Supply chain compromise is maybe one of the most cyberpunk aspects of modern security. It's not mathematical but it depends on allegiances, power, and money. Is it too late to introduce cryptographic verification into the supply chain in a way that the customer can be secure, or is it too late and a cyberpunk dystopia is the only future? Can mathematics change the meta?
Why would a company go through the trouble of building a factory when the next administration could just reverse the decision four years from now? Building factories will take years
How confident are we that there is a "next administration... four years from now"? I don't know what the number is, but it ain't 100% like it used to be.
The market is huge enough that the fact that something is being considered somewhere doesn’t mean much, right? If I consider building a factory in the woods, but I don’t have two pennies to clack together, does anybody hear it?
Why? If you're the content owner, you should be able to. If you factor out inline code, you will likely just trust your own other domain. When everything is a cdn this can lead to less security not more.
Do you mean people should be banned from inlining Google Analytics or Meta Pixel or Index Now or whatever, which makes a bunch of XHRs to who knows where? Absolutely!
But nerfing your own page performance just to make everything CSP-compliant is a fool's errand.
It is still a medical treatment added to the water supply, and sets a dangerous precedent. This same power if unchecked has the potential for great harm.
As for efficacy, the same (or greater) benefits to enamel hardness can be obtained from using fluoride toothpaste anyway, I do not see the urgency for this. They've stopped fluoridating their water in Scandinavia for years now.
> They've stopped fluoridating their water in Scandinavia for years now.
Note that Scandinavia has naturally high fluorine levels in their groundwater:
> In Sweden, fluoride concentrations in drinking water from water treatment plants have been reported to mostly range between 0 and 1.5 mg/L, with a maximum level of 4.1 mg/L, while in private wells in South-Eastern Sweden, it was found that 24% out of about 4,800 wells exceed 1.5 mg/L. In Norway, a study from 2017 found that 4 of 201 waterworks had fluoride concentrations exceeding guideline value of 1.5 mg F/L. In a study from Western Norway, the fluoride concentration in selected wells ranged from 0.51 to 8.0 mg F/L, and drinking water was the only dietary variable associated with increased risk of dental fluorosis. In Denmark, analyses of drinking water show most sources being low and below 1.5 mg F/L.
In no way does it set a dangerous precedent. Fortifying flour and iodizing salt (both of which could be termed a "medical treatment") were huge successes, with universally positive results and at virtually no cost. Mandating something like this should be done cautiously (in either direction), but fluoride isn't the first, only, or last example of it.
The only difference is that it's rather harder to avoid fluorinated water than iodized salt if one is so inclined, which raises the bar for proof of efficacy and preponderance evidence that it does not cause harm (which has been provided by others in this thread).
> It is still a medical treatment added to the water supply, and sets a dangerous precedent. This same power if unchecked has the potential for great harm.
Fluoridation started in US water supplies 80 (eighty) years ago. The people who set that "dangerous precendent" are all dead now. Seems like we've done OK with that "unchecked potential for great harm".
I mean, come on. Even as a libertarian argument this seems tone deaf in a month where we're literally rolling back the fourth amendment.
Turning everything into Ghibli has renewed my love of photography as I search my phone for the perfect pics to Ghiblify. I didn't even know there was a movie, The Boy and the Heron, released by Studio Ghibli in 2023, but now I am going to watch it (streaming on Max but I might as well buy it if it has replay value, which Studio Ghib movies tend to).
> But, I figured if we enter a dystopian future, evil health care companies or governments could easily get my DNA if they want to and/or simply require that information to get care.
Yes, because you gave it to them. Nihilism undermines any sort of resistance movement against evil.
I think it's a mistake to think that the tyrannical governments of the future will be sophisticated. The way the trend is going, they will be ever more banal. They're not going to target a virus for you, they're going to knock down your door, shout at you, lock you up or shoot you. They likely won't even bother with having chatgpt write up a pretext for it.
That doesn't mean we can do nothing, but it means withholding information won't matter as much as some people think.
