The problem is it's specific to that API and defaults to uncapped so people who aren't using it and haven't heard about the issues with the Firebase API keys probably won't have set them.
Spend caps exist for Gemini (Maxious linked them) - they just default to OFF. For an API that can bill four figures per hour, opt-in safety by default isn't a UX choice, it's a billing strategy
Except that Google's own statements are extremely clear that "leaked" (i.e. public) API keys should not be able to access the Gemini API in the first place: "We have identified a vulnerability where some API keys may have been publicly exposed. To protect your data and prevent unauthorized access, we have proactively blocked these known leaked keys from accessing the Gemini API. ... We are defaulting to blocking API keys that are leaked and used with the Gemini API, helping prevent abuse of cost and your application data." https://ai.google.dev/gemini-api/docs/troubleshooting#google...
For extra clarity on the exact so-called "vulnerability" that Google identified, see: https://news.ycombinator.com/item?id=47156925 This describes the very issue where some API keys were public by design (used for client-side web access), so the term "leaked" should be read in that unusually broad sense. Firebase keys are obviously covered, since they're also public by design.
(As for "Firebase AI Logic", it is explicitly very different: it's supposed to be implemented via a proxy service so the Gemini API key is never seen by the client: https://firebase.google.com/docs/ai-logic Clearly, just casually "enabling" something - which is what OP says they did! - should never result in abuse of cost on the scale OP describes.)
Also there being only 3 collisions since the program started in 2017. There are loads of violations but not many accidents. I'd wager most of the violations happen on the sort of road they mention, 4+ lanes maybe even with a turn lane, where kids are always dropped off on their side of the street so there's not actually kids trying to cross the opposing lanes anyways. [0] From the pictures I'm not entirely sure what the NC laws would say about this, probably stop, but I really doubt they're sending kids across the street there.
They'd be at least minorly incentivized to cut down on false positives because 1) they had a review step before sending to the police and 2) if they're cheaping out on that first review and sending loads of false positives to the cops for citations they're likely to lose their contracts.
It's the AI term bloat where any application of machine learning or vision becomes AI, it's been happening for 2+ decades now I think it's pretty well established and here to stay.
That said it does need to be more complex because to produce as few false positives as it can, which would cost BusPatrol money to review in their first pass before sending to police (so there's at least a minor incentive to reduce them), they would have to determine where the car is and if it's required to stop not just trigger if a car passes by while the arm is out. Laws vary a lot by state but usually if there's any kind of real median traffic in the opposite direction is not required to stop so it would at least need to detect if that is present (or work off a database that knows where all the divided roads are in the area I'm not sure which would be cheaper but mapping feels harder and having the camera able to determine if there's a median can be deployed anywhere while mapping data is location specific).
That's really the key problem facing US universities, from land-grant colleges to the Ivies: everyone depends at least in part on closing budgetary gaps with global students who pay full freight. Current Administration policies, both specifically targeted at foreign students and more generally at higher education and immigration, are poisoning the seed corn colleges and universities rely on. The only good news, relatively speaking, is that Europe is evidently constitutionally incapable of taking advantage of what is a genuinely one-in-an-imperial-lifetime chance to drain intellectual capital from the United States, which means that America and our higher education system can recover from this, should we have the fortitude to do so in the future -- there just isn't much in the way of competition.
> Europe is evidently constitutionally incapable of taking advantage of what is a genuinely one-in-an-imperial-lifetime chance to drain intellectual capital from the United States
Perhaps you're already implying this, but for Europe to drain intellectual capital from the US, it would have to offer a hell of a lot more than cheap college for foreign students.
Those are not global students. Those are people who are already living in the state. Foreign students typically pay the most tuition possible with no financial aid, subsidizing everyone else.
so all those foreign students could become "not foreign" by merely coming here for a tourist visit and overstaying? Quite the idea. I will suggest to a few college-age friends to claim to be illegal. Why pay more when you can pay less? Plus, there is no way to verify a LACK of citizenship or of SSN.
Probably though the old pattern was that the plaintiffs would request and the Circuit would issue a nationwide injunction with the ruling when finding that a law in full unconstitutional.
Now we have the weird situation where the constitution is more patchwork because you have to get rulings in all the Circuits or wait for one case to make it all the way to the Supreme Court.
It doesn’t say that. It says that the D.C Court of Appeals issued one in 1963, and then quotes the DOJ as saying “ nationwide injunctions remained ‘exceedingly rare’ for a few decades after 1963[,]” notwithstanding one issued by a district judge in New York in 1973.
Regardless of what you think about nationwide injunctions, your original assertion that “prior to this year,” a decision by a federal appellate court would apply the entire country is categorically false.
