The whole point of the sequence is that there's no chance that these "badass penguins" are going to make new species. There's no food where they're monomaniacally heading. They're going to die.
Mother Nature doesn't give a shit, that's worth remembering. For the scenarios where two species in an arms race wipe each other out aren't somehow more or less desirable than other outcomes, it's just a thing which happened. Meh.
Sure. That's not required for natural selection to work.
But any species that reliably returns to its birthplace like penguins and salmon and elephants must have some tiny proportion of the population that wanders off and gets lost occasionally to be able to spread to new areas.
Sometimes it'll be a storm or a big ice crevasse that does it, but there's no reason it can't sometimes be this.
A lone penguin wandering off is never going to create a new, badass species. There would need to be an entire group of penguins breaking off to establish a new population and eventually a new species. And they don't necessarily become more badass, just different; whatever alleles the founders had will be more consistently expressed in the new population, and eventually they may diverge enough to be a new species. Regardless, this penguin is marching off to die alone.
> A lone penguin wandering off is never going to create a new, badass species.
Sure. But two might.
Or the behavior may sometimes benefit the colony a few coves over with some new genes every so often.
See also: Homosexuality in various animals, including humans. Individually, not great for your genes' survival. Collectively, seems to have enough of an advantage to the species to not be selected out.
> Homosexuality in various animals, including humans. Individually, not great for your genes' survival.
Alot of theories, mostly the less rigorous ones, rely on group selection. But the strongest ones rely on classic genetic selection where homosexuality does directly benefit their genes, and specifically the homosexuality gene. For example, one well-known experimental study looked at siblings and, IIRC, found that the sisters of male homosexuals were more fecund. One of the theories was that a gene which in men promoted homosexuality had the effect in women of promoting reproduction by increasing sexual attraction to men. Genetic selection through survival and reproduction principally acts on genes singularly, not the whole animal, let alone species, which are derivative effects that we too often conflate with the core dynamic. Of course, an alternative explanation in this case might be that male homosexuals can help provide more resources to their siblings, which given the degree of genetic relatedness doesn't require relying on a group selection effect; but it's more tenuous and less plausible than the explanation relying on a very straight-forward selection effect directly increasing replication success of a specific gene. Reproductive success isn't about whether the specific molecular copy of a gene replicates successfully through a lineal chain, but the success of any copy of itself, anywhere, no matter how distant from a shared meiosis event (or, in principle, any shared meiosis event).
The wandering penguin notion can be analyzed in the same way. A gene that induces wandering, which in all but an utterly minuscule number of cases results in a dead-end, may superficially seem to be counter productive when judged in isolation. But is it? How are new colonies formed, and who (or what) benefits if and when a new colony grows and thrives? Not just the species, but the specific wandering gene will see massive reproductive success as the new colony grows, at least initially.
Of course, a "gene" is an amorphous thing, and intuitively wandering needs to be attenuated, so maybe the relevant "gene" here isn't just something that makes them wander, but the whole package of DNA that also encompasses regulation of propensity as manifest through the population. But we don't necessarily have to cheat that way, either. Most of the time the wandering gene would be a net negative and find itself slowly winnowed out of the population. But as long as it survives somewhere in the population long enough to induce new colony formation and benefit from a short explosion in reproductive success, it'll survive, at least globally. Heck, maybe in long-established colonies it disappears completely, only to be reintroduced by wandering penguins from younger colonies. We don't need to zoom out and model how it interacts with all the other genes until we've zoomed out so much we end up in the position of positing a group selection effect. That's the beauty of Darwinian genetic selection--all this complexity arises from a very simple dynamic that in almost all cases can be accurately and predictively modeled by just looking at specific genes in isolation, fundamentally independent of the species and, strictly speaking, even of kin groups and individual animals; and what exceptions do exist don't require zooming out nearly as much as people tend to do.
It's convenient that colonies of penguins only live where there is food. One wonders how they got there, perhaps god set them there to live for eternity.
I get what you're saying and all, but when you look back across the hundreds of millions of years of evolution, the whole reason humans exist is the extreme and sometimes arbitrary individual choices and "that never happens" situations that are exceptions to niche saturation. You could take the glass half empty, cold and pragmatic view and focus on the fact that millions, or maybe even tens of millions of antisocial/adventurous/moronic penguins have to get wanderlust and die frozen and alone before you might even get a single successful breeding pair, but who wants to look at life like that?
