I distinctly remember multiple big companies quietly letting go of their AI ethics teams in 2023 around the same time the LLM craze started to pick up real steam.
I don’t think the skeptics disappeared, they just got drowned out with all the added noise that came with the new LLM hype cycle.
ohhhh the gifts multi-tenant app authorization keeps giving!
(laid off) Microsoft PM here that worked on the patch described as a result of the research from Wiz.
One correction I’d like to suggest to the article: the guidance given is to check either the “iss” or “tid” claim when authorizing multi-tenant apps.
The actual recommended guidance we provided is slightly more involved. There is a chance that when only validating the tenant, any service principal could be granted authorized access.
You should always validate the subject in addition to validating the tenant for the token being authorized. One method for this would be to validate the token using a combined key (for example, tid+oid) or perform checks on both the tenant and subject before authorizing access. More info can be found here:
Assume every token is forged. Secure by default. Even if it wastes cpu, validate each and every field. Signatures only work if verified. While you're at it, validate it against your identity database as well. Double check, triple check if you must. This is what I taught my devs.
Tenant, User, Group, Resource - validate it all before allowing it through.
How is their "guidance" on what to check? Shouldn't it be a yes / no type thing? I've never worked on a system that had some checkbox for permissions that was labelled something like "maybe users in this group should be able to read everyone's personal notes".
The problem is when they tried to make iPad apps available on macOS by default, developers revolted and made it an opt-in. Now Apple has to weigh losing a large amount of their app catalog and cannibalize MacBook sales. It's hardly an obvious win for anyone. Allowing dual boot with the caveat that macOS will inexplicably be missing the iPad apps the user was previously using won't really jive well either.
if they really wanted to, they could just remove the option and let the apps run on any platform... it might make some devs upset but (n=1) this dev is ok with it
so was considering doing a rewrite of a Next project to Remix.
but then, as I look into it, Remix is now actually React Router v7. that seemed odd, even though I knew the author was the same I was always under the impression that these are distinct projects.
but fine, perhaps the evolution of both has converged. I got too confused to invest time in the rewrite. now, seems like Remix is being rebooted?
all these changes over the years seem well intentioned, but it takes away confidence in investing time in these solutions. If the justification to rebrand completely to React Router was that there are no serious functional differences between it and Remix, having a hard time understanding why Remix is now in the picture again.
I got tinnitus in my right ear after the second round of mRNA vaccines for Covid in May 2021 that never went away, equally do not recommend.
If you’re going to concerts / loud venues regularly, please for the love of god invest in some decent earplugs. They go for $15-30 on amazon and come with a carrying case usually, it’s a simple habit that will save you lots of heartache down the line.
you hit the nail on the head. my experience with prompting LLMs is that providing extra context that isn’t explicitly needed leads to “distracted” outputs
on the topic of hiring - the “life story” interview left a particularly bad taste in my mouth.
I didn’t click with the recruiter because she kept hounding me about why I didn’t finish college. Felt totally put on the spot in the most discouraging way, the whole thing seemed like a formal way to discriminate against those that don’t fit their in-group.
once again will ask why iPhones are treated any differently from other computing devices — we need legislative solutions that allow consumers to load software (or even other operating systems) on any computing device they own.
restricting software distribution on any platform under the guise of needing to be kept “secure” always seemed anticompetitive to me - that should apply regardless of Apple’s particular behavior with the courts in this example.
It isn't. Consoles at this stage are general purpose computers with hardware and software explicitly designed to prevent consumers using it as such. If consumer rights had any real teeth, any hardware device would be required to allow their owners to install any piece of software of their choosing, including replacing the operating system.
One has billions of users, the other has millions. One has 100s of thousands of companies trying to to do business with that platform's users, the other has 100s of companies trying to do business with that platform's users.
scale and usage matters. Apple has > 50% market share in the USA (the place relevant to USA law). So, being a monopoly they get treated differently than a non-monopoly.
Even if they had less than 50%, people bank, invest, shop, talk, communicate, book hotels, flights, and effectively live their lives on smartphones. On XBox they play games and same small percent play music or watch movies there (I suspect most switch over to their Smart TV/Apple TV/.. for that).
they aren't? The title is "Apple Violated Antitrust Ruling, Judge Finds"
the first sentence in the article is:
> A federal judge hammered Apple for violating an antitrust ruling related to App Store restrictions and took the extraordinary step of referring the matter to federal prosecutors for a criminal contempt investigation.
Fair enough, I replied poorly, but the judgment doesn't appear to be based on Apple being monopoly or size of the business, as far as I can tell. The issue appears to be of anti-steering, more than the number of customers/its market share. Epic notably failed to prove Sherman act violations, didn't it?
>After a bench trial, this Court entered judgment on September 10, 2021, finding thatcertain of Apple’s anti-steering rules violate the California Unfair Competition Law (“UCL”)under its unfair prong.
...
As to the merits of Apple’s UCL violations, Apple did not directly challenge this Court’s application of the UCL’s tethering and balancing tests, instead arguing that(i) the UCL’s “safe harbor” doctrine insulates its liability because Epic failed to establish Sherman Act liability
...
