noodling on a blog post - does anyone with more experience of LW/EA than me know if "AI safety" people are referencing the invention of nuclear weapons as a template for regulating/forbidding "AGI"?
this post was submitted on 30 Dec 2024
18 points (100.0% liked)
TechTakes
1506 readers
526 users here now
Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.
This is not debate club. Unless it’s amusing debate.
For actually-good tech, you want our NotAwfulTech community
founded 2 years ago
MODERATORS
I'd be surprised if Eliezer hasn't mentioned it at some point, maybe more in the way that you're after. Can't find any examples though.
In his Times article the only place he mentions nukes is what we should do to countries that have too many GPUs: https://time.com/6266923/ai-eliezer-yudkowsky-open-letter-not-enough/
Edit: Not Mr. Yudkowski but see https://futureoflife.org/document/policymaking-in-the-pause/
“The time for saying that this is just pure research has long since passed. […] It’s in no country’s interest for any country to develop and release AI systems we cannot control. Insisting on sensible precautions is not anti-industry. Chernobyl destroyed lives, but it also decimated the global nuclear industry. I’m an AI researcher. I do not want my field of research destroyed. Humanity has much to gain from AI, but also everything to lose.”
“Let’s slow down. Let’s make sure that we develop better guardrails, let’s make sure that we discuss these questions internationally just like we’ve done for nuclear power and nuclear weapons. Let’s make sure we better understand these very large systems, that we improve on their robustness and the process by which we can audit them and verify that they are safe for the public.”
A notable article from our dear friend Nick Bostrom mentions the atmospheric auto-ignition story:
https://nickbostrom.com/papers/vulnerable.pdf
Type-0 (‘surprising strangelets’): In 1942, it occurred to Edward Teller, one of the Manhattan scientists, that a nuclear explosion would create a temperature unprecedented in Earth’s history, producing conditions similar to those in the center of the sun, and that this could conceivably trigger a self-sustaining thermonuclear reaction in the surrounding air or water (Rhodes, 1986).
(this goes on for a number of paragraphs)
This whole article has some wild stuff if you haven't seen it before BTW, so buckle up. He also mentions this story in https://nickbostrom.com/existential/risks and https://existential-risk.com/concept.pdf if you want older examples.
LLMs continue to be so good and wagmi that they've progressed to the serving ads part of the extractivist SaaS lifecycle
I find it impressive how gen-AI developed a technology that is fine-tuned to generate content that looks precisely passably plausible, but never good enough to be correct or interesting or beautiful or worthwhile in any way.
Like if I was trying to fill the Internet with noise to ruin it, on purpose, I couldn't do better than this. (mostly on accounr of me not having massive data centres nor the moral calousness to spew that much carbon, but still). It's like the ideal infohazard weapon if your goal is to worsen as many lives as you can
It was made to write copy for catalogs, alumni bulletins, and mediocre in-flight magazines.
It also is 'great' for creating post for people who want to debate others but who dont actually care to make up arguments themselves, quality of the argument doesnt even matter. Which is quite the shit development.
At least you can recognize real replies as there are words they never fucking use.
a reply from a mastodon thread about an instance of AI crankery:
Claude has a response for ya. "You're oversimplifying. While language models do use probabilistic token selection, reducing them to "fancy RNGs" is like calling a brain "just electrical signals." The learned probability distributions capture complex semantic relationships and patterns from human knowledge. That said, your skepticism about AI hype is fair - there are plenty of overinflated claims worth challenging." Not bad for a bucket of bolts 'rando number generator', eh?
maybe I’m late to this realization because it’s a very stupid thing to do, but a lot of the promptfondlers who come here regurgitating this exact marketing fluff and swearing they know exactly how LLMs work when they obviously don’t really are just asking the fucking LLMs, aren’t they?
Not bad for a bucket of bolts ‘rando number generator’, eh?
Because... because it generated plausibly looking sentence? Do... do you think the "just electrical signals" bit is clever or creative?
Here's an LLM performance test that I call the Elon Test: does the sentence plausibly look like it could've been said by Elon Musk? Yes? Then your thing is stupid and a failure.
That first post. They are using llms to create quantum resistant crypto systems? Eyelid twitch
E: also, as I think cryptography is the only part of CS which really attracts cranks, this made me realize how much worse science crankery is going to get due to LLMs.
As self and khalid_salad said, there are certainly other branches of CS that attract cranks. I'm not much of a computer scientist myself but even I have seen some 🤔-ass claims about compilers, computational complexity, syntactic validity of the entire C programming language (?), and divine approval or lack thereof of particular operating systems and even the sorting algorithms used in their schedulers!
