And changes happen at pretty much all levels of scale. Even once you get well past startup size the times of structure and processes required for a 10,000 or 20,000 person company is much different from a 1,000 or 2,000 person company.
Only a few people can adequately explain themselves through slack.
It doesn't help that a lot of managers are _bad_ managers, and don't/can't/don't know how to run a tight 1:1.
the point of the 1:1 is to provide a high bandwidth way of getting worries and steers from employees to management and direction back to employees. if there is nothing to talk about then cut the meeting short.
Its like writing a thriller where you are the main operative, heroically saving the day with your skill, foresight and tenacity.
The problem is, it sets a rigid path far to early that you are unwilling to move away from, either because you had ambitions for those empty stubs, or because the obvious solution means admitting that you current $thing is not as successful as it should be.
The problem I have found recently is that it bleeds into the training set that LLMs to use to make software. our platform is pretty well defined and has excellent metrics and logging that come for free.
But the LLMs are creating Otel forwarders with custom NATs transport, even though we have all of that for free already (and in the agents.md)
Yes, but also its much cheaper to build it in at the very start.
When we built pervert glasses research platform, if we'd just ignored the data privacy laws we could have built it much quicker. But, the only reason it took extra time is because
1) we had no idea what we were doing and
2) the lawyers had even less idea, so we had to do a bunch of reading and make a best guess.
Turns out the guesses were right, but it was painful getting the lawyers to understand.
The people in the industry that I know were/are trying to stop fraudsters, script kiddies, nasty people, and governments from trying to exploit weaknesses and take unauthorised control of devices and services.
The problem with that is it generally requires a central point of trust.
Sure you can allow multiple points of trust, but for the unskilled user, that means that the little lock symbol becomes unreliable (or whatever)
Without commenting on the UK governments stuff (It is probably full of shit, but then thats what lobbying does) We as technologists need to engage with wider society and understand on their terms, the worries they have.
For this particular "proposal" it strikes at the core worry of today's kids. They are sadder, more insular, more dependent on mobile comms and exposed to much nastier stuff than millennials were at the same age.
AT my school in the very late 90s, a group of 14 year old girls went to the beach and took a disposable camera. Standard photos apart from one, which was a group of them topless. One of them brought them back from the developers into school. Somehow the topless photo was stolen and passed around various classes.
It ruined her month, even though she got the photo back. I suspect it left scars longer than that.
Now imagine not being able to get that photo back. Thats the problem for todays kids. One moment of stupidity and a lifetime of consequences. (under a certain age, if they took photos or videos of other kids, that makes them liable to be on a list, for life.)
You could say "oh education" but did you listen at that age?
Whats worse now is that there are no gates on what photos can be developed by the normal person. If you took any photo that was explicit, it almost certainly wouldn't be printed (hence why there were very little dick pics from that era).
Is what the UK government proposing workable? well looking at the OSA, almost certainly not.
However unless we, as a tech community engage with society, with useable answers that are understandable to the normal person, then we are going to be crushed by the weight of "something must be done". Absolutism is not our friend here. We need to engage and choose compromises, or lose wider freedom for ever.
> were/are trying to stop fraudsters, script kiddies, nasty people, and governments from trying to exploit weaknesses and take unauthorised control of devices and services.
While I don't doubt that's a motivation, the problem I have is it's really a question of likelihood. I feel that in terms of security focus it's very common for people to put on blinders and ignore the likelihood of an exploit in favor of "Ooooh look at this thing that COULD be exploited!"
It's fundamentally the problem I have with how CVEs are reported and handled in general.
In terms of secure boot stopping problems. Yes, it does stop someone from rooting a device which is great. However, someone that has access to root a device almost certainly also has the ability to just install a virus in the OS startup scripts. Or to modify a user executable. Or to modify the user's PATH environment variable to inject a malicious app in front of a commonly used one.
That's what I wish security focused people would weigh more heavily when they evaluate these sorts of threats. "What other damage could a malicious individual do if they had the same permissions to pull off this exploit."
> It's fundamentally the problem I have with how CVEs are reported and handled in general.
Yes, its more like a popularity contest.
But secure boot stopped(or stops) a whole bunch of driver/rootkit exploits, which was a big thing in the late 2000s. It means that a random driver that is inserted by some script kiddie raises a whole bunch of warnings, which it wouldnt have done before.