As to Apple’s “unfair” practices under the UCL, the Court explainedthat Epic could demonstrate unfairness under either a “tethering” test or a “balancing” test. Id. at1053. The “tethering” test required Epic to “show that Apple’s conduct (1) ‘threatens an incipientviolation of an antitrust law,’ (2) ‘violates the policy or spirit of one of those laws because itseffects are comparable to or the same as a violation of the law,’ or (3) ‘otherwise significantlythreatens or harms competition.’” Id. at 1052 (quoting Cel-Tech Commc’ns, Inc. v. Los AngelesCellular Tel. Co., 973 P.2d 527, 544 (Cal. 1999)). While the Court held that Epic’s claims basedon app distribution and in-app payment processing restrictions failed to state a claim of unfairpractices, the Court held that Apple’s anti-steering provisions were severable and constitutedunfair practices under the UCL
I'm not sure that the scale or usage really matters.
the judgment doesn't appear to be based on Apple being monopoly or size of the business
our anti-trust laws are not about being a monopoly or the size of your business: they are about abusing market dominance (where up or downstream has no choice) with unfair business practices.
a monopoly that charges fair prices and does not abuse suppliers and customers will not encounter any legal difficulty
I think this is the real answer, however it would be difficult to use it as an excuse for the model since there are laws also against selling at a loss to undercut competitors.
It's a more difficult argument. Consoles are not competing with regular general-purpose computers, and the console manufacturers go out of their way to make it impossible to install unapproved third-party software on them.
And since all the console manufacturers are selling the hardware at loss or with low margins, they can argue that it's just how the market works (free razors but expensive razor blades).
> Consoles are not competing with regular general-purpose computers
Yes but why? They very powerful computers. New recycling laws might force companies to give up the keys to the hardware before or after their obsoletion.
The precedent here is SIM-locked devices. At some point you must let the user do what they want with it.
Consoles have a surprisingly long commercial life, more than 5-7 years. So the usability of old consoles at the end of their lifecycle as a PC replacement is not that great.
Might still make sense, though. Just for general historical preservation.
If consoles are sold at loss to gain "monopoly power", then that is anti competitive and should not be allowed. This would lead (or maybe already resulted) to pathetic printer and ink cartridge situation
Why not? Game devs want to be compatible with multiple consoles. Users want games to be compatible to be with their console.
So, who is causing this friction? Console companies. Now, there may be technical limitations due to games being such a unique kind of software. But at the end of day, they are software. Games can be packaged to support multiple formats or a standard interface.
> Why not? Game devs want to be compatible with multiple consoles.
Console games are typically highly optimized for particular console hardware. This coupling allows great-looking games for hardware that is cheap to make.
As a result, it's typical for consoles to far outperform regular PCs of the same price range. Especially at the beginning of the console lifecycle.
So it can be argued that consumers benefit from this arrangement: they get cheap special-purpose devices for gaming that can't be obtained if consoles are prohibited.
> Games can be packaged to support multiple formats or a standard interface.
Sure. But for AAA-type games that push the envelope, it's not at all trivial.
However, it seems that this pattern is fading with the recent consoles. So perhaps they also need to be unbundled.
Basically every reply gets it wrong. The answer is that the Xbox isn't developed in California. This judgment was applied under California's UCL, not any federal anti-trust law, despite being in federal court. Epic wasn't able to prove Apple a monopoly, because it's not. Applying California's UCL to Microsoft, Sony, etc is going to be a harder sell in courts.
> Epic wasn't able to prove Apple a monopoly, because it's not.
Unless your name is T. Cook, you lack the authority to make that statement conclusively. The judge claims that Apple is guilty of perjury, and never corrected the executive that made misleading statements. If that testimony was fabricated, then there is every reason to believe Apple is obstructing information that could benefit the prosecution. There is no other feasible alibi in this scenario besides their lawyers all calling in sick. It's one thing to make a mistake, it's another thing to insist it's truth.
Let's not forget that Apple was headed down this same road with the DOJ, too. They are being investigated for a pattern of behavior that is not new, meaning they very well could be guilty of monopoly abuse right this very second. Saying "because it's not" is like telling Lance Ito to drop the OJ charges. Apple is not guilty until proven innocent; but claiming their innocence in certainty is a base lie. You do not actually know, either.
Both allow to have software developed for by any 3rd parties - that should include any and the original device seller should not be able to control the distribution.
If you really ask: xbox is pretty much the same as an x86-64 PC, running Windows (and having AMD GPU). It just bit more sealed.
Which… while we’re at it. Gaming would be much better if consoles didn’t exist anymore. Games would be more optimized for PC and manufacturers would just be building prebuilt gaming PCs.
We also would have more Switch competition in the ARM gaming space instead of x64 handhelds and Android windows emulation if these walled gardens didn’t exist.
>manufacturers would just be building prebuilt gaming PCs
Which, given the sentiment against the very existence of these things in PC gaming circles (as a desktop, at least) in favor of self-building, would be just laptops and handhelds (Steam Decks/ROG Allys) at best.
That seems rather arbitrary. I'm not doing any general computing on my iPhone, I'm just browsing Hacker News and watching YouTube. If your contention is that the phone is capable of doing more than those two things, well, isn't the Xbox capable of doing more than just gaming?
You're not. The majority of phone users replaced their computers with a phone. They are using their phone for everything they used to use their computers for. Almost no one is using an XBox to replace their computer.
Are you pushing back on the word "majority" or on the concept that many people use their phones for nearly everything they used to use their computers for but that next to no one does the same with an Xbox?
That's nothing to do with it. The judgment repeatedly talks about Epic as a competing game store. I'm not sure how else you'd describe the app store of consoles.
I don’t think the skeptics disappeared, they just got drowned out with all the added noise that came with the new LLM hype cycle.
reply