> one confidential, trusted place to coordinate discovery, remediation, and disclosure

I read this they would build the patches privately (or with maintainers if confidential) and then share amongst their supporters before public release.

> No one looks at Debian and is saying "well maybe we should do what they do"...

Arch does exactly what Debian for the official repos. It was only the AUR that was compromised. Possibly the issue is that Arch is a bit to strict for the official repos which has forced too many people on to the AUR ones.

Ubuntu has personal PPAs that are easy to setup - but Ubuntu has a good system to get everything into mainline (mostly because Debian has nearly everything and they ship Debian) and so they are rarely used. Arch has vastly less official packages and so there are a lot of niches where you have to use a AUR.

I don't think the issue is Arch is to strict though. I think the issue is Arch isn't good at helping people getting things that should be official to official. Publishing a AUR is easy, getting something from an AUR to official is hard and most people give up - often without trying.

The AI can't actually tell if you are trying to patch your own system or exploit others.

It seems like ... it's not illegal to find exploits, it's illegal to use them. Enforcement should start there, not the nanny state approach that you might do something bad with information. It breaks down a little bit because it means there will be a period of disruption while the bad guys use exploits - but that's already illegal, and the good guys have had time to use the tool & fix things before it went public, right?

Sounds like something they should work on before any potential future releases. I can, and this thing's explicit stated purpose is to do my job.

It seems to use DHT under the hood whether directly or through a relay. https://pkdns.net/ .

That is a pluggable/possible, but non-default, configuration.

You would have a lot of security issues right? Whether or not it's useful Wayland does prevent to isolate clients from each other.

They’re right on this one, shared memory isn’t some scary dangerous thing. Both processes will just have some region of their respective virtual address space which are mapped to the same physical memory, which they can use to share data. Wayland already uses this for pixel data.

Not really, you can have one command buffer per client or process, and map each one in the virtual space of the process that's supposed to write to it.

This ruling was about search clearly, however, there's definitely ways implications for chatbots too.

Google does remove defamatory results I believe at least partially in response to being sued. However there is a distinction if they have been informed it is defamatory.

In this case it looks like they were notified and didn't do anything.

AI can still have a massive impact while these three companies go nowhere.

Same as the dotcom and same as the railroads.

> AI can still have a massive impact while these three companies go nowhere

These three companies can do great while their valuations go nowhere.

Which is unlikely considering their obligations. I'm a bit more optimistic about SpaceX (and anthropic to a lower degree), but if free models keep improving at the same rate as frontier models, their won't be any profit from AI.

What’s the time horizon do you think for free models matching today’s SOTA on average consumer hardware? I see people building 6k+ machines to run the best of them at the moment, which are behind SOTA by maybe 6 - 12 months or so right now.

Open models lag the frontier ~3-6 months, though they're likely smaller than frontier models as well so that lag might not be fully real. Qwen 3.6 27B is very usable for average coding, and Gemma4 31b is very usable for day to day tasks.

The problem there isn't the models, it's consumer hardware. Even 16GB cards aren't the norm, and even with massive improvements in per-parameter performance we probably still need 48GB memory to get models that feel smart enough to trust.

“Average” is also doing terrible things there. The “average GPU” is probably the integrated graphics on the CPU of a laptop.

If you scoped it to “average gaming desktop”, double digit VRAM is pretty normal at this point. If costs came down, I imagine the higher end GPUs would start including enough VRAM for 30B-ish models.

> I see people building 6k+ machines to run the best of them at the moment, which are behind SOTA by maybe 6 - 12 months or so right now

SOTA in open source (frontier Kimi MOE) requires terabytes of RAM. At DDR5 prices, that's $40k alone. For HBM, higher. We're years away from consumer hardware matching the power and latency of e.g. Claude.

I don't think free/open model necessarily means local. I use open code Go for $10/mo for pet projects and deepseek v4 pro is largely comparable to my workflow at work using Claude code. Obviously this wouldn't work for someone wanting to do more than just per projects (I hit my weekly quota 5 days in, on basic usage) but I'm just saying that local doesn't have to be part of the equation

> These three companies can do great while their valuations go nowhere.

How? They're building out on debt. The investors need to offload at a profit otherwise the company can't sell more shares to acquire the cash needed (share price too low).

Sure, it's possible that a recent IPO does poorly but the company soldiers on regardless, but it's not likely.

> They're building out on debt

SpaceX sort of is. OpenAI almost certainly is. Anthropic doesn't appear to be.

Dividends are absolutely not price neutral however most feeds correct for them.