The mundanity of Tom's sci-fi is always what I find most gripping. Like with the Earworm story, people ultimately just want to get back to their lives.
It's incredible, how it's intense enough to warrant concern, yet generally turns out neutral or positive in its consequences and seems...just barely plausible. Granted, his "Ganymede 2030" talk and the "copyrighted memory/personality" conceptuals he did are a touch hard to set in stone or conceivably believe can happen, but they're not *that* implausible, and this one is strangely realistic.
"Forgot" is such an innocent, optimistic term ... like saying you "forgot" to lock the door on your way out, when what you did was _remove the door from its hinges._
Shubham Pawar all computer security is based on how hard it is to guess really really big numbers and quantum computers are really really good at doing just that. A powerful enough quantum computer can break any encryption almost instantly.
It took me a while to figure out, too. I mean I did once completely miss the hockey world championship (as in I had no idea whatsoever that it was happening until 2 days after it had ended) but IT news of this magnitude? I think I would have noticed.
Back in the early Internet days, I worked at a company doing a presentation to a group of future major companies. An engineer at a remote site, was told to wipe a machine. He executed the command that raced through all of its directories including linkages to main servers. The presentation began to disappear. Unfortunately this also affected the hundreds of sites we hosts around the world. This type of 'simple' failures happens more often than you realize. It's not always reported.
The worst thing is, I remembered the talk a few months later after seeing it and didn't remember this was a fictional story. I told many people about this, like it really happened, well everyone was shocked but believed it.
5 year old comment I know, but thanks anyway for a new word of the day for me! Surprising too, considering the connotation of the word, that it isn't in the V for Vendetta monologue.
The first time I watched this, I didn't realize it was fictional. I already told several people about this.. Great.. now I gotta tell them it was fictional. Sounded so plausible.
GhostInTheShell29 Me too, only after searching the web for corroboration and not finding anything except the text of this video I noticed that it was fictional.
Really good video - very thought-provoking, and your storytelling is excellent. In fact, all your videos over the past year or so have been particularly good. I look forward to seeing more :)
Uku Sibul - The asterisk (*) denotes the response was a correction to a preceding comment. Is capitalisation a grammar issue, or something else? And discerning between to/too is arguably an issue of both grammar and spelling.
you sir, are very good at telling stories. If it wasn't for me liking to read descriptions, to see what sources you used, I would have never known this was fictional. I also wouldn't have done much of anything even if this was true.
***** idk, they were careless before, there was a program from google offering 5k for any bugs found in software, and there was a command left in the code from the early days of TH-cam, which would allow for the removal of any video, or all videos at once, and that was found not too long ago, by a guy who luckily was nice enough to reveal it to google rather than the rest of the world. That, my friend, is carelessness lol.
***** What is the gain by killing people? Terrorists see it as a benefit because it scares people, if people see it as for the greater good, whatever their motive, they do it. You sir, seem to be a believer that 9/11 was an inside job, because you can't see past monetary motive. It was performed because they thought they were doing something for the greater good. No one benefited from it... why can't you understand that? I'm taking cs50 classes, so I'm still new to coding, but I have an understanding, and coding has very little to do with your argument, that they have a "database" which again, is entirely speculation on at which point did they obtain this backup. I understand your argument, it is just wrong lol, put simply.
Nate Von Hartleben 1. If TH-cam didn't have a backup database, then every video that is taken down (let's say copyright claim) would be incapable of being restored (copyright claim challenged and succeeded). Yet they are capable of restoring videos, therefore they have a backup database. You saying "that they have a "database" which again, is entirely speculation on at which point did they obtain this backup," is completely ignorant. 2. I agree that coding and having a backup doesn't go hand-in-hand. You don't need a backup, but you would be stupid not to have one. 3. I do agree that monetary value isn't the sole reason. That still doesn't excuse you jumping straight to 9/11. You simply needed to mention other motivations upon which people can act upon. ***** 4. Other motivations people can act upon: A. To cause panic B. Just to prove that they can (whether to self or to friends) C. Try and get people off the computers and into the real world (though that would require the shutting down of more than just a single website) D. Other (that isn't listed and I haven't thought of) E. All of the above rolled into a nice little package. I find this conversation interesting, because it went somewhere I didn't mean for it to go. But now it's getting tiresome. Can you please stop the discussion?
You could have the access to the videos removed rather than removing the videos altogether, nullifying the need for a backup. And i think my statement was misunderstood, I meant that we didn't know at which point a backup system would have been implemented, although it probably would've been implemented when the value of the company was seen as significant, meaning before that point, there was a point of significant value the company had, and also that line of code allowing for it's deletion also existed. To explain my jump to 9/11, it was a simple reference to make, easily the most recognizable act of terrorism in at least American history. With this comment I say my last piece, and will respectfully close my argument.
"OH GOB I ACCIDENTALLY FILMED VERTICALLY" "Oh gob oh gob oh gob OKAY STAY CALM *WHAT DO WE DO"* "uh, uh, LETS PUT THE SLIDES NEXT TO IT " "phew, nice save" "thanks dude"
Well, this seems very relevant today! Just got my flight cancelled for the Crowdstrike failure today... 🙄 Impacted milions of lifes and caused so many problems! Fortunately I'm only stuck in Sicily for a few more days, but some people were less lucky I feel, as also hospitals got affected by this...!
