Hacker News, Distilled

Meta’s refusal and what it signals

• Many see Meta’s refusal as a heuristic that the code is probably good; others warn this is just bias and insist on reading the text first.
• Meta frames the Code as “growth‑stunting overreach” that will throttle frontier models and EU startups; critics see this as lobbying spin from a company with a long history of privacy abuses.
• Some argue Meta has also contributed positively via open‑source AI and tooling, so its position can’t be dismissed outright.

OpenAI contrast and “regulation as moat”

• OpenAI has committed to signing and is portrayed as very pro‑regulation, partly due to deep government and military ties.
• Several commenters think the biggest incumbent backing regulation is classic “pull up the ladder” behavior, using compliance cost as a moat.
• Others simply don’t trust OpenAI’s public commitments, citing previous reversals on openness.

Copyright, training data, and responsibility

• Strong focus on Chapter 2: copyright and training.
• US: recent pretrial rulings treat training on copyrighted text as fair use, but that is contested and may be appealed; acquisition (piracy vs bulk buying/scanning) is still a separate legal issue.
• EU: no broad “fair use”; member states have narrower exceptions and different doctrines.
• The Code/Act:
  • Allows training on copyrighted works (with opt‑outs) but expects “reasonable measures” to avoid infringing outputs and overfitting.
  • Suggests providers prohibit infringing use in T&Cs or, for open models, warn about it in documentation.
  • Debate over whether holding model providers partly responsible for downstream misuse is workable, especially for open source.

EU regulation, GDPR, and cookies as precedent

• One camp: the Code is onerous, technocratic, and written by people who don’t understand AI; likely to entrench incumbents and lawyers, as with GDPR.
• Other camp: most provisions are “common sense” (transparency, safety, user choice) and needed because large firms won’t self‑police.
• Cookie banners are a huge flashpoint:
  • Critics say they show EU’s failure to foresee real‑world behavior, leading to dark‑pattern consent theatre with little real privacy gain.
  • Defenders blame companies and ad networks for malicious compliance; argue GDPR enabled data‑access/deletion rights and could work if enforced properly and if sites stopped unnecessary tracking.

Innovation, competitiveness, and “keeping up”

• Concern that threshold‑based rules (e.g., model scale) will freeze EU startups below those levels while US/China firms race ahead, then enter Europe with stronger products and big legal budgets.
• Others reply that slightly weaker or slower models are acceptable if that buys more accountability and reduces power concentration.
• Some fear Europe is repeating a pattern: heavy regulation, weak local champions, dependence on US/Chinese tech; others welcome fines and constraints on foreign megacorps even if it means fewer domestic giants.

Voluntary Code of Practice vs future law

• The Code is described as a voluntary, EU‑endorsed self‑regulation step ahead of binding rules.
• Skeptics call it empty virtue signaling that only PR‑sensitive players will follow.
• Supporters say it’s a sandbox: lets companies trial obligations, refine them based on reality, and avoid a sudden cliff when they become hard law.

AI risk, timing, and philosophy of regulation

• One side: early AI regulation is premature and likely to misfire; regulators rarely predict markets correctly and often protect entrenched interests.
• Other side: waiting until harms fully materialize (pricing discrimination, autonomous weapons, mass surveillance, job displacement) is too late; the whole point is to shape the market now.
• Broader tension runs through the thread: trust in democratic regulation vs fear of bureaucratic overreach and Europe “self‑sabotaging” its tech future.

Incident and Impact

• Three AUR packages — librewolf-fix-bin, firefox-patch-bin, zen-browser-patched-bin — were found to contain a remote access trojan (RAT) that gives full control of the machine to the attacker.
• Packages existed only a few days before removal; they were new, not compromises of the popular librewolf-bin or zen-browser-bin.
• Several comments argue that with a RAT there is no reliable cleanup: the only safe response is to assume total compromise, take machines offline, back up data, and fully reinstall.

Information Gap and Indicators of Compromise

• Some participants criticize the advisory for not listing technical indicators (files, startup entries, etc.) that would help users check systems.
• Others counter that Arch’s priority is rapid notification; a full malware analysis is unrealistic, and a RAT may leave few or no consistent traces, especially if payloads are dumped to /tmp and cleaned up or actions vary per host.

How the Attack Worked

• The AUR PKGBUILDs pulled code from a GitHub repo; a Python script downloaded a binary payload later uploaded to VirusTotal.
• One package declared provides=('firefox'), so many existing packages that depend on firefox appeared as “dependents”, likely to increase visibility.
• At least one Reddit post promoted the malicious zen-browser-patched-bin as a “great find”, suggesting deliberate social engineering.

AUR Trust Model and User Responsibility

• Repeated emphasis that AUR is explicitly “untrusted user content”: anyone can upload, packages are not vetted, and users are expected to read PKGBUILDs before building.
• Arch’s official tools (pacman) do not interact with AUR; third‑party “helpers” (yay, paru, etc.) simply automate fetching PKGBUILDs and usually show PKGBUILD/diffs before building.
• Disagreement over real‑world behavior: some claim most Arch users install from AUR “without a second thought”; others dispute this and view AUR use as inherently “at your own risk”.

Proposals for Better Safeguards

• Suggestions: tools to print all URLs in PKGBUILDs, highlight diffs on update, or summarize new commits to make manual review easier. Helpers already do some of this; printing URLs is seen as a useful extra.
• Proposals to integrate LLMs for malware review are widely rejected as impractical (high false positives, easy to game).
• VirusTotal integration into pacman -U is proposed; pushback focuses on privacy, limited usefulness against new malware, high API load, and conflict with Arch’s ethos of minimalism and user control.

Broader Reflections

• Several note that similar risks exist in other ecosystems (Fedora COPR, Plasma widget store, npm, etc.).
• Some express nervousness and plan audits of third‑party repos; others frame the quick detection (within ~2 days) as evidence the AUR community is actively policing new uploads.

Lock-in: formats vs people and organizations

• One view: Microsoft doesn’t “lock in” users; organizations do, by standardizing on Office formats and tools because of convenience and network effects.
• Others counter that this is exactly what “lock-in” is: schools and workplaces send files only reliably readable with Microsoft Office, forcing recipients onto Windows/Office or VMs.
• Some argue that today the real lock-in is the wider ecosystem (Teams, Outlook, SharePoint, OneDrive, collaboration features), not just the file formats.

Microsoft strategy and intent

• Several comments see OOXML and similar moves as a continuation of a long-term strategy: proprietary tech, embrace–extend–extinguish, buying and killing competitors, sabotaging open standards.
• Others say this is over-ascribing malice: Office’s formats are a byproduct of decades of features, backward-compatibility hacks, and internal chaos. Even Microsoft engineers reportedly hate dealing with it.

OOXML complexity and interoperability

• People who’ve worked with OOXML describe it as essentially a serialization of Office’s internals, including quirky flags like “behave like Word 95/WordPerfect,” making full reimplementation very hard.
• The standard is seen as cryptic, inconsistently documented, and entangled with legacy behavior, forcing reverse engineering of old Word versions.
• Some report that even different Word versions can’t always open each other’s docs correctly; LibreOffice sometimes handles certain old files better than modern Word.

