It's exhausting to make this comment every time... but here we go.
Key revocation is table stakes for secure messaging. I need a trusted way to relay that my contact's key has been revoked and I should stop trusting it.
Neither P2P, TLS, client-server, or any choice of key curve gives you this. Read the whitepaper, no mention of revocation. Correct me if I missed something.
I feel like key revocation is usually solved via key replacement in most secure instant messengers.
Every implementation that I know (which does not include SimpleX) offers some way to recover from complete key loss, at which point other parties receive a "the key for this contact has changed" notification, and that new key is then untrusted by default until verified out-of-band. (This does trust the server operators to not censor your re-registration, but that seems no different from most other centralized revocation mechanisms.)
Do you have a scenario in mind where this would not be sufficient?
Flighty is very pretty, but I’m not giving up FlightAware anytime soon.
I travel a lot, and frequently encounter flight delays. It’s mind boggling difficult to find out where my plane is when it’s delayed via Flighty. This and a few other things, FlightAware gets right.
I feel like Flighty is for rare leisure traveler and FlightAware is for weekly business and/or pilot traveler.
I’ve honestly had better luck with iOS built in flight tracker than Flighty itself.
Flighty is in a weird place because I'm a rare/leisure traveller and wow Flighty nowhere near reasonably priced for that market.
I used it in free mode when I was on iOS, but it would be ~£10 per trip for something that would improve my life less than a coffee at the airport.
In my opinion they need to aggressively cut costly features (like weather data), and if they have different international data feeds, perhaps do region locked pricing. I don't fly to the US much, so let me buy a Europe and Asia subscription and skip the US costs. Or vice-versa. It would have needed to be ~£10 a year at most.
I’m a touring lighting designer, I fly anywhere from 20-120 times a year. Every fellow LD I know uses Flighty, any time i get delayed flighty tells me before the airline does.
I especially love that it usually tells me or warns me about a delay before I leave the lounge, so i get to spend some more time relaxing. That and of course the amazing data in your flighty passport!
The promise is that it informs you quickly about flight delays, flight cancellations and gate changes. In my limited experience, it didn’t work satisfactorily for a flight delay of a few hours. It could not provide any reliable updates.
It’s a nice app and service, but I wouldn’t trust all those reviews that are like “I knew before the aircraft pilot knew”. It has its own limitations.
I don’t see any value in knowing before the pilot knows. I’ve mostly flown American the past few years and with their app I get updates about delays and gate changes on my phone just fine. I suppose there might be some advantage to getting the notification a bit earlier, but I doubt that they can reliably give information faster than the airline itself.
I think I figured it out - if you can figure out a cancellation before everyone else you can get to the counter and get on another flight before everyone.
I've had once cancellation in my life so I see why the need hasn't presented itself very loudly.
Yeah, the most notable "use", not necessarily "value", is when the airline is still prevaricating over the delay, you're approaching boarding time and you can see from ADS-B that the inbound aircraft hasn't even begun initial descent.
Last year Flighty literally saved me from an overnight delay because it notified me the incoming aircraft was still on the ground at the previous airport. I was able to snag the last couple seats on a later scheduled flight which actually departed. My original flight ended up getting canceled.
As airline crew, I stay in the lounge (employee lounge, not bar lounge) when I know I'm not going anywhere on time.
Flighty gets heavy use from US airline employees. We're frequently in the airport with a brief break before flying the next flight. Usually, this next flight will be on an aircraft that hasn't arrive to the airport yet. Most of us will find a quiet place to relax for awhile and it's really irritating to pack stuff back up and walk to the gate just to find out there's no plane.
Another scenario is you arrive to an airport and need to switch aircraft. The "turn" time might be scheduled for 45 min. It's really nice to know as you walk off the aircraft that "Hey, it's actually delayed. Now I have 2 hours." I'll go grab a bite to eat or catch up with family back home etc.
My particular airline will show you what the next inbound aircraft is and it's flight number and ETA but it's a "fetch" experience. You open the app, wait for a refresh, click like 4 times to navigate to the right page, get the tactical information. Flighty keeps it on the lock screen. Just lift your phone and it's there.
