Note that this outage by itself, based on their chart, was kicking out errors over the span of about 8 hours. This one outage would have almost entirely blown their downtown allowance under 99.9% availability criteria.

If one big provider actually provided 99.9999%, that would be 30 seconds of all outages over a typical year. Not even long enough for people to generally be sure there was an ‘outage’ as a user. That wouldn’t be bad at all.

Problem is that it isn’t that simple. The general fact we do know is that the atmosphere will be more energetic and, on average, the globe will be hotter. The more energetic facet means more weather activity and changes to various currents. So local weather may be more impacted by a change in wind current temperature wise. The change in storm activity may be the bigger concern rather than temperatures. We don’t know how much viable agriculture will be possible or exactly where it will be. Also there’s the question of soil quality. It’s a dangerous gambit to assume a straightforward “Lots of snowy land now means lots of agriculture in a warmed globe”.

One this is all speak to convince investors to throw money, so they’ll cheer pick their interpretation.

In this case I think they refer to already having the real estate, buildings, power and cooling. So “all” they have to do is rip out their rigs and dump a bunch of nVidia gear in. All they need is just a few hundred million from some lucky investors and they will be off…

Same way a lot of the “ai” companies make money, investors that have no idea but want to get in on the ground floor of the next nVidia or openai.

So he’s going to get Epsteined before that can happen …

Which is a bonkers argument. You still have all that choice out there, a Windows user just chose an option that is less compatible with the other options. There are fair arguments as to why it is impractical for some, but choice is the least of the problems.

I continue to think at least his administration, maybe not him specifically, drove prices up in 2025 on purpose.

Imagine midterm campaign ads, bragging about how prices have decreased, and citing annual percentage decrease. Damn near impossible when you are always trying your best to manage affordability but perhaps actually doable if you blow things up the year prior.

If they did somehow cut a partial rebate check from the tariffs right smack in the middle of midterm campaigns, they brag about lower prices and people feel the weight of that bonus in their pocket, even if it was their own money in the first place. Lots of people act like tax refund is some sort of spring bonus instead of repayment of a 0% loan they have to the government.

In short, they are going to win midterms by botching the off year.

I have been predicting that the tariffs will be dropped as we go into midterms. They are going to have so many campaign ads about bringing pruces so far down year over year…

So much easier to make a metric good if you screw it up first.

I’m thinking this dog:

I get the sentiment, but the steam machine will have an x64 processor…

The VR headset won’t, but the PC will…

"This is this person’s view, who was there for a lot of this, but that he was into the barely legal type. Like, he liked 15-year-old girls,

That’s not ‘barely legal’…

Well even with your observation, it could well be losing share to Mac and Linux. The Windows users are more likely to jump ship, and Mac and Linux users tend to stick with the platform more, mainly because it’s not actively working to piss them off. Even if zero jump to Mac or Linux, the share could still shift.

The upside of ‘just a machine to run a browser’ is that it’s easier than ever to live with Linux desktop, since that nagging application or two that keeps you on Windows has likely moved to browser hosted anyway. Downside of course being that it’s much more likely that app extracts a monthly fee from you instead of ‘just buying it’.

Currently for work I’m all Linux, precisely because work was forced to buy Office365 anyway, and the web versions work almost as well as the desktop versions for my purposes (I did have to boot Windows because I had to work on a Presentation and the weird ass “master slide” needed to be edited, and for whatever reason that is not allowed on the web). VSCode natively supports linux (well ‘native’, it’s a browser app disguised as a desktop app), but I would generally prefer Kate anyway (except work is now tracking our Github Copilot usage, and so I have to let Copilot throw suggestions at me to discard in VSCode or else get punished for failing to meet stupid objectives).

“Agentic” is the buzzword to distinguish “LLM will tell you how to do it” versus “LLM will just execute the commands it thinks are right”.

Particularly if a process is GUI driven, Agentic is seen as a more theoretically useful approach since a LLM ‘how-to’ would still be tedious to walk through yourself.

Given how LLM usually mis-predicts and doesn’t do what I want, I’m no where near the point where I’d trust “Agentic” approaches. Hypothetically if it could be constrained to a domain where it can’t do anything that can’t trivially be undone, maybe, but given for example a recent VS Code issue where it turned out the “jail” placed around Agentic operations turned out to be ineffective, I’m not thinking too much of such claimed mitigations.

My career is supporting business Linux users, and to be honest I can see why people might be reluctant to take on the Linux users.

“Hey, we implemented a standard partition scheme that allocates almost all our space to /usr and /var, your installer using ‘/opt’ doesn’t give us room to work with” versus “Hey, your software went into /usr/local, but clearly the Linux filesystem standard is for such software to go into /opt”. Good news is that Linux is flexible and sometimes you can point out “you can bind mount /opt to whatever you want” but then some of them will counter “that sounds like too much of a hack, change it the way we want”. Now this example by itself is mostly simple enough, make this facet configurable. But rinse and repeat for just an insane amount of possible choices. Another group at my company supports Linux, but just as a whole virtual machine provided by the company, the user doesn’t get to pick the distribution or even access bash on the thing, because they hate the concept of trying to support linux users.

Extra challenge, supporting an open source project with the Linux community. “I rewrote your database backend to force all reads to be aligned at 16k boundaries because I made a RAID of 4k disks and think 16k alignment would work really well with my storage setup, but ended up cramming up to 16k of garbage into some results and I’m going to complain about the data corruption and you won’t know about my modification until we screen share and you try to trace and see some seeks that don’t make sense”.

Except he directly said just that.

Generally I agree that often he’ll make some flub and a bigger deal is made of it. Like with the ‘Miracle Mile’ vs. ‘Maginficent Mile’ thing, he said the wrong thing but that’s the least of the problems with that story and a fairly mundane and understandable mistake to make.

