> if we take a wholistic approach, most things were more affordable.
I don't know exactly what "wholistic" means, but in actual numbers, corrected for inflation and median wage growth, this is 100% the opposite of true.
A few things are more expensive in CPI terms, housing among them. Almost nothing is actually significantly more expensive as a fraction of median income.
And it's really distressingly weird that people can't see this. I mean, if cars were so cheap in the 70's or whatever why did we inexplicably have so few of them?
> the process of liquidating and transferring securities is much slower than ACH or Zelle.
That doesn't seem relevant here. The account disappeared due to a data maintenance error; it wasn't extracted via a legitimate transfer to another account, they literally forgot about it.
Yes, that is why I caveated my comment. But her quote is still a good reason to point out that if there is a chance you might need access to money within short notice (I’d say within a month), it should be in a checking or savings account.
It's not really an "if". Iran is in a stronger geopolitical position (than the one they held before the war) today. Any deal they make can only improve things for them, by definition (or else they wouldn't take it).
That's precisely the trap the Trump administration has created for itself. If the only way out is to lose, then you've already lost. And Iran knows it.
I agree that they have this strong position now, but the war is not over yet. I doubt they'll lose it in any meaningful way, but still it remains to be seen how they manage to capitulate it in a possible peace deal.
Again, they don't have to capitulate. They hold all the cards. The world needs that strait open, and 100%, undeniably, without any question at all will pay Iran tolls to get it.
To the extent that this ends in military action, it's going to be the rest of the world protecting the Iranian toll regime from USA piracy. Even Trump won't pull that trigger. Watch for the TACO.
They still need to come to some kind of peace treaty to be able to profit from the control of the strait. Before that happens we might see things like ground invasion or nuclear weapons being used. It's unlikely, but within the realm of possibility.
Again, no, before that happens we'll see Europe and China submit to Iran's tolls and start escorting their tankers through the straight in "violation" of Trump's insane blockade. The US position is 100% untenable here, it relies on everyone else just deciding by fiat that Iran is the bad guy when it's very clearly us.
You believe China and Europe would go to fight with US instead of Iran, if/when we get to a point of actually hurting enough to join that fight?
I don't see that happening... Also if they want to escort tankers, they can escort tankers from US-allied countries, and I assume US would also help.
Overall, I legit do not see a way where countries would pick to fight against US instead of Iran if we ever get there. But maybe, I am wrong, so who knows :)
> You believe China and Europe would go to fight with US instead of Iran
No, but I believe China and Europe believe that they can stare down Trump and force a TACO more than they believe in their ability to successfully navigate the ridiculous shitstorm in the gulf.
I repeat for like the ninth time: It is the USA, and not Iran, that is actually preventing commerce in the gulf as a matter of national policy. Iran just wants to get paid, basically. Trump wants... what, exactly? And that's the problem. The rest of the world needs a solution and not bluster. Iran offers one, Trump just yells a lot.
> Iran is in a stronger geopolitical position (than the one they held before the war) today
Why do you say that? IRGC lost 90% of their corrupt income when USA blockaded their shadow fleet of oil tankers, they are weaker than ever right now, it is hard for any organization to survive long when losing 90% of their income. They rely on a large amount of mercenaries currently to keep the population under house arrest, but what happens when those no longer get paid?
The blockade is 100% unsustainable. It's a joke. The world can't absorb a 25% cut in oil production for anything more than a few months. Reserve capacity is already being tapped. The futures market says it's only a mild disruption because the futures market is predicting (correctly, so far) that it's all a joke that will disappear in a confusing TACO in a few days.
> The world can't absorb a 25% cut in oil production for anything more than a few months.
IRGC can't absorb that for more than a few months either, and if the world wants to open the strait they would rather attack Iran over the strait than attack USA, so there is no way this state will benefit IRGC if it keeps up.
It was IRGC mining friendly countries waters and attacking ships in friendly waters, every country affected has the right to go attack IRGC over that but they choose to wait and see for now. But if it gets as bad as you suggest then they will just force Iran to open it, they wont force USA to do anything since its not USA that is illegally blocking it.
> IRGC can't absorb that for more than a few months either, and if the world wants to open the strait they would rather attack Iran over the strait than attack USA, so there is no way this state will benefit IRGC if it keeps up.
