Log in
Berlin
3 public comments
![[later] I don't get why our pizza slices have such terrible reviews; the geotextile-infused sauce gives the toppings incredible slope stability!](https://imgs.xkcd.com/comics/tariffs.png "[later] I don't get why our pizza slices have such terrible reviews; the geotextile-infused sauce gives the toppings incredible slope stability!")
Berlin
5 public comments
Incorrect analogy – More like;
1) You want a pizza made from another region.
2) However, you must sell them some your ingredients before it can be made.
3) They charge a “tariff” to protect the income of their local farmer’s for other ingredients. You’re willing to pay the “tariff” because you like your ingredients better.
4) The pizza maker sells you the final pizza with a standard sales tax but no tariff
5) You paid the higher price and they made money from the tariff.
Trump is charging tariffs to increase the costs from other regions for several reasons. A) To negotiate down tariffs from other regions. B) Lower tariffs mean you pay a lower cost for your special pizza. C) To whittle down our regions deficit. D) and/or To increase local “ingredients” growth at lower cost for you.
1) You want a pizza made from another region.
2) However, you must sell them some your ingredients before it can be made.
3) They charge a “tariff” to protect the income of their local farmer’s for other ingredients. You’re willing to pay the “tariff” because you like your ingredients better.
4) The pizza maker sells you the final pizza with a standard sales tax but no tariff
5) You paid the higher price and they made money from the tariff.
Trump is charging tariffs to increase the costs from other regions for several reasons. A) To negotiate down tariffs from other regions. B) Lower tariffs mean you pay a lower cost for your special pizza. C) To whittle down our regions deficit. D) and/or To increase local “ingredients” growth at lower cost for you.
Explains with stick figures, XKCD goes to the heart of the matter of tariffs and STILL manages to make a joke!
The line break after "The President is mad" is absolutely perfect and frankly the sentence could have ended there just fine.
Columbia, MD
[later] I don't get why our pizza slices have such terrible reviews; the geotextile-infused sauce gives the toppings incredible slope stability!
Click here to go see the bonus panel!
Hovertext:
Ohh, you meant a romanticized well-behaved child in a permanent state of the kind of wonder actual children achieve three or four times a year.
Today's News:
Berlin
Por Claudia Acuña y María del Carmen Varela
Hay algo de revolución en este día que hará Historia y es una de las clásicas, que deja al mismo tiempo perplejas a las bibliotecas, sacude las cabezas, cuestiona a la política partidaria y enciende los sentimientos sociales. Es, además, de aquellas alegres y rabiosas, pero sobre todo, poética. Es lógico: si hay alguien a quien atribuirle la primera puntada que hizo posible esta jornada imposible es a una bordadora de esas bellas artes. Susy Shock fue quien comenzó a señalar el horizonte de esta utopía con precisión: un frente antifascista. Lo repitió tanto y en tantos lados y durante tanto tiempo, que cuando llegó el momento de escoger una palabra para esta convocatoria brotó ese término, como una flor que nace con el riego de los tiempos urgentes.
A las trabajadoras sexuales de Constitución, en general, y en la voz de Georgina Orellano en particular –a quien días antes vimos azotada por las botas policiales– les debemos la puntada que la unió con la siguiente: antirracista.
Susy Shock (Fotos Lina Etchesuri y Nacho Yuchark).
A las travas históricas, el coraje y la memoria, que sonó como advertencia o como reto y que sintetizó la voz disonante expresada por Marlene Wayar: “Estamos cansadas de luchar porque sus manos son débiles”.
El reloj, en cambio, lo marcaron las infancias y adolescencias: el sufrimiento concreto con el que castigaron sus vidas esas palabras crueles infringidas desde lo más alto del poder institucional.
(Fotos Lina Etchesuri y Nacho Yuchark).
Dirá hoy la actriz trans Flor de la V: “Ese es el límite. Desde que asumió este gobierno hace un año y meses, no paran de agredirnos, de decirnos cosas horribles sobre nuestras identidades y lo que sucedió en Davos fue la gota que rebalsó el vaso. Hasta ahí llegamos. Tenemos una ley de género que deben respetar y una de matrimonio igualitario que no pueden ignorar. La verdad es que hace décadas que nos bancamos el maltrato y el desprecio de una sociedad, pero hoy con leyes que nos reconocen, no lo vamos a permitir más”.
Flor de la V(Fotos Lina Etchesuri y Nacho Yuchark).
Juana y Agos, de El Teje –una organización autogestiva dedicada al cuidado de las infancias trans y no binarias– lo sintetizan así: “Había que decir basta para demostrar que la calle nos pertenece, que la palabra libertad nos pertenece, por sobre todas las cosas, para demostrar que las personas a quienes no quieren dejarnos existir somos aquellas que más unimos a esta sociedad”.
Poetas, putas, travas, infancias, adolescencias y juventudes trans y no binarias, las más empobrecidas, las más castigadas, las últimas de la fila se pusieron al frente y convocaron a mover este mundo horrible al que nos quieren condenar.
Lo siguiente fue la marea que emerge, brava y colorida, para desafiar las violencias. Ese tesoro social que tiene la Argentina y que nadie, nada, nunca, puede ni predecir ni controlar.
Una vez más el Nunca Más.
Fotos Lina Etchesuri y Nacho Yuchark.
