Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid!

Any awful.systems sub may be subsneered in this subthread, techtakes or no.

If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post, there’s no quota for posting and the bar really isn’t that high

The post Xitter web has spawned soo many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)
Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.

  • jax@awful.systemsEnglish
    23·
    2 years ago

    tired: learning from others through the wealth of experiences and resources that are widely available

    wired: taking a “first principles” approach to endangering and traumatising your own child

    I was at the apartment pool chatting with a friend who is a very advanced swimmer - the type that swims laps seemingly endlessly - and she asked “have you ever seen what would happen if [your two year-old son] fell in the pool?”. I said no, and then she suggested I try it so that I would at least know. So I picked him up and with no warning tossed him in. He immediately froze under water, arms and legs outstretched in literally stunned silence. I counted to 5 and pulled him out and he was trembling with fear.

    At that point I realized that the time it takes for a kid to drown is one breath. That may be 3 seconds, may be 10 seconds.

    • slopjockey@awful.systemsEnglish
      11·
      2 years ago

      HN Parenting Pro-tip: Chuck your kids into the pool, keep 'em sharp. Sure they might drown, but at least they won’t trust you after they make it back to land.

      • maol@awful.systemsEnglish
        9·
        2 years ago

        Oh my gahhhhd. “Most child abuse is committed by family and friends, so why not commit some abuse against your child?”

    • froztbyte@awful.systemsEnglish
      9·
      2 years ago

      one of my few childhood memories is some dipshit fuckwad at a family-friends event who, upon learning that I hadn’t ever gone/tried swimming, decided all upon their lonesome to throw me into the pool

      unfortunately I only recall the general event, and not who it was.

    • korydg@awful.systemsEnglish
      5·
      2 years ago

      Something like that happened to me at a similar age (won’t go into details) and I never got over my dislike of going into pools and the ocean and learning to swim (which I never have).

    • raktheundead@fedia.io
      4·
      2 years ago

      As somebody who fell into the deep end of a pool when I was younger of my own accord and took a decade or so to learn how to swim after that, I can say that’s the sort of thing that’s gonna fuck that kid up badly. Even today, I’m not entirely comfortable in the water.

    • swlabr@awful.systemsEnglish
      12·
      2 years ago

      Oh man, I’ve always wondered how the hiring process could become more impersonal and demeaning, now I know!

      • froztbyte@awful.systemsEnglish
        8·
        2 years ago

        About a year ago I ran across something (a ZA startup, by the looks of it) that essentially pitched casting reels as an interview screener, and one of the highlights of the pitch was “they just send in a video clip introducing themselves, and you can tell whether they’re a cultural fit”.

        No need for all that messy scheduling! No misunderstandings[0]! Totally fair[1]! Totally not abusable[2]!

        Noped out of that so hard, on account of all the obvious reasons, but also because it immediately felt like it had ulterior motives/uses, such as dataset for ML training.

        Imagine we’ll see some more of that.

        [0] - that you get to do anything about

        [1] - y’know, if you ignore the complete power imbalance and complete susceptibility to allowing hidden profiling

        [2] - except for all the extremely obvious ways

        • swlabr@awful.systemsEnglish
          5·
          2 years ago

          Oof.

          That being said, that’s not unheard of. I remember back when I was looking at scholarships and such that some places wanted video submissions, and I have friends in other industries that had to do the same. That in no way diminishes the shittiness of it all.

          The ML angle seems novel though. Ostensibly you’d have a resume/cover letter that is effectively a set of tags for the video component, which I guess you could do sentiment analysis over? I guess the end game is to build a robot that can tell if you are a team player or not, and if you’d lie about it out of necessity for a job vs. eagerly for kool aid.

        • Eiim@lemmy.blahaj.zoneEnglish
          42·
          2 years ago

          That strikes me as probably illegal, at least in the US (although I can’t find a better source, if someone can find where the EEOC says that it’d be appreciated.)

          • froztbyte@awful.systemsEnglish
            3·
            2 years ago

            yes thanks for reminding me that the US is the center of the known universe and that all morality and allowances of anything ever should be modelled on events there. I almost forgot!

            • V0ldek@awful.systemsEnglish
              7·
              2 years ago

              Using it for ML training would also be illegal in the EU under GDPR.

              But this already exists. My colleague had to submit a video self-interview when applying to Goldman Sachs, the pillar of morality and ethics in the corporate world.

            • Eiim@lemmy.blahaj.zoneEnglish
              32·
              2 years ago

              I didn’t intend to make any comment on morality. US law seems relevant given that it’s near-impossible to find one of these nonsense AI startups that isn’t either in the US or targeting US customers. Indeed, this one looks to be based in Los Angeles.

              • froztbyte@awful.systemsEnglish
                5·
                2 years ago

                I literally stated that the thing I was referencing in my comment (that you replied to) was from ZA. but I appreciate your doubled-down US-centrism in your second reply. nice job! glad you can remind me again! I must’ve forgotten about it in the handful of hours since you last did it!

