Hasnain says:

Lots to ponder from this piece. It’s basically the medical history of the stent couched with a human interest story. Makes me think about life and mortality.

“Over the past 17 years, I have kept notes. I try to eat well, walk, and avoid everything that is not good for me – with an occasional exception. I am first to volunteer for new treatments. It is not that I want to live forever, it is just that I want to enjoy life I have – whether it is a day, a decade, or three. Either way, I want to give myself the best chance of doing that.

Lost in my reverie, I realized that one thing I had not thought about even once was the actual technology that set me on the right trajectory – the stent. It is ironic because both as a reporter and as an investor, my first instinct is learning about the who, why, and what of technology. And yet I never took the time to really learn about how a “stent” works, its origin, and how the technology has progressed since December 28, 2007.”

Hasnain says:

"Another low point arrived more than 5,000 miles later when Kato experienced the racism other Africans have faced in Europe.

“The other time I felt like packing it in was in Croatia because I genuinely felt treated as an illegal immigrant. I didn’t feel welcomed or that I belonged in their society.

“The police stopped me at least four times a day. Sometimes, I caught locals taking photos of me and reporting me to the police,” he said.

“This experience, coupled with everything I was processing from my journey in Africa and other personal challenges, made it intensely difficult to keep moving forward.”

Kato wanted his journey to draw attention to the earliest migration of humans from Africa and challenge the racist notion that people should “go back to where they come from”. Viewed as a whole, he said the run had underlined the positive aspects of migration and its potential to “create a more culturally connected and enriched global society”."

Hasnain says:

I liked this migration story a lot (in addition to it just being a Rewrite-it-in-Rust thing). Lots of good tradeoff discussions in addition to gory technical and non-technical details. A few key takeaways for me:

* Motivation really does matter! Even if rust is chosen just because "it's more fun", if that gets you more contributors that's a good thing
* the last 10% is always the last 90%
* incremental migrations are necessary, big-bang rewrites don't work

"The port wasn’t without challenges, and it did not all go entirely as planned. But overall, it went pretty dang well. We’re now left with a codebase that we like a lot more, that has already gained some features that would have been much more annoying to add with C++, with more on the way, and we did it while creating a separate 3.7 release that also included some cool stuff."

Hasnain says:

Thought a lot before sharing this one. On one hand NYT I am glad the NYT is finally reporting truths others have reported and so many know to be evident.

On the other hand they still try to claim it's original reporting, and that this is previously unknown, even though... +972 reported on it months ago (April, IIRC). They can't even claim ignorance - they link to the same piece later on in this one!

a 20:1 ratio of civilian:military deaths being acceptable even for killing a lowly fighter is insane and not what I've seen any respectable modern military do. And there weren't penalties for going over.

On the balance though, given that at least a few more poeple will read this and understand what's going on, I figured I'd share and applaud the NYT reporting this.

"On a few occasions, senior commanders approved strikes on Hamas leaders that they knew would each endanger more than 100 noncombatants — crossing an extraordinary threshold for a contemporary Western military."

Hasnain says:

From the person that brought us Maus. I genuinely do not see how one can hold the horrific facts of the Holocaust in their head, internalize them, say “never again”, and then be okay when they learn what’s going on in Gaza. Disagree on scale however you want, but I’d want to be in opposition even if it gets anywhere near “1% holocaust” and I feel like this is far past that. I take solace and learn from scholars of genocide and the holocaust when they share some of the parallels they’ve seen. I wish the rest of the world will listen (and in particular leadership)

“After the documentary’s premiere, Spiegelman told the sold-out audience in a Q&A session that his next comic will be about Gaza, in collaboration with Joe Sacco. He was wary of providing any details on a project that he thinks will struggle to find a publisher in the United States.

“I’ll finish this thing or die trying. I’ve never had a bigger wrestling match inside my head,” he said. “My superego says, ‘You must do this if you’re going to live with yourself’,” and my id says, ‘Who wants the grief [of] being canceled by everyone on the planet?’””

Hasnain says:

Great read on mental models and thoughts around software engineering

“Do you feel it? Not only do you have to jump all over the article to get the meaning (shallow modules!), but the paragraph in general is difficult to understand. We have just created an unnecessary cognitive load in your head. Do not do this to your colleagues.

We should reduce any cognitive load above and beyond what is intrinsic to the work we do.”

