One thing I'm curious about is I hear stories about people getting hacked and losing their FB/IG/Tiktok accouts then fighting to get them back. You never hear details but I can only assume they're reusing passwords or they're using guessable passwords. For reference, anything 10 characters or less has to be viewed as guessable in this day and age.
I've long-viewed password managers are mandatory. Every site get its own 20+ character randomly generated password. I don't care if the hash gets leaked. It's not getting cracked. For years this has been 1Password. Initially it was LastPass but 1Password is just more slick.
The annoyance is all the arbitrary rules sites create about you have to use special characters or you can't or they have different, non-overlapping requirements on password length or the absolute worst is forced password rotation.
I don't generally try and get non-tech friends and family use password managers however because it's still kinda clunky to use and generate. Passkeys are kinda better I guess? But they're far from universal and I don't expect them ever to be.
Anyway, this kind of leak from Meta kinda surprises me. Leaking information that ties a physical address to an email address? That's a massive breach and not normally one you expect form a company employing thousands of engineers.
I will say this: IG operates as its own domain within Meta and AFAIK they still use a completely separate code base in Python/Django. Facebook proper is in Hack (almost entirely) and has excellent tooling and systems to detect weak endpoints and PII leaks of this sort such that leaky endpoints (or however this information leaked; I didn't see any details in the article) really just don't happen.
This has long been a point of friction within Meta engineerings. It's defensible to say it's not worth rewriting but IG are constantly playing catch up with what the rest of the company gets for "free". How many billion+ dollar settlements does it take before this equation changes?
And yes I believe that leaking physical addresses is going to cost th ecompany more than a billion dollars. It may get people killed. That's how serious this is.
You read things like this and, first, you're reminded of Sideshow Bob [1] and it puts Rust concepts in context, namely:
1. Move semantics are to handle ownership. Ownership is a first-class concept in Rust. This is why;
2. C++ smart pointers (eg std::unique_ptr<>) are likewise to handle ownership and incur a runtime cost where in Rust they are handled by the compiler with no runtime cost. Yes you can "cheat" (eg std::unique_ptr::get) and people do (they have to) but this is a worse (IMHO) version than the much-maligned Rust unsafe blocks;
3. Not only do all features have a complexity cost but that curve is exponential because of the complexity of interactions, in this case move semantics and exceptions. At this point C++'s feature set combined with legacy code support is not just an albatross around its neck, it's an elephant seal; and
4. There's a 278 page book on C++ initialization [2].
My point here is that there are so many footguns here combined with the features of modern processors that writing correct code remains a Herculean (even Sisyphean) task.
But here's the worst part: IME all of this complexity tends to attract a certain kind of engineer who falls in love with their own cleverness who creates code using obscure features that nobody else can understand all the true implications (and likely they don't either).
Rust is complex because what you're doing is complex. Rust isn't a panacea. It solves a certain class of problems well and that class is really important (ie memory safety). We will be dealing with C++ buffer overflow CVEs until the heat death of the Universe. But one thing I appreciate about languages like Go is how simple they are.
I honestly think C++ is unsalvageable given its legacy.
> C++ smart pointers (eg std::unique_ptr<>) are likewise to handle ownership and incur a runtime cost where in Rust they are handled by the compiler with no runtime cost.
What additional runtime cost is incurred by the use of std::unique_ptr? Either compared to Rust or compared to doing manual memory management in c++?
1. If you use a custom deleter, then there's extra stuff to store that. this isn't common, and this API isn't available in Rust, so... not the best argument here.
This kind of comment scares me because it's an example of people substituring professional advice for an LLM where LLMs are known to hallucinate or otherwise simply make stuff up. I see this all the time when I write queries and get the annoying Gemini AI snippet on a subject I know about and often I'll see the AI make provably and objectively false statements.
