Posts by doublelayer

Re: What was this satellite for?

There is no accepted concept of "belongs to" between the two Koreas, since both are of the opinion that the other, land and everything on top, belongs to them. However, it's not that unusual to confiscate military hardware that is in your area. For example, that balloon that the US shot down is not being returned either. In general, if you lose it outside your territory and don't go get it, nobody who does go get it will even briefly consider giving it back to you.

Re: The losers get to write history?

Since the 1707 Acts of Union created something called The Kingdom of Great Britain, containing most of the parts of the Great Britain that we have today, including all of the island of Britain, I think that counts as having existed since that year at least. The 1800 acts added Ireland, but only some of that is still in force. Had the sentence called it the United Kingdom, your pedantry might have worked since it looks like that name was created when Ireland got attached, but it didn't say that.

Apple did it, but they didn't make a point of it. If you open the included compass application on an iPhone, your coordinates are right below the compass display, precise to the second. Tapping them will open a map of your location, although that probably requires connection and may not work in all places.

Re: Multiple redundancy

That is true, but if there are so many emergency calls that it is taking up all of the network, you're likely talking ten or more times as many calls as there are people to answer the calls and talk to the people about what the emergency is. The emergency call system is great for even somewhat large emergencies, but if the city is carpet bombed, it's not going to do much. The emergency services will already know that something bad has happened and be reacting to it in some way, and they don't have the resources to respond to every person in trouble in that situation.

That's why we need something which, if a small group does it enough, will cause enough problems to destroy the business model. We can't rely on everyone doing what we do, but we don't need them to if we can routinely get them all to waste their time.

This is absolutely the right view if the workers you're thinking of are the ones you call because you need them to do something. It's also at least a bit valid when they're doing something legitimate even though many will find them annoying. Pollsters, for example, may not thrill people, but they're trying to do something that doesn't harm you and the results of which you might use. However, most of the calls I receive are not from pollsters or anybody else doing a real job, nor even from the group of telemarketers who are doing nothing useful but at least it's legal. Most of those who call me automatically are entirely focused in either stealing money from me, stealing identifying data from me so they can sell it, or selling something fraudulently to me based on a complete willingness to lie about, for example, knowing who I am and having records about me.

That group is not stuck in a dead-end job, they are choosing to be criminals. That's not strictly true, because there are a few (not by any means a majority, though) which coerce people into doing it. I do not show any sympathy to those people, and I don't suggest you do either.

Of course it hasn't. I combine constants all the time, because it makes it easier to understand what I'm doing. For example, I could write 691200. What does that mean? You'll just have to guess. If I write it 60*60*24*8, you can probably guess what it is, and if you want to change the number of days, it's a simple modification. Similarly, I have a few scripts that report the sizes of files, and I find it easier to divide by 1024**3 or 2**30 to get the number of gigabytes than to spell out 1073741824 every time.

It gets even more useful when the constants are more specific. If I'm allocating a certain number of bytes, then I'd much rather call malloc(40*FRAME_SIZE) than malloc(960) *. If FRAME_SIZE ever changes, it's easy to change it once than to redo the allocations. The compiler will calculate the constant for me and store it as such anyway, so why do you think I should do that computation for it?

* Even better would be malloc(40*sizeof(frame)), but in many cases, these aren't structs and are instead strings of bytes which have to be constructed manually. Sometimes, I will create libraries so they can be structs to the user, but not always.

Re: All for analogies, but can we bit a bit accurate (or at least explain our analogy)?

Except compression and summarization achieve different goals, even though in both cases the result is shorter than the input. Summarization will eliminate some of the data that the user would use, whereas lossy compression is designed to be decompressable to something containing all parts of the original data with certain aspects removed for size. I can summarize a video file by cutting out chunks we don't need, and it is not the same as compressing it but all the frames remain there with fewer pixels specified.

One could do a lossy compression of text by removing some punctuation and maybe even spaces, and someone might be able to read it with some work, but that would be compression, not summarization. The two are not synonymous.

