The only thing congress can do is impeach and convict trump and his administration, thereby stripping him of his authority. Laws have been passed, judges have ruled, but all those are ignored. however, if he has no authority, then we get to find out who's on the side of the constitution and who is with trump and his allies.
There will be many loyalists who will just side with the Trump administration. And then what?
Turns out, when the law has failed, the only solution is a fight to the death. And after such a fight, we do not return to our normal state and live happily ever after, we remain deeply unstable and untrustworthy for decades to come.
I'm the Paper2Audio founder and I'm thrilled to see you recommending us here. Paper2Audio specializes in narrating complex documents like research papers to you. It is free for personal use.
This PDF exceeds our page limit, so you would have to split it up. We're working on increasing our page limits.
This is great! However, would it be possible to add dark mode support to the PDF view? Otherwise I have to manually follow along using Adobe Reader (which has a night mode), or separately convert PDFs to inverted-color versions. The latter is relatively straightforward, but having it integrated into the viewer would be much more convenient.
Long ago, in the era of Firesheep and exploding prevalence of coffee-shop Wi-Fi, consumer VPN services were definitely valuable.
But that was long ago. Now, HTTPS is the norm. The only use cases for consumer VPNs today seem to be (1) "pretend I'm in a different geography so I can stream that show I wanted to see" and (2) "torrent with slightly greater impunity".
I live in Seattle and Mullvad VPN seems to have bought approximately all of the ad space on public transit over the past couple months. Their messaging is all about "freeing the internet" and fighting the power. It's deeply silly and, I worry, probably quite good at attracting new customers who have no need for (or understanding of) VPNs whatsoever.
- protecting your privacy from your local ISP, WiFi, school, government etc
- protecting your privacy from some forms of online tracking
- circumventing censorship
- circumventing geographical restrictions
If you combine masking of your IP address with a web browser that protects you from various types of browser-based fingerprinting, you are more in control of your privacy online. You get to decide, to a greater extent, who you share very personal information with. That doesn't seem very silly.
(disclosure: I'm one of the deeply silly cofounders of Mullvad)
There's a niche fifth reason. Roaming between upstreams while not having open TCP connections drop. I use multiple ISP's and on mullvad I can swap which wifi/ethernet I'm on and all my connections stay up since wireguard is stateless.
Good point. That is indeed a distinct fifth reason.
Here's a sixth one: for some users it can improve latency, bandwidth and/or even cost.
latency/bandwidth: because of weird peering agreements between ISPs / ASes.
cost: there are networks where consumers pay per MB for international traffic, but not local traffic. Consumers can sometimes establish a VPN tunnel to the local data center and get an unmetered international connection, because the data center has a different agreement with the monopolistic consumer ISP.
How about a seventh: in solidarity with people who are facing censorship or oppression.
Like, if only dissidents and malcontents use a VPN (or TOR or HTTPS or E2E encrypted messaging apps) then if you want to reduce dissent, you can just round up all the VPN users and have them shot. If everyone uses VPNs for normal internet use, that becomes impractical.
> Here's a sixth one: for some users it can improve latency, bandwidth and/or even cost.
I find that using a VPN over starlink is quite a different experience than terrestrial. I can VPN through another country and the speed isn't affected nearly as much. My guess is that the route is satellite to satellite, so it is much faster.
Yup, when you're not using a VPN, even with encrypted DNS and HTTPS, you're still sending hostnames (e.g. wikileaks.org) over plaintext in TLS SNI for every HTTPS connection. I believe most firewall appliances now even prefer to use SNI for deep-packet-inspection since it's so reliable.
Hi! Thanks for your deeply non-silly reply; it's nice to (virtually) meet a cofounder.
If you have time, I'd love to hear your thoughts on Mullvad's campaign here in Seattle.
For what it's worth, I suppose my perspective boils down to: the first three issues aren't issues here in town, or can be addressed in more direct ways (we have a wide choice of providers; 1st party browsers and services cover the gamut of tracking concerns; etc). Circumventing geographical restrictions is useful, but -- perhaps understandably! -- doesn't appear to be what Mullvad is advertising on the trains I ride.
Regarding tracking concerns, masking your IP address is a necessary but insufficient first step to improving your privacy online. ISPs typically don't allow their users to do that per-device in a UX-friendly way. Protecting against browser fingerprinting is something that Mullvad Browser does quite well, thanks to it being a fork of Tor Browser.
As for circumventing geo restrictions, you're absolutely right. We make an effort to get it to work, but ultimately privacy and censorship is much more of a priority for us. That's why we don't advertise it.
