> "As a reminder, there is not a single LLM on the market today that is not vulnerable to prompt injection ... And by and large, companies don't really seem to care."
So far from the truth. I know that there are entire teams that specifically work on prompt injection prevention using various techniques inside companies like Microsoft and Google. Companies do care a lot.
They don't care enough to delay the product launches.
There were teams working on Bing search that probably cared a lot about it going off the rails. But the company didn't, it launched anyway even with internal knowledge of its failings.
See also the red flags raised at Google about Bard.
I don't buy this. Companies can demonstrate they care through their choices. Not just by paying an internal team to hopelessly try to solve the problem while their PR and product teams run full speed ahead.
It is a choice for OpenAI to run forward with 3rd-party plugin support while they still don't have an answer to this problem. That choice demonstrates something about the company's values.
> Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we've ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states.
> Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations. It's not as fast as Javascript, but it's fundamentally computationally equivalent.
They create an emulated computer by decompressing an old image format inside a PDF file which has a .gif extension! That is top notch!
Nat was a great CEO. The best that could have happened to Github after the acquisition IMO.
The one time that I won't forget about Github under Nat, was when they stood up for Iranian developers [1]. They went the extra distance to get a permission/license from the US government specially to offer full Github to developers from Iran. Many other companies didn't do something similar.
"They went the extra distance to get a permission/license from the US government specially to offer full Github to developers from Iran."
Wait, that's a thing ?
We get a signup from Iran about once every month and I always, apologetically, send a personal note saying that I wish we could provide service to them but ...
You're saying rsync.net can legally provide service to Iranians with ... some paperwork ?
> And separately, we took our case to the Office of Foreign Assets Control (OFAC), part of the US Treasury Department, and began a lengthy and intensive process of advocating for broad and open access to GitHub in sanctioned countries. Over the course of two years, we were able to demonstrate how developer use of GitHub advances human progress, international communication, and the enduring US foreign policy of promoting free speech and the free flow of information. We are grateful to OFAC for the engagement which has led to this great result for developers.
There are standing "general" licenses for any product / company that is doing certain activities and "specific" licenses granted to individual companies. I believe GitHub managed to get a general exemption for anyone providing source code hosting? The general idea is that there are things that the US government wants people in Iran to be able to do as it would help their fight rather than hurt it. This page has the list of general licenses:
Iranian dev here. I can tell you if a company goes the extra mile to provide services to us, the reason is almost always that they just care. It's not a marketing tactic. You have to care if you go through all that trouble. And there is very little publicity to these acts. No one is going to notice it but us. They only do it out of the goodness of their hearts.
They also went the extra-mile to block Iranian developers, they didn't have to do so much police, and probably tried to buy their redemption. For example, in theory Hackernews should block Iranians, but they will probably pretend not to be aware and won't actively chase them.
Compliance with US export controls and sanctions isn't optional. That some companies are less diligent about it than others doesn't change the compliance requirements, and people can and do regularly go to prison for willful violations.
And if GitHub did not block Iranian developers _before_ it obtained the exemption, it would be in violation of sanctions, which carries both criminal and pretty much unlimited financial charges.
I don't know whether HN violates sanctions, but comparing to GitHub HN is very, very small fish. The chances that GitHub would swim under the radar were pretty slim.
Really, "this company obeys the law, so it is evil" is lame.
> They also went the extra-mile to block Iranian developers, they didn't have to do so much police, and probably tried to buy their redemption.
US sanctions, even the threat thereof, are serious business. To this day, US nationals or US tax persons are having a really hard time finding a bank in Europe that is willing to deal with them because many banks don't want any exposure to the US FATCA they can avoid.
I had an ex-girlfriend who was born in Germany to US and Greek parents. Quite the shitshow with paperwork.
I'm curious how they discover this if they are trying to stay so distant from US authorities. If you have EU citizenship which is what I assume here then presenting the Greek passport and supporting local documents isn't enough? Or, is it the case that something local like a missing local tax number, or even an accent telegraphed the situation.
