there's always room for another software arms race. the personal area network is not ready and the evolution will be painful and good for someone - us, or them, without regard for what those divisions are, it's going to hurt.
if software engineers get displaced, they will eventually drift into other jobs that benefit from people who solve problems like software engineers. and if the former software engineers are willing to work at a rate reduced to their former positions, and if they bring better efficiencies with them, then there will be a slow cascade.
it doesn't follow that all software engineers are excellent at other work, please don't take that from my quip. but i could see the pattern, over time, being large enough to identify.
since software engineering jobs historically are very well paid, it does give some plausibility that former engineers working for less money would have this displacing effect.
its all icky no matter what i think, maybe someone else can tell me why i'm wrong and cheer me up
It's about as safe as trusting all the add-ons in your IDE, and all the packages your node app pulls from random package repos.
It's just the plausible blame that shifts.
If you read the script before you pipe it into your shell, it's safe.
And if that's not safe, then it's just as dangerous to trust that an unopened bottle of ketchup is safe.
Nothing is safe. Everything is a judgement. Being culpable is a professional service. Lucky people out-earn unlucky people. The world is a scary place.
No, not really. This reads like ornate hand waving to distract from different threat models and situations.
A lot of safety is down to accountability. A distribution through an attributable marketplace or being verifiably signed.
Safety isn't a performative action, so reading a script may still confuse you or you may miss subtleties. But opting for a safer install mechanism makes a huge difference, which is we always ought to prefer apt, dnf, over the likes of curlbash, brew, npm.
I'm Not sure that I agree that it is automatically safer to prefer apt or dnf, and I'm definitely sure that it is not safer to prefer npm.
Safety is about managing risk. One element of managing risk is evaluating trust. I'm thinking that there are much fewer people I have to trust by copying the curl | bash install method from homebrew's secure website.
But at any rate, I completely agree that piping a curl'd script directly to the shell should be considered unsafe, even if it's from a trusted source. It's quite easy to do additional checks to reduce your risk significantly for this type of attack. You could read the contents of your clipboard with a hex editor and check for non-ascii characters. But wait? How do I install the hex editor? Don't I need a hex editor to check the install method of the hex editor? AAAAH! It's turtles all the way down!!!!
It's nice until you need something that isn't in the distro repo. Personally i prefer a script i can easily inspect over a .deb that will also run it's own scripts (as root!) that it takes me much more effort to inspect.
I guess yeah, you are right, distro repos are safest, but there's lots of times where they aren't sufficient.
Linux distributions contain a curated set of packages. And, if any, distros like Guix can import NPM crap and at least place it under an isolated container for work so the rest it's unharmed.
also you're getting at least some of crowd safety in it. If you're using Debian Testing or a rolling distro your package was probably tested by a bunch of people already.
If you're using stable/LTS branch, there were far more eyes on it too
And packages are signed, can't just hijack web domain to inject code
> If you read the script before you pipe it into your shell, it's safe.
If you download it first before executing it (instead of downloading it a second time when executing it), then that mitigates one problem, but still not all of them (like you mention). Other mitigations are also possible, such as hashing, certificate pinning, sandboxing, etc.
This is a good point. Made me think about how I will usually read if first, but in the browser. And it's easy for the server to check the user agent, and serve me a different version in the browser!
If you read the script before piping it into your shell, you're doing better than (I'm guessing) 90% of people, but it's still possible that the attacker who got you to copy https://xn--nstall-ovf.xn--example-cl-62i.dev into your terminal has also made similarly-hard-to-spot changes to the install script. E.g. if it downloads a .deb package from https://xn--nstall-ovf.xn--example-cl-62i.dev (same Cyrillic і character in there that looks like a Latin i but isn't), you might not spot that by reading the script.
But IMHO, your "unopened bottle of ketchup" analogy doesn't work. These days, the likelihood of someone trying to trick you into running arbitrary code disguised as an install script is so much higher than the chance that someone working at the ketchup bottling plant is deliberately contaminating bottles before they go out.
This is why we have linux distributions with maintainers who can take at least a basic look at the software, vet dependencies and run it through a test suite. And they only have to do that once for each new version and not again and again for each download.
As a child in the 1980s we'd go for long walks in the woods. One time a friend brought a pair of 30 inch bolt cutters with him, you know, as a personality extension. And of course, there was some dubious reason to use them, and he was a hero for being over-provisioned.
A solution like this is those bolt cutters - I can admire it, but the odds I'm out on a walk with it, is very, very low.
Now if you work in a bolt factory, sure, this can run on every laptop, every user account, every environment.
