FTC judge rules Intuit broke law, must stop advertising TurboTax as “free”
Intuit plans appeal, slams FTC's "predetermined decision."
Hasnain says:
“In a separate case involving all 50 US states and the District of Columbia, Intuit, in May 2022, agreed to pay $141 million in restitution to nearly 4.4 million consumers who "started using TurboTax's Free Edition for tax years 2016 through 2018 and were told that they had to pay to file even though they were eligible to file for free using the IRS Free File program offered through TurboTax," New York Attorney General Letitia James' office said at the time. Under that settlement, Intuit was required to stop its "free, free, free" ad campaign.”
Posted on 2023-09-09T14:58:15+0000
Results of Major Technical Investigations for Storm-0558 Key Acquisition | MSRC Blog | Microsoft Security Response Center
Results of Major Technical Investigations for Storm-0558 Key Acquisition
Hasnain says:
Talk about finding a needle in a haystack…
“Our investigation found that a consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process (“crash dump”). The crash dumps, which redact sensitive information, should not include the signing key. In this case, a race condition allowed the key to be present in the crash dump (this issue has been corrected). The key material’s presence in the crash dump was not detected by our systems (this issue has been corrected).
We found that this crash dump, believed at the time not to contain key material, was subsequently moved from the isolated production network into our debugging environment on the internet connected corporate network. This is consistent with our standard debugging processes. Our credential scanning methods did not detect its presence (this issue has been corrected).
After April 2021, when the key was leaked to the corporate environment in the crash dump, the Storm-0558 actor was able to successfully compromise a Microsoft engineer’s corporate account. This account had access to the debugging environment containing the crash dump which incorrectly contained the key. Due to log retention policies, we don’t have logs with specific evidence of this exfiltration by this actor, but this was the most probable mechanism by which the actor acquired the key.”
Posted on 2023-09-07T06:46:31+0000
"You Betrayed Us, Azeen" Parents of Trans Youth Reeling After Speaking to an NYT Reporter — Assigned
A story on the allegations of former St. Louis gender clinic staffer Jamie Reed left parents who spoke with NYT reporter Azeen Ghorayshi crushed.
Hasnain says:
I regret that I canceled the NYT sub ages ago so I can’t cancel again.
“On August 22, the day before publication, Heidi says she began to fear the story would be just that. She’d traveled three hours to Springfield, Missouri to watch Reed testify at the Greene County Courthouse in a hearing on whether to allow Missouri’s gender-affirming care ban to come into effect.* Ghorayshi was there too, and watching Ghorayshi interacting with Reed “in the exact way she was talking to us,” Heidi began to suspect the story would be a positive portrayal of Reed, the woman she’d proved had misrepresented her daughter’s private medical history in a sworn affidavit. Angrily, she confronted Reed, identifying herself as “liver toxicity mom.” During their encounter she describes seeing Reed looking over to Ghorayshi during the encounter, seeking support.
According to Heidi, the confrontation ended with herself in tears, and Reed laughing as she walked away. “This is a positive portrayal of her,” she recalls telling Ghorayshi. “We’re out. We’re out.”
This wasn’t what Ghorayshi wanted to hear. As Heidi describes it, Ghorayshi followed her to her car, at one point standing in an open car door to prevent them from driving off, adamantly arguing for the family not to leave, not to end the conversation, and above all not to pull out of the piece. Eventually, Heidi and her husband drove away, feeling certain that they were through. But Ghorayshi called and called, and eventually they relented, allowing her to come to a hotel room they’d booked for the night. There, the three spent hours going over every paragraph, as described in detail by Ghorayshi, of what the upcoming NYT article would contain.
Heidi and her husband weren’t happy with what they heard, but now they were faced with a terrible dilemma. If they pulled out of the story there would be nothing on the record showing that Reed’s affidavit directly misrepresented a specific event.
“You’ve betrayed us, Azeen. You have completely betrayed us,” Heidi recalls telling Ghorayshi that night. Defeated, they eventually agreed that their story would remain in the piece.”
Posted on 2023-09-03T21:33:02+0000
Opinion | Where do socioeconomic classes mix? Not church, but Chili’s.
Rich and poor are more likely to mingle at Olive Garden than a library or independent business, new research shows.
Hasnain says:
“But it’s striking nonetheless that Chili’s, and not church or the local playground, is where Americans today are most likely to cross paths with someone of a different income class.
Viewed one way, this is a failure of civil society: Public institutions have been woefully unsuccessful, in some cases counterproductive, in knitting together different socioeconomic strata. Of course, the kinds of policy changes that might encourage more inter-class elbow-rubbing generally face fierce political opposition (busing, for instance, or relaxing zoning rules). Some might also compromise other valuable services public institutions provide. Having more local libraries is good for promoting access, even if closing and consolidating a few could theoretically promote more class mixing.”