> The problem with that is it generally requires a central point of trust.
The problem with it is that the people who want to use a central point of trust as a chokepoint for censorship, surveillance and monopolization keep claiming that this is required when it isn't.
> Sure you can allow multiple points of trust, but for the unskilled user, that means that the little lock symbol becomes unreliable (or whatever)
The premise being that if you have a monopoly then ordinary people can trust it. Only that isn't the case. A monopolist not only can be just as malicious or incompetent as any of the multiple players in a competitive landscape, they're more likely to be because the lack of competitive pressure allows them to be more abusive and complacent and more capable of capturing the government.
> under a certain age, if they took photos or videos of other kids, that makes them liable to be on a list, for life
That seems like a problem caused by the law. Why is it possible for any actions taken as a minor to cause someone to be put on a permanent list when we recognize that minors aren't mature enough to be held responsible for that?
> Now imagine not being able to get that photo back.
Now imagine what would be necessary to get it back. It's on some other person's private device. Either you invade everyone's privacy and private communications to check if they might have it or be privately sharing it, or they could be. The cure is worse than the disease.
> That seems like a problem caused by the law. Why is it possible for any actions taken as a minor to cause someone to be put on a permanent list when we recognize that minors aren't mature enough to be held responsible for that?
Its a second order effect. The problem is predators get children to take pictures and distribute them. To stop them escaping justice it requires a certain level of absolutism. In Common law, there are exceptions. However people exploit the system.
> Now imagine what would be necessary to get it back. It's on some other person's private device. Either you invade everyone's privacy and private communications to check if they might have it or be privately sharing it, or they could be. The cure is worse than the disease.
I mean there are loads of ways to look at this. But if we want to have strong controls over your data, then sharing should be controlled by the owner, not the platform. Currently there are no trusted environments that allow people to share securely and privately data without it being copied.
My understanding of what is being proposed is that cameras will have basic nudity detection on them, and they will refuse to take the pictures if the device is registered to a person under the age of 18.
That, more or less is not privacy invading, depending on how its done.
The central point that you are missing here is that something which was quite hard to happen in 1999 was destructive to a child life. Now its much easier to do, and there is an actual economy in sourcing, exploiting and trading these pictures/videos.
> Its a second order effect. The problem is predators get children to take pictures and distribute them.
It isn't. The solution is obvious. You punish the predators and not the children.
> My understanding of what is being proposed is that cameras will have basic nudity detection on them, and they will refuse to take the pictures if the device is registered to a person under the age of 18.
Which seems both problematic (now every device needs to be registered?) and ineffective (the predator has the children use a device registered to an adult or an older device without any such constraints).
> The central point that you are missing here is that something which was quite hard to happen in 1999 was destructive to a child life. Now its much easier to do, and there is an actual economy in sourcing, exploiting and trading these pictures/videos.
This seems to be your central premise but it's also not even true. If a predator got children to take such pictures with film camera in the 20th century and was then in possession of the negatives, there was no centralized system to detect this or prevent them from having a darkroom to make and distribute copies. The solution is to have the police arrest them, which continues to be the solution even now without needing to compromise the devices of every innocent member of the public.
> But if we want to have strong controls over your data, then sharing should be controlled by the owner, not the platform.
You're assuming the conclusion -- that there should be a platform in a position to control (i.e restrict) sharing. If communications are end to end encrypted, no one other the parties even knows what it is. That is what you are by implication prohibiting -- unintermediated private communications.
I am deeply worried about privacy. the problem that I have here is if we don't provide a sensible middle ground, we will get a terrible solution imposed (ie the age gate spyware, instead of the rollingo ut of the mobile block lists the UK already had)
> It isn't. The solution is obvious. You punish the predators and not the children.
the core problem is that in the UK more and more CSAM is being prodiced by kids themselves. Most grooming of digital images is done remotely, via exploitation. (ie I have pictures of you, please send more or I'll send them to x)
Now, because the person extorting them is not taking the pictures they had a defence of "they were sent to me, I didn't know what to do so deleted them blah blah blah"
These people hunt down the kids sending stuff to lovers and the like, that gets leaked, because kids are cruel, and try and extort them.
I would gently ask you to look in the changes into sentencing guidelines and the evidence used to compile that advice.
