Google misfiled security form; everyone is exposed.
Also Meta is reorganizing the org chart again.

The Case of the Expired Key Fob

Google is currently dealing with what security researchers are calling an "oopsie" that potentially puts millions of user accounts at risk; it seems the company's OAuth login system failed to check if a startup's domain was still active before trusting it. The core issue is that when a small, failed startup lets its domain registration lapse, a malicious third party can buy it and instantly inherit the OAuth trust relationship Google had already established.

It is the digital equivalent of an office building letting a tenant company go bankrupt but never changing the master lock codes; anyone can now buy the keys on eBay and walk into the server room. Google tried to be helpful by letting developers request a broad scope of permissions during the initial setup. Now, that benevolence is a massive bureaucratic security nightmare. The company's automated domain decommissioning process evidently needs a sticky note reminding it to also revoke the golden access badge.

Meta’s Annual Efficiency Simulation

Meta, the company previously known as Facebook, is once again preparing for an "intense year" by engaging in its annual ritual of organizational chart pruning. The company announced a 5 percent reduction by targeting its "lowest performing employees." This is not a malicious act; this is simply corporate theater.

Every large organization, like an aging server rack, requires regular maintenance to prevent overheating; therefore, Meta is clearing out the bottom 5 percent like it is emptying a spam folder. The company uses the term "performance" as a stand-in for "the people who happened to be on the wrong team when the budget spreadsheet was finalized." The ultimate goal is to generate a press release that implies maximum efficiency, not necessarily to change anything fundamental about how Mark Zuckerberg, CEO, manages the platform's enormous utility bill.

Human Resources Is Not Hiring

A new study has confirmed what most people attempting to find a job already suspected; one in five online job postings are either fake or are never actually filled. The job market is not a market, it is a compliance exercise. Companies post these positions for internal bureaucratic reasons, such as justifying the existence of a department, satisfying government reporting requirements, or creating the illusion of growth for investors.

The average applicant is spending hours tailoring a resume for a position that exists only as a row in an HR database named Q4_Recruitment_Simulation.xlsx. This is the ultimate example of the tech industry automating incompetence. Instead of automating the hard work, they have successfully automated the act of wasting human time on a massive, global scale.

Briefs

• Supply Chain Compliance: Apple will soon receive "Made in America" chips from TSMC's Arizona fab. This is the company finally getting a domestically sourced sticker for its presentation deck.
• Infrastructure Patch Notes: ZFS 2.3 released with ZFS raidz expansion. Your system administrator is now slightly less stressed about that one drive.
• Video Utility Documentation: The extensive tool FFmpeg now has a website called FFmpeg by Example. The utility remains the most complicated way to simply resize a cat video, but now there is better documentation for it.