>Q: Stealing is illegal, so why would anyone use a CRQC to steal Bitcoin?
I've had this thought for awhile actually: how would reproducing some random number be legally "stealing" under any legal system in the world? Putting aside that cryptocurrencies have always been about "code decides" etc, that they're outside of the legal system entirely, but I'm struggling to see where there's any actual property interest here. Randomly generated numbers are not protected by IP in any way. There's no computer fraud act angle or the like here, nobody would be having so much as the slightest interaction with anyone else's private system. They'd merely be taking publicly available unprotected numbers and doing some math on them with their own quantum computer. Somebody else who has something related to those numbers is never deprived of them or interacted with in the slightest. There is nothing resembling "hacking", no flaws in the software exploited, all just math there from the start.
I can understand how suddenly a lot of proponents might wish to cling to and push the idea that it's "illegal" or "stealing", but doesn't appear to be any meat on dem bones. Maybe they hope to generate support to get laws passed banning it, though hard to see that working out either. As a practical matter seems like they're just going to have to agree on a transition to new version using PQE algorithms and try to convert over before it's too late?
Isn't your bank balance in a bank database also "just a number"? That number still exists if it goes up or down.
I understand that the bank's ownership of its computer means that hacking into it could be seen as (for example) a trespass. However, what if you somehow persuaded a bank employee to change someone's balance? The bank employee has some kind of authority to do this and the result is once again "just a number".
OK, what if you display some fraudulent information somewhere that leads a bank employee to decide to update a balance?
I don't want to entirely dismiss your intuition because after all there is lots of interest in not relying on legal systems to adjudicate issues related to cryptocurrency transactions. However, changing numbers and causing people or devices to change numbers is not inherently categorically exempt from being considered fraudulent. For that matter, computer fraud laws are often explicitly written to apply to unauthorized alteration of data, not just to unauthorized access to a specific device.
You might try to defend this by saying
* the ownership of cryptocurrency assets is defined as the ability to transfer them, and should not be further or separately interpreted apart from that ability, or
* deceiving a protocol is less obviously wrongful (or at least harder to define) than deceiving a person, or
* computer crime should require undermining someone's intent about the use of devices or data and that intent should be clearly manifested and meaningful, which it arguably isn't in a cryptocurrency system, or
* offline institutions create some kind of intelligible notion of ownership that's related to the non-digital world and this kind of ownership is what laws about theft or fraud aim to protect rather than any other kind of ownership without that non-digital nexus. (although this doesn't seem to be empirically true as ownership of, for example, domain names has been recognized as a form of property by courts since at least Kremen v. Cohen in 2003, even though it is just a matter of a database entry and has no offline existence)
These are interesting conceptual possibilities, but not necessarily persuasive for courts, law enforcement, or cryptocurrency end users.
>Isn't your bank balance in a bank database also "just a number"?
Absolutely not, but also "yes, which means no". In the first case, a bank balance isn't "just" a number, it's a massively regulated and legally backed number with many layers of interlocking entities, both private and multiple layers of government, in charge of maintenance, auditing, insuring, and enforcing. There is no equivalency to cryptocurrency there, as has been regularly touted.
To the second, it could certainly be argued that a bank balance is indeed "just a number" and that's the point, what gives the number its value is all the infrastructure around it not anything intrinsic to the number itself. If someone finds out my bank balance in Account ABC is $42076 that might have privacy implications sure, but knowing that number gives you access to absolutely nothing of meaning. That's a completely different situation to one where independently finding a given number, which note you need not even have any idea who it belongs to, suddenly equates to ability to make use of that number in real world relevant ways by social consensus.
We're talking more the equivalent of Adam guessing a winning lottery ticket, and then hanging onto it hoping the value will go up and he can trade on the ticket or do other things with it while not actually cashing it in because it's so unlikely somebody else will guess the ticket. Maybe because the lotto ticket winners are published on a public ledger, and Adam doesn't want the notoriety, or at least not just yet. Then Bob does independently guess it, immediately turns it in, and now Adam's lotto ticket is worthless. Bob didn't steal anything from Adam. Whether what Bob did is ok or not depends on the rules of the game.
>I understand that the bank's ownership of its computer means that hacking into it could be seen as (for example) a trespass
Holy shit are you for real? COULD be seen? Yes hacking into a bank would absolutely mean felony prosecution on multiple counts if you were caught.
>However, what if you somehow persuaded a bank employee to change someone's balance?
They would be committing multiple felonies and you would be committing criminal conspiracy, inducement and so on depending on jurisdiction, and probably wire fraud and a bunch of other stuff if you do it remotely that are sorta gimmes for prosecutors.
>The bank employee has some kind of authority to do this and the result is once again "just a number".
The bank employee does not have legal authority to do this. Any technical authority they have is only within the auspices of the law, internal compliance controls and practices and on and on.
Anyway without going through your whole post you're doing a whole lot of false equivalency. Breaking into and modifying somebody else's systems is no small point, it's explicitly illegal under the CFA in the US and similar in the rest of the developed world. There's no such thing as legally "copying" money from an end owner perspective, even if internally to the global financial systems when it comes to fiat currencies from the Treasury & Fed or other national equivalents to banks and other governments and so on it gets more complicated. It's all meant to effectively be a digital version of actual old fashioned hard currency. Hence the entire core concept of theft: it applies to zero sum games, where one person getting more cash means another person now has less.
I'd welcome any actual specific laws on the books about cryptocurrency that contemplates what would happen if someone simply guesses a private key with no interaction with anyone else and then uses it on the network. But without that it's hard to see any existing precedent. On the contrary, cryptocurrency people have repeatedly pushed, and built into the core foundations, the notion of code being law, that possession of a private key is all that's needed and the rest is up to the network and you're supposed to be in charge of that (or someone else is on your behalf and that relationship can be subject to contracts).
> Holy shit are you for real? COULD be seen? Yes hacking into a bank would absolutely mean felony prosecution on multiple counts if you were caught.
I meant to refer specifically to the trespass theory (advocated about 25-30 years ago by some companies as a way to enforce terms of service) as a reason one might attempt to distinguish "changing a number on company X's computer" from "changing a number in a distributed database". That is, there might be legal theories that are more protective of individual companies' computers just because the physical computers belong to the companies as opposed to information-in-general.
However, other forms of computer crime law can protect information-in-general, regardless of where it's stored or by whom.
My point was that existing laws have been happy to punish changing numbers on computers based on the meanings that those numbers have to people, what people act as though those numbers represent. I believe some of these laws are drafted broadly enough that they already treat stealing cryptocurrency as illegal. Even if legislators didn't consciously regulate it this way, courts may conclude that concepts of fraud, property, conversion, etc., already apply to cryptocurrency systems, even if there isn't an obvious technical difference between a transfer intentionally authorized by a human owner and a transfer authorized as a result of fraud, hacking, bugs, etc.
I understand that in, say, Bitcoin, "ownership" of assets stored in a UTXO is implemented only as the ability to cause a transaction that consumes that UTXO, and that this ability doesn't refer to a person's name or identity, or to good or evil, or to the reason that someone caused such a transaction, or to how someone came to possess the necessary information to create it. The blockchain consensus is updated based on whether the transaction followed certain deterministic rules, and concepts like "the owner" do not in fact appear directly anywhere in those rules. However, this doesn't stop a court from saying that some such transactions represent fraud or conversion or something while others don't, even though the transactions in question were equally valid according to the blockchain consensus.
I understand that there's uncertainty and debate in the cryptocurrency world about how we should want legal systems to regulate or not regulate cryptocurrency, remedy or not remedy otherwise-wrongful actions committed via cryptocurrency systems, and enforce or not enforce agreements implemented in or through cryptocurrencies. I also think you're right to point out that there's an issue about whether the content or behavior of the code is, or is meant to be, the "entire agreement" among parties using it, or whether it just somehow reflects other kinds of relationships that are also partly enforced by legal systems.
I currently work on smart contracts for a living. I find the question of how legal systems should view them fascinating, and I don't have a clearly articulated position on it.
