The computer nerds understand how to isolate this stuff to mitigate the risk. I’m not in on openclaw just yet but I do know it’s got isolation options to run in a vm. I’m curious to see how they handle controls on “write” operations to everyday life.
I could see something like having a very isolated process that can, for example, send email, which the claw can invoke, but the isolated process has sanity controls such as human intervention or whitelists. And this isolated process could be LLM-driven also (so it could make more sophisticated decisions about “is this ok”) but never exposed to untrusted input.
No, literally no one understands how to solve this. The only option that actually works is to isolate it to a degree that removes the "clawness" from it, and that's the opposite of what people are doing with these things.
Specifically, you cannot guard an LLM with another LLM.
The only thing I've seen with any realism to it is the variables, capabilities and taint tracking in CaMeL, but again that limits what the system can do and requires elaborate configuration. And you can't trust a tainted LLM to configure itself.
If the “clawness” means you only use the llm to control itself, then yes, that’s impossible. But you can easily shim such a process so that the interfaces it uses to “claw out” to the real world are shims that have safeties such as human control. Openclaw does not do this, and is thus a scary shit show, but you can play with it in isolation safely, and I think a standard pattern for good control will emerge.
Yeah that's an active research topic for teams of PhDs, including some of Google's brightest. And the current approach even with added barriers may just be fundamentally untrustable. Read the links from my earlier comment for background.
I think you're misunderstanding the severity of the lethal trifecta. Just because you put access controls around the LLM doesn't mean all that much if the access controls allow anything in & out. There is no way to write a shim that blocks "everything naughty", while remaining useful.
You literally have to fully prevent all outside input, or you have to prevent all exfiltration routes including web page reading (even the choice of links to follow is an exfiltration mechanism). At that point, what's left? What do you think will be on your allowlist?
I seriously doubt the early adopters of these software bundles use their assistants like with such restraint (https://xcancel.com/summeryue0/status/2025774069124399363), and that idealized image of these access control shims is not realistic.
Your definition of “remaining useful” seems to require a lot more than mine. An email shim, for example could have destination whitelists, rate limits, an overall message quota, and can have its contents driven by fixed templates which the LLM can choose from, but not inject arbitrary data into. The point is that your claw need not have “do anything” powers, it needs to have extremely constrained powers. Maybe that is, as you say, “not a claw.” In fact, mine calls itself a “clav” because it’s almost a claw, but not quite.
I don’t understand how “running it in a vm” Or a docker image, prevents the majority of problems. It’s an agent interacting with your bank, your calendar, your email, your home security system, and every subscription you have - DoorDash, Spotify, Netflix, etc. maybe your BTC wallet.
What protection is offered by running it in a docker container? Ok, It won’t overwrite local files. Is that the major concern?
It’s a matter of giving the system shims instead of direct access to “write” ops. Those shims have controls in place. Their only job is to examine the context and decide whether the (email|purchase|etx) is acceptable, either by static rules, human intervention, or, if you’re really getting spicy. separate-llm-model-that-isn’t-polluted-by-untrusted-data.
Edit: I actually wrote such a thing over the weekend as a toy PoC. It uses the LLM to generate a list of proposed operations, then you use a separate tool to iterate though them and approve/reject/skip each one. The only thing the LLM can do is suggest things from a modest set of capabilities with a fairly locked-down schema. Even if I were to automate the approvals, it’s far from able to run amok.
Is it intentional that the baseline vertical offset doesn’t seem consistent? Text set in this has a sort of up-and-down sloppy effect. Otherwise I love it.
Edit: it mostly seems that capitals appear higher than lowercase. It feels like there’s more inconsistency though, like the designer didn’t pay attention to eg the perceived “bottom” of curved characters vs flat-bottom ones.
Doesn't seem like a ton of attention has been paid to kerning, either. The 'he' pair seems especially noticeable to me, which occurs several times in the "somewhere where there's cheese" image. I don't know enough about font design to guess whether the 'bad' kerning is intentional for the typeface, though - so I could be off base.
Simply the "I" and "N" baselines on "Cracking" is wildly (un-professionally) off! Took a screenshot and there's +/- three pixels or so with no artistic justification for it. Even Comic Sans has a consistent baseline!
> If there wasn't some kind of strong upside no one would be eating this stuff willingly.