You have to use critical thinking + it helps to have some info on the subject + it shouldn't be used to perform self-surgery :)
I spent about 12 hours over 2 days, checking, rechecking, and building out a plan. Then I did 2-hour sessions on YouTube, over several weeks, learning the new exercises with proper form (and that continues as form is hard). Followed by an appointment with a trainer to test my form and review the workout as a hole (which he approved of). No trainer really knows how this injury will manifest, so a lot is also helped because I have 10 years of exp.
This isn't a button click, and now follow the LLM lemming. This is a tool like Google search but better.
I could not have done this before using the web. I would have had to read books and research papers, then try to understand which exercises didn't target x muscle groups heavily, etc. I just couldn't do that. The best case would have been a trainer with the same injury, maybe.
You are exaggerating. LLMs simply don’t hallucinate all that often, especially ChatGPT.
I really hate comments such as yours because anyone who has used ChatGPT in these contexts would know that it is pretty accurate and safe. People also can generally be trusted to identify good from bad advice. They are smart like that.
We should be encouraging thoughtful ChatGPT use instead of showing fake concern at each opportunity.
Your comment and many others just try to signal pessimism as a virtue and has very less bearing on reality.
All we can do is share anecdotes here, but I have found ChatGPT to be confidently incorrect about important details in nearly every question I ask about a complex topic.
Legal questions, question about AWS services, products I want to buy, the history a specific field, so many things.
It gives answers that do a really good job of simulating what a person who knows the topic would say. But details are wrong everywhere, often in ways that completely change the relevant conclusion.
I definitely agree that ChatGPT can be incorrect. I’ve seen that myself. In my experience, though, it’s more often right than wrong.
So when you say “in nearly every question on complex topics", I’m curious what specific examples you’re seeing.
Would you be open to sharing a concrete example?
Specifically: the question you asked, the part of the answer you know is wrong, and what the correct answer should be.
I have a hypothesis (not a claim) that some of these failures you are seeing might be prompt-sensitive, and I’d be curious to try it as a small experiment if you’re willing.
In one example, AWS has two options for automatic deletion of objects in S3 buckets that are versioned.
"Expire current versions" means that the object will be automatically deleted after some period.
"Permanently delete non-current versions" means that old revisions will be permanently removed after some period.
I asked ChatGPT for advice on configuring a bucket. Within a long list of other instructions, it said "Expire noncurrent versions after X days". In this case, such a setting does not exist, and the very similar "expire current versions" is exactly the wrong behavior. "Permanently delete noncurrent versions" is the option needed.
The prompt I used has other information in it that I don't want to share.
LLM give false information often. The ability for you to catch incorrect facts is limited by your knowledge and ability and desire to do independent research.
LLMs are accurate with everything you don't know but are factually incorrect with things you are an expert in is a common comment for a reason.
As I used LLMs more and more for fact type queries, my realization is that while they give false information sometimes, individual humans also give false information sometimes, even purported subject matter experts. It just turns out that you don’t actually need perfectly true information most of the time to get through life.
They do. To the point where I'm getting absolutely furious at work at the number of times shit's gotten fucked up and when I ask about how it went wrong the response starts with "ChatGPT said"
Do you double check every fact or are you relying on yourself being an expert on the topics you ask an llm? If you are an expert on a topic you probably aren't asking ab llm anyhow.
It reminds me of someone who reads a newspaper article about a topic they know and say its most incorrect but then reading the rest of the paper and accepting those articles as fact.
"Often" is relative but they do give false information. Perhaps of greater concern is their confirmation bias.
That being said, I do agree with your general point. These tools are useful for exploring topics and answers, we just need to stay realistic about the current accuracy and bias (eager to agree).
"Yes. Large language models produce incorrect information at a non-trivial rate, and the rate is highly task-dependent."
But wait, it could be lying and they actually don't give false information often! But if that were the case, it would then verify they give false information at a non trivial rate because I don't ask it that much stuff.
