Thats super silly, it's so easy to make docker images... especially if you have a fast connection you can build a proper image which is production ready in a few hours.. (eg.30-40 builds)
As it seems a lot of people are not aware that this one is a newer generation of branch predictor issue. You can see that Intels eIBRS doesn't mitigate the problems and make them susceptible to attacks. To prevent bigger issues the issue was released after Intel has been informed of the Issue and most systems are patched in the meantime.
It is impressive that some of the largest authentication/authorization providers don't support TLS 1.3, are there any other known providers which do the same in the security space?
Actually the writer of this Github Repo is wrong; Cobol has been exactly there to manipulate bits and bytes on the lowest level since forever and is very efficient at it.
My understanding (and I am not a lawyer) is that under European data protection law the important thing is to obtain user consent for this; I think there's a very reasonable argument that informing the user that you collect telemetry and that if they wish to avoid this they should just build their own copy of the software (which provides a very easy to access opt out which should satisfy everyone).
Although EU privacy and technology regulation is generally pretty ok, this seems to be one of those cases where their lack of technical skill or knowledge really shines through (other examples include the endless cookie banners and https://www.euronews.com/next/2024/07/22/microsoft-says-eu-t...)
Consent needs to be freely given; you can't nudge users into it and you can't hold access ransom over it. There's no way what you're suggesting would fly.
I've been told that if you have mandatory telemetry in your application that's fine because the user has a way to opt out (it's a free market and they don't have to use your software). I believe the territory where you add an opt-out is a bit murkier.
I'm not an expert and not on either side, but couldn't a notice like "by agreeing to these terms you allow us to turn on telemetry by default, and you are free to simply not use this software instead" be allowed?
Nope, consent cannot be a prerequisite of using the service/software, if it is available in the EU (or UK, since they grandfathered in GDPR after brexit) it must be usable with or without consent.
That is the reason many local non-EU ad-supported businesses (like local papers in the US) outright block all EU traffic. For example if I go to https://www.chicagotribune.com/ I get a blank page saying "This content is not available in your region".
Manjaro could do something similar by just blocking EU users from downloading it.
I don't think a "reasonable person" from the perspective of a court (non-developer, non-technical, end-user) can be expected to know (or even learn) how to compile software in this way, not to mention other downsides it has (like lack of updates and possibility to create new bugs) so I don't think this would be allowed, but it's up to a judge to decide on a case by case basis, not us armchair experts.
> I don't think a "reasonable person" from the perspective of a court (non-developer, non-technical, end-user) can be expected to know (or even learn) how to compile software in this way
I mean I don't think the EU can oblige you to make your software available to people who don't know how to use a computer.
It's good that we have operating systems that are easy to use (e.g. Mac OS, Windows), but this is not a priority for Linux desktop distributions (which is fine); what counts as easy to opt in/out of is very contextual.
"Click yes to consent and continue installation, click no to exit the installer and be redirected to a manual on how to build your own copy" would be in violation of the "consent must be freely given" stipulation of the GDPR.
You are more likely to get a regulator to agree to a version without consent (by minimizing personal data and arguing that your legitimate interest outweighs the weight of the little PII) than getting them to agree to your hostage situation
While I get the point you are making, I find it a bit over the top that you'd consider agreeing to telemetry in exchange for using the free software as tantamount to being held hostage.
In case it needs to be said, I'm 100% in favor of strong privacy protection laws.
I don't know how American data protection laws work in this sense, I've only read up on the GDPR. I don't think American data protection laws are any more strict than their European counterparts though.
You don't need to share this information for Manjaro's software to do its work so it's not necessary for the product. If it's strictly necessary, they may need to inform EU users, but don't need consent.
The edges of the law are pretty sharp. There are a few reasons for which data may be collected without consent, and "I want to see what kind of computers visit my website" isn't one of them. Most of the time, you'll need explicit consent (can't hide consent in the EULA or T&C).
This goes for anything containing PII. And, for the record, an IP address is considered PII in many cases. Pseudonyms also don't protect you.
Even with consent, collecting PII like this also adds a ton of extra overhead (suddenly you need to encrypt your database, serve information/correction/deletion requests from the people you've collected data about, not being allowed to host such data in the US, etc.) to the point I wouldn't even bother collecting this info from EU users. Foreign companies break the GDPR all the time and very few of them ever get fined, but when it comes to communities trying to do the right thing, the GDPR rightfully succeeds in making data collection expensive.
Manjaro doesn't have region specific isos, so it sounds like this will end up being the global policy. However international compliance isn't something every developer is aware of so it may take time before the project is releases a compliant version.
IMO asking for consent (or not collecting data at all) is always the right move, regardless of legal obligations. Might as well just ask everyone for consent.
This is the morally correct thing to do but it does result in selection bias for any statistics gathered. It's hard to figure out a way to get good data but users rights must be respected.
Somehow, before the wide availability of constantly connected Internet, software got made. Perhaps constantly collecting data on your users is not required after all.
If your competition is collecting user data and you aren't then they have a competitive advantage in understanding where to make investments for future development investments.
It's really best to just kill the arms race and restrict data collection.
Is it though? Microsoft .NET has telemetry that you always have to opt out always. Dark patterns like this setting not sticking but being overridden after an update, and of course the shell command that you kinda have to google each time, where you set a parameter to "1" and get no verification that you have indeed successfully disabled telemetry come with the territory (of software vendors not respecting the user much)
I'd guess that they'd target the system that collects the data as usually that isn't distributed (I'd be more concerned if telemetry was collected and then available for anyone to peruse rather than just the Manjaro organisation itself).
I can tell you it isn't difficult to build something like they have. The issue is more likely to get banks onboard to issue cards/payment instruments for your unknown payment network which has no terminals, the barrier to entry is very high.