Most badass penguins don't make it. Being the badass penguin isn't a sensible life goal. The altar of time demands the blood sacrifice of nearly all the badass penguins before progress and change is allowed. Occasionally, though, they win, and new species are born. The exceptions end up forking the timeline, and provide a backdrop of meaning to the sacrifice of all those who came (or went?) before.
The thing I love most is the fact that you can project anything on to the penguin, from extreme heroism, to villainy, to meaninglessness, or even profound cosmic purpose. I'd love to know what the evolutionary psychology / behavior is that actually causes it, though.
Depends. Probably not usually. I've thought about this a bunch and I think the serious "threat" here isn't the agent acting maliciously --- though agents will break out of non-hardened sandboxes! --- but rather them exposing some vulnerability that an actual human attacker exploits.
I'd also add that I just don't like the idea in principle that I should have to trust the agent not to act maliciously. If an agent can run rm -rf / in an extreme edge case, theoretically it could also execute a container escape.
Maybe vanishingly unlikely in practice, but it costs me almost nothing to use a VM just in case. It's not impossible that certain models turn out to be poorly behaved, that attackers successfully execute indirect prompt injection via malicious tutorials targeting coding agents, or that some shadowy figure runs a plausibly deniable attack against me through an LLM API.
Have you ever listened to Eliot reading it? Just the worst. "Apreel is the crewellest month..."
My thing here though is: this is awesome, Shaw's reading, but is it right? I feel like she's trying to make a coherent character reading at times out of passages deliberately written not to have a clear narrator.
(I write this in the spirit of every thread needing a certain titration of not knowing what the hell they're talking about, as an invitation to those who do, and that inviting cluelessness is the purpose I serve here.)
One of the most annoying things I ever learned about T S Eliot is that he was born in Missouri and didn't move to the UK until his late 20s and just entirely made up that accent.
Stipulating that he did change accents, "just entirely made up" is a strong accusation, considering that linguistic accommodation is a thing. Compare Calpurnia's theory of code switching from ch.12 of "...Mockingbird": https://archive.org/details/dli.bengal.10689.12863/page/n134...
> “That doesn’t mean you hafta talk [AAVE] when you know better,” said Jem.
> Calpurnia tilted her hat and scratched her head, then pressed her hat down carefully over her ears. “It’s right hard to say,” she said. “Suppose you and Scout talked colored-folks’ talk at home—it’d be out of place, wouldn’t it? Now what if I talked white-folks’ talk at church, and with my neighbors? They’d think I was puttin’ on airs to beat Moses.”
He's a delightfully arch character, really. His penchant for camouflage is why Pound nicknamed him Old Possum.
I can't recommend Hugh Kenner enough on the modernists. Eliot is one of the main characters of The Pound Era, and the star of The Invisible Poet.
This is from The Pound Era:
But Eliot was a great joker. After jugged hare at the Club ("Now there is jugged hare. That is a very English dish. Do you want to be English; or do you want to be safe?"); after the jugged hare and the evasions, he addressed his mind to the next theme. "Now; will you have a sweet; or ... cheese?" Even one not conversant with his letter to the Times on the declining estate of Stilton [Nov. 29, 1935, p. 15] would have understood that the countersign was cheese. "Why, cheese," said his guest; too lightly; one does not crash in upon the mysteries. There was a touch of reproof in his solicitude: "Are you sure? You can have ice cream, you know." (At the Garrick!)
No, cheese. To which, "Very well. I fancy ... a fine Stilton." And as the waiter left for the Stilton, Eliot imparted the day's most momentous confidence: "Never commit yourself to a cheese without having first ... examined it."
The Stilton stood encumbered with a swaddling band, girded about with a cincture, scooped out on top like a crater of the moon. It was placed in front of the Critic. (" Analysis and comparison," he had written some 40 years earlier, "Analysis and comparison, methodically, with sensitiveness, intelligence, curiosity, intensity of passion and infinite knowledge: all these are necessary to the great critic.") With the side of his knife blade he commenced tapping the circumference of the cheese, rotating it, his head cocked in a listening posture. It is not possible to swear that he was listening. He then tapped the inner walls of the crater. He then dug about with the point of his knife amid the fragments contained by the crater. He then said, "Rather past its prime. I am afraid I cannot recommend it."
