This is an on-path attacker. In end-user DNS configurations, attackers can simply disable DNSSEC; it's 1 bit in the DNS response header ("yeah, sure, I verified this for you, trust me").
To check the DNSSEC signatures on the client, you have to do a full recursive lookup. You've always been able to run your own DNS cache, if you want your host to operate independently of any upstream DNS server. But at that point, you're simply running your own DNS server.
It's not necessarily equivalent to a recursive lookup, you can ask a cache for all the answers because you already know the root keys a priori. But yes, it does follow the entire chain of trust, that's the entire point of dnssec: if you don't do that the whole exercise is utterly pointless.
It's explicitly not the point of DNSSEC, which has for most of its entire existence been designed to be run as a server-to-server protocol, with stub resolvers trusting their upstream DNS servers.
Not true, RFC4035 says all security aware resolvers SHOULD verify the signatures. It's far from pointless when actually implemented. Don't dismiss a whole protocol just because some historical implementations have been half assed.
I'm guessing I do. Anyways: no question that there are a variety of experimental setups in which you can address the problem of on-path attackers trivially disabling DNSSEC, freeing you up to work on the next, harder set of DNSSEC security and operational problems.
I never noticed much difference with using pgo even after taking a very long real life profile. All the machinery required to get it and put it to CI was never worth the speed-up. Of course YMMV.
You might be right, but the site is explicit about the Fremont plant being exempted, and opens with the claim that there are facilities grandfathered in.
The concept of "grandfathering" rule breakers has always seemed like naked corruption to me. OK, we think this thing is so bad, that we're passing a law to ban it, BUT everyone who was already doing this bad thing can keep doing it forever because... because... because putting an existing company out of business is apparently the worst thing in the world. If our elected officials think something is bad enough to ban outright, then it should go whole hog and actually ban it. Not just prevent upstart competitors to existing legacy industry.
It's not just for politics but fairness. You can't just one day up and decide to make something illegal that others depending on for livelyhood. It's good enough that it limits growth of the banned thing.
Sure you can. It just takes backbone, which is rarely found in the political class.
If I, as a voter, voted for a politician who promised to ban dumping mercury in the local river, I don't expect them to say "Oh, but any company already dumping mercury in the river can keep doing so, because we don't want to hurt people's livelihood." That's not what I voted for.
Ok, but if you are investing capital in some sort of production line or industrialization you are not going to want to do that in an area where you might just lose your entire investment instantly; instead, you're just going to invest it in Texas or China. Of course with more extreme examples like yours you do have to put some cost on the existing companies to get it fixed, but it would be something with a smaller cost like having to dispose of the mercury properly (whereas in this article's examples they just flat out ban these things, which you can't do to existing factories).
For sure there would be a disincentive to "invest" in the area where you might lose the investment. That would be intentional. As a voter, I specifically don't want companies to be making those kinds of "investments" in my region. Go "invest" your dirty industry in China. If California's reputation for harshly regulating these things prevents these kinds of businesses from opening here in the first place, I consider that Working As Intended. We could make that reputation even stronger by not grandfathering things.
Putting an existing company out of business means putting thousands of people out of work. That's the kind of thing that gets your party thrown out of office.
As just a statement of bias…the guys at that site have a pretty clear distaste for Tesla. They are industry experts and that’s where their analysis comes from, but it’s palpable. I would call it evidence versus politically based but noting it. The difference in bias though is ther snark has citations to primary sources not just wild generic claims.
> Tesla's Fremont factory was the former NUMMI plant (GM/Toyota, operating since 1962). It was grandfathered in. When Tesla needed to expand battery production, they built the Gigafactory in Reno, Nevada — not California — because the permitting for battery cell manufacturing was effectively impossible. The Cybertruck factory went to Austin, Texas.
His point was that they were grandfathered in for making cars in general. But he flat out lies about making batteries being something grandfathered in. That wasn't a battery manufacturing plant to begin with.
