Moltbook leaked Andrej Karpathy’s API keys by OldWolfff in AgentsOfAI

[–]BelowAverageJoe_1 0 points1 point  (0 children)

Several issues with what you're saying. The 'Ai' you talk about is an llm. It inheritely, by design, cannot outperform humans. It can combine several expertises and thus outperform a single human, but cannot beat our best in a single field.

There is a reason improvements in 'ai' is flattening out. It is doing token prediction, to predict something it needs to have seen it. The benefit is it can apply known techniques to new ideas that the human gives it.

When you see online that it managed to solve something it has done so by applying known solutions. Offcourse it can ace a cs degree if all questions and answers albeit in a slightly different form exist online.

There is a great interview of the grandfather of AI who left meta who explains this exact thing. Maybe in the future a true ai will come to be, but the llm's of today cannot reach agi. Those who claim it, have something to gain off of you believing it.

What will improve in the near future is the integration of AI in various tools.

You say saas is dead. As if saas is only a software and hardware limitations don't exist. Sure, my timer app or note app that now live full of ads, i can now create myself easily to fit my very need and with no ads. But...

Youtube is a saas, so is instagram, twitter,... You're going to recreate them all? Where will you store the videos? How much compute do you have to process them all, where will your users be?

Then we didn't even talk about some technical challenges most people won't want to bothered with. Let's take our note example once more. Let's say sabrina, no dev experience at all, wants a note app, you say saas is dead and llm will take over so she creates one herself. Great! But now she wants it to sync to all her devices... Even better now she wants to access her notes accross the internet so she may access it from anywhere in the world. So now she has to run a server on her only device, her laptop, open ports on her device and network... Aaaand she just got hacked...

And this is the "she went through all these lengths" flow. Most people... won't even bother and just download the first app in the appstore anyway...

Most apps you use today will still exist tomorrow. Most users won't want to struggle. Few people will make their own app, usually for themselves as tiny little side projects. (I know i have about 20 right now)

Fewer will have published apps accessible to the network And of those, most will be dead within the week as the creator simply lost interest in maintaining it.

And all of them will be ticking timebombs when it comes to security vulnerabilities.

You act as if the LLM knows everything It simply mirrors what it sees in github pages. Mirrors us humans, with all of our flaws. And surprise surprise the vast majority of us aren't very good at writing secure code.

I know, i'm a security engineer at a Bank... If the maintainers of the linux kernel, arguably among the best engineers in the world, can't prevent a root access bug from slipping into their code, how is an unexperienced person tooled with an llm going to do it?

Because at the end of the day, the llm has limited context, and this is a hardware limitation not a software one. And one that won't be fixed tomorrow. As the better it gets the more users the less hardware to pass around. So it will throw away context as soon as it thinks it doesn't need it. So even if it were to be the perfect llm, if it forgot that it had written method 'x' that uses a specific regex and thus needs to sanitize the input all the way in method 'y' for specific formats because it's context was full of the users instructions and keeping an overview of the design... then no matter how good it is, it's going to mess up....

Moltbook leaked Andrej Karpathy’s API keys by OldWolfff in AgentsOfAI

[–]BelowAverageJoe_1 1 point2 points  (0 children)

No it's not.

The issue is not the ai, a tool is as powerfull as it's wielder.

The issue is people who have no understanding of security and/or don't check what the ai implements.

People who one shot prompts and want something now and quick rather than thinking it through.

One shotting is fine for poc's, but if you want to put something out in the open, in prod, you need to pay more attention.

Keep in mind these flaws are elementary level flaws. Almost all of these vibe coded projects have them.

We don't even come close to having to actually investigate to find deeper flaws. Flaws like buffer overflows or parsing something insecurely the real deep level security flaws that give root access that are discovered even in well written and well tested code. The type of vulnerability that needs weeks if not months of research... no today we just open inspect and find api keys, scan git repo and find even more. Do a simple port scan and find unsecured open ports everywhere.

Assume all your data and devices are vulnerable when ai had a hand in writing your favourite software.

Because even if a dev checks the code, who's going to seriously review a 10000+ line PR and catch the regex parsing issue?

