This guy's antics were featured on Retraction Watch back in 2022 [0]. All of this apparently happened in plain sight—as illustrated by this (farcical, single-candidate) faculty vote getting 50% blank ballots–protest votes. Everyone there knew.
"How can we design algorithms to detect..." is the wrong question in response to this scandal—it's completely in the wrong category. IMHO! These citation cliques are unsubtle and basically trivial to detect. It's the professional work culture of research universities that's the hard, unsolved problem.
Kind of sad, that I was surprised they did that. It's definitely a local thing. I'd expect the police to shrug, and say it's too bad, just file a report to use for insurance.
I remember people saying "so what if you have tags, police won't do anything and you shouldn't be confronting thieves anyway".
Apple, on the other hand, is also explicit about tags not to be used as an anti-theft device. The word "theft" doesn't appear even once on https://www.apple.com/airtag. It would be interesting if they still released a puff piece as a response: "Oh look, a carpenter `found` his tools in the next state, in a warehouse along with other tools. We don't know how they ended up there, but isn't that great?"
I don't work for Snowflake but I spend a lot of time working with them and their SE organisation.
When working and building demos with clients, SEs create demonstration environments on the same $400 Snowflake demo accounts anyone can. To build demos the client would grant access to that SE. The SE would take some of the data to the demo environment and then work on it. This is further confirmed by the name of the environment Hudson Rock just published.
As far as I can tell, this is a process issue of clients not expiring an ID of someone who they were sharing data with and a threat actor swiping credentials. There is nothing novel about this as there is no exploit.
Also congrats Hudson Rock you just outed a person who was taken due to having malware on their computer. This is no different then if you gave a contractor credentials and they had those swiped. Dicks.
Just because there isn’t a “novel exploit” doesn’t mean this isn’t a big deal.
Snowflake is susceptible to their SE’s having credentials stolen. These credentials can bypass MFA. And per the article, they have no expiry. That’s strikes one, two, and three.
Snowflake’s security practices lead to a situation where their customers are either required, or at minimum encouraged, to share access to broad datasets with Snowflake employees. That’s strike four.
Yes, there is also issue here that the customers are responsible themselves for not granting too broad access, and that’s on them. But it’s also on Snowflake for not having a better system that doesn’t require this access, or at minimum not having better oversight and control over this transitive access.
Once these accounts are granted access to a customer’s data, they aren’t “demo accounts” anymore. They’re real accounts, with real, very valuable data, and they should be treated as such.
Edit to add: it is worth noting that Snowflake claims the demo account did not have access to customer data and wasn’t the source of the leak, which is in contradiction with what the attackers claim.
> The 13 marines who volunteered were trained in historical combat, fitted with sensors that monitored their performance, and fed roughly 4,500 calories worth of goat cheese, roasted meat, olives, bread, water, wine, and other Bronze Age culinary delicacies. And then they had a go at it.
This is science at its best.
> During those 11 hours, a typical warrior in Homeric tales would go through 31 one-versus-one duels, 10 encounters with the enemy on a chariot, two chariot-versus-chariot engagements, and one chariot-versus-warrior-on-ship encounter (a ranged battle where the warrior defended beached ships from charging chariots).
That Tweet links to this [1] description which, in glancing at the text, seems to indeed be accurate:
----
According to the latest draft regulation dated 28 May (Council document 9093/24), which is presented as “upload moderation”, users of apps and services with chat functions are to be asked whether they accept the indiscriminate and error-prone scanning and possibly reporting of their privately shared images, photos and videos. Previously unknown images and videos are also to be scrutinised using “artificial intelligence” technology. If a user refuses the scanning, they would be blocked from sending or receiving images, photos, videos and links (Article 10). End-to-end encrypted services such as Whatsapp or Signal would have to implement the automated searches “prior to transmission” of a message (so-called client-side scanning, Article 10a). The initially proposed scanning of text messages for indications of grooming, which is hardly being used to date, is to be scrapped, as is the scanning of voice communication, which has never been done before. Probably as a concession to France, the chats of employees of security authorities and the military are also to be exempted from chat control.
----
Strange times we live in. Entertaining, but strange.
This one is pretty bad. This guy found a fake Facebook customer support phone number in a Google search, then asked the Meta AI chat in Facebook Messenger if the number he found was a real Facebook help line... and Meta AI said that it was. There's a screenshot of the chat in the article.
I used the support link provided. They tried to give me 3 months of premium instead of a refund. I declined. They replied:
>Thank you for waiting! As I can only suggest you for free Premium in your account. The actual Car Thing refund is done by the specialty advisors, so I'll create a case related to your issue and transfer it and the right team will get back to you through email. Sounds good?
Sometimes it's best to be DRY right from the start.
Several years ago, I did some contract work for a company that needed importers for airspace data and various other kinds of data relevant to flying.
In the US, the Federal Aviation Administration (FAA) publishes datasets for several kinds of airspace data. Two of them are called "Class Airspace" and "Special Use Airspace".
The guy who wrote the original importers for these treated them as completely separate and unrelated data. He used an internal generic tool to convert the FAA data for each kind of airspace into a format used within the company, and then wrote separate C++ code, thousands of lines of code each.
