Yep, evolution always ends in crabs.

If you are already there, why bother?

While others put in more work than he, and certainly he didn’t work as hard as most any minimum wager that tends to work the hardest, your example at least showed he put in some effort and acumen, so it wouldn’t be my favorite example to bust the myth.

Musk I think is even better since basically his entire fortune builds upon just luck and conning folks without ever putting in useful work. He had a leg up from rich family, then was so weird about his dot-com that he put a PC in a big plastic thing to make it ‘look like a supercomputer’ and despite how utterly amateur hour it was… It worked on Compaq and he got millions for a site that never got off the ground. Then he took his millions and worked to cofound the first X.com, which was getting beat by a competitive product Paypal. Somehow the owners of Paypal despite winning agreed to a merger and agreed to put Musk in charge. And he boffed it hard and was forced to step down because his incompetence was destroying Paypal. But he still had a huge stake so when eBay came knocking, despite Musk doing nothing but screw up the company, he got the most money from that transaction. To this day some people will describe him as ‘the’ founder of Paypal, despite all this. Then with Tesla, he saw a company doing something cool with electrifying a Lotus and wanted in. Then after being in he threw a hissy fit that he should be a founder, despite the company existing prior to his coming along. Also plenty of word that Elon’s first round of actually getting things designed somewhat the way he wanted was the Cybertruck… and well…

Yes, the non-determinism is crazy.

I have like one thing I use voice for usually. “Call <name>”. With Google Assistant, it reliably called that specific person.

Now that my phone decided to gemini, it will sometimes make a call, and sometimes it says something like “I have found one contact with that name in your contacts, their phone number is 1-555-555-5555” Sometimes with some extra language clearly intended to be stuffed back into context to guide some next step that isn’t coming, don’t remember but something along the lines of “Contact match added to context to enable dialing the phone now” or something.

I’m perfectly fine with a different wake word or chaining it to google assistant, “Hey google, ask gemini …” would be fine.

And yes, it might be vaguely useful for doing a maps search in the car, as that is a pain. A vaguely decent answer I can confirm is nice for things like a road trip stop for food or some small thing.

Phone use can be “banned” while allowing them to have phones on their person for emergencies.

Just banning them being out.

In our case, the phones are allowed to be on their person just not allowed to be brought out of the pocket or whatever except in case of emergency. Even between classes and lunch.

Some classes institute a “phone cabinet” where students are expected to put their phones in the classroom during class.

So the phones are always at hand, but not actively messing with their lives.

My kid goes to school where they recently instituted this strategy.

It feels like I’ve seen a marked improvement in their social behaviors.

Between smartphones and the COVID years, this generation has had it rough for social development…

There’s a balance to be struck.

People with entirely normal urges think they are somehow divergent, because they see others act on urges and people make it clear that was “weird” for the urge to be acted out and mistake having the urge for being the “weird” thing rather than the expression.

I want to get up and walk around and listening to this person talking is a waste of my time. That’s a perfectly normal urge. The inability to either supress the urge, or the inability to recognize it as a problematic social interaction when it would be, that’s where problems come in.

I think the ability to “mask” weighs somewhat against a diagnosis.

Like with annoyance and concerted effort I can sit still when it is absolutely critical. However I still get up and walk around in unfitting situations, often without realizing I am. Until someone mentions how weird it is. Or mentions they would prefer I keep knives out of my reach because they are scared when I start flipping one around and give me some safer “toy” to fidget with in trade.

A lot of these are things most folks are inclined to do., but the inability to control is the thing, not the urge in the first place.

How it is stated is best.

If you ask what other people think of you, well now you are right back to what you guess other people think of you. Which may be more projecting your own thoughts than them.

Unless testing for paranoia, you need to keep it concrete as you can.

The being too literal is so severe that others will absolutely tell you. Your internal thought process recognizing both the intended figurative meaning whole also considering the literal is fine.

Maybe it should be more about falling to recognize figurative communication rather than ability to consider the literal meaning of communication.

But it is trying to ask about others’ assessmemt of you. Because if you describe your self assessment, you aren’t going to do a good job.

If you are totally oblivious, then you won’t recognize.

Conversely, you think you take everything too literally but none of your peers notice anything unusual.

It has to be so bad that your daily social interactions are damaged because folks are annoyed that you don’t understand and can’t help but to let you know.

If on the other hand you perceive the intent but just also constantly think about what the literal meaning would be, that’s not really a sign, because you were able to perceibe the intended message too.

Because it is important.

You think you are being too literal but folks around you might not.

