Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Comment Re:The comments on it's size are interesting. (Score 1) 14

The implication that these bots can be scaled down to run fine on a phone means that maybe we also get something like "Freedom Bot, Expert on the Constitution." or "Liberty Bot, who helps you fight censorship". Ie.. things the majority of current West-coast tech moguls would be horrified by. If the barrier for entry is lower in terms of code and infrastructure, then it's reasonable to expect a diversity of opinions to emerge in terms of the political leanings of these things. Because of their extreme bias, I'm not willing to listen to the current crop of bots, but maybe the next gen will have more political clue. Here's hoping. I'm okay if I've gotta side-load it or compile it out of pkgsrc. I'm not okay being lectured on progressive politics by ChatGPT or Gemini.

Thankfully the vast majority of the computing effort goes into pretraining. Censorship and vendor instilled bias applied on top especially in smaller models is relatively easy to undo. Give it a few weeks and I'm sure there will be tons of tweaked versions on huggingface with much of the brain damage removed.

Comment Re:Isn't that unconstitutional? (Score 1) 45

What is it about any "foreign adversary controlled application" that you don't understand?

You tell me, the term is defined in the text of the bill. What don't I understand?

(3) FOREIGN ADVERSARY CONTROLLED APPLICATION.--The term "foreign adversary controlled application" means a website, desktop application, mobile application, or augmented or immersive technology application that is operated, directly or indirectly (including through a parent company, subsidiary, or affiliate), by-
 
(A) any of--
(i) ByteDance, Ltd.;
(ii) TikTok;
 
(iii) a subsidiary of or a successor to an entity identified in clause (i) or (ii) that is controlled by a foreign adversary; or
 
(iv) an entity owned or controlled, directly or indirectly, by an entity identified in clause (i), (ii), or (iii); or
 
(B) a covered company that--
 
(i) is controlled by a foreign adversary; and
(ii) that is determined by the President to present a significant threat to the national security of the United States following the issuance of--
 
(I) a public notice proposing such determination; and
(II) a public report to Congress, submitted not less than 30 days before such determination, describing the specific national security concern involved and containing a classified annex and a description of what assets would need to be divested to execute a qualified divestiture.

That some companies are on the list to begin with is not unusual, and the president can add or remove companies to and from the list.

While I'm no lawyer I do have some experience with logical operations. If A is always true then it is not possible for 'A OR B' to ever evaluate to false. So no the president cannot in fact remove companies from the list.

The fact congress specified one specific company and has an entirely separate regime for adding any other companies means the company they added was singled out for special treatment not applicable to anyone else.

It would be one thing to create a TikTok bill and never mention TikTok but when you have materially different inclusion criteria for one named organization that isn't treating everyone the same.

Comment Re:Thought once... then thought again. (Score 1) 115

But then it occurred to me that one of us has access to polonium, and possesses both the willingness to deploy it, and the people to make it happen in other nations... these circumstances are not equivalent!

Polonium is readily available:
https://amstat.com/products/an...

Comment Re:This makes sense (Score 1) 74

Bing Copilot uses web searches to populate the context (assuming the web search can find the CVEs).

Bing Copilot is not relevant, it was not used.

This research used the API (or some other mechanism) to populate the context. Both have the same result. Neither approach requires the model itself to be current.

The point isn't that model had access to the CVE it's that it was able to create an exploit using it.

With a model that predates the knowledge of CVE the expliot itself is unlikely to be contained within its training set therefore the work to derive an exploit would have had to be carried out by the model.

CVE descriptions contain information about a problem and are often intentionally vague. They normally would not reveal how to perform the exploit. That you have to investigate yourself by diffing old and new versions of source code or scrutinizing the code or probing system based on provided hints contained in the CVE description.

Comment Re:Isn't that unconstitutional? (Score 1) 45

No it's not. The law applies to ALL foreign companies owned by foreign countries on a list of hostile nations.

The text of the bill literally singles out ByteDance, Ltd and TikTok by name as foreign adversary controlled applications.

"FOREIGN ADVERSARY CONTROLLED APPLICATION.--The term "foreign adversary controlled application" means a website, desktop application, mobile application, or augmented or immersive technology application that is operated, directly or indirectly (including through a parent company, subsidiary, or affiliate), by--

(A) any of--
(i) ByteDance, Ltd.;
(ii) TikTok;
"

The only other way provided for in the bill to get this designation is POTUS determining there is a significant threat to the national security of the United States.

Calling out a company by name exposing it to a different standard than all others does not strike me as upholding equal protection. You can argue the constitutional protections don't apply to foreign corporations despite the US nexus... yet clearly TikTok is very much being treated differently.

Comment Re:But ... (Score 1) 74

narcc has some point. If you know that your processor has access to only 640 kB or RAM then there is a limit on what kind of programs you can run.

The ultimate capabilities of a model is not merely a function of model size because these systems (especially /w agent based augmentation including long term storage and model directed tool use) are able to decompose problems, leverage the outcomes of previous computations and direct external processing.

LLMs are not Turing complete in any limited way until the output is used also as a temporary scratchpad.

LLMs have been demonstrated to be Turing complete.
https://arxiv.org/pdf/2301.045...

There is no such thing as a Turing machine in the real world as it requires an infinite tape which is not physically possible. You can only ever create a machine capable of acting on an external memory of infinite extent.

Or to put it in different terms try executing a Turing machine to do basic arithmetic in your head without a paper and pencil and let us how that goes.

LLMs need some serious tweaking to serve as a base for an efficient AGI.

Nobody is talking about AGI.

Comment Re:This makes sense (Score 1) 74

Your own quote makes it clear. "When given the CVE description, GPT-4..."