Cryptocurrency gains are taxable in many (most?) countries. Clearly the governments see cryptocurrency as something more than just random numbers without meaning.
Likewise, when government agencies shut down dark net markets (DNMs), they will seize the cryptocurrency funds that the DNM had (from market fees etc., or even funds that belonged to customers and were in escrow etc. by the DNM) if they can (i.e. if they get access to the private keys of DNM owned wallets either by technical means or by convincing the operators of the DNM to hand over the keys). Again because the governments view cryptocurrencies as something more than just random numbers without meaning.
Speaking of seized funds. Let’s say that a government agency had seized a significant amount of bitcoin from a DNM and was transferring those funds to wallets under government agency control. Along comes some guy with a quantum computer and takes those funds for himself. Is the government agency just going to throw its hands in the air and say “oh well, he guessed the random number, nothing more we can do!” No, I think not.
>Cryptocurrency gains are taxable in many (most?) countries.
So?
>Clearly the governments see cryptocurrency as something more than just random numbers without meaning.
Not really? It's the realized gains that get taxed. That's a completely generic feature of the tax system, the government doesn't give a shit (and shouldn't) what people decide has value in any given transaction. The only thing they care about is whether or not there was actual cash equivalent value exchange happening. Barter is always a potentially taxable event. The government makes no judgement on whether you do it with pretty river rocks or random numbers, they can assess the value of the exchange as if it was done with cash and tax that result.
Re: Seizure of everything related to an illegal operation: sure, they will take everything they can find regardless. They'd take a computer with a ~/.ssh full of random keys too. The data they seize might also have pirated movies/games/music. Some of the things might have "value" but that doesn't make them currency.
None of this implies the result you clearly wish it did.
>Is the government agency just going to throw its hands in the air and say “oh well, he guessed the random number, nothing more we can do!” No, I think not.
You "think not"? Why not? What laws do you think are being violated? There are lots of cases where the government will seize something that might at the time of the seizure be worth $X, and then legitimate activity happens elsewhere such that now it's worth $0.5X or whatever, and that's perfectly fine. The question hinges on whether the activities of other independent people/entities unrelated to the criminal entity that got seized are legitimate or not. It's not a matter of vibes. Like, imagine the government seizes a winning lotto ticket. And then before they can do anything with it somebody unconnected else goes into a convenience store and legitimately buys a ticket, guessing the number too. The value of what the government seized has just dropped. Would I expect the government to throw its hands in the air and say “oh well, he guessed the random number, nothing more we can do!”
Well, yes? That is indeed my expectation, within the rules of the game in question. If the lotto says "if you fail to claim your winning ticket within 1 week before someone else guesses it as well then too bad" or "well then you both split it 50/50" or whatever, yeah I'd expect the government to be held to the exact same standard as anyone else.
The best bet would be to factor satoshi's keys, and then publish them on something like OEIS for some novel-math reason, and let someone else steal them for you.
I can't imagine that getting laws passed is going to help. The government can't just order a bank to restore funds, the way they can with regular currency. They could try forcing the culprit to return them, but it seems unlikely for the culprit to be in your jurisdiction.
I suppose we could pass laws to prevent them from ever spending the money in a country that they can control. Even then, they'd have to find ways around the funds being "laundered" through mixers.
Yeah, sounds like it's time to take this very seriously. Sobering article to read, practical and to the point on risk posture. One brief paragraph though that I think deserves extra emphasis and I don't see in the comments here yet:
>In symmetric encryption, we don’t need to do anything, thankfully
This is valuable because it does offer a non-scalable but very important extra layer that a lot of us will be able to implement in a few important places today, or could have for awhile even. A lot of people and organizations here may have some critical systems where they can make a meat-space-man-power vs security trade by virtue of pre-shared keys and symmetric encryption instead of the more convenient and scalable normal pki. For me personally the big one is WireGuard, where as of a few years ago I've been able to switch the vast majority of key site-to-site VPNs to using PSKs. This of course requires out of band, ie, huffing it on over to every single site, and manually sharing every single profile via direct link in person vs conveniently deployable profiles. But for certain administrative capability where the magic circle in our case isn't very large this has been doable, and it gives some leeway there as any traffic being collected now or in the future will be worthless without actual direct hardware compromise.
That doesn't diminish the importance of PQE and industry action in the slightest and it can't scale to everything, but you may have software you're using capable of adding a symmetric layer today without any other updates. Might be worth considering as part of low hanging immediate fruit for critical stuff. And maybe in general depending on organization and threat posture might be worth imagining a worst-case scenario world where symmetric and OTP is all we have that's reliable over long time periods and how we'd deal with that. In principle sneakernetting around gigabytes or even terabytes of entropy securely and a hardware and software stack that automatically takes care of the rough edges should be doable but I don't know of any projects that have even started around that idea.
PQE is obviously the best outcome, we ""just"" switch albeit with a lot of increase compute and changed assumptions in protocols pain, but we're necessarily going to be leaning on a lot of new math and systems that won't have had the tires kicked nearly as long as all conventional ones have. I guess it's all feeling real now.
This may have been long discussed, but I feel like this war is the first time I've really thought hard about how big a target data centers would be in any sort of modern peer war and how that's an entirely new thing since the last time it was really on the radar (end of CW) right? We've built trillions and trillions of dollars in infrastructure in the peace time since, and it seems fairly concentrated. AWS is amongst the biggest there is, and according to mappers like [0] there are only around 240 operational total worldwide with another 130ish under construction. Like, in one respect that seems like a bunch, but vs the kind of attacks we see done in a matter of days in modern wars it's a pretty small number for the whole planet isn't it? In the first 24 hours of the war the US and Israel launched on Iran, they hit something like 1500-2000 targets. How hardened are the data centers? Are they in structures that handle some level of explosives? Do they have counter measures like internal blast walls dividing things into cells so a few hundred pounds of high explosive in one area doesn't damage outside the cell? I mean, of course like all data centers they'll have considered extensive countermeasures to fire, environmental threats, grid issues and so on. But has "nation-state level attack via mass drones or bombardment" been part of the threat model over the last few decades? Hardening of telecoms was certainly considered for old Ma Bell and such back in the CW days but that was a very different environment.
I guess it makes me think about what a soft underbelly this could be for a lot of modern society. There's always been consideration of threats to refineries and power stations and industrial production and all those big metal deals. But like, forget any sort of nuclear exchange, any sort of crazy super Starfish style big EMP, just purely a few thousand drones nailing data centers. Nobody even directly dies, just a lot of wrecked computers. What would be the cost of losing all the clouds and colo stuff? How long to replace, at what cost? How much depends on it?
Instead of targeting data center itself, it's far easier to target the electrical substation that powers the datacenter. It's relatively simple to do. Transformers require oil to cool themselves, and if the coolant reservoir is damaged, then they overheat and shut off. This exact infrastructure attack occurred in North Carolina in 2022 [0], where someone fired bullets into the coolant reservoirs and caused a several day power outage. The perpetrator was never caught. It's speculated a foreign actor did this to gauge the response in a future wartime scenario.
Most data centers have a dedicated electrical substation that powers it, so it's possible to target the data center without affecting anywhere else.
>Instead of targeting data centers, it's far easier to target the electrical substation that powers the datacenter
That has a lot of collateral damage that may or may not be desirable though. Simultaneously it might have quite a different long term effect right? If all the actual computers are unharmed they can be powered in other ways in an emergency, even if at much higher cost. Or powered back up later, the time lost might be militarily very significant but they're not gone.
But how many people and companies actually have full functional decentralized clones of all programs and data? How many people and companies have devices that are locked to remote hosts they expect to check in on at least once in awhile even if they're not "cloud dependent"? What if all that was literally gone, a few thousand missiles or drones and data centers are all just completely erased including tape backups, everything, suddenly we're in a world where all that compute and data is poof. And without hurting anything else, no traditional war crimes either, no power or direct food or transport disruptions. Everyone is fine and healthy, except with this huge societal exocortex gone.
