> Not to mention the incoherence that one day its a tool to bring jobs back, the next day its just a negotiation tactic so they get reduced/dropped on a country by country basis over and over.
I thought it was retaliation for Canada not doing enough to stop their 20-odd kilogram contribution to the 4 tons of fentanyl smuggled in every year? [0]
(Which is to say I agree with you. Just trying to support your point that the reasoning has been so completely all over the map that anybody trying to assign any real meaning seems delusional. At this point I think most people have entirely forgotten half the reasons that have been made up along the way.)
The "smart MAGA" guys always crack me up because by the time they craft an intellectual justification for his previous moves, he has pivoted/reversed and pantsed them once again.
Frequently we get the "he's been poor advised" fallback as well.. Good Czar, Bad Boyars.
I... Well, I had started explaining point by point how wrong this is but frankly the answer is just "all of it, very".
I've driven summer tires, all season tires, winter tires, and studded winter tires in every season in Canada. (Yes, I live in Canada and own borderline-usless summer-only tires. Yes, I've tried driving them in snow.)
None of what you're saying lines up with my own experience, various YouTube videos on braking distances, or literally anything else I've ever seen anywhere.
Edit: And, well, to be clear... I've lived on the West coast of Canada where it's a bit more mild but you're in the mountains, in the middle where it hits -50, and in the East where it only hits -30 but snows like hell.
Yes, there are. And they show that it's a trade-off well worth investigating. Do you really want 10% better performance on snow at the cost of 10% worse performance on tarmac?
How much do you drive on snow anyway? Probably nowhere near as long as you do on tarmac, even in a tough winter.
I just fired up a container on my laptop... running on kubernetes... running in a linux VM. It's lightly dynamic (no database or filesystem I/O).
While I've also got enough other stuff running that my 15 min load average is at 4 and I've got 83% RAM used ignoring buffers/caches/otherwise.
I went and grabbed a random benchmarking tool and pointed it at it with 125 concurrent connections.
Sustained an average of 13914 reqs/s. Highest latency was 53.21ms.
If there are 10,000 people online at any given time hitting the API on average once every 3 seconds (which I believe are generous numbers), you'd only be around 3.3k reqs/s, or about 24% of what my laptop could serve even before any sort of caching, CDN, or anything else.
So... if a laptop can't serve that sort of request load, it sounds more like an indictment of the site's software than anything.
When I look back, seems to me the default was sort of "anything can copy and modify anything" because without additional measures or rules... what's stopping them? We added copyright as a time-limited exclusivity available to the creator to encourage people to create things (knowing they would have time to recoup some of their effort commercially).
With anything else (books or stories, pictures or movies, etc) the ability to modify or extend the work was the default. Copyright was a carve-out in this.
With software it's actually the reverse--the ability to modify or extend the work is _not_ the default. It takes explicit action by the creator to make that reasonable without substantial effort in most cases. We're actually dealing with an entirely different situation here, and providing that exclusivity on top really does seem like a bad deal for society in a lot of ways.
Is there anything else that's covered by copyright that's in a similar sort of situation as software? Where the thing that's covered by copyright _isn't_ really modifiable to begin with?
Which is a lot of words to say--on the surface, yeah, I agree with you. Besides shorter terms, I think if you want that exclusivity from society you should be required to give something back in return... like the source code so everyone can benefit from and build off of your work after your period of exclusivity expires.
> Is there anything else that's covered by copyright that's in a similar sort of situation as software? Where the thing that's covered by copyright _isn't_ really modifiable to begin with?
I don't see how software is unique here. You can modify a compiled executable, just like you can modify a finished graphic, or a produced movie, or a piece of music from an album. It takes additional effort, but so does modifying the graphic without the PSD file, the movie without the editor project files, and the music without the stems.
The original copyright laws date from the 1700s; at the time the only thing being protected was text: stories, essays, reference volumes, etc. Basically, stuff for which there was no "source code" to conceal, the whole thing was right there on the page.
It's only been in the 20th century that we've increasingly seen classes of copyrightable works for which the source code dwarfs the final released product: music, digital visual arts, film, and software
To make matters even worse, the commercial interest in copyright doesn't care about any of this, because pirates only duplicate and distribute the end product anyway. So it's only the creative side wanting to remix and extend that is shut out by a lack of source escrow.
Our cordless, on the highest suction setting, is bordering on unusable. The effort to move it across carpet becomes quite high. Trying to roll it on an area rug tends to cause it to drag the rug around, and if you pick it up while on it will pull the rug up off the floor.
I have done some _very_ scientific testing here, vacuuming a section of carpet on the lowest section (doing lines where each pass half-overlapped the previous so each part of the carpet got touched once in each direction), emptying the vacuum, then going back over doing the same on high. Didn't see anything else come up. Shop vac didn't pull anything else out either that I could see.
