If you think about it, everything we've done to make malicious webpages unable to fiddle around with your state on other sites using XHRs, are exactly and already the proper set of constraints we'd want to prevent models working with webpages from doing the same thing.

Highly related: two videos covering exactly how they fit...

- Super Mario Bros 1 into 40KiB (https://www.youtube.com/watch?v=1ysdUajrhL8)

- and Super Mario Bros 2 into 256KiB (https://www.youtube.com/watch?v=UdD26eFVzHQ)

I highly advise watching the actual videos to best understand, since all the techniques used were very likely devised from a game-dev perspective, rather than by invoking any abstract CS textbook learning.

But if I did want to summarize the main "tricks" used, in terms of such abstract CS concepts:

1. These old games can be understood as essentially having much of their data (level data, music data, etc) "compressed" using various highly-domain-specific streaming compressors. (I say "understood as" because, while the decompression logic literally exists in the game, there was likely no separate "compression" logic; rather, the data "file formats" were likely just designed to represent everything in this highly-space-efficient encoding. There were no "source files" using a more raw representation; both tooling and hand-edits were likely operating directly against data stored in this encoding.)

2. These streaming compressors act similar to modern multimedia codecs, in the sense that they don't compress sequences-of-structures (which would give low sequence correlation), but instead first decompose the data into distinct, de-correlated sub-streams / channels / planes (i.e. structures-of-sequences), which then "compress" much better.

3. Rather than attempting to decompose a single lossless description of the data into several sub-streams that are themselves lossless descriptions of some hyperplane through the data, a different approach is used: that of each sub-channel storing an imperative "painting" logic against a conceptual mutable canvas or buffer shared with other sub-channels. The data stream for any given sub-channel may actually be lossy (i.e. might "paint" something into the buffer that shouldn't appear in the final output), but such "slop"/"bleed" gets overwritten — either by another sub-channel's output, or by something the same sub-channel emits later on in the same "pass". The decompressor essentially "paints over" any mistakes it makes, to arrive at a final flattened canvas state that is a lossless reproduction of the intended state.

4. Decompression isn't something done in its entirety into a big in-memory buffer on asset load. (There isn't the RAM to do that!) But nor is decompression a pure streaming operation, cleanly producing sequential outputs. Instead, decompression is incremental: it operates on / writes to one narrow + moving slice of an in-memory data "window buffer" at a time. Which can somewhat be thought of as a ring buffer, because the decompressor coroutine owns whichever slice it's writing to, which is expected to not be read from while it owns it, so it can freely give that slice to its sub-channel "painters" to fill up. (Note that this is a distinct concept from how any long, larger-than-memory data [tilemaps, music] will get spooled out into VRAM/ARAM as it's being scrolled/played. That process is actually done just using boring old blits; but it consumes the same ring-buffer slices the decompressor is producing.)

5. Different sub-channels may be driven at different granularities and feed into more or fewer windowing/buffering pipeline stages before landing as active state. For example, tilemap data is decompressed into its "window buffer" one page at a time, each time the scroll position crosses a page boundary; but object data is decompressed / "scheduled" into Object Attribute Memory one column at a time (or row at a time, in SMB2, sometimes) every time the scroll position advances by a (meta)tile width.

6. Speaking of metatiles — sub-channels, rather than allowing full flexibility of "write primitive T to offset Y in the buffer", may instead only permit encodings of references to static data tables of design-time pre-composed patterns of primitives. For tilemaps, these patterns are often called "meta-tiles" or "macro-blocks". (This is one reason sub-channels are "lossy" reconstructors: if you can only encode macro-blocks, then you'll often find yourself wanting only some part of a macro-block — which means drawing it and then overdrawing the non-desired parts of it.)

7. Sub-channels may also operate as fixed-function retained-mode procedural synthesis engines, where rather than specifying specific data to write, you only specify for each timestep how the synthesis parameters should change. This is essentially how modular audio synthesis encoding works; but more interestingly, it's also true of the level data "base terrain" sub-channel, which essentially takes "ceiling" and "ground" brush parameters, and paints these in per column according to some pattern-ID parameter referencing a table of [ceiling width][floor height] combinations. (And the retained-mode part means that for as long as everything stays the same, this sub-channel compresses to nothing!)