The intent is to catch being so literal it causes friction in social interactions. You fall to recognize the intended meaning behind interactions. People get actively annoyed to the point they let you know.

Self assessment is not going to work too well, you have to provide externally observed phenomenon.

Mine would be: “I have no idea” - An answer the LLMs generally refuse to give by their nature (usually declining to answer is rooted in something in the context indicating refusing to answer being the proper text).

If you really pressed them, they’d probably google each thing and sum the results, so the estimates would be as consistent as first google results.

LLMs have a tendency to emit a plausible answer without regard for facts one way or the other. We try to steer things by stuffing the context with facts roughly based on traditional ‘fact’ based measures, but if the context doesn’t have factual data to steer the output, the output is purely based on narrative consistency rather than data consistency. It may even do that if the context has fact based content in it sometimes.

Note that could prove you have it, but failure to execute does not prove yourself secure.

For example, someone reported to me that their RHEL9 system was not vulnerable based on this result. But it was because python was 3.9 and didn’t have os.splice, so the demonstrator failed, but the actual issue was there.

Similarly, if ‘/usr/bin/su’ isn’t exactly there (maybe it’s in /bin/su, or in /sbin/su, or /usr/sbin/su, or not there at all), the demonstrator will fail, but the kernel may still have the vulnerability, you just have to select a different victim utility (or change the cache for some other data other than an executable for other effects).

Looking at the binary blob, it’s a payload to assume privileges as possible and exec sh. So replace su with that and the binary gets to use su’s filesystem privileges without needing access to actually write it.

The vulnerability part is when the door opens to replace any file’s read cache with arbitrary content. The binary payload is just an obvious example of the sort of payload that could do a ton of damage.

Note that this is a rather narrow view of the scope of things.

Yes, the demonstrator is a python script that opens up ‘su’ and uses splice+this vulnerability to change it to ‘just assume all privileges and become sh’.

However, it’s that any process in any namespace can leverage a certain socket type and splice to effectively modify any filesystem content they want. It’s easy to see how this could be part of a chained attack to, for example, replace a protected service that is firewalled off with a shell. An RCE in a service permits rewriting nginx in an entirely different container and replaces it with a shell backend of your choosing.

That ‘flatpak’ application on your single user system that is guarded from touching your files that aren’t related? That isolation doesn’t mean anything if this issue is in play.

In terms of shared systems, while it should be avoided if possible, practically speaking there’s a lot of shared resources.

I don’t get why I’ve seen so many people saying “ehh, no big deal, privilege escalation is just a fact of life”.

In my experience, the bigger the codebase gets, the more confounded LLM gets at trying to make coherent changes. So LLM projects start on shaky ground and just get worse because they can’t maintain the stuff they themselves generated.

I’ve seen what LLM can do and it is certainly interesting and can do some stuff, but the vast majority of my experience is someone who had not coded before “vibing” themselves into a corner and demanding help to dig them out. A bit irritating because while before we could reasonably prioritize requests to do stuff because management understood making something from nothing was real work, now management says “they aren’t asking you to make something, just help them fix something that already exists, should be easy!”

On the ELOC metric, for a long time I pointed out how disastrous I must be because my contribution to a project I was on was about -10,000 lines of code by the time I went to something else.

Ok, but even granting that in theory could eventually render the how evictions work question moot, so that we don’t even have to think about whether police would be in that position in not, it’s not a practical answer in this specific context.

Until you get rid of evictions, of the bad options law enforcement is one of the less bad options. We shouldn’t let evictions happen the worst way possible just because we are holding out for the perfect scenario where evictions don’t exist.

While I despise the captchas from a human perspective, the fact that an LLM can solve the challenge isn’t a deal breaker. It doesn’t need to be impossible for a non-human to solve, it just has to be too expensive.

It does certainly shift the equation to stuff like proof of work since a computer can solve it anyway, might as well not annoy the human.

Seems utterly pointless though…

With the proof of work approach, at least it’s demanding the client consume some resources, though the ‘right’ amount is a tricky question, either it’s so trivial as to hardly matter to the scrapers, or it’s hard enough to put a dent in the scrapers’ build, but human operated low end devices are royally screwed…

Here the crawler simply schedules a resumption and moves on to other work. The crawler doesn’t need it right now and it’s free for it to wait.

Yeah, seems like the problem is that fundamentally it could work by upping the difficulty a smidge making it then meaningfully expensive, but the spread between slowest edge device and high end means it’s impossible to chase that difficulty without screwing over low end device users…