HackerTrans
TopNewTrendsCommentsPastAskShowJobs

svc0

no profile record

Submissions

Yes, Ubuntu is withholding security patches for some software

flu0r1ne.net
73 points·by svc0·3 yıl önce·27 comments

Executive Order on Use of Artificial Intelligence

whitehouse.gov
3 points·by svc0·3 yıl önce·0 comments

WireGuard – wg-quick(8) on Linux – a deep dive

flu0r1ne.net
2 points·by svc0·3 yıl önce·0 comments

comments

svc0
·3 yıl önce·discuss
Just to be clear, on Arch ffmpeg is outdated (6.0 vs 6.1.) This means it has three security vulnerabilities.
svc0
·3 yıl önce·discuss
Universe packages are not supported by Ubuntu unless you activate Ubuntu Pro. Thus, if you install ffmpeg on Ubuntu without Pro, it will contain several active vulnerabilities. The full five years only applies packages in the main repo.
svc0
·3 yıl önce·discuss
> the training cutoff date isn't some absolute date from which they never allowed any new data to be trained on.

It's not a question of whether they are "allowed" to train on new data; the question is whether they have trained it on data containing information about current events. If you know they've implemented a Continuous Integration (CI) system for this, you should link to a source. However, I don't think this is true, as there would be no reason for a cutoff date otherwise.

> Instead there are bits and pieces of newer information captured in the updated models, but it's not a meaningful enough amount to ever rely on.

This seems more like an opinion of the technology's limitations in general, rather than an assessment of the likelihood that new information will be incorporated into its weights and biases.
svc0
·3 yıl önce·discuss
Sure, there will be some pollution. It's very multivariate and depends on factors like content split, generation quality, and novel information. A scenario in which all of your data is generated by the previous model and you run n training loops is academic.

It's also worth noting that when OpenAI created Whisper, they had to heuristically remove many transcripts from poor ASR systems, and they definitely didn't catch them all.
svc0
·3 yıl önce·discuss
They are most certainly being fed LLM content. However, I think this "model collapse" narrative is over-subscribed. Here are some things to keep in mind:

(1) Real content is not generated via a synthetic loop: Humans use generative AI in complex ways, intermixing human-generated and AI-generated content. Imagine a person who writes the first draft of an essay, then uses ChatGPT to rewrite parts of it. These are certainly many human additions, modifications, and stylistic flourishes.

(2) The most dramatic effects of model collapse were seen when training multiple generations of AI agents on content generated by the previous agent. This is a very academic scenario.

(3) There is already a lot of junk consumed by these models. RLHF is aimed at eliminating these junk responses. I am not aware of any research that explores how the full training cycle is affected when RLHF is employed.

Also, there is a lot of training material out there that was not used by the original GPT-3 model. The primary limitation is hardware.
svc0
·3 yıl önce·discuss
I think it should be noted that this enforces grammatical constraints on the model's generated text, but it doesn't do anything to properly align the content. This would be useful if you needed to ensure a server delivered well-formatted JSON, but it I suspect it wont solve a lot of alignment issues with current language generation. For example current iterations of Llama and GPT often do not label markdown code-blocks correctly. Using grammar-based sampling, you could enforce that it labels code blocks but you couldn't enforce correct labeling since this is context-dependent. You also couldn't invent a novel domain-specific language without aligning against that language and expect good output.
svc0
·3 yıl önce·discuss
What could possibly go wrong?
svc0
·3 yıl önce·discuss
The major benefit of tenure is as a protection for pursuing the truth when researching controversial academic subjects. It protects the behavioral genetics research which takes place at UT Austin from left wing attacks and the positions some professors have taken on Texas A&M's annual drag show from right wing attacks.

As a student in the Texas system, I've raised questions which my professors refused to talk about fearing political backlash. Tenure is an important institution. I think you can only go so far to incentivize good teaching through termination.
svc0
·3 yıl önce·discuss
There are stats on failure rates and bathtub curves. Consumer hard drives these days have an AFT of ~1.41%. Never used SpinRite and I don't know if there is evidence for it but I suggest you backup your data.

https://www.backblaze.com/blog/backblaze-drive-stats-for-q3-...
svc0
·3 yıl önce·discuss
I've always been curious why people so fervently dislike Gibson. I think the most genuine criticism is that Spin-Rite is not a backup solution and people may rely on it as such. Ideally, no one should need it since all data should be replicated and backed up. Any drive can fail at any time for any reason and it may be totally unrecoverable.

[Side Note: He also once claimed in a "testimonial" that a special ops team recovered data off of a hard drive during a mission in which they hit a terrorist with a computer.]

That being said, he produces a free security podcast which is quite good. He knows his stuff.
svc0
·3 yıl önce·discuss
Seems like the issue here is not EA or a rationalist world view. The issue seems to be the lack of compartmentalization of the professional and personal lives, a lack of procedural boundaries around social conduct, and a general lack of maturity. This doesn't seem particularly rational...
svc0
·3 yıl önce·discuss
Perspective from someone who maintains Debian packages in the community repo here:

Package maintenance is time consuming and difficult. It requires a lot of volunteer work. Individual maintainers are overworked and unpaid. Packaging software often requires managing complex dependencies, writing documentation, developing packaging toolchains, and patching software.

Furthermore, stable release of a particular software version is even more of a challenge for package maintainers. Often upstream FOSS maintains only patch HEAD and release a new version. The responsibility of backporting changes to previous versions is left to package maintainers. To provide secure versions of old software, you're asking maintainers to have intimate familiarity with the OSS code bases and follow the dev process etc.

If I had community supported software exposed to the internet, I would be very concerned with the current state of things. I would want to ensure that individuals are invested with maintaining this software in a full-time capacity. It is important that "main" receives free Updates. Ubuntu Pro seems like it enhances the OSS ecosystem. As an personal user, you can get a free subscription courtesy of Canonical.

It is important to remember that as the end user, you are choosing to enable the community repo. Without Canonical, you wouldn't even know this version of the software is vulnerable.