There's no one size fits all - what they're saying would absolutely fail at the company I'm currently at, but sounds like it works for them. The key thing is to have a process that works well for the people who are there, and hire people who work well under those conditions. The people who do well at our company would not do well at their company, and vice versa. I don't like how this article makes a claim about what works well for them is actually a universal truth. It really depends on the people there.
I agree the coffee at starbucks isn't great, but I feel the coffee at dunkin and mcdonalds are both better than starbucks. I like black coffee though, and Starbucks drip or americano just isn't good - I see starbucks more as a desert place than a coffee place, and judged on that they're good. I think more people want sweet milky coffees, and that's fine. That plus the environment is a big pull of Starbucks. It's not my thing, but I get why people like it
EDIT Also, I'm pretty sure the better coffee at mcdonalds happened after starbucks, IIRC they put a lot of effort into improving their offering after starbucks exploded
The Starbucks near me doesn't even brew coffee any more. They switched to these automatic machines that "brew" a cup in about 15 seconds (ie. vending machine quality). Its undrinkable now. In future would only order espresso drinks or cold brew.
I've instinctively been avoiding hospitals run by PE, and now I have a good reason to.
I'll never forget with my first kid they tried to scare us into genetic testing - I mean, they had a pamphlet and video they were required to show us that were meant to scare us into it, but I could tell from the doctors face that she wasn't into it and felt like she was apologizing when she said she had to play this video and leave the room. We switched to a different hospital almost immediately.
CTRL-Labs themselves acquired the wristband tech from North/Thalmic, who pivoted into smart glasses for a few years before being acquired by Google.
> In an interesting twist, CTRL-Labs purchased a series of patents earlier this year around the Myo armband, a gesture and motion control device developed by North, formerly known as Thalmic Labs. The Myo armband measured electromyography, or EEG, to translate muscle activity into gesture-related software inputs, but North moved on from the product and now makes a stylish pair of AR glasses known as Focals. It now appears the technology North developed may in some way make its way into a Focals competitor by way of CTRL-Labs.
I had one of those Thalmic Myo armbands 12ish years ago. Used it a couple of times and then forgot about it. From memory, there were only a few gestures available to program, and anything I could think to sync them to was just as easily handled with keyboard shortcuts (show desktop, close window, change workspace, etc).
Yes, it seems that the gesture detection is based on the raw time-frequency sEMG signals with data and code for model implementation from the Nature paper available here [1],[2].
Disney is about to have a serious talk with Facebook. Disney Research has had a prototype on gesture detection via wristband electric sensing tech since 2012: https://youtu.be/E4tYpXVTjxA?t=2m8s
Besides it being different technology, the original Myo wristband was also introduced around 2012. The parents were later acquired by CTRL-labs which was then acquired by Meta. So you can be pretty confident that they have the patents.
Although surface electromyography is quite a bit older than that.
Yep I hope that mindset never dies. Meta is one of the last engineering-first companies in big tech and willing to live demo something so obviously prone to mishaps is a great sign of it. It's not unlike SpaceX and being willing to iterate by crashing Starships for the world to see. You make mistakes and fix them, no big deal.
One of my internships was preparing Bill Gate's demo machines for CES. I setup custom machine images and ran through scripts to make sure everything went off w/o a hitch (I was doing just the demos for Tablet PC, each org presumably had their own team preparing the demos!)
Not doing it live would've been an embarrassment. I don't think the thought ever crossed anyone's mind, of course we'd do it live. Sure the machines were super customized, bare bones Windows installs stripped back to the minimum amount of software needed for just one demo, but at the end of the day it sure as hell was real software running up there on stage.
The same unwarranted sense of confidence that tells them this product is worth making tells them that they can easily pull off a live demo. This is called "culture fit"
I saw Jobs give a demo of some NeXT technology and the system crashed and rebooted right in the middle of it. He just said “oops” and talked around it until the system came back up.
Totally agree. Up until a few years ago failures during live demos on stage used to be a mark of authenticity, and companies playing recordings was always written off as exaggerated or fake. Now all of Apple's keynotes are prerecorded overproduced garbage.
"At least it's not faked" was my main reaction, too. Some other big-tech AI-related demos the last couple years have been caught being faked.
Zuckerberg handling it reasonably well was nice.
(Though the tone at the end of "we'll go check out what he made later" sounded dismissive. The blame-free post-mortem will include each of the personnel involved in the failure, in a series of one-on-one MMA sparring rounds. "I'm up there, launching a milestone in a trillion-dollar strategic push, and you left me @#$*&^ my @#*$&^@#( like a #@&#^@! I'll show you post-mortem!")
