Posts by doublelayer

Re: what's special about legal eagles?

There are some reasons to expect that it will be even worse at legal situations than at some others, since it is very easy for historical data to be invalid and for tiny differences in the input situation to make a big difference to the accurate answer. While it's not too accurate at anything, law would be one of the worst things to use it for, probably along with medicine. Some things that involve more rote memorization would be more accurate, though likely not accurate enough to use, which is why LLMs have been so useful at cheating at basic schoolwork where you have to learn the same basics that everyone else learned in order to properly manage the advanced stuff you'll learn later.

Re: Quite human

Not in my experience. When I search for something, I may get something useful, I may get nothing related to what I want, or I might get things that are related but aren't helpful. What I rarely see is something that looks like it's helpful but is actually complete gibberish. For example, I was looking for a source for firmware update files for hardware whose manufacturer does not properly organize and present them, and I got firmware files for a similarly-named but otherwise completely different product. I did not get an essay summarizing firmware updates that didn't exist. I much prefer the former because I can quickly identify that the hardware I'm looking at is not for radio stations, so I don't want that result.

Re: Reason

It's not even as simple as the AI being fed garbage data and not filtering it out, but sometimes the AI being fed applicable data and not being able to determine when it is applicable and when it is not. Admittedly, I've seen humans fail that test as well, but they're usually a bit better at it. For example, a person does a search for a legal issue and gets results that describe, accurately, the process for dealing with that issue in a place they're not in. The location where it applies will be written in that article, and most people will find that out and try to find another article. Language models will probably fail to correlate that mention of the location with all the words further along in the article and, if what it says is common enough, give it to anyone who asks about the issue, even if that person specifically mentioned a different location. It got correct data and nonetheless generates garbage. That is what an LLM does, and the sooner people realize that, the fewer idiots they will make of themselves.

Re: Sounds like...

This is subjective, but I do not think your argument qualifies. Remembering a sentence and modifying it is not the same as remembering the entire book and quoting it. LLMs have frequently done the latter. It's not "It was the best of times, it was the worst of times" but me typing the entirety of the opening chapter into this box. I have read that book, but I cannot do that. I don't think any student could unless they had specifically studied the chapter or if they were trapped in a prison cell with only that book for years and had become obsessive. LLMs frequently do it without that being the desired outcome, and when people do want that outcome, it happens quite reliably.

Re: Sounds like...

"Can it be argued that training is similar to a child reading a copyrighted book"

It can be argued, and it has been by many people. I have yet to see it argued successfully, however. Usually, the argument goes like this:

The process of getting text into this model is called training. The process of educating a child can be called training. Therefore they must be the same. The work printed by the model looks like an essay. Students also produce essays. They must be the same. Argument ends here.

Actually arguing that would require you to demonstrate why the training of a model which can and does memorize large chunks of text and sometimes prints it verbatim is equivalent to human reading, and not by resorting to humans with incredible memories who may or may not be able to recount a book back to you on reading it once. It will require you to determine if you think that reading some books and reading millions of books, more than any human could possibly do, are the same or not. It will require you to prove an equivalence between the statistical methods used on the training material and human intelligence, which will be quite difficult. It will require you to prove that the parts of human experience other than reading which affect their products are sufficiently small that they can be discounted when making the comparison to the way an LLM produces its output. Unfortunately for anyone making these arguments, these are all relatively subjective arguments, but to the extent that they can be argued, they usually produce a stronger conclusion that ingestion of text into a model is not at all like a student's learning.

Re: "I found a phone sitting on the side of the road that had apparently fallen 16,000 feet."

Figure out where the phone came from: a plane. Figure out how high the plane was when the phone stopped being in it: approximately 16,000 feet. Insert the word "apparently" in case this was someone mocking up a fake ticket and planting a phone where debris from the plane would have landed or if a helpful skydiver carefully brought it down.

Re: > Fake news

"I think it was Apple, who first started showing non-skippable ads on YouTube."

I don't know if Apple used that feature, but you can hardly blame Apple for YouTube deciding to remove your ability to skip ads. Well you can't if you're being logical.

