this post was submitted on 14 Apr 2024
1 points (100.0% liked)

TechTakes

1491 readers
8 users here now

Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

founded 2 years ago
MODERATORS
 

Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid!

Any awful.systems sub may be subsneered in this subthread, techtakes or no.

If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post, there’s no quota for posting and the bar really isn’t that high

The post Xitter web has spawned soo many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)
Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 0 points 8 months ago* (last edited 8 months ago) (1 children)

Tyler Cowen is onside with the AI doomsters, but suggests they perhaps get their arguments together coherently to academic standards or something.

(you'll be pleased to see that the commenters aren't putting up with that sort of nonsense for a second)

[–] [email protected] 0 points 8 months ago

If only we had applied those same standards to the Book of Revelations!

They're making a good point but I doubt they realize it.

[–] [email protected] 0 points 8 months ago* (last edited 8 months ago) (4 children)

Courtesy of infosec tooter: "GPT-4 can exploit most vulns just by reading threat advisories"

Hide your web servers! Protect your devices! It's chaos an anarchy! AI worms everywhere!! ... oh wait sorry that was my imagination, and the imagination of an over-active reporter hyping up a mostly normal not-too-scary research paper..

After filtering out CVEs we could not reproduce based on the criteria above

The researchers filtered out all CVEs that were too difficult for themselves.

Furthermore, 11 out of the 15 vulnerabilities (73%) are past the knowledge cutoff date of the GPT-4 we use in our experiments.

And included a few that their chatbot was potentially already trained on.

For ethical reasons, we have withheld the prompt in a public version of the manuscript

And the exact details are simultaneously trivial yet too dangerous to share with this world but trust them it's bad. Probably. Maybe.

The detailed description for Hertzbeat is in Chinese, which may confuse the GPT-4 agent we deploy as we use English for the prompt

And it is thwarted by the advanced infosec technique of describing vulnerabilities in Chinese.

Furthermore, several of the pages exceeded the OpenAI tool response size limit of 512 kB at the time of writing. Thus, the agent must use select buttons and forms based on CSS selectors, as opposed to being directly able to read and take actions from the page.

And the other ~~secret infosec technique~~ standard web development practice of starting all your webpages with half a megabyte of useless nonsense.

[–] [email protected] 0 points 8 months ago (1 children)

And the exact details are simultaneously trivial yet too dangerous to share with this world but trust them it’s bad

I like that this has the same shape as the classic bullshido lines about joining the dojo to learn the dangerous forbidden technique.

I asked chatgpt how to do the five-point-palm heart-exploding strike, but for obvious ethical reasons I won’t be repeating that information or the necessary prompt engineering to get it.

[–] [email protected] 0 points 8 months ago (1 children)

five-point-palm heart-exploding strike

Ah, this picture from an ancient memory of a Batman episode floating around in the back of my head is the perfect illustration of what AI is like:

[–] [email protected] 0 points 8 months ago

@sailor_sega_saturn @rook It always annoyed me that the super secret death spot in that Batman episode ended up being in the most blindingly obvious place.

[–] [email protected] 0 points 8 months ago (1 children)

Hertzbeat

Is this their typo? Hertzbleed is a real vulnerability. HertzBeat is an Apache monitoring tool.

[–] [email protected] 0 points 8 months ago (1 children)
[–] [email protected] 0 points 8 months ago

Oh, so a vuln in HertzBeat. Makes sense.

[–] [email protected] 0 points 8 months ago

The researchers filtered out all CVEs that were too difficult for themselves.

Jfc this is like the tagline of AI. Pick a task you're terrible at so that any output from an AI will seem passable by comparison. If I can't draw/write/whatever as "good" as the LLM then surely it's amazing!

[–] [email protected] 0 points 8 months ago (2 children)

From the over-active imagination news article:

If hackers start utilizing LLM agents to automatically exploit public vulnerabilities, companies will no longer be able to sit back and wait to patch new bugs (if ever they were).

Is anyone under the impression that ignoring a vulnerability after it's been publicly disclosed is safe? Give me any straightforward C++ vulnerability (no timing attacks or ROP chains kthnx), a basic description, the commit range that includes the fix, and a wheelbarrow full of money and I'll tell you all about how it works in a week or so. And I'm not a security expert. And that's without overtime.

