See the post on BlueSky: https://bsky.app/profile/provisionalidea.bsky.social/post/3lhujtm2qkc2i
According to many comments, the US government DOES use SQL, and Musk is not understanding much what’s going on.
You must log in or register to comment.
Elon’s shock and fury about the database key sounds like he got a report from an out-of-breath 20 year old DOGE kid who thinks they’re hot shit and discovered some massive flaw.
Elon also seems like the kind of person that believes a database schema is all that’s needed to govern a population.
Database schema = “Not fraudulant”, what’s so hard about that? Login credentials don’t even need to be encrypted if you say no fraud before you log in, and cross your fingers. It’s basic programming knowledge, come on man. Also throw some salt over shoulder and slaughter a goat for good measure just in case.
You just describe half of my career. 😅
You joke, but one of the programs at my work we use legit doesn’t need credentials, just a username. That one’s a head scratcher to me.
Would that almost be OK if it were like 40 characters long? Like, you can view any photo on Google Photos if you have the right alphanumeric string
Would still be saved insecurely in password managers and other issues though
Login credentials don’t even need to be encrypted if you say no fraud before you log in, and cross your fingers
Don’t forget to unset the evil bit as well!
Login? Why would I do that? Aren’t the credentials in the code? I just hit the go button.
In plain text I assume right? You’re not crazy…
If they weren’t in plain text how could we check to make sure it’s still there?
He’s mad because it isn’t blockchain
Goddammit, now you’re giving him ideas.
2027 Bingo Card: US adopts BTC as reserve currency, replaces USD, both crash.
BTC? No way, that’s way too sane. It’s going to be DOGE.
Nah it’ll be Trump Coin. Gotta own the grift from the top down
It’s not impossible. There are a lot of crypto grifters who have been prepping to scam the American government.
Pretty sure that was already something they announced that they’d do.
I wouldn’t be giving him any ideas unless I founded a company and he bought his way in
He already wants to replace everything in the US with Blockchain and Crypto scam shit doesn’t he?
Did you want to trust a central authority for your Social Security? It’ll get censored! /s
I’m sure folks on here know this, but you know, there’s also that 10K a day that don’t so…
What makes this especially funny, to me, is that SSN is the literal text book example (when I was in school anyway) of a “natural” key that you absolutely should never use as a primary key. It is often the representative example of the kinds of data that seems like it’d make a good key but will absolutely fuck you over if you do.
SSN is not unique to a person.
They get reused after death, and a person can have more than one in their lifetime (if your id is stolen and you arduously go about getting a new one).Edit: (See responses) It seems I’m misinformed about SSNs, apologies. I have heard from numerous sources that they are not unique to a person, but the specifics of how it happens are unknown to me.And they’re protected information due to all the financials that rely on them, so you don’t really want to store them at all (unless you’re the SSA, who would have guessed that’d ever come up though!?)
It’s so stupid that it would be hilarious if people weren’t dying.
Small correction to an otherwise great explanation: SSNs are not recycled after death.
**Q20: *Are Social Security numbers reused after a person dies?*****A: No. We do not reassign a Social Security number (SSN) after the number holder’s death. Even though we have issued over 453 million SSNs so far, and we assign about 5 and one-half million new numbers a year, the current numbering system will provide us with enough new numbers for several generations into the future with no changes in the numbering system.
“Several generations” well that is fucking garbage
The entire number is garbage. Change the last digit and you have randomly guessed a perfectly valid SSN.
Less secure than a gift card
Well, it’s an identifier, your problem if that you have been using it as some kind of access key
You can guess a phone number as well by changing the last number, but that information has 0 value unless it is coupled with other informations.
You can reverse engineer a good bit of an SSN if you just have someone’s birth date and where they were born.
I am not sure if you are agreeing with me or not, but DOB and location where you were born are additional informations as I mentioned in my replie before.