8. Sub-channels may also contain certain encoded values that branch off into their own special logic, essentially triggering the use of paint-program-like "brushes" to paint arbitrarily within the "canvas." For example, in SMB1, a "pipe tile" is really a pipe brush invocation, that paints a pipe into the window, starting from the tile's encoded position as its top-left corner, painting right two meta-tiles, and downward however-many meta-tiles are required to extend the pipe to the current "base terrain" floor height.

9. Sub-channels may encode values ("event objects") that do not decode to any drawing operation to the target slice buffer, but which instead either immediately upon being encountered ("decompression-time event objects") or when they would be "placed" or "scheduled" if they were regular objects ("placement-time event objects"), just execute some code, usually updating some variable being used during the decompression process or at game runtime. (The thing that prevents you from scrolling the screen past the end of map data, is a screen-scroll-lock event object dropped at just the right position that it comes into effect right before the map would run out of tiles to draw. The thing that determines where a "warp-enabled pipe" will take you, is a warp-pipe-targeting event object that applies to all warp-enabled pipes will take you after it runs, until the next warp-pipe-targeting event object is encountered.)

If at least some of these sub-channels are starting to sound like essentially a bytecode ISA for some kind of abstract machine — yes, exactly. Things like "event objects" and "brush invocations" can be more easily understood as opcodes (sometimes with immediates!); and the "modal variables" as the registers of these instruction streams' abstract machines.

[continued...]

11. These sub-channel ISAs are themselves designed to be as space-efficient as possible while still being able to be directly executed without any kind of pre-transformation. They're often variable-length, with most instructions being single-byte. Opcodes are hand-placed into the same kind of bit-level Huffman trie you'd expect a DEFLATE-like algorithm to design if it were tasked with compressing a large corpus of fixed-length bytecode. Very common instructions (e.g. a brush to draw a horizontal line of a particular metatile across a page up to the page boundary) might be assigned a very short prefix code (e.g. `11`), allowing the other six bits in that instruction byte to to select a metatile to paint with from a per-tilemap metatile palette table. Rarer instructions, meanwhile, might take 2 bytes to express, because they need to "get out of the way of" all the common prefixes. (You could think of these opcodes as being filed under a chain of "Misc -> Misc -> Etc -> ..." prefixes.)

IMHO, these are all (so far) things that could be studied as generalizable data-compression techniques.

But here are two more techniques that are much more specific to game-dev, where you can change and constrain the data (i.e. redesign the level!) to fit the compressor:

12. Certain ISAs have opcodes that decode to entirely-distinct instructions, depending on the current states of some modal variables! (My guess is that this came about either due to more level features being added late in development after the ISAs has mostly been finalized; or due to wanting to further optimize data size and so seeing an opportunity to "collapse" certain instructions together.) This mostly applies to "brush" opcodes. The actual brush logic they invoke can depend on what the decoder currently sees as the value of the "level type" variable. In one level type, opcode X is an Nx[floor distance] hill; while in another level type, opcode X is a whale, complete with water spout! (In theory, they could have had an opcode to switch level type mid-level. Nothing in this part of the design would have prevented that; it is instead only impractical for other reasons that are out-of-scope here, to do with graphics memory / tileset loading.)

13. And, even weirder: certain opcodes decode to entirely-distinct instructions depending on the current value of the 'page' or 'column' register, or even the precise "instruction pointer" register (i.e. the current 'row' within the 'column'). In other words, if you picture yourself using a level editor tool, and dragging some particular object/brush type across the screen, then it might either "snap" to / only allow placement upon metatiles where the top-left metatile of the object lands on a metatile at a position that is e.g. X%4==1 within its page; or it might "rotate" the thing being dragged between being one of four different objects as you slide it across the different X positions of the metatile grid. (This one's my favorite, because you can see the fingerprint of it in much of the level design of the game. For example: the end of every stage returns the floor height to 2, so that "ground level" is at Y=13. Why? Because flagpole and castle objects are only flagpole and castle objects when placed at Y=13!)

