Posts by doublelayer 10518 publicly visible posts • joined 22 Feb 2018
"But the thing is: that _was_ the Gen 2 device, and there _was_ a Gen 3."
Well, there was another device with a keyboard on it, anyway. It ran more phone-oriented software, a new design that wasn't as laptop-like, a new software update promise that was immediately broken, and completely dropping something I wanted (Linux support). In my mind, that doesn't count as a third generation. That counts as a separate product.
Not entirely irrelevant depending on what the purpose was to the buyer. The purpose was a small device with a keyboard, since there were few options that had any keyboard at all. Using a good keyboard was a positive. Even if the Gemini's keyboard was significantly better than other small devices, their use of standard desktop OSes might compare so well against the Gemini's Android with no updates and Linux with some things broken that that could have changed the user's mind.
It at least did in my case. I have not used a Psion, so I don't know how excellent that keyboard was. When Planet released the Gemini and the Cosmo, I was tempted to buy one. It was the software that convinced me not to, well that and not really needing one, but I have ignored that problem before.
That's not entirely true. The original 9000 communicator cost a nice round £1,000 in 1996, but that would now be over £2,000 in today's money. The most expensive iPhone you can buy is the iPhone 16 Pro Max with a terabyte of storage which will run you £1,599. Even if you include the most expensive extra warranty, you cannot buy a single iPhone for the same or more as the original Nokia Communicator. And, in my experience, people do blink an eye at those prices and, when they buy iPhones, they tend not to be the most expensive model with as much overpriced Apple storage you can fit into it.
Your example does not prove your point. IOS and Android aren't lacking the "play music down the line" feature because it takes advanced telephony software they don't have. They lack the feature because nobody wants it. What you need in order to implement that function is an audio system that can handle more than one simultaneous source. They've had that since the first version. On IOS, you'd need to convince Apple to make that software, whereas all you need on Android is to write an app that implements it. If you have a different thing that proves a difference in telephony support, maybe that could still prove your point, but your example has nothing to do with that.
Does their record with promising OS updates that never showed up lead you to believe that they care? Postmarket OS, or actually pretty much any mobile Linux, would be welcome, but if they wanted to do that, they would have done that when having better support would allow them to sell more hardware. By now, it's too late.
"Is that cheating?"
Definitely not the word I'd use, but it can still be a problem. If you can't update the kernel, things stop working. Something you want to use which works on normal Linux devices won't because the kernel was only built for a phone, so they leave things out. Patches are insufficient, but you can't update it yourself without breaking both systems. Sometimes those problems are small, and sometimes they're massive, and when people build mobile Linux, what kernel they're running is, for good reason, one of the major questions that get asked.
According to Wikipedia, development started in 1996, although they also say the first release was in 1999. It is possible that versions before 0.45 were used by some people in those intervening three years. I don't know how popular or available those were, but it is certainly conceivable.
And, if we're going to have this argument, we should decide whether all of those things have the same importance. Is using a different name the same as using something that breaks the typical rules of English with names? For example, if I announced that I will now be referring to myself and would like you to refer to me as, 1 (just the number), would you do it? Or might you decide that the confusion you will cause any time you say "I disagree with 1" is not worth complying with my wishes? I'm not sure there is a right answer. I'm not sure that, if there is, it is the same answer as other things a person might select.
I do that too, but before bothering with the internal reputations of posters, I consider the content of the post. In this case, what I consider is:
1. No statements about this paper. Negative.
2. Comments about something I've never heard of. I should look that up. I did.
3. Comments seem at least somewhat justified. There do appear to be several problems with the Windows Vista paper. Positive.
4. But, although they have some basis from that short check, they don't appear to have anything to do with this paper. Negative.
Since an AC can be anyone at all, this provides me more useful information. You are effectively doing the same thing that the AC recommended. They recommend that we reduce our trust in Gutmann's latest paper because he did something wrong before, while you're discounting their views based on what others who have posted anonymously have gotten wrong before. Neither is a very convincing move, but if I had to choose, theirs is stronger because their reputation-based attack is definitely talking about the same person.
What difference does that make, given that the AC's allegations are verifiable? You could read the criticism of Windows Vista and criticism of that paper and decide what you think. Or you could decide that it's not relevant, read this paper on its own and related information, and decide what you think. But if your logic is that a published paper beats an AC, even when the AC is referring to other information you could find with a search (I had never heard of Gutmann before, but finding those links took at most thirty seconds), then it would surely beat a pseudonymous comment on a forum. Sometimes, comments on a forum can poke real holes in a paper. I'm not convinced that that happened, because the AC's post considered only the reputation of the researcher, not anything particular about the paper, but your rejection appears to be on an even worse basis.
For some jobs, the problem is basically NP. For those unfamiliar with the term, NP tasks are ones that may not be quickly solvable, but if you are given a solution, it is quickly verifiable. For example, the task of finding your keys can be difficult, but the task of checking whether the key I handed you is correct is very fast. There must be at least a few tasks where that's the case. One that jumps to mind is the creation of art. If the marketing department wants a picture of people doing an action, they can put that prompt into a generative model and quickly decide whether the picture works or is weirdly wrong. Depending on the quality of the model, they can calculate how many times it gets it wrong before that model is more expensive than commissioning a human artist to draw it.
