Very generous of you to blame the screw up of one of the largest companies in the world on a jr engineer.
I’ve been a jr engineer at a large company. I had the power to implement absolutely jack shit on my own. I deeply doubt the security flow for account recovery in meta ai account security was a single jr engineer.
What i think is actually going on is basically a soft form of ai psychosis. Senior engineer gets ai to code ai account recovery feature, that same or a different engineer asks ai to review the feature, and then it gets pushed to prod. Move fast, break things. The ai coded it, the ai reviewed it - the people trusted the ai because it sounds confidently right.
Just like how the ai doesn’t know if you should walk or drive to the car wash, the ai doesn’t understand exploits like this one.
Timing. The core 2 generation was right before we hit a plateau in processors. An i5/i7 macbook from 2014-2015 felt pretty good for 5-6 years, until the m1 came out, and you can coast for another 2-4 years being annoyed some people have a faster machine before they start baking features into the OS that make your machine feel even slower. That’s 7-9 years of use depending on your tolerance for being behind the curve. Mine’s high, so I got 10 years out of it.
Conversely if you bought an i7 macbook in 2019 it would have felt out of date in just 2-4 years, when everyone has an m1 or better and things are starting to slow down from OS changes that expect apple silicon.
If you bought an m1 just a year later in 2020, i’d guess you’re feeling fine 6 years on.
The stated reasoning by Osama bin Laden in a letter published in 2002 [1] was primarily a response to grievances over the US support of Israel's occupation of Palestine, as well as a number of unrelated grievances mostly due to the choices of the various monarchies in the Gulf Arab states. For example, retaining a presence of U.S. troops in Saudi Arabia at the request of King Abdullah.
It may be satisfying to affirm a world view in either direction in the topic, but an understanding of 20th century history suggests that Al Qaeda noted some legitimate grievances while others were not factual or misrepresented. For example, the United States did not support Russia's campaign in Chechnya. Additionally, American military campaigns in Afghanistan were in direct response to Al Qaeda's mass killings of noncombatants and Taliban refusal to stop Al Qaeda military activity based in Afghanistan.
> As if seeking out the best of the best to collaborate with, independent of their checkboxes, was somehow undesirable
The best of the best involves people from underrepresented groups. These policies exist to counteract the cronyism and “doesn’t look like me”-ism inherent to the way people make choices. We know people don’t hire and collaborate with the best of the best, because when looking for the best they see it easiest in people with similar backgrounds and perspectives as themselves.
It’s a shame the culture war cooked your brain on this one.
Sounds like your brain was cooked by sound bites over reason and statistics! Culture war indeed!
In fact, we see this now in Silicon Valley where 80% of workers are foreign born. Not a representative group of Americans by any stretch, and we see a lot of negativity towards folks Silicon Valley will never interact with as a result. And who are the wealthy bigots? Not the richest people in the history of the world. No, those other bad folks in the poor states who deserve it. They aren't under-represented.
I’m afraid I can’t parse much of what you’re trying to convey. I can say that we’re talking about science granting right now, not silicon valley jobs. Nobody was talking about wealthy bigots, that’s all you.
You’re straw-manning your own misconception of the reason for inclusivity, not the reason I gave.
Inspiring specific groups to follow a career path by showing them people on that path is “representation” not inclusivity. Representation matters because it’s easier (not impossible, as you suggest the argument is) to see yourself e.g. as a nurse or a teacher if you have seen male nurses or teachers succeeding.
Representation matters, but not nearly as much as the opposite side of things - who gets opportunities. Which is what I was talking about.
Btw one of the major groups that have benefitted from the dreaded “DEI” in universities has been white men. They are an under-represented group in many post-secondary settings.
> Representation matters, but not nearly as much as the opposite side of things - who gets opportunities.
You're acting like these things aren't intertwined.
You can't adjust the lever of representation without affecting who gets opportunities.
You can believe what you want about the merits of adjusting those levers but to pretend like you can limit your pool of people to a smaller group of people and not affect the apex of the talent pool is disengenous. Be honest and say you think it's worth it.
> You can't adjust the lever of representation without affecting who gets opportunities.
For sure they are intertwined. More inclusion = more representation, and vice versa. But you’re saying representation is pointless because people can enter fields they don’t see themselves represented in and I am saying i think representation is a (positive) side effect not the goal. You can argue that it’s pointless all you want but idgaf because to me it’s a side effect.
> limit your pool of people to a smaller group of people and not affect the apex of the talent pool is disengenous
I agree. Limiting your pool is a bad idea. That’s literally why inclusivity is a good thing. Because people self-limit the pool to people who look like them, and because other societal barriers limit the pool by excluding people. Actively acting to include people broadens the pool, it doesn’t limit it.
If you think on the scale of an individual hire or grant, i guess i can see how it would seem like limiting the pool - but zoom out like two steps and you’d see that’s not true.
> But you’re saying representation is pointless because people can enter fields they don’t see themselves represented in and I am saying i think representation is a (positive) side effect not the goal.