Oh yeah I agree that just getting a SSN is not a big issue itself but the fact that you can reverse engineer it from known information makes it not a very good security measure to prove identity.
Nah. It’s worked for 50 years and if we get another 30 then it’s done its job well. Government is supposed to review and adjust things as time goes on and Social Security Numbers weren’t intended to uniquely identify citizens. They probably expected an overhaul to be done by 2020.
They fact that we haven’t reworked portions of it and rely on SSNs to identify citizens shows that we haven’t had a forward-thinking Congress in the last 20 years at minimum.
well tbf, the standard coming from computing is doubling the bits until it stops being a problem, or with ipv6 practically having more IPs than there are atoms in the entire planet of earth (i think i did the calculation a while ago, and it was like, most of the atoms in earth, so like, not quite, but for all intents and purposes, might as well be)
According to XKCD about 40% of the earth
yeah that sounds about right, someone should make an XKCD search engine i think.
So they’ve issued almost half the possible numbers, current US population is actively using 1/3rd of them. I think unless there is a major drop in birth rates “several generations” is two. Either my great grandkids will be reusing dead people SSNs or there will be 10 digit numbers which is going to be a problem for any systems that coded it as char(9).
Ongoing trends would indicate a significant drop in birth rate is extremely likely. Major cities will most likely be facing population shrinkage by the end of the century
Thanks for (starting to) explain this concept to people not accustomed to how the US does their shit.
See, where i live, we used to have for example a Tax-Number. That was a thing the taxdepartment used to identify a person. But if you move from city a to city b, that numbers changes. So if you move a lot, you will have numerous of these.
Now, some 15 years back, the Tax-ID was introduced (fellow residents at this point will lnow it might be Germany) and this number is a one-in-a-kind ID that will only be assigned to you. They create it shortly after birth. My sons first registraion ID was this, before anyrhing else. You will also get a uniqie healthcare-ID that also works like that.So…how does that work in the US and why is habing a changing number that is not unique helpful? Or what is Elon not getting? I dont get it either because I dont know how this works for you.
Thanks in advance to shed light on this.
It doesn’t. There is no truely unique ID in the US.
Source: myself. Worked on health insurance and it was hell.
It’s wild too. I’ve been in the hospital a lot lately and in addition to a bar-code wristband, every healthcare worker, before doing anything with me (the patient) will ask my full name and either birthday or address and then double-check it against the wrist band. This is to make sure, at every step, that they didn’t accidentally swap in some other patient with the same name. (Not so uncommon, lots of men have their father’s name.)
Meanwhile in like Iceland, everyone gets assigned a personal GPG key at birth so you can just present you public cert as identification, not to mention send private messages and secure your state-assigned crypto-wallet. Not saying such a system is without flaw but it seems a lot better than what we’re doing!
You want them to do that regardless of the how the country keeps track of individuals. The point of all that asking is to make sure they have the right patient for the right procedure.
You don’t want to have something amputated or removed unless you have to.
This has happened many times. In the last city I lived in, a man went in to have a leg amputated and they got the wrong one, so he ended up with zero legs.
This is a joke right? I really really hope that they aren’t trusting randoms to know how to manage a gpg key properly.
It’s hard enough to get people actually interested in it to do it correctly.
And using gpg to constantly identify yourself would mean needing to keep multiple copies of your private key all over the place. I find it unlikely that regular people are issuing new keys and revocation certs properly. Not to mention having canonical key servers (maybe the government could manage that, but the individual is responsible for maintaining a way to get the canonical most up to date key)
Using gpg backfires because if you lose access to the key or it’s compromised (say by putting it on your phone) you lose everything. They work for people who know what they are doing because you are supposed to issue keys for specific tasks and identities, but there is just no way that that is happening.
I’m being sarcastic but not by much. Nordic countries do have much better digital id systems and the EU overall looks to be following their model.
This is the first I’ve heard something like that about Iceland; but I do know a little bit about Icelandic personal ID numbers.