This is not at all obvious to me. Money and economic power historically is downstream of military power - men with guns can expropriate whatever they want or need from their unarmed, isolated population. The only thing that is potentially upstream of military power is ideology, which also favors IRGC and Iran security forces as they seem to be most ideologically fervent faction in Iran.
> they wont force USA to do anything since its not USA that is illegally blocking it.
The USA is literally blockading the strait to prevent tolling. I mean, in some sense you're right: the Trump threat is fake and he'll cave. But the policy you're ascribing to Iran, incorrectly, is actually what your government claims to be doing!
I remain just absolutely dumbfounded at the ability of this administration's defenders to just dig in on obvious lies. Surely on some level you get that you're being lied to, right?
> The USA is literally blockading the strait to prevent tolling.
USA is blockading Iran, they don't blockade anyone but Iran.
> But the policy you're ascribing to Iran, incorrectly, is actually what your government claims to be doing!
I'm not an american. And no, USA doesn't block anyone but Iran here, blockading an enemy nations ports is fair game during war, blockading third party ports that tries to sail through their own waters like Iran does is not. The strait isn't Irans strait, they put mines all over the place in Omans waters, that is extremely illegal and basically a declaration of war against Oman to do so.
Edit: Maybe you misunderstood USAs blockade as they blockading anyone who pay Iranian tolls. No they don't do that, that was just a deranged statement by Trump, CENTCOM later announced the real blockade and it was just a blockade against Iranian ports, nothing about Iranian tolls.
"Effective immediately, the United States Navy, the Finest in the World, will begin the process of BLOCKADING any and all Ships trying to enter, or leave, the Strait of Hormuz." - President Donald J. Trump
The inability of people to reason from clear evidence about this president, and instead project onto him whatever rationalizations they've come up with, is absolutely astounding.
Now, again, that is what the president SAID. It is clearly not the actual military stance of the USN in the strait, because that would be insane. But it remains US policy and to argue otherwise is... yikes.
I don't care what Trump says, I look at facts on the ground and fact is that USA never blockaded ships that weren't going to Iranian ports, and the American navy never said they did either. What Trump says in public and what the private orders are obviously very different.
Other countries can see this as well, USA is letting them through and their navy there says they will, they all know Trump spouts a bunch of bullshit so you look at what they do instead of what they say. I haven't seen other countries say USA must stop blockading so they see this as well, they would complain if USA actually blocked any unrelated traffic through the strait but they never did do that.
The "facts on the ground" are that the strait is closed to shipping, has been closed, and seems likely to remain closed for the foreseeable future. Yet you think that is somehow not because of the very clearly stated policy of the world's sole superpower which has been pursuing a war in the region?
That's just... batshit. "OK, you said you'd do this. And you did this. And it happened. But you didn't do it!" Literally that's your logic.
Like I said: the ability of the right wing to create for itself a fantasy world that excuses away all the failings of their movement, even to the extent of disbelieving and writing off the actions of their leaders where they don't fit the desired narrative is just amazing.
That's really it. The list of things that "need" to be in the kernel is shrinking steadily, and the downsides of having C code running in elevated privilege levels are increasing. None of that is about LLMs at all, except to the extent that it's a notable inflection point in a decades-scale curve.
The future, and we basically all agree, puts complexities like protocol handling and state in daemons and leaves only the hardware, process and I/O management in the kernel.
Basically, Tannenbaum was right about the design but wrong about the schedule and path to get there.
> kernel/user space context switching, in high performance context has to be seriously evaluated.
Of course. But that's true for all userspace solutions too, and there are many options for async APIs (io_uring et. al.) which work to address that.
The point is that you want the IP stack (or whatever) to be passing stuff around on unix domain sockets for every packet. It's that you want it running in its own memory domain.
I don't think this is actually true (eg. DPDK), but even if it is, you can put the driver in userspace (tun/tap + vfio/libusb/ioport/...) and still use TCP/IP in the kernel.
Speed certainly certainly isn't an issue for AX.25. The protocol typically runs at <10 kbps; the overhead of processing packets in userspace is negligible.
It most commonly runs at 1200bps, used for APRS these days.
