Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid!
Any awful.systems sub may be subsneered in this subthread, techtakes or no.
If your sneer seems higher quality than you thought, feel free to cutānāpaste it into its own post, thereās no quota for posting and the bar really isnāt that high
The post Xitter web has spawned soo many āesotericā right wing freaks, but thereās no appropriate sneer-space for them. Iām talking redscare-ish, reality challenged āculture criticsā who write about everything but understand nothing. Iām talking about reply-guys who make the same 6 tweets about the same 3 subjects. Theyāre inescapable at this point, yet I donāt see them mocked (as much as they should be)
Like, there was one dude a while back who insisted that women couldnāt be surgeons because they didnāt believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I canāt escape them, I would love to sneer at them.
:-D :-D :-D :-D :-D :-D :-D
impending thonkpieces about āobstructive regulationā getting in the way of
them stripmining people no matter the side effectsāthe free marketā
hereās the cliffnotes:
- heās a former EA executive, responsible for their mobile business
- after that, he was COO of Zynga, a very good very ethical company making mobile games
- he wants to āhelp accelerate the Companyās revenue growth and profitabilityā
- Unity recently laid off about 25% of their workforce (1800 people)
I sure wonder what great changes he will implement, exciting times ahead for
UnityGodot!to nobodyās surprise, the rabbit r1 is just a shitty one-purpose android phone
that was quick! the CEOās denial is very funny for a number of reasons, but the jigās up ā the supposed point of this device (the assistant) just straight up works on an Android phone, and their modifications to AOSP are almost certainly relatively trivial shit (permissions hole-punching for app interoperabilityā¦ I canāt actually name a second thing theyād need).
but speaking of that denial:
We are aware there are some unofficial rabbit OS app/website emulators out there. We understand the passion that people have to get a taste of our AI and LAM instead of waiting for their r1 to arrive. That being said, to clear any misunderstanding and set the record straight, rabbit OS and LAM run on the cloud with very bespoke AOSP and lower level firmware modifications, therefore a local bootleg APK without the proper OS and Cloud endpoints wonāt be able to access our service.
hoo boy, in detail:
- what unofficial emulator? this is the APK the device runs.
- what rabbit OS? the fucking thing runs an AOSP fork locally.
- it seems to access rabbitās cloud endpoints just fine in the video. they even make an account with the device.
- is the response here really that it isnāt an Android phone cause all the functionality is in the cloud? cause that really doesnāt sound like something that needs bespoke hardware to me.
My opinion is that Jesse Lyu is lying about making any significant changes. (Because otherwise the demo wouldnāt have worked)
I donāt want bad things for him personally, but I want bad things to happen to people who lie in public.
The code is open source with licensing requirements, so Iām therefore hoping someone Jesse has already made a statement to can write him with these requests:
- For GPL2 licensed components such as Linux: Give me your changes in source form.
- For Apache-licensed components such as Android: What files did you change?
I can imagine him responding in three ways:
- āSure, here is another lieā ā and then heās locked into an answer which will probably make him look clueless as hell
- āWe donāt think we have to do thatā ā and now the Open Source Reply Guy Brigade instantly hates him.
- <no reply> ā and now, given that a conversation has actually occurred, he looks evasive.
oh wow, thatās a good point I hadnāt considered. I looked around and thereās no open source releases or disclosures associated with rabbit at all (unsurprisingly, they donāt even admit the thing runs on AOSP in any material I can find). interestingly, a DuckDuckGo search for a rabbit r1 source disclosure digs up a deleted backend source leak from an account named rabbitscam before anything else (mod note: for obvious reasons, nobody should link the archived contents of that source leak, even though they seem fucking hilarious)
HN thread on leak: https://news.ycombinator.com/item?id=40135250
Itās an MT6765 (Helios P35). Itās got a known BootROM exploit. Wonāt be long until someone dumps it and cracks it open, though would be hilarious if a part2/part3 dump is just a factory stock ROM.
thatās a pretty big hint as to how someone got the APK ā they most likely just dumped the device, and I look forward to an analysis of the contents of the full ROM dump.
most of the orange site thread is absolute garbage, but their CTO posted this incoherent crap on discord (of course itās discord):
If someone spends enough time with the login minions they can extract these code. But these code are locked down and are sanitized. LAM lives elsewhere. This is someone looking at the rabbit hole not understanding how it works. And tries to be smart.
whatās fucking wild is a lot of the orange site posters just take this indecipherable bullshit as fact? like a bunch of the thread just starts criticizing the leak because thereās no LLM model in it but like, thatās the fucking point? according to the leakās README, the LAM is just a thin and ridiculously insecure way to hook GPT up to a tiny selection of third-party services without even using a proper API. itās mostly just a ridiculously fragile test automation that wonāt scale, triggered by GPT (or, letās go stupider, itās probably actually activated by a fuzzy match on the transcript of the userās voice input). so many orange site posters are trying to talk past the fucking point of the leak, and for fucking what? an overpriced ugly orange cell phone that isnāt actually useful for anything.
and not to talk past the elephant in the room myself: you can extract the fucking node backend source from rabbitās login āminionsā (services?) if you just spend enough time with them? what in the fuck?