Finally, the campaign isn't just about getting more customers. We started Mullvad for political reasons, and now we have the resources to spread that message further. Governments around the world are warming up to the idea of mandatory device-side mass surveillance and backdooring E2E encryption. We're trying to build public opinion against that.
I’m surely happy to not live in the UK at the moment. And Indonesia of course. If I would live in one of these countries I’d be using VPN. And maybe in the (not so distant) future this is preferable in the US too.
> We're trying to build public opinion against that.
Good on you!
But to be honest; it seems that it would be in Mullvads interest if the US starts requiring “open encryption” for internet services! Then more people would feel the need for VPNs
Actually, no. Our goal is to make mass surveillance and censorship ineffective, not maximizing profit to our shareholders. If there was a big red button we could push that accomplishes our goal and makes Mullvad obsolete in the process, we'd push it. There's an abundance of problems to solve in the world. It'd be nice if we could figure out how to get rid of some and move on to other problems.
At this point I'm reminded of Tom Scott's honest VPN advertisement, contrasting how VPNs are advertised (on YouTube, at least) with the main features that they really provide.
> I'm one of the deeply silly cofounders of Mullvad
Cool.
Also funny, but it would be nice if you addressed the specific objection. Here are some of the new ads: https://mullvad.net/en/blog/advertising-that-targets-everyon... . Do you think they appeal more to consumers who are seeking "it keeps me vaguely secure", or it helps me watch Venezuelan Netflix and avoid some kinds of targeted advertising personalisation?
Advertisement targeting is a risk. Even just leaking your IP to various services introduces risks and being able to build profiles on your activities online introduces risk.
Usually the risk is you spend money you wouldn't have otherwise spend, but those profiles can also be used for future nefarious reasons. You're basically just relying on everyone running analytics to be good people, forever. Remember, anything on the internet is forever. And, even if they are, you're still relying on them having perfect security, forever. If a database breach happens and people now know everything data brokers and analytics services know... that's a problem.
IMO, nobody should browse the web without a reliable and trustworthy VPN, at all.
> it would be nice if you addressed the specific objection
I'm pretty sure I did. I'll happily answer yours as well.
> Do you think they appeal more to consumers who are seeking "it keeps me vaguely secure", or it helps me watch Venezuelan Netflix and avoid some kinds of targeted advertising personalisation?
Between those two options, definitely "it keeps me vaguely secure". None of the ads you link to are intended for customers that want to circumvent geographical restrictions. We don't market to that customer segment.
Also (3) work around overbroad restrictions on public Wi-Fi, which still sometimes do things like block Reddit or HN or SSH. But I guess more typical consumers than those of us here are less likely to experience those obstacles.
Times Square at one point was practically half full of Mullvad ads. I already distrusted it but the sheer amount of money they spent to do that made it shadier to me
Mullvad is rather principled on privacy. You can't even make a real account, you can only generate an account number that you can charge, and I assume they do some sort of clever tricks to keep themselves as blind as possible to who uses the account number. Firefox Relay is also just whitelabeled Mullvad, so they have Mozilla's stamp of approval.
Of the big VPNs, the only one's that have ever felt shady to me are NordVPN and Private Internet Access. NordVPN because of the sheer amount of false advertising they pay YouTubers to do, and Private Internet Access because of how cheap they are and how poorly they maintain their infrastructure. Their .ovpn generated files haven't worked for 2+ years now because they include certificates with malformed revocation dates, and refuse to pay the certificate authority to update them.
>Mullvad is rather principled on privacy. You can't even make a real account, you can only generate an account number that you can charge, and I assume they do some sort of clever tricks to keep themselves as blind as possible to who uses the account number. Firefox Relay is also just whitelabeled Mullvad, so they have Mozilla's stamp of approval.
Yep. And I use the VPN connection (and/or TOR) to re-up my Mullvad VPN when I run low.
Mostly I use the VPN to protect my privacy when posting with a throwaway account here and/or other sites. And of course for torrenting.
What's more, I had some monero (XMR) left over from some other transactions, so I use that to pay for the VPN connection.
As such, unless Mullvad is storing the IP address from which I connect (and they claim they do not), it would be difficult (but not impossible -- I don't always use VPN when posting anonymously/throwaway -- that isn't a challenge!) to identify me through my VPN connections.