I had a horrific moment watching this of thinking "Why don't I remember this happening!? Surely this is something that would stick in my mind!" before I realised it was fiction. You had me scared there, Tom!
Imagine the blame tech support all around the world would unfairly get. "HELLO MY GOOGLE ISN'T WORKING PLEASE FIX IT" "Sir, we can't do anything abo" "I DON'T CARE I'M LOSING 50000 DOLLARS AN HOUR I NEED THIS FIXED NOW"
At about 6 minutes in, I got convinced to change my password to a random hash. So I open a new tab, and click on my gmail, then click the 'account' button. After the loading wheel spun 30 times, I got an error: "502. That’s an error. The server encountered a temporary error and could not complete your request." And I got very afraid this video wasn't hypothetical.
1: changing your password doesn't help this attack scenario 2: random passwords are bad passwords unless they are also long and have caps, numbers, and special characters, in which case they are not rememberable. If you want to be secure, you need a password manager.
***** That problem is pretty trivial actually. The application itself can only check for updates on its own, not download them, so the worst that could happen on that side would be that a user thinks he needs an update when he doesn't. The website also uses HTTP, which means that a MitM attack could send the user a malicious file, which can be checked against by looking at the certificate. I don't really think it's a security issue when you're just a bit careful. Sidenote: I just love how Softpedia makes it sound like KeePass could update itself or that KeeFarce can just unlock any file. Really great journalism.
The specific article is actually not relevant, a simple google search shows more than enough results (including the note on the official website). You're right, even though and especially since you use a password manager, you still have to be wary of malware. Just goes to show that you should always be careful with your passwords and the security of your PC. I'm quite curious how much actual spyware there is for client side password managers. You'd think that the cross section between the people who constantly get their PC infected and the users of password managers is rather small, but there might also be a false sense of security there which leads to more carefree behaviour. I do think that your file is more secure, as long as the editor you're using doesn't write unencrypted backups or something terrible like that. However I personally prefer my password manager, since it's better suited to handle large amounts of accounts as well as giving me the ability to more easily find weaknesses in my pseudonymity. The tradeoff between convenience and security is worth it to me.
or the email, so if you ever sent a email to me, i can login in your account, them go to your blizzard account , reset the password and erase all your characters, it is even easier to erase your yout tube account
Yes, if you write in all caps, the indefinite article is obviously always AN, otherwise it would sound stupid when read/screamed out. Don't tell me you didn't know this basic rule⸮
How the hell would you shoot it?? A bunch of people, staring at there phones, going "Oh no! Oh NO! OH NO!!" for two hours?? Good novel, sure. But I can think of hundreds of ways this would make a horrible movie.
What if, I want to make a boolean function. And it will have to take some time to code it. Visual Studio will keep saying it, and so I just add it. Though sometimes, I do forget to remove it, and wonder why the false statement isn't working.
What you should do is set a "Dev_Variable1" as true and a "Dev_Variable2" as False. Whenever you want to do that boolean stuff you throw a reference to the Dev variables. Before you commit, delete the Dev Variables and see what throws errors.
I notice a significant lack of DOS impacts - there would be an essentially astronomical increase in traffic, when EVERYONE with an internet connection would be logging on to EVERYTHING - reading about the news or watching videos on it; determining which of their accounts was linked to gmail and which (thankfully) weren't; and trying to fill the defender, detective or burner roles you presented --- and that's not even including those intentionally increasing (manually or via scripts that may already be waiting to take advantage of something like this happened) the impact of their intentionally disruptive DDOS schemes.
Well, by now there has been at least one major outage for both Google and Facebook, and neither had *too* much of an effect on other sites. Sure, the scenario in the video would be worse, but not too much worse I'd guess.
One underrated thing about this story is that the password glitch was intentional. Knowing Tom I would’ve thought that he would’ve made the source of the glitch a simple accident by a reckless executive but it is much more interesting that it was an intentional attack. This top CEO who was one of the “trusted five” who has access to Google’s code decides to let everything burn. Her manifesto is provocative and hopeful and perfect for the tone of the story.
I find it amusing that TH-cam decided to recommend this video to me, a few days after I accidentally leaked my personal most secure password into a public repository to the main branch
DEAR LORD. I WATCHED 13 MINUTES OF THIS WITHOUT KNOWING THAT IT WAS FICTIONAL. It's only good fortune that made me look at the description before telling someone / everyone, or Googling (funny enough) to try to figure out why the hell I hadn't heard about this. You really should have included something at the beginning of the video. Really. Extremely irresponsible.
Dmitry Dronov Why? Because I ended up telling people about it and now they all think that Google screwed up and all this crazy stuff happened and they didn't hear about it. Only AFTER that did I realize it was fictional.
This is why I use [undisclosed email service] instead of Google as my primary email service. Nobody uses [undisclosed email service], so nobody would bother attacking [undisclosed email service].