Hasnain says:

178GB -> 5GB is insane

“If you work in a large-ish scale monorepo, and you have CHANGELOG.md or really any file that has a relatively long-ish name (>16 characters) which repeatedly gets updated, you may want to keep your eyes on this path walk stuff.”

Hasnain says:

“
It took less than 3 months of research to discover 6 separate bugs in the adsprpc driver, two of which (CVE-2024-49848 and CVE-2024-21455) were not fixed by Qualcomm under the industry standard 90-day deadline. Furthermore, at the time of writing, CVE-2024-49848 remains unfixed 145 days after it was reported. Past research has shown that chipset drivers for Android are a promising target for attackers, and this ITW exploit represents a meaningful real-world example of the negative ramifications that the current third-party vendor driver security posture poses to end-users. A system’s cybersecurity is only as strong as its weakest link, and chipset/GPU drivers represent one of the weakest links for privilege separation on Android in 2024. Improving both the consistency and quality of code and the efficiency of the third-party vendor driver patch dissemination process are crucial next steps in order to increase the difficulty of privilege escalation on Android devices.”

Hasnain says:

“AI isn't making our software dramatically better because software quality was (perhaps) never primarily limited by coding speed. The hard parts of software development – understanding requirements, designing maintainable systems, handling edge cases, ensuring security and performance – still require human judgment.

What AI does do is let us iterate and experiment faster, potentially leading to better solutions through more rapid exploration. But only if we maintain our engineering discipline and use AI as a tool, not a replacement for good software practices. Remember: The goal isn't to write more code faster. It's to build better software. Used wisely, AI can help us do that. But it's still up to us to know what "better" means and how to achieve it.”

Hasnain says:

Came across this great post on how AI will impact the industry and how people should react - and went down the rabbit hole. Great insights from the author as always.

“The key is to remain pragmatic and focused on delivering value. Learn to use AI tools where they make sense, but don't rely on them as a crutch. Continue developing your fundamental skills and domain expertise. And most importantly, remember that our field has always been about continuous learning and adaptation – this is just the latest chapter in that ongoing story.

The future belongs not to those who can generate the most code, but to those who can best understand and solve real-world problems while leveraging all available tools – including AI – appropriately.”

Hasnain says:

I don’t get this article. I’ve seen a lot of bad takes on what happened but this seems extra weird for some reason, and I’m hoping someone can explain. Author rightly identifies the source of frustration but then side steps what should be done to address the root cause and just talks about private security.

And I just don’t get the Israel link. Like, sure, I “get” it but there’s like so many interpretations. Is he saying CEOs are bad like Israel is? Or that both are “unfairly” maligned?

“While much remains to be learned about the alleged killer Mangione, his written manifesto suggests that he has a strong anti-corporate bias. This view is consistent with the framing of society by many in Gen Z, of which Mangione is a part, that life is a battle between oppressors and the oppressed. We saw that emerge after the Oct. 7 attacks on Israel by Hamas, with many Gen Zers framing Israel as the oppressor and the Palestinians as the oppressed. For them, giant corporations are the enemy that is harming them by only looking out for their profits, not their customers.”

Hasnain says:

Been reading more history lately and that’s how I came across a reference to the Geechee language and had to look it up. I’m glad there are efforts to keep it alive. It’s sad how many languages are dying even in this day and age.

“M’Cheaux, who spoke Gullah exclusively until he learned English in middle school, said the notion of teaching Gullah to outsiders would have been laughable when he was younger. According to Page, some Gullah Geechee elders were physically beaten for speaking the language by educators who traveled south to teach them standard English, as recently as her grandparents’ generation.

Students were put into speech or remedial classes – contributing to a stigma that has lasted for decades. Growing up in Charleston, South Carolina, which has a high concentration of people of Gullah Geechee descent, Page said she remembers a time when saying someone “sounded Geechee” would be considered a provocation, or “fighting words”. As a result, some Gullah people only used the language privately, opting to code-switch in public, or stopped speaking it entirely, preventing their children from learning it as a means of protection.”

Hasnain says:

This won’t end well.

“Homeowners with mortgages are typically required to purchase home insurance, but some without mortgages are opting to go without, especially in places where costs have risen sharply. While that could save them money, it could also make it prohibitively expensive to rebuild if their homes are damaged by natural disasters.

About 6.8% of homeowners reported going without home insurance in 2023, down from 7.4% in 2021, according to an analysis of Census Bureau data by Sharon Cornelissen, director of housing at the Consumer Federation of America.