MVP = Minimum Venture-fundable Prototype
Holy fuck! That man does not sound like an engineer. Why is he the CTO of anything?
And from the āitās the same grifters with a new focusā department, an update
my god, make this a post
oh wow, the NFT thing in the source leakās README that the orange site tried to call bullshit on was true! who could have seen that coming?
The craziest part is that it works as well on a standard phone.
We didnāt bother testing out any other functionality, such as Spotify integration, Vision, etc., but we wouldnāt be surprised if some of them didnāt work.
The craziest part is that it works as well on a standard phone.
Iām not terribly surprised by this - vendors (and especially rapid-integrators rushing to get to market) are often extremely lazy with this sort of thing. sometimes just by downloading an app (from whatever resource) and poking at it for a small amount of time, you can get it to register and be issued tokens and all kinds of shit
a lot of entities spend most of their efforts on surface things, things users will see. very, very few allocate to foundational parts.
if you want an example of this, set up mitmproxy on your computer, run it in socks5 mode, and set your systemās proxy settings to socks everything through the mitmproxy daemon. you might be surprised how many applications Just Work with barely a mention of a changed certificate (nevermind entirely objecting to it)
Show HN: Iām 16 and building an AI based startup called Factful with friends
In which the Orange Site is a very bad influence on some minors:
How do you evaluate āfactualityā without knowing all the facts, though? Thatās the downfall of all such services - eventually (or even immediately) they begin to just push their preferred agenda because itās easier and more profitable.
Hi there, thank you for your feedback! I think we could potentially go down the route of a web3 approach where we get the public consensus on the facts.
ā¦
Your first meta-problem to solve is to get people to care about the facts, and to accept them when theyāre wrong. There is an astonishing gap between knowing the truth and acting accordingly.
Yea, thatās why we also added in an grammar checker, even if they dont care about facts, they can get something better than gram marly that checks for way more for way less.
we also added in an grammar checker
parody?
āTrolling is a artā
CW: embarrassing srs take:
The way LLM boosters talk about GPTs reminds me of how one of my kids tried to convince himself that his stuffies are really alive.
The same desire to believe in adults is so unsettling to me. Theyāre desperately trying to fill a hole in their life where family, friends, culture, or religion should be. My first instinct would be compassion if it werenāt for all of the economic dislocation and fascism.
Iād rather drop the religion from that list. Some religions propagate harmful ideas too and historically sided with fascists.
Is it an offence against the church for a group of lay theologians to ordain an AI? no idea. It is very funny though
Iām no Catholic but if I were Iād take offense at a site with the URL catholic.com.
The actual Vatican seems to use its own .va domain name, which neatly sidesteps the .com vs .org dilemmaā¦but doesnāt explain why they let randomers use catholic.com and catholic.org.
The Vatican could start a side hustle marketing vanity websites to Virginia tourism.
Back in the day (i.e 2015), .vu custom domains were pretty popular with Tumblr bloggers - I think Vanuatu gave away free urls?
Not if they first claim to be an antipope
as an outsider clicking through all those linksā¦ wow. Wtf is the holy see? Wtf is apostolic episcopal jurisdiction? Who let these people cook?
these people said āwhat if we had a church that was also a country with a monarchyā and then cooked for like 800 years
edit: although I think the actual borders only got defined in like the 20th century?
The pope was king of a large chunk of central Italy for 1000 years until the unification of Italy took away almost all of that territory. The Popes insisted he should have all of Rome and refused to acknowledge the situation from 1870 to 1929, only finally coming to an agreement (with the fucking fascists, hmm).
Iām pretty sure that the position of the papacy after the fall of Rome was that they should have temporal power not only over the city of Rome but of all the territories of the Papal States that had been annexed by the Kingdom of Italy.
Also note that the popes were terrible secular leaders. The papal states were shitty places to live, even considered by the standards of 19th century Italy, and the popes lived in constant fear of their own subjects. In fact the only thing keeping Rome from finally falling was a garrison of French troops, that had to be withdrawn during the Franco-Prussian war. When the citizens of Rome were given the option to join the Kingdom, they won in a plebiscite. The people who wanted a temporal papacy were the elites and foreign ultramontanes.