The SSN is supposed to just be a number that you give your employers and the IRS so that your social security (the USs blanket retirement savings/pension system) contributions get logged correctly to you and then when you retire you can use that number to get the social security benefits that you paid into. The number has ended up being used for all sorts of things because the USA is slightly broken because it is SORT OF a unique ID number for each US citizen, except of course that it wasn’t intended to be that, SSNs are only supposed to be used from first social security contribution (first paycheck) to last social security payout (death) so naturally they can just be recycled.
Thanks, get it now.
So, Elon doesnt know this and thinks that multiple uses of SSN is a proof of a fraud when in reality it is just a sign for a bad system that is not used as intended or not designed as it is needed?He’s complaining that a number isn’t unique and is being poorly used, but the number isn’t supposed to be unique and he’s complaining that it’s not being used in a way that experts are specifically warned not to use it in.
But on a second, stupider layer, this is the system those numbers originate from. So however they use them is how they’re supposed to be used.
But then, back above that first stupid layer, on an even more basic and surface level degree of stupid, the government definitely uses SQL databases. It uses just… so many of them.
This is a good summary. I had to go pull up wikipedia on it since I roughly knew that social security was a national insurance/pension kind of system but am actually hazy on details.
The major issue with it as id (aside from DBA’s gripes about it) is that credit agencies and banks started to rely on it for credit scores and loans. You see, the US has a social scoring system (what we always accuse China of) but the only thing it tracks is how reliable you are about paying off debts. So with your home address, name, and SSN, basically anyone can take out loans or credit cards in your name. This will then damage your credit score, making it harder to get loans, buy a home, rent property, or even get a job.
That’s why Americans are always concerned about having our identity stolen: because you don’t need a lot of info to financially ruin someone’s life.
When you die your social is reused and assigned to someone else eventually. This is what makes it not unique. If something were to screw up in the process the new person could have debt from the prior person for example even though it is not their debt. Another concept common is using the last 4. There are so many conflicts when using just last 4 in a database its bad design.
When you die your social is reused and assigned to someone else eventually.
This is not true, but often repeated. From SSA
https://youtu.be/Erp8IAUouus explains it pretty well
Thank you!
Came here looking for Grey, was not disappointed.
It’s supposed to be unique and might actually be now, but there are def duplicate ssns out there. Craziest identity situation I was told by a project manager of government system that is all about identities. Same First, Same last,same Date of Birth, same SSN; different people.
Weird story, and I have to assume this is data entry error, identity theft, or something else: I couldn’t sign up for a hospital billing platform because my name and full birthdate (including year) conflicted with someone else in the system. I called the hospital billing department and they were very confused about the whole situation. It didn’t really get resolved, and I basically had to let it go to collections so that I could pay because of the shitty system. I don’t have a very common name, and never have had this problem before.
I don’t know all the ways but my identity was stolen and I never knew until my attorney was looking at something else for me in conjunction with the social security commission where I lived, and it popped up under a different name. They then accessed my records using other information, and it was the same number. It took a long time to get it sorted. A few years.
It’s happened twice to me, I’m now 41. I was able to get it resolved both times but it was not easy and in the first case seriously hurt my credit score for seven years.
It’s not fun.
deleted by creator
I’m hardly the king of databases, but always using a surrogate key (either an auto-incremented integet or a random uuid) has done me pretty well over the years. I had to engineer a combination of sequential timestamp with a hash extension as a key for one legacy system (keys had to be unique but mostly sequential), and an append-only log store would have been a better choice than an RDBMS, but sometimes you make it work with what you have.
Natural keys are almost always a bad idea though. SSNs aren’t natural, which is one pitfall: implicitly relying on someone else’s data practices by assuming their keys are natural. But also, nature is usually both more unique than you want (every snowflake is technically unique) and less than you’d hoped (all living things share quite a lot of DNA). Which means you end up relying on how good your taxonomy is for uniqueness. As opposed to surrogate keys, which you can assure the uniqueness of, by definition, for your needs.
deleted by creator
SSNs are not reissued after death and never have been. I’ve been seeing a lot of people comment this, but I’m not sure where they’re getting it from. (They’re not unique for other reasons, however.)