I still need to finish that FPGA Krivine machine because it’s still living rent-free in my head and will do so until it’s finally evaluating expressions, but boy howdy fuck am I not looking forward to the cranks finding it
write a series of blog posts about it, all of which end "And in conclusion, punch a Nazi."
also sprinkle it at the start, and throughout
because you just know the tiring fuckers won't bother reading in depth
I think cryptography is the only part of CS which really attracts cranks
every once in a while we get a "here is a compression scheme that works on all data, fuck you and your pidgins" but yeah i think this is right
there’s unfortunately a lot of cranks around lambda calculus and computability (specifically check out the Wikipedia article on hypercomputation and start chasing links; you’re guaranteed to find at least one aggressive crank editing their favorite grift into the less watched corners of the wiki), and a lot of them have TESCREAL roots or some ties to that belief cluster or to technofascism, because it’s much easier to form a computer death cult when your idea of computation is utterly fucked
fair, there are cranks still trying to trisect an arbitrary angle with an unmarked straight-edge and compass, so i shouldn't be surprised. there are probably cranks still trying to solve the halting problem
Right, well God says:
meditated exude faithful estimate nature message glittering indiana intelligences dedicate deception ruinous asleep sensitive plentiful thinks justification subjoinedst rapture wealthy frenzied release trusting apostles judge access disguising billows deliver range
Not bad for the almighty creator 'rando number generator', eh?
a non-zero amount of the time, yeah
also, that poster's profile, holy fuck. even just the About is a trip
Wow, how is every post somehow weird and offputting? And lol at 'im seeing evidence the voting public was HACKED! (emph mine)' a few moments later 'anybody know some big 5 webscrape API coders? I need them for evidence gathering'. The delightful pattern of crankery where there is a big sweeping new idea that nobody else has seen, plus no actual ability in a technical field.
Wow, how is every post somehow weird and offputting?
just an ordinary mastodon poster, doing the utterly ordinary thing of fedposting in every thread started by a popular leftist account, calling “their wing” a bunch of cowards for not talking in public about doing acts of stochastic violence, and pondering why they don’t have more followers
A "high-tech" grifter car that only endangers its own inhabitants, a Trump and Musk fan showing his devotion by blowing himself up alongside symbols of both, the failure of this trained and experienced murderer to think through the actual material function of his weaponry, welcome to the Years of Lead Paint.
from I Was Promised a More Aesthetically Pleasing Cyberpunk Dystopia by Vicky Osterweil
To be fair it also endangers people outside the car, just not when a deflagration is set off inside.
Wow, that's bleak. The whole article I mean.
choose your silicon valley thinkboi
edit: goddammit istewart got in first because we both saw this on the zitron discord
alas, there is no honor or glory to be had from winning the meme race
ong Yann LeCun was sharing this post too and i was shook that he was seeing quality shit post like this before me. We are not ready for whats coming next . jpg
via this I just learned that google's about[0] to open the taps on fingerprinting allowance for advertisers
that'll go well.
I realize that a lot of people in the rtb space already spend an utterly obscene amount of effort and resources to try do this shit in the first place, but jesus, this isn't even pretending. guess their projections for ad revenue must be looking real scary!
edit [0] - "about", as in next month. and they announced it last month.
The Google post appears to be Updating our platform policies to reflect innovations in the ads ecosystem.
I have no idea what the heck those words mean (it appears to be some bizarro form of English), so I diffed the policy itself. Here are the parts I found notable.
This will be removed:
You must not use device fingerprints or locally shared objects (e.g., Flash cookies, Browser Helper Objects, HTML5 local storage) other than HTTP cookies, or user-resettable mobile device identifiers designed for use in advertising, in connection with Google's platform products. This does not limit the use of IP address for the detection of fraud.
This will be removed:
You must not pass any information to Google [...] that permanently identifies a particular device (such as a mobile phone's unique device identifier if such an identifier cannot be reset).
This will be added:
You must disclose clearly any data collection, sharing and usage that takes place in connection with your use of Google products, including information about the technologies used, such as your use of cookies, web beacons, IP addresses, or other identifiers. This applies for data collection, sharing and usage on any platform, surface or property (e.g., web, app, Connected TV, gaming console or email publication).
I remember during my very very first job a security guy explaining to me why I can't record work emails of people borrowing stuff from the company's internal library because GDPR. In a company of like 100 people. I guess Google is too big to care.
It's the same feeling as when it's reported some guy was able to defraud literal millions from public funds while I had to separately report and bring a receipt for the $5 I spent on a city bus while out on a business trip because it was funded from a public grant or I'd get fired and sued, in that order.
from the company’s internal library because GDPR
I'm not a gdpr person (nor even european) but this sounds like bullshit - was it?
I simplified , but:
The problem is that if someone leaves the company you should delete all of their PII you don't need for compliance reasons. The emails were [email protected], as is usual, so it was PII. So if someone borrowed something from the library and that record stayed in the database, when their company profile got deactivated we would've had to have a flow that deleted that row or at least anonymised it. Needless to say, this was a minor side project with a time budget of one month, so we just ended up not storing any PII in the first place instead of bothering with archiving and removal.
you just gotta love how vacuously pointless the wording is
You must disclose
google-rfc "must": "we want something we can bend you over a barrel with if you're caught out by one, but that's all we'll bother committing because otherwise it eats into our lovely extortion profits"
Also I'm having a fun time imagining an accurate device fingerprinting disclosure from someone who was really really thorough.
Not-A-Cookie-I-Swear Technologies LTD may collect the following information:
Don't worry none of it is a cookie :D
- Your User-Agent
- Your browsers language / locale
- The state of the service-worker associated with Not-A-Cookie-I-Swear Technologies LTD's website
- Whether your "mouse" movements look more like a mouse, trackpoint, gamepad, joystick or touchscreen according to our heuristics
- The current JavaScript time