Any cloud engineer worth their salt is going to have their programs be stateless and their data replicated across multiple data centers. Many cloud engineers are not worth their salt, but working in Big Tech, this has been table stakes for 20+ years. There are regular disaster drills, both scheduled and unscheduled, that test what happens when a datacenter disappears. Ideally everything transparently fails over, and most of the time, this is what happens.
The bigger problem is that a war is likely to hit multiple levels of infrastructure at the same time. So the datacenters will come under attack, but so will the fiber cables, and the switching apparatuses, and the power plants, and likely also the humans who maintain it all. High-availability software is usually designed for 1-2 components to fail at once and then to transparently route around them. If large chunks of the infrastructure all disappear at once, you can end up in some very weird cascading failure situations.
> Any cloud engineer worth their salt is going to have their programs be stateless and their data replicated across multiple data centers.
That doesn't help much in a shooting war, unfortunately.
Redundancy is great for uncorrelated outages - if a freak weather event or power problem knocks out data centres in London, and your backups in Paris and Frankfurt are unaffected.
But if there's a war and London is getting bombed? Good chance Paris and Frankfurt are also getting bombed.
It's not, unless you think part of the definition of "worth their salt" is never working for a company with bad resource allocation. And I don't see why it would be.
Not necessarily. Many backup generators can only run for whatever the insurance estimators have calculated is the time required to restore the grid connection and that's it. For example one common means of generating backup power is marine diesels, which are readily available. These use the ocean for cooling. If you're using them to power a data center you need to provide cooling water to run them, and when you've run through that they shut down. That's just one example, but in general you can't run backup generators indefinitely.
This is the same sinking realization people had after 9/11 when thinking about infrastructure. Just damaging one or two substations serving the downtown core of a major city could cause massive economic damage.
>1:45 a.m. – The first bank of transformers, riddled with bullet holes and having leaked 52,000 US gallons (200,000 L; 43,000 imp gal) of oil, overheated...
That wasn't thought to be due to a foreign actor though, more likely it was domestic terrorism. Why would the effect on a rural local power station ever be a good measure of a wartime scenario at all?
No, taking out the transformers, which can have lead times of three to five years, will result in the most long-term damage. You can't just pull one out of storage and drop it into place.
Ukraine has proven otherwise. A lot of European countries pulled them out of storage and gave to Ukraine. Of course there will be a limit to this if you destroy enough of them.
It’s far more difficult to replace a data center than to replace transformers. Ukraine’s electricity grid has been under attack for years and manages to replace and rebuild transformers and restore power within hours.
Right. The diesel generator radiators are also susceptible to the same attack. A few bullets to each radiator would cause a coolant leak, and eventually they'd run out of coolant, overheat, and shut off.
The gear to replace the power infra is more readily available than the thousands and thousands of miles of wire and fiber in a datacenter, plus all the equipment, batteries, inverter/chargers, maybe some diesel generators, etc.
If you want to do economic damage, you hit the datacenter.
If you want to turn the people of the country against you and mobilize them, then you hit the power infra.
In any significant war the Internet is going to go down. That's what has happened empirically in countries undergoing significant wars or social unrest, like Russia, Iran, Yemen, Ethiopia, Syria, Myanmar, and Afghanistan. While IP packet routing itself may have been designed to survive a nuclear war, there have been many centralized systems built on top of it (DNS? Edge caching? Cloudflare? Big Tech) that are essential to the functioning of what we know of as the Internet.
If your threat model includes war and you want to have some of the conveniences of the Internet, you should make plans for how to host local copies of data and develop local-scale communications for the people you regularly talk with. The Internet is too big of a security and propaganda risk for governments to allow it to continue to exist when they are engaged in a real existential war.
In the "end times" where computers stop working and we don't even have electricity, your dollars in your digital bank account will be equally useless, and dollar banknotes will be used as fire starter.
Bitcoin was never designed as a post-collapse currency.
Building blast resistant is a common practices for Refinery control rooms. The same methodologies can be employed for data centers as well.
1 blast can be expensively guarded againt. However designing anything above ground for sustained barges is practically/commercially prohibitive. Underground is only option.
PS: Civil Engineer. Designed few of those Gas explosion resistant control rooms.
> the first time I've really thought hard about how big a target data centers would be in any sort of modern peer war
Given the rapid and increasing rise of AI use in actually fighting wars, I suspect data centers won't just be a big target, they will eventually be the #1 priority target. Taking them offline won't just be of interest in terms of economic damage, it will be a direct strategic goal toward militarily winning the conflict.
Until it is clear that the use of AI in "actually fighting wars" doesn't put senior military people at risk of never being able to leave their own country again for fear of prosecution for war crimes, I'm not so sure that the "rapid and increasing rise" is going to actually be a thing.
> Until it is clear that the use of AI in "actually fighting wars" doesn't put senior military people at risk of never being able to leave their own country again for fear of prosecution for war crimes
I don't believe that's a real concern that the senior military people have anymore. War crimes are legal in 2026. That ship has sailed (and was double tap struck by the US Navy). Nobody is doing anything about it.
War crimes are unlikely to be prosecuted within the USA. On this we agree.
Which is why I specifically mentioned the risk of not being able to leave the country, because I'd be willing to wager a bit more than international prosecutions for war crimes are significantly more likely, and would be occuring in a world that is growing noticeably more "America needs to be taught a lesson" in spirit.
Primarily, countries should prosecute their own criminals. That's the whole sovereignty thing. If you don't, and these are international criminals, your country as a whole is what we call a state supporter of terrorism, or some such, if those international crimes have political goals and are directed against other countries and their people as a whole (and don't fit the high bar of self-defense). If the crimes are done by those in power, it's just state terrorism.
I'll rephrase my previous post for you, to make it clearer:
Lack of prosecution of high-level war criminals makes your country a state supporter of terrorism. (the claim in the post)
Because that's what US war criminal leaders do. They terrorize entire nation by threatening population's survival via destruction of all their power plants, which I assume includes nuclear fallout from their nuclear power plant.
War crimes have never been anything more than a way the west can punish its enemies. It’s hilarious people think this norm continuing is some refutation of the system as designed.
> War crimes have never been anything more than a way the west can punish its enemies.
They're the way winners can punish their enemies.
If Germany and Japan had won WWII, US/British/Russian military and political leaders absolutely would've been on trial.
At the same time, agreements between peer countries to follow basic rules have generally held. Note that neither side in the current conflict is using dirty bombs, or dropping nerve gas or bioweapons on civilians, etc.
> War crimes have never been anything more than a way the west can punish its enemies
That's a fair point, the major change isn't that we suddenly started committing war crimes, it is that we've dropped all pretenses of trying to justify why what we did isn't one.
Isn't that an improvement? It seems better to have people who are honest about what they're doing, even when committing war crimes. At least then people can have an honest conversation about whether the policy is working.
One of the most frustrating things about wars is people adopt policies that don't advance their objectives and then lie about what they're doing, what happened and why. This sets up an environment where militarys do things that aren't even in their own interests, let alone anyone else's, and the public discourse is busy arguing about some wild imaginary scenario that isn't related. Better to have people focused on the real world and accurately understanding both (1) what the policy was and (2) what the outcome of the policy was.
If I admit to killing someone in court, because I regret it, I acknowledge I have a debt to society I need to pay, and honesty is the first step on my route towards eventual reform - that's an improvement.
If I admit to killing someone because I want everyone to know I'm a tough, viscous killer and they'd better not piss me off or they'll be next - that's not an improvement.
You'd rather a vicious killer who pretended to be harmless and actively tried to fool you?
As to the behavior itself, I imagine the merits are heavily dependent on context. International politics depends to some extent on demonstrating a willingness and ability to engage in violence. That's not the whole story but it's definitely part of it.
Not really, IMO. Their goal isn't honesty and transparency, they just DGAF to hide it because they correctly realize there won't be any personal consequences for their actions.
They are still lying about most everything else - why the war was started, suppressing the amount of causalities, etc.
