I think that the person misused Google internal information and deserves termination or other discipline, but I’m struggling to otherwise see the harm in what they did. Is insider trading a crime on prediction markets? Doesn’t it contribute to the accuracy of the pricing of prediction contracts, and therefore is good for the prediction market?
But also I don't think the T&C's came into play here. This is strictly his employer (Google) told him to keep this information confidential and he didn't and instead profited from it.
I’m completely failing to get outraged here.
I think that the person that a/b/c deserves prison or other discipline, but I’m struggling to otherwise see the harm in what they did. Is insider trading a crime on prediction markets? Doesn’t it contribute to the accuracy of the pricing of prediction contracts, and therefore is good for the prediction market?
a. started fires in California
b. lobbied the president to attack Iran
c. neglected critical aid spreading Ebola
By the way there are reasons why we ban sport people from betting or insiders to disclose their (and relatives) trades to the sec: incentives.
It seems like the prediction market crowd cannot understand the economics of incentives and their harmful consequences.
Even though we already see the harm in the real world with journalists receiving death threats for reporting news or randoms tampering with meteorological equipment to win bets.
If you only have one AI window open, you’re doing it wrong. You task swap to another window/agent, get it working on something, rinse and repeat. I can keep 4 busy most of the time. When I task swap I also check in on what the other agents are doing to make sure they’re on track, not blocked and not struggling.
I don't think that analogy holds. Within Civ, you are in one game. Playing 4 instances of Civ, or better: 4 instances of 4 different games is more likely the comparison.
If you have ever TL'd a team, it doesn't sound too crazy. I have 8 folks I generally talk to very consistently throughout the day. If I'm not in 1:1s with them I'm usually reviewing their changes or chatting with them over chat. I don't think I can do all of that and work with a bunch of AI windows, but I do think they could likely do something similar to me with several agents running in parallel.
I suppose it depends how hands-off the tasks are - I max out at 2 parallel sessions working on different parts and it's fairly exhausting once done. I can see the number of parallel work increasing if there's a good dev/test loop. But at $WORK, that's not usually an option.
So, hands-off meaning "just let the AI cook and don't check it"?
Either you follow everything it does, revise the plans, do the code review, manual adjustments, etc, or you run sessions in parallel, not being that attentive and constantly context-switch (also resulting in less attention I guess).
> congratulations on your soon to be coming burnout.
Multitasking does not mean burnout. It just means you are not wasting time while idling. Multitasking was not invented for AI coding assistants. What do you think feature branches are used for?
The constant context changes, mental overload, inability to focus on one thing and do it well is exactly what every software developer has been fighting against for the past thirty years because it leads to shit quality and burns you out. You're automating the burnout. Idling is a necessity, not an illness.
Your feature branch is to put things aside and send them to CI, or wait and think on them. Not to have four of them running in parallel in your head frying you.
After you put together a plan, today's models can take well over a minute to execute it. Also, your work shifts to code review and executing acceptance tests, followed by either tweaking your current change or moving on to the next change.
This is really not about context changes. This is about not having to switch contexts because your focus stays on architecture+review instead of having to do deep dives to type code around.
> Your feature branch is to put things aside and send them to CI, or wait and think on them.
No, not really. Feature branches, as well as most types of branches, is to set aside work fronts that are in progress and run in parallel.
>today's models can take well over a minute to execute it.
A full, whole, entire _minute_ ?! Sixty seconds ! Oh no, they must be optimized away, we do not deserve our free time like so, we should toil until we fall over because... Growth?
It's still context switching. Either what you're doing is surface enough that you don't give a shit, it doesn't matter and you don't review it anyways (so the only context is basically the prompt you wrote or the nth SELECT * FROM table CRUD piece of crap), or you're context switching and it's fucking you over. The context isn't about remembering how you write if err != nil, it's the expected behaviour of what you're working on.
You're not getting a promotion from doing this, you're getting burnout.