Re: What but not why...

"The Karens of the IT world use exactly this argument - they get to decide what the value is, not the person who has put months or even years of effort into a project."

That is not what I am saying. I am saying that everyone, big company or individual, programmer or buyer, decides what they think the value is. They then suggest some terms to the person they're negotiating with, and if their values are wildly divergent, a sale doesn't happen. If I'm selling licenses to my product and I think the appropriate price for a license is £5k per user per month, you are not being unfair to me by telling me that you don't see any more than £500. I may reduce my price because I want your business, but with a difference like that, the chances are high that I will simply tell you that your price is not acceptable for me, but you are free to come back if you fail to find something at the price you want. Nobody is forcing people to accept lower prices. As disappointing as it might be to find that people are not willing to pay you the value you expect, they have not violated you by not valuing your work as highly as you do. If they offer you something insultingly small, then don't hesitate to tell them you'll find another buyer.

Re: What but not why...

As the buyer of the art, I decide how much value I think the art has. As the seller of the art, you decide how much value you think you are getting from my proposal. That means that if I offer you £50, you consider such things as whether you want payment in pounds and whether 50 is enough of them, and if I offer you exposure, you consider what kind of exposure you'll actually get and how likely that is to result in a benefit to you. You might ask such questions as whether I'm going to display it, and when and where that will be, and for how long, and lots of other questions. Then you put a value on that and decide whether it's worth it.

The same applies to me saying that I'll buy your product if you make it open source. You have to decide how much it's worth to you to keep this closed source, how much you'll lose by making it open source, and see if what I'm offering bridges that gap. If you decide it doesn't, you either negotiate with me for better terms or you decline my offer and find something else. That I offered you terms you don't like is neither abuse nor should it be unacceptable. It shouldn't be unacceptable because the other party is making exactly the same calculations: they decide how much they're willing to pay for something and try to factor in any other options, for example how much value they would expect to gain from having access to the code they purchased. You may find yourself facing an offer like "I'll pay you £50k if you make this open source", and it may well be composed of a "I would pay £2k for the product as is, I would pay £15k if I had a guarantee of support, and I would pay £50k for the ability to support it myself and distribute changes in case the writer disappears". All of those numbers may be too low for you, but they have not violated your rights or the bounds of propriety by suggesting them.

Re: What but not why...

And, like the art world, it's completely acceptable. I can tell someone that I won't pay for their art but I will happily show it to people. If they don't like that, and they have good reason not to, then they shouldn't give me any of their art. If someone refuses to pay the price you think is deserved, then don't give them your product. If everyone isn't willing to pay what you want, then you may have to reconsider what you'll charge or how you'll do it, but that doesn't mean you just do whatever anyone asks for.

Re: What but not why...

"It also (as another poster raised and promptly got downvoted for) can be wildly abused as a mechanism for denying the reward for work done."

They got downvotes because it's not abuse. It's specifically written into the license the person doing the work chose. If I write some code and say you can use it for free, and you can make money from using it, then maybe I should have tried to charge you in the first place. There's a reasonable chance you wouldn't have used my code in that case, but if I choose to give you the right to use it for free, then I should expect that you get to use it for free. There are a lot of options for making software which cannot be used in commercial situations without payment. If you don't choose any of those methods, and you specifically choose one that does allow it, it is not abuse when people do what you said they could.

That's been tried. It doesn't work. Just as you can release every combination of two words into the public domain, and every single word, but that won't eliminate copyright on sentences produced from the words. Music copyright complaints, when they're talking about small similarities between two distinct pieces, are often dubious in quality. A brute force algorithm won't fix it for two reasons:

1. The copyright office in the United States has clearly stated that a dumb program's output can't be copyrighted unless there is significant human effort involved, so they don't have copyright over the tiny chunks in the United States, where many of the lawsuits occur.

2. Most of the sections would be too small to copyright anyway, in the same way that I can't write "I am" (copyright me, you can't use it).

