> Having a government-insured bank deposit means that I've never had to think about this in my lifetime. It's a problem that I don't need.
Government-insured bank deposits are mostly BS, the fine prints say they have about 10 years to reimburse you and in case of a systemic failure good luck.
In case the bank app, their "system" or your computer is compromised most banks will not reimburse you. It is very easy for them to say you were ultimately responsible for the hack. Very few banks have the policy of taking the loss and it is hard to know which one still do that unless you know someone in their fraud department.
even if that's the case re: government insured banks.... Maybe it feels more secure because there is someone to hold accountable if/when it all falls apart. People can show up in DC with pitch forks and vent their frustration; good luck tracking the stateless billionaires behind a company like Binance through Micronesia/the Caribbean/Seychelles/whatever island paradise they stashed their cash on.
I believe the Achilles' heel of Web3 is really that is was built on Web1&2.
Whatever opinion you might have about this industry, the core work is done by the Bitcoin and Ethereum teams and it is pretty admirable. They have been progressing for 10 years in a system where any mistake can collapse the entire system.
But ultimately those wallets and Web3 apps are built with web technologies and run in a browser and this is just not made for this.
This hack was targeting seed phases or private key because the keys have to be stored in the browser extension. How insane is that? But there isn't really any other ways to do it within the framework of a web browser.
Ultimately if the extension or web app is compromised an hardware wallet cannot really ultimately protect you (at least you would only be compromised when interacting with it).
Ethereum also now built in the secp256r1 signature checker so passkey/yubikey can be used but, same problem the "web" is the weak link.
Bottom line if they want that thing to succeed they will have to create a way to interact with smart contracts outside of the web browser. Maybe it will take building a simpler "dapp browser". Their apps are pretty basic in the end, a TUI would be enough to swap a token and approve a transaction...
It's not true that seed phrases have to be connected to the web browser though. Take a look at Trezor. There is a web plugin but the keys never leave the hardware wallet. The issue is users prefer the convenience of not needing to use a HW wallet for the transaction signing, which leads to a plce where keys are stored in digital space and can be stolen.
The question is why is NCAR a distinct entity from NOAA which work on the same/similar subjects and is also funded by the government?
I am not sure but maybe because this lab is a relic of the 50s and the cold war when when both the Soviets and the US were racing to create a weather control weapon...
Science is distributed. Lots of researchers at lots of different institutions research overlapping topics. That's part of its strength. In the U.S. most basic research is funded by federal grants. And as a results you'll find that research in pretty much any science area you can imagine is funded by federal grants going to multiple different institutions. In this case you're confusing things by bringing in NOAA which is a government agency (part of the Dept of Commerce). NCAR is a non-profit organization and competes for federal grant dollars with researchers at many other institutions (mostly universities). So in that sense there is a strong parallel here to Trump wanting to shut down Harvard (another non-profit organizations at which many different researchers work) and someone saying "doesn't Stanford do research on similar topics?" Yes, there is some conceptual overlap, but in detail there is not. The bigger difference is that Harvard has a big endowment and so can survive (at some level) if the federal grants it has been getting stop flowing. NCAR can't. Also, NCAR happens to have the experts and equipment (supercomputers) to do research that few other organizations can (none really in the U.S.). Harvard probably can't lay claim to that except in very narrow niches....
For perspective the annual budget for NCAR is about half the amount being spend on the new White House ballroom.
I never coded in Lua but I found out recently that Lua is now in FreeBSD base [0]
This is huge for Lua and FreeBSD.
Now something that worry me is whenever you need to make an HTTP request or parse some JSON you need to go on a quest for a "library" on the Internet. It doesn't seems to have a (semi-)official "Extended Standard Library" I can quickly trust.
The Lua ecosystem is more like the Lisp ecosystem than Python. The language is small enough that there’s a lot of stuff out there that’s just… finished. Hasn’t been updated in 10 years but still works. The LunarModules org tries to gather it up and keep it compatible.
Lua is really designed as an extension language but it’s such a nifty little language that sometimes you really wish you could use it in place of Python or Perl, which is why LuaJIT is so popular. But LuaJIT is really just one guy’s project. Its metaprogramming features are really nice and let you build some Lisp-style DSLs, and if you want full Lisp syntax you can drop in Fennel. If you’re just writing extension code you often don’t need a standard lib because it’s easier just to roll your own function to fill the gap.
Personally, I found it easier and quicker to just read the reference manual to learn the language. It’s small and simple enough that you shouldn’t have trouble getting up to speed if you have a couple other imperative languages under your belt. IMO metatables are much easier to work with than JavaScript’s prototype inheritance.