Thing is, the data for these two kinds of airspace is mostly identical. You could process it all with one common codebase, with separate code for only the 10% of the data that is different between the two formats.
When I asked him about this, he said, "I have this philosophy that says if you only have two similar things, it's best to write separate code for each. Once you get to a third, then you can think about refactoring and making some common code."
That is a good philosophy! I have often followed it myself.
But in this case, it was obvious that the two data formats were mostly the same, and there was never going to be a third kind of almost-identical airspace, only the two. So we had twice the code we needed.
During my early days in my tech career. I joined a small tech firm that did linux kernel programming and embedded stuff. It was my first job out of college and I was really excited. My mentor was a 50+ guy whom I walked everyday from work to back my home. It didn't started out like that, we would leave work around different times and one day it was raining, so we waited and then it became sort of habit. I learned so much about programming and life in general. Made me a better programmer for sure. I'm always grateful!
I had a colleague who was old school and loved optimising, everything he reviewed come back with tiny changes that would save fractions of a ms. His nemesis was a guy who was arguably the best coder I have ever worked with. Things come to a head in one meeting and old school said if we did things his way our code would run quicker and the response was legendary 'If we coded like you it'd run quicker because most of the functionality would be still in the backlog.' I still think about that when it comes to optimisation.
Oh, finally a chance to put my Philosophy degree to use!
The error says the "message" does not exist, but the message is not the same as the text. The message is an object that can be saved or discarded, and it contains text.
The text still exists and can be copied, but the message is gone and can't be saved anymore.
HOAs require more than (or a very specific extension of) freedom of association to exist: they require an ability to bind any future owners of a piece of land to join the HOA (regardless of how they acquired that land: via sale, inheritance, bankruptcy, ...). For property that's not real estate that's usually not possible (see e.g. inability of companies to provide binding promises on how the data they have are used after they go bankrupt). Given that this ability applies very inconsistently across types of property, it doesn't seem like an essential part of freedom of association.
Someone always scoffs, but I think it is usually a sign that they don’t really understand freedom. In particular, the freedom of association. Many countries recognize it, so I don't need to get in to the exact legal justifications for it.
Put plainly, this is the freedom to form groups that govern the behavior of their members. A group could be a dinner party, a study group, a book club, a circle of friends. It can also be much more serious. It could be a corporation, a union, a church, a political party, or a religion. Or it could be an HOA, or a town, or a state. If you like one or more of those types of groups then it is important to protect the freedom of association, even if you don’t like any of the others.
Every group has rules, even the most informal. When you invite your friends out to dinner you probably don’t sit down and vote on the exact rules your dinner party will follow, but your party has rules regardless. And every group punishes violations of the rules somehow. If you get drunk and dance naked on top of a table, then you will suffer some form of sanction by the other members of the dinner party. At the very least you probably won’t be invited back. More formal groups like HOAs, corporations, and towns tend to have written rules and proscribed punishments for violations. They also have built–in ways of changing those rules.
Ultimately some HOAs are useful while others are petty and run by vindictive idiots. An HOA that was useful for 50 years and never created any drama could turn bad next year when they elect some new board members. An HOA that is bad today _could_ elect new board members and then become drama–free and stay that way for 50 years, even if it seems unlikely. People who end up in a petty HOA usually regret it, and come to see joining any HOA as a big mistake. People in a sane HOA often wonder what the fuss is about.
But here’s the truth: true freedom includes the freedom to make mistakes, even big mistakes.
The freedom of association allows us to join any group we want, but sometimes joining will be a mistake. You can’t prevent people from making those mistakes without limiting their freedom. You can’t even reliably predict which mistakes they’re going to make, so you would end up preventing them from doing things that wouldn’t be mistakes too.
I was a full-time mom and military wife when my kids were little. We moved into a 2 bedroom, 50 year old duplex at a new duty station and there was a low-ceiling basement that was mostly consumed by a giant boiler but there was one low-ceiling room down there and we made it a playroom because our two kids were sharing a really tiny bedroom.
So we set up a TV down there and it's a rental so we don't want to drill holes anywhere and I'm talking to my 8 year old about going to the store, buying like 100 feet of cable and running it the long way around the outer wall of the room etc. when he says "What about the hole (in the wall, directly behind the TV and the other side is the stairs)?"
To be fair, he spent time in that room and the opening in the cement block wall or whatever was full of insulation, so it wasn't obvious, but man did I feel stupid for a minute.
And then very relieved because we already owned a long enough cable to set it up through the hole in the wall. The 100 foot cable would have been a bit of a financial burden and going to buy it and then run it the long way around would have eaten the rest of my day and this was resolved in minutes because I always encouraged my kids to ask questions and didn't treat them like that was "disrespecting my authority" or something.
I am from China and I always thought I am very good at math, because I can get good grades at national Olympiad level math competitions. After I came to America, I realized that I got good grades in China because I internalized the math concepts by doing large amounts of problem sets and it was actually a very slow learning process. In college mathematics courses, I realized that some of my American classmates can grasp new concepts and mental models ways faster than me, without doing much problem sets. We have just been learning math in very different ways.