Matlab/Scipy/Julia are totally different since those function more like user interfaces, they are directly user facing. You're not building an app with matlab (though you might be with scipy and julia, it's not the primary use case), you're working with data. C++ on the other hand underpins a lot of key infrastructure.
I am a big fan of keepass which I sync with dropbox, good apps exist for iphone/android/mac/windows/linux. But I don't know if that's more secure than a password provider like 1password. At least not fitting into the typical profile, and being able to control the data, open source code, and offline access feels like the optimal way for me.
Literally got something similar to this last Friday. Sounded legit. My one weird trick that works every time - give me a ticket # and an official phone number to call back to and I can confirm the phone number is legit. This way you can continue the conversation if it is actually legit, and if it's not legit then all good.
The guy who called me said "I can send you an email to show it's official" and I thought of that immediately when I read this article. No dice, he refused to give me a number to call back on, so I knew it was fake.
EDIT You can spoof from email addresses and you can spoof phone numbers - if someone is calling from a legit number on caller id it means NOTHING. You have to call back to a legit number to be sure it's real.
I personally don't even allow them an opportunity to give a "phone number" either. I always ask them to identify their company and the branch that they are with - and then personally go to the official website of the company (i.e. https://amazon.com, etc.) and look up the phone number there.
You’re probably worth a lot of money rn. I would start an entire business just selling people Google’s number. Heck, I would start an entire Google support company rn, publish a phone number and proxy calls to Google. I’d screen calls then also sell Google my services. You’re welcome. Build this in 2 months. I want 30% ownership.
I make them hundreds of thousands a year even with their commission from my app sales. Still don't have a contact there (same with Apple).
They're happy collecting their commissions and avoiding you. The only good thing is that (for the most part) the payment method is just a password/faceid/touchid away.
I have the fun of making outbound calls to offer people a public service and collect payment if people desire it. Most people gladly hand over their credit card details. A few years ago, someone wisely asked why they should trust me. (It only happened once in a decade!) I said they don't have to. They could look up our phone number at an easily verifiable government website, then call back; they could call any facility operated by the department; or they could visit any facility. Said individual provided their credit card details right then and there. Virtually noone cares about security.
> Callers from legitimate businesses treat me like i’m questioning the moon landing when I tell them I’ll need to call them at an official number.
Not to justify their behaviour, but: most businesses are not set up to allow for callbacks or they're set up to actively discourage them. For example: they may be contracting out to call centers or employee performance may depend upon making a sale. My situation is unique since all calls our handled internally and my performance is not based upon making a sale.
That's said, the current situation pretty much dictates that a secure option should be offered to clients.
The trouble is, you have to place the outbound call to those contacts to trust them. People could spoof an incoming call from numbers in your contacts and it will look as legitimate to you as a receiver as if the real number was calling you. With voice spoofing, it's now possible to call someone as [grandchild] with [grandchild]'s voice with a pretty horrible story about what's going to happen if some Bitcoin or Google Play gift cards are not purchased and handed over immediately.
I'll give you an example. When the Bank calls me about something important, I tell them to give me their department / extension and I'll call them back. I then look up the bank's phone number on their website (it's actually in my phone already, and on my bank cards) and call them back.
This process doesn't care about them calling from a spoofed number. We've had big problems with spoofed number scams and the CRA (Canadian version of the IRS) recently.
No. If it's someone I know, and I can tell that's who they are from their voice, and they aren't suddenly trying to pry a bunch of financial information from me, then I trust them. I also don't even accept calls from unknown numbers by default, unless I explicitly turn that off temporarily because I'm expecting a call from someone not in my contacts. There are plenty of other ways to get ahold of me.
AI speech still has some noticeable quirks (I cloned my voice earlier this year to produce some tutorials). Once those are ironed out, I may increase my paranoia a bit. It's going to be hard for an AI faking a relative to get my bank password, if that even happens. There are far more lucrative targets with that level of investment.
I think just being on guard and not trusting potential anonymous sources is "good enough" for now.
No kidding!? I have never had someone take this in stride. Responses have ranged from surprise to defensive condescension. It rarely even works at all, and the two worst offenders were both banks. One UK, one USA. I almost had the check for my rent bounce after three days of this rigmarole and ended up having to just go with it.
Where do you bank? I'm looking for recommendations.
Even better, once I had a financial institution tell me I needed to read them a one time code someone would text me. They were actually surprised I had a problem with it when it’s the scam playbook.
To be fair I give just about anyone and their dog my CC number. Chargebacks work and my life is that little bit easier for it.