Comparison to PDF and other formats

• PDF is generally viewed as far more interoperable: many tools can read/generate it, the spec is relatively clean for rendering, though editing is painful and many real-world PDFs are non-conforming.
• Alternatives suggested: Markdown + pandoc, Asciidoc, HTML, CSV; critics reply these are too primitive or require substantial tooling and expertise to match Office’s capabilities.

LibreOffice vs Office vs Google Docs

• LibreOffice is praised for doing a surprisingly good job with Office formats, but PowerPoint compatibility and polish are recurring pain points.
• A major criticism: lack of a first-class, Google-Docs-style web collaboration experience. Collabora/online solutions exist but are described as clunky and resource-heavy.
• Many organizations now standardize on either Office 365 or Google Workspace, with PDF for interchange; in that world, some argue strict file-format openness “matters less” than collaboration.

Relevance and framing of the complaint

• Some see LibreOffice’s blog post as rehashing a 20-year-old fight about OOXML; others argue it’s still relevant because those decisions continue to hinder user freedom and FOSS adoption.
• A side thread criticizes sensationalist headlines using words like “slams” as clickbait that add heat but little light.

Perceived Quality: U.S. Grads vs H‑1B Workers

• Some hiring managers report that domestic candidates consistently outperform most H‑1B applicants, describing many H‑1B resumes as formulaic, with high levels of fraud and “body shop” churn.
• Others argue the H‑1B pool is a superset that includes many elite grads (e.g., top U.S. and foreign universities), so it’s unsurprising that some are world‑class.
• There’s confusion over what “American CS grads” means: many H‑1B holders earned U.S. degrees and would be counted in both groups.

University Incentives and Foreign Students

• Several comments note that international students often pay higher tuition and effectively subsidize domestic students, especially as public funding has declined.
• Some see the large foreign share of elite university enrollment (~40% in some places) as evidence that citizens are being neglected.
• Others say attracting global talent to U.S. universities has been core to U.S. technological and geopolitical strength.

Wage Suppression, Exploitation, and Ethnic Bias

• Many see H‑1B as de facto indentured servitude: tied to one employer, afraid to quit, easier to overwork, and often used to undercut domestic wages.
• Examples are given of substantial pay gaps between visa and citizen workers in similar roles; others counter with personal data showing H‑1Bs being paid above market and cite prevailing‑wage rules.
• Commenters highlight consulting “mills,” templated resumes, fraudulent interviews, and claims of managers preferring co‑nationals, leading to monoculture teams.
• Debate persists over whether big tech itself is abusing the system or mainly outsourcing firms are.

Impact on Domestic Careers and Labor Markets

• Multiple posters say there was never a real shortage of trainable Americans; companies just avoid training and prefer “plug‑and‑play” hires.
• Concerns: entry‑level roles have dried up, mid‑career hiring dominates, and older engineers (50+) are being pushed out, breaking the junior‑to‑senior pipeline.
• Some report CS/CE grads facing above‑average unemployment recently; others insist tech genuinely had shortages up to ~2021 and that many H‑1Bs are in more specialized or senior roles.

Program Structure, Data, and Backlogs

• Several note the statutory cap on new H‑1Bs (65k + 20k master’s) hasn’t changed; the chart’s growth mostly reflects renewals and long green‑card backlogs (especially for India and China).
• Some call the chart misleading for implying more inflow rather than slower naturalization; others say it fairly shows the growing H‑1B population.
• Commenters point out large numbers of foreign tech workers also arrive via other programs (e.g., OPT), further affecting the market.

Policy Proposals and Reforms

• Suggested reforms include:
  • Rank H‑1B applications by total compensation and require guaranteed multi‑year pay.
  • Allow only occupations with rising wages and employment to use H‑1Bs.
  • Tie caps to sector‑specific unemployment; pause or cut H‑1Bs when tech unemployment is high.
  • Impose high, wage‑indexed application fees and grant immediate green cards with full job mobility.
  • Mandate H‑1B salaries significantly above median to eliminate cost arbitrage.
  • Crack down on “H‑1B mills,” tighten wage definitions, and improve enforcement using tax data.
  • Prioritize U.S. university graduates and possibly add country‑level caps or adjustments.

Broader Political and Ethical Framing

• One camp prioritizes national economic strength and innovation, even if some citizens’ incomes suffer.
• Another insists the nation’s purpose is to advance its citizens’ well‑being; using immigration to hold down wages is seen as corrupt and destabilizing.
• Several note that broader public sympathy for displaced tech workers is low, despite years of “STEM push” rhetoric.

Credit card control and lack of alternatives

• Commenters describe Visa and Mastercard as a de facto global duopoly: processors must follow their rules or face higher “risk” fees or disconnection.
• Even if a processor is willing, the schemes’ own “restricted lists” around adult content dominate.
• Regional systems (JCB, UnionPay, Pix, Interac, UPI, Wero, etc.) exist but don’t substitute globally for Visa/MC, so large platforms like Steam have little leverage.
• Several people note: if Valve kept any targeted titles, it risked losing card payments for all of Steam.

Fraud/chargebacks vs moral crusade

• One camp claims porn and gambling are high‑chargeback, high‑fraud categories; card brands simply don’t want that risk.
• Others strongly doubt this explains Steam: generic “STEAM” descriptors, generous refunds, and harsh penalties for chargebacks should keep rates low.
• Selective targeting of specific porn subgenres (incest, rape, child‑abuse themes) and not all adult games is cited as evidence it’s about “brand safety” and moral pressure, not pure risk.
• Prior crackdowns on Pornhub, OnlyFans, guns, cannabis, and other controversial but legal sectors via banks and card networks are invoked as precedent.

Nature of the banned content and censorship line‑drawing

• The removed titles are described as incest/non‑con/“lolicon‑ish” visual novels and similar low‑effort porn games. Some say Valve never should have listed them.
• Others stress “fiction is not real” and worry about a slippery slope: today fringe porn; tomorrow LGBTQ content, “problematic” kink, or simply any explicit sex.
• Repeated contrast: graphic murder and torture in mainstream games and TV are fine to monetize; explicit sex, especially taboo themes, triggers financial deplatforming.

Valve’s role vs infrastructure power

• Some argue Valve used card pressure as cover to do long‑overdue curation of shovelware without openly owning the decision.
• Others see Valve as constrained: payment networks now function like unregulated utilities that can silently decide which legal content and businesses survive.
• There’s disagreement over whether private intermediaries should have a moral veto, or whether only democratically enacted law should define what’s off‑limits.

Proposed solutions and their limits

• Regulatory ideas: treat card networks as common carriers/financial utilities; enforce payment neutrality for all legal commerce; apply antitrust and anti‑cartel law.
• Technical workarounds suggested: crypto or stablecoins, Steam wallet/points, a separate adult storefront, direct bank rails (ACH/SEPA/FedNow/UPI).
• Many note practical barriers: user friction, on‑ramps that still depend on Visa/MC, KYC and AML rules, and lack of mass demand.