> If someone says they sent you "Book Draft 1.docx" and you check your email to find "Book draft 1.docx," you don't say, "Hey! I think you sent me the wrong file!"
But you also wouldn't say that if they sent "Book - Draft 1.docx", "Book Draft I.docx", "BookDraft1.docx", "Book_Draft_1.docx", or "Book Draft 1.doc", and surely you wouldn't want a filesystem to treat all of them as the same.
> What he didn't know at the time is there is no phone number for Facebook customer support.
Part of the problem here is that Facebook (though in fairness, they are not unique here) has left this traditional path of escalation void, leaving only fake numbers. They don't even have a real number to play a recorded message affirming that there is no ability to call.
ETA: For instance, I notice Facebook appears to own the typo squat `facrbook.com`. I feel like it's the same principle, though I assume toll free numbers are more expensive.
> I try a bunch of different OCR programs, but can't find any that can transcribe the document with 100% accuracy. They often confuse certain letters or numbers (like 0 and C, 9 and 4, 0 and D). Sometimes they omit characters, sometimes they introduce new ones. I try different font sizes and different fonts, but it doesn't matter.
I decided to OCR a hex dump from an old computer magazine a while back and fixed this problem by writing a tool to help verify the OCR result. Basically you input the OCR'd result and segment the numbers. It'll display the original segmented characters ordered by their class, and the human eye will very quickly find any chars that do not belong, e.g. 3s sorted under "8" etc.
I wrote two blog posts about this, and the tools are also linked from the blog posts. Note: the tools are just slightly more user-friendly than sendmail.
That said, I don't know if these old Apple laptops came with anything resembling a programming environment (or at least that ancient version of Microsoft Word?), but even if not... There must be a better way (even without hardware hacking)!
After my little sister had her first child and realized how expensive baby stuff is, she started a lucrative side-hustle and ran with it for years. Basically, she bought baby stuff from a warehouse that got their inventory from returns at large retailers like Target and Walmart. She focused almost entirely on baby strollers, but also backyard swing sets for kids, and got it all for pennies-on-the-dollar. She became friendly with the customer service repos at the stroller manufacturers and could usually get replacement parts for free (it's a warranty replacement if the service rep says it is). She knew all the stroller model numbers and their associated various part numbers. She got really good at repairing the strollers in her garage, and then flipping them on Craigslist. Her garage looked like a baby stroller showroom. She made decent money doing it, but the best part is her "customers" (other new mothers, most of them poor) were always so happy and appreciative because of the deal they were getting. Everyone was happy.
The real secret sauce to her side-hustle was the relationship she had with the lady who managed the warehouse where she bought the baby stuff. The warehouses usually have auctions on large lots or pallets of stuff; you bid on whatever's on the pallet, you've got no choice. The lady used to let my sister come to the warehouse periodically (usually just before a big auction) and cherrypick what she wanted, which was always the baby strollers and swing sets. The side-hustle wouldn't have worked without that. (My sister (and her husband) used to flip houses, too, and I think she sold the warehouse lady a house.)
Yes, even during my career computers became faster by a factor of ~100 or so, yet computers don't feel much faster if at all. Yes, they're much more _capable_, but usually even less responsive than e.g. in Windows 95 days.
I think just having the intuition of how fast computers can work is what the industry is sorely lacking. I am usually able to achieve very good performance for the stuff that I'm working on, despite the fact that it often requires a stupid amount of computation, just because I know how much a computer can actually do in a given amount of time when it's tuned correctly.
The bad thing is that people still think LLMs can be trusted at all. Companies integrating them into their offerings are not helping the public adopt the correct mental framing of these tools as "plausible text generators".
> Stop using Discord for anything else than just chatting. Stop dumping knowledge into a black hole. Use forums. Use the open web. Future nerds will thank you.
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Bugging communications by investigators with special approval is already an exception to this principle. Government bodies that make sure that laws conform to the constitution should veto any exception broader than that, so this draft should basically be pointless.
It feels like there are social/political mechanisms at work that allow that to however happen. They pave the road to Hell little by little, one stone at a time, and this is neither strange nor entertaining. To me, the beginning of this century has similarities with the beginning of the previous, which is quite worrying.
I'm not involved in this, either as a developer or as a user.
But if I used a project, and that project's new owner hostilely relicensed parts of it, I'd assume that other parts are likely to go down the same path. I can understand why someone would want to make sure code developed under the previous social contract remains accessible and updated under the same terms.
My company started using GCP in the last few months, and my tolerance for sanctimonious engineering articles from Google has gone down quite a bit as a result.
"How can we design algorithms to detect..." is the wrong question in response to this scandal—it's completely in the wrong category. IMHO! These citation cliques are unsubtle and basically trivial to detect. It's the professional work culture of research universities that's the hard, unsolved problem.
[0] https://retractionwatch.com/2022/03/25/how-critics-say-a-com... ("How critics say a computer scientist in Spain artificially boosted his Google Scholar metrics")