We're constantly asking our employer to emulate Flighty. Tech isn't their strong suit though.
Sounds like you identified a business opportunity for Flighty - license the functionality or just sell app access to the entire airline, at least for employees.
I fly around 6x/yr but I still found it useful enough to get the lifetime plan. I suppose if I only flew once per year I wouldn't have gotten it, but I don't mind paying ~$10/flight (probably even lower by now, and who knows what it will drop to by the time Flighty stops working, hopefully more like ~$1/flight). A typical trip might cost in the range of ~thousands of dollars so $10 to reduce my stress levels when there is a delay is worth it in my book.
For example... if there's a delay and so because you found out sooner you can stay home an extra hour instead of sitting at the airport I would pay $10 for that.
I don’t get why they get so much praise for design with such a big design flaw:
If a flight is delayed even 1 minute, it’s highlighted as red text. This throws me off every time.
Google does not this. It still shows as green if it’s just a few minutes delayed.
I’ve reported this to the Flighty team and they ignored me so I can only assume they think this is a good idea, and I will therefore never pay for their app.
I wish the data would be more reliable (or they have better sanity checks) though. One of my flights suddenly "departed" one hour+ before scheduled time. I almost got heart attack.
Needless to say there were no objective reasons for that - airport dashboard was showing proper time and flight departed with 30min delay (displayed by Flighty as 1.5hr delay).
I've never seen what you describe but I have seen other data issues. It usually depends on the airline, the same types of problems occur with the same airlines.
I've asked and they say there's little they can do, the airlines systems are broadcasting this data and some airlines are better at it than others.
To be fair, it was the first majour hiccup with the app. Usually it is quite correct.
It's hard to believe airline broadcasted incorrect data in my case. Even if that was the case, they could have cross checked it with airport data, which is way easier to obtain compared to airline stream.
And also they could have additional checks for cases when aicraft "changes" departure time to 1 hr before scheduled at around 2 hours before scheduled time. It should be highly unusual case.
Fascinating, I was struck by the exact opposite. The text overflowed the search bar, the bottom table was difficult to read, the airports all just kind of pulsed brown every couple seconds, I assumed this was a slopped together weekend project someone was advertising here.
But the iOS app is not what was shared. Why would someone use an iOS app they haven't used as the basis for their comment? Especially since you yourself did not mention it in your top comment?
Why can't you just like an app, why do you have to turn it into a personal statement about your dislike of AI? If AI was not involved, why bring it up?
I imagine you live your life contextually, whereby your daily experiences are felt against the backdrop of the immediate events you, then your community, and eventually the world at large. If the rest of the world was involved, why not bring it up?
When Apple vertically integrates it works for them. All the way from the cloud to the OS to the hardware. Pretty sure this will beat out tools like JAMF on user privacy alone by running trusted MDM adjacent tools in kernel space.
Yes sure you can use a different tool for any of these, defaults dominate for the same reason Google pays ~15 billion to be the default search engine on iPhones.
Nice upgrade. userpsace HTTP proxies are a good start and should make unlikely that a secret gets into the context window due to a high permission read. There are a few missing pieces in the agent security world in general
1. Full secret-memory isolation whereby an agent with root privileges can't exfilrate. Let's assume my agent is prompt injected to write a full-permissions script to spin up OneCli, modify the docker container, log all of the requests w/ secrets to a file outside the container, exfiltrate.
2. An intent layer on top of agents that models "you have access to my gmail (authN) but you can only act on emails where you are a participant". This would be more similar to universal RBAC between agent ↔ mcp etc.
I've been building on [2] for a while now using signed tokens expressing intent.
On (1), the agent runs in its own container where OneCLI doesn't exist. It can't spin up OneCLI or access its process because it's completely isolated from it. The agent only ever sees placeholder tokens, the real secrets live in a separate container it has no way to reach.