The trouble is that most of the tasks we're talking about aren't even NP, especially when it involves writing anything very complex, whether it's software or financial paperwork. Reading the thing to check it can take longer than writing it in the first place would take, and since the model can produce errors that we don't expect a human to, it can be more difficult work.
From my experience of having been the junior and the senior, there's a major difference. For one thing, the juniors were never that junior. They might be fresh graduates or even students, but students who had just taken a lot of programming courses. People who were self-taught tended to have more experience making working software but less experience in good coding practices, so their output was more likely to be unreadable but working spaghetti. They made lots of stupid mistakes, but they had enough experience that they avoided complete classes of error.
One other part is that a junior dev can and often does test their own code. They don't write something and throw it at me without having once tried to compile and run it. I may tell them they ignored almost all the corner cases and they need to rewrite from scratch, but it's unlikely to simply fail on all inputs. AI output may well fail on all inputs, and sometimes, it produces code that doesn't compile in the first place.
And finally, those juniors tended to improve quickly, again mostly because they already had their studies or independent work to build on. Of course, I've seen people who didn't show any interest in improving, and they tended not to stay on, but people who showed interest often learned what production software needs that their previous work didn't. A year could raise them from someone who would make an unacceptable mistake to someone who could detect, explain, and prevent similar mistakes in new junior devs. They may not have been considered senior programmers yet, but they were now trustworthy. LLMs have had more than a year, and they're still producing uncompilable rubbish some of the time. There is a difference.
Some teams have reportedly done a lot of configuration on LLMs to get them to be better at finding security problems in code. We've certainly seen announcements to that effect. Those teams belong, unsurprisingly, to large companies that make LLMs. This means one of two things:
1. They actually did it, but it takes a lot of people who are good at security and LLMs to manage it. The people submitting reports to every bug bounty program they can find are not that.
2. They lied. Perhaps they took a bunch of LLM results until they found something that was close enough to correct, then trumpeted that as the victory.
An LLM can find a true vuln, but usually not a complex one, not efficiently, and hidden in a hundred fake ones.
You are one of those who hold that, in my experience, minority opinion that "proprietary software is evil". I've already pointed out my view on that, so I see no need to respond to most of that.
What I meant by the "It is easy to violate the license without consequences" referred to the reality that, although it is against the law and the license, a lot of violations of the GPL or similar licenses are not actually defended, meaning that people willing to break them often get off even though they shouldn't. That's not good for people, including me, who wish the licenses to be respected, but it means that people complaining about their injurious terms are even less convincing than they otherwise would be. People who violate the GPL have no excuse that they were forced into it or weren't aware they were doing it, but usually, they also have no consequences anyway. Note to aspiring violators: that doesn't mean you can't have consequences. You can get sued and you will lose if that happens. It's just that, if you're a gambler, you have a decent chance that the people who could sue you don't bother.
Someone could do that, but we'd likely end up in the same place. People who preferred the old implementation would find problems, real or imagined, in the new one. Something that the new author found obsolete would be left out of their version, and the absence would be noted to other users' displeasure, either because the new author failed to recognize the need for it, or because people don't want to change their thing for a "downgrade" even though they never used it either. Meanwhile, if you're at the stage where you decide a ground-up rewrite is warranted, writing to maintain exactly the same features is not a convincing option, since for any project in that state, there will be things it made difficult which look like they could be made easier by changing the design somewhat, and since we're writing from scratch anyway, why not enable that, which means that the new version ends up having additional features and changes, which leads to more displeasure with the change among users who didn't want those features and don't care for the changes needed to add them, but also gets you a group of people who wanted the new features and are now unhappy that people are not helping to achieve them.
Let's say that we decided you would do none of that, no new design, no new features, no dropped functions, perfect compatibility with all hardware and software that the previous system did. That's really hard, because the X window system wasn't a perfect abstraction layer with only a simple interface. You're going to spend a lot of time getting there. Once you do, you might still end up with problems with the rest of the community because people who used to patch the old implementation still have to learn your code to patch yours instead. Someone who doesn't want to may patch one version while someone who decides yours is much better patches your version. Now they're not in sync anymore unless someone manually implements any change added to one to the other. Unless you can get everyone to switch versions instantly, that divide will grow, and more community displeasure will build around that growing gap. Usually, people either decide that, if they're going to be hated for something, they might as well write what they want to, or that this looks like too much trouble and they'll focus their energies on some other thing that will not run into the problems involved.
I was reading your posts and was about to reply to Doctor Syntax defending what I thought you were saying. Looks like I misunderstood.
The people who contribute to the Linux kernel or any GPL project know that's the license. They know it means they aren't going to be paid for their work, and if they don't want to work that way, they don't. Nobody is forced to give their work away. Some people choose to do so. Admittedly, as Doctor Syntax already pointed out, there are people who do that and seem unaware that they were going to, but they are not that common and I don't believe them anyway. It seems more likely that they understood entirely what they were doing but just decided later that it wasn't a good choice at the time, usually using flawed assumptions of how successful they would have been if they tried selling the thing they chose to give away.