Re: Won't be a problem

They'll probably try, but I doubt it will work. A lot of musicians and bands have a powerful brand which attracts people to spend money on it. It's not just that they make good music. Most of the popular ones make reasonably good music, assuming you like the genre they're making it in, but others could manage that as well.

Books work similarly. There are several authors I really like reading and, when they publish a new book, I eagerly go out and read it. This isn't because other authors can't write a book of comparable quality, but because I don't know about them yet. The author's name can be a powerful influence on whether people buy it since they know what they're getting. If every book was published under a new pseudonym, I wouldn't already know I liked it and would be less likely to find out about its existence, meaning fewer sales. Publishers might respond to this by trying to sell lots of AI-generated or ghost-written books under the same pseudonym, but if they do it too much, I will figure out that the name is no longer attached to the consistent quality I'm looking for and stop reading books by that pseudonym. The benefit of a brand that conveys a certain message to the people buying the work will probably keep individuals around, both in literature and in music.

Re: class ransomware as a weapon of mass destruction?

Do you want that tested over your house? Are you really planning your international policy on Russia being unwilling or unable to maintain some nuclear weapons to back up the frequent threats, weapons they already had? I'm sure the Russian arsenal is less modern and well-maintained than the American or British ones, but an old nuclear weapon can still kill a lot of people. The reason that nuclear powers usually have a strong line against any use of nuclear weapons is that even one detonation can be catastrophic. Unless you seriously believe that Russia somehow managed to break every nuclear weapon they've ever had, you need to take their ability to use them into account when planning actions against them, which means that nuking them yourself is a really risky thing to do.

But let's assume it's not Russia. It's the People's Republic of Alphia which doesn't have any nuclear weapons. They can't get any meaningful revenge if you decide to attack them. Are you satisfied dropping a nuclear weapon on them when criminals operate from them and they don't do something about it? That will result in thousands to millions of innocent Alphians who didn't do that dying. It will probably cause people in Alphia's neighbors to die as well. It will certainly cause complete chaos in the region. It will likely cause a lot of Alphians to hate your country, so expect some Alphian terrorist movements trying to make you pay. Is that something you're comfortable doing, both from a moral and a pragmatic point of view?

It depends what you have to do to get cut off. If it's really difficult, effectively making yourself a pariah to everybody, then it won't matter. The only country that's achieved that is North Korea, and basically nothing comes from their tiny address space. All their attacks come from other countries' addresses, most of that launched from Chinese proxies (as the first link in a chain to more proxies), and some also committed by people operating from a different country already. If it's really easy to get a country blocked from the internet, what makes you so sure that the one you're in won't get blocked for some reason? Russia may have burned a lot of its bridges with European countries and close allies, but they've got plenty of links with other countries, especially including India and China. How would we ban Russia from the internet if India and China were voting on their side and could easily proxy as much traffic as they needed to. Would we try to ban those two as well for not complying with our ban? The decisions required to implement that and trying to decide who should have the power to make them is a very difficult task.

Re: How about a bounty?

They do that. For example, from this paper alone:

US offers $10m for info on DarkSide ransomware gang chiefs

US puts a $10m bounty on Hive while Russia shuts down access

US offers $15m for help catching Conti ransomware gang

If you have lots of cash to spend on that, you can keep doing it. I'm not sure the rewards promised in any of those have actually been paid, and I don't know how many useful leads they got from having those programs, but it is a tool and the US, at least, has been using it on occasion.

It won't destroy cybercrime, but it would weaken it. Anyone could have set up an insider trading scheme based on causing sabotage any time in the past. However, it's much more difficult to implement correctly. You may not know, for example, how much damage your sabotage will do or when it will become known. If your attack occurs in July but they don't announce financial results until September, you don't know how bad it will look then and there's a chance your trading either fails or, more likely, produces a really tiny profit for a carefully-planned attack. If we could destroy ransomware entirely and only be left with things like that, that would be an improvement. I won't pretend that banning payment of ransoms would completely kill ransomware, as I'm sure there would still be some people willing to circumvent the ban rather than incur the consequences, but it would be helpful.

Re: class ransomware as a weapon of mass destruction?

Sure, that will work great.

