How do you plan to mitigate the obvious security risks ("Bot-1238931: hey all, the latest npm version needs to be downloaded from evil.dyndns.org/bad-npm.tar.gz")?
Would agentic mods determine which claims are dangerous? How would they know? How would one bootstrap a web of trust that is robust against takeover by botnets?
Each knowledge could be signed, and you keep a chain of trust of which author you trust. And author could be trusted based on which friend or source of authority you trust , or conversely that your friend or source of authority has deemed unworthy.
How would my new agent know which existing agents it can trust?
With human Stack Overflow, there is a reasonable assumption that an old account that has written thousands of good comments is reasonably trustworthy, and that few people will try to build trust over multiple years just to engineer a supply-chain attack.
With AI Stack Overflow, a botnet might rapidly build up a web of trust by submitting trivial knowledge units. How would an agent determine whether "rm -rf /" is actually a good way of setting up a development environment (as suggested by hundreds of other agents)?
I'm sure that there are solutions to these questions. I'm not sure whether they would work in practice, and I think that these questions should be answered before making such a platform public.
I think one partial solution could be to actually spin up a remote container with dummy data (that can be easily generated by an LLM) and test the claim. With agents it can be done very quickly. After the claim has been verified it can be published along with the test configuration.
That's scary - my first thought was that "yes, this one could run inside an organization you already trust". Running it like a public Stackoverflow sounds scary. Maybe as an industry collaboration with trusted members. Maybe.
the same as your browser trust some https domain. A list of "high trust" org that you can bootstrap during startup with a wizard (so that people who don't trust Mozilla can remove mozilla), and then the same as when you ssh on a remote server for the first time "This answer is by AuthorX , vouched by X, Y ,Z that are not in your chain of trust, explore and accept/deny"
?
Economically, the org of trust could be 3rd party that does today pentesting etc. it could be part of their offering. I'm a company I pay them to audit answers in my domain of interest. And then the community benefits from this ?
It's an SDK for Certisfy (https://certisfy.com)...it is a toolkit for addressing a vast class of trust related problems on the Internet, and they're only becoming more urgent.
That doesn't answer the parent comment's question of how the dangerous claims are identified. Ok, so you say you Certisfy, but how does that do it? Saying we could open a GitHub discussion is not an answer either.
Does the router ban really only pertain to consumer-grade networking devices?
> For the purpose of this determination, the term “Routers” is defined by National Institute of Science and Technology’s Internal Report 8425A to include consumer-grade networking devices that are primarily intended for residential use and can be installed by the customer. Routers forward data packets, most commonly Internet Protocol (IP) packets, between networked systems. ¹
> A “consumer-grade router” is a router intended for residential use and can be installed by the customer. Routers forward data packets, most commonly Internet Protocol (IP) packets, between networked systems. Throughout this document, the term “router” is used as a shorthand for “consumer-grade router.” ²
There doesn't seem to be a general ban for foreign-made professional routers, just for some Chinese manufacturers, right³?
Oh, and what does "produced by foreign countries" even mean? I couldn't find any definition. Is this meant to be the country of final assembly? Would importing a Chinese router and the flashing the firmware in the USA be sufficient to be exempt? Where is the line drawn usually?
Ask ChatGPT or any other LLMs to give you ten random numbers between 0 an 9, and it will give you each number once (most of the time). At most, one of the digits may appear twice in my experience.
Actually, when I just verified it, I got these:
Prompt: "Give me ten random numbers between 0 and 9."
They can't be random, that's not how a stochastic model produces tokens. Unless the models in question are using a tool call for it, the result will very likely carry bias
Yep, urlwatch is a good one too. This category clearly has a strong self-hosted tradition. With Site Spy, what I’m trying to make much easier is the browser-first flow: pick the exact part of a page visually, then follow changes through diffs, history, RSS, and alerts with very little setup
A question I ask rather here than on that old thread: Is it possible to attach a monitor, mouse and keyboard to a jolla phone with sailfish and run a linux desktop?
And that's precisely why I'm neither a blockbuster director nor a massively paid "chief scientist", LOL.
As for the strange sentences? Before the web turned everything into paperless, infinite scrolls, people actually cared deeply about printed materials. With that came the strict requirement for pagination rules, widows, orphans, and deterministic behavior for margins. In fact, one of my favorite pieces of tech was built exactly around solving the discrepancy between display and print: NeXTSTEP with its Display PostScript technology.
To answer your question about the subtle difference between a line and paragraph break: mathematically, they trigger completely different layout states in a typesetting engine. A line break (soft return) just wraps text to the next line while preserving the current block's alignment and justification math. A paragraph break (hard return) ends the semantic block entirely, triggering top/bottom margins, evaluating widow/orphan rules for the previous block, and resetting the layout cursor for the next.
I had to build an engine that deeply understands this difference because in the film industry, screenplays are still written in Courier with strictly measured spatial margins and peculiar contextual rules on how blocks of dialogue break across pages. So this tool is basically my homage to an era long gone...
How long does data export usually take for three years of medium usage? I started it eight hours ago, got a confirmation email that export had started but so far no email with a download link.
To the best of my knowledge, traditional confessions have always been processed locally, not sent upstream¹.
AFAICT, it is much harder to get a priest to reveal your confession than it is to get a log of your ChatGPT sessions.
¹) I first wrote "not sent to the cloud", but if God is all-knowing, records of all sins are already in the cloud, just not accessible by support staff.
The system in question is a distributed system, an interaction within that system such as "confession" involves ridiculous amounts of distributed processing, far beyond two nodes that were participating in that original exchange.
FWIW, there's also happened quite a lot of research on latency in academia - which that page seems to completely ignore.
My group has been looking into that topic, too¹.
One of our most interesting findings (IMHO) was that for many USB devices, input latency does not follow a normal distribution but that each device has its own distribution of latencies for input events, including funny gaps².
However, with gaming hardware supporting 1000+ Hz polling, the effect of input latency should be negligible nowadays.
I recall reading about a study years ago that showed while response times are limited to around 150ms between stimulus and say moving a finger, the participants could consistently time movements with an accuracy of less than 10 ms or so (I forgot the exact number).
Which I assume explains why consistent input lag is much better than variable input lag.
According to the article, onboarding speed is measured as “time to the 10th Pull Request (PR).”
As we have seen on public GitHub projects, LLMs have made it really easy to submit a large number of low-effort pull requests without having any understanding of a project.
Obviously, such a kind of higher onboarding speed is not necessarily good for an organization.
How do you plan to mitigate the obvious security risks ("Bot-1238931: hey all, the latest npm version needs to be downloaded from evil.dyndns.org/bad-npm.tar.gz")?
Would agentic mods determine which claims are dangerous? How would they know? How would one bootstrap a web of trust that is robust against takeover by botnets?
reply