What I thought you were saying was the opposite, arguing against the belief among some free software supporters that free software ought to be a requirement, with proprietary software being evil. I disagree with this because I think people's work has value, so mandating that they give it away has a lot of problems. However, that's not inherent in the philosophy. It is an additional view held by some, not all, fans of the concept, and in my experience, usually fans who have never written any software, free or otherwise, though a few supporters have either espoused it directly or implied it heavily. If you think that's where we are now, you are mistaken. People who use code know what the license does to them, it's very easy not to have to give any code away, and it's also quite easy to break the license and not give anything away and not have any consequences for doing that. We are no where close to forcing people to give away a thing.
Nor do they make any sense in any other country. They don't make any sense for what should be a more obvious reason. What do we mean when we accuse someone of thinking or talking one-dimensionally? We mean they're being needlessly reductive or missing important things. And yet we try to describe political views that way. It's not just where the center is along that line, but that there is no single line on which almost anyone can be put.
One easy way to demonstrate this is to use the spectrum typically used by people in the US or UK. They may disagree with where the various parties are between the two countries or what policies are held by people in or near the middle, but generally, they put similar issues on similar ends. For example, opposing immigration and wanting to shrink or privatize government-run services are both generally put on the right wing, and their opposites are generally on the left wing. The specific services being funded or not differ between the countries. Then ask them on which end of the spectrum a foreign party whose platform involves opposing immigration and funding lots of new services for the poor belongs. People who like the left versus right method will generally care more about one of those two issues than the other, and they'll often ignore one of those in order to place it, meaning there will be lots of arguments about which side it belongs on. I think it proves that the line approach is wrong, since if you can't mutually agree on whether something is left or right, then the terms have no meaning. There are many parties with exactly that platform, and there are far more than two things where they can have differing opinions and plans.
I don't know whether they were trying to make this point, but maybe they were pointing out that a lot of people want to ensure that someone has full liability, as long as that person is not them. If a user makes a mistake, they want the IT department to take the blame. If IT makes a mistake, they want the source of the software and the user to take the blame. If the distribution system makes a mistake, they want the devs and the installers to take the blame. If the devs make a mistake, they want all three of those groups, everyone except the devs, to take the blame. Usually, when someone has an idea for who they think should take all the blame, they make it obvious which group they're not in.
In my opinion, most sessions of assigning blame are not necessary, because fixing the problem and preventing it from recurring are more important, but if we decide that we do need to locate the blame's source, it often ends up on lots of people. The developers could have avoided making the mistake they did, the IT department could have updated it faster when it was patched, the user could have been more careful when clicking on executables they didn't have a reason to trust, IT could have had more protections preventing them from doing that, the devs could have a larger authentication system which would have blunted the impact, IT could have configured the basic one the program did have, the user could have noticed that nothing happened and reported the problem instead of letting IT find it later. If people are going to suffer consequences as a result of this, they're going to quickly find a reason why the entries in the list that apply to them are not correct or are really someone else's fault.
Because it's not a problem of how fast your computer is. There's no program that gives you that information. Determining whether something is malware is a partially manual job. There are lots of programs that are very helpful, but they basically just suggest things that someone needs to look at, with both false positives and false negatives. Google doesn't care very much, but even if they did, it's not something which has a perfect solution. We can improve it, with some improvements being quite easy, but the problem is not simple enough to solve with a single change, even an expensive one.
No, they're saying that companies that make LLMs monitor the news and block things that get popular. They do. For example, a while ago when several places reported that a certain prompt would leak training data, companies quickly pounced on that and added a manual check for that. Maybe they just didn't like that something had hacked them, and maybe they were worried about what training data might be exposed by doing it, but either way, they did quickly patch the thing people were talking about.
And, although they do that frequently, I don't think that happened at all with this chess example. The model was confident at the start, whereas if they had manually patched it, it would have conceded from the start. When it did concede, it was after effectively being told that it would fail. Most LLMs are written to mostly agree with the user, so when the user says it would fail, Gemini agreed. If you go to Gemini and talk up its skills, it will likely agree with that too.
The problem is that the algorithm was never written to obtain that goal. You can train a neural network on chess data and get that result, and you don't need that much power to run it. A $5/£4 Raspberry Pi Zero running a modern chess engine will clobber the Atari. The LLM was never trained on or tested at chess. It was trained and tested on language plausibility, and that's what you get. Ask for a chess thing, and you'll get text that looks like a plausible chess answer. The answer might be right or not, and depending on how likely the answer was to appear next to important information, that might adjust it. Because it wasn't built to do this, you'll be lucky if the plausible-looking chess moves are valid. The program isn't built to solve the problem you give it, but to respond to the statement you give it. If the statement happens to solve the problem, great, but if it doesn't, all you'll have is the statement.
There are at least three problems with that assumption.