Just curious, but if SSNs were not recycled after death, would there be any reason not to use them as a primary key?
They’re sequential, so the values above and below yours are valid SSNs of people born in the same hospital around the same time.
This would make it trivially easy to get access to records you shouldn’t
Isn’t that assuming you have access to doing arbitrary SQL queries on the database? Then you’d by definition have access to records you shouldn’t.
No. You can have control over specific parameters of an SQL query though. Look up insecure direct object reference vulnerabilities.
Consider a website that uses the following URL to access the customer account page, by retrieving information from the back-end database:
https://insecure-website.com/customer_account?customer_number=132355Here, the customer number is used directly as a record index in queries that are performed on the back-end database. If no other controls are in place, an attacker can simply modify the customer_number value, bypassing access controls to view the records of other customers.
As the user posted, one human can have more than one SSN in their lifetime. Many humans will never have an SSN. Some of those humans may have a TIN. Some humans may have at least one TIN and one SSN at some point.
What are the situations where you can have more than one SSN?
I’m referencing this, but I’m not actually sure: https://www.ssa.gov/OP_Home/handbook/handbook.14/handbook-1401.html
right I did hear the lifelock guy had to get a new SSN, and also Hilda Schrader Whitcher who’s SSN was 078-05-1120 and needed to be reissued after her SSN was used as a placeholder in wallets. These seemed to be very uncommon though, and not something I’d expect most systems to be able to handle.
(if your id is stolen and you arduously go about getting a new one)
I thought I had lost mine once and got a new SSN card, they don’t give you a new number, it’s the same number
OP is talking about identity theft, not physically losing your card.
I remember seeing this after he bought Twitter
Storms I hope that’s true.
I kind of doubt it. It’s been known that he’s a fraud of a coder for a while, that seems like a clear riff.
Enough that I was really disappointed when Some More News talked about Zip2 like he was the sole founder and therefore must have been good at coding at some point.
Btw, the guy he and his brother founded the company with died at 51.
As a megarich techie… With the dirt on Elon’s real capabilities.
Interesting.
IIRC they kicked him out of PayPal because he wanted to run everything on windows instead of the Unix/Linux servers they were running on. And the reason for it was because he couldn’t figure out Linux.
He is a fraud gamer. He is almost definitely a fraud coder.
As someone who has literally helped the government use SQL for over a decade, this is huge news.
Elon and DOGE should really look into all of those Oracle contracts the Fed pays for. Must be all inefficiency and fraud.
Please do. Most of my sales these days are people dropping Oracle due to cost.
It would be one of the areas that would save the government a bunch of money. But, Ellison is in the Trump camp so it’s not going to happen.
Spinnaker? MongoDB? EnterpriseDB?
If Oracle works for the application and you want to save money, you’ll stick to SQL. Probably Postgres, MySQL, or MariaDB.
All of those are open source, so nothing to sell really (well, except MySQL, which is Oracle).
EnterpriseDB is the closest you can get to “selling” Postgres.
I’m sure EDB isn’t the only one in town selling support contracts for open source applications. It is a lucrative business.
Not the only one, but the closest one.
At least they aren’t using Access???
Access can do (some) SQL! 😱
I’ve worked for US federal government, access to Access* was the only way I could do some things that wasn’t torture… severe torture.
*keep in mind that SQL is a query language. It can be implemented in different ways and not necessarily within an RDMS.
deleted by creator
Also everyone who criticized his Nazi salute is ableist. /s
And therefore Lemmy.World would like to give them a chance to speak their mind!:-P
Elon is basically what a dumb kid thinks smart people sound like
deleted by creator
and the dumb kids, unfortunately. I did a spot with some non-US teenagers, in a class recently. The topic was “name a person you admire and why”. Guess whose filthy name came up…
Elon starting to comment on technical matters was the moment I learned he was actually completely beyond incompetent, since I have some actual expertise on the subject. Right around the time he bought Twitter and commented publicly on its architecture.