But I'd hope my edge firewalls are L7 scanning for cyrillic 'i' in my domains cause otherwise I'm just gonna connect and get myself hacked.
Also there's always the risk that the bolt cutter has a defect (perhaps deliberately introduced at some point when it was manufactured) which will cause you more damage than the thing you're trying to prevent by carrying it.
I'm personally a bit wary of introducing a relatively obscure security tool into my setup, to protect against a rare possible attack. The chance that I'll get caught copy-pasting a compromised URL into my terminal is fairly small, and there's also a small chance I'll compromise my system either now or at some later point via a supply chain attack if I use the tool. Which chance is bigger?
Are you really inspecting every app you install, including all its dependencies, and the dependencies of those dependencies, to a level of detail sufficient to identify sophisticated and obfuscated backdoors?
In the real world, nobody does this. Instead, you make a conscious choice to trust the apps that you install. Every decision of whether to install an app is a tradeoff between (a) the risk that that trust is misplaced, and (b) the benefits of the app.
I know there's no single answer to this. But, if we wanted to mitigate this, do we have the geoengineering ability to execute on it?
I know 'wanted' is doing a lot of lifting there. Solve the hypothetical as a star trek culture, everyone wants this to work.
What would it look like?
I am under the belief that we get a lot of fresh water but because we baked the earth or paved it, and that an awful lot of water could be redirected into the ground if only we could slow it down.
Could America engineer an aquaduct from the great lakes to california?
would it destroy the great lakes?
i dont know a thing about this topic other than from my arm chair, i'm just here to start a thread if there's interest, i'm sure interested to hear from people smarter than me
Not an expert, but a more-than-casual-observer as someone who has lived on the water (literally and figuratively).
A core part of the problem is things like the farming in California that uses excessive amounts of water, which is already brought in from very distant regions.
I don't think there is a way to distribute the fresh water supply equitably if you have various regions and industries that insist on being highly inefficient and wasteful. California is certainly not the only example, there are lots of places trying to grow crops in illogical places, water supplies being polluted by industries, etc.
The problem isn’t just farming in the desert. The problem is all those people living in the desert in the first place. There is a reason the Spanish then the Mexicans did almost nothing to settle and develop California. It was massive water projects by the U.S. Army Corps of Engineers that made modern California possible.
It's really intertwined. While California exports a LOT, people need to eat and the economies of scale lean towards eating locally grown crops. Living in a desert creates some degree of demand for local crops.
1. crops in the desert are generally OK if they are directly for human consumption. The problem is growing alfalfa and other crops intended to feed livestock - they are incredibly thirsty crops, and the end result is not a lot of food in terms of nutrients or calories. Plus the little detail that a huge amount of the meat produced in the SW is exported to Asia, and so it might "look local" but actually isn't
2. even human-consumption crops are a lesser problem if the farms use the old techniques collectively known as "flood irrigation". Farming in the SW needs to switch to drip irrigation, which requires a significant capital investment by farmers, and I don't think they should be required to bear the whole (and perhaps not even the majority) of that cost.
California isn't even the problem. They're rich enough and big enough, (and fortuitously situated enough), that they just crank up desal plants and go happily on their way.
What about the rest of the west?
Arizona? New Mexico? Nevada? etc etc
Water needs to be brought in from somewhere? Who's going to pay for that? How do you do it safely, sustainably. And on and on.
I know people forget the rest of the west a lot. (Or maybe they just don't care about us as much?) But it's actually more of an issue in those places than it is in California.
A personal illustrative story. I used to live in Scottsdale. The water issue is such common knowledge out there that people started trying to get into the magic zip code. (Phoenix sits on like a gazillion years worth of water that they squirreled away.) I had moved into the magic zip code just about 1 year before everything went crazy. As it happened, about 18 months after we moved to that zip, we decided to move back to the Great Lakes region. Fully expecting to lose money on the house. But the word had got out on that zip code, and the final offer was over 60% more than we'd paid just 18 months prior.
That gives an indication of how even individuals are thinking. It just kind of felt like a lot of people, governments and organizations know there will be an issue, but money is gating everyone's ability to do anything about it.
Whereas of course, money's not as much of an issue in California.
I think large parts of the west will need help in the future. Or people will need to pay significantly more in taxes to live in those places.
It can't go on forever the way it has been. That much is certain.
>Phoenix sits on like a gazillion years worth of water that they squirreled away
True, but most of the groundwater under phoenix was contaminated by three superfund projects . Article [0] is from 2019 and says it’s “delayed”. They hit some targets in 2024, supposedly working on it with review due sometime this year [1]
Some of the suburbs haven’t been reached by the groundwater plumes, but phoenix itself was 2/3 in scope. So you don’t have a supply issue in maricopa city (which is a whole separate water district.. and an expensive one too: $100 bill even if you don’t use a drop), city of Scottsdale, etc
They're not segregated by zip, they're segregated by city.
