HackerTrans
TopNewTrendsCommentsPastAskShowJobs

likesHumidity

no profile record

comments

likesHumidity
·2 месяца назад·discuss
The open source problem argues for a modification of licenses to exclude certain uncompensated use in training commercial LLMs (which may arguably already be a violation).

With careful prompting, LLMs will give up some of their sources and methods. Claude describes the legally and ethically suspect methods Anthropic used acquiring training materials for its models.

The IP law and courts are starting to catch up (re: Anthropic settlement September 2025), but licensing language and enforcement has not.
likesHumidity
·2 месяца назад·discuss
I think this is going to play out in interesting ways. There's a saying in lockpicking: even if you can pick the lock, the easiest way in is usually a window. Distribution is core to a technology's market reach, and every distribution point is a window. The strip-mining piece reads to me as one phase of a longer cycle — tech distributed → adopted → experimented with → misused → secondary protection market emerges. The 2017 S3 misconfiguration wave is a useful reference: Verizon and Booz Allen both spilled data through bucket ACLs with inadequate controls, AWS responded with Block Public Access, and the CSPM market matured to sell the discipline back. Mythos looks like the same shape at the AI layer — leaked via vendor environment chain (Mercor breach + contractor credentials + URL guessing), not code-level vulnerability. The proliferation of high-quality security research the article points at reads to me as one sign of the secondary market forming as the primary disruptive technology stabilizes — Gartner already has AI governance spending crossing $1B by 2030. And it seems to be landing on OSS first because that's where the surface area and public exposure are, which is what the labor pressure is documenting. Cascade to closed source seems likely as the compression between vulnerability-introduced and vulnerability-identified continues, just on a lag and behind NDAs. The OSS side could go either way under that pressure, and I don't know which dominates. FFmpeg slowed in 2024 from overload and got rescued by Germany's Sovereign Tech Fund — pressure converted into hardened posture. Ingress-Nginx retired November 2025 after two maintainers couldn't sustain it on weekends, despite running in ~50% of cloud-native environments — same pressure, no backing. Tracks institutional backing more than anything intrinsic to OSS. The wrinkle Mythos adds: same product is both weapon and salve. Pay to run it against your own systems, or be vulnerable to what it finds in everyone else's — discovery and protection collapsed into one SKU. We'll need to watch the locksmiths to see if they end up selling lockpicks in addition to keys. Going to be an interesting summer.
likesHumidity
·2 месяца назад·discuss
Ugh, it's hard. You can outsource as much as possible and minimize your surface area, those are the two approaches I have used, but the auditor expense is the biggest blocker. A few years back you could find auditors for $5-6k, but I think the security/audit service providers have eaten a lot of that market.
likesHumidity
·2 месяца назад·discuss
Haha, I love Linux, but I can't quit MacOs/iOs.

As many complaints as I have about Apple and MacOS and iOS, their products hit a niche and commoditized it.