> The wallets “definitely [look like] someone with some degree of inside info”, said Ben Yorke, formerly a researcher with CoinTelegraph, now building an AI trading platform called Starchild.
Ben Yorke is the only expert I see mentioned in the article, so it'd be a lot more accurate (and a lot less sensational) if The Guardian changed its title to "... says one expert" (but it wouldn't sound as interesting then, would it?).
> Eight accounts, all newly created around 21 March, bet a total of nearly $70,000 (£52,000) on there being a ceasefire. They stand to make nearly $820,000 if such a deal is reached before 31 March.
Not to sound privileged but $800k doesn't sound like that much of money for someone that has access to that kind of insider knowledge, especially considering the risks.
All things considered, I feel like the same people could make much bigger bets using trad-fi instruments than Polymarket so I don't understand what's so significant about Polymarket "whales".
> $800k doesn't sound like that much of money for someone that has access to that kind of insider knowledge
I think you over-estimate by a large margin how much congressional staffers and/or Pentagon employees make, many of whom could have access to this kind of information in the course of their duties.
You don’t have to be an insider to know that the US wants to broker a peace deal now that they’ve gotten themselves deep in the shit. Also, how could a Washington insider know if a peace deal will actually be brokered they have to negotiate with the other party after all.
Betting on a ceasefire isn't the interesting part, placing a five digit bet on a ceasefire by March 31st using brand-new accounts is.
Do you have any other plausible explanation for this behaviour? I can't think of any, if it's just like your average WallStreetBets gambler, why would they be making these bets from brand-new accounts?
Conspiracy theories are once again gossip for men. Interestingly, you can put your money where your mouth is in this case open your own account and make your own bets since you seem convinced. might as well cash in. Which gives me an idea … if only I had enough cash sitting around…
If you're interested in "private AI", see Confer [0] by Moxie Marlinspike, the founder of Signal private messaging app. They go into more detail in their blog. [1]
I don't get how this can work, and Moxie (or rather his LLM) never bothers to explain. How can an LLM possibly exchange encrypted text with the user without decrypting it?
The correct solution isn't yet another cloud service, but rather local models.
Within the enclave itself, DRAM and PCIe connections between the CPU and GPU are encrypted, but the CPU registers and the GPU onboard memory are plaintext. So the computation is happening on plaintext data, it’s just extremely difficult to access it from even the machine running the enclave.
How is it then much different than trusting the policies of Anthropic etc? To be fair you need some enterprise deal to get the truly zero retention policy.
Enclaves have a property that allows the hardware to compute a measurement (a cryptographic hash) of everything running inside it, such as the firmware, system software such as the operating system and drivers, the application code, the security configuration. This is signed by the hardware manufacturer (Intel/AMD + NVIDIA).
Then, verification involves a three part approach. Disclaimer: I'm the cofounder of Tinfoil: https://tinfoil.sh/, we also run inference inside secure enclaves. So I'll explain this as we do it.
First, you open source the code that's running in the enclave, and pin a commitment to it to a transparency log (in our case, Sigstore).
Then, when a client connects to the server (that's running in the enclave), the enclave computes the measurement of its current state and returns that to the client. This process is called remote attestation.
The client then fetches the pinned measurements from Sigstore and compares it against the fetched measurements from the enclave. This guarantees that the code running in the enclave is the same as the code that was committed to publicly.
So if someone claimed they were only analyzing aggregated metrics, they could not suddenly start analyzing individual request metrics because the code would change -> hash changes -> verification fails.
> First, you open source the code that's running in the enclave, and pin a commitment to it to a transparency log (in our case, Sigstore).
This means you have reproducible builds as well? (source+build-artifacts is signed)
Also - even if there are still some risk that the link is not 100% safe, maybe it's safe to assume vendors like yourself going through all that trouble are honorable? (alternatively - they are very curious of what "paranoid" people would send through LLMs :sweatsmile:)
We don't have reproducible builds because we attest the full OS image that we run, which is the Ubuntu image. Unfortunately bit-by-bit reproducible binaries for OS images is kind of an unsolved problem, because it requires the hundreds of package maintainers across all dependencies to eliminate any sources of non-determinism in the compilation. Things like timestamps and file reordering are very common and even one of these changes the entire hash.
So we do the next best thing. We decide to trust Github and rely on Github Actions to faithfully execute the build pipeline. We also make sure to pin all images and dependencies.
If you are an individual developer, please don’t do this. I think proxy delegation is best suited to an organisation (ideally to a non-profit) whose lifespan is longer than of a solo developer and more likely to have “checks and balances” that protect all maintainers’ rights vs just you and yours.
