Smart push notifications powered by GPT would be nice.
- Slack: if it seems like an urgent DM
- Email: if it’s from an enterprise customer
- Social: if it’s a DM from someone I’m interested in romantically
Follow
Vinay Hiremath
@vhmth
co-founder & cto
Vinay Hiremath’s Tweets
Our safety is in a race against compute and memory getting cheap enough to run more of these LLM queries with larger context windows. I hope we're not already screwed. But we might be.
1
10
I can't believe I'm saying this, but we need some form of international safety regulation on OpenAI now.
6
7
65
A teacher at my wife's school is raising some money to help organize their classrooms library.
Can y'all check it out, donate if you would like, and if not retweet this please so it gets the widest reach possible?
3
7
9
I want to close this thread by genuinely apologizing to our users. I know we need to work hard to rebuild trust with you all. We are taking this extremely seriously.
20
2
256
Show this thread
Finally, we will be looking into enhancing our monitoring and alerting to help us catch abnormal session usage across accounts and services.
2
1
66
Show this thread
We are updating our review policies to ensure we catch this type of issue with internal and staging test policies in the future. This includes testing against CDN and API changes from multiple user accounts.
1
3
75
Show this thread
We will ensure the application does not return session cookies for any static assets it serves.
3
1
61
Show this thread
We will be ensuring our CDN always strips out the session cookie in response headers. We will also ensure it does not pass on this cookie for static asset requests.
5
4
72
Show this thread
The thing that saddens me about incidents like this is that it breaks customer trust. And that fucking sucks. Loom is not a job for me. It's my life's work. I can't begin to express how important our users' privacy is to me and the rest of the team.
2
4
239
Show this thread
This response would then be stored on our CDN for 1 second. This meant the first user to warm our CDN cache for a given JS asset would have their session cached and returned to all users who requested the same asset from the save CDN server within that second.
3
13
113
Show this thread
As we dug in, we realized we were now sending our session tokens to our static javascript endpoints. When we did this, our application server would extend the expiration date of the session and return a "set-cookie" header.
2
3
81
Show this thread
It was not immediately obvious what changes to the CDN caused this issue. The caching behaviors were the same between both changes, and we did not see this session behavior exhibited over the 10 days of testing performed on our dev, test, and staging environments
1
3
54
Show this thread
Rolling back our database and caching layers was an extreme step, but it was the only way we could reason about unauthorized data not being leaked to the incorrect accounts.
1
2
58
Show this thread
2:45pm: service was restored. We understood how the issues likely came to be (incorrect caching of sessions on the CDN) but not exactly how. We decided to roll back our databases to a snapshot before the configuration changes were rolled out before restoring the service.
1
3
60
Show this thread
11:30am (27m from raised incident): we manually took the full service down to ensure there would be no potential for data leaks without us first understanding and remediating the issue.
2
1
54
Show this thread
11:21am: escalation data was provided by our support team reporting users seeing account login issues.
1
38
Show this thread
11:10am: we attempted an initial mitigation by rolling back the CDN changes. These were the only changes that seemed to correlate with the unauthorized account behavior our users were seeing.
1
45
Show this thread
11:03am: internal teammates started noticing they were getting logged out and sometimes could see other users' accounts. We immediately declared an incident.
1
1
55
Show this thread
10:21am: our infrastructure team rolled out a configuration change. This change included, among other things, upgrading how we handle certain cache policies away from deprecated AWS directives and forwarding more headers to origin servers.
1
6
57
Show this thread
You can also find an overview here. It includes information about the impact analysis.
loom.com/blog/march-7-i
3
3
77
Show this thread
At approx. 10:21am PST yesterday went through a security incident. This situation sucks. We've let our users down. But we've root caused and remediated. This is a technical overview of what happened.
79
213
1,573
Show this thread
It fills me with so much joy that someone made a song about the feeling of someone else not watching your 😆
5
4
16
Large revamp and expansion of the Loom desktop app's end-to-end tests landed yesterday. It's already catching errors in our feature branches and blocking faulty code. Big step towards better quality as our delivery velocity has gone up.
2
18
Be bold. Be resolute. Being a fool is better than being a puppet to your fears and harboring resentment for what could have been.
1
3
44
Both and have a bright boxing career ahead of them. Excited to see when they both technically get to Badou and Makabu’s level.
1
1
The Saudian Arabian nationalist aggrandization during the Paul/Fury fight is hilarious
1
I wonder if the companies popping up as a thin app-meets-GPT layer are singularly made possible by the hangover cash from 0% interest rates. I wonder how many of them will win and why.
10
2
25
Today's a first. A company I'm an investor in is winding down. They had so much going for them but couldn't secure funds. Building an enduring business requires a lot of work, especially in the hard sciences. Speed to revenue is critical, regardless of how good the product is.
1
1
52
Biggest predictor of happiness is soul <-> actions alignment. The root of all unhappiness is taking actions out of alignment of what ur soul knows is right
5
15
196
Got approved for the O-1 visa today! Thank you USA. 🇺🇸 And thank you those who wrote petition letters for me.
17
2
72
Build configs, go, typescript, C++, o11y metrics, random python. ~15k hours of building software. 12 years to mastery.
I think a lot about what my next skill to master should be. And how much of my life I should give up to reach it. Will I make the world a better place with it?
2
22
1
22
Mommy, daddy, when I grow up I want to beg people smarter than me to fix issues I mostly created so I can sleep again.
1
1
16
First day where I was able to consistently snap my jab and know it would hurt if it landed on anyone. Feeling more capable boxing every week. This feels so damn good.
3
1
11
Giving a lecture at Berkeley on hiring for grit on an early team. They’re saying they don’t do recordings but DM me or respond here if you think the recording would be helpful.
30
1
96
is there any way to tweak the logic of how quickly the color gradient darkens and what value it changes from yellow to green? Is there any way for me to implement a custom color gradient?
Show this thread