Posted on 2023-09-02T17:07:41+0000
Invariants: A Better Debugger? - Marc's Blog
Like many of my blog posts, this started out as a long email to a colleague. I expanded it here because I thought folks might find it interesting.
Hasnain says:
I found this interesting and kept nodding along - not just cause I worked on something called Invariant Detector. Programs need to have a model of the world and using invariants helps me get the machines to check my work. It’s hard to imagine programming without them.
“Invariants are a powerful tool for reasoning about algorithms, data structures, and distributed systems. It's worth thinking through a set of invariants for any complex system or algorithm you design or implement. It's also worth building your implementation in such a way that even global invariants can be easily tested in a deterministic and repeatable way.”
Posted on 2023-09-02T14:10:56+0000
Measuring developer productivity? A response to McKinsey
The consulting firm came up with a methodology they claim can measure software developer productivity. But that measurement comes at a high price – and we offer a more sensible approach.
Click to view the original at newsletter.pragmaticengineer.com
Hasnain says:
“As the software engineering industry, we should collectively admit we’ve done a much worse job of measuring productivity down to the individual level, than other functions have. Take sales as an example.”
Posted on 2023-08-30T03:15:17+0000
I’m so sorry for psychology’s loss, whatever it is
The plane crashed and nobody checked the bodies
Hasnain says:
“So yes, it's a shame when we find out that esteemed members of our community might have made up data. That's bad, and they shouldn't do it. But catching the cheaters won't bring our field back to life. Only new ideas can do that. Sweet, sweet ideas, ideas that matter, ideas that you can build on, ideas that would take something with them if they disappeared. That's what I'm going to look for, and fortunately I am good at searching for sweet things and reporting back about their location, because I am not a human at all, but a bunch of bees.
(Please don't sue me.)”
Posted on 2023-08-30T03:09:52+0000
Slack's Migration to a Cellular Architecture - Slack Engineering
Summary In recent years, cellular architectures have become increasingly popular for large online services as a way to increase redundancy and limit the blast radius of site failures. In pursuit of these goals, we have migrated the most critical user-facing services at Slack from a monolithic to a c...
Hasnain says:
Good, albeit short piece. Can’t wait for others in the series.
“A naive implementation that fits these requirements would have us plumb a signal into each of our RPC clients that, when received, causes them to fail a specified percentage of traffic away from a particular AZ. This turns out to have a lot of complexity lurking within. Slack does not share a common codebase or even runtime; services in the user-facing request path are written in Hack, Go, Java, and C++. This would necessitate a separate implementation in each language. Beyond that concern, we support a number of internal service discovery interfaces including the Envoy xDS API, the Consul API, and even DNS. Notably, DNS does not offer an abstraction for something like an AZ or partial draining; clients expect to resolve a DNS address and receive a list of IPs and no more. Finally, we rely heavily on open-source systems like Vitess, for which code-level changes present an unpleasant choice between maintaining an internal fork and doing the additional work to get changes merged into upstream.”
Posted on 2023-08-29T03:55:14+0000
Generative AI and intellectual property — Benedict Evans
If you put all the world’s knowledge into an AI model and use it to make something new, who owns that and who gets paid? This is a completely new problem that we’ve been arguing about for 500 years.
Hasnain says:
Great read on AI, tech, and IP concerns.
“A few weeks ago, in an art gallery in London, I saw a Durer print that wasn’t a Durer print - it was a copy, made in around 1506 by Raimondi, a student of Raphael. Vasari tells us that Durer was furious and went to court in Venice. I treasure the idea of Venetian magistrates trying to work out how to think about this: their verdict was that Raimondi could carry on making the copies, but could no longer include Durer’s logo. That was a case about intellectual property, but the verdict is also a neat split between two ideas of authenticity. Do we care who made it, and why, or do we just want the picture? That's why some people are horrified by music generators or Midjourney, (or, 150 years ago, were horrified by cameras), and others aren't worried at all. “
Posted on 2023-08-28T01:52:55+0000
An Old Conjecture Falls, Making Spheres a Lot More Complicated | Quanta Magazine
The telescope conjecture gave mathematicians a handle on ways to map one sphere to another. Now that it has been disproved, the universe of shapes has exploded.
Hasnain says:
“There are different types of progress in math and science. One kind brings order to chaos. But another intensifies the chaos by dispelling hopeful assumptions that weren’t true. The disproof of the telescope conjecture is like that. It deepens the complexity of geometry and raises the odds that many generations of grandchildren will come and go before anyone fully understands maps between spheres.
“Every major advance in the subject seems to tell us the answer is a lot more complicated than we thought before,” Ravenel said.”
Posted on 2023-08-24T06:38:46+0000