He was not always so. That was one of his Garrick personae. An acquaintance reports that at dinner in Eliot's home "an ordinary Cheddar" was "served without ceremony."
The Stilton vanished. After awing silence the cheese board arrived, an assortment of some half-dozen, a few of them identifiably cheeses only in context. One resembled sponge cake spattered with chocolate sauce. Another, a pockmarked toadstool-yellow, exuded green flecks. Analysis and comparison: he took up again his knife, and each of these candidates he tapped, he prodded, he sounded. At length he segregated a ruddy specimen. "That is a rather fine Red Cheshire ... which you might enjoy." It was accepted; the decision was not enquired into, nor the intonation of you assessed.
His attention was now bent on the toadstool-yellow specimen. This he tapped. This he prodded. This he poked. This he scraped. He then summoned the waiter.
"What is that?"
Apologetic ignorance of the waiter.
"Could we find out?"
Disappearance of the waiter. Two other waiters appear.
"?"
"--------."
He assumed, at this silence, a mask of Holmesian exaltation:
"Aha! An Anonymous Cheese!"
He then took the Anonymous Cheese beneath his left hand, and the knife in his right hand, the thumb along the back of the blade as though to pare an apple. He then achieved with aplomb the impossible feat of peeling off a long slice. He ate this, attentively. He then transferred the Anonymous Cheese to the plate before him, and with no further memorable words proceeded without assistance to consume the entire Anonymous Cheese.
That was November 19, 1956. Joyce was dead, Lewis blind, Pound imprisoned; the author of The Waste Land not really changed, unless in the intensity of his preference for the anonymous.
Hugh Kenner is good on a surprisingly wide range of things. This is a publisher's description of a book called The Counterfeiters, first published around 1968:
"Wide-ranging enough to encompass Buster Keaton, Charles Babbage, horses, and a man riding a bicycle while wearing a gas mask, The Counterfeiters is one of Hugh Kenner's greatest achievements. In this fascinating work of literary and cultural criticism, Kenner seeks the causes and outcomes of man's ability to simulate himself (a computer that can calculate quicker than we can) and his world (a mechanical duck that acts the same as a living one)."
Kenner also co-authored a relatively early text generator, called Travesty, that would analyze a source text in terms of n-grams (e.g., 4-letter combinations) and then generate something new to match it. This was published in Byte magazine in 1984.
"A Travesty Generator for Micros" doesn't ring a bell, so thanks for the pointer. If it wasn't collected in Mazes or Historical Fictions it'll be one of the few things of his I haven't read yet.
Eliot's reading is fascinatingly horrible. I had the same traumatic experience hearing William Gibson reading Neuromancer, which comes across as a kind of parody.
As for "is it right?" — well, it's obviously one person's interpretation, and I would say Eliot's own performance should count as Exhibit 1 in the age-old debate about whether the author is the best interpreter of their own work!
I'd say, though it's certainly a debatable point, that it's precisely because the passages are deliberately written not to have a clear narrator that there is no "right" reading, but rather a multitude of interpretations of which Shaw's is as valid as many others. That's the attitude I'd bring to it, anyway.
I've been fascinated with The Waste Land ever since junior year of high school, when my creative writing teacher saw a copy of it on my desk and said "why do you have that, you'll never understand it". (I mean, fair enough.)
This is interesting backstory! My perception of the poem is that it's sort of a fractal of backstory and that everywhere you look you find 2000-word articles on its historical antecedents, from Eliot's life, from the history of Europe, from friends of his lost in the war, &c.
There's a whole book on this that's very similar to the article:
> I've been fascinated with The Waste Land ever since junior year of high school, when my creative writing teacher saw a copy of it on my desk and said "why do you have that, you'll never understand it”.
Was Teach’ really that crude or do you figure they were just trying to light a fire up under ye.
They're "investigating", presumably with data gleaned from arrests and CIs; you have a right to speech, and a right not to be prosecuted for speech, but a much, much narrower right not to be "investigated", collapsing to ~epsilon when the investigation involves data the FBI already has.