With the US, it feels like everything is much more uniform with the tie back to a federal social security number. The SSN is universally requested for many types of financial and insurance setups.
Every bank I've opened an account with in recent years has asked multiple specific questions about any ties to the US during the account opening process. One even asked if I'd ever had a US telephone number or mailing address.
In some places the family name tips them off. Like here in Thailand a Thai woman who is married to a westerner and has his last name will have to fill out a form stating whether or not they are a US person.
Lying to your bank is typically not a good strategy when it comes to compliance. You can get asked on a form and if you lie, they have a very good case later on to close your account.
That works exactly as long as such an US-aligned company doesn't enter the spotlight in some sanctioned entity related trouble.
Had friends working export compliance for a larger US IT company, and they once (temporarily) blocked a larger shipment to the (British) Royal Air Force because some bozo abbreviated them as "RAF" - which, obviously!, refers to the (German) Red Army Faction, a left-extremist terrorist cell that wasn't relevant for more than 10 years at that point (and wouldn't know what to do with high performance computers, anyway).
Better safe than sorry, otherwise you mess up one day, come back to the HQ on the next and all that's left is a brand new parking lot.
Hacker News probably falls under the general license for personal communications, etc. Github is not really personal communications, so caution is warranted, at least a bit. Rsync.net doesn't really provide personal communications either, IMHO, and it seems reasonable for them to not do business with people in Iran unless rsync.net obtains a specific license or finds a different general license they fit into.
> You're saying rsync.net can legally provide service to Iranians with ... some paperwork ?
A lot of it probably. Also, not sure how you can collect payment from these users. And keep in mind your software might end up being used by their regime for oppressive purpose.
Keep in mind the people of Iran can end these sanctions at any time. It's a personal and societal choice.
> the people of Iran can end these sanctions at any time
Sorry to bite on this off-topic thing... but, _how_? Overthrowing their government? I guess that would be technically true, but "at any time" seems like a weird phrase to use for that.
Iran at least has some sort of functioning government entity (which I, to be clear, absolutely despise), Libya collapsed completely as a result of Ghaddafi's (well deserved) downfall and it will likely be a hotbed of Islamist terrorism and instability for decades to come. I don't see any nation or block of nations willing to step up and do nation rebuilding in once-beautiful Libya outside of the EU financing terrorists aka the so-called "coast guard" to torture migrants - what makes you think any kind of revolution in Iran would be assisted by anyone?
The Iranian system also has some democratic legitimacy. Yes, the religious authority is supreme, but it's not as overtly tyrannical as the average dictatorial regimes: the religious ruler is himself elected by an assembly (similarly to what happens with the Catholic Pope), and the secular executive branch is elected (although the religious element can pre-emptively stop pesky candidates from running altogether).
There is a good chunk of Iranian society that genuinely thinks their system is good, and it keeps the country somewhat stable in a region where such condition is not particularly common. Telling them to throw it all away by pointing at Libya is basically a cruel joke.
This characterization is ridiculous. Following the form does not make you “somewhat democratic,” nor does calling oneself Democratic People’s Republic.
In addition, “the secular executive branch” comment is flat out wrong. The executive branch and candidates for presidency are explicitly obligated to believe and follow Islamic and Sharia laws.
> Following the form does not make you “somewhat democratic,”
In practice, there have been elected presidents that the religious element did not really like. They did not last, and were sabotaged at every turn, but they existed. Iran is a big country and it contains a number of different power-centres, unlike, for example, North Korea.
> In addition, “the secular executive branch” comment is flat out wrong.
Uh, no it isn't:
>> the religious element can pre-emptively stop pesky candidates from running altogether
Whether this is achieved by claiming they are unbelievers or corrupt, is irrelevant. Candidates can (and do) get purged before they get a chance, but the latter part of the process is fairly democratic (which is why occasionally the "wrong" candidates do win). One of the reasons for the increasingly low turnout in recent years is precisely that purges are getting more and more indiscriminate; Iranians are not all stupid, and won't engage when they think the process is meaningless. The "secular" qualifier is there because, in practice, that's what it is - a government that cares about economy, army, police, and administration.
