> Victor Orban could have wiretapped any communication within the EU. Supporter by an EU directive
Don't spread such bullshit FUD.
The E‑Evidence package contains multiple legal and procedural safeguards:
1. Judicial authorisation
2. Scope limits
3. Proportionality and necessity tests
4. Channels for challenge and review
5. Data-protection rules
6. Natinoal enforcements and remedies
Cross-border orders must be issued as European Production Order (EPO) or European Preservation Order (EPO‑PR).
The Regulation defines what can be optained and when. And wiretapping (i.e. content and traffic) is striclty limited to serious offences. Blanket mass surveillance is EXPLICITLY NOT POSSIBLE.
A judge is required for sensitive categories, e.g. wiretapping. And factual grounds must be provided demonstrating necessity.
The Regulation EXPLICITLY requires that orders be necessary and proportionate for criminal investigation
The member state where the service provider (or its EU representative) is established is notified when an EPO/EPO‑PR is sent, giving an additional oversight channel and the enforcing authority a role in examining objections.
The CJEU remains a backstop on top of national authorities.
But why would the Europeans want to copy the US "cloud" model of micro-compartmentalizing services into hundreds of abstracted products carefully designed to have circular dependencies between each other ..... And all shipped with price sheets billed in invented unit metrics and more small-print than a packet of prescription drugs that makes it completely impossible to predict how much you're going to pay.
I'll take the cleaner approach with predictable billing offered by the EU providers. Even if it means using my brain to RTFM and edit a couple of config files (which can then be rolled into automation via images or Ansible or whatever).
If Europe copy winner takes fraud is allowed and price transparency higwash ideology, then it will also end up with exact copy of current American dysfunction - ultimately including loss of democracy, Trump figure with unchecked power and failing constitution.
Europe can fail on its own, but recreating the exact billionaires are able to scam everything will make it fail faster.
This blog post title would be better worded "small business owner is surprised by contract term he signed up for".
I mean, it does say it right there in black and white in the Supplier Contract that he signed up for ....
Section 3 CCS - Supplier contract, Reporting Period: "The Supplier must complete an MI Report and return it to CCS by the fifth Working Day of every month during the Term and thereafter until all transactions relating to any Buyer Contract have permanently ceased. If at any point there is a period of a month where no reportable transactions occur, then the Supplier must make a declaration to CCS confirming no business has been conducted, in place of data submission."
I know, to quote the author, "It can be hard running a small business.". But surely at least make an effort to read contracts you sign up to ?
At no point did the author suggest that small businesses were surprised by this requirement - just that it's pointless bureaucracy, which it is.
And that's especially ironic since the whole point of the "Low Value Purchase System" is to make selling to government less time-consuming for small businesses!
> At no point did the author suggest that small businesses were surprised by this requirement - just that it's pointless bureaucracy, which it is.
Well, they are complaining about having to login monthly to file a zero report.
Yes, I agree its bureaucratic, but that's no excuse for not reading the damn contract !
If they read the contract they signed up to, perhaps they would have decided "fuck that" and not bothered signing up in the first place.
P.S. Reading contracts is a good thing, because I bet this guy also missed all the juicy indemnity and liability clauses, some of which are unlimited for "interesting" things such as unlimited indemnity for third-party Intellectual Property claims against the government related to what you supplied them:
10.5 If any claim is made against CCS for actual or alleged infringement of a third party’s intellectual property arising out of, or in connection with, the supply or use of the Offered Deliverables (an "IPR Claim"), then the Supplier indemnifies CCS against all losses, damages, costs or expenses (including professional fees and fines) incurred as a result of the IPR Claim.
> Just because it's in the contract doesn't mean you can't complain if it's a stupid waste of time.
For a start they would be better of complaining to their MP instead of ranting about it on the internet. At least there is a remote chance their MP is in a position to do something about it.
Letter to MP: one letter to MP, nothing to show for it.
Complain on blog: several letters to MPs of different districts, all of whom can now say that their constituents are writing to them and complaining about the same thing.
I don’t know the inner workings of Parliament but this is pretty basic for any remotely democratic government system. One person who cares a lot is less valuable than a lot of people who only care a little.
