Ian Costa

@nrweinwohner @sheriyuo Yeah, so why don't they do that? It should know it needs to run an algorithm, but doesn't unless specifically asked to.

@Ian_Costa18 @sheriyuo You do the same in your brain. Most people would walk through a small „algorithm“ in their mind to count the letters. They do not instantly „know“ the answer, but they know how to get at it.

LLM is just a machine for modeling probabilities, and to make it fully memorize patterns like "how many [a]'s in [b][c][d]" would require training tokens on the fourth power of the vocabulary size, which is simply infeasible. So the only viable path is to push toward agentic workflows, letting AI use code to verify such checkable problems.

@anishmoonka @pangramlabs ai?

Before it took off, the bird ate parts of its own liver, kidneys, and gut. That was the only way to be light enough to fly. Then it flew 8,425 miles from Alaska to Australia, in 11 days, without eating, drinking, or landing once. The bird is called B6. It's a bar-tailed godwit, four months old, weighing about as much as a can of beans. In October 2022, scientists at the US Geological Survey tracked its flight from Alaska all the way to Tasmania. The trip took 11 days and 1 hour. It is still the longest non-stop flight of any animal on Earth. For two weeks before takeoff, godwits eat until they almost double in weight. Fat ends up being 55% of their body, more than any bird ever measured. Then they shrink their own insides. About a quarter of their liver, kidneys, stomach, and intestines gets broken down and reused for fuel, making room for the extra fat and cutting weight. Their heart and wing muscles grow bigger at the same time. They never drink along the way. The water they need comes out of burning fat, the same reaction their muscles use for energy. They also never really sleep. B6 flapped its wings for 264 straight hours, cruising around 35 miles per hour with help from storm tailwinds. By the time it landed, it had lost almost half its body weight. The shrunken organs grew back over the following weeks. Scientists still cannot explain the navigation. B6 had never made this flight before. Adult godwits leave Alaska weeks earlier, so young birds fly alone with nobody to follow. How a four-month-old bird finds its way across 8,425 miles of open ocean to a place it has never seen is still an open question. About 100,000 bar-tailed godwits leave Alaska every fall. Most of them land in New Zealand or Australia 10 or 11 days later, having eaten parts of themselves to get there.

@BentonSir @AmeliaHammy @billjohansen1 @Arockalyps Notice how close they stayed to land, there isn't much land across the Atlantic

@AmeliaHammy @billjohansen1 @Arockalyps I mean.... This was in a kayak so...

"Michigan is landlocked" is certainly an opinion.

@lonelysloth_sec Isn't that the point of LLMs though? They're not supposed to be lookup-machines, their output requires randomness which means sometimes their answer is just wrong. You can put temp to 0 but not many do

What can LLMs do *reliably*? They can do lots of things *impressively* -- in a controlled scenario. What is one thing they can do reliably in real world conditions? I can't think of anything besides translation (and even then maybe im just not knowledgeable enough to judge). Everything I test them on, they break real fast with trivial edge cases. If you replaced a back end with an LLM (and didn't tell) no QA engineer would ever sign off on it. Why do people make excuses for LLMs that they'd never make for humans or regular software? Is it like puppies? LLMs are cute and we want to believe they are smart? Are they so cute most people can't actually QA it?

@qsdnl Just search through the HTML in dev tools?

if you make a Web Location with long lists of Items that are collapsed by default so I can't ctrl F the thing I'm looking for without going and clicking each one open first I think bad things should happen to you

@RobertSecundus Just apply anyways? Just because it's in the description doesn't mean it's law. There's a very real chance they understand your situation and accept you or help in some other way.

@HouseOfFaust @UK_Daniel_Card Like if your contract says you have EDR on every system and then get breached on a system without EDR, no amount of compensating controls are gonna help you there (legally)

@HouseOfFaust @UK_Daniel_Card Usually auditors are to blame but there are some instances where the orgs contractually agree to have certain controls and then just... Don't implement them.

This isn't just a "Script kiddie with a clipboard", this is a problem with auditors in general. Because the book says X, they forgo nuance and lack complete understanding of what compensating controls mean. Good auditors are extremely rare - It's time I worked on that.