Actually thought this was real, until i read the description. But made me realise how much i have centered around one account. Thanks for opening my eyes
Well, I have pretty much abandoned my gmail. I only use it for youtube comments. So uh, I probably wouldn't be effected too much; despite not using facebook. Ye...
woodfur00 Text. Or Calling them. I don't really talk to people though unless I'm with them in person. Sometimes I don't even go on youtube, so I might not even notice xD
There are several reasons why this could never happen. (Disclosure: I was a Google SRE, most of this will be vague because it would otherwise contain some proprietary Google information.) 0) Google SREs. An entire group of engineers whose values intrinsically value reliability, stability and dependability. 1) Google doesn't run 24h oncalls for critical infrastructure. They run 12h oncalls between two sites at least 8 hours apart. 2) Google has an in-company "open source" design where any engineer can access nearly any source code. So, someone, somewhere, could roll this back. 3) Google corp uses two-factor authentication. No one could ever login far enough to remote wipe any coworker's phone. (Not that it matters, the oncall is awake anyways. cf. #1) 4) all Google engineers have a laptop setup and ready to get onto the corp network and work on code-securely-from anywhere in the internet. 5) Google has continuous tests running and, someone, somewhere, at Google is running a test against this. When it triggers, pager storm. The likelihood against this, even in the face of malicious intent, lasting for longer than 5 minutes is so many 9's that you might as well consider it 1.
danielcw Different code, different owners. One person cannot unilaterally remove both the password and two-factor authentication without at least one other person approving the checkin... which in this scenario would require two people with malicious intent. ... also, it wouldn't make sense to make this change when everyone is in the office, so we're talking about a person who is already in London/Dublin, and thus wouldn't need to take a plane flight to Europe. Which also means the two actors with malicious intent would have had to orchestrate their on-calls shifts to overlap. Honestly, with the inhouse knowledge, the best time to get this commit through would be end-of-day Friday... when SREs pretty much universally are going to lynch you for doing any sort of checkin... I realize that the idea is to contrive an example to say "what if..." but these sorts of "what if"s are the exact thing that SREs are tasked with preventing.
+puellanivis Because if you THINK your security is infallible and you can't come up with a way it could fail, then it's impossible for it to fail in some novel way no one considered or realized was possible, right?
+Privacy Lover It's not that I think their security is infallible. It's that the particularly "novel" way that Tom describes is not actually novel and couldn't happen at Google. So, to be clear, this is not some "novel way no one considered or realized"... sure there could be a different way that this specific scenario (Google stops checking password validity) could happen, but nothing he actually described is possible.
+puellanivis But he did say it was fictional and does he even _have_ inside knowledge at Google? Furthermore, he just used Google as an example of a company that wouldn't sue him. He could have picked Microsoft (which would have been entertaining him describing all those Windows 8 and Windows 10 PCs going doolally because the user's main account is linked to a Microsoft online account) Apple, Facebook, any system. It's why I find it hilarious that all these commenters are specifically talking about Google.
I recognize that this story is false, but one thing I'm really curious about is the "Trusted Five" part of the story. I googled "Google's trusted 5" as well as "Maria Christensen" and nothing related other than this very video showed up, but having only 5, or at least some small-ish number of coders as the only ones allowed to touch the core code sounds very believable, so I'm curious about how true it is.
In my organization we have the O5 Council, but if you figure out any of their actual identities you get given amnesia meds and fed to a giant superintelligent crocodile.
@@ceruchi2084 Why would they give the person amnesia meds if they're going to feed them to a crocodile anyway? Is it so that you can't tell the crocodile?
The single point of failure is the same: The Login API. Just instead of a massive breach of privacy, we got the most impactful DoS against google's whole infrastructure.
If this really happened: 1. I would download ALL my files and try and secure my account from anything I couldn't protect. 2. Go into everyone's account.
The code-to-production release process works like that in small screwy shops (Dropbox apparently being one of them), but in case of modifying widely used software, and especially security critical pieces of it, and especially where lotsa money is involved, there is a formal code review / signoff process that requires multiple persons to become involved before anything goes "live".
This is one of the most interesting speeches I've seen in a while... I stumbled on this video after a tweet by a Mojang member (ironic, because I used my gmail to register for twitter) and it freaked me out, in a good way. I would love to see more vids like these!
The Real Flenuan I looked pretty much through whole thing wondering pretty much all the time "how the heck have I missed this thing?". Even tried to search for Christiansens current state until figured out that something is not quite right :)
This is sooo deep. Thanks Tom for this insights. Blew my mind. Have you ever looked at your activity history at google? It is scary, you can listed to any voice command you gave your phone, see when exactly you used your alarm app and when you went for shopping and where. You can reconstruct every mental break-down or procrastination session you had, just by looking at your google search history. This is actually worse than any dystopian future vision ever created. Well, it is normality now and most don't know and don't need to. I wonder, if this "Single Point of Failure"-day will ever come.
5:47- “In most cases, you have access to their full search history...” Writers, especially you crime novelists, this is your cue to have a panic attack.
The mundanity of Tom's sci-fi is always what I find most gripping. Like with the Earworm story, people ultimately just want to get back to their lives.
It's incredible, how it's intense enough to warrant concern, yet generally turns out neutral or positive in its consequences and seems...just barely plausible. Granted, his "Ganymede 2030" talk and the "copyrighted memory/personality" conceptuals he did are a touch hard to set in stone or conceivably believe can happen, but they're not *that* implausible, and this one is strangely realistic.
“Facebook became the most trusted site” boy did that one age beautifully
definitely
They've never been seen as a trusted site. That's the joke
I see your point, but that must have been partially untrue for people to be highly surprised by the leak
@@vedvod have you seen Zuckerberg's quote about people being stupid giving him their personal data? Data leaks are the least of their problems.
That's funniest joke I laughed at hahahah
"Forgot" is such an innocent, optimistic term ... like saying you "forgot" to lock the door on your way out, when what you did was _remove the door from its hinges._
Take my like good sir, you made me laugh
fancy guy _using italics on TH-cam_
Nice
This feels like a line which could actually have been in the video
You missed the chance to name the three groups "Defenders, Detectives, Destroyers" for the alliteration.