Re: Why isn't there enough strong, clear, evidence from the plaintiffs?

That move is not really a problem. By pointing out that it did happen and that the model was not retrained, they can prove that it can generate verbatim substantial portions of code. That it will no longer generate that one won't prevent it from generating any others, including other sections of the plaintiffs' code. Adding guards for literally every portion of their code would likely start causing problems if a lot of people asked for them to do it. That's the kind of evidence that will be needed, but most likely, the person who owns the code concerned will have to be a participant in the trial (if you get it to print some of my code but I'm not involved, you will likely not be able to sue on that basis).

The article suggests that they have some code they say was printed by this bot, but they don't want to share it because it could identify them. From previous articles, it seems that they got threatening communications from someone which is one reason they want to stay anonymous, but it may make it difficult to make their case if they won't supply evidence because that is difficult to distinguish from not having evidence. I'm not sure how easily that can be fixed, but they might want to find an option in order to make their position stronger.

Re: Nice internet you got here.

Yes, a few people could do that, but the people you would need to make that happen are also the kind of people who wouldn't do it. Their job is not breaking the internet, no matter how bad certain things on the internet might be, and they take that job seriously. Meanwhile, if you and I decide to drop traffic to them, it will do nothing whatsoever; either we weren't going to use them anyway or we'll have to fix things when they don't work by removing the rule. It's the same reason that, even when people suggest that we drop some country which has been committing serious offenses from the internet, websites hosted in that country still work. Things have to get pretty bad before an address block is dropped in a way that shuts down the operator for good.

Re: Detective Colombo asks

Nobody said that all of those people were of the same skill. You'll get a lot of variation. However, to answer your question, one thing that the US has and India doesn't (as much) is a bunch of people with money. That includes the following:

1. Investors who want to invest a large quantity of money in speculative businesses.

2. Customers who can spend comparatively large amounts of money on products and services which can make some of those companies profitable.

3. Companies that have lots of money to put into R&D innovation budgets.

India has people with money, but when scaled up to the size of the country, they have much less of it. They still have large chunks of the country where electricity isn't on all day, which you won't find so often in many other countries, which limits the funding available from the general public. You can get a lot of investment from particularly rich companies or individuals in India as well, but you have fewer of them interested in doing so. That's not the only issue, but it is a rather big one if you're looking for a lot of innovation.

Re: It Pays to Advertise?

I wouldn't be surprised if a lot of those commercial VPNs are quite profitable. They get a smallish monthly subscription for running a bunch of servers, and users may buy that access without really planning to use it, either because they think it will help with security (it can but it will depend on how it is used) or will allow them to view region-limited content (maybe, but no guarantees). How many people forget they don't use it and continue to pay? I don't buy them because I have my own, but it is probably not that expensive to run if they can sign up enough intermittent users.

Re: Local mirror?

I think they probably would if it was all internal, but they didn't bother to cache for users of GitHub. In fact, the users probably prefer that, because it means there's no risk of a faulty cache causing problems for their automation. The people who end up being the target of a lot of forks, none of which are caching, have a very different view of that. Of course, each fork could and should have cached one copy of the source which could be duplicated locally for each different test environment, which would have cut the bandwidth requirements by a couple orders of magnitude. Users probably didn't bother doing that because it's all GitHub's incoming bandwidth and they don't run the server being hammered, so they don't think they have to care. Caching across forks would probably be more difficult without having Microsoft make assumptions for all users of the platform.

Re: Is it a VLOP??

The problem might not be with "very large", but with "online platform". After all, I doubt this is the only large store in the EU. If you take a store that has lots of customers and also has a website where people can buy things, does that make them a very large online platform as well? If you have a website where people can read things but not post, but that site is popular, would that be an online platform? Would an ISP count if it had more than 45 million customers, which several EU-based ISPs appear to meet? What does a site need to do in order to qualify if they have enough visitors?

