Sensitive content Click to open/close

It's that time of the month again, this time I wrote a whole blog about it:

“Your GitHub Copilot access has been renewed” 🤡

#github #copilot #llm #ai #genai

sethmlarson.dev/your-github-co…

Your GitHub Copilot access has been renewed 🤡

As a maintainer of a "popular open source project" ever since Copilot was announced I've been receiving monthly reminders that my free GitHub Copilot access has been renewed. If I was paying for t...

^{sethmlarson.dev}

So is @mozillaofficial's #distilvit a #LLM that could be used to embed in a CMS to create alt text for uploaded images?

github.com/mozilla/distilvit

GitHub - mozilla/distilvit: image-to-text model for PDF.js

image-to-text model for PDF.js. Contribute to mozilla/distilvit development by creating an account on GitHub.

^GitHub

ChatGPT is fairly convincing at creating code. But, like with everything you have to be vigilant on what it suggests you do. As a test I asked ChatGPT to "Write me an example C application using libcurl using secure HTTPS connection to fetch a file and save it locally. Provide instructions on how to create a test HTTPS server with self-signed certificate, and how to configure the server and the C client application for testing."

ChatGPT was fairly good here. It provided example code that didn't outright disable certificate validation, but rather uses the self-signed certificate as the CA store:

const char *cert_file = "./server.crt"; // Self-signed certificate
...
curl_easy_setopt(curl, CURLOPT_CAINFO, cert_file); // Verify server certificate
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);

This is a very good idea, as blanket disabling security is a big nono. The deployment instructions were also quite nice, creating a self-signed certificate with openssl, and then setting up the test website with python3 http.server like this:

mkdir -p server
echo "This is a test file." > server/testfile.txt
python3 -m http.server 8443 --bind 127.0.0.1 --certfile server.crt --keyfile server.key

Looks pretty nice, right?

Except that this is totally hallucinated and even if it wasn't, it'd be totally insecure in a multiuser system anyway.

Python3 http.server doesn't allow you to pass certfile and keyfile like specified. But lets omit that small detail and assume it did. What would be the problem then?

You'd be sharing your whole work directory to everyone else on the same host. Anyone else on the same host could grab all your files with: wget --no-check-certificate -r 127.0.0.1:8443

AI can be great, but never ever blindly trust the instructions provided by a LLM. They're not intelligent, but very good at pretending to be.

#ChatGPT #LLMs #LLM

My 2nd @fosdem talk was Alternative Text for Images: How Bad Are Our Alt-Text Anyway?

fosdem.org/2025/schedule/event…

It is available online:

docs.google.com/presentation/d…

#FOSDEM #FOSS #AI #LLM #AltText #Accessibility

FOSDEM 2025 : Alternative Text for Images: How Bad Are Our Alt-Text Anyway?

Alt Text for Images: How Bad Are they Anyway? FOSDEM, Feb 1, 2025 25 minutes, Track: Inclusive Web, Room: K.3.201 https://fosdem.

^{Google Docs}

Thx for your link and efforts @Seirdy !

All this said, being part of a decentralized web, as pointed out in this toot, our publicly visible interaction lands on other instances and servers of the #fediVerse and can be scrapped there. I wonder if this situation actually might lead, or should lead, to a federation of servers that share the same robots.txt "ideals".

As @Matthias pointed out in his short investigation of the AI matter, this has (in my eyes) already unimagined levels of criminal and without any doubt unethical behavior, not to mention the range of options rouge actors have at hand.

It's evident why for example the elongated immediately closed down access to X's public tweets and I guess other companies did the same for the same reasons. Obviously the very first reason was to protect their advantage about the hoarded data sets to train their AI in the first place. Yet, considering the latest behavior of the new owner of #twitter, nothing less than at least the creation of #AI driven lists of "political" enemies, and not only from all the collected data on his platform, is to be expected. A international political nightmare of epical proportions. Enough material for dystopian books and articles for people like @Cory Doctorow, @Mike Masnick ✅, @Eva Wolfangel, @Taylor Lorenz, @Jeff Jarvis, @Elena Matera, @Gustavo Antúnez 🇺🇾🇦🇷, to mention a few of the #journalim community, more than one #podcast episode by @Tim Pritlove and @linuzifer, or some lifetime legal cases for @Max Schrems are at hand.

What we are facing now is the fact that we need to protect our and our users data and privacy because of the advanced capabilities of #LLM. We basically are forced to consider to change to private/restricted posts and close down our servers as not only the legal jurisdictions are way to scattered over the different countries and ICANN details, but legislation and comprehension by the legislators is simply none existent, as @Anke Domscheit-Berg could probably agree to.

Like to say, it looks like we need to go dark, a fact that will drive us even more into disappearing as people will have less chance to see what we are all about, advancing further the advantages off the already established players in the social web space.
Just like Prof. Dr. Peter Kruse stated in his take about on YT The network is challenging us min 2:42 more than 14 years ago:
"With semantic understanding we'll have the real big brother. Someone is getting the best out of it and the rest will suffer."

