Wow, listening to the article [a], with the flat, tinny AI voice - it's hard to shake the feeling that this is satire.
And in the YouTube video, I think I glimpse the AI delegating and assigning work to the user (hey, you should review this file/presentation) - via Teams or some other chat interface that probably grabs your attention with an obnoxious ping!
Ironically, the vision they seem to be peddling looks quite close to what NocoBase[n] is selling.
Key difference being that NocoBase at least try to increase human agency.
They both suffer a bit from 4gl flaws; how do you version your code, how do you move it to another system, eg when changing employer.
Like, how do bring your customized Chad - senior assistant - with you to Google workspace or fastmail?
For NocoBase AFAIK they have modules, but no real versioning - so I don't see how it is a good fit for developers.
I just recently came across it as I was looking for a ticketing system - and no, I don't want to build my own in a 4gl system if I can help it. But holy shit would I be more inclined to let our org users play with NocoBase rather than set things on fire with chaos agents running on top of OpenClaw!
PS: We looked at libreDesk (too simple, missing things like merging issues) - looks like we'll go for FreeScout.
I'm kind of sad that Trac/Apache bloodhound died (and I think died, not just became feature complete) - they worked pretty well for email first support tickets.
How long did it take from the first macro virus until the industry accepted that "we can't have nice things (at this cost to security)" - macros were defaulted to off everywhere?
How long until the industry accept the risk LLMs pose with "prompt injection"?
Well, people used MS-DOS which had basically no security model at all for at least 10 years. Most viruses were benign, but it was almost trivial to simply wipe the entire hard disk. People generally didn't care, and made backups.
Things have become a bit more complicated now that machines are connected all the time, and the risk of infection is no longer limited to physically inserting a floppy disk into a machine.
I suspect that the solution is not so much in trying to make our current systems secure, but to make disconnection more practical.
They basically trained a neural network on the data they got from the SSD - and recorded data with other websites open in different tabs or even different browsers.
They could then guess/detect other open sites.
I presume, if they'd trained/recorded - they might detect other software as well.
But right now, they demonstrated (on MacOS) that if you open the exploit in a browser - they can look at SSD activity and tell you have website x, y and z open.
Might let you target users of a certain bank, child porn, regular porn, shopping sites... Mostly imagination that sets the limit.
She's excellent and her stuff has made it to the front page many times. I love seeing her work come up and I imagine many others here feel the same way.
Fair enough. I didn't know what was supposed to be objectionable about her personally until your last comment made me do some Googling. Bleh.
To be honest, I feel like I still don't really know much about who she really is or what real political work she's doing recently, if any. And I kinda don't wanna know anyway; I don't wanna play political blacklist enforcer.
The article is a little one sided, as it doesn't touch upon MinID which is a government ID service, and Idporten which is an authentication service that allows use of different EIDs, like MinID and BankID.
MinID is only considered "secure" while BankID is considered "highly secure"; as the linked pdf report (on Norwegian) states - in Norway, due to the popularity/market dominance of BankID - a lot of the logins are "highly secure" - while in Sweden their (different, but with same name) BankID is only "secure" - and most services require only "secure" login.
In Norway there are AFAIK public services that require "highly secure" login - and there the public issued MinID isn't enough.
If 2fa for MinID is improved - I think it would easily be upgraded to "highly secure" (most other details are similar to BankID). That should take care of public services.
Private services that do not cater to the public good - would still need a portal similar to (or be granted use of) Idporten.
So I think catastrophe is a little hyperbolic - but the current path of BankID dominance isn't good.
Ed: I see the hn title is editorialized - TFA has a more balanced title.
Ed2: From the podcast - BankID might get downgraded to "secure" because of how 2fa is handled - so it's not only MinID that might need some adjustments.
To be fair a part of the problem here is that BankID is so common it has become the "Jacuzzi of EID" or the "Google of EID" or whatever your poison is. So all EID-related discussion in public is now "Why aren't we just adding BankID".
Sure, some policymaker will probably interpret this as "introduce EID" but it does color public debate.
I think it's a shame MinID doesn't have the same level of security as BankID, we are really missing out on a great opportunity. But something tells me the powers that are in Norway's socialite community doesn't want it. In Norway we don't have that much monetary corruption, but we have a lot of "kompistjeneste"
The proper terminology is Level of Assurance (LoA) for an eID as opposed to “secure” or “highly secure”.
eIDAS (EU Regulation No 910/2014) derives the LoA definition from ISO/IEC 29115:2013 LoA 2,3,4 to LoA “Low”, “Substantial” and “High” (LoA 1 is not mapped in eIDAS). eIDAS article 8 refers to the Commission Implementing Regulation (EU) 2015/1502 and it refers to ISO/IEC 29115:2013.
I like to think of it like the difference between dropping a ball on a roulette wheel (get one random number/sequence of repeated) - vs dropping a ball on a carved topographic map, where valleys guide the ball to a particular outcome.
If you can stand a little AI expansion - here are a few points Gemini came up with - I think the idea has some merit:
And in the YouTube video, I think I glimpse the AI delegating and assigning work to the user (hey, you should review this file/presentation) - via Teams or some other chat interface that probably grabs your attention with an obnoxious ping!
Ironically, the vision they seem to be peddling looks quite close to what NocoBase[n] is selling.
Key difference being that NocoBase at least try to increase human agency.
They both suffer a bit from 4gl flaws; how do you version your code, how do you move it to another system, eg when changing employer.
Like, how do bring your customized Chad - senior assistant - with you to Google workspace or fastmail?
For NocoBase AFAIK they have modules, but no real versioning - so I don't see how it is a good fit for developers.
I just recently came across it as I was looking for a ticketing system - and no, I don't want to build my own in a 4gl system if I can help it. But holy shit would I be more inclined to let our org users play with NocoBase rather than set things on fire with chaos agents running on top of OpenClaw!
PS: We looked at libreDesk (too simple, missing things like merging issues) - looks like we'll go for FreeScout.
I'm kind of sad that Trac/Apache bloodhound died (and I think died, not just became feature complete) - they worked pretty well for email first support tickets.
[a] https://www.microsoft.com/en-us/microsoft-365/blog/2026/06/0...
[n] https://www.nocobase.com/
reply