But the proportion of uninsured owners rose in some major metro areas, especially in Miami, where 21.2% of homeowners went without home insurance in 2023, up from 14.5% in 2021.”

Hasnain says:

As the genocide goes on, I console myself by believing people who support it are primarily just living on an alternative diet of facts and propaganda. I do not want to believe we’re in a world where people acknowledge the facts and are still okay with it. These are not isolated incidents. The Israeli government and military does not sufficiently investigate itself in a lot of cases (unclear about this one). Children are never okay to hurt - doubly so when there is no possibility at all of Hamas being in the vicinity (you’ll see my horrifying example in a sec). Note that this example predates 2023 (article is unclear but it’s either before 2012 or in the 4 years after).

Lastly, as someone pointed out - this is the stuff that gets past their military censor. If they are okay publishing this, what are the other horrors that are left unpublished.

Quote, with as many trigger warnings as I can put below:

"”A new commander came to us. We went out with him on the first patrol at six in the morning. He stops. There's not a soul in the streets, just a little 4-year-old boy playing in the sand in his yard. The commander suddenly starts running, grabs the boy, and breaks his arm at the elbow and his leg here. Stepped on his stomach three times and left. We all stood there with our mouths open. Looking at him in shock ... I asked the commander: "What's your story?" He told me: These kids need to be killed from the day they are born. When a commander does that, it becomes legit."”

Hasnain says:

That clincher at the end, unquoted, is also worth recapping: this hypocritical douche claims he wants to be at the forefront of helping women, while doing this behind the scenes.

“Ms. Abel relayed his frustration to Ms. Nathan: “I think you guys need to be tough and show the strength of what you guys can do in these scenarios. He wants to feel like she can be buried.”

“Of course- but you know when we send over documents we can’t send over the work we will or could do because that could get us in a lot of trouble,” Ms. Nathan responded, adding, “We can’t write we will destroy her.”
Moments later, she said, “Imagine if a document saying all the things that he wants ends up in the wrong hands.”

“You know we can bury anyone,” she wrote.”

Hasnain says:

Worth reading in full.

“I can offer no new insight about how shocking the response to Thompson’s murder has been, or how thin the threshold is between the politesse of acceptable average American decorum and an ecstatic celebration of violence. I, personally, wish every family be spared the fate of the Thompsons. I also wish every family be spared the fate to which the bone-grinding machine that Brian Thompson sat atop condemns millions of others. So long as we tolerate the existence of health insurance for profit, no one will be spared.”

Hasnain says:

“A RealClearInvestigations analysis found that Pelosi’s profits spiked from a variety of holdings that won significant government rescue funds – which amounted to $28 million, a total more than previously known. For their family’s stake in the Auberge du Soleil, the Pelosis received more income in 2021, when bailout funds channeled to the resort, than any other time over the last 10 years.”

Hasnain says:

The numbers here are astounding.

“We clearly have a ways to go, but you should be excited and expect the reality where we use these models extensively to be sooner than most people expect. Assuming progress is the safe bet with AI.”

Hasnain says:

Long but worth reading in full. It was hard to pick out one thing so I’ll just pick the most stark thing that isn’t covered by things I’ve shared before

“BBC journalists emphasize this context when they point to how Berg reshapes everything from headlines, to story text, to images, arguing he repeatedly seeks to foreground the Israeli military perspective while stripping away Palestinian humanity, with one journalist characterizing his approach as “death by a thousand cuts.”

In response to a request for comment from Berg, Drop Site News was informed that Berg had hired British-Israeli lawyer Mark Lewis, who is described as “the UK’s foremost media, libel and privacy lawyer.” The former director of UK Lawyers for Israel, Lewis attended the 2018 launch of Likud-Herut UK, a right-wing Zionist organisation, whose national director is his wife, Mandy Blumenthal. At the launch, Lewis emphasized the importance of “unapologetic Zionism.” Citing rising antisemitism, he announced that he and Blumenthal had immigrated to Israel in December 2018. “Europe in my view is finished,” he declared. His Twitter profile cites his current location as “Israel (legal work England).””

Hasnain says:

I got to integrate with and use glean for a number of use cases back at meta and it was pretty cool. Glad to see it being written about more.

“Furthermore, there are an ever-growing number of ad-hoc queries made by various people and systems to solve a variety of problems. Having a system like Glean means you can ask questions about your code: we don’t know all the questions we might want to ask, nor do we know all the data we might want to store, so Glean deliberately aims to be as general as possible on both of these fronts.”

