Yes, I know the author's writeup then goes on to say that it is not a libc with a pile of questionable justfication. This is a custom runtime, in a single header no less, which is admittedly impressive, especially considering it provides runtime and thread safety primitives. This does not rise to the level of claiming the idea of a 'standard libarary' though, IMO. In that, I think the author misses the point.

Maybe early/MVP product engineers should know better, but CFs own education materials do not teach you to expect that.

The CVE system arose as something of a mediating factor to enable coordinated disclosure of discovered issues and make something of a standard that vendors could point to and they they were being responsive, vs wondering if a random exposure on Bugtraq in the 90s would ruin your week.

If it no longer aids in that, then it has ceased to be a system useful for its original purpose, and it would be foolish to continue to feed it resources. It probably doesn't help that all sides viciously game the CVE system these days.

That's still a good question, though. Do any of them have anything more substantial than 'anonymous' sources, or even their own anonymous sources not linked to the breaking article's?

I am generally suspicious when anonymous sources quoted these days, but I am rather more suspicious of reports that only come from a single source and get repeated in multiple outlets more or less immediately.

I know there is some amount of synchronicity induced by syndicated news feed outlets like AP, but like many single source/anonymous stories, this reads to me like some 'suggested copy' was sent out to some reporters or outlets ahead of time.

Anonymous sources are important for the integrity of reporting, but it must also be recognized that they are essentially non-authenticatable information.

The author of the secondary source I see most mainstream sources quoting (Mattia Ferraresi) has also come out and said people are stretching and misrepresenting what he wrote: https://xcancel.com/mattiaferraresi/status/20424925662396866...

There is at least one outlet that appears to have asked the both Pentagon and the Church what was up and both parties told them the meeting was overstated as well: https://www.pillarcatholic.com/p/nuncios-pentagon-meeting-wa...

https://xcancel.com/BrianBurchUSA/status/2042307511504519366

I'm going to put this in the "Extraordinary claims require extraordinary proof" bin.

It has probably helped increase their raw numbers, but it has also induced "mission drift".

If they spent any appreciable amount of time replying to people and not just themselves, their X impressions would be considerably larger. X themselves has been clear that engagement weights impressions/recommendations/algorithmic display, and EFF has done none of that.

It looks to me like a people at EFF problem, not an X problem.

The classic value prop for ads has been so badly destroyed by bad curation and content invasiveness that the basis value of that attention has dropped trough the floor. The growing prevalence of ad blocking is only a symptom of that.

This has become bad enough it even invades special interest nonprofit rags like the AAA, American Legion, and USPSA newsletters, for example.

In most classic U.S. jurisdiction, no, you cannot. Compelled activity or speech is generally frowned upon. The most important part of this case, IMO, was the Supreme Court constraining the Fourth Circuit's interpretation of contributory liability and attempting to turn the DMCA system into one for enabling those fishing expeditions.

In that vein, merely selling a tool even if a predominant use or intention of that tool is infringement, the infringement must be actively induced or invited by the seller. This is also affirmed in detail in the USSC opinion: "The Court has repeatedly made clear—see Kalem Co. v. Harper Brothers, 222 U. S. 55, Sony, and Grokster—that mere knowledge that a service will be used to infringe is insufficient to establish the required intent to infringe."

This is the primary part of the opinion, the first 7 of 27 pages. I'm still reading the rest and will update when finished. (Concurring Opinion and Dissents I believe)

===

The meat of the opinion has some interesting elements as well:

* "Internet service providers, such as Cox, have limited knowledge about how their Internet services are used and who uses them. They do know which IP address corresponds to which subscriber’s account, but they cannot distinguish one individual user from another...However, because online infringement is so widespread, pursuing each individual infringer does little to stem the tide.": mere IP logs are not enough to establish liability, perhaps. More importantly, it is opined that individual fishing expeditions dont actually serve the end of eliminating infringement. This does not absolve individual liability, but it becomes important later.

* "Holding Cox liable merely for failing to terminate Internet service to infringing accounts would expand secondary copyright liability beyond our precedents ... The Fourth Circuit’s holding thus went beyond the two forms of liability recognized in Grokster and Sony. It also conflicted with this Court’s repeated admonition that contributory liability cannot rest only on a provider’s knowledge of infringement and insufficient action to prevent it.": This points to another case where Circuit and District courts have been ignoring the instruction of higher courts, in this case, inventing new liabilities where none existed. This doesn't go so far as to repudiate entirely the idea of fishing expeditions having teeth, but it places a clear guardrail around expanding liability without laws establishing such.

===

The Sotomayor concurrence on judgment states that the Justice does not believe the methods used by the majority opinion are correct, but still agrees with the judgement because of insufficient information presented by Sony. I think the analysis gone into in this section is flawed, but it is also not precedential since it is not the Order part of the opinion. I am also out of time to poke at that part for the moment. It does relate this case to the closest recent big case on secondary liability though, that of Smith & Wesson Brands, Inc. v. Estados Unidos Mexicanos, so its worth reading even if the justifying analysis I think does not fit.

The big difference I guess is whether you think negative jurisdiction (limiting what the government can do) vs positive jurisdiction (further enabling the government) is more important, but considering HN and the exhortations against divisive commentary, I'd rather not dive into the weeds arguing that part here.

I do not think this holds up to a factual analysis if you look at any cross section of defensive gun use reports. I don't think that parts actually relevant here though. If you were to use a similar standard as the USSC court applies here: Impressions don't matter to qualify for inducement. The action must be actively invited.

Self ownership and full 'right to repair' has carve-outs in the FCC's regulations in the name of limiting unintentional broadcasting/radiation. Maybe a challenge to those would survive in the post-Chevron environment. I wouldn't expect any Congress in the last 25 years to pass a law which would go against the incumbent telecom lobbyist interests though, and I'd expect such a hole if it did hit case law, to get 'patched' fairly quickly.

About the only way to really solve that would be to embarrass vendors enough to open their moats.