No but "They got banned for uploading child porn to Google Drive" is a correct framing and "google banned a developer for finding child porn" is incorrect.
There is important additional context around it, of course, which mitigates (should remove) any criminal legal implications, and should also result in google unsuspending his account in a reasonable timeframe but what happened is also reasonable. Google does automated scans of all data uploaded to drive and caught CP images being uploaded (presumably via hashes from something like NCMEC?) and banned the user. Totally reasonable thing. Google should have an appeal process where a reasonable human can look at it and say "oh shit the guy just uploaded 100m AI training images and 7 of them were CP, he's not a pedo, unban him, ask him not to do it again and report this to someone."
The headline frames it like the story was "A developer found CP in AI training data from google and banned him in retaliation for reporting it." Totally disingenuous framing of the situation.
"There is important additional context around it, of course,"
Indeed, which is why a comment that has infinitely more room to expand on the context should include that context when they are criticizing the title for being misleading.
Both the title and the comment I replied to are misleading. One because of the framing, the other because of the deliberate exclusion of extremely important context.
Imagine if someone accused you of "Uploading CSAM to Google Drive" without any other context. It's one of the most serious accusations possible! Adding like five extra words of context to make it clear that you are not a pedophile trafficking CSAM is not that much of an ask.
Fair enough. I'd already included the fact about it being a data set in the post once, which seemed clear enough especially when my actual point was that the author did not "find" the CSAM, and by implication were not aware of it. But I have edited the message and added a repetition of it.
I bet the journalists and editors working for 404 will not correct their intentionally misleading headline. Why hold a random forum post buried in the middle of a large thread to a higher standard then the professionals writing headlines shown in 30-point font on the frontpage of their publication?
>Why hold a random forum post buried in the middle of a large thread to a higher standard then the professionals writing headlines shown in 30-point font on the frontpage of their publication?
How many times do I need to repeat that I agree the headline is misleading? Yes, the article here has a shit title. You already made that point, I have already agreed to that point.
If I had an easy and direct line to the editor who came up with the title, I would point that out to them. Unfortunately they aren't on HN, that I'm aware, or I could also write a comment to them similar to yours.
you're enrolling a particular users public/key and encrypting a symmetric key using their public key, not generating a single encryption key which you distribute. You can roll the underlying encryption key at any time and git-crypt will work transparently for all users since they get the new symmetric key when they pull (encrypted with their asymmetric key).
> Version control is pointless
git-crypt solves this for local diff operations. for anything web-based like git{hub,lab,tea,coffee} it still sucks.
> - Unless you are really careful, just one time forgetting to encrypt the vault when committing changes means you need to rotate all your secrets.
With git-crypt, if you have gitattributes set correctly (to include a file) and git-crypt is not working correctly or can't encrypt things, it will fail to commit so no risk there.
You can, of course, put secrets in files which you don't chose to encrypt. That is, I suppose, a risk of any solution regardless of in-repo vs out-of-repo encryption.
I don't understand the correlation here, why does having to release the footage mean that the cities are shutting down the systems?
It seems like they could simply comply with the requirement that footage is public and they can/must share that footage as part of the FOIA process, I don't see much of a downside there and it seems like something which most police departments and municipalities are already doing with footage from other scenarios like body cameras?
They may feel (or their counsel may suggest) that it presents more of a legal risk than it's worth. A prudent city government would have evaluated this before installing such equipment, but maybe we can be generous and imagine that being subject to such litigation revealed a mismatch between their legal evaluation and the judiciary's.
> why does having to release the footage mean that the cities are shutting down the systems?
It means any rando can now retroactively surveil[1] board members' movements, if they choose, rather than the police or rando-at-city-hall selecting targets.
1. This is what the ciry leadership thought of first, hut the general problem is rich/powerful interests who can fight this are now potential targets of surveillance by anyone. Funny how unplanned egalitarianism consistently results in shutdowns of systems designed to work under a power imbalance.
Maybe think about it narrowed down to an individual level - maybe you installed a camera or two around your property for whatever useful reasons like monitoring your children, and then later you find out that you are required to share all of your footage with some other entity (e.g. the police) in a way you did not sign up for. Would you choose to release your footage, or would you take the cameras down?
Or as Thomas stated elsewhere in this thread, they can follow Illinois and just exempt ALPRs from FOIA reach.
ALPR FOIAs have the potential problem of abuse by stalkers and others wanting to track someone (imagine “Hollywood” personæs.)
It’d be a bad precedent to follow, but they could. I wonder what Tiburon will be doing. They’ve had ALPRs since forever as they only have one road in and one road out, so it’s easy for them to do.
Just raw footage and identifying information from cars, if I remember right. You can still make FOIA requests of data the PD keeps on hand from Flock searches.
There is an interesting thing happening in FOIA law here in WA (you'd never notice it from this spammy article, though). A pretty common FOIA exemption is for data not managed by a public body, but via some commercial vendor. FOIA generally only allows you to demand production of (1) actual documents that (2) the public body has (3) on hand (or are generally deemed to have on hand, such as email records).
So it's pretty legally dubious that you can use FOIA to compel production from Flock (you can probably compel, from the public body, any number of reports Flock can generate --- we've done that here for our Flock network and sharing configurations, for instance).
Here it sounds like a WA judge might be saying that some corpus of data Flock maintains is effectively public data. If that's the case, that's a novel interpretation.
Wouldn't this only be true if the camera's are primarily used by non-government entities? Once their income/use is primarily from the government they become an agent of the state and relevant laws apply, no? Wasn't this how they were able to FOIA 'private' parole officers in the south a couple of years back? Or they could 'constructively' construed as being a public entity? Private parole officer, private care providers, etc have all been ruled to in fact be constructively agents of the state and the rules (not necessarily FOIA in each instance, but even tougher constraints that would easily apply as precedent for FOIA) applied to them.
