I for one am happy the US is not being as hypocritical as to call its military department the Department of Defense anymore. The US has initiated or participated directly in many, many wars since the UN was founded, and none of them were in self defense - no country on Earth would be foolish enough to attack the US (arguably, Al-Kaeda did it, but they're not a country and Afghanistan was essentially scapegoated). Yet, we have a long list of conflicts the US either started outright, or entered on its own volition for reasons that just can't be called self-defense by any sane person: Korea (1950), Vietnam (1960s and 1970s), Libya (1980s), Iraq and Balkans (1990s), Afghanistan (2000s), Syria + Iraq + Libya (2010s) and now Iran. Not to mention the many CIA-led regime changes it instigated: https://en.wikipedia.org/wiki/United_States_involvement_in_r...

I asked ChatGPT to compute the rate of total deaths (civilians + military) since the end of the Napoleonic Wars.

Here's what it came up with:

    Period.     Approx average deaths from war
    1815–1913 ~5–15 per 100k per year
    1914–1945 ~100–200 per 100k per year
    1946–1989 ~5–10 per 100k per year
    1990–today ~1–3 per 100k per year

Here's the "bottomline":

> Since the end of the Napoleonic Wars, the per-capita death rate from war has fallen substantially, with the huge exception of the 1914–1945 world-war era, which produced the highest war mortality rates in modern history.

TBH this surprised me. I thought that with much better killing machines in the 20th century, we'd be more efficient at killing, and as we're still having wars as usual that would mean death rates would increase... but it seems I was quite wrong.

You should read the article, it explains very well why that is completely wrong. cLIs don’t have a good story about security, are you serious?? They either use a secret , in which case the LLM will have the exact same permission as you as a user, which is bonkers (not to mention the LLM can leak your secret now to anyone by making a simple curl request) and prevents AI auditing since it’s not the AI that seems to use the secret, it’s just you! And the other alternative is to run OAuth flows by making you authorize in the browser :). That at least allows some sort of auditing since the agent can use a specific OAuth client to authorize you. But now you have no ability to run the agent unattended, you will need to log in to every possible CLI service before you let the agent work, which means your agent is just sitting there with all your access. Ignorance about best security practices really makes this industry a joke. We need zero standing trust. Auditability. Minimum access required for a task. By letting your agent use your CLIs as if it was you, you throw away all of that.

They did the right thing in hindsight: leave security open until clear patterns emerge, then solidify those patterns into a spec. The spec is still in draft and currently, they are trying to find a simpler solution for client registration than DCR, which apparently ephemeral clients seems to solve for now.

If they had made the security spec without waiting for user information they would most certainly have chosen a suboptimal solution.

But mistakes like that are what makes it human! I really don't know anymore that we can have certainty about things being AI or human.