They also reset all passwords of all Mixpanel employees; that surely sounds like either Mixpanel staff accounts were compromised, or the breach was conducted via a staff account.
I really don't understand the point in downplaying this shitshow.
Companies use sub-processors all the time, OpenAI is no different. Unless you want to have everybody get a major case of NIH tomorrow (I wouldn't mind, then we can get rid of third party cookies and all advertising as well while we're at it).
Every time a google tag is included on a page a ton of sensitive data gets sent to another party than the one whose website you are visiting.
Whether it was wise or not for OpenAI to share this information with Mixpanel is another thing, personally I think they should not have but OpenAI in turn is also used by lots of companies and given their private data and so on.
This layercake of trust only needs on party to mess up for a breach to become reality. What I'm interested in is whether or not it was just OpenAI's data that was lifted or also other Mixpanel customers.
I agree. On all the implementations of Mixpanel that I've been involved in, I've made it a point to not send any PII to Mixpanel. It's not needed for Mixpanel analytics to work, Mixpanel is not a CRM, it does not need customer email and other details.
Also probably people on the product marketing team want to have identifying info in their dashboards of top users and churn risks and whatever, and someone has to be the one to tell them no.
True, but we don't know if oai emailed their customers to tell them as soon as mixpannel told them. The regulation says they only have to notify affected parties.
Typically: yes. The clock starts ticking the moment you or anybody within your organization becomes aware of the breach. Three days is plenty. It even gives you time to consult your lawyers if you are not sure if a breach is reportable or not, but you could always do a provisional which gives you a way to back out later.
Google converted my mum's Gmail account to a workspace account automatically. Now she can't use her bedroom alarm clock because it's connected to my dad's Gmail account and you can't share access to workspace accounts. It's stupidly maddening.
And yes I realise that an IoT alarm clock is ridiculous, but that's not the point.
It was a proper Gmail account? Or was it an email@domain account that maybe was using her work email address?
I’m asking because I used to work adjacent to this area, and I know of only a few scenarios where an account becomes a workspace account after being a consumer account.
Off topic a bit: Facebook just converted my personal account to a professional account. I have no idea why. Although as I think about it for a moment, it might be related to the fact that I visit/use Facebook less than once a year....
> This is pulling the content of the RSS feeds of several news sites into the context window of an LLM and then asking it to summarize news items into articles and fill in the blanks?
This is awful. It's cutting out any money going to the news agencies that go out there and write news. If they didn't exist, Kagi wouldn't work.
This is true in a big picture sense but that's not the concern of someone who's making a tool meant to be useful to users. The consequences of this existing will be what they will be.
> This is awful. It's cutting out any money going to the news agencies that go out there and write news. If they didn't exist, Kagi wouldn't work.
Why would Kagi stop working if news didn't exist? Kagi is a search engine first and foremost, Kagi News is not a money making product of theirs. Kagi would still be making money with their search engine.
Also, this should entice news writers to write better news. The main reason people use products such as this is that they are sick and tired of going to news sites only to have to power through filler material to get the 10% that actually matters...
> Can someone explain to me why the Department of Defense provided $9,147,532.00 to Reuters for "ACTIVE SOCIAL ENGINEERING DEFENSE (ASED) LARGE SCALE SOCIAL DECEPTION (LSD)"
That sounds quaint. Why was it awarded to Reuters, a British/foreign news organization that supposedly hires journalists to report unbiased information? What expertise would they have in preventing social engineering attacks?
How's that working so far? Millions of illegal immigration, emptying of foreign prisons into America, development of apps to help navigate illegals into their US destinations, pacifying social media of the abovea?
Thomas Reuters apparently is helping against America ... so far.
Pardon? This is about how Thomson Reuters was funded by DARPA to do a study on defending against social media attacks at scale. It has nothing to do with any of the points you brought up, and I fail to see the connection.
Turn off Fox News dude - you're severely lacking perspective of your own country. Everyone outside of the US media sphere(or rather spheres - there's two) laughs at your news media and how entrenched misinformation has become.
