That said, I have been asked if I had kids, in an interview. Later in my career, when I was trained to perform interviews, I was explicitly told to NEEEEEVER ask that. And if the candidate volunteers it, to basically pretend you didn't hear it.

It's very useful if it says AI/LLM was used, then I know that there may not actually be a reason for the choice in the commit, so per Chesterton's fence I can then tear down that fence.

Now, do I need to know which brand of LLM? No. And fair enough, I'll stop being specific.

Any time someone builds a social network, they'll be equally liable for any danger for kids that result? De facto making social networks illegal?

Or is a moral/legal social network possible? If so, then it seems we're talking about two different things: 1. jail the CEOs of these companies… for… something (it's unclear to me. Not that I disagree, but you've not made the case). 2. How can we make social networks "a good"?

Surely you can't mean banning all social networks, because HN is a kind of social network.

What is an evil "kind" of social network? "I know it when I see it"?

E.g. I think something pretty uncontroversial would be a goal of blocking kids from the likes of TikTok & Instagram between 22:00 and 08:00.[1] But if I'm an adult, that's a different matter. Ok, so how do I prove I'm an adult, without society turning into a surveillance state, or surveillance capitalism?

Next up: wouldn't it be nice if e.g. someone over the age of 30 couldn't initiate chats (including comments on posts) with 13 year olds? For hobby exceptions (e.g. joining a computer or chess club) it would make sense to either have parental approval, or some moderation requirements for parental approval exempt groups.

[1] I'm here not saying that this is the biggest problem, but it should at least be uncontroversial.

"Can I pay you the $10 and you make my car not shit?" — "No, I'm sorry, we only make shit now".

What makes you say that? This is the store now decrypt later attack, and it's anything but worthless.

Oh, worthless for your oauth? Uh… but how do you bootstrap the trust? Sounds to me like you need post quantum to carry the whole thing anyway.

Or you mean one key signs the next? Ok, so your bet is that within the time window an RSA key, RSA can't be cracked?

Why in the world would anyone want to depend on that? Surely you will also pair it with PQ?

There are many ways to implement this. I think some Chromebooks have FIDO gated on a physical button.

If you have an unlocked device with keys usable requiring a mere touch, I'm not sure fingerprint adds much value. A button would be enough.

Actually checking with fingerprint only addresses an extremely narrow attack where someone who wants to attack you steals your device (so already physical access, meaning not DPRK hackers) while it's unlocked, and only getting a window of opportunity until you've called your security department to lock your account. … and yet this attacker would NOT be willing to use force against your person, to make you use your fingerprint.

Sure, if that's a threat model that's worth your time, use fingerprint too.

Keep in mind that already going from software only (and arguably this includes OTP app on your phone) already means effectively going to zero. Google moved to security keys and says “We have had no reported or confirmed account takeovers since implementing security keys at Google” — https://krebsonsecurity.com/2018/07/google-security-keys-neu...

So there are extreme diminishing returns after just security key with touch.

An app solution even gets a callout in that article as being not as good.

And they won't be replacing these just because they're missing FIDO. And they can't "just" be upgraded because they aren't necessarily just Linux boxes in a trenchcoat. Nor are they necessarily running any version of OpenSSH.

A laptop and a phone are both general purpose computers with "TPM chips", so "you could implement that on android" is as true as "you could implement that on a white computer".

There was something about Macs. It took them a while to get a TPM. But I think now they do, so macs can do it too.

Yes, with TPM and yubikey you have the option to store the per key material on disk, encrypted by the TPM. But the way this is then used is that the PKCS software sends that encrypted blob AND the requested operation, and gets only the output back. The CPU doesn't get the SSH private key back. Just the output of the RSA operation using the key.

Depending on which authenticator app (or maybe applies to all?), that data either is, or can be, backed up.

A yubikey cannot be cloned.[1]

> the malware rides along this expectation and gets ahold of your private SSH keys and stores them or sends them off somewhere.

Ah, this is where your misunderstanding lies. No, the crypto operation runs ON the TPM or yubikey. The actual secret key NEVER lives in RAM. (ehem, after it was imported, if importing is the method by which it was generated)

[1] You know what I mean. Of course in principle it can be. But not like a phone where it can literally be sent via scp.

And keys cannot be stolen from backups.

Or stolen without your knowledge when you left your laptop unguarded for 5min.

Not every attacker has persistent undetected access. If the key can be copied then there's no opportunity for the original machine's tripwires to be triggered by its use. Every second malware runs is a risk of it being detected. Not so, or not in the same way, with a copied key.

They raised $17M to build what appears to be solvable by some git wrapper scripts that could have been written by AI in 5 minutes?

To me the extra "wat" about this is that if I spend the sub-$1 to get the git wrapper scripts, I can get them exactly the way I want them, instead of being mandated to use the commands they made up. A huge gain for AI is the ability to have exactly the software you personally want, even if nobody else wants it just so.

So they are building the exact opposite of the need that AI brings forward. What they are building is not even median software that is in danger of being replaced (e.g. see Cloudflare spending a week to build "a wordpress"), but something that's the most extreme example of AI-will-replace-this that could possibly exist.

Who will buy this?

The only way this makes sense is as a plea for being acqui-hired (and the project dropped).

> Sounds like ipv6 is a good solution for people who choose ISPs with CGNat.

I mean… this is just "not even wrong".

> Is it just CGNat on poor ISPs?

I already said no to this.

Look, like I said, you appear to be unaware of so much about everything about the Internet, running an ISP, running a service provider, corporate networks, ISP-customer relationships, small businesses, BGP viable policies, cloud economics, etc… that it's hard to know where to even start. And while HN is great for some things, HN comments are just not suitable for something that is shaped more like a course or internship. This can't even be described as "gaps" in your knowledge.

I'm put off by your confidence without the knowledge, and of course also by your implication that if you have CGNat then you should have just worked a little harder to not be so poor, to pay a better ISP, or you should move to a more expensive place where other ISP options exist. Of course ignoring that this doesn't scale to the population at all, and extra address bits are very relevant to scaling.

I'm struggling to assume good faith on your question, since it's so strange. I feel like I need to start from scratch explaining the internet, since asking this question reveals a lack of knowledge about everything networking.

seccomp could only do this partially, in that there are other avenues (e.g. io_uring), and I want it to be the case throughout the boot process.

That addresses all of your concerns, and you have that option.

Yes, I hate it too.

Put yourself in the position of the employee on the other side. They currently have 647 bugs in their backlog. And they also have actual work to do that's not even related to these bugs.

You come to work. Over night there's 369 emails (after many filters have been applied), 27 new bugs (14 of which are against a previous version). You triage. If you think 8h is enough to deal with 369 emails (67 of which are actionable. But which 67?) and actually close 27 bugs, then… well then you'd be assigned another 82 bugs and get put on email lists for advisory committees.

Before you jump to "why don't they just…", you should stop yourself and acknowledge that this in an unsolved problem. Ignore them, let them pile up? That's not a solution? Close them? No! It's still a problem! Ask you to verify it (and implicitly confirm that you still care)? That's… a bit better actually.

"Just hire more experts"… experts who are skilled enough, yet happy to work all day trying to reproduce these bugs? Sure, you can try. But it's extremely not a "why don't they just…".