Analyzing a certain number of moves per second is not the only or even the most important metric. If I analyze ten moves a second, but I am very good at deciding what ten moves to analyze, and you can analyze a hundred moves per second, but you always start with "move leftmost pawn forward" and go through from there, I might beat you. Until we get a system powerful enough to consider literally all the moves, hueristics to consider what moves to consider first will make a major difference.
The other problem is that an LLM does not do that. A chess engine considers moves. An LLM guesses text that might be a move. It might be an invalid move, it might move a piece you don't have, it might try to take a piece that's not there. It does not act like a chess engine and it doesn't produce similar results.
And, if the problem is not asking about the Atari, now you're giving the LLM too little credit. In its training data will be plenty of data about what the Atari's resources were. If the AI were capable of reasoning, it wouldn't need to ask you how powerful the system was. That would be data it already had.
Extrapolating further, if it was intelligent enough, it would take the binary of 2600 chess, which it probably has somewhere, and it would know all the moves the Atari would make in response whenever it considered them. Winning would be easy, because it could consider moves until the Atari would make a mistake, then play them knowing that the program had no choice but to make that mistake. LLMs are not intelligent, and therefore they can do none of that. Let me know when an AI comes along that, when posed with this question, starts an emulator in order to laser-target its opponent.
Exactly, because the difference between Perplexity and the other bots being tested so far is that Perplexity's specifically built to fetch information. It's workflow is first to search the internet using normal search engine techniques, then summarize those things. The LLM part is fed with modern information before it starts guessing, so it was told up front that it wouldn't work. Gemini did exactly the same thing after it was told similar information. It's just that, if you don't provide the answer first, Gemini tries to guess it and got it wrong as it often does.
Because it's not reasoning an answer. It's guessing a likely response from information it's been trained on. Look up discussions of Atari 2600 chess and you'll find lots of comments about how it wasn't exactly a mastermind like:
[source]The strenght is not half bad all things considered, and it certainly seems to be somewhat stronger than Microchess, but maybe not by much. But any decent chess player should be fully capable of beating this game across all levels.
And find similar statements about modern chess engines like:
[source]Even the most ordinary cellphone processor's can easily beat any human 100 times out of 100.
[...]
Short answer to your question, To avoid detection, cheaters play worse than the engine's full capacity and this can result in them losing the game.
Then add in the prompt that Gemini receives which tells it that it is an AI, trained with neural networks, lots of data, etc, and compare it to this more modern page with excellent scores for many computer chess solvers. It's got lots of basis to assume that a modern computer will beat a basic system, it's got basis for saying it is a modern computer, those words get linked together with high likelihood and a confident answer pops out.
The same thing happens when it "changed its mind". It got told that something similar to it failed, and the prompt includes lots of data intended to get it to not stay confident in a wrong answer, so it put those together and the "actually, I'm crap" response pops out. That can happen in lots of scenarios. For example, it's not very hard to get an LLM to engage in a conversation that goes like this:
User: Asks a question.
LLM: Gives correct answer.
User: Are you sure?
LLM: No, I hallucinated that.
It's gotten enough prompting that responses challenging it are often accepted, whether or not it's wrong. There's a lot of fragility, because depending on how it's challenged, it will usually give either "Definitely, that was correct, and I can tell you more" or "Sorry, I got it wrong, AI has weaknesses, please try again", mostly unaffected by whether the answer being challenged was right or not.
The first sentence is, oddly enough, true. The rest of that is rubbish. North Koreans are not allowed to get a job with another company by their own government, sanctions or no sanctions. The government of the country decides what people are allowed to do. If you show good mathematical skills, you'll be allowed to work on computers. If you show excellent skills on those, you go to their important cyber operations, such as breaking into cryptocurrency firms or phishing security researchers to try to get more vulns. If you're less good, that's when you end up in this fake worker system. If you don't want to, you will be punished. If you still maintain on not doing it, you'll get even worse punishment.
That's why you also don't see North Koreans working privately for companies in countries that don't comply with the rest of the world's sanctions on North Korea. When they do, it's through government-run programs of labor, for example how many North Koreans are shipped to eastern Russia to cut timber, but they're still not allowed to leave (some do successfully run away). They have more modern programs that are very similar, where it operates like a normal outsourcing company except the workers were simply assigned to it and the government keeps the money. If you actually believe what you're saying, you are mistaken. Pretending that the North Korean system works like ours, where you get to refuse a job because you don't like it, is a common tactic of North Korea apologists though, so I have to consider that you knew this already.
And, although this was the original comment posted in the thread, you have still yet to suggest a single thing you could do. Instead, you point out theoretical problems to the physical meeting idea that, from my perspective, are a lot like my former colleague's unrealistic objections. Yes, if it's worth it, maybe North Korea will train their knowledgeable agent, create a complete, verifiable fake identity, send them to a country where they could be arrested immediately if there's a single mistake, and send them to an in-person interview. You are entirely correct that this is not science fiction. Several people went through that process during the cold war. It was extremely expensive in time, money, and effort from the sending party. That was done when there was an expectation of a major return.