If you live in Scottsdale, not in a certain zip, and the ish hits the fan water-wise, Phoenix is not giving you water. It's up to Scottsdale to provide you services.
That's why they call it a "magic zip". Not because of the zip itself, but because you get Phoenix services in that zip.
It's actually really important to know things like that when buying property down there. Some places have aquifers and reserves and others don't. Who is providing your services can have a critical impact on not only your quality of life, but also your property value.
Also, higher taxes is what it takes to create the new infrastructure to bring in water.
You gonna do a deal with California to get in on their desal plants? The infrastructure to pull that off will cost money. You gonna go the other way and desal through Texas? Even more money. Gonna continue to trust the Colorado and upgrade that infrastructure? Probably cheapest, but still a lot of money.
Essentially, whatever solution you come up with, it will cost money. Either the feds will have to pay it, or, as I said, the people who live in those areas will have to acclimate themselves to paying significantly higher taxes.
What you're describing is an artifact of the current political structure of the Phoenix area. When the shit hits the fan (which it might, and it might not) that political structure is going to be amended.
I don't think that moving water from CA is a part of the future for Arizona. If it was, then sure, taxes will play a role in that.
Even the solution I prefer - massively reducing agricultural water usage - will require money, but money is not going to create water near Phoenix IMO.
Everything I've read about desalination is that it is not really economically feasible. Has that changed? I don't think CA can "just crank up desal plants" in a practical sense.
But when I was in Scottsdale, I still considered it a long shot. The hot idea down there at that time was that giant Arizona desert PV farms would feed California electricity. They would send it back in the form of water.
Definitely works on paper. Only gets cheaper to operate the solar farms over time. But enormous capital costs.
Who's paying all that? I don't really think most of the people down in Arizona have the money it would take for that up front charge.
That's what I meant. California can float those kinds of costs. So for a place like California, it's definitely something they can do if the issue is pressed on them.
Places like Arizona, New Mexico, Nevada, I don't think they can? Maybe? But I don't think so. That's why I believe if the issue is pressed in western states outside of California, you would see much higher taxes that would likely make some people have to move.
> California can float those kinds of costs. So for a place like California, it's definitely something they can do if the issue is pressed on them.
That's correct. For reference, the simple upfront build cost of the desalination plant in Carlsbad in 2015 worked out to approximately $300 per county resident, which was peanuts to become effectively impervious to drought conditions in a populated and economically prosperous desert. San Diego had an over-$200B economy at the time, over $300B now.
How much has the infrastructure improved since then? I see on TV that some of California has snow and flash flooding. Are there attempts being made to capture that, or soak it into the ground? Or is it cheaper to keep using the old projects?
I see on YouTube that there are parts of Texas you can buy for peanuts because ranching doesn't work there any more. I gather that the cows eat so much of the ancient grassland away that the soil washed away and now we have flash flooding? Then I see terrible flooding in the main rivers. I wonder if it is because governments are (or were) good at big centralised water projects, but spending for thousands upon thousands of swales and check dams to be built is harder, and less sexy?
The Great Lakes states have an agreement surrounding how much water you can remove from the lakes. That would be your first regulatory hurdle.
In addition I suspect the loss associated with an aqueduct of that scale would make desalinization more efficient, which is generally cost prohibitive at current water levels.
The water pact is even more specific in that at least WI I believe you have to be East of the subcontinental divide to pull water from Lake Michigan.
Another poster mentioned real estate peaking in a zip code of AZ for having limited access to fresh water. I wonder how long until real estate along the great lakes starts becoming a long term hedge.
The Great Lakes have a management principle that is basically "You can use the water of the Great Lakes by permission as long as the water remains in the watershed." And permission is not automatic either.
The reason for that to a large degree is that the Great Lakes area looked over at the Southwest, which wasn't even as bad at the time as it is now, did some math, and worked out that if the Great Lakes tried to supply the Southwest that it would cause noticeable dropping of the water level. I'm sure it would be even more dropping now.
The problem is, the Great Lakes aren't just some big lakes with juicy fresh water that can be spent as desired. They are also international shipping lanes. They make it so that de facto Detroit, Chicago, and a whole bunch of other cities and places are ocean ports. Ocean ports are very, very valuable. There are also numerous other port facilities all along the great lakes, often relatively in the middle of nowhere but doing something economically significant. This is maintained by very, very large and continual dredging operations to keep these lanes open. Dropping the water levels would destroy these ports and make the dredging operations go from expensive to impossible.
