My iCloud is full. Every once in a while my iPhone nags me to upgrade for a few days in a row and I tell it no and it goes away for 6 months or so. My Mac has never once nagged me about iCloud storage.
I think there’s debate (which I don’t want to participate in) over whether or not invisible characters have their uses in Unicode. But I hope we can all agree that invisible characters have no business in code, and banishing them is reasonable.
We need a new suite of utilities with defined R/W/X properties, like a find that can't -exec arbitrary programs. Ideally the programs would have a standard parseable manifest.
I've seen this before with sodoers programs including powerful tools. Saw one today with make, just gobsmacked.
Laws and lawmakers just concern themselves with making broad "laws" with little regard to specificity and applicability. California, Colorado and Illinois mandate OS "providers" to generate a signal. It is a copy pasted bill with little grounding in reality but a lawmaker is not going to say no "protecting children".
Pushed by AVPA - a group of companies standing to profit from this: LexisNexis, some Thiel corp, etc.
California's law explicitly requires the system and apps to take the user's word for it and not use other information to determine age, which more and more feels to me like kind of a brilliant move to cut the legs out from under other attempts to use the same for surveillance while still satisfying all the surface-level "protect children" sound bites.
You missed US states competing on setting up age verification legislation that lets anyone sue any developer who produces systems that don't do age verification for life-destroying amounts of money.
Eh private prosecutions and third party standing are generally disfavored to such an extent that sure, attention-whoring legislators will propose it, but whether it even passes constitutional muster on the state level is an open question, and open in every state.
For what it's worth, the "verification" in the California law (not a bill, it's already passed and takes effect 2027) is basically the Steam birthdate popup interstitial. There's explicitly no actual link to any outside information, just requiring that the system save a value the user sets and then that apps use that value for any age gating.
> And Starlink / xAI is going to shoot them into space.
I highly doubt that. They claim they want to shoot them into space, but I don’t believe a word of it until I see it happen (and see it work). It’s no more real than hyperloop.
It’s really not that complicated a problem. Don’t worry, you’ll certainly be able to solve all the problems yourself as you encounter them. What you end up with will be functionally equivalent to a proper UUID and will only have cost you man-months of pain, but then you will be able to truly understand the benefit of not spending your effort on easy problems that someone solved before you.
The computer nerds understand how to isolate this stuff to mitigate the risk. I’m not in on openclaw just yet but I do know it’s got isolation options to run in a vm. I’m curious to see how they handle controls on “write” operations to everyday life.
I could see something like having a very isolated process that can, for example, send email, which the claw can invoke, but the isolated process has sanity controls such as human intervention or whitelists. And this isolated process could be LLM-driven also (so it could make more sophisticated decisions about “is this ok”) but never exposed to untrusted input.
No, literally no one understands how to solve this. The only option that actually works is to isolate it to a degree that removes the "clawness" from it, and that's the opposite of what people are doing with these things.
Specifically, you cannot guard an LLM with another LLM.
The only thing I've seen with any realism to it is the variables, capabilities and taint tracking in CaMeL, but again that limits what the system can do and requires elaborate configuration. And you can't trust a tainted LLM to configure itself.
If the “clawness” means you only use the llm to control itself, then yes, that’s impossible. But you can easily shim such a process so that the interfaces it uses to “claw out” to the real world are shims that have safeties such as human control. Openclaw does not do this, and is thus a scary shit show, but you can play with it in isolation safely, and I think a standard pattern for good control will emerge.
Yeah that's an active research topic for teams of PhDs, including some of Google's brightest. And the current approach even with added barriers may just be fundamentally untrustable. Read the links from my earlier comment for background.
I think you're misunderstanding the severity of the lethal trifecta. Just because you put access controls around the LLM doesn't mean all that much if the access controls allow anything in & out. There is no way to write a shim that blocks "everything naughty", while remaining useful.
You literally have to fully prevent all outside input, or you have to prevent all exfiltration routes including web page reading (even the choice of links to follow is an exfiltration mechanism). At that point, what's left? What do you think will be on your allowlist?
I seriously doubt the early adopters of these software bundles use their assistants like with such restraint (https://xcancel.com/summeryue0/status/2025774069124399363), and that idealized image of these access control shims is not realistic.
Your definition of “remaining useful” seems to require a lot more than mine. An email shim, for example could have destination whitelists, rate limits, an overall message quota, and can have its contents driven by fixed templates which the LLM can choose from, but not inject arbitrary data into. The point is that your claw need not have “do anything” powers, it needs to have extremely constrained powers. Maybe that is, as you say, “not a claw.” In fact, mine calls itself a “clav” because it’s almost a claw, but not quite.
I don’t understand how “running it in a vm” Or a docker image, prevents the majority of problems. It’s an agent interacting with your bank, your calendar, your email, your home security system, and every subscription you have - DoorDash, Spotify, Netflix, etc. maybe your BTC wallet.
What protection is offered by running it in a docker container? Ok, It won’t overwrite local files. Is that the major concern?
It’s a matter of giving the system shims instead of direct access to “write” ops. Those shims have controls in place. Their only job is to examine the context and decide whether the (email|purchase|etx) is acceptable, either by static rules, human intervention, or, if you’re really getting spicy. separate-llm-model-that-isn’t-polluted-by-untrusted-data.
Edit: I actually wrote such a thing over the weekend as a toy PoC. It uses the LLM to generate a list of proposed operations, then you use a separate tool to iterate though them and approve/reject/skip each one. The only thing the LLM can do is suggest things from a modest set of capabilities with a fairly locked-down schema. Even if I were to automate the approvals, it’s far from able to run amok.
Is it intentional that the baseline vertical offset doesn’t seem consistent? Text set in this has a sort of up-and-down sloppy effect. Otherwise I love it.
Edit: it mostly seems that capitals appear higher than lowercase. It feels like there’s more inconsistency though, like the designer didn’t pay attention to eg the perceived “bottom” of curved characters vs flat-bottom ones.
Doesn't seem like a ton of attention has been paid to kerning, either. The 'he' pair seems especially noticeable to me, which occurs several times in the "somewhere where there's cheese" image. I don't know enough about font design to guess whether the 'bad' kerning is intentional for the typeface, though - so I could be off base.
Simply the "I" and "N" baselines on "Cracking" is wildly (un-professionally) off! Took a screenshot and there's +/- three pixels or so with no artistic justification for it. Even Comic Sans has a consistent baseline!
reply