From the article linked by Techdirt: “executives have sought to almost entirely subordinate clinical case managers’ judgment to the computer’s calculations”
Sounds like the issue is the executives. What does this have to do with “AI”? Also, the company that built this tech (naviHealth) was started in 2012. Their product existed long before large language models were created.
AI is the new crypto. If you can turn your head sideways and squint hard enough to make it seem like it might be in the same room as AI, it's going to get labeled as such
I wager that 3/4 of the products out on the market purporting to be "AI" in the style of LLMs like GPT are just what was referred to as ML a year or two prior, or even worse just a standard computer program in the style of the past 20 years
”“A little-known piece of trivia,” Altman announced. “This smell, after it rains for the first time. You know what’s that called?”
“Is this going to freak me out?” Williams said.
“Petrichor,” Altman said. “It’s my favorite smell. You only get to smell this once or twice a year, because it has to not rain for a while, and then rain. It’s the smell of summers in St. Louis.”
It's not that these aren't interesting subjects or potentially useful in adult life. They just shouldn't be the priority. Is it potentially useful in adult life to know how your car's IC engine works? Sure, but nowhere near as useful as knowing how to get a good rate on your car loan.
> The writer traveled from Vienna to Pyongyang by train, giving him 36 unsupervised hours in North Korea.
He hacked the north korea visa entry and used his entry visa in an unexpected way - arriving at a different entry point, which was technically not disallowed, but not set up to handle western travel.
The normal Beijing-Pyongyang train is set up for westerners, and the loophole has since been closed.
It’s just another example of the “participation culture” that modern parenting and social media have made commonplace. Who needs to do anything real when you can just upvote or retweet? You get the same sort of participation trophy that you’ve been taught to aim for since childhood.
This is such a bad-faith, shallow take. Ascribing the act of bringing awareness to “participation trophies” is nonsense.
I also disagree with the parent. Bringing change is almost always easiest from within. “Don’t like it? Leave.” stances aim to do more to attack the person involved than it does to take a critical look at whatever problem it is that’s being discussed.
It is not "don't like it? leave.", it is "stop working for immoral organizations". Would you consider a guard of a concentration camp ethical if they "condemned" the actions of the government but continued to support them via their work? I wouldn't.
It's a moral problem. If the organization you work for is immoral, by knowingly continuing to work for them you are materially cooperating in the evil they are doing and are morally culpable yourself. Sure, you can refuse to materially cooperate, but then they will fire you anyhow, as we see here.
What’s the opposite of “participation culture”? Not participating?
I feel like signing a letter of protest is doing something “real”. It’s communicating to leadership of the company that you have concerns about what has transpired. It’s not nothing.
Parent post is probably referring to the relatively new phenomena of issuing "participation prizes" instead of prizes for winning, this insulating the participants who "lost" from the stigma associated with being a "loser".
The peak of this behavior led to a small war between coal miners and a sheriff and a small airforce that bombed the strikers that only ended when Warren Harding threatened to send in the military.
They ultimately lost but what happened there led to the sympathetic growth of the AFL and CIO and ultimately to the New Deal and the rise of the middle class.
They say history doesn't repeat but it rhymes. I wouldn't be surprised if the next series of pitched struggles between American owners and labor result in extreme violence also, before giving way to a system that is slightly more egalitarian.
Qualifying people for highly paid info security positions is shockingly broken right now. No one who knows what they are doing cares about credentials you can get from a training program or school, but they also complain constantly about how hard it is to find and hire qualified people. The result is: there is a lot of salary out there for people who can figure out how to get it.
Developing exploits that are acknowledged by major targets--even if done freelance or as a hobby--is one of the few ways to gain lines on your resume that everyone in the security field will pay attention to.
It's the whole "you need to volunteer for a year before we'll hire you" hiring method typically seen in low paid positions in the arts, but this time for high paid infosec positions...
The art world might not be a bad comparison. In both security and art, established people with money are looking for new people who have the ability to make an impact.
But the established folks don't know in advance what exactly that will be... if they did, they'd already be paying someone to do it.