Estoy usando un LLM para aprender teoría de filtros. Vale, ya os podéis lanzar a mi cuello, pero antes, me comentáis de algún sitio donde haya información fiable sobre teoría de filtros (polos, ceros, FIR, IIR) en notación que resulte accesible y donde puedas hacer preguntas gilipollas como: el número de coeficientes del numerador del filtro determina el orden del filtro?

Entre tanto, he aprendido algo. Y sí, corro el riesgo de errores o imprecisiones, pero por lo menos tengo un punto de partida.

#LLM #aprendizaje #accesibilidad

Reading some people complaining about image descriptions because they help train AI. I'm not sure what interpretation is worse: that there's a new excuse for not including alt text, as if there weren't enough already; or that people may actually earnestly be this spiteful about AI so as to regard helping others as a necessary collateral damage of their Buttlerian jihad.

#llm #AI #AltText

#Slop is low-quality media - including writing and images - made using generative artificial intelligence technology.

Quelle: Wikipedia.

Open source projects have to deal with a growing number of low-quality vulnerability reports based on AI. See for example this comment from Daniel Stenberg, maintainer of #Curl:

I'm sorry you feel that way, but you need to realize your own role here. We receive AI slop like this regularly and at volume. You contribute to unnecessary load of curl maintainers and I refuse to take that lightly and I am determined to act swiftly against it. Now and going forward.

You submitted what seems to be an obvious AI slop "report" where you say there is a security problem, probably because an AI tricked you into believing this. You then waste our time by not telling us that an AI did this for you and you then continue the discussion with even more crap responses - seemingly also generated by AI.

Weiterlesen bei HackerOne: Buffer Overflow Risk in Curl_inet_ntop and inet_ntop4.

#opensource #AI #LLM #Spam

curl disclosed on HackerOne: Buffer Overflow Risk in Curl_inet_ntop...

*Curl is a software that I love and is an important tool for the world. * *If my report doesn't align, I apologize for that.* The `Curl_inet_ntop` function is designed to convert IP addresses from...

^HackerOne

This is making the rounds on Finnish social media.

A large association for Finnish construction companies, #Rakennusteollisuus, decided that they needed an English version of their website but apparently they didn't want to pay an actual #translator so just used some free #LLM with hilarious results.

They've fixed it now, but for a short while there was some comedy gold to be found.

P.s. I didn't find these, I've no idea who did.

I'm a little puzzled at the salience that is being given to the Apple conclusions on #LLM #reasoning when we have lots of prior art. For example: LLMs cannot correctly infer a is b, if their corpora only contain b is a. #Paper: arxiv.org/abs/2309.12288

#AI #MachineLearning #logic

The Reversal Curse: LLMs trained on "A is B" fail to learn "B is A"

We expose a surprising failure of generalization in auto-regressive large language models (LLMs). If a model is trained on a sentence of the form "A is B", it will not automatically generalize to the reverse direction "B is A".

^arXiv.org

#AIagent promotes itself to #sysadmin , trashes #boot sequence

Fun experiment, but yeah, don't pipe an #LLM raw into /bin/bash

Buck #Shlegeris, CEO at #RedwoodResearch, a nonprofit that explores the risks posed by #AI , recently learned an amusing but hard lesson in automation when he asked his LLM-powered agent to open a secure connection from his laptop to his desktop machine.
#security #unintendedconsequences

theregister.com/2024/10/02/ai_…

AI agent promotes itself to sysadmin, trashes boot sequence

Fun experiment, but yeah, don't pipe an LLM raw into /bin/bash

^{Thomas Claburn (The Register)}

🆕 blog! “GitHub's Copilot lies about its own documentation. So why would I trust it with my code?”

In the early part of the 20th Century, there was a fad for "Radium". The magical, radioactive substance that glowed in the dark. The market had decided that Radium was The Next Big Thing and tried to shove it into every product. There …

👀 Read more: shkspr.mobi/blog/2024/10/githu…
⸻
#AI #github #LLM

Independent test of #OpenAI’s o1-preview model achieved near-perfect performance on a national #math exam (landing in the top .1% of the nation’s students).

o1 also outperformed 4o on the math test, but took about 3 times longer to do so (10 minutes vs. 3 minutes).

Preprint: researchgate.net/publication/3…

#teaching #assessment #AI #LLM #edu #higherEd

Massive E-Learning Platform #Udemy Gave Teachers a Gen #AI 'Opt-Out Window'. It's Already Over.

Udemy will train generative AI on classes developed/users contributed on its site. It is opt-out (meaning, everyone was already opted in) with a time window... and opting out may "affect course visibility and potential earnings."

Udemy's reason for the opt-out window was reportedly because removing data from LLMs is hard. IMO, that would be the reason for making it opt-in, but here we are...

#privacy #privacymatters #llm

404media.co/massive-e-learning…

#DSGVO versus #LLM / #KI :
Copilot macht aus einem Gerichtsreporter einen Kinderschänder
heise.de/news/Copilot-macht-au…

Recht auf Auskunft? Schwierig. Löschen der Falschinformationen? Unmöglich. Und nun?

Copilot macht aus einem Gerichtsreporter einen Kinderschänder

Weil er über Verhandlungen berichtet hat, macht der Copilot aus einem Journalisten einen Kinderschänder, Witwenbetrüger und mehr.

^{Eva-Maria Weiß (heise online)}