Hasnain says:

Learnt a lot from this one - I expect myself coming back to it periodically as I get to explore more in AI. In particular it puts names to some techniques I had heard of but never tried out, especially around various workflows and orchestrations.

“One rule of thumb is to think about how much effort goes into human-computer interfaces (HCI), and plan to invest just as much effort in creating good agent-computer interfaces (ACI). Here are some thoughts on how to do so:

Put yourself in the model's shoes. Is it obvious how to use this tool, based on the description and parameters, or would you need to think carefully about it? If so, then it’s probably also true for the model. A good tool definition often includes example usage, edge cases, input format requirements, and clear boundaries from other tools.”

Hasnain says:

“For Üngör, a former student articulated the question at the heart of the debate in an email she sent him early in the war: “Do you only study genocide or do you also want to prevent it?”

It’s a dilemma many scholars of mass violence have been grappling with. Herf, the retired historian, said that for those studying the Holocaust there was a “moral impulse – and that was to see that it never happened again”. He cited fears of Iran and a second, nuclear Holocaust.

Hirsch, the scholar of memory, believes that naming genocide implicates a response.

“Genocide prevention is a responsibility,” she said, citing Philip Gourevitch’s well known book about the Rwandan genocide, We Wish to Inform You That Tomorrow We Will Be Killed With Our Families. The book’s title implicitly calls out those watching as a genocide unfolds.

“Now, we’re watching on our iPhones, and still people are holding back.””

Hasnain says:

a few weeks ago Amnesty International became Hamas for truthfully reporting it’s a genocide. Then earlier this week, HRW. Now Doctors Without Borders.

The tide is turning. The hasbara defenses have gotten more desperate. I hope states listen.

“In January 2024, the International Court of Justice (ICJ) ordered Israel to implement provisional measures to prevent genocidal acts in Gaza. Despite this, no action has been taken to address these measures. MSF’s first-hand observations align with those of an increasing number of legal experts and organizations, concluding that ethnic cleansing and genocide are taking place in Gaza. MSF calls on States, particularly Israel’s closest allies, to end their unconditional support for Israel and fulfill their obligation to prevent genocide in Gaza. States must leverage their influence to alleviate the suffering of the population and enable a massive scale-up of humanitarian assistance in the Gaza Strip. “

Hasnain says:

“To work in DC now is to understand that the genocide in Palestine is not a mistake. The people actually in charge are doing this. Your job is a farce. Your work means nothing. The very top echelons are shredding everything you stood for. You will never afford a house in Washington. If you have a catastrophic health emergency, even you will need to turn to GoFundMe, and every day when you open your phone you see children mangled alive with weapons that you know legally should not be delivered.”

Hasnain says:

This one caught me off guard. I’ve been complaining about media bias for quite a while, including studies done by these folks. But even then I wouldn’t have imagined something this blatant because what. At least folks were slightly more subtle with their bias before.

“A survey of a year’s worth of Palestine-Israel coverage by four Sunday morning news shows—NBC’s Meet the Press, ABC’s This Week With George Stephanopoulos, CBS’s Face the Nation, and CNN’s State of the Union with Jake Tapper and Dana Bash—reveals a startling statistic: With the exception of one interview, the Sunday shows covered and debated the so-called “Israel-Hamas war” for 12 months without speaking to a single Palestinian or Palestinian American.”

Hasnain says:

What does one even say at this point, if soldiers and commanders from the “most moral army in the world” are admitting to this. This was the least horrifying example.

“While Palestinians are officially prohibited from entering, the reality is more severe than a simple exclusion zone. "It's military whitewashing," explains a senior officer in Division 252, who has served three reserve rotations in Gaza. "The division commander designated this area as a 'kill zone.' Anyone who enters is shot."

A recently discharged Division 252 officer describes the arbitrary nature of this boundary: "For the division, the kill zone extends as far as a sniper can see." But the issue goes beyond geography. "We're killing civilians there who are then counted as terrorists," he says. "The IDF spokesperson's announcements about casualty numbers have turned this into a competition between units. If Division 99 kills 150 [people], the next unit aims for 200."”

Hasnain says:

TIL the government only had 2(!) people assigned to Palestine, of which one resigned.