Alliteration is always awesome
+Ryan Gilbert assonance is vowel sounds, alliteration consonants
Tripple Ds are just too big. ;)
:DDD
:DDB *_double butted_*
Crick1952 Alliterations are always awesome
"Google's Trusted Five"
Marvel is already buying the rights.
*Avengers theme intensifies*
*Kazoo Avengers theme intensifies*
Too late. Disney already did and claimed copyright.
Hey Ken M get back to us soon buddy
@@snoopyguy21 Disney owns Marvel
I love how he added (fictional) to the title. xD
+legoboyz3! Didn't expect to see you here
That's what they want you to think.
Didn't think you'd be here.
I don't get it. Why?
I mean, if aliens...
Me: Well it's not like this fictional scenario has e-
Tom Scott: *It already happened with Dropbox.*
It’ll happen again if quantum computers ever happen
@@talongreenlee7704 Elaborate?
Shubham Pawar all computer security is based on how hard it is to guess really really big numbers and quantum computers are really really good at doing just that. A powerful enough quantum computer can break any encryption almost instantly.
@@talongreenlee7704 Which is why quantum cryptography is being developed.
Xelphonential how does that work?
"Everyone has that one single point of failure"
Like that semicolon on line 463
**shudders**
Can't remember.
+ToCzegoSzukasz But if the semi colon weren't there...you WOULD remember. Ooooooohh...scaaaaaary.
+ᕕ( ᐛ )ᕗ or the Greek question-mark on line 6.
+Coty0010 When you accidently tapped the Caps Lock key instead of A on line 2 and didn't notice it until you were done making that 53-line rewrite.
This must be made into a movie.
Totally!
Peteris Rudzitis the new episode of South Park kinda covered this
nah not really. it really really really fits a "black mirror" episode though.
Agreed
Which one?
TH-cam recommended this video on April's Fools. Pretty convenient.
FireSiku Again, 3 years on!
Yep
4 years
6 now
*reads the video is fictional*
*halfway through thinks its not*
*flips shit inside his head*
*thinks again*
*realises that it's fictional*
+Mikat Tech at Google pushes his chair back. Goes to play foosball, having averted yet another Customer Realization Cascade.
Mikat same here. Got half way through and went to download a backup of my blog 😁
Yup. Hahah.
So it didn't actually happen?
@@Chris_Cross Is this real or not?
Tom, if you wrote a novel about this, I would buy it immediately. You had me thrilled for the entire fifteen minutes.
So detailed story that I actually thought this was true and wondered how could I have missed those news...
Yup! I thought it was real and I was like "Huh? did I sleep through that day or something?" but then I read the description :p
It took me a while to figure out, too. I mean I did once completely miss the hockey world championship (as in I had no idea whatsoever that it was happening until 2 days after it had ended) but IT news of this magnitude? I think I would have noticed.
Me too
@@hellterminator didn't even know there was a world hockey championship. Used to play in school though, hated playing on the turf, scraping knees
Same
She got caught at the airport, Her flight got delayed the airport ran google systems.
Just the best ending ever!
irony overdose
Spoiler alert ffs
george hine don't read the comments before the video
Lynx_ it's not real ex dee
I read this comment just as Tom said it
Back in the early Internet days, I worked at a company doing a presentation to a group of future major companies. An engineer at a remote site, was told to wipe a machine. He executed the command that raced through all of its directories including linkages to main servers. The presentation began to disappear. Unfortunately this also affected the hundreds of sites we hosts around the world. This type of 'simple' failures happens more often than you realize. It's not always reported.
rm -rf /
sudo rm -rf --no-preserve-root /*
drop database sure is such a powerful sentence
@@tobybartels8426 such terrifying spell
Someone got fired that day.
The worst thing is, I remembered the talk a few months later after seeing it and didn't remember this was a fictional story. I told many people about this, like it really happened, well everyone was shocked but believed it.
It's like the purge, only online.
The purge works
BurntToast it would work
BurntToast It just works dude
As they say _the purge works_
Precisely
After 10 years, Crowdstrike proofed that this video is still spot on with onosecond
A marvelous comical geeky horror fiction with just enough points of specificity and verisimilitude to keep you awake at night.
"Geeky horror fiction" is the best phrase I can think of to describe it, mostly because of how shockingly feasible it is.
5 year old comment I know, but thanks anyway for a new word of the day for me! Surprising too, considering the connotation of the word, that it isn't in the V for Vendetta monologue.
THIS. Is a prime example of why you should always read descriptions before watching a video. LOL
10:20 mins on,, and i read the comments and the description , i was worried.. and surpriced..
Yes, although it is a bit of click bait to not say its fiction in the title.
The first time I watched this, I didn't realize it was fictional. I already told several people about this..
Great.. now I gotta tell them it was fictional. Sounded so plausible.
And I was wondering why I've never heard of this.
GhostInTheShell29
Me too, only after searching the web for corroboration and not finding anything except the text of this video I noticed that it was fictional.
Really good video - very thought-provoking, and your storytelling is excellent. In fact, all your videos over the past year or so have been particularly good. I look forward to seeing more :)
Why do you dress like him
@@osdever LMAO
@@osdever Sally, Tom, Jay Foreman and all these people belong to the same circles. (why do you think they dress like him though?)
