I don't think this makes any sense. Companies with managers that think AI capabilities are superior will be replaced if they are wrong as the companies will perform very poorly.
Hello, efficient market fallacy. Markets are not actually efficient, and especially not instantaneously so. There are a million ways to observe various market inefficiencies[1], so it's childishly naive to assert that they are in fact perfectly efficient according to some ideological belief of yours without considering reality.
What I say has nothing to do with efficient market hypothesis. Here the question is simpler: in small companies where there are competitors, who does the wrong choices will be seriously hit since customers will star preferring less slop and more reliability, if AI is mis-used. And companies that instead of firing, hire the folks that are "ideas people" and can use AI efficiently, and now how to control the quality of the output, will deliver more and better. For bigger companies: AI is driving salaries at a more normal level (honestly we want a bit too high, in recent years, even for people with a very low level of knowledge, didn't we?) and to marginally reduce total spending and not deliver the timeline they have, and are used to observe for years, will be noticed. Also companies in the past had a dangerous tendency to over-hire. I don't think now they will invert the direction and over-fire. I have the feeling many managers will instead reason in terms: what is today the great programmer fit? The one with low level knowledge of each algorithm, or the one that has good ideas and understands product, quality, processes, other than programming? And they will try to mix AI and people in order to have an edge.
I think we're in partial agreement on some things. I agree that the software field overhired and overpaid people who should never have had jobs in software in the first place, and that a correction is/was overdue. I also generally agree that small companies cannot afford to produce garbage software, and if they make poor decisions about hiring or AI usage, they will die in the womb. But startups failing is not really what I think of when somebody says "companies will be replaced" or "your job security is contigent on what management thinks of AI capabilities". Those sentences both convoke images of already-successful enterprise companies, and already-successful enterprise companies are the ones that are most resistant to market forces. Indeed, we already see this in the real world, because most enterprise companies produce truly horrifyingly bad software, even before AI. The secret is that you need to produce good software to become successful, and then once successful, network effects take over and your company can become unbelievably inefficient and have little to no fear of being replaced. Tech is a ridiculously winner-take-all field, and it's very common for a single company to capture over 50% of their market, after which point they are effectively irreplaceable no matter how many bad decisions they make, at least for many years if not decades.
Actually workflow impact in the world of software can be observed in weeks/months at max. And token spending too, is a voice that they see at the high floors. Also, there was never a strong willing in IT companies to reduce cost of work force: it is done sometimes, but it is more common to see them over-hiring.
Simple example:
Who will renew the SSL cert?
Day 1: meh, no impact.
Day 2: meh, no impact.
Day 700: who the hell manages this and why are we making no revenue?
You might think that is laughable; what a pack of newbs!
But this stuff has already happened without even LLMs in the mix.
And even then, there's a reason for the motto "move fast and break things" even if Zuckerberg eventually moved away from it.
The hard question, one which everyone and everything who isn't a domain expert (so AI, juniors, and quite a lot of managers and politicians) suck at, is "which things are safe to break, and which things really do need quality?"
What happens when said management gets replaced by AI? That should happen rather soon, especially in a company where the functions to be managed are increasingly other applications of AI.
> In case you're wondering, because the system treats this high-privilege recovery flow as a total account reset by the "true" owner, the original 2FA gets thoroughly bypassed in the process.
But link 2 says
> The hackers who released the video on Telegram said their exploit failed to work against any accounts that had MFA enabled.
The original 2FA did not get thoroughly bypassed, because otherwise I would've lost my username, so that's false - at least, based on my experience.
However, there are separate vulnerabilities that allow for 2FA to be bypassed on Instagram. I assume they were chained to take over specific high-value accounts. The 2FA removal happens as a service - most people charge around $1,000+ - so it wasn't viable for most lower-value accounts. Anything that was worth over $1k probably had the bypass applied to it.
Even with resistFingerprinting, websites will be able to fingerprint you. There is no full immunity against fingerprinting.