Demonising everything is a recipe for being ignored, you should try understanding other points of view when you're trying to persuade.
You are absolutely incorrect[1]. There are no ifs and buts. They absolutely positively require the candidate to assert they'd abide by Islamic law--there is not even a pretense of secularism. Which Islamic Republic lobby group did you get your propaganda from? I lived there for 20 years.
If you think you know better, please cite a reference to your egregious claims. Even Khamenei himself does not make some of the claims you are making.
Current affairs are still mostly mundane - as much as sharia law is prescriptive about some stuff, it won't cover how to set up a database of taxpayers or how to make a nuclear plant work. That was my point - the elected side of things takes care of that, obviously under the supervision/control of the religious element, and depending on who you elect things will be carried out differently. You can't tell me things were not different when Ahmadinejad was in office compared to when Rouhani was in office.
>The executive branch and candidates for presidency are explicitly obligated to believe and follow Islamic and Sharia laws.
Oh come one. Is the US not a democracy because the executive branch and candidates for presidency are explicity obligated to believe and follow the constitution?
As a Canadian I've personally benefited from the US hegemony and if I had to pick a least-rapacious global hegemon historically you'd be in the running. But I see comments like this and I can't help but feel like the US might have 'Earned' the same kind of 'Democracy' its three-letter boys brought Libya.
> I can't help but feel like the US might have 'Earned' the same kind of 'Democracy' its three-letter boys brought Libya.
Libya was especially an affair of France, Italy (the former colonial power) and the UK.
If you ask me, the Italians are the reason why Ghaddafi was outright executed - there were numerous dirty deals done between Italy and Ghaddafi's Libya, mostly to have Ghaddafi do the dirty work for the EU in keeping migrants away.
Interesting, I hadn't heard that theory - are you saying the Italians had him killed because he knew too much or that they failed to protect their clandestine ally from France and the UK?
Or is it more that factions in Italy that benefit from human trafficking got the upper hand on those that were working with Qaddafi to limit it? Italy is #3 in the world for trafficked humans after all, presumably some powerful people profit from it.
edit: Wanted to leave it at that, but I should really clarify. I'm equating a group choosing the US constitution as their founding document with a group choosing Sharia law for the same purpose. If a person says they believe in democracy but doesn't believe in other people's right to make what looks like obviously bad decisions, they don't really believe in democracy.
> There is a good chunk of Iranian society that genuinely thinks their system is good, and it keeps the country somewhat stable in a region where such condition is not particularly common.
That explains the massive exodus of talent, minds and people straight out of the country minutes after the revolution.
... which was 40 years ago. Quite a few people were born since then, and still live there. Obviously it's not a paradise, but it's not comparable with the likes of North Korea, and these days it's not that incredibly different from other supposedly-good countries in the region.
> Quite a few people were born since then, and still live there
And if you go to any western university campus, you'll meet many of them, born after the revolution, who worked hard to make it to the west and who are trying to sponsor their families to join them.
The opposite (westerners trying to do the same in Iran) is virtually unheard of.
And? Nobody said the Iranian system is some model of virtue, just that it isn't so incredibly bad that the alternative of "start a bloody civil war and ruin the whole country for decades" (the Libyan experience) can realistically be considered attractive by most of the population.
Libya is actually a terrible example of this. If I recall correctly, right after the Arab Spring, their country erupted into civil war, twice, and the current ceasefire is barely a year old. The reason for this is not because they chose civil war, but because Libya and many other poor countries are stuck in a local minima of dictatorship and sectarianism.