Broader worries

• Widespread concern about a “choke point” model where governments and activist groups achieve censorship indirectly by leaning on financial and infrastructure chokepoints.
• Several connect this to the decline of cash and fear a future where access to payment rails — and thus to speech and livelihood — depends on opaque moral standards set by a handful of firms.

Core thesis and its limits

• Article’s claim: in the long run, permissive code wins because corporations will rewrite around GPL; GPL projects get sidelined.
• Many agree this matches recent trends in popular stacks (MIT/Apache everywhere, GPL largely in niches or “enthusiast” projects).
• Others say this is overstated or outdated: several big GPL projects (Linux, Git, Blender, Krita, QGIS, MySQL, etc.) remain central.

Corporate behavior and incentives

• Permissive licenses lower legal friction, so large firms ban GPL entirely to avoid “license contamination” of proprietary code.
• Economic argument: upstreaming patches once is usually cheaper than maintaining a private fork, so permissive projects often get substantial corporate contributions.
• Counterpoint: when modifications are strategically valuable, companies will keep them private regardless of license, or rewrite from scratch if GPL-encumbered.

User vs developer freedom, and “fairness”

• One camp: GPL centers user freedom and creates a “ratchet” that prevents proprietary capture, even if that annoys proprietary developers.
• Another camp: most users care more about convenience and quality than license fairness; they’ll pick the best product, even if proprietary.
• Some argue rewriting GPL code just to avoid sharing is wasted human effort; others see making bad actors “pay the full cost” as a feature.

Examples and case studies

• GCC vs LLVM/Clang and EDG cited both as evidence that permissive code can displace proprietary, and that corporate-funded permissive projects can overshadow GPL alternatives.
• Linux vs BSD: some see this as GPL’s triumph; others attribute it to historical timing and network effects more than license.
• Web engines: permissive+weak-copyleft engines (Chromium/WebKit/Gecko) and the demise of proprietary engines (IE, EdgeHTML) are seen as supporting the article’s “complexity economics” story.

MPL/LGPL as middle ground

• Multiple commenters highlight MPL/LGPL as a practical compromise: code remains open, but they don’t force entire downstream applications to be copyleft.
• Browser engines and some libraries (Qt, GEOS, Servo) are used as evidence that weak copyleft may have the best long-term “survival characteristics”.

Cloud, relicensing, and AI

• Redis, Elasticsearch, Terraform: permissive cores later relicensed to “source available” to fight cloud providers; community permissive forks (e.g., Valkey) then emerge.
• Some see this as evidence permissive licensing invites corporate capture; others note the open forks remain viable.
• A few argue AI makes all licenses weaker by making “clean-room” rewrites cheap, shifting the freedom battle from source code to model weights.

Executive Power, Courts, and Eroding Checks

• Many see ICE’s access as part of a broader executive “power grab,” enabled by decades of expanding presidential authority (Cold War, post‑9/11, Nixon/Reagan precedents).
• Several comments argue Congress has largely ceded power; budget increases and new authorities turn ICE into a de‑facto domestic security force.
• Sharp disagreement over the Supreme Court: some say it is a partisan tool enabling executive lawlessness (e.g., immunity, blocking Biden’s loan relief); others reply that the core problem is bad statutes, not the Court, whose job is to apply existing law.

Non‑Citizens, Constitutional Rights, and Due Process

• Multiple commenters insist most constitutional protections apply to “persons,” not just citizens; others point to laws like the Privacy Act and Patriot Act that explicitly limit protections.
• There is detailed discussion of “expedited removal”: originally narrow, then progressively expanded, cited as a textbook slippery slope once due process is denied to any category.
• Some warn that once the state can deport people without meaningful process, it can misclassify even citizens; others counter that courts and evidentiary standards still exist.

Why ICE Wants Medicaid Data & HIPAA Questions

• Confusion arises because Medicaid is generally for citizens/permanent residents. Participants note:
  • “Qualified non‑citizens,” emergency Medicaid, and state‑funded expansions (e.g., for undocumented children, pregnant people, full coverage in some states).
  • Use cases: identifying undocumented enrollees, relatives of citizen children on Medicaid, or cross‑state inconsistencies and fraud.
• HIPAA’s law‑enforcement carve‑outs are cited as the legal hook; critics say this shows how weak those protections are when “administrative requests” suffice.

Databases, Surveillance, and Historical Echoes

• Strong concern that any centralized list (health, immigration, etc.) will be repurposed—today for immigrants, tomorrow for the poor, dissenters, or minorities.
• Comparisons are made to WWII internment and Gestapo/Stasi‑style list‑building and “disappearances,” with some warning this is a first run at secret police.
• Others argue LE access to data is long‑standing (e.g., used against CSAM) and not unique to this administration, though abuse risk is widely acknowledged.

Partisan Blame and “Both Sides”

• Some frame this as uniquely driven by current GOP leadership and an explicitly nativist agenda; others emphasize bipartisan responsibility for building the tools.
• There is recurring tension between “both parties are the same” cynicism and pushback that current deportation plans and rhetoric mark a qualitative escalation.

Work authorization & visa pathways

• For remote work outside the U.S., no U.S. work authorization is needed even if the employer is American.
• For coming to the U.S., options discussed:
  • O‑1 for “extraordinary ability” (no degree required; criteria-based, not pure “genius”). Cost estimates in the thread range roughly $5–15k, not $100k.
  • H‑1B is easier substantively but constrained by the annual lottery; cap‑exempt roles at universities and research orgs (e.g. Fermilab, NASA) bypass the lottery.
  • Citizenship-specific visas: E‑3 (Australians), TN (Canadians/Mexicans), and others (Chile, Singapore) seen as relatively easy if you have an offer.
  • L‑1 is straightforward via large multinationals after a year abroad; harder but possible for smaller firms.
  • E‑2/E‑1 treaty visas let founders and same‑nationality employees run/build businesses in the U.S.

Green cards, EB categories, and timelines

• EB‑2 NIW is now backlogged and, in practice, closer in difficulty to EB‑1A; several commenters/answers recommend EB‑1A as the better high‑achiever route.
• Country of birth, not citizenship, drives EB‑2/EB‑3 queue length; India/China face long waits.
• Approved I‑140s generally lock in a priority date after 180 days, even if the employer withdraws.
• H‑1B holders with approved I‑140s can get extensions beyond the 6‑year limit; NIW approval can enable 3‑year extensions.
• PERM processing is slow but not reportedly more denial‑prone right now; batching recruitment and premium processing can shave some time.

YC and accelerators

• Attending an accelerator is framed as business activity, not “work,” so B‑1 status is usually appropriate; B‑2 (tourist) is not.
• Participation can strengthen an O‑1 case but can’t reliably be treated as a qualifying “award” or “membership.”

Enforcement climate, rights, and travel

• Multiple threads express anxiety about ICE, DHS “revisiting” past green card/citizenship approvals, and denaturalization rhetoric.
• Advice: carry proof of status (green card or passport+I‑94), know your rights (ACLU resources cited), and have an immigration attorney’s contact.
• Law technically requires green card holders to carry the card at all times; many don’t, accepting the small legal risk vs. loss/replacement hassle.
• Some report CBP inspecting devices and social media for green card holders; isolated examples of detention are mentioned.
• For long stays abroad, reentry permits can protect green card status for years; the 6‑month rule mainly affects naturalization “continuous residence,” not mere LPR validity.