You can do a neat trick with this if you set up IP over AX.25, particularly with softmodems. Since you've got IP you can do SSH or TLS over it, right? At least, if you set all the timeouts really long, because some of those packets take a while at 120 bytes per second.
So then you can tune the tones to be a little off the normal frequencies of one side, and play them through speakers with two PCs connected together. When you ssh from one to the other, you will hear the establishment packets and the flurry of packets for every keypress pingponging backwards and forwards between the two systems.
Absolutely brilliant for demonstrating how things like TCP works with retries (plug a mike into it too, shout some interference) and how UDP doesn't, and stuff.
And then you'd be able to hear the difference in the chat between the two machines! That's an amazing demo :-)
I used to use mosh and tmux over 9600bps AX.25 before I had 3G data, a very long time ago. Strictly speaking SSH over amateur radio breaks the rule about encryption but 144MHz is a big place with no-one in it, and you can't pay Ofcom to take an interest in what people do on amateur radio.
that's strictly not true. if I move the code that does TCP from the kernel into the application (not some other daemon, which is perhaps what you're suggesting), then the performance is to the first order the same.
ok, what are the niggly details. we don't have interrupts, and we're running under the general scheduler, so there may be some effects from not getting scheduled as aggressively.
we still need to coordinate through the kernel wrt port bindings, since those are global across the machine, but that's just a tiny bit.
clearly we may be re-opening a door to syn-flooding, since the path to rejection is maybe longer. maybe not, but maybe we can leave the 3-way handshake in the kernel and put the datapath in userspace.
we probably lose rtt-estimates hanging off of routes.
Do you realize AX25 it's just something loaded on demand when the user requires it, and not by default? Do you know the basics on how the systems work bellow your shiny UI's and IDE's?
First, AX25 modules would just lie down in the disk harmless, no AX25 stuff it's loaded unless some user modprobe thems in order to setup some hamradio stack with HamNet and the like.
I see far more security issues with blobs loaded in a so-called GPLv2 kernel everywhere where the tarball almost weights more in blobs than in libre source code. Yet these LLM bootlickers will happily accept whichever non-free firmware on their noses.
Somehow propietary Radeon, Nvidia, some Intel audio drivers for SOCs and the tons of ARM related firmware blobs are not a security issue. At all.
Just kick random bits over the BUS without knowing what really happens with the device. Even if some of them can have full access to the RAM and CPU and the like. That's pretty fine. Ah, yes, IOMMU's and the like. Not enough for some cases. Sorry, but these people can't be serious where the actual multi-CPU based networked computer it's full of opaque bits where you have no control on what they do at all.
For clarity: the example upthread about pwning was TCP/IP, not AX.25.
Also the idea that "there are no local exploits in this kernel code because it's not used by the running system" is like the proximate cause of 80% of local privilege escalation vulnerabilities. Seriously?
... by loading it? There are many ways to get the kernel to suck in a module you can then bang on over sysfs or whatever API it presents. You can have a local exploit in a binary with CAP_SYS_MODULE, subsystems can be fooled into passing uncooked strings to modprobe, users can be fooled into dropping junk into /etc/modprobe.d (instructions for doing so are pervasive in the embedded world and most users think this stuff is safe), etc...
This kind of chicanery is the vanilla pudding of the hacker world. It's everywhere. Suffice it to say that you're simply wrong: NO, it's never OK to argue a subsystem is safe because you personally think it can't be loaded. It 100% can be, that's the easy part.
>users can be fooled into dropping junk into /etc/modprobe.d (instructions for doing so are pervasive in the embedded world and most users think this stuff is safe), etc...
Not an issue for AX25 per se.
If you can fool an user to run root instructions, it's game over, period.
Also releasing the so-called GPLv2 kernel full of propietary blobs where GPU's and even SOC's can take over the whole initialization process (and some devices talk to the CPU directly since DMA times, and I don't think IOMMU's will be 100% safe for this) it's perfecly fine for security.
Hilariously, this is what the Gnome 2 people would have called an "Unbreak Me" option, something they tried culturally to eliminate more than a decade and a half ago. With... not total success, I guess, but the resulting environment tends to have a very high level of "work and not suck by default" quality -- something that steadily evolving commercial software tends to struggle with maintaining.
