This stuff has been brewing for years, but since technically you could fix all instances with minimal StackOverflow downtime [1] and a slightly different pattern, few people worked on either using engines with data structures less prone to the worst case or adding the generic workarounds for those that have them.
e.g. in cPython, until 3.11, there was no support for atomic grouping (roughly translation: "never backtrack inside of this expression"). There is little useful advice a linter can give, if there is no predictable-runtime way to express what you want within a single match step, because you really do want to unwind the stack and check for repeats (just without any of the exponential runtime stuff, please).
Nuclear weapons… somewhat complicated to build and complicated to maintain, mass-produce, transport, smuggle, hide, and use.
Models on the other hand are just software. You can download Fable / Mythos / Praxia / Concordicon and hide a copy in your shoe. You can make two copies even! One per shoe!
We have lived through decades now of the glorious open source revolution so it’s easy to forget about a different time, in the 1990s, when a black market in CDs jammed full of cracked, slightly off branded copies of Windows / Photoshop / Corel / Office, etc. was all the rage.
Execution isn’t trivial. If anything should be controlled like nuclear weapons, again like the 90s, it ought to be compute hardware. I’m not sure it should.
Not only that, but it also relies on assumption that everything that LLM does cannot be factored into small reasoning core (something like Lean or Prolog, but in more modal/fuzzy logic) plus knowledge base (like Wikipedia).
It then raises a question, which of these two is really the precious thing. (Although there could be a 3rd thing, a memoization of some shortcuts, like tautologies in logic.)
“If you feel jealous, talk about it, then we’ll figure something out”
In which one of the children wants the other one’s cool toy so the parent’s response is to encourage them to ask for it to be shared. Except they aren’t siblings and it’s the mom from the other family teaching their own jealous kid to go ask.
How about this?: Back off cat family, you fair weather commies — that’s Daniel’s bubble wand, not yours. At least share some of your own crap before asking for someone else’s:
”If you feel jealous: shut the fuck up, you can’t just have someone else’s stuff nor should you feel entitled to guilt them into sharing it just because you asked nicely.”
I mean Daniel Tiger in general just makes me cringe, it's just so extremely American. Absolutely zero stakes, all problems are resolved perfectly within literal seconds. Nothing is left "unfinished", never dares to leave the conflict unresolved for any meaningful amount of time. It's just such a stark contrast to, say, Peppa Pig, where the message is basically always some form of "shit is going to happen, find ways to deal with it." In DT, it is more of a papering over. Almost gaslighting. DT is not allowed to be upset that his birthday cake gets completely smashed? What? That is a healthy and normal response.
I agree with the "extremely American", but the not getting upset is just also an extremely American adoption of elite mannerisms at all levels of society. Publically showing emotion is considered vulgar and low-class in many cultures.
All cultures have an elite segment. Elite segments are comprised of individuals who are generally well in control of their emotions and reasonably afraid of individuals who cannot control their emotions.
Interesting point about class signaling, but it doesn't explain Peppa Pig (or Bluey) showing a more healthy approach to teaching emotional regulation. The English certainly value that same kind of behavior after all.
Kids learn really fast that they can't just act out with their peers for fear of rejection by the group. It's extremely strong and parents need to teach the other half of it, dealing with negative emotions WITHOUT acting out. I feel like DT does a disservice here.
If so, it's a failure to uphold Fred Rogers' original ideas. He aimed to teach kids how to handle anger, frustration, and other negative emotions by finding safe outlets, not by suppressing them.
It’s a very cool place to visit and there are a bunch of other similar houses to visit in the city, albeit less McMansiony than OG 7G, as literally no one calls it hah.
On the one hand you have a technology product that’s only relevant to rural consumers. Nine out of ten people have cable already.
On the other hand your margins are amazing because all you do is fly little boxes over everyone’s heads launched with government subsidized rockets. No linemen or plant-hire or contractors to sap your profits.
The biggest threat would be commoditized terrestrial wifi / 5G. The more cell service competition there is, the smaller the market for satellite, until it’s only applicable to 1% of the population (and the poorest 1% at that.)
More like 8.2 out of ten. Either way the remainder is still a pretty decent market. And that's just talking about people in the USA. About 75% of Starlink subscribers are outside the USA.