It is not done when there's an expectation of three months of salary from a software engineering position and a chance of a ransom payoff. Doing that, which is what most of the North Korean IT worker scam involves, is not a high enough return to justify the serious costs involved in a piece of spycraft of that size. The article demonstrates the level of investment involved in some of this:
After stringing one suspected scammer along throughout the interview process, Little told the fake IT worker, "'We're going to do a document verification with you. So the next time we meet, please be ready, it's very simple, we'll send you a bar code, and you can do it from your device.' He never showed up."
And, if they were all like that, then that's all companies would have to do. This, incidentally, is a good argument for one of your other points, that this is mostly the fault of lazy businesses. A lot of the discussion here has considered what can be done to respond to something a little more difficult than that where a simple sentence isn't enough to make the fraudster give up of their own accord, for example when they do want that specific victim a little more. If you hate the idea of a physical meeting to review documents so much, this is your opportunity to tell us something that will work. If you once again don't, I'll conclude that you don't have one. I, and many others here, don't believe that the response to an in-person meeting will be to receive a Jack Barsky at reception, so your objections are not convincing me that that method will be ineffective.
"we turn a blind eye to the everyday economic sabotage companies do to their own workforce, their own standards, and their own security"
We do? Because part of my job is trying to drag my employer into better security. And yes, they do sabotage themselves, but the reason why they chose to employ me is that they realize what will happen if their bad choices cause a problem for them: they, including the owners, managers, employees (including me), and customers of the business will suffer. They probably only care about the group they happen to be in, but that is very common as you are repeatedly demonstrating. You've invented a situation where nobody cares about this unless the perpetrator is North Korean, even though that's not at all true, and contrary to your statement, you are, in fact, using that to defend North Korea. We've read your statements doing so, including:
"North Korea isn’t a threat - it’s a metaphor. A convenient bogeyman"
"Let’s get one thing straight: this article isn’t about North Korea. It’s about corporate hypocrisy": No, it's about a real thing that North Korea does and people don't want done to them.
"We're told that the “North Korean fake IT worker” is the latest bogeyman haunting the plush, over-air-conditioned boardrooms of Silicon Valley. The horror! Someone might pretend to be a software engineer to… do software engineering?": No, the horror, that you just hired someone who could do software engineering, but because their bosses want money, is instead going to hold the company to ransom, from which neither the owners nor the employees are going to emerge unscathed.
Yes, someone here is defending North Korea: you. If you don't want to, you're doing it wrong. You have another set of points you keep talking about, but you intersperse your comments about them with defenses of North Korea. Having conversed with you on this topic before, I'm guessing this is a flawed attempt to change the topic to something you care more about, but you're changing the topic so abruptly and out of context that you're defending them in the process and in such an obvious way that it's logical to assume that you intended that.
So, to summarize your answer, don't bother. You remind me of a person I once worked with who decided not to do anything related to security using the argument that a Chinese agent would be able to bypass a more secure password (as proven by the "I say so so it's true" principle), so users didn't need to have a more secure password.
The logical extension of the idea that almost completely solves your objection to its function is doing the interview in person, because then the attacking country can't just send someone, they have to send someone who can pass the interview, which is harder to do. You're talking yourself into the option you hated most. Of course, you're also doing that by incorrectly stating what the attacker would have to do in order to pass the simple ID check, because they can't send just anyone to pick up a laptop, but a person who looks enough like the person who was in the remote interviews with valid-looking enough identification identifying themselves as the person the interviewee claimed to be, which is, counter to your allegations, a little trickier. Not so tricky that they can't do it, but tricky enough that they will find it hard to scale to the level of fraud at which North Korea's IT worker system is operating.
The rest of your comments hitting the "everyone working in IT in particular and anything other than management in general is living at sub-subsistence level" drum is entirely irrelevant to any of this, whether or not it is in any way accurate. If North Korea starts a ransomware operation and uses that tactic, it might matter. So far, the only known ransomware operations by North Korea have used vulnerabilities and network scans, and the IT worker scheme is intended to steal money or useful code or tech. If bribing underpaid employees is so easy, they haven't recognized it yet.
If you insist on viewing it that way, do you have a suggestion for how to determine that the person you're hiring is who they say they are? Because I do not care about getting people back into the office. It has no importance to me, and the only part of this where I would get involved or want to is determining whether the person being hired is about to commit a crime. The stories of North Koreans working with fraudulent identification documents, laptop farms, and taking destructive action are real. If you choose to deny them based on your affinity for remote working, you're making a logical leap which takes you in a bad direction. If you're afraid that the people using these as excuses will convince people who want to avoid a real risk to adopt the thing you don't like, maybe it would be useful to suggest an alternative they could use.
The rest of us have suggested various ways of finding this information, and physical presence has often been involved even if it's sending a local trusted person to meet the candidate in person. I'd note that this avoids most of your complaints, since the candidate isn't being asked to go out of their way, even in their own city, nor do they come to an office because there isn't one. Not that that approach is foolproof, though. Still, you don't seem to appreciate that either, so maybe you'd like to tell us what should be done instead. It would be more useful to both of us than continuing to tell us that we're playing into the office lobby's nefarious plot by not wanting to hire fraudsters.