As a new person, there's no better way to demonstrate your ability to make an impact than to just do it.
I work at a company that has an infosec division and I don't know how we got so lucky with the people there. They're seriously legit low level kernel type programmers who seem to be able to reverse engineer anything given enough time and are able to seriously reason about what's going on in security. The types of people who speak at and headline at the largest security conferences, etc. Again, no idea how we got so lucky to have a great crew.
I'm not an infosec person myself. But my experience is that upwards of 80% of the ones I interact with who aren't like the people I mentioned above are just hangers on because they like the group or being associated with "infosec" because it sounds cool or something. Maybe it's because you don't need to be an engineer to regurgitate OWASP vulnerabilities and tell people to use password managers, but perhaps that's enough to, after you look around the room of infosec people, feel like you're an "infosec person." To be clear, that stuff is important, but not anywhere close to sufficient. So a lot of applications for our roles come from these people, who just sit on twitter all day and retweet the Taylor Swift security person, but they're totally not technical and have done nothing of note other than write compliance plans.
My hypothesis is that it's all this noise that makes hiring good infosec people difficult. If I'm hiring a kernel programmer or SRE I seem to get much more signal in my applications, but hire someone for security or infosec and there's too much noise from people like above.
Information security is just a super wide field. To pick a couple famous examples: what Google Project Zero does, and what the "Swift on Security" person does, have almost nothing to do with each other.
They both matter, though. Basic blocking and tackling at the IT level is important, especially to large old institutions. Apple is obviously an apex technology company, but they're also a 45 year old public corporation... I'm not surprised they've got some vulnerabilities lurking in their subdomains.
Patrolling DNS and 3rd party corporate applications is not usually what people think is sexy security work, though. Problems avoided are harder to sell than problems discovered or bad guys defeated.
Oh totally, as I mentioned above I am not an infosec person and I hope I didn't imply otherwise (I did mention this specifically above). The above is just my impression from the outside but as someone who talks to and works with a lot of security/RE/infosec people.
That was just a really snarky way of saying that RE people and people who pay attention to OWASP are not comparables. Sorry, I should have just been direct about it.
It is impossible to quantify what is a good use of their time without knowing them. Also not everyone does things in the pursuit of money. I sell eggs and could easily ask 5$ a dozen with the demand I have. Instead I only ask 4$ and have lots of clients I only charge 2$ and some I just give eggs to when I have extra. These are people with no money or means. I don’t expect to ever get anything from these people but every once in a while ‘oh my car breaks down and guess who has the knowledge or tool I need the guy I have been giving eggs’. I know the world will eat you up and take all you have but I personally “invest” my time and effort into a few of the things I enjoy even if the reward is low. These researchers now have an excellent start to a resume which is always a good thing.
Well after covid started and the stores ran out of a lot of food I decided to get some chickens again. I have had a maximum of 6 in the past but decided to increase the flock since 6 birds is pretty much the same effort as 30 birds. I now have 33 in total and at this point in their life get one egg a day. They average something like 300+ eggs a year. I have sold enough to buy an automatic egg washer and now mainly worry about selling enough to cover feed costs. I do it because chickens are very therapeutic and I find them relaxing to be around. I have young kids so they are also learning the value of food and can eat all the eggs they want. So I wouldn’t really call it much of a business it is more of a hobby that I reap little reward other then my eggs and to help out a few others near me. I think if I ramped up to a few hundred birds I could make a bit of money but at the small size it keeps me from getting overwhelmed with too much work and I can just share my harvest with those around me. I have learned that making money is nice but I also get a great deal reward from helping others in need.
Bug bounties are not generally considered a good source of income. It's a way to hone your skills, gain experience, develop a bit of industry cachet and get paid a little in the process.
For one they did not only get the money but also the exposure that comes with anything Apple. A lot of people will probably want to hire these researchers.
* Line management: are you willing to be the man and promulgate the party line? You can be mostly apolitical in this role.
* Middle management: are you willing to be the pawn of a specific member or two of senior management and do their bidding (which probably isn’t fully aligned with the party line)?