Obviously it's fictional because Kim Kardashian's tweet has proper grammar.
This is just waaaaaaayyyyyy to good....
*Yeah, you need some proper grammar lessons too.
BRACEY12345 Punctuation is what he needs, not grammar.
Uku Sibul - The asterisk (*) denotes the response was a correction to a preceding comment. Is capitalisation a grammar issue, or something else? And discerning between to/too is arguably an issue of both grammar and spelling.
Uku Sibul He never said it was a grammar mistake, he simply corrected the sentence.
Why is the way Tom says “as their phones quietly erase themselves” so iconic
Oh hi
you sir, are very good at telling stories. If it wasn't for me liking to read descriptions, to see what sources you used, I would have never known this was fictional. I also wouldn't have done much of anything even if this was true.
***** idk, they were careless before, there was a program from google offering 5k for any bugs found in software, and there was a command left in the code from the early days of TH-cam, which would allow for the removal of any video, or all videos at once, and that was found not too long ago, by a guy who luckily was nice enough to reveal it to google rather than the rest of the world. That, my friend, is carelessness lol.
***** What is the gain by killing people? Terrorists see it as a benefit because it scares people, if people see it as for the greater good, whatever their motive, they do it. You sir, seem to be a believer that 9/11 was an inside job, because you can't see past monetary motive. It was performed because they thought they were doing something for the greater good. No one benefited from it... why can't you understand that? I'm taking cs50 classes, so I'm still new to coding, but I have an understanding, and coding has very little to do with your argument, that they have a "database" which again, is entirely speculation on at which point did they obtain this backup. I understand your argument, it is just wrong lol, put simply.
Nate Von Hartleben 1. If TH-cam didn't have a backup database, then every video that is taken down (let's say copyright claim) would be incapable of being restored (copyright claim challenged and succeeded). Yet they are capable of restoring videos, therefore they have a backup database. You saying "that they have a "database" which again, is entirely speculation on at which point did they obtain this backup," is completely ignorant.
2. I agree that coding and having a backup doesn't go hand-in-hand. You don't need a backup, but you would be stupid not to have one.
3. I do agree that monetary value isn't the sole reason. That still doesn't excuse you jumping straight to 9/11. You simply needed to mention other motivations upon which people can act upon.
***** 4. Other motivations people can act upon:
A. To cause panic
B. Just to prove that they can (whether to self or to friends)
C. Try and get people off the computers and into the real world (though that would require the shutting down of more than just a single website)
D. Other (that isn't listed and I haven't thought of)
E. All of the above rolled into a nice little package.
I find this conversation interesting, because it went somewhere I didn't mean for it to go. But now it's getting tiresome. Can you please stop the discussion?
You could have the access to the videos removed rather than removing the videos altogether, nullifying the need for a backup. And i think my statement was misunderstood, I meant that we didn't know at which point a backup system would have been implemented, although it probably would've been implemented when the value of the company was seen as significant, meaning before that point, there was a point of significant value the company had, and also that line of code allowing for it's deletion also existed. To explain my jump to 9/11, it was a simple reference to make, easily the most recognizable act of terrorism in at least American history. With this comment I say my last piece, and will respectfully close my argument.
Death's Heir /)
"OH GOB I ACCIDENTALLY FILMED VERTICALLY"
"Oh gob oh gob oh gob OKAY STAY CALM *WHAT DO WE DO"*
"uh, uh, LETS PUT THE SLIDES NEXT TO IT "
"phew, nice save"
"thanks dude"
To be honest it is a remarkably smart way to film and format a presentation for the Internet.
Oh gob
Oh gob
Oh gob
oh gob
Well, this seems very relevant today! Just got my flight cancelled for the Crowdstrike failure today... 🙄 Impacted milions of lifes and caused so many problems! Fortunately I'm only stuck in Sicily for a few more days, but some people were less lucky I feel, as also hospitals got affected by this...!
Can confirm. I'm a food service employee for one and our department's computers were down for the entire morning
I had a horrific moment watching this of thinking "Why don't I remember this happening!? Surely this is something that would stick in my mind!" before I realised it was fiction. You had me scared there, Tom!
Tom Scott just channelled Tom Clancy for 13 minutes.
Imagine the blame tech support all around the world would unfairly get.
"HELLO MY GOOGLE ISN'T WORKING PLEASE FIX IT"
"Sir, we can't do anything abo"
"I DON'T CARE I'M LOSING 50000 DOLLARS AN HOUR I NEED THIS FIXED NOW"
Sobsz hold on I recognise your username.
I used to work in tech support for a while and that's actually what some people told me
"Maybe you should have been paying me 50000 dollars an hour then"
do i know you
@@pandaqwanda sona a
At about 6 minutes in, I got convinced to change my password to a random hash. So I open a new tab, and click on my gmail, then click the 'account' button. After the loading wheel spun 30 times, I got an error: "502. That’s an error. The server encountered a temporary error and could not complete your request." And I got very afraid this video wasn't hypothetical.
1: changing your password doesn't help this attack scenario
2: random passwords are bad passwords unless they are also long and have caps, numbers, and special characters, in which case they are not rememberable. If you want to be secure, you need a password manager.
May I ask what this vulnerability is?