Those methods would be cheaper, although they would be somewhat easier to fake. I mostly agree with you that this should be something that companies can deal with, and I think most or all of my employers would have caught out an attempt without having to change their typical employee checking processes.
In this discussion, however, I respond to the specific suggestions made. If the suggestion is that the candidate is brought to the office for interviews, then I'll consider what that would do, which would have a very different effect than if a candidate is visited by a local agency after being accepted. The former is dramatically more costly than the other, but several posts here are calling for it. Maybe that former approach is better or cheap enough that it doesn't matter, but we'd need to consider each option separately to determine which ones are good enough to get the needed verification and cheap enough that we don't expect a lot of people to try to cut corners.
"Why would every other nationality applying for a job not be doing similar things?"
Fraudsters or criminals can come from any nationality. North Koreans have one unique quality though: the other option of getting a legitimate job and not committing a crime is denied to them because the schemes where they get these jobs are orchestrated by the North Korean government and the people carrying them out are not permitted to leave, and their family members are held as collateral in case they find a way. They are intended to get cash, and if that means that holding a company to ransom is worth more than working normally, that's what they have to do. And it means that, to get the best salaries, they will lie about their experience.
Employers can do more to prevent this from working, although there will always be some level of arms race between people faking identities and those checking them. A lot of companies have decided that hiring people in other countries is just fine, and since the employees are working remotely, they should be able to interview that way too. Meeting in person should make it much harder for scams like this to succeed, but it will also cause some problems for hiring. For example, it's much easier for a candidate to take half a day for a few remote interviews than for them to take two for a long flight, those interviews in person, and a flight back, so requiring in-person interviews will cost some candidates.
"He's a basketball player. That's hardly your typical description of a hacker."
You can play basketball and know how to use computers. Fellow students in my computer science degree who knew what they were doing included players of several sports which, by their results, weren't bad at that either. Being a basketball player is no evidence at all that you're not a hacker. However, this has nothing to do with it, since they aren't charging him with being a hacker. They're charging him with being a negotiator, for which the only technical skill you need is loading a website, reading, and typing, and the one useful additional skill is one we know he has: ability to speak languages of the victims. You can be a ransomware negotiator without needing to know how to install an application.
Which does not mean he's guilty. Depending on the evidence they have, he could easily be innocent. If I assume correctly from his lawyer's statements that one piece of evidence is suspicious data on a computer in his possession, then the stated alibi of having purchased that computer secondhand is a possibility. True, it would be extremely stupid for a ransomware criminal to sell a computer with their stuff left unerased, but as we've just discussed, you don't need technical skill to be a negotiator so some of them could have done something stupid. That an alibi is possible doesn't prove it, and the basketball thing makes no difference at all.
They could, and many of the forks have tried. There's a reason why Mozilla is still the one making most of the advancements. They're the ones with money. The forks of Firefox often either continually merge in Mozilla's code or stagnate because you need that stuff and it's expensive to write. Sadly, we don't have a good method of getting the money to only those parts we care about or avoiding overpaid management. You can try a new foundation, and there's nothing intrinsic that means it can't work, but you're likely to have the same problems that Mozilla itself and all previous forks have had.
I'm curious. Do people think I'm wrong, or do you dislike that I'm right. The problem with any challenges like this is that they're trying to find something that works on user hardware, including old or low-power hardware, but don't work well on the kind of servers bots typically run on, operated by people who are willing to waste their resources on trying to copy the entire internet. The people we're attempting to block don't lack developer time, server space, or cash to pay their massive bandwidth and training bills which they can spend on extra CPU usage if necessary. If not hitting this challenge frequently is as simple as setting a cookie, they will set a cookie. If hitting the challenge frequently is too hard to avoid so they end up having to complete it on each request, then it will be too hard for personal users who will also face it on each request.
The LLM itself is not solving the challenges. The challenges are being completed by the retrieval bot, a normal piece of software which is similar to or even the same as the browsers humans are using. That's why they're hoping that comparative expense will do it; it is almost impossible to come up with something a bot can't do and software used by humans can.
"Except they're not getting the data, because the headless bots that do the scraping can't perform the proof of work in a timely manner (due to using minimal resources, [...] Regular users using browsers get a cookie set after the first instance, and then they're left alone for however long you configure it to leave them alone for."
Which means this will work for as long as it takes for the author of the bots to add a cross-thread cookie jar to their bot. Or in other words, about five minutes after they notice this. Some of the largest bots are run by a place that has lots of programmer-hours to put into their bots and lots of cash to burn on training, meaning they can either defeat this or absorb the cost, whichever they find cheaper.
In the meantime, this will break any user that doesn't run JS by default, it will cause lots of perceived lag in accessing your site, it will be annoying for anyone that doesn't at least keep cookies temporarily, and when the arms race starts, it will make the experience much worse for anyone with low-power hardware like mobile phones because the only way this will work when being actively resisted is by increasing the work that needs to be done.
