efficient than searching the web for a good blog post explaining the concept.
And when I'm doing these learning exercises, I naturally lean towards the domain my company is in because it's easier to visualize how a concept could be implemented into a workflow when I understand the current pain points of that workflow.
I'm not going home and pulling in story's from my board and working on them (generally), I'm teaching myself new concepts in a way that also positions be to contribute better to my employer.
There is already a "Merit based" system that supports the arts. It's called the private market.
My initial gut reaction was akin to many responses here but a post that detailed the implementation mitigates many concerns I'd have if I were an Irish citizen. As long as the system has some required 'buy-in' from applicants to prove they are working towards being an artist, and the distribution is random so it's not a guaranteed payout, and possibly the odds of being selected are driven by the number of applicants and so no one could do a cost-benefit analysis of submitting the 'buy-in' purely with hope of receiving a payout, then this seems to be a more fair way of supporting up and coming 'arts' than the government paying some already established artist for a mural or to design a park or to create a sculpture.
reply