That would require a future president to choose to use the authorization.
President Davis The First isn't going to lift a finger to stop the ICC prosecuting former Secretary of Defense Hegseth, and, I suspect, neither would quite a few other potential future presidents.
Most of the world that did convert to Islam, did it out of pragmatism. That goes for Catholicism as well. Though a special part of my heart goes out to the pragmatic Quakers of the early US, who largely seem to have done it just to have a chance to thumb their nose at the government.
Ironically,the classical target, Washington DC, is less than 25 miles down a very simple highway to Northern Virginia's massive datacenter alley. Our national defense is ultimately predicated on heavy ordnance not being able to show up undetected in this part of the world. Hence the path preferred by attackers of burrowing into Azure signing keys or ransomware attacks on the grid. Much less hardware to transport.
While we're completely at the mercy of datacenters that we can colo out racks / power / upstreams from, it's a worthy discussion for any technology company that wants some amount of digital sovereignty over their presence online and ability to provide their service independent of a hypervisor / cloud provider (or even just a centralized location).
The best option is simply to anycast from any many distinct countries that are either neutral, or unlikely to be involved with any global or regional conflicts at any given time. You don't want them getting bombed at the same time!
Oracle are actually subletting part of Bynet's new-ish Har Hotzvim facility which has 2,400 racks but is probably power-constrained - I believe it had 16 MW when it went live, with passive provision for doubling that. Even if it's since been upgraded, that's still only 13 kW per rack which is pretty stingy these days.
As a very rough rule of thumb building down is about 4x more expensive than building up. So probably worth doing if you're Shin Bet (who I believe also have space in the same dc), but for the likes of Oracle it's only going to be used to serve clients with specific security requirements. Think of it as a halo project - more of a marketing exercise than something that's actually going to be used by the average customer.
The same goes for datacentres hosted in cold war bunkers etc - they always end up being too constrained in one way or another to be useful. The big facilities end up being built above ground and rely on geographic redundancy rather than trying to make themselves (literally) bomb-proof.
The way everything is so overleveraged on the success of these companies being packed into ETFs, it would probably take down the whole economy. You'd be able to shut down even more manufacturing without even destroying it just from economic forces. That is unless the US responds by nationalizing everything, which they won't. They'd rather it go to smithereens so someone has a chance to be made wildly rich rebuilding.
Communicating with submarines that are deep underwater is pretty hard. There are techniques like ELF (Extremely Low Frequency) but they require a small power station to transmit a few characters a minute.
Tangentially related but Iran wasn't much of a threat to the USA before Trump decided to attack it. And apart from Israel, nobody is backing this war. The sooner he realizes it makes zero sense, the better for the whole world. It seems that apart from Russia and the USA, other countries are not so eager to start wars. And what is happening now is a bitter lesson also for China: starting a war is easy, winning it is nearly impossible. So I hope we won't really start to build all infra in under-earth bunkers after all.
Then ask yourself why is the US so aggressively trying to switch the world to a martial stance.
It’s a rhetorical question, of course, because we all know it’s because China is winning the traditional economic game on the manufacturing the McKinsey and Bain class sold out for decades and therefore military will have to become the new leadership measuremen, only appreciating as an asset in a less safe dog eat dog world.
The Thiels and friends who came up with this shit of course have their own infrastructure in their end time bunkers, but however stupid this gambit sounds, it’s what’s being played right now.
Agreed that Govt/Military runs on AWS/Azure/whatever. They care about "security" in a "virtual" sense, but I presume soon we'll see requirements like: "Must Have: Missile Defence Perimeter" next to the "Must be FIPS compliant".
Sovereignty and self-sufficiency are big topics. The US centric cloud at least is killing itself through geopolitical risks for gov customers outside the US. Literally number one operational risk now.
But aren't they pretty hard to hide? I mean, they cover a lot of grounds, they have lots of infrastructure leading right to them...even if someone makes a few wrong guesses, it's going to be easy to find where the data centers are.
>Disclaimer: Please be aware that Amazon Web Services does not list its data center locations publicly. Hence all AWS listings in our database are based on publicly available information from third parties, open databases, property registries, construction applications, permits, tenders, news coverage and our custom research. There may be incorrect or outdated locations, as well as locations missing.
>We've built trillions and trillions of dollars in infrastructure in the peace time since, and it seems fairly concentrated.
and thus is easily defended. It would be a pocket change - tens of millions - for AMZN to put say a Rheinmetall Skyshield https://en.wikipedia.org/wiki/Skyshield at the data center.
Considering how hard US military bases and radar systems have been hit (and those are not city-sized target) I am unconvinced that even AMZN's pocket change could realiably protect against the kind of attacks we see in this war
How they were hit? Multiple drones overwhelming relatively small number of air defense systems. Systems like Patriot are great against several very capable targets like ballistic missiles. Such (expensive centralized) systems do much worse against multiple widespread targets like an armada of low flying low speed drones (add to that low speed cut-off filter to avoid hitting general aviation and the likes).
Heck, even just soldiers with MANPADs would have easily shot down those drones (you just have to distribute those soldiers to all those strategic objects which hasn't been done)
We have classic situation here - everybody have been watching Ukraine war for 4 years, yet nobody has prepared for such style of war.
>I am unconvinced that even AMZN's pocket change could realiably protect against the kind of attacks we see in this war
No even low flying slow drone - pretty typical situation of top Russian cruise missile shot down by Gepard
Also AMZN has its own drones dept - in "hot" zones in "hot" times they can put several people with drones (in the high speed configuration) to be used for interception. This is basically how Ukranians have been doing, and that is an experience they are now exporting to the Gulf states.
>if you dont colo your own servers you don't own anything.
I'm confused, what does ownership have to do with this particular failure mode? The issue here is a (for many) unforeseen new tradeoff involved in centralization. Colocating at a central place has the exact same tradeoff in this case: bandwidth is vastly more available and cheaper towards the core, and there are significant amortization gains to be had with a lot of basic shared infra. But it's also one big structure holding a lot of computers and infra everyone is depending on, that's the whole point of it! We're all sharing network backbone and power filtering/redundancy and so on and so forth, vs paying for that separately. That means a missile or drone or bomb hit to the building still hits all of us whether we own the servers there or we're running workloads on someone else's servers.
The only responses are either central counter measures or decentralization. Both have significant costs and complexity, that's why it wasn't just done proactively right?
I don't think it is. There are many many cases where you do want to own them.
The people you rent yours from are making a shit load of money so it doesn't sound that bad of an idea
I buy lots of things from people who make a pile of money from low margin goods/services sheerly on scale. There are many things i could not reproduce more cheaply from constituent parts, even if i value my time at $0.
This has been submitted already over the past few days, but it didn't get traction and I think it's important enough to be worth another spin. Apple has relented and made 18.7.7, the latest security patch series for iOS 18, available to all iOS 18 capable models, not merely the limited number that were dropped for iOS 26 support. So if you (like me) had just grimly determined to skip 26 and hope to be ok until 27 being hopefully better, there is now a better option. If you did one of the 26 nag avoidance tricks and joined the iOS 18 beta channel you will need to turn that off for the 18.7.7 update to show up, and you'll have to scroll past the big prominent iOS 26 update notice to find it below as a smaller Also Available.
One thing of somewhat interesting note: as far as I can find they didn't release any standalone signed IPSW file for most devices like they universally have in general, only for a few old ones. Perhaps because if there is an actively signed IPSW they don't have infra in place to prevent people from downgrading back to iOS 18 from 26? So update has to be done from on the device not via Finder or iMazing or the like.
Do you have any opinions on how this works vs doing iSCSI to some other storage system using ZFS? That's how I've been handling Proxmox on the backend, and have mixed feelings. The GUI leaves a very great deal to be desired in honestly curious ways, have to touch the CLI a lot even for super basic networking or auth stuff, and of course neither side has the same insight to the data structures in question. Either you've got to do ZVOL instances and thus manual effort or scripting, or you give Proxmox a single big blob then let it manage that with LVM but that means the storage side can't give any granular help on snapshots and the like. It still can deal with data integrity and backups and storage redundancy and all that but no further, and some increased overhead. But on the other hand, I do feel like a really firm separation of concerns isn't without value. Having native support though is an interesting alternative I hadn't really considered.
