HackerLangs
TopNewTrendsCommentsPastAskShowJobs

throwaway7356

210 karmajoined 3 tahun yang lalu

comments

throwaway7356
·31 menit yang lalu·discuss
> Apps are not infected with NetNut. This is just Google abusing their monopoly position to hurt its competitors.

If apps ship with stealth backdoors to sell access to the user's internal residential network, that's malware. I doubt any users want app providers to sell access to their private file server and anything else on their local network.

It doesn't seem like monopoly abuse to exclude such malware from application stores, just like key loggers or apps intercepting other apps network traffic without the user being aware of it (say the banking app's network traffic and password entry).
throwaway7356
·kemarin dulu·discuss
> The fix was prepared statements

You don't need prepared statements. The fix is parameter binding: submitting parameters separate from the SQL statement itself, separating code from (user) data.

> The analogous mitigation for agents is to have fixed behaviors they can perform, such as “read repo 1” “read repo 2”, etc., and the user input is used as data to select which of these fixed behaviors to execute.

No, that only deals with some special issues. It also doesn't separate code and (user) data, so it's not the same issue.

Having only limited actions is akin to using more restrictive database permissions. That also makes SQL injection no longer relevant: only SQL statements can be executed that the user is allowed to run either way.
throwaway7356
·4 hari yang lalu·discuss
> nor do they provide the brain an interpretation of what they perceive

> What it gets from the body is raw physical measurements

No, sensory organs like eyes do a lot of processing ("interpreation"). They certainly don't send "raw physical measurements" to the brain.
throwaway7356
·4 hari yang lalu·discuss
Then one can claim that humans are less intelligent than a goldfish as "none of us have ever seen a human swim as well as a goldfish".
throwaway7356
·5 hari yang lalu·discuss
> yet with enough developer elbow grease they can do all the same things an LLM can do, with much higher reliability

Where can I access such a Lisp expert system?

If I cannot because they don't exist: then they cannot do the same things an LLM can do. And of course one can assert anything and everything about what a non-existing thing could do.
throwaway7356
·5 hari yang lalu·discuss
Yes, that condition makes it no longer open source software.

It also has the effect of making software adopting such licenses getting removed from open source distributions.
throwaway7356
·6 hari yang lalu·discuss
The terms of service are between Anthropic and one of their subscribers. So Anthropic can maybe cancel their contract.

This doesn't affect what copyright law allows or does not allow.

Also I think Anthropic very much suppports gathering data by whatever means possible. That should work both ways.
throwaway7356
·8 hari yang lalu·discuss
> I think the notion that you could control something (legitimately) smarter than you is a pretty risky proposition.

Well, Trump seems to control a lot of people given how afraid they are.

Trump is also called not the smartest person out there.

So...
throwaway7356
·13 hari yang lalu·discuss
> In practice the only place it shows up is if you are using "ssh -X". That uses the security extension by default. Which is why there is also a "ssh -Y" that disables it for applications that it breaks.

Unless your distro changes the default to make "ssh -X" and "ssh -Y" behave the same which popular distributions do.
throwaway7356
·13 hari yang lalu·discuss
> But granting full rights to distro-provided programs like vim or xeyes is perfectly sane.

You mean run everything distro-provided as root?

There are reasons systems don't do that any more. Even distro-provided services are often setup in a way to no run with full rights. Can you imaging reasons why this is done?

What was neglected is doing the same on user level, which should be done for pretty much the same reasons.
throwaway7356
·14 hari yang lalu·discuss
Maybe include some election guides for poor, misguided Americans that would hurt themselves by not voting for God President Donald Trump I as well?

It's protecting people from themselves, so basically like the safeguards already included in the models.
throwaway7356
·14 hari yang lalu·discuss
Can't the AI companies spare a small investment in Trump coin to ease the process?
throwaway7356
·16 hari yang lalu·discuss
> Ok, but what about those shady sites that resell Windows education keys?

Yes, they are fine? They might no longer include full first party support by Microsoft for not being "new". Same as buying a used car (also comes with the "shady sites" for a far longer time).

Though this not making any difference by Microsoft not doing any support either way to make more money is a business decision by Microsoft.
throwaway7356
·16 hari yang lalu·discuss
> China aren't offering a cheaper solution. They are subsidizing an existing one

So basically like US companies subsidizing offerings with selling user data, ads for crypto scams, manipulation for elections, making people addicted to gambling and so on?

Seems fair and an improvement as you can choose between that and not. Unlike say offerings from Meta where the data selling and efforts to further gambling addiction is always included.
throwaway7356
·20 hari yang lalu·discuss
> all system calls had to go through libc (or perhaps a big ntdll.dll-like

Which makes containers crap on Windows and *BSD as they have to run the currect libc or equivalent. Thus you need to build a different container per OS version which sucks compared to Linux.
throwaway7356
·20 hari yang lalu·discuss
Yes, many developers give nothing about even basic security.

That's why we still have every basic security issue like hardcoded passwords, SQL or other injections, XSRF and so on repeated on an endless loop. Even if they are trivial to avoid.
throwaway7356
·20 hari yang lalu·discuss
> CORS is threat model used for when you can't trust your self.

No. But many lack basic understanding of web technologies or facts like that a browser can be used to access more than a single site. This leads to not understanding what problems cross-site requests can cause and thus the impossibility of understanding what CORS is for.
throwaway7356
·27 hari yang lalu·discuss
They use Yandex for e-mail, so probably a Russian group behind this.
throwaway7356
·28 hari yang lalu·discuss
Probably Anthropic just needs to commit to handing over some shares to the Trump presidential family after their IPO and this will be solved.

This is just cost of doing business in corrupt Soviet vessel states like the USA.
throwaway7356
·28 hari yang lalu·discuss
> I don't think in court a whole ban on a product for security reasons would stand.

There are lots such products, like weapons-grade radioactive material, weapons outside the toy gun range, various biological material, ...

So it seems perfectly possible to bad products for security reasons.