Are you kidding? I love the stuff. I used to eat it daily as a kid and had gotten out of the habit, but when I had high cholesterol and my doctor told me to eat a lot of it, it was like being prescribed a treat.
> Pretty sure most of this could be filmed with a camera drone and preprogrammed flight path
This is a “Dropbox is just ftp and rsync” level comment. There’s a shot in there where Rocky is sitting on top of the spinning blades of a helicopter and the camera smoothly transitions from flying around the room to solidly rotating along with the blades, so it’s fixed relative to rocky. Not only would programming a camera drone to follow this path be extremely difficult (and wouldn’t look as good), but just setting up the stunt would be cost prohibitive.
This is just one example of the hundreds you could come up with.
Drones and 2d compositing could do a lot. They would excel in some areas used in the video, require far more resources than this technique in others, and be completely infeasible on a few.
They would look much better in a very "familiar" way. They would have much less of the glitch and dynamic aesthetic that makes this so novel.
This article is great but it is insanely long and suffers from having no scroll bar on mobile. I read for over an hour, falling asleep at least three times, and wondering the entire time how far I was from finishing. Eventually I flicked the page upward to find out and could not believe how far I scrolled. I gave up at that point.
As an uninformed observer, here is a possible sequence of events that sounds somewhat plausible based on what we know so far:
* sparkfun employee engages in some shitty behavior (maybe harassment, maybe photoshops) toward adafruit CEO
* adafruit engages sparkfun to ask them to put a stop to it
* employee leaves sparkfun
* employee continues shitty behavior
* adafruit continues to bug sparkfun about behavior
* sparkfun now has no control over employee, wants to wash their hands of it
* adafruit isn’t happy with this resolution, continues to push it, interprets inaction as tacit approval
* sparkfun cites CoC about private matters, inappropriate messages
* HN speculates :)
IMO what they did is pretty overblown. They did register a joke domain but basically folded and apologized immediately. Then nothing for 8 years, until they commented on a post where adafruit was accused of doxxing on mastodon.
Phil, based on this summary and reading the emails about what went down between you and Nick, you sound like an absolute lunatic. He mocked you once back in 2017. He set up a satirical website that had a single joke: you as obsessed detective, sniffing out perceived slights. Then, when called out on it, he very eloquently apologized for it, expanded on why he had done it, and offered an olive branch of friendship.
In response, you have absolutely flipped out on him. You've continuously attempted to expand his "crimes" into something against your wife, attempted to accuse him of misogyny, attempted to frame it as an attack on your kids, attempted to loop his employers into it, claimed you'd sue, and called him a bully. And later, when he made an offhand reference to this ordeal (to someone else you appear to be flipping out on), you accuse him of starting a new campaign of bullying. It's so completely out of scale that I have to question your mental state.
And the cherry on top is that in the middle of all this, you took a piece of information -- the fact that he has posted on social media about mental health issues -- and tried to leverage that into a claim that this is all his problem. I'm sorry, but that is absolutely disgusting behavior, and I hope you're ashamed of it.
Ah, that is pretty illuminating. Insert “adafruit employee / husband of CEO overreacts to internet squabbles and gets a little shrieky because he’s sleep deprived” in there somewhere.
This reminds me of the olden days of small messageboard drama. It’s a shame to see it affect a business relationship between two good companies. Maybe they’ll make up after it all cools off.
sparkfun will continue to use limor’s open source code, libraries, and designs. that is how open source works, and we are fine with that, and that is awesome!
what is not speculation is - paul (teensy creator) told us directly that sparkfun’s decision to block us from purchasing teensy was final. that was not a heat of the moment thing, and it was not handled through normal purchasing channels. i do not even purchase. our purchasing team does. the same is true of the royalty payments sparkfun has made to adafruit for over a decade under standing agreements. there is essentially no day to day interaction. i asked if they are going to keep paying those, no reply yet.
the termination letter was addressed broadly to “adafruit leadership,” not to any specific operational contact. that alone tells you this was not a routine business dispute.
no current sparkfun employee did anything wrong here. one former employee did, and nate’s behavior toward limor has been an issue for years. i am done with that and him, so that part will sort itself out now.
> the termination letter was addressed broadly to “adafruit leadership,” not to any specific operational contact. that alone tells you this was not a routine business dispute
That really doesn’t tell me anything. I would like to humbly suggest you’re very close to this issue, in an already stressful personal situation, and you’re reading things between the lines kind of aggressively and overreacting.
