recently there has been some football and stopgap in congress about reauthorizing the patriot act permissions for the NSA to collect any communications where one endpoint is out of the country. so that's at least widely recognized and 'legal'
you're absolutely right. this is just a terminology confusion I think. we can talk about capabilities as 'a replacement for ACLs', in which case, yes we need to think about policy rules and not a gigantic list of possible atoms.
from a mechanism point of view a 'capability' is really more a bearer token, the result of a policy decision, a credential that we can give to the OS to show that we have been given access without going through the rules-based machine for every operation.
in larger systems the utility of sharing a single cpu/gpu complex between independent authorization domains kind of goes away. if you have 10,000 units of allocation, it never makes sense to try to share one of those until you have more than 10,000 jobs, and even then.
so it seems a lot more feasible to control access and sharing between those units and write of off the intranode case as a lost cause
In such arrangements, one has essentially enforced high-latency similar context isolation using encrypted/VLAN network fabric, and pushed coordination/permissions into back-plane supervisory subsystems. Still creating a monolithic permission domain vulnerability within the entire n<10000 node cluster partition.
Likely doesn't help OS users either way. Best regards =3
you kinda missed my point. already in the cluster the important filesystem is the distributed one. the important job management system is the distributed one. the local OS just effectively supports the single process that we really care about. so the distributed context is where we add capabilities and actually manage access and resources. that is the real OS.
I think you'll find that trying to neatly bin the internet into neatly defined categories is something of a fool's errand. I guess the canonical example is centuries old fine art that shows a bit of nipple.
what about whitelists? this never comes up anymore. I can load profiles from the 'child safety council' if that's what I want, and should expect to cover some of the overhead in evaluating all the submitted links. particularly in an educational setting, part of the problem is kids playing games and hanging out on social instead of working.
it seems a lot more tractable than trying to classify everything and get everyone to play along. let 1000 different filters bloom.
Whitelists have the exact same problem you're objecting to. Not everyone will agree what should or shouldn't be on one.
In practice I don't think it's an issue. What I'm arguing for is the infra to facilitate self categorization and (likely) also a legal requirement limited to only a few specific categories. For example the government might mandate that porn, social media, and user generated content all be accurately tagged and provide legal definitions.
Nothing about what I describe would preclude additional layers of categorization such as (but not limited to) whitelists. In fact it should improve such efforts by providing a standardized method they can use for arbitrarily fine grained categorization that will be compatible with other software out of the box.
Note that my tagging proposition could be applied per network request. So if the service operator wants to it should facilitate filtering out (for example) a comment section without blocking access to the rest of the site.
the point being that instead of there being a kind of commission to create a schema, there are a whole bunch of different whitelists. so if your religion objects to the existence of mangoes, then you can subscribe to a mango-free internet filter.
and instead of burdening the isp the publisher of mango sorbet recipes with ticking off all the right schema boxes, this can all be enforced at the consumer.
all the rest of these approaches kind of assume that there is 'reasonable' and 'unreasonable' content, and that we all mostly agree on the difference. which I think is fundamentally fallacious. do you really think we can agree, as a species, what PG-13 should mean for the entire internet?
I think you've seriously misunderstood the system I described. I'm saying we need first and foremost a standard for communicating such tags. It wouldn't dictate any categories, merely provide a framework for communicating any number of arbitrary categories. It would be immediately useful for the same groups that publish whitelists by providing a standard interoperable way for anyone to communicate categorizations.
Separately, I'm suggesting that the self reporting of certain categories be given legal significance and mandated. Such as porn.