Yeah whenever people say “the first amendment is not a freedom from consequences” it is only a freedom from certain consequences (and that freedom only goes as far as the government is willing to protect it). It is a freedom from being convicted. They can still arrest you, you can still spend time in jail, prosecutors can even file charges. A court is supposed to throw those charges out. And in extreme cases you can be convicted and sent to prison for years before SCOTUS rules.
I think GP is speaking generally, not with regard to this situation specifically; obviously people have been charged for constitutionally-protected speech before.
No. According to the latest reports, while searching for ICE vehicles, the protesters are unlawfully scanning license plates, which strongly suggests they are receiving insider help.
There is nothing unlawful about scanning license plates. You are allowed to photograph them in the same way you are allowed to stand around writing them into a notebook if that activity is your idea of fun. Where do people get these ideas?!
Why would that even be necessary? They are almost certainly just contributing confirmed ICE plate numbers to an Excel file and then checking against it. Low tech and simple. This “criminal insider” angle is just building a bogeyman.
Journalists doing ride alongs have already identified the system and it doesn't really on "restricted databases", they rely on observation and multiple attestation. In any case, there are indeed commercial services for looking up license plate data, and they rely on watching the notices that are published when you register your vehicle. It's the same reason why you receive all sorts of scammy warranty "notices" when you buy a car.
In fact the first clue that they look for is having Illinois Permanent plates because that is a strong indicator that they are using rental vehicles. That doesn't take a database, it's just a strong signal that can be confirmed by other evidence.
The crowd sourced lists don't identify the owners of the vehicles, because that does not matter. They identify vehicles that ICE is using, and "likely a rental" is one good signal.
If that was what you meant, you should have said that. Do you have any actual evidence this is happening, or are you just confusing possibility with probability?
I don't buy the claim that it's happening, but they were pretty clearly talking about the lookups, not the photos. They started off by mentioning "insiders".
There is enough smoke to at least perform an investigation. As I said, this administration has deported 10x less people than the previous administrations.
You seem quite narrowly focused on the number of deportations rather than the methods being implemented. The primary criticisms of the current ICE surge in Minnesota focus on the general aggressiveness and lack of professionalism of these agents, not the deportations numbers.
> The primary criticisms of the current ICE surge in Minnesota focus on the general aggressiveness and lack of professionalism of these agents
This doesn't seem to have been remotely as much of an issue in states where local law enforcement cooperates with ICE and where protesters generally don't physically get in the way and don't resist arrest on the relatively rare occasions of arrest. This seems, to me, unlikely to be a coincidence.
Also, what is the outrage about? This administration has deported the least number of people compared to all previous administrations. Obama deported 3.1 million people, ten times more than Trump today. Same ICE, same border patrol.
It literally say it is a crowdsourced list... a completely legal activity. If you can't figure out what the outrage is about after Alex Pretti and Renée Good then you're being intentionally obtuse.
Their deaths are an outcome of the heavy handed immigration enforcement that has caused the outrage. The raw number of deportations is not the only metric. The enforcement tactics of the Obama admin are not the same as Trump's, this is obvious and incontrovertible.
You don't have to agree with the criticisms but to not even be able to understand why people are upset stretches believability.
Duh... You're still collapsing cause and context. The protests preceded the deaths; the deaths occurred during confrontations created by the protests. That makes them an outcome of escalation, not the original trigger.
And 'different tactics' doesn’t explain the reaction gap, as i said, under Obama there were 3.1M+ deportations and at least 56 documented deaths in ICE custody (https://www.detentionwatchnetwork.org/sites/default/files/re...) with nowhere near this level of outrage. What changed is media framing and amplification, not the existence of harsh enforcement.
It doesn't have to be the original trigger, you asked "what is the outrage about?" and those deaths are part of it.
> And 'different tactics' doesn’t explain the reaction gap, as i said, under Obama there were 3.1M+ deportations and at least 56 documented deaths in ICE custody
You continuously ask this same question, get an answer, and ignore it. ICE enforcement was not the same under Obama and Trump even if Obama had high deportation numbers. The deaths in that report were from medical issues or neglect. Horrible, absolutely, but not shootings, not American citizens, and not protesters.