O‑1 criteria and perceived abuse

• Clarified that O‑1 has A and B subcategories (science/business vs arts/entertainment); entertainers and media figures can qualify.
• Debate over whether certain podcasters or models should get “extraordinary ability” visas; others counter that the statute explicitly covers such fields and aims to attract high‑impact talent, not only scientists/engineers.
• Founders can sometimes meet the “high salary or other remuneration” test using equity valued by arm’s‑length fundraising.
• Premium processing can significantly reduce O‑1 adjudication delays.

Policy, ethics, and labor-market tensions

• One thread argues H‑1B and other worker programs displace U.S. CS grads; others push back that the comparison mixes entry‑level and senior/specialized roles and that foreign grads face their own structural disadvantages (OPT limits, E‑Verify constraints, high costs).
• Some commenters criticize “visa as a service” startups and VC behavior as skirting or commoditizing immigration rules.
• A long political subthread links current immigration crackdowns and denaturalization talk to broader anti‑democratic or “tech bro” political projects; others emphasize still supporting high‑skill immigration while being concerned about citizens’ rights.

Status complications & edge cases

• Examples discussed: running a startup on H‑1B (nuanced; often requires concurrent H‑1B), transitioning from TPS or J‑1 to F‑1/O‑1, TN for software engineers with CS degrees (some recent CBP friction but still being approved), and green‑card holders living abroad as digital nomads.
• General pattern: many scenarios are fact‑specific, with repeated advice to get individualized legal consultations rather than rely solely on forum guidance.

Scope and Title Framing

• Several comments challenge the HN post title; they stress the article concerns ~3,500 people in 16 villages, not “all French villages.”
• Discussion on wording: “these French villages” or “some/16 French villages” is seen as clearer and less sensational.

Source and Extent of Contamination

• Article excerpt: authorities currently suspect PFAS came from paper mill sludge used as fertilizer near water catchments.
• Some argue using industrial byproducts as fertilizer is “greedy and stupid”; others respond that circular use of waste is often reasonable, but only if toxicity is properly assessed.
• Multiple commenters note similar PFAS sludge/fertilizer scandals in Germany, Maine (US), and elsewhere.
• Contamination pathways via PFAS‑treated paper, packaging, lubricants, toilet paper, and firefighting foams are discussed; exact contributions in this French case remain unclear.

Health Risk, Responsibility, and Systemic Issues

• Authorities claim no statistical evidence yet of adverse health outcomes in the affected villages, but commenters are skeptical and emphasize long‑term, poorly quantified risks.
• PFAS and microplastics are framed as the “environmental sin” of this era, comparable to PCBs.
• Debate over blame:
  • Some highlight corporate greed, regulatory failure, and debt‑driven finance.
  • Others stress human nature, poverty, and global consumption patterns.
• A minority cautions against pure catastrophism, noting that earlier pollutants (e.g., coal, plastics) also brought large health and welfare gains.

Filtration and Individual Mitigation

• Links and discussion indicate:
  • Under‑sink and multistage reverse osmosis (RO) systems can remove PFAS effectively.
  • Pitcher and simple carbon filters show inconsistent PFAS removal; some whole‑house systems may even increase PFAS levels.
• Concerns raised about:
  • RO waste‑water ratios and impracticality for all household uses.
  • Possible microplastic shedding from RO membranes, partially mitigated by post‑carbon stages.
  • Disagreement over whether demineralized/acidic RO water is harmful; evidence is contested.
• One commenter describes achieving <1 ppt at home via self‑installed filtration and doubts governments will fund large‑scale remediation promptly.

Regulation, Monitoring, and Alternatives

• Some praise French monitoring and notification, and wonder how many US localities have undetected PFAS issues.
• Debate on policy responses:
  • Broad regulation of all organofluorines vs. incremental bans on individual molecules.
  • Whether to ban PFAS‑laden sludges from farmland outright, or test and restrict based on measured levels.
• Wind turbines are briefly discussed as possible PFAS sources via coatings; one linked source calls livestock‑PFAS‑from‑windfarms claims misleading, but commenters note legacy PFAS use in turbine materials is still a concern.

Who “ACA Health Insurance” Refers To

• Commenters clarify this is the individual market sold on ACA marketplaces (e.g., Healthcare.gov), not employer, Medicare, or Medicaid coverage.
• You can sometimes buy identical plans off-exchange, but only marketplace plans get ACA tax credits.

Why Premiums Are Spiking

• Core explanation: enhanced COVID-era premium tax credits are expiring, so people lose subsidies and their out-of-pocket premiums jump.
• Insurers also expect a sicker risk pool as healthier people drop coverage when it becomes more expensive, so they raise base premiums in anticipation.
• Several note this reflects the collapse of the ACA “three‑legged stool” (guaranteed issue + mandate + subsidies) after the individual mandate penalty was removed and now subsidies are cut.

Confusion About the “75% Increase”

• Some readers are confused whether underlying plan prices are rising 75%, or just the consumer’s share after subsidies shrink; one cites a KFF explainer that it’s the latter (out-of-pocket premiums).
• Skeptics argue the NPR example ($60 → $105) is cherry-picked and “meaningless” without showing full plan cost and tax credit details; one calls it scare tactics.

Real-World Cost Experiences

• Reported ACA premiums range from ~$300/month for a single bronze plan to $3,600/month for an unsubsidized platinum family plan, with debate over whether high-tier plans are financially rational versus high-deductible bronze.
• Multiple people stress that employer plans routinely cost $2,000–$3,000+/month in total, but employees often see only their small contribution.

Structural Problems Beyond the ACA

• Strong sentiment that tying insurance to jobs is “bogus”; debate over whether transitioning off employer coverage is politically feasible.
• Recurrent themes:
  • Hospital and practice consolidation and private equity ownership.
  • Rural hospital closures driven by low Medicaid reimbursement and looming Medicaid cuts.
  • High administrative overhead, PBM dynamics, and opaque billing.
  • Rapid expansion of upscale medical facilities amid fears of an eventual “crash.”

Politics, Messaging, and Alternatives

• Many note widespread public confusion that “Obamacare” and the ACA are the same, and argue labeling was used as a partisan/racial wedge.
• Blame for current cuts and price spikes is sharply partisan; some predict right-wing media will still blame “Obamacare” itself.
• Suggested reforms include: Medicare buy‑in, state‑level universal care (starting with blue states), or mandating employers convert premium spending into wages.
• Skepticism surrounds “Medi‑Share”/sharing ministries; one link portrays severe consumer risk since they’re not true insurance.

Policy vs. “Rights” and Illegality

• Some argue the NYPD simply violated an internal/administrative policy, not a constitutional right, so “bypassed” is more accurate than “broke the law.”
• Others counter that sidestepping democratically established limits on police tech use is effectively a rights violation (privacy, due process), even if not yet codified in higher law.
• There’s concern that such policies exist partly to block real legislation while remaining easy for police to ignore.