If you don’t want to hand FSF a carte blanche regarding your project—perfectly understandable—then pick a “version X only” variant and move on.
a) The "founder" of the code disappears in to the ether, and it is the equivalent of "version X only";
b) The "founder" stays involved, and if GPL 3 is updated, they can choose.
only b is worth speaking of. In b, isn't having someone in a position to make a choice much better than no one? What is the boogie monster that is the worry? The FSF puts out the 4.0 version, with a special "except for boramalper" clause, that lets you specifically monetise the hell out of it while keeping it closed source? I would not lose much sleep over that.
Stallman is a nutcase, in an endearing way (ok, maybe you have to have moved in the right circles). But he has put in place a system that needed just such a nutcase, who established clear black lines that could not be crossed, and who was also writing enough amazingly meaningful code that we needed to take his license seriously, that could then establish the institutions and governance to make it all live beyond him.
> only b is worth speaking of. In b, isn't having someone in a position to make a choice much better than no one?
Actually, you're right! I thought the proxy can nominate/decide that any other license can be used in the future (i.e. "licensed under GPLv3 or X" where I can chose X to be anything) but it seems that I was wrong. Re-reading more carefully (emphasis mine):
> If the Program specifies that a proxy can decide which future versions of the GNU Affero General Public License can be used, that proxy’s public statement of acceptance of a version permanently authorizes you to choose that version for the Program.
So FSF creates the future versions of a specific license the work is under (in this case AGPL) and the "founder" chooses whether to allow its usage or not. That sounds reasonable to me.
Being a cooperative seems (having never run one) harder than being a regular private company. It seems like it would constrain a business from being able to do what it would otherwise want to do. So I think of it as doing business "on hard mode". I think it's socially worth doing, and I aspire to be part of one someday. But I don't think it comes for free, especially in a market where you'll compete with businesses that aren't also playing on hard mode.
I see, I agree with it too. I think that's why many tech projects prefer a "private company owned by a non-profit foundation" structure such as Mozilla and Signal as the examples off the top of my head.
Microsoft admitted that it 'cannot guarantee' data sovereignty [0] "on June 18 before a [French] Senate inquiry into public procurement and the role it plays in European digital sovereignty" as the CLOUD Act "gives the US government authority to obtain digital data held by US-based tech corporations irrespective of whether that data is stored on servers at home or on foreign soil."
It'd be great if they could clarify in their FAQ [1] if and how the CLOUD Act affects them.
It seems like the entire point is precisely to get around the CLOUD Act.
By setting it up with a European governance structure, Amazon can tell the US government "hey we told them give us the data, but they refused because that would send them to jail under EU law, and they're a legally separate entity so there's nothing we can do."
This is very intentionally not just a regular foreign subsidiary owned by the parent company.
There are several options for AWS. They can simply just obfuscate command to local employees. Or fly US employees there just for this one task. "EU law" will find out after they are back in US - if ever. There is no way to escape CLOUD Act if it is US owned.
"Obfuscating commands" isn't a thing. EU employees know if they are retrieving data or not. And they don't blindly run commands like they're dummies or something.
And if they fly American employees over, what makes you think they'd be let in the building, or under what credentials do you think they'd be accessing the system? Legally speaking, those Americans are simply from a partner company. Just because you're doing business with a partner company doesn't mean you let them into your building.
The point is that AWS is intentionally making it so they don't have options.
So yes, US law lets it go. The law is limited in terms of what it can affect outside US borders. If the EU doesn't want to cooperate, and the US isn't willing to engage in sanctions or war against the EU, then yeah the US is out of options.
It will use the same software infrastructure and physical hardware that’s used in the rest of AWS. Hooped confident are you that he partitions are resilient enough ?
Can engineers be dual eu/us citizens ? AWS uses a lot of ex military and US citizens with government clearance levels for their US govcloud. I don’t see an equivalent here
Amazon can promise the moon and the sky but if I wanted digital sovereignty within the eu it would not be with Amazon any more than I would trust tencent
There must already be protocols in place that prevent any random Amazon employee from getting access to sensitive data (like, the folks in the warehouses can’t just walk in to the AWS datacenters, I assume).
That’s who those US employees would be, from the point of view of the EU branch… no reason to assume they’d let them in. Flying people over to do crimes seems like a risky idea.
It would seem like the problem is one of the business layout and technical layout.
Organize your business and your tech correctly and you can have an owned foreign subsidiary that can comply with local laws. But things would have to be quite separate.
If there's one thing I believe in, it's the ability of the rich to fabricate creative corporate structures to evade the laws of a particular jurisdiction, especially with the aid of a second jurisdiction with interest in that evasion.
Just make it complex enough to confuse juries beyond a prosecutors famously low appetite for losing and you'll be absolutely fine.
Yep, to the extent that short (at best, cause they are potentially fallible) of a warrant canary getting snuffled it is very possible that a company could set up a subsidiary for appearances.
Or, just buy bits of control interest outright (CryptoAG?)
> as the CLOUD Act "gives the US government authority to obtain digital data
AWS maintains a similar stance, too [0]?
