The hallucinations in legal briefs get really out of hand when the attorney wants to make an argument not supported by the case law. The LLM wants to do a good job defending a case, so it invents the legal precident, because otherwise it'd be impossible to make the argument credibly. This invites a rule 11 challenge from the other side where you claim the lawyer is so full of crap with his claim that he deserves sanction for not understanding the law and wasting everyone's time.
What's interesting about the rules of civil procedure is that it has been built up over centuries to prevent all kinds of abuse by sneaky, clever, unscrupulous litigants. Most systems are not so hardened against bad faith actors like the legal system is and AI just thinks it can pathologically lie its way through cause most people trust somebody who sounds authoritative.
I just read the initial complaint, what do you think about that case? Is there a community that wants disclosure of "chatter's" existence? It seems to be going the other way with AI personalities doing the chatting
> The table above does not reflect our renewed cloud hosting agreement with a third-party provider, entered into on May 31, 2025. Under the terms of the non-cancellable agreement, we committed to purchase a minimum of $545.0 million in cloud hosting services over the next five years. This renewed agreement replaces a previous agreement with the provider.
$300k/DAY AWS bill. I wonder what the "non-cancellable" savings is.
why is it so high? all of their high performance stuff is on device wasm, so all of that just to host their website and like collab features or some such?
There's plenty of server-side components to Figma that are substantially more complex and expensive than that of the typical website.
Multiplayer means that every file that are user loads is loaded onto a compute server and retained in-memory on that server, processing every mutation to the document. Figma documents can get quite large -- they can contain the design system of an entire organization, dozens of variations of a product feature, etc. This means the server cost scales per active session at a given time, a higher "number" than active requests.
In addition to multiplayer, Figma attempts to keep most other parts of the application real-time. If another user adds a file to a project, you will see it without refreshing the page. That's a simple example, but certain types of queries/mutation can get much more complex.
Figma is an enterprise app, and the data models needed to support complex use cases (permissions, etc) means that DB load is a real challenge.
While the DAU count of Figma might not be as high as other consumer apps, the amount of time those users spend in Figma is often substantially higher.
Those are some of the things that contribute to a high bill. While Figma is most known for the frontend editor, the infra work is plenty interesting too.
> Figma is an enterprise app, and the data models needed to support complex use cases (permissions, etc) means that DB load is a real challenge.
This, “permissions, etc”, isn't just an enterprise-scale problem, any multi-tenant system can and probably will hit it.
Working out who can access what can sound simple enough, but it gets rather less pleasant when the rules can be set with more complex ACLs¹ and because people can move around dynamically it is both potentially resource heavy to derive and difficult to cache² both safely and³ efficiently. It is natural to think “well, we can simplify the permissions model”, but you really can't when selling to different enterprises: many have their own idiosyncratic workflows, or local tweaks if using an “industry standard” workflow, and they will make a noise if your software to support them without extra tricks on their part.
We are at a much smaller scale⁴, in another industry, but this is an issue we have to be very careful about.
--------
[1] Is this person in a given group? Does that give or remove permission? Can they just access, or edit, add, …? also: different elements on the same screen could have very different ACLs to each other and at different times in a process
[2] missing changes for a time could cause significant issues if users are working on something commercially important or otherwise sensitive
[3] Safe is easy: don't cache at all. Efficient is easy: don't care about a bit of staleness and accept a bit of “eventual consistency”/“eventual correctness”. Achieving both takes a pile of resource even with a great design.
[4] We don't have to worry about consistently spreading data and processing over a set of DCs as our product has natural borders between tenants so splitting off into distinct DBs⁵ is an easy answer to some of the scale & efficiency issues.
[5] rather than needing everything in on “public” system because anyone can potentially want to share access with any other user.
Not sure why you are being downvoted for asking a question. One POV is that Figma’s technology can afford to be run expensively. Their on device ie in browser stuff is running on very expensive computers too. It isn’t necessarily optimal. We don’t know.
Also host can't offer that date for another guest (at least it used to be like that). In case of cancelling 1 day prior then they either have a serious issue or another booking so thats not so punishing.
It may also affect internal ranking order by which they show properties to people, but who knows whats implemented internally right now, and what will be in place in 3 months.
In this case it wouldn't really matter. It's fine for weeding out exceptionally-chaotic hosts, but hosts who rug-pull on a once-in-a-lifetime event like the eclipse (whether to re-rent for higher prices or because they forgot to take the listing down and were planning on using the facility themselves) aren't affected.
I started using testssl after first using slabs.com.
As the other commenter mentioned, testssl.sh lets you can websites that aren’t public yet e.g. test environments or other private networks. As well as testing against starttls if you need to test encryption on a mail gateway.
It’s also configurable, meaning you can have it test tls protocols alone, or ciphers alone, client renegotiation alone making it quicker and easier to read if you are looking at specific areas
As I skim that it just feels like a pile of shit that does nothing but create a few jobs to make reports. It doesn't bind the management. They can literally go do the same thing tomorrow.
Oh wait... "Gravy Analytics is now part of Unacast!"
Why isn't Unacast a party? Where is the monetary fine?
Are we skimming the same thing here? Section II explicitly binds the management and prohibits sale of precise sensitive location data. This is a consent decree - not sure what the FTC banning a company would look like exactly - using your example, Unacast would be bound by the terms of the decree. FTC's shuttering a line of business for these companies and requiring guardrails (which sure, might create jobs for reporting but...those data governance jobs for this type of data specifically should probably exist?), seems like an ok remedy imo. For context:
> "II. Prohibitions on the Use, Sale, or Disclosure of Sensitive Location Data
IT IS FURTHER ORDERED that Respondents and Respondents’ officers, agents, and
employees, whether acting directly or indirectly, must not sell, license, transfer, share, disclose, or otherwise use in any products or services Sensitive Location Data associated with the Sensitive Locations that Respondents have identified within 90 days of the effective date of this Order as part of the Sensitive Locations Data Program established and maintained pursuant to Provision III below."
Yeah government doesn't want to end the surveillance. They want to access it. This action serves that purpose and also makes more work for bureaucrats and lawyers. It's a real win-win from a DC perspective.
At this point, 2FA is the only thing I use my phone for anymore. It's the only reason I even have a phone; I spent about a year without one until I had to for 2FA. But I don't need to carry it around anywhere for that. It would be inaccurate to call it a "mobile" device.
What about extending the protocol to an actual channel-bound challenge-response one, without the need for a (risky) out-of-band key exchange via a QR code?
We could call it something like Web Authentication. I could even imagine small, keychain-sized USB authenticators that you have to touch a capacitive button on to approve an authentication :)
Name Server: NS-225.AWSDNS-28.COM Name Server: NS-1411.AWSDNS-48.ORG Name Server: NS-1914.AWSDNS-47.CO.UK Name Server: NS-556.AWSDNS-05.NET
At least for DNS. Data center appears to be Lightedge.