Maybe instead of assuming everyone is a stooge that can only do what the media tells them, consider they may actually have some legitimate grievances?
I don't know what they think they're doing there. If the most interesting thing they found was the public website leading to a fundraising platform for mutual aid a) there is literally nothing illegal there, and b) you can find that website linked to publicly by conservatively 25% of the twin cities population. It's literally the most prominent fundraising website anyone has been posting.
Wrong. The "protesters" were conducting counterintelligence to locate where ICE was operating. The plan was to disrupt the operation. Like it or not, this is against the law. Period.
I'm not framing anything. There are screenshots of the chats where people literally say "ICE vehicle has been identified, everybody, go there!". This is called interfering.
18 USC 111 does not apply here. Forcible action is an element. The action doesn’t have to be itself the use of force; it’s sufficient that a threat being some action that causes an officer to reasonably fear bodily harm. But obviously the actions we’re talking about on this subthread fall well short of that definition. If they didn't the law would be unconstitutional.
Those other two laws seem like an even weirder fit for the fact pattern in this subthread.
But that's not the end of the analysis. The legal line isn't 'force or nothing'; it's intent + conduct. Speech and observation are protected, but coordinated action intended to impede enforcement is not.
If "ICE vehicle has been identified, everybody go there" is followed by mobbing vehicles, blocking movement, inducing agents to disengage, or warning targets to evade arrest, that crosses from protected speech into actionable conduct.
Is that your theory, or is there case law that backs it up? From what I saw the bounds on 18 USC 111 are quite narrow indeed: I found a case where the defendant _fired at federal agents with his shotgun_, and the appeals court threw it out because the jury was incorrectly instructed that they could use the fact that he shot at them when considering he misled them afterwards. But actually, the jury was not allowed to do that. https://law.justia.com/cases/federal/appellate-courts/F2/199...
Quote: (1) speech can be prohibited if it is "directed at inciting or producing imminent lawless action" and (2) it is "likely to incite or produce such action."
Brandenburg v. Ohio was decided in favor of the appellant. As I suspected, there are no cases of a US court interpreting your theory of the law on 18 USC 111.
Can you rule out the much less technically advanced explanation that this information was crowdsourced? And people are simply observing the license plates that are plainly displayed?
Frankly I don’t think it should have to come to license plate numbers. In a free society law enforcement should clearly identify themselves as such. We should not need secret police.
No, I cannot. One of the undercover journalists was in their group for days.
> Frankly I don’t think it should have to come to license plate numbers. In a free society law enforcement should clearly identify themselves as such. We should not need secret police.
None of that matters _today_, because _today_ the law is different.
That law enforcement is permitted to hide their faces, drive unmarked vehicles, not display name tags, badges, or uniforms is concerning. Anyone can buy a gun, a vest, and a velcro “police” patch. There is very little that marks these agents as official law enforcement. I’m somewhat surprised that none of these agents have been shot entering a home under the mistaken perception by the homeowner that it’s a criminal home invasion.
Where was the outrage when Obama deported 3.1 million people? Why was there no media coverage? Trump has deported 300k and the MSM is turning upside down. Doesn’t make any sense to me.
No one is upset about the number of deportations. No one is complaining about the number of deportations. If you don't listen to what the complaints are about to start with, you can't argue that they are hypocritical.
A wide array of policy issues related to the targeting and manner of execution of Trump’s mass deportation program, not the number of deportations.
Also, a number of specific instances of violence by the federal government during what is (at least notionally) the execution of immigration enforcement.
> why are they only upset in one city?
People are very clearly not “only upset in one city”
> And prior to that, when Obama deported 3.1 million people, the deportations were nice and dandy, right?
There was significant criticism of them, but both the policy and the manner of execution were different, a fact which Trump presaged in BOTH of his successful campaigns, explicitly stating plans for a different manner of execution (in the 2024 campaign explicitly referencing the notorious 1950s “Operation Wetback” as a model), and which Trump officials have crowed about throughout the execution of the campaign. Pretending the differences that provoke different responses don’t exists when their architects have been as proud of them as critics have been angry at them is just some intense bad faith denial of facts.
There were contemporary criticism of Obama's deportation policy on both the right and the left. I have no idea why you think that is some sort of gotcha that somehow makes the equivalency between Obama and Trump's immigration enforcement valid.