I never said anything about burdening the ISP. Only the publisher, and when you consider the "burden" of self categorizing a few legally defined categories that for the most part already exist I really don't see an issue. What did you think these ID law proposals were for if not restricting access to various legally defined categories?
but in this case that's exactly what AI is doing, and no more. its filling in the gaps with some plausible sounding goo so that the person doesn't have to worry about the details.
ok, so for some of the jobs we're doing plausible sounding goo is just fine. and that's kinda sad. but the 'just playing around' case is fine for PSG, this isn't a serious effort but just seeing how things might work out without much effort.
taking the remainder, where understanding and intent are important, the role of the ai is produce PSG, but the intentional person now goes through everything and plucks out all the nonsense. this may take more or less time than simply writing it, but we should understand this is resulting in less real engagement by the ultimate author. where this is actually interesting is a parallel to Burrough's cutup method - where source text and audio were randomly scrambled and sometimes really clever and novel stuff pops out.
but to say the current model of vibe coding has much to offer in the second case is really quite unclear. to the extent to which coding is the production of boilerplate is really a problem with APIs and abstraction design. if we can get LLMs to mitigate some of that I the short term without causing too much distraction, that's fine, but we should really be using that to inform the solution to the fundamental problem.
so for me what's missing in your model is how LLMs are supposed to be used 'properly'. I don't think laziness is really the right cut here, make-work is make-work, and there's plenty of real work to be done. but in what sense does LLM usage for code actually improve our understanding of these systems and get us more agency?
I don't disagree with your take on most jobs or vibe coding as shown in countless proof-of-concept/0-to-1 demos. But the comment I was replying to was dismissing this statement from another commenter:
> People who use AI because they are trying to avoid doing work fall into a completely different category than people using AI as a force multiplier and for skills/capabilities enhancements / quality improvement.
This statement is absolutely true. There are ways to use LLM tools to significantly improve the quality of your work instead of to avoid doing hard work. (And the result can easily become something that requires more hard thought, not less.)
Some that I frequently enjoy that are usable even if you don't want the machine to generate your actual code at all:
* consistency-check passes asking it to look for issues or edge cases
* evaluation of test coverage to suggest any missed tests or proposed new ones
* evaluation of feasibility of different refactoring approaches (chasing down dependencies and call trees much more faster than I would be able to do by hand, etc)
> to the extent to which coding is the production of boilerplate is really a problem with APIs and abstraction design. if we can get LLMs to mitigate some of that I the short term without causing too much distraction, that's fine, but we should really be using that to inform the solution to the fundamental problem.
I generally would disagree with this, though. I don't think there's solely a problem with abstraction design, I think the inherent complexity of many systems in the business world is very high (though obviously different implementations make it different levels of painful). If that's a problem, it's a people/social one, not a technology problem.
In my future we lean into the fact that people want features, they want complexity, for many things - everybody's ideal just-for-them workflow/tooling would look slightly different than the next person's - and use these tools to build things that do more, not less. Like the evolution of spellcheck from something you manually ran, to something that constantly ran, to something that can autocorrect generaly-usefully when typing on a touchscreen.
Let's get back to finding more features/customization to delight users with.
we built machines with all kinds of approach to this. ones with giant shared memories and memory networks. the tera MTA famously had uniform memory access, since all of the memories were on the other side of a network from the CPU, and hardware managed threads tried to hide that latency.
we built machines with RDMA that allowed fast one-sided transfers between memories at a decent fraction of the memory bandwidth. and operating systems that ran services to present a unified operating system interface on top of that.
there is a whole history of distributed operating systems if you're interested
that's..kind of not true. they weren't elastic in the sense that you never had to think about how big they were. but you had say 64k nodes, and people would launch jobs with 1000 of them, or 10000, or if if they could clear the decks all of them. or if they were just debugging, maybe 5 of them.
I've worked both sides of a 'transparent open-process lowest cost bid' for the US government, and it's pretty easy to get the outcome you want. a lot of the time its not even for reasons of overt corruption, just that that's the vendor you've chosen to work with.
this is absolutely true. I can spin up a government consultancy and get inside the system so that I can low bid contracts, get extensions and not provide any meaningful service at all, that's a comfortable parasitic life. I worked in the US Dod and there was no meaningful quality difference between the 2x salary contractors with their additional 2x overhead than the lifers.
we can bemoan that the government isn't being efficient, but involving people with even less oversight whose only goal is to extract as much from the public coffer as possible is not a magic bullet that gets the public more for their money.
the claim is that by .. using government resources to address the needs of the populace, you are effectively buying votes, and not what others might call actually performing the proper function of a government.
reply