The ruling only has binding precedent in the 5th Circuit, other circuits aren't bound to follow it. Formerly this kind of ruling would come with a nationwide injunction to force the issue but now that those are severely curtailed by the Supreme Court it's only binding to the courts under the jurisdiction of the 5th circuit.
Decisions in other circuits can be very persuasive to other circuits but they're not required to agree the same way a Supreme Court ruling is binding. Circuit splits are moderately common and usually trigger a review by the supreme court if an appeal wasn't filed for the earlier decisions.
Seems like a perfectly valid one. If the government is violating the constitution or a persons rights why should there be suits all across the country to get that recognized? Especially when the question isn't on something with a lot of particularized tests that's sensitive to the exact case, eg 4th amendment law? Why should rights be so dependent on someone in my particular part of the country having sued?
> If the government is violating the constitution or a persons rights why should there be suits all across the country to get that recognized?
Because one judge in one county shouldn't be defining the laws for the whole country? Sure it's great when they issue a ruling you like, but what about when it's a ruling that you don't. If it's a knife-edge situation then letting several judges rule and having the supreme court sort it out is the right thing; if there's an obvious right answer then every court will rule the same way and it doesn't matter.
> Why should rights be so dependent on someone in my particular part of the country having sued?
Your rights are always dependent on your willingness to sue to defend them. It's nice if someone else does the legwork and sets the precedent, but you shouldn't depend on that.
It's rarely down to one judge in one county though, most are entered pending appeal and the appeals court can immediately put the injunction on hold or in cases like this the first injunction might come from a circuit court who's far from one judge, by the time it gets to a circuit it's gone through multiple judges and some cases are heard by a bank of judged instead of just one.
> Your rights are always dependent on your willingness to sue to defend them. It's nice if someone else does the legwork and sets the precedent, but you shouldn't depend on that.
I don't have a spare million sloshing around even if I could get granted standing for various things I would like to defend. It's not just a problem of willingness.
> It's rarely down to one judge in one county though, most are entered pending appeal and the appeals court can immediately put the injunction on hold or in cases like this the first injunction might come from a circuit court who's far from one judge, by the time it gets to a circuit it's gone through multiple judges and some cases are heard by a bank of judged instead of just one.
When the circuit court rules the ruling is binding on that whole circuit, which is a pretty huge area and population (bigger than most countries). When one judge in one county rules the ruling is binding in that county, when the supreme court rules it's binding on the whole country. Isn't that kind of how it should work?
Rights violations because of federal laws or actions are almost never contained to a particular circuit and if the Supreme Court wants to quietly allow them to continue it can refuse to hear appeal(s) from the circuit decision so without nationwide injunctions the only way to relatively quickly vindicate people's rights is to file 11 cases one in each circuit wasting tons of time and money when it can easily be decided by a singular case.
On the other side, why should one crazed/corrupt judge in some state which has nothing to do with me be able to infringe on my freedoms and make my life worse? Worse, why is it possible to jurisdiction shop for the single bad actor and impose your will on the entire country?
You're not wrong, but (like most issues in a 350M-person country) it's complicated. The system is tailored to some expected level/type of corruption and bad actors. If you expect that the government is basically fine and that out of 50M people per region surely somebody will file suit if the issue is important then the current system makes a lot of sense. You get judges with more knowledge and awareness of your local issues, anything important still gets addressed, and you're resilient to some degree of random bad judges and bad actors. If those expectations are out of whack then you get worse outcomes.
In reality, the world is complicated enough that even boiling down the lists of judges and whatnot to that simple of a description is misleading at best. Neither solution is anywhere near optimal by itself. So...what next?
Yeah it's a definite mixed bag and maybe the solution is to require them to be approved by at least a multijudge panel at the circuit level before going in to place. In effect that basically already happened though, the normal pattern was for injunctions to be stayed for a few weeks pending the appeal and the appeal court would be able to extend that stay if they believed it was flawed or unjustified. The characterization of it being "one crazed judge" doesn't really hold up to the pattern of their actual use, and where judges didn't put in a stay the appeals court could as well.
The biggest question is can you meaningfully use Claude on defense as well, eg can it be trusted to find and fix the source of the exploit while maintaining compatibility. Finding the CVEs helps directly with attacks while only helping defenders detect potential attacks without the second step where the patch can also be created. If not you've got a situation where you've got a potential tidal wave of CVEs that still have to be addressed by people. Attackers can use CVE-Claude too so it becomes a bit of an arms race where you have to find people able and willing to spend all the money to have those exploits found (and hopefully fixed).
True short positions are out of reach for basically any normal investor except those with completely broken risk tolerances (selling unbacked call options), eg the degen gamblers of r/wallstreetbets.
reply