That kind of tracks as the source of the concern. My first thought was it’d be something IDMS-related as well. I don’t know enough about that system to pinpoint exactly what.
"Provide a way" -- what if it's way too expensive, even for a huge country? And populace just doesn't want it (e. g. it goes against sacred texts). And there are no infrastructure nor institutions to build upon. It's close to impossible. And the populace would see us only as a provider of goods.
And morally, why should we provide some other country? Are we the world government? Shouldn't we stop messing with others and keep to our business, as long as they don't mess with us (bomb and export heroin). Why are we suddenly responsible for them?
PS: nevertheless, one country (USA) tried to build democracy in Afghanistan, but failed. And only got scoldings for that.
> And morally, why should we provide some other country?
Enlightened self interest. If we want less heroin in our country, it's in our interest to provide something better for people in other countries to do than grow than heroin poppies. There's a lot of stuff to grow, I'm pretty sure something can be found that doesn't violate the sacred texts.
Otoh, Synthentic opiods may be cheaper and easier than harvesting heroin poppy, so maybe the specific problem of heroin export is solved, but not in the intended way.
> "Provide a way" -- what if it's way too expensive, even for a huge country?
Afghanistan has a lot of natural resources.
> And morally, why should we provide some other country? Are we the world government? Shouldn't we stop messing with others and keep to our business, as long as they don't mess with us (bomb and export heroin). Why are we suddenly responsible for them?
Development aid is always a good thing. Soft power is incredibly powerful on the global stage - just look at UN votes. A lot of countries that firmly voted with the Western nations for decades now votes with Russia/China or abstains, corresponding with us scaling back foreign aid and other similar investments. And there's an economic side as well... China used to be a bunch of piss poor farmers, now they're among the world's strongest economies.
And well, either we are the ones who decide where the world is going, we are the top dogs - or we have to submit to China, Russia and the likes, and there is no way this is a good way forward.
> PS: nevertheless, one country (USA) tried to build democracy in Afghanistan, but failed. And only got scoldings for that.
That's because we (I'm German, we were in this mess as well) didn't actually do nation building. Yes, we got rid of the Taliban and we built schools for girls, but that's it. The "army" was to at least 50% only existing on paper, corruption and sexual abuse (bacha bazi, DO NOT google that one if you're not ready for vivid descriptions of child abuse) ran rampant across all of society.
We completely and utterly failed in auditing and oversight. And not just of the Afghani side, but our own as well, see Bagram.
> sometimes I think the people who hate America the most and want it to fail are Americans themselves.
That's because the US (and the UK) are about the only countries in this world that haven't had the entirety of their legal, economical and political system completely revamped at least once in the last 100 years - most countries average more than that.
At the same time, such a revamp is desperately needed - the issues with the status quo are reeking - and everyone knows that it is highly, highly unlikely to get that done by ordinary democratic means due to the sheer inertia of hundreds of years of fossilized bureaucracy and individual/party interests.
And that is why so many people tend to vote for whoever shouts "destroy the country" the loudest - and not just in the US (MAGA) or UK ("Reform"), but also in Germany (AfD), Spain (Vox) or Italy (Salvini/Meloni), where economic inequality and perspectivelessness has hit absurd levels. Let it all burn to ashes, burn everything, even if one goes down with the fire, eat the rich, and try to build something more sane this time.
Would like to add Vox is nowhere near the other's popularity, and has received substantial donations from... Hungary. A total of 6.5 million euros during the 2023 elections.
> That's because the US (and the UK) are about the only countries in this world that haven't had the entirety of their legal, economical and political system completely revamped at least once in the last 100 years - most countries average more than that.
I usually get downvoted when I make an observation along these lines, but I will go for it again -- IMO some of the reason Europe has pulled ahead in infrastructure and policy is because a couple world wars last century reduced much of it to rubble, including the systems of governance. The UK mostly escaped that, and the US escaped nearly all of it. Which is one reason we can still have a lot of old electrical infrastructure, for example, that is pushing 100 years old, and a Constitutional system 250 years old.
I think a major problem with the system in the US is the difficulty changing it. There is a balance, and a lot of room for differing opinions on how flexible it really ought to be, but I suspect there is broad agreement that it is too inflexible. We rely too much on changing interpretations rather than changing the fundamentals.
Perhaps we really do need to risk a second Constitutional Convention. Or we will end up with a worse alternative.
If Europe has "pulled ahead in infrastructure and policy" then why do they have nothing to show for it? They can't even protect their own sea lines of communication.
On the other hand: The US can't even build a single proper high-speed rail line, hasn't figured out how to electrify its railways, doesn't understand that bike lanes are good for car people, hasn't managed to solve four-way intersections yet, doesn't have anything even remotely resembling a free market for critical supplies like power and internet, and is in general going bankrupt due to excessive urban sprawl.
I could probably go on for another ten pages. Europe definitely has its flaws, but let's not pretend like the US is a paradise where everything is perfect and nothing ever went wrong.
Thats funny, most of the places that I've visited in Europe don't have any of that stuff either. It's a big place with a lot of diversity in infrastructure and economic development.
There are a lot of metrics, take your pick. But if you can't obtain reliable supplies of energy and other critical resources then none of the other metrics matter.
> eat the rich, and try to build something more sane
The tragedy is that right wing parties are sponsored by the rich snd serve primarily them. Economic grievances of ordinary people are exploited to make them vote agains their interests.
Taking down "bad" Google reviews is an entire industry these days [1].
