Yeah, it’s counterintuitive because it’s a lot more work for a human to draw a picture (much less a photorealistic picture) than to write a few words, but human language grammar actually has a lot of strict rules that makes that stream of letters work as “valid” output, much less “decent” output that kinda matches the prompt/description. Transpose a pair of letters or even substitute a single letter (or token) and you’ve got an output that just doesn’t work, in a way that generated images don’t have to worry about.

Yeah, the smarter way to use LLM-based agents is carefully defined tasks. Mozilla describes their vulnerability assessment processes in this blog post.

Mozilla describes the process they’ve used: building a harness that instructs a model to find a specific category of vulnerability on a specific interface, and then write up its findings. It’s a narrow enough context that the model gets specific instructions, and a simple definition of success, and it sets up many such tasks that can be fed into the existing process for verifying and triaging bugs. Note that the output for this LLM pipeline basically feeds into the same interface for accepting bug reports from the public, or from their human contributors within the project.

There’s a couple of takeaways here, too:

• This pipeline is model agnostic. Mozilla set it up before Mythos was released, and its description of other models (Opus 4.7, Codex) confirms that Mythos is better but not a true game changer. The ability to swap out other models provides some assurance that the work done to develop the pipeline will be useful when cheaper or better models come along, or when a model becomes unavailable (like when a provider decides a particular model is too expensive to run, or a provider goes under).
• The increase in automated output (and presumably automation-assisted contributions from the public) has given the humans more work to do. Automation in this context actually increases the demand for human labor.
• Other projects will need to develop their own custom pipelines, specific to their project, to get good results from LLM based agents.

There are ways to use these tools, but none of it really seems like a truly revolutionary/disruptive change to how large projects are managed.

I think AI will be profitable for the next generation of AI business models that emerge from the abandonment of the current business model of developing the frontier. But the prerequisite is that the companies give up on developing the frontier and decide that the models they have are good enough, then get hardware optimized for inference on those models, stagnating into long term commodity infrastructure, like providing phone service or electricity for profit.

So yeah, I think many of these technologies are here to stay, but the growth will stagnate this year as data center construction swallows up companies that overextended.

One real concern I have is that there are now automated tools that can read a patch, and the maintainer’s release notes with a description of a security vulnerability fixed by that patch, and then create a working exploit of the pre-patch vulnerability.

In that particular moment, you know that a vulnerability exists and that it was serious enough to be described in release notes, and you can compare two code versions, one that is secure and one that is not. From there, any AI coding agent is working towards something that definitely exists, with a bunch of description of what it might be.

So that means that the window between when a patch is released and when users actually apply that patch is going to be more important than ever. Downstream maintainers will be under a lot of time pressure to implement changes from upstream, because every new security patch will create a race to create 1-day exploits for everyone using that software.

MacOS ran out of cats at some point. Android ran out of desserts.

Ubuntu had no problem rolling over with the letters of the alphabet, but I imagine some letters may pose issues at some point when you run out of identifiable animals that start with that letter. Although they were already going with a lot of obscure animals to begin with.

Desktop Linux is seeing higher and higher market share, not just because Linux is growing but also because the desktop mode of computing is shrinking, especially for personal use. There are lots of people who used to own laptops/desktops but don’t anymore.

This one is the same author addressing this specific Mozilla release.

The website could know whether the username actually exists on the system. But revealing that information is a security weakness because someone could at least learn who has an account at that site (especially if usernames are email addresses, as they often are).

When I first switched to Linux around 20 years ago, ext3 was the new default on the Ubuntu installer, while a few holdouts on the forums were still recommending ext2 to new users to see whether and how ext3 would hold up to real world usage.

Set default birthday at 1970-01-01.

Jevon’s Paradox is that when there’s more of a resource to consume, humans will consume more resource rather than make the gains to use the resource better.

More specifically, it’s when an improvement in efficiency cause the underlying resource to be used more, because the efficiency reduces cost and then using that resource becomes even more economically attractive.

So when factories got more efficient at using coal in the 19th century, England saw a huge increase in coal demand, despite using less coal for any given task.

Chromium is basically Tyrone Biggums asking if y’all got any more of that RAM, so bundling that into Electron is gonna lead to the same behavior.

This operating system contains code known to the State of California to cause cancer or reproductive harm.

In terms of usage of AI, I’m thinking “doing something a million people already know how to do” is probably on more secure footing than trying to go out and pioneer something new. When you’re in the realm of copying and maybe remixing things for which there are lots of examples and lots of documentation (presumably in the training data), I’d bet large language models stay within a normal framework.

It’s actually pretty funny to think about other AI scrapers ingesting this nonsense into the training data for future models, too, where the last line isn’t enough to get the model to discard the earlier false text.

Yeah, getting too close turns into an uncanny valley of sorts, where people expect all the edge cases to work the same. Making it familiar, while staying within its own design language and paradigms, strikes the right balance.

Why does this image look like an AI-generated screenshot? The letter spacing and weights are all wrong.