yeah it’s totally plausible that Google would risk the reputation and legal status of its global multi-trillion empire to dunk on one of the handful of people who have the near-unilateral authority to dismantle them
Also - there's zero chance any employees at Google could decide to leak the contents of a specific inbox. That'd be an insane security hole which would've been exploited multiple times already.
I too am very curious about this. Even if his password was exposed and he didn’t have 2-factor auth, doesn’t Google by default ask for confirmation — e.g. texting a number or backup email associated with the account — when seeing an unrecognized device? Maybe he didn’t have any alt contact methods associated with his account?
(which might not be that unusual, he’s old enough to have opened a gmail account upon launch, before extra info hoops were put in place, and maybe he never touched his account config in the past 2 decades?
You are probably right... I tend to change my password semi often. It's always a super complex impossible to remember string - and always keep an eye on the account activity.
Not to mention ; you would assume he should have more than one device linked to the account and then that adds another layer, since Google will ask you " is this you trying to logon ". <-- that is the only way to get Google to do the unrecognized flow you mention.
If you are suggesting it was exposed and he didn't immediately randomise all his passwords.. WORDS FAIL ME
It's all security 101 the irony is immense...
if the US government / FBI need someone to give some talks on how to do security ...
Honeypot sure I didn't think of that.. But I was under the impression the FBI confirmed it ? So we can rule it out.
Making the password impossible to guess - how could that not be?
Since then you know you have a breach, as its randomised gibberish, if you then get the 2nd device asking " is this you trying to login " you can definitely know you are compromised....
I can't see your logic here, that isn't " theatre " ????
If you think that is theatre what is better then? Words and numbers.. easily brute forced.. Sorry can't agree.
Why would they willingly destroy their successful honeypot if the other party announced they've access to it?
I haven't seen what's in it either though, but I would not rule it out yet, especially when the FBI is involved - which love those tactics
When you're compromised, changing the password is obviously not theatre - but changing a password which is randomly generated with enough entropy is what's pointless theatre. A secure password is secure, esp. If you're already using a password manager then the act of changing isn't meaningfully increasing your security (unless you're aware that your password was compromised) because the way to compromise it is what...? Having a keylogger on a device you logged in on? Then the changed password will be just as compromised
That's why keepass is really useful since you aren't ever typing in the password.. its generated and then copied to the clipboard.. That clipboard is then wiped after X seconds.
So then you know that you have been rooted => If that fails to resolve it.
Reduce the number of vectors to know what you have to change asap. in this scenario you don't want to be guessing about how they did it.
The randomised gibberish just means you can rule out certain things. I can agree on part of what your saying but a string high entropy password, makes it harder to brute..
Many services don't really do that whole retries thing properly. So make it take as long as possible.
If you don't use a random gibberish your password can be cracked on any consumer device in a surprisingly short amount of time...
This way you can then focus on that a session token is probably how they got in.. It's the most common vector these days...
Maybe they're like me, who didn't spend a lot of time investigating Claude until 4.6 launched and the hype was enough to be the tipping point to invest energy. I do know that I've been having good/great results with Opus 4.6 and the CLI, but after an hour or so, it'll suddenly forget that the codebase has tab-formatted files and burn up my quota trying to figure out how to read text files. And apparently this snafu has been around since at least late last year [0]. Again, I can't complain about the overall speed and quality for my relatively light projects, I'm just fascinated by people who say their agents can get through a whole weekend without supervision, when even 4.6 appears to randomly get tripped up in a very rookie way?
There's definitely a productivity curve element to getting it to behave effectively within a given codebase. Certainly in the codebases I work with most frequently I find Claude will forget certain key aspects (how to run the tests or something) after a while and need a reminder, otherwise it gets into a loop like that trying to figure out how to do it from first principles with slightly incorrect commands.
I think a lot of the noise about letting Claude run for very extended periods involves relatively greenfield projects where the AI is going to be using tools and patterns and choices that are heavily represented in training data (unless you tell it not to), which I think are more likely to result in a codebase that lends itself to ongoing AI work. People also just exaggerate and talk about the one time doing that actually worked vs the 37 times Claude required more handholding.
