I am scared that this is vibe coded and not audited in any way. tsnet is good software, but wrapping it in this way is a recipe for disaster. Please reconsider.
I looked at the code and the documentation and it's definitely vibe coded. Also the presence of CLAUDE.md is pretty telling. I have no issue with vibe coding in general, but I am skeptical of the usefulness of LLMs with security code.
Yes, I think projects that are coded wholly or in part by LLMs should be noted as such.
Why would you trust a random person's project anymore than an AI project? I'd say the vast majority of the population is vastly less skilled than Claude Code.
I.e. just because it's human doesn't mean it's any more secure.
I don't really care if "AI assistance" was used as long a human is actually reviewing the output, which just doesn't seem to be the case here (and usually not the case when it comes to "vibe coding")
I feel fine if AI was used to add features to an established software. Let it loose on the linux kernel for what I care. It still somehow feels icky to use it to build something from scratch.
Ironically it wouldn't be very useful for Linux kernel development (would be very hard to out it in context) while it is more suitable for new projects written from scratch.
This of course not considering the quality or anything else.
Somewhat off topic question but I ask this from time to time and maybe now is that time. Has AI started fixing everyone's software bugs and closing out all the CVE's yet?
No one is against using AI or coding with agents unless you don't understand what it's doing and you're incapable of reviewing the output. The problem isn't the tool, it's "coders" who unthinkingly trust it without verification.
This is an anti-pattern. Doing the work that the government should be (and was) doing and then selling back the data to them or others when the data should be (and was) public domain is absolutely terrible for society.
Just to put it in perspective: it costs $300–500 to produce a single atmospheric profile with current balloon infrastructure. The U.S. launches ~180 a day—that’s at least $54K daily. Not exactly “pennies.” :)
And the government already buys the helium, radiosondes, and ground systems from private vendors—so the money’s going to private industry anyway. It’s just inefficient.
With 50 of our systems doing 4 profiles a day (which is no where close to max scale), you get the same volume of data for way less. And on top of that, because we reach remote and oceanic areas that aren’t being measured today, the data is also more valuable!
Also, the data you’re referring to isn’t inherently public domain. It becomes public when the government buys it and redistributes it. That’s true whether they pay for the infrastructure themselves or buy the data directly from a company.
I'm glad you have come up with something more efficient. The problem has nothing to do with efficiency. You are welcome to make a government contract to sell them equipment or data as you wish.
My problem is with baseline services that have already been stopped that you claim to want to replace. This data feeds all of our weather models and should be done with existing infrastructure until congress changes things. The data must be freely available.
The fact is that the data is available for anyone anywhere and is a valuable resource for scientists everywhere. Your current goals might be laudable right now, but that is not going to be the case when you have to pay back an investor 100x in 5 years. You will do everything you can to lock that data up and make it as expensive as you can. You will have no choice.
By this logic anything could become government run but never transition from government run to privately run, creating a ratcheting mechanism that would eventually lead to ~everything being government run!
The pro case for privatisation (that I happen to believe in) is: you were paying for it anyway, via your tax dollars, having it private leads to competition and stronger incentives to improve/cut costs meaning it will net cost you less.
You are oversimplifying here. I ALREADY paid for the weather balloons and they are no longer being launched. This is not privatization in the way that you seem to think it is. This is explicitly against the will of the people.
I'm fine if they want to make new weather balloons and sell them to people to launch for whatever reason they want. Selling what by law should be public data is anathema.
You are also simplifying. You didn't pay for anything. You were taxed, and representatives selected in accordance with a social contract between government and the people (the Constitution), apportioned and spent (or didn't spend) the money.
Weather balloons are a recurring cost. It is not like you launch a weather balloon once and it provides data forever. You need to launch new balloons once the ones previously launched land. (This is typically a very short amount of time. Days not weeks.)
It is not like this company is going to take over the management of weather balloons you have already paid for. Or I don't know how you imagine this is going to work.
> This is not privatization in the way that you seem to think it is.
Huslage said “I ALREADY paid for the weather balloons and they are no longer being launched.”
Past tense. You could say that you have already paid for something where the cost is largely up-front. Like for example you could say it for the aircraft carriers. Imagine that (ad absurdum) the administration would want to sink all aircraft carriers. Then you, or Huslage, could rightfully say “I have already paid for the aircraft carriers…”. You could complain that your tax dollars are being wasted by sinking them.
But with a recurring cost like weather balloons the same sentence doesn’t make sense. There you could say “I have been paying for those balloons” (for which presumably you got the data you wanted from the balloons). Once they no longer are launching them, you are no longer paying for them. (Modulo some stock remaining on the warehouse shelves I guess. But that is basically a rounding error in a government budget.)