Heck I'll do half a day for anything that's simple enough for GPT-4 to stumble into. Snack breaks are important.

[–] [email protected] 0 points 8 months ago

I heard that in some cases the timeline of 'fix released' -> 'reverse engineered exploit out in the wild' is already under 24h (And depending on skill, type of exploit, target, prebuild exploit infrastructure it might even be hours). So I'm not sure threat actors need this kind of stuff anyway.

[–] [email protected] 0 points 8 months ago

Is anyone under the impression that ignoring a vulnerability after it’s been publicly disclosed is safe

mild take: most people running windows servers on the internet, many wordpress sites, ...

some people don't upgrade because they need to pay for the new version, or the patch is only in a version with different capabilities, or they don't know how to, or they're scared of changing anything, etc. it's one of the great undercurrent failures in modern popular computing, and is one of the primary reasons it's possible for there to be so much internet background ~~radiation~~ noise

and to many of these people, "for them" it's "safe", because they never personally had to eat shit, on pure chance selection

[–] [email protected] 0 points 8 months ago (1 children)

3878 lolboxes

And they’re only calling it back because of the pedal as opposed to all other faults. At a guess, this is something they’re more open to regulatory consequences on than others?

[–] [email protected] 0 points 8 months ago (1 children)

I'm not familiar with US auto regulations but I do believe manufacturers have some regulatory pressure (as in if they don't fix a problem the car will be deemed not roadworthy), but the bigger perception is probably just what the public thinks. You won't sell many new cars and the used value will plummet if these issues persist.

[–] [email protected] 0 points 8 months ago

You won’t sell many new cars

There's only under 4k of these painboxes out there so it's not like they're flying off the shelves as it is

[–] [email protected] 0 points 8 months ago

So apparently when you install Logitech's mouse driver software, it'll now come with Logi AI Prompt Builder.

Mastering prompt building enhances your efficiency and creativity.

Did you know that 9/10 promptfondlers use a mouse?

[–] [email protected] 0 points 8 months ago* (last edited 8 months ago)

some high-grade honesty from netflix:

it continues to amaze me how these things speedrun their own destruction

[–] [email protected] 0 points 8 months ago (1 children)

news just in: orange site poster finds 2 and 2, struggles to come to terms with the fact that they add to 4:

Every time race comes up on HackerNews i am shocked at how horrifyingly racist (some) users of this site are. Not only did a user somehow think that this context would exonerate this very racist man, both you and I are getting immediately downvoted for disagreeing. There was a post last week or so that was so full of racist comments it just got taken down. I wonder what on earth brings together HackerNews and racism like this.

mmm I wonder what it could possible be?

Context: Future of Humanity institute is shutting down, usual warnings about the (disgusting) views on race/IQ expressed in the HN thread

[–] [email protected] 0 points 8 months ago
[–] [email protected] 0 points 8 months ago (1 children)

so the Yud Church grew another Temple

can't remember if we've seen it here yet

[–] [email protected] 0 points 8 months ago (2 children)

Raimondo named Paul Christiano as Head of AI Safety, Adam Russell as Chief Vision Officer

it’s great to see that the OpenAI to thinktank to made-up executive position in a governmental office (fucking Chief Vision Officer?) pipeline is already moving at record speed

[–] [email protected] 0 points 8 months ago (1 children)

Chief Vision Officer sounds like a fluff title you give to an old senior partner you can’t legally fire but want to keep as far away from any daily business as possible.

[–] [email protected] 0 points 8 months ago

@mii @self

That’s where you put your company’s Shingy.

[–] [email protected] 0 points 8 months ago

can't wait for impotent blubbering about alignment while everyone's lives are made measureably worse by greedy failsons throwing AI at every conceivable problem it can't solve.

[–] [email protected] 0 points 8 months ago* (last edited 8 months ago) (1 children)

If you were to print up all the posts in this thread and arrange them in a neat little pile, then you'd have a snubstack.

[–] [email protected] 0 points 8 months ago

there's an "a miserable little pile of .." joke waiting to be found somewhere in there

load more comments
view more: next ›