Bringing more widespread awareness to niche issues most people aren't aware of is, by some infinitesimally small percentage perhaps, more likely to have an impact on bureacracy than trying to act alone. Or maybe they know things aren't going to change, and are complaining on their personal blog to have a vent, which they are perfectly well within their rights to do. Just like you're allowed to complain about their complaining blog post, and I'm allowed to complain about your complaining comments about their complaining blog post. I think your complaining comments about their complaining blog post are rather more annoying and less interesting to read than their complaining blog post, but I suppose you'll probably think my complaining comment about your complaining comments about their annoying blog post are more annoying still :)
To be fair, the fundamental problem here is the author's resting of wrists to type.
This applies to any computer, Apple, Windows or Linux. Desktop or laptop.
If your typing on any computer is dependent on you resting your wrists whilst typing then it is indicative of poor typing technique and/or posture.
And ironically the very thing you think you're trying to prevent by resting your wrists (carpel tunnel and/or strain) is likely to be aggravated by over-reliance on wrist wrests due to the added pressure on the wrist.
> You can also enable it on firefox with privacy.resistFingerprinting enabled.
Not the same thing.
I use both Firefox and Mulllvad Browser side-by-side on a regular basis and in practice Mullvad Browser is far more aggressive in its privacy preserving measures to the extent that you do sometimes stumble across websites that are "broken" in Mullvad Browser but work fine in Firefox, for example the animated map features on the Ventusky website (which, IIRC, breaks because Mullvad is more aggressive at blocking JS graphics functions).
For Photoshop there are already "competitors", such as Canva or GIMP or countless others. But adoption has been limited.
Why ?
Because of the tightknit Adobe integration. If I create something in Photoshop, I can pull it in natively into any other programme in the Adobe suite ... e.g. InDesign (desktop publishing), Indesign (vector illutration), Premiere (non-linear video editing) or After Effects (motion graphics).
Not only can I pull it in natively, but in most cases I benefit from Adobe Dynamic Linking. Which means if I go back and mess with the Phtoshop file, it is automagically updated in all my child projects elsewhere.
Do not underestimate the sheer boost to the workflow and time savings that that provides !
Building on the above, if I'm recruiting designers, there is a very high chance they've spent the last 20 years using Photoshop. Am I going to waste my time and theirs forcing them to learn GIMP or whatever ? No. I will just get them an Adobe license.
Now let's hypothesize that my theoretical designer that I just employed has produced a product in InDesign that we're sending off to the printers....
If you want to get the best out of your printer during the pre-flight process, then you're absolutely want to be sending them a PDF file that came out of the Adobe toolset. Why ? Because your printer can send you Adobe-ready preflight-validation config files and because your printer can help you with issues. Not using Adobe ? Prepare for your printer to say "on your own chum".
Adobe is not perfect, but they command the market dominance they do for very good reason.
> The actual risk is that US spooks can use these hardware features to infiltrate European clouds.
If your threat model is clandestine government actors then I think it would be a rather odd decision to host on ANY cloud !
The main risk for most people is being subject to US CLOUD Act, US PATRIOT Act etc. etc. Which, despite what the sales-droids will tell you, still applies in the fake-EU clouds operated by the US providers.
If you are serious about EU data sovereignty then you absolutely want an EU OpCo that has nothing whatsoever to do with any US company. If OpCo has ties to a US company or IS a US company such as AWS or Microsoft, then you've lost the EU jurisdiction.
The concern over "digital sovereignty" is motivated by the US wielding sanctions as a political tool against Europe.
It's impossible to fully eliminate any exposure to US sanctions. If the EU wants to fully shield itself, it should aggressively counter-sanction American entities. If the US government knows that every time it sanctions some EU entity, an American entity will get sanctioned just as hard, it will think twice.
For some reason, the EU has been unwilling to go down this obvious path.
The problem is that European (in the EU and outside) countries do not have the same ability to sanction the US as the US has to sanction them.
If the US imposed sanctions that blocked access to cloud services a lot of the government and the private sector would just shut down.
Take what happened to the French ICC judge and imagine that happening across a whole country and far more pervasively (because a lot of people he deals with will not follow US sanctions, but would have their own services cut off if his country was sanctioned): https://www.euronews.com/my-europe/2026/02/18/us-sanctions-t...
The EU could absolutely find ways to hurt the US economy just as much as vice versa. It doesn't have to use the same tools as the US. Just ban major US companies from doing business in the EU. Impose massive fines. Get creative.
The EU economy is on par with the US economy. The EU has plenty of ability to hurt the US economy.