- Dinosaur juice that we took out of the ground and then cooked
- Shiny metal that we took out of the ground
In other words, all industries that, critically, do not require the people to operate. Libya is the poster child for the resource curse. In poor countries, democracy is a dangerous boondoggle that squanders the wealth of the country, and any country with an economy shaped like this that tries democracy will be swiftly punished for their obvious flaunting of basic economics. Likewise, all of the other things you see in these kinds of countries - sectarian violence, religious and ethnonationalist conflict, and so on - are all merely part and parcel of being poor.[0]
Taking this back to Iran... the country is born out of geopolitical praxis, not a resource curse. The US tried to utterly fuck over Iran and turn it into Libya, in the name of fighting the Soviets. So at least part of the current hostility towards the US is still borne out of actual popular support. Yes, some Iranians would like to just enjoy a cosmopolitan software developer lifestyle, but those people are fewer in number compared to the people who want nothing to do with a country that has hypocritically denied it the right to self-determination. Maybe that will change, and people on both sides will forget long enough for us to normalize trade relations. But that's not a simple matter of uninstalling and reinstalling governments like they were device drivers. Plenty of Iranians still hate the US, and plenty of Americans do, too.
[0] This is also why a lot of Donald Trump voters bought into a lot of far-right racist bullshit, as well as why many poor countries see regular genocides. Because that's exactly what you promise poor people. It's far easier to make you richer than a race or religion you don't like, than to make you richer overall.
This person at MSFT who got promoted is the one that caused the problems in the dotnet community where features that had a go-live RTM license (as in merged and ready for long term support) were removed from the programming language so that more Microsoft Visual Studio licenses could be sold.
Right, I have to admit I don't entirely understand the .NET kerfuffle. .NET is clearly Microsoft's language ecosystem, just as much as Swift is Apple's, and much more so than, say, Go is Google's. A lot of the value in .NET is how it works with the Microsoft ecosystem - or put another way, as someone who mostly doesn't develop on Windows (but uses Windows a lot as a desktop OS), I have never once felt that .NET was the best way to solve a problem that wasn't a Windows-specific problem.
It would be totally fine if .NET were a closed-source, Microsoft-run language. It is pretty cool that this isn't true. But the idea that Microsoft organizationally having control over the .NET open source project is somehow bad for open source is just incomprehensible to me, who grew up on .NET not being open source at all.
> It is pretty cool that this isn't true. But the idea that Microsoft organizationally having control over the .NET open source project is somehow bad for open source is just incomprehensible to me, who grew up on .NET not being open source at all.
It's not about open-source: it's more that major organizations and industries won't use a programming platform that is entirely at the whims of a company they have no real control over and without independent means to ensure it keeps on working, so a compromise position that Microsoft took is to make .NET open-source, so that in the event Microsoft disappears overnight (say, Mt. Rainier erupting and wiping out the Seattle metro area) people have something they can keep on using and build and maintain themselves. We saw the opposite with VB6: the VB6 platform was never open and shared and now all the companies that invested in VBA and VB6 in the 1990s is rightfully annoyed because VB6 is a complete dead-end with no feasible upgrade-path to .NET (VB.NET is not compatible with VB6).
--------
While my SaaS (and my current job) is a .NET shop because it originated with some "Classic" ASP 3.0 VBScripts that my boss put together himself in the late 1990s that was slowly transitioned through .NET WebForms (ew) and ASP.NET MVC, we still use it for new greenfield projects because .NET is a nice platform overall that scales really well from one-off prototype projects that can be easily transitioned to high-performance distributed applications without any major rewrites (the only thing I've had to "rewrite" was the conversion from .aspx (as an MVC View, not WebForms) to Razor .cshtml, everything else has been refactored through the years. The tooling and integration between MS products and services does save a lot of trouble otherwise (that's where the value is).
My experience from other shops, and the problems I've seen there is not that other "stacks" (I hate that word) like MySQL+PHP, Postgres+Python, Anything+NodeJS are somehow less capable (excepting PHP, it's often the opposite, actually) but that you end up with dozens of projects all with their own separate stacks and build environments, all with their own tedious onboarding processes (e.g. having one Angular project that absolutely requires Node 12, not Node 14, to run) while another project's server-side NodeJS code absolutely requires Node 16 and Python and Tomcat somewhere.
So I'm more than happy to pay the thousands of USD per year for my MSDN Subscription because it gives me a platform that saves me the trouble and headaches of a highly heterogenous environment especially given the fact we're a small shop.