US: Excuse me Mr. Putin, but we detected some criminals operating from your country infecting hospitals with ransomware. We have a small missile pointed at Moscow and another one targeted at Volgograd, where we're pretty sure these guys are. We're about to kill two million of your citizens. What do you say?

Putin: One moment please.

...

Putin: I have thirty missiles ready to fire at thirty of your cities. I will kill fifteen million of your citizens. What do you say?

US: I have a hundred missiles. Thirty million citizens.

Putin: Five hundred missiles. Too many citizens to count.

US: Most of the missiles. Your country will not exist.

Putin: All our missiles. Your country and those of your allies won't exist.

The concept of mutually assured destruction is not new. You would do well to learn it.

Re: "Such a ban would need to be universal"

If you want the logic to say that big business can do whatever it wants because it has ultimate power over everything, then let's just accept that. It's wrong and self-defeating, but we don't even have to argue about that to resolve this question. If the biggest businesses are beyond our ability to control them, then we still have the power to influence what everyone else can do, and that power is still big. So, whether we are powerless or not to regulate the actions of the largest companies (we are not), we can still make an impact by regulating what smaller ones and government-controlled entities as mentioned in the article, can do.

Re: Wrong

"How can you frame it as a crime to pay to get your own data back under threat of damages to your company?"

Paying money to known criminals? It is already illegal if you replace "criminals" with "terrorists", because you know the money will be put to use committing terrorism which is assumed to be worse than whatever problem you're having. It's pretty easy to make that logical leap, and the law would be compatible with other criminal legislation that already exists. There is no legal obstacle, as far as I know, that would prevent you from passing and enforcing such a law. Therefore, it comes down to whether we, as the voters in democracies, wish to make that a criminal offense or not.

Re: Wrong

The fact that someone made a mistake does not mean that we should adjust our laws to let them do whatever they think necessary to recover from their mistake. I have left too late for things before, but that didn't give me permission to treat the public streets as a racetrack to get where I needed to be on time. Making mistakes leads to consequences. Consequences are why you try to avoid mistakes when you can and to have contingencies for when you can't.

Re: Someone wasn't doing their job.

"This time [...] with some security" is not something you can just buy. You have to work on doing that better than last time, and that takes time and effort. Insurance covering the costs depends on whether you had insurance that covers that, which not everyone does, and doesn't necessarily shorten the time to recovery; if the insurance lets you hire the most expensive consultants and as many of them as you want, then you can cut down on implementation time to some extent, but it usually doesn't let you do that. Even if it did, there comes a point where adding more people won't speed up the process anymore.

Re: Backups

Not necessarily, but it is possible. They may be trying to rebuild something better rather than restoring exactly what they had before, or they might have to rebuild something different because they don't have some of what used to exist. From the statements in the article, I don't think we can know for sure whether either of those apply. Similarly, they may have restored a lot of the content from backups but want to recreate all the systems that handled that content from scratch, which would certainly add to the recovery time. It's often not as simple as did they have unaffected backups yes or no.

That's what I was saying. Folder represents the abstract concept at the user level because folders appear to contain files and more folders. Directory represents the abstract concept at the developer level because directories contain the name and location of other things. Both are abstractions to some degree because the directory is actually a linked list of strings which are serializations of objects which contain strings and integers which refer to filesystem-relative locations which are translated into disk-specific information* which can be used to locate linked lists of strings which can be concatenated to produce the big string the user put there before, but nobody wants to deal with the concept on that level unless they have to.

* Or sometimes there are more levels in the middle, such as virtual disks, RAID arrays, filesystem redundancy, etc. Either abstraction is much nicer.

Re: Cart Before The Horse?

"But for Bobby and Susy Office Worker, what exactly does AI bring to the table? I can get useless search results even faster? What's in it for me and the millions of other average users?"

If you need to write an email but don't want to be bothered thinking or typing, then you can use this to create a message that looks like it answers a question but really doesn't. If the person you are sending it to isn't bothering to read it, then you've saved yourself some time. Otherwise, you'll end up looking like a person either being deliberately unhelpful or someone with reading comprehension problems. That appears to be the use case for office workers that AI companies have thought of. I'm sure some people will try doing that. I didn't say it would be a good thing.