Evidence, Misidentification, and Due Process

• Several commenters stress the charges were dismissed with prejudice and the judge noted there was virtually no corroborating evidence beyond a complainant’s word.
• Accusations include doctored DMV photos and failure to obtain potentially exculpatory medical records, seen as serious prosecutorial misconduct.
• Debate: one side emphasizes the alleged rock-throwing as serious assault; the other notes that weak or tainted evidence and illegal methods undermine justice, even if a crime occurred.

Facial Recognition Ban and Loopholes

• Core issue: NYPD used a fire marshal with Clearview AI access to do what they themselves were barred from doing.
• Commenters liken this to “laundering” data requests through adjacent agencies or foreign partners to evade domestic limits.
• Some call for termination or even criminal liability for such end-runs, warning that allowing loopholes makes bans meaningless.

FDNY’s Role and Investigations

• Questioning why fire marshals have facial recognition; suggested justifications include arson investigations, identifying witnesses or victims.
• Others argue crime investigation belongs under tightly regulated police units, not fire departments with looser oversight.
• A counter-view prefers specialized, non-police investigators (including for fires and mental health incidents), to avoid over-centralizing power in police.

Clearview AI, Social Media, and Chilling Effects

• Alarm that a private firm can match faces from protest footage to scraped school and social photos, then tie that to government ID records.
• Even those who avoid posting photos note they can’t control others posting images that later get scraped.
• “Just don’t post photos” is criticized as effectively forcing people to self-censor online expression and assembly—seen as a First Amendment chilling effect, even if current doctrine hasn’t caught up.

Protests, Hate Crime Framing, and Selective Enforcement

• Some think the hate-crime context justifies strong investigative tools; others point out the facial-recognition ban has no such exception.
• Multiple comments view this as part of a broader pattern: aggressive state response to pro‑Palestinian or anti‑war demonstrations, contrasted with more lenient treatment of other causes.
• Historical references (Kent State, MOVE, 9/11-era measures) are invoked to argue that the state reliably escalates surveillance and force against anti‑imperialist movements.

Broader Surveillance-State Concerns

• Many see this case as a warning about ubiquitous facial recognition, data brokers, and AI analysis enabling pervasive tracking and political repression.
• Disagreement exists over whether police should ever have access to such tools; but there’s stronger consensus that if rules exist, police cannot be trusted to police themselves when breaking them.

Where COBOL Is Actively Used

• Heavy use in banking, insurance, government (tax, pensions, unemployment, health insurance, lotteries), education payroll, and healthcare “patient accounting.”
• Common patterns:
  • Nightly/batch jobs (ACH, claims, billing, pensions, inventory, replenishment).
  • Online transaction processing via CICS/IMS.
  • Backends: DB2, IMS/DL/1, VSAM, sequential datasets, sometimes SQL databases.
• Not strictly mainframe: PeopleSoft, vertical ERPs, and products like Global Shop use Micro Focus/AcuCOBOL on Windows, Linux, AIX, etc.

Modernization and Migration Efforts

• Many are reverse‑engineering COBOL to:
  • Move to Java/.NET/TypeScript/low‑code/COTS systems.
  • Consolidate multiple mainframes or re‑host COBOL (e.g., Micro Focus on x86/private cloud).
• Real difficulty is not COBOL syntax but:
  • 30–40 years of undocumented business logic.
  • Tight coupling and huge “uber‑monolith” systems.
• Multiple stories of failed or massively over‑budget migrations (SAP/ERP replacements, AS/400 rewrites), leading some orgs to build new systems in‑house and use old devs mainly as domain historians.
• Bridging tech: host gateways, custom Java/JS adapters, APIs, Kafka, DB‑driven integration.

Salaries, Careers, and Culture

• Several reports that routine COBOL roles pay below typical software salaries; some consultancies hire cheap juniors while selling “COBOL scarcity.”
• High rates exist mainly for niche experts on idiosyncratic, critical systems.
• Many mainframe/COBOL devs are older, long‑tenured, extremely business‑process‑oriented, and often not active in online tech communities.
• Cultural gaps noted:
  • Less exposure to modern security, tooling, and cloud paradigms.
  • Very strong system reliability, efficient keyboard‑driven workflows, and deep domain knowledge.

LLMs, Tooling, and Learning

• Several commenters successfully used LLMs to generate or analyze COBOL, especially boilerplate batch code; others stress the surrounding ecosystem (mainframes, control languages, JCL) remains the hard part.
• AI is being explored for code migration and test generation but seen as requiring heavy human oversight.
• Learning/on‑ramping resources mentioned: IBM Z Xplore, Coursera mainframe courses, IBM Redbooks, mainframe emulators, and formal training programs.

Developer Experience and Perception

• COBOL characterized as:
  • Verbose, boilerplate‑heavy, excellent for structured record processing and database‑centric logic.
  • Capable of surprisingly modern UIs (SCREEN SECTION, GUI controls in some compilers).
• Opinions range from “boring, hated it” to “actually a decent 4GL‑like environment; not as bad as its reputation.”

Performance & Benchmark Results

• lsr (Zig + io_uring) is reported ~70% faster than GNU ls on large directories and issues ~35× fewer syscalls.
• strace comparisons (in a “calls” directory):
  • ls: 198 syscalls,
  • eza: 476,
  • lsr: 33.
• Some argue syscall reduction is secondary to wall-clock time; others emphasize that fewer syscalls reduce kernel overhead and contention.
• Another view: io_uring still does the same work in the kernel; fewer syscalls don’t necessarily mean proportionally less kernel work.

Why Core Tools Don’t All Use io_uring

• Portability: classic tools target many POSIX-like systems; io_uring is Linux-only and relatively recent.
• Stability & churn: io_uring’s API keeps expanding, and many prefer to wait to see if it “sticks.”
• Programming model: effective use generally implies async/event-driven designs; many tools are written in simple synchronous C and would need major refactors.
• Tool authors may not want to work in C or go through GNU coreutils’ contribution process, so they build separate replacements instead.

Security, Sandboxing & Adoption

• Multiple participants describe io_uring as a “security nightmare,” citing a long series of kernel vulnerabilities, sandbox escapes, and container escapes.
• Concerns include: direct user–kernel shared memory, rapidly growing surface area, ability to bypass syscall-oriented security mechanisms (e.g., seccomp), and poorer auditability of batched operations.
• As a result, many environments (notably some container runtimes and large operators) reportedly disable or restrict io_uring.

Libc, Polyfills & Fallbacks

• Idea raised: make libc transparently implement POSIX I/O atop io_uring. Pushback:
  • Emulating sync on async often adds extra syscalls (e.g., futex, wakeups) and complexity.
  • If calls are serialized anyway, you lose most of io_uring’s benefits.
• Some discuss user-space “io_uring emulators” using worker threads and ringbuffers so apps can keep the same API on kernels without io_uring. Others note existing runtimes that fall back to epoll.

Filesystems, NFS & Real Workloads

• Interest in behavior against NFS or flaky networks: io_uring doesn’t inherently fix blocking semantics or NFS’s “local disk” illusion.
• Debate over NFS’s design: some see “pretending the network is a disk” as fundamentally flawed; others note all reliability is built from unreliable components anyway.
• File system choice matters: ext4 can be slow with huge directories; XFS reportedly handles large dirs better. Some users see ls/du taking minutes on millions of files.