> Feature branches, as well as most types of branches, is to set aside work fronts that are in progress and run in parallel
They're not running in parallel, unless you use work trees. They were put to the side, because you can't continue or finish the work they're about. Even just three branches in parallel in a modestly active repo that happen to be long lived drift enough that just keeping them up to date with develop makes it a waste of time.
The scientific study of multitasking over the past few decades has revealed important principles about the operations, and processing limitations, of our minds and brains. One critical finding to emerge is that we inflate our perceived ability to multitask: there is little correlation with our actual ability. In fact, multitasking is almost always a misnomer, as the human mind and brain lack the architecture to perform two or more tasks simultaneously. By architecture, we mean the cognitive and neural building blocks and systems that give rise to mental functioning. We have a hard time multitasking because of the ways that our building blocks of attention and executive control inherently work. To this end, when we attempt to multitask, we are usually switching between one task and another. The human brain has evolved to single task.
Fair enough, so it's a misnomer. Let's call it task switching then, since we don't actually do tasks at the same time, but switch from one to the other. A Claude Code session helpfully prints a small tldr summary of the ongoing session, so that one can quickly onboard again to the task at hand. I do not find that draining, personally.
If you honestly had any concern about loosing focus and being forced to context switch, a 1 minute pause idling while waiting for something to happen would represent the root cause of your context switch problems.
Nap while you can. The baseline is slowly raising; AI fed with organization context will hunt you down and lay you off, as it has done at multiple companies this spring already.
For the record I took it 100% seriously, having been wfh since covid I’ve taken more than one nap during ‘work hours’ myself… I’m saying ‘spin up an agent and go for a long walk’ being ok is close to over and it’s over in some companies already - and it isn’t because they’re monitoring what you’re doing, it’s that they know what is possible from those few folks who don’t go for walks and spin up more agents instead.
I’ve been on the defender side of security my whole career.
I know in some markets crime pays more than legitimate work, but it never ceases to amaze me how much thought, effort, planning, and engineering goes into providing infrastructure IT services for cybercriminals. The people involved definitely have the skills to be profitable at legitimate work; it just puzzles me that they choose to support criminals.
I watched the downfall and eventual jailing of someone who had a great job, career, and family after he started getting involved in cybercrime.
As far as I can make sense of it, he enjoyed the thrill of feeling superior to others: Evading the law, exploiting people who viewed as stupid, and enriching himself in the process.
He got caught through a mistake that was really dumb in retrospect. I think he believed his intellectual superiority combined with the stupidity of others so much that eventually he couldn’t imagine anyone catching him.
>As far as I can make sense of it, he enjoyed the thrill of feeling superior to others: Evading the law, exploiting people who viewed as stupid, and enriching himself in the process.
I sadly see this pattern of thinking far more often than I want to in my fellow eastern Europeans.
Let's not generalize, even if you feel like you can say that because you're a member of a group you're generalizing. It's unfair to most of the people in any group being generalized.
Now I'm confused whether my observing patterns of behaviour and recurring beliefs clustered among people from my own part of the world are in fact racism or bigotry. Am I being indecent? Am I self-hating? Are others tolerhating? I only wish some white night would unambiguously tut-tut me or else give me a pass.
Your comment assumes, a priori, that the stereotypes are in fact "unfair". I don't know enough about cybercrime rates per capita amongst Eastern Europeans vs. other populations to be able to say if it is actually an unfair stereotype, but it is an indisputable fact (supported by virtually every jurisdiction that tracks crime rates by things like national origin, ethnicity, etc.) that there are population level differences in crime rates.
I don't think a person saying Eastern European are observed doing something more than expected is inherently racist. It is a claim he either does or doesn't have evidence for.
If he made the claim with insufficient evidence or made the claim in contradiction of the evidence, then it becomes racist, but I don't think making the observation and doing the calculation is the racist part. It is a simple chi-squared goodness-of-fit test.