This is further evidence to that point
He’s the Steven Segal of futurism
Now i Really want to see The Dipshit run.
His response to the 2018 Thai Cave rescue is what made me realize how big of a shit stain on society he is.
Sure as hell did when I worked there
if this troglodyte says it doesn’t you can be sure that it does.
That sounds surprising modern. That’s good! Or at least I would think it is good. So many things run on mainframes still.
51 year old SQL sounding surprisingly modern for government tracks.
Haha, TIL that SQL is 51 years old. IBM mainframes were still all the rage in the 70s. My assumption is that government would have not been an early adopter, but I could obviously be wrong.
Jesus Fucking Christ !!!
What does Elmo think the government use ? MongoDB, because its Web Scale [0]?
Ah, a classic watch. :-)
Elon probably thinks that SQL is MS SQL Sever, MySQL, or some such.
Elon probably thinks
Not really sure he does, I think he’s clearly paying others to do that for him
My bad, I forgot he doesn’t have time to think.
Too busy being one of the best players at Path of Exile 2. Despite that he doesn’t identify the valuable loot. Or how to use the map. Or how levels work. But he’s top 50! All very believable.
He’s clearly not paying enough then
They probably do use lots of NoSQL DBs too, which perform better for non relational “data lake” style architectures where you just wanna dump mountains of data as fast as possible into storage, to be perused later.
When you have cases where you have very very high volume of data in, but very low need to query it (but some potential need, just very low), nosql DBs excel
Stuff like census data where you just gotta legally store it for historical reasons, and very rarely some person will wanna query it for a study or something.
Keep in mind when I talk about low need to query, the opposite high need us on the scale of like, "this db gets queried multiple times per minute’
Stuff like… logins to a website, data that gets queried many times per minute or even second, then sometimes nosql DBs fall off.
Depends what is queried.
Super basic “lookup by ID” Stuff that operates as just a big ole KeyValuePair mapping ID -> Value? And thats all you gotta query?
NoSql is still the right tool for the job.
The moment any kind of
JOINenters the discussion though, chances are you actually wanna use sql nowSo you’re saying Relational DataBase Management Systems do really well as soon as Relations are involved?
And Structured Query Language is a handy language for querying structured data?
What’s funny is that Relational Databases in fact sucks when somewhat complex Relations are involved. Moment you step out the of the realm of Tabular data you’ll have very miserable time. Like good luck modeling and querying simple nested product catalog.
Graph databases are better choice for truly relational data
Eyup, it’s intuitive overall but there’s just weirdly some people out there that are all or nothing, and don’t understand “right tool for the job” lol
To nitpick, Census data is heavily queried. They use Oracle now, I believe.
Just so you know census data is very heavily queried. Everything from civil engineering to economics wants to look at that dataset every day.
Like I said, in the scale compared to actual high frequency data though, that’s still be infrequent.
High frequency DBs are on the scale of many queried per second
Even with tonnes of data scientists and engineers querying the data, that’s still in the scale of queries per minute, which is low frequency in the data world.
I wouldn’t put it past them to experience numbers in the per second realm, especially as new data posts and everyone is rushing to grab it.
I wouldn’t even consider “per minute” frequently queried. Per millisecond for stock market shit
Lol had never seen that before, but Jesus Christ that is a painful depiction of my life.
Lmao we’re gonna get to watch eel-on-musk and all of his dipshit wünderkinds speedrun through all of the pitfalls a junior DBA / data engineer is liable to make, and they’re gonna do it on prod, and prod is the US government.
What could possibly go wrong
Either a DELETE FROM or a DROP DATABASE if I had to guess
Little Johnny Tables, the hero we didn’t expect.