Too late to edit, but just as a note for anyone else who gets confused by my post: I was not paying careful enough attention and missed/misread the "backups" bit in the parent post, completely my fault. As far as I can tell from reading through the (quite pleasant!) documentation [0], Sylve does not (at least for now) support any sort of network storage for direct use as the VM backing store, though as it is FreeBSD underneath it's presumably doable to get something going from the command line. I'd thought they'd somehow managed to set something up so you could directly use another ZFS system via SSH as the primary backing store with management which would be pretty awesome. It still looks like a beautiful design, but since I'm pretty invested right now in separating out storage into its own hardware vs where compute happens it'd be hard to setup nodes as AIO for the near future at least here.
Still an awesome project to learn about and I hope it's successful.
It's funny, I love how FreeBSD manages iSCSI even though I have only used it a few times, I put it in my to-do list but never really got around to writing a UI for it. Come next release (v0.3.0) I will definitely integrate it because as your put it's quite necessary to have that as a way to isolate storage from the main system.
Not sure you'll see this so late but just wanted to say I really appreciate the reply and learning about this project. I've been working to switch myself and various places away from perpetual ESXi licenses as it finally starts really getting old, and while I'm thankful Proxmox exists I've always loved FreeBSD (was kinda bummed when TrueNAS moved from it) and Proxmox can be irksome. Even at such an early stage Sylve already looks like it's clicking nicely. Excited to see next release and what comes in the future.
It's pretty wild to me that in both the article (written by Eric Berger, who really knows his stuff and did two fantastic books on the history of SpaceX and the rise of new space) and the first 31 comments made here on HN as I write this that a Find for one word has zero results: "starship". That's the overwhelming behemoth elephant in the room. For the purposes of launching/building a space station, it doesn't matter if Starship can't reenter, or refueling doesn't work or any of the other hard problems. It just needs to get to orbit. Which it has proven it can. And that means that any space station developed using anything before that will be rapidly completely obsolete from a commercial perspective. Starship will just offer so much more volume and mass for the same cost or less. NASA may want very hard to hit their 2030 deadline, but the technology may simply not line up to do it on the budget they want and desired partner concerns, same as how the retirement of the Space Shuttle didn't line up with American private launch (though of course in the end that has made it and been a big win). No company that actually wants to make money is going to risk billions on something that somebody else can lap them on by an order of magnitude in a few years or less.
I suspect that of "continuous presence in low orbit", "longer term new capabilities", "in budget", and "commercially successful" NASA is going to be forced to pick one or two and that's what they're resisting. Rushing things along almost always costs a lot of money and features. If you want to hit a budget and features then you have to be willing to wait for the various bits to line up and preferably spend some time experimenting and exploring new capabilities and strategies before big hardware commitments. There's a lot of moving parts here to think through. This would all be true even if that was NASA's only concern, vs going to the Moon and all the normal and importance science and so on they're getting pushed on.
I think even experts like Eric are now being conservative on Starship because the program is genuinely in a tough spot.
For most satellites/space stations, you need a proper payload deployment mechanism. The pez dispenser mechanism was chosen because opening the entire payload bay and closing it back up for reentry is a tough problem. For now it has been put aside to focus on the goals for Artemis, but that also means not being able to launch stuff other than Starlink.
Starship is currently still stuck in development hell, Musk is already backing off from his Mars plans, SpaceX is moving to distractions and going public (something they previously claimed would not be done).
To me, these moves do not suggest confidence in Starship's ability to live up to its advertised capabilities.
The Starship is also built to house astronauts for longish trips. It’s not a stretch to think of it as a larger Skylab station. If the can figure out how to attach six or eight of them in a ring with bridges and spin, they could have the artificial gravity station that’s been the stuff of science fiction (and the movie The Martian)
I don't think Starship has gotten to orbit yet. It's gotten to altitude but not speed. That's a very big deal, because slowing down from that speed is a massive challenge unto itself.
Orbit is scheduled for the test after next, if all goes well.
They don't really need Starship just for orbit. They've already got ships that get to the ISS and back. They really do need to get Starship to orbit or their plans really will be hosed.
>I don't think Starship has gotten to orbit yet. It's gotten to altitude but not speed.
I'm honestly kinda curious how you came to this thinking after watching the launches, like the last Flight 11 [0]? They have the velocity listed at all times right there in the bottom corner. It's peaking over 7.4 km/s, seems pretty clear they were stopping just barely short and maintaining a ballistic path on purpose exactly as they said they would in the flight plan they filed ahead of time with the FAA for deorbit safety purposes, not because they couldn't have technically squeezed out another few hundred m/s and different trajectory if that was the goal. It's a hardware rich program, and their testing sequence has been reasonably careful about controlling the space of out of bounds scenarios (on the scale of rocketry). What has lead you to believe that they can do 7.4+ km/s with Raptor 2 and Block 2 but v3 won't be able to do ~7.8 (or that they couldn't have done it with v2 for that matter)?
They've pretty clearly demonstrated the ability to get to orbit but have, quite reasonably, not actually put the thing into orbit. Given the size of the rocket they've been needing to demonstrate things like the relight for control after achieving orbit and have prioritized other issues like figuring out reentry.
So yes, you are literally correct in that they haven't put one in orbit, but it's more out of caution than capability. What they've only demonstrated in the most recent tests is that they have good reason to believe to believe that they can deorbit in a controlled fashion. But... now they've upgraded everything: raptor 3, booster v3, starship v3. Those need to prove out those capabilities again.
So I wouldn't be surprised if they continue the suborbital program for the next 3 or 4 tests. Given all the redesign, they aren't exactly at the beginning, but they have to show that they haven't broken what they previously fixed.
AFAIK they are just cutting the engines off some seconds before they would achieve full orbit, and they have already demonstrated deorbut burns. So I don't think a proper orbit will be a big hurdle for SpaceX.
I'm not sure I agree that any single fixed term makes sense. Rather, I think it'd be better if the exponential cost to society (in terms of works that don't happen, and works that don't happen based on those works that didn't happen and so on compounding) was just part of the yearly renewal price. Do maybe everyone gets 7 years flat to start with, then it costs $100*1.3^(year). So after another 25 years it'd be around $70.5k renewal. At 50 years it'd be $50 million. At 75 years it'd be $35 billion. Fixed amount and exponential can of course be shifted around here but the idea would be to encourage creators to use works hard and if they couldn't make it work not sit on them but release them. Once in awhile something would be such a big hit it'd be worth keeping a long time, and that's ok, but society gets its due too. And most works would be allowed to lapse as they stopped being worth it.
Another alternative/additional approach would be to split up the nature of copyright, vs an all or nothing total monopoly. Let there be 7-10 years of total copyright, then another 7-14 years where no exclusivity of where it's sold or DRM is allowed, then 7/14/21 years where royalties can still be had but licensing is mandatory at FRAND rates, then finally some period of "creditright" where the creator has no control or licensing, but if they wish can still require any derivative works to give them a spot in the credits.
I think there is a lot of unexplored territory for IP, and wish the conversations were less binary.
I still believe IP shouldn’t be protected by courts unless property taxes are paid on it. The IP holder should declare its taxable value, and that value should be its declared value in an infringement lawsuit. Oh, you said that movie was worth $1 for tax purposes? Now you can’t sue for more than $1 if someone copies it. You want to sue for $1B in damages? Ok, but plan on paying taxes on $1B.
I think that's a horrible idea. There's zero benefit to society in letting corporations like Disney that can afford to pay keep works out of the public domain longer than others.
Wouldn't it result in additional tax revenue while preventing Disney's movies from proliferating throughout society unimpeded?