I’m eastern-ish european, is it even racist to say that tech talent in the region is through the roof but for various accidents of history, the best opportunities available to talented people are in cybercrime (both sides)?
Not everyone has a hundred tech unicorns in their back yard. I think my country (Slovenia) produced one in its entire history so far and even that was mostly in the US
It's racism when it's (a) racially motivated, (b) not a correct fact.
In this case the person is itself a member of the group, and the statement they made isn't even a generalization to the group at large - just an observation about certain common tendencies seen in it.
"observation about certain common tendencies" is literally what generalization is.
Racist remarks against your own people is worse, because not only does it perpetuate discrimination against a group by advancing a narrative about the group ("should we hire from this subgroup prone to x?"), it gives the bigots yet another vector ("even they themselves say it about their subgroup, so it must be true!")
We're on an international forum. Making "observations" like what the original commenter did can only decrease employment opportunities for an already geographically disadvantaged talent. Why do that?
There can be other valid perspectives than your own. Not everyone is going to agree with your specific definition of what's racism or bigotry or whatever, and not only is that OK, but it's expected, and we shouldn't try to change other people's minds unless they asked for our opinion. There was especially no need to inject this discussion into the middle of an unrelated thread.
Trying to tell people their way of thinking is incorrect just because they disagree with you, is not only childish, but such dogmatic thinking is going to alienate you from a large part of society if you cannot learn to get along with people without constantly trying to correct everyone who you think is "wrong."
>"observation about certain common tendencies" is literally what generalization is
I know. Are you maybe confused? I qualified it that it's not generalization "to the group at large". Not that it's not any kind of generalization at all.
>Racist remarks against your own people is worse, because not only does it perpetuate discrimination against a group by advancing a narrative about the group ("should we hire from this subgroup prone to x?"), it gives the bigots yet another vector ("even they themselves say it about their subgroup, so it must be true!")
Oh, come on. ranger_danger put it perfectly "There can be other valid perspectives than your own. Not everyone is going to agree with your specific definition of what's racism or bigotry or whatever, and not only is that OK, but it's expected, and we shouldn't try to change other people's minds unless they asked for our opinion.".
This mentality is a huge problem in America. We have insane amounts of corruption and just flat out crime. The corruption just rarely gets prosecuted in a courtroom
> If communism is the cause, then why would this same mentality be such a massive problem in America?
By communism I don't think people talk about the philosophical basis of an idealized society, but the totalitarian regime that oppresses a society and keeps the working class constantly in survival mode under the risk of losing it all.
Then they should be rallying against totalitarianism and authoritarian policies, not broad and vague ideas of "communism" that most people cant agree on the definition of. All it does is let people and politicians weasel around them using authoritarian policies because they aren't communist.
> Then they should be rallying against totalitarianism and authoritarian policies, not broad and vague ideas of "communism" that most people cant agree on the definition of.
You're nitpicking on semantics. Communism is the poster child of totalitarian regimes that oppress their citizens to extreme levels. When you talk about communism, people think of gulags, forced labor, murdering political opponents,and even force-admittong rivals to psychiatric hospitals.
Are you sure that's the route you want to go down? Going by the statistics, democracy has killed more people - in the USA, Afghanistan, Iraq, etc - than commuinsm has. If we go down that route. Which I don't think we should.
> he enjoyed the thrill of feeling superior to others [...] He got caught through a mistake that was really dumb in retrospect.
It seems to be common occurrence. I still can't get over that one hacker who dumped stolen data on forum, to sell it/prove his capabilities, in form of tar.gz archive, that accidentally included his entire home directory
It's not easy to go legit, especially in today's job market, depending on where you live in the world also.
The US is unique with its high salaries for tech work (on the lower end of those of high salaries is pure ops work like this though). If you're in a country where the average sysadmin salary is substantially lower (to pick on Eastern Europe for a minute, you're looking at the equivalent of ~$30-35k USD/year), it's not hard to see why its tempting to go the cybercrime route.
