While it can happen to anyone npm does preselect the users most likely to unknowingly amplify such an attack. Just today I was working on a simple JS script while disconnected from the Internet, Qwen Coder suggested I “npm install glob” which I couldn’t because there was no internet, so I asked for an alternative and sure enough the alternative solution was two lines of vanilla JS. This is just one example but it is the modus operandi of the NPM ecosystem.
Of course, since we live in 1984 already everything is edited as is convenient. For all that technology has given, nobody talks about what it has taken away.
Why are we still using passwords? Why can’t all login be done with asymmetric keys: your public keys are stored on the server, your private keys on the device. Carry a backup pair on your USB and treat it as a key to your house. Any of them got lost? Just delete the respective public key from the service.
I have never seen a website where I can sign up without a password and using only email and passkey. Is there one? All websites treat passkeys as an “add-on” to the passwords of the last century. Totally backwards thinking.
what an ignorant and clueless comment. Guess what? Todays disks are NVMe drives which are orders of magnitude faster than the 5400rpm HDDs of the 90s. Today's swap is 90s RAM.
There are two differently behaving conforming things in reality of these I think. Both Medicare and the UK/CA NHS in my knowledge conform to your description.
In Medicare, this incentivizes maximizing patients on 'recurring revenue procedures' like dialysis.
In the UK NHS (which I know better), it leads to the government denying certain kinds of care depending on the Adjusted QALYs / pound spent that the intervention will provide.
TANSTAAFL after all, but yes, perhaps the interesting thing about the government being in that model is that patients can control government in a way that they cannot control insurance companies (i.e. they're not strictly oppositional) and consequently when the insurer is the government you get spend-bias in the direction of who has government power. In the US, that turns out to be old people. Additionally, governments have non-health-related sources of revenue so a government health plan can be used as a redistribution mechanism.
But I think it leads to these outcomes predictably with a splitter placed on how much control the government exerts over the practice and how much control the patients exert on the government.
Can someone explain the issue with developer registration and how it results the terrible outcomes described in the article. A lot of things have changed for the worse since the beginning of the century but even back in the good old days developers were not anonymous. Every free software I have seen has the name of the developer alongside the copyright. Often it lists multiple contributors as each copyright has to be retained according to the license.
I understand sending your ID to Google is more invasive but the anonymity aspect of it is moot. Is Google going to charge developers for this service and hence hinder free software development? Is the issue that younger devs will be unable to complete the verification?
And why can’t F-Droid just distribute the binary signed by the developer who has confirmed their identity?
Other than that, all concerns expressed in the article are quickly becoming major issues. The web is still open for now but many banks and other institutions have broken websites, forcing you to use their apps or become “unbanked”. Once you download their apps you find out they run only on “certified” OS, forcing you to have Apple or Google owned and controlled software on the hardware you paid for.
The issue with this is that taking many small steps towards an edge of a cliff without any reconsideration of the direction results in falling from it.