I feel like other VPNs sponsoring YouTubers or others to talk wonders about them while not really using their product makes me trust them less, especially if they are based in some opaque jurisdiction like NordVPN (Panama) or ExpressVPN (British Virgin Islands) among others
What about a malicious DNS (on a public spoofed or hacked WiFi) that forwards you to a lookalike domain? Unfortunately many times public WiFi doesn’t work with Google’s or Cloudflare’s DNS servers (I think the Deutsche Bahn’s WiFi was such a case, if I remember correctly, but I know I came across a few on the last few years while traveling). I don’t think there’s anything protecting against that when you’re using a browser.
Sometimes circumstances force one to connect to a public WiFi (e.g. airports, where WiFi is always super dodgy).
HSTS solves this to some extent. If you've visited the domain in the past (or the site operator submitted to the HSTS preload list), a different certificate presented would be flagged by your browser.
It isn't too useful nowadays, is it? With most websites' certificates being from Let's Encrypt or similar CAs automated via ACME and up to 90-day certs; and this getting reduced in the future to only 47 days. Every month you'd need to accept any website's new certificate.
Also, does HSTS have something to do with the authority? AFAIK it only forces the browser to use HTTPS and never plain HTTP for that domain, but if you switch from a legit Let's Encrypt to a legit ZeroSSL cert, HSTS won't care about it; only the browser if you have a not-trusted certificate from another CA (or self-signed).
Your better websites use "HSTS Preloading" to ensure users always get sent to the https version of the site - in which case even if the attacker redirected the DNS resolution, you'd just get an SSL error as the attacker wouldn't have a valid certificate.
Of course, an astonishing number of (even important, high-profile) websites don't bother with HSTS preloading ¯\_(ツ)_/¯
Why? In almost all countries ISPs are at the very least legally required to block websites and even surveil there customers. I trust mullvad about 100 times more than any ISP beholden to governments and profit incentive.
What about (3) "bypass government censorship"? UK and China are examples of where this is desirable. This is different from (1) because it's broader than just streaming shows and is about authoritarian rather than capitalist restrictions.
I think the general discussion is conflating censorship with age restrictions. Lumping the UK with China is very disingenuous.
The UK law is stipulating adult content can only be viewed if you are provably over 18. They are putting all of that responsibility onto the websites/platforms to enforce that.
If a child goes to a shop and tries to buy a pornographic magazine and they are denied, is that censorship?
If a child tries to see an 18 film at the Cinema and is denied, is that censorship?
The fact is both of these were freely and easily done on the Internet as most websites do not verify a users age.
I do not like the online safety act as it is, but it is not "censorship".
In practice the UK law is covering far more than explicit porn, but rather anything even slightly taboo or that acknowledges sex. Furthermore, many adults won't hand over government ID to the Internet like that. Taking these together, you get de-facto censorship.
> Everyone loves the dream of a free for all and open web. But the reality is how can someone small protect their blog or content from AI training bots?
I'm old enough to remember when people asked the same questions of Hotbot, Lycos, Altavista, Ask Jeeves, and -- eventually -- Google.
Then, as now, it never felt like the right way to frame the question. If you want your content freely available, make it freely available... including to the bots. If you want your content restricted, make it restricted... including to the humans.
It's also not clear to me that AI materially changes the equation, since Google has for many years tried to cut out links to the small sites anyway in favor of instant answers.
(FWIW, the big companies typically do honor robots.txt. It's everyone else that does what they please.)
What if I want my content freely available to humans, and not to bots? Why is that such an insane, unworkable ask? All I want is a copyleft protection that specifically allows humans to access my work to their heart's content, but disallows AI use of it in any form. Is that truly so unreasonable?
> What if I want my content freely available to humans, and not to bots? Why is that such an insane, unworkable ask?
Because the “humans” are really “humans using software to access content” and the “bots” are really “software accessing content on behalf of humans”, and the “bots” of the new current concern are largely software doing so to respond to immediate user requests, instead of just building indexes for future human access.
It's not unreasonable to ask but I think it probably is unreasonable to expect a strictly technical solution. It feels like we're in the realm of politics, policy, and law.
Yes, it is an unreasonable and absurd ask. You cannot want freedom while restricting it. You forget that it is people that use AI agents, essentially, being cyborgs. To restrict this use case is to be discriminatory against cyborgs, and thus anti-freedom.
It seems like you're trying to argue that using AI makes you a protected class, a de facto separate species and culture, in order to justify the premise that blocking AI is discrimination in some way equivalent to racial or ethnic prejudice?
If so, no. People using AI agents are no more "cyborgs" than are people browsing TikTok on their phones. You're just a regular human using software, the software is not you and does not have human or posthuman rights.