Token ID 73700 is the literal entire (space-prefixed) word " strawberry". (Which neatly explains the "strawberry problem.")

Token ID 27128 is " cryptocurrency". (And 41698 is " disappointment".)

Token ID 44078 is " UnsupportedOperationException"!

Token ID 58040 is 128 spaces in a row (and is the longest token in the vocabulary.)

You'd be surprised how well this vocabulary can compress English prose — especially prose interspersed with code!

(And it's for a similar reason, I think, that deliberative models like rewriting your question in their own terms before reasoning about it. They're decreasing the per-token re-parsing overhead of attending to the prompt [by distilling a paraphrase that obviates any need to attend to the literal words of it], so that some of the initial layers that would either be doing "figure out what the user was trying to say" [i.e. "NLP stuff"] or "figure out what the user meant" [i.e. deliberative-reasoning stuff] — but not both — can focus on the latter.)

I haven't done the exact experiment you'd want to do to verify this effect, i.e. "measuring LLM benchmark scores with vs without an added requirement to respond in a certain speaking style."

But I have (accidentally) done an experiment that's kind of a corollary to it: namely, I've noticed that in the context of LLM collaborative fiction writing / role-playing, the harder the LLM has to reason about what it's saying (i.e. the more facts it needs to attend to), the spottier its adherence to any "output style" or "character voicing" instructions will be.

If you really wanted just have a separate model summarize the output to remove the filler.

As those tokens flow through the QKV transforms, on 96 consecutive layers, they become the canvas where all the activations happen. Even in cases where it's possible to communicate some detail in the absolute minimum number of tokens, I think excess brevity can still limit the intelligence of the agent, because it starves their cognitive budget for solving the problem.

I always talk to my agents in highly precise language, but I let A LOT of my personality come through at the same time. I talk them like a really good teammate, who has a deep intuition for the problem and knows me personally well enough to talk with me in rich abstractions and metaphors, while still having an absolutely rock-solid command of the technical details.

But I do think this kind of caveman talk might be very handy in a lot of situations where the agent is doing simple obvious things and you just want to save tokens. Very cool!

Try it for yourself — under the most popular tokenizer vocabulary (https://tiktokenizer.vercel.app/?model=cl100k_base), "strawberry" becomes [str][aw][berry]. Or, from the model's perspective, [496, 675, 15717]. The model doesn't know anything about how those numbers correspond to letters than you do! It never gets sat down and told "[15717] <=> [b][e][r][r][y]", with single-byte tokens on the right. (In fact, these single-byte tokens appear in the training data extremely rarely, and so the model doesn't often learn to do anything with them.)

Note that LLMs can predictably count the number of r's in "s t r a w b e r r y", because <Count the number of r's in "s t r a w b e r r y"> becomes [Count][ the][ number][ of][ r]['s][ in][ "][s][ t][ r][ a][ w][ b][ e][ r][ r][ y]["]. And that's just a matching problem — [ r] tokens for [ r] tokens, no token-correspondence-mapping needed.

This is clearly not the case, any modern (non-reasoning) model easily decomposes words into individual token-characters (try separating them with e.g. Braille spaces...) and does arbitrary tokenization variants if forced with a sampler. It's way deeper than tokenization, and models struggle exactly with counting items in a list, exact ordering, retrieving scattered data, etc. LLM context works a lot more like associative memory than a sequence that can be iterated over. There are also fundamental biases and specific model quirks that lead to this.

The largest electricity consumers all have good places to put solar farms.

Is it just that there's no "privacy lobby" interested in getting even one lawyer around to sit down and write it up?

Or is there at least one such bill floating around, but no EU member state has been willing to table it for discussion?

"Article 7

Respect for private and family life

Everyone has the right to respect for his or her private and family life, home and communications.

Article 8

Protection of personal data

1. Everyone has the right to the protection of personal data concerning him or her.

2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.

