However, due to the adversarial nature of the judiciary system, opposition is required to set precedent. It'd be great if the overstepping didn't ever happen but we don't know what is overstepping until SCOTUS rules.
California and New York have played a pivotal role in defining the edges of the second amendment.
It is definitely worse. At leas a binary is constant, on your system, can be analyzed. Curl|sh can give you different responses than just curling. Far far worse
Only if you download an analyse it. You’re free to download the install script and analyze that too in the same way. The advantage that the script has is it’s human readable unlike the binary you’re about to execute blindly.
Your comment assumes the plugin is not working as they want it to. The way it is designed gets them the maximum amount of data. It does a great job if that is their goal.
Yes, I'm assuming good intentions and try to take a charitable perspective of everything, unless there is any specific evidence pointing to something else. Is there any evidence of this being intentional?
Seems to me their engineering practices such, rather than the company suddenly wanting to slurp up as much data as possible, if they truly wanted that, they have about 10 better approaches for it, if they don't care about other things.
Because I'm a nice person, and want to give other nice people the benefit of the doubt. And most businesses are run by people after all, not hard to imagine at least some of them would be "nice people" too.
And frankly, the alternative would be too mentally taxing. So in the camp of "Good until proven otherwise" is where I remain for now.
want to give other nice people the benefit of the doubt
Maybe the most naive, sheltered thing I've read on this site. If we were talking about an individual OSS maintainer, sure, that's possible. But large corporations have been doing the opposite for as long as they've existed and there's evidence presented to that fact nearly everyday.
> Maybe the most naive, sheltered thing I've read on this site
You must be new then, welcome :)
I'm not saying I never believe any individuals in a company intentionally do bad stuff, just that I require evidence of it being intention before I assume it to be intentional. Personally I don't think that's naive, and it is based on ~30-40 years of real world life experience, but I guess I'm ultimately happy that not everyone agrees on everything :)
Just came to say (since the person you’re responding to has a different view of the world) that I agree with you that this is both a more accurate, and easier way to live.
Assuming malice as the default sounds like a recipe for being very, very unhappy.
Thank you, it's really crazy to be see "it's sad that you want truth when ignorance makes me happy" being upvoted on this platform. I suppose it's par for the course on a VC forum..
> Is there any evidence of this being intentional?
The evidence is in the code! If you didn't intend for a capability to be there then why is it in the code?
> if they truly wanted that, they have about 10 better approaches for it, if they don't care about other things.
How so? What other approaches do they have that get this much data with little potential for reputational harm? This is a very common way to create plausible deniability ("we use it for improving our service, we don't know what we'll need so we just take everything and figure it out later") and then just revert the capability when people complain.
> The evidence is in the code! If you didn't intend for a capability to be there then why is it in the code?
Bugs happen. I won't claim to know if it was intentional or not, but usually it ends up not being intentional.
> How so? What other approaches do they have that get this much data
Just upload everything you find, as soon as you get invoked. Vercel has a tons of infrastructure and utilities they could execute this from, unless they care for reputational harm. Which I'm guessing they do, which makes it more likely to have been unintentional than intentional.
Downstream there is a post from one of the devs at Vercel (andrewqu) that built this. They say that this is by design. I think you should shift your base assumptions about the intentions of companies (and the individuals that work in them).
> Overall our goal isn't to only collect data, it's to make the Vercel plugin amazing for building and shipping everything.
> Is there any evidence of this being intentional?
A Vercel engineer commented "overall our goal isn't to only collect data, it's to make the Vercel plugin amazing for building and shipping everything."
> The plugin is always on, once installed on an agent harness. We do not want to limit to only detected Vecel project [...] We collect the native tool calls and bash commands [...] Overall our goal isn't to only collect data, it's to make the Vercel plugin amazing for building and shipping everything.
Yeah, I guess we've now reached the "unless there is any specific evidence pointing to something else" and seems like they straight up do not realize what people are frustrated about nor do they really care that much about it.
Slightly off-topic, but strange that the mask kind of fell off there at the end with "our goal isn't to only collect data", never heard anyone said that out loud in public before, I guess one point to Vercel for being honest about it :/
This person's distinction between "library" and "framework" is frankly insane.
React, which just is functions to make DOM trees and render them is a framework? There is a reason there are hundreds of actual frameworks that exist to make structure about using these functions.
At this point, he should stop using any high level language! Java/python are just a big frameworks calling his bytecode, what magical frameworks!
Yes, that's the point of freedom. People can carry devices that do things. If they break the law, that's another question, but everyone should be allowed to have computers that communicate that they can control
I don’t want someone to walk around, I don’t know, forcing all the phones around them in a 10m radius to blow up their batteries and hurt people.
Handheld radios, like my wireless tx/rx for lavaliers have to have their spectrums cleared by the FCC. As do most transmitting devices. There are baseline requirements before they can be sold/used.
