Boo hoo. Claude was trained using data stolen from the collective works of all of humanity. If someone does it faster and cheaper by skimming the cream off the top of Claude then surely that’s just a market efficiency in the thieves business?
You’re going to brute force every possible state of a sandbox building game. See you on the other side of the heat death of the universe; hope you stocked up on Claude Code credits.
Also, lol, "the large battery in an EV makes it easier to feed powerful computers". Do they not think an internal combustion engine can power a few ARM chips? What could the total power consumption of all the computer equipment in a car be, like 30-50 watts? 200 horsepower is 147 kW.
Even the point about running computers when the car is off seems wildly uninformed: a 12 V starter battery in an ICE car is about 70 Ah. That’s 840 Wh. So you can run a 5 W computer (that does nothing but periodically wake up to look for and download updates and such) for 168 hours. (Of course, any competent implementation will not let electronics run the battery flat, but it still seems like way more than enough)
I've been thinking the same thing for years -- thank you for saying it. I agree completely.
Another pro is that no encryption means super low power microcontrollers and retrocomputers can browse freely. The system req's go down by orders of magnitude. I think enforcing TLS in the Gemini protocol was a huge mistake; there are so many retrocomputing enthusiasts that would love to browse Geminispace on their Amigas and 486s -- it might actually have been a significant part of the userbase -- but they're locked out because their CPUs simply cannot reasonably handle modern TLS.
To the best of my understanding it means that a system made by CGI for digital signing of documents (as in: you get something like a PDF from a government agency and need to digitally sign it and send it back) has had its source code and/or some data belonging to it leaked.
Skatteverket, the Swedish tax authority, has been quoted in media as confirming that they use CGI's system for digital document signing but that none of their data nor that of any citizens has been leaked.
"One of the government agencies that uses CGI’s services is the Swedish Tax Agency, which was notified of the incident by the company. However, according to the Swedish Tax Agency, its users have nothing to worry about.
“Neither our data nor our users’ data has been leaked. It is a service we use for e-signatures that has been affected, but there is no data from us or our users there,” says Peder Sjölander, IT Director at the Swedish Tax Agency."
So if no data was leaked from the tax agency or from the users, then the leaked "digital signing documents" must have belonged to the only remaining party, which is CGI, so perhaps they were just some marketing documents about the benefits of their digital signing service?
The original phrasing from the attacker, from the website that put the data up for download/sale, was ”documents (for electronic signing)” which implies that they’re documents that would be signed in said system. I would take all of this with a large helping of salt though. CGI claims it’s not real production data anyway; maybe it is and maybe it’s not.
The best case scenario is in line with what CGI claims: these are lorem ipsum fake docs from an old git repo for a test instance of the system.
No, public information for anyone. You realize that if it's public information, then it's public, and anyone can re-publish it online? There are websites for that. I can get the complete identification number, home address, phone number, etc for any Swedish citizen (that does not have a protected identity) in less than a minute.
I cannot trivially get the whole database, no. But I kind of fail to see what a malicious actor would do with a large database of public information that they couldn’t otherwise do. The system is designed such that you can’t really do a lot of malicious stuff with just public data, and the stuff you can do (scam calls, etc) is probably not meaningfully more effective if you have the whole database than if you do manual lookups or web scraping. I’m open to being proved wrong about that however.
Basically: obviously it's not desirable to have that full database in the hands of a malicious actor but I'm not sure it's such a big deal either. Again, it's public data by design.
In the US, property tax records are public by design. However, historically the records were physical and hard to search through. Now that these records are digitized and published online, it is trivial to find out where someone resides by searching through these records. So while public by design, at scale data aggregation changes the threat model.
I will say that the open and transparent design of Nordic society has some obvious issues when colliding with the hostile Internet we have today.
The issue here though was whether having a full database is materially worse than relying on existing public resources. I can do identity theft all day with public resources; I don’t need a full database dump.
Yes, you can buy the database for the entire population. There are commercial vendors for this, one of them is Dun & Bradstreet (Bisnode Dun & Bradstreet Sverige).
reply