I don't know. Growing up and seeing life and people around me I firmly believe that if you have enough brain power and intuition for $TOPIC you can speed-run it. At the same time, with time and experience and doing/re-doing it, you will learn or master $TOPIC [1] even with less brain power.

[1] Depending on the topic and the level of knowledge of it.

1. Intuition mostly “muscle-memory” earned from previous experience.

2. Don’t assume you’re the next Mozart. Someone is, statistically it’s not you.

Maybe it's just muscle-memory, but clearly there are brains which develop it 100x faster than others, depending on the topic. See the aforementioned Mozart and the music topic. I think there are a lot of young and not so young adults whose peak performance in instrument playing is equal to Mozart's at age 8.

Isn't intuition just distilled experience?

It can be but it can also be derived by raw brain power, IMO, and that's my point. You can understand how something work by simulating many mental models quickly in your mind, comparing them and deciding the one that makes more sense, or you can be overwhelmed by doing this and be unsuccessful at it. But with the years and experience you actually distill that understanding, and you are able to apply it to other similar topics as well.

Don't underestimate the stubbornness of "get rich easy" people when it comes down to cheating etc. Even if it's not easy or cost effective, if this was going to be actually viral, they would tap real phones in click-farms to game the system. And do it once a year.

It's true that there are people who pay a premium for thinking they got one up on you, and will waste $1000 of effort to get $100.

But it wouldn't actually work well. It doesn't even need physical invites, keeping track of the invite graph is a great way to kick scammers out. It works. It's been demonstrated to work well since at least 2004.

The reason social media sites don't do it is not that it doesn't work - it's that growth trumps those concerns. Making onboarding as easy as possible is more important than keeping scammers out.

The difference IMO is that every single human is a slightly different model, not the same one with a different prompt, or weights.

I'm not sure I buy that competition between individuals is a hard requirement but lets assume that to be the case for now. Then how many variants of itself do you suppose an AI could instantiate in parallel given full control of a gigawatt class datacenter?

Is this supposed to be sarcasm?

Half of the list by GP shares these same characteristics, unfortunately. The only one that is slowly - but not even steadily - going towards the same stigma is tobacco.

I could never do it without investing a large amount of time into PS, and getting stressed a lot in the meanwhile.

Which ultimately it's what religion has always been: a way to explain the unexplainable and steer people behavior while doing it.

Yes, and at the same time we should ask the question: would the intersection between "people who think this is a funny thing to do" and "people with the technical capabilities to actually generate something that misleads police" [1] return a value > 0 before GenAI?

[1] waiting for some example where fool policemen where outsmarted with simple tricks /s

What's the issue with OC? I tried it a bit over 2 months ago, when I was still on Claude API, and it actually liked more that CC (i.e. the right sidebar with the plan and a tendency at asking less "security" questions that CC). Why is it so bad nowadays?

> Russian locale kill switch: Exits silently if system locale begins with "ru", checking Intl.DateTimeFormat().resolvedOptions().locale and environment variables LC_ALL, LC_MESSAGES, LANGUAGE, and LANG

So bold and so cowards at the same time...

The worst thing is that you can't even tell if that's "real" or just a false flag.

Does it matter? Lots of groups do such checks at startup at this point, because every news outlet who reports on it suddenly believe the group to be Russian if you do, so it's a no brainer to add today to misdirect even a little.

My point is that it could still be Russia, as they know that we know it is used as a false flag.

My point is; what changes if we knew for a fact it was Russia or that it was someone else?

>My point is; what changes if we knew for a fact it was Russia or that it was someone else?

Is this a serious question?

Sounds serious to me

It's highly unlikely that the people behind an attack like this would come out (non-anonimously) and take credit. And it's unlikely they'll be caught. So does it matter to most peoplee if it's Russians, Americans, Iranians, North Koreans, or some other country?

If you're a 3-letter agency, you'd want to know and potentially arrest them, but as a random guy on the internet, or even a maintainer, I really don't think it matters.

So if it came out that the NSA was attempting to put backdoors in consumer password managers, it wouldn't change the context of the side channel attack? How about if it was a company (like Google)? It seemed like an unserious question because I can't understand how someone would think something like that wouldn't change the situation.

Does the nsa really need that ? 99% of our services are hosted on American servers, which the nsa already has full access.

Why would you steal the key when you're already in the house ?

And for the high profile, like some Iranian scientist who has the code to something important, they wouldn't use things like bitwarden.

I really see no use case when the nsa would need access to your bitwarden vault.

> So if it came out that the NSA was attempting to put backdoors in consumer password managers, it wouldn't change the context of the side channel attack?

Not really, we already know that NSA attempts shit like this all the time, if that came out, it'd be the same as the Snowden leaks meaning, a bunch of nerds going "Huh, who could have predicted this?". I don't see the point in it being Russia, China or the US, I'd like it as much if the US did it as Russia, so that's why I asked why it matters.

for most people, nothing.

for threat intel people, a lot.

If walks like a duck and quacks like a duck, then it is a russian spy masqueraded like a duck. Russia is at cold war with NATO.

"Discretion is the better part of valor", "Never point it at your own feet", "Russian roulette is best enjoyed as a spectator", and many other sayings seem applicable.

That isn't a smoking gun. I think it was the Vault7 leaks which showed that the NSA and CIA deliberately leave trails like this to obfuscate which nation state did it. I'm sure other state actors do this as well, and it's not a particularly "crazy" technique.

So, Russia is no longer a target for CIA?

What? All I'm saying is that attribution isn't easy to do in these cases.

ah yes, because everyone sets locale on their npm publish github CI job.

obvious misdirection, but it does serve to make it very obvious it was a state actor.

> but it does serve to make it very obvious it was a state actor

Lol no, lots of groups do this, non-state ones too.

Smells like blackmail from another nation..