HackerTrans
TopNewTrendsCommentsPastAskShowJobs

HelloImSteven

no profile record

comments

HelloImSteven
·6 個月前·discuss
To be fair, it’s a fair assessment. Superhero movies like that are a defining feature of the last two decades, with titles and plots worsening at an exponential rate. Not that prior decades lacked superheroes. They just used to be less superficial.
HelloImSteven
·11 個月前·discuss
But this is for apps outside the Play store, so the DSA isn’t at play here insofar as Google needs to be concerned. I don’t think there’s any solid decision on whether third-party app distribution is subject to the trader requirements, but if/when there is, it’d presumably be on the alternative distribution platform to enforce, not Google. Plus, Google already adjusted its policies to comply with the DSA.

For the record, Apple notes that the DSA requirements only impact developers distributing through the App Store, not through alternative distribution [1].

[1]: https://developer.apple.com/help/app-store-connect/manage-co...
HelloImSteven
·11 個月前·discuss
But this isn't a problem on one system, it's potentially a problem in any system with Copilot enabled. It's akin to a vulnerability in a software library (which often means a separate CVE for every affected product, not just one for the library). CVEs also limited to issues impacting multiple systems; even if a vulnerability only affects one product, ideally a CVE should get made. The 'common' aspect is the shared reporting standard. See my other comment on this thread for more on that, or Redhat's explanation here: https://www.redhat.com/en/topics/security/what-is-cve
HelloImSteven
·11 個月前·discuss
CVEs aren’t just for common dependencies. The “Common” part of the name is about having standardized reporting that over time helps reveal common issues occurring across multiple CVEs. Individually they’re just a way to catalog known vulnerabilities and indicate their severity to anyone impacted, whether that’s a hundred people or billions. There are high severity CVEs for individual niche IoT thermostats and light strips with obscure weaknesses.

Technically, CVEs are meant to only affect one codebase, so a vulnerability in a shared library often means a separate CVE for each affected product. It’s only when there’s no way to use the library without being vulnerable that they’d generally make just one CVE covering all affected products. [1]

Even ignoring all that, people are incorporating Copilot into their development process, which makes it a common dependency.

[1]: https://www.redhat.com/en/topics/security/what-is-cve
HelloImSteven
·12 個月前·discuss
I also don’t know for certain, but I’d assume they only cache AI responses at an (at most) regional level, and only for a fairly short timeframe depending on the kind of site. They already had mechanisms for detecting changes and updating their global search index quickly. The AI stuff likely relies mostly on that existing system.

This seems more like a model-specific issue, where it’s consistently generating flawed output every time the cache gets invalid. If that’s the case, there’s not much Google can do on a case-by-case level, but we should see improvements over time as the model gets incrementally better / it becomes more financially viable to run better models at this scale.
HelloImSteven
·去年·discuss
Even if they did, I’d assume the association of “full” and this correct representation would benefit other areas of the model. I.e., there could (/should?) be general improvement for prompts where objects have unusual adjectives.

So maybe training for litmus tests isn’t the worst strategy in the absence of another entire internet of training data…