You've made a diagram showing statistics of immigration encounters, and from that you deduced that prisons are being emptied into the US? Bit of a stretch. The diagram is nice, but you're missing the point: the picture being painted for you that you're trying to prop up is false.
Title 42 was the main culprit of the border encounter explosion, it was used as a temporary solution to the 'asylum seeker' problem. It turned into catch and release, even the CBP agreed this was an issue because the recidivism rate was so high. That ended in May of 23' and now the only problem is working through asylum claims. Idk why everyone misunderstands the problem at the border so much.
As well as most of the people crying about this problem are unaware that Trump shot down the border bill which would have enabled officers to close up cases much quicker than judges. So do you even have a point here?
Reuters builds software for a variety of fields and maintains datasets that would be useful in identifying if, say, an email with an invoice purporting to be from a specific company aligns with the invoicing practices of that company.
It would be more accurate to compare that side of Reuters to LexisNexus, Wolters Kluwer, or perhaps Bloomberg.
Thomson Reuters is an American-Canadian company. Thompson was founded in Toronto and bought Reuters in 2008. Most of it's leadership is Canadian, and to some degree American or British.
This isn't "foreign", and it has a large presence in the US
They also have a long, long history of providing services to the USG, including a lot of efforts in busting illegal immigration via shared media databases.
I'm annoyed that I have to assert this, but I wasn't even aware of Elon Musk's tweet when I posted this. I found the entire site fascinating for entirely non-political reasons. I didn't know this information was publicly available.
Probably, when a certain non supported narrative takes hold, Reuters is tasked with combating it with counter intel to change public narrative. This has been happening since Rome and before. Nothing new here.
when foreign governments and hostile intelligence groups make concerted and aggressive efforts to subvert the US population then, yes, it is appropriate for the USG to make efforts to counter subversion efforts
Personally, I think that if your adversaries are doing just that, a grant with a title related to that makes sense, both to understand the problem domain and to defend against it. Yes, I would want the department of defense to be funding research in this area.
Maybe more importantly, I would not expect anyone to glean anything useful about said research from a title entry in a grants database, or maybe from anything in the grant description. I especially think it's absurd to expect an individual coming from outside government, who is unfamiliar with the details of what is going on at DARPA to pull up the title of such projects and immediately have any idea what the hell is happening. I know this from a bit of personal experience with DARPA projects.
There's a part of me that finds Musk's behavior in all of this to be a massive security breach. You can put aside any of the questions about the constitutionality of funding, this is an absurd breach of national security, both in terms of the INFSEC/IT aspect but also in terms of him casually shining spotlights on projects he knows nothing about and knows nothing of the consequences of disclosure.
It's ridiculous how much attention and handwringing there was about Wikileaks and Snowden, and yet we just let a random ignorant (in the sense of having no idea what's going on in the government — otherwise his exercise would have been unnecessary) billionaire with ties to white supremacist groups tap into the federal government and start blasting it on his personal social media platform. If this was anyone else doing these exact same actions during a different administration, they would be arrested and charged with espionage and treason immediately.
To me it's performative empty arrogance with real security consequences, both for the people whose personal information was accessed but also for national intelligence and military strategies and methods.
The government works for the people. In a republic, we have a right to know how our money is being spent.
Calling attention to how the government is spending our national treasury, is a service, not a national security threat. I don't need to know the positions of the Navy Seal teams before they hit a target. I do need to know if DARPA or USAID or the CIA or the FBI is spending money and human resources in a wasteful or corrupt fashion. I do need to know if they are violating the constitution and censoring speech with OUR money. I do expect people who violate American rights to be fired at a minimum and barred from public service. We cannot be free if we cannot hold our government accountable.
Assange and Snowden should be pardoned. However, the President of the United States has unlimited authority to declassify information on whatever terms they wish.
You already had the right to know how the money is spent, you just never bothered to dig through any of the available public databases to look. That stuff has all been online for years. You are also confusing Reuters, the news organization, with Thomson Reuters, its parent company and a major vendor of information technology services.
