The rain doesn’t happen directly above where it evaporates. And “slightly warmer” waste water can have major ecological impacts, destroying native life in the lakes and rivers where the wastewater is ejected. Plus, if the water is taken away from underground aquifers that may not be refilling fast enough, or if it’s taking water from downstream users, that’s something to be concerned with.
So tired of these articles. Yes, it’s possible for them to use very little water. But naive comparisons to non-potable agricultural or other irrigation use or comparisons that don’t take into account growth rates of specific uses or local bottlenecks are useless.
You're mistaken - ghost is not a service consuming actions for itself - it's a CLI tool you run locally to drive workflows with sane default configs so you can easily drop into them and continue working or debugging in reliable and consistent infra, or have your agent do it. It is a better CLI for GH workflows (https://news.ycombinator.com/item?id=47982915), now whatever you were imagining.
The reporter made a website explicitly calling out Ubuntu, RedHat, Amazon, and SUSE but didn’t notify them, and you think that’s reasonable? That they might not have known those distributions are downstream from the kernel team?
yes, because 30 days had passed from the time the patch landed in the kernel, as per industry standard.
approximately every security researcher, including the likes of google and other big names you may know, does a 90+30 disclosure, which is what happened here. they do this for good reason, which has been figured out over decades of experience in reporting thousands and thousands of vulnerabilities.
the only security researchers i know of that dont like 90+30 actually argue for shorter timelines (or immediate disclosures).
What do you think went differently in this case versus other high profile vulnerabilities that had binaries already available for major distros? I feel like it often (usually?) works out that major distros have kernel packages incorporating the fixes already available.
Is this just down to luck, a quirk in the timing about when Linus merged the fix versus when the release gets cut?
What is the heuristic for who should get the heads up? Should they notify amazon but not google simply because they named amazon linux in the report? Seems to me the answer to my first question gets messy fast.
I think it’s reasonable to expect folks in the security community who go to the trouble of creating a website detailing security vulnerabilities in specific listed software to pre-notify the security teams of that software. The CopyFail website calls out Ubuntu and Red Hat specifically, but apparently the author of the site did not inform them of the issue?
But even if you think making unethical decisions in personal self interest is something no one should be criticized for, surely the Linux kernel team ought to have some process for notifying the top distributions of an upcoming LPE, just out of practicality.
In what sense do you believe that the reporter did not notify the security team of the relevant software? The vulnerability is in the kernel. Reporter responsibly disclosed using the kernel’s security report mechanism and waited until a patch was ready.
Distros are downstream of kernel, that doesn’t entitle them to expect to be contacted directly by every security reporter. That’s not on them. Distros that are big enough should be plugged into the linux security team for notifications.
Security researchers cannot be held responsible for broken lines of communication within the org charts of projects that they study. They’re providing a valuable public service already, how much more do you want?
It is suggested that they out of an abundance of caution and 5 or 6 emails. If this is entirely to much to expect we can always help them by mandating that they spend 6 figures annually meeting a much more robust set of requirements that will include notifying all possible affected parties down to Hannah Montana Linux devs if any still exist.
Any strategy that assumes that the rest of the world is functional or makes you personally responsible for fixing all of it is equally broken but there is a reasonable middle ground and sending a few more emails lies within it
> we can always help them by mandating that they spend 6 figures
Who’s we? Mandate with what authority?
AWS and GCP are downstream another level. Should the reporter also have worked with them? And their customers? And the customers of their customers?
IMO this whole discussion seems like people are annoyed by the security researchers doing god’s work and wish they didn’t exist or think that they should be fully subservient to the projects and companies they are helping for free. The bugs were there before the researchers revealed them!!
Nah, however this was implemented this was a clear and obvious probable side effect. If they want to block the access at the mention of openclaw, that’s silly but mostly harmless, but why charge extra for an ambiguous case? At best that’s incredibly lazy, which for a company with as much money, influence, and power as Anthropic, is equivalent to malice.
Recently had a battery storage facility nixed near where I live because the loudest local residents were panicked about possibilities of leaks of heavy chemicals into the groundwater (which is somewhat fair) and a bunch of less reasonable nonsense. Still, assuming the legit risks can be handled, facilities like these are crucial to future growth in electricity demand.
We have been pumping oil out of the ground for lifetimes and still have little concern for all the leaky dead wells across the country but these solar panels, that’s the real problem.
We have also been breathing fine coal, diesel, brake-pad and tire dust for almost 100 years with no riots from gen-pop, but clean nuclear and batteries will kill us.
About 15 years ago there was some interest in putting in some wind towers in the township I lived in. People were talking about stray electricity killing their livestock. Never mind the several dozen towers already installed 3 miles away.
>People were talking about stray electricity killing their livestock.
That's why I think voting shouldn't be a universal right to everyone, but a privilege you gain after clearing certain bars, one of them being basic education and an IQ test.
Giving every dumbass the same voting power as an academic, to grind national development to a halt and make life shit for everyone else just because they don't understand 5th grade physics, is a recipe for disaster and we're living proof of it.