Oh I just curled up into a fetal ball at the thought of that…
An
UPDATEwithout aWHEREclause that doesn’t get noticed for a week or two. Your data’s hosed and you can’t really cope with reverting to your last known good backup. Bonus points if you haven’t tested your recovery procedures recently. Then he runs around screeching about how the data is obviously fraudulent and he’s a genius for finding it.
He’s going to dedupe the social security databases, thinking that he’s screwing over trans people because he thinks they are the only people who change their names… not realizing that the vast majority of married women have at least two names associated with their SSN.
Everything uses SQL. The world fucking runs on SQL
(yes I know SQL isn’t something that you can “run” something on yadda yadda…)
Tell that to the person who implemented Tetris in Postgresql.
That is bananas! The implementation details are worth a read. Plus, all the links to other bananas projects are great.
“Your tax dollars are being stolen”
Rare moment of clarity from our global barony.
Right for the wrong reasons.
Maury determined that this was a lie.
See, they want you to believe that SQL stands for Structured Query Language. But I know from our lord and savior Elon that it actually means Socialist Queer Liberals!
There’s a white paper with the social security logo on it https://www.mysql.com/industry/government/
Someone needs to explain to Musk how to debug with the JSON so that the ipv6 GUI does not overflow into the git API front-end
A government official known for performing a nazi salute just broadcast an ableist slur.
Cool cool cool
Gotta keep play to the cheap seats, these clowns
Civilized people should really coopt the word “removed” to mean Republican. I mean, they have the ® next to their names to remind us already.
Then when someone takes offense you can just say
Jesus Titty-Fucking Christ, Carol. Just because someone has a mental disability doesn’t make them a Republican!"
Way to throw disabled people under the bus because you aren’t clever enough to find another way to insult their intelligence.
Also using the phrase “civilized people” makes you sound like you’d fit in with the other Republicans.
Jesus Titty-Fucking Christ, Carol. Just because someone has a mental disability doesn’t make them a Republican.
“Political appointee”
alien invader
btw do you know why it was decided to treat the r-word as an ableist slur? And why didn’t they also make “idiot” a slur, since it has basically the same etymology? Is this a lemmy-specific thing? I’ve never seen anyone use or interpret the r-word as a slur outside of lemmy
In contemporary language, that word (among others) is almost entirely used as an insult by way of equating somebody’s intelligence with those who have intellectual disabilities, which creates a negative connotation. Similarly, this is why we don’t say things we dislike are “gay” anymore. It’s disrespectful to the people who actually fall under the definition, and it proliferates negative associations with traits that people are stuck living with and had no choice in acquiring.
The only reason “idiot” hasn’t followed suit is because it’s much more culturally ingrained, and there’s hasn’t been as significant of an attempt to change it as with other words.
I’ve never seen anyone use or interpret the r-word as a slur outside of lemmy
It’s not exclusive to Lemmy, but it is mostly left-leaning spaces or gen Z individuals who see it that way. Center and right-leaning spaces see treating the word as a slur to be censorship (as opposed to being respectful of others) and keep using it or actively push back by saying it more.
thanks for the writeup, makes sense!
Not Lemmy specific. There was US legislation related to the word being deemed offensive fifteen years ago (given the slow nature of Congress, it wasn’t a new sentiment then, either): https://en.m.wikipedia.org/wiki/Rosa’s_Law
Fair enough that plenty of insulting words could be cast as abelist: but my guess is that a word like “idiot” is old enough that most folks called that in a medical context aren’t around any more. Maybe I’m wrong though: plenty of folks do push against saying things like “crazy” in an insulting manner.
TIL about the legislation, thanks!
You must not be close to anyone that has any sort of mental illness. It’s a very broad and hurtful term. It has been for a long time.
Edit. Found this online
https://www.spreadtheword.global/resource-archive/r-word-effects