No. The outrage now versus back then is day and night. There were pretty much no protests during Obama’s term, even though the scale of deportations was much larger. That contrast is highly suspicious.
Dragonwriter has already laid out some of the differences for you to research further beyond the single data point of number of deportations. You've asked the same question multiple times but seem to not want to actually engage with the answers so I'll leave it there.
People keep telling you that it has nothing to do with the number of deportations, and you keep insisting that it does. Why do you believe the number of deportations is the most important factor?
The core issue is the media. I worked at a large news company in New York during the Obama’s term. There was a training for our reporters: anything negative about Obama was strictly prohibited. Ad revenue.
When talking to someone at-risk of deportation earlier in the year, they asked me, "Why should I do anything differently? Obama and Biden did the same exact shit."
And there's a lot of truth to that which a lot of people need to reconcile with.
The fact that we don't have DACA solidified into a path towards citizenship by now is just sad.
And I agree with you, but that's not what I'm questioning. Given the 10x larger scale of deportations during the Obama's term, why were there no protests?
During Obama's term the practice of warrentless entry into actual citizens homes wasn't widespread.
During Obama's term the leaders of DHS / ICE were not blatently lying about events captured on film and evading legitmate investigations into deaths at the hands of officers.
During Obamas term people with no criminal record were not being offshored to hell-hole prison camps with serious abuses of human rights.
Can you link to the tweet in which Obama defended the agents right to threaten a child with rape?
From your linked article:
If the abuses were this bad under Obama when the Border Patrol described itself as constrained, imagine how it must be now under Trump, who vowed to unleash the agents to do their jobs.
The core issue is the media. I worked at a large news company in New York during the Obama’s term. There was a training for our reporters: anything negative about Obama was strictly prohibited. Ad revenue.
As many others have pointed out, the deeper issue is the size of the boot, the disregard for citizens rights, the extremes of the offshore gulags, the fevor with which the upper levels embrace the brutality.
I am unable to assist further with your stated struggle for comprehension.
It appears to be primarily getting agents into the chats. To me the questionable conduct is their NPSM-7-adjacent redefining of legal political categories and activities as "terrorists/-ism" for the purpose of legal harassment or worse. Whether that is technically legal or not it should be outrageous to the public.
I wonder whether the protesters could opt for offshore alternatives that don't require exposing their phone number to a company that could be compelled to reveal it by US law. For example, there is Threema[1], a Swiss option priced at 5 euros one-time. It is interesting on Android as you can pay anonymously[2], therefore it doesn't depend on Google Play and its services (they offer Threema Push services of their own.) If your threat model includes traffic analysis, likely none of it would make much difference as far as US state-side sigint product line is concerned, but with Threema a determined party might as well get a chance! Arguably, the US protest organisers must be prepared for the situation to escalate, and adjust their security model accordingly: GrapheneOS, Mullvad subscription with DAITA countermeasures, Threema for Android, pay for everything with Monero?
It's worth noting that the way Signal's architecture is set up, Signal the organisation doesn't have access to users' phone numbers.
They technically have logs from when verification happens (as that goes through an SMS verification service) but that just documents that you have an account/when you registered. And it's unclear whether those records are available anymore since no warrants have been issued since they moved to the new username system.
And the actual profile and contact discovery infra is all designed to be actively hostile to snooping on identifiable information even with hardware access (requiring compromise of secure enclaves + multiple levels of obfuscation and cryptographic anti-extraction techniques on top).
Perhaps you're right that they couldn't be compelled by law to reveal it, then! However, I can still find people on Signal using their phone number, by design. If they can do that, surely there is sufficient information, and appropriate means, for US state-side signals intelligence to do so, too. I don't think Signal self-hosts their infrastructure, so it wouldn't be much of a challenge considering it's a priority target.
Now, whether FBI and friends would be determined to use PII obtained in this way to that end—is a point of contention, but why take the chance?
Better yet, don't expose your PII to third parties in the first place.
Yeah it should be technically feasible to do "eventually" but it's non trivial. I linked a bunch of their blogs on how they harden contact discovery, etc. And of course you can turn contact discovery off entirely in the settings.