Whether or not Hallucination “happens often” depends heavily on the task domain and how you define correctness. In a simple conversational question about general knowledge, an LLM might be right more often than not — but in complex domains like cloud config, compliance, law, or system design, even a single confidently wrong answer can be catastrophic.
The real risk isn’t frequency averaged across all use cases — it’s impact when it does occur. That’s why confidence alone isn’t a good proxy: models inherently generate fluent text whether they know the right answer or not.
A better way to think about it is: Does this output satisfy the contract you intended for your use case? If not, it’s unfit for production regardless of overall accuracy rates.
But I also have to honestly ask myself “aren’t humans also prone to make stuff up” when they feel they need to have an answer, but don’t really?
And yet despite admitting that humans hallucinate and make failures too, I remain uncomfortable with ultimate trust in LLMs.
Perhaps, while LLMs simulate authority well, there is an uncanny valley effect in trusting them, because some of the other aspect of interacting with an authority person are “off”.
The lesson here is that people have an unrealistic view of how complex it is to write correct and safe multithreaded code on multi-core, multi-thread, assymmetric core, out-of-order processors. This is no shade to kernel developers. Rather, I direct this at people who seem to you can just create a thread pool in C++ and solve all your concurrency problems.
One criticism of Rust (and, no, I'm not saying "rewrite it in Rust", to be clear) is that the borrow checker can be hard to use whereas many C++ engineers (in particular, for some reason) seem to argue that it's easier to write in C++. I have two things to say about that:
1. It's not easier in C++. Nothing is. C++ simply allows you to make mistakes without telling you. GEtting things correct in C++ is just as difficult as any other language if not more so due to the language complexity; and
2. The Rust borrow checker isn't hard or difficult to use. What you're doing is hard and difficult to do correctly.
This is I favor cooperative multitasking and using battle-tested concurrency abstractions whenever possible. For example the cooperative async-await of Hack and the model of a single thread responding to a request then discarding everything in PHP/Hack is virtually ideal (IMHO) for serving Web traffic.
I remember reading about Google's work on various C++ tooling including valgrind and that they exposed concurrency bugs in their own code that had lain dormant for up to a decade. That's Google with thousands of engineers and some very talented engineers at that.
> The Rust borrow checker isn't hard or difficult to use. What you're doing is hard and difficult to do correctly.
There are entire classes of structures that no, aren't hard to do properly, but the borrow checker makes artificially hard due to design limitations that are known to be sub-optimal.
No, two-directional linked lists and partially editable data structures aren't inherently hard. It's a Rust limitation that a piece of code can't take enough ownership of them to edit they safely.
> The implementations of sort in Rust are filled with unsafe.
Strictly speaking, the mere presence of `unsafe` says nothing on its own about whether "it" is easier in C++. Not only does `unsafe` on its own say nothing about the "difficulty" of the code it contains, but that is just one factor of one side of a comparison - very much insufficient for a complete conclusion.
Furthermore, "just" writing a sorting algorithm is pretty straightforwards both in Rust and C++; it's the more interesting properties that tend to make for equally interesting implementations, and one would need to procure Rust and C++ implementations with equivalent properties, preferably from the same author(s), for a proper comparison.
Past research has shown that Rust's current sorting algorithms have different properties than C++ implementations from the time (e.g., the "X safety" results in [0]), so if nothing substantial has changed since then there's going to be some work to do for a proper comparison.
> Also, the Linux kernel developers turned off strict aliasing in the C compilers they use, because they found strict aliasing too difficult.
I'm not sure "they found strict aliasing too difficult" is an entirely correct characterization? From this rather (in)famous email from Linus [0]:
The fact is, using a union to do type punning is the traditional AND
STANDARD way to do type punning in gcc. In fact, it is the
*documented* way to do it for gcc, when you are a f*cking moron and
use "-fstrict-aliasing" and need to undo the braindamage that that
piece of garbage C standard imposes.
[snip]
This is why we use -fwrapv, -fno-strict-aliasing etc. The standard
simply is not *important*, when it is in direct conflict with reality
and reliable code generation.
