Depends on the vendor for the specifics. In general, they don’t protect against an attacker who has gained persistent privileged access to the machine, only against theft.
Since the key either can’t leave the tpm or is useless without it (some tpms have one key that it can never return, and will generate a new key and return it encrypted with it’s internal key. This means you get protection but don’t need to worry about storage on the chip), the attacker needs to remain undetected on the server as long as they want to use it, which is difficult for anyone less sophisticated than an advanced persistent threat.

The Apple system, to its credit, does a degree of user and application validation to use the keys. Generally good for security, but it makes it so if you want to share a key between users you probably won’t be using the secure enclave.

Most of the trust checks end up being the tpm proving itself to the remote service that’s checking the service. For example, when you use your phones biometrics to log into a website, part of that handshake is the tpm on the phone proving that it’s made by a company to a spec validated by the standards to be secure in the way it’s claiming.

Package signing is used to make sure you only get packages from sources you trust.
Every Linux distro does it and it’s why if you add a new source for packages you get asked to accept a key signature.

For a long time, the keys used for signing were just files on disk, and you protected them by protecting the server they were on, but they were technically able to be stolen and used to sign malicious packages.

Some advanced in chip design and cost reductions later, we now have what is often called a “secure enclave”, “trusted platform module”, or a general provider for a non-exportable key.
It’s a little chip that holds or manages a cryptographic key such that it can’t (or is exceptionally difficult) to get the signing key off the chip or extract it, making it nearly impossible to steal the key without actually physically stealing the server, which is much easier to prevent by putting it in a room with doors, and impossible to do without detection, making a forged package vastly less likely.

There are services that exist that provide the infrastructure needed to do this, but they cost money and it takes time and money to build it into your system in a way that’s reliable and doesn’t lock you to a vendor if you ever need to switch for whatever reason.

So I believe this is valve picking up the bill to move archs package infrastructure security up to the top tier.
It was fine before, but that upgrade is expensive for a volunteer and donation based project and cheap for a high profile company that might legitimately be worried about their use of arch on physical hardware increasing the threat interest.

Soap does destroy some bacteria, and a not insignificant portion. By destroying those fatty bonds the cellular membranes of many bacteria are destroyed, and many viruses denatured and rendered inert.

The removal is the primary action though, you are correct. Not all bacteria are destroyed by soap, which is why the leather, scrub, and scrub while rinsing steps are important to hand washing, since that mechanical action is what removes everything.

https://medicine.yale.edu/news-article/why-soap-works/

Certainly. I’m not saying soap is bad by any means. It’s a tool for bathing just like any other. Not using soap to wash your body doesn’t imply unhygienic anymore than not using a scrub brush makes you unhygienic.

What matters is that you wash regularly, get rid of grime, dirt, excess oils and dead skin buildup.
There’s many paths to hygiene. For most people, the one with soap is the easiest and the only downside is “now moisturize”.

Persistent advertising from cleaning product companies since the 50s have heavily pushed a level of cleaning and perfuming well beyond what’s actually necessary for hygiene.
My body wash company would like me to use a silver dollar sized portion. I get better results from a dime sized portion and a moderate firmness silicone brush.

You’re taking “it’s possible to be clean after bathing without soap” as a way stronger statement than it is.
Do you think I’m saying soap is bad?
No one is talking about hygienic hand washing practices for medicine, food prep, after defecation, or after being coated in tough substances.
We’re in a giant pile of people talking about routing bathing to prevent body odor and the skin issues caused by poor bodily hygiene.
Washing with running water and a scrubbing action is sufficient for that purpose for many people. Bathing without soap is not a guarantee that you will have BO, a rash, skin lesions, or acne.

The Africa point isn’t really the gotcha you think it is. Soap working better faster doesn’t mean that a lack of soap doesn’t work. As you said, when they didn’t have soap they still washed. People are generally interested in being clean, and pragmatic. They’ll clean themselves, and if something helps them get cleaner faster, they’ll use it.

And yup, that passage does document that the Roman empire eschewed soap for personal hygiene until roughly year zero.

The primary action that soap has for fighting bacteria is breaking down oils and making it easier for debris and bacteria to be removed. Less food for the bacteria, and faster removal.
Bacteria will be destroyed by this process, but that’s coincidental to why soap works and provides benefit.
It’s why we don’t tell people to wash their hands by squirting soap on them, spreading it around and then rinsing it off. The critical step is the mechanical action that facilitates removal of debris with running water.

Yes, soap is necessary for hand washing because we need to maximize bacteria removal after defecation or before preparing foods or medical activities.

In the context of bathing however, you don’t need to sterilize your torso. You will also be rinsing your body far longer than you’re typically going to be washing your hands, which when combined with scrubbing results in a clean torso.

