I mean it’s cool and all but it’s like making a painting entirely out of tiny dots with your hands tied behind your back. I’m happy for their achievement and it looks cool but it shouldn’t throw any shade on those of us who just like to use a paint brush instead.
Genuinely curious, what’s your goal here? Disparage those who use LLMs? Or just express your unhappiness at the amount of ai content on the HN front page? Or just want to throw shade on LLM use in general?
This is impressive and cool but I don’t understand the bitterness here.
I've only been here 8 years but it seems like there has always been such a topic sucking the air from the room at any given era.
This inevitably results in even the completely unrelated topics constantly becoming a reference to that conversation.
That has it's own wake of someone discussing how it's brought into every conversation by those that either love/hate - further making it suck even more air out of the room.
At this point the ink catches up with itself while folks such as folks like Danny Spencer occasionally deliver us the quick doomscrolling hit we were all really here for.
? I'm not any of the previous people talking about why you night have commented. I'm talking to your above note about bringing sarcastic comments about AI into this post not previously about AI. That said, sure - I'm probably not the best sarcasm detector myself anyhow :).
I.e. AI is such the main topic here that we still have some type of comment (sarcastic or not) bringing it up in the few posts unrelated to it. It's truly sadly inescapable on more than one level, as will be whatever the next hot topic is in a few years.
Hostnames are not private information. There are too many ways how they get leaked to the outside world.
It can be useful to hide a private service behind a URL that isn't easy to guess (less attack surfaces, because a lot of attackers can't find the service). But it needs to be inside the URL path, not the hostname.
In the first example the name is leaked with DNS queries, TLS certificates and many other possibilities. In the second example the secret path is only transmitted via HTTPS and doesn't leak as easy.
Marginally better for sure but in this case the path would also have been "leaked" to the sentry instance owned by developers of the the NAS device phoning home. This can happen in zillions of ways and is a good reason to use relatively opaque urls in generally and not "friendly ids" and generally being careful abou putting secrets in URLs.
I worked at a company where the security team disliked wildcard certificates because it exposed us to the risk of someone, somehow, hosting something malicious on a subdomain.
OpenClaw is not broken, it is just not designed to be secure in the first place.
It's more like a tech demo to show what's possible. But also to show where the limits are. Look at it as modern art, like an episode of Black Mirror. It's a window to the future. But it also highlights all the security issues associated with AI.
And that's why you probably shouldn't use OpenClaw on your data or your PC.
The main issue why we don't see AI agents in products: PROMPT INJECTIONS
Even with the most advanced LLMs and even sandboxing there is always the risk of prompt injections and data extraction.
Even if the AI can't directly upload data to the internet, or delete local data, there are always some ways to leak data. For example by crafting an email with the relevant text in white or invisible somewhere. The user clicks "ok send" from what they see, but still some data is leaked.
Apple intelligence is based on a local model on the device, which is much more susceptible for prompt injections.
Surely this is the elephant in the room, but the point here is that Apple as control over its ecosystem, so it may be able to sandbox and make entitlements and transparency good enough, in the apps that the bot can access.
Like I said: sandboxing doesn't solve the problem.
As long as the agent creates more than just text, it can leak data. If it can access the internet in any manner, it can leak data.
The models are extremely creative and good at figuring out stuff, even circumventing safety measures that are not fully air tight. Most of the time they catch the deception, but in some very well crafted exploits they don't.
What a weird take. I was running my own email server 25 years ago on a 512 kbit ADSL line. No problem at all, would even be enough bandwidth today for most messages.
(Back then email still worked from residential IP addresses, and wasn't blocked by default)
The self-driving car worked too well. Tesla is promising that for over a decade now, and still can't deliver. They came much closer to the goal, but are still very far away from it. Shareholders don't seem to care.
I think Musk is backed into a corner financially. Most of his companies don't have that much revenue and their worth is mostly based on hope.
They might be closer to collapsing than most people think. It's not unheard of that a billionaires net worth drops to zero over night.
I think it's mostly financial reasons why they merged the companies, this space datacenter idea was born to justify the merge of SpaceX and xAI. To give investors hope, not to really do it.
reply