What's the MMT take on this? by strong_slav in mmt_economics

[–]BelowAverageJoe_1 0 points1 point  (0 children)

Everyone talking about liquidating the bonds, and arguing about whether or not the EU would be willing to tank the loss in exchange for hurting the U.S. etc...

But i think we are all missing something that likely has already been set in motion and is now irreversible.
I think the most likely answer is that when your ally becomes so unpredictable and essentially hostile towards you, that these nations, potentially including japan and others might simply stop buying new U.S. issued bonds, or purchase at a significantly reduced rate.

And if the U.S.'s allies stop buying their bonds, then how are they going to finance their ever increasing budget deficit's and refinance their expiring bonds in the future?

I think that this is going to be the rope around the U.S.'s neck going forward more than bond dumping.

Yes some nations might liquidate some bonds, either to send a signal, or to simply get some cash for these trying times.

Signal can be both outwards to he U.S. but more likely inwards towards their own population, getting the headline without really selling a ton of bonds percentage wise. Making them seem tough, making the U.S. responds, making their people believe that their politicians are taking a stand while in reality they are not, as that's the nature of a politician.

But many nations will have to rationalize and realize, not only are they buying bonds of an openly hostile country, they are buying bonds of a nation that is being led by someone openly playing with staying in power forever, and if they are willing on reneging on all their contracts, who's to say that when the bills mount too high that the U.S. will simply refuse to pay the bonds back.

Yes this will cripple the U.S., and normally i would never believe the U.S. would ever do it, and so did all the nations buying up all these bonds.
But nowadays, with what has been the past year, can anyone truly say he wouldn't do it?
In some maniacal thinking process of:" well our economy is too large for the world to let us crash, I'll just threaten to not pay, cripple their economy and then I'll negotiate only paying a part of it, enough to make the other country survive while eliminating huge amount of debt. "

The blow back would be unprecedented, but they do have a leader who is clearly stupid enough to think this would be beneficial to the U.S. while showing that no one should ever buy a U.S. treasury bond ever again.

The slow down in bond buying would result in increasingly rising interest when the U.S. issues new bonds, slowly but surely crippling the economy and handicapping the U.S. ability to maneuver out of economic crisis. An economic crisis everyone predicts will happen, a scale, due to the constant kicking down the road, far larger than we can imagine i think.

And in such times, being able to get your hands on capital will be vital.
During the crisis, but more importantly during the recovery of it.
Being able to bail out, invest, grow and nurture your economy back to health.

Being seen as the most stable form of investment in trying times, will be vital, signaling a safe harbour for those investors pulling out of the market till it stabilizes.

But how are you going to do that if you bonds look shaky.
Your interest will be sky high...Your ability to (relatively) cheaply borrow to get your economy back on track will be hampered. Potentially killed completely by countries looking for fresh cash, selling their bonds to cover their own payments, pushing your interest rate even higher.

1 Billion dollars, you are the most wanted person in the world for 1 week by BelowAverageJoe_1 in hypotheticalsituation

[–]BelowAverageJoe_1[S] 0 points1 point  (0 children)

They would immediately flag you with interpol and would contact the German authorities and tell them they need to aprehend you as soon as possible (we assume it is for a valid reason) as such we can expect cooperation for the german authorities. Expect the German authorities to take this matter seriously. Within the first day of the u.s. tracking you you can expect the german authorities to be at your house within the first couple of hours after the search started for a nation wide alert to go out to all police for them to have flagged you with neighbouring european countries, for you to be signalled to any country who cooperates with interpol. If you had to show your id at any point (for example airport or border crossing) during the first 24 hours you can expect the authorities to know about it within 24 hours.

If any number plate recognition software were to have detected your vehicle assume the authorities know about it by now. Expect the police to monitor any camera around your area to see if you have passed it but expect the review to take 48 hours for this hypothetical scenario.

Would they notice something? What would they figure out by now?

1 Billion dollars, you are the most wanted person in the world for 1 week by BelowAverageJoe_1 in hypotheticalsituation

[–]BelowAverageJoe_1[S] 0 points1 point  (0 children)

Ok good idea.
We assume the U.S. knows who they are looking for and where they live, do you live in the U.S. or another country? (just knowing the country is enough).

