I'm guessing it ultimately comes down to the legal / financial / career incentives.
My impression is that the market currently rewards visible software functionality with little concern for invisible risk.
If we flipped the script, and investors were personally, criminally, and civilly liable for computer breaches, I imagine this problem would disappear almost overnight.
I'm at a defense contractor so the whole scene is alien to me. I don't really even get the desire to produce code more quickly since for us client verification and approval is always the slow part. Producing software more quickly would just make that problem worse.
We do have a phi4 installation in the compartment though it's separately compartmented from the rest of the network. It seems pretty good at doing call graphs. It's slower than ctags but can pull more context with it.
Forgive the tangent, but I'm just starting to learn about using AI for coding, and getting a safe sandbox is one of my next steps.
Any suggestions for a vm/container setup that works on a Linux host, provides the safety net you describe, and is still capable enough to try out all these things that people are talking about?
This will limit the agent in what it can do in the system and what IPs/domains it can reach. This requires a lot of customization to your specific framework/environment. Note that this can reduce the agent’s effectiveness, as it will have to “work around” some of the limitations. This isn’t foolproof either, and the agent could exfiltrate data e.g. via DNS requests.
Easiest thing is to run your AI under a separate user identity, with its own home directory, and no sudo permission. Then it can't screw up your system or your own files.
Some of us are very aware and concerned about the risk. But like Cassandra from Greek mythology, we see the coming disaster and feel powerless to stop it.
It's been around long enough to have gained cromulence, I think.
I started using "OG" ~16 years ago to disambiguate the Motorola Droid that I had (which was the first Android phone available from Verizon) from the Droid 2, 3, and 4 that came later.
"OG Motorola Droid" has specificity, while "Motorola Droid 1" is something that never existed.
Yeah but 10 years late to be described as the original. That said, my parents got rid of their actual OG iPad only 2-3 years ago (did not hold a charge for a long time, finally decided it was time to get one that did).
The whole world would not be possible without people re-publishing parts of books to some third party in exchange for money.
Think textbooks. Laws. Medicine.
What's the difference? The size of quotation? The exact wording? Surely re-publishing an entire book word for word is piracy. What if I rewrite the whole book slightly? What if I publish just a part? A rewritten part?
Where do we draw the line with humans and why should the line be different with LLMs?
Your questions would be quickly answered by looking at the relevant style guides. Any university will also have webpage about citations: APA, Chicago, MLA, etc.
My impression is that the market currently rewards visible software functionality with little concern for invisible risk.
If we flipped the script, and investors were personally, criminally, and civilly liable for computer breaches, I imagine this problem would disappear almost overnight.
reply