On (2), we actually address this with OneCLI Rules, deterministic constraints enforced at the proxy level before a request ever hits the API. So the agent doesn't need to "behave", it just can't do what the rules don't allow. Would love to hear more about your signed tokens approach.
At a basic levels, access layers should be aware of operations that are Read-only and operations that are Write/Delete. It should be easy to give agents access to read anything, then require permission/prompt to execute any state changing operations.
Hey Oskar ~ great project and looks promising. I would be curious to hear what is still work-in-progress for Bombadil.
It's helpful to know what the tool maintainers see as upcoming or incomplete work. It also saves a consultant like me a lot of time to evaluate new tools for clients if I also know the limitations before diving in. Maybe a section in the manual for "What Bombadil can't do".
Good feedback! Short answer: a lot of stuff is remaining. It's a very new projects and I've been trying to cover the basics. There's a ton to do around better state space exploration, reporting/debugging (working on this now!), integration with other tools and platforms like CI, etc. But a living section in the README or the Manual for "planned but not yet built" probably makes sense.
Not if having a heart attack within 1 year at a higher rate is an co-morbidity factor when the primary treatment was for obesity or diabetes (not stating that obesity and heart disease are not positively correlated).
To use a dense analogy: if I stopped brushing my teeth I would not expect to die of gum disease.
You are misunderstanding the study (largely because the article heavily misrepresents it, would be my guess)
They do not see an increase against their pre-GLP1 baseline risk - they see a reversal of the cardioprotective benefits the drug provided while they were on it.
> Full AttnRes is straightforward but requires O(Ld) memory at scale. Block AttnRes partitions layers into N blocks, accumulates within each block via standard residuals, and applies attention only over block-level representations. With ~8 blocks, it recovers most of Full AttnRes's gains while serving as a practical drop-in replacement with marginal overhead.
> The most positive outcome I can think of is one where computers get really good at doing, and humans get really good at thinking. If we never figure out how to make computers creative, then there will be a very natural division of labor between man and machine.
Man will do nothing and machine will do everything. That's a bleak world no one is preparing for.
How is that universal basic income scheme coming along?
If there is person A who can become a squillionnaire by making sure that the employees of a company make as little as possible due to AI, that's what's going to happen. There is zero way "we" will decide resources need to be shared fairly.
If person A can amass more money and power, then resource consumption literally doesn't matter. There is no way "we" will be involved in that process at all.
Call me cynical, but it appears that human history has proven over and over and over again that whatever the short sighted, selfish option that enriches a very few is, is what will happen, until there is finally violence.
I do not look forward to the AI wars that my children will be forced to fight in.
I don't see how this doesn't equally apply to the pre-AI economy. The results there have been quite stark, with the "entrepreneurs" ending up far better off than the "employees".
> I don't see how this doesn't equally apply to the pre-AI economy. The results there have been quite stark, with the "entrepreneurs" ending up far better off than the "employees".
This is wrong, in most cases the entrepreneur is worse off than the employees, since the entrepreneur spent all his savings on the projects and the employees walks away with all the money they got from their salaries.
And even when it is fully funded by external investors most of the time the founder just gets to keep the salary since the company fails and become worthless.
The only time the entrepreneur is better off is when the company succeeds and becomes big, but that is rare, most of the time it is better to be an employee.
What makes rich people special is that they have things normal people do not have. They have material wealth with which they can derive power. They don't want to share it now and they won't in the future. Do you really think that these people who have spent so much time and effort hoarding their wealth want to share it with everyone? Absolutely not.
> How is that universal basic income scheme coming along?
If the Epstein class won't allow for everyone to have a reasonable standard of living when they relied on workers to produce, the chances of them allowing it when they don't is next to nil. They couldn't even bear the thought of people working from home, for no other reason than the workers liked it, and that cost them nothing.
Key revocation is table stakes for secure messaging. I need a trusted way to relay that my contact's key has been revoked and I should stop trusting it.
Neither P2P, TLS, client-server, or any choice of key curve gives you this. Read the whitepaper, no mention of revocation. Correct me if I missed something.
reply