I feel this is a facile interpretation of the phrase, kind of like complaining that "Measure Twice Cut Once" would lead to selling illegally adulterated flour. A more steel-man interpretation of POSIWID--the way I think it's intended to be understood--would be:

"The practical outcomes of a system over the long-term reveal something important of the the true-preferences of the various interests which control that system, and these interests may be very different from the system's stated goals."

> The purpose of a cancer hospital is to cure two-thirds of cancer patients... These are obviously false. The purpose of a cancer hospital is to cure as many patients as possible, but curing cancer is hard, so they only manage about two-thirds.

I don't see the contradiction here. The purpose of a cancer hospital is to cure as many patients as possible. "What it does" is cure as many patients as possible. The fact that as many patients as possible is currently (presumably) two-thirds is irrelevant. If major advancements in medicine or new types of cancer emerged which changed the percentage of people cured it wouldn't matter at all. "What it does" and "the purpose of the system" is still unchanged.

“If a system is maintained over an extended period and has observed behavioral traits that are consistent within that period, that is, in itself, strong evidence that those behavioral traits are consistent with the purpose for which the system is permitted to exist” is kind of a mouthful, though, and there is value in succinctness.

(Although there is another message, there, too: “the purpose of a system, insofar as it can be said to exist separate from what it actually does, has no weight in justifying the system’s existence or design”.)

Great read. I've always noticed that the type of argument invoked is often less telling than when and in which context you invoke that argument.

You can make a lot of claims and they can match to reality a lot - normally people think of evaluating things in terms of a strict "does this fit or does this not", but it's often the meta-style (why do you keep bringing up that argument in that context?) that's important, even if it's not "logically bulletproof".

Wow that post is bad. The author clearly never actually attempted to understand what POSWID actually means and where it is coming from. Perhaps, instead of looking at Twitter, they should have opened Wikipedia. Or, better yet, Stafford Beers books (though admittedly, he was a pretty atrocious writer).

The follow-up is slightly better. But still not very convincing, IMO. They get far too stuck on a literal interpretation. Of something that self-describes as a heuristic.

> what POSWID actually means

The phrase does not make more sense even if we go all the way back to Beers. I certainly don't feel alone in not understanding how he went from his (fair) observation that "[There's] no point in claiming that the purpose of a system is to do what it constantly fails to do" to his more controversial conclusion: "The purpose of a system is what it does (aka POSIWID)".

Surely, there were many more sensible (but perhaps less quippy) stops between the two.

> perhaps less quippy

Being quippy is the point. That's how aphorisms work: creating a short, pithy distillation of a complex argument, that you can then use pars pro toto to make a point.

I certainly agree that POSWID is easily (and perhaps frequently) misused. But that doesn't invalidate it in general.

No but then the next step is "well we need a way to enforce it because people are just lying about their age".

I guess let me show a slope I found over here, just past the boiling frogs, watch your footing though, it's recently been greased and is quite steep.

I was just at some .gov site from another HN post. It asked are you Over 18, I clicked No out of curiosity. Showed Access Denied, but the buttons stayed. I clicked Yes, and got in. I don't attribute to stupidity that which is clear malice. They'd don't actually give a flying fuck about what "kids" can get to, they only care about controlling everyone, of every age, as much as they possibly can.

Similar thing while printing postal labels. “Does this package contain any explosives” and I fat fingered yes. Tells me explosives can’t be mailed. Go back, say “no,” print label.

I agree, I don’t like it as much as you do. I’m just saying nothing short of a mandated TPM will actually enforce this. I think they know that.

I think this is mostly for show to stay relevant wrt. What is happening in the courts. This is the Same play as it always been for registration “are you over the age of 13?”

Which begs the question if Microsoft's stubborn insistence on TPM 2.0 for Windows 11 to operate was something planned out in advance of this law being proposed.

I read a FUD somewhere about Cinavia (the sound-muting DRM) being implemented on OS level by implementing it on SGX enclave level. That obviously didn't happen, but imagine if TPM was used for that too (or similar DRM).

How does a TPM stop people from lying about their age?

Remember

Contraceptive companies are competitors to all other companies.