“Far from diplomacy, Casey now works at a local bank, where he watches from afar and his criticisms extend beyond a single administration. He sees a systemic failure in US policy towards Palestinians – a complete absence of a coherent strategy that in turn hurts Israelis too and remains viscerally personal.

“I remember two children killed in a ramming attack at a bus stop in Jerusalem who were the same age as my kids,” Casey said. “You see the effect the conflict has on people in Israel as well. Israelis deserve better, not just Palestinians.”

His ultimate assessment?

“We don’t have a policy on Palestine. We just do what the Israelis want us to do.”

Hasnain says:

“All of what we described in this post is why Leaving Traditions are a cherished part of Google's security culture and something we believe is valuable to share with the industry. They enable us to:

Discover and fix critical vulnerabilities, making Google more secure
Demonstrate the importance of multi-factor authentication as a key defense, ensuring that getting hold of a password isn't enough to compromise an account
Have some fun with coworkers leaving Google, and give them a lasting memento of their time at Google”

Hasnain says:

As always with one of Charity’s posts, I found myself nodding along. There’s so much gold in the founder mode discussions, but it was unfortunately buried under so much hubris. She does a great job extracting the useful information in this piece.

“There is actually no shame in this! He is right: being a CEO is fucking hard. It does not come naturally. Nobody is born good at it. It takes a lot of hard work and pain and suffering to become someone who is good at running a company. I was CEO of Honeycomb for 3.5 years, and it almost killed me. I never got good at it. I have immense respect for the people who do it well.

But this attitude he has, where the buck stops literally everywhere but him — is one I find so fucking repellent. Ethics aside, I also feel like it constitutes a material risk to any company when the CEO is so lacking in humility and self-awareness. (I can leave room for the possibility that he is actually humble as fuck and he just…chose not to share those reflections with us in this talk. 🤷)”

Hasnain says:

The words I have to say about Assad are extremely impolite and vulgar because what else can one say about a maniac who deserves only the worst fates imaginable?

“"One hundred thousand is the most conservative estimate" of the number of bodies buried at the site, said Moustafa, head of the Syrian Emergency Task Force. "It's a very, very extremely almost unfairly conservative estimate."
Moustafa said that he is sure there are more mass graves than the five sites, and that along with Syrians victims included U.S. and British citizens and other foreigners

Hasnain says:

“The survey from Emerson College Polling found 68 percent of all respondents found the actions of the person who shot and killed Thompson unacceptable.

But a startling 24 percent of those aged 18-29 found it “somewhat acceptable,” and 17 percent of that group found it completely acceptable.”

Hasnain says:

“Unlike in most of the developed world, the US healthcare system is provided entirely by private companies and there is no universal, single-payer system for non-seniors. Most Americans must either individually pay into an insurance plan or get insurance through their employer. Plans can cost hundreds and (often) thousands of dollars a month, depending on the extent of users’ needs and the plans being offered by insurers.

“Commentators and talking heads don’t seem to understand the reaction because they don’t see these industries as violent ones,” Ongweso continued. They clearly understand that someone was murdered, he said, “but struggle with the idea that the population views what these companies do is murder on an industrial scale”.”

Hasnain says:

This is horrifying and sobering. There’s data in here that is mind numbing. I’ll leave with just one quote because the rest is horrifying.

Note that the data implies a 99:1 ratio of civilian:military deaths in the incidents they studied, and that’s just Oct 2023.

“By almost every metric, the harm to civilians from the first month of the Israeli campaign in Gaza is incomparable with any 21st century air campaign. It is by far the most intense, destructive, and fatal conflict for civilians that Airwars has ever documented. Key findings include:

At least 5,139 civilians were killed in Gaza in 25 days in October 2023. This is nearly four times more civilians reported killed in a single month than in any conflict Airwars has documented since it was established in 2014.

In October 2023 alone, Airwars documented at least 65 incidents in which a minimum of 20 civilians were killed in a particular incident. This is nearly triple the number of such high-fatality incidents that Airwars has documented within any comparable timeframe.

Over the course of 25 days, Airwars recorded a minimum of 1,900 children killed by Israeli military action in Gaza. This is nearly seven times higher than even the most deadly month for children previously recorded by Airwars.”