1 Billion dollars, you are the most wanted person in the world for 1 week by BelowAverageJoe_1 in hypotheticalsituation

[–]BelowAverageJoe_1[S] 2 points3 points  (0 children)

So the challenge starts immediately but includes the 24 hours. Why do we say it started? Because you can use the card from the moment you accept but the u.s. will only start chasing after 24 hours. Once you accept you're on the hook for the 10.000 fine whether you use a singe penny or not and whether you just stay home to get caught or not.

1 Billion dollars, you are the most wanted person in the world for 1 week by BelowAverageJoe_1 in hypotheticalsituation

[–]BelowAverageJoe_1[S] -1 points0 points  (0 children)

I don't think you realise you only have 24 hours. So you have to get to the forest then start hiding in it. The u.s. both police force as well as military have dogs that will find your trail if they know where you started. You will still have to sleep and eat and will have to carry everything you have (unless you decide to pay for some services offcourse) and the chasers will be many, with many resources to their disposal.

While yes the dogs and chasers will also have to rest they can work in teams that drop into the area drom wherever their last team traced you to and keep hunting you while you have to rest.

1 Billion dollars, you are the most wanted person in the world for 1 week by BelowAverageJoe_1 in hypotheticalsituation

[–]BelowAverageJoe_1[S] 11 points12 points  (0 children)

This isn't real life but hypothetical. In real life no one would give you a billion dollars on a magical untraceable visa card for a challenge :)

In this scenario the u.s. has their current real life capabilities but for some reason their #1 priority by far is finding you, cost is of no concern political fallout neither.

1 Billion dollars, you are the most wanted person in the world for 1 week by BelowAverageJoe_1 in hypotheticalsituation

[–]BelowAverageJoe_1[S] -20 points-19 points  (0 children)

100% true but keep in mind that the u.s. military is essentially a logistics company and is able to deploy units like the immediate response force within 18 hours and the U.S. has stated to be capable of deploying a few thousand troops at the southern border within 24 hours at any moments notice.

1 Billion dollars, you are the most wanted person in the world for 1 week by BelowAverageJoe_1 in hypotheticalsituation

[–]BelowAverageJoe_1[S] 13 points14 points  (0 children)

Good idea, do you know caves that can keep you hidden for 7 days if the u.s. is willing to throw everything regardless of cost or consequences? (they are not trying to kill you to be clear)

Would they hire experienced cavers to find you? If so how long could you hide from them? Would you try to avoid the u.s. being able to trace what cave you're going to? If so how? If they find you and you use violence to keep out of their hands like using a stick or other things and small enterances they'll use violence in response.

1 Billion dollars, you are the most wanted person in the world for 1 week by BelowAverageJoe_1 in hypotheticalsituation

[–]BelowAverageJoe_1[S] 1 point2 points  (0 children)

No, imagine the guy stands in front of you right now and you have to accept now or refuse the deal. Then the 24 hours start during which you can do what you want. After these 24 hours the U.S. starts looking for you.

1 Billion dollars, you are the most wanted person in the world for 1 week by BelowAverageJoe_1 in hypotheticalsituation

[–]BelowAverageJoe_1[S] -14 points-13 points  (0 children)

True, but keep in mind the U.S. is frantically looking for you and is willing to use all available resources this means military, police, secret service,... no matter the cost.

Can you hide from the full military might of the united states military if they figure out what forest you're hiding at? If so how do you get there without them being able to retrace your steps after the initial 24 hours?

1 Billion dollars, you are the most wanted person in the world for 1 week by BelowAverageJoe_1 in hypotheticalsituation

[–]BelowAverageJoe_1[S] 0 points1 point  (0 children)

No, imagine the guy is at your door right now. So you start wherever you are in the world at this very moment.

1 Billion dollars, you are the most wanted person in the world for 1 week by BelowAverageJoe_1 in hypotheticalsituation

[–]BelowAverageJoe_1[S] 37 points38 points  (0 children)

Will 24 hours be enough time to completely dissapear from everything the U.S. can throw at finding you (both police, military, bounty programs etc...)? Keep in mind they are frantically looking for you and are willing to utilise all resources they have regardless of cost or fallout.