What I actually think that I haven't said is that "representation" is a self defeating idea that encourages people to view themselves as different.
> I agree. Limiting your pool is a bad idea. That’s literally why inclusivity is a good thing. Because people self-limit the pool to people who look like them, and because other societal barriers limit the pool by excluding people. Actively acting to include people broadens the pool, it doesn’t limit it.
That's true, however, when the high end of the pool all looks a certain way because of systemic issues then the team built will tend to look that way and not be inclusive.
Thise creating the team could have the best of intentions the outcome could very likely be the same as if they were discriminatory.
People feel social and sometimes legal pressure to make sure it looks like they aren't discriminatory so, when they are choosing that last (few) member, they'll limit the pool of possibilities.
The other half of what you said is logical though, that inclusion probably leads to a more diverse future but at the cost of the present. The cost of the present is the part you're pretending doesn't exist.
> If you think on the scale of an individual hire or grant, i guess i can see how it would seem like limiting the pool - but zoom out like two steps and you’d see that’s not true.
> The other half of what you said is logical though, that inclusion probably leads to a more diverse future but at the cost of the present.
I didn’t say that. Idk what comment you read that said that, but it wasn’t mine.
> The cost of the present is the part you're pretending doesn't exist.
Even if there was a cost to the productivity of the present - a better present isn’t one where we’re the most “productive” or efficient - it’s one where the most people are able to grasp a good and fair life.
The point is that each hire is an individual decision.
If I were painting a picture I might use a lot of different colors but if you ask me to pick my favorite color 5000 times, I'll say the same color 5000 times.
exactly - if you loose sight of the big picture and only see the individual events, it’s easy to turn a personal bias into a systemic bias. The screen is a wash of blue, and the image is lost.
The paradox clears itself up if you look at what tolerance actually is. It's simply not interfering with people's agency over themselves. Given that your right to self-agency doesn't entitle you to restrict others' self-agency, behavior that does try restricting others' agency is automatically not included in "tolerance."
The BSD license is why we have Valkey and not a purely closed-source Redis. It would have been much easier to perform the rugpull if Redis had initially been GPLed.
And how exactly did the BSD license make creating Valkey easier? GPL and BSD licenses both have the source in the open. Anyone creating a fork, can easily do so for either BSD or GPL licensed projects. Since Redis is a database, which the user won't be using a binary of, even using a fork of a supposedly GPL-licensed Redis would not require you to share your modifications with your user, same as BSD.
The BSD license made forking Valkey easier because it ensures that everyone has equal footing. The GPL, especially with contributor license agreements and the like, makes it much more easy for a single party to control the direction of the product. For another example of this happening, look at MongoDB. It started out under the AGPL, but was rugpulled to a non-free license.
Mongo was already a centralized project. Technically open source agpl but I don’t remember it having a large developer community or really many contributions from outside mongo. When the rug pull happened I think simply most people didn’t care or moved on to equal (or better) alternatives. It’s not beloved software like Redis is.
On top of badreligion42’s point, that both licenses allow forking just as easily - don’t you have the rugpull part backwards?
Afaik BSD licensed stuff can be re-licensed under any more closed licenses at any time, where as to re-license GPL, you need consent from every single contributor.
But i’m not familiar with the redis-valkey story so, maybe there is some nuance i am missing?
Redis started off as Free Software, but was switched to a source available license in version 7.4. The community promptly forked to Valkey, which is still under the BSD license. Since then, Redis shifted to AGPL 3, with contributor agreements, to try to ensure that they're the only ones who can attempt to commercialize Redis.
AGPL makes commercializing harder only for people who fear the AGPL because they want to keep stuff for themselves. there is no problem commercializing it if you don't mind sharing all your connected code. the only benefit redis has is that they can integrate non-free code in their hosting service, while the rest of us could not. since it is their work, i think it is reasonable that they have an advantage. it does not reduce my freedom as a user. it only hinders AWS and other big players from crushing redis.
> BSD license is unrestricted, it tolerates taking open source and closing it, thus always being at risk of things closing down.
There is no such risk. If someone wishes to make a closed source derivative of the BSD-licensed original, it does not deprive anyone of the original. That remains there, just as open as before.
lol, i think the LLM shows more wisdom here than the average person. Functionally, being 50m away from the car wash is at the car wash if you have a dirty car in your possession that needs cleaning. Realistically, the only reason you express the need to go to the carwash if you are in a 50m proximity with your car you intend to clean at the carwash is if you need to walk in and talk to someone.
I’ve been a jr engineer at a large company. I had the power to implement absolutely jack shit on my own. I deeply doubt the security flow for account recovery in meta ai account security was a single jr engineer.
What i think is actually going on is basically a soft form of ai psychosis. Senior engineer gets ai to code ai account recovery feature, that same or a different engineer asks ai to review the feature, and then it gets pushed to prod. Move fast, break things. The ai coded it, the ai reviewed it - the people trusted the ai because it sounds confidently right.
Just like how the ai doesn’t know if you should walk or drive to the car wash, the ai doesn’t understand exploits like this one.
reply