3. Compliance with these rules shall be subject to control by an independent authority."

Ditto the Canadian Charter of Rights and Freedoms, with its 'notwithstanding' clause. (Though they're presently litigating over that, so we'll see what happens!)

Any constitution or human rights instrument full of exemptions, 'emergency powers', 'notwithstanding' clauses, or 'states of exception' is not worth the paper it's written on.

(That’s not to say laws shouldn’t make a better attempt to circumscribe exceptions)

No laws are absolute, some laws are more holes than cheese, but a law that says "A government must not punish you for doing X, except in accordance with duly passed criminal laws that make X illegal" is almost entirely pointless. It exists solely to make people feel fuzzy when reading the first half of the sentence, which is the only part you'll ever hear quoted, while not actually impeding anything a government may wish to do to you. This is intentional. Those carte blanche exemptions do not consistently appear across international human rights treaties by some accident.

Think about all the laws that aren't even attempted because they would be struck down. Or all the laws floated, but which don't pass because they'd be struck down. Or the laws modified so they won't be struck down.

I'm with you though - I think a lot of the constitution protections in the US have been watered down over the decades.

Last but not least, a number of EU countries enshrine https://en.wikipedia.org/wiki/Secrecy_of_correspondence in their constitution.

Also it isn't respected in most types of criminal trials. If a sealed physical letter is opened and proves fraud, for example ...

Unfortunately large majority of parties in Finnish Parliament do not really care about that provision and have passed multiple laws which create exceptions to it. They do it via the proper protocol (which is essentially the same as modifying the Constitution itself) so it's technically legal.

But end to end encryption with forward secrecy at no cost to user makes your right to private communication absolute. It's a new thing and the balancers can't balance it against other rights of other people, so this happens.

As it should be. Governments should have to suck it up. If they want to know things about someone, they should have to actually assign police to follow them around. Not click a button and have the lives of everyone in the entire world revealed to them.

What you describe is clearly not the only possible policy choice.

The opposite doom scenario isn't either.

Based on the past experience, government gonna do their government stuff

Anyway, as far as human/fundamental rights go, the encryption and related issues in Chat Control tend to fall more on the Article 7 side of the Charter[2] like many similar questions related to different forms of (mass) surveillance, secrecy / confidentiality of (electronic) communications, including related national regimes with often diverse jurisdiction-specific histories, etc.

[1] The main difference between a Directive and a Regulation under EU law is that a Directive requires implementation on the national level to work properly (ie national legislation, usually with some room for discretion and details here and there), while a Regulation is directly binding and effective law in member states wholly in itself.

[2] And similar/corresponding language in the European Convention on Human Rights (ECHR), including the related case law of the European Court of Human Rights (ECtHR). While these are not EU institutions, European human rights law is recognized and applied as constitutional / fundamental rights-level law both by the EU and member state courts.

Germany, for exmaple, has secrecy of correspondence that extends to electronic communications, but allows for "restrictions to protect the free democratic basic order" and outlines when intelligence services can bypass the right to privacy.

Italy, France, and Polan also have similar carve outs.

Having it as a right isn't enough. National security and "public safety" carve outs need to be eliminated. So long as those exist, we have no right to privacy.

Rights are inherent to human nature, or they are nothing at all. If they could be granted by gov’t, then they can be taken away; they wouldn’t be rights. They allow individuals to fulfill their natural moral duties; you have a right to a good, because you have a prior obligation to pursue it. While the existence of these rights is universal and inalienable, their exercise is not absolute, as they are always limited by justice and the common good of the community. Because these rights are pre-political - they are not legal privileges; the state’s only legitimate role here is to recognize and protect what already exists by nature; any civil law that contradicts them is a perversion of justice rather than a binding law.

So…if privacy is a right (and I would say it is a derivative right, from more basic rights), then it does not follow that its scope is absolutely unrestrained. It’s not difficult to come up with examples where privacy is constrained or abrogated for this reason.

The trouble with broad privacy-violating measures is that they are sweeping in scope and unjustified, making them bad for the common good and a violation of a personal right. It is clearly motivated by technocratic design and desire for control, not the common good and the good of persons. Because it is unjustified, its institution is therefore opposed to reason. It effectively says that no vaild justification need exist. This is a voluntarist, tyrannical order.