An even simpler reason is the way the device works. Like op-amps, a BJT transistor is very much a jellybean component. They all work the same. Sure, there are edge cases like high voltage/speed and very low/high power where you'd choose something different. But in general if you have a design with a BJT[1] used in a conventional way for sensor and control stuff you can drop in another part (or matched pair if you're doing something like an amplifier) of the same polarity without worry.
A current amplifier is a current amplifier, there's not a lot of complexity until you start worrying about stuff like base capacitance and whatnot.
So, sure, "at the right time" is correct, but really any good/cheap/available BJT that arrived at that time would have won.
[1] Op-amps are even more generically jellybean-like.
The "it works" part may be true for BJTs, but I think it's a stretch for op-amps. The number of Stackexchange and Reddit threads where people are struggling to debug the quirks of these ancient chips is pretty staggering.
I dunno. An op-amp is a high-impedance differential amplifier with (conceptually) infinite gain and monotonic behavior at the crossover. Hook it up in feedback to exploit those properties and walk away. Any other chip is going to work just fine as long as you aren't violating a voltage or output current spec or whatever.
It's true that it's possible to create a design that relies on a particular chip's behavior (like trying to drive an output directly and assuming it can do it vs. using, heh, a 2N2222 to drive the load). But those are pretty uniformly treated as "bad design". Op-amps "should be" jellybeans.
But these early chips are not that. The 324 has marked crossover distortion and problems with phase reversal, both have severe input and output voltage limitations, etc. Basically, they are a pain to use, especially in single-supply circuits, and there's little reason to keep using them.
They're insanely cheap. That's why they sell. They're cheap so the volume is there so they stay cheap.
I recall that I needed some 8-pin parts a while back to test something package-related. I looked around for the cheapest part I could find and guess what... it turned out that the 358 was the absolute lowest cost thing in the world in 8 pins. Cheaper even than dummy parts with no silicon in them.
Exactly. This is a pipeline architecture, you don't buffer more than absolutely necessary. What matters is how much fuel is flowing, not what the storage fill size is.
Right now it seems like we've entered a detente where (1) Iran controls the strait and allows oil to flow with tolls and (2) the US lies about it and pretends (for domestic consumption) like it's interdicted all tolled commerce.
Jet fuel in particular is more complicated than that. At the moment, most of the shipping passing through the straits are coming to and from Iran. I believe only a few ships for other countries have transited, none of them tankers- the GCC countries are not willing yet to acknowledge Iran's control over the Straits, since doing so would be to admit that this war was a giant catastrophe.
Iran, for sanctions related reasons, is unable to make international grade jet-fuel. Only the GCC countries can (in the Persian Gulf). And so not a single tanker of jet fuel has transited the Straits of Hormuz to Europe since this incredibly dumb war started. Iran does export raw crude to China, which refines it to international grade jet fuel, and China is getting some shipments from Iran, but China's raw crude imports have dropped, and they have responded by ending jet-fuel exports to the rest of Asia.
My understanding is that Europe can produce jet-fuel from the North Sea deposits, but they rely on imports because it is not sufficient for their consumption (My memory is that 'domestic production' was on the order of 60% of consumption). So as long as the Straits are blocked to GCC traffic there will be problems for European commercial aviation, getting worse over time.
Is there a cite for that explanation? That doesn't sound right to me. My understanding is that almost all Hormuz oil is crude, the refineries are elsewhere.
Which part? That GCC countries export refined Jet-A?
Kuwait was responsible for 15% of seaborne jet fuel exports in 2025 (1), something like 10% of the world's total exports. In 2024, Bahrain exported 20 million barrels of jet-a (2). South Korea, #1 in the world, exported 90 million barrels in 2025- all by sea- (3), so Bahrain isn't a dominant player, but it's still an important amount.
Obviously most of ROK's oil was crude imported to South Korea for re-export elsewhere, but the GCC has spent the last few decades trying to get up the value chain of petro-chemicals and capture more of the value themselves.
Yeah, those number seem cherry-picked. The fact that refineries exist in gulf isn't saying that refinery capacity doesn't exist elsewhere to manage the crude that is transiting the straight. It doesn't mean they do either, but I'd want to see a deeper analysis than any of that stuff you're linking.