*****
That problem is pretty trivial actually. The application itself can only check for updates on its own, not download them, so the worst that could happen on that side would be that a user thinks he needs an update when he doesn't. The website also uses HTTP, which means that a MitM attack could send the user a malicious file, which can be checked against by looking at the certificate. I don't really think it's a security issue when you're just a bit careful.
Sidenote: I just love how Softpedia makes it sound like KeePass could update itself or that KeeFarce can just unlock any file. Really great journalism.
The specific article is actually not relevant, a simple google search shows more than enough results (including the note on the official website).
You're right, even though and especially since you use a password manager, you still have to be wary of malware. Just goes to show that you should always be careful with your passwords and the security of your PC.
I'm quite curious how much actual spyware there is for client side password managers. You'd think that the cross section between the people who constantly get their PC infected and the users of password managers is rather small, but there might also be a false sense of security there which leads to more carefree behaviour.
I do think that your file is more secure, as long as the editor you're using doesn't write unencrypted backups or something terrible like that. However I personally prefer my password manager, since it's better suited to handle large amounts of accounts as well as giving me the ability to more easily find weaknesses in my pseudonymity. The tradeoff between convenience and security is worth it to me.
+Politiekman ben je Nederlands?
I didn't read the description and I totally had a War of the Worlds moment just now...
I for one can't wait for the Internet apocalypse.
PhazonSouffle See you down an Arizona bay.
+Woodside I'm already here, it's unusually cold right now for some reason.
I literally just now realized Tom Scott wears the same red T-shirt in almost every appearance.
i absolutely thought it was real until i finished the video. tom scott you're brilliant.
One account. All of Google. ☺
Only if you know the username?
A screen name can differ significantly from a username and that is at least something.
but the part after /user/ in your yt channel's URL (if you have a pre-googleplus account) is sufficient for logging in, is it not?
or the email, so if you ever sent a email to me, i can login in your account, them go to your blizzard account , reset the password and erase all your characters, it is even easier to erase your yout tube account
All of Google. One account.
THIS WOULD MAKE AN GREAT MOVIE
An great movie. An great move?! AN GREAT MOVIE?!?
Yes, if you write in all caps, the indefinite article is obviously always AN, otherwise it would sound stupid when read/screamed out. Don't tell me you didn't know this basic rule⸮
How the hell would you shoot it?? A bunch of people, staring at there phones, going "Oh no! Oh NO! OH NO!!" for two hours??
Good novel, sure. But I can think of hundreds of ways this would make a horrible movie.
Henry Lange This would make an even better book.
Henry Lange welp they makin it into a movie m8
Single Point of Failure: The (Real) Day TH-camrs Forgot To Check Video Descriptions
Antler ourmine are back (read the description)
Moral of the story: do not put "return: true;" on top of any code.
What if, I want to make a boolean function. And it will have to take some time to code it. Visual Studio will keep saying it, and so I just add it.
Though sometimes, I do forget to remove it, and wonder why the false statement isn't working.
Coding Hub i always have "functions that would return a bool but i wanna write them later" always default to false ^^
What you should do is set a "Dev_Variable1" as true and a "Dev_Variable2" as False. Whenever you want to do that boolean stuff you throw a reference to the Dev variables.
Before you commit, delete the Dev Variables and see what throws errors.
Your IDE/linter should warn you of the dead code, and you should have automated tests that would detect that your code isn't running correctly.
What if the return: true; was for "If the user was logged OUT"?
I notice a significant lack of DOS impacts - there would be an essentially astronomical increase in traffic, when EVERYONE with an internet connection would be logging on to EVERYTHING - reading about the news or watching videos on it; determining which of their accounts was linked to gmail and which (thankfully) weren't; and trying to fill the defender, detective or burner roles you presented --- and that's not even including those intentionally increasing (manually or via scripts that may already be waiting to take advantage of something like this happened) the impact of their intentionally disruptive DDOS schemes.
This is the only scenario in which DDOS is actually a defender mechanism.
Well, by now there has been at least one major outage for both Google and Facebook, and neither had *too* much of an effect on other sites. Sure, the scenario in the video would be worse, but not too much worse I'd guess.
One underrated thing about this story is that the password glitch was intentional. Knowing Tom I would’ve thought that he would’ve made the source of the glitch a simple accident by a reckless executive but it is much more interesting that it was an intentional attack. This top CEO who was one of the “trusted five” who has access to Google’s code decides to let everything burn. Her manifesto is provocative and hopeful and perfect for the tone of the story.
Tom Scott's alt history scenarios are always a treat
"It takes more than a single point of failure to change the world..." I'd say exactly three - a bat, a civet and a human wanting an exotic snack
"And thus a pandemic was born...."
@@SharpAssKnittingNeedles 23*
Everything this guy does is interesting.
Time to write a new novel dude :P
+Liou David I would read that.
I would love to read that
YES! i would SOOO read it
Idk how to read
Digital Fortress by Dan brown. instead of Google being hacked, it was the NSA
This is a GeekyConf presentation about a future.
Not *the* future; just *a* future.
I find it amusing that TH-cam decided to recommend this video to me, a few days after I accidentally leaked my personal most secure password into a public repository to the main branch
I would be a Self-Burner, I would destroy my own account so nobody stole my information
Backup and delete
realscapegoat so a defender
@@kito4525 Google has already done the backup for you (Both in this scenario and in real life), so this is the smartest plan in a situation like this.
Ahaha my accounts have nothing on them but shitposts. And I have zero personal information
@@sirrivet9557 ALL your accounts? Keyword: ALL. If you leave a single account with personal info, then you're toast.
