Depends on the vendor for the specifics. In general, they don’t protect against an attacker who has gained persistent privileged access to the machine, only against theft.
Since the key either can’t leave the tpm or is useless without it (some tpms have one key that it can never return, and will generate a new key and return it encrypted with it’s internal key. This means you get protection but don’t need to worry about storage on the chip), the attacker needs to remain undetected on the server as long as they want to use it, which is difficult for anyone less sophisticated than an advanced persistent threat.

The Apple system, to its credit, does a degree of user and application validation to use the keys. Generally good for security, but it makes it so if you want to share a key between users you probably won’t be using the secure enclave.

Most of the trust checks end up being the tpm proving itself to the remote service that’s checking the service. For example, when you use your phones biometrics to log into a website, part of that handshake is the tpm on the phone proving that it’s made by a company to a spec validated by the standards to be secure in the way it’s claiming.

Package signing is used to make sure you only get packages from sources you trust.
Every Linux distro does it and it’s why if you add a new source for packages you get asked to accept a key signature.

For a long time, the keys used for signing were just files on disk, and you protected them by protecting the server they were on, but they were technically able to be stolen and used to sign malicious packages.

Some advanced in chip design and cost reductions later, we now have what is often called a “secure enclave”, “trusted platform module”, or a general provider for a non-exportable key.
It’s a little chip that holds or manages a cryptographic key such that it can’t (or is exceptionally difficult) to get the signing key off the chip or extract it, making it nearly impossible to steal the key without actually physically stealing the server, which is much easier to prevent by putting it in a room with doors, and impossible to do without detection, making a forged package vastly less likely.

There are services that exist that provide the infrastructure needed to do this, but they cost money and it takes time and money to build it into your system in a way that’s reliable and doesn’t lock you to a vendor if you ever need to switch for whatever reason.

So I believe this is valve picking up the bill to move archs package infrastructure security up to the top tier.
It was fine before, but that upgrade is expensive for a volunteer and donation based project and cheap for a high profile company that might legitimately be worried about their use of arch on physical hardware increasing the threat interest.

Yeah, it’s definitely faster, but I’m not sure it’s going to make too much of a difference for a Minecraft server.

With setting it up being a bit annoying by hand, I’d still rank the router option higher even if it’s a worse VPN. Otherwise you risk ending up in that yak shaving situation where you’re fighting with routing tables and DNS when you wanted a Minecraft server.

Oh for sure. What I meant was “check router for a built in VPN and use it if it has one, otherwise use wireguard because it’s the easiest”.

The specific VPN doesn’t really matter so much. The built-in one would be the easiest, so checking for a solution that took a few clicks is worth it. :)

I would use something like wireguard, or another VPN service you can host yourself if your router supports it natively.

From the looks of it Minecraft servers seem to have dogshit authentication, so using some form of private network setup is going to be your best move.

Eeeh, I still think diving into the weeds of the technical is the wrong way to approach it. Their argument is that training isn’t copyright violation, not that sufficient training dilutes the violation.

Even if trained only on one source, it’s quite unlikely that it would generate copyright infringing output. It would be vastly less intelligible, likely to the point of overtly garbled words and sentences lacking much in the way of grammar.

If what they’re doing is technically an infringement or how it works is entirely aside from a discussion on if it should be infringement or permitted.

Basing your argument around how the model or training system works doesn’t seem like the best way to frame your point to me. It invites a lot of mucking about in the details of how the systems do or don’t work, how humans learn, and what “learning” and “knowledge” actually are.

I’m a human as far as I know, and it’s trivial for me to regurgitate my training data. I regularly say things that are either directly references to things I’ve heard, or accidentally copy them, sometimes with errors.
Would you argue that I’m just a statistical collage of the things I’ve experienced, seen or read? My brain has as many copies of my training data in it as the AI model, namely zero, but “Captain Picard of the USS Enterprise sat down for a rousing game of chess with his friend Sherlock Holmes, and then Shakespeare came in dressed like Mickey mouse and said ‘to be or not to be, that is the question, for tis nobler in the heart’ or something”. Direct copies of someone else’s work, as well as multiple copyright infringements.
I’m also shit at drawing with perspective. It comes across like a drunk toddler trying their hand at cubism.