Feature Tradeoffs & Ecosystem

• Users like eza’s rich icons, colors, and type detection; lsr is praised for speed but seen as visually simpler.
• Suggestions to implement LS_COLORS/dircolors and to build similar io_uring-based versions of cat, find, grep, etc.; mention that tools like bat do far more syscalls than cat.
• Note that io_uring currently lacks getdents; main benefit for ls-style tools is bulk stat (especially ls -l).

Zig, Tangled & Miscellaneous

• Some discussion of Zig’s allocator model (passing an allocator interface around; different backends like smp_allocator vs page_allocator).
• Tangled (the hosting platform, built on atproto/Bluesky) draws interest, but some question whether atproto is truly decentralized given Bluesky-centric auth.

Multiple meanings and historical origin

• Commenters note that “dynamic programming” means different things in:
  • Competitive programming / LeetCode (table-based optimization for overlapping subproblems).
  • Reinforcement learning and control theory (Bellman equations, Hamilton–Jacobi–Bellman, dynamical systems).
• Several point out that both strands trace back to Bellman’s work.
• The article’s story—“dynamic” chosen for its positive, impressive sound and “programming” meaning planning/scheduling—matches others’ recollections, though some cite disputes about details of the anecdote.
• “Programming” is linked to “linear/integer/constraint programming” and to scheduling in operations research, not to writing code.

What dynamic programming is (according to the thread)

• Many comments emphasize: DP is fundamentally about decomposing an optimization problem into overlapping subproblems with optimal substructure, not about any particular implementation.
• In classical math/OR/control, DP is framed as backward induction on time-dependent systems, not recursion+arrays.
• Several argue that in “true” DP, the table or value function and Bellman-type recurrences are the core, and memoized recursion is just one computational technique.

Memoization, caching, recursion debate

• A large subthread argues over whether DP is “just cached recursion.”
  • One camp: practical DP = recursion + memoization; that’s what most CS learners see.
  • Other camp: this is reductive; DP is a problem-structuring method, caching is only one way to exploit it.
• Distinctions are drawn between:
  • Memoization vs general caching (determinism, scope, global shared state).
  • Top-down (memoized recursion) vs bottom-up tabulation and “minimal-memory memoization.”
• Some insist that conflating memoization with generic caching leads to bad designs and bugs.

Applications and contest culture

• Multiple IOI/ICPC anecdotes:
  • Early contestants often failed problems due to using plain recursion and learning only later that DP was needed.
  • DP knowledge evolved from medal-winning edge to “table stakes” as resources improved.
• Examples mentioned: SQL join-order optimization (e.g., DuckDB), Emacs redisplay, shortest/longest paths, edit distance, BLAST approximating Smith–Waterman, routing (Bellman–Ford), kinship/relatedness computations, query optimizers.

Naming, marketing, and confusion

• Many dislike the term: “dynamic” feels vacuous, “programming” misleading; some prefer terms like “tabulation,” “optimization,” or “bottom-up memoization.”
• Others broaden the criticism to “linear programming,” “extreme programming,” “wave function collapse,” “extreme learning machines,” etc., as examples of marketing-oriented or opaque names.
• Several say such names made the concept seem harder than it is and delayed their understanding; at least one commenter still feels unclear even after reading the article and discussion.

Study design and placebo/blinding challenges

• Commenters note psychedelic trials struggle with blinding: most participants can tell if they received an active dose.
• Strategies mentioned: low vs high dose (“micro vs macro”), active placebos like niacin or strong antihistamines to mimic bodily sensations, or comparing psilocybin to other hallucinogens.
• Some argue mood interventions are inherently hard to blind and third‑party observers (family, monitors) may be better outcome raters.

Role of preparation, therapy, and music/setting

• Multiple anecdotes stress that the benefit came from a structured protocol: screening for treatment‑resistant depression, extensive prep sessions, and dosing under supervision of trained therapists/trip sitters.
• Guided soundtracks and carefully chosen music are described either as essential for steering thoughts and avoiding “loops,” or as something that interferes with the timelessness of the experience.
• “Set and setting” (mindset, environment, sitter) are repeatedly emphasized as critical.

Reported benefits

• Several people claim life‑changing relief from severe anxiety/depression, including in cancer contexts and long‑term treatment‑resistant cases; some report lasting improvements in empathy, sobriety, or sense of meaning.
• Others describe psilocybin as enabling perspective shifts or “ego death” that break maladaptive patterns.

Adverse experiences and risks

• Many counter‑anecdotes: onset of panic attacks, derealization, suicidal ideation, or psychotic‑like states after otherwise “normal” trips, sometimes lasting months or longer.
• Concerns are raised about triggering latent psychosis or schizophrenia, especially with family history; some argue the risk is non‑trivial, others insist it is rare but real.
• Debate over physical toxicity: one side characterizes euphoria as mild poisoning with potential renal harm; others demand evidence and point out misidentified or unclear mushroom species in cited cases.

Evidence quality, effect sizes, and placebo

• Critical commenters highlight: small, self‑selected samples; many prior hallucinogen users; weak blinding; uncorrected multiple outcomes; and crossover designs.
• Depression scores improve in both active and placebo arms, attributed to strong placebo effects, regression to the mean, and “turbo placebo” from a mystical‑seeming intervention.
• Some psychologists argue psilocybin may help some individuals but current data do not yet justify broad clinical adoption and hype is outpacing evidence.

Dosing and pharmacology discussion

• The trial’s 30 mg/70 kg dose is informally equated to roughly 2–5 g of dried Psilocybe cubensis, with wide variability by species, strain, and cultivation.
• Debate over mechanisms: acute 5‑HT2A activation vs. longer‑term receptor density changes, anti‑inflammatory effects, and how this compares to chronic SSRIs or microdosing (with possible heart‑valve risks at sustained exposure).

Policy, economics, and regulation

• Several threads ask why psilocybin remains Schedule I while amphetamines are widely prescribed.
• Explanations raised: 1970s drug‑war politics targeting counterculture and minorities; path‑dependence from historical medical use of stimulants; stigma from recreational use; and limited pharma incentives for an infrequent‑use, easily home‑grown drug.
• Some favor full legalization but criticize advocacy that minimizes risks, likening it to earlier marijuana debates.

Alternatives and broader mental health context

• Mindfulness, moral/behavioral change, reduced sensory overstimulation, and charitable acts are offered as a non‑drug success story for depression, framed in Buddhist terms.
• Others push back that “just be more moral” is not meaningful treatment advice, though cultivating loving‑kindness and reducing compulsive desire is seen by some as beneficial.

Legacy and Personality of Gary Kildall

• Many commenters express admiration for Kildall as an inventor, educator, and visionary who viewed computers as learning tools rather than profit engines.
• Several contrast him with more aggressive business figures in tech, suggesting his distaste for business and marketing hurt his commercial success but made him morally preferable.
• There’s regret that he isn’t as widely recognized as other “famous computer people,” despite foundational contributions (CP/M, BIOS abstraction, early GUIs like GEM).