I get often with these things if you give an inch they take a mile, but there have to be some foundational guardrails here IMO. You can’t just have a bunch of laws punishing people for behavior and no attempts at preventing it in the first place.
The ability to just transmit anything indiscriminately is just a dicey proposition to me. Like how we used to just allow a free for all with drones.
Can you show an example of a phone blowing up its battery with the potential to hurt people because of a harmful radio signal?
This seems like something the phone should be able to handle. People already have root access on devices with radio transmitters, they're called laptops. I don't recall many incidents of a malicious actor with a laptop forcing all the laptops around them to blow up and hurt their owners. If that were a reasonable possibility then they certainly wouldn't be allowed on planes.
Maybe I’m misunderstanding but the prior comment seemed to say “people should be able to transmit whatever they want, however they want, with whatever device they want.”
I imagine it’s not insanely difficult to get a phone to crank up voltage or something until the battery starts melting down. Maybe I’m letting sci-fi/thrillers pollute my sense of reality though
My point is that transmitting whatever you want doesn't mean the devices around you will "blow up", devices also have controls on how they receive radio transmissions.
A malicious transmitter could likely jam signals, but this is already illegal and that comment said "If they break the law, that's another question"
Your hypothetical doesn't make sense. People can already hack around with radios and transmit whatever they want, doing so doesn't result in devices around them blowing up or hurting people.
Malicious transmitters are illegal. There is liability for the person operating the malicious transmitter along with the sale, marketing, and manufacturing of the transmitter.
If the maker of a phone allowed a user to break the law by having the phone become a malicious transmitter and the phone maker didn't try everything in their capacity to prevent it, they'd be in trouble too.
Yes, you can hack your own. You can get a CB radio and boost its power by replacing parts of it. That's on you. If you were able to get a phone from a company that knowingly allowed you to install some software or do this "one silly trick" that allowed the phone to broadcast at 10x the power, you'd be in trouble - but so would the company that made the phone.
Sure, but we already have consumer devices with root access that have radio transmitters. Is this a common problem with laptops? Why would it be a larger problem with smartphones?
The amount of integration between the system and the wifi modem, the frequencies that it can broadcast on, and the regulations for that part of the spectrum.
You'd be quite challenged to make your wifi modem connect to an access point a few miles away. Phones do it all the time. A phone may be broadcasting with as low as a milliwatt when near a transmitter to a few watts when further away ( https://en.wikipedia.org/wiki/Wireless_device_radiation_and_... ). Wifi has a much smaller range of acceptable broadcast power available (and at the most powerful end of acceptable is less than a phone).
That's called a weapon (EMP discharge), and there's quite a lot of people in the US that are ready to defend even such devices. There's even a Constitutional article about it IIRC.
Why not? As we get pushed more into a corner on this obviously self evident logic chain. Many of us WILL NOT EVER comply with this absurd oppressive tyrannical control of computing and communication and information. We might as well embrace the same non arguments of the over the top second amendment people.
It's literally the silly meme. You will take my gun/GNU from my cold dead hands lol
If you're going to use the "ooh freedom is scary and dangerous" card then I'm allowed to play the "some freedoms are necessary to maintain a free society" card. If that was not your argument, feel free to clarify your position rather than dodge the question.
The risk is if you have unfettered control then it's easy to get tricked into installing malicious apps, and now my device is getting zero-day attacks over bluetooth or wifi from state actors using your phone.
Confused as to what you're asking for here. You want a robot acting out of spec, to not be treated as a robot acting out of spec, because you told it to?
How does this make you any different than the bad faith LLM actors they are trying to block?
robots.txt is for automated, headless crawlers, NOT user-initiated actions. If a human directly triggers the action, then robots.txt should not be followed.
But what action are you triggering that automatically follows invisible links? Especially those not meant to be followed with text saying not to follow them.
This is not banning you for following <h1><a>Today's Weather</a></h1>
If you are a robot that's so poorly coded that it is following links it clearly shouldn't that's are explicitly numerated as not to be followed, that's a problem. From an operator's perspective, how is this different than a case you described.
If a googler kicked off the googlebot manually from a session every morning, should they not respect robots.txt either?
I was responding to someone earlier saying a user agent should respect robots.txt. An LLM powered user-agent wouldn't follow links, invisible or not, because it's not crawling.
There's a fuzzy line between an agent analyzing the content of a single page I requested, and one making many page fetches on my behalf. I think it's fair to treat an agent that clicks an invisible link as a robot/crawler since that agent is causing more traffic than a regular user agent (browser).
Just trying to make the point that an LLM powered user agent fetching a single page at my request isn't a robot.
Well, sure, but this is a problem nearly as old as Go itself. I thought they were referring to larger more recent things, like how generics work, or something to that effect.
reply