There's not much resistance to someone wanting your DNA. It's so trivial to get that you'd basically need to become a hermit to try and prevent it. A hermit that shaves themselves and burns their trash, one that lives with gloves on dyrung every waking hour and disinfects their chair and bed daily.
It's not really something the mass population can physically prevent from a determined actor. Like data, you need to regulate it instead of take excessive preventative measures.
This is a wrong mindset. Just because its technically possible to obtain DNA we should all give it up easily since its already a lost cause? Its one thing if you are specifically targeted for whatever reasons, then yes one is screwed.
Another is to have all info and weaknesses automatically available to 'the man' or more 'the men', no need to make things too easy for them and jump ahead in queue.
>Just because its technically possible to obtain DNA we should all give it up easily since its already a lost cause?
Yes. I'm lazy, and at thaat level of compromised data: it is much easier to disincentivize theft than to worry about theft at every corner. You need to change your approach away from the immediate instincts.
>Another is to have all info and weaknesses automatically available to 'the man' or more 'the men'
They already have it. Fortuately, we made laws disincentivizing them using that stuff without big reprecussions.
>but they can't trawl for me in an existing database.
Sure they can. The government obviously can. Otherwise they just buy data from the decade of tracking data left behind. That's the relatively easier part in comparison to targeted DNA gathering.
Language is weird but I think they are separate concepts in most languages. Other languages just don't use safe as secularly.
Safe inflects from "save", and other languages use phrases like salve, salvar, спаси, to mean saving, usually of the soul but also of health.
Security, inflection of secure, derives from Old English sicor (siker), means more like "sure", or being certain.
So when they talk about public safety or computer security, other langs tend to use the "secure" word rather than the "save" word. Of course in the modern world, we just use the terminology the industry uses, and security has taken on its current meaning of protection.
Interestingly enough, there is a product/service called Secure Your Soul in Cyberpunk 2077, which plays on this same overlap in meaning.
I think you are not understanding how difficult it is for people with types of phobias about germs and illness.
Imagine being obsessive compulsive about cleanliness and germs, then the pandemic comes along. You would never recover from that experience psychologically.
It would be worse than if someone with ophidiophobia woke up one day and snakes were randomly falling from the sky.
The worst of all though is an infection with no symptoms. Like an invisible prison the germ freak can never escape from.
What is bizarre is we pretend there aren't at least hundreds of thousands of people in the country with these type of phobias.
Debian is the most stable distro for a reason. They don't rebase from upstream every 30 minutes because it is a community project. It is wonderful that volunteers have continued the Debian project for so long.
In contrast, Red Hat Enterprise Linux, a distro funded by IBM and countless faceless backers, has recently stopped patching many vulnerabilities, recommending to their users to rely on mitigations instead, despite the availability of upstream patches.
Furthermore, the recent vulnerability threatscape is inundated with CVE hunters who are desperate to call the most minor degradation of service a vulnerability. For a community project (and apparently an enterprise-serving megacorporation), this causes patching fatigue.
Where is the "every 30 minutes" coming from? You and another commenter have both used this identical phrase.It sounds as though the complaint was not because a patch hadn't been applied after 30 minutes, or even 30 days or 30 weeks. More like 30 months.
I said "every 30 minutes" as a piece of hyperbole, in my original comment.
I'm not really sure why everyone is focusing on that phrase, though. I think it's pretty clear if you read any of the source material, as said, that that is not an accurate representation of what was going on, and I would have also expected "every 30 minutes" to be a pretty clearly hyperbolic expectation for anyone to process updates after.
> I'm not really sure why everyone is focusing on that phrase, though
Is everyone focusing on the phrase? I thought I asked about it, and that's all that's happened.
> I would have also expected "every 30 minutes" to be a pretty clearly hyperbolic expectation for anyone to process updates after
I couldn't imagine a benign use of hyperbole in timeliness when some expectations of timeliness are silly, and some are sensible. I thought I'd ask, in case there was a good faith reason for it, rather than just assume you're trying to use insinuation to change people's minds.