Arguing about how the model works or the deficiencies of it to justify treating it differently just invites fixing those issues and repeating the same conversation later. What if we make one that does work how humans do in your opinion? Or it properly actually extracts the information in a way that isn’t just statistically inferred patterns, whatever the distinction there is? Does that suddenly make it different?

You don’t need to get bogged down in the muck of the technical to say that even if you conceed every technical point, we can still say that a non-sentient machine learning system can be held to different standards with regards to copyright law than a sentient person. A person gets to buy a book, read it, and then carry around that information in their head and use it however they want. Not-A-Person does not get to read a book and hold that information without consent of the author.
Arguing why it’s bad for society for machines to mechanise the production of works inspired by others is more to the point.

Computers think the same way boats swim. Arguing about the difference between hands and propellers misses the point that you don’t want a shrimp boat in your swimming pool. I don’t care why they’re different, or that it technically did or didn’t violate the “free swim” policy, I care that it ruins the whole thing for the people it exists for in the first place.

I think all the AI stuff is cool, fun and interesting. I also think that letting it train on everything regardless of the creators wishes has too much opportunity to make everything garbage. Same for letting it produce content that isn’t labeled or cited.
If they can find a way to do and use the cool stuff without making things worse, they should focus on that.

True, but doctors will still recommend it because of you tell people they can’t have any seasoning they might just ignore you.
If you tell them they can have the other stuff, they’ll find it much easier to comply and it’s still much better.

As written the headline is pretty bad, but it seems their argument is that they should be able to train from publicly available copywritten information, like blog posts and social media, and not from private copywritten information like movies or books.

You can certainly argue that “downloading public copywritten information for the purposes of model training” should be treated differently from “downloading public copywritten information for the intended use of the copyright holder”, but it feels disingenuous to put this comment itself, to which someone has a copyright, into the same category as something not shared publicly like a paid article or a book.

Personally, I think it’s a lot like search engines. If you make something public someone can analyze it, link to it, or derivative actions, but they can’t copy it and share the copy with others.

An object will always follow the shortest path between two points in spacetime.

When it’s sitting alone in the universe, the shortest path is to move through time from A to B.

When other things are present to also curve spacetime the shortest path can entail accelerating in space and slowing in time (from the viewpoint of us, the omniscient massless observer floating nearby pointedly not having any casual interactions).

So, you’re correct that active emergencies take priority.

That being said, in essentially every place that has 911, both numbers connect to the same place and the only real difference is pick-up order and default response.
It’s the emergency number not simply because it’s only for emergencies but because it’s the number that’s the same everywhere that you need to know in the event of an emergency.

It should be used in any situation where it should be dealt with by someone now, and that someone isn’t you. Finding a serious crime has occurred is an emergency, even if the perpetrator is gone and the situation is stable.
A dead person, particularly a potential murder, generally needs to be handled quickly.

It’s also usually better to err on the side of 911, just in case it is an emergency that really needs the fancy features 911 often gives, like location lookups.

That is a good point.
On the flip side, they’re not largely selling something that has any physical finiteness to it anymore, and the sales volumes have increased drastically, resulting in significantly higher profits despite a smaller inflation adjusted unit cost.

The cost of a good decreasing as an industry matures feels right. Jello cost 23¢ a box in 1940. Adjusted for inflation it should cost $5.17 a box now, but it’s only $1.59.
When there’s 2 games to buy, they can be justifiably more expensive than when there’s a massive surplus.
The games are different, but it’s not like consumers can’t find a different one they’ll also enjoy if the first one they look at is too expensive.

Inflation has made $60 less valuable, but they’re not selling to the same market that they were 30 years ago either.
It’s hard to use inflation to justify raising prices or adding exploitative features when you’re already seeing higher inflation adjusted profits due to a larger more accessible market, lower risk due to reduced publishing overhead, and more options for consumers, which would be expected to bring prices down.

So that’s what third party cookies are. What this does is make it so that when you go to example.com and you get a Google cookie, that cookie is only associated with example.com, and your random.org Google cookie will be specific to that site.

