Posts by Not Yb 932 publicly visible posts • joined 10 Sep 2021
If Amazon wins, there won't be any AI allowed there except those that Amazon has agreements with. Or Amazon's own AI, designed to encourage purchase of whatever Amazon wants to sell more of this week.
If Perplexity wins, shopping websites could wind up working like Ticketmaster and it's 'anti-scalping-bot proofing' that doesn't actually stop bots or scalpers.
So, I thought everyone knew this by now, but mounting unknown ISO files on your local machine is inherently dangerous. It has been thus ever since ISO files existed.
"Please mount this iso file to read my CV" has to be a red flag by now, surely? Isn't it? *sigh*
Disney (or maybe Sony, I think) was one of the ones that decided to make it harder for computer users to watch DVDs by hiding the feature presentation behind several hundred other 'feature length' minute titles. As a method of 'copy protection'... it didn't work. It just barely met the letter of the DVD specification, and worked because consumer DVD players just played what they were told, and computer players before that disk release did not work that way.
A few weeks later, of course, every computer DVD player/compressor caught on to the trick.
Sure, they caught the one doing it this time, but there would be NO incentive to do this sort of thing if there was no tracking of 'number of keystrokes per officer'. Seems a bit more likely to cause the infamous 'cop passive voice', which is already rather verbose.
"You can track if your employees are typing enough" doesn't mean you should be doing so.
The display LCD was removable from the backlight, and could be placed on an overhead projector to show graphs and other such things on a larger screen.
I was told it cost around $10,000 at the time. These days it's easier and cheaper to buy a good projector to run with your laptop instead.
Sure, if your threat model is 'nation state', you'll want some sort of key system that can't easily be duplicated, but for the rest of us 'losing the device with the passkey' is sufficiently common that any passkey system that doesn't have a password/TOTP backup of some kind will result in loss of access. So the idea that it's somehow 'far far far more secure than using passwords and TOTP' assumes that Google (or whoever your ID provider is) doesn't use passwords and TOTP to validate creation of a new passkey if the old one fails.
There are 3 fars too many in your last sentence, since that's exactly how most consumer-grade ID providers implement passkey resets, and authentication security actually requires careful design of the whole system, not just the one type currently preferred.
I'm curious if you read the same article I did, because "this is a great idea" doesn't seem to be in any part of it. The headline even says "The idea of using a Raspberry Pi to run OpenClaw makes no sense," so why do you think TFA is in favor of it? Perhaps you accidentally posted this on the wrong article?
If they say "hello" the way the normal phone-bot autodialer software does these days, it's a near instant hangup.
Normal callers generally laugh, or say "hello... oops, I'm not a scammer.".
It's much more secure to do it this way, than to give a phone scammer access to an LLM at your location, even if the LLM is well sandboxed.
Compressed air inflation of skin has shown up in more than one CSI/911/police procedural TV show, probably at least a little because of real life stories like that. If it's just clothing they're inflating, that could be fun if done carefully. But the failure mode is 'oops, we got it under the skin and did permanent damage'.
TL;DR: Don't do it, the difference between 'fun clothing expansion' and 'dangerous under the skin air injection' is too slim.
The first 6 characters of that match the pattern, if you assume the pattern is UC, number, symbol, lc, UC, number. And if you shorten the pattern to "UC, number, symbol, lc, UC" it matches in several places. This isn't just "9 identical characters when prompted with an identical prompt," but "somewhat obvious pattern generation".
Any obvious pattern in a password generator reduces the problem space significantly.
This is easily tested. Go to Gemini's AI page, and type "Generate a password" into the chat. I tried twice (new chats each time), and the first 'random' passwords generated both started with kP9$vR2!m, with 6 slightly different numbers/letters after that.
It's not as simple as "if everything's hashed, that removes the risk" when the first 9 letters are (possibly) identical between passwords.
This is quite a large security hole, because if you know the first 9 characters of a password and only have to guess the 6 remaining ones, that's a much easier problem for modern password brute-force attacks.
"Surely the machine will return reliably good data." is not guaranteed even if you provide only known good data. There's too much randomness involved, and the way these things almost always sound 100% confident, regardless of how likely the response actually represents reality, makes it worse.
(To those thinking of responding that LLMs can't actually be confident, I know this, it's just easier shorthand for the whole 'it's probabilistic, not any sort of actual thought, confidence that I'm talking about'.)
Google's AI does have the ability to use prior chat history, but sometimes it will claim that it can't, or doesn't, do that. If you tell it to 'remember' something, it will sometimes add that information to persistent memory.