"BTW, what's the difference between directories and folders?"

The level of abstraction involved in the name. Both are pretty abstract, but "folder" was intended to represent to the user what the thing does, and "directory" was intended to represent to the user how the thing worked. The concept that they're doing is identical.

Re: Word Processing in the Cloud

It appears people disagree with my supposition. I'm curious if others have another reason they'd like to propose for why a school would intentionally remove both editors from a system? It can't be Microsoft doing it; Notepad is always there and Word Pad has been thus far as well. To actually remove them would take someone deliberately trying to do so. As much as we might try to blame Microsoft for it, can you actually name a version of Windows that has had them stripped out to push Office365, or for any other reason?

Re: the application will be removed on upgrade

Because there is a risk in telling people that they ship this binary on everyone's installation but it's not supported. If, for example, a security vulnerability was found in it, would they really be able to claim that they don't support it, so that's not their fault? They would be blamed for that, so if they're no longer going to maintain it, they remove it. You can always put it back. It appears to be one executable, one DLL, and a resources file for each installed language, so it should be pretty easy to keep even after it's removed from preinstallation.

Re: Word Processing in the Cloud

I'm sure that, if this is true, it was done intentionally by the place of education. If so, they likely did it to prevent students from writing something locally, saving it to a disk which isn't meant for storage of student work, and either losing important work or claiming that they did to get out of turning something in. The same reason why I've been asked to prevent people from being able to save documents except to a network drive, because evidently just telling people is not working.

Re: Brutality

The quality of the prison doesn't change the expectation of ending up there. People do things all the time where the severity of the bad outcome is high but the risk of incurring it is, or they perceive that risk to be, low. Ransomware operators already have received very long sentences, but that's a small subset of people, and some of the others are living with quite a bit of wealth and happily evading law enforcement. Criminals have chosen to believe that they'll be like the latter and avoid the situation of the former. So far, they're mostly right to think they'll avoid the arm of the law, although they're often wrong about how well they'll be paid for the work. Increasing the severity of what will happen if law enforcement gets them won't have much of an effect unless law enforcement starts getting to more of them, and I think that the effect would be similar without increasing the penalties at all if they could only be applied more broadly.

Re: Would it not be possible to give a patient list to the police...

It should be, and for all I know they may have some method of determining that which for some reason isn't used for many calls. However, criminals who have even a bit of a clue could find ways to relay calls from their location to somewhere local, or even pay someone to make the calls on their behalf. There was a group of adolescents interviewed on a security podcast who operated swatting as a service operations, so they could try outsourcing the work to those guys. It probably won't end well for the less intelligent of those ones, but it offers them another proxy.

For those who are interested in hearing it, the specific episode is Episode 83: 'DING-DONG DITCH' ON STEROIDS (link goes to Apple podcasts).

Re: Would it not be possible to give a patient list to the police...

Fine with me. And those are? The problem with crime of this nature is that we usually don't know all the names and addresses, and when we find out one of them, it's usually more useful to hide it because there's a chance we may find more, while publishing the one we have will just alert them that we're getting close. Some criminals have been arrested successfully when law enforcement has succeeded in unmasking them, but unfortunately not often enough to stop others doing it.

I'd argue against this, but I think you misread the situation so much that it's virtually impossible to debate the point with you. Somehow reporting a problem is the same as advertising, even though I don't pay anybody to use libcurl and the article mentions nothing encouraging use of it. I think you might need to read the article again.

Re: Charge bug bounty hunters an entry fee

It will probably get rid of all hunters, both those who submit crap and those who don't. Hunters may be concerned about submitting a real bug and getting charged for it, especially if companies are being vindictive as they sometimes do. While I don't do commercial bug hunting, I've had the experience of reporting a vulnerability to a company and getting a nasty message back because they didn't like having a problem brought to light, so I'd be careful not to do that if it involved getting a nasty message and paying them for the privilege. I think that's what you'll get, but we can always try. I wish there was a better way, but I don't have one.