In all honesty, I really think you should think this idea through. Compared to the status quo, where we get zero tax revenue from intellectual property, this system would guarantee an expiration based on commercial viability. It couldn't sustain forever because the scale would always accelerate at a rate faster than any economy could sustain it. But it would have this additional benefit in that the more some intellectual property becomes commercially sustainable, the more revenue society can collect.
How does that even begin to approach horrible when it's magnitudes more equitable than the status quo?
> Wouldn't it result in additional tax revenue while preventing Disney's movies from proliferating throughout society unimpeded?
I mean they already pay taxes (allegedly). When artists create good works that become popular the state also gets sales taxes from the consumer side as money changes hands in exchange for the work. If we just wanted money we'd be better served by getting rid of the loopholes and tax games the wealthy can take advantage of to avoid paying their share.
I'm pretty adverse to the idea of codifying a system where people with vast sums of money can pay for extra rights under the law. If anything we should offer more support to small artists and not turn them into an underclass, but at a minimum we should enforce an even playing field. It's a bit twisted to call a "rights for those who can pay" system "equitable"
Remember that the goal here is to end rent seeking, not allow it but only for the wealthy for as long as it's profitable for them. If the tax is high enough to stop the bad behavior we might as well have just banned it in the first place because if it isn't high enough to stop it, then the tax just becomes another cost of doing business and that's ignoring the fact that more tax money doesn't nessesarily benefit society to the extent that it should. Far too many tax dollars end up in the pockets of private corporations seeking profits (although that's a different problem)
The fact is that our economy and our culture will both benefit by works entering the public domain as that allows new creators to build on and explore those ideas which means more people being hired to work on those new projects, more products for consumers to purchase from retailers, and more taxes going to the government from a wider variety of sources which is itself a very good thing since mega-corps with monopolies on our culture and the tax revenue those cultural works generate can give those corporations a greater influence over government.
i understand your logic , but there's a problem with that assertion.
the thought is that the copyright value accrued out of some accident and thus, the owner does not deserve its value . That thinking is flawed. If anything, the copyright owner contributed to the equity accrued to the copyright. They should be able to pay the high price to keep adding value to it. This does not discriminate. IN fact, i would say the opposite, what you are proposing, feels like stealing.
If i dump millions into developing a copyrighted work, why could any random artist with nothing to lose be able to exploit the work by paying a small/no fee? This seems incredibly unfair. Do you agree?
> the thought is that the copyright value accrued out of some accident and thus, the owner does not deserve its value .
The owner deserves to make as much money from their product as they can, but they should only be able to exclusively profit from that work in any form for 10 years. That's entirely fair.
Copyright isn't the natural order of things. It's an extraordinary restriction on our freedoms. If I hear a song, there's no kind of natural law making it wrong for me to sing it while out in public the next day. There's nothing morally wrong with that either. It's a massive imposition for the government to tell a free person that they can't share certain stories with others.
For almost all of human history copyright did not exist. The stories that were told, and which became foundational to all stories being told today, were not protected by copyright. People who heard those stories just retold the ones they liked again and again making whatever changes they felt like making and the most popular versions of those stories spread and gained a foothold on the culture. That is the natural order.
The reason copyright law was created was not so that people can profit for as long as possible by restricting everyone else's ability to retell stories or sing the songs they've heard. It was created to promote the creation of new creative works. That aim can be easily accomplished in a single decade.
Locking up vast amounts of our culture behind copyright for ~100 years or more is what sounds like theft to me. Not only are copyright terms of that length excessive, but they are so prohibitively excessive that they actually hinder the creation of new creative works as well as the ability for people to profit from those newly created works.
For example, consider the problems encountered trying to make and sell Sita Sings the Blues (https://en.wikipedia.org/wiki/Sita_Sings_The_Blues). The artist behind that project went to extreme efforts to put her work out into the universe. It's easy to see how many others in her situation would have been forced to give up or could become disheartened enough to abandon the project after realizing that there could be no monetary profit in it.
When a work enters the public domain that doesn't even mean that the original author or previous owner of a copyright can't continue to make profit on that work. It just means that other people can build off of that work and/or can publish/sell/distribute that work to others. That's perfectly fair too. I've personally paid for works that were in the public domain on multiple occasions.
You are conflating copyright with free expression.
That's not correct and the law is clear on this respect. No one has standing to sue you if you decide to sing in public a Michael Jackson song. However, the moment you start selling tickets to the presentation, that's something entirely different.
You are literally leveraging the fact that someone put that song on the map. You didn't create it. You didn't promote it. You didn't do anything, in fact, except try to profit from it.
Libertarians still believe in property rights. Property can be tangible or intangible.
The point can easily be made with a simple peek into history. No one that recorded anything intangible, like a song, was selling it to others for commercial use because they didn't understand that intangible they had just created had value, but the moment they did, morally, they felt it was wrong and sought the courts for redress. There are examples in history:
In fact, the oldest documented examples of creators pushing back against unauthorized copying predate any formal copyright laws by centuries anda few stretch back to over a millennium! [1] [2]
Why is this important ? Because the oppression you mention of freedom, in order to happen, must be codified by government. If you have this issue going so far back in time, when government hadn't codified anything, its a clear indication that the issue trascends code and goes to the heart of what is moral and inmoral.
This debate of whether you own an idea, trascended the codification of the idea in government "repressing your freedoms" . The fact of the matter is, we believe strongly in freedom, as long as it doesn't transgress the freedoms of others. This is key. In this case, the freedom to reap the rewards of your hard work should not be infringed by the work of another. You are not more important than someone else. This is a basic tenet of liberty
> You are conflating copyright with free expression.
No, copyright is a direct infringement on free expression. We've just tolerated it because the trade off was worth it. Not worth it because people would get rich and that was import to us. Worth it because having a chance to make money on a creative work encourages the creation of more creative works and having more creative works was important to us.
I'm sure that there were many times in history when someone came up with a good story and got mad that somebody else told a version of that story that others liked better. Not only is the ability to share stories more important than that one guy's feelings, but the result is better stories for everybody. Once people starting selling their creative works and it became easier to copy them we agreed that it was important that people had an opportunity to make money off their efforts so we'd have more works and that's where we started limiting people's freedom. When those limits are reasonable, it's a good deal. A balance where briefly people wouldn't be able to copy someone's work so they had a chance to make money and then later everybody could do whatever they wanted with it.
Recently the media industry has bribed their way into making the restrictions increasingly unreasonable, but we still want people to be able to have a chance to make money on their work so we just need to readjust to something more like what copyright started out as and less like what it's become.
> No one has standing to sue you if you decide to sing in public a Michael Jackson song.
Performance rights were what kept restaurants from singing happy birthday to their customers or paying Warner/Chappell for the privilege until a lawsuit clarified that they didn't have the rights to the song in the first place. By that point they'd already collected 50,000,000 in license fees though because performance rights are real and enforceable.
Realistically, nobody is going to sue you for singing a copyrighted song in public around others, but they could and there's a decent chance you'd lose that legal battle. Similarly, many small businesses will have a radio on or a CD playing that their customers can hear. They can be sued for that as well. Enforcement in that setting is rare enough though that small players take their chances, but big companies with fat wallets are prime targets for lawsuits so they tend to have a licensed solution to avoid massive fines.
> Disney are able to pay that amount because their IP is still generating massive income.
That's entirely irrelevant though. The point of copyright isn't to protect income. The point is to encourage the creation of new works. Disney doesn't need 100+ years of exclusive profits on something to encourage them to create new works. Nobody does.
I'd even argue that the more popular a work is the more important it is that it enter the public domain sooner rather than later. The less cultural relevancy something has when it enters the public domain the less likely it will inspire new works to be created.
With respect - copyright's protection of income is the point
That's, by design, the tool used to encourage people to invest their time into producing works.
We would not be having this conversation at all if people weren't able to make money of these works - there'd be no point to copyright at all if there wasn't money to be made (by the artists) and the reproduction of their works wasn't restricting their ability to generate that income (for themselves, or their agents).
I want to emphasise that I am not arguing in favour of the system, only how and why it works this way.
> That's, by design, the tool used to encourage people to invest their time into producing works.