Websites already break often with the strictest protections enabled, adding a "super duper strict protections" mode will just lead to bug reports. Even more-than-bare-basic tracking prevention has HN threads full of comments like "doesn't work on <Firefox fork>" because they don't see the connection between fingerprinting protection, WebRTC/WebGL/WebGPU, and websites not working.
People who are willing to take that bet can enable it in about:config.
> Websites already break often with the strictest protections enabled, adding a "super duper strict protections" mode will just lead to bug reports.
That’s what I‘m saying. They already break because of other effects of the strict settings, so what is the benefit of leaving resistFingerprinting turn off?
> There is no full immunity against fingerprinting.
There is 0 immunity if you don’t even try.
Strict means, do what you can, not do somethings strict other not so strict and others ignore completely.
- ETP Standard (see [0] for the latest improvements we rolled out)
- ETP Strict (we're working on things in Bugs 2036879 specifically this issue, 2037260, and more generally 2036786)
- Resist Fingerprinting (RFP)
These levels are something akin to "Wash your hands after using the subway", "Wear a mask on the subway", and "Wear a level B hazmat suit on the subway".
"people already expect sites to break, so why holding back?" - because the breakage is so severe, and people _don't_ associate that breakage with the setting they made. There are bug reports all over the internet proving it, here are some examples [01-4]. The protections we deploy in ETP Standard and Strict are calibrated to provide as much protections as possible while keeping the internet usable, and we're working fulltime on improving them.
To me custom is something I define between Standard and Strict and not the next level after Strict.
Strict already mentions that sites can break, so I'm pretty sure people associate the setting with breakage.
> Stronger protection, but may cause some sites or content to break.
Additionally Strict says :
Firefox blocks the following:
Social media trackers
Cross-site cookies in all windows
Tracking content in all windows
Cryptominers
Known and suspected fingerprinters
It's confusing if Known and suspected fingerprinters doesn't include resist fingerprinting. resist fingerprinting isn't even an option in Custom so how do ordinary users know where to set that option. You know, those users you say won't associate the Strict setting with breaking pages depite the fact that it clearly says so. Some kind of Schrödinger's user? Too dumb to understand the warning, but smart enough to know special settings?
You may avoid unnecessary bug reports that way but maybe only because users don't recognice that they are tracked per fingerprinting. It's not like websites would tell them.
Feels like Mozilla traded their time for my privacy.
second, would it be possible to make RFP appear as an extension like uBO, where it suggests sites to allow-list, or hints that the page might be broken and asks if you want to disable RFP?
I'm more tech savvy than the average user, admittedly, but I've learned this pattern for uBO.
For a time RFP - by itself - could be enabled by web extensions. (It might still be possible, I don't recall if we removed it.) But it's a footgun because it became even easier for people to enable it by accident.
I can point you at a few things you could do if you wanted to pursue this:
2) granularOverrides allows you to enable/disable individual protections for a given website.
If you wanted this, you could go read https://docs.google.com/document/d/1FywogzvkWupoUoz4PcCp9nNd... ; then made an extension that made it easy to edit granular overrides (you couldn't directly set the preference, but you could produce the json you could copy/paste into the pref). You could do stuff with lists if you want. (Somewhere there was a FF fork that had a pretty impressive granularoverride list itself...) You'll be in this awkward spot where you don't have all the permissions to do what you want to do directly, but you can get yourself about.... 40 - 60% of the way there?
I would like to find a way to support power users while not making the problem worse (In https://ritter.vg/blog-telemetry.html I describe that the 'confused users think FF is broken' problem got so bad management wanted to just disable RFP entirely, but I was able to show that these users are a very vocal minority and the problem is not as bad as it seems) while also not giving myself a maintenance burden but... maybe there a path forward where this dev extension - that can do things normal extensions can't - could potentially get more functionality...?
Maybe it’s time to add the weight and the stud count
reply