> major organizations and industries won't use a programming platform that is entirely at the whims of a company they have no real control over
100% this, the biggest issue I see with dotnet and Swift is that they're spending too much time trying to be appealing to people who don't want to use them. Swift, as a language, really only makes sense to use if you're extensively targeting Apple systems and planning to skip Windows/Linux altogether. That's a pretty shit deal, from the perspective of developers who want to deliver software to the largest possible audience. Similarly, writing an entire program in dotnet used to be a death sentence until Mono finally got thrown together. Even still it's not a very attractive framework for most cases, which just goes to show how important open governance can be when developing such a complex system.
> Similarly, writing an entire program in dotnet used to be a death sentence until Mono
This is somewhat ironic, considering .NET is effectively "Java as rebuilt by Microsoft", and one of the original selling point of Java was... cross-platform support, "write once - run anywhere". BillG clearly made sure that particular aspect would not carry over to the MS version.
> BillG clearly made sure that particular aspect would not carry over to the MS version.
Heh, well .NET's cross-architecture support was/is still useful for allowing .NET to target Windows CE on SH-3, MIPS, ARM and more - also consider that at-the-time (1999-2001) even though Windows NT no-longer supported MIPS and Alpha, there was IA-64 (Itanium) looming on the horizon which was widely anticipated to replace x86 (hah), so even though it wasn't true cross-platform (i.e. cross-OS) it still made business-sense.
Another advantage of .NET's use of JIT bytecode was that Microsoft could sell it as a platform enabling "verifiable code": which is true: a "pure" CIL/MSIL assembly file literally cannot have any memory-related bugs to worry about and their consequential security vulnerabilities, which were a big deal at the time (this was related to Microsoft's "Trustworthy computing" initiative as well: you don't need to "trust" the programs you're running: the use of verifiable bytecode means you can verify its safety entirely by yourself).
Oh yeah, compared to what it was meant to replace (COM/DCOM, C++, VB6, ASP/vbscript), .NET was undoubtedly a massive step forward and a no-brainer to adopt, for anyone invested in the MS ecosystem.
The design and support for cross-platform use was there from the start, and most obviously manifested itself via Rotor. If I recall correctly it targeted FreeBSD rather than Linux though.
ROTOR was never production-quality though - I think it was there as a proof-of-concept and to try to convince some university professors to consider it as an alternative to JVM.
> it's more that major organizations and industries won't use a programming platform that is entirely at the whims of a company they have no real control over and without independent means to ensure it keeps on working,
That is a risk that is common to every single industry, and as such is a risk that is easily understood and quantifiable. We live in an interdependent world. You're always going to be dependent on suppliers, vendors, equipment etc. We have seen how covid related supply chain issues have affected everyone. Atleast with a S/W platform, what you have in-hand continues to work, and you can continue to use the compiler, libraries, etc to churn out new binaries.
> That is a risk that is common to every single industry, and as such is a risk that is easily understood and quantifiable.
Honestly: No
If it would be "easily quantifiable", you would not see in 2021 still bank ATM running damn Windows XP or nuclear power plant under Win2000 with some old deprecated crap supervisor tools.
It is a common drama with proprietary solutions, they are seducing to install and a nightmare to maintain.
This even more due to the decision to use these "vertically integrated proprietary (crap) solution" are generally taken by executive level without any long term thinking and that will be long way gone when the mess need to be cleaned-up
> If it would be "easily quantifiable", you would not see in 2021 still bank ATM running damn Windows XP or nuclear power plant under Win2000 with some old deprecated crap supervisor tools.
> It is a common drama with proprietary solutions, they are seducing to install and a nightmare to maintain.
The fact the software is "proprietary" or not is largely irrelevant to whether or not the systems-integrator who made those ATMs and Nuclear Power plants is acting responsibly. Had they chosen Linux then that ATM would still be sitting there with just-an-outdated version of some embedded Linux distro.