Playing Jason Bourne with your credit card number is not worth the effort if you ask me.
I would even say this is a net positive for the economy: the cost of fraud is outweighed by the lower barrier to payment. I'm sure you'd have made fewer sales had people been more worried about security. Net positive then, right?
Depending on which country you're in and which bank you're with, chargebacks are nothing like as straightforward as they used to be. I just completed yet another one, which involved 2 separate phone calls totalling over an hour (so probably not worth it on a $/hour basis), accepting the risk that if Visa rejects the claim I'm liable for a further $50 charge (this is new), and generally 3 months of hassle until I got most of the money back (less the international transaction fee, as the merchant had fraudulently claimed to be in the same country as me, but charged me from the UK).
For the record what kind of chargeback are you initiating, and why does it have to go through visa rather than the bank who issued you the card? Unauthorized card-not-present transaction initiated by a third party? Some cbs are harder than others to get ruled in your favor, but the one where a criminal takes your card and uses it without your knowledge is by far the easiest one to get awarded. It involves one call to your bank and you get a new card, all fraudulent charges reversed.
If your bank doesn’t want to honor the request yes you’ll have to contact the payment network (visa/mastercard) and I’m sure there’s someone in this thread who has experienced that for an unauthorized transaction chargeback but it’s exceedingly rare.
Merchant error chargebacks , on the other hand… very different situation.
The US makes chargebacks exceptionally easy. Non-Americans have a much less useful credit card system, which is why debit cards are more common in most of Europe.
Merchant fraud this time. Done through the (soon-to-be-ex) bank but they brought up the charge from Visa.
It’s possible that my current bank is particularly bad at this, as they are bad at everything else. I have had the runaround with merchant error and stolen card number chargebacks with other banks though.
Nope. I only sell services that people previously requested, though it is often months earlier. (As I suggested, it's a government job.) Sales is just one of the things tacked onto my job description over the years.
And to further crush that cynicism: most people are overjoyed when I call them.
Not everyone who makes outbound calls is a telemarketer.
The healthcare company I work for has a whole department of very nice people who make outbound calls to offer free health and nutrition classes to poor people.
Yes, they're free. As an employee I am also required to take one of the classes each year, so I know what they entail. Yes, they cost our company money. No, they're not sponsored by some corporation or ad company, and no we don't sell people's information on (HIPAA and all that).
In the rare case something worms it's way to collections I just ask for the certified letter. Now in ten years that only happened once. I even called the hospital asking where my bill was and they said I didn't owe anything. Three months later collections!
The great thing about credit cards (as opposed to obvious scams for suckers like cryptocurrency) is that consumers don't have to care about security. They can dispute fraudulent charges and never be out any money.
There are a lot of contact numbers for e.g. banks and often it’s not obvious how to re-contact the department you are talking to. So, I’m happy to take a number, but I have to be able to find it on the conpany site somewhere (will also accept generic e.g. “call the bank fraud line and supply this reference number”)
How does that help them? It's not gonna pass any legal scrutiny. If they were going to lie, it doesn't matter whether you said yes or not at any point in the call.
Probably going to cost a lot to get to that point, probably more than they will scam you for. They're after the quick hit that gets them something right away while also believing that you won't take it that far.
It's like knowing how to pick a lock vs just throwing a rock through the window that's next to the door to gain access. They both get you there.
I usually ask for the phone number, find it on the corporate site, then call the branch office.
Alternatively, ask for their license number, check the license, then call the number it lists. (Kills two birds with one stone for licensed professionals.)
You don't, but large organizations can have a lot of entry points (or none... but that's a different topic), so you let the caller pick the inbound number that will actually reach them or their department, but then you still independently verify that the number belongs to the organization before trusting it.
Be careful with checking official numbers too, or at least tell any non-tech friends. Fake numbers have been ending up in search results on official looking websites. It's a real knife fight out there.
I find that when it’s legit a consistent thing happens, which smells of careful training: they instruct me to call the number on the back of the card, or on a bill.
Only worth it for a targeted attack. Even then I might just read the number off a genuine bill instead of their fake one. And that's assuming they have linked my address and number - lots of scam calls are low effort dial every number.
It's interesting how easily Google results rankings are manipulated by bad actors, and how unvetted the scams are in paid adverts on and through Google. The web is untrustworthy, and Google transparently passes it to users. We'd probably be better off if Yahoo's quaint curated list of sites had won out.
> It's interesting how easily Google results rankings are manipulated by bad actors, and how unvetted the scams are in paid adverts on and through Google.
Well, SEO, I get that this kind of gaming is hard to prevent, not at Google's scale.