Most people don't use the standard library to make a HTTP request in Python either...
I agree with the sentiment though, I even gave a talk about this at Lua Workshop 2013 (https://www.lua.org/wshop13/Chapuis.pdf) around that issue. There are good reasons why several important but OS-specific features are not included in the core language. Discussion around a "blessed" extended standard library module arise from time to time but never lead anywhere.
The Lua community - at least the one around PUC Lua - is reasonably small and you can typically look at what active popular projects use to figure out the best libraries. The LuaRocks download count can be an indicator as well. But I agree this is still a problem.
You kind of always have to go on a quest for a library on the internet, why would lua be any different? For lua, luarocks is its module registry and you can sort by most downloads, which sometimes leads you to buggy modules, but what can you do.
There's nothing stopping anybody from making a batteries included lua, and plenty have done so (emilua, luapower, luaforwindows, luart and etc), of course, pure lua still exists and their changes are usually backported into lua since its so small and portable.
FWIW you can do a lot with pure lua and unless you're importing json there's no reason to include a library for it given that lua itself can be used as the data exchange format.
To be honest I don't think there is gonna be a EU regime as we know it in 5 years:
- The leaders are rock bottom in terms of approval rating
- The only people who have a deeply rooted attachment to the project are the boomers and the elite. The boomers are dying at a rate of about 10% per years.
- The EU does not have any good relationship anymore with any great power anymore: not China, the US or Russia.
- Their market, the main source of power in negotiations is shrinking
- They have been stupid enough to voluntarily fully inherit the Ukraine war which is lost.
Last but not least, nobody elected the commission, Von Leyen or Kallas. The fact they do not have real legitimacy, they made an enemy of their own subject and antagonised other great powers at the same time shows how unwise they are.
1/ First migrate out your "17 years Accenture veteran" executive vice president of digital [0] (who probably sold you MS and Google cloud in the first place)
2/ Then appoint any inside good engineer and ask him to investigate this: "As one of the most prominent and sensitive aerospace corporation, do you think we can setup servers and run our software on it?"
If the answer is no, Airbus might not be fit for the 21th century.
do you really suppose replicating the technical requirements of a security-sensitive company of this size in-house would be so easy? I've been doing infrastructure for 25 years and wouldn't want anywhere near this project. but what you will no doubt find is a pool of overconfident volunteers creating exactly the kind of risk outsourcing the problem allowed them to avoid in the first place
The way I understand it is today is when I board on an Airbus I enter an hybrid of a mechanical and digital machine.
I understand there is a lot of complex and sensitive software embedded/hosted on that plane that hopefully are not gonna kill me.
So computers are actually core to their business. They probably almost invented things like PLM too.
Nothing Airbus does is easy, this is why there are only about 2 companies like that in the world. This is why I do not see why their hosting have to be outsourced...
One of the reason is a lot of those "EU Sovereign Clouds" were malicious cash grabs.
It happened several times in the last decade:
- First politicians raise the alarm about "digital sovereignty"
- Then some create new EU sovereign clouds that are pitched/forced on corporations
- They usually do not work, get consolidated and then the scam is revealed
The biggest reveal was when we discovered and warned one of our client the Orange "Sovereign Cloud" (French telco partially owned by the government !) and built to host European most sensitive worloads was just handed over and run by Huawei [0] [1].
They were not the only one who did something like that.
I don't want to put actors like Hertzner in the same bag as they seem to be honest and really compete to offer a cheaper alternative to hyperscalers.
There isnt any irony here. Huawei equipment was investigated by British and German intelligence agencies and was found to have no backdoors. That's why some countries are heavily buying it.
Yes I believe what was revealed about 10-15 years ago about the "mass surveillance" conducted by the US and what is happening in Europe are totally different things.
The US conducts mass surveillance at a planetary scale, as an "Empire". It was implemented secretly by its 3 letter agencies with the help of various actors.
Europe is doing it in the open with laws and regulations and only targets the people in its territories. One simple reason they would have to do this way is they simply have no equivalent in capabilities to the NSA, CIA, etc. or big tech.
Government-insured bank deposits are mostly BS, the fine prints say they have about 10 years to reimburse you and in case of a systemic failure good luck.
In case the bank app, their "system" or your computer is compromised most banks will not reimburse you. It is very easy for them to say you were ultimately responsible for the hack. Very few banks have the policy of taking the loss and it is hard to know which one still do that unless you know someone in their fraud department.
reply