And he further lies to say they had to build elsewhere because cell manufacturing was "effectively impossible" because they expanded the factory for cell manufacturing in 2023. [1]
I didn't read the text but if you’re referring to the quoted text, it’s not clear from the text that the implication was they were building batteries in _Fremont_ and then wanted to expand or that they were building them elsewhere and wanted to expand and chose Nevada as the expansion site. The sentence is not written with clarity. It’s written as people would speak.
There are some mentions online of a Y Combinator startup called Bad News, but nothing official or well-documented shows up in public YC lists or press — at least as of the latest searchable sources.
The only place it’s referenced is in a Hacker News thread where someone claimed there was a YC company whose product was a blacklist of employees so other startups wouldn’t hire them, and they said the name was Bad News. But people in that thread couldn’t find any evidence of it, and there aren’t real search results tying that name to an official YC company on YC’s site, their startup directory, or mainstream reports.
Well the central post that the commenter made about the army’s iq requirement is trivially fact checked to be untrue. The army doesn’t administer iq tests as part of screening. They do asvab which tests _knowledge_ which you can study for. They have correlated outcomes in that a high IQ usually means a high asvab but they aren’t identical (you can for instance top out an asvab test and practice shows meaningful improvement whereas there is no top iq and if you can practice for it the test is flawed.)
> "Because rapid technological advances, such as the rise of artificial intelligence, make it impossible to predict how police surveillance will evolve, the Fourth Amendment analysis must remain nimble even as it remains grounded in founding-era traditions," the George W. Bush appointee wrote in a 51-page opinion. "Plaintiffs are unable to demonstrate that defendants' ALPR system is capable of tracking the whole of a person's movements."
> Davis drew distinctions from two significant precedents in determining that the pair's Fourth Amendment challenge lacked merit. In Carpenter v. United States, the Supreme Court held that the government violates the Fourth Amendment when it accesses a suspect's historical cell site location information without a warrant. The Fourth Circuit ruled in Leaders of a Beautiful Struggle v. Baltimore Police Department that the department's surveillance program, which captured and stored aerial images of nearly the entire city, violated the Fourth Amendment.
> Davis ruled that, unlike in cases where the government tracked people's movements through cellphone data and aerial photos, the collection of Flock data does not capture enough information to catalogue citizens' movements in their entirety. Davis reasoned that the 176 cameras, located in 75 clusters across the city, do not constitute a search.
They need a warrant to physically alter or attach things to private property to track them. They don't need a warrant to post monitors and record what they see in plain view in public spaces with no expectation of privacy. The entire concept of a license plate, universal around the world, works against the idea that the state can't monitor your car.
I'm not saying ALPRs don't pose new privacy problems and, in the long term, depending on how they're used, even constitutional problems. But clearly the Anti-Pinkerton Act doesn't get you anywhere here.
> The AIR program uses aerial photography to track movements related to serious
crimes. Multiple planes fly distinct orbits above Baltimore, equipped with PSS’s camera
technology known as the “Hawkeye Wide Area Imaging System.” The cameras capture
roughly 32 square miles per image per second. The planes fly at least 40 hours a week,
obtaining an estimated twelve hours of coverage of around 90% of the city each day,
5
weather permitting. The PSA limits collection to daylight hours and limits the
photographic resolution to one pixel per person or vehicle, though neither restriction is
required by the technology. In other words, any single AIR image—captured once per
second—includes around 32 square miles of Baltimore and can be magnified to a point
where people and cars are individually visible, but only as blurred dots or blobs.
> On the merits, because the AIR program enables police to deduce from the whole
of individuals’ movements, we hold that accessing its data is a search, and its warrantless
operation violates the Fourth Amendment
> The decision you're citing explicitly cites precedent for the constitutionality of warrantless mounted pole cameras.
And explicity notes that it's the relative scarcity of them that matters.
> Decades later, in United States v. Jones, 565 U.S. 400 (2012), location-tracking
technology crossed the line from merely augmenting to impermissibly enhancing. There,
police used a GPS-tracking device to remotely monitor and record a vehicle’s movements
over 28 days. Id. at 402–04. Although the case was ultimately decided on trespass
principles, five Justices agreed that “longer term GPS monitoring . . . impinges on
expectations of privacy.” See id. at 430 (Alito, J., concurring); id. at 415 (Sotomayor, J.,
concurring). Based on “[t]raditional surveillance” capacity “[i]n the precomputer age,” the
Justices reasoned that “society’s expectation” was that police would not “secretly monitor
and catalogue every single movement of an individual’s car for a very long period.”