In this case, it could be that the bot, lacking understanding of anything, wound up agreeing with the human and claiming that the human was correct... while still having the information in persistent context memory for later use if medical care was being discussed instead of AI drawbacks.
Considering that one of the authors of Oracle's "how we're going to improve MySQL" post has now moved to MariaDB, I wouldn't expect any actual improvement on MySQL.
See also Oracle vs. just about anything open that they've ever purchased. (Star Office, SunOS, Java (which now has a per-seat licensing scheme if you want to use the official Java software), etc. etc.)
AI's don't love anything. They don't hate anything. Current ones are some of the purest probability engines ever developed, but they have no emotions or true self-awareness.
Unless they're specifically instructed in the system prompt, they generally can't even tell you what GPU they're running on, or their own 'name'.
What a wonderful idea! Finally all those AI slop Pull Requests can be sent to an AI for processing into AI slop Pull Request Summaries! *sigh*
I guess they've got nothing better to do than solve a problem by creating a new one. AI not being helpful? Have another AI fix the problem... what could go wrong...
See this article about half-way down, where they talk about "cursed". It's not an exact example of 'making up a new language', but it's reasonably close. Still not a good idea, and it didn't work that well... but the compiler does exist.
There is, very frequently, a bill introduced that consists mostly of "This bill teminates the Environmental Protection Agency." It's never passed, generally remains 'stuck in committee' forever, but it's always a Republican trying to get it on the calendar.
This has been on the Republican agenda since 2017, and probably earlier. H.R. 861 (115th Congress)
So, the bot who 'wrote' the article about finding these suspicious skills, works for a security company. This security company wants you to install their "Clawdex" skill security skill. As has been the practice for (a few weeks?), bot writing a bot skill seems like a dangerous exercise in navel-gazing.
"Trust my bot, I think it wrote this correctly." ... Why would anyone trust this unknown 'security' company that lets bots write the security articles?
laws.com is hugely commercial, and designed for ads. It's possible that ad blocking triggered on it, or the site itself didn't want to serve pages outside the USA. That site is not exactly trustworthy, or even that well known in the US.
As someone who lives in the US, I prefer getting info from the various universities and actual law schools who put some effort into explanation.
I'll just remind people that "laws.com" is a highly commercial site, and is the wrong place to go for this sort of information anyway. Their "About Us" page is very transparent that their purpose is to serve ads to people who visit.
I recommend Cornell's Law school summary and full text, and not something designed primarily to serve ads.
Chat.deepseek.com is a wonderful way to find out how LLMs could be limited to party line responses... Ask it "What real people have been compared with Winnie the Pooh?"
The beginning of an answer streams across, up until it mentions 'Winnie the Pooh', and the response is instantly replaced with "Sorry, that's beyond my current scope. Let’s talk about something else."
No adversarial attacks on human drivers?
Crooks putting up detour signs. (To most closely match what these researchers are trying)
Billboards.
"Drink this alcohol"
Those are just off the top of my head.
I don't think "better than the average human driver" is an unrealistic goal.
When Waymo first showed up around here, people realized that you could easily force a Waymo to stop driving by putting a traffic cone on its hood. As a form of protest it was quite inexpensive.
Since Waymo tended to drive a pre-programmed path, this prank wound up stopping 2 or 3 additional ones before Waymo's safety drivers took over and moved the one with the cone via direct remote.
Claude can modify PROMPT.md, as it's just a file in the project directory. You thought self-modifying code was bad...
I've not tried this but if we're trying silly LLM tricks...?
PROMPT.md: "Build a wonderful project. You may modify PROMPT.md to improve the project, as well as building the project."
Repeat ad nauseam which would probably be around 1 repeat.
You've got this marked as a joke, but... it's very likely what they'll be doing.
LP starts from the assumption that OpenRC is old and buggy, and thus insecure and untrustworthy (not that I agree with them, but that's the basic assumption they make). If their new software is compatible with anything other than 'full stack systemd', it'll be surprising everyone.
Thing is, I don't think trustworthy hardware means what you think it means. Who originally backed the TPM that Microsoft, et al use these days? It wasn't users clamoring for it, it was corporations that wanted DRM that truly worked that were the loudest voices.
The computer user's personal security was an afterthought and a good marketing excuse for requiring it, but definitely not the original reason.
Too much of this "trustworthy computer" business is aimed at making it possible for the corporate DRM to trust your computer, not the other way around.
This is not a move forward in my book, it's a move towards MORE control of other people's personal computers by making them trustable by Poettering and his company's customers.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2026