The reason this doesn't happen is because the EU isn't a country. It doesn't have a unified central government. It's 27 different sovereign states, each with their own completely different foreign policy. The type of policy I'm describing requires a unified political leadership willing to play for high stakes.
This is why China has been so much more effective than the EU in the trade war with the US. It's not that China theoretically has better cards to play. It just has a central government.
EU economy is not on par with the US economy. This is a dangerously old belief. That was maybe true in 2000 but not in 2026. EU GDP per capita is ~$48k and US GDP per capita is ~$94k. US economy is nearly twice as big. Quarter of a century of higher growth will do that.
EU does run a trade surplus with the USA. In a big fight the USA would, strictly speaking, have to replace more stuff than the EU would. However that ignores the makeup of the things being traded. EU exports to the US is dominated by pharma products that the US could make generics of, misc machinery that can often be replaced by Chinese competitors now, and luxury goods the US doesn't strictly need. US exports to EU are critical for the functioning of the economy (assuming you count tech services as exports).
It would be catastrophic for the world if there was a serious trade war between US and EU but if it involved major disruptions to tech services the EU would fold within days. There are no home grown replacements for most US software and no ability to make them anytime soon (especially as any broad spectrum sanctions would include frontier AI models).
> EU economy is not on par with the US economy. This is a dangerously old belief. That was maybe true in 2000 but not in 2026. EU GDP per capita is ~$48k and US GDP per capita is ~$94k. US economy is nearly twice as big. Quarter of a century of higher growth will do that.
I think per capita is not a useful measure here? The populations are unequal.
By nominal exchange rates, the US economy is estimated to be $31.856T this year; the EU's $23T; by purchasing power parity exchange rates, the EU is $30.678T.
Exchange rates matter for what actually gets traded, but they're also easily shifted by interest rate policies. But even with this, any simplification of economics sufficient to fit in a comment is going to be very misleading about questions of who is more or less dependent on global free trade, the US or the EU. Even the complexity you list: I suspect there's an office or five in various EU nations filled with economists trying to work out exactly what would go down if there was an EU-US trade war and how to remove the critical points of failure.
> US exports to EU are critical for the functioning of the economy (assuming you count tech services as exports).
> It would be catastrophic for the world if there was a serious trade war between US and EU but if it involved major disruptions to tech services the EU would fold within days.
Yes, but this is kinda the point of all the digital sovereignty stuff.
It was already weird to me, as an iPhone app developer in Germany making apps for Germans living in Germany where sometimes the only language option was German, that I had to tick a box while uploading apps confirming that any encryption in the app would be in compliance with US export laws*; now, it's unacceptable.
> It would be catastrophic for the world if there was a serious trade war between US and EU but if it involved major disruptions to tech services the EU would fold within days. There are no home grown replacements for most US software and no ability to make them anytime soon (especially as any broad spectrum sanctions would include frontier AI models).
It's true that much of our infrastructure depend on US parties, but there are regions, governments, municipalities and more that is already 100% independent, although they're few right now, growing every day though.
But it's a misconception that it's 100% dependent on US SaaS and services, when already there are islands of people running their own infrastructure already today. People won't just give up if the US somehow cuts all connection, they'll just collaborate with the people who's infrastructure continue running like nothing happened, and it'll happen fast as a lot of services depend on that to work.
> It's true that much of our infrastructure depend on US parties, but there are regions, governments, municipalities and more that is already 100% independent, although they're few right now, growing every day though.
What about the devices people use to use this infrastructure? Most individuals use American controlled smartphones and American OSes on computers. What about private businesses?
> Most individuals use American controlled smartphones and American OSes on computers.
Do most individuals really? I think in America, it might seem like that, but if you visit countries like Peru, Spain or Asian countries, you'll realize there are huge mobile companies completely outside of the American hegemony that are popular in the world too, although maybe they're unheard of in the US. Last time in Peru I probably saw more Xiaomi phones than anything else, and also Huawei is popular.
US GDP is only about 30% larger than EU GDP in nominal terms, which is not enough to matter in this discussion. It's "on par" for all intents and purposes. The EU has plenty of ways to hurt the US economy very severely.
The EU is not necessarily the right comparator. If it came to that level of conflict its possible that not all EU countries would side against the US, its also possible some non EU countries would. However, i agree with your broad point that some European alliance is roughly comparable to the US.