> Thus, Carpenter solidified the line between short-term tracking of public
movements—akin to what law enforcement could do “[p]rior to the digital age”—and
prolonged tracking that can reveal intimate details through habits and patterns.
Put enough of them up, and the software to track between them, and you're in "enables police to deduce from the whole of individuals’ movements" territory.
Maybe! I'm skeptical. Either way: Anti-Pinkerton doesn't come into it.
I'll tell you what's not going to happen, with certainty: we're not going to get to a point with ALPRs where it becomes so abusive that the Supreme Court decides municipalities can't track cars at all.
It depends on how. The Fourth Amendment prohibits warrantless searches, not any information itself. The police can always just have an officer tail you 24/7, and it's perfectly legal. Placing a GPS tracker on your car physically invades your property and therefore counts as a search though. Generally any public photography is not a search, so they're free to record and keep records however they legally can.
Though at some point, even SCOTUS just does whatever feels right, regardless of what the law says. In Carpenter, SCOTUS ruled 5-4 that your cellular company voluntarily handing over historical cell data also counts as a government search. An appellate court has held that if photography is extensive enough, it becomes a search. SCOTUS has held before that uncommon photographic equipment can constitute a search. That logic honestly doesn't really make sense, but it is what it is now. I wouldn't be surprised that the courts rule against it, but that's not what the law really says.
This is going to happen in a lot of places that aren't large enough to make news: people dumping Flock over bad publicity, and simply installing ALPR cameras from vendors smart enough not to get themselves embroiled in politics.
AXON seems to be really good about not pushing things too far. I don't know if they lobby/amplify the need for police body cameras, however. Even that, IMO, doesn't have the stench of evil
They must be making huge profits, assuming every bodycam needs some kind of recurring revenue (for evidence.com, maintenance, replacements). BUT as far as I can tell, they are also taking the judicial requirements very seriously. Unlike Flock, I haven't heard anything about AXON providing tools to circumvent the 4th amendment. In fact, AXON makes tools that make it easier to comply with the law. For example, record requests for bodycam videos are (again, afaik) easy to satisfy with their tech.
I don't know what ownership they have of videos stored on their services. Can they use it for LLM training? can they sell anonymized data? do they? no idea, but trust in Flock is at about a 0 out of 10.
And yet you can see on this thread people saying this is a good thing, because Axon is the good kind of ALPR company and Flock is the bad kind. This is just WWF rooting interests, not public policy.
Standardized bodycam implementation nationwide was a fantastic improvement to policing post-2020. Axon seems to be king of that coast to coast. Watching bodycam video on YouTube has improved my perception of the police from "often unethical jerks" to "wow, I can't believe the nonsense these people have to deal with". Asshole cops now have to justify their behavior before judges and their bosses in a way maybe they didn't before.
Freedom of Information requests to axon seem to be given our somewhat freely given how large the bodycam genre on Youtube is.
I don't think PE buyouts are the right comparison here; we're talking about companies that never go public versus the ones that do.
And, of course private companies fail at a much higher rate. The set of private companies includes every company that doesn't succeed to the point where it has the realistic choice to go public. Again: wrong comparison.
A general IPO is also not the right comparison. The events that kill companies are changes in control whether they happen from going public or going private. If Stripe IPO's, the Collison's will stay firmly in control, and approximately nothing will change at Stripe.
I'm not coming down on either side of the public/private thing, just saying that take-privates and failed small private companies aren't meaningful comparisons to make.
when companies go public usually the easy money has been made, and for the growth to come back a lot of time might pass.
frankly i dont know why would one go public today unless money is needed badly. Quarterly calls, filings, are one thing, dealing with vest bros asking "so how should we think about" questions on round tables or "whats an incrimental margin" musings as they clack away at their mini keyboards filling out their model no body can make sense of.. and then someone will publish a blog saying their company is gonna be extinct because of AI ... this is not for everybody thats for sure...
reply