The tool used was control over distribution. If income was the point copyright law could just hand tax payer money over to anyone who created something. That'd guarantee income instead of the system we have which allows artists to invest in the creation of a work and still never make a dime on it. Ultimately though, I do see your point and I agree that making it possible to earn enough money to justify the creation, publishing, and distribution of a creative work was a large part of the intention along with the establishment of the public domain.
I probably should have phrased that as "The point of copyright isn't to protect income until the work is no longer highly profitable"
Another thing that doesn't get brought up enough: Copyright is not really needed to encourage creation.
Suppose Copyright as a concept was overturned and no longer existed. Would Disney just say "Well, it was a great run, but we're going to close up shop and no longer create works." Would an independent artist who needs to paint something decide not to just because it couldn't be copyright?
"The creation of new works" doesn't need to be encouraged. It's the default. Cavemen still carved on cave walls without copyright.
You're absolutely right that artists can't stop themselves from creating, but I think that a reasonable amount of protection still does encourage more works.
Many works require a good deal of investment and time and if people had little to no chance of making money or breaking even on that investment a lot of works wouldn't get made.
Another nice aspect of copyright law is that it establishes where a work originated. Authorship gets lost in a lot of the things we treat as if they don't have copyrights. For example memes, or the way every MP3 of a parody song on P2P platforms ended up listing Weird Al as the artist regardless of his involvement. It also happens in cases where copyright really doesn't exist like with recipes and as a result we don't really know who first came up with many of the foods we love. A very limited copyright term would more firmly establish who we should thank for the things we enjoy.
IMO, copyright is something that should be shorter the bigger the media producer is.
The reason we need a copyright in the first place is to stop someone like disney just vacuuming up popular works and republishing them because they have the money to do it.
Disney, however, doesn't need almost any copyright to still encourage them to make new products. They'll do that regardless.
For an individual author, copyright should basically be for their lifetime. If they sell it, the copyright should only last 5 years after that.
A company like disney should get copyrights for like 1 year.
But also the type of media matters. IMO, news outlets and journalists should get copyrights for 1 day max. Old news is almost worthless and it's in the public interest that news be generally accessible and recordable.
Disney didn't invent (e.g.) Beauty and the Beast. They took an idea and a story in the public domain and retold it. Then they claim ownership of that and sue anyone who uses the same character(s) for the next 75+ years.
This is not "encouraging creation". This is strip-mining our shared culture.
So yeah, agree 100% that this kind of corporate theft needs to be stopped. I can't see that happening in the face of all the money though.
With an increasing cost for age, they would eventually be paying an absurd amount for content of decreasing value. Either they end up funding the government massively, or they decide to drop commercially irrelevant copyright.
How does getting tons of money from Disney into a government's tax coffers not benefit society? That's money that the government wouldn't need to directly collect from citizens other ways.
Money going to the government in the form of taxes doesn't necessarily result in a benefit to society at all, let alone one that justifies keeping people from being able to access and expand on their own culture while also killing off all the economic and culture benefits new works would bring.
If Disney had to pay the federal government a few billion each to keep absolute control over their oldest works, every year, no tax games, that would be pretty great for society. But it's also probably true that the tax games would indeed ensue. Something something low trust, we can't have nice things.
How about something like IP as a tax? IE: if you make profit off of it, then it cranks up. There's plenty of music artists who's song blow up a decade or more later.
I want to be super clear that I'm not proposing some finalized plan or numbers here, it'd need some real work spent hashing it all out. Mainly though I hope people will consider more the huge space of untapped approaches to balancing various benefits and costs towards a better societal outcome. And that maybe that helps a little in getting us out of some of the present seemingly intractable boxes we so often seem stuck in?
Your tax idea could certainly be another useful tool. My main immediate thought/caution would be:
>IE: if you make profit off of it, then it cranks up. There's plenty of music artists who's song blow up a decade or more later.
As we have endless examples of, "profit" and even "revenue" can be subject to a lot of manipulation/fudging given the right incentives. I also think that part of the cost I describe is objective: whether it takes off right away or takes off after a decade, as long as it's under full copyright it's imposing a cost on society the whole time. Also other stuff like risk of it getting lost/destroyed. So I do think there needs to be some counter to that in the system, sitting on something, even if it makes no money, shouldn't be free.
But the graduated approach might help with this too, and again they could be mixed and matched. It could be 1001.3^n to keep full copyright, but only 501.2^n to maintain "licenseright", 25*1.15^n for "FRANDright", and free for the remaining period of "creditright". Or whatever, play around with numbers and consider different outcomes. But feels like there's room for improvement over the present state of affairs.
When old art gets a revival like that it's usually because the work is being reused (e.g. song used in an ad, Tv show, movie), something that costs time and money to license when done legally. How many artists lost their chances because navigating copyright is tedious and expensive?
That's how you end up with "Hollywood accounting" where movies that gross over 100M dollars still show as a "loss" for tax purposes via creative accounting methods.
>I think I like the idea, but I can't help wondering if it would have unforeseen consequences.
As I said in a sibling comment, quickie comments on HN should be taken more as mental stimulation and kickoff points for further discussion as opposed to "final bill that has been revised in committee and is going to the floor for a full vote". The details of implementation are certainly critical, and not trivial either! I'm fully in support of thinking through various use cases. But part of why I'm interested in alternate approaches is that they might give us finer grained tools.
>Could this approach undermine the protections afforded by open-source licenses? (IANAL.)
I have actually considered that as well but didn't add it into a quickie comment. If we take the second path of approaches I listed there, then thinking about it all open source software would fall under a special even more permissive class of the tier 3, in that it already has "fair, reasonable and non-discriminatory" licensing for all right? Except that it's also free. The motivation here is the "advancement of the useful arts & sciences" and the public good, so having it be explicit that "if you're releasing under an open source license and thus giving up your standard first, second, and part of your third period of IP rights and monopoly, you're excluded from needing to pay a license fee because you've already enable the public to make derivative works for free for decades when they wouldn't otherwise anyway."
All that said, I'll also ask fwiw if it'd even be that big a deal given the pace of development? I do think it'd be both ideal and justified if OSS had a longer period for free, that's still a square deal to the public IMO. But like, even if an OSS work went out protection (and keep in mind that a motivated community that could raise even a few thousand dollars would be able to just pay for an extra decade no problem, the cost doesn't really ramp up for awhile [which might itself be considered a flaw?]) after 10 years, how much is it worth it that 2016 era OSS (and no changes since remember, it's a constantly rolling window) now could have proprietary works be worth it against 10 year old proprietary software all getting pushed into the public domain far faster? That's worth some contemplation. Maybe requiring that source/assets be provided to the Library of Congress or something and is released at the same time the work loses copyright would be a good balance, having all that available for down the road would be a huge win vs what we've seen up until now.
> quickie comments on HN should be taken more as mental stimulation and kickoff points for further discussion
Agreed, and my comment was aimed at exactly that. :)
An example of my concern: What would happen to GPL-licensed software if the copyright expired quickly? Would that allow someone to include it in a proprietary product and (after the short copyright term ended) deny users the freedoms that the GPL is supposed to guarantee? I think those freedoms remain important for much longer than 10 years.
> (and no changes since remember, it's a constantly rolling window)
Do you mean that the copyright term countdown would reset whenever the author makes changes to their work? (I'm not sure if this is the case today.) If so, couldn't someone simply use an earlier version in their proprietary product in order to escape GPL obligations early?
> "if you're releasing under an open source license and thus giving up your standard first, second, and part of your third period of IP rights and monopoly, you're excluded from needing to pay a license fee because you've already enable the public to make derivative works for free for decades when they wouldn't otherwise anyway."
Yes, I think this makes sense. Thanks for sharing your thoughts.
> quickie comments on HN should be taken more as mental stimulation and kickoff points for further discussion
Indeed.
