Those on HN are considered extremely tech-savvy and security aware and yet we are still concerned about our accounts getting compromised like this. What can a random user like our moms or siblings do? They won't even notice these kind of attack.
It is such a pathetic state of affair where massive leaks like these are expected. I contend this is a result of lax regulation and lack of consequences. In healthcare, patient data are locked down so hard even people who need to work with them have problems getting to them. It is because of regulations. Everything is traceable, recorded, and maintained to the strictest standards possible. It costs a huge amount of money but as a result, we don't see many serious breaches.
Compared it to fintech and regular tech services, these guys make fuckton of profits and yet suffer almost no regulations. What a joke.
> What can a random user like our moms or siblings do?
Install a password manager. It's the perfect piece of software. It's not only so much more secure, but it's just a more pleasant experience in every single way. It's very rare that the secure option is more convenient.
Maybe they can't. But actually, you can install them a password manager and let them generate random password. Setup with them 2fa (FreeOTP or something). And change with them every password when you are at home for chrismas.
Also, when they now found themself on have i been powned, they have a bigger problem, because they have likely malware on the phone or computer.
> What can a random user like our moms or siblings do?
Security Keys. Your mother and siblings have seen keys before right? They can understand the metaphor and use it. Several of the accounts listed, such as Google and Facebook allow Security Keys.
Bad guys can't steal the credentials out of Security Keys the way they'd steal say passwords or a TOTP code, they would need to physically obtain access to the keys, your mother and siblings almost certainly don't face adversaries who'll break into their homes or hold them at gunpoint, just ordinary online automated attacks.
You seriously overestimate the average user. There is a reason why 123456 is still a common password. I would not expect a grandma to know how to put a key on her phone and use it reliably.
And my main argument is that corporations can do better. We should not put the burden on the common folks when the ones who are in the positions to do something are not pulling their weight. Sure, this will reduce their profit, and probably their share prices, and as a result, dev's compensation. Maybe that is the hardest part to argue through.
Legit question from someone who both wants their mum to stop getting hacked, and is not sure Security Keys are a good idea: What happens when they lose their phone?
My limited understanding is that the key is on their phone (let's say it's a Google key, on an Android phone). When their phone gets lost, stolen, or breaks, are they screwed? This worries me because the chances of the phone being lost is high.
A security key is a hardware token that uses USB, Bluetooth, NFC. A security key may not have TOTP capability like a Yubikey. Security keys are not marketed or suitable for consumers, and sysadmins don’t like them either:
Maybe start a pilot automated service run by Google or Microsoft or whoever where backup codes are securely sent to local credit unions and it's all almost transparent to the user. They just need to either pick up the code at the credit union and put it in their safety deposit box or approve that last step.
I'm not upset at all about banking working with private entities or any of the past with banks. I'm mostly upset because some of these ideas are good, you know? Maybe not this, but some. For a short while longer.
Security Keys are an independent device. I believe you are thinking of Passkeys which can live on the phone or in a password manager like 1Password.
If you do go with a security key it’s typically recommended to have at least 2 so that if one dies or is lost both have the same level of access. So long as you add them both/all to every account you need to access.
> Security Keys. Your mother and siblings have seen keys before right? They can understand the metaphor and use it. Several of the accounts listed, such as Google and Facebook allow Security Keys.
The problem with these is, they can get lost, stolen, damaged or misplaced. With a physical key to the home, no problem - call up a locksmith and if you don't have an ID card also the police, he'll drill out the lock and you can enter your home back.
Google, Facebook, whatever - good luck trying to get into touch with a human to reset your "security key".
We would have to go outside to find dopamine. It wouldn't be safe. People would die.
edit:
I remember thinking in the 90's that it was weird as hell that the operating system sits in the same folder tree as the users documents, applications live there too! What a concept? Like keeping your socks in the same drawer as your bills and plumbing tools. Spare tire in the kitchen. Lawn mower under the bed.