The *fact* is that gcc documents type punning through unions as the
"right way". You may disagree with that, but putting some theoretical
standards language over the *explicit* and long-time documentation of
the main compiler we use is pure and utter bullshit.
> In Australia we've treated the family home as an investment
That's true of most of the Western world, unfortunately.
> a primary mechanism for wealth creation
I don't disagree but this needs to be correctly framed publicly as simply stealing from the next generation because that's what it is.
> Tax incentives
For anyone unfamiliar, Australia has a system called negative gearing. In the mid-2010s the then Labor party proposed scrapping it and lost the election. It really is the third rail of Australian politics. This is a shame because it needs to be scrapped.
It allows you to deduct losses on property against your ordinary income. So if you have a mortgage payment of $3000/month but only earn $2000/month in rent then your income is reduced by $1000/month. That's waht drives a lot of small investors to essentially speculate on property.
The US actually has a better system than this, which is that if you earn over a certain income level, you cannot deduct passive losses (like the above situation) against ordinary income. That would be better but still not enough.
So many upper income Australians essentially end up just hoarding property. They'll call it "investment properties" but really it's speculation. Historically, property was treated as an income producing asset, not a speculative capitals gains asset.
Oh and capital gains on non-primary residences should be like 70%. If you want to stop rampant speculation, that's how you do it.
> Tangent: how should we approach changing the housing mix in a city like Perth where 95% of new homes are large four-bedroom detached houses?
Perth like every Australian city is an urban planning disaster. It's just endless sprawl up and down the coast and inland to the hills. A generation or two ago it was a quarter acre block. Those days are long gone unless you're wealthy or you're 50km+ from the city (less if you go east).
So it's a car-dependent soulless hellhole. I say this as someone who knows Perth well. So even now if you build higher-density housing along transit routes, as they're doing, you still need a car (or 4) to go anywhere but work. And high land values make infrastructure projects incredibly expensive. Like imagine trying to build the Perth to Mandurah train line now instead of 30+ years ago when it was actually built. I guess they could utilize the Freeway they already had but what about the fremantle or Midland lines?
What you should do as you build out is reserve space for future infrastructure. AFAIK no Australian city, especially Perth, has never done. So Guildford Road or Great Eastern Highway should really be a freeway. Same with Albany Highway.
In 2024 Western Australia did really relax ADU (granny flat) development rules. The rules used to be really strict. Now you can basically always build one with normal building approval if you meet the minimum lot size requirements (generally 450sqm, sometimes as low as 350sqm, depending on the council).
Single family home zoning is really cancer to any decently sized city.
Anyway, the truth is, I'm not sure it can be fixed now. Big infrastructure projects are prohibitively expensive even with tools like eminent domain. We need to look at why it's so expensive to build apartments.
I think the only thing you can do now is for the government to become a significant suplier of housing to increase supply and stabilize rents.
Good points, thoughtfully made. As a resident of Perth, I (largely) endorse that description.
So much of the wealth of our middle- and upper-class is dependent on property ownership and rent-seeking, it's depressing. That population essentially needs to vote against their own self-interest to help improve housing affordability, so it's hard to see that ever happening. The best I could foresee is a government forecasting a stepped reduction of relevant tax benefits over time (e.g. in three years negative gearing gets reduced by half, then half again the following year, etc.) and then future governments honouring that commitment. As you pointed out though, it's a surefire way for any Australian political party to shoot themselves in the face.
I sometimes wonder how strong the demand needs to get for more-affordable housing before the market responds enough to matter. State and local govt could likely have a role in unlocking infill developments and increasing the allowed densities, but I'm not plugged into the planning system. I also strongly agree that state government should be more proactive as a housing supplier (in conjunction with private industry).
Lots of the issues would be "solved" by adequate supply of new dwelling units (which is a way of driving the prices down). There's really no other way of solving the "X people lived here, now 1.4X do, but dwelling units have only increased 1.2 times."