DEAR LORD. I WATCHED 13 MINUTES OF THIS WITHOUT KNOWING THAT IT WAS FICTIONAL. It's only good fortune that made me look at the description before telling someone / everyone, or Googling (funny enough) to try to figure out why the hell I hadn't heard about this.
You really should have included something at the beginning of the video. Really. Extremely irresponsible.
Or in the title
Nathan T This.
Why? Watching all this not knowing that's fictional was quite amazing for me :D
Dmitry Dronov Why? Because I ended up telling people about it and now they all think that Google screwed up and all this crazy stuff happened and they didn't hear about it. Only AFTER that did I realize it was fictional.
***** lol
This is why I use [undisclosed email service] instead of Google as my primary email service. Nobody uses [undisclosed email service], so nobody would bother attacking [undisclosed email service].
I can neither confirm nor deny this.
I use one that technically no longer exsists
sigaint
Vivaldi mail?
Hotmail?
For fucks sake, can nobody see the (Fictional) in the title?
TristanBomb That's because I only added the (Fictional) a couple of weeks ago, after people didn't notice the (Fictional) in the description!
***** Ah, that makes sense.
***** I was wondering why I didn't remember this xD
+Tom Scott Change the title back so we can continue trolling people
+Tom Scott We must prepare 17 sacrifices a day to feed the holy Google.
The anxiety this video gives me is telling me to throw my computer into a lake and go live in the woods forever
"This too, shall pass" is a quote I've been using for years, love it.
When you suddenly wipe your BGP routing tables and deplatform yourself, all of your workers, technicians and engineers:
Press F
Actually thought this was real, until i read the description. But made me realise how much i have centered around one account. Thanks for opening my eyes
"The backup you haven't done in a while"
Shit.... Now I have to find my external hard drive.
Dear hackers...
I have a challenge for you...
it's been 2 months could you tell us already mate
hahahahahahahaha
Knock knock
Sure, they can totally just hack Google. That's defiantly doable
***** Fair enough
Well damn. And I'd be the one person locked out of secure interaction because I didn't put my trust in Facebook.
Well, I have pretty much abandoned my gmail. I only use it for youtube comments. So uh, I probably wouldn't be effected too much; despite not using facebook. Ye...
Lilly S You know Google owns TH-cam, right?
woodfur00 Yes, but the worst anyone can do on my youtube is do hate comments or delete it.
Lilly S But would you have a secure way to communicate with people?
woodfur00 Text. Or Calling them. I don't really talk to people though unless I'm with them in person. Sometimes I don't even go on youtube, so I might not even notice xD
There are several reasons why this could never happen. (Disclosure: I was a Google SRE, most of this will be vague because it would otherwise contain some proprietary Google information.)
0) Google SREs. An entire group of engineers whose values intrinsically value reliability, stability and dependability.
1) Google doesn't run 24h oncalls for critical infrastructure. They run 12h oncalls between two sites at least 8 hours apart.
2) Google has an in-company "open source" design where any engineer can access nearly any source code. So, someone, somewhere, could roll this back.
3) Google corp uses two-factor authentication. No one could ever login far enough to remote wipe any coworker's phone. (Not that it matters, the oncall is awake anyways. cf. #1)
4) all Google engineers have a laptop setup and ready to get onto the corp network and work on code-securely-from anywhere in the internet.
5) Google has continuous tests running and, someone, somewhere, at Google is running a test against this. When it triggers, pager storm.
The likelihood against this, even in the face of malicious intent, lasting for longer than 5 minutes is so many 9's that you might as well consider it 1.
puellanivis at least point 3 was mentioned in the story. The fictional code change also ruled out two-factor authentification and other checks
danielcw Different code, different owners. One person cannot unilaterally remove both the password and two-factor authentication without at least one other person approving the checkin... which in this scenario would require two people with malicious intent.
... also, it wouldn't make sense to make this change when everyone is in the office, so we're talking about a person who is already in London/Dublin, and thus wouldn't need to take a plane flight to Europe. Which also means the two actors with malicious intent would have had to orchestrate their on-calls shifts to overlap.
Honestly, with the inhouse knowledge, the best time to get this commit through would be end-of-day Friday... when SREs pretty much universally are going to lynch you for doing any sort of checkin...
I realize that the idea is to contrive an example to say "what if..." but these sorts of "what if"s are the exact thing that SREs are tasked with preventing.
+puellanivis Because if you THINK your security is infallible and you can't come up with a way it could fail, then it's impossible for it to fail in some novel way no one considered or realized was possible, right?
+Privacy Lover It's not that I think their security is infallible. It's that the particularly "novel" way that Tom describes is not actually novel and couldn't happen at Google.
So, to be clear, this is not some "novel way no one considered or realized"... sure there could be a different way that this specific scenario (Google stops checking password validity) could happen, but nothing he actually described is possible.
+puellanivis But he did say it was fictional and does he even _have_ inside knowledge at Google?
Furthermore, he just used Google as an example of a company that wouldn't sue him. He could have picked Microsoft (which would have been entertaining him describing all those Windows 8 and Windows 10 PCs going doolally because the user's main account is linked to a Microsoft online account) Apple, Facebook, any system.
It's why I find it hilarious that all these commenters are specifically talking about Google.
Jeez Tom, you're so good at making fake things seem real that you should work for The Onion!
