I was thinking that the other definition was right and this correction was wrong.
Then I did some searching and found multiple examples of both definitions in use, making things murky.
So I turned to Merriam-Webster’s dictionary: “ of, relating to, or being a vulnerability (as in a computer or computer system) that is discovered and exploited (as by cybercriminals) before it is known to or addressed by the maker or vendor”
And of course they use an “or” to make it ambiguous as to whether the days start counting when the vulnerability becomes known, or when the vendor has addressed it.
I applied for both. Heard back from neither. Mentioned two particular projects when applying, one with 2k stars and 5M monthly downloads, and another with 2M monthly downloads.
I was using it to craft a CTF challenge for summer students involving a simulated mechanical dial safe, but with the fence replaced by a IR beam break sensor and a microcontroller handling the check + flag message display.
For generating the initial 3D simulated safe using three.js it worked well, but then modifications to print a flag tripped the safeguards; eventually got it narrowed down the part in the prompt about it being for a CTF for students, and the "thinking" for the model seems to drift to ideas of encryption/obfuscation of the safe combo so students can't just read out the answer... which makes sense logically to help force students into turning the simulated dial instead. But whatever detection Anthropic I guess just naively sees the model thinking about "encryption" and "obfuscation" without taking into account any of the context.
For writing the dummy firmware, it tripped the safeguards while thinking about how to track dial position in the firmware and output the message; however, when I left out talk about safes and just told it to write firmware for a microcontroller hooked up to an i2c display for showing a message with a beam break sensor to determine the message, and an unspecified i2c chip for getting an unspecified number (e.g. internal wheel positions) it worked fine.
An unrelated software task I asked it to write some code to translate CustomActions in a Windows MSI installer into human readable stuff, which has (exclusively?) defensive security applications for recognizing malicious behavior in an MSI installer. Maybe I'm going crazy, but I'm guessing as part of its research into MSI installer custom actions Fable found articles about analyzing malicious MSI installers, and that probably tripped the safeguards.
Overall my impression is that the safeguards are perhaps using an overzealous and naive implementation that just looks for a list of banned words in the prompt or the thinking -- which drives me crazy when the model says my prompt looks fine, and then 10 minutes in some part of the thinking trips the safeguard.
The things that are harder to get running in a browser via webassembly tend to have a GUI, network communication, or system calls that browsers don’t provide the APIs that are needed to support. But I’ve seen workarounds using websocket proxy servers to get around the lack of raw TCP or UDP socket access.
I’ve been surprised how easy it can be to get Python and C# code running in a browser.
I help maintain a project that is used as a dependency by a lot of security tools to handle PE files.
It’s disappointing that Anthropic and OpenAI never responded to the applications to their respective programs for open source maintainers. From my perspective it seems like their offers are primarily for the shiny well-known projects, rather than ones that get only a few million monthly installs but aren’t able to get thousands of stars due to being “hidden” as a dependency of popular tool.
If you read the epilogue, they weren't able to achieve the under $1000 price goal. Total cost ended up being around $1,450. Pretty good price reduction compared to CARA 1.0 though.
Hypothetically if I were to want a quadrupedal robot to experiment with it's not an impulse buy/build, but getting closer to that point... whereas $3000+ is a hard pass (e.g. Apple Vision Pro territory).
Agreed, many types of devices don’t need to be locked down so much.
I imagine the companies making the devices think they are “protecting” their secrets from competitors, though now it might be easier to ask an LLM for whatever feature they want to copy.
I was kinda of disappointed when that happened earlier this month, but not as much now after seeing this change. My primary use had been trying out some of the newer Anthropic and OpenAI models, which probably would have burned through $10 worth of credits rather quickly given their new pricing.
How about for a real life Rainbow Road made by the Quantum Mushroom startup? I think that might be the aerospace applications reference in the article:
> CERN’s Knowledge Transfer Group has begun discussions with European startup company Quantum Mushroom to explore aerospace applications and powering for next-generation anti-gravity vehicles.
Then I did some searching and found multiple examples of both definitions in use, making things murky.
So I turned to Merriam-Webster’s dictionary: “ of, relating to, or being a vulnerability (as in a computer or computer system) that is discovered and exploited (as by cybercriminals) before it is known to or addressed by the maker or vendor”
And of course they use an “or” to make it ambiguous as to whether the days start counting when the vulnerability becomes known, or when the vendor has addressed it.