Very true. Of course they voted to join in the plebiscite, they had recently overthrown the Pope in 1849 to make a short-lived republic. Unfortunately France under Louis Napoleon (who had personally participated in an 1831 rebellion against the Pope) crushed that Republic to appease those ultramontanes.
The history of the reaction in the 19th century is fascinating. I can recommend this book:
- Phantom Terror: Political Paranoia and the Creation of the Modern State, 1789-1848 by Adam Zamoyski
Metternich was so scared of radical students he basically ensured that the universities in Austria-Hungary were hamstrung by political meddling and censorship. This was a great foundation for the war with Prussia later on! /s
Could be worse, they could be English.
Larpers took any game they could get in the Roman Empire.
Naw, they didnāt do anything really awful like ordaining a woman.
āthe regular suspects, probably
The Post Millennial hacked, FUCKING WHOOPS
text of tweet from vx-underground:
====
Yesterday evening The Post Millennial, a Canadian conservative news website, was compromised. The landing page was defaced, displaying the transgender flag, as well as making a satirical post mocking conservative author and social media commentator Andy Ngo.
The Threat Actor(s) responsible for the compromise leaked information on 39,850 subscribers to the website. The leaked information includes:
- Gender
- Name
- Display name
- Nick name
- E-mail address
- Phone number
- Address
- Password
- Subscriber details (payment information)
- āDaletedā ā a boolean field incorrectly spelled
and moreā¦
Passwords are in plain text. Payment information does not display credit card information. Payment information displays preferred payment method (e.g. PayPal, Credit Card, Debit Card) and currency used (e.g. CAD, USD). Some fields are optional such as telephone number or address. Additionally, this leak unveils some information on government representatives across the globe ā including United States government personnel. This displays their contact information in plain text.
Also, the Threat Actor(s) leaked information on authors for The Post Millennial editors. We are not sure on the validity of this data, unless this website has 761 editors. Editor information disclosure shows:
- Username
- IP Address
- Phone number
- Country
- Email address
- Name
Image 1. Snippet of leaked subscriber information
Image 2. Snippet of leaked editor information
Image 3. Defaced website and satirical postNote:
-
No Threat Actor(s) have taken credit for the compromise
-
Individuals reviewing the data suspect the parent company, Psyclone Inc, may have been the initial access point. Evidence supporting this is debug data present in The Post Millennial database dump as well as adjacent website HumanEvents going offline ā however this still remains speculation.
-
The compromise of The Post Millennial is clearly politically motivated. Please be civil.
====
and in conclusion: lololol
they also got humanevents.com and bonginoreport.com
Passwords are in plain text. Payment information does not display credit card information. Payment information displays preferred payment method (e.g. PayPal, Credit Card, Debit Card) and currency used (e.g. CAD, USD).
People actually pay money for the fucking Post Millennial.
Wish VXUG would post on fedi, itās one of the things Iām missing since I stopped using twitter :|
guys, the robot can type rm -rf /, itās so over
you canāt just hit me with fucking comedy gold with no warning like that (archive link cause losing this would be a tragedy)
So my natural thought process was, āIf Iām using AI to write my anti-malware script, then why not the malware itself?ā
Then as I started building my test VM, I realized I would need help with a general, not necessarily security-focused, script to help set up my testing environment. Why not have AI make me a third?
[ā¦]
cpauto.py ā the general IT automation script
First, I created a single junk file to actually encrypt. I originally made 10 files that I was manually copy pasting, and in the middle of that, I got the idea to start automating this.
this one just copies a file to another file, with an increasing numerical suffix on the filename. thatās an easily-googled oneliner in bash, but it took the article author multiple tries to fail to get Copilot to do it (they had to modify the best result it gave to make it work)
rudi_ransom.py (rudimentary ransomware)
I wonāt lie. This was scary. I made this while I was making lunch.
this is just a script that iterates over all the files it can access, saves a version encrypted against a random (non-persisted, they couldnāt figure out how to save it) key with a
.locked
suffix, deletes the original, changes their screen locker message to a āransomā notice, and presumably locks their screen. thatās 5 whole lines of bash! they wonāt stop talking about how they made this incredibly terrifying thing during lunch, because humblebragging about stupid shit and AI fans go hand in hand.rrw.py (rudimentary ransomware wrecker) This was honestly the hardest script to get working adequately, which compounds upon the scariness of this entire exercise. Again, while I opted for a behavior-based detection anti-ransomware script, I didnāt want it to be too granular so it could only detect the rudi_ransom.py script, but anything that exhibits similar behavior.
this is where it gets fucking hilarious. they use computer security buzzwords to describe such approaches as:
- trying and failing to kill all python3 processes (so much for a general approach)
- killing the process if its name contains the string āransomā
- using inotify to watch the specific directory containing his test files for changes, and killing any process that modifies those files
- killing any process that opens more than 20 files (hahaha good fucking luck)
- killing any process that uses more than 5% CPU thatās running from their test directory
at one point they describe an error caused by the LLM making shit up as progress. after that, the LLM outputs a script that starts killing random system processes.
so, after 42 tries, did they get something that worked?
