@ryanc Thank you.
Notices by Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Wednesday, 24-Apr-2024 11:27:52 JST Adam Shostack :donor: :rebelverified: -
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Wednesday, 27-Mar-2024 08:08:34 JST Adam Shostack :donor: :rebelverified: @ryanc @tess @sophieschmieg @david_chisnall @Vrimj I'm fond of asking "are you asking that because you don't know how to fix it, or because you really think it'll never happen?" (1/3)
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Monday, 18-Mar-2024 01:18:13 JST Adam Shostack :donor: :rebelverified: "They are requesting $22 million this year, up from $5 million last year, to test autonomous weapons software against complex scenarios involving ethical decisions. "
I can guess the answer for only $50,000. Why so much? Editing my "You idiots" into acceptable text is going to be expensive.
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Sunday, 11-Feb-2024 04:56:14 JST Adam Shostack :donor: :rebelverified: @paul_ipv6 @inthehands I was thinking about Paul’s comment as I wondered why a ^ disappeared between generative2 in a post here
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Sunday, 11-Feb-2024 04:56:12 JST Adam Shostack :donor: :rebelverified: @paul_ipv6 @inthehands Well, correct fractions or not, no one would ever have struggled with underfull hboxes like they have to in css
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Wednesday, 27-Dec-2023 10:50:40 JST Adam Shostack :donor: :rebelverified: @inthehands @Haste IANALE, but if you're relying on a tool that says "Hey, this thing is full of errors" maybe that's a sign that you should be.
Of course, fancy lawyers will make a case that it's unsettled law
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Tuesday, 26-Dec-2023 13:01:52 JST Adam Shostack :donor: :rebelverified: @Haste @inthehands We don’t need a new law. There’s no reason to think “the devil made me do it” is a defense.
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Monday, 20-Nov-2023 12:24:07 JST Adam Shostack :donor: :rebelverified: @eaton I’ve found the ui in happyscribe to be really helpful even if I can get transcription elsewhere.
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Friday, 10-Nov-2023 04:28:29 JST Adam Shostack :donor: :rebelverified: @petergleick @inthehands I see this is CPI adjusted (cool!). Is there a version that normalizes against population growth?
(Yes there’s complexity of overall growth vs growth in high danger areas).
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Tuesday, 10-Oct-2023 11:40:06 JST Adam Shostack :donor: :rebelverified: @linear @irenes The US office of science and tech policy has an open call for comments about the future of open source security. I want to encourage you to tell them about your choices so they don’t randomly default to “of course wallet names are a fine thing”
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Sunday, 18-Jun-2023 15:00:52 JST Adam Shostack :donor: :rebelverified: This is next level APT TTP right here. https://twitter.com/llm_sec/status/1667573374426701824
“* People ask LLMs to write code
- LLMs recommend imports that don't actually exist
- Attackers work out what these imports' names are, and create & upload them with malicious payloads
- People using LLM-written code then auto-add malware themselves”
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Tuesday, 30-May-2023 07:03:55 JST Adam Shostack :donor: :rebelverified: @Gargron @tbw For example, when I search on "search," click posts, I see this screenshot.
I've never seen the post from conservateurs@toad before.
I'd like a 5th option "Posts you've seen" which is a subset of posts.
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Tuesday, 30-May-2023 03:49:29 JST Adam Shostack :donor: :rebelverified: Is there a way to search the set of mastodon that a client has marked as seen so you don't see dupes? In web client or some other client?
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Tuesday, 30-May-2023 03:48:50 JST Adam Shostack :donor: :rebelverified: @tbw @Gargron Exactly -your server has a list of posts you've seen, it seems 'relatively easy' to do a database query against those posts. Possibly expensive if there's a cache/index to help searching.
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Monday, 29-May-2023 02:49:48 JST Adam Shostack :donor: :rebelverified: I could swear I saw a post here about a professor who had their students grade an assignment from ChatGPT, but Masto search is a dumpster fire.
If you saw it and can share a link I'd be grateful.
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Monday, 29-May-2023 02:49:45 JST Adam Shostack :donor: :rebelverified: @SteveBellovin Thanks! My current plan is to allow use of LLMs, but you have to submit your prompt, the LLM's response, and your edits to it as a change-tracked word doc.
I'm working on a grading rubric that rewards varying your prompt, getting multiple answers, and maybe more.
(cc @inthehands )
-
Embed this notice
Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Monday, 29-May-2023 02:49:41 JST Adam Shostack :donor: :rebelverified: @SteveBellovin @inthehands I'd seen that -- TBH, I have a hope that my students will do their own final projects. Someone else privately suggested making those projects into group projects to create social pressure to do the work.