This appears to be Zalando's complaint, not that they don't have enough customers to qualify but that the stuff they're doing online isn't related to the point of the regulation or to others that have been named. I'm not sure if that is convincing, possibly because I've never used their business and therefore don't have a great idea of whether they have some business that would fall under the regulation, but the definitional argument doesn't entirely rely on the number of customers.

"when the AI generates some program that incorporates the original source (*) the licence doesn’t limit the fields in which that generated program can be used."

No, but a license which didn't obey that part of the definition wouldn't be able to get to that point. The definition does not say that the restriction is only on the running of the software. They say "use". I think it is illustrative to consider how licenses that are considered not open source based on this rule tend to be written.

For example, one that I've seen a few times are non-military licenses. Yes, they say that you aren't to run the software if you're in the military, but they also mean using parts of the code. They mean that the code is simply not to be used at all, no matter how much of it you take. Their licenses could specify that it's just running it, but they don't. Saying explicitly that "no reading it into an AI system" is prohibiting a use of the code, even if it's not a use that people have cared about before. As I've said, I don't think this should be a major impediment to preventing it, as existing use is already violating nearly every open source license in existence*, so I see no compelling reason to make a license the openness of which will be debated.

* Unless someone changes the way copyright works or finds a way to argue that LMM processing shouldn't count, reading it in is still copying. The licenses have requirements on copying, even if it's only attribution.

I'm not sure what you want them to do. Licenses can't force everyone to make only what we want them to, even though I agree with your preferences. For example, the security argument. Yes, a lot of devices are improperly secured and insufficiently supported, creating security problems. An open source license will have a hard time mandating support of a commercial product when they're explicitly refusing to support their product. Legislators can make requirements on commercial products that license authors cannot. If someone does make a license that tries, people will understand how weak that license will be and will ignore it, and if many people decide to do it, it will likely be replaced by a manufacturer consortium with something under an even more permissive license.

That is, of course, if they don't just ignore it. A lot of licenses are being violated all the time with nobody doing anything to enforce them. If you put even more important things in a license, it will still not get enforced frequently, so that's another reason to try to get regulation from regulators who will have at least some budget for trying to regulate rather than hoping that somebody will eventually go after all the people who have GPL code somewhere and don't do anything to follow the license.

I was using this part:

The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

In most licenses that have been affected by this part, the meaning has been where you can run the program. However, since the open source definition has some equation of the program and its source, it equally applies to who may use the source. To forbid someone in AI from using the source, whether that means they are not allowed to run it or process its code somewhere. The field would be forbidden, which directly contradicts that part of the definition. You don't have to care about this; many licenses look sort of open without complying, but people who have strict preferences may object and refrain from supporting the license.

Re: Evolution and power efficiency

I agree that the arguments are somewhat implausible because actually getting anywhere close to them is so difficult. I had a few preconditions to the discussion:

"A program capable of having its own goals, understanding the world enough to have a chance at pursuing those goals, and capable of acting on the world enough to be a threat"

Even getting to that point will take a rather long time, and the first is probably the most difficult. Programs could eventually get connected to a lot of systems, but it will be difficult for them to come to goals of their own when they have no reason to do so. Sci-fi authors sometimes get around this by having them misinterpret goals that the humans gave them, but I don't find that particularly likely.

Re: Evolution and power efficiency

I'll take you at your word that you know so many influential operators, because it doesn't really matter if you're telling the truth or not. You still appear to think that a call from you, and subsequently secondhand information as it is passed along, is enough to convince them to destroy expensive equipment and cause massive damage by disabling internet-based systems. It is not. We all know that. You'd have to have very good proof that something was using those cables for ill and couldn't be stopped without disabling them, and an actually intelligent AI would do as much as possible both to deny that proof to you and to have contingency plans for dealing with an internet problem.