I’m not saying you’re wrong, and I’m not saying whatever others did is ok, but I am saying that you aren’t improving anything by being here trying to litigate your case. I don’t think anyone who puts any thought into this can legitimately accuse you of anything except getting a little too worked up about it.
it seems like if i do not reply, it's worse? i totally get what you are saying, however i think we're part of this hackernews community too, and not here to litigate past issues, and i will probably always get a little too worked up when it comes to what i believe is a long history of a "competitor" doing things outside of "it's just business, get thicker skin" ...
Try this as a reply; "hello everyone. This seems to have all gotten out of hand. We want to continue selling teensy units, We've made a lot of sales working together and I want to salvage this working relationship and ensure we continue to do business together and sell as many Teensy units as possible. Why don't I, sparkfun and Paul Stoffregen get together for a zoom meeting next Monday and discuss this. At the end of the day I'm sure Paul S would prefer his product to be as widely available as possible and we want to help with that. Best regards - ptorrone".
That would be the mature and professional response which ensures continued sales for you, sparkfun and PJRC.
And for Christ's sake stop arguing business issues on social media and messaging boards. What are you doing, man?! :)
Having read the whole thing in great detail, I’m going to try to give you an honest perspective. Your competitor has done nothing to you. Someone loosely connected to your competitor (used to work there) did something extremely mild to you, and you have been overreacting to it so egregiously that it splashed over into your relationship with another company, through no fault of theirs. It is now to the point that you have made a complete ass of yourself. If you had simply let it drop like an adult, Nick never would have dropped that incredibly damning (to you) email chain. You blew it.
That's not necessarily correct. If you leave something standing without gainsaying it there is a substantial fraction of the viewers of the interaction who will come away with the impression that that party that did not speak up against the last comment lost the discussion because they ran out of arguments. This is so widespread that there are multiple names for the phenomenon and lots of good interaction has been ruined by it.
Obviously I don’t claim to speak for everyone else when I say it only seems that way to him. I’m being tongue in cheek. But I do think it’s the wrong instinct and the fact that some people agree isn’t reason to give into it.
You've already stopped replying, but I think an anecdotal stories might do you some good:
When I was 18, I had a situationship with a girl with abusive parents. One night she texted me to go get her because they were being awful (Mostly to each other) and she wanted to get away from it. When I took her back, even though they had told her she could go in the first place, they were angry with her for being out. The dad, angry with me, yelled at ~10PM and pointed a gun at me in my car.
Latter, the police came by my place and tried to give me a Disturbing the Peace citation. I felt wronged: My only involvement had been to remove a younger person from an already un-peaceful situation! The girl's dad had pointed a gun at ME. I wanted to defend myself.
My mom is a lawyer. She went with me to the station when the police wanted to question me, and she told me to just shut up. Don't answer any questions. Even if it was defending myself. Just. Shut. Up.
She was right, but it was still hard. At one point she kicked me pretty hard under the table to tell me to not talk as the office kept trying to get me to. By doing so, they didn't have enough evidence to do anything. They couldn't press charges, so nothing happened. I would've been innocent either way, and would've won any case, but it was sure a lot easier and avoid a waste of everyone's time for me to not defend myself, because by not defending myself then, I didn't have to waste time in court.
Years later, the incident itself is irrelevant. I doubt anyone else by my mom and I remember it - the notable bit was that the entire situation ended that night because I didn't let my strong desire to show my innocence and wrongful persecution win over the advice of my lawyer-mom telling to STFU.
Now, this isn't to say there aren't time where being very, very vocal is the right call. I could rant and rave to you about the time I really pissed in the cheerios of https://www.scanoss.com/ (With some of it happening here on HN, and me actually "Doxxing" one of their employees after he posted on the HN thread claiming to not be affiliated and accusing me of "falsifying information, impersonation, and even extortion" which was comical levels of bullshit.) but I had public opinion firmly on my side, getting constant pings in discord and slack servers as people wanted to know the latest juicy details and how I was sticking it to them.
But optics matter: It was a David and Goliath situation, where the entire incident happened in a short time frame, and as an individual I wasn't representing anybody other than myself. Those are the factors that change your situation.
You're involving Adafruit in drama and posting quickly, not as formal, adult response.
You're a golliath too, with Adafruit being a pretty big name that everyone in this community knows.