The CLOUD Act clarified that if a service provider is compelled to produce data under one of the limited exceptions, such as a search warrant for content data, the data to be produced can include data stored in the U.S. or outside the U.S.
> Microsoft admitted that it 'cannot guarantee' data sovereignty
Hm. As for AWS, they say that if the customer sets up proper security boundaries [0], they'll ensure will keep their end of the bargain [2][3]:
As part of the technical design, access to the AWS European Sovereign Cloud physical infrastructure and logical system is managed by Qualified AWS European Sovereign Cloud Staff and can only be granted to Qualified AWS European Sovereign Cloud Staff located in the EU. AWS European Sovereign Cloud-restricted data will not be accessible, including to AWS employees, from outside the EU.
All computing on Amazon Elastic Compute Cloud (Amazon EC2) in the AWS European Sovereign Cloud will run on the Nitro System, which eliminates any mechanisms for AWS employees to access customer data on EC2. An independent third party (the UK-based NCC Group) completed a design review confirming the security controls of the Nitro System (“As a matter of design, NCC Group found no gaps in the Nitro System that would compromise these security claims”), and AWS updated its service terms to assure customers “there are no technical means or APIs available to AWS personnel to read, copy, extract, modify, or otherwise access” customer content on the EC2 Nitro System.
Customers also have additional mechanisms to prevent access to their data using cryptography. AWS provides advanced encryption, key management services, and hardware security modules that customers can use to protect their content further. Customers have a range of options to encrypt data in transit and at rest, including options to bring their own keys and use external key stores. Encrypted content is rendered useless without the applicable decryption keys.
The AWS European Sovereign Cloud will also benefit from AWS transparency protections over data movement. We commit in the AWS Service Terms that access to the EC2 Nitro System APIs is "always logged, and always requires authentication and authorization." The AWS European Sovereign Cloud also offers immutable, validated logs that make it impossible to modify, delete, or forge AWS CloudTrail log files without detection.
Yeah. Exactly. There have been many regime changes in the last few centuries. It’s hard to think of more than a handful that were actually objectively better. It’s even harder to think of any where the US was involved in the overthrow and installation of the replacement, and it went well. The Marshall plan was good. Any others?
Yugoslavia in the sense that the cultures were at an unlivable state with eachother without significant autonomy. Bad from an economic perspective as the resulting nations are weaker than what a unified yugoslavia would have been today when one looks at gdp projections.
Are you from the region? Yugoslavia has been a far richer and developed country than any of its successor states for a long time, and I hardly think most locals would see the cost of human lives and untold destruction the war brought to settle some incomprehensible ethnic conflict as a good trade.
Worth remembering that Russia experienced three revolutions in the beginning of the 20th century: in winter of 1905, turning it into a constitutional monarchy at least de jure; in spring of 1917, turning that into a parliamentary republic; and in autumn of 1917, turning the parts that did not secede into a dictatorship that shortly became embroiled in a civil war. The Bolsheviks later did an impressive job of erasing the memory of the third being essentially a military coup against the second, despite their very name originating in (remarkably petty) name-calling in the parliament.
By the time the October revolution came, the Provisional Government had lost most of its popular support by choosing to continue WWI though.
Anyway, the main point is that as nice as getting rid of a dictator sounds, the consequences can be much worse than the dictatorship itself, at least in the short term (which can last for a decade or more…).
I sincerely wish the best to Venezuelans, but previous US toppling of terrible dictatorships don't have a stellar record to say the least.
Living in a country stuck in a decade of counterinsurgency warfare doesn't feel particularly great, and I'm sure the Iraqis or Afghans would agree.
> [T]he Provisional Government had lost most of its popular support by choosing to continue WWI
Whereas the Bolsheviks took very little time to effectively surrender to Germany and its allies only half a year before Germany itself surrendered to the former allies of Russia. (Thus freeing up the returning army to wage several years of civil war amongst various parts of itself.) Every option sucked here, much like in every other case during WWI.
And yes, it’s absolutely true that little good usually comes from violently overthrowing a dictator. The best results are obtained from the dictator peacefully resigning after a promise of amnesty for them and their inner circle, however crass and unfair that sounds. Generally speaking, it’s not very helpful to put people in power before a choice of either losing everything or attempting to maintain their hold on that power by whatever means necessary: it’s going to be the second one every time.
That's a very bad example, as ordinary Russians lived MUCH better lives under the USSR than they did under the Czars, at least at that time. The Czarist empire was still mostly a feudal state, and most peasants lived with no education and no money, barely scraping by. Standards of living, while still much, much lower than what was achieved in Western Europe, were still much better than what came before.
Now, can we imagine a world where the Czar was replaced with a Western-style democracy, where the Russian population would have ended up much better than they did? It's possible, sure - but there are no guarantees.
https://stackoverflow.com/a/49656730
So it’s actually not -lite but -ite. =)
reply