Setting aside variable details like time frames and cost structures which can be debated separately, what I found interesting about your suggestion is it's a mechanism to create an escalating incentive for copyright holders to relinquish copyrights even sooner than the standard copyright period. Currently, no matter what the term length, it costs nothing to sit on a copyright until it expires - so everyone does - even if they never do anything with the copyright. And the copyright exists even if the company goes bankrupt or the copyright holder dies. Thus we end up with zombie copyrights which keep lurking in the dark for works which are almost certainly abandon-ware or orphan-ware simply because our current system defaults to one-and-done granting of "life of the inventor + 70 years" for everything.
Obviously, we should dramatically shorten the standard copyright length but no matter what we shorten it to (10, 15, 20 yrs etc) we should consider requiring some recurring renewal before expiration as a separate idea. Even if it's just paying a small processing fee and sending in simple DIY form, it sets the do-nothing-default to "auto-expire" for things the inventor doesn't care about (and may even have forgotten about). That's a net benefit to society we should evaluate separately from debates about term lengths.
I see your suggestion about automatically escalating the cost of recurring renewal as another separate layer worth considering on its own merits. My guess would be just requiring any recurring renewal would cause around half of all copyrights to auto-expire before reaching their full term - even if the renewal stayed $10. The idea of having recurring renewal costs escalate, regardless of when the escalation kicks in, or how much it escalates, is a mechanism which could achieve even more net positive societal benefits by increasing the incentive to relinquish copyrights sooner.
An adversarial approach would also be interesting: People could open positions of "I would buy a right to use this copyright for $XYZ if it was released today"
So the copyright holder would have the option to EITHER cashout at any point (and consider the work/invested effort paid) OR counter-bid the sum of everyone to keep it.
Not sure about the implications, but it would encourage the most (economically) productive route
I'm a big proponent of compulsory licensing, which could certainly be limited to renewals so that creative control is still granted for some amount of time.
No, the problem with this is that a lot of IPs aren't profitable in their initial years, and this pretty strictly encourages property-holding as a business. That's exactly the wrong kind of revenue generation that copyright is supposed to be encouraging. It's empty rent-seeking.
Further, I think that the premise is flawed. Rather than being more protected by being profitable, a work should be less protected the more it has profited the owners. If you can make $50 million profit as an individual from your creative work that took 5 years to produce, then you're done. Dozens of lifetimes of wealth for 5 years of work? No, that's more than enough. You don't deserve more money for that. You have been suitably encouraged. The trouble with that idea is that "creative accounting" is too easy, so that won't really work, either.
I think it should match patent law. 20 years, and that's it. After that, if you want to keep making profit, you need to make something new. Because that's what it's supposed to do: let you make a living if you're able, and encourage you to keep working to create more.
Yep, I've been proposing a similar system literally for decades now in online discussions like this. If you dig through Slashdot posts from 20 years ago, you might find something from me saying something similar.
It makes sense too: some things just aren't very profitable, and some are. If it's really worth it to the creator, they can pay for it. If they want to keep it locked up for 75 years, they better be prepared to pay very handsomely.
One problem I see with this system is: how does someone know if what they're trying to copy is protected by copyright or not? The government would have to maintain a public database to query. Another possible problem is the Berne convention, which harmonizes copyright across countries.
This could lead to a broader culture, because the most popular works would get long copyright protection terms, while the relatively unpopular ones would get short protection terms. People would be more likely to use those unpopular works and perhaps breathe new life into them.
Eg imagine if this is how the system worked right now. You could have streamers watch unpopular (modern) movies with their audience. Or a youtuber could read a book to their viewers (listeners). And it wouldn't have to be content that's 100+ years out of date.
You could also make it so that when the copyright protection first expires then a percentage of the income earned through the use of the work gets paid to the author for some number of years. Eg you're free to use the work, but you've got to pay some percentage of the revenue to the author for 10 years.
>Most Europeans don't live in single family homes for this to be a practical advantage.
Uh, where are you getting that from? From what I can tell at sources like [0] "most" Europeans overall (though with very significant country variance) do live in detached or semi-detached housing. Most also own it. Further, even for those in flats the higher voltage EU's grid runs at still means easier higher kilowatts at parking lot or garage chargers, so it's still an advantage anyway?
>If it's really as bad as all that, they'll patch existing older releases.
They have patched existing releases of iOS 18... but then they artificially restricted those patches only to a couple of phone models that don't support iOS 26. So if you're on a vaguely modern iDevice and are still on 18 because you don't want the new UI and other fuckups you are not allowed to install the patched 18. It'd be one thing if you had a phone that simply never supported iOS 18 at all, or if Apple wasn't patching iOS 18 at all for anyone, but that they've gone to the effort to fix it but then also used it as another lever for force upgrades is really sucky.
To be fair, it would cost them more to fully test the iOS 18 patches on all devices, than what it cost them to test a few devices. So I wouldn't quite call it artificially holding the patches back. But yeah, it is probably mostly motivated by avoiding bad PR of letting slightly-older devices get hacked, and then forcing everyone else to be on the new release. (FWIW I'm running iOS 18 on an iPhone SE 2020, so probably going to have to embrace all the change and bugs in iOS 26.)
>Is it “you are not allowed,” or Cupertino isn’t going to bother developing and testing?
It is very firmly "you are not allowed". In fact you're not even allowed to switch back to iOS 18 at all. Only actively signed iOS IPSWs can be installed (barring historical cases where someone had saved signing tickets). You can see the current status at sites like https://ipsw.me and if you're on any iOS 26 supported iDevice currently only 26.3.1 is signed. The last iOS 18 version was 18.6.2 from August of last year. If you go back to the iPhone XS/XR, you'll see they're still updating iOS 18, with 18.7.6 released two weeks ago (March 4), but they've chosen to force anyone who wants security updates to move to iOS 26 instead.
The rollback provisions, granted. But I’m arguing the other stuff requires QC attention Apple may not want to provide to a legacy line. That isn’t not allowing something that can be done. It’s not building something they don’t want to.
>But I’m arguing the other stuff requires QC attention Apple may not want to provide to a legacy line.
Oh come on. This is HN, we know how development works, how modular an OS, how the patch process works and what that entails for testing in an incredibly restricted and limited hardware base. We know they have no issue doing retroactive updates for quite awhile on the same code base for Macs, which have enormously more hardware variance then iDevices. These are extremely high profit margin premium products. You really don't need to carry water for the multi-trillion dollar megacorp with absolute wide eyed credulity.
And on other systems, even if it wasn't supported, it'd be perfectly possible for hardware owners to patch various components or implement workarounds. It's only on iOS that Apple is utilizing technical controls to stop that dead.
>That isn’t not allowing something that can be done.
Yes, it is. They are 100% using their technical controls built into the underlying hardware and then on up for not allow something that can be done. They could trivially allow hardware owners, even if only as a buy-time option, to have the ability to add their own certificates to the iOS root of trust, and in turn install and modify any software they wished on their own to the extent of their abilities. Apple wouldn't have to do anything except not exert maximal artificial control.
They don't do that. They have the power. It's their responsibility in turn. It's pretty irritating anyone who has been around the block as much as you have would try to white wash that. FFS.
I've had this thought for awhile actually: how would reproducing some random number be legally "stealing" under any legal system in the world? Putting aside that cryptocurrencies have always been about "code decides" etc, that they're outside of the legal system entirely, but I'm struggling to see where there's any actual property interest here. Randomly generated numbers are not protected by IP in any way. There's no computer fraud act angle or the like here, nobody would be having so much as the slightest interaction with anyone else's private system. They'd merely be taking publicly available unprotected numbers and doing some math on them with their own quantum computer. Somebody else who has something related to those numbers is never deprived of them or interacted with in the slightest. There is nothing resembling "hacking", no flaws in the software exploited, all just math there from the start.
I can understand how suddenly a lot of proponents might wish to cling to and push the idea that it's "illegal" or "stealing", but doesn't appear to be any meat on dem bones. Maybe they hope to generate support to get laws passed banning it, though hard to see that working out either. As a practical matter seems like they're just going to have to agree on a transition to new version using PQE algorithms and try to convert over before it's too late?
reply