@itsfolf @catgirlprostate Flaresolverr working for you? Has been dead for me for months

@catgirlprostate we got the method

You aren't moving like me, you don't know the method

@catgirlprostate Gotta migrate from jellyseerr to seerr!

@UK_Daniel_Card @damnsec1 Need to add the steps to create an account too, right? That's at least another 6-10 clicks including logging into email, password manager, generating creds

@damnsec1 I just downloaded fusion, you log into the portal, you click downloads, free downloads, click the product name, click agree then download.

You don't understand. I feel great mental anguish just trying to download VMWare. I don't even recommend VMWare to people anymore for this very reason.

@oliverhenry Microsoft's other products are garbage but the office suite is genuinely way more feature rich than it's competitors. So many times I'll find something that's complicated or impossible in Docs that's a simple button press in Word

Who uses word???? Serious question. Since Google docs came out that is all I used, who is paying to write word documents?

@CuseFanin315 @donasarkar Whenever I use Docs I always end up falling into a rabbit hole of Googling a task that's impossible on Docs but takes one button press on Word

@donasarkar The entire Microsoft office package is SO much better than the Google knockoffs, it’s not even close.

I will again repeat this: Employed people.

@ImposeCost Wasn't there one guy a year or two ago who sold their company credentials for like $500?

Homie, people selling out their whole country for a whole lot less. Like tens of thousands of dollars. 😂

@moyix The ones they've found so far allotted them infinite time and unlimited token use. I wonder how effective it will be to actually operationalize this working with project budgets and typical software release deadlines. If it isn't, they may cheat it to get better marketing

@Ian_Costa18 The projects they claim to have found serious vulns in so far have been hit with fuzzers and static analysis tools and looked at by human researchers for years, so I don’t think that’s it

One thing I don't get about Mythos skepticism is, like, won't we know pretty quickly whether it's real when the CVEs/fixes drop? Won't people at the industry partners report having a whole bunch of fixes to make?

@dMxwABXhoVgGr1Y @yoavgo Just because you run AI over it doesn't mean it found all the bugs, I'd bet $20 someone will find a new vuln in the exact same code Mythos was run over in the next year. It's just not that easy to find bugs

@yoavgo Also I think false positives is much better than not finding anything at all and letting a 0day slip (false negatives). And rejecting false positives, while annoying, is still much easier than actually finding a bug

as much as i detest Anthropic's PR stunts, the findings by Aisle Security are also highly misinterpreted. "isolating the relevant code" makes a *huge* difference, it is a MUCH easier task after isolation. in CS terms, verification is much easier than search / solving.

@Chronodendron @kwiens Jailbreak it! youtu.be/Qtk7ERwlIAk

I’m so upset… My Kindle is fifteen years old. It still works fine, and I want no other. I read a lot, and this is the only e-reader that doesn’t hurt my eyes. None of the new models have a screen that so perfectly mimics paper. And now Amazon is forcing me to buy a new one. 😡 I don’t need a touchscreen or sound, and I definitely don’t want adverts! 🤬 The timing couldn’t be worse either… I can’t afford it right now. ☹️ I guess I won’t be buying more ebooks for a while... I’ll just have to read the ones I already have.

@dlouapre @keylimesoda @FFmpeg I imagine that's why it's so frustrating when people don't submit patches, now some other guy has to come in, understand where to tap themselves, verify that tapping in that spot won't break things elsewhere, etc. when all it would've took is an extra few hrs of work

I've looked at the 3 patches. As far as I can tell, identifying the bug was the truly hard part. Once the vulnerability is identified and well described, creating the fix seems fairly easy, at least for a reasonably seasoned C programer. It reminds me of the story of the plumber fixing a boiler on a ship by taping with a hammer at a precise location. It costs 10,000$ and the invoice reads : Tapping with a hammer : 1$ Knowing where to tap : 9,999$

On the scale of unlikely concessions, FFmpeg crediting AI for finding bugs ranks somewhere between the Pope going atheist and Gary Marcus admitting we reached AGI.