You're involving years old drama, where details are murky and intent and other relationships aren't easy to understand from the outside.
All of that combined makes you look bad, regardless of you're the "good guy" or "bad guy" here. Optics matter.
Sparkfun, by being vague and making an at least surface-level professional page here controlled the optics pretty well. It's only on the surface - as others point out, there's definitely some smells to it too - but rash, fast posting from an individual is what's making the optics bad for you - just like how the CTO of ScanOSS directly responding in my situation made him get over 100 thumbs downs on the GitHub thread in that story.
I think, honestly, that everyone involved - you, the person that's saying you dox'd them, Limor, etc. are great people doing great things that got a little too riled up and let things explode into public drama when really even just being the bigger person and making your FOSS Teensy pin-compatible board would've been retaliation enough in a way that nobody would've seen you as anything but the good guys for.
Honestly, if I were you, even if you believe you did nothing wrong, I'd apologize. Say you're sorry for using their real name. Say making extra accounts to contact them when they didn't want to be wasn't cool. Say you felt hurt, and have been stressed, but didn't realize how what you did would affect them. I honestly don't think you meant to dox anyone, because I don't think you saw it as doxxing. So say that, and say you're sorry. Probably in private first, if you mean it.
i’m catching up here. we have two kids. i dropped one off at pre-k this morning.
i replied to an email from a person whose full name was already in the email and is publicly listed on all of their sites. i said we should talk together about the pile-on. at the time, they believed we had done nfts. we never did.
i can and will apologize. i am not a double-downer. i like changing my mind. if this is the worst thing that happened to this person in their life, and a sincere apology would help, i am fully on board with that. i would mean it. why let something like this linger and turn into prolonged suffering.
there are no other examples anyone has pointed to of doxxing or misgendering. i believe i said “he.” that’s it. i am available, and they know how to reach me.
at the same time, there are people creating alt accounts, including ones using my handle. i see that pattern clearly. still, i understand what you are saying: that i should always take the higher road and be the bigger person, regardless.
my email is pt at braincraft d0t com, open to talk
Setting aside any concept of who's "right" or "wrong", if I got an email like this from the MD of a customer, I'd share it with my team, we'd all laugh a bit, take a deep breath, and find a way to de-escalate the situation.
Similarly if I were buying product from a supplier and they made an immature joke I found hurtful, I would probably just ignore it. If it was a recurring problem maybe I'd say "I really didn't appreciate when you <xyz>'d, can we keep this focused on business in the future?" And if that didn't solve things, I'd see if someone else could be assigned to handle the account.
I hope those examples don't minimize what either side is feeling, but I have to say that I don't feel I've seen anything in this thread that gets my blood pumping. Dealing with difficult or rude people is part of the job and part of life.
Taking things personally, especially in business, is a _very_ expensive luxury. And if that isn't convincing enough, if you still feel angry about it in a month you can usually yell at them later. But if you escalate today and feel foolish about it later, it's a lot more difficult to mend the wounds.
Everyone necessarily, axiomatically, thinks that the way they react to things is reasonable.
But not all other modes of existence are automatically unreasonable even if they are different from one's own definition of reasonable.
Even if I would opt to ignore something like that in some paticular case for whatever my reasons are, I would rarely presume to suggest that someone else should ignore something like that for whatever my reasons are.
This video is so badly edited that it’s really difficult to figure out what he’s actually saying. It’s obviously cut to portray some kind of regret, but for example what does “he left me on the table” even mean? Who? How?
Sorry, as other commenter points out, the editing is only “bad” in a specific context. It’s brilliant for purposes of comedy and mockery. It’s definitely not good for purposes of understanding what Adams really thought.
Edit: and for what it’s worth, I have no idea who “Berger” is or that/if they edited that Vice video.
It’s edited well for its purpose, perhaps; it is not edited well for the purpose of understanding the context and intent of the Scott Adams quote being discussed, which is very much not its purpose. From the perspective of someone trying to understand the evolution of Adams’ views, it is badly edited, which is different than saying Berger is a bad editor, or even that it is badly edited from any other perspective.
I could see something like having a very isolated process that can, for example, send email, which the claw can invoke, but the isolated process has sanity controls such as human intervention or whitelists. And this isolated process could be LLM-driven also (so it could make more sophisticated decisions about “is this ok”) but never exposed to untrusted input.
reply