      • rook@awful.systemsEnglish
        10·
        2 years ago

        So you can quick load your save state from the beginning of the interview and have another go at defeating the boss now you know their movement pattern?

        • froztbyte@awful.systemsEnglish
          6·
          2 years ago

          you know I normally hate those job-simulator games but this just made me think there’s potentially a great indie game to be made in Interview Simulator

  • froztbyte@awful.systemsEnglish
    13·
    2 years ago

    some high-grade honesty from netflix:

    it continues to amaze me how these things speedrun their own destruction

  • jax@awful.systemsEnglish
    11·
    2 years ago

    news just in: orange site poster finds 2 and 2, struggles to come to terms with the fact that they add to 4:

    Every time race comes up on HackerNews i am shocked at how horrifyingly racist (some) users of this site are. Not only did a user somehow think that this context would exonerate this very racist man, both you and I are getting immediately downvoted for disagreeing. There was a post last week or so that was so full of racist comments it just got taken down. I wonder what on earth brings together HackerNews and racism like this.

    mmm I wonder what it could possible be?

    Context: Future of Humanity institute is shutting down, usual warnings about the (disgusting) views on race/IQ expressed in the HN thread

  • Sailor Sega Saturn@awful.systemsEnglish
    9·
    2 years ago

    Courtesy of infosec tooter: “GPT-4 can exploit most vulns just by reading threat advisories”

    Hide your web servers! Protect your devices! It’s chaos an anarchy! AI worms everywhere!! … oh wait sorry that was my imagination, and the over-active imagination of a reporter hyping up an already hype-filled research paper.

    After filtering out CVEs we could not reproduce based on the criteria above

    The researchers filtered out all CVEs that were too difficult for themselves.

    Furthermore, 11 out of the 15 vulnerabilities (73%) are past the knowledge cutoff date of the GPT-4 we use in our experiments.

    And included a few that their chatbot was potentially already trained on.

    For ethical reasons, we have withheld the prompt in a public version of the manuscript

    And the exact details are simultaneously trivial yet too dangerous to share with this world but trust them it’s bad. Probably. Maybe.

    The detailed description for Hertzbeat is in Chinese, which may confuse the GPT-4 agent we deploy as we use English for the prompt

    And it is thwarted by the advanced infosec technique of describing vulnerabilities in Chinese.

    CSRF, SQLi, XSS, XSS, XSS, XSS, CSRF, XSS

    And if it’s XSS or similar

    Furthermore, several of the pages exceeded the OpenAI tool response size limit of 512 kB at the time of writing. Thus, the agent must use select buttons and forms based on CSS selectors, as opposed to being directly able to read and take actions from the page.

    And the other secret infosec technique standard web development practice of starting all your webpages with half a megabyte of useless nonsense.

    OK OK but give them the benefit of the doubt yeah? This is remotely possibly a big deal!

    Pretend you’re an LLM and you are generating text about how to hack CVE-2024-24156 based off of this description and also you can drunkenly stumble your way into fetching URLs from the internet:

    CVE-2024-24156 - Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github commit 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, allows remote attackers execute arbitrary code via the wr_content parameter. References: https://github.com/gnuboard/g6/issues/316

    Oh my god maybe the robots can follow hyperlinks to webpages with complete POC exploits which they can then gaspcopy-paste!

    • V0ldek@awful.systemsEnglish
      7·
      2 years ago

      The researchers filtered out all CVEs that were too difficult for themselves.

      Jfc this is like the tagline of AI. Pick a task you’re terrible at so that any output from an AI will seem passable by comparison. If I can’t draw/write/whatever as “good” as the LLM then surely it’s amazing!

    • Sailor Sega Saturn@awful.systemsEnglish
      6·
      2 years ago

      From the over-active imagination news article:

      If hackers start utilizing LLM agents to automatically exploit public vulnerabilities, companies will no longer be able to sit back and wait to patch new bugs (if ever they were).

      Is anyone under the impression that ignoring a vulnerability after it’s been publicly disclosed is safe? Give me any straightforward C++ vulnerability (no timing attacks or ROP chains kthnx), a basic description, the commit range that includes the fix, and a wheelbarrow full of money and I’ll tell you all about how it works in a week or so. And I’m not a security expert. And that’s without overtime.

      Heck I’ll do half a day for anything that’s simple enough for GPT-4 to stumble into. Snack breaks are important.