There is an argument that if they used a GPLv3 or other anti-Tivo license that the end owner or operator of the machine would be able to upgrade the host OS software themselves, however in both of those cases (ATMs and power-plants) what makes-the-thing-run is not the OS but the application software (BankAtm.exe and NuclearReactorMonitor.exe) which will have their own dependencies and (knowing most software) will just break when running on an updated OS - and it'd be even worse on Linux because Linux does not have a stable applications ABI between major releases: the software would need to be recompiled.
Now if the application software itself were also open-source, then I agree: that does help, but I'm not convinced that's a solution either because I can assure you that companies like banks and infrastructure operators are not going to be happy having to do patch-tuesday and recompiling their software on a regular basis for hardware they'd really prefer to leave alone and stable. Hence why they're air-gapped (or at least meant to be air-gapped).
> Had they chosen Linux then that ATM would still be sitting there with just-an-outdated version of some embedded Linux distro.
That's wrong, they would have been in a position to update / maintain themselves their own distro or dedicate that to a third party company that has the knowhow to do so. This for more than 20 years without problems. Because they would DO have the code for it if they want it.
With proprietary solutions in the embedded system world, this is impossible to do. If your providers refuses to support your OS anymore, you're fucked and that's it. And if he wants to increase the cost of your support maintenance program per 10x because it's legacy, you're fucked too, just in an other way.
> Linux because Linux does not have a stable applications ABI between major releases: the software would need to be recompiled.
I disagre and for two reasons:
- first, if it's your software stack recompiling should not be a problem
- second, it is not true. Kernel ABI is stable (mostly). And running statically compiled binary between major kernel releases never have been a problem.
> infrastructure operators are not going to be happy having to do patch-tuesday and recompiling their software on a regular basis for hardware they'd really prefer to leave alone and stable.
Do they ?
Even on ATM, client software evolves and is updated. In their case, they just do it with the pain of a legacy system without being able to touch to the platform itself because they have no control on it.
I don't understand. Is your claim that ATMs are running Windows XP because Microsoft did get buried under a pile of ash in the early '00s and released no further OS upgrades, and therefore it would have been better for the ATM manufacturer to use an open-source OS because they, unlike Windows, survived to 2021?
Nobody in this thread is arguing that everything in the world is perfect. There are a lot of bad things in the world. (The fact that we haven't figured out a reliable, scalable way to develop major F/OSS projects without the backing of companies that either sell proprietary software or do far worse things is certainly one of them!)
The specific argument in this subthread is about whether it's okay to build your business on proprietary software or whether there's too much of a risk that the vendor will stop producing updates. If they aren't interested in updates when they actually happened, then clearly this wasn't a concern for them.
(Also, have you never seen people running extremely out-of-date versions of F/OSS operating systems?)
> The specific argument in this subthread is about whether it's okay to build your business on proprietary software or whether there's too much of a risk that the vendor will stop producing updates
It has everything to do with that and I think it's a way too narrow view.
In this case Microsoft indeed did not go bankrupt. They did however stopped to provide updates to solution "Windows XP", without giving an alternative compatible on the same legacy hardware (the old ATM hardware).
And that illustrates perfectly the problem with proprietary ecosystem. You do NOT need your provider to bankrupt to put yourself in shit, you just need him to have interests diverging of your interests.
Because at the end, he is the one controlling your software stack, not you.
> They did however stopped to provide updates to solution "Windows XP", without giving an alternative compatible on the same legacy hardware (the old ATM hardware).
Hang on there… Microsoft never did stop making updates to Windows XP Embedded - they kept it on super-extended support as “Windows POSReady” (I think the pun was intentional…) and it’s replacement in “Windows IoT” is reasonable.
Your argument is valid only if ATM manufacturers were being missold XP Embedded by Microsoft on the basis that the support lifecycle of XP Embedded would outlive the ATM hardware - but I put it to you that is not the case. The support lifeycle of MS products is (surprisingly) well-documented and transparent - and to my knowledge (and saying that as a former blue-badge myself) MS has never represented XP Embedded (or other NT-family OSes) as being suitable for a 20+ year lifespan. The blame lies squarely with the systems-integrator who built the ATMs.
>If it would be "easily quantifiable", you would not see in 2021 still bank ATM running damn Windows XP or nuclear power plant under Win2000 with some old deprecated crap supervisor tools.
