not that i agree with the above posters, but they are talking "boomers" generally.
someone like Olga Tokarczuk would presumably be an exception to the general statement, considering her career makes it clear that she doesn't subscribe to the "art is a dead end and there is no money in it" philosophy ryanmcbride is describing
Oh, you doubt her? Say more. Why do you doubt her? Because of her long history of using AI to generate her previous work? Which of those did you like least?
Tacek, does it matter why? I just do. Maybe I don't like her style. Maybe I don't find her entertaining. Maybe she spoke on TV once and I found her pretentious. The why is irrelevant. The end result is not.
Are you not using OverlayFS? The exploit vector here relies on OverlayFS. What you want to reason about generally is (a) whether you have AF_ALG sockets exposed and (b) whether attackers have access to files (via inode) whose cached contents will affect other processes.
I don't even know what this story is trying to be about. She won the Nobel (and the Man Booker) many years before the public availability of LLMs. It sounds like she's saying she used LLMs the same way people used Google, before LLMs supplanted it. So what?
There is a 100% chance that people are using LLMs to find vulnerabilities and build exploits. If it was possible for something to be a 101% chance, that's what it would be.
Apologies to all - I am British. The phrase "non-zero" does cover every case other than zero, but the intent is that it covers some cases more than others. What I'm trying to say is: yes. My intent was just to push back on this specific (and slightly bizarre to me) instance of kind-of-vagueposting, to my eyes written to imply that it might be some sort of unnoticed conspiracy, detectable only by the most enlightened of observers, attuned to the subtle signals that most people miss: that people are using LLMs to find security exploits.
Indeed. It's similar to a different sliding scale that I've noticed is much more common amongst Brits than it is by other nationalities (in my limited experience):
Zero number of...
Insignificant numbers of...
Not-significant numbers of...
Not-insignificant numbers of...
Significant numbers of...
Very significant numbers of...
Along with the other similar scales (roughly in order):
None of
One or two of
A couple of
A few of
Some of
Many of
Lots of
Most of
Almost all of
All of
Right, no, what I'm snarkily saying is that basically everybody who has ever looked for a vulnerability before is now using LLMs to do it. It's a huge thing in exploit development right now.
Fair enough. While I would kind of wish AI could be reliably detected, deep down I know this is impossible and it would be pretty bad if we had, say, a prosecution that succeeded because "this 'provably-non-AI' photo places you at the scene of the crime" because only a few underground people know how to remove a watermark.
You raise an interesting point about the artificial generation of evidence used in court. In 1992, Michael Crichton wrote the book Rising Sun, which centers around the editing of security camera video footage to coverup a murder.
I also wonder if being able to prove that an image or video isn’t AI generated would lend credence to it, while in reality there are other methods to produce falsified video.
What stops someone from adding a watermark to an actually photographed (carefully framed?) picture to discredit it? There is no certainty either way, just suggestions from someone else about what the truth might be.
He could stop confidently opining about things he clearly doesn't have even a surface-level understanding of. He also employs a tactic beloved of Internet trolls: he writes extremely long posts to stud his bogus claims in; his readers only need the "vibe" of his pieces to get the value they came from, but actually discussing them requires you to get a pickaxe and shovel and start digging. It would be one thing if he'd evinced technical competence over the last year, but he has done the opposite: some of what he's written about software development makes it really clear he's got basically no exposure to it.
It's a bad combination. There are better AI skeptics to follow. Endorsing Zitron, though, has become a "tell".
There's like an interesting systems article here, but at this point I'd rather they just gave me the prompt they used to generate it, so I can read it interactively in my own GPT5.5 session.
(This site is extremely good and has fairly recent coverage, point-by-point, of all OpenBSD's mitigations. An important subtext to take to this is that OpenBSD has a reputation for introducing mitigations that exploit developers make fun of. Some of them are great, some of them less so.)
The slides are over 6 years old. The developers' attitudes haven't changed much, but are all of the arguments still valid?
I've followed this discussion here and there over the years and it always goes like this:
1) everyone makes fun of the mitigations
2) many even outright assert they can easily defeat and exploit OpenBSD
3) nobody provides a working PoC when asked to demonstrate how insecure the OS is
And somewhere in the mix there's also you and your usual blabber, also without any substantial examples of how insecure and exploitable the OS is. Always.
I have now read all of the points in the mitigations section. Just like the slides, the commentaries to the mitigations willingly assert uselessness and imply a sense of absolute insecurity, but without specific or even general examples.
So I'm looking forward to your careful explanation of how insecure the whole thing is and how easily it can be dismantled. Because I really want and need to know. Let's talk.
reply