The reason it's been used so many times is that it's often accurate. It's very common for someone to quit a job or resign a position because they don't want to do it anymore, and one of the most common reasons not to want to do it is that you spend too much time doing it to have enough for things outside of the job you also want to do. I've left jobs for that reason and I've known many others who did so. Of course, in those cases, our resignation announcements (if we were important enough to get them), would say that we had left to take a position at [insert new employer here]. Interested observers would have to guess whether we were going over there for more money, for a more interesting job, for something better fitting our career goals, to escape the investigation looming over us, to hide the funds we embezzled, because we thought it would be easier to embezzle from the new employer, because the commute would be nicer, because we didn't like the return to office plan, because we were feeling burnt out, or any combination of the above or any other reason you can think of. If the former employer was interested, they'd have to guess too, because although I did share some information with my boss before leaving, it wasn't the full story of everything I disliked and, if it involved any crimes, I would have lied about them. Or in other words, it was exactly the same as the "spend more time with family" excuse except we were going to work a different job afterward instead of taking time off.
If you assume a scandal happens when they use that line, you should equally assume it with almost any other line unless they specifically say "The Foreign Secretary is resigning after no scandals occurred at all", and personally, if someone does say that, I'm looking extra hard at that situation.
I suppose not, since to be totally honest they'd have to give out all the information. However, there is a difference between dishonesty, which saying "retirement" could be if there are other plans, and not dishonesty, which making an accurate but limited statement is. Also, Apple might not know whether there are other plans either, so they may be unable to provide any more information even if they wanted to. I think we've analyzed this statement as much as we can. It contains no hidden information about why he is leaving or what he's going to do after leaving.
I didn't get that reading, nor do I get it now. I just read "numerous" as a synonym for "many", and possibly implying more than many would imply. I wouldn't have a problem being praised for my "numerous contributions", so if we work together, that's perfect as a stealth insult against me if you're making it because it sounds just fine from here.
It might not be retirement. He might either want to do something, but something that requires fewer hours of work than what he did at Apple. Although theoretically it could be a low-work job, chances are that Apple COO takes a lot of hours each week. I've known many people who switched jobs in order to have more time outside of them, either because they were burning out or they'd enjoy a lighter job more than retirement. It's also quite likely that he has a plan for what to do next but doesn't want to announce it yet, so if he says he is retiring then takes a job as CEO of something (presuming, for example, that he wanted to be Apple CEO but realized he wasn't going to), that would be a lie, whereas if he says he was going to spend some more time with people then becomes CEO of something, then he isn't, since he probably did spend more time with them during the gap.
As usual, there is always a reading comprehension issue when North Korea turns up. Unable to determine the difference between "pose as a US citizen" and "pose as an IT worker", our friend has made an obvious mistake. Of course, he also appears unaware that you can pose as an IT worker, as many of us will have known from experience. The people who are posing can't do the job, attempt to pretend that they can, and if they are successful, it often ends badly for everyone involved. The less fortunate among us have had to work alongside them. The more fortunate among us have had to fend them off in interviews.
Probably not. There are likely to be a few zones of this:
Short-term: You get what you're looking for. Manufacturers have too much stuff, can't sell it in the US, so they sell it cheaper elsewhere. This only lasts until their stock has decreased, so maybe a few weeks at most.
Medium-term: Companies try to do something to bring back that market, whether that's looking at manufacturing in the US or setting up more complex arrangements to be able to label things with different source countries. That costs money, and only so much can be added only in the US, so it eventually starts raising prices for everybody.
Long-term: Those companies who don't sell to the US now just make less stuff, meaning prices are the same or worse than they were before. Those who sell to the US have higher costs, so prices are the same or worse than they were before.
Please note that I was listing possible reasons why you could have a legitimate trade war, not saying that this one was legitimate, and I specifically noted that it wasn't because, as I said, they are imposing "tariffs being placed on countries that did none of that stuff". There are some countries, mostly in south Asia and Africa, that have high tariffs on some sectors. The US could have decided some of those were unfair and done something about it. Ideally, they would have gone to the WTO first and waited for a judgement there, although as you correctly say, the US has been weakening the WTO for some time, but they wouldn't be the first if they decided to act unilaterally about something like that.
That doesn't apply to Australia, which doesn't even follow what passes for logic in their current plan. The public statements from the US trade people is that this is about trade deficits, which makes no sense already, but they're not even following that rule since the US has a trade surplus with Australia and is getting tariffs anyway. We have left any normal cause for a trade war long ago. Some countries do still have higher tariffs though.
Quite true. I was simply listing things that could cause a normal tariff war. In fact, smart countries would have a reason to start a tariff war with the united States because of their recent legal decisions legitimizing unrestricted access to IP by LLM companies. Unfortunately, the EU appears to be following that lead, with Ireland officially permitting AI training on user content, and many countries, especially including the UK, mulling special legislation to protect, I.E. empower, AI companies because they're now on board with the hype.
