It doesn’t need to be that complex, but it can be that complex without being slow. Claude Code’s interface is extremely simple. It has tons and tons of headroom to tack on performance overhead without it being noticeable at all. You just have to not do dumb things like redraw the entire UI every time a spinner spins.
"We made our app chew up so many unnecessary resources that we can use even more resources in the future, and no one will notice" is not the strongest engineering idea I've ever heard.
I remember it being somewhat common for people to make forum posts consisting entirely of a joke image. However, they weren’t called memes at the time as the word had yet to be popularized.
But it's always been correct to interrupt a discussion on a PHP forum about PHP security by breaking into Rasmus's account and posting an ironic meme under his name.
Personally I think I've developed a pretty good sense of when a question is easy enough that I can just trust the AI overview, and when I need to dig deeper. Google's original AI overviews were not reliable enough to ever trust, but now they are usually accurate summaries of the cited sources.
Job market statistics are actually probably a strong point for the AI overview. I just Googled 'us job market last month' and got an AI overview that accurately summarized a New York Times article for qualitative information ("surprisingly strong 115,000 jobs", "no-hire, no-fire"), followed by accurately summarizing the official Bureau of Labor Statistics website for raw stats, followed by some other stuff I didn't check. Not everyone would prefer The New York Times' take, but the citation prominently displays their name and logo, so you can tell what you're getting.
Weak points are when the topic is obscure enough that the AI overview conflates two different things or overgeneralizes, or trusts the wrong sources.
Also, a large fraction of students these days use Google Docs. I don’t have first-hand experience, but I imagine they would either share presentations with the account the shared computer is logged into, or log into their own account on the shared computer. No hardware involved either way.
Another memory-safe option is Haraka, which I’ve been using for several years now. I recommend it but only for people who need extreme customizability. For everyone else, the customizability is a bit of a footgun, since you can easily end up with accidental open relays and other misconfigurations (as I learned the hard way).
The "license challenge" (it might be a mistake I think it's supposed to be a license request) is just a packet (that can be saved and later sent to anywhere) and it contains the encrypted certificate which doubles as your HWID. An adversary needs to control the private key of the license "server" the challenge is for (this is a privacy measure introduced to prevent the CDM from offering the HWID to anyone who wants it). Now if you want the HWID you need to work for it (one time) by stealing a private key, bribing/blackmailing employees or issuing secret edicts ("here is a new license server we need a certificate for"). Working for Hollywood is also an option I suppose.
Pirates sacrifice devices when they publish ripped content due to the certificate being revoked after Hollywood downloads the torrent and by doing things like this:
For large-scale per-viewer, implement a content identification strategy that allows you to trace back to specific clients, such as per-user session-based watermarking. With this approach, media is conditioned during transcoding and the origin serves a uniquely identifiable pattern of media segments to the end user.
AFAIK this is not secure. The SSH protocol doesn’t require the server to know the client’s public key for the connection to succeed. Instead, the client actively sends its public key to the server while authenticating, and the server just decides whether to allow a connection or not. OpenSSH will typically match the client’s key against a fixed list of keys, but nothing stops a rogue server from allowing connections from any client key. In fact, OpenSSH itself can be configured to do this using AuthorizedKeysCommand.
It does need to know the public key. The AuthorizedKeysCommand does not provide a yes/no answer, it has to respond with a list of full public keys (or certificates) that are authorized to connect for a given user id. The SSH server then uses the public key to challenge the client to demonstrate it has the private key.
However, an easy attack in the same ballpark, is to accept the connection without any password or public key auth, and then accept agent forwarding, and ask that agent connection to authorize a connection to a target server, with the user's keys. Never forward your agent connection to an untrusted host. Though -- I imagine this pattern is common when setting up a new host -- trust the first connection, and forward your agent so you can pull resources (like git repos) from the new host to set it up ...
Public keys can go over channels that an attacker can read. They cannot go over channels that an attacker can modify. (Which would include the SSH connection itself, until such time as you’ve verified the key through a trustworthy channel.)
> Decline to buy: property stays with bank (auction abstracted out)
Ignoring an entire game mechanic is really stretching the definition of “abstracted out”…
Also, at the bottom it defines a “Liveness: someone eventually wins” property which I believe cannot be proven. Monopoly doesn’t have any rules forcing the game to end eventually. There is only a probabilistic guarantee, and even that only applies if the players are trying to win; if the players are conspiring to prevent the game from ending then they’re unlikely to fail.
reply