Their estimate of energy uses was only based on FLOPs, but I'd assume for real world energy usage the KV cache would be very impactful if not eventually dominant. It's probably also a bit unfair of them to ignore the Internet traffic and likely all the extra network traffic behind the load balancer.

Not a fan of their analysis, but I wonder if it's potentially close to accurate to this deployment? I can't imagine they're having large contexts and ballooning caches on a model meant for a phone.

I've used Fedora for ages and it has never forced a reboot.

Would you prefer a long winded explanation of which services need to be restart and what it means that your kernel version was updated along with a description of kexec and when/how to use it? I think it makes more sense to recommend a reboot and let people who know those lower level details do as they please.

Logging in as the root user hasn't been the way to "be root" on Linux systems in decades. sudo/doas/whatever are there for that purpose and you can use those to set a root password if you want. This isn't ironic at all and you have full control of your system.

It's interesting what people expect of Proton Mail. I've used it for a long time but for only one reason really: their revenue stream is my subscription and not ads. I've never even given a second thought to all their encryption claims. Even with Proton Mail if I ever wanted to send a "secret" email I'd wrap the content in my own personal keys.

With respect to IP addresses of email logins, I'm surprised they ever claimed they don't have logs. You've always been able to review the IP of a login through the web UI as far as I remember. Was the idea that that was also supposed to be encrypted?

Personally I'm OK with them complying with court orders, but I understand that "the definition of criminal is state defined" and that poses serious issues. It kinda seems like if you want to do something that could be considered criminal at some point in your life by your country you should consider something other than a 3rd party email provider for those messages. Signal would be a step up in that regard if you still wanted to use a third party.

Security is constantly used as a guise for removing consumer rights and as someone who has been in the security industry for about 9 years I'm so sick of it.

First and foremost, everyone please understand: the user should be allowed to opt into your concept of insecurity: you do not know their threat model and you do not know their risk tolerance.

Using exploits in low level drivers in the wild is approaching APT level, and even if there were a simple one to use it'd likely be useless without some sort or local access to the device (bar some horror show bug in a Bluetooth or WiFi firmware). The risk is incredibly low for the average person. I'd put it pretty close to 0.

Wire transfers aren't instant and for large sums (your inheritance) the banks will likely require more than just a request from your app. If the bank cares about that then they can also use the attestation APIs which would be more than sufficient, as much as I hate them.

This boogey man of the APT going after my technologically illiterate with nation state level exploits needs to die. Long ago we entered a new era of security where it just isn't worth it to waste exploits. Especially when you can just text people and ask for their money and that works plenty well.

Security is not a valid reason to soft brick consumer devices at some arbitrary end of life date.

The coordinated strike had an immediate impact. Millions of people in Dubai and Abu Dhabi woke up on Monday unable to pay for a taxi, order a food delivery or check their bank balance on their mobile apps.

I honestly can't tell if this paragraph is supposed to be satirical.

Congress please dear god grow a spine.

Look at this person over here using branches, show off

JavaScript alone is not a simple beast. It needs to be optimized to deal with modern JavaScript web apps so it needs JIT, it also needs sandboxing, and all of the standard web APIs it has to implement. All of this also needs to be robust. Browsers ingest the majority of what people see on the Internet and they have to handle every single edge case gracefully. Robust software is actually incredibly difficult and good error handling often adds a lot more code complexity. Security in a browser is also not easy, you're parsing a bunch of different untrusted HTML, CSS, and JavaScript. You're also executing untrusted code.

Then there is the monster that is CSS and layout. I can't imagine being the people that have to write code dealing with that it'd drive me crazy.

Then there are all of the image formats, HTML5 canvases, videos, PDFs, etc. These all have to be parsed safely and displayed correctly as well.

There is also the entire HTTP spec that I didn't even think to bring up. Yikes is that a monster too, you have to support all versions. Then there is all of that networking state and TLS + PKI.

There is likely so much that I'm still leaving out, like how all of this will also be cross platform and sometimes even cross architecture.

I'm so sick of this; that wasn't her platform. People constantly saying that was her platform stopped people from actually looking at her platform. I'm so sick of Dems that think they can just not vote because they don't fall in love with their candidate. Politics is practical and the USA just shit the bed and it will have a real impact on the world. All of the Dems or left leaning people who didn't vote are complicit.

Async features in almost all popular languages are a single thread running an event loop (Go being an exception there I believe). Multi threading is still quite difficult to get right if the task isn't trivially parallelizable.