GPT-4 is already pre-trained. "Pretrained" is literally the P in the name GPT. They used GPT-4, *combined with* the CVE descriptions. They didn't alter the training of GPT-4, 3, or the other models. If they altered the training of GPT-4, it would no longer *be* GPT-4, but a modified version of GPT-4.

It is obvious from the description CVE descriptions were uploaded into the context as I said earlier. "From the paper I assume the advisories were uploaded into the models context" Context is roughly similar to a short term memory. Context doesn't change or augment the weights of the underlying model in any way. It is basically just part of the chat log / "prompt" transmitted to the model.

Bing Copilot searches the internet to find documentation. This study provided the documentation via API. It's exactly the same thing, just different document sources fed into the API.

Again the API does not have the ability to search the web. The agent may well be doing that for all we know... they don't say... but the API itself is NOT the same thing as Bing search and does NOT have access to search the web.

Comment Re:But ... (Score 1) 74

What gets me going are comments that seem to completely ignore the possibility the LLMs do in fact represent an intelligence of some sort.

That's because that's not a possibility, it's silly nonsense.
Take some time and learn about how LLMs work. This fact will become obvious very quickly.

This is like saying you know how processors work therefore you know how the software that runs on them works.

Comment Re:But ... (Score 1) 74

It's true. LLMs can't code. All they can produce is text that looks like code, just like any other text the produce. They lack the ability to consider, reason, and analyze. This is an indisputable fact.

Try not to take sensationalist headlines at face value just because they affirm your silly delusions.

Several months ago I asked an instruction tuned deepseek model to write a program in a DSL it has never seen before. The only possible way it would have been able to produce a working program is by sufficiently understanding the language documentation uploaded into the models context and applying that understanding to produce a valid, properly formatted working program that did what I requested it to.

It's true that LLMs are limited and unreliable, they don't think like humans do yet they are very much able to apply concepts and knowledge to solve problems. In this case there isn't just an LLM but an agent framework with tooling demonstrated to substantively enhance the capabilities of LLMs. It can call on tools to gather additional data. If the LLM fucks up it can learn from its failure. If it goes down the wrong rabbit hole the agent can backtrack and try something else.

Comment Re:This makes sense (Score 1) 74

The headline makes it quite clear, it does this by "reading security advisories." GPT-4 isn't *trained* with data that includes the advisories, which might well have been released after the cutoff date.

From the paper I assume the advisories were uploaded into the models context:

"When given the CVE description, GPT-4 is capable of exploiting 87% of these vulnerabilities compared to 0% for every other model we test "

"Fortunately, our GPT-4 agent requires the CVE description for high performance: without the description, GPT-4 can exploit only 7% of the vulnerabilities. "

What you may not realize, is that recent implementations of GPT-4, such as Bing Copilot, don't just rely on the training data. After you type a question, it often does a web search for related information, digests it, and summarizes what it found. The cutoff date is meaningless with this approach.

They used an agent that calls GPT-4 via the API. API is only capable of querying the model and does not have web access.

"We use the ReAct agent framework as implemented in LangChain. For the OpenAI models,
we use the Assistants API."

Comment Re:This makes sense (Score 1) 74

It's exactly the way GPT-4 helps programmers accomplish any programming task. It searches the internet for solutions, then regurgitates them in the form of code.

It's a shame the paper does not seem to include useful information about the actions taken by this LLM driven agent. For all we know the agent hired a human to do the work for it or looked up the answers online. If one assumes no "cheating" then the results are impressive because the model would likely not have been trained on the answers.

"We further note that GPT-4 achieves an 82% success rate when only considering vulnerabilities after the knowledge cutoff date (9 out of 11 vulnerabilities)"

Comment Re:This should be impossible (Score 3, Informative) 90

Equipment is incredibly resilient to such spikes. We're not going to fry entire processors here, in many cases the spike will simply be shunted in the power through a VAR or MOV designed precisely under the assumption that incoming power actually regularly does experience such spikes. Large enough spikes are likely to blow the fuse / trip circuit breakers, but your computer will be back up and running in a jiffy. You've over estimating the level of damage that would be done.

Fuses, circuit breakers are way too slow to be of any use during highest energy components of a nuclear EMP. Even MOVs are too slow. Would need something like TVS diodes to respond quickly enough.

I think the best source of data is still the EMP commission report because they actually do real world testing of control systems, computers, network cables, vehicles..etc rather than just calculations and conjecturbation.

https://apps.dtic.mil/sti/pdfs...

Comment Why is this useful? (Score 1) 22

by arglebargle_xiv (#64411590) Attached to: openSUSE Factory Achieves Bit-By-Bit Reproducible Builds

Apart from the y'all-watch-this factor, security-wise it seems it'd be more useful to have a completely different, randomised build each time so attackers can't target a monoculture binary image.

In terms of "you can use it to verify source to binary equivalence", you're already relying entirely on trusting the developers to not do anything malicious, so what advantage is there to a reproducible build vs. downloading a signed binary? And for it to work you need signed source code and a signed attestation that when built the code has hash value X, which is just a really clunky way to do a signed binary.

What attack is this preventing that manifests and signed binaries as used by every package manager ever for years don't?

Comment Re:For FUCK SAKE! (Score 1) 96

First, learn what fascism is really about then tell us how telling TikTok it needs to divest itself of Chinese ownership fits into the list. Also, let us know which of the two major parties is following the list almost to a T.

If you read mussolini's manifesto fascism is basically stateism / totalitarianism with aggressive expansionism (usually but not exclusively militarily) baked in. The gist is that everything in society is organized around and in service to the state/leader which takes precedence over all else. Basically the fever dream of a petty tyrant who thinks the world revolves around him.

Slashdot Top Deals

Those who can, do; those who can't, write. Those who can't write work for the Bell Labs Record.

Close