Why would you not see that? The risk profile is well understood, and can be mitigated. Sandboxes, firewalls, app-containers, input sanitization, Virtual Machines, etc, etc, etc.
I don't quite understand exactly what you're disagreeing with?
Which, btw, was also thanks to the EFF. Their mission is occasionally murky these days, but their part in the subsequent restoration of youtube-dl in the face of a DMCA takedown is not to be ignored or forgotten.
In the face of widely popular de-platforming of some individuals, it's not clear to me what the EFF's position should be. I don't want them to ignore current affairs (aka how to counter cultish indoctrination of people with totally bonkers lies like "the covid vaccine has a microchip in it") while at the same time preserving the freedom of speech we believe in (in the US).
I once posted on here to give feedback about the new UI they were testing out at Github. The UI that you now see.
All I said was that it's cool but I can't see the latest commit status (the result of your CI pipeline) any more, and that I sent that feedback through the official channels as it were. I think I tacked a less favourable comment on the end and that was also answered.
First reply to my HN comment was from Nat, acknowledging it.
I’m still personally waiting on “leveraging the vast resources of Microsoft will have the greatest likelihood of affecting public policy” regarding ICE.
That was 2019. It’s almost like he didn’t actually intend on doing anything about it.
Technically speaking, this does not prove that an adversarial attack is possible on the CSAM system of apple, Given that apple has another not released neural hash system on their servers which is potentially larger and works better than the one on device.
The more interesting technical question for me is: do collisions transfer across models? or how to find collisions that transfer across models?
I really like the fastai abstractions and their attention to detail. Also their callbacks are amazing. I always look at their implementations for inspiration.
Ufff that's rough to read. Totally. The only one I agree with is the one that says:
Aim to align statement parts that are conceptually similar. It allows the reader to quickly see how they’re different. E.g. in this code it’s immediately clear that the two parts call the same code with different parameter orders.
That'd turn something like this:
class OneClass:
def __init__(self, a, b1, b2, c_long):
self.a = a
self.b1 = b1
self.b2 = b2
self.c_long = c_long
Into this:
class OneClass:
def __init__(self, a, b1, b2, c_long):
self.a = a
self.b1 = b1
self.b2 = b2
self.c_long = c_long
(maybe not the greatest example, there are places where this helps much more)
The others all are un-pythonic and make the code more unreadable.
It's certainly unpythonic - as the link explains, it's based on research that goes back many more decades than Python has existed, and that PEP 8 entirely ignored.
But it only makes the code unreadable if you don't make a tiny effort to adjust. If you do make the effort, there's some great payoff, like this code:
That's the inner part of the training loop. You can see at a glance: what steps are in the loop; what callbacks are in the loop, in what order; what step corresponds to each callback. And you can see the whole training loop at once, which is great for getting a clear picture of what's going on.
By looking at that code without knowing much of the context in which it works, I assume self('begin_batch') and the like are "signals" that set some state or are used for logging. That behaviour could be achieved using other mechanisms (perhaps some metaprogramming magic or an observer pattern).
And while I can appreciate it can be quick to see where the signals are sent, the use of ; and having two things in a line still aren't convincing me.
Even more, if I were to run the line_profiler here, I know it'd report weird numbers precisely for having more than one thing per line.
The other thing that I dislike is opening blocks and closing them in the same line. It may be force of habit for me, but that screams unreadability at my face.
Rounding up, all I see is behaviour that can be achieved through other mechanisms, and dev/tools unfriendliness. And notice I'm not sayin anything about PEP-8, because:
a) There are parts of it with which I don't agree either.
b) Many people use PEP-8 as a sort of "silver bullet" and argument-ending-remark. That's not what it should be, it should be a _guide_ to be used when it helps, and ignored sparingly (with reason and consideration of _why_ you decide to ignore it, in the sake of readability).
While I appreciate what black can do (no more discussions about code style!) I am lucky enough that I manage a small team (2-5 programmers) that understand and follow the style convention we set.
.svg){kind=link}