In the past this effect was localized and when housing prices went insane, it was usually in a city, or a region, not a whole country. And high prices would encourage development in the cheaper areas, and people would move "out there".
So there are (at least) six important aspects to the housing crisis.
1. Politically, this issue is a winner and it's crazy that the Democratic Party has refused to bang the drum on this, basically because it potentially upsets corporate donors. They have instead ceded this poopulist political ground to the Republican Party. The Democratic Party does not want to win elections and this should never have been more obvious than the 2024 presidential election;
2. Hoarding housing is state-sanctioned violence. You need housing to live. Housing affordability is the number one factor in homelessness [1]. That then subjects people to violence and danger that we, as a society, are allowing to happen. There is no reason that the wealthiest country on Earth can't provide a roof over the head of every man, woman and child within our borders;
3. The private sector will never solve the housing crisis because solving the housing crisis involves devaluing, definancializing and decommodifying housing. Wealthy people and large corporations who own a lot of real estate won't on their devalue their holdings. Things like Ezra Klein's Abundance claptrap are simply putting a Democratic bow on Reagan era trickle down economics and deregulation. This requires state action. That means the state needs to build significant amounts of housing to provide to people to regulate the housing market. The poster child for this policy is Vienna, Austria;
4. Voters have fooled themselves into thinking that increasing house prices are good for them. They're not. They're bad in virtually every way. There are people who bought a house for $100k in 1990 where that house is now worth $2M. Are you $1.9M richer? No. Because if you sell it what happens? You have to buy another house. And if every other equivalent house costs $2M you still only own one housing unit's worth of wealth;
5. Increasing house prices are simply stealing from the next generation and suppressing wages. Why suppressing wages? Because if you're laden with debt, you'll be a complaint little worker bee. You need that paycheck to not be homeless. You are in effect a debt-slave, particularly combined with student and possibly medical debt; and
6. The next wave of antitrust action will involve the use of AI as a means for market collusion and manipulation. A great and relevant example is RealPage [2]. If all the landlords use the same software and that software is designed to algorithmically increase rents, then that's market collusion. Honestly, dynamic pricing in general needs to be banned.
> There are people who bought a house for $100k in 1990 where that house is now worth $2M. Are you $1.9M richer? No.
This is often repeated but not 100% correct.
You are in fact richer, and you can leverage this $2m in equity to take on debt and buy more houses. This is what has been happening here in Australia, and it's a major factor in the continued rise in prices.
When you've done this, hung on a handful of years and all of your houses have gone up 20-50%, you can cash out for a very nice sum indeed. AFAICT this is now a pretty mainstream middle-class retirement plan in this country, and it's terrible because, as you point out -
> Increasing house prices are simply stealing from the next generation
The money is coming from people, usually younger people, who are funding the insane market with ever larger mortgages and staying in rental properties longer, both of which benefit the equity-holder.
In the US you can often buy houses with no money down.
Also, if you're taking the equity out of your $2M house, how are you servicing that debt?
My point is that it's an awful lot easier to buy 6 $100k houses than it is to buy 6 $2M houses and if houses weren't speculative assets, maybe we wouldn't get those buyers driving up prices.
> In the US you can often buy houses with no money down.
Presumably you can't just walk up to a bank and say "I'd like finance to buy 10 houses please!" with no collateral beyond the houses you're purchasing?
Here you usually need a 10% deposit. If you already own a house you can borrow against equity. The bank considers multiple houses as a single portfolio to calculate loan to value ratio (LVR), and will take tenants rents into account on affordability. A quick worked example based on local figures (average first home price $700k, average home price $1m):
New market entrant looking for a $700k house: Needs $70k in cash for deposit plus $28k stamp duty, takes $630k loan and now has a 90% LVR and 70k equity.
