Spedwell @ Spedwell @lemmy.world

Posts

0

Comments

122

Joined

2 yr. ago

It's not really stupid at all. See the matrix code example from this article: https://spectrum.ieee.org/ai-code-generation-ownership

You can't really know when the genAI is synthesizing from thousands of inputs or just outright reciting copyrighted code. Not kosher if it's the latter.

Just curious, where does the Anti Commercial-AI bit come from? The page linked does not include that term in the title or summary, and from what I understand of the legal situation it wouldn't make a difference to explicitly mention AI.

I get that there are better choices now, but let's not pretend like a straw you blow into is the technological stopping point for limb-free computer control (sorry if that's not actually the best option, it's just the one I'm familiar with). There are plenty of things to trash talk Neuralink about without pretending this technology (or it's future form) is meritless.

The issue on the copyright front is the same kind of professional standards and professional ethics that should stop you from just outright copying open-source code into your application. It may be very small portions of code, and you may never get caught, but you simply don't do that. If you wouldn't steal a function from a copyleft open-source project, you wouldn't use that function when copilot suggests it. Idk if copilot has added license tracing yet (been a while since I used it), but absent that feature you are entirely blind to the extent which it's output is infringing on licenses. That's huge legal liability to your employer, and an ethical coinflip.

Regarding understanding of code, you're right. You have to own what you submit into the codebase.

The drawback/risks of using LLMs or copilot are more to do with the fact it generates the likely code, which means it's statistically biased to generate whatever common and unnoticeable bugged logic exists in the average github repo it trained on. It will at some point give you code you read and say "yep, looks right to me" and then actually has a subtle buffer overflow issue, or actually fails in an edge case, because in a way that is just unnoticeable enough.

And you can make the argument that it's your responsibility to find that (it is). But I've seen some examples thrown around on twitter of just slightly bugged loops; I've seen examples of it replicated known vulnerabilities; and we have that package name fiasco in the that first article above.

If I ask myself would I definitely have caught that? the answer is only a maybe. If it replicates a vulnerability that existed in open-source code for years before it was noticed, do you really trust yourself to identify that the moment copilot suggests it to you?

I guess it all depends on stakes too. If you're generating buggy JavaScript who cares.

We should already be at that point. We have already seen LLMs' potential to inadvertently backdoor your code and to inadvertently help you violate copyright law (I guess we do need to wait to see what the courts rule, but I'll be rooting for the open-source authors).

If you use LLMs in your professional work, you're crazy. I would never be comfortably opening myself up to the legal and security liabilities of AI tools.

I don't believe that explanation is more probable. If the NSA had the power to compell Apple to place a backdoor in their chip, it would probably be a proper backdoor. It wouldn't be a side channel in the cache that is exploitable only in specific conditions.

The exploit page mentions that the Intel DMP is robust because it is more selective. So this is likely just a simple design error of making the system a little too trigger-happy.

Wow, what a dishearteningly predictable attack.

I have studied computer architecture and hardware security at the graduate level—though I am far from an expert. That said, any student in the classroom could have laid out the theoretical weaknesses in a "data memory-dependent prefetcher".

My gut says (based on my own experience having a conversation like this) the engineers knew there was a "information leak" but management did not take it seriously. It's hard to convince someone without a cryptographic background why you need to {redesign/add a workaround/use a lower performance design} because of "leaks". If you can't demonstrate an attack they will assume the issue isn't exploitable.

This is demonstrably wrong. The 30% cut is standard because Steam has used the same strategy as Amazon to fix prices across the market (a "Platform Most Favored Nation" clause—see the Wolfire Games v. Valve class action, specifically items 204 and 205 on pg 55). Competing storefronts cannot undercut Steam, so why would they take less than a 30% cut?

Epic Games Store—which is trying to undercut steam at a 12% fee—still list games at the same price as on Steam because of Valve has strongarmed publishers into fixing the prices. If Epic is charging 18% less but Valve is stopping publishers from reducing the game cost by that much, how is that not blatantly anti-competitive and anti-consumer?

enshitifies

Oh good, you are familiar with Cory Doctorow. He has an article on how Amazon abuses their position using the exact same playbook Valve uses.

I said no such thing. Please come back to this later with a fresh mind, and remember how wrongly you interpreted what was actually said for the sake of trying to fire off a quick response.

But if you'd rather disengage altogether then it is what it is. Cheers.

You have to have never seriously engaged with the details of the Valve monopoly if you think that's what we are upset about.

We know Steam is an amazing storefront—I buy my games there because it's the best experience for the cost. But Steam charges a premium. And despite taking smaller cuts, competing platforms like Epic cannot actual pass those cost savings to consumers because Valve is strongarming game publishers into fixing prices.

Yep. Because honestly, Steam is better than Epic in almost every way. When you want to buy a particular game X, you get a lot more from your purchase if it's on Steam (workshop, friends, multiplayer, etc.). There is strong inertia and network effects that keep us all preferring Steam.

Epic can't compete with the Steam experience. But if Epic was able to list everything 18% cheaper (the difference in fees between Epic and Steam)—then they would rightly be able to compete on price.