However:
1. European countries are low growth and therefore of diminishing economic importance. Every year that goes by North America and Asia and other economies become comparatively larger.
2. What the US supplies Europe is going to do greater immediate damage to Europe than what Europe supplies the US. The US can turn off things that start hurting economically broadly and immediately and are hard to replace: cloud services, payment systems, etc. Things that only hurt when stocks run out, or that could be bought from elsewhere have less impact.
> If the US imposed sanctions that blocked access to cloud services a lot of the government and the private sector would just shut down.
You don't think they'd rather maybe find alternatives rather than shutting down? Sure, it'd be sucky probably for a long-time, but it's not like we don't have IT professionals who can stand up physical servers, email servers and what not, plenty of local municipalities do so already, so somewhere there is expertise already.
People generally don't just give up and throw their hands in the air in the face of difficulties, even less so when the governance of their country depends on it.
I think you are underestimating the supply chain problem. You can't stand up extra servers you don't already have in extra data center capacity you don't already have. The whole point of the cloud is that you don't have these assets.
While you can acquire these assets the lead times would be several months at a minimum, and probably years if everyone is trying to do it at the same time. It isn't an issue of knowhow, the required physical infrastructure doesn't exist.
Say Microsoft/Google/whatever my local municipality is using right now, gets blocked tonight, and tomorrow everything US-related is offline. It won't (and can't) take months for them to get one server up and running for them to continue with their administration. As mentioned, other municipalities in the country already are 100% independent, running everything themselves, either they're willing to help out the rest of us, or at least provide expertise enough so we can. Then the country is filled with FOSS nerds like myself, who wouldn't shy away from stepping in to help either.
Probably the larger cities would take longer to solve, but I don't think "We cannot get server hardware from the US" will be the biggest problem, it'll be around national organization until the biggest fires been put out. Putting one server in each ajuntament would basically be enough to get 80% of the local municipalities up and running again.
It wouldn't only affect local governments, it'd also trash all the businesses, banks, national governments, etc. Google on its own getting blocked breaks the entire internet because so many websites rely on the free services they host. Remember there are no European search engines of any quality and only Mistral as a European AI provider, so even just findings things would be difficult.
You underestimate how resilient and effective people can be when needed. Yes, as mentioned earlier, it'd suck for a while, but we'd come up with solutions pretty quickly, as the entire country would rely on that.
Pretty much exactly a year ago, I was about leave home to go buy something, when the power was cut, garage door didn't open. Fine, jump into a taxi, and both of us notice that seemingly the entire town is without power. Once we arrive at the store in another town, same thing.
Turns out, the entire country had lost power, and would be without power for pretty much the rest of the day, and same thing in neigboring Portugal. We were literally without power, internet and cell-phone service for pretty much the entire day.
Did the entire of society pretty much was put on hold for a day? Yeah, but still we managed to go on with our day. I owed the taxi driver until the next time I saw him, the store accepted the same thing so we could buy some stuff, they noted down everything on paper, and so on.
We did survive, and thanks to humans being humans, we all could pretty much survive even that day.
Loosing Microsoft/Google/AWS would indeed be pretty much on a smaller scale, mostly impacting IT and everything related to IT, which is large swaths, but just like every other problem, it'll be worked around both temporarily and permanently, it's just in human nature to do.
Again, I'm not saying it wouldn't suck, nor that it wouldn't be difficult, but also, it wouldn't take a year before emails are being sent between companies again either.
It was just one day. I have experienced multi-day power cuts and it was bad enough in a developing country that was largely a cash economy. it would be a lot worse in Europe now.
I think Europe now is far more dependent on IT systems than you think. They are almost as essential as electricity. You found a taxi driver you would see again - how would one get an Uber and when would you meet an Uber driver again? How long can shops keep extending credit?
Its not just losing Azure/Google/AWS. It means losing security updates to smartphones, not being able to use Windows logins for your laptop, not being able to make card or phone payments, possibly not being able to withdraw cash. Without security updates American OSes will become insecure. How long will it take to replace the OS on every smartphone and desktop? What about defence? Will those F35s keep working without IT support? What about medical and hospital systems?
The IT impact is on top of everything else, not the only impact.
