I could see AI massively changing the calculus here. Its ability to hack and reverse-engineer (even obfuscated) artifacts may leave obscurity (read: not sharing code or binaries at all) as the primary security mechanism in the industry.
Yeah everything is open source if you’re good at reversing. Models are increasingly capable of converting binaries into source, and excellent at implementing systems when there’s a finite and constrained end state to validate against, which is exactly the profile reversing falls into.
I think it's for all intents and purposes impossible to program like this in this century. Like imagine just writing x + y in C++. Are you seriously going to enumerate every declaration of operator+ in the translation unit in your head to see if it's eligible (don't forget ADL)? And then every single possible implicit conversion or promotion that could make other ones eligible? And then go through all the overload resolution rules that practically no humans have memorized (with any template instantiations that may come into play) to figure out if the declaration you wanted is actually the best match? That's before you even look at its definition...
Okay but... so what? Authentication is a means, not an end. They seem to be missing that what matters at the end of the day is how much money/time/resources actually get lost, and who's on the hook for it. If that's negligible then isn't that mission accomplished? If we could live in a society where your name was enough and you didn't need a card number at all, and yet theft was still low and you still got your money back, that would be even better, not worse.
Yeah. The whole Linux security model seems like it was designed centuries ago. Your permissions are supposed to derive from the authority granted to you at the time of your invocation, and from those with the existing authority to grant/delegate them... not from your lineage, name, possessions, or status at birth. I find it kind of funny that generations of *nix engineers appear to have perpetually struggled with this concept. For all the hate it gets, Windows got this part fundamentally right.
I think they've almost certainly seen it written out, just not as an acronym. I figured out what it stood for based on context and knowing the full phrase, but I don't recall actually seeing the LPE acronym in recent memory. Whereas with CVE it's the opposite: I almost never see it written out, and even now find it non-obvious what the E stands for, bizarrely enough.
> Smartglasses have reasonabl eand legitimate uses. People also use bodycams that record continuously, such as for legal reasons. People have a right to record in public, such as if they feel at risk. Are you going to go after car cameras next?
None of those default to sharing your recording with anyone else, let alone with no practical way to opt out.
Most things? That's a really strong claim, do you have anything to back it up with? Just a couple videos here and there wouldn't cut it, given how strong your claim is.
For what it's worth I watch his videos and he seems to touch on incredibly valuable topics I would never hear about otherwise, like [1].