> to pick on Eastern Europe for a minute, you're looking at the equivalent of ~$30-35k USD/year
This is a disingenuous claim. Not only are there software engineers in rich western European countries that in absolute terms earn less than that but also your east European software engineer still earns multiple times their country's average salary.
I think s/he meant that if you earn 30k it's easy to be tempted by crime because the numbers are big. What night not tempt a Google engineer might tempt a telecoms infrastructure key from Anytinytown, Moldova/Romania/...
That said I don't think there are many good software engineers that earn less than that in Western Europe. Net maybe, but certainly not gross, and if it's net that covers anything from pension security to healthcare, meaning you can live a decent life in most places.
> I think s/he meant that if you earn 30k it's easy to be tempted by crime because the numbers are big.
I'm pointing out that this reasoning doesn't pass the smell test. A 30k salary in those countries actually represents between 5-to-10x your average salary. You are already considered rich and we'll off and leading a comfortable life.
It's like claiming your average FANG engineer earning half a million a year would be easily tempted to engage in criminal activity if that meant they could aspire to earn a few millions instead.
> (...) meaning you can live a decent life in most places.
Yes, there are only a few countries on earth where your average software engineer earns more than that, and mostly because their average salary and cost of living is already way larger. Some sources even state that the average salary of s software engineer in Japan is as low as $36k/year. Japan has a higher cost of living than most east European countries, they have a reputation of competence and technical expertise, and still you don't see Japan as synonymous with cybercrime.
...because on HN, experiences which somehow contradict the perspective when salaries are highly varying across countries, esp. when someone decides to pick an explicit example, which, even if it shows the truth, is against the base-assumption of the reader of a comment.
Imagine working for an organization where 1) cybersecurity is actually the #1 priority, ahead of "shareholder value" and all the other gobblygook, 2) you get to design systems where you actually have to assume that every other entity is malicious (not the usual carve-outs like "oh yeah we do zero trust.. but our entire management plane is Azure-managed it's unavoidable"), 3) your budget is effectively unlimited, and 4) you get paid several factors more than you would in private industry.
I wouldn't advise thinking of it as "providing infrastructure IT services to cybercriminals", as if these people are primarily IT people, running primarily infrastructure, who just happen to favor this audience.
I would rather advise thinking of these efforts as various cybercriminal groups going through the schlep of setting up their own backend IT infrastructure for their own use (because they couldn't find anyone to host them); and then, with built infra in hand, either:
1. realizing that their own needs were emblematic of a more-general unmet market demand for "don't ask, don't tell" hosting, and so branching out into hosting as a secondary business;
2. taking the charade of a hosting company they made up when e.g. registering for an ASN, and deciding that the more real they make that charade, the more it protects them; and so slapping together a facade of a hosting site (that serves no real customers and has no real control-plane);
3. or deciding that having real customers with actual legitimate traffic coming from their ASN further legitimizes them (and makes other ASNs more wary to just block them wholesale), and so actually standing up the facilities of your average VPS provider on some single sad box somewhere — probably running some turn-key IaaS appliance (usually not OpenStack, more likely some shoddy old thing they bought on a cybercrime marketplace);
4. or (and I think this is the most common route) chatting with cybercriminal friends of theirs, and those friends hitting them up for hosting when they realize that they've actually built something out for themselves; and this gradually just evolving into a de-facto hosting arm of the business (as they accept more of these "high-touch" word-of-mouth customers; eventually begin to feel burdened by manually configuring their systems to accommodate these customers; and so begin to automate things.)
Both forms exist. There are real hosting companies that just turn a blinder eye to crime than others, and those ones should maybe be forced to divest from certain customers but shouldn't be completely raided. And there are cybercrime groups who form fake hosting companies. These ones were from the latter group. I tried to rent servers from them once, but they don't actually take customers because they aren't a real hosting company.