Maybe we can start with heavy penalties for whoever responsible for these breaches? The users are irresponsible, but at the higher levels, the company can afford to tighten access and guard their data better.
Would these companies leak their own business critical documents? No. So why can't they be forced to treat sensitive customer's data the same way?
CHS lost millions of records, was fined a few million (out of profit of 1.2 billion) UCLA similar. Bunch of others I don't think even got fined like Ascension recently lost all data in a ransomware attack
It's useful going after a rogue employee, but on an org level it's security theater
> In healthcare, patient data are locked down so hard even people who need to work with them have problems getting to them. It is because of regulations. Everything is traceable, recorded, and maintained to the strictest standards possible. It costs a huge amount of money but as a result, we don't see many serious breaches.
...and one of the side-effects is that it contributes to the insane price of healthcare.
Effective regulation, like security, is about finding the sweet spot between security and efficiency. It's extremely easy to turn off your brain and say that nobody has access to the data (which makes it perfectly secure/private) - but obviously that's an insane approach. It's hard, but extremely important, to actually maximize the security-efficiency product.
PII should not have the regulations that are currently applied to healthcare/PHI - it'd massively increase the costs (both financial, and worker/individual productivity) of doing everything. It needs a better regulation model that is designed to maximize the security-efficiency product.
Most likely, the best model is one that focuses more on outcomes (huge penalties for leaking PII, along with a few things like chain of custody for user data (which I don't think that even HIPAA does) - not to exclude regulation of process of course) than processes (HIPAA describing in excruciating and unnecessary detail all of the ways that you have to process PHI - which include RESTRICTING THE WAYS THAT I CAN MANAGE MY OWN HEALTH DATA).
The cost of healthcare is unlikely due to data management cost. That is almost an absurd comment.
The cost to develop a drug is in the billions. Manufacturing costs are in the tens to hundreds of millions. Locking down some server and implement better security would be a drop in a bucket.
And even if it was more expensive, the biggest pharma megacorps are a fraction of the size of the like of tech megacorps. If the chumps down the street can do it as a side job, why can't the big boys whose entire business is supposedly about data and software can't do better?
Also the data management is not even that stringent in the US. Your health data is shared with literally hundreds of third-parties and you consent to it. HIPAA doesn't protect against that, it protects against your boyfriend finding out your diagnosis.
> The cost of healthcare is unlikely due to data management cost. That is almost an absurd comment.
I did not state that it was solely due to that. Please read my comment carefully:
> ...and one of the side-effects is that it contributes to the insane price of healthcare.
Meanwhile, this is a crazy red herring:
> The cost to develop a drug is in the billions. Manufacturing costs are in the tens to hundreds of millions.
The cost for smaller practices and procedures that have nothing to do with drugs or manufacturing has skyrocketed.
It's not very hard to understand that the primary cost of regulation is on smaller businesses and practices. Regulation imposes a disproportionate cost on smaller organizations, leading to consolidation. This is a bad thing. The results of regulation can be a net benefit if you reduce those costs while maximizing the positive effects. This should be incredibly obvious.
Moreover, this is a rather uninformed claim:
> Locking down some server and implement better security would be a drop in a bucket.
That's not how HIPPA works. HIPPA prescribes that you have to use certain HIPPA-compliant services and technologies. That's not a cost burden - that's a compliance burden. It's not enough for your systems to be secure - they have to be HIPPA-compliant, which is so insanely difficult for small practices to do in-house that it forces all of them to use large, expensive, complex medical platforms, and pushes many others to consolidate with larger hospitals in order to amortize the overhead of managing these systems. And guess what? Consolidation in markets without extremely strict anti-monopoly enforcement leads to higher prices and worse products and services.
Yes, the cost of actually running the servers is very low. But that's almost never the primary cost of regulation - that's straight-up factually false. The primary cost of regulation is the overhead of compliance.
That's why any sane person strives to maximize the security-efficiency product, or the analog in whatever area you're trying to regulate.