The absolutist stance likes to claim that “having justification” is always how rights are violated, but this is wrongheaded. This is tantamount to claiming that we can’t tell a valid justification from an invalid one. But if that were true, then we are in much worse shape than such people suppose. If we cannot discern a valid justification from a bad one, then how can we have the capacity to discern when a right is being violated at all? Furthermore, it is simply not the case as a general political rule that gov’ts will violate rights if those rights are not absolute (which has never been the case anyway). The evidence does not support this thesis. And furthermore, if a gov’t wishes to violate a right, treating it as if it were an absolute doesn’t somehow prevent it from being violated. Some place too much faith in supposed structural elements of gov’t as ways to keep this from happening (like separation of powers), but there is nothing in principle to prevent these branches from cooperating toward such an end.

Take for example Article 3 of the declaration of human rights:

> Everyone has the right to life, liberty and security of person.

The article already has a collision set up in itself: You have the right to live in safety. But also, everyone has the right to live in liberty. If taken as an absolute, the right of liberty would prevent incarceration of dangerous individuals, violating the other individuals right to all life in safety.

Similarly, other fundamental rights get curtailed: The freedom of speech is in balance with the right to personal dignity of article one and other rights.

Not acknowledging that even fundamental human rights are in a tension with each other is just ignoring reality and will get you nowhere in a legal discussion.

The discussion is not which right is absolute, it is about how to balance the tension between the various rights. And different societies strike a different balance here.

Take for example the right to freedom and liberty. Lifelong imprisonment without parole as punishment is not a thing in Germany. There’s an instrument that allows the court to keep the perpetrator locked up in case the court considers the individual dangerous, but until 1998, this could not be retroactively be applied. There was a major legal upheaval with multiple rounds to the constitutional court to change that and it took until 2012/2013 to find a legal framework that wasn’t declared unconstitutional. To this day, however, Sicherheitsverwahrung is not a punishment, but a combination of therapy and ensuring the safety of society and it’s subject to regular checks if the conditions for the lockup still exist. The individuals are also not held in prisons, but in nicer facilities.

On the other hand, many US states still have the death penalty and are proud of it.

Yeah, because it's a made up self-contradictory notion with absolutely zero basis in reality. It's the people who believe in "rights" who are ignoring reality. Safety? The world is a dangerous place where you can be randomly killed if you take a wrong turn and no amount of "rights" is ever going to change that. Food and shelter? Simple economics are enough to defeat this, there isn't enough for everybody, rationing ensues almost immediately and suddenly you're forced to decide who's most "deserving" of these resources. Privacy? The FVEY get around it by spying on each other and sharing data because foreigners are always fair game. You can name virtually any right and the inherent contradictions in it are plain to see to anyone willing to go outside and see the world for what it actually is instead of what some "charter" says it should be.

It would be infinitely more honest if these governments simply decided to declare you guilty of whatever you're suspected of when they find your encrypted data. That's what they actually want to do. No need to engage in this song and dance about balancing "rights". If they did this, at least people would see things as they are instead of engaging in this constant abstraction in an attempt to rationalize and justify things by saying that you have the "right" to privacy but actually you don't when it's "in the interests of national security" for you to not have it. That sort of double speak is hazardous for my mental health and I'm tired of engaging in it.

In this case, I see no reason that we would want to draft constitutional rights such that we consider a government's actions taken in pursuit of their national security to be, per se, legal — i.e. warranted, unable to be sued over, etc.

Imagine instead, a much weaker right granted to the state: the right to maintain laws or regulations which require/force government or military employees to do things that violate people's rights and/or the law of the land. But with no limit on liability. No grant of warrant. Just the mildest possible form of preservation: technically constitutional; and not immediately de-fanged the first time the Supreme Court gets their hands on it.

So, for example, some state might introduce a new law saying that soldiers can come to your house and confiscate your laptop. And then the head of that state might actually use that law to invade your home and take your laptop.