But the AdWords scams? Or all the other fake ad scams, chumboxes and god knows what? The complete lack of audits around something that actually causes money to change hands should be outright banned.
At the high end of ads, think large brand TV spots, you got entire teams of lawyers involved to make sure licensing, actor releases, technical details, corporate identity and a myriad of other things are taken care of.
But at the low end? Some rando from St Petersburg can post an ad for a book "uncovering Western lies about NATO expansion", some Indian can post an ad for "Norton Removal", some American an ad for a f2p game with content that clearly does not describe the actual gameplay or some Chinese can post an ad for penile enlargement pills - and none of the four will get even one human eye on the ad before the campaign goes live and the ads are displayed to actual users, even though all four either violate Western laws outright or are at least banned by the providers/networks.
And the problem isn't just limited to Google, Youtube, AdWords, Unity Ads [1], Taboola [2], Outbrain [3], Facebook/Insta [4] - it's everywhere, the entire low range of ads is infested to the core. Self-service ad platforms should be shut down, period - the industry has shown that "self regulation" doesn't work.
Yes, and that same lack of lawyers/friction is what also allows legitimate small businesses to thrive. I've worked for many, and out of those many, none of them had lawyers involved at all.
It is all about balance. Google could do more here, however the answer is not as obvious as you might think. Especially in an age where identities get stolen often and the lag time on catching said fraud is quite long.
The issue is that the entities mentioned are doing...nothing at all. Not even basic MANUAL identity checks and payment checks. Automated checks work very well until they don't.
> Google could do more here, however the answer is not as obvious as you might think.
Oh it is. A basic background check alone done by an actual human to see if the business is actually real, let's say this costs Google 1h @ 40 dollars plus 20 dollars for credit bureau fees. Google can offload that cost to the advertiser - even for a small cookie store, that's hardly an expense.
And after that, vet the campaign material for each asset. When you have 200 dollars in ad spend (which isn't much), 10 dollars should go pretty far in having a human see if the "pizza store" didn't just place an ad for penile enlargement.
> Automated checks work very well until they don't.
The key thing is, the entire ad industry is amoral. No one cares about fraud or brand reputation any more, not when you see chumbox ads on "reputable" newspapers. So everyone seems to think "why should I leave a few dollars on the table?".
Yes, especially do not google the number that you were given on the phone. That is completely certain to turn up the scammer's official looking page and "confirm" the phone number.
I have seen Microsoft support forum articles that list the "Facebook official phone number". The fact that it's not from Facebook doesn't make it less authoritative in a panicked person's mind.
Google, Meta, Microsoft, and Apple really must start publishing an "official phone number". It is perfectly OK that this phone number just plays a repeating message saying that the user should browse google.com/phone. That website can explain that there is no phone support offered, and provide a bunch of links for common scamming hooks that leads to anti-phishing material.
This happened to me once. I was calling Amazon and did a Google search on mobile. I called the big number that was at the top of search results. After I had given my account email, but nothing critical, I started becoming wary of the questions I was asked because they weren't relevant. I hung up and searched again and the result did not come up again, and Amazon's number was totally different. I looked up the number I called and it didn't find any results. So I'm guessing an ad scam. I definitely don't trust Google results with featured answers for things like that anymore.
This happened to my father while I was around during the beginning of the COVID lock down. He searched for an Apple support number and was served a targeted ad for a phishing site. Because of the change in search a few years prior, ads now look very much like search results compared to the obvious visual distinction back in the Don't-Be-Evil days. The ad was sufficiently targeted that it only showed up on his device for the search -- nobody else would see it.
Ironically today even network engineers of all people can't type speedtest.net without google's help. Set your search engine to wikipedia and see them struggle.
I feel like we lost the battle for any semblance of hope in matters of security when the URL bar blurred everything into search. There is simply no way to ensure that the browser does what one expects anymore.
The guy who called me on friday felt like a targeted attack, I've been getting a TON of pokes at trying to reset my google password. It really made me feel like there's less and less you can trust online. Scammers are winning the arms race, and have the resources to create really good looking pages.
They also typosquat support numbers for people who misread them or assume things like toll-free is always 800 when it can be other area codes. Just because someone answers, don't give them enough PII to use your identity elsewhere.
The last I heard, Google relied on spam filters for this.
Supposedly, people have been fired after being falsely accused of harassment. The scam works as follows:
Send a message to bob@gappsdomain.com and notavictim at the same domain. Arrange for the headers to be “from” bob. Now, notavictim reports Bob to HR. If the google admin is competent, they look at the headers, and note that Bob didn’t send the email. (Not sure if they catch the offender or not.)