I’m not one of those people who’s opposed to using soap or anything, but that’s not the same as recognizing that it’s possible to wash and be clean without it.

Did I say pure luxury, or did I say it makes it easier?

I did forget that something is obviously 100% vital and indispensable or entirely worthless and void of functionality.

Early soaps were used for the preparation of textiles rather than personal hygiene.
As early as we invented soap, we actually had the notion that festering in your own rancid body oils is bad far, far earlier. As such, we had ways of dealing with that well before we had soap and people didn’t just immediately switch.

So go ahead and use soap. I certainly do. But if you’re looking to have your mind blown, take a shower and just scrub your skin with a brush, loofah or the palm of your hand and be amazed when you still get clean. If you’re really grimey, you can do what the Romans did and rub yourself with olive oil and scrape it off with a scraper before doing that.

Phrasing it like that is weird, but you don’t actually need soap. It just makes the oils and grime come off easier, so without it you just need to scrub more diligently.

If you’re cleaning yourself properly your skin is gonna be the same cleanliness afterwards either way. Cheap soap will dry your skin though, so use decent soap.

Cleaning regularly and effectively is the key, not the specifics. Soap just lowers the bar for effectiveness, and maybe adds “and also moisturize”.

Yeah, it’s definitely faster, but I’m not sure it’s going to make too much of a difference for a Minecraft server.

With setting it up being a bit annoying by hand, I’d still rank the router option higher even if it’s a worse VPN. Otherwise you risk ending up in that yak shaving situation where you’re fighting with routing tables and DNS when you wanted a Minecraft server.

And even then, it’s not a piece of paper that you can just accept like a death coupon. It has to be signed and not contentious, and things need to line up very correctly.
My Dad had a DNR in his legal name, but the nursing staff and his room all used the common shortening of that name. Because the names didn’t line up when things went bad and there was no one with authority to clarify they, correctly, operated under the assumption that they did not have an order.

At one point EMS providers couldn’t even make the call, it could only be done by the medical facility. I’m pretty sure that’s no longer the case anywhere in the US though.

Oh for sure. What I meant was “check router for a built in VPN and use it if it has one, otherwise use wireguard because it’s the easiest”.

The specific VPN doesn’t really matter so much. The built-in one would be the easiest, so checking for a solution that took a few clicks is worth it. :)

I would use something like wireguard, or another VPN service you can host yourself if your router supports it natively.

From the looks of it Minecraft servers seem to have dogshit authentication, so using some form of private network setup is going to be your best move.

Eeeh, I still think diving into the weeds of the technical is the wrong way to approach it. Their argument is that training isn’t copyright violation, not that sufficient training dilutes the violation.

Even if trained only on one source, it’s quite unlikely that it would generate copyright infringing output. It would be vastly less intelligible, likely to the point of overtly garbled words and sentences lacking much in the way of grammar.

If what they’re doing is technically an infringement or how it works is entirely aside from a discussion on if it should be infringement or permitted.

Basing your argument around how the model or training system works doesn’t seem like the best way to frame your point to me. It invites a lot of mucking about in the details of how the systems do or don’t work, how humans learn, and what “learning” and “knowledge” actually are.

I’m a human as far as I know, and it’s trivial for me to regurgitate my training data. I regularly say things that are either directly references to things I’ve heard, or accidentally copy them, sometimes with errors.
Would you argue that I’m just a statistical collage of the things I’ve experienced, seen or read? My brain has as many copies of my training data in it as the AI model, namely zero, but “Captain Picard of the USS Enterprise sat down for a rousing game of chess with his friend Sherlock Holmes, and then Shakespeare came in dressed like Mickey mouse and said ‘to be or not to be, that is the question, for tis nobler in the heart’ or something”. Direct copies of someone else’s work, as well as multiple copyright infringements.
I’m also shit at drawing with perspective. It comes across like a drunk toddler trying their hand at cubism.

Arguing about how the model works or the deficiencies of it to justify treating it differently just invites fixing those issues and repeating the same conversation later. What if we make one that does work how humans do in your opinion? Or it properly actually extracts the information in a way that isn’t just statistically inferred patterns, whatever the distinction there is? Does that suddenly make it different?

You don’t need to get bogged down in the muck of the technical to say that even if you conceed every technical point, we can still say that a non-sentient machine learning system can be held to different standards with regards to copyright law than a sentient person. A person gets to buy a book, read it, and then carry around that information in their head and use it however they want. Not-A-Person does not get to read a book and hold that information without consent of the author.
Arguing why it’s bad for society for machines to mechanise the production of works inspired by others is more to the point.

Computers think the same way boats swim. Arguing about the difference between hands and propellers misses the point that you don’t want a shrimp boat in your swimming pool. I don’t care why they’re different, or that it technically did or didn’t violate the “free swim” policy, I care that it ruins the whole thing for the people it exists for in the first place.

