Me: *listening to some random semi-obscure track on spotify, liking it, add it to playlist*

Come home, girlfriend playing the same track. "Yeah I've had that in my playlist for two weeks now". Our accounts are not linked in any way, and I only use Spotify on a PC at work, while my girlfriend only uses it at home.

It might just be coincidence, or us having similar tastes.

But the issue is that it's getting more and more difficult to know whether me and my girl are spiritually linked unique snowflake soulmates who are so perfectly in sync with each other, or whether an algorithm suggestively linked us both that song based on scraped location and behavior data.

And whether it matters. Maybe it matters. I don't know yet.

In twenty years maybe humans will be unsure whether it was a wonderful coincidence bordering on cosmic fate that you ran into your new love, or whether Google purposefully drove you towards the same lunch cafe at a specific time because it calculated that she was the perfect candidate to strengthen your susceptibility to advertisements over the coming decade.

Malicious AI will not come into lives bearing guns.

It will not instantly take all of our jobs and enslave us.

It will just know you better than you know yourself, it will know everyone around you better than you know them, and it will play incredible mind games. It will not be designed with malicious intent, just perfectly execute on top of the malicious systems we already have, and even arise as an emergent property within new systems.

It will rarely be clearly visible, but you will increasingly say to yourself: "That's odd, I was just thinking about that". It will detect depression from a smile, physical attraction from a glance, reliability from patterns in your voice and illness from the bloodflow in your cheeks.

It will not just make our cars autonomous, it will make our lives autonomous. It will protect us, decide for us, keep revenues and human satisfaction in a "balanced maximized" state, it will make everything feel easy, slightly abuse us, and when one of us suddenly crashes at 140 mph into depression, debt or addiction it will prove impossible to know whether the humans or the algorithms were at fault.

I'm incredibly afraid and excited about the coming 10 years.

2 days ago: *rants about HP's design choices on a laptop*
22 hours ago: *new video from GreatScott comes out, explaining all about voltage tolerances for the charger etc*

Coincidence? Maybe not 🤔

OMFG I don't even know where to start..
Probably should start with last week (as this is the first time I had to deal with this problem directly)..

Also please note that all packages, procedure/function names, tables etc have fictional names, so every similarity between this story and reality is just a coincidence!!

Here it goes..

Lat week we implemented a new feature for the customer on production, everything was working fine.. After a day or two, the customer notices the audit logs are not complete aka missing user_id or have the wrong user_id inserted.
Hm.. ok.. I check logs (disk + database).. WTF, parameters are being sent in as they should, meaning they are there, so no idea what is with the missing ids.

OK, logs look fine, but I notice user_id have some weird values (I already memorized most frequent users and their ids). So I go check what is happening in the code, as the procedures/functions are called ok.

Wow, boy was I surprised.. many many times..
In the code, we actually check for user in this apps db or in case of using SSO (which we were) in the main db schema..
The user gets returned & logged ok, but that is it. Used only for authentication. When sending stuff to the db to log, old user Id is used, meaning that ofc userid was missing or wrong.

Anyhow, I fix that crap, take care of some other audit logs, so that proper user id was sent in. Test locally, cool. Works. Update customer's test servers. Works. Cool..

I still notice something off.. even though I fixed the audit_dbtable_2, audit_dbtable_1 still doesn't show proper user ids.. This was last week. I left it as is, as I had more urgent tasks waiting for me..

Anyhow, now it came the time for this fuckup to be fixed. Ok, I think to myself I can do this with a bit more hacking, but it leaves the original database and all other apps as is, so they won't break.
I crate another pck for api alone copy the calls, add user_id as param and from that on, I call other standard functions like usual, just leave out the user_id I am now explicitly sending with every call.
Ok this might work.

I prepare package, add user_id param to the calls.. great, time to test this code and my knowledge..

I made changes for api to incude the current user id (+ log it in the disk logs + audit_dbtable_1), test it, and check db..
Disk logs fine, debugging fine (user_id has proper value) but audit_dbtable_1 still userid = 0.

WTF?! I go check the code, where I forgot to include user id.. noup, it's all there. OK, I go check the logging, maybe I fucked up some parameters on db level. Nope, user is there in the friggin description ON THE SAME FUCKING TABLE!!
Just not in the column user_id...

WTF..Ok, cig break to let me think..

I come back and check the original auditing procedure on the db.. It is usually used/called with null as the user id. OK, I have replaced those with actual user ids I sent in the procedures/functions. Recheck every call!! TWICE!! Great.. no fuckups. Let's test it again!
OFC nothing changes, value in the db is still 0. WTF?! HOW!?

So I open the auditing pck, to look the insides of that bloody procedure.. WHAT THE ACTUAL FUCK?!
Instead of logging the p_user_sth_sth that is sent to that procedure, it just inserts the variable declared in the main package..
WHAT THE ACTUAL FUCK?! Did the 'new guy' made changes to this because he couldn't figure out what is wrong?! Nope, not him. I asked the CEO if he knows anything.. Noup.. I checked all customers dbs (different customers).. ALL HAD THIS HARDOCED IN!!! FORM THE FREAKING YEAR 2016!!! O.o

Unfuckin believable.. How did this ever work?!

Looks like at the begining, someone tried to implement this, but gave up mid implementation.. Decided it is enough to log current user id into BLABLA variable on some pck..
Which might have been ok 10+ years ago, but not today, not when you use connection pooling.. FFS!!

So yeah, I found easter eggs from years ago.. Almost went crazy when trying to figure out where I fucked this up. It was such a plan, simple, straight-forward solution to auditing..

If only the original procedure was working as it should.. bloddy hell!!

Nice algorithm @dfox and @trogus!!!

I've noticed looking at the card exit of a building that most people a) just carry their laptop without putting it in the backpack because the carpark is a jump away anyway, b) that stickers on said laptops can leak your infrastructure

No idea what made me interested in that, but if you take the average of people's laptop stickers (sadly not everybody had their laptop or maybe even a laptop at all, so I've got just 20) - you could probably tell what tools and what services the company is running.

Could be a funny coincidence and I was able to verify later by googling their company, but it's an interesting non trackable way to know what services and tools need to be exploited/emulated to possibly gain access to some high security network.

I feel like somebody had to have a talk/presentation about this, so I wonder, had anybody else seen something like that? or how far could this actually go?

Today I came across a very strange thing or a coincidence(maybe).
I was working on my predictive analytics project and I had registered on Kaggle(repository for datasets) long back and was searching on how to scrape websites, as I couldn't find any relevant dataset. So, while I was searching for ways to scrape a website, suddenly after visiting a few websites, I get notifications of a new email. And it was from Kaggle with the subject line
"How to Scrape a Tidy Dataset for Analysis"
Now I don't how to feel about it. Mixed feelings! It is either a wild coincidence, or Kaggle is tracking all the pages visited by the user. The latter makes more sense. By the way, Kaggle wasn't open in any of the tabs on my browser.