There's literally no excuse for not trying to do this, or for defending the idea that we shouldn't take efficiency into account when designing regulation, except malice.
> If the chumps down the street can do it as a side job
Yes, and as is incredibly obvious to everyone, healthcare is orders of magnitude more expensive than services provided by those tech megacorps. This is evidence (even if weak), that bad regulation makes things more expensive, not less.
> why can't the big boys whose entire business is supposedly about data and software can't do better?
You clearly did not read my whole comment. I'm not arguing that regulation isn't necessary. I'm pointing out the fact that you have to optimize the security-efficiency product, and NOT do what HIPPA does, which is maximize security at the cost of a very high amount of efficiency to the point where it infringes on patient rights.
The only absurd comment here is the one that did not actually read what it was responding to, and is mostly composed of red herrings, claims that don't line up with reality, and logical fallacies.
The insane cost of small business is because of the existence of a private insurance industry. There's thousands of insurers and you need to work with a lot of them. Every single thing you do needs to be authorized and ran through them.
They decide your medications you can prescribe, when you prescribe them, who can have them, how long your visits will be, when you should have those visits, how many visits you need to make a diagnosis, and on and on and on and on. Every single detail - multiplexed across thousands of insurers.
So, you need administration, and lots of it. The system is so horribly fragmented that all hopes of efficiency are lost. A single-payer solution is orders of magnitude more simple, and thereby more efficient. A lot of problems just go away when you only have one person doling out recommendations, one person doing care, and one person paying.
Also, the doctors who are making most of the decisions around your care aren't the doctors you go to. It's dozens of doctors, mostly nameless, working for your insurer making those decisions. How this isn't considering practicing medicine is beyond everyone.
> So, you need administration, and lots of it. The system is so horribly fragmented that all hopes of efficiency are lost.
You're misattributing the cause of the complexity. The cause of the complexity is not due to the existence of private insurance, but the fact that it's changed from being insurance, that insures you against catastrophic financial loss due to an expensive surgery (that is, risk pooling), to a subsidization layer that permeates all healthcare, including routine visits to the doctor. That is what causes the complexity, because then you're right, that change evolves a massive amount of paperwork that imposes huge burdens on small businesses.
> Every single detail - multiplexed across thousands of insurers.
This is false, intentionally or not. Smaller practices rarely interact with more than a dozen insurers or so insurers, by the very nature of the fact that they're small, so this is off by about two orders of magnitude.
> A single-payer solution is orders of magnitude more simple, and thereby more efficient.
...and by "single payer" you mean the patients, right?
I have several years of working with a large federal government. Unless you're referring to a small state like Finland, the idea that a large government managing healthcare payments will make things "orders of magnitude more simple" is so naive as to be beyond laughable. The government makes even the most simple things (filling out paperwork to be reimbursed for staying in a hotel for a single night) insanely complex, and take far longer, and use far more resources (funded by taxpayers), than it does in private industry.
Yes, you're right that the interface between the medical practice and the insurance system becomes less complex when you have a single insurer, but the actual handling of claims becomes orders of magnitude more complex with the government, so the claim that it'll become "more efficient" is an extreme stretch.
If you live in the US, it's already trivially false, as it's extremely easy to see how incredibly inefficient many of the federal agencies are (I'm not going to use non-Western countries as other examples). Those agencies perform necessary functions, which is why they still have to exist, but anyone remotely familiar with the US government knows how bad of an idea it would be for it to handle health insurance. If they manage to figure out how to manage bureaucracy at a large scale, then single-payer health insurance becomes feasible. But until then, any suggestion of it is either extremely naive or flatly malicious.
> You're misattributing the cause of the complexity.
I agree with you, but IMO it's completely unavoidable.
The concept of health insurance in strict terms of insurance was never possible. Not long term, anyway. Health is complex and chronic conditions cost a lot of money over a lifetime. The idea of insurance "just in case" doesn't work, period. Health is fundamentally different from car accidents or home hail damage.