"Platform Most Favored Nation". It's a type of clause in platform/marketplace agreements that prohibit a seller from listing their product for a lower price on a different sales platform. Specifically, it prevents selling on a different marketplace with lower fees (e.g. Epic Games or a publishers own website) and passing the difference as savings to the consumer.

CSGO cases pulled $1 billion revenue in 2023. The steam store brought in $8.5 billion in that same year. That's a 30% cut of all sales traffic on steam vs. in-game loot crates on a single title.

Loot boxes pull insane numbers. And yes they exploit children and problem gamblers. Love to see so many Valve fans downvote you :/

Sigh... I'm getting tired of the Valve apologetics in every thread. They make good products, yes. They also abuse their market share to implement anticompetitive policies. The first doesn't absolve them of the second.

Truth is, no one has any idea what it would look like if there were actual competition among the PC games platforms. Steam may be the best possible world, or maybe we don't know what we're missing.

To learn more about Steam's anticompetitive practices:

• See the complaint from the pending class action case Wolfire Games v. Valve (at a minimum items 204, 205 on pg. 55) for how Steam's PMFN clause affect publisher pricing.
• See Cory Doctorow's Amazon's financial shell game let it create an "impossible" monopoly as a starting point for how a PMFN affects the market unfairly and harms the consumer.

Ya know, all perfectly fair.

Good choice on reddit. As much as I love a good 'ol sneer, there's a lot of jargon and clowning to wade through. There are a lot of genuinely solid critiques of his views there, though.

I appreciate you doing your due diligence on this, but I'm not really sure where to keep this discussion going. I still stand by my original comment's warning. Reading Siskind is probably not going to corrupt an unassuming reader to immediately think XYZ bad thing. His writings tend to be very data heavy and nuanced, to his credit.

Is he Hitler 2.0? No, far from it.

But he shares a set of core assumptions with the other ideologies, and the circles between his community and the other communities have large overlap. If you start with one, it's likely you encounter the other. If you start to think like one, it's a small jump to start thinking like the other. (From experience).

In my opinion, anyone encountering Siskind for the first time is well-served by an understanding of TESCREAL—which they are likely to encounter in either his posts, its comments, or linked material—, and its critiques—which should help them assess what they encounter through a critical lense.

That's more or less what I wanted to give caution about, which may or may not have come across correctly.

(Not that his stuff is entirely innocent either, but beside the point)

I understand, a good instinct to have. Unfortunately I have read so much in such a piecemeal way I cannot really compile a specific list. But I can point you to where "evidence" can be found. I don't expect you to read any of this, but if you want to evaluate Alexander's views further it will help:

• The New York Times did a piece on him that does a good job outlining Alexander's ties to and influence on Silicone Valley. Probably the best actual piece of journalism on him.
• There used to be a reddit community (/r/SneerClub) that would read his (mountainous, as you point out) posts and pull out errors and misteps to "sneer" at, but that's been dead since the API revolts. The old posts are still up. Basically you had a club of people that spent years finding (cherry-picking, mind) the juicy bits for you.
• You may find some passing reference to Alexander is one of Émile Torres's articles or interviews on the subject of TESCREAL, but probably nothing substantial.
• If you spend time on communites like LessWrong and the EA Forum, you will see heavy reference to and influence from Alexander's writing among members.

A lot of what I say comes from my experiencd spending way too much time following these socisl circles and their critics online. Unfortunately, the best way I know to see for yourself is to dive in yourself. Godspeed, if you choose to go that way.

Edit: of course, reading his work itself is a great way , too, if you have time for that.

The example is pretty standard, but I feel obligated to caution people about the author (just because he's linked to here and some unassuming people might dive in).

Scott Alexander falls loosely under the TESCREAL umbrella of ideologies. Even in this article, he ends up concluding the only way out is to build a superintelligent AI to govern us... which is like the least productive, if not counterproductive, approach to solving the problem. He's just another technoptimist shunting problems onto future technologies that may or may not exist.

So, yeah, if anyone decides they want to read more of his stuff, make sure to go in informed / having read critiques of TESCREALism.

Her manner of speaking reminds me of the sermons you get at 'modern'/nondenominational churches here in the south. Just the way phrases are timed, the intonation, the need to make every minute factual statement sound emotionally profound...

I have to wonder if she is consciously trying to speak in that way. I don't know why they would think that was a good approach for a political speech lmao. It's just so bizarre I can't actually process it.

You're not idolizing Tyler Durden, are you? Because you shouldn't idolize Tyler Durden.

Additionally, there's the usability hurdle of interacting with non-home instances from outside mastodon. If I pull up someone's blog and click the little mastodon social media icon, it may very well link to mastodon.world. If my home instance is mastodon.social, now I have to launch into my own server, search up the account, and then begin interacting.

It's trivial to do but it is an extra step, but for your less-tech-literate friends and family it can be a point of confusion. Mastodon handles federation great in-ecosystem, but the broader web is still going to treat each instance as a different site.