History is just full of emotional contradictions I guess. French and Russian revolutions were terrible bloodbaths, smaller violent movements like Luddite one caused deaths and achieved nothing - it would be stupid to approve any of these. But you could also see why this violence happened, and assign an appropriate share of blame to those who held the power to resolve social contradictions in a more equitable way and decided not to do so.
How is one supposed to ensure license compliance while using LLMs which do not (and cannot) attribute sources having contributed to a specific response?
> How one is supposed to ensure license compliance while using LLMs which do not (and cannot) attribute sources having contributed to a specific response?
Additionally there seems to be a general problem with LLM output and copyright[1]. At least in Germany. LLM output cannot be copyrighted and the whole legal field seems under-explored.
> This immediately raises the question of who is the author of this work and who owns the rights to it. Various solutions are possible here. It could be the user of the AI alone, or it could be a joint work between the user and the AI programmer. This question will certainly keep copyright experts in the various legal systems busy for some time to come.
It seems that in the long run the kernel license might become unenforceable if LLM output is used?!
Either you allow LLM generated + human reviewed code or people start hiding AI use.
...and then people start going "that's AI" on every single piece of code, seeing AI generated code left and right - like normal people claim every other picture, video or piece of text is "AI".
IMO it's a lot better to let people just openly say "this code was generated with AI assistance", but still sign off on it. Because "Your job is to deliver code you have proven to work": https://simonwillison.net/2025/Dec/18/code-proven-to-work/
That doesn't help when the company behind the device disappears or stops supporting the device. Or is hacked to convert all the devices they manufactured into a botnet.
Running a ransomware gang is immoral. Catching someone running a ransomware gang is good. If publishing their name helps catch them, it's also good. Not sure where do you see the gap between legality and morality in this case
People often forget that Threat Actors (TA) are the ones keeping the infosec alive. They are doing a good job of scaring people into implementing actual security protocols and thereby improving everyone's security posture. The whole infosec would collapse without TAs, let's not forget that. They create jobs.
It's not a "made-up term", it's shorthand for a well-known argument. Not allowing re-usable arguments is like not allowing the use of libraries in software: It wastes time better spent on moving the frontier forward.
Well, to be honest, those old enough remember when cryptography was considered someting for the military and special services, and considering using encryption would put you under immediate suspicion. Now we can at least argue we need it to protect us from the cyber crime, even if we really have privacy and free speech in mind
German govt is also one of the most corrupt and vastly incompetent govt. It's run by bunch of boomers. Most of the prolific ransomware gangs have terrible opsec. De-anon'ing them is child's play. Most of the opsec-aware TAs never even get attributed, let alone get caught for any breaches.
It's on like place 10 out of 180, which makes it one of the least corrupt places.
It also has some surprisingly non-boomer departments, like the Sovereign Tech Fund. Either way you need to celebrate police doing good things and immoral actors being exposed, it can only have good outcomes.
Perhaps it deters them, or deters the next generation of such hackers. Or at least it makes their life less enjoyable, which is fair since they were only able to afford their travels due to their illicitly acquired wealth.
What's wrong with verifiable credentials? It's an important thing to have it seems? Your passport or a bank card are verifiable credentials, or at least are designed to be.
What do you mean "shifting to smartphone"? It's not a natural process - it's a technical decision to shift them to the smartphone, and a really bad one. We already have smart cards, they work and do not depend on any corporations, even less foreign corporations.
We even have smartcards with e-ink displays and I'd personally want them to succeed here instead of moving security-critical apps to smartphones..
Because Google then abuses its position to inject unremovable spyware with elevated privileges into the phone which the user then can't defent against without making the phone "unsecure" and thus unsuitable for these apps.
If these apps really need a smartphone, I'd at least want it to be free of ad-related garbage in the system. I'm fine with not being able to flash a custom ROM on the smartcard as it doesn't contain hostile software.
Now if even Apple starts showing ads, there's no other choice but to restist this..
reply