Consider doing some more information gathering and analysis before letting your feels post.
<< It's ridiculous how much attention and handwringing there was about Wikileaks and Snowden
The two situations are very, very different for reasons that should be relatively obvious. Musk ( via Trump ) has actual mandate to do that.
<< You can put aside any of the questions about the constitutionality of funding, this is an absurd breach of national security, both in terms of the INFSEC/IT aspect but also in terms of him casually shining spotlights on projects he knows nothing about and knows nothing of the consequences of disclosure.
This may be one point I am kinda agreeing with you on.
<< To me it's performative empty arrogance with real security consequences, both for the people whose personal information was accessed but also for national intelligence and military strategies and methods.
Maybe.. just maybe.. some of those methods should be revised in light of day.
<< Yes, I would want the department of defense to be funding research in this area.
I am genuinely of two minds about it so the question is why you think it is a good idea especially given that you also stated the following:
<< I would not expect anyone to glean anything useful about said research from a title entry in a grants database, or maybe from anything in the grant description.
Either it is ok to fund it, because you think it is a good idea or you don't know what it is and still think it is a good idea. I can accept one of those propositions.
Friend, I accept that there is a level of snark, when it comes to this stuff, but even rudimentary check of the website in question[1] will tell you that there are two pieces to this program:
- ACTIVE SOCIAL ENGINEERING DEFENSE (ASED)
- LARGE SCALE SOCIAL DECEPTION (LSD)
I presume you are being snarky about ASED. I was thinking about the other one.
Where are you seeing that there’s two pieces? I’m only seeing it referred to as one program there. I’m not a govt contracts expert so by all means let me know what I’m missing.
IMC is a known Russian agent, a Malaysian national who openly writes for Putin propaganda outlet RT. Of course he wants to defund American information security.
You can do worse than RT if you watch it knowing you're seeing a curated narrative (which is no different from any paper, really, ours just happen to shill for our own state department). RT is a really good source for eg central asian news, most of which never even gets a mention in western papers.
People really need to stop throwing around "russian agent" if they want the phrase to stay scary. IMC does not need to be tied to Putin to criticize him; he's a moron who's weirdly obsessed with american conservative ragebaiting despite not having anything to do with this country. Like I can't emphasize enough how clearly stupid the man is. (Though it is also very unsurprising that he allegedly supports Putin.)
Other examples: Financial Times is a Japanese paper, so it's not the most reliable at eg reporting on China and Korea. They have surprisingly quality coverage outside of east asia, though, and from my eye they have a lot more matter-of-fact tone to american political coverage than most american papers do. Al Jazeera is not reliable for reporting on Qatar, but they're indispensable for a lot of reporting the west will refuse to engage in around the MENA world (and to a very limited extent, subsaharan africa). Etc etc.
RT has its place; it's no Epoch Times. They have some mildly interesting americans working for them who seem very willing to openly criticize Putin. The russian language version is much more blatantly propaganda.
Edit: well it seems that RT also spreads qanon stuff; I emphatically don't endorse that kind of content, nor did I realize it was there. I stand by the fact that it's a useful tool.
There's no suggestion that China gets any first say on 0-days. The law in question re reporting is at http://www.gov.cn/gongbao/content/2021/content_5641351.htm and states that you must immediately notify vendors of security flaws, and then the MIIT within 2 days.
and it's fitting that Mdm. Perlroth is the one to provide that "punchier title".
She's _the_ definition of an unhinged talking head of infosec. Her book on 0days ("this is how they tell me the world ends") is full of logical fallacies, jumping to conclusions, lacks technical understanding, etc., yet somehow she manages to now speak about cyber on behalf of all of us and everyone is applauding her shit takes whenever some news drop. There are plenty of capable women in cyber who we could amplify. But no! We have to give a podium to this carrion.
"If their degree cost them $60,000 to obtain, it would take them four years to recoup their education costs ($60,000 net cost / $15,000 earnings premium)."
They completely omit the time spent getting the degree and associated loss of earning during that period