Settings > Privacy > Phone Number > Who can find me by number > Nobody
> And of course you can turn contact discovery off entirely in the settings.
I know right and that would keep you hidden from Average Joe, but not US government. The mechanism to match your account to your phone number remains in place.
Just being owned by an offshore company doesn't mean that they still can't be infiltrated. But as you pointed out, just because Company A creates an app does not mean that Company B can't come in later to take control.
The alarming extent of US-affiliated signals intelligence collection is well-documented, but in the case of Threema it's largely inconsequential; you can still purchase the license for it anonymously, optionally build from source, and actively resist traffic analysis when using it.
That is to say: it allows a determined party to largely remain anonymous even in the face of upstream provider's compromise.
Corporate/enterprise networks have nightmarish setups for centralizing access to LLMs. This seems like an extremely natural direction for Tailscale; it is to LLM interfaces what Tailscale itself was to VPNs, a drastically simplified system that, by making policy legible, actually allows security teams to do the access control that was mostly aspirational under the status quo ante.
Seems straightforward?
I think if you don't have friends working at e.g. big banks or whatever, you might not grok just how nutty it is to try to run simple agent workflows.
>Corporate/enterprise networks have nightmarish setups for centralizing access to LLMs.
As someone who is on the other side of the fence on this and trying to keep the network secure and preventing data exfiltration there could be a good reason for this. More often than not we have folks doing all kinds of crazy things and ignore what’s in the handbook. For example we had someone who didn’t like MFA for remote access and would use Tailscale to have a remote permanent reverse proxy to their homelab to do whatever work they were doing. What’s funny is that we are not BOFH’s and would have helped them setup whatever they need had they just sent us an email or opened a ticket.
The whole Tailscale ethos is exactly what you're talking about:
* Security/risk teams have coherent, sensible goals for managing access
* The technology stack they've landed on makes those goals performative; so complicated that they can't even express their most important goals, so annoying that users route around it
* What's needed is a radically simplified approach that centers end-user experience (particularly around onboarding).
I'm not saying banks are crazy to want to control LLM usage (I'm not bullish on it long-term either, but I see the issue), just that the systems I've talked to friends about them using today are batshit, ranging from "foundation lab shmoundation lab we'll just do our own models" to "OK you can operate in 2025 but only in a Citrix terminal".
Yeah I think it's better to think of Tailscale as an access control company which is utilizing networks as the utility vector, not a network utility company that also has access controls.
PKCS7 is a container format that pops up in a couple places in the TLS ecosystem (also in code signing); anywhere you need a secure blob that includes metadata. It's a very widely used format.
AEAD ciphers are those that simultaneously encrypt and authenticate data. AES-GCM is the most popular; Chapoly is the 2nd most popular. AEAD ciphers are how modern programs do encryption.
AEAD ciphers all rely on additional parameters, most commonly a nonce; it's critical to security that the nonce only ever be used once with a given key. You need the nonce to decrypt the AEAD ciphertext, so it's usually tacked on to the message (in more clever formats you can derive it contextually, but PKCS7 is a general-purpose format).
In parsing PKCS7 messages, when OpenSSL comes across AEAD-encrypted blobs, it needs to parse out the nonce. AEAD nonces tend to have fixed sizes, but there are extended-nonce variants of AEADs, and the format allows for arbitrary-sized values. OpenSSL assumed a fixed nonce size, but parsed with a library that handled arbitrary-sized values. Stack overflow.
A maliciously formatted Authenticode signature, certificate chain, OCSP response (I think?), all things that could trigger the bug.
This is PKCS#7 (well, CMS) encryption, not signing, the only places you're likely to find that is in S/MIME encrypted (not signed) email, and how often do you see that used? In theory other protocols that use CMS as a container format like SCEP could be affected, but that doesn't do AuthEnv. It also signs the encrypted data so the attacker would have to be the authorised/trusted party you're communicating with. There's also CMC, but that doesn't do AuthEnv either, although one of its infinite options does allow for unsigned encrypted data.
Yes, it would and I have already shared some sources for the claim. So your assertions, without any supporting arguments for it, doesn't really sway me. Anyhow, I think we may have reached the limit of this kind of discussion on HN. If you want to explore this topic more, with others, https://politics.stackexchange.com/ would be a better place for this topic.
reply