> Smaller practices rarely interact with more than a dozen insurers or so insurers, by the very nature of the fact that they're small, so this is off by about two orders of magnitude.
Sure, but which dozen insurers they interact with isn't the same place to place. There's not a ton of knowledge transfer or business practice reuse here. You need billing specialists. So, across the entire industry of small private practices, it is thousands of insurers.
> The government makes even the most simple things (filling out paperwork to be reimbursed for staying in a hotel for a single night) insanely complex
Right, but the reason these tasks because insanely complex is because they're taken and split into 1 million pieces, which are then scattered across multiple levels of government, multiple agencies, multiple private contractors, who then have their own contractors, and multiple laws across multiple decades.
Our government, the US government, is not centrally planned where it matters. Every chance we get, we outsource as much as possible to the private sector. So one problem will become 1 thousand.
The simple reality is that the US has the worst healthcare system in the developed world, and it's not even close. Not only is our healthcare more expensive per person including taxes, it's also significantly worse with worse health outcomes across the board.
Every other developed country figured it out, and so can we. That doesn't mean it will be easy. But that's the truth - our system sucks, and it's because the private sector is far too involved in healthcare. We need to consolidate and collapse multiple parts of the system into one, and the complexity will go down.
The US has a poor government culture and mindset. We really thrive and actually want the inefficiency. It's the military shovel problem. We could produce a shovel for 20 bucks, but we want jobs, no? So we go ahead and outsource that to the private sector so we can get out 150 dollar military grade shovel, and it probably sucks, but we made a lot of people rich in the process. Each little hop from party to party represents a small increase in complexity and a little bit of cash shaven off the top. So naturally, we try to maximize the amount of parties involved. The best part is those contractors aren't even doing the work themselves - they're probably sub-contracting it out for god knows how many levels.
But, this can be fixed. It's not a foundational or necessary part of our government, it's a deliberate choice we make. Other countries don't make this choice, or do it much less.
> So, across the entire industry of small private practices, it is thousands of insurers.
That's not really relevant. An individual small practice only has to deal with a very small fraction of that total count, and that's all that really matters.
> Right, but the reason these tasks because insanely complex is because they're taken and split into 1 million pieces, which are then scattered across multiple levels of government, multiple agencies, multiple private contractors, who then have their own contractors, and multiple laws across multiple decades.
> Our government, the US government, is not centrally planned where it matters. Every chance we get, we outsource as much as possible to the private sector. So one problem will become 1 thousand.
This is categorically wrong and indicative that you've never worked in the US federal government.
Even tasks entirely handled within a single agency are insanely complex.
This has literally nothing to do with contractors or outsourcing to the private sector, which you appear to be incorrectly pinning the blame on for the complexity.
This is a mix between some intrinsic complexity, partially due to the bureaucratic nature of large organizations, and a very large amount of incidental complexity within the federal government itself.
It's telling that, while I was working in the federal government, I met many people who complained about our healthcare, but not a single one suggested moving any of it into the government - because their personal, first-hand experience with the government's inefficiency and complexity allowed them to understand how extremely bad of an idea that would be.
In theory, it may be more efficient to have the federal government handle healthcare. But in the current state of the government, with the mismanagement and inefficiency and incredible overhead due to internal policies, it will factually not be more efficient for our current government. And trying to push single-payer healthcare on a government that is not ready for it and will result in worse outcomes is just straight-up malicious.
> Every other developed country figured it out, and so can we.
I looked up the most populated countries in the world[1] and the countries with the highest life expectation[2]. None of the top 10 countries in terms of life expectancy were in the top 10 of population - the United States is the 3rd most populous. And out of the top 10 countries ranked by population, the United States had the highest life expectancy of all of them.
The reason for this is because bureaucratic complexity scales superlinearly as the size of the organization, which is a function of the scope of its responsibilities. For a government, that means that complexity is superlinear function of population, scope, and employee count.
