Hasnain says:

So this explains why everyone was logged out of GitHub the other day. Interesting technical analysis of a bug and a reminder of how hard it is to get complex code right.

“Taking a step back, a bug such as this is not only challenging from a technical perspective in how to identify complex interactions between multiple threads, deferred callbacks, and object sharing, but it is also a test of an organization’s ability to respond to a problem with an ambiguous cause and risk.”

Hasnain says:

This is a pretty cool profile of a team within the security org at Facebook. The lede sums it up well:

"IN 2019, HACKERS stuffed portable network equipment into a backpack and roamed a Facebook corporate campus to trick people into joining a fake guest Wi-Fi network. That same year, they installed more than 30,000 cryptominers on real Facebook production servers in an attempt to hide even more sinister hacking in all the noise. All of this would have been incredibly alarming had the perpetrators not been Facebook employees themselves, members of the so-called red team charged with spotting vulnerabilities before the bad guys do. "

Hasnain says:

While I’m still processing the terrible, racist shootings in Atlanta yesterday, I found this useful - not just for journalists, but for us everyday folk learning more about this so we can empathize. I’d known a bit superficially about the history of anti-Asian racism in the US but the more I learn the more horrified I get.

“Understand anti-Asian racism and invisibility. Racism against AAPIs is highly nuanced, complex, and has remained historically invisible, and includes a long history of hypersexualization of Asian women that is rooted in Westernized and colonial perceptions of Asia.

This is inextricably linked to harassment and sexualized violence against Asian women. Women of Asian descent have reported 2.3 times more incidents of violence than AAPI men, according to a new Stop AAPI Hate report of nearly 3,800 hate incidents reported since March 2020. “

Hasnain says:

I just learnt today that this is the guy that contributed a lot of the wireguard code to pfsense and is still going strong.

Also who the hell saws their tenant’s floor?!

“Eventually he and Nicole Macy were arrested at Kip Macy's parents' house in 2008 and released on $500,000 bond, for which Kip Macy's parents drained much of their retirement savings to pay. His mother Marie even sold her jewelry to help finance their release. Once free, Kip and Nicole Macy jumped bail, fleeing to Italy, leaving Kip Macy's father and mother, potentially at a loss of half a million dollars.”

Hasnain says:

“In our view, developers don’t care about the distinction between monoliths and services, and simply want the lowest-overhead way to deliver end value to customers. So we have very little doubt that a managed platform which removes operational busywork like capacity planning, while providing maximum flexibility like fast releases, is the way forward. We’re excited to see the industry move toward such platforms.”

Hasnain says:

What the actual.. This quote is not even the worst bit, it keeps getting worse

“Konikowski quit, but her managers — both white men — were eventually promoted to senior management. Van Aalten said the promotions troubled them because one of those managers had called them a Nazi, despite knowing they are Jewish. Multiple former Mailchimp employees also said that the manager questioned whether people with Down's Syndrome were "real people" because they inherit an extra chromosome.”

Hasnain says:

This attack is quite scary.

“"While text message forwarding might have legitimate applications for businesses, the particular implementation underpinning this attack is appallingly weak in security and data privacy. Telcos have different ways of authenticating their customers, obviously including text messaging. The fact that none of these authentication methods are used in this case to get consent from the owner of a forwarded phone number is shocking," Nohl added.”

Hasnain says:

“How did you spend the grant that we provided you? The grant you gave us went into our bank account, which is used to pay for everything. Disaggregating what you paid for versus what others paid for is one of those meaningless time-wasting activities you force on us that harm our work. Here’s a detailed financial report of every expense we made this year. Look through it, and if it makes you feel better to think that you paid for books for low-income children and not staff salaries or whatever, please use your own time to craft that delusion.”

Hasnain says:

“Then I started thinking about it, and realized there’s no way this happened in a vacuum. It’s unlikely that Ryan Parr saw my tweet and immediately escalated it to, “We’re sending this to our legal team.” I think it speaks a lot to their company culture that things went this far. I wonder how many people they’ve threatened with legal action like this. How many people didn’t have the time or the energy to stand up for themselves in the face of a three billion dollar company’s legal team coming after them? It honestly makes me a little sick.”

Hasnain says:

Interesting take on this whole story from an HR perspective

“The core of Google’s culture is to thrust ahead and discover operational flaws as the result of execution. This “move quickly and break things” approach is at the heart of many Silicon Valley firms. The paper urges restraint, research discipline, preplanning, consideration of all stakeholders and investigation of alternative approaches.

It’s hard to imagine a more sensible approach. It’s also hard to imagine a more substantive critique of the culture at Google. It is easy to understand why the company’s leadership responded as they did.”