That moment when you hit send only to notice right after it's too late that it auto "corrected" a few words of what you said into what it thinks you wanted to say.
Many carriers also effectively stopped honouring DAP Incoterm. If consumer doesn't pay the tariff within 2 months or so, they charge the shipper.
See FedEx for instance:
14.6 Regardless of any payment instructions to the contrary, the Sender is ultimately responsible for payment of duties and taxes and all fees and surcharges related to FedEx’s disbursement of duties and taxes if payment is not received. If a Recipient or a third party from which reimbursement confirmation is required refuses to pay the duties and taxes upon request, FedEx may contact the Sender, for the same. If the Sender refuses to make satisfactory arrangements to reimburse FedEx, the Shipment may be returned to the Sender (in which case, Sender will be responsible both for original and return charges) or placed into a temporary storage, general order warehouse or a customs-bonded warehouse or considered undeliverable. If Transportation Charges for a Shipment are billed to a credit card, FedEx reserves the right to also settle uncollected duties and taxes charges associated with that Shipment to the credit card account.
I just got a DHL shipment from the UK. They indicated I (the receiver) needed to pay the tariff or the shipment would be returned to the sender within 1 week.
It sure sounds like they aren't going to charge the shipper. And I can't blame them for not wanting to be left empty-handed.
Not exactly. The most significant change in the 2025 language is the explicit right for FedEx to automatically settle uncollected duties and taxes against the credit card used for the initial transportation charges. Previously, FedEx would typically issue a separate invoice for duties and taxes and attempt to collect it via standard billing cycles.
In short, they now often release shipments without attempting to collect payment from the recipient and charge the shipper.
This is from their terms in 2006. The last line permits FedEx to charge the sender's credit card for duties it advanced:
> Duties and taxes may generally be billed to the sender, the recipient or a third party. If the sender fails to designate a payer on the air waybill, duties and taxes will automatically be billed to the recipient where allowed. Bill Sender Duties and Taxes and Bill Third Party Duties and Taxes are options available only for deliveries to specified locations. REGARDLESS OF ANY PAYMENT INSTRUCTIONS TO THE CONTRARY, THE SENDER IS ULTIMATELY RESPONSIBLE FOR PAYMENT OF DUTIES AND TAXES IF PAYMENT IS NOT RECEIVED. If transportation charges for a shipment are billed to a credit card, FedEx reserves the right to also settle uncollected duties and taxes charges associated with that shipment to the credit card account.
Memory Tagging Extension is an Arm architectural feature, not an Apple invention. Apple integrated and productised it, which is good engineering. But citing MTE as proof that Apple’s model is inherently superior misses the point. It doesn’t address the closed trust model or lack of independent system verification.
Your claim wasn't about inherent superiority or who invented what, your claim was "that Apple's approach is security by obscurity with a dollop of PR." The fact that they deployed MTE on a wide scale, along with many other security technologies, shows that not to be true.
MTE is an Arm architectural feature. Apple integrated it, fine. That’s engineering work. But the implementation in Apple silicon and the allocator integration are closed and non-auditable. We have blog posts and marketing language, not independently verifiable source or hardware transparency.
So yes, they deploy mitigations. That doesn’t negate the fact that the trust model is opaque.
Hardening a class of memory bugs is not the same thing as opening the platform to scrutiny. Users still cannot independently verify kernel integrity, inspect enforcement logic, or audit allocator behaviour. Disclosure and validation remain vendor-controlled.
You’re treating ‘we shipped a mitigation’ as proof against ‘the system is closed and PR-heavy.’ Those are different axes.
"Security by obscurity" does not mean "closed." It specifically means that obscurity is a critical part of the security. That is, if you ever let anyone actually see what was going on, the whole system would fall to pieces. That is not the case here.
If what you meant to say was "the system is closed and PR-heavy," I won't argue with that. But that's a very different statement.
10-20 years ago running a social network platform was viable for individuals. Today, in the era of information warfare, SEO, trolling and in general magnitudes more bad actors, it's almost impossible.
Friend has encountered things like people uploading illegal content and then reporting to hosting provider or various terrorist or political organisations publishing their manifestos and vile content then making death threats for taking it down and so on.
Also no ads, means how the platform is going to survive once provider runs out of money or figures out it is not as easy as it looks like?
Good points! paperboat.website is very simple and focuses on friends sharing their blog posts which each other, which helps limit regular users' exposure to potential malicious activity.
I expect it's going to be tricky if the user base grows but I'm not planning to compete with larger social networks. It's primarily a space to create personal sites and blogs and my plan is to keep it around as long as possible. If users decide to purchase memberships, I'll have even more time to make sure it stays secure and up to date. If not, I'll still run this for me and my friends which is a huge motivation for me already.
reply