Isn’t the second part—getting counterparties to trust you—an essential part of building something like they have?
I’m reminded of the old joke about the tech who thumps a machine to fix it, then sends a $5000 bill. $5 for coming out and thumping, $4995 for knowing where to thump.
Maybe instead of “3% to update some tables in a money database,” it’s more properly “.001% for the database update, 2.999% for being trustworthy enough that everyone is willing to trade goods and services on the strength of our promise that they’ll get paid”
I work in fintech specifically in payments and have for a few years now, including working on payment rails. I am going to give my best tl;dr based on my experience and knowledge.
From my point of view it isn’t really about partner banks. It’s about the rails, nearly 100% about the rails (IE the network). You’d only need one partner bank to move funds, which is how CashApp does it for example, but payment networks (the rails) is a different beast all together and I’ll do my best to outline this.
The bigger problem is going to be the rails. Visa and Mastercard as a model wouldn’t make as much sense for a new system to start with, rather you would want to be a closed loop system like American Express and Discover, because it’s extremely unlikely you’re going to be lowering any fees if you have to transit on Mastercard or Visa, but this means you have to control the entire on ramp, from issuing cards to operating the network. This as time has gone on has gotten very complicated from a regulatory standpoint and much of it for good reason, not to mention the high entry cost and long tail time it will take to see adoption. In fact you would likely run up against the reason why fees are so high, which I will get into in a minute. This is all the reasons why Capital One is trying to buy Discover, because they want to lower their fees for their cards so they can net more profit per transaction with lower per transaction costs, but this won’t translate into anything being cheaper for merchants (which is what we are really talking about) because of one really big draw of credit cards: Rewards[0]
The biggest driver of higher over time transaction costs isn’t the operation of the network. Which does cost money and it is unlikely operating any network would be zero cost or near zero cost, but rewards balloon the cost to merchants because of how things are structured and incentivized.
In a very simplistic breakdown it goes like this: if I am a card issuer like a bank, American Express or Discover and offer rewards, someone has to pay for that. Now you think the sky high interest rates would be enough but, while they in part cover the costs of the bank and they make lots of money on this, the truth is rewards are funded in large part (and sometimes solely) by kick backs on fees paid by merchants to the network operators, e.g. Visa, who may charge 3% they may only keep 0.50% of that and pass the rest back to the issuer as a kick back. This is negotiated by a number of means and the percentages are all different based on a bunch of factors but this is essentially how it works. This in part is done to incentive more transactions over the card network, particularly as a credit transaction which isn’t fee regulated, where as debit cards have a legal limit, which averages out to ~7 cents per transaction, significantly lower than credit cards.
Now this has created a system of kickbacks and rewards. This benefits three parties: Banks, who get tons of profits off of the high interest on credit cards plus the kickbacks fund rewards. Savvy (and usually wealthy) consumers, who can effectively get the “tax” in higher prices this has observed to cause over time as fees rise paid back to them as rewards at no cost (full paid monthly balances) and the network operators.
This leaves merchants to bare the real burden, as well as consumers who haven’t or otherwise unable to take advantage of reward programs to offset costs, namely the poor and lower middle class folks.
Now knowing this, how would you build up a 3 sided network (the operator, the consumer and a bank) that upends this model, which lowers fees for merchants? Assuming you go with a closed loop model (likely the best move) you are left with a few options: lower rewards (or have none, realistically) and you won’t gain consumers. Lower the operator take which has risks the ability for operations to be profitable and regulatory compliant, or you need to fund in large part by merchant fees greater than 1%, which will inch you close to what you see today to begin with, or you may think to use “differential pricing” but in some instances this may enter into a questionable gray area legally to have differential pricing based on which network / payment method the customer uses and it can be burdensome to merchants, which in part is why Winco decided to very publicly disclose that they only take debit cards, for example. Finally, you could forgo all this and simply rely on credit card interest revenue but that is a surprisingly volatile proposition as you have defaults to consider, refunds, reward costs, security and regulatory compliance etc.
All the while you need to build out a network from scratch by working with merchants, which means you would have very slow adoption and users of the network wouldn’t be able to blindly use their cards where they shop today, because it’s not like you can tap into Visa or Mastercard networks as a back stop either[1]
For what it’s worth, you should do a deep dive on how retailers tried and failed to upend all this with their own ACH based payment systems, the biggest proponent of which was Walmart. They failed for a lot of reasons but not all of them are the reasons you think.
Dear HN Readers,
For many years we are customers of GCP and AWS. We've tried to enhance the quota from 0 to 1 GPU on GCP in different regions. There seems to be no availability at google for 80 GB GPU's, they want to wire me into a sales process every time and refuse to upgrade the quota. Even better, we don't have a sales rep because that person has left google. They are asking me who my sales rep is and want me to fill out forms to get a new sales rep? I would partially understand the process if there would be multiple companies involved but at which company do you have to contact the quota department and they let you call another department, i find this very unprofessional and it is their internal business to allocate sales people to follow up if that is really required.
Reading all this, has anyone else issues with GCP and enhancing the Quota? It would be great to know if there are providers which assign you the resources which are required.
I've had no problems on accounts with small spend. Filling in the explanation box well is the key.
The recent surge in AI has GPUs in high demand, and may have changed things. Everyone is short on what they want and there is competition. Supply/demand at work, sounds like they may be raising the bar for accounts without existing usage or sufficient spend
The process is definitely flawed. You basically have to plead to TSE that is reading your quota case. They also need to bump the regional GPU quota and the specific quota you asking for.
this could have been easily solved by letting the investor know that this is happening and that they stop working for the startup immediately, this would have resulted in them pulling out the funding because nobody will put money in a company without the founders. You need to on the same level as the investors and lower your ethical and moral level to understand that for them this is a money game...
