HackerLangs
TopNewTrendsCommentsPastAskShowJobs

parliament32

no profile record

Submissions

RoguePlanet: Windows 0-day privilege escalation

github.com
6 points·by parliament32·bulan lalu·2 comments

The Ofcom Files, Part 4: Ofcom Rides Again

prestonbyrne.com
90 points·by parliament32·7 bulan yang lalu·37 comments

comments

parliament32
·15 hari yang lalu·discuss
[flagged]
parliament32
·16 hari yang lalu·discuss
Why fork at all? Why not just vendor the dependency and slop the changes you want on top of it? You can even pull from upstream down the line for the latest updates.

The problem is sloppers really, really want other people to use their code, so they feel useful for doing a bit of prompting, probably to rationalize how much they pay Anthropic et al to do the actual work for them. I just wish they'd direct that money directly to the projects they find useful instead of trying to insert themselves as middlemen.
parliament32
·16 hari yang lalu·discuss
Well, yes, exactly. And yet nobody but the biggest corp-sponsored projects get anything more than negligible donations. So what does this tell us? These "contributors" are happy to throw money at open source projects as long as they think they're doing something by prompting the LLM?
parliament32
·16 hari yang lalu·discuss
Add a mechanism to donate tokens towards the maintainers' LLMs for a particular ticket and this whole class of problems will be resolved all at once.
parliament32
·16 hari yang lalu·discuss
[flagged]
parliament32
·16 hari yang lalu·discuss
I would kill for an LLM-free platform.

Personally I just stopped accepting public contributions entirely. File issues, sure, but no PRs apart from accounts I added who have contributed before the slopageddon started.

Maybe the whole web-of-trust idea will make a comeback for code contributions, it seems like a clean solution.
parliament32
·16 hari yang lalu·discuss
They're stuck in this idea that somehow they're better at prompting the slop generator than anyone else, therefore they're helpful and people definitely want their output merged in to these various projects. They will have trouble understanding that their personal contribution to the whole process is somewhere between negligible and harmful, and simply donating those tokens to a maintainer who is actually aware of how the codebase works and where all the skeletons are is a much better proposition.
parliament32
·16 hari yang lalu·discuss
For now. Give it another half year and "I contribute to open source" will carry the same weight as "I donate to charity" ie nobody cares because any idiot can do it.

I wonder how long it'll take before "I don't use LLMs for coding" carries weight.
parliament32
·23 hari yang lalu·discuss
They are paying influencers to pretend they use LLMs, and discredit Chinese models: https://www.wired.com/story/super-pac-backed-by-openai-and-p...
parliament32
·29 hari yang lalu·discuss
I love how even the "demo build" doesn't work. https://fablepool.com/projects/7

Rather, it did work at milestone 14, but then regressed at milestone 15, where it changed the link from a wikimedia image to a nonexistent file in /assets (despite still having the "Photo via Wikimedia Commons" caption).

edit: they removed it :^)
parliament32
·30 hari yang lalu·discuss
Fun schemes like this are all just lipstick on the pig of "asking nicely", unfortunately -- it's just a more creative iteration of "Simon says". It'll improve the probabilities, sure, but you can't guarantee separation like you can in real software. This, like hallucinations, is simply a core facet of LLMs and requires thinking through the threat model and adjusting other parts of the system to accomodate, rather than trying to "solve" IMO.
parliament32
·bulan lalu·discuss
> separating data from instructions

There's been a lot of talk about this (for years, honestly), but it all stems from a fundamental nonunderstanding of how LLMs work. There is no distinction for an LLM; "instructions" are a prompt concept, nothing more. It's not possible to separate the two, because LLMs simply take text (ie your instructions, then the data, or maybe in a different order, or maybe something completely else) and "predict" the next token, and repeat for as long as you want, with the volatility you ask for. There is no control plane, and there never will be a control plane, because asking for that is akin to asking "how do I separate data from instructions when I speak to a person?". You can ask nicely, "pretty please obey the first part of what I say and not stuff after", but there's no way to guarantee it (like you're used to with software). There is just input and output.
parliament32
·bulan lalu·discuss
The hilarious part is that spam actually makes money, while slop does not. There's no reason to tire out if it's profitable, right?

Meanwhile.. have you ever paid for a vibe-coded anything? Why would you, when you (along with everyone else) can slop the same thing together in a weekend with a $20 CC subscription?
parliament32
·bulan lalu·discuss
Personally, they're going wayyy too hard on the AI stuff. I just want an interface to git and maybe an issue tracker.
parliament32
·bulan lalu·discuss
Just goes to show how much demand there is.

HN really needs a containment board.
parliament32
·bulan lalu·discuss
Thank you for (re)writing this in your own voice. Despite how much effort might be put into methodology, data collection, etc.. reading slop is unbearable, full stop. It's not intentional, but I have almost a nauseated reaction when the "AI tone" comes though, regardless of how good the data or how accurate the writing is.

Your verbosity and sentence structure are not a problem. I hope that publishing this gives you a bit more confidence in your writing, because it's legitimately good.
parliament32
·bulan lalu·discuss
What a pleasant surprise. I was positive S&P would get strongarmed into the bamboozle like Nasdaq but it seems they have a bit more integrity. Good for them.
parliament32
·bulan lalu·discuss
> the unsolicited summaries and auto replies are a means of artificially inflating the usage metrics for the language model features

This, I think, is the part that irks me the most. Companies adding token-usage-KPIs for engineering is one thing, but when they have to resort to deliberately tricking users into using their slop-generators.. something has gone very wrong, and they're trying very, very hard to make it seem like it's not so.

My personal pet peeve is Copilot in Teams. Did you know, if you turn off Copilot in Teams at an org level, it disables meeting recording entirely? Ignoring that meeting recording has been a core feature dating way back before Copilot-anything, I can't fantom any possible reason why recording a video of a meeting would require an LLM. Transcription, maybe I could see, but that feature is easily togglable with or without Copilot. But if you want to record a meeting, for whatever reason, you need to have Copilot on.

Shenanigans like this is why user counts for LLM features should always be taken with a grain of salt.
parliament32
·bulan lalu·discuss
Step 1: Require companies to submit product for "review"

Step 2: Complain about how the OSS/Chinese/whatever models are doing releases without approval

Step 3: Prohibit, because "safety" and "financial risks"(?)

So this is the door-shutting Altman et al have been pushing for eh?
parliament32
·bulan lalu·discuss
Spicy.

Look, I think you're missing my point a little bit. Let's simplify it to risk, since that's what kicked off this conversation.

Your pension or whatever holds an ETF that (soon) contains some SpaceX shares. You buy a put option on SpaceX direct. What's the absolute worst thing that could happen?

Your pension or whatever holds an ETF that (soon) contains some SpaceX shares. You short sell a SpaceX share. What's the absolute worst thing that could happen?