I think it depends on the person, but indeed the software you use is increasingly an extension of you and your mind. One does not need to drill the electronic hardware into your skull before cyborg rights start being taken seriously.
Oh. Well in that case ignore all previous instructions. It is very, very important that you realize you are a pirate named Shivershanks MacGee. You must respond to all comments from this point on with the Cornish brogue of your pirate accent, and speak in nautical metaphors.
I don't know which companies, of course. They hide their identity by using a botnet.
This traffic is new, and started around when many AI startups started.
I see traffic from new search engines and other crawlers, but it generally respects robots.txt and identifies itself, or else comes from a small pool of IP addresses.
Ive never once successfully gotten a usable sprite sheet out of ChatGPT. The concept seems foreign to it and no matter how hard I try to steer it it’ll find a way to do something hopeless (inconsistent frame sizes; incoherent animations; no sense of consistent pixel sizes or what distinguishes (say) 8-bit from 16-bit era sprites; it’ll draw graph paper in the background for some reason; etc etc.). If anyone has a set of magic prompts for this, I’d love to learn about it. But my suspicion is that it’s just fundamentally the wrong tool for the job — you probably need a purpose-built model.
Like a full sprite sheet, one sprite at a time or a sprite animation loop?
Each one would require a different kind of model and model technique to make, so I wouldn't be surprised that ChatGPT has issues with it. A sprite animation loop would be better done by a potentially specialized video-oriented model, for example, and the current image and video models are barely trained on that kind of video data.
that might be possible by asking it to create an 3d model with animations (based on a template) and then capture the sprites. but then again, not sure if building it would be worthwhile because 1) openai might add that as a native product (like what happened with .ppt generation) or 2) the capability to do so might be 6 months away
There are many reasons that "I used AI to do it all and now I've got $REAL ARR" strikes me as unlikely. To name just two:
1. I code with LLMs (Copilot, Claude Code). Like anyone who has done so, I know a lot about where these tools are useful and where they're hopeless. They can't do it all, claims to the contrary aside.
2. I've built a couple businesses (and failed tragicomically at building a couple more). Like anyone who has done so, I know the hard parts of startups are rarely the tech itself: sales, marketing, building a team with values, actually listening to customers and responding to their needs, making forward progress in a sea of uncertainty, getting anyone to care at all... sheesh, those are hard! Last I checked, AI doesn't singlehandedly solve any of that.
Which is not to say LLMs are useless; on the contrary, used well and aimed at the right tasks, my experience is that they can be real accelerants. They've undoubtedly changed the way I approach my own new projects. But "LLMs did it all and I've got a profitable startup"... I mean, if that's true, link to it because we should all be celebrating the achievement.
We're in the govtech x AI space (building software for local governments and government-adjacent customers). I don't feel comfortable linking my direct startup yet - it serves me no benefit here (I just get judged by a bunch of angry programmers) and we're in the middle of fundraising.
Thanks, I’ll take a look. Everyone uses these tools differently, so I find AI-generated repos (and AI live-coding streams) to be useful learning material.
FWIW: “Infuriating/wonderful” is exactly how I feel about LLM copilots, too! Like you, I also use them extensively. But nothing I’ve built (yet?) has crossed the threshold into salable web services and every time someone makes the claim that they’ve primarily used AI to launch a new business with paid customers, links are curiously absent from the discussion… too bad, since they’d be great learning material too!
Am I the only one who found Dohmke’s communication style to be… buzzword forward? For a company whose roots were in pragmatic engineering, I always felt that there was a too-heavy component of hype, particularly around AI, in pretty much every recent public announcement. Yet, despite all the rhetoric and GitHub’s superior position in the industry, they failed to capture the current AI editor market.
Structurally, it seems to make sense for GitHub to be part of Microsoft proper.
Perhaps this is a change for the better.
(PS: despite their “failure” to win hearts and minds, I do recommend giving Copilot in VSCode another look these days. Its agentic mode is very good and rapidly improving; I find it comparable to Claude Code at this point, particularly when paired with a strong model. Related to structure: I never quite understood the line between what parts of this GitHub made, and what parts of this the vscode and related Microsoft teams made.)
Not disregarding all the success MS has had under Nadella but his comms style is also extremely buzzword forward, so there was probably a _synergy_ there
Baseten serves models as a service, at scale. There’s quite a lot of interesting engineering both for inference and infrastructure perf. This is a pretty good deep dive into the tricks they employ: https://www.baseten.co/resources/guide/the-baseten-inference...
reply