If you ever worked in public rations and interacted with the gen-pop off the street on a regular basis, you'd see my point eye-to-eye. The masses are too stupid to be entrusted with national decisions, and the only reason they are allowed to, is because they are easily manipulated into voting the way the elites want them to, because they're stupid.
It's exactly why Plato opposed democracy arguing the same faults.
>Plato argued that democracy gives power to the masses (the demos), who are often ignorant, emotional, and easily manipulated by skilled speakers (rhetoricians and demagogues).
Indisputable fact.
>Plato believed that ruling is a skill that requires deep knowledge, wisdom, and training in philosophy — not something that should be decided by majority vote or popularity.
Indisputable fact.
>He famously compared democracy to a ship where the sailors (citizens) vote on navigation, instead of letting the trained captain (philosopher) steer. The result, according to him, is chaos.
IDK, I'm not from a country that did stuff like that, so don't try to pin some original sin from the US history on me. I'm from a pretty homogenous country with no racial issues.
Now are you saying only whites will be able to understand 5th grade physics and nobody else? Or that whites can't be stupid too?
Personally I don't care about your skin color, or other factors, if you're THAT stupid, I don't want you deciding the future of our country, period, since you're putting everyone in danger.
If you can't pass 5th grade physics, you're not fit to be voting on the country's nuclear energy policy, simple.
You could replace skin color with any attribute and it will probably happen. You can see it play out across the world time and time again, in any type of downturn or bad luck people on average find it easier to blame another group than themself. Take this a step forward and you get momentum to carve requirements that would exclude that group. Oh you want to participate in voting? You need to be able to list the Qur’anic commandments to be able to vote or whatever your flavor of restriction is.
No, they are saying that your so-called idea has already been tried, but what actually happened was that <insert majority> who already had control set it up so <insert majority> could vote easily while <insert minority> could not. Could be race, could be something else. There is no such thing as an "objective test" for your case, because someone somewhere would need to determine it is objective. Who verifies that person, and who verifies the people who verify them?
>No, they are saying that your so-called idea has already been tried, but what actually happened was that <insert majority> who already had control set it up so <insert majority> could vote easily while <insert minority> could not.
That already exists in our current system. Whoever's parents reproduced the most, now has majority of votes. Home owners are majority and decide housing policies for those who don't owe property.
Are these more fair, or just another form of mob rule we got accustomed to out of centuries of inertia, like fish in the water? When did we decided that rules from 300 years ago shouldn't be touched to be updated to reflect current challenges?
>There is no such thing as an "objective test" for your case, because someone somewhere would need to determine it is objective.
Currently it's our legal system that decides what is fair and objective, that's how it works today in most countries. And that's not set in stone, but can always be changed on a dime if the majority of the population decides to, or in case of national catastrophes like war, since all laws are made up and only enforceable as long as the majority of the society with support of the military agree with them.
>Who verifies that person, and who verifies the people who verify them?
Who verifies the judge is fair? Who verifies that person who verifies the judge? And so on. Same principles here.
The concern isn't that only whites will be smart enough.
The concern is that the current power structure will use this as a convenient way to bias the voter pool in its favor through strategic selection of questions.
> IDK, I'm not from a country that did stuff like that, so don't try to pin some original sin from the US history on me. I'm from a pretty homogenous country with no racial issues.
Also going back on this comment. What country are you from? I have always found that the US gets the short stick when in reality these problems have happened everywhere. Usually the countries that think they have no problems are because they are homogenous.
Not sure why this is an unpopular opinion. It is one of the most ridiculous statements to say you are from a homogenous country and have no racial issues. I guarantee they exist but you live in a homogenous country.
I agree with the complaint but have yet to see a mechanism that is free of abuse and disenfranchisement.
People are stupid and vote with their emotions or what the pastor told them to.
It would be lovely to ensure that votes came from well informed voters.
It’s like communism or anarchocapitlism, it works on paper but hard in practice. Preventing voting is a nice idea but really hard to get right because humans are messy animals.
The world is messy and one of the reasons I am such a believer in markets on average is because they help align outcomes in the world we live in.
It’s a weird time. You would think folks would be excited about technology but we have this weird even in America where everything is scary. Facebook brainrot is no issue but F those EVs.
The argument is only fair if they provide some valid information to back up their claims. There's a project to put in a BESS near my rural hometown and every anti argument is based on non-LiFEpo cells and self-inflicted confused overlap with the data center water use arguments. This is while completely supporting "beautiful farmlands" that leech pesticides and phosphates into the water table
I do think there should be localized referendums where we offer people the choice of taking energy infrastructure out of local approval altogether in exchange for 10% off their bills. It would save so much time and effort. I suspect the silent majority would happily take it leaving a few people yelling at pylons.
When you can’t know the objective truth or when there isn’t one (as is the case in making decisions about security tradeoffs in software design), knowing the source of the argument is vital to interpreting its validity.
reply