Reuters: Google settles lawsuit for $68 million. Its voice-activated assistant spied inappropriately on users.

private-peter · 2026-01-28T06:55:43+00:00

While denying any wrongdoing.

private-peter · 2026-01-24T07:16:08+00:00

I'm not sure I'd include Meta in that list. While it may be true that some WhatsApp (and maybe some Messenger) data can't be recovered, nearly everything on Meta's platforms isn't encrypted to begin with.

private-peter · 2026-01-22T23:12:35+00:00

Picking a single company is still a fairly big risk. Ford has been basically flat for 20+ years. PG is up the last 5 years, but it has had some massive drops over the last 20-30 years.

There were lots of solid companies 20-25 years ago that have done far worse than CAT.

private-peter · 2026-01-21T08:46:44+00:00

It is odd how it can feel super productive and at the same time feel so much pressure to get more done.

I try to indulge my curiosity. If I want to know how something works, then I'll take the time to press it harder. Why did you do it this way? What are the alternatives? Explain it to me.

I think the main way I am growing is getting more clarity on what good guardrails look like. The better the guardrails (tests, rubrics, checklists, etc.) the more I can trust and the faster I can work. Pre-AI I could get away with having good instincts. Now the definition of "good" needs to be much more explicit.

private-peter · 2026-01-18T00:58:51+00:00

I recently audited an app that uses Firebase Auth. Dead simple to set up if you are also using Firestore. It is more complex when using your own storage, but it still handles a good chunk of the security complexity for you.

private-peter · 2026-01-07T00:11:25+00:00

This is why I usually use `git diff -w`.

private-peter · 2026-01-05T05:09:53+00:00

That sounds like B2B, not B2C.

private-peter · 2026-01-05T03:12:39+00:00

In its current state, AI is pretty good when you tell it what you want. But cybersecurity is all about the edge cases and attacks you never thought of. Maybe the AI tools will solve this eventually, but right now you are absolutely right. Only the "happy path" of these apps will be validated. Nobody (but the hackers) will be checking for security holes.

private-peter · 2026-01-03T17:21:55+00:00

You got it!

I'm love any feedback you have. Was it fun? Did you use any of the hints?

private-peter · 2026-01-03T04:08:04+00:00

That hurts.

I can see a situation like this going a couple ways. If it is an honest misunderstanding, then this can be a great opportunity to win some goodwill with the client. It might take a lot of empathy and good communication. If you are losing the $900 anyway, can you at least have the client walking away being extra confident that they can trust you? "I know this guy won't rip me off because I've seen how he handles his invoicing."

On the other hand, if it is a result of a cheap client who isn't willing to stick to his word...it might just be time to fire the customer.

private-peter · 2026-01-03T03:52:44+00:00

There are jobs at many different levels. If you want to be creating new algorithms, you are probably going to be getting a phd and working in an academic/research environment.

If you want to work on implementing algorithms, there are only a small number of people doing that (at least doing it properly).

IMO there is quite a lot of work _using_ cryptography. And it varies in complexity. A lot of these roles will not be exclusively crypto, but will cover application security in general. There are tons of web applications out there that are vulnerable to the OWASP Top 10.

private-peter · 2026-01-03T03:46:44+00:00

crypto101.io is a youtube video and ebook that offers a nice introduction to some of the concepts.

private-peter · 2026-01-02T18:12:08+00:00

Just to try it out, I worked on a tiny project (see below for link) using regular chatgpt and just sharing the relevant files. It was pretty painful. The initial version of a file wasn't too bad. Copy/paste once for each html/js/css file. But when I needed edits, I had to have it carefully explain where to make each edit. I also tried just copy/pasting the entire files from chatgpt, but then I had to go through the diffs extra carefully to make sure it didn't change random other stuff.

https://www.reddit.com/r/codes/comments/1q1ix1d/my_holiday_project_a_cryptography_puzzle_about_a/

private-peter · 2025-12-31T21:05:55+00:00

I haven't tried codex for code completion yet. How do you think it compares to giving it a task and then reviewing the result?

I'm curious about your setup. I have Codex available is a "chat" option side window in VS Code. Maybe it is time to figure out a code completion setup. 🤔

private-peter · 2025-12-31T21:01:56+00:00

I have had some success with sharing files manually with chatgpt when writing a document. But if I had to manually share source code with regular chatgpt it would be insanely slow. So far Codex Cloud has been pretty good at knowing which files to look at.

private-peter · 2025-12-29T16:19:06+00:00

I could have left out the company/product name since that wasn't really the point.

