Your AI's success starts with teaching your data to think!Unlock the full potential of AI. 

Read this blog to discover how data preparation helps in achieving powerful and reliable AI applications.

The Impact of AI on Everyday Life: A New Normal

The impact of AI on everyday life has become a focal point for discussions among tech enthusiasts, policymakers, and the general public alike. This transformative force is reshaping the way we live, work, and interact with the world around us, making its influence felt across various domains of our daily existence. Revolutionizing Workplaces One of the most significant arenas where the impact…

View On WordPress

Troubleshooting System Prompts in AI-Powered SIEM Solutions

The last three months have been frantic at Cybersift development – mainly due to the inclusion of generative AI into the SIEM. The backend currently powering the LLM chat interface on our SIEM is based off the excellent PydanticAI library. I like the approach taken by this library – while it helps reduce the boilerplate around building AI Agents (including using MCP and other tools), it’s not so…

View On WordPress

CAP theorem in ML: Consistency vs. availability

New Post has been published on https://thedigitalinsider.com/cap-theorem-in-ml-consistency-vs-availability/

CAP theorem in ML: Consistency vs. availability

The CAP theorem has long been the unavoidable reality check for distributed database architects. However, as machine learning (ML) evolves from isolated model training to complex, distributed pipelines operating in real-time, ML engineers are discovering that these same fundamental constraints also apply to their systems. What was once considered primarily a database concern has become increasingly relevant in the AI engineering landscape.

Modern ML systems span multiple nodes, process terabytes of data, and increasingly need to make predictions with sub-second latency. In this distributed reality, the trade-offs between consistency, availability, and partition tolerance aren’t academic — they’re engineering decisions that directly impact model performance, user experience, and business outcomes.

This article explores how the CAP theorem manifests in AI/ML pipelines, examining specific components where these trade-offs become critical decision points. By understanding these constraints, ML engineers can make better architectural choices that align with their specific requirements rather than fighting against fundamental distributed systems limitations.

Quick recap: What is the CAP theorem?

The CAP theorem, formulated by Eric Brewer in 2000, states that in a distributed data system, you can guarantee at most two of these three properties simultaneously:

Consistency: Every read receives the most recent write or an error

Availability: Every request receives a non-error response (though not necessarily the most recent data)

Partition tolerance: The system continues to operate despite network failures between nodes

Traditional database examples illustrate these trade-offs clearly:

CA systems: Traditional relational databases like PostgreSQL prioritize consistency and availability but struggle when network partitions occur.

CP systems: Databases like HBase or MongoDB (in certain configurations) prioritize consistency over availability when partitions happen.

AP systems: Cassandra and DynamoDB favor availability and partition tolerance, adopting eventual consistency models.

What’s interesting is that these same trade-offs don’t just apply to databases — they’re increasingly critical considerations in distributed ML systems, from data pipelines to model serving infrastructure.

The great web rebuild: Infrastructure for the AI agent era

AI agents require rethinking trust, authentication, and security—see how Agent Passports and new protocols will redefine online interactions.

Where the CAP theorem shows up in ML pipelines

Data ingestion and processing

The first stage where CAP trade-offs appear is in data collection and processing pipelines:

Stream processing (AP bias): Real-time data pipelines using Kafka, Kinesis, or Pulsar prioritize availability and partition tolerance. They’ll continue accepting events during network issues, but may process them out of order or duplicate them, creating consistency challenges for downstream ML systems.

Batch processing (CP bias): Traditional ETL jobs using Spark, Airflow, or similar tools prioritize consistency — each batch represents a coherent snapshot of data at processing time. However, they sacrifice availability by processing data in discrete windows rather than continuously.

This fundamental tension explains why Lambda and Kappa architectures emerged — they’re attempts to balance these CAP trade-offs by combining stream and batch approaches.

Feature Stores

Feature stores sit at the heart of modern ML systems, and they face particularly acute CAP theorem challenges.

Training-serving skew: One of the core features of feature stores is ensuring consistency between training and serving environments. However, achieving this while maintaining high availability during network partitions is extraordinarily difficult.

Consider a global feature store serving multiple regions: Do you prioritize consistency by ensuring all features are identical across regions (risking unavailability during network issues)? Or do you favor availability by allowing regions to diverge temporarily (risking inconsistent predictions)?

Model training

Distributed training introduces another domain where CAP trade-offs become evident:

Synchronous SGD (CP bias): Frameworks like distributed TensorFlow with synchronous updates prioritize consistency of parameters across workers, but can become unavailable if some workers slow down or disconnect.

Asynchronous SGD (AP bias): Allows training to continue even when some workers are unavailable but sacrifices parameter consistency, potentially affecting convergence.

