> “The oversight is baked into Western operations at the technical, tradecraft, and procedure level,” they added.
So what the NSA has been doing (even after exposure by Snowden) has had "oversight baked in"? Who are we kidding?
This posturing, pretending that " the west is better than everybody else", is downright naive and idiotic. No organisation is pure of heart, moral, or ethics, and none have crystalline motives.
So basically reproducible builds with a dependency list and the CVE list could provide more certainty about the tools we use?
What about websites though? Hash-summed files aren't going to save us, because resources can be loaded dynamically and the client can't know the hash before retrieval.
Reproducible builds would be a great first start. Forcing governments to use opensource may be another step.
It is possible for a web page to specify the expected hash of a script file, which the browser will enforce. This is called SRI (Subresource Integrity).[0]
Of course that still leaves the bootstrapping problem of how the page itself can be guaranteed to have a specific hash, but fortunately there is a clever hack that can be done with bookmarklets[1], or the page can just be saved and loaded/served locally.
While that works technically, the UX isn't great because the address bar won't show the domain of the remote server (although browsers seem to be hiding the address bar from the user more and more). A better solution would be for browsers to support Hashlinks[2], which would allow a bookmark to point to a remote page with fixed contents.
"People are trying to do things better, I'll say they aren't and not provide a single option that's better" aka "I'll complain about stuff and not do a single thing to improve it".
Mozilla is not very developer friendly. Gecko uses a two decade old method of RPC, the lib interface (XPCOM based on Microsoft's COM) is about the same age, the documentation hasn't been updated in a decade even though the code evolved, and I've heard from 2 employees directly that it's not important to them.
It's not really a surprise that gecko isn't the primary choice for browser developers.
None. Well, yeah, I think SiFive has HDL sources for quite a lot of their stuff up on GitHub, but it's not like you can just compile them into production silicon at home, heck, you can't even verify that the silicon was actually compiled from that source. (Yes there's research into verifiable silicon, but it's not like everyone has ultra high end electron microscopes and whatnot at home lol)
And of course nothing about RISC-V implies that production implementations will be open source at all.
Best thing I did was to reduce my work hours. Went from 40h contract to 32h and it has been a great improvement.
The first month I spent gaming, but now my projects advance more quickly. At least one whole day can be dedicated to my projects.
Also, a day off a week is 52 days of holiday a year.
If you are able to, I recommend it wholeheartedly.
In the not so distant future, we'll neither need sperm nor eggs from humans. We'll need is at least one person and a lab. You could grow your own sperm and eggs from pluripotent stemcells (which can be made from any cell, even skin cells).
Inseminate the egg, put it into an artificial womb, and voila, no need for sex or even a partner. You could make your own child, same sex partners could have their own kid, and it would even be possible to have kids with DNA 4 parents.
Maybe the best news for women would be, that they wouldn't have to deal with any of the evil that comes with pregnancy since that could be externalized. It would render the menstrual cycle futile and push research into its elimination without side effects to the forefront.
So what the NSA has been doing (even after exposure by Snowden) has had "oversight baked in"? Who are we kidding?
This posturing, pretending that " the west is better than everybody else", is downright naive and idiotic. No organisation is pure of heart, moral, or ethics, and none have crystalline motives.