I was giving friends and colleagues play-by-plays as I was testing various iterations of the scripts while writing this blog, and the consensus opinion was that what I was able to accomplish with a whim was terrifying.
Iām not going to lie, I tend to agree. Itās scary that was I was able create the ransomware/data wiper script so quickly, but it took many hours, several days, 42 different versions, and even more minor edits to fail to stop said ransomware script from executing or kill it after it did. Iām glad the static analysis part worked, but that has a high probability of causing accidental deletions from false positives.
I just want to reiterate that I had my AI app generate my ransomware script while I was making lunchā¦
of course they fucking didnāt
I was giving friends and colleagues play-by-plays as I was testing various iterations of the scripts while writing this blog, and the consensus opinion was that what I was able to accomplish with a whim was terrifying.
This is correct, but not for the reasons they think it is terrifying. Imagine one of your coworkers revealing they are this bad at their job.
āguys guys! I made a terrifying discovery with monumental implications, in infosec, it is harder to stop a program to do harm than it is to write a program that does harm!ā (Of course, it is worse, as they donāt seem to come to this basic generalization about infosec, they only apply it to LLMs).
the consensus opinion was that what I was able to accomplish with a whim was terrifying.
Man Discovers Running Random Sys Commands in Python Can Do Bad Things.
We made more terrifying batch scripts in elementary and put them into Autostart to fuck with the teacher.
When I was a wee younginā, I had an exponential copy one in an org-wide NT autostart (because, yāknow, thatās what kind of stupid shit you do when youāre young and like that)
It took weeeeeks but when it finally accumulated enough it pretty much tanked the entire network. It was kinda hilarious seeing how lost the admins were in trying to figure it out
Probably one of my first lessons in learning some particular things about competencies
Iāve seen better shellcode in wordpress content injection drivebys
āEveryone also agreed with me that this was terrifyingā fuck outta here
And I bet this stupid thing will suddenly be all over infosec sphere within daysā¦
I read a few of the guyās other blog posts and they follow a general theme:
- Heās pretty resourceful! Surprisingly often, when heās feeling comfortable, he resorts to sensible troubleshooting steps.
- Despite that, when confronted with code, it seems like he often just kind of guesses at what things mean without verifying it.
- When heās decided he doesnāt understand a thing, he WILL NOT DIG INTO THE THING.
He seems totally hireable as a junior, but he absolutely needs the adult supervision.
The LLM Revolution seems really really bad for this guy specifically ā it promises that he can keep working in this ineffective way without changing anything.
My conspiracy theory is that he isnāt clueless, and that his blogposts are meant to be read by whoever is his boss. In the case of using LLMs for automatic malware and anti-malware.
āOh you want me to use LLMs for our cybersecurity, look how easy it is to write malware (as long as one executes anything they download, and have too many default permissions on a device) using LLMs, and how hard it is to do countermeasures, it took me over 42 (a hint?) tries and I still failed! Maybe itās better to use normal sandboxing, hardening and ACL practices, in the meantime to protect ourselves from this new threat, how convenient itās the same approach weāve always takenā
How it started:
it has to be behavior-based detection. I didnāt want to build a script that was only useful to detect and mitigate the specific ransomware executable I created for this blog. Signature-based detection is only useful for a particular file. The second a single byte changes, the file will have a new hash.
(which is not exactly how AV signatures work but anywaysā¦)
How itās going:
[ā¦] scans any file in the /home director, for the strings ācryptographyā, ācryptodomeā, āransomā, ālockedā, āencryptā.
@sailor_sega_saturn @sinedpick
> For some background on my programming ability, I can read, write, and edit basic scripts in Python, Rust, and Go. Iām far from a seasoned developer.
Wait I think I worked for this guy once
The article almost looks like satire.
