This is good long-term, but what fraction of routers, smartphones, IOT devices, cameras, cluster servers,
We can bet that black hats iterate through all accessible devices and try to gain access. They might patch flaws to avoid others getting in, but will keep a backdoor for themselves. So it will be extremely hard to tell. We do not have something like brickerbot to turn unpatched devices noticeable.
The moral of the story is that it is easier and easier for police and intelligence services to quickly get meaningful information out of hard disks, including passwords and files in a personal workflow / storage structure (or lack of structure). LLMs might piece this together and be targeted. Security analysts would be faster and ignore noise better, but what is shown here might scale to millions of citizens.
The response of "User-Agent is not authentication" is a strawman response to "Unofficial clients should not use our servers". They used it as identification of clients, not authentication. Would the developers be happier if they had used an API key for the web interaction, but package that fixed API key into the app? Would that be "authentication" and thus better to them? It's the same effect, and the open source clone would copy it too.
Same discussion as 30 years ago with open source clones of messaging apps such as ICQ. The open source client pretends, on those days through reverse engineering, to be the official client. Ultimately, it was okay then, because it was beneficial for the operators to have a larger network of users who can talk to each other. Does this dynamic apply here?
If hammering is an issue, randomly drop with 429 95% of requests. Then as an alternative, allow people to buy an API key for 1000 downloads costing 1€.
Then patient individuals can always download for free. Big companies / CI / AI will want to pay or make their own mirror.
Rebecca Watson is a quite famous skeptic, and a former co-host of the Skeptics Guide to the Universe podcast. Since Dawkins is also in these circles, not too crazy to bring her up.
The class of bugs for PipeFail can be prevented in principle with X^W, which is implemented in PaX, Exec Shield, and some SELinux configs.
Is any distribution that comes with these in the default installation protected against these exploits? If not, what is missing in terms of mitigation protections against this class of bugs?
Either you get faster and faster at it, or 2026 is the year we work on pen and paper until the storm is over...
W^X? As implemented in PaX, Exec Shield, SELinux. Which all Linux distros have and no Linux user ever uninstalls or disables. Or something.
The restructuring may be legal in itself and viewed in isolation, but if there was an investment with a (written or oral) understanding of being for an open source company, the metamorphosis of OpenAI may still break that investment contract. Probably the fair thing would have been to give back the investment at that point with interest, or settle the matter in another way.
> Putting a hardware guy in charge of Apple might help the company return to its roots as a hardware-first company.
Steve Jobs and Steve Wozniak founded the company, but the hardware guy was not in charge. It would be closer to the roots to put a salesperson or designer in charge? And I mean design in the computer science sense, a tool matching a purpose.
Some feel weird when people say please and thank you when interacting with chat bots. If what TFA says is true, I am curious whether norms of politeness (or lack thereof) in chat bots, treating them as disposable, emotionless tools could also leak from chat bot interactions into human interactions. It seems plausible that humans cannot maintain a clear mental separation.
Maybe they should introduce meta-moderation, where authors and institutions get Karma assigned for the quality of their paper and review. Low Karma could then result in more oversight, more reviews, fewer allowed submissions, or a 1-year ban.
That was my experience before ChatGPT 5. With ChatGPT 5, here comes the qualifier: if you use it within its training data range, it's quite good. Within its training data means, doing what other people have done before and is likely to be found on stackoverflow. For example, setting up training a neural network with torch. If you go outside their comfort zone, I agree with you.
Danger lives when these tools are used in an area where the user even lacks the expertise to factcheck the answer. The responses sound very confident.
What's your approach to writing unit or system tests? Are you advising the LLM to write a test first, then check it for specification issues (whether what you meant is the behaviour that is expected in the test), then ask for an implementation?
Dark Energy is the name for the phenomenon an accelerated expansion of the Universe. This was measured by observing distance and velocity of distant supernova, and later also with other techniques (galaxy clusters for exampl). Dark Energy is the additional energy available for driving this, which is not accounted for in light-emitting baryons.
What causes the Dark Energy is another question, and that, indeed, has not been solved ("proven") to date.
In every hierarchy the cream rises until it sours. -- Dr. Laurence J. Peter