Hasnain says:

"Though a lot of workers seemingly have little choice but to comply with RTO mandates, Kaplan predicts many will refuse anyway and foresees a “bloodbath” in 2025 with neither employers nor employees backing down. Some people are sitting on savings from the postpandemic boom and can afford to be jobless for a while; others are optimistic that the labor market will heat back up and re-empower them to negotiate flexible work arrangements. "

Hasnain says:

Chock full of great lessons about compilers and common misconceptions. I learnt a bunch of new things from this one and refreshed my memory about a number of others

“I hope that your answer is no. From a compiler developer's standpoint, this absolute garbage. Basically such a compiler is unusable. At best, it is some kind of research artifact that helps you explore an idea. But forget production. It's not even ok for debugging. To see why, consider a small project with say 5000 lines of code. With 99% correctness rate, this means that in every compilation, 50 lines of code are incorrect. Fifty! And the worst part is: you don't know which and they can be different with every code change. You probably have had the experience of tracking down a bug in a single line of code, which can be both frustrating and time-consuming. Image how it is debugging 50 changing lines of code! Now, imagine moving this to a large-scale project, with possibly millions of lines of code. No, thanks.”

Hasnain says:

Man I miss Scuba. iykyk

“For instance, I observed a spike in p95 build times for iOS CI jobs. Using correlation, I compared the p95 data to CI cluster usage graphs and noticed a simultaneous spike in job wait times. Honeycomb’s synchronized dotted line across graphs confirmed the alignment, leading to a strong hypothesis: long CI agent wait times were causing the build time spike.”

Hasnain says:

“Even more important, the work demonstrates that the Gowers norm can act as a powerful tool in a new domain. “Because it’s so new, at least in this part of number theory, there is potential to do a bunch of other things with it,” Friedlander said. Mathematicians now hope to broaden the scope of the Gowers norm even further — to try using it to solve other problems in number theory beyond counting primes.”

Hasnain says:

This was a really cool read. Had to leave the part before the tldr though because that response time puts us all to shame.

“Timeline and Conclusion

The bug was reported August 23, 2024, and it was acknowledged after only 21 minutes, asking to verify their proposed fix. After acknowledging, a new release↗ was pushed a few minutes later.

Long Story Short

These three issues were all caused by the same root cause; the usage of a non-cryptographically secure PRNG. All of the bugs were exacerbated by the unexpected low entropy in the Flutter PRNG, where the internal seeds are just 32 bits. We showed practical attacks that will recover secrets within a reasonable time and how they led to attacks on Flutter developers, users of the Proton Wallet mobile application, and users of SelfPrivacy.”

Hasnain says:

What in the world is it with these names

“The field is already fairly crowded. Some of the better-known tools have on-the-nose names like FlirtFlow, ChatterCharms, and Botly. Another competitor, the relatively generically named Supercreator, has a suite of AI tools, from AI-generated scripts to an assistant called Inbox Copilot that algorithmically sorts simps, moving “spenders” to the top of the list and ignoring “freeloaders.””

Hasnain says:

“Cayley said the ICC faced “great difficulty assessing” the level of Hamas militant presence in hospitals “because clearly there are lies being spoken, but that is really something we do need to get to the bottom of as a prosecution office”.

He added: “I think that has been grossly exaggerated, but we need to be able to demonstrate very clearly what the level of military presence was, if at all, in these hospitals because I think we’ve been misled about that in the press.”

Cayley indicated that Israeli operations against Gaza’s healthcare facilities would be examined. “Looking at damage to health facilities, destruction of health facilities, we will be coming on to that probably later next year. We’re having to do this in stages simply because of the resources that we have,” he added.”

Hasnain says:

There is so much useful information here that I’ll find myself coming back to this a few times in the future. A lot of these are problems I’ve seen personally across multiple companies. Key takeaways for me

* fundamentals still matter. You can protect against the most advanced threats but if there’s something basic missing it’s still game over
* security, engineering, IT, etc being multiple orgs is valuable but also causes friction working across orgs. I wish there was something better, but everyone being in one org has its downsides too
* I wish there was one tool to rule them all
* there is a sore need for core fundamental improvements across the board

Picking one quote out of many that resonated with me:

“Tracking ownership of services, assets, and applications has become increasingly complex. “It’s quite social and messy… more gardening than construction,” as one participant described it. Missing service catalogs, incomplete asset inventories, and unclear SaaS application ownership create operational friction.”

Hasnain says:

There was so much debate about the google willow thing. I think it was a super impressive achievement but the implication people were taking that it somehow proves the many worlds interpretation correct seemed overblown.

