You're talking about if a box is compromised, but to clarify, this is hard coded into the source in the repo, not an end-user's credentials (and it's a `client_id` and `client_secret`, not a token): https://github.com/clawdbot/clawdbot/blob/7187c3d06765c9d3a7...
Wild. There are 300 open Github issues. One of them is this (also AI generated) security report: https://github.com/clawdbot/clawdbot/issues/1796 claiming findings of hundreds of high-risk issues, including examples of hard coded, unencrypted OAuth credentials.
I don't feel like they owe me a refund in principle, at the end of the day I paid for subscription-free software and they delivered it, and I'm happy to do that exchange. I just don't like the changes and the future direction and that I won't be receiving updates to the one I'm currently using.
Not happy. I recently purchased the whole suite and now not only is it now free (didn't need to purchase it), but it's no longer even what I want. And it doesn't work on iPad until they finish whatever rewrite, when cross-platform + apple pencil niceness was a huge draw.
Sure, it's free -- but it's no longer the same product with the same priorities.
Not all rewriting and not all summarization is the same, and the surprising part is that it often makes it seem more legitimate. There's no reason, for example, that it couldn't rephrase it in a way that conveys it as suspicious.
I highly, highly doubt we've reached the level of AI safety required to make it a good idea to replace (or even just supplement) caregivers for children. Nobody has truly solved the safety problems with AI yet, just doing the best they can--seems like a terrible idea to put that in direct intimate access of emotionally vulnerable children. We've already passed the threshold of AI suggesting to testers to commit suicide[0], and the bar has been raised to actual users being told that[1] and someone reportedly following through.[2]
Seems like a variation of https://en.wikipedia.org/wiki/The_Million_Dollar_Homepage but yearly instead of one-time payments. The Million Dollar Homepage had a sort of early-internet novelty vibe to it, but beyond that I don't get the practicality of this kind of thing. Okay so it's a billboard...who drives traffic to it? Who looks at the billboard other than once or twice to see if they want to rent their own space?
Not all ML is built on neural nets. Genetic programming and symbolic regression is fun because the resulting model is just code, and software devs know how to read code.
The types are no less protectable by authorization policies than the data, although authorization is hard to get right anyways, all else the same this architecture doesn't worsen it much--perhaps just less reverse engineering required to exploit vulnerabilities you already had.
Interestingly, you could accomplish a similar thing with GraphQL if the frontend uses the type introspection GraphQL provides and the backend graphql schema implements HATEOAS-like principles to let the frontend become a UI that's agnostic to different backends. That might not be how most GraphQL implementations are used, but it's kind of a cool pattern.
Paywalled so if the article already mentions this I wouldn't know, but just going off "scroll" the title, I wonder if this would pair well with Dasher as an input method to replace typing with a keyboard.
If the user has to initiate all shuffles, it won't play continuously. If you handle it another way, that demonstrates that it doesn't "just" work with a pure shuffle without using those tricks.