Given that the law exists, it would be legal for the head-of-state to give this order. And it would also be legal for the soldiers to obey this order (or to put it another way, court-martialable for the soldiers to disobey this order, since it's not an illegal order.)

But the actual thing that happened as a result of this law being followed, would be illegal — criminal theft! — and you would therefore be entitled to sue the state for damages about it. And perhaps, if it was still reporting on Find My or whatever, you might even be entitled to send police to whatever NSA vault your laptop is held in, to go get it back for you. (Where, unlike the state, those police do have a warrant to bust in there to get it. The state can't sue them for damages incurred while they were retrieving the laptop!)

The courts wouldn't be able to strike down the law (the national-security provision allows the state to declare it 'not un-constitutional", remember?); but since obeying the law produces illegal outcomes, you would be able to punish the government each and every time they actually use it. In as many ways as the state caused you and others harm through their actions.

There is absolutely zero reason why the state shouldn't be expected to "make people whole" for damages it has caused them, each and every time it does something against the people's interest in the name of national security.

And the simplest way to calculate that penalty / make the claiming and distribution of those rewards practical, would be to just not remove liability for these actions taken on behalf of the state, by not granting the state the right to do them in the first place. Just put them in the position of any other criminal, and force them to go to court to defend themselves.

Change my mind!

It's incredible how even with the current surge of autocracy, most politicians can't see that the surveillance tools they crave for, could come under control of people much worse than them.

And can't see what they could do with them.

I think that many current governments in Europe are convinced that more surveillance will stop the autocratic surge. It's insane that they don't see how this is far from guaranteed, and how it will go if they're wrong.

This is overly absolutist, or maybe idealistic view. National security and public safety IS more important than individual right to privacy. As an extreme example, if your friend was dying, you had a password to my email, and you knew that you can use information in my inbox to save that person i really hope you would do it.

In general I think that police with a court order should be able to invade someone's privacy (with judge discretion). I mean they can already kick down someone's doors and detain them for several days - checking email doesn't sound too bad compared to it, does it? I think they should also be legally obliged to inform that person in let's say 6 months that they did it.

The problem is that modern world is drastically different than the old world when you needed to physically hunt down letters. Now you can mass scan everyone's emails, siphon terabytes of personal data that stasi could only dream of, and invigilate everyone. This is something that is worth fighting against.

I disagree.

Because as soon as you open the door to governments reading your mail, they will read your mail. They can't help themselves. [0]

The only way of stopping them from doing this to excess is to stop them doing it at all.

The "National Security and Public Safety" thing is what they say to justify it, but that's not what the powers will actually be used for. They will actually be used for far less noble purposes, and possibly actually for evil.

We are actually much more secure if we don't let the government read our mail.

[0] In the UK, anti-terrorist laws passed in the post-9/11 haze of "national security and public safety" are routinely used for really, really, minor offences: https://www.dailyrecord.co.uk/news/scottish-news/anti-terror...

http://news.bbc.co.uk/2/hi/uk_news/7369543.stm

Article 7 codifies "respect for [one's] private life" and "respect for [one's] private communications". Well, "respect" is a vague notion. This does not clearly imply that the government is not allowed to read your communications, or otherwise spy on you, if it believes it has good reason. It will do so "respectfully", or supposedly minimize the intrusion etc.

As for article 8: Here it is "protection of personal data" and "fair processing". It does not say "protection from government access"; and "processing" is when the government or some other party already has your data. In fact, as others point out, even this wording has an explicit legitimization of violation of privacy and 'protection' whenever there is a law which defines something as "legitimate basis" for invading your privacy.

You would have liked to see wording like:

* "Privacy in one's home, personal life, communications and digital interactions is a fundamental right."

* "The EU, its members, its bodies, its officers and whoever acts on its behalf shall not invade individuals' privacy."

and probably something about a non-absolute right to anonymity. Codified exceptions should be limited and not open-ended.

Which is... okay? Government gonna government, that's what we pay it to do.

People have real choice in EP elections. There are parties that will always stand up for citizens’ rights. If they had enough seats, they could have voted this item off the agenda.