The government of United States, with its population of 347 million, is categorically incomparable to the government of Switzerland with its population of 9 million (which is the highest-ranked Western country on that list - Japan, the most populous country in the top 10 of life expectancy, not only has less than half the US at 123 million, but has a wildly different government and culture than any Western country, making it even more incomparable).
So, it's extremely inaccurate, naive, and dishonest to compare the US's healthcare to small European and Asian countries that have longer life expectancy. Our government, in its current state, would make healthcare massively worse, our population (and governmental complexity) is far higher than those nations, and we have the best life expectancy of any of the 10 most populous countries. The system is clearly working adequately, and even if it could be better, nationalizating healthcare or insurance is not the solution, unless and until fixes to the systemic problems in the government are implemented.
You too? I got the same. But then again, my account is constantly under attack anyway. At least previously they were smart enough to not trigger 2FA. Now even the incompetents are trying.
To be honest, if the power and internet go out, not much would be left, including meat-based technologies such as elbow grease. Can't power the amount of bloodsacks we have with enough biofuels once the electricity goes down and supply chains are disrupted.
Massive scaling down would be required, and we would need to "liquidate" a lot of bloodsacks if the loss of power and internet is permanent.
That's a truly bizarre claim, since plows and shovels work just fine without power or electricity...
At any rate, everything else can survive the lack of power and connectivity for a few hours or a few days. AI is only usable when the customer, and the AI provider, have both.
Turn out the ancient wisdom of drinking and bathing in the blood of virgins had some truth to it...
Seriously though, I don't know how effective this is. What they did appeared to be flooding the tissue with "young blood" and observe the changes in epigenetics markers. These markers are basically conditional if/else depending on the environment so maybe there is something in the plasma that cause them to change. One thing that would be interesting to test is how fast for the tissues to switch back to the "old" forms once the plasma treatment stops.
I think sometimes it is good to zoom out a little bit and look at things on a higher level. The LLMs are not an organic creature. It doesn't in any shape or way relate to a human being except the knowledge it was trained on. A bacteria shares over 50% of its genetic sequences with a human and we don't see it as anything more than a glorified bionic automaton. An LLM shares 0% with us. In fact its "genetic sequence" is coded on a completely different physics altogether. It is unreasonable to expect it to understand or think the same way an organic creature do.
But the outcome of its action is irrefutable. It plays and does things better better than us. That is all we need to evaluate it on. I know that the topic is about "sentience" but my point is we are evaluating a complete alien being using human's standards. Of course we will see that it is lacking. It isn't human.
Ok here it is. An LLM with physical senses. They mentioned sense of touch and I think that is a big deal. You can teach me all you want about a new color with all the text description available and it would be worse than just show me that new color.
In the same way, letting an AI actually touch and interact with the world would do wonders in grounding it and making sure it understand concepts beyond just the words or the bytes it was fed during training. GPT4 can already understand images and text, it should not be long until it takes care of videos and we can say AI has vision. This robot from toyota would have touch. We need hearing and smelling and then maybe we will get something resembling a true AGI.
There's no reason to expect that such advances will get us closer to a true AGI. I mean it's not impossible, but there's no coherent theory or technical roadmap. Just a lot of hope and hand waving.
I do think that this is an impressive accomplishment and will lead to valuable commercial products regardless of the AGI issues.
What is that? Most humans have general intelligence, but do other apes? Do dogs? A quick google search suggests that the answer is yes.
If that’s the case, then this approach may indeed yield an AGI but maybe it’s not going to be much better than a golden retriever. Truly excellent at some things, intensely loyal (I hope), but goofy at most other things.
Or maybe just as dogs will never understand calculus, maybe our future AGI will understand things that we will not be able to. It seems to me that there’s a good chance that AGI (and intelligence in general) is a spectrum.
Yep, and that’s rather terrifying, is it not? Is there any good reason to assume that future AGI will share our sense of morality, once it is smart enough to surpass human thought?