Federated learning: Perhaps the clearest example of CAP in training — heavily favors partition tolerance (devices come and go) and availability (training continues regardless) at the expense of global model consistency.

Model serving

When deploying models to production, CAP trade-offs directly impact user experience:

Hot deployments vs. consistency: Rolling updates to models can lead to inconsistent predictions during deployment windows — some requests hit the old model, some the new one.

A/B testing: How do you ensure users consistently see the same model variant? This becomes a classic consistency challenge in distributed serving.

Model versioning: Immediate rollbacks vs. ensuring all servers have the exact same model version is a clear availability-consistency tension.

Superintelligent language models: A new era of artificial cognition

The rise of large language models (LLMs) is pushing the boundaries of AI, sparking new debates on the future and ethics of artificial general intelligence.

Case studies: CAP trade-offs in production ML systems

Real-time recommendation systems (AP bias)

E-commerce and content platforms typically favor availability and partition tolerance in their recommendation systems. If the recommendation service is momentarily unable to access the latest user interaction data due to network issues, most businesses would rather serve slightly outdated recommendations than no recommendations at all.

Netflix, for example, has explicitly designed its recommendation architecture to degrade gracefully, falling back to increasingly generic recommendations rather than failing if personalization data is unavailable.

Healthcare diagnostic systems (CP bias)

In contrast, ML systems for healthcare diagnostics typically prioritize consistency over availability. Medical diagnostic systems can’t afford to make predictions based on potentially outdated information.

A healthcare ML system might refuse to generate predictions rather than risk inconsistent results when some data sources are unavailable — a clear CP choice prioritizing safety over availability.

Edge ML for IoT devices (AP bias)

IoT deployments with on-device inference must handle frequent network partitions as devices move in and out of connectivity. These systems typically adopt AP strategies:

Locally cached models that operate independently

Asynchronous model updates when connectivity is available

Local data collection with eventual consistency when syncing to the cloud

Google’s Live Transcribe for hearing impairment uses this approach — the speech recognition model runs entirely on-device, prioritizing availability even when disconnected, with model updates happening eventually when connectivity is restored.

Strategies to balance CAP in ML systems

Given these constraints, how can ML engineers build systems that best navigate CAP trade-offs?

Graceful degradation

Design ML systems that can operate at varying levels of capability depending on data freshness and availability:

Fall back to simpler models when real-time features are unavailable

Use confidence scores to adjust prediction behavior based on data completeness

Implement tiered timeout policies for feature lookups

DoorDash’s ML platform, for example, incorporates multiple fallback layers for their delivery time prediction models — from a fully-featured real-time model to progressively simpler models based on what data is available within strict latency budgets.

Hybrid architectures

Combine approaches that make different CAP trade-offs:

Lambda architecture: Use batch processing (CP) for correctness and stream processing (AP) for recency

Feature store tiering: Store consistency-critical features differently from availability-critical ones

Materialized views: Pre-compute and cache certain feature combinations to improve availability without sacrificing consistency

Uber’s Michelangelo platform exemplifies this approach, maintaining both real-time and batch paths for feature generation and model serving.

Consistency-aware training

Build consistency challenges directly into the training process:

Train with artificially delayed or missing features to make models robust to these conditions

Use data augmentation to simulate feature inconsistency scenarios

Incorporate timestamp information as explicit model inputs

Facebook’s recommendation systems are trained with awareness of feature staleness, allowing the models to adjust predictions based on the freshness of available signals.

Intelligent caching with TTLs

Implement caching policies that explicitly acknowledge the consistency-availability trade-off:

Use time-to-live (TTL) values based on feature volatility

Implement semantic caching that understands which features can tolerate staleness

Adjust cache policies dynamically based on system conditions

How to build autonomous AI agent with Google A2A protocol

How to build autonomous AI agent with Google A2A protocol, Google Agent Development Kit (ADK), Llama Prompt Guard 2, Gemma 3, and Gemini 2.0 Flash.

Design principles for CAP-aware ML systems

Understand your critical path

Not all parts of your ML system have the same CAP requirements:

Map your ML pipeline components and identify where consistency matters most vs. where availability is crucial

Distinguish between features that genuinely impact predictions and those that are marginal

Quantify the impact of staleness or unavailability for different data sources

Align with business requirements

The right CAP trade-offs depend entirely on your specific use case:

Revenue impact of unavailability: If ML system downtime directly impacts revenue (e.g., payment fraud detection), you might prioritize availability

Cost of inconsistency: If inconsistent predictions could cause safety issues or compliance violations, consistency might take precedence

User expectations: Some applications (like social media) can tolerate inconsistency better than others (like banking)

Monitor and observe

Build observability that helps you understand CAP trade-offs in production:

Track feature freshness and availability as explicit metrics

Measure prediction consistency across system components

Monitor how often fallbacks are triggered and their impact

Wondering where we’re headed next?