I think all the AI stuff is cool, fun and interesting. I also think that letting it train on everything regardless of the creators wishes has too much opportunity to make everything garbage. Same for letting it produce content that isn’t labeled or cited.
If they can find a way to do and use the cool stuff without making things worse, they should focus on that.

As written the headline is pretty bad, but it seems their argument is that they should be able to train from publicly available copywritten information, like blog posts and social media, and not from private copywritten information like movies or books.

You can certainly argue that “downloading public copywritten information for the purposes of model training” should be treated differently from “downloading public copywritten information for the intended use of the copyright holder”, but it feels disingenuous to put this comment itself, to which someone has a copyright, into the same category as something not shared publicly like a paid article or a book.

Personally, I think it’s a lot like search engines. If you make something public someone can analyze it, link to it, or derivative actions, but they can’t copy it and share the copy with others.

So that’s what third party cookies are. What this does is make it so that when you go to example.com and you get a Google cookie, that cookie is only associated with example.com, and your random.org Google cookie will be specific to that site.

A site will be able to use Google to track how you use their site, which is a fine and valid thing, but they or Google don’t get to see how you use a different site. (Google doesn’t actually share specifics, but they can see stuff like “behavior on one site led to sale on the other”)

https://daniel.haxx.se/blog/2020/12/17/curl-supports-nasa/

https://daniel.haxx.se/blog/2023/02/07/closing-the-nasa-loop/

Their process for validating software doesn’t have a box for “open source”, and basically assumes it’s either purchased, or contracted. So someone in risk assessment just gets a list of software libraries and goes down it checking that they have the required forms.

As the referenced talk mentions, the people using the software understand that all the testing and everything is entirely on them, and that sending these messages is bothersome and unfair, and they’re working on it. Unfortunately, NASA is also a massive government bureaucracy and so process changes are slow, at best.
The TLAs don’t generally help NASA, and getting them involved would unfortunately only result in more messages being sent.

As for contributions, I think that turns into an even worse can of worms, since generally software developed by or for the US government isn’t just open source, but public domain. I think you’d end up with a big mess of licensing horror if you tried to get money or official relationships involved. It’s why sqlite is public domain, since it was developed at the behest of the US.

Mostly just context for what you said. NASA isn’t being arrogant, they’re being gigantic. Doing their due diligence in-house while another branch goes down a checklist, sees they don’t have a form and pops of an email and embarrassing the hell out of the first group.

The time limit thing is weird, but it’s a common practice in bureaucracies, public or private. You stick a timeline on the request to convey your level of urgency and the establish some manner of timeline for the other person to work with. Read the line again, but extremely literally: “we have a time frame of 5 days for a response”. “Our audit timeline guessed that it would take a business week for you to reply, so if you take longer we’re behind schedule”. The threatening version is “your response is required on or before five business days from the date of this message”.
The presumption is that the person on the other end is also working through a task queue that they don’t have much personal investment in, and is generally good natured, so you’re telling them “I don’t expect you to jump on this immediately, but wherever you can find a moment to reply this week would keep anyone from bothering me, and me from needing to send another email or trying to find a phone number”

It has organizational support from ICANN, so it’s not done in total isolation.

Paul Eggart is the primary maintainer for tzdb, and has been for the past 20 years.
Tzdb is the database that maintains all of the information about timezones, timezone changes, leap whatever’s and everything else. It’s present on just about every computer on the planet and plays an important role in making sure all of the things do time correctly.

If he gets hit by a bus, ICANN is responsible for finding someone else to maintain the list.

Sqlite is the most widely used database engine, and is primarily developed by a small handful of people.

ImageMagick is probably the most iconic example. Primarily developed by John Cristy since 1987, it’s used in a hilarious number of places for basic image operations. When a security bug was found in it a bit ago, basically every server needed to be patched because they all do something with images.

Most of them are mediocre. Most burger places were mediocre, and then the American gastropub trend saw burgers being made nice as opposed to diner food or bar food. They could also charge more money because they were making nicer food.

Eventually a bunch of the mediocre places shifted to try to also be nice, but mostly just increased prices, changed decor, and started using the word aioli more than mayo. Oh, and pretzel buns on burgers that got taller without being bigger and are cumbersome to eat.

In the plus side, if you like a Swiss burger with a garlic aioli, a burger with a fried egg on it, or a burger with 2 pieces of bacon, a spicy BBQ sauce, and fried onion strings and you’re in the mood for some fries with bits of peel on them and a garlic Parmesan butter, then you know exactly what they’re going to put in from of you and exactly what it’ll taste like.

Mediocre. Not bad, but definitely not the best you’ve ever had.