Also, I'm not sure what cables your set of people can take down, but I don't think you happen to control people with access to every regional cable. If you cut off all the oceanic cables, there are still a lot of ground cables. For example, you still have the massive Asian ground network, with billions of devices on it, in which an AI can hide itself. How long are you willing to keep Asia disconnected? You can't disinfect the continent in a week, and if you keep it isolated for a long time, the AI will just have to innovate a new way of spreading without using the internet you've destroyed. For example, it can learn to talk with humans and start placing phone calls itself. At this point, we will need information on what our hypothetical AI wants to do with its power which we're trying to prevent, but it has a lot of options even if you're really much more powerful in global network control than any individual actually is.

Re: Evolution and power efficiency

Sure, turn off the entire internet and hope that you've done that before it spread to all continents. If the theoretical AI was any good at its job, it would be deployed in nearly every country before you knew it. It would also be deployed in multiple ways meaning that you can't just hunt for one signature to remove it from infected equipment.

One person or group also doesn't get to just turn off the internet. If I decided it was necessary and had some proof, I'd still have to go to a lot of people that I don't know and convince them to turn off the backbones. I have little chance of accomplishing that unless my evidence is very convincing indeed. Particularly powerful militaries could get a bit farther, but even the American military could only disable the North American ground cables and probably every undersea cable. International cables on other continents wouldn't be so easily targeted unless they wanted to run the risk of starting some wars. That is the point. Could you turn off the internet with enough effort? Yes, but it would have a lot of painful side-effects and people don't like them to the extent that they often avoid taking necessary precautions to avoid them.

Re: Evolution and power efficiency

"we can quite easily pull the plug."

I don't think AI is a major concern for now or the near future, but if I'm embracing the whole sci-fi idea of an actual autonomous entity, I think there is reason to question if we can actually pull the plug very easily. A program capable of having its own goals, understanding the world enough to have a chance at pursuing those goals, and capable of acting on the world enough to be a threat has various ways of surviving having the power pulled for the computer it started on. The simple example is designing its own malware to spread its existence across the internet to other computers. Now you have a lot more plugs that have to be pulled before it dies. If the program is smart enough to use humans to do the active parts, it could require someone to try to make the case that these computers are infected and need to be destroyed* even though, to their operators, they don't appear to be doing anything out of the ordinary. We don't have a great record of getting global agreement to do something to prevent a major disaster. Generally, we get some action but only enough to blunt the effects of the problem, not cut it off entirely. Still, I'm pretty confident that this can remain a fun thought exercise, not something we'll actually have to do.

* Destroying computers: the hardware probably wouldn't need to be scrapped unless the AI is good at designing new firmware and getting it to lock out attempts to replace it, but you can't just turn them off because the AI would come back when you turn them back on. They would need to be erased, and that requires manual rebuilding efforts. Worth doing if the alternative is a malevolent AI attack, but it can cause a lot of damage and people would rather not if they can get away with it, basically why people ever pay ransomware operators.

Re: What operating system ?

"Unless, as a user, you have made some dangerous changes to the default behaviour of your OS, just downloading an executable file does make it executable on your filesystem. You need to manually set the execution bit first"

I already addressed this. In this case, the file has been written to a USB device by a program running on an infected host. If that program were designed to write Linux-compatible malware, it is perfectly capable of setting the execute bit after the file is written. What you say is true of downloading an executable file from a malicious server, which is not what happens in this case, but even then it's a relatively weak protection. Windows, for example, will detect that you've just downloaded a new executable file and will give you a security warning before it is executed, and if the file is unsigned that security warning hides the run button so it's confusing to many users how to run it anyway, but we don't view that as a cast iron security mechanism, do we?

"Windows, on the other hand, will detect an inserted USB device, assume the device is honest when it declares what it is, and then go look for a driver for it, in some cases accepting a driver from the USB devices inbuilt firmware"

I may be wrong, but I see no evidence of this workflow. See the device, yes. Assume it's telling the truth, yes (although I'm not sure what other option you think it has, because that's nearly required for an open interface like USB). Retrieve drivers from the device, no. It can retrieve drivers from Windows Update, but that's checking Microsoft's servers for drivers it already knows about. I have seen drivers carried on a device before, but in every case, that's managed by having the device present a storage mode with the files stored on it and instructing the user to install them manually, something that will require administrative credentials and multiple security warning screens.

