I doubt that the product is actually getting worse, and I have good reason for my doubt.

Nearly all of the things like this that Google does have one real purpose: Combating abuse. During my ~15 years at Google I never worked on counter-abuse, but I spend about a decade doing stuff that led me to work pretty closely with the counter-abuse teams, and the inventiveness of the people abusing Google's products and systems never ceased to amaze me. And it isn't trivial abuse that is ignorable, because not preventing the abuse would actually make the product offerings worse.

I don't know what the storage abuse might be, but I can think of a lot of things that could be done, and my experience touching on counter-abuse at Google taught me that for every thing I can think of, there are people out there who can think of a hundred more, and will then invest serious amounts of time and money in implementing them.

One of my favorite examples was related to Android GPS location. It's a favorite mostly because of how trivial it was, but the vast resources abusers poured into it, and I'm sure they only did it because they got even more out of it -- this large-scale abuse is all for-profit. For a long time it was easy to spoof your location without giving any evidence of the fact. This caused problems for location-based games like Pokemon Go or Ingres, who lost players because it screwed up the game[*]. So, the games started checking if the device was in developer mode, which allowed "legitimate" location spoofing. So cheaters started using bootloader-unlocked devices which they could configure to lie about being in developer mode. So games started using Android Keystore attestation (I wrote Keystore, hence why I got pulled in) to make it difficult to impossible to do that. Except that some number of official attestation keys leaked out of factories and people found they could get those and fake out the games. Also, there were some crappy devices that didn't do the Keystore security right. If you bought one of those cheap devices and modified the software, you could cheat

To this point, it's fine. Just normal security cat-and-mouse, and it keeps the number of cheaters small enough not to matter, so it's fine. But someone decided to scale it, for a fee. Someone (or some ones) set up massive device farms. One organization made some mistakes that leaked a bit of device information and allowed us to count the devices in the farm and there were tens of thousands. What did they do? They arranged to help Pokemon Go players spoof their location. If you played Pokemon Go and wanted to cheat, you could pay $5 per month and they'd give you a customized version of the game that would let you spoof your location but whenever the game asked for an attestation it would get one from one of the farm devices, all of which were hacked to be able to lie about their configuration.

That's just one example, and there are an unbelievable number of others. I recently chatted with a friend on the counter-abuse team and they are really tearing their hair out over some of the incredibly clever attacks people are mounting with AI. She couldn't give me details (and if she had, I couldn't share them).

Anyway, what's really going on here, I'm sure, is that there's some large-scale, systematic abuse of GMail storage that is to a degree that it's costing Google hundreds of millions of dollars. What exactly, I have no idea. And they think that they can address it by reducing storage for people who won't take a simple step to prove that they're real people (phone number verification). Obviously, phone number verification doesn't prove that you're a real person... but it increases the cost of large-scale abuse, and that's the point. I'm sure there will be other I'm-a-person verification schemes so those without phones have an option, but all of them will aim to inconvenience abusers and increase their costs, without too-greatly inconveniencing legitimate users.

[*] My personal experience: I played Ingres quite a lot for a couple of years, but quit it completely after one cheating event, and never went back. I spent a whole day climbing a 10,000-foot mountain peak, covered in deep snow, in the dead of winter, to capture a key portal, only to have it taken away from me 30 minutes later by someone who definitely didn't climb the mountain. I know because if they'd been there, I'd have seen them. Pissed me off so bad I deleted the app and never installed it again.

Unless you're cooking brisket every day, and so are a lot of your neighbors, it's not likely to be a problem.

Where it becomes an issue is when a non-trivial number of people are using it for heating their homes... which is not that uncommon in the Mountain West.

It used to be very common where I live (northern Utah), and likely would be still, but the density of woodsmoke was enough that when combined with common winter weather conditions ("temperature inversions" that trap a layer of air 2-3 thousand feet deep in the bowl created by surrounding mountains), it became a health hazard. To combat that, the government instituted "no burn days" when using a wood-burning stove in your home was prohibited. Those became common enough that most people eventually found burning wood (and coal) for home heating was annoying.

When I was a kid, my home was primarily heated with wood, plus a bit of coal at night. The house had a gas furnace, but we could cut several cords of wood from the mountains for a permit that cost about $10, plus another $30 in gas -- and our time and sweat, of course, but given the family finances, labor was cheap. That ended in the mid-90s because there were so many no-burn days that my dad gave up.

However, it's still quite common in less densely-populated areas of the Mountain West. This information may change the calculation of how dense is too dense to allow heating with wood.

A large mass of cryogenic fuel/oxidizer right up against the other side of a thermally-conductive dome also makes a great heat sink. Warming the fuel will cause it to expand, but after burning a lot to get up there, tankage is not a problem.

Ah, gotcha. You were referring to the comment from the summary, not mine. Yeah, it's fun to watch the young'uns realize that they are absolutely going to spend their whole lives realizing they forgot something they used to know. It's even more fun to watch them the first time they look at code they wrote two months ago and say "Who wrote this stupid shit? Oh....".

Really? Doesn't feel that way at all to me. What it feels like is that LLMs are a massive force multiplier for the skills I already have.

Why the scare quotes? Are you uncertain if she's a woman? Or do you not understand how to use quotation marks?

Did they steal stuff worth millions?

Though, of course, this raises the question of why someone would leave valuable masters in a suitcase in an unoccupied core.

Dude, I've been writing code for 40 years. I've used so many different tools, stacks, libraries and APIs that at this point I don't remember any of them, and I haven't remembered them for years, and it doesn't matter at all. Sure, I have to look everything up, but that's fine, that doesn't matter. What matters is that I know when something looks wrong, or hard to maintain, or inefficient, or insecure, or... pick the axis. And I can dig in and find the problem. Anyone can tell if code works, that's easy. Understanding when and why it might break or otherwise impose additional costs, that's the real skill.