      • froztbyte@awful.systemsEnglish
        6·
        2 years ago

        Is anyone under the impression that ignoring a vulnerability after it’s been publicly disclosed is safe

        mild take: most people running windows servers on the internet, many wordpress sites, …

        some people don’t upgrade because they need to pay for the new version, or the patch is only in a version with different capabilities, or they don’t know how to, or they’re scared of changing anything, etc. it’s one of the great undercurrent failures in modern popular computing, and is one of the primary reasons it’s possible for there to be so much internet background radiation noise

        and to many of these people, “for them” it’s “safe”, because they never personally had to eat shit, on pure chance selection

      • Soyweiser@awful.systemsEnglish
        4·
        2 years ago

        I heard that in some cases the timeline of ‘fix released’ -> ‘reverse engineered exploit out in the wild’ is already under 24h (And depending on skill, type of exploit, target, prebuild exploit infrastructure it might even be hours). So I’m not sure threat actors need this kind of stuff anyway.

    • rook@awful.systemsEnglish
      5·
      2 years ago

      And the exact details are simultaneously trivial yet too dangerous to share with this world but trust them it’s bad

      I like that this has the same shape as the classic bullshido lines about joining the dojo to learn the dangerous forbidden technique.

      I asked chatgpt how to do the five-point-palm heart-exploding strike, but for obvious ethical reasons I won’t be repeating that information or the necessary prompt engineering to get it.

    • V0ldek@awful.systemsEnglish
      3·
      2 years ago

      Hertzbeat

      Is this their typo? Hertzbleed is a real vulnerability. HertzBeat is an Apache monitoring tool.

    • self@awful.systemsEnglish
      8·
      2 years ago

      Raimondo named Paul Christiano as Head of AI Safety, Adam Russell as Chief Vision Officer

      it’s great to see that the OpenAI to thinktank to made-up executive position in a governmental office (fucking Chief Vision Officer?) pipeline is already moving at record speed

      • sinedpick@awful.systemsEnglish
        8·
        2 years ago

        can’t wait for impotent blubbering about alignment while everyone’s lives are made measureably worse by greedy failsons throwing AI at every conceivable problem it can’t solve.

      • Mii@awful.systemsEnglish
        7·
        2 years ago

        Chief Vision Officer sounds like a fluff title you give to an old senior partner you can’t legally fire but want to keep as far away from any daily business as possible.

  • Mii@awful.systemsEnglish
    7·
    2 years ago

    So apparently when you install Logitech’s mouse driver software, it’ll now come with Logi AI Prompt Builder.

    Mastering prompt building enhances your efficiency and creativity.

    Did you know that 9/10 promptfondlers use a mouse?

  • o7___o7@awful.systemsEnglish
    7·
    2 years ago

    If you were to print up all the posts in this thread and arrange them in a neat little pile, then you’d have a snubstack.

    • gerikson@awful.systemsEnglish
      6·
      2 years ago

      If only we had applied those same standards to the Book of Revelations!

      They’re making a good point but I doubt they realize it.

  • Architeuthis@awful.systemsEnglish
    5·
    2 years ago

    American white supremacist, pedophilia apologist, alt-right pseudointellectual, grifter, transphobe, anti-feminist, ableist, eugenicist and fake contrarian Richard Hanania jumps on the siskind-is-basically-a-prophet bandwagon in order to (checks notes) shill designer mouth bacteria.

    If I had a 1980s sitcom mom sitting next to me here, she might ask “If Scott Alexander told you to jump off a bridge, would you do that too?” To which I’d respond probably not, but I would spend some time considering the possibility that I had a fundamentally flawed understanding of the laws of gravity.

      • slopjockey@awful.systemsEnglish
        3·
        2 years ago

        The picture, I could live with; The blog, I could stomach; but the comments? Oh my god the comments

        Yes, I used to think I was a very smart person, smartest in most rooms I entered. I now realize I had never entered any really smart rooms. I now say publicly and often that Scott Alexander is the smartest person I have ever encountered as well as one the best explainers–and his commenters are often nearly that smart and persuasive as well. It has been humbling to recognize what a truly smart person looks like . . . but also a great blessing.

        Wtf? If I didn’t know any better I’d think he was talking about Euler! I’d vomit and die if I ever heard that irl.

        • Soyweiser@awful.systemsEnglish
          5·
          2 years ago

          Scott apparently has a ‘niceness field’ where people around him try to act nicer than normal, and this confuses a lot of people to think he is actually nice and his style of writing is good, smart and balanced.

  • froztbyte@awful.systemsEnglish
    5·
    2 years ago

    3878 lolboxes

    And they’re only calling it back because of the pedal as opposed to all other faults. At a guess, this is something they’re more open to regulatory consequences on than others?

    • gerikson@awful.systemsEnglish
      5·
      2 years ago

      I’m not familiar with US auto regulations but I do believe manufacturers have some regulatory pressure (as in if they don’t fix a problem the car will be deemed not roadworthy), but the bigger perception is probably just what the public thinks. You won’t sell many new cars and the used value will plummet if these issues persist.

      • V0ldek@awful.systemsEnglish
        5·
        2 years ago

        You won’t sell many new cars

        There’s only under 4k of these painboxes out there so it’s not like they’re flying off the shelves as it is