A site will be able to use Google to track how you use their site, which is a fine and valid thing, but they or Google don’t get to see how you use a different site. (Google doesn’t actually share specifics, but they can see stuff like “behavior on one site led to sale on the other”)

In the sense that they have a manager? Sure. In the sense that there’s one individual dictating the design of the software? I’ve never even been on a team with that dynamic, to say nothing of the entire codebase.

Modern software teams tend to eschew design by decree.

What’s the dynamic that you’re thinking is typically what teams use?

I’m not sure I’d construe a manual you can find, or a variety of guides, as a negative. :) most days my usage of git consists of “pull, commit, push, merge” in different orders. You might be overestimating how much effort goes in to managing the tool.

Most of my professional experience has been working on projects that consist of multiple teams of between 4-6 developers, and between 5 and 40 teams. I’m not entirely sure what you mean about git not mirroring the development patterns of most “real life” projects.
“Real” projects are frequently developed by groups of people working on the same goal adjacent to other groups working on related but distinct goals.

We very clearly work in different professional environments. :)

In no particular order: Administrating a git server is similarly trivial. A repository is a folder (easy to backup, easy to repair, easy to host), and setting up a new server usually a matter of ssh key management. Don’t even need to install sqlite or anything beyond the git package. Or, because the tool has wide support, you can install a wide selection of tools that manage it for you, or use a free hosting service, or a paid one.

I’m startled that you would say you can’t think of anyone who would care. My entire professional experience has been developer stories about bad jobs often include details about using old or esoteric VCS systems, usually met with “ew” or “wtf” comments. Sets the flavor of the story.
Personally, in a business environment, I would take using anything except git for the org as a red flag. It’s a sign that someone in leadership at the company values doing things unrelated to the core mission “their way” above doing it the easy or “paved path” way.

The standard tool is indeed not constant. Before git existed, using CVS would have been the better choice, as well as for years afterwards until it had clearly been usurped. Most projects aren’t Linux when it made the switch to git.

You joke that no one really “knows” git, but… This is literally the first time I’ve ever seen a fossil command. I just searched for “fossil manual” and I get analog watches. It’s not even available in any of my systems package managers.
Developer familiarity is a big advantage that I think you’re downplaying in comparison to “there are metadata files in .git”, which I don’t know has ever been relevant to me in any significant way.
(Also, I thought the different systems all work basically the same? 😛)

I’d handily agree people should be using the best tool for the job. Familiarity and ease of use are significant factors in what makes a tool better.
Ability to integrate with other tools is also a major factor. Setting up continuous integration or code review tools with git is trivial with any number of different systems.

What are any of the tools you’re using doing better than git? The biggest selling point you’ve shared for fossil is that it’s functionally similar to git, and that it has better merging. I can’t find anything related to merge conflicts outside of years old forum posts, and barely anything relating to merges at all, so I’m not entirely certain what makes it “better”.

If it’s biggest advantage is that it’s similar enough to git that you can pick it up fast, why wouldn’t I just use git?

Like I said, there are always factors.

For a company starting from scratch though, the usage base factor becomes vastly more significant.
Using a tool that radically limits your integration capabilities is a poor choice, to say nothing of most likely needing to onboard every new employee to an entirely new VCS.

I don’t know that I’ve encountered anyone using svn that wasn’t interested in moving in recent memory, so “developer experience” would be a reason to move.

Of course it’s not the only factor, but all things being equal, the most prevalent tool should be preferred.

Why?

How does fossil or svn protect you from a remote server going down making it’s contents unavailable?

Are those advantages worth others not knowing how, or caring to bother, to access or contribute to your software?

What are you gaining by eschewing what is effectively the standard tool?

File1, file2, file_3.new, etc would be bizarrely stupid. A home rolled solution involving rsync, tar, gzip, crons or inotify would also be bizarrely stupid.

https://en.wikipedia.org/wiki/List_of_version-control_software anything on that list that’s marked anything other than “active” as a more serious answer. So like DCVS, visual source safe, or bitkeeper. Anything that’s not getting bug fixes or maintenance.

Anything that doesn’t have significant enough usage to give confidence that bugs or glitches are being caught by common usage would be risky, since you don’t want to be the person to find that edge case.

There’s things other than git that aren’t wrong, but I see little compelling reason not to use the most ubiquitous tool.