HackerLangs
TopNewTrendsCommentsPastAskShowJobs

throwaway7356

210 karmajoined قبل 3 سنوات

comments

throwaway7356
·أول أمس·discuss
> The fix was prepared statements

You don't need prepared statements. The fix is parameter binding: submitting parameters separate from the SQL statement itself, separating code from (user) data.

> The analogous mitigation for agents is to have fixed behaviors they can perform, such as “read repo 1” “read repo 2”, etc., and the user input is used as data to select which of these fixed behaviors to execute.

No, that only deals with some special issues. It also doesn't separate code and (user) data, so it's not the same issue.

Having only limited actions is akin to using more restrictive database permissions. That also makes SQL injection no longer relevant: only SQL statements can be executed that the user is allowed to run either way.
throwaway7356
·قبل 3 أيام·discuss
> nor do they provide the brain an interpretation of what they perceive

> What it gets from the body is raw physical measurements

No, sensory organs like eyes do a lot of processing ("interpreation"). They certainly don't send "raw physical measurements" to the brain.
throwaway7356
·قبل 4 أيام·discuss
Then one can claim that humans are less intelligent than a goldfish as "none of us have ever seen a human swim as well as a goldfish".
throwaway7356
·قبل 4 أيام·discuss
> yet with enough developer elbow grease they can do all the same things an LLM can do, with much higher reliability

Where can I access such a Lisp expert system?

If I cannot because they don't exist: then they cannot do the same things an LLM can do. And of course one can assert anything and everything about what a non-existing thing could do.
throwaway7356
·قبل 5 أيام·discuss
Yes, that condition makes it no longer open source software.

It also has the effect of making software adopting such licenses getting removed from open source distributions.
throwaway7356
·قبل 6 أيام·discuss
The terms of service are between Anthropic and one of their subscribers. So Anthropic can maybe cancel their contract.

This doesn't affect what copyright law allows or does not allow.

Also I think Anthropic very much suppports gathering data by whatever means possible. That should work both ways.
throwaway7356
·قبل 8 أيام·discuss
> I think the notion that you could control something (legitimately) smarter than you is a pretty risky proposition.

Well, Trump seems to control a lot of people given how afraid they are.

Trump is also called not the smartest person out there.

So...
throwaway7356
·قبل 13 يومًا·discuss
> In practice the only place it shows up is if you are using "ssh -X". That uses the security extension by default. Which is why there is also a "ssh -Y" that disables it for applications that it breaks.

Unless your distro changes the default to make "ssh -X" and "ssh -Y" behave the same which popular distributions do.
throwaway7356
·قبل 13 يومًا·discuss
> But granting full rights to distro-provided programs like vim or xeyes is perfectly sane.

You mean run everything distro-provided as root?

There are reasons systems don't do that any more. Even distro-provided services are often setup in a way to no run with full rights. Can you imaging reasons why this is done?

What was neglected is doing the same on user level, which should be done for pretty much the same reasons.
throwaway7356
·قبل 14 يومًا·discuss
Maybe include some election guides for poor, misguided Americans that would hurt themselves by not voting for God President Donald Trump I as well?

It's protecting people from themselves, so basically like the safeguards already included in the models.
throwaway7356
·قبل 14 يومًا·discuss
Can't the AI companies spare a small investment in Trump coin to ease the process?
throwaway7356
·قبل 16 يومًا·discuss
> Ok, but what about those shady sites that resell Windows education keys?

Yes, they are fine? They might no longer include full first party support by Microsoft for not being "new". Same as buying a used car (also comes with the "shady sites" for a far longer time).

Though this not making any difference by Microsoft not doing any support either way to make more money is a business decision by Microsoft.
throwaway7356
·قبل 16 يومًا·discuss
> China aren't offering a cheaper solution. They are subsidizing an existing one

So basically like US companies subsidizing offerings with selling user data, ads for crypto scams, manipulation for elections, making people addicted to gambling and so on?

Seems fair and an improvement as you can choose between that and not. Unlike say offerings from Meta where the data selling and efforts to further gambling addiction is always included.
throwaway7356
·قبل 19 يومًا·discuss
> all system calls had to go through libc (or perhaps a big ntdll.dll-like

Which makes containers crap on Windows and *BSD as they have to run the currect libc or equivalent. Thus you need to build a different container per OS version which sucks compared to Linux.
throwaway7356
·قبل 20 يومًا·discuss
Yes, many developers give nothing about even basic security.

That's why we still have every basic security issue like hardcoded passwords, SQL or other injections, XSRF and so on repeated on an endless loop. Even if they are trivial to avoid.
throwaway7356
·قبل 20 يومًا·discuss
> CORS is threat model used for when you can't trust your self.

No. But many lack basic understanding of web technologies or facts like that a browser can be used to access more than a single site. This leads to not understanding what problems cross-site requests can cause and thus the impossibility of understanding what CORS is for.
throwaway7356
·قبل 27 يومًا·discuss
They use Yandex for e-mail, so probably a Russian group behind this.
throwaway7356
·قبل 28 يومًا·discuss
Probably Anthropic just needs to commit to handing over some shares to the Trump presidential family after their IPO and this will be solved.

This is just cost of doing business in corrupt Soviet vessel states like the USA.
throwaway7356
·قبل 28 يومًا·discuss
> I don't think in court a whole ban on a product for security reasons would stand.

There are lots such products, like weapons-grade radioactive material, weapons outside the toy gun range, various biological material, ...

So it seems perfectly possible to bad products for security reasons.
throwaway7356
·الشهر الماضي·discuss
> Maybe this all means there’s a place on the net for gopher, Gemini protocol, or tilde.town or ssh BBSes?

By your question (and Betteridge's law of headlines): no, as they fail at least (2), (4) and (5).