> Is there any good reason to assume that future AGI will share our sense of morality
I think it would be surprising if it did. Just as our morality is shaped by our understanding of the world and our capabilities, a future AGI's morality would be shaped by its understanding of the world and capabilities. It might do something that we think is terrible but isn't because we lack the capacity to understand why it's doing what it's doing. I'm thinking about how a dog might think going to the vet is punishment but we are actually doing it out of love.
Intelligence in general seems to be a spectrum for animals. Future AGI may be on an entirely different spectrum which isn't directly comparable. We won't know until someone actually builds one and we have a chance to evaluate it.
"True AGI" is often used in a way that means "human-like intelligence, but faster, more consistent and of greater depth". In that case, knowing that embodied agents are the way forward is quite trivial. We've known for a long time that the development of a human brain is a function of its sensory inputs - why would this be any different for an artificial intelligence, especially if designed to mimic/interface with a human one?
That's not the right question to ask. You can construct all sorts of hypotheticals or alternative answers but all of that is meaningless until someone actually builds it.
Why imitate human senses? AI should be able to reach out and touch radio waves, and interpret their meanings, much how we interpret the meaning behind gusts of wind.
Sure but when I ask you to pass the potato chips I want you to understand what that means and be physically able to do so. The five senses we know well are very well suited for that.
At the point we're describing "touching" massless particles, we might as well say that's what our retinas do. In terms of novel senses, some kind of gravitometric sense would be neat. LIGO-on-a-chip and all.
It is their pride, their nation's representative to the global audience. When people speak of Nintendo, they implicitly acknowledge Japan as a global player in the entertainment industry. It is a source of patriotism and advertisement.
In a way, everyone know of the US because everyone needs Microsoft, Google, Apple, etc. When you talk about Huawei, you acknowledge China as a powerhouse in phone and tech. When you mention TSMC, you have to remember about Taiwan. etc.
The key is they should also entertain and validate your self-worth.
A relationship should be of give and take. You are expected to put effort into maintaining it but the same thing is asked of your partner. Sometimes, one of you will forget or too busy and neglect it. A good couple will accept that and be positive by still putting in their due for some time while the other should notice it and try to fix their issue. A bad relationship, prone to breakup, will have one of the two demanding or questioning why the other is not showering me with love anymore while doing nothing to deserve that love.
Wonder how likely is it that this is because of AI taking over the jobs. Sifting through resumes, contacting candidates, schedule some interviews, connect the hiring manager to the candidate, even getting some extra information from the candidate via email or phone calls are all things an LLM can efficiently do. They may actually do it even better than a regular human since they might "know" more about the role and the technical requirements than an average HR clerk...
While efficient, I’m not sure that removing the final human touch from what is otherwise a faceless, dehumanizing process is going to be great for candidates.
Google (and most other mid-large tech companies) leverage a ton of resume sorting, list building, auto-templatized outreach, etc.
Not sure the gap here is that large, but certainly recruiters have the tools to be WAY more efficient than they were in the past. Still their scaling is limited by ability to efficiently turn hiring manager requests and nuance into effective searches for tools to help build those lists.
Um, the Mate60 is ok and all but compared to Apple tech, it is years behind. Apple is undisputedly the best phone on the market right now and the Mate60 isn't anywhere close to a contender. I don't understand why all the worry.
China is banning Apple for the government officials. They aren't banning Apple from selling in China. And even when Huawei still had access to US tech, their phones were not a serious threat to iPhone. Apple's ecosystem force its user to basically stay within Apple. Moving out is a really painful process. Not to mention we still don't know how much Huawei can scale this. I doubt they have the capacity of TSMC even on the 7nm
It is such a pathetic state of affair where massive leaks like these are expected. I contend this is a result of lax regulation and lack of consequences. In healthcare, patient data are locked down so hard even people who need to work with them have problems getting to them. It is because of regulations. Everything is traceable, recorded, and maintained to the strictest standards possible. It costs a huge amount of money but as a result, we don't see many serious breaches.
Compared it to fintech and regular tech services, these guys make fuckton of profits and yet suffer almost no regulations. What a joke.