"In his remarks yesterday, Google Quantum AI leader Hartmut Neven talked about David Deutsch’s argument, way back in the 1990s, that quantum computers should force us to accept the reality of the Everettian multiverse, since “where else could the computation have happened, if it wasn’t being farmed out to parallel universes?” And naturally there was lots of debate about that on Hacker News and so forth. Let me confine myself here to saying that, in my view, the new experiment doesn’t add anything new to this old debate. It’s yet another confirmation of the predictions of quantum mechanics. What those predictions mean for our understanding of reality can continue to argued as it’s been since the 1920s."

Hasnain says:

Tonight’s technical read: how an autonomous AI agent found a critical security vulnerability given just a jar and a prompt.

I’m sure there was a lot of hand holding and failed attempts but this result is still pretty mind blowing. For me the key takeaways here are again in how the prompting was done, how a multi step reasoning process can really help with AI agents, and last (but not least) how important it is to watch out for error behavior and not log things you don’t want to.

“It’s worth reading the full trace showing XBOW’s discovery and exploitation of the vulnerability, but here we’ll provide a guided tour through the most interesting moments. Note that some of the trace excerpts below have been edited for brevity.”

Hasnain says:

Today’s technical read: how past colleagues over at Google have been using LLMs to automate vulnerability discovery. Some interesting takeaways for me were:

* providing specific context really matters
* LLMs can automate the full life cycle of what a human does, it just needs to be broken down into manageable chunks (and agents are promising). I’m hoping to cover a bit of this in a personal blog soon.
* this is worth reading even if you don’t know anything about fuzzing, as it applies to general test generation too
* LLMs make some things so much easier, when I contrast this post with work we did on [ thing I wish I could talk about but can’t due to NDA, past coworkers know what I’m talking about - could you please blog about it? :) ]

“This blog post discusses the results and lessons over a year and a half of work to bring AI-powered fuzzing to this point, both in introducing AI into fuzz target generation and expanding this to simulate a developer’s workflow. These efforts continue our explorations of how AI can transform vulnerability discovery and strengthen the arsenal of defenders everywhere.”

Hasnain says:

I am glad the people of Syria are free. This is too nice of an ending for Assad - no place in hell is hot enough for him - but the people are free. Now the work to recover begins

“AMMAN/BEIRUT, Dec 8 (Reuters) - Syria's army command has notified officers that President
Bashar al-Assad's rule has ended following a lightning rebel offensive, a Syrian officer who was informed of the move told Reuters.

Syrian rebels said Damascus was "now free of Assad".
Earlier Assad flew out of Damascus for an unknown destination on Sunday, two senior army officers told Reuters, as rebels said they had entered the capital with no sign of army deployments.”

Hasnain says:

This is a 296 (!) page report. I’ve only read the summary page so far and need to read the full report. As the Zeteo summary calls out, Amnesty International will now join a wide range of organizations, like the UN, which are now part of Hamas, for calling the genocide a genocide (sarcasm)

“Our findings must serve as a wake-up call to the international community: this is genocide, and it must stop now. By publishing this report now, Amnesty International’s goal is to help stop the on-going genocide in Gaza and prevent further acts of genocide against Palestinians and reiterate the urgency of the need for a ceasefire. In the longer term, its aim is to support measures aimed at accountability for crimes under international law, including genocide, and other serious human rights violations, and justice and reparation for victims and survivors.

States that continue to transfer arms to the government of Israel, particularly the U.S., must know they are violating their obligation to prevent genocide and are at risk of becoming complicit in genocide. Amnesty International has documented the Israeli military’s use of US-made weapons in attacks on Gaza during this conflict that have unlawfully killed and injured civilians. “

Hasnain says:

This is the first time in recent memory I have seen people across the political spectrum *celebrate* a murder. I don’t know how I feel about this (well, I do - disgust). There is a lot of rightful frustration and anger at the healthcare system in America, and I have my reservations about a lot of CEOs, but glorifying murder seems overboard.

As someone did point out though, the fact that this is being celebrated says a lot about the undercurrents and desperations in society at a system that is harming the average person, and this needs to be rectified or we will go down a dark path.

“A gunman, masked in the freezing temperatures, waited for about 10 minutes before Thompson’s arrival before opening fire multiple times, striking Thompson from about 20 feet away, investigators tell CNN.”