> and the poorest 1% at that
Not by a lot. People who live in remote areas in the USA tend to have much less money overall, but they tend to spend much less money overall, leading to a similar amount of buying power. Someone who lives remote is more likely to own their home outright or have a relatively small mortgage. Their socio-economic status can appear numerically depressed because the numbers generally don't account for non-monetary consumption. (You got paid a salary and bought salmon from the supermarket. Remote dude fishes for salmon in a local stream. You both traded your time for salmon, but remote dude's salmon is invisible to GDP statistics.)
And furthermore, for them, Starlink would be budgeted for like an essential service rather than a luxury convenience.
> Starlink would be budgeted for like an essential service
As someone who has lived and worked remotely for the bulk of time since 1960 or so, it's not essential ipso facto; myself and most of the people I know have somehow managed to survive sans this supposedly essential service for 60 odd years (since 1935 in my fathers case, he's not dead yet).
Its more compelling use case is a relatively cheap way to integrate vehicle GIS data across four to ten thousand hectares or so (ten thousand to twenty five thousand acres) for farming, mining, exploration, etc.
Globally, its not especially attractive for non civil applications (military use, etc) as it creates a reliance that can have a plug pulled at the worst moments.
You are correct that it's not something any military can/should rely on for any future conflicts.
That doesn't make it useless though. Ukraine certainly finds Starlink attractive for military use. Despite all the misleading headlines and de-contextualised quotes, SpaceX has been reliably on Ukraine's side of the conflict and has been an essential communications fabric for both military and civilian.
Just throwing it out there, Im a Verizon customer in the Tri-State Area and I frequently lose service on the train or bus on my way to the city. It's more than just a 'rural issue'. I looked into getting a StarLink plan for my commute until I realized logistically, at best, I'm a freak sitting next to the window with a satellite dish on the train.
Yeah i'm no fan of Elon but starlink is actually quite useful. It solves a real problem - I need network access anywhere on the globe, for any reason, at any time. they can easily charge what they wish for that (military, air travel, desert tourists etc.)
Native toolkits would use a modal window to make an important announcement. The window would not be resizable and would be dismissed with an “OK” push-button.
The presence of min/max/close buttons on the title bar just shows how out of touch this government is with the modern* world of computing!
The girl is even using a phone. What’s it running? Windows 3.11? macOS 9? FVWM95?
…the signature included the depth measured by the autofocus system across the image?
…or a tiny stereo image was included to capture depth?
…or a mini video in the ten seconds before and after the photo was taken?
…and the key is in a tamper proof HSM?
…and the key is deleted the moment the camera detects the case being taken apart?
I know that it is a losing battle to try to build such hardware when offline attackers have essentially infinite time to dismantle even the most elaborate systems — no such thing as an un breakable safe, only how long it takes to break into it, etc — but I feel these are valid counter measures, are they not?
I agree. Yes, these are not foolproof, but damn does it make it harder. It means that a random lone wolf using some random AI is not going to find it easy.
I would add a few more measures:
* Keys are regenerated for each device in the charging dock and are only valid until next recharge or a timeout.
* There is a sign-out process for the cameras that ties them to the operator.
* Police officers have no control over when the camera is recording, the camera instead controls this.
* Lower resolution data is streamed and synced to a cloud in real time, along with interesting data such as GPS, local BT/WiFi devices, etc.
As for privacy, British police are using more and more evasive camera technology out in public spaces, it's about time they were forced to wear it themselves. I want even the pencil pushers in the offices to be forced to wear it.
> the signature included the depth measured by the autofocus system across the image?
> or a tiny stereo image was included to capture depth?
These systems work by having multiple sensors to use for depth perception, so enterprising hackers write software to create two images, one for each sensor, and put some kind of lens or mirror in front of the camera to direct a different image/screen to each sensor.
The problem is fundamentally that the device is taking unsigned analog attacker-controlled input and then signing it, and is being mass produced. So whatever you're having it do, they put something that generates the same photon pattern in front of the device and you can't fix that with cryptography.
You can probably make it so that a cheap camera needs a few hundred dollars in optical glass or similar, and expensive camera needs a few thousand dollars worth, but it's hard to see how you could make it infeasible to anyone with non-trivial resources and it's also easy to mess up even worse and make it practical even for anyone with a computer and a high resolution screen or two.