Existing homeowner with $1m house, bought at $300k some years ago and now has $100k left on their mortgage: Has $900k equity. Takes an interest-only loan against equity for the full $728k on the same 700k house. Total property worth $1.7m, 48% LVR qualifying for a lower interest rate and paying much less per month as they have taken the loan interest-only. Didn't have to save up a single cent to cover deposit or stamp duty. Still has $872k in equity on the two properties so does it again three more times. Buys a total of four investment properties, still comes in under 80% LVR.
If the market goes up another 25%, the new entrant is sitting on $245k equity.
The landlord's IPs are now worth 3.5 million on total debts of 3 million, at which point they can sell four houses, clear all their debts including their original mortgage and pocket $500k (and while capital gains tax is chargeable on sale of investment properties, it's heavily discounted compared to other assets). Or they can use this new equity to buy more houses.
> if you're taking the equity out of your $2M house, how are you servicing that debt?
Rent. There's also a rental crisis going on over here. Rents are really high and can pretty easily cover investor mortgages. There's lots of people who would have been able to buy few years back but can't scrape together the finance to do so now that prices have gone up, who are forced to keep renting. So the investor crush creates its own client base!
Plus if you do end up making a loss on mortgage payments, property upkeep etc, the government allows you to offset that against your all-sources income for tax purposes, potentially reducing that loss by 45% if you're a higher rate earner.
> My point is that it's an awful lot easier to buy 6 $100k houses than it is to buy 6 $2M houses, if houses weren't speculative assets, maybe we wouldn't get those buyers driving up prices.
It kinda isn't in Australia. The market rising makes it much easier to access more debt and leverage that into more houses.
But I very much agree that housing shouldn't be a speculative asset and this market is broken. The government should be putting in place disincentives, not discounts and offsets. Unfortunately established homeowners now see this as a normal way of 'getting ahead' and I know multiple people who are effectively playing monopoly like this.
I hate it. Even though in theory I could go out and buy four or five houses next week if I wanted to. But with the rising cost of living and general bleak economic outlook everyone is continually fed, and the seeming impossibility of 'winning' for the average person, I'm not surprised people do it.
Owning your family home through an LLC, depending on your state, is often a bad idea.
There are generous protections in most states for your personal home that you lose if it's owned by an LLC. This includes things like a homestead exemption in bankruptcy protection.
In Florida, for example, there are better options to keep yourself anonymous. Florida has something called a land trust [1].
I feel like mortgage lenders should legitimately wonder why they’re lending to an LLC or a trust rather than an individual. I’m not sure there’s a good answer.
This article reads like propaganda to keep the worker bees slaving away until they die. But I have a few things to say about this and Sergey Brin in particular.
In the early days, many considered Sergey Brin to be the soul or the conscience of Google. He was reportedly the driving force in Google originally pulling out of China rather than capitulating to the censorship regime [1]. This was also after the apparent state-sponsored hack of Google in China [2] so perhaps the motivations were mixed? I don't know.
But Sergey I think is a good example of someone for whom his creation outgrew him. I'm reminded of an old Jeff Atwood blog post where he quoted Accidental Empires [3]. Sergey was a commando. By 2010 Google needed an army. Now? Police.
GoogleX has Sergey's playground but if you look at the track record, possibly the only success I think is Waymo. Glass (mentioned in the article) was not a success and his affair with a subordinate also destroyed his marriage [4].
To me it felt like Sergey was drifting many years before he stepped away. His stepping away felt more like formalizing something that had already happened.
I'm not a billionaire. Not even close. Honestly, I think I'm glad about that because it seems like despite being surrounded with unimaginable wealth, many such people end up isolated and rudderless, desperately dsearching for meaning and connection. Or maybe that's just cope (from me).
The article mentions Gates and how he keeps busy with his philanthropy. Well, there's another piece of common ground between Gates and Brin: Jeffrey Epstein [5]. That's not intended as an implicit or explicit accusation of child predation by Gates or Brin or even of either having knowledge of such malfeasance, to be clear.