Yes, older devices can be used, and oncein the hands of extortionists then they are in deep shit. The point of this, and the point that Jess Phillipson was getting at, is if kids can't take these pictures as easily, they can't be leaked as easily which means there is much less (but not zero) chance of being exploited,
> You're assuming the conclusion -- that there should be a platform in a position to control
Sorry my bad phrasing.
the ideal solution here is end to end encrypted but also encrypted image but with the keys controlled by the owner of the image "private" computing is the answer, where every view of private images requires a key exchange. there are hardware locks to stop people getting at the frame buffer, only apps that you approve can have access, and flagged data that you send auto deletes and expires.
Ironically this is basically extreme copyright enforcement(everything you create, more or less is your own copyright)
But we can't get to that yet, because Ad tech/meta/google doesn't like that.
TLDR its less obvious but I also share your worry about privacy.
In today's world the 14-year-old girl who took a topless beach photo of herself would likely be criminally charged as an adult for production, possession and distribution of child pornography. So there's something about how our legal attitudes have changed too.
>We as technologists need to engage with wider society and understand on their terms, the worries they have.
We were the vanguard blocking this to the public's benefit, now they've voted for it our only duty is to ourselves; to make sure the rules don't apply to us.
I mean I get that, but don't you also see thats dangerous?
I think its perfectly winnable argument. For example we already _had_ age gating in the UK, its just it was at the network level on mobile internet. It worked and was unobtrusive.
The antidote to the OSA was to just extend that to domestic internet.
That argument was lost, and lost hard. mainly because we didn't engage properly with a believable solution.
> to make sure the rules don't apply to us.
The point is, they don't really apply to the determined. the same argument could be made for painkiller blister packs. The level of friction that the packs provide reduce drug based impulse suicide by 40% (depending on which study you reference)
The argument against it is "I can't be arsed with pressing the little shits out, I just want it easy". The Populist approach is making it prescription only.
Unless we engage properly, on the right level, then we are going to be worse off.
However the original proposal was pretty much aimed at phone manufactures. It is perfectly possible for current gen phones (and previous gen) to detect nudes in camera. Infact most phones do that already in order to adjust the exposure, its just you dont see that.
The problem for the UK is that they are not legislating technically. The original proposal was tightly scoped. The problem was, because of the way government runs in the UK it was shelved. Now that its not, the original scoping has been mashed, as its been blended with an child social media ban (quite what makes them think social media is ok for elder millennials++ is also interesting)
If they actually decided to make laws like they did for building materials or cars (ie all phones must conform to EU/BS standard x/y/z) then life would be much easier for everyone. But alas we have forgotten how to govern. something must be done now
> even a roughly proportional VAT can still have significant equity implications for the poor – potentially pushing some households into poverty."
from your page:
> Elastic goods, i.e luxuries, shed demand as prices rise whilst inelastic goods like bread do not. This has the effect of refocusing the economy away from luxuries and toward inelastic necessities, which effectively makes VAT progressive, not regressive.
As someone who lives with a VAT rate of 20% on most goods (and 5% on other with 0% on most foods) it doesn't meaningfully direct away from luxury goods. Its just priced into things (and if your a build er o cash in hand, then you can make 20% extra)
Personally I would rather we look at "council houses" and making them much more universal. As that would be cheaper than UBI but have some of the same benefits.
It's priced in, yeah. As I said in the comment and in the post, VAT on its own is not nice. The paper also states:
> Nevertheless, any VAT increases, including VAT base broadening measures that impact the poor, should be accompanied by compensation measures for poorer households, such as targeted tax credits or benefit payments.
Which is essentially what I propose through UBI, I just have broader scope.
"high art" and the language of high art is ripe for satire. That I totally get.
But, I would actually beg, to not let those who indulge in high art language colonise "art" as well. Art is for you and me, everyone. twats writing bollocks is for the "elite"
Art history is a mixed bag, it is also for all of us, even if it tedious.
I agree, and as the article makes clear, this current liminalism really does not come from the world of "High Art":
>As an internet phenomenon, the most recent iteration of liminal aesthetics can be primarily traced to a 2019 Creepypasta collaborative short story entitled "The Backrooms"
This is ground-up, the opposite of high art. It's even kind of "outsider art".
I mean it seems like they want to get a full spec of what JIT should look like in main? given the faff that hapened with the GC removal, I can sort see why they'd want to do this properly. Especially now that it seems like its practical.
reply