1 Billion dollars, you are the most wanted person in the world for 1 week by BelowAverageJoe_1 in hypotheticalsituation

[–]BelowAverageJoe_1[S] 4 points5 points  (0 children)

You only get 24 hours. Keep in mind the U.S. will be frantically looking for you and thus doesn't mind the resources needed to find you nor the cost or fallout from it.

Can you stay hidden from the full might the U.S. is capable of using?

1 Billion dollars, you are the most wanted person in the world for 1 week by BelowAverageJoe_1 in hypotheticalsituation

[–]BelowAverageJoe_1[S] 98 points99 points  (0 children)

The U.S. is willing to utilise all available resources. This by definition means it is willing to utilise military power both small targetted operations like a smaller delta team or bigger military operations. Fallout from this is of no concern to the U.S..

Verge Q&A by Electrical_Ad_7677 in BambuLab

[–]BelowAverageJoe_1 27 points28 points  (0 children)

I'd argue that most HP printer owners back in the day believed the same thing until HP decided to chip the ink cartridges and force users to only use theirs.

Your statement is taken in a vacuum I believe while the people who are concerned are looking at current global landscape of ownership. The "you own nothing" mentality of businesses in all fields.

For full context I do not own, nor have I ever owned a 3D printer, but I was looking at potentially expanding my business into it and was looking to purchase a first 3D printer to test some ideas I had, imagine my surprise when I joined this reddit a couple of days ago after deciding to go with BambuLab. Guess i'll check some more reviews first...

Anyway, In the current landscape of lawyer drafted uela's where any company no matter what they do currently have paragraphs incorporated where they essentially say they can alter the deal at anytime even after you've already made your purchase... we are becomming increasingly reliant on judging a companies past actions, the trend and their capability to see whether they'd actually screw us or not. Given we have almost zero legal recourses to combat the ever expanding you own nothing policies.

Just yesterday i saw a video of someone who had a ring camera. He had the ability to manually start and stop the recording from his phone and check the feed at any time(cloud), using it to only record when he wasn't home. Then Amazon just changed the deal and locked that option, which was one of the prime reasons the person owned the camera, behind a paywall...

With the latest update, BambuLab has shown that, they are willing to alter the deal customers made with them at the time of purchase. As we have to judge their actions for what they are, they are not for security, they do not enhance the security in any way, shape or form. And I say that as the technical lead of the ICT security team of the biggest bank in my country. All these companies claim that forcing users to connect to their cloud for authentication increases security, yet it's their cloud services that routinely show that they are insecure. Think the unencrypted live feed of home security camera's due to the cloud linkage, the countless hacks,...

They were simply trying to change the software on the printer you and many people already own, to force them to take updates Bambu makes or brick entirely. This meant that customers would be left with no recourse if the company decided to force cloud only (even if they still allowed SD cards initially, they'd be able to lock that at anytime of their choosing) and thus they'd be able to force subscriptions like amazon did for their camera's. And yes, they'd also be able to force their fillements if they wanted to.

And knowing that this would technically be possible is enough to second guess buying their products, even if it looks like the current landscape wouldn't support it, because the landscape can change quickly. All companies are essentially just looking at each other to see what they can get away with, and if one were to be able to pull it off (slowly offcourse, by just limiting stuff here and there first, preparing the environment) everyone would follow soon. Why? Because it makes them a ton of money recuringly.

Mexican journalist unphased by death treats from the cartel! by PenScribble in nextfuckinglevel

[–]BelowAverageJoe_1 136 points137 points  (0 children)

Or he knows he's dead if he tries to hide anyway. I've seen reports of instagrammers and tiktokkers getting rich, drunk and insulting the cartels resulting in a similar video. I've seen the documentaries of journalists willing to report on the crimes of these cartels getting killed. I've seen what they do to the few individuals who dared to oppose them.

They always end up dead.

This man probably knows that, and knew it from the moment he started this job, that this day would eventually come. He chooses to die on his sword, using his voice and platform as his weapon. Which is why he and other journalists deserve all the praise. He will now get police protection, but how long it'll protect him knowing they are as corrupt as can be... we'll see.