Hasnain says:

“In a separate case involving all 50 US states and the District of Columbia, Intuit, in May 2022, agreed to pay $141 million in restitution to nearly 4.4 million consumers who "started using TurboTax's Free Edition for tax years 2016 through 2018 and were told that they had to pay to file even though they were eligible to file for free using the IRS Free File program offered through TurboTax," New York Attorney General Letitia James' office said at the time. Under that settlement, Intuit was required to stop its "free, free, free" ad campaign.”

Hasnain says:

Talk about finding a needle in a haystack…

“Our investigation found that a consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process (“crash dump”). The crash dumps, which redact sensitive information, should not include the signing key. In this case, a race condition allowed the key to be present in the crash dump (this issue has been corrected). The key material’s presence in the crash dump was not detected by our systems (this issue has been corrected).

We found that this crash dump, believed at the time not to contain key material, was subsequently moved from the isolated production network into our debugging environment on the internet connected corporate network. This is consistent with our standard debugging processes. Our credential scanning methods did not detect its presence (this issue has been corrected).

After April 2021, when the key was leaked to the corporate environment in the crash dump, the Storm-0558 actor was able to successfully compromise a Microsoft engineer’s corporate account. This account had access to the debugging environment containing the crash dump which incorrectly contained the key. Due to log retention policies, we don’t have logs with specific evidence of this exfiltration by this actor, but this was the most probable mechanism by which the actor acquired the key.”

Hasnain says:

I regret that I canceled the NYT sub ages ago so I can’t cancel again.

“On August 22, the day before publication, Heidi says she began to fear the story would be just that. She’d traveled three hours to Springfield, Missouri to watch Reed testify at the Greene County Courthouse in a hearing on whether to allow Missouri’s gender-affirming care ban to come into effect.* Ghorayshi was there too, and watching Ghorayshi interacting with Reed “in the exact way she was talking to us,” Heidi began to suspect the story would be a positive portrayal of Reed, the woman she’d proved had misrepresented her daughter’s private medical history in a sworn affidavit. Angrily, she confronted Reed, identifying herself as “liver toxicity mom.” During their encounter she describes seeing Reed looking over to Ghorayshi during the encounter, seeking support.

According to Heidi, the confrontation ended with herself in tears, and Reed laughing as she walked away. “This is a positive portrayal of her,” she recalls telling Ghorayshi. “We’re out. We’re out.”

This wasn’t what Ghorayshi wanted to hear. As Heidi describes it, Ghorayshi followed her to her car, at one point standing in an open car door to prevent them from driving off, adamantly arguing for the family not to leave, not to end the conversation, and above all not to pull out of the piece. Eventually, Heidi and her husband drove away, feeling certain that they were through. But Ghorayshi called and called, and eventually they relented, allowing her to come to a hotel room they’d booked for the night. There, the three spent hours going over every paragraph, as described in detail by Ghorayshi, of what the upcoming NYT article would contain.

Heidi and her husband weren’t happy with what they heard, but now they were faced with a terrible dilemma. If they pulled out of the story there would be nothing on the record showing that Reed’s affidavit directly misrepresented a specific event.

“You’ve betrayed us, Azeen. You have completely betrayed us,” Heidi recalls telling Ghorayshi that night. Defeated, they eventually agreed that their story would remain in the piece.”

Hasnain says:

“But it’s striking nonetheless that Chili’s, and not church or the local playground, is where Americans today are most likely to cross paths with someone of a different income class.

Viewed one way, this is a failure of civil society: Public institutions have been woefully unsuccessful, in some cases counterproductive, in knitting together different socioeconomic strata. Of course, the kinds of policy changes that might encourage more inter-class elbow-rubbing generally face fierce political opposition (busing, for instance, or relaxing zoning rules). Some might also compromise other valuable services public institutions provide. Having more local libraries is good for promoting access, even if closing and consolidating a few could theoretically promote more class mixing.”

Hasnain says:

I found this interesting and kept nodding along - not just cause I worked on something called Invariant Detector. Programs need to have a model of the world and using invariants helps me get the machines to check my work. It’s hard to imagine programming without them.

“Invariants are a powerful tool for reasoning about algorithms, data structures, and distributed systems. It's worth thinking through a set of invariants for any complex system or algorithm you design or implement. It's also worth building your implementation in such a way that even global invariants can be easily tested in a deterministic and repeatable way.”

Hasnain says:

“As the software engineering industry, we should collectively admit we’ve done a much worse job of measuring productivity down to the individual level, than other functions have. Take sales as an example.”

Hasnain says:

“So yes, it's a shame when we find out that esteemed members of our community might have made up data. That's bad, and they shouldn't do it. But catching the cheaters won't bring our field back to life. Only new ideas can do that. Sweet, sweet ideas, ideas that matter, ideas that you can build on, ideas that would take something with them if they disappeared. That's what I'm going to look for, and fortunately I am good at searching for sweet things and reporting back about their location, because I am not a human at all, but a bunch of bees.

(Please don't sue me.)”

Hasnain says:

Good, albeit short piece. Can’t wait for others in the series.

“A naive implementation that fits these requirements would have us plumb a signal into each of our RPC clients that, when received, causes them to fail a specified percentage of traffic away from a particular AZ. This turns out to have a lot of complexity lurking within. Slack does not share a common codebase or even runtime; services in the user-facing request path are written in Hack, Go, Java, and C++. This would necessitate a separate implementation in each language. Beyond that concern, we support a number of internal service discovery interfaces including the Envoy xDS API, the Consul API, and even DNS. Notably, DNS does not offer an abstraction for something like an AZ or partial draining; clients expect to resolve a DNS address and receive a list of IPs and no more. Finally, we rely heavily on open-source systems like Vitess, for which code-level changes present an unpleasant choice between maintaining an internal fork and doing the additional work to get changes merged into upstream.”

Hasnain says:

Great read on AI, tech, and IP concerns.

“A few weeks ago, in an art gallery in London, I saw a Durer print that wasn’t a Durer print - it was a copy, made in around 1506 by Raimondi, a student of Raphael. Vasari tells us that Durer was furious and went to court in Venice. I treasure the idea of Venetian magistrates trying to work out how to think about this: their verdict was that Raimondi could carry on making the copies, but could no longer include Durer’s logo. That was a case about intellectual property, but the verdict is also a neat split between two ideas of authenticity. Do we care who made it, and why, or do we just want the picture? That's why some people are horrified by music generators or Midjourney, (or, 150 years ago, were horrified by cameras), and others aren't worried at all. “

Hasnain says:

“There are different types of progress in math and science. One kind brings order to chaos. But another intensifies the chaos by dispelling hopeful assumptions that weren’t true. The disproof of the telescope conjecture is like that. It deepens the complexity of geometry and raises the odds that many generations of grandchildren will come and go before anyone fully understands maps between spheres.

“Every major advance in the subject seems to tell us the answer is a lot more complicated than we thought before,” Ravenel said.”