I used to be in a similar boat of "these are a stupid class of product", but end of the day even if it takes eight passes my wife was going to use it anyway. The effort for her to set the time aside to drag around the heavier corded vacuum which is a substantial effort for her, etc, would be more than doing eight passes with a cordless. So got a good one and I'm sold on it now--it is quite convenient, and it does work.
Only thing I will say is the battery definitely can't do an entire carpeted house on a charge. We don't have that much carpet, so don't have any problem cleaning all the floors and a couple area and entry-way rugs on a charge.
This is an interesting discussion to me - I have a cordless vacuum that works well and a roborock combo vac/mop that works well. Actually, I'm lying, I have two cordless vacuums because the GGP's observation rings true to me and I got a second one for free and held on to it. :-)
Dyson cordless vac, older (v8 ultimate). Have had to replace battery once and broken trigger. Continues to be a workhorse.
Roborock s5v: I have it run 2x / day on weekdays, once in the morning after breakfast when we're taking the kids to school (vac kitchen only), and once after bedtime (vac + mop entire area). It does a great job of generally keeping things clean. Not perfect, but the overall dirt level stays low.
The cordless manual vac is really useful for "oh bleep, 8yo just spilled MORE stuff on the ground". I keep it next to the dining and kitchen area. It's not super aesthetic having it hanging on the wall in a visible location but I have engineer-itis and I value the convenience over the illusion that we don't own a vacuum. :) I approximately never use the robovac as an on-demand vacuum unless it's to run an extra pass when we're leaving home on a weekend and have left crumbs from a meal.
For us, substantially upping the frequency of vacuuming, even if it's not quite as deep, has made a big difference, and it's basically no extra burden to have the robovac run frequently after programming it.
I think I could build a pretty clean and stylish looking office out of it.
No laptop banging around, no PC to hide away, etc. Could throw this on a minimalist or partially glass desk with an (unfortunate) single cable up to a monitor on an arm for video and power, use wi-fi, and essentially have a fully functional workstation for most people seemingly out of nothing. No bulky AIO, no PC strapped to the back of the monitor, etc.
So I guess that's my guess.
Though my impression from the linked page is more "HP doesn't know who this is for either". There's not much in the way of clear messaging, lifestyle photos, or anything else.
When your immune system activity increases, generally so does your heart rate. It's fairly common to get sick and have an increased heart rate. A quick search for "heart rate when sick" will turn up a number of results explaining this, the mechanisms behind it, and more.
Sorry you missed out on simple, effective preventative health measures because of this misunderstanding.
It lasted over 6 months. My resting heart rate has been 52 for over 2 decades. Months after the shot it was up to 75 and stayed there for over 6 months. Slowly crept back to 52.
> So the question to ask yourself is -- if this was a deliberate interaction that cloudfare was required to participate in via a warrant, would they legally even be allowed to publish a blog post that contradicted this?
So you're proposing they could be in a situation where they can either:
1. Publish an untruthful blog post, relying on public data available from multiple parties, trying to somehow explain it all while avoiding talking about their involvement in a way that would get them in PR, legal or political hot water; or
2. Publish nothing.
And they chose #1?
The only way #1 makes any sense at all is if some greater consequence to not publishing was put in place. But that would be more something like "the US gov essentially forced Cloudflare to write this" than "Cloudflare was part of this".
Unless they were part of this, _and_ the government forced them to write a post saying they're _not_ part of it and...
For my money: this is something in the news making it a good marketing opportunity which is ultimately what the blog is--trying to market Cloudflare and the brand to technical crowds.
For me number 1 is difficult basically because of who runs Cloudflare. I trust Matthew Prince because I find him to be: consistent and credible.
I work in go to market, specifically for businesses like Cloudflare, I can and have said "this real world situation is going to have resonance for the next 5-10 days, what is the lowest cost blog post you could publish that is related?" - because I only manage teams who produce content that is genuinely, at some level, value add or interesting to my target market, you would end up with a blog post exactly like this. In fact, this blog post is doing that job, here we are, cloudflare users, discussing cloudflare.
It becomes nuanced doesn't it? First thing is: to trust him fully is to understand what it means to trust him... that he knows his business well enough that he can intuitively feel things are wrong. That comes from not being checked out, so: he knows who is in his company and why, he knows the types of projects happening in his business and why, he has easy levers to gain real time information when something feels wrong, and - he monitors his business correctly. I trust Matthew because I know him, so I believe all those things are true. The final part is that trust is also about knowing that mistakes happen, and that they are being: sought out, addressed and owned. So when I say I trust him, it's because I believe everything aforementioned - it makes your scenario safe, at least to me.
Yeah, this is where I landed a while ago. What problem am I _really_ trying to solve?
For some people it's an ideological one--we don't want AI vacuuming up all of our content. For those, "is this an AI user?" is a useful question to answer. However it's a hard one.