In a previous life I've employed contractors and software engineers to run a criminal website. Motivations for my guys were that it was well paid work that was technically challenging in order to evade enforcement agencies, and was 'fun' in that respect; they were "sticking it to than man (my service was regarded as moral by all my users & others); and there wasn't so much work about that they could pick and choose; lastly, I was a good employer because I had to be!!
Because they cannot be profitable. Job market is not the same on both ends. If you are east European and you try to get a job in an international corporation, the in all cases offer salaries adjusted for regional averages, unless you are willing to reallocate. Only few startups and FAANG like companies, often compensation in line what is received in the western world.
And there is also a thrill of doing it, which other guys already mentioned.
You were not born in eastern Europe that’s why. That’s the whole Eastern European mind set - the only way to succeed is to rip people off or scam. Anything else is already taken or no money in it or government will take it away from you.
Some people are just born into it. Mafia families, etc. There were some very smart people in the American mob, running scams that were immensely profitable. Eventually they get caught though, and with the ease and pervasivness of electronic surveillance today, it's pretty much impossible to do it anymre at least if you're anywhere where the authorities care about it (edit to add: and aren't in on it).
If we use one of the comments from here that it was done at the behest of some government then its more like the offensive team of a legitimate government. Pretty much every thing can be colored grey that way and one just needs to find people that they can persuade or convince for their cause.
Really? Because while I've seen this, rarely, in individuals. In many cases once you start tracing money the amounts involved in many "die for their beliefs" situations is absurd. Terrorism, for example.
What point are you trying to make other than bigotry? Ethic Russians are not the only Eastern Europeans perpetuating cyber crime. Anyways, Nesterenko is a Ukrainian surname - at least get your racism correct.
I don’t depend on one shot prompts with lots of constraints to reliably produce, well, anything.
For any nontrivial task I spend 2-8 hours in specification (I spent 3-4 hours on a stateless rust CLI tool design this weekend) and detailed task breakdown in implementation planning.
I use TDD to start with red tests that turn green when acceptance criteria are met.
I write agents to use to check work and they are my enforcers of constraints, as well as fresh eyes. I use these agents for spec review, plan review and code review.
I am actually pretty proud of the projects I create with generative AI. I just apply a lot of discipline so I don’t end up with slop.
I set up a Unifi system in Thailand that has to be downstream (DHCP) from an ISP provided router. Both Unifi and ISP device want 192.168.1.x and want to be the DHCP server and there’s no easy way to tell Unifi that “WAN” is 1 hop away.
I agree with the poster that if you are doing anything that is not a defined happy path for Unifi, it is a freaking nightmare and will likely involve rebuilding, resetting and readopting several times.
Mine was perfectly happy to automatically set up on something else when it was downstream of another router, and subsequently moving it up to be the primary router was equally painless.
YMMV, though I suspect newer software on the device might be making a difference here.
I've hit this, too, and the trick is to connect to the Unifi gateway offline, before you adopt, and change its LAN address space away from the default, and then connect it to the ISP router. I'm sure you figured that out, but I'm leaving this here in case someone else finds themselves in this bind.
All of these comments are making me realise that the US is an incredibly low trust environment, where people think horrific things are going to happen to them without the their/or their families consent.
I have always called this the “one true taxonomy” problem, because whenever you sit with multiple stakeholders in a room talking about a taxonomy, you can never get to agreement, because there is no such thing as the “one true taxonomy”.
Any hierarchical taxonomy classifies on one dimension at each taxonomic level. Invariably someone wants to classify on one criteria when someone else wants to classify on another. Taxonomies that humans use aren’t multi-dimensional. So if there is a disagreement, someone wins and someone(s) has to lose.
No one is wrong; they just have different priorities or preferences or goals.
So now as an architect I never argue (and seldom discuss) taxonomies. I make two points and then bow out:
1. Whatever your taxonomy is, you need a rubric for each level. You need a procedure or set of questions that unambiguously map any $THING you encounter into exactly one bucket. Validate that competent people with no specific domain knowledge can properly classify things with your rubric; it must be repeatable by amateurs, not just experts (software is dumb).