What Huslage said makes sense if they think of the weather balloons as a large up-front cost, like an aircraft carrier. Huslage already paid for them and now they won’t be used anymore! What a waste! But in reality it is more like a recurring cost. Like for example if the pentagon had a Netflix account and now they are canceling it. You wouldn’t say “I ALREADY paid for the netflix account”. You haven’t “already paid” for it. You were paying for it up until now, and you won’t be paying for it from now on.
There are many great reasons for why it is a good idea for the government to keep launching weather balloons. Huslage “already paid for it” is not one of those great reasons. It demonstrates a misunderstanding of how weather balloons work.
But do change my mind. Why do you think it matters that taxes too are recurring? How does that make the weather balloons “already paid”?
It's extremely unlikely any of your tax dollars were allocated to projects like what is being discussed here. It's much more likely (given the Federal Government's total budget and allocations) that this money was being borrowed and/or printed.
So, put another way, is it better for the government to continue going into debt to operate projects like this with potentially dubious returns - or better to allow the private industry to find a way to operate it instead?
Nobody said anything about profit. We don't need to move the goal posts here.
There is a difference between the government operating programs with tax dollars and operating programs with fantasy money that ultimately hurts every single citizen.
This framing is off. Weather data isn’t a fucking mars habitat, it’s core infrastructure. Airplane travel, agriculture, emergency response, and private weather services all depend on it. If anything, handing it off to profit-driven firms creates more risk with things like black-box pricing, gaps in data coverage, or national security issues.
And, “dubious returns” ignores that some of the highest-leverage investments in history looked like this. Government-funded satellite weather programs, GPS, and early internet tech weren’t obviously profitable, but I'm so glad we wasted tax dollars on that.
I imagine the government is going to start launching weather balloons again after they get sued for illegally firing the staff that's supposed to do it.
There is a key difference, privatization means a flat cost, whereas public means an income based cost.
About 30% of Americans get (NWS) weather data for free. They pay no income tax yet receive the same level of public benefits. On the other hand, a handful of Americans pay millions for weather data, and receive the same thing as those who paid nothing.
For a private service though, it would just be $20/mo or whatever for everyone.
Where did you get 30% from? I'm just curious since NWS data is widely used as a source for creating weather forecasts, which if I had to guess near 100% of people use in one way, shape, or form. I think Google uses it, so anyone with an Android phone is one click away from a forecast using the data.
On the matter of taxes being proportional to income, I'm not going to argue about progressive taxation or any moralistic standpoint of proportional taxation. From purely a utility standpoint, those handful of people probably reap way more value from that NWS data being available. The richest people (those paying the millions for NWS) usually are that rich from the labor of others, and those labor forces all get value from the data to help plan their days, including getting to the workplace safely. Another even more direct use for the economy would be routing of trucks through snowy passes, or planning for large construction companies.
I have no issue with it if it is part of a legislative/regulatory framework. This is not inside of any framework. There has been no conversation about privatization of NOAA or any of its functions. These things need to be explicit as part of a democracy.
The current regime has upended that process and has created a situation where the government has no choice but to outsource data gathering to third parties. This is corruption and not in the spirit or the letter of the law.
This startup is attempting to take advantage of an illegal situation which is just ridiculous.
I'm happy if they want to sell fancy weather balloons to anyone that they want, even the government, but selling data back to the government that should be already collecting the data in the first place BY LAW is just corrupt.
It's not - it actually the core mechanism through which the "Weather Enterprise" works. Over 20 years, an important report from the National Academies [1] laid out how an enterprise comprised of public, private, and academic sector interests could work cooperatively to bolster the public good that is weather and climate information and services. It has always been the domain of the federal government to provide core, foundational data products (including forecasts and raw weather observations of many modalities) for both bolstering academic research as well as private sector innovation. The government's mission in the enterprise leaves plenty of room for private sector players to extend, complement, and supplement the foundational services provided by the public sector.
Sorcerer fits perfectly into the existing framework of the weather, water, and climate enterprise (WWCE). They produce complementary data and ensure that the government has access to it - even if the government must procure it (which they're happy to do - no one expects that these companies should give away all their data, gratis). But they could potentially greatly extend the core global synoptic observation system that powers conventional numerical weather prediction, especially for organizations which are more flexible and can work with broader data sources.
This is the WWCE working well. The real concern is on ensuring continuity - making sure innovative companies like Sorcerer can persist, in perpetuity if necessary (or at least the data products they collect and produce).
The reality is that the government is not doing it, so the choices are to sit back and watch things crumble or have private companies work to try to fix things. I agree with you in principle that its a sad state of affairs though.