Our in-person event calendar is packed with opportunities to connect, learn, and collaborate with peers and industry leaders. Check out where we’ll be and join us on the road.

AI Accelerator Institute | Summit calendar

Unite with applied AI’s builders & execs. Join Generative AI Summit, Agentic AI Summit, LLMOps Summit & Chief AI Officer Summit in a city near you.

From GenAI to Low-Code: What’s Next in Software Development Trends

Do you remember that building software used to demand months of initial planning, writing lots of complicated code and countless tries to find problems in it? By 2025, everything has changed from today’s situation. Because technology keeps evolving so fast, it is both exciting and incredibly changing.

Now, if you are a CTO, product manager or make business decisions, you should take note of the main Software Development Trends in 2025. Because of GenAI and low-code platforms, businesses are changing how they approach development, improvement and staying ahead.

GenAI Is Not Only a Popular Phrase

Let’s start with the showstopper—Generative AI (GenAI). No longer confined to chatbots and image generators, GenAI is now playing a pivotal role in software engineering.

We're seeing AI models that can write boilerplate code, generate test cases, and even suggest architectural improvements. Developers aren't being replaced—they’re being empowered. GenAI is handling the repetitive, low-value tasks so that engineering teams can focus on innovation and problem-solving.

In 2025, expect more organizations to integrate GenAI into their development lifecycle. Not just to speed up delivery—but to reduce human error, enhance quality, and push the boundaries of what’s possible.

The Rise of Low-Code and No-Code

Closely following GenAI is the explosive growth of low-code and no-code platforms. These tools are democratizing development. Your business analyst or operations lead might soon be building internal dashboards without writing a single line of code.

Low-code tools are especially powerful for rapid prototyping, workflow automation, and integrating siloed systems. They bring agility to the table—something traditional development has always struggled with.

For enterprise teams managing complex digital transformation projects, this is a game-changer. And it’s one reason why platforms backed by Microsoft—like Power Platform and Azure Logic Apps—are seeing huge traction.

Where Microsoft Consulting Services Fit In

Now, you may be wondering about Microsoft’s role in this discussion.

As companies try to use newer technologies, there is often a challenge in fitting them well into their current systems. It is for this reason that Microsoft Consulting Services exist.

These services make sure your infrastructure is easy to adjust, secure and supports the goals your business seeks in the future. With Power Apps, better Azure usage or industry-specific AI, Microsoft’s teams aid you in moving towards digital adoption more quickly than most businesses usually can.

What’s Ahead?

Looking beyond 2025, we can expect these Software Development Trends to evolve even further:

AI-Augmented Teams: Human + AI collaboration will become the norm in product development.

Hyperautomation: Combining RPA, AI, and low-code for full process automation.

Composable Architecture: Swapping monoliths for flexible, plug-and-play modules.

These aren’t just trends. They’re the new building blocks of modern software.

Final Thoughts

It is clear from Software Development Trends 2025 that the boundaries between developers, business users and machines are becoming less noticeable. Now, software will be more efficient, sharper and team-focused than in the past.

Regardless of launching new products or adjusting old ones, the recent tech trends should not be ignored. When you rely on Microsoft’s experts, moving into this period can be safe and help you excel in your market.

Your time is precious, especially when between jobs! Professional makeover awaits you this summer. Use resources in www.self-helper.com/surviving-the-storm and www.skillsethub.org/job-search to upgrade your skills quickly and find a new professional path to thrive!

although elmo loves looking at things like drawings, writings, and math equations; elmo is anti AI. elmo has looked into how AI disrupts the flow of humanity, and needlessly snuffs out creative flame.

elmo loves all of his friends, which is why elmo always discourages them from using AI generative services! elmo would never want to see his friends contribute to the downfall of the arts, or the environment! so elmo always makes sure to use his voice!

elmo loves our planet earth, and hopes all of his friends love it just the same! elmo also loves all of his friends, and wants them to have access to clean drinking water all over the world! elmo understands that AI has positive aspects, but elmo doesn’t think that should over shine the concerning scale of which AI is being used and relied on. AI wouldn’t take up as many resources if it weren’t taking over every day life and being prioritized, in elmos opinion!

Why You Should Hire AI Engineer Talent to Future-Proof Your Business

In today’s rapidly evolving digital economy, businesses that hire AI engineer talent are gaining a competitive edge by automating workflows, enhancing customer experiences, and unlocking new data-driven insights. As artificial intelligence continues to revolutionize industries across the board, companies that delay investing in AI capabilities risk falling behind. If you’re looking to future-proof your business, there’s never been a better time to Hire AI engineer professionals — Magic Factory can help you do just that.