This time the statement is exactly as said, though real world consequences for it are similarly low.

People’s laziness?

Well yes, that is a huge one. I know people who when faced with Google’s credible password suggestion say “hell no, I could never remember that”, then proceed to use a leet-speak thinking computers can’t guess those because of years of ‘use a special character to make your password secure’. People at work giving their password to someone else to take care of someething because everything else is a pain and the stakes are low to them. People being told their bank is using a new authentication provider and so they log dutifully into the cited ‘auth provider’, because this is the sort of thing that (generally not banks) do to people.

to an extent

Exactly, it mitigates, but still a gap. If they phish for your bank credential, you give them your real bank password. It’s unique, great, but the only thing the attacker wanted was the bank password anyway. If they phish a TOTP, then they have to make sure they use it within a minute, but it can be used.

actually destroys any additional security added by 2fa

From the user perspective that knows they are using machine generated passwords, yes, that setup is redundant. However from the service provider perspective, that has no way of enforcing good password hygiene, then at least gives the service provider control over generating the secret. Sure a ‘we pick the password for the user’ would get to the same end, but no one accepts that.

But this proves that if you are fanatical about MFA, then TOTP doesn’t guarantee it anyway, since the secret can be stuffed into a password manager. Passkey has an ecosystem more affirmatively trying to enforce those MFA principles, even if it is, ultimately, generally in the power of the user to overcome them if they were so empowered (you can restrict to certain vendor keys, but that’s not practical for most scenarios).

My perspective is that MFA is overblown and mostly fixes some specific weaknesses: -“Thing you know” largely sucks as a factor, if I human can know it, then a machine can guess it, and on the service provider there’s so much risk that such a factor can be guessed at a faster rate than you want, despite mitigations. Especially since you generally let a human select the factor in the first place. It helps mitigate the risk of a lost/stolen badge on a door by also requiring a paired code in terms of physical security, but that’s a context where the building operator can reasonably audit attempts at the secret, which is generally not the case for online services as well. So broadly speaking, the additional factor is just trying to mitigate the crappy nature of “thing you know” -“Thing you have” used to be easier to lose track of or get cloned. A magstripe badge gets run through a skimmer, and that gets replicated. A single-purpose security card gets lost and you don’t think about it because you don’t need it for anything else. The “thing you have” nowadays is likely to lock itself and require local unlocking, essentially being the ‘second factor’ enforced client side. Generally Passkey implementations require just that, locally managed ‘second factor’.

So broadly ‘2fa is important’ is mostly ‘passwords are bad’ and to the extent it is important, Passkeys are more likely to enforce it than other approaches anyway.

Ok, I’ll concede that Chrome makes Google a relatively more popular password manager than I considered, and it tries to steer users toward generated passwords that are credible. Further by being browser integrated, it mitigates some phishing by declining to autofill with the DNS or TLS situation is inconsistent. However I definitely see people discard the suggestions and choose a word and think ‘leet-speak’ makes it hard (“I could never remember that, I need to pick something I remember”). Using it for passwords still means the weak point is human behavior (in selecting the password, in opting not to reuse the password, and in terms of divulging it to phishing attempt).

If you ascribe to Google password manager being a good solution, it also handles passkeys. That removes the ‘human can divulge the fundamental secret that can be reused’ while taking full advantage of the password manager convenience.

Password managers are a workaround, and broadly speaking the general system is still weak because password managers have relatively low adoption and plenty of people are walking around with poorly managed credentials. Also doesn’t do anything to mitigate a phishing attack, should the user get fooled they will leak a password they care about.

2FA is broad, but I’m wagering you specifically mean TOTP, numbers that change based on a shared secret. Problems there are: -Transcribing the code is a pain -Password managers mitigate that, but the most commonly ‘default’ password managers (e.g. built into the browser) do nothing for them -Still susceptible to phishing, albeit on a shorter time scale

Pub/priv key based tech is the right approach, but passkey does wrap it up with some obnoxious stuff.

Passkeys are a technology that were surpassed 10 years before their introduction

Question is by what? I could see an argument that it is an overcomplication of some ill-defined application of x509 certificates or ssh user keys, but roughly they all are comparable fundamental technologies.

The biggest gripe to me is that they are too fussy about when they are allowed and how they are stored rather than leaving it up to the user. You want to use a passkey to a site that you manually trusted? Tough, not allowed. You want to use against an IP address, even if that IP address has a valid certificate? Tough, not allowed.

This assumes this is an annual thing and not a one-time stunt.

I think this is a potential component in a ‘2025 sucks to make 2026 look better’.

Imagine that they use part of the tariff revenue over 18 months to issue a check roughly that size right smack dab in the middle of midterm campaign season. Maybe also implementing one of those random tariff pauses, say, 90 days covering the tail end of election season to get prices to maybe come down. If there’s one thing they should have learned is that the average person sincerely loves getting their own money back without interest and views it as a ‘nice bonus’, like they do every April.

So they drive prices up in 2025, then use some of that to ‘stimulus’ the voters as they implement pricing relief…

I think everything is coming together for them to win the midterms. People have already forgotten about USAID and similar, and maybe associate that more with Musk than Trump. People are pissed about the inflation but this would likely erase that concern particularly if they ease up for election season. They endangered people by taking away SNAP, but democrats caved and the Republicans have a chance to make short term healthcare extension and vindicate their ‘democrats caused this by being stubborn’ narrative. Further, since open enrollment closed and it’s “too late”, one thing I heard floated was implementing the subsidy as a cash rebate to those that would have benefited, and just like this refund here, that goes even further than reducing the costs in the minds of the voters. If they want a little boost they can also do things like throw RFK Jr. under the bus and install a vaguely credible person in his position, to illustrate they can improve things.