I can see why that might be frustrating. What about this problem makes it the best fit for the government to handle? Is it prone to natural monopoly? There are lots of things that the government can handle and shouldn’t. Just because the government handled something in the past isn’t a reason in-and-of-itself for it to resume handling it in the future. I’m genuinely curious as I am ignorant of the space.
What private industry has been pushing for for decades is privatizing weather data so they can sell it at a profit. But weather information is a huge public good and has been provided by the federal government for decades. Privatizing it adds more costs to public research, and means that people who don't have money to spend on weather forecasting - those living in poverty and most at risk when it comes to life-threatening storms - will likely die in higher numbers from severe weather.
This is exactly the kind of thing that should be done by private companies, what are you talking about? This data should be something companies compete at to get better at
Having $1.3 Billion is nothing to sneeze at. He obviously has done well for himself and has made the choices he has made for his own reasons. He is in no way a failure.
Timing is all about periodicity; if something beeps every second, you can measure intervals between two beeps but have no other information. It's often the case that timing is also synchronized to, say, second boundaries too, and most time sources would do this. Time would then be giving some indices to those beeps; the time source would beep and say that it was the N-th beep so that you can work the actual time out from N.
I assume they are referring to the channel timing? Cellular frequencies are segmented into time segments where each channel is allowed to be used by only some devices when it is their "turn" to transmit (this allows multiple phones to share the same frequency at the same time).
How can you access this timing I run a little mobile proxy service for myself and a few others, could add some value there. Mobile networks are quite interesting.
Mullvad has built trust over many years. There is always someone who knows what you are searching for. The search engine will not accept an opaque blob of encrypted data as a search term, after all.
Agreed that the conclusion is that not all parties want to increase privacy. Thus there is at least one party that does not want to increase privacy. But we already know that google does not want to increase privacy. Thus this does not show that mullvad does not want to increase privacy.
The networks are insecure by standard. They are designed such that they can have "lawful intercept" by government entities. The key material on the SIM card is readily transferred between the carrier and SIM/eSIM card manufacturers, which enables multiple levels of supply chain attacks if the material is mishandled.
IMSI-catchers are not considered a security hole by the carriers or the standards bodies. SUCI/SUPI was put in at the request of phone vendors, if I remember correctly, and is still the only piece of public key cryptography in the networks. Everything else is symmetric keys.
"Depending on national requirements, the CSP may be required to report the location of the Target at the beginning and
end of CS calls and PS and IMS sessions on a per warrant or per intercept basis. It may also be a national requirement
for the CSP to report the location of the Target [...]"
5G Standalone networks don’t have 4G to fall back to. 5G Non-standalone networks are essentially 4G networks with a 5G RAN, so SUCI remains optional and most core vendors don’t support it.
That's not what 5G standalone means, as far as I understand.
The network I'm using supports 5G SA in some cells, but my phone definitely still falls back to both 4G and 5G non-SA in some areas where it's not yet available.
And even if 5G SA were available everywhere, there's the concern of roaming.
Correct, your phone needs to actually re-connect between the two networks. It's a whole new session and you can't handover between 5G SA and 5G NSA/LTE networks. There are some configurations that make this not much of an issue, but technically they are totally different networks.
> To help ensure compatibility of iPhone and cellular iPad devices on private 5G SA networks, infrastructure vendors must adhere to the following security and privacy requirements:
> Privacy concealment: The Subscription Concealed Identifier (SUCI) must use a non-null protection scheme. This can be achieved through either an on-SIM SUCI calculation or an ME SUCI calculation, as outlined in TCA 2.3.1 and 3.1 specifications. For detailed information, refer to the 3GPP Technical Specification 33.501.
This pertains to private networks rather than public operator networks, but it certainly seems to imply that use of SUCI is an expectation on 5G SA networks (private in this context).
One thing I've always wondered is if you need a R15 sim card for it to use SUCI or if the old cards can receive provisioning to do it. I know for a fact you can use any USIM on t-mobile (so it had to support at least 3G) and it will work in the latest 5G devices without issue on SA.
You need a SIM card (ideally) with support for elliptic curve crypto, and some additional fields added in the profile (SIM services 124 and 125). You can then, once those services are enabled, place network public keys on the SIM itself.
There are 2 ways to do SUCI calculation - both require SIM support to hold public keys. SUCI-on-SIM requires a SIM that can do the encryption to the public key on the SIM itself, and issue that in response to the IDENTITY command; SUCI-on-phone requires a SIM that "just" has the public key fields present, and the handset can do the SUCI calculation and encrypt the SUPI for the public key stored on the SIM.
Either way, your scenario isn't using SUCI concealment by my understanding, unless you got a new SIM card, or it was reprogrammed somehow to support the SIM service fields needed (but I'm not aware of operators doing that).
reply