Yet, people continue to choose the same conservatives and radical right over and over again, because they are enraged about immigrants and identity politics. Blame the voters.

Also what you group as the radical right doesn't tend to be supportive of this idea. They full well know they are at times at the receiving end of web control legislation and drives atm. Same for 'radical left' groups.

It's the conservatives that at times make some fuzz about migration to draw votes from the former whilst keeping said migration going since it favours some of the companies they (and a load of other established parties) draw support from.

"Whether left-wing or right-wing terrorism – I see no difference there."

"Yes, yes," calls the kangaroo, "the ones set foreigners on fire, the others cars. And cars are worse, because it could have been mine. I don't own any foreigners."

The reality is that they'll just keep pushing it from different angles, they only have to get lucky once, we (or EU citizens, we left and have our own issues) need to be lucky every time - much like an adverserial relationship where you are on the defending side from a cyberattack...funny that really.

Because the people voting it down are the elected MEPs, whilst the people putting it up to parliament are the European Commission. The EC are appointed, rather than elected. Which means the powers that be just appoint people who are going to push through laws like this, that they want. The MEPs can't put up bills to be voted on.

Article 7, EU Charter of Fundamental Rights: Respect for private and family life (and probably a couple other sections in there as well).

The problem is national security exceptions. Chat control and other similar bills are trying to carve out exceptions to privacy laws under the excuse of national security.

Also its politically cheap to introduce surveillance or to expand state power, it's comparatively extremely difficult to pass laws that specifically restrict state power.

Privacy laws are well and good, but they exist. The problem is we need to stop allowing "public safety" or "national security" to be a trump card that allows exceptions to said laws, and good luck getting any government to ever agree that privacy is more important than national security.

- The GDPR

- The ePrivacy directive, which is explicitly derogated (sabotaged) by chat control 1.0

Combined with the right to communicate across borders, you can get quite a bit of privacy: a server in both sides of a geopolitical conflict and they've got to collaborate to track you.

And yet metadata collection is both unavoidable (if you don't collect it, your geopolitical opponents will) and should be enough. We don't need chat control in a world where I get precision-targeted ads -- it's not even about freedom of speech or privacy, it's about freedom of thought.

With a server on the other side of a geopolitical conflict (actual conflict, not a mere discontinuity in legalscape) you trade a risk of the government reading your chats for a risk of the same government (which you don't trust for a good reason) locking you up for treason and espionage.

How is that supposed to work with e2e encrypted chats?

If you mean "why do I need React / any kind of bundling; why can't I just include the minified video.js library as a script tag / ES6 module import?" — I'm guessing you can, but nobody should really want to, since half the point here is that the player JS that registers to back the custom elements, is now way smaller, because it's getting tree-shaken down to just the JS required to back the particular combination of custom elements that you happen to use on your site. And doing that requires that, at "compile time", the tree-shaking logic can understand the references from your views into the components of the player library. That's currently possible when your view is React components, but not yet possible (AFAIK) when your view is ordinary HTML containing HTML Custom Elements.

I guess you could say, if you want to think of it this way, that your buildscript / asset pipeline here ends up acting as a web-component factory to generate the final custom-tailored web-component for your website?

When you say "Rust frontend", is the vision that Homebrew's frontend would eventually transition to being a pure Rust project — no end-user install of portable-ruby and so forth?

If so (ignore everything below if not):

I can see how that would work for most "boring" formulae: formula JSON gets pre-baked at formula publish time; Rust frontend pulls it; discovers formula is installable via bottle; pulls bottle; never needs to execute any Ruby.

But what happens in the edge-cases there — formulae with no bottles, Ruby `post_install` blocks, and so forth? (And also, how is local formula development done?)

Is the ultimate aim of this effort, to build and embed a tiny little "Formula Ruby DSL" interpreter into the Rust frontend, that supports just enough of Ruby's syntax + semantics to execute the code that appears in practice in the bodies of real formulae methods/blocks? (I personally think that would be pretty tractable, but I imagine you might disagree.)