Re: What operating system ?

You are aware that autorun.inf was disabled by default fifteen years ago and disabled entirely about twelve years ago? Put an executable and an autorun.inf file on a drive and plug it in, and you'll see for yourself. Nothing happens anymore.

As for executables, executables are identifiable and runnable by GUI file managers on Linux, and extensions and the #! line are used to identify executable scripts of many types which can be used either to run malware written in that scripting language or to pull a binary from somewhere and run it automatically.

Re: Unique keys

The problem with that is that, without centralization, there is nothing that indicates uniqueness. What prevents me from making a new key every day, walking in with some identification, and having it verified? I could have a bunch of identification keys that all indicate me. In which case, how can I prove that one of those is me and the others are not, for example if someone else went in with a key and got it signed as me.

Re: What, no Task Manager?

My guess is that killing explorer.exe will probably fix it, which is why signing out would work and locking would not. They probably didn't suggest it because the average user probably doesn't know the weird stuff that happens when you kill explorer and forget to start another version of it, which I think is the only reason the task manager still has a "new process" button (actually, it looks like it's "run new task" and possibly has been for years). Logging out is something people at least see the button for, so it's more familiar.

Re: it would still mix up different cases and laws to invent entirely new ones.

What would the programming look like? It could load a page, not find supporting evidence, and come to the following conclusions:

1. The site is temporarily down.

2. The site is permanently down, but used to show this stuff.

3. The site contains the information, but it has a paywall.

4. The site contains the information, but you have to log in.

5. The site contains the information, but you have to click a few links to assemble it.

6. The site contains the information, but it is blocking bot access in some way.

This assumes, of course, that the program is capable of reading another site to confirm its facts. Since it made up the facts in the first place, how is it supposed to find the site that contains verification for stuff it just invented, whether or not that stuff is correct. It can't because it is going about things the wrong way.

In some ways, doing this in reverse could make more sense. A bot could take a query, chop it up in a variety of ways, and put those chunks through a search engine. Read a bunch of results from that, and describe the result to the user. This would probably be much better, but it too would not provide certainty. It might be better for the user to do the search themselves and have their brain interpret the results. In any case, that is not the way that GPT does it, so expecting it to back up its text is a fruitless hope; something might eventually do it, but the existing GPT systems never will be able to.

"I think there is some concrete skill that humans execute that makes it relatively less likely for us to confidently spout nonsense and then double down."

Simple. It's the "I don't know" quotient. Children are raised not knowing lots of things, and they say the magic phrase often. They hear others do so as well, so eventually they realize that there are things they don't understand and that, if they need to, they need to find someone who does. The people who never say that they don't know something are some of the most annoying, and they do exist.

These LMM chatbots don't work on knowledge, so they don't have a method of determining whether they know something. They just write text. If all humans operated on that system, you'd get a lot more text. You can try this with your friends. Find a topic they know little about, and ask them a question they won't know the answer to. They'll say that they don't know. Then ask them to guess how it could work and count all the inaccuracies in their response. Chatbots skip straight to the "guess how it could work" stage, and they have an additional handicap that they only know how language works, so they can guess things that a human would reject as implausible because of facts, not just unlikely combinations of words.

Re: It's not a GOLUM, either.

"how exactly is it "advertised? Or, rather, who is advertising it as what?"

A lot of the blame is due to the people who keep talking about it and running public experiments without knowing what it does, often without the simplest of controls. While they are to blame, I also blame OpenAI for not correcting things, though I don't really expect them to. It has received a lot of hype, and OpenAI never responds to that hype by pointing out its limitations. While that news also covers when it completely fails, as it will with this example, the number of "GPT will take away our jobs" articles suggest that it can do things which it really cannot.