If they’re incompetent, they see the message in Bob’s from box, and recommend he be fired.
This is a feature that enables dubious workflows, where Bob configures spam bots to bother his coworkers, but wants those messages to be auto filed in his sent box.
I didn’t think it worked when spoofing unrelated domains like Google though. That’s just dumb. Maybe the attacker had the author’s IMAP gateway password and moved the message into the inbox?
Google spam filters are terrible because they filter way too much legitimate email. I have been a paying business Gmail user for years, all DMARC, DKIM, etc… in place. My messages still go into client Gmail spam folders. It’s extremely infuriating. Google knows I’m not sending spam. They can’t deliver my email properly to their own inboxes? Nonsense.
I have no time and energy for the level of paranoia present web services RQUIRE. I started to cut back. One of the firsts: not accepting Terms and Conditions for a site my company delegated for the sole purpose of delivering my payslips (probably some others too, but marginal compared to this). I'd need to revisit the details to tell what was that exactly, but some sort of sharing some of my data with thrid party (subcontractor) thing. It is a recent develpment, I will see how it flies with my organization, but I'd be surprised if I could be forced to accept T&C just for receiving payslips. We have 2 other admin accounts for reporting time, absence, no more for me with some arbitrary service provider, thanks. (in the previous job of mine our absence tracking system sent me incentivised ads in the dashboard to attract others to their platform and some sort of weird discount system if I buy things here or there, quite repelling)
Yeah, if you're a high profile target then you need extra layers of security, but for regular folks that one weird trick is enough to make you just enough of an annoyance to make another target preferred.
But in a world with Pegasus, and telecoms in smaller vacation countries selling off SS7, etc, etc - if someone good really wants to target you normal security protocols aren't going to cut it.
I imagine it will be like SIM swapping attacks where attackers will pool all their money together, gain temporary SS7 access and conduct a ton of attacks in a short window of time. Reducing the per-attack cost.
The phone network is just not a secure channel for any sort of communication
Explain how SS7 access can allow someone intercept my call back to an official number like Bank of America or a number on Fidelity a 401k support page.
I don't know. Google could solve this all in an afternoon. It controls e-mail delivery, it is the e-mail delivery monopoly. Why deliver these e-mails? It just shouldn't.
But because Google delivers spam from senders who spend a lot on Google ads; and e-mail traffic gets laundered into web ads traffic; they just can't do it. And because Superhuman charges more than $0, it can't do it either. Nobody can fix e-mail. If you can't see how phishing and Google Ads are related... you know, this is why it is hard to "just" pass a law. It's not because the law wouldn't fix the problem. It would, if you permit the status quo where Google is the e-mail monopoly. It's this whole A16Z "just pass a law" nonsense, where someone thought he was saying something really insightful because he didn't like Jon Stewart, getting in the way of my inbox zero, and simply never receiving non-personal e-mails at all.
> if someone is calling from a legit number on caller id it means NOTHING. You have to call back to a legit number to be sure it's real.
This reminds me of one time where I got a call from a number I don't know, got yelled at something about spamming calls. Yelling includes threats about getting reported to police or whatever, which was confusing since I never had any history with this number.
I suspect my number was spoofed. I'm not sure if there's any defense against that.
The amazon "I'm sorry but I cannot fulfill this request it goes against OpenAI use policy. My purpose is to provide helpful and respectful information to users-Brown" listing reminds me of this restaurant in Shanghai when I lived there. The chef who opened it was famous in his local area and wanted a beautiful name for the Shanghai location, and have it in English to reflect the cosmopolitan international city of Shanghai. So he chose a line from his favorite poem, put it through google translate and named it, in big letters above the entrance, "Translation not Found".
Edit The story above that I heard was likely an exaggerated version of this: https://languagelog.ldc.upenn.edu/nll/?p=301 - I still like the urban legend version I heard so keeping it up there.
Exactly this - I've said it before and will say it again - new technologies emerge in response to trends, often to accelerate existing trends and does not create them.
I see a few explanations for what you're saying, and those might be true, but I strongly believe part of it is investment (particularly VC, less so PE) has hit diminishing returns in tech and which means less subsidized "disruption", which means less money to hire people. AI becoming hugely popular right when this was happening is not a coincidence. And it's not just startups, less investment in startups also mean less clients for AWS and Azure. A16Z / Sand Hill switching to AI is not them just chasing the latest trend, it's a bid to reduce cost on people, which is the most expensive part of a tech company, as the only way to extend their unicorn-focused investment strategy.