CP/M vs MS-DOS and the IBM PC Deal

• Repeated debate over why CP/M-86 lost to PC‑DOS/MS‑DOS:
  • One side emphasizes CP/M-86’s much higher IBM-set retail price and late delivery, making DOS a “no-brainer.”
  • Others cite an oral history from a DRI executive claiming IBM promised equal footing on price but then undercut CP/M-86 drastically, which Kildall later described as “the day innocence was gone.”
• Disagreement over who set CP/M-86 pricing: some say IBM simply passed through higher royalty costs; others say DRI misplayed negotiations.
• Discussion of Tim Paterson’s QDOS/86‑DOS as a CP/M-like stopgap IBM could ship quickly, later adapted into PC‑DOS/MS‑DOS. Timing (licensing vs purchase) is disputed but generally agreed to be very fast.

Gates, Jobs, Elites, and Nepotism

• Mixed views on Gates: acknowledged as a highly talented programmer and early software entrepreneur, but also portrayed as intensely commercial and sometimes ruthless.
• Long thread on whether his family connections (especially his mother’s nonprofit board overlap with IBM leadership) materially influenced IBM’s choice of DOS; some see plausible cronyism, others think IBM’s technical and financial vetting dominated.
• Jobs is compared as a product and taste-driven figure, with both praise (design) and criticism (fanless designs, treatment of early employees).

Memoirs Release, Redactions, and Alcoholism

• Excitement about the free release, but disappointment that only early chapters are available and that the rest may be withheld for decades.
• Some argue the family is right to omit personal and alcoholism-related material; others feel posthumous editing distorts the historical record and could have offered valuable cautionary lessons.
• Speculation that omitted sections concern family conflicts, with recognition that memories and later narratives are often unreliable.

Technical and Historical Side Threads

• Tangent on whether early BASICs were “compilers” or pure interpreters, with detailed back-and-forth on tokenization, parsing, and definitions of compilation.
• Explanation that CP/M’s BIOS was a pluggable device-driver layer (not a ROM BIOS), enabling quick ports; admiration for how fast this could be implemented on 1970s hardware.
• Mention of other DOS-like systems (FreeDOS, TurboDOS, MP/M) and how bundling and ecosystem effects made replacing MS‑DOS unattractive.

Media, Archives, and Nostalgia

• Multiple pointers to “Computer Chronicles” episodes (especially the Kildall special) and Internet Archive collections, plus an EPUB conversion of the scanned memoir for better readability.
• Nostalgic recollections of GEM, early Windows, and prepress/desktop-publishing workflows where multiple OSes briefly competed before Microsoft’s dominance solidified.

Study and “functional reserve”

• Commenters link the Biobank results to long-known ideas of “functional” or “cognitive” reserve: organs and cognition can compensate for damage for years before symptoms appear.
• Examples given: kidneys losing nephrons until reserve is exhausted; Alzheimer’s starting with mild forgetfulness decades before disability; HIV and SARS‑CoV‑2 effects being buffered by higher cognitive reserve.

Kidney function and eGFR anecdotes

• A healthy, fit person failed kidney-donor screening due to chronically low-but-stable eGFR, which later improved slightly; others note eGFR is an estimate that fluctuates and declines roughly 1 point/year after 30.
• Creatine supplementation and contrast dye from imaging are mentioned as possible confounders or harms.
• Cystatin C and direct GFR tests are cited as more accurate when donation risk is evaluated.

What “functional reserve” actually is

• Some argue it’s not a single thing: redundancy at many levels (two kidneys, many nephrons, vascular elasticity, etc.) add up to reserve.
• One explanation: only a subset of glomeruli filter at any given time; reserve units activate when others fail.
• Analogies are made to redundant cloud infrastructure; gradual failure only shows when enough components are lost.

Preventive care, incentives, and inequality

• Strong support for prevention as vastly cheaper than late treatment; used to argue for centralized systems like the NHS.
• Others note perverse US incentives: prevention often out-of-pocket, treatment often insured.
• Debate over whether “anyone can afford” prevention; critics highlight food deserts, unsafe neighborhoods, difficulty taking time off work.

Screening, diagnostics, and overtesting

• Several warn that “more data” is not always better: many screenings (blood panels, imaging) produce false positives and harmful interventions.
• PSA testing and widespread prostate cancer illustrate overdiagnosis vs meaningful disease.
• Popular longevity frameworks and tests (e.g., coronary calcium scans, VO2 max, DEXA) are seen by some as mainly for “worried well” enthusiasts; often they don’t change recommended lifestyle actions.
• CT scan radiation risk (one commenter cites “~5% of cancers”) is raised as a reason to avoid unnecessary imaging.

Self-healing, early detection, and Covid

• Commenters stress that the body often clears early cancers and infections unnoticed; “too-early” detection can mislead statistics and trigger unhelpful care.
• Some argue SARS‑CoV‑2’s long-term effects resemble known post-infection phenomena; others challenge blanket claims without specific evidence, noting huge publication volume alone proves little.

How fast is AI actually spreading?

• Several commenters argue AI adoption is very fast: ChatGPT hit hundreds of millions of users and “AI features” are being shoved into most products.
• Others say that being embedded everywhere ≠ being meaningfully used; many users ignore AI buttons and just want reliable search or basic app functions.
• Comparisons are made to PCs and the internet, with some saying LLMs have diffused into business talk much faster, but retention and real impact remain unclear.

Usefulness and productivity: mixed experiences

• Some report major gains: automating metadata for video streaming, content summarization, internal search across tools, parsing files, generating boilerplate code, tests, and routine docs.
• Others find AI slower than doing the task themselves, especially for integration troubleshooting, complex architectures, or specialized domains.
• There’s a split: for some, AI is a “force multiplier”; for others, it adds a review-and-debug layer that cancels any benefit.

Reliability, hallucinations, and trust

• Many comments focus on AI’s tendency to “bullshit”: wrong browser details, car torque specs, legal facts, sports trivia, or UI actions—with high confidence.
• This unreliability is seen as disqualifying for law, medicine, safety‑critical code, and serious customer support.
• Users want systems that say “I don’t know” instead of fabricating; current behavior undermines trust and slows adoption.

Business models, lock‑in, and inequality

• Fears: big vendors underprice now, then hike prices once firms lay off staff and get dependent; AI amplifies existing corporate abuses and bias.
• Others counter that switching providers and running local/open‑source models is possible, so moats are shallow.
• Debate on inequality: some see AI as a huge divider (those with tools/skills vs. everyone else); others see potential leveling—cheap “AI lawyers/doctors” and Harvard‑like education access—but this is challenged because of errors and asymmetry (rich firms will also have better tools and prompts).

Data, context, and integration hurdles

• A recurring theme: models lack organizational context. They don’t know legacy decisions, hallway conversations, or nuanced product strategy; encoding that is tedious.
• Commenters call for a new “bridge layer” between corporate data lakes and AI, with proper access control, auditability, and UX for giving context.
• Until then, many see AI as better for generic tasks than for deeply embedded, domain‑specific workflows.

