Contemporaneous reporting was that DOGE people demanded root-level access across multiple systems (disallowed by federal policy, so political appointees had to demand the access) and without background checks or onboarding, after which they extracted protected data and shoved it in some S3 buckets. Just blew a hole right through the entire federal data protection model; you can't plan for "the President orders everyone to ignore all privacy and security controls" as a threat model.
It was absolutely a secure environment prior to DOGE laying waste to all the layers of security in place. Presumably those safeguards are now back in place post-DOGE razing.
I find myself distinctly unimpressed by the idea that slapping a nice UI and some TS/SCI controls on top of a graph database — the latter being something that NSA did, with considerably more sophistication, years prior in a Neo4J fork — is some kind of brilliant conceptual moat. Graph DBs are useful for certain kinds of problems, which happen to map well to counterterror social mapping strategies, this is nothing particularly new or noteworthy.
It takes quite a bit of chutzpah to lament that "classic programming such as Schoolhouse Rock! is now only found in online archives" when this same administration defunded the CPB, previously responsible for developing just that kind of educational content.
In general, I would expect an identity verification firm that I'm hiring to secure and then physically delete any sensitive records my customers are uploading, unless I explicitly opt-in otherwise. My guess is in this case that Discord is attempting to train its own models for first-pass verification, so this is a training corpus; there's no evidence that Persona's doing anything with Palantir, other than proximity of funding.
The broader issue here is that SV VC is starting to feel mildly radioactive when it comes to public opinion; Persona's previous lead fund (up through its Series B) was Index, run by the more conventionally-liberal Neil Rimer, and no one worried about that. The entanglement of Silicon Valley's oligarch class in very extreme politics* at a time of very fraught national political upheaval is making VC money politically-exposed money; if you take FF or Sequioa cash, how certain are you that they won't just get involved in your business, but push you to take specific political or social positions that serve their non-fiscal interests? How certain are your customers that that isn't happening to you?
For decades, SV venture capital has been tech money, and generally smart tech money (I don't like Thiel, but the man is absolutely the smartest of the PayPal Mafia set, and his success bears that out). Now, for various reasons (the end of ZIRP, the failure of major tech bets since 2016 or so to pay off, COVID overvaluations), VCs have moved into rent-seeking, particularly on government and military contracts. It's no longer tech money, it's political money, and, compared to traditional prime vendors, it's not clear that it's smart political money. After all, when the political winds turn, possibly as soon as this November, is it a smart strategy to have worked aggressively and incessantly to alienate the party coming into power? For a lot of startups with regulatory, legal, or political exposure risk, getting entangled with that might be more trouble than it's worth.
* There is no other term that suits the mix of open white supremacy and anti-democratic policies -- repealing the 19th Amendement, for example! -- that we see emerging from the PayPal Mafia.
> I would expect an identity verification firm that I'm hiring to secure and then physically delete
I would expect exactly the opposite. See, KYC stuff is something that no one wants, everyone hates and something that everybody is forced into from both sides: users and companies. KYC service is a product being created in pure hatred.
There are no penalties for leaking users' data. Bad PR? Oh please, it won't hurt a company which is already universally hated.
At the same time proper storage security costs money and time and creates friction.
Thus there are NO incentives to securely keep user data while there IS an incentive to care as less as possible.
KYC stuff is something that no one wants, everyone hates and something that everybody is forced into from both sides: users and companies
Is this accurate? I’m sure there are significant portion of people with a ‘if you have nothing to hide’ attitude. Companies also don’t care as long a it makes them money.
>There are no penalties for leaking users' data. Bad PR? Oh please, it won't hurt a company which is already universally hated.
Unlike credit bureaus (also hated), there's no moat for KYC providers. All you need is some AI model + humans to do the verification, and away you go. At best there's some compliance costs for soc2 or whatever, but not too pricey compared to the cost of a few programmers. There's definitely penalties for leaks/bad PR, as seen by discord cutting relationships with providers that turned out to have leaked data, or for Persona, seemingly bad PR.
I believe the argument will be that the rent seeking will be used to position themselves such that it doesn't matter who is in power, the government will listen to them not the other way around. Admittedly, the fact is, the Epstein Files existed across multiple political parties' justice departments and none of those folks have been investigated or prosecuted...
That's a model that works with SpaceX, which holds a unique grip on American orbital launch capability and capacity; less so for Anduril, which has been rather unsuccessful so far in its big-ticket drone-warfare efforts but has, to its credit, diversified key defense manufacturing areas by jumping into, e.g., SRMs; and possibly not at all for Palantir, which doesn't do anything a copy of Neo4J doesn't. And there's a real question regarding their ability to continue, post-DJT, holding security clearances given their personal lives and behaviors, their contacts with foreign officials, and whether they had derogatory information on other clearance holders that they did not bring forward.
Recent updates say this was a unilateral call by FAA because DOD was refusing to coordinate with them for creating safety corridors for DOD drones and/or HEW usage. Issues came to a head after DOD shot down a highly threatening mylar party balloon, which FAA evidently considered to be a somewhat reckless use of military weaponry in a US city's airspace.
> Recent updates say this was a unilateral call by FAA because DOD was refusing to coordinate with them for creating safety corridors for DOD drones and/or HEW usage.
This is the first explanation I've seen that fits the odd facts perfectly. This is the kind of thing that happens when two regional bureaucracies collide. The FAA has long-standing mechanisms for coordinating military use of airspace with commercial and civilian flight operations.
But instead of the usual DEA border interdiction, the administration is now tasking the military to drive this. Military commanders on a new high-priority mission to intercept drones which can attempt to cross the border anytime and anywhere realized coordinating with the FAA would require committing to active corridors and time windows in advance, limiting their mission success and resisted. The FAA realized that could lead to lots of last minute airspace restrictions, flight cancellations and increased risk of a mistake resulting in downing a civilian flight.
