I bought a simple USB C, 8TB SSD last year (about 6 months ago) for around $300 with tax. I checked it a few months ago and it was up to $600, and I just checked yesterday and the same model is $900.

After decades of experiencing primarily an increase in performance of tech at decreasing prices (on average) it is so strange to see such a long period of older tech increasing in price so much.

It reminds me of artificial shortages during the pandemic as people perceived or expected a scarcity, and some hoarded masks, toilet paper and more. Many hoarders of scarce supplies choosing to sell these at markup online.

It also reminds me of any historic $winter_holiday_of_choice "must-have" gift which are in short supply to meet the demand of $winter_holiday_of_choice sales.

If this AI race is a bubble, the sooner it ends, the better. If it isn't a bubble, each specialization of "AI" will probably have only one leader, and several losers struggling to find ways to recover their large bets.

A more interesting problem:
I expect the code-base that runs and is fed datasets can have IP, but can the resulting trained data be IP? How can you patent the resulting "learned" data if you can't describe it in a way that is distinct and unique from all other AI gamblers on a patent application?

It is increasingly complicated if the training data is copyrighted and significant elements from that copyrighted data appear (and can be reconstructed) by prompting the "AI" "learned" dataset.

None of this is financial or legal advice. It is a list of worries I have about risks to tech.

I am amazed that popular travel businesses would put forward the effort to use a 3rd party mail service, make sure SPF and DKIM work and validate but fail to account for "alignment" of the domain used to send the message matching, so that once SPF and DKIM pass, DMARC could also pass.

I am also still annoyed that SPF macros exist in records which CANNOT be validated as remaining under the "10 DNS lookup limit" for SPF unless you have a sample email message and sometimes envelope/smtp-session data associated with the message, sometimes added as headers to a message.

As a result, SPF validators can only validate some SPF records for syntax, not compliance with RFC. (Validators cannot chase down macros unless they know the values of those macros.)

If you are a company that is a specialist in email delivery for customers, and you want to claim support for STARTLS encrypted sessions to the greatest number of recipients, maybe you should be sure your company supports ECDSA based certs in addition to RSA.

Sure, RSA is nearly 50 years old, while ECDSA was proposed a little over 30 years ago, but how many decades will need to pass before you support ECDSA certs?

Joking/Sarcasm: I can understand that something that is over 30 years old might be "too new" for antiquarian tech companies with nostalgia for Luddite beliefs to consider supporting, but please, let us know which decade you plan to make a decision. Is this an issue that "will be decided after heat death of the universe" kind of thing?

And another thing, if you specialize in email delivery, why not also support TLS/1.3 ciphersuites with STARTTLS over SMTP sessions? All the cool kids support TLS/1.3. (All the cool kids support the latest TLS version or successors.)

(It would be best if email could move off the need to use STARTLS and just expect everyone to use TLS without STARTTLS and impose the same requirements of host name matching (older mostly obsolete ) "CN" in subject or modern "SAN" for connected hostname and validate before delivery, but that is a more difficult change.)

In other news: if you run a domain that receives mail, check out MTA-STS:
https://mxtoolbox.com/dmarc/details/mta-sts/what-is-mta-sts-record

It can be a nice complement to using DANE/TLSA with DNS using DNSSEC for adding security to mail server certs.

Today, the pre-DEF-CON "Creative Writing" short story contest winners were announced:

https://forum.defcon.org/node/253034

Please consider entering into these kinds of pre-DEF-CON contests, as if you do not win, you still exercise skills useful at the workplace. If you win, you may earn a badge to get into DEFCON, and the money you were going to spend on badge could be spent on something else.

Thanks to the people running this contest and those that sent time working to win.

Congrats!

Did you all notice? Yesterday the pre-DEF-CON contest "Phish Stories" announced winners:
https://forum.defcon.org/node/252999#post252999

Please consider entering into these kinds of pre-DEF-CON contests, as if you do not win, you still exercise skills useful at the workplace. If you win, you may earn a badge to get into DEFCON, and the money you were going to spend on badge could be spent on something else.

Thanks to the people running this contest and those that sent time working to win.

Congrats!