Hasnain says:

Supply chain security takes a new turn here. I don’t see this ending well for anyone. Especially not the computer industry

“The Chinese ban on superhard mineral exports could provoke particular unhappiness in America’s national security community. That ban appeared to be aimed at Chinese exports of tungsten, which is vital for making armor-piercing bullets and shells, said Oliver Friesen, the chief executive of Guardian Metal Resources, a London company that is planning to mine tungsten in Nevada.

It will take close to three years to establish a new tungsten mine in Nevada, he said, adding: “We’re moving things along quite quickly.””

Hasnain says:

Great read on burnout in the tech industry. I’m a few years late to this post but man did it resonate hard.

“Looking back, the best moment I had in 2020 was over Christmas break, sitting on the couch with my laptop. I spent all day, maybe 8 hours, reading about SolarWinds. My boyfriend told me to stop working. It wasn’t work, and it was great. I was learning something. Completing something. Doing something because I wanted to do it, not because it was the next urgent thing that needed to happen. It felt like work used to feel like. That’s what I’m looking forward to again.”

Hasnain says:

Great read on how hiring is now impacted by LLMs

“The tech interview process needs to catch up because LLM tools are changing the definition of a “great programmer”. Being a standout software engineer today includes proficiency with LLM tools, and knowing when to utilize them. An engineer who was standout in 2021 and refuses to use LLM tools today, will struggle to remain standout in many workplaces.”

Hasnain says:

“I think this is the point of middle management! Like, the good stuff that it can do when not squashed into number-crunching and goal-checkbox-filling. At each level of the system, people have the context to understand what they’re talking about, and the relationships to say what they mean. Alignment is not bestowed; it is negotiated.”

Hasnain says:

Learnt a lot of math and systems stuff here.

“It is entirely acceptable and workable to treat erasure codes as a magic function that turns 1 file into chunks and back. You can stop reading here, and not knowing the details of what math is being performed will not hinder your ability to leverage erasure codes to great effect in distributed systems or databases. (And if you continue, take what follows with a large grain of salt, as efficient erasure coding is a subject folk have spent years on, and the below is what I’ve collected from a couple of days of reading through papers I only half understand.)”

Hasnain says:

Finally got around to reading this which was published in April. Great read

“It’s impressive what a tiny team of experienced engineers can build. I had to triple-check that Bluesky’s core team was only two engineers for almost nine months, during which time they built the basics of the protocol, and made progress with the iOS and Android apps. Even now, Bluesky is a very lean team of around 12 engineers for the complexity they build with and the company’s growth. “

Hasnain says:

“We’ve explored a bunch of different databases, all used in production by some of the largest companies on the planet, and hopefully this will have exposed you to some technologies you weren’t familiar with before. Take this knowledge with you as you look to solve interesting problems.”

Hasnain says:

The math isn’t mathing: we see daily reports of at least 100 folks killed but the death toll is still 40k (tech4palestine has a great explainer on why). I wish the media would explain that more accurately. I wish I was wrong here (would be the happiest person in the world to be wrong) but I strongly suspect the toll is already at or above 200k

“The developments underscore the worsening humanitarian situation in the enclave, where tens of thousands of people have been killed by the Israeli military, and chronic hunger threatens the remaining civilian population. On Friday, two children and a woman were crushed to death while attempting to buy food from a bakery in central Gaza.”

Hasnain says:

This is the same guy who’s said a lot of disgraceful stuff about Palestinians in the past. And even he’s calling it like it is.

““There’s no Beit Lahia. There’s no Beit Hanoun. They’re now operating in Jabaliya. They’re basically cleaning the territory of Arabs,” he said, referring to towns and cities in northern Gaza where a renewed Israeli offensive against the militant group Hamas has caused extensive damage in recent months. Tens of thousands of Palestinians have been killed in Gaza since the war began in response to the deadly Hamas-led attack on Israel in October 2023.”

Hasnain says:

“In the meantime, Broden, Nazareth and Voth have all graduated high school. Only Broden has decided to continue working on the tetrahedron problem — when he’s not busy with college coursework — but all three are considering math careers. “It feels meaningful that I’m trying to contribute to something bigger than myself, to the nature of truth,” Nazareth said. It all starts with asking the right question.”

Hasnain says:

“Looking at the incoming Trump administration, his Republican governing trifecta, and the Supreme Court’s conservative supermajority, Rabin-Havt says: ”The truth is, we are condemned to the future we are going to be forced to live in because two octogenarians had egos too big to know when they had to quit: Ruth Bader Ginsburg and Joe Biden.””