2. Existence trumps theory. If there exists a taxonomy and rubric for what you’re classifying, you need to provide a $DARN_GOOD_REASON why this wheel needs reinventing. Personal preference and your 1% edge case probably don’t justify all the work to reinvent everything.
Then, I go back to the implementers and tell them to design in a tagging system, which is a DIY taxonomy, and except in ridiculous use cases, I can make indexes make it fast enough to let everyone overlay their own classification system.
> Then, I go back to the implementers and tell them to design in a tagging system, which is a DIY taxonomy, and except in ridiculous use cases, I can make indexes make it fast enough to let everyone overlay their own classification system.
This 100x! I wish this were more common.
The key property of a tree is that there a unique path (address) for each element, which is a useful property in the implementation layer. But forcing that on users is a horribly leaky abstraction.
Ideally separate the low-level implementation from the interface, and allow users their own way to address content. I imagine object storage (with UUIDs or whatever) is often good enough for the lower layer. For the interface layer, tags are an improvement on categories (tree structure), but I think there's also room for more innovation (fuzzy matching, AI-driven interfaces, etc) that start by allowing trading-off precision for recall but then allow regaining precision by adding more approximate qualifiers to the filtering.
----
PS: Pushing this approach to 11/10...
An intriguing (crazy?) application of this idea would be: what if we did this to the concept of a codebase? Make it a database (with all the corresponding improvements over a filesystem) -- it's no longer a tree of files, and allow users to query code like "that foo which accepts a bar, frobnicates its internal state, and emits a mutated baz". Note that this might also solve the "naming things" problem.
This setup seems like a powerful abstraction for AI coding agents. All that back-end power (database >> filesystem) is something they can easily leverage, and they can also be built to robustly resolve your fuzzy queries into precise addresses, and then update the code based on your desired outcome.
> that foo which accepts a bar, frobnicates its internal state, and emits a mutated baz
Tangential, but that reminds of the Haskell "hoogle" tool which allows searching for functions _by type_ across a large database of libraries, even by abstract types. So you might wonder "hmm what's that function that has a type structure like `t a -> (a -> t b) -> t b`?" and it'll happily tell you that it's monad `bind`
A [Code Property Graph](https://en.wikipedia.org/wiki/Code_property_graph) takes a codebase and turns it into three graph representations: it's AST, a Control Flow Graph, and Program Dependence Graphs. These graphs are overlaid and shoved into a single property graph. It's a structure mainly used by some static analysis tools like [Joern](https://joern.io/)
---
This has been a topic of a lot of interest and research for me. I've been experimenting with figuring out a system inspired by these ideas, among others, to apply the same idea (shoving multiple graph representations together) to a broader set of information
Tag Clouds were sticky tasty web goodness a few years back.
I've got a legacy tag cloud curation tool for random collections (each collection gets its own id) of URLs. It IFRAMEs each URL to present it; no whining. I've used it for classifying technical docs, photo libraries (then I used the tags to train an image classifier), and to present an analysis of a customer's web site.
It's written in Perl, and (still) runs on modern Perl. Make friends and maybe I'll toss the code your way and help you with your project.
More than once I encountered a project lead (often a higher-up) spend a half day after the project kick-off to create an elaborate folder structure for the team.
Younger me wondered: "Don't they have more important things to do? Why do they never delegate such a menial and boring task, especially when the structure is kind of obvious"
Today it makes total sense to me.
Even if it looks obvious no one has the exact same hierarchy in mind.
It was fast for them to materialize the hierarchy themselves than to convince anyone about it in every detail. Some things just can't be delegated.
I think that the person misused Google internal information and deserves termination or other discipline, but I’m struggling to otherwise see the harm in what they did. Is insider trading a crime on prediction markets? Doesn’t it contribute to the accuracy of the pricing of prediction contracts, and therefore is good for the prediction market?
reply