But even with a fraction of the DoJ's documents disclosed as well as from the Epstein estate, we can begin to paint a macabre picture of the connections between rich and powerful people that for some reason always seem to have Jeffrey Epstein at their nexus and that means something though we don't really know what.
Has Sergey had a substantial impact on Gemini? Will he? I have no idea. I do wonder if someone worth $100 billion really has the perspective and drive to move something like this. Google has a deep bench of talent and one thing Google is very good at is optimizing code that runs at scale by making their own networking, servers, racks, data centers, data center operating system (ie Borg) and code and efficiency is going to be a huge deal in the LLM space for the foreseeable future.
He's in the files - including photos - and is named by a victim as being present at a "party". It doesn't necessarily mean he did anything untoward but he did fly to the island and attend an event.
Not everyone, just the nounces, like Gates and Brin here. Do you take their defence? Seems like you do. Why would anyone with solid moral values jump to the defence of nounces?
No it is a real question. You have access to EVERYTHING material & service related this world can offer. Why do you also need to torture children and completely ruin their lives?
My interest in literature lies at the intersection with politics and society.
I resonate with the principle that art asks questions. In decades and centuries past, art was particularly important to the masses to question society at a time when that was often forbidden, forcing the use of metaphors. Literature, plays, opera and so on.
So a result of this is that as a general rule conservative political movements cannot produce art because they don't want people to ask questions. They want to give them answers that they take unquestionably in a similar way to how religious dogma is propagated.
So you see how fascist movements, most notably the Third Reich, have treated art and have sought "objective" beauty in an acceptable aesthetic and have denounced actual art as degenerate, even subversive, leading to such terms as "cultural Bolshevism".
So I see the Great Gatsby as questioning the very society of the Roaring Twenties where you might otherwise see it more superficially as simply depicting that era. It's historically noteworthy that it was released in 1925, well before the crash of 1929 and the Great Depression that was (IMHO) the inevitable consequence of an era of great inequality where wealth was accumulated, even then, through financialization. Lest we forget Nick was a bond salesman.
And on top of this system we have Tom and Daisy who are essentially parasitic, who float through life with no regard for the consequences of their actions, who produce and give back nothing in spite of their wealth and status. Other, most notably Gatsby himself, pay the price for their reckless disregard.
I first read the Great Gatsby before the dot-com bust but it seems like you can draw many parallels with the post-GFC tech boom. This is why, for me at least, the Great Gatsby is inherently anti-capitalist.
I've long-viewed password managers are mandatory. Every site get its own 20+ character randomly generated password. I don't care if the hash gets leaked. It's not getting cracked. For years this has been 1Password. Initially it was LastPass but 1Password is just more slick.
The annoyance is all the arbitrary rules sites create about you have to use special characters or you can't or they have different, non-overlapping requirements on password length or the absolute worst is forced password rotation.
I don't generally try and get non-tech friends and family use password managers however because it's still kinda clunky to use and generate. Passkeys are kinda better I guess? But they're far from universal and I don't expect them ever to be.
Anyway, this kind of leak from Meta kinda surprises me. Leaking information that ties a physical address to an email address? That's a massive breach and not normally one you expect form a company employing thousands of engineers.
I will say this: IG operates as its own domain within Meta and AFAIK they still use a completely separate code base in Python/Django. Facebook proper is in Hack (almost entirely) and has excellent tooling and systems to detect weak endpoints and PII leaks of this sort such that leaky endpoints (or however this information leaked; I didn't see any details in the article) really just don't happen.
This has long been a point of friction within Meta engineerings. It's defensible to say it's not worth rewriting but IG are constantly playing catch up with what the rest of the company gets for "free". How many billion+ dollar settlements does it take before this equation changes?
And yes I believe that leaking physical addresses is going to cost th ecompany more than a billion dollars. It may get people killed. That's how serious this is.
reply