Until we meet again!

I have 4 kids (all under 12) and make quite a bit less than $200k with me being the only provider in the home and although I wouldn't say we're exactly where I want to be financially I don't think that were completely bankrupt.

I'll be honest my initial read of the headline caused me th think they were have MS Copilot act as the new head of Xbox, not the person taking over Xbox used to be the guy in charge of an AI product.

Would it make a difference?

How do we know Asha is not AI. She certainly looks the part.

When I first started using the Internet there were 3 rules that were pounded into my head repeatedly.

1. Don't believe everything or anything you read or see on the Internet.

2. Never share personal information about yourself online.

3. Every man was a man, every woman was a man and every teenager is an FBI agent.

I have yet to find a problem with the Internet thats isn't because of breaking one of the above rules.

My point being you couldn't ever trust the Internet before anyways.

You've always needed skepticism, of course. But it used to be if you came across an article about a super obscure video game from the early 90s (referencing the blog post here) you could be reasonably sure that it wasn't completely made up. There just wasn't the incentive to publish nonsense about super niche things because it took time and effort to do so.

Now you can collate a list of thousands of titles and simply instruct an LLM to produce garbage for each one and publish it on the internet. This is a real change, IMO.

You forgot Fido's Corollary:

3a. ... and nobody knows if you're a dog.

Yeah when I was 10 someone told me not to believe everything I read too. But guess what, that's kinda useless advice because consulting reference material is a necessity and there are wide variations in the quality of reference material. This sort of 'don't trust anyone' heuristic can just as easily lead to conclusions that the earth is flat, the moon landing never happened, vaccinations are the leading cause of disease etc.

So my wife has a CGM and is stuck with a fancy pump that is supposed to "automatically" coordinate with her sensor to deliver or reduce insulin when it detects her numbers are too high/low.

I've always been suspicious of the yahoos writing the software that controls these kinds of devices being a security guy and all.

But I also would love to participate in, contribute to or help in any way with reverse engineering, open sourcing, or in some other way making it so that my wife's life isn't dependent upon the quality of software developed by the lowest bidder they could outsource it to.

If anyone knows how I could help please let me know who to reach out to.

I worked at medtronic in the early 2000's (early paradigm pumps) and were evaluating wireless protocols and security... at the time we determined it was impossible to secure, once the FDA approved another device maker that did have connectivity there was a scramble to catch up. (this was palmos/pocketpc era). It was fun work but I always remembered how insanely detailed the code was, 8bit low power microcontrollers (some 16bit) but really really really tight C code. Then the demand for remote control happened and that really crapped the bed. https://www.medtronic.com/en-us/e/product-security/security-...

The amazing developer Scott Hanselman built on a PalmOS app to store readings and if I recall correctly wore 2 pumps with fast/slow insulin... he had a cybernetic pancreas in the mid-2000's.

There is an open source project using older pumps and somewhat older CGMs (Dexcom G6 and prior)

https://openaps.org/

I'm using Openaps with Omnipods. Nice not having to deal with proprietary apps.

Currently using Libre as sensor, luckily without their shit app. Dexcom was easier to set up.

Android APS, and xDrip. Getting watches to allow ble connection for CGMs is a great RE opportunity. It is really hard to have stable bluetooth connections.

Since you’re in security, you may enjoy this write up of decrypting the app database with glucose readings and third party API keys - https://www.frdmtoplay.com/freeing-glucose-data-from-the-fre...

"Over a year, we collected 4,900 summaries. When we analysed them, we found that six of ten models systematically exaggerated claims they found in the original texts"

So it turns out llms trained largely on Internet science articles make the same mistakes as are made by science journalists.

Just imagine how easy this pirate list could be turned into a "misinformation" list. Makes you think.

Wait till you know that airplanes and landlords also maintain secret, unregulated lists.

> Sometime in early May 2024, ARRL’s systems network was compromised by threat actors (TAs) using information they had purchased on the dark web. The TAs accessed headquarters on-site systems and most cloud-based systems

So someone was using the same password for the work and personal stuff and no one has ever bothered prioritizing 2FA got it.