El plan
Otra vez Juana: “Este ataque es parte de un plan económico que impone quién accede al capital y quién no, quién accede al trabajo y quién no, quiénes acceden a qué tipo de trabajo y quiénes no. Quiénes tienen que hacerlo en la prostitución, quiénes tienen que empobrecerse para que unos pocos puedan tener mucho acceso al capital”.
Agos: “Para frenar el fascismo y estos discursos de odio poner el cuerpo es una estrategia eficaz, por eso estamos todes acá, pero formar parte de El Teje me hizo darme cuenta de que una buena forma de enfrentarlo es parar la bola, escuchar y bajar el ego”.
Fotos Lina Etchesuri y Nacho Yuchark.
Juana: “Y armar red. Lo que propone el fascismo, lo propone desde la individualidad. Si logramos combatir este plan económico que nos obliga a tener dos, tres trabajos que nos sostengan, es a partir de preguntarle a la persona que tenemos al lado –no importa si es de nuestra comunidad o no– cómo estás, qué necesitas, en qué te puedo ayudar”.
En la calle, los obreros de la UOCRA saludan eufóricamente a las columnas y los bancarios sacuden abanicos con los colores de la diversidad. Los jubilados y jubiladas bailan. Las parejas con canas sostienen carteles hechos con cartón que proclaman “Basta de fascismo” y un joven alza su cartulina escrita con marcador azul para recordar: “El pedófilo no era gay: era tu diputado”, en referencia a Germán Kiczka, el legislador de la oficialista La Libertad Avanza, cuya causa por abuso infantil fue elevada a juicio el 21 de enero.
El balcón es para dos estrellas, María Becerra y Lali Espósito, que saludan a la multitud mientras le cantan “¿Quiénes son?”, una complicidad espontánea y profunda, que sólo se comprende con el resto de la letra:
“Yo tiro flores, bebé.
No tengo tiempo pa`nada,
menos para atajar tu agresividad”.
(Fotos Lina Etchesuri y Nacho Yuchark).
(Fotos Lina Etchesuri y Nacho Yuchark).
(Fotos Lina Etchesuri y Nacho Yuchark).
(Fotos Lina Etchesuri y Nacho Yuchark).
Berlin
Artificial intelligence (AI) is quickly becoming the backbone of modern software development, fueling developer efficiency and accelerating innovation. With the emergence of AI agents implementing code based on instructions from humans, we are learning that implementing AI-based features has its own unique set of security challenges. How do we protect access to the resources AI needs, protect confidentiality, and avoid privilege escalation? Few organizations are ready to answer these questions today. At GitLab, we are. We are introducing a new paradigm for identity management: composite identities.
When AI agents are integrated into your DevSecOps workflows, previously simple questions become difficult to answer: Who authored this code? Who is the author of this merge request? Who created this Git commit? We found we had to start asking new questions: Who instructed an AI agent to generate this code? What context did AI need to build this feature? What were the resources AI had to access and read to generate the answer?
To answer these questions, we need to understand some fundamental aspects of AI’s identity:
- Does an AI agent have its own distinct identity?
- What is the representation of this identity?
- How do we make it all secure?
Authentication and AI identity management
We are at the beginning of a paradigm shift in identity management in the software delivery lifecycle. Before the AI era, identity management was simpler. We had human user-based identities and machine-type identities using separate accounts.
With the emergence of AI and agentic workflows, the distinction between these two core types of identities has blurred. AI agents are supposed to work in an autonomous way, so it makes sense to think about them as machine-type accounts. On the other hand, AI agents are usually being instructed by human users, and require access to resources the human users have access to in order to complete their tasks. This introduces significant security risks — for example, the AI may provide human users with information they should not have access to. How do we avoid privilege escalation, provide auditability, and protect confidentiality in a world with AI agents?
The solution: Composite identities
A composite identity is our new identity principal, representing an AI agent’s identity that is linked with the identity of a human user who requests actions from the agent. This enhances our ability to protect resources stored in GitLab. Whenever an AI agent with a composite identity attempts to access a resource, we will not only authenticate the agent itself, but also link its principal with a human user who is instructing the agent, and will try to authorize both principals before granting access to a resource. Both principals need access; otherwise, the access will be denied. If an AI agent by itself can access a project, but a human user who instructed the agent to do so cannot, GitLab will deny the access.
The inverse is true as well — if a human user can access a confidential issue, but an AI agent can’t, then its service account will not be able to read the issue. We authorize access to every API request and for each resource an agent attempts to access this way. Composite identity without a request-scoped link to a human account will not be authorized to access any resource. For fully autonomous workloads we are also considering adding support for linking composite identities with other principals.
Composite identity and service accounts
We redesigned our authorization framework to support composite identities, allowing multiple principals to be evaluated simultaneously when determining access rights to a resource. We enhanced our security infrastructure by implementing scoped identities across our entire system — from API requests to CI jobs and backend workers. These identities are linked to an AI agent's composite identity account also through OAuth tokens and CI job tokens. This project yielded unexpected security benefits, particularly in GitLab CI, where we upgraded job tokens to signed JSON web tokens (JWTs). Additionally, we contributed code to several open source libraries to add support for scoped identities.
Composite identity with GitLab Duo with Amazon Q
In the GitLab 17.8 release, we made composite identity for service accounts support available for customers through our GitLab Duo with Amazon Q integration. Amazon Q Developer agent will have composite identity enforced, which will protect your confidential GitLab resources from unauthorized access.
What’s next?
To learn more, check out our composite identity docs.
Berlin
Science!
Berlin
4 public comments
Now put that on a plane.
Ohio
Snakes.
Earth
Next Page of Stories