I’d love it if he made nerdy onion stories, it would be great
“Facebook became the most trusted site” that ages like fine milk.
Yooo as soon as I heard about the Microsoft outage it reminded me of this video, a lot of things sound similar
💀
This needs to be a movie.
this aged like a fine wine
I often come back to his because the quote "the world doesnt get changed through a single point of failure" just stuck with me
I recognize that this story is false, but one thing I'm really curious about is the "Trusted Five" part of the story. I googled "Google's trusted 5" as well as "Maria Christensen" and nothing related other than this very video showed up, but having only 5, or at least some small-ish number of coders as the only ones allowed to touch the core code sounds very believable, so I'm curious about how true it is.
Unless someone goes crazy or devotes a ridiculous amount of their life to ruining your company, it's a pretty safe way to run things.
In my organization we have the O5 Council, but if you figure out any of their actual identities you get given amnesia meds and fed to a giant superintelligent crocodile.
_scp 762 has escaped containment_
@@williamwhitehouse8741 how can scp 762 escape containment? its just an inanimate coffin
@@ceruchi2084 Why would they give the person amnesia meds if they're going to feed them to a crocodile anyway? Is it so that you can't tell the crocodile?
Watching this just after the Google crash of 2020 makes this frighteningly more realistic
Same, friends are worrying if we should change our password immediately.
The single point of failure is the same: The Login API. Just instead of a massive breach of privacy, we got the most impactful DoS against google's whole infrastructure.
There was a crash? Why didn't I know?
@@albertjackinson just a few hours of outage on Dec 14, 2020. It wouldn't cause a glitch on your experience if not online that time
The time when Google and youtube were taken down for a few hours for updates? I'm actually surprised at how I don't know about it.
"Thank you very much, I've been Tom Scott, Enjoy the rest of the Show"
Who you going to be next time?
This sounds like a really good plot for anything: a game, a movie, a book, anything
This seems strangely relevant now
If this really happened:
1. I would download ALL my files and try and secure my account from anything I couldn't protect.
2. Go into everyone's account.
+NiteDasher So defense against the offensive...but then be offensive. Nice.
Actually, not.
+Teddy Frozevelt I don't use Gmail ;)
Hahahaha.
***** Idc about my youtube, and my google and I don't have a Gmail account, why would I?
***** sooooo?
The code-to-production release process works like that in small screwy shops (Dropbox apparently being one of them), but in case of modifying widely used software, and especially security critical pieces of it, and especially where lotsa money is involved, there is a formal code review / signoff process that requires multiple persons to become involved before anything goes "live".
The video is 5 years old, and i already watched it at least time, yet here it is back in my youtube feed.
And honestly, this video deserves this.
"Facebook became the most trusted site" that one is becoming like a fine wine
aged like fine milk
This is one of the most interesting speeches I've seen in a while... I stumbled on this video after a tweet by a Mojang member (ironic, because I used my gmail to register for twitter) and it freaked me out, in a good way. I would love to see more vids like these!
This was a warning message.
"this too shall pass"
Watching this a my father is having a rough ass final stretch with his heart.
Yup.
truly a single point of failure
It took me five minutes to realize this was fictional.
The Real Flenuan Yeah, when he said Facebook was used for trusted communication :D
The Real Flenuan I looked pretty much through whole thing wondering pretty much all the time "how the heck have I missed this thing?". Even tried to search for Christiansens current state until figured out that something is not quite right :)
The Real Flenuan it took me watching it for a second time to figure it out.
Cameron Webster Haha, damn…
I forgot so many times that it's only fictional
This is sooo deep. Thanks Tom for this insights. Blew my mind. Have you ever looked at your activity history at google? It is scary, you can listed to any voice command you gave your phone, see when exactly you used your alarm app and when you went for shopping and where. You can reconstruct every mental break-down or procrastination session you had, just by looking at your google search history. This is actually worse than any dystopian future vision ever created. Well, it is normality now and most don't know and don't need to. I wonder, if this "Single Point of Failure"-day will ever come.
This is so fascinating, I've watched it dozens of times but still will a dozen more times I bet.
The Purge: Internet Edition
Well this video is about to blow up again
"And logs out, which is ironic because logging out doesn't mean anything anymore" Tom Scott is wonderful.
Wow. That sent chills up my spine. Fantastic work, Tom!
Tom needs to write a book or something, this is genius
“The trusted five”
*Scp vibes intensify*
The trusted 13 for the O-5 but yes
Time for a yearly rewatch!
Who's here after the Google outage?
Ah, so THAT'S why I just got this video in my recommended.
I'm currently a Computer Science student and this video just reassured me that even two words can screw everything up and crash.
So did google fall down.
@Ali Burak r/woooosh
"4chan entered chat"
"You have lost connection to the server"
9:45 Just now I realised this is all FICTIONAL...
damn it seemed so real to me...
5:47- “In most cases, you have access to their full search history...”
Writers, especially you crime novelists, this is your cue to have a panic attack.
This is an excellent talk about a very plausible What If scenario with enormous repercussions that truly would be impossible to foresee.
Absolutely phenomenal talk.
I loved every moment of this. So glad TH-cam recommended it to me today- years later.
glad i'm not the only one who was thinking of this 😅 whoopsies
this story even takes place in july, amazing
On a Friday afternoon, too
That last speech about how this too shall pas hits different in the 2021
The way Tom says this sounds like he's describing a XK class end of the world scenario.