Which, as it happens, is exactly the skill you need to use an LLM effectively. Also the skill you need to understand legacy code, review colleagues' commits, etc., etc., etc. I used to say that the ability to read and understand code is an underrated skill, but an old friend corrected me at lunch a couple of weeks ago, saying that the ability to read and understand code is the most important software engineering skill, and always has been. Upon reflection, I agreed. And LLMs make this clearer than ever before.

I'm confused by all of these posters who've never heard of "the curve". I wonder if it's because they're all young'uns who went to school during an interval when progressive educators had decided to abandon it... with the inevitable grade inflation that was totally predicted.

When I was in college 40 years ago every class that had more than ~30 students in it was graded on the curve, and even some of the smaller ones (though in a smaller class it becomes statistically questionable). I used to love the groans when a buddy and I walked in the first day of class, because they knew we were going to "bend the curve". :D

Though in all seriousness, the whole point of using a curve is that in a sufficiently large class, it's statistically guaranteed (to very high probability) to be "unbendable". Inserting a couple of students at the top would mean that students who might be just above a cutoff might fall just below it, but it's not going to make a difference to many.

College isn't like tee-ball, where every player gets a participation trophy, and it shouldn't be. Especially not at elite schools. Part of the purpose of a university education is to act as a filter, and not just to filter out those who can't cut it at all, but to rank all of the students by performance, so graduate schools and potential employers can make use of that information.

Don't be so sure about the "shipped off". Google is heavily investing in on-device AI that runs in a trusted enclave (e.g. TrustZone on ARM). I left the company in August of last year but I doubt this has changed since it's been a major area of focus for quite some time.

I don't need 1000 miles. 600 (unencumbered) is definitely sufficient, and 500 might be okay. The thing is that I'll lose half to 2/3 of that range when towing my camp trailer, and that's not even considering that I'm typically towing it up into the mountains, gaining ~5000 vertical feet. I also need minimum 12k pounds of towing capacity and I'd like a little headroom, so call it 16k, and the bed payload has to be able to take at least 2000 pounds, because that's how much the trailer puts on the fifth-wheel hitch.

I'm anxiously awaiting an EV pickup that can do this. I'd love to have essentially unllimited electricity to buffer cloudy days (I have 1 kW of solar panels on the trailer and on sunny days they generate way more than enough, but consecutive cloudy days can leave be difficult).

3/4 ton and 1-ton gas and diesel pickups typically have oversized fuel tanks that provide about 600 miles of range, because that's what you actually need when you start hauling or towing significant loads. I don't think an EV pickup needs to have more range, but it needs to be comparable, and to be able to tow and haul comparable loads.

I'm not anti-EV by any means. I bought my first EV in 2011, and have had electric cars ever since. Trucks are a different sort of problem, though.

That's getting there, though I'd like to see some driving tests with a good-sized fifth wheel at highway speeds. The towing capacity is probably okay, though it provides very little headroom for when I'm towing both my camp trailer (~8k) and my boat (~3.5k), which I actually do several times each summer. But I think the payload capacity is too small to tow the trailer, which puts about 2000 points on the truck.

Agreed. My sedan has been electric for nearly a decade now, but I'm still driving a diesel pickup (1-ton, though a 3/4 ton would be sufficient) because EV pickup range is inadequate -- and I think it may be inadequate for a while. I need 250 miles of range when towing a trailer, which means I need ~500 -- maybe 600 -- miles of range without.

I'm not generally a fan of hybrids, but I think plug-in hybrids with large-ish batteries may be the sweet spot for a while with pickups. The Dodge Ramcharger is looking really good to me, though I'd like to see them make a 2500.

It is effective at reducing staff cheaply, but it has a huge downside, shared with most attrition-based schemes for reducing payroll: The best employees are also the ones who find it the easiest to leave. The worst employees are also the ones who will grit their teeth and hold on to the bitter end.

It's harder and more costly (in the short term) to do targeted layoffs which allows the company to target low-performers, or those who are low performers relative to their cost. It's the better choice, though.

Lots of the top performers will.

Using a proper password hashing algorithm mostly addresses this concern... and standard cryptographic hashes like MD-5, SHA-1, SHA-256, etc. are not appropriate. They're designed to be as time and space-efficient as possible while still achieving their security goals. Password hashing functions (more precisely, password-based key derivation functions) are designed specifically to be time and space-hungry, efficient enough that you can execute them in half-second or so for user authentication, but slow enough that brute forcing even moderately-good passwords is intractible.

The best widely-available algorithm is Argon2id. The modern algorithms don't focus so much on requiring lots of CPU cycles because GPUs. Instead, they focus on requiring significant amounts of RAM, in ways that provably cannot be reduced. The most-recommended Argon2id configuration requires 2GB RAM. This makes it feasible for most servers to handle fairly easily, as long as they don't have to verify too many passwords in parallel, but it means that GPUs don't help the attacker, and it's also slow enough that while you can get some traction by using a large botnet, it's really not very much. If a PC requires 500ms per attempt, and you have a million-machine botnet, you can still only try 2M passwords per second. If user passwords have, say, 30 bits of entropy, your massive botnet can find one every five minutes on average. If they have 40 bits, your botnet can find a password every ~3 days, on average. That's not nothing, but if you have control of a million machines, you can definitely find better uses for them.

Of course, even better is to use passkeys or similar, but as a practical matter you probably have to have a password to fall back on.