No, that's not how it works. So far as I know, FOIA basically never compels private entities to do anything. It can compel usage by the public body, in many (but not all) cases. But FOIA isn't going to let you crack open an Atlassian (or Flock) database, unless something truly novel happens in FOIA jurisprudence.
We might be talking past each other, because this stuff is subtle. But basically: whoever's doing the actual document production under FOIA, it's got to be a public body. If you're a commercial SAAS serving a public body, and you've got data that FOIA says needs to be produced, that's the public body's problem, not yours.
That is not remotely how it works in Illinois. It's not even how public data held by public bodies works: you can generally only compel production of specific documents that already exist.
> ALPR FOIAs have the potential problem of abuse by stalkers and others wanting to track someone (imagine “Hollywood” personæs.)
the stalker is gonna be a cop with full access to that data though. if its good enough to be in cops hands, who are utterly unaccountable to anyone, its safe enough to be in the general public's too.
My 2 cents: Police body cameras capture events at random locations. These other cameras are fixed in place and can more reliably be used to stalk people.
301 response to a selection of very large files hosted by companies you don't like.
When their AWS instances start downloading 70000 windows ISOs in parallel, they might notice.
Hard to do with cloudflare but you can also tar pit them. Accept the request and send a response, one character at a time (make sure you uncork and flush buffers/etc), with a 30 second delay between characters.
700 requests/second with say 10Kb headers/response. Sure is a shame your server is so slow.
unfortunately, it seems AWS even has firewalls that will quickly start failing these requests after a few thousand, then they're back up to their high-concurrency rate
I like this idea. Here’s how it plays out:
Singapore law enforcement gets involved. They send a nasty-gram to AWS. lawyers get involved. AWS lawyers collect facts.
Find that the culprit is not you, find that you’ve asked for help, find that they (AWS) failed to remediate, properly fix responsibility on the culprit and secondary responsibility on themselves, punch themselves in the crotch for a minute, and then solve the problem by canceling the account of the offending party.
> Find that the culprit is not you, find that you’ve asked for help, find that they (AWS) failed to remediate, properly fix responsibility on the culprit and secondary responsibility on themselves, punch themselves in the crotch for a minute, and then solve the problem by canceling the account of the offending party.
Yeah, lawyers are notorious for blaming themselves and taking responsibility. You definitely won't just get blamed.
A lawyer who can see an easy defence to a path they wish to pursue is going to consider that in their response. If thay defence looks like their own clients vulnerability would be exposed in defence because of their clients action or inaction, their first response will almost certainly be to get the client to fix that action or inaction.
One good reason is that people have written golang adapters, so that you can use sqlite databases without cgo.
I agree to what I think you're saying which is that "sqlite" has, to some degree, become so ubiquitous that it's evolved beyond a single implementation.
We, of course, have sqlite the C library but there is also sqlite the database file format and there is no reason we can't have an sqlite implementation in golang (we already do) and one in pure rust too.
I imagine that in the future that will happen (pure rust implementation) and that perhaps at some point much further in the future, that may even become the dominant implementation.
> should be paid for their services at their standard rates at the time the service is performed
Because by and large they don't want that. They are creatives who would prefer to be invested in their work: Charge less now, putting more into their work in the hope and belief that it will pay off over time. Sometimes it does.
Part of what's wrong with the industry. Steve Albini had a flat fee and was one of the most sought after recording engineers (aka producer but he hated the term). And that was based on the quality of his work moreso than his modest, flat fee.
He usually did the job of a producer but he didn't like the term, as he wanted the artist to get all of the credit for creating the art, even through the producer often plays a big role in the final product.
Producers also often contribute singing, instrument playing, and songwriting, so the distinction between them and the "artist" is pretty flimsy. In ways, artist is as much defined as "the person that gets all of the credit for creating the art" as anything else.
Nothing wrong with rent-seeking when you actually offer something people want, it's optional, and you don't force them with bait-and-switch (all of which are cases of the bad rent-seeking).
Renting a house is rent-seeking too, for example.
Switching Adobe to a subscription service, on the other hand...
I don't think you can call it rent seeking when it's both completely nonessential and 100% the fruit of their labors. If anything, Spotify is rent-seeking.
Same here. I (proudly) had my account there banned for posting the AACS key.
Went to reddit and was not unhappy there for many years, but, aside from some targeted subreddits (/r/beagle!) I rarely spend any time on reddit anymore. The new reddit changes just feel user-hostile and they are aggressively pushing users away from old.reddit.com, it feels like a matter of time before they announce that they are killing old reddit.
Perhaps we are getting old but I also find happiness is inversely proportional to my time spent on social media.
I broadly agree with what you're saying, but, that's not the issue here.
They don't even have a dedicated status/outage page, afaik.
The website being down is a more classic problem. The outage probably increased traffic to their website by 1000x if not more and the infrastructure for the website simply couldn't cope.
Good lesson on keeping your status infrastructure simple and on something which is highly scalable.
Having a CDN where the main page of their site was 99% cached globally would have probably mitigated this issue.
There is important additional context around it, of course, which mitigates (should remove) any criminal legal implications, and should also result in google unsuspending his account in a reasonable timeframe but what happened is also reasonable. Google does automated scans of all data uploaded to drive and caught CP images being uploaded (presumably via hashes from something like NCMEC?) and banned the user. Totally reasonable thing. Google should have an appeal process where a reasonable human can look at it and say "oh shit the guy just uploaded 100m AI training images and 7 of them were CP, he's not a pedo, unban him, ask him not to do it again and report this to someone."
The headline frames it like the story was "A developer found CP in AI training data from google and banned him in retaliation for reporting it." Totally disingenuous framing of the situation.
reply