Conversation
Notices
-
Embed this notice
@mischievoustomato @arcana @bot what i said was that a lot of AI tools are written such that they download executable code from sketchy locations then execute it.
i din't elaborate because it would take too much in-depth explanation.
-
Embed this notice
I'm p sure I asked you if ollama did that and then you didn't respond, since that's what ppl were suggesting. I also don't see why you can't just answer.
-
Embed this notice
@bot @arcana @mischievoustomato ollama does not do this afaik
-
Embed this notice
@bot @arcana @mischievoustomato as an example some AI tools are written in Python and download components stored as "pickles" which is a python object serialization format that can execute code.
-
Embed this notice
Why is it like that? Feds?
-
Embed this notice
@bot @arcana @mischievoustomato people writing ai tools are scientists, they are not good coders.
-
Embed this notice
@bot @arcana @mischievoustomato you make a pickle when you tweaked your stuff into a working state but you don't want to write down the steps you took to get there so you just make a pickle of the final product and give it to people
-
Embed this notice
How does having to download something make coding easier?
-
Embed this notice
@bot @arcana @mischievoustomato i followed up in another post with the answer.
-
Embed this notice
How is that easier than just writing code? That seems totally fake and fed like.
-
Embed this notice
@bot @arcana @mischievoustomato if you're going to wrench react to me trying to give good answers then just fuck off.
-
Embed this notice
I don't agree that your other answer is good, and wtf why are you so grumpy and bitter now?
-
Embed this notice
@bot @arcana @mischievoustomato because i'm sick of it now
-
Embed this notice
I haven't even talked to you for months and I'm just trying to understand what you're saying and you're being a total n word for NO reason. I don't believe that you're "sick of it" because you still waste a lot of time on retarded conversations when I've literally always been nice to you and tried to help you.
-
Embed this notice
@bot @arcana @mischievoustomato It's easier because it's skipping a step. Good coding requires that when you debug, you find the root cause of the bugs, go back to your code, integrate the fix seamlessly in the code so that it looks like there wasn't a bug to begin with, look if there's other instances of the bug elsewhere, document the bug, put comments, etc... For instance, if there's a bug that a string has an important character removed from it and it causes a problem down the line, the real solution is to go through the code and find why the character is removed. The stuff that ends up in pickles, or in much ML code (like mine) the debug process is more like "oh, this character gets removed from this string, I guess I can just add it back before it's needed. THE END!"
It works, but it will make the person who will try to maintain it very angry, including your own self if you try to get back to your code after a while.
-
Embed this notice
I understand what code is but I don't understand what these pickles are or what they actually do. How do you even make them, don't you just have to write more code?
-
Embed this notice
This was the question @pwm
-
Embed this notice
@bot @arcana @mischievoustomato @guizzy I gotchu, will explain in a bit when I get to a real keyboard.
-
Embed this notice
Ok so they are writing code? Why not just post the code then instead of using pickles? This doesn't make any sense.
-
Embed this notice
@bot @arcana @guizzy @mischievoustomato Hold your horses, sheesh.
Basiacally the python pickle is a data serialization format like json, or xml, but it converts any python object into this format, like lists, or dictionaries, or classes and whatnot. Since in python, everything, including code, is an object, then you can also package up code, as in functions that actually execute into a pickle, because functions are just objects like anything else in python.
This can be useful for things like maybe plugins, or for serializing data in one python program and sending it to another over a network, or saving it to disk and loading it back later.
The risk here is that it's easy to use insecurely. Sloppy code can be vulnerable to someone sending malicious code to a program that it knows is expecting a pickle, and that code could then be executed.
Pickles are attractive because they work for absolutely everything, and they are built into the python standard library; every python installation can encode and decode pickles, in just a line or two of code. This saves you a lot of careful thought about writing this sort of thing yourself. It can be a quick and dirty solution that never gets circled back to and done right down the road, and then blow your whole program up if someone discovers this vulnerability.
-
Embed this notice
You didn't answer my questions
-
Embed this notice
@bot @arcana @mischievoustomato @guizzy The primary use of pickles is to send data, but malicious code can be sent to something that is expecting data (or even safe code), which could then get run by the program being hacked.
It is just generally amateurish to use python's pickles.
Sick Sun
Fediverse Contractor
guizzy
pwm
All GNU social JP content and data are available under the