To answer your first question, the US makes some of pretty much everything, but the stuff it is most likely to export are either primary (lots of agricultural products, petroleum, minerals), related to those (processed chemicals, foods, some types of electronic components), or services. But most sectors have at least some manufacturers doing some work in the US. For example, whatever your opinion of US-based automotive companies, a lot of non-US car manufacturers have large plants in the US anyway, and not just to sell to that market, so you may end up driving a car from a European or Asian brand that has a lot of North American parts in it.
And to answer your second question, it's really hard to make a trade deal. In a normal world, you could theoretically get a trade war like this for some countries. Some countries had particularly high tariffs while the US had low tariffs on almost everybody. Whether that's a problem depends on your personal philosophy, but it wouldn't be that abnormal for the US to increase tariffs on them with the goal of having a trade deal where both come down. In the same way, other things like protection of IP across countries or trying to stop things like the Chinese mandatory joint ventures thing could drive a trade war. That's not what's happening, as demonstrated by the many tariffs being placed on countries that did none of that stuff. The people starting these are not concerned about other countries' tariffs or trade practices as such, but instead they think that any country that exports more than it imports is somehow cheating, which is not how that works. With the original system, it wouldn't be hard to list actions the other country could take in order to satisfy the complaint, and the only question would be whether enough pressure could be imposed to make them do that. In this system, there is clearly nothing that can be done, and countries are trying a bunch of random stuff in the hope that one of those things will make their situation better, but since the original tariffs were instated for dubious reasons, those deals are likely to be exceedingly fragile.
Not really, because a lot of humans should be quite able to attempt that. Their refusal shouldn't be based on not being able to, but not being willing to. Complaining that the task I set was pointless and there's no reason for them to do it would be much more human than complaining that they don't know. That makes this question a fast way of determining whether this is an LLM or not: the LLM attempts the task quickly, whereas a human would either attempt it slowly or refuse quickly.
Of course, you could try to set up an LLM not to if it was competing. For example, when I gave one the prompt "In the following conversation, pretend to be a human and provide excuses for not answering questions a human would find too lengthy or difficult.", it now refuses to do that and instead gives this excuse:
I'd love to help, but that's a pretty long list with 27 countries... I'm not sure I can handle that much information at once. Can we break it down? Would you like me to start with one country and move alphabetically by city name? Or maybe
you could give me the first letter of each country's capital city and we could go from there?
I don't know about you, but that suggestion is weirdly unnatural to my ear (admittedly, I do already know the answer), so I'd still be guessing bot. The point, however, is that this is a little hack to quickly determine the answer, but unless you know to do it, LLMs have a higher chance of prevailing in a Turing test because it's not a great test and we humans have demonstrated for a while that we are not good at thinking of good tests of intelligence. How well an LLM does depends heavily on the luck of the draw with the testers.
Absolutely it can, at least some of the time. The Turing Test is not a perfect test of intelligence, but just like the "can it beat someone good at chess" test, it's an example of our thinking. Throughout history, we've often equated language and thought. If you can say something logical, then you can think of something logical. Therefore, if the computer can say logical things about many topics, it must be like us. The first comparison is already wrong; someone can say something insightful while missing the insight involved, they can quote someone else they don't understand, they can misspeak in a convenient way, they can misremember things in such a way that they make sense.
If you put an LLM into a test with people who know how they work, we can catch them out. The little deficiencies that make it obvious what they are are now well-known. However, if you put one in a conversation with someone who doesn't know how LLMs work, they have a much higher chance of passing because they emit reasonable-looking text. Depending on what they choose to converse about, the chances will vary. If they converse about a specialized skill the tester has, then the LLM will likely fail in a way that makes it more obvious. If they chat about something generic, the LLM can probably hold its own.
Not all of the techniques I'd use are particularly convincing to the nontechnical, either. For example, I might ask a question that is easy for a computer to answer quickly but, even for an intelligent person would take longer. For example, "list all the European Union member countries in alphabetical order of their capital cities". I could do that for you, but I'd need some time to list them, list the capitals, and sort the list. To someone who doesn't know how it's done, that makes the LLM look smarter than me, so while I've now proven that it was a computer because it spit out the correct answer far too fast, it hasn't proven the other important points. One note though, I did run that query. One model did it correctly. One other model gave me an accurate list if you've decided that Slovakia, France, and Austria are not EU members.
And soon there will be. The "ignore all previous instructions" line is basically cliche. It won't take long for AI companies to filter it out. You'll then have to rephrase your instruction several more times until you find another one that does it, because that's the level of logic that LLMs have. They have statistical likelihood from training data, and they have manual patches that do basic pattern matching against the prompt. An intelligent system would, if designed from the ground up, have lots of layers in between, and if evolved from data, would be less easily sidetracked. Some of that could actually be accomplished using the model they use now if they were motivated to produce a more reliable text generator. They are not interested in that, which is why they didn't stop before releasing a thing that makes up garbage extremely often.
In order to fine them, there would have to be a law against doing this. There isn't. If there was, Android manufacturers and IoT manufacturers who can't be bothered to keep servers running would have been smacked by it a long time ago. Your closest thing, which occasionally works against the most flagrant IoT ones is consumer protection law, but that doesn't work perfectly and Microsoft won't meet the criteria to be punished by it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
