The biggest change Copilot has done for me so far is to have me replace my VSCode with VSCodium to be sure it doesn't sneak any uploading of my code to a third party without my knowing.

I'm all for new tech getting introduced and made useful, but let's make it all opt in, shall we?

Care to explain? Where are they uploading code to?

Whatever servers run Copilot for code suggestions

That isn't running locally

The real scam is the audit.

Many moons ago, I failed a "security audit" because `/sbin/iptables --append INPUT --in-interface lo --jump ACCEPT`

"This leaves the interface completely unfiltered"

Since then, I've not trusted any security expert until I've personally witnessed their competence.

Long time ago I was working for a web hoster, and had to help customers operating web shops to pass audits required for credit card processing.

Doing so regularly involved allowing additonal ciphers for SSL we deemed insecure, and undoing other configurations for hardening the system. Arguing about it is pointless - either you make your system more insecure, or you don't pass the audit. Typically we ended up configuring it in a way that we can easily toggle those two states, and reverted it back to a secure configuration once the customer got their certificate, and flipped it back to insecure when it was time to reapply for the certification.

This tracks for me. PA-DSS was a pain with ssl and early tls... our auditor was telling us to disable just about everything (and he was right) and the gateways took forever to move to anything that wasn't outdated.

Then our dealerships would just disable the configuration anyway.

It's been better in recent years.

The dreaded exposed loopback interface... I'm an (internal) auditor, and I see huge variations in competence. Not sure what to do about it, since most technical people don't want to be in an auditor role.

The companies I had the displeasure of dealing with were basically run by mindless people with a shell script.

I agree completely. It makes me wonder if other engineering disciplines have this same competency issue.

Yeah, if I had a spare million, I can imagine buying that dip.

We don't pay nearly enough attention to this, considering how relatively simple it is to do right.

They would change taxonomy to archea (see MatrixMan’s comment) thus no longer being bacteria.

These are all human issues, the “archea-bacteria” wouldn’t care what we called it, but fun to think about.

I guess there is no PR wins in just listening to the floor-level employees, then?

It's ostensibly "pure science", where we "just" gain more information on how the most fundamental building blocks of reality work.

It's hard to predict what new technology can come of this. For example, who could have predicted the transistor?

I think the information gained is valuable in itself, but way smarter people than me will be looking way harder at it, and suddenly a real-world marketable application pops out. If we could predict it happening, that would be the pop.

Also, don't underestimate the massive amounts of learning being done in engineering just by designing experiments and building/maintaining accelerators. That, alone, might be worth it.

Those are fairly general sentiments that apply to a lot of things, though. However, funding is not infinite, and CERN has received a lot of funding over the years.

In my experience, Ali Express is absolutely 100% a buyers market, in every single way. I've bought random junk with a somewhat long fulfillment time, and contacted the seller just to politely ask about a time frame without in any way indicating dissatisfaction, and received groveling responses begging me to not open a dispute with Ali.

There is growing legal pressure to not consider an IP address used as evidence that the "owner" of said IP address is the one doing the activity.

For example, my IP address is paid for by me, through a run-of-the-mill ISP subscription. Does that make me legally liable for all the activity of the other person that lives with me and uses "my" network for all their private internet traffic?

I guess there are laws about facilitating piracy, and whatnot, but you can't reasonably expect me to screen all my fiance's activity on the network. Most of it is encrypted anyway. I can't be on the hook for that.

I'm privileged in that I have an ISP that feels the same way as I do about this. They've fought for the privacy of their subscribers before, and will likely keep doing so in the future, because an IP address does not identify any individual.

The idea of respondeat superior (vicarious liability) has been around a really long time. That the legal system would try to apply the concepts to the internet is not really unexpected.

I don't think you should be held responsible for the actions of the other people on your network if they can be held responsible.

What do you propose should happen if your network is in fact used to facilitate criminal or tortious activity?

I have a feeling the different sports corporations/leagues have done the research on this. I can't find any offhand, but maybe someone else has more luck?

Maybe it's the beer sponsors that want the game to be as easy to follow as possible, enabling a higher alcohol intake? ;-)