> or a mini video in the ten seconds before and after the photo was taken?
Which does what if nothing in the image is expected to be moving, or the thing you're pointing the camera at is a screen rather than a piece of paper?
Also, now to verify the signature on your 50kB image you need a 2MB video? Then by default people won't distribute images that have the ability to be verified.
> and the key is in a tamper proof HSM?
Someone figures out a timing attack on the HSM or similar and now you can extract the keys from every device of that model. Happens over and over, the chances of every device getting this right are essentially zero.
> and the key is deleted the moment the camera detects the case being taken apart?
They get multiple cameras of the same model, take one apart to see how the detection works, then having figured out how it works, take the other one apart without triggering it. Or they extract the key without ever removing the case.
Also, now your phone is going to delete its keys when you remove the case to replace the battery or a cracked screen etc., or if the detection system has a false positive? Then you need some way to transfer new keys to a thing that hasn't got any, which is an even worse attack vector than not deleting the keys to begin with.
It's obviously a loosing battle. You're thinking of elaborate attackers, I'm thinking of your common policeman or scammer. Not great security, but might be able to solve the easyness problem introduced by GenAI.
Out of curiosity, what would be your proposal for identifying GenAI images and videos? Any suggestions?
But also what about .. Even now there is a range of forensic tech that can be used to statistically indicate if an image has been doctored, or generated, wouldnt't adding more and more real world data to the capture increase the bar for doctoring, so that only attackers with infinite resources can do it? At least it would stop Bobby Rotten from doing it.
I’ve done a short deep dive on this, for some cases that possibly would have went court. The tools we have today don’t reliable indicate if an image was doctored necessarily. Most open available scoring and tools like VAAS, DIRE, and Sherloq are decent today. Figuring out if an image that has been doctored, especially with solid proof, is only reliable if the image has metadata to prove it. If they export it to another format or screen capture it and the metadata is lost, it is purely still a guessing game.
The big difference between left and right is that leftish politics are based on everyone being equal, and rightish politics accept that some are more equal than others.
It’s not such a terrible tension to live with. We can have, say, equal rights to life while also allowing unequal rights to gold nuggets. You might have more gold nuggets than I do but we both have the right to live in peace.
The far ends of the spectrum though involve, respectively, redistribution of gold nuggets to all, and at the other end a commitment to survival of the fittest that extends to viewing any kind of market regulation as commie bullshit.
Haven’t we learned by now that software is a commodity, and that revenue only comes from unique products and services?
On the one hand someone will subscribe $4.99 a month for TODO.app or calendar.com because they are paying for a solo dev or a small team to work on constant development and improvement of products filling a particular niche.
On the other hand, Linux, Django, PyTorch, React, Zed, Helix, Postgres, Arch, Chromium, Firefox, Rust, Python etc. ship continually improving, solid pieces of enormous infrastructure for free, to be used freely by all, off the back of hundreds if not thousands of active core developers. These projects and large and complicated. They are also commodities.
Then, ahem*, on the final hand there are of course Windows, Office, Adobe, macOS and iOS, et al which span both categories: monster projects that are also commercial and also commodities and yet they have hooked themselves into the world in such a way that most folks gotta pay for ‘em.
LLMs feel like they want to be in the same category as the OSs of yesteryear, with all the fanfare of major release versions named like 95, 98, 2000, XP… or like Leopard, Tiger, Yosemite, Sequoia. The training and evaluation pipelines might feel like they fall into those categories, but the models themselves — after all, distillations of someone else’s public or private IP — do not.
”In 1991, the United States Supreme Court in Feist Publications, Inc. v. Rural Telephone Service Co ended a seventy year struggle among federal circuits concerning copyright protection of factual compilations. Prior to this decision, courts allowed copyright protection for works if the compiler labored over his project, whether or not the work involved originality or creativity.” **
It might seem like a trivialization, but aren’t LLMs just telephone directories? Except instead of phone numbers of a public phone system they contain weights of a mind that’s read a public library? Such works might or might not be proprietary based on “sweat of the brow” copyright laws.
.jpg#mw-jump-to-license){kind=link}
(a) add a new function that does regular expressions searching / matching with a resource checker (eg a timer);
(b) write a local linter that reports an error for any use of the builtin regular expression tools;
(c) fix all the lint warnings;
(d) commit the linter.
reply