The Growing Demand for AI Engineers

AI is no longer a buzzword — it’s a business necessity. From predictive analytics and recommendation engines to chatbots and robotic process automation, AI applications are becoming critical assets. But building these systems requires specialized expertise, and that’s where AI engineers come in.

When you hire AI engineer professionals, you’re not just filling a role — you’re integrating advanced problem-solving, machine learning, and algorithm design into your business DNA. This talent can help you adapt faster to changing markets, build smarter products, and deliver better customer experiences.

What Makes AI Engineers So Valuable?

AI engineers bring a unique blend of technical and strategic skills. Here’s what makes them essential:

Machine Learning Expertise: They develop, test, and deploy ML models that learn from data and improve over time.

Data Engineering Skills: AI engineers understand how to clean, structure, and utilize large datasets — fuel for any AI system.

Algorithm Development: They can create proprietary algorithms tailored to your specific business needs.

Scalability: AI engineers design systems that grow with your business, making them a future-proof investment.

When you hire AI engineer talent with these capabilities, you’re ensuring that your company can innovate and stay ahead of technological trends.

Industries Benefiting from AI Engineers

Almost every industry can benefit from AI, but some are experiencing rapid transformation:

Retail & eCommerce: Personalized shopping experiences, AI-driven inventory management, and smart recommendations.

Healthcare: AI-assisted diagnostics, treatment optimization, and patient data analytics.

Finance: Fraud detection, algorithmic trading, and customer service chatbots.

Manufacturing: Predictive maintenance, quality control, and automation of manual processes.

In all these sectors, companies that Hire AI engineer talent are able to scale faster, reduce costs, and innovate continuously.

Challenges of Not Hiring AI Engineers

Still unsure whether to invest in AI talent? Consider the risks of not doing so:

Falling Behind Competitors: Businesses that embrace AI are improving efficiency and outpacing those who don’t.

Poor Decision-Making: Without AI-powered analytics, you’re relying on outdated methods that may lead to costly mistakes.

Limited Scalability: Manual systems can’t keep up with growth — AI-driven systems can.

Simply put, not hiring an AI engineer puts your business at a serious disadvantage in a tech-driven economy.

How to Effectively Hire AI Engineer Talent

Finding the right AI engineer requires more than just posting a job listing. Here’s how to do it strategically:

Define Your AI Goals: What do you want to achieve with AI? Better customer insights? Process automation? Product innovation?

Look for Versatile Skill Sets: AI engineers should be proficient in Python, TensorFlow, cloud platforms, and data pipelines.

Evaluate Problem-Solving Ability: AI is about solving real-world challenges. Look for engineers who think critically and creatively.

Use a Trusted Hiring Partner: That’s where Magic Factory comes in.

At Magic Factory, we help businesses like yours Hire AI engineer experts who are not only technically skilled but also aligned with your strategic goals. We simplify the hiring process, provide access to top-tier talent, and support you throughout the integration phase.

Conclusion: Future-Proof Your Business with the Right AI Talent

The future belongs to businesses that act now. By choosing to hire AI engineer professionals, you’re not just keeping up with trends — you’re setting them. Whether you’re a startup aiming for disruptive innovation or an enterprise seeking efficiency and scale, investing in AI engineering talent is a move that will pay dividends.

Magic Factory is here to help you Hire AI engineer talent tailored to your unique business needs. Don’t wait for the future to catch up — create it with the right team.

The Future of Engineering: Top Emerging Fields You Need to Know About

Engineering has always been at the heart of innovation, driving advancements that shape the world we live in. From the industrial revolution to the rise of the digital age, engineers have played a crucial role in creating the technologies that power our modern society. As we move into the future, new technologies, global challenges, and evolving industries are opening up exciting opportunities in engineering. In this article, we’ll explore some of the top emerging fields in engineering that are set to define the future and impact the way we work, live, and interact with the world.

1. Artificial Intelligence and Machine Learning Engineering

Artificial intelligence (AI) and machine learning (ML) have rapidly evolved from niche fields to mainstream technologies that are transforming industries across the globe. Engineers specializing in AI and ML work on developing algorithms and systems that enable machines to learn from data, make decisions, and even improve over time.

As businesses and industries increasingly rely on data-driven decision-making, AI and ML engineers are in high demand. They design systems for self-driving cars, predictive healthcare tools, automation in manufacturing, and even personalized recommendations in online platforms. The future of AI in engineering goes beyond just automation; it will also be fundamental to advances in robotics, natural language processing, and the creation of smart environments.

2. Robotics Engineering

Robotics Engineering is another exciting field that continues to grow and innovate. While robots have traditionally been used in manufacturing, their applications are expanding rapidly into healthcare, agriculture, logistics, and even space exploration.