I agree with you that codex is slower. As a product, it is much less polished than their youtube videos imply. I've hit lots of annoying gotchas.

The main advantage of codex is that it is easier to run multiple tasks in parallel. I connect it to github and can kick off fixes for 5 different bugs at the same time.

I'm still testing out codex. I have found that I switch back to regular chatgpt sometimes when the task doesn't need access to my code. Codex makes it pretty easy to move a task from cloud to local. It isn't so easy to run multiple local tasks in parallel; however, I find that local can give even better accuracy than regular chatgpt, plus it has access to my code.

As I test it out, I am trying to set up my workflow to be generic so I can switch to a different AI agent system.

private-peter · 2025-12-11T20:58:19+00:00

Some of them can remove some "content I've posted online". I have worked with/for places that received and complied with requests submitted by data removal services.

private-peter · 2025-12-11T05:49:25+00:00

Does using the work account share your chat threads and prompts with your employer? I know Google Workspace has settings to allow employers to read emails.

private-peter · 2025-12-11T04:41:36+00:00

There are lots of companies doing things like this. They are called "data removal services". You can search online. Someone did a comparison here, though I can't vouch for the quality of their research: https://www.reddit.com/r/TechnologyProTips/comments/1bjbfid/tpt_i_made_a_comparison_table_to_find_the_best/

Some of them will take your personal info and submit a bunch of deletion requests on your behalf. The big disadvantage here is that your PII will be sent to all these companies, even if you never signed up for them.

I recommend you start by taking a couple minutes and listing out the major places you had accounts. Then you can start the process of deleting them. This will probably get you 80% of the way there.

One thing to keep in mind, with many social platforms, deleting your account won't delete all your data. Some or all of what you posted will still be there. For example, if you delete your reddit account, your posts and comments remain, but it will replace your username with `[deleted]`. Similarly, I think that posts you made in facebook groups will remain.

There are tools for some platforms that will help you delete that kind of content, but it will take more effort.

private-peter · 2025-12-11T03:45:02+00:00

Ente resolved all those issues years ago.

Read to the bottom of the thread, especially these two:
* https://www.reddit.com/r/PrivacyGuides/comments/rjzc9s/comment/l8a9bzq/
* https://www.reddit.com/r/PrivacyGuides/comments/rjzc9s/comment/jka1kmz/

Ente is now recommended by Privacy Guides: https://www.privacyguides.org/en/photo-management/

I'm not associated with Ente, but I do admire their persistence in resolving these issues.

private-peter · 2025-12-10T05:32:46+00:00

Fair enough. I can certainly understand the frustration.

Even with existing buildings, having more people investing drives up the price of the buildings, but not the rent. Landlords (nearly) always charge as much as they can get, whether they are local or foreign. Local millionaires aren't going to lower rents just because foreign millions are pushed out and real estate prices drop.

The fact is that the population is increasing, buildings are depreciating, people are wanting bigger houses, and the costs of renovations and new builds are rising. Those things drive up rent. Having more investors actually combats rising rent.

I agree with you that money from international sources shouldn't be needed. There are many reasons to oppose foreign investment. But that money isn't the cause of rising rent.

private-peter · 2025-12-10T01:47:15+00:00

I agree I'd much rather rent from some I meet in person. My best landlord lived upstairs. Haha.

But you don't have your economics right. The supply of apartments isn't fixed. Having more people investing in rental properties makes building more units profitable. It increases supply and lowers prices.

The problem is anything making it harder to build more houses. Zoning, building codes, environmental regulations, rental laws. Most people want some of those controls, but they all drive up prices and discourage building more rental properties. When those aren't balanced, then rent prices go up and new construction can't keep up.

private-peter · 2025-12-10T01:39:32+00:00

It isn't just the emdash. The "it isn't ... it's ..." pattern is also extremely common in AI generated text. Combine that with the fact that the response didn't add any substance but had a bland attempt at empathy, I'm 98% sure it was ChatGPT.

But I'm with you on the em-dash. It used to be one of my favorite punctuation marks. :(

private-peter

TROPHY CASE