Its one thing for things to come to a standstill for one day, but the economic impact of things coming to a standstill for weeks is very different. At best it is an instant deep recession. It will mean running out of essentials, even food as logistics is heavily compromised. Even over 30 years ago the CEO of a logistics company told me that IT was critical to their business - that will only be more true today. You can do stuff on paper but at greatly lowered efficiency.
it might not mean a total collapse of society, but it will mean a huge amount of economic damage, and far more than any combination of European countries (e.g. EEA plus UK) could do to the US.
The US has had long standing bans on exports of things like encryption. The US banned the export of software with greater than 40 bit key sizes for many years and most people just accepted the security risk (and the implication that the US and others could easily spy on them) including European governments.
People said that about spying before the Snowden leaks. Nothing happened.
The difficulty of building an entirely home grown IT ecosystem from scratch is insurmountably huge. Especially as a lot of the people you'd need to do it currently work for US companies and are happy there - in any fight it's not at all clear that the people with the right skills would side with Brussels, which has a long history of treating the tech industry as a cash cow at best and outright antagonistically at worst.
> the EU has been unwilling to go down this obvious path
Well, the EU in general tends to favour the "lets sit down in a room and talk like grown-ups" approach to finding solutions to problems.
Wielding sanctions as a first/second choice option is a very US thing, even more so with the present administration.
In theory the EU does have a lot of options available to it beyond sanctions, such as making life difficult getting Schengen visas for all those US citizens you constantly read about on the CNN website who are flocking to Europe .... but that sort of action would be very un-European[1][2]
> such as making life difficult getting Schengen visas for all those US citizens you constantly read about on the CNN website who are flocking to Europe
Trashing your own tourism sector is a very European defense mechanism.
The truth is there is one and only one way Europe can try reclaiming sovereignty, and it’s the one that’s most painful—rebuilding its own military.
> Trashing your own tourism sector is a very European defense mechanism.
Yeah, virtually unheard of in a certain North American country, where every tourist with a certain skin color never been very worried about being extra-judicially sent to an internment camp.
No state in America is as dependent on European tourism the way Southern Europe is on American tourism. (And yes, the temporary blip in Canadian tourism sent a message.)
> as dependent on European tourism the way Southern Europe is on American tourism.
We're mostly dependent on other Europeans, the US is not the single highest tourist/visitor in any of the Southern Europe countries. Italy is the country with the highest percentage of American tourists, but even they have more German visitors. Most southern countries have most tourists from the UK, Germany and France, kind of as expected.
If you think about it for a second that makes a ton of sense too, considering the distances involved here, and how cheap flights inside Europe are.
> We're mostly dependent on other Europeans, the US is not the single highest tourist/visitor in any of the Southern Europe countries
Oh totally agree. But removing American tourism would require stabilizing policy interventions on the European side. It would not on the American side. That’s why threatening to cut off American tourists to Europe as a mooted retaliation measure is dumb. (I can also absolutely see Brussels doing it instead of any of the hard stuff.)
> Trashing your own tourism sector is a very European defense mechanism.
Please re-read my post .... in particular the first two words "IN THEORY".
As far as I am aware, the option I mentioned has never, ever been mooted as a possibility. It was something I invented as a random example of a non-sanction possibility.
> rebuilding its own military
Aah yes, because a strong military has been so awesome for the US in the US–Iran war where IIRC the Iranians managed to destroy lots of very expensive US military radars[1] and other expensive assets[2][3] in the region despite your president having claimed to have "destroyed 100% of Iran's military capability".
It doesn’t work in theory. America reversing the move and banning its own citizens from traveling to Europe would bankrupt multiple EU members [1].
> because a strong military has been so awesome for the US in the US–Iran war
Uh, the Iran war was an exercise of American sovereignty. Rules be damned.
> where IIRC the Iranians managed to destroy lots of very expensive US military radars
And they didn’t do it with soft power!
Europe has a good deal. America guarantees its security. It gives up sovereignty in exchange.
“In theory” discussions about self immolation through tourism bans and money giveaways on strategically-useless “sovereign clouds” are finger paint on turds. Messaging exercises. They afford Europe zero marginal sovereignty vis-à-vis the U.S.
Europe is not going to be sovereign unless it commits to an independent security posture. And the simple truth is that isn’t politically possible right now.
> America reversing the move and banning its own citizens ...
You sit there lecturing me on "in theory" discussions and you come up with that line.
I think you will find many European countries would celebrate yanks being told they can't visit Europe. Nobody will miss the loud Karens who make no effort in relation to the local culture.