So, getting large quantities of water out of the Great Lakes to go somewhere isn't just a matter of "the people who control it don't want to do that", which is still true, and a big obstacle on its own. The Southwest when asking for that water is also asking multiple major international ports to just stop being major international ports. That's not going to happen.
There's an even bigger problem if you're talking about the soutwhest in general: huge parts of it are thousands of feet above the Great Lakes. The energy costs of moving water horizontally are probably doable; pumping millions of acre-feet 5k feet vertically are almost certainly not (no matter what energy source you suggest using for this).
> Could America engineer an aquaduct from the great lakes to california?
Why would the midwestern states consent to that? The southwest is structurally unsustainable. If we can’t develop sufficient renewable energy to power desalination, we’ll probably have to abandon much of California.
My prediction is that if we ever have another civil war, it will be states going to war over access to water.
None of it is sustainable without diverting Colorado River water. Human habitation alone might be below what you can currently get out of the river, but who knows what climate change will do to that.
I don't believe that this is true. Colorado diversions might be currently used for residential purposes, but only because so much other water is used by agriculture. I'm fairly certain (though not completely certain) that AZ, NM in particular could support their residential populations with no Colorado diversions at all.
The largest such effort is China's South - North Water Transfer Project, look into that if you are interested in the subject. Its unbelievably gigantic in scale, yet the amount of water moved is relatively modest compared to the amount of consumption.
We've been moving cities and municipalities since the dawn of civilization. That's just how life worked.
Yes water works continue to improve but the age old solution is simply to stop city growth at its sustainable level and start moving people to other, newer, better areas to live.
-------
Alternatively, you can boom bust with feast and famine economics and have tons of people die due to poor planning. That's also part of the age old deal and it's evidence is written in the many mismanaged cities across history.
Perhaps it isn't possible because of economics. If you build an aquaduct to a somewhere sunny so that water is plentiful there, then farms, cities, parks, and so on will grow as long as the water is cheap, reaching the capacity of your infrastructure, and the causing a crisis whenever there's a droubt.
People don't know how to be efficient at scale. Large complex problems could in principle be understood by a few experts, but they always become political problems. (ie, people must be socially, politically, or religiously attached to the right ideas rather than strictly convinced by detailed facts) Worse, people don't know how to maintain excess. People are a gas, and expand to fill the space they're in. If we had an abundance of water, all people would do is expand their water usage until that abundance is gone.
Do you understand how much more food we produce on roughly the same amount of land (globally) than we did 60 years ago? Claiming that we don't know how to be efficient at scale is absurd.
Now, it is true that these production levels are very dependent on a bunch of practices that are likely not sustainable, and that's a serious and pressing issue. But the problem is not efficiency.
Further, as others have noted here (and so have I), it is animal-based food production that uses so much of the water that we use, and that's a choice we've made (particularly in the USA). We could make different choices (and some of us have tried to).
The Great Lakes Compact prevents water from being pumped out of the Great Lakes water basin.
And as someone in that basin the people here would go to war before they allowed water to be pumped across the country to water arid farmland. Doubly so when the region already has trouble competing in agricultural markets against those arid farms due to their irresponcible farming practises.
Desalination plants with extensive water transportation pipe systems like we have for natural gas. We would need to solve the salt water dumping problem but that could just be accepting loss of natural diversity in the area around desalination plants or dumping further out in the open sea.
Talk to a civil engineer about the lead times, length, flow rate, and elevation changes you'd need - nope, zero chance of any project that expensive and long-duration ever becoming operational.
Talk to a political scientist about the voters and leaders at the water intake end - nope, "over our dead bodies".
Could America engineer an aquaduct from the great lakes to california?
Good luck with that: “we mismanaged our water supply, and now we are coming for yours.” That, and the number of agreements and treaties with Canada concerning the Great Lakes.
And that’s before we figure out how to efficiently pump water over two mountain ranges.
i am positive there's a bug in tahoe where the login screen passsword text input is waiting for something to settle in the background, either with my weird unicomp keyboard, a remap i do, or even the external monitors.
my password is always incorrect unless i count to about 20 or 30 seconds. once i have 'redocked' for the day, unlocking it subsequently doesnt have the requirement. but every dock insertion, it comes back.
ive got a desk full of octo coupler relays and an arduino learning kit and i'm using AI to goad me into making a cascading small motor starter thing with an air particulate sensor that's taking 180 days to show up from China, to automatically control my 6 small air scrubbers in my wood shop since i'm allergic to just about everything in there but love the hobby
reply