Supply chain management is hard, but it's not nearly as fragile as people tend to fool themselves into thinking. How many chip or egg shortages have we lived through which showed up as pretty routine price disruption? And that's especially true in areas like fuel, which everyone recognizes as national security issues worthy of careful study and planning.
My gut says that's bunk, basically. Europe isn't running out of fuel.
Or, alternatively, don't. Stuff in a TPM isn't for "security" in the abstract, it's fundamentally for authentication. Organizations want to know that the device used for connection is the one they expect to be connecting. It's an extra layer on top of "Organizations want to know the employee account associated with the connection".
"Your SSH keys" aren't really part of that threat model. "You" know the device you're connecting from (or to, though generally it's the client that's the mobile/untrusted thing). It's... yours. Or under your control.
All the stuff in the article about how the TPM contents can't be extracted is true, but missing the point. Yes, you need your own (outer) credentials to extract access to the (inner) credentials, which is no more or less true than just using your own credentials in the first place via something boring like a passphrase. It's an extra layer of indirection without value if all the hardware is yours.
TPMs and secure enclaves only matter when there's a third party watching[1] who needs to know the transaction is legitimate.
[1] An employer, a bank, a cloud service provider, a mobile platform vendor, etc... This stuff has value! But not to you.
> TPM isn't for "security" in the abstract, it's fundamentally for authentication
What on earth do you think I make my users present keys for???
You know all those guides saying "you should never copy an ssh private key over the network. Make a new one for each device" that every idiot dev ignored? Now I can enforce that.
TPMs can be useful to you as an individual if you're trying to protect against an evil maid attack. Although I think Linux isn't quite there yet with its support for it. The systemd folks are making progress though.
That only helps if you set a strong password as your TPM PIN. Otherwise its hardware-bound with no access control, and just as susceptible to evil maid attacks as storing the keys directly in a file.
I don't see how entering a passphrase into a compromised boot loader/kernel/initramfs is as safe as a measured boot with TPM providing the decryption key only if nothing seems to have been tampered with. Can you elaborate please?
I said this elsewhere in the thread, but to repeat here:
Can you explain why securing the ssh keys on a host that was fully compromised like that is anything but theater? Fine, you can't get the key out. You can just run the command directly.
Again, there are use cases where TPMs provide value to authenticate specific devices. But they are not and never have been about "keeping secrets". Your secrets are trash once the device is compromised.
Well I wasn't talking about ssh keys at all - that's where the misunderstanding comes from. I was simply trying to counter your claim that TPMs are never ever useful for individuals. They can be useful to individuals worried about having their boot tampered with.
I absolutely agree that they do zilch to protect your SSH keys. Hardware security keys that need physical confirmation of presence are much better for that use-case.
> The advantage of this approach is that malware can't just send off your private key file to its servers.
The use case is ssh keys! If malware can run an ssh command on the remote host, it doesn't need to steal your key, it can just install itself there. Or add its own keys to the access, etc... At best, you'd have to detect and fix that sort of thing with auditing and control, something that's isomorphic to the "third party" requirements I was mentioning.
To repeat the third time: this is all terrible threat model analysis. TPMs do not have value for individuals managing access between trusted devices. TPMs are for third-party validation.
> TPMs do not have value for individuals managing access between trusted devices.
But you just admitted that it prevents the key from being stolen, right? So the value is that the key cannot be stolen. Doesn't mean that a malware cannot use it of course. Just that it cannot extract it. Which is better than a malware extracting it.
Dependency cooldowns are theater. They will do nothing. Supply chain hacks get caught when someone gets pwned, and all this does is push the deadline out.
You find attacks via cross-organization auditing, like you do in Linux distros, and this doesn't do that.
I don't know exactly what "wholistic" means, but in actual numbers, corrected for inflation and median wage growth, this is 100% the opposite of true.
A few things are more expensive in CPI terms, housing among them. Almost nothing is actually significantly more expensive as a fraction of median income.
And it's really distressingly weird that people can't see this. I mean, if cars were so cheap in the 70's or whatever why did we inexplicably have so few of them?
reply