Worker incentives, anxiety, and resistance

• Non‑technical workers often see AI as a direct job threat, not a helper, especially where executives openly frame it as a way to cut headcount.
• Some describe burnout and unrealistic expectations (“do double the work with AI”) without evidence of achievable productivity gains.
• This produces quiet refusal or “sabotage” of AI initiatives, especially when people don’t share in the upside.

Developer workflows and coding agents

• Enthusiasts: with clean architectures, good documentation, and carefully written “tasks,” LLMs can implement features plus tests; devs shift to specification and review.
• Critics: that workflow is less fun, and on large, complex codebases AI often produces incoherent designs, subtle bugs, and wrong refactors—reviewing and fixing them is as hard as writing code.
• Some see big gains for CRUD/front‑end/boilerplate; others say senior‑level engineering (design, invariants, performance) gets little benefit.

Hype, media narratives, and skepticism

• Several comments criticize media like The Economist for assuming “AI is hundred‑dollar bills on the street” and blaming slow diffusion on inefficient workers or bureaucracy.
• Others liken the atmosphere to crypto/NFTs: massive hype, weak evidence of broad, durable business value, and likely future disillusionment—though most expect AI to remain useful after any bubble pops.

Account termination & lack of explanation

• The dev’s Apple account was terminated citing section 3.2(f) of the Apple Developer Program (ADP), but without a concrete, actionable explanation.
• Commenters note this is common: Apple rejection/termination letters are highly generic and legally sanitized.
• Some argue we can’t fully judge the case because the developer hasn’t shared much about what they did; others counter that regardless, such serious actions should always be clearly explained.

Section 3.2(f) & Apple’s power

• 3.2(f) is seen as extremely vague, covering any act “intended to interfere” with Apple software/services or business practices.
• People speculate it could be used to block apps that conflict with Apple’s plans (e.g., “Recall”-like screen recording tools) or even treat support contact as “interference.”
• There’s criticism that Apple unilaterally controls developer identity and notarization, with no alternative attestation providers.

Broader pattern: bans, geoblocking, and fraud

• Similar opaque bans are reported from AWS, Amazon retail, Imgur, and others, often triggered by login from “high-fraud” countries or cross-region usage.
• Users describe geoblocking and “fake” error messages (e.g., capacity errors instead of honest 403s), and even “birthblock” of users born in occupied regions.
• Some justify IP-based blocking as a crude but common “defense in depth” against botnets; others highlight the collateral damage.

Lock-in, ownership, and alternatives

• Many emphasize that tying critical work or content to locked ecosystems (Apple, Amazon, etc.) is dangerous; bans can mean instant loss of purchases and data.
• Apple is criticized as uniquely restrictive: you need its permission to run most software, especially on iOS; macOS notarization is becoming de facto mandatory.
• Android and Windows are seen as somewhat more escapable via alternative OSes, sideloading, or offline use, though banking/government apps can limit that.

Developer risk & ecosystem effects

• Developers express anxiety that their livelihood can be destroyed overnight with no recourse.
• Some say this is yet another reason to avoid Apple platforms or not build a business inside any gatekeeper’s “moat.”
• Hopes are pinned on regulation (e.g., EU/DMA) to open distribution and force more transparent processes.

Impact of the 2011 Microsoft key expiration

• Many Linux Secure Boot chains rely (knowingly or not) on a Microsoft third‑party key from 2011 that expires in Sept 2024.
• If firmware isn’t updated to trust the new 2023 key, new shims/bootloaders may no longer boot, even if the OS itself is updated.
• Some firmware doesn’t even check expiry, so behavior is hardware‑dependent and unclear.
• Existing installs may keep working until something in the chain changes (e.g., new shim), which could surprise users months later.
• Windows bootloaders are also affected by 2026 expirations, so this isn’t only a Linux problem.

Microsoft as CA and power/control concerns

• Many comments criticize the fact that Linux boot depends on Microsoft’s PKI at all; this is seen as structurally anti‑competitive and a “single point of failure.”
• Others argue Microsoft’s CA role was inevitable because nearly all x86 PCs are sold as Windows‑capable and no Linux player stepped up early with a competing PKI.
• There is speculation about legal/regulatory remedies (e.g., EU‑run attestation or mandated multi‑vendor trust), but also fear such intervention could worsen lock‑in.

Security value vs. user freedom

• Pro‑Secure‑Boot side:
  • Designed to block bootkits/MBR rootkits and support a chain of trust into disk encryption (e.g., TPM‑sealed keys).
  • Helpful in enterprise/server environments and for making FDE transparent for ordinary users.
• Critical side:
  • For most personal threat models, boot‑level attacks are rare compared to user‑space malware.
  • The real, common “attack” is restricting what OS you can run; phones, consoles and some PCs already demonstrate this.
  • Anything that can lock you out of your own hardware is viewed as a bigger problem than the threats it mitigates.

Linux Secure Boot in practice

• On mainstream distros (Ubuntu, Fedora, recent Debian), Secure Boot generally “just works” on the happy path, including with some NVIDIA drivers via signed DKMS modules or vendor packages.
• Off the golden path (Arch, custom kernels, VMware/VirtualBox, out‑of‑tree modules), users report manual key enrollment, MOK dialogs, and recurring signing chores.
• Tools like sbctl, UKI, and distro hooks can fully automate signing, but UX remains confusing, especially around MOK vs UEFI KEK/db.

Firmware/UEFI design and vendor failures

• Many see UEFI (and Secure Boot) as over‑complex and poorly implemented; firmware is often buggy, unmaintained, and inconsistent.
• Some hardware loads GPU or option ROM blobs signed with Microsoft keys before letting you enter firmware setup; replacing keys can brick access to the setup screen itself.
• Others defend UEFI as standardizing what vendors were already doing and enabling cleaner dual‑booting vs BIOS.

Certificate expiry semantics

• Multiple commenters question the point of 10–15‑year expirations: they don’t meaningfully mitigate key theft and instead threaten long‑lived hardware.
• Suggested alternatives:
  • Treat expiry as a warning, not a hard failure.
  • Validate signatures “as of firmware build time.”
  • Use timestamping/DBX for revocation while avoiding hard global time dependencies.
• Others argue expiry helps bound CRL/DBX growth and crypto deprecation, but acknowledge the ecosystem didn’t plan for vendor neglect.

User keys, alternatives, and mitigations

• Several argue that “real” Secure Boot means enrolling your own keys and optionally dropping Microsoft’s, which many report doing successfully (often via sbctl).
• Caveats: certain laptops (notably some Lenovo models) reportedly break video/firmware UI if Microsoft/Lenovo keys are removed.
• Common fallback strategies:
  • Disable Secure Boot entirely.
  • Keep Secure Boot but rely on distro shims and hope vendors ship firmware updates.
  • In desperation, play clock‑games (set RTC back before expiry) – acknowledged as hacky and fragile.

Broader systemic worries

• Thread connects Secure Boot to larger trends: Intel ME/AMD PSP backdoors, trusted computing as a tool for DRM and surveillance, planned obsolescence, and the risk of losing the ability to run old systems on old hardware.
• Underlying tension: security engineering vs. user sovereignty. Many see current Secure Boot governance (especially with Microsoft as de facto root) as biased toward the latter’s erosion.