It might have escaped your notice but the present US administration has not exactly done much to encourage Europeans to welcome yanks what with threatening to invade a European country and all that.
Get your own house in order before lecturing others.
> You sit there lecturing me on "in theory" discussions and you come up with that line
“In theory” requires it work in theory. I’m pointing out that your proposed “retaliation,” banning American tourists from Europe, hurts Europe more than it does America to the point that it would be a potential (albeit over the top) tactic the U.S. would itself deploy.
> the present US administration has not exactly done much to encourage Europeans to welcome yank
Correct. I agree with the notion of European sovereignty. I’m saying “sovereign cloud” BS is performative nonsense. So long as Europe is dependent on American F-35 parts, LNG and banking rails, Washington has a de facto veto on European policy.
Like, what policy position could Europe take with a sovereign cloud but with the above dependencies that it can’t take today? I’m not thinking of anything. In contrast: if Europe decoupled from American LNG, what geopolitical options open up?
> Get your own house in order before lecturing others
I vote in America and Switzerland. I’m talking about my own houses.
> If the EU wants to fully shield itself, it should aggressively counter-sanction American entities
This isn’t a realistic option without an independent security posture. Washington could bankrupt Europe overnight right now with targeted tourism, technical and financial sanctions. (And increasingly, energy.) All of that before considering kneecapping Europe’s NATO-integrated kit.
> Washington could bankrupt Europe overnight right now with targeted tourism, technical and financial sanctions.
Yet again the American exceptionalism bleeds through and shows why the hegemony is currently dying. Maybe with a slight bit of humbleness it could have survived but no, the exceptionalism is so well encoded that it seems short of impossible to stop the decline at this point.
Seemingly this was the idea with Iran too, which based on the current goings, isn't going so well. How do you expect that to be true for the second/third largest economy in the world, when the US can't even do so with Iran, one of the already most sanctioned countries in the world?
None of this requires America be better at anything. It just requires the current finance and trade flows to be what they are.
> Seemingly this was the idea with Iran too
The analogy doesn’t work. American sanctions and adversarialism with Iran have famously granted us few grabholds on their system. Tehran is sovereign.
To the extent there is an analogy here, it’s in European reliance on America being its Hormuz. The obvious vulnerability that gives America asymmetric capability over Europe is the financial, security, energy and trade reliance. Unlike the Hormuz, those aren’t geographic features. But if Brussels is content with mincing around with their own special pile of AMD chips (or tourism bans or whatnot), it might as well be carved into rock.
The Iranian economy is in a state of total collapse! That's not something to aspire to.
It's not good to be in denial about this. Even small amounts of US pressure would create chaos in Europe at this point. Multiple European countries are heading towards a major financial crisis entirely on their own, even without any US involvement at all. See e.g. the UK, whose debt is now much too large for even an IMF bailout to work. Only massive austerity of the type that makes 2008 look like splashing around in warm water will be enough to turn that around.
Europe is not independent. Even ignoring basics like oil and gas, the choices of the EU ruling elites in Brussels have, over a period of many years, broken any ability to create a competitive domestic tech industry (something very difficult even with China-style global cutoffs). Even if it was all fixed tomorrow it's far too late. Building a competitive domestic office suite is far beyond what the EU can achieve, let alone everything else required.
> The Iranian economy is in a state of total collapse! That's not something to aspire to.
Right, I agree, situation is awful and Iran is struggling. But is it bankrupt? Did the US bankrupt much-smaller-than-Europe Iran overnight? Nope, so lets not be under the false belief that somehow Europe would be easier, that's backwards.
Yes, they essentially did, so far as civilians are concerned.
Most people can't afford food anymore. Minimum rent is like 40% over minimum wage (and most make only that much, including government employees). A lot of things cost 2x over what they did before the war.
I'm gonna quote a friend of mine that lives in Iran (though he's slightly better off due to family)'s comment on the matter:
"When I go get a full bag of groceries and a kid is caught with a can of tuna under his clothes, crying, how am I supposed to feel good about having money"
The word bankrupt loses precise meaning when applied to countries that can print their own currency, as Iran can. It just means something like "collapse with hyperinflation". Iran is in a state of collapse and experiencing hyperinflation. That's what bankruptcy looks like for a country.
