The problem as stated in the original comment isn't that child porn as drawings is forbidden, or even that the interpretation of such is ambiguous. Or to be precise, it is not the only problem. The argument made is that these laws do not exist for their apparent intent (safety of children), but only as an excuse to exercise otherwise unlawful oppression and suppression of freedoms.

I don't find this assertion very plausible honestly, especially if this would be an argument against the existence of these very laws, because its not really an argument against government backdoors and such.

You could make the same argument (of ambiguity) with almost any crime, because there are always cases where a crime is hard to prove completely without any risk of failure, especially in the realm of sexual assault.

I'm not taking a position here, honestly I'm unsure about it, but the reasoning is sloppy and the allegations of abuse seemingly pulled out of thin air. There is also no case for why the poster is being investigated other than the pornography. It would be more plausible if there was some kind of civil disobedience involved. As stated, I'm inclined to put this in the category conspiracy theory.

which is just prep talk for "if we need it, we could do it"

Maybe this is taking it too far, but anyway: corporations don't have any agency. They are not persons. The organization and constellation of interests of corporations may be such that:

1. immoral people (such as psychopaths) will be disproportionately at the helm of large corporations

2. regular people will make immoral decisions, because to do otherwise would be against their own interests or because the consequences / moral impact are hidden from their awareness

There is no way to act in life that isn't in some sense moral or political, because it also impacts others and you are always responsible for your what you do (or don't do). And corporations are just a bunch of people doing stuff together. To maintain otherwise is in itself a (im)moral act, intentionally or not, see point 2 above.

It is and it isn't. Relative wealth within society has consequences regardless of absolute wealth. But globally power is absolutely shaped by wealth distribution as well, as wealth distribution is influenced by power relations too.

Why not give them credit for that? There is no moral rule that to be virtuous, it has to be self-sacrificial. If you narrow a commendable course of action to some sort of ascetic vision of martyrdom and self-punishment, then yes everybody and everything is evil.

So they may pivot to closed source when the circumstances will benefit it, or they may actually not do that. They have no shareholders that force them to squeeze the bottom line. The perceived benefits may just be slight and their culture will push them to stay the course on the long term, where other companies will do the reverse. Maybe if their survival is at stake, but wouldn't anyone faced with existential danger do anything to stay alive, including the worst imaginable?

Within certain commercial boundaries that keeps the business profitable, companies can and do make all sorts of decisions based on values and visions that are more than just economical, especially companies not beholden to shareholders that only care about short-term profits. Even the economical decisions aren't purely rational and often done from some kind of cultural bias.

You're severely limiting the blast radius. This malware works by exfiltrating secrets during installation, if I understood it correctly. If you would properly containerize your app and limit permissions to what is absolutely required, you could be compromised and still suffer little to no consequences.

Of course, this is not a real defense on its own, its just good practice to limit blast radius, much like not giving everybody admin rights.

> Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables.

Even a properly containerized app will still have these things, because you need things like environment variables (that contain passwords, api keys, etc) for your app to function.

Everything runs in the container and cannot escape it. Its like a sandbox.

You have to make sure you're not putting any secrets in the container environment.

You are just reducing the blast radius with use of podman; you will likely need secrets for your app to work, which will be exposed regardless of the podman approach.

Most people don’t have NPM keys in their application containers.

If you're developing in a container then you would have to be doing it without doing something like say, mounting your home directory into it.

The reality here is this is the sort of attack SELinux should be good at stopping (it's not because no one uses SELinux, the policies most commonly used don't confine the user profile in a useful way, and a whole bunch of tools love ambient credentials in environment variables).

>You have to make sure you're not putting any secrets in the container environment.

How does this work exactly? containers still need env vars and access to databases and cloud environments. Without these the container is just useless isolated pod.

Not who you asked, but I have a similar setup. I can run everything I need for local development in that image (db, message queue emulator, cache, other services). So, setting things like environment variables or running postgres work the same as they do outside the container.

The image itself isn't the same image that the app gets deployed in, but is a portable dev environment with everything needed to build and run my apps baked in.

This comes with some nice side effects like being able to instantly spin up clean work environments on my laptop, someone elses, or a remote vm.

This really depends on your setup. If possible, I have local development containers as much as possible. nginx, postgres, redis, etc. I have several containers, each only has access to what it needs. We have an isolated cloud environment for development, in its own aws account.

Its not going to stop attacks, but it will limit blast radius a lot.

All right then, keep your secrets.

No it is not.

So it turns itself back into oil and seeps into the well where it originated from? You know this sounds like putting your hands on your ears shouting 'lalala I can't hear you'?

The thing I'm wondering is, if you don't care, why make the effort to comment at all? Clearly you care enough to do so. What are you afraid will happen by merely acknowledging what is the case? Whenever someone presents the finding of facts as hysterical, I'm left wondering who is actually the hysterical one.

The microplastic particles in our air aren't hysterical. They are just there. Research revealing they are present isn't hysterical either, nor is research about the consequences. At most, such research is more or less accurate, or distorted. I'm starting to think you are the one who is hysterical in this matter.

But for what reason? I can only think of only three:

you agree with the dangers but find it so overwhelming that you want to shut it down

you fear losing the benefits of plastic and want to undermine any action on the subject

you just can't take any kind of panic, regardless of the reasons and to maintain your sanity, you vehemently push away anything that might otherwise makes you feel alarmed

If it presents a threat to comfort, lifestyle or wealth, people can fiercely resist becoming aware even when presented with overwhelming evidence.

In the Netherlands, millions of people burn wood in stoves or fireplaces, just for coziness, or use it for heating where alternatives are readily available. The evidence for its massive detrimental health effects is overwhelmingly clear. When you dare to even present this evidence, you will get flamed and ridiculed as if you are an evil luddite out to take away their small pleasures in life.

We are slowly getting rational about the effects of smoking, but choking out your neighbors (and children) by burning wood is still something people feel is their human right.

You make a claim without a source and refuse to back it up when asked, yet you are doubling down on your confidence in the initial statement. There's an interesting discussion to be had, but this is not it.

There are several factors to be considered: the actual risk of older and newer systems, the impact, how to mitigate a fire and avoid the worst consequences, and weighing against the alternatives. Especially the latter is somehow always absent in denialist narratives. However, when the alternative is basically heating the planet into a dystopian hellscape, we may accept some negatives of any kind of technology that doesn't put our whole existence at risk.

We need to be real about the downsides yes, but let's also be real and accept we don't have any choice but push forward.

Here is my 1 minute AI powered 'research' btw:

"The fire risk for battery plant storage is not a single, universally agreed-upon percentage, but available data suggests a low and decreasing risk, especially for properly maintained and installed systems. For example, one study found the 2023 risk for home battery systems to be \(0.0049\%\), while another source reports a \(97\%\) drop in large-scale system failures between 2018 and 2023. The risk is influenced by factors like manufacturing quality, installation, and maintenance."

Doesn't seem all that alarming yet.

Those facts seem hallucinated so you should follow your own advice & post the actual sources.