* Senior management: do you know how to intelligently break the rules in order to stand out from the crowd of middle managers? This could be by developing a broad following within the lower levels of the company through self-promotion, through cultivating specific relationships with the CEO and/or board, or by (in rare cases) delivering on highly visible and truly remarkable results for the company.
> or by (in rare cases) delivering on highly visible and truly remarkable results for the company.
One example I know from the 80's: you're a director of a factory in some South-American country that produces something. It's making a loss of a few million dollars per year, and everyone at the parent company for which this factory is simply a small business unit thinks it will amount to nothing.
In two years, you've turned the situation around and are profitable with 1 million dollars per year.
The company promotes you to your next role and your successor shows how difficult your challenge was, as it's losing a few million dollars per year again.
The trick in this case: be competent, and become friends with the local South-American director, as upon arrival you realize that the company you're running is actually owned 50% by the company you work for. The other 50% is owned by some South-American company and the whole reason it loses money is because they cannot connect with the South-American director.
True story, can't disclose sources, but anyone who has seen the 80's might know similar stories.
Amazing book. Truly astounding sequence of events.
Greatest irony of all, they named their firm "Long-term Capital Management", while taking hugely leveraged short-term positions ($1 trillion dollars worth of derivatives backed by about $100 billion or so assets) that were beyond the understanding of anyone else. Didn't last 4 years before they blew. They did show 40% annual returns when they started and I guess that's what kept them going without much regulation. But man, did they crash hard. Investors who were returned their money after a year or 2, and those who were turned down from even investing must have thanked their Gods for saving them from absolute destruction.
There is another book by Michael Lewis (who also wrote "The Big Short") called "The Liar's Poker", where he talks about his time at Salomon Brothers and how they collapsed in a very similar fashion. Highly levered derivatives with a magic formula that has worked well (so far..). It's fascinating how they were allowed to do what they did. Open gambling with client's money, and no repercussions on loosing it all. "Blowing up a customer" was apparently common and chalked up to a rookie's mistake. "Baptism by fire". How did the rookies even get access to millions of dollars of money to bet on crazy derivatives!!
I feel that every time a major upset in the financial markets lands on us, it is because some group of really talented people managed to convince everyone that they discovered something that no one else has and have "cracked the market" by showing consistently high returns for a period of time, and gain access to huge pools of capital. Only, after a few years the market turns around, showing a side of things that they did not take into account and the whole thing goes belly up, market crashes, loads of people loose money, mostly its everyone else but that group (leverage, borrowing, access to someone else's capital etc).
And because everyone who was supposed to keep them in check did not do it because despite it being their job not to, they did take them for their word, they try to cover it all up by paying the very people who caused all the trouble and who were supposed to watch out for all this.
Banking world seems to have a lot of conflict of interest all around. It is much better now, with lots more rules and regulations, but it is still there.
With respect to point #2, the real reason why revamping any regulatory regime "top to bottom" is difficult is because so much organizational, legislative, and administrative cruft has built up over the years in the federal government that means no one individual has the authority to drive reform. See FDA's discussion paper from Jan 2017 on revamping the LDT regulatory regime (https://www.fda.gov/media/102367/download) for more on the inane complexity created by the federal bureaucracy: "For example, a test made by a conventional IVD manufacturer would be regulated by FDA initially. If a laboratory made a significant modification to that test, it would then be regulated by CMS. If the original manufacturer then made another significant modification, the modification would be regulated by FDA."
Also: "In 2015, FDA established an Interagency Task Force on LDT Quality Requirements with CMS, the Center for Disease Control and Prevention, and the National Institutes of Health"
Any manager worth his/her salt can tell you that a task force involving four different agencies is unlikely to ever result in any meaningful change. A cornerstone of effective management is to designate one person who is responsible for execution and hold them accountable. This is exactly how the executive branch, from the president on down, is supposed to function (with oversight from the judicial and legislative branches, of course), but few parts of it are like that after centuries of bolting on overlapping agencies and departments.
Sounds like the issue is the executives. What does this have to do with “AI”? Also, the company that built this tech (naviHealth) was started in 2012. Their product existed long before large language models were created.