Robotics engineers are working on developing robots that can perform complex tasks autonomously, from assisting in surgeries to exploring distant planets. The future of robotics is focused on creating more adaptive, human-like machines that can work alongside humans in everyday environments, such as homes and offices. The integration of AI and robotics will also lead to advances in autonomous systems, transforming industries like supply chain management, healthcare, and defense.

3. Quantum Computing Engineering

Quantum computing is one of the most promising fields for the future of technology. Unlike classical computers that process information in binary bits (0s and 1s), quantum computers use quantum bits or qubits, which can exist in multiple states simultaneously. This enables quantum computers to solve problems that are currently beyond the reach of traditional supercomputers.

Quantum computing engineers work on developing algorithms, hardware, and software that will enable quantum computers to perform complex calculations, such as simulating molecular structures for drug development or optimizing logistics for large-scale systems. Although quantum computing is still in its infancy, it holds enormous potential for revolutionizing industries like cryptography, material science, pharmaceuticals, and artificial intelligence.

4. Sustainable and Renewable Energy Engineering

The growing concern over climate change and the need for sustainable energy sources have made renewable energy engineering one of the most important emerging fields in engineering. Engineers in this field work on developing and improving energy sources like solar, wind, hydro, geothermal, and bioenergy to replace traditional fossil fuels.

Sustainable energy engineers are tasked with designing more efficient solar panels, wind turbines, and energy storage systems, as well as finding ways to integrate renewable energy into existing grids. Additionally, they explore new technologies like hydrogen fuel cells, advanced battery storage solutions, and smart grids to help reduce carbon emissions and create a more sustainable future.

As the demand for clean energy increases globally, engineers who specialize in renewable and sustainable energy technologies will be crucial to meeting the world’s energy needs while minimizing environmental impact.

5. Biotechnology and Genetic Engineering

Biotechnology and genetic engineering have revolutionized healthcare, agriculture, and environmental science, and the field is expected to continue expanding in the future. Biotechnology engineers focus on applying biological principles to develop innovative solutions for a range of issues, including disease treatment, food security, and environmental sustainability.

Advances in genetic engineering, gene editing technologies like CRISPR, and synthetic biology are opening up new possibilities in personalized medicine, crop modification, and the creation of biofuels. Engineers in this field are working on creating gene therapies to treat genetic diseases, developing genetically modified crops to improve food production, and even designing microorganisms that can clean up environmental pollutants.

As biotechnology continues to evolve, it will play a key role in addressing global health challenges, food shortages, and environmental degradation.

6. Cybersecurity Engineering

With the rise of digital technologies, the need for robust cybersecurity has never been greater. Cybersecurity engineers work to protect systems, networks, and data from cyberattacks, ensuring the confidentiality, integrity, and availability of digital information. As cyber threats become increasingly sophisticated, the demand for skilled cybersecurity professionals is expected to grow exponentially.

Emerging fields within cybersecurity include ethical hacking, threat analysis, and the development of AI-powered security systems. Engineers in this field are tasked with staying ahead of cybercriminals, securing emerging technologies like the Internet of Things (IoT), and developing secure frameworks for cloud computing and blockchain.

As businesses and governments become more reliant on digital infrastructure, cybersecurity engineers will be at the forefront of ensuring the safety and security of critical systems and data.

7. Space Engineering

Space exploration and commercial space travel are no longer just the stuff of science fiction. With companies like SpaceX, Blue Origin, and NASA pushing the boundaries of space technology, the field of space engineering is seeing rapid growth. Space engineers are working on the development of spacecraft, satellites, propulsion systems, and advanced materials for use in space missions.

The future of space engineering is focused on making space travel more affordable and accessible, developing technologies for long-term space missions (including trips to Mars), and enabling the commercialization of space, such as space tourism and asteroid mining. The growing interest in space exploration, both by private companies and government agencies, is creating numerous opportunities for engineers to contribute to the next frontier of human exploration.

8. Augmented Reality (AR) and Virtual Reality (VR) Engineering

Augmented reality (AR) and virtual reality (VR) are transforming the way we interact with digital information, and the demand for engineers in this field is growing rapidly. AR and VR engineers work on developing immersive technologies that create virtual environments or overlay digital information onto the physical world.

These technologies are already being used in gaming, education, healthcare, and even military training. In the future, AR and VR will revolutionize industries like real estate, architecture, and retail, offering new ways for consumers to experience products and services before making decisions. Engineers will continue to innovate in creating more lifelike, interactive, and accessible AR and VR experiences.

9. Advanced Manufacturing Engineering

The world of manufacturing is evolving with the integration of advanced technologies like 3D printing, automation, and smart factories. Advanced manufacturing engineers work on developing and improving production processes, making them more efficient, cost-effective, and sustainable.