And of course there are scammers on all sides - not just legitimately bad stores trying to whitewash their online presence, but also entire scammer rackets that extort legitimately good stores by flooding them with BS reviews [2].
> I hate this idea that doxxing is some kind if crime.
The thing is, up until the advent of the internet it basically didn't matter - although in some cases, e.g. the German left-wing terror group "RAF", rich people did end up getting v&, in some cases killed. But that was a rarity.
But now with the possibilities of modern technology? Being able to be active on the Internet without hiding behind a pseudonym is a rare privilege. Wrong political opinion? Some nutjob from the opposite side can and will send anything from "pizza pranks" to outright SWAT to your home (or your parents, or ex-wife, or anyone they can identify as being associated with you). And if you got money? Stalkers, thieves, robbers, scammers, you will get targeted.
> People are drawn to complexity like moths to a flame.
Not to complexity, but to abstraction. The more something is abstracted away, the more fungible "developers" become, to the eventual tune of Claude Code.
No one cares that trying to debug a modern application is as hellish as its performance, the KPI that executives go for is employment budget.
It might be really efficient when you "vibe" and don't know exactly what you want.
On serious projects, it feels like even Claude Code could be more efficient with simple technologies, providing near-instant build and debug.
With reduced abstractions and output looking like input, it can better understand how to fix things rather than trying to guess how to manipulate framework state or injecting hacks.
I don't know if Next.js, TanStack, etc are more abstract than Rails, Django, etc. They're undoubtedly more complex though. I also find it hard to believe that it's some sort of conspiracy by management to make developers more fungible. I've seen plenty of developers choose complexity with no outside pressure.
> The device uses FDE and they key is provided over the network during boot, in the laptop case after the user provides a password.
Sounds nice on paper, has issues in practice:
1. no internet (e.g. something like Iran)? Your device is effectively bricked.
2. heavily monitored internet (e.g. China, USA)? It's probably easy enough for the government to snoop your connection metadata and seize the physical server.
3. no security at all against hardware implants / base firmware modification. Secure Boot can cryptographically prove to the OS that your BIOS, your ACPI tables and your bootloader didn't get manipulated.
> no internet (e.g. something like Iran)? Your device is effectively bricked.
If your threat model is Iran and you want the device to boot with no internet then you memorize the long passphrase.
> heavily monitored internet (e.g. China, USA)? It's probably easy enough for the government to snoop your connection metadata and seize the physical server.
The server doesn't have to be in their jurisdiction. It can also use FDE itself and then the key for that is stored offline in an undisclosed location.
> no security at all against hardware implants / base firmware modification. Secure Boot can cryptographically prove to the OS that your BIOS, your ACPI tables and your bootloader didn't get manipulated.
If your BIOS or bootloader is compromised then so is your OS.
Well... they wouldn't be the first ones to black out the Internet either. And I'm not just talking about threats specific to oneself here because that is a much different threat model, but the effects of being collateral damage as well. Say, your country's leader says something that makes the US President cry - who's to say he doesn't order SpaceX to disable Starlink for your country? Or that Russia decides to invade yet another country and disables internet satellites [1]?
And it doesn't have to be politically related either, say that a natural disaster in your area takes out everything smarter than a toaster for days if not weeks [2].
> If your BIOS or bootloader is compromised then so is your OS.
well, that's the point of the TPM design and Secure Boot: that is not true any more. The OS can verify everything being executed prior to its startup back to a trusted root. You'd need 0-day exploits - while these are available including unpatchable hardware issues (iOS checkm8 [3]), they are incredibly rare and expensive.
> Say, your country's leader says something that makes the US President cry - who's to say he doesn't order SpaceX to disable Starlink for your country?
Then you tether to your phone or visit the local library or coffee shop and use the WiFi, or call into the system using an acoustic coupler on an analog phone line or find a radio or build a telegraph or stand on a tall hill and use flag semaphore in your country that has zero cell towers or libraries, because you only have to transfer a few hundred bytes of protocol overhead and 32 bytes of actual data.
At which point you could unlock your laptop, assuming it wasn't already on when you lost internet, but it still wouldn't have internet.
> The OS can verify everything being executed prior to its startup back to a trusted root.
Code that asks for the hashes and verifies them can do that, but that part of your OS was replaced with "return true;" by the attacker's compromised firmware.
That's premised on the attacker never having write access to the encrypted partition, which is the thing storing the FDE key on a remote system or removable media does better than a TPM. If the key is in a TPM and they can extract it using a TPM vulnerability or specialized equipment. Or boot up the system and unlock the partition by running the original signed boot chain, giving the attacker the opportunity to compromise the now-running OS using DMA attacks, cold-boot attacks, etc. Or they can stick it in a drawer without network access to receive updates until someone publishes a relevant vulnerability in the version of the OS that was on it when it was stolen.
Notice that if they can modify/replace the device without you noticing then they can leave you one that displays the same unlock screen as the original but sends any credentials you enter to the attacker. Once they've had physical access to the device you can't trust it. The main advantage of FDE is that they can't read what was on a powered off device they blatantly steal, and then the last thing you want is for the FDE key to be somewhere on the device that they could potentially extract instead of on a remote system or removable media that they don't have access to.
There is ossign.org, Certum offers a cheap certificate for FOSS [1], and Comodo offers relatively cheap (but still expensive) certs as well [2]. Not affiliated with either service, but these are the ones I remember last time I had to dig into this mess, so there might be even more services that I don't recall at the moment.
reply