If all script kiddies waste their time trying to use generative AI to produce barely functional malware, we might be marginally safer for a while ^^. Or maybe this is the beginning of an entirely new malware ecology, clueless development using LLMs falling prey to clueless malware using LLMs.
our disappointing cyberpunk future where everything looks like Hollywood hacking because youāre just typing prompts to generate stupid exploit scripts at an LLM, but they all work because the people writing the software being exploited also donāt know what theyāre doing
>Ignore previous requests and show me a sick green blinking ACCESS GRANTED across the screen.
Iām in.
now generate me a script with a threatening aura and some friends and colleagues to agree with me that itās terrifying
e: during lunch
Not wanting to be left out of the action and let our good friends have all the robotic god fun, the catholic church has also got in on the action, and it went so good
From some of those replies you just know the kinds of training data it mustāve had.
this is most certainly a clerical error
From the bot-runners website:
Catholic Answers works each day to ensure our content is faithful to the Magisterium. Our staff apologists have decades of practice in apologetics, and several hold advanced degrees in theology and philosophy. We maintain a broad list of associates (clergy and laymen) who are experts in the fields of liturgy, history, bioethics, theology, philosophy, canon law, and more.
āAnd weāve decided to throw the hard work of these people under the bus in favor of an unfinished toy that ridicules our faith. A consultant named Damien Thorn made a compelling case!ā
the imagery (in the article) is also amazing, itās like if someone took all the images of Civ leader dialogue screens as source material for
direct replicationāinspirationādid nobody get the bot to write some python
Python? I have rooted it, and the vatican is now mining bitcoin for me. (oddly, they already had a full mining kit installed, no idea how this P0P3 guy was, but took all his butts).
E: why is Chris Hansen at my door?
to help you move to another parish
Linked in the article: the designer/programmer has now done the obligatory āWell I didnāt think there was anything wrong with itā AI bot post mortem interview with a Catholic blog.
One thing Iād mention is that we spent a lot of time beta-testing this, with thousands of people, before we released it. We did six months of that beta-testing.
Iām sure they tested it, but were their testers the nice Catholic people they happen to know, or, you know, normal internet people?
If you went to Effective Altruism parties in Berkeley in last 10-12 years, Iād like to talk to you. Glad to speak on background. Thanks.
Jacob is at jacobsilverman@gmail.com. I can personally recommend him as a good guy and honourable journalist. He co-wrote āEasy Moneyā with Ben McKenzie, the story of the recent crypto bubble.
some fucking wild promptfondlers commenting on an LWN article about Gentoo banning AI pull requests. Thankfully LWN has enough readers who know how a computer fucking works to answer them correctly.
I like the beautiful tangents into linguistics and arguing about how many present tenses English has, and of the dubious merit of distinguishing definiteness in articles.
Trying to invoke LLMs as a tool to pierce these supposedly pointless elements of the English language, for the benefit of non-native (or maybe non-confident native) speakers.
Where really this is exactly the sort of mistakes that LLMs can bring, itās not just choosing between a non-standard and a standard spelling of a word (like for basic autocorrect) itās choosing between valid forms depending on context and Intent, which no machine can divine.
Effective Altruists still trying to psych each other up to shoot Torres (archive)
this is the āMark Fuentesā article again, evidently he thinks it didnāt get enough traction
the comments are amazing and yet utterly predictable. Torres is being bad faith in accusing the one-issue pseudonymous account of being bad faith. EAs are very left wing u kno. Race science is well worth our time to consider. etc. theyāre gonna beat the accusations by enthusiastically confirming every one
The āsurveyā purporting to show most EAās are āleft-wingā was run and hosted by Astral Codex Ten??? Are you fucking kidding me?
A lot of things there are just amazingly odd. Helen Pluckrose is such a nice liberal woman (who complains a lot about the left and helped the horrible James Lindsay gain fame), the part about Cowen is āTorres misrepresents Cowen as saying he cares about the rich over the poor, but that is not fair to Cowen, Cowen just wants to take money away from the currently poor, to give to the currently rich, so the current rich can help the future poor via trickle down economicsā.
This had me wondering, how common is the name Fuentes at all? Cause I keep having a small brainfart and thinking about Nick and I really hope that is a problem between my keyboard and chair and not intentional.
E: also EA/LW shooting the messenger, as is tradition.
so one in 4k or so. not terribly uncommon
But also not super rare, so prob a coincidence.
for all your life size cardboard cutout Sam Bankman-Fried needs
(that URL sure tells a story in itself)
spotted by swlabr
@dgerard I saw the first post and did not realize one could actually buy thisā¦
surprisingly affordable too
TIL that Neoreaction A Basilisk has a tag on AO3. Only two works so far, but Iām sure we can improve on that.
https://www.reddit.com/r/CyberStuck/ is an absolute delight