The proposal is to do it over the ocean, spraying saltwater from the ocean into the sky over the ocean. It's crucial to do it far enough from land to be sure that the minerals that will fall after the water evaporates out fall into the sea rather than being blown over land. A little salt from the ocean falling into the ocean shouldn't do any harm (though this needs to be tested), while the same salt falling on land could be quite harmful.

In the absence of proper government-funded research, I'm all for unregulated billionaires who are willing to use their own resources to work on the problem. Yes, it would be far better for this to be done properly, but the science funding agencies have been pretty thoroughly captured by degrowth-focused environmentalists who would shut it down immediately.

That's why testing is required. Models and everyday experience indicate that increased albedo overpowers the warming effect, so cloud cover lowers temperatures. But there is a possibility that something could be different about cloud cover created by spraying water into the air, so we need to test it at gradually-increasing scales, carefully measuring and monitoring the results.

This is why research is needed. That said, the models show that increased albedo overpowers the thermal blanket effect by a large margin. This also tracks with everyday experience; temperatures fall during long periods of sustained heavy cloud cover. But perhaps there's something about these particular clouds that is different -- research is needed.

Yes and no.

There are also a lot of degrowther environmentalists who would scream about it and do everything they can to block it and demonize and cancel the researchers if it were done publicly.

So... if you know that your research will get shut down if you don't keep it quiet, and you know that it will get shut down if you try to keep it quiet but fail, your only options are (a) don't bother or (b) try to keep it quiet and hope that you can succeed for long enough to gather useful data.

It's some of both, and some more stuff.

It's a combination of a build environment that produces reproducible builds (meaning every time you do a build of a given source you get a bit-identical output -- this is not a property of most build systems[*]), plus signed metadata of source and reproducibly-built binaries, plus hosting of the above so that if you don't want to go to the effort of creating and checking the reproducible builds yourself you can just check against Google's system.

Note that all of this is harder than just "check the hash of the source code" because even if the source code is pristine changes can be injected by the build process. See Ken Thompson's classic Reflections on Trusting Trust.

Sure, if you don't have a reason to trust the source code you can't trust the binary. Nothing can fix that. What this does do is let you know that if a bitcoin miner got slipped in, it was slipped into the upstream project, not at any point in the distribution path. You still have to rely on the upstream developers not to do that, and to notice if someone gives them a malicious patch, or that someone else notices the miner (or something worse) in the source code and raises a stink about it.

All of the tools are public, open source, so you can independently recreate everything Google is doing. Obviously you'll have to generate your own signing keys.

There is hardly any of that in TFA. What there is a lot of is security jargon, especially related to build provenance. Unlike business buzzwords [**], the jargon terms all have precise meanings. If you really want to understand it, you should start by reading the SLSA specification.

[*] It actually looks like oss-rebuild works with build systems that don't quite support reproducibility by doing binary diffs and determining which differences are innocuous (e.g. the compiler embedded a build timestamp) and which might indicate that something is wrong.

[**] Actually, it's often true that business "buzzwords" also have precise meanings which are unknown to the people who deride them.

Per Delta, the AI pricing isn't individualized, meaning all customers buying the same class of service at a given time will see the same price, so I don't think that would get you anything, unless maybe your AI agent gets good at predicting when exactly you should buy your ticket, but that seems unlikely because your agent will always be operating with less information than theirs (e.g., yours doesn't know exactly how many seats are already sold).

I find that it works well to treat current-generation AI agents like bright, incredibly fast but overenthusiastic and incautious junior engineers who do not learn from their mistakes. They can be extremely useful, but you have to be careful to limit the damage they can do if they happen to screw up.

I don't think anyone struggling to afford health insurance -- especially now that insurance can't deny pre-existing conditions -- is shelling out $20k for bleach injections. It would be much cheaper to get an individual healthcare policy and get it to pay for proper chemo.

I'm doing SwiftUI app development and upgraded one of my test devices to iOS 26 beta 4 this morning.

I don't see anything different, but I assume something different is happening under the hood.

...laura

Nah. Transactional implies a level of coherence and planning that is clearly absent in the current administration.

As an American, I'd be doing the same if I were in your shoes.

I notice you didn't say "a good reason" -- for good reason.

Moreover, Chris Mattern's implication is that he thinks Google might somehow backdoor their reproducibly-rebuilt packages. Even if he thinks Google engineers are evil, does he really believe they're stupid? It would be impossible without someone noticing and crying foul.

Google's security efforts provide a lot of value to the world, for no direct financial gain to Google. Things like Project Zero, Certificate Transparency and OSS Rebuild make the computing world better and safer. In this case, I suspect that it's something that Google wanted to do for its own purposes, to make its own systems more secure, and someone pointed out that for negligible additional cost they could make the tools and data public. You may dislike Google's business model (though the people who complain about it never seem to be able to propose any alternative for funding the web), but the fact is that Google is really good at security, and does a lot for the security of global computing.

I'm not sure you could identify specific, actionable damage even if it were intentional, and I doubt you could prove it's intentional. Odds are that if you dug into it you'd find that they're true believers in the crap they're spouting, and you definitely can't prosecute them for wrongthink.