The bigger problem I see with the "leave it running for the weekend" type work is that, even if it doesn't get caught up on something trivial like tabs vs spaces (glad we're keeping that one alive in the AI era, lol), it will accumulate bad decisions about project structure/architecture/design that become really annoying to untie, and that amount to a flavor of technical debt that makes it harder for agents themselves to continue to make forward progress. Lots of insidious little things: creating giant files that eventually create context problems, duplicating important methods willy nilly and modifying them independently so their implementations drift apart, writing tests that are..."designed to pass" in a way that creates a false sense of confidence when they're passing, and "forest for the trees" kind of issues where the AI gets the logic right inside a crucial method so it looks good at a glance, but it misses some kind of bigger picture flaw in the way the rest of the code actually uses that method.
I've always suspected video-gen is basically a loss leader for OpenAI, Gemini, and Grok. They can't convince the general population that AI is world-changing trillion dollar tech with "vibe coding", but realistic fake videos are impressive at a glance, and might convince many non-technical people that AI/LLMs are something revolutionary.
I think of them all Gemini has the most viable use case when Veo is paired with their advertising platform. It does genuinely open the door to a lot of cost saving for promo shots of products etc
Agreed. For reference, if sora 2 was able to generate me a Google ugc product video, it would cost me like $10 and I would get it within 30 minutes if including editing. Paying a ugc content creator would cost me $50-200 plus no control over final shots plus I gotta wait for them to respond. I have 30 products in my e-commerce store— these costs add up like crazy
The other one is TV ads/cinamatic ads. For a 30 second clip expect to pay an agency $5-10k. Within a couple of days, I can make a video ad and have like $50 in api costs. Cost of production is so crazy in marketing.
Obv this is under the assumption ai is good to do either of those things. Which it hasn’t so far, best I’ve gotten is doing b-roll shots to stick together for an ad
This is what I see, outside the HN bubble. If you work retail or weld pipes together or whatever, AI is of no use to you. On the contrary, if tech thought leaders are to be believed, you'll be out of a job soon, replaced by a lifeless robot. Fuck that.
You do realize that there a lot of people who sit at a desk and use a computer all day, right? Those are the ones whose jobs are vulnerable, not the ones who work with their hands or interact with the public.
we will come for them with real world AI, it takes time. dont worry. they are not safe in a decade, they are %100 safe for few more years. Learning from them at scale and updating is nothing impossible.
It's fine to have a reaction. It just rhat a lot of the comments totally ignored this this caveat. So basically, as I read it by default, they're banned unless approved, which is pretty much what all regulation does anyway, isn't it.
During the last years USA has banned a lot of things by default, but in all cases there were exemptions for things receiving specific approvals.
However, the approvals appear to have not been based on any objective methodology, but sometimes nothing has been approved, while otherwise there may have been some approvals but their randomness was suspicious.
Now this new interdiction continues the trend, so it is normal for people to be wary that any approvals will be based on some kind of bribing and not on any serious security audit.
Especially since the announcement provides no information about how the DoD or DHS will be evaluating what to approve, and it's unlikely that they have the resources to do any meaningful security evaluation on that many products.
The DOH and DOW have a lot of resources. And I would guess the DOW has a lot of intelligence resources and most likely the DOH also I mean it is their job to keep the homeland safe. But I would agree. It probably will involve a lot of marshaling of those resources and reorganization. But who's to say they haven't done that already. My general point is that the conversation in this thread completely ignores that this is an imposition of a different regulatory scheme, not a banning. And actually it's in favor of enforcing more security on routers which everybody has been screaming for for years.
The way it's supposed to work, the ground controller first verifies that there are no traffic conflicts before clearing vehicles to cross an active runway.
That is exactly my point. What visual aids do the ATC controllers have at their disposal to decide if the runway is free for an emergency vehicle to pass?
AI is being used by bureaucrats and enforcers to justify lazy, harmful conclusions. You don't live in the real world if you think "just punish the bureaucrats, don't make it about AI" is going to remotely rectify this toxic feedback loop and ecosystem.
No, we definitely should punish bureaucrats and enforcers who act negligently. If someone in a position of authority flagrantly fails to do his job and it directly harms someone he should be held accountable. That would provide a strong incentive for future actors to take their responsibilities seriously.
If an engineer signs off on an obviously faulty building plan and people die as a result we hold him accountable. This is no different.
> Today at 4:00 I will go over to Raleigh and sit in on a show-cause hearing. This will be my first time attempting to live-post a hearing in person. The case is Fivehouse v. DOD and the question is whether the DOJ attorney fabricated quotes in a brief.
reply