For many the problem is simply "there are a class of users that are putting way too much load on the system and it's causing problems". Initially I was playing wack-a-mole with this and dealing with alerts firing on a regular basis because of Meta crawling our site very aggressively, not backing off when errors were returned, etc.
I looked at rate limiting but the work involved in distributed rate limiting versus the number of offenders involved made the effort look a little silly, so I moved towards a "nuke it from orbit" strategy:
Requests are bucketed by class C subnet (31.13.80.36 -> 31.13.80.x) and request rate is tracked over 30 minute windows. If the request rate over that window exceeds a very generous threshold I've only seen a few very obvious and poorly behaved crawlers exceed it fires an alert.
The alert kicks off a flow where we look up the ASN covering every IP in that range, look up every range associated with those ASNs, and throw an alert in Slack with a big red "Block" button attached. When approved, the entire ASN is blocked at the edge.
It's never triggered on anything we weren't willing to block (e.g., a local consumer ISP). We've dropped a handful of foreign providers, some "budget" VPS providers, some more reputable cloud providers, and Facebook. It didn't take long before the alerts stopped--both for high request rates and our application monitoring seeing excessive loads.
If anyone's interested in trying to implement something similar, there's a regularly updated database of ASN <-> IP ranges announced here: https://github.com/ipverse/asn-ip
> If anyone's interested in trying to implement something similar, there's a regularly updated database of ASN <-> IP ranges announced here: https://github.com/ipverse/asn-ip
What exactly is the source of these mappings? Never heard about ipverse before, seems to be a semi-anonymous GitHub organization and their website has had a failing certificate for more than a year by now.
I could justify it a number of ways, but the honest answer is "expiring these is more work that just hasn't been needed yet". We hit a handful of bad actors, banned them, have heard no negative outcomes, and there's really little indication of the behaviour changing. Unless something shows up and changes the equation, right now it looks like "extra effort to invite the bad actors back to do bad things" and... my day is already busy enough.
Unless it's completely clear that it's not a gun, the reviewer is essentially always going to pull the alarm. The risk of a false alarm is going to be seen as minimal, while the risk of a false negative is catastrophic.
False alarm makes the news for now because it's novel, we all go "What the hell, guys?" and life goes on.
Nobody wants to end up sitting in front of a prosecutor, the media, etc explaining why they chose not to pull the alarm, when the AI _clearly_ identified the gun, and instead chose to let all those kids die.
>The only way this gets fixed is if there are consequences at every level for false positives.
Do we really want consequences for false positives? If a kid is smoking a cigarette in the bathroom and the smoke detector goes off, the school should evacuate. The Smoke Alarm went off. No principal is going to sign off on the assumption that "Timmy is smoking, it's not a real fire". The principal shouldn't be punished for responding to the alarm. Timmy...probably should get reprimanded, but that feels off-metaphor.
In the example we are given, Timmy did nothing wrong. Having a clarinet is not contraband, and he should not be punished. The admin who called a lockdown did nothing wrong, as they were responding to the system in the way they were trained to use it. This is all in the name of safety, where things are done in 'an abundance of caution'.
>"It's not my fault the cops shot the kid, the system said it was a gun."
No, its the cop's fault. The cop hasn't been trained to use the AI security system, and is instead given their own SOP for assessing threats.
That sounds good on paper, but is really impossible to implement in any practical way.
In this case, the kid was holding the clarinet like a weapon, and though we have not seen the actual video, the descriptions of it make it sound like overall resolution was poor.
The alternative to the false positive here, is to not report anything that you cannot be 110% certain of, which means that you're likely to miss some true positives.
Overall this situation mostly reads like everything worked as intended, and the press turned it into more than it needed to be. School shooting are a real thing, there is plenty of evidence of that. Weapons detection has become a necessary component of a school safety strategy. For many reasons, it is not practical to have personnel at the school, or within the district, act as the first-pass reviewer of AI detections of weapons.
Don't be defeatist. The situation under consideration here is probably monitored by security cameras and body cams end to end. Everyone not following correct protocol did so on camera. Punishing willful ignorance and incompetence is certainly possible.
One approach for this is that the person who makes the call needs to be on-site and in the front of the situation --- similarly, a judge signing off on a No-Knock Warrant --- the judge needs to be at least be present, and should be required to walk through the building/home/apartment after the warrant is served. If it's not important/severe enough for a judge to do this, then I would argue that there's no need for the "no knock" aspect.
I thought it was retaliation for Canada not doing enough to stop their 20-odd kilogram contribution to the 4 tons of fentanyl smuggled in every year? [0]
(Which is to say I agree with you. Just trying to support your point that the reasoning has been so completely all over the map that anybody trying to assign any real meaning seems delusional. At this point I think most people have entirely forgotten half the reasons that have been made up along the way.)
[0] https://www.whitehouse.gov/fact-sheets/2025/07/fact-sheet-pr...
reply