The regional FAA administrators responsible for flight safety around El Paso decided to escalate the dispute by simply shutting down all civilian flights, knowing that would get immediate national attention. It was an extreme action but one that's within their purview if they can't guarantee the safety of the airspace. I'm sure they expected it would put political pressure on the military to limit operations and it worked. In a sense, it also helps the military commanders because being ordered to accept FAA operational limitations gives them cover if it reduces their mission effectiveness below what they'd promised. That's probably why the military wouldn't agree on their own without it being ordered from above. They're the ones responsible for deploying expensive new anti-drone tech in field ops for the first time. Future budgets and careers are on the line.
Update: DoD’s pushing back on the story, saying that Border Patrol and ICE were the agencies using high-energy weaponry to shoot down party balloons, much to the consternation of NORTHCOM.
> The Pentagon allowed U.S. Customs and Border Protection to use an anti-drone laser earlier this week, leading the Federal Aviation Administration to suddenly close the airspace over El Paso, Texas, on Wednesday, according to two people familiar with the situation who spoke on the condition of anonymity to discuss sensitive details.
FAA ought to be drowning Kegseth’s DoD in bureaucracy at every possible opportunity, after the massacre over the Potomac River a year ago. They deserve no leniency whatsoever.
If you see it on the DC metro, the buyer is a Hill staffer or a Pentagon action officer; if you see it at the Super Bowl, the buyer is you (assuming you're an American taxpayer), to help maintain a certain amount of public political capital when Congress starts looking at whether they want to fully fund TR-3 and Block 4. Cutting a military program popularly seen as successful is a whole lot harder than cutting one popularly seen as a wasteful failure, and doesn't garner the politician behind it nearly as much positive PR.
Design thinking, at least in its formal STS approach, is essentially applied sociology; it's about using various toolkits to build a sufficient understanding of a domain from the "inside out" (using desk and field research) so that you can design valuable experiences that build upon the expertise of those actually inside the domain. In this, it's a bridge between UX/product and users/stakeholders (technical stakeholders are admittedly too often an afterthought, but that's a process problem). If anyone comes in and attempts to blindly shove workshops at you without first conducting in-depth research, interviews, and field studies in your domain, then they are (without resorting to the One True Scotsman) not doing design thinking, they're doing cargo-cult brainstorming. (It's also a process orthogonal to agile development, since by definition it's a linear process that needs to be conducted prior to developing the actual product features and requirements.)
The books and papers the OP cites are solid (Rittel and Webber, Buchanan, etc., though TRIZ, I think, is rather oversold), but in my experience the problem with most design thinking practitioners is that they aren't qualified sociologists and ethnographers, so a lot of design thinking is basically a reinvention of the last century of sociological middle-range theory and ethnographic principles, without being strongly informed by either, likely due to the field's foundation in early software requirements studies.
These are good points. Although I discussed the TRIZ in couple of my articles. I need to revisit my thoughts as it is over-egineered Russian tool that eliminate all the benefits of subjective constructivism design mindset. It is simply say, everything can be solved using one fo those 40 ways.
That's a great answer that offers concrete insight into what design thinkers are trying to achieve. And it seems like they have a chance to succeed if they also employ iterative experimental methods to learn whether their mental model of user experience is incorrect or incomplete. Do they?
Traditionally you use a lot of paper and experiential prototypes to iterate on, which doesn't cover everything but helps refine assumptions (I sometimes like starting with mocking downstream output like reports and report data, which is a quick way to test specific assumptions about the client's operations and strategic goals, which then can affect the detailed project). When I can, I also try to iterate using scenario-based wargaming, especially for complex processes with a lot of handoffs and edge cases; it lets us "chaos monkey" situations and stress-test our assumptions.
More than once early iterations have led me to call off a project and tell the client that they'd be wasting their money with us; these were problems that either could be solved more effectively internally (with process, education, or cultural changes), weren't going to be effectively addressed by the proposed project, or, quite often, because what they wanted was not what they actually needed.
Increasingly, AI technical/functional prototyping's making it into the early design process where traditionally we'd be doing clickable prototypes, letting us get cheap working prototypes in place for users to test drive and provide feedback on. I like to iterate aggressively on the data schema up front, so this fits in well with my bias towards getting the database and query models largely created during the design effort based on domain research and collaboration.
It's not settled law as it pertains to LLMs, but, yes, creating a "statistical summary" of a book (consider, e.g., a concordance of Joyce's "Ulysses") is generally protected as fair use. However, illegally accessing pirated books to create that concordance is still illegal.
Man, back when I was doing Big Consulting (including gov't/defense) I had to affirmatively declare every year to Legal that I wasn't directing any investment purchases or doing anything that could be construed as improper use of nonpublic knowledge. And now Palantir reps just out here pushing insider trading tips like it's nothing, smdh.
Should go without saying, but since the media is doing a terrible job of reporting this, it's not at all clear what authority OSD/SecNav has to do this, given that even if there were something objectionable under the UCMJ about his statements he made those statements after retiring, and they aren't recalling him to active status (probably because a court martial would go very badly for the Navy and OSD).
It's exceedingly unlikely that this survives any administrative or legal scrutiny (and if it does, there's a whole lot of former active-status Trump allies, including GOFOs, who are more than vulnerable under these same standards); the main result, I think, is to elevate Kelly's political profile while turning most of the Pentagon even more against Hegseth and Phelan (the former being an over-promoted PAO, and the latter not even having that experience, having spent his career managing Michael Dell's money).
reply