My opinion is that it is over-hyped because like any LLM, it requires a suitable human in the loop to keep the LLM on the straight and narrow, and then to weed through the inevitable false-positives and hallucinations.
Nicholas Carlini, for example, whose name is on many of the recent high-profile Mythos findings is not just some random dude with a Claude sub on his credit card .... he's an experienced security researcher.
Random inexperienced people thinking Mythos can replace the need for experienced pen-testers, auditors etc. are likely to be sorely disappointed if/when they get their hands on Mythos.
> Nicholas Carlini, for example, whose name is on many of the recent high-profile Mythos findings is not just some random dude with a Claude sub on his credit card .... he's an experienced security researcher.
I don’t think Mythos is hype for all kinds of reasons.
Anthropic is a young company but their track record is solid; they don’t seem to hype things just for the sake of hyping things. Sam Altman at OpenAI? We already know his track record…
I’m going Occam’s razor here: the simplest explanation is usually the correct one.
Anthropic had an “oh shit” moment when they realized what Mythos can do. They decided to do the responsible thing: give the industry a heads-up and an opportunity to use the preview to identify and fix the most dangerous zero-day vulnerabilities.
Since the FAANG companies have billions of users, it makes sense to start with them.
There’s still going to major issues for users of systems too old to get patches or updates. Or for IT organizations who think Mythos is a replay of Y2K, where, compared to the warnings, not lot happened.
The bottom line is someone with Mythos won’t need to be an experienced security expert to cause real problems. That’s kind of the point.
> replay of Y2K, where, compared to the warnings, not lot happened
My dad was on one of the many Y2K teams that major tech companies had to make sure nothing went wrong. I feel like history may have undersold what could've been if not for considerable effort leading up to Jan 1, 2000.
> it is over-hyped because like any LLM, it requires a suitable human in the loop to keep the LLM on the straight and narrow, and then to weed through the inevitable false-positives and hallucinations.
"Suitable human" is a dry phrase indeed. ^_^
The hype is "gosh look at all the bad things this brilliant almost conscious tool found!"
The reality: an insecure toolchain for an insecure language with an insecure compiler produced a runnable but insecure binary for an insecure OS. We couldn't be arsed to address any of this before, but now we're being billed the full price of our laziness.
Yeah, I was thinking earlier, the way things are going, software (and maybe the internet itself) might need to look a little different in a few years.
Ironically the AIs will probably help us produce higher quality software in the end, because "everything gets pwned" becomes the forcing function for software actually being correct.
In other words I think we are actually entering an age where correctness makes economic sense. (One can dream!) The cost of producing correctness is dropping, and the cost of not doing so is rising massively.
Over time that will change. Technology has proven time and time again that as we add a new layer of abstraction over the fundamental functionality, knowing the previous layer quickly becomes vestigial knowledge. It is true not just in software but absolutely all technology there is, going back to the first fire made or atl atl or rock sling.
> likely to be sorely disappointed if/when they get their hands on Mythos.
At first they will be delighted. So much money and time saved. When their adversaries get their hands on their system (with or without Mythos), then they'll be sorely disappointed.
Clearly the person who wrote "Oof" has never emailed Mullvad support.
Whenever I have emailed Mullvad support I have received a prompt reply from a human being who clearly actually cares about taking ownership of the question and seeing it through to resolution.
I have also witnessed first-hand the support person taking the question to an internal team member where it requires additional input. So there are clear paths for escalation if circumstances require it.
Finally the support mail allows for PGP encryption of communications too.
(I am not a Mullvad shill. Not a Mullvad employee. Just a satisfied customer)
Don't spread such bullshit FUD.
The E‑Evidence package contains multiple legal and procedural safeguards:
Cross-border orders must be issued as European Production Order (EPO) or European Preservation Order (EPO‑PR).The Regulation defines what can be optained and when. And wiretapping (i.e. content and traffic) is striclty limited to serious offences. Blanket mass surveillance is EXPLICITLY NOT POSSIBLE.
A judge is required for sensitive categories, e.g. wiretapping. And factual grounds must be provided demonstrating necessity.
The Regulation EXPLICITLY requires that orders be necessary and proportionate for criminal investigation
The member state where the service provider (or its EU representative) is established is notified when an EPO/EPO‑PR is sent, giving an additional oversight channel and the enforcing authority a role in examining objections.
The CJEU remains a backstop on top of national authorities.
reply