3D printing, also known as additive manufacturing, is revolutionizing the way products are designed and created, enabling customized products and reducing waste. Automation and robotics are transforming traditional assembly lines, while smart factories equipped with sensors and IoT devices are enabling real-time monitoring and optimization of production processes.

The future of manufacturing will see even more innovations, with engineers focusing on sustainability, improved materials, and the integration of AI and machine learning to make manufacturing smarter and more adaptable.

Conclusion

The future of engineering is full of exciting possibilities, with new fields emerging to tackle global challenges and improve the quality of life. From artificial intelligence to renewable energy, biotechnology to space exploration, the opportunities for engineers to innovate and make an impact are limitless.

As these fields continue to grow, the demand for skilled engineers will increase, making engineering a promising and rewarding career path. For those looking to make a difference in the world, the future of engineering holds endless potential. Whether you’re just starting your career or are already an experienced engineer, staying informed about these emerging fields will ensure that you remain at the forefront of technological advancement and continue to play a pivotal role in shaping the future.

Devin AI: The Newest AI Software Engineer on the Block | USAII®

A perfect companion for software engineers is here. Devin AI rules the AI coding world while complementing efficiently skilled AI engineers with top AI tools and GenAI.

Read more: https://shorturl.at/klhZ1

DEVIN AI, AI engineering, AI Software Engineer, AI programmers, conversational AI, AI tools, Software Developer, AI engineer, Generative AI

How I got scammed

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/02/05/cyber-dunning-kruger/#swiss-cheese-security

I wuz robbed.

More specifically, I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened. And then he tried to do it again, a week later!

Here's what happened. Over the Christmas holiday, I traveled to New Orleans. The day we landed, I hit a Chase ATM in the French Quarter for some cash, but the machine declined the transaction. Later in the day, we passed a little credit-union's ATM and I used that one instead (I bank with a one-branch credit union and generally there's no fee to use another CU's ATM).

A couple days later, I got a call from my credit union. It was a weekend, during the holiday, and the guy who called was obviously working for my little CU's after-hours fraud contractor. I'd dealt with these folks before – they service a ton of little credit unions, and generally the call quality isn't great and the staff will often make mistakes like mispronouncing my credit union's name.

That's what happened here – the guy was on a terrible VOIP line and I had to ask him to readjust his mic before I could even understand him. He mispronounced my bank's name and then asked if I'd attempted to spend $1,000 at an Apple Store in NYC that day. No, I said, and groaned inwardly. What a pain in the ass. Obviously, I'd had my ATM card skimmed – either at the Chase ATM (maybe that was why the transaction failed), or at the other credit union's ATM (it had been a very cheap looking system).

I told the guy to block my card and we started going through the tedious business of running through recent transactions, verifying my identity, and so on. It dragged on and on. These were my last hours in New Orleans, and I'd left my family at home and gone out to see some of the pre-Mardi Gras krewe celebrations and get a muffalata, and I could tell that I was going to run out of time before I finished talking to this guy.

"Look," I said, "you've got all my details, you've frozen the card. I gotta go home and meet my family and head to the airport. I'll call you back on the after-hours number once I'm through security, all right?"

He was frustrated, but that was his problem. I hung up, got my sandwich, went to the airport, and we checked in. It was total chaos: an Alaska Air 737 Max had just lost its door-plug in mid-air and every Max in every airline's fleet had been grounded, so the check in was crammed with people trying to rebook. We got through to the gate and I sat down to call the CU's after-hours line. The person on the other end told me that she could only handle lost and stolen cards, not fraud, and given that I'd already frozen the card, I should just drop by the branch on Monday to get a new card.

We flew home, and later the next day, I logged into my account and made a list of all the fraudulent transactions and printed them out, and on Monday morning, I drove to the bank to deal with all the paperwork. The folks at the CU were even more pissed than I was. The fraud that run up to more than $8,000, and if Visa refused to take it out of the merchants where the card had been used, my little credit union would have to eat the loss.

I agreed and commiserated. I also pointed out that their outsource, after-hours fraud center bore some blame here: I'd canceled the card on Saturday but most of the fraud had taken place on Sunday. Something had gone wrong.

One cool thing about banking at a tiny credit-union is that you end up talking to people who have actual authority, responsibility and agency. It turned out the the woman who was processing my fraud paperwork was a VP, and she decided to look into it. A few minutes later she came back and told me that the fraud center had no record of having called me on Saturday.

"That was the fraudster," she said.

Oh, shit. I frantically rewound my conversation, trying to figure out if this could possibly be true. I hadn't given him anything apart from some very anodyne info, like what city I live in (which is in my Wikipedia entry), my date of birth (ditto), and the last four digits of my card.

Wait a sec.

He hadn't asked for the last four digits. He'd asked for the last seven digits. At the time, I'd found that very frustrating, but now – "The first nine digits are the same for every card you issue, right?" I asked the VP.

I'd given him my entire card number.

Goddammit.

The thing is, I know a lot about fraud. I'm writing an entire series of novels about this kind of scam:

https://us.macmillan.com/books/9781250865878/thebezzle

And most summers, I go to Defcon, and I always go to the "social engineering" competitions where an audience listens as a hacker in a soundproof booth cold-calls merchants (with the owner's permission) and tries to con whoever answers the phone into giving up important information.

But I'd been conned.

Now look, I knew I could be conned. I'd been conned before, 13 years ago, by a Twitter worm that successfully phished out of my password via DM:

https://locusmag.com/2010/05/cory-doctorow-persistence-pays-parasites/

That scam had required a miracle of timing. It started the day before, when I'd reset my phone to factory defaults and reinstalled all my apps. That same day, I'd published two big online features that a lot of people were talking about. The next morning, we were late getting out of the house, so by the time my wife and I dropped the kid at daycare and went to the coffee shop, it had a long line. Rather than wait in line with me, my wife sat down to read a newspaper, and so I pulled out my phone and found a Twitter DM from a friend asking "is this you?" with a URL.

Assuming this was something to do with those articles I'd published the day before, I clicked the link and got prompted for my Twitter login again. This had been happening all day because I'd done that mobile reinstall the day before and all my stored passwords had been wiped. I entered it but the page timed out. By that time, the coffees were ready. We sat and chatted for a bit, then went our own ways.

I was on my way to the office when I checked my phone again. I had a whole string of DMs from other friends. Each one read "is this you?" and had a URL.

Oh, shit, I'd been phished.

If I hadn't reinstalled my mobile OS the day before. If I hadn't published a pair of big articles the day before. If we hadn't been late getting out the door. If we had been a little more late getting out the door (so that I'd have seen the multiple DMs, which would have tipped me off).

There's a name for this in security circles: "Swiss-cheese security." Imagine multiple slices of Swiss cheese all stacked up, the holes in one slice blocked by the slice below it. All the slices move around and every now and again, a hole opens up that goes all the way through the stack. Zap!

The fraudster who tricked me out of my credit card number had Swiss cheese security on his side. Yes, he spoofed my bank's caller ID, but that wouldn't have been enough to fool me if I hadn't been on vacation, having just used a pair of dodgy ATMs, in a hurry and distracted. If the 737 Max disaster hadn't happened that day and I'd had more time at the gate, I'd have called my bank back. If my bank didn't use a slightly crappy outsource/out-of-hours fraud center that I'd already had sub-par experiences with. If, if, if.

The next Friday night, at 5:30PM, the fraudster called me back, pretending to be the bank's after-hours center. He told me my card had been compromised again. But: I hadn't removed my card from my wallet since I'd had it replaced. Also, it was half an hour after the bank closed for the long weekend, a very fraud-friendly time. And when I told him I'd call him back and asked for the after-hours fraud number, he got very threatening and warned me that because I'd now been notified about the fraud that any losses the bank suffered after I hung up the phone without completing the fraud protocol would be billed to me. I hung up on him. He called me back immediately. I hung up on him again and put my phone into do-not-disturb.

The following Tuesday, I called my bank and spoke to their head of risk-management. I went through everything I'd figured out about the fraudsters, and she told me that credit unions across America were being hit by this scam, by fraudsters who somehow knew CU customers' phone numbers and names, and which CU they banked at. This was key: my phone number is a reasonably well-kept secret. You can get it by spending money with Equifax or another nonconsensual doxing giant, but you can't just google it or get it at any of the free services. The fact that the fraudsters knew where I banked, knew my name, and had my phone number had really caused me to let down my guard.

The risk management person and I talked about how the credit union could mitigate this attack: for example, by better-training the after-hours card-loss staff to be on the alert for calls from people who had been contacted about supposed card fraud. We also went through the confusing phone-menu that had funneled me to the wrong department when I called in, and worked through alternate wording for the menu system that would be clearer (this is the best part about banking with a small CU – you can talk directly to the responsible person and have a productive discussion!). I even convinced her to buy a ticket to next summer's Defcon to attend the social engineering competitions.

There's a leak somewhere in the CU systems' supply chain. Maybe it's Zelle, or the small number of corresponding banks that CUs rely on for SWIFT transaction forwarding. Maybe it's even those after-hours fraud/card-loss centers. But all across the USA, CU customers are getting calls with spoofed caller IDs from fraudsters who know their registered phone numbers and where they bank.

I've been mulling this over for most of a month now, and one thing has really been eating at me: the way that AI is going to make this kind of problem much worse.

Not because AI is going to commit fraud, though.

One of the truest things I know about AI is: "we're nowhere near a place where bots can steal your job, we're certainly at the point where your boss can be suckered into firing you and replacing you with a bot that fails at doing your job":

https://pluralistic.net/2024/01/15/passive-income-brainworms/#four-hour-work-week

I trusted this fraudster specifically because I knew that the outsource, out-of-hours contractors my bank uses have crummy headsets, don't know how to pronounce my bank's name, and have long-ass, tedious, and pointless standardized questionnaires they run through when taking fraud reports. All of this created cover for the fraudster, whose plausibility was enhanced by the rough edges in his pitch - they didn't raise red flags.

As this kind of fraud reporting and fraud contacting is increasingly outsourced to AI, bank customers will be conditioned to dealing with semi-automated systems that make stupid mistakes, force you to repeat yourself, ask you questions they should already know the answers to, and so on. In other words, AI will groom bank customers to be phishing victims.

This is a mistake the finance sector keeps making. 15 years ago, Ben Laurie excoriated the UK banks for their "Verified By Visa" system, which validated credit card transactions by taking users to a third party site and requiring them to re-enter parts of their password there:

https://web.archive.org/web/20090331094020/http://www.links.org/?p=591

This is exactly how a phishing attack works. As Laurie pointed out, this was the banks training their customers to be phished.

I came close to getting phished again today, as it happens. I got back from Berlin on Friday and my suitcase was damaged in transit. I've been dealing with the airline, which means I've really been dealing with their third-party, outsource luggage-damage service. They have a terrible website, their emails are incoherent, and they officiously demand the same information over and over again.

This morning, I got a scam email asking me for more information to complete my damaged luggage claim. It was a terrible email, from a noreply@ email address, and it was vague, officious, and dishearteningly bureaucratic. For just a moment, my finger hovered over the phishing link, and then I looked a little closer.

On any other day, it wouldn't have had a chance. Today – right after I had my luggage wrecked, while I'm still jetlagged, and after days of dealing with my airline's terrible outsource partner – it almost worked.

So much fraud is a Swiss-cheese attack, and while companies can't close all the holes, they can stop creating new ones.

Meanwhile, I'll continue to post about it whenever I get scammed. I find the inner workings of scams to be fascinating, and it's also important to remind people that everyone is vulnerable sometimes, and scammers are willing to try endless variations until an attack lands at just the right place, at just the right time, in just the right way. If you think you can't get scammed, that makes you especially vulnerable:

https://pluralistic.net/2023/02/24/passive-income/#swiss-cheese-security

Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en

The demand for qualified experts in AI is increasing as technology continues to grow at an unparalleled rate. Suppose you’re an engineering student from the best private engineering college for computer science in Jaipur interested in cutting-edge technologies like machine learning and AI. In that case, you’ve come to the perfect spot.

Google is now the only search engine that can surface results from Reddit, making one of the web’s most valuable repositories of user generated content exclusive to the internet’s already dominant search engine. If you use Bing, DuckDuckGo, Mojeek, Qwant or any other alternative search engine that doesn’t rely on Google’s indexing and search Reddit by using “site:reddit.com,” you will not see any results from the last week. DuckDuckGo is currently turning up seven links when searching Reddit, but provides no data on where the links go or why, instead only saying that “We would like to show you a description here but the site won't allow us.” Older results will still show up, but these search engines are no longer able to “crawl” Reddit, meaning that Google is the only search engine that will turn up results from Reddit going forward. Searching for Reddit still works on Kagi, an independent, paid search engine that buys part of its search index from Google. The news shows how Google’s near monopoly on search is now actively hindering other companies’ ability to compete at a time when Google is facing increasing criticism over the quality of its search results. And while neither Reddit or Google responded to a request for comment, it appears that the exclusion of other search engines is the result of a multi-million dollar deal that gives Google the right to scrape Reddit for data to train its AI products.

July 24 2024

GenAI-free search engine: noai.duckduckgo.com

I just learned (thank you, Mastodon) that the DuckDuckGo search engine has a subdomain https://noai.duckduckgo.com/ that leaves out all the GenAI nonsense! No muss, no fuss, no bullshit machines!

But, you ask, how do I ensure I'm always using it? Fair question. If I tried to do this manually, I would fail hard.

How to auto-forward the regular DDG domain to this one depends somewhat on your browser. Here's how I did it in Firefox desktop:

Add the Redirector add-on to your Firefox. Go into its preferences ("Edit Redirects") and add a rule that changes the Include Pattern: to https://duckduckgo.com/* and the Redirect to: pattern to https://noai.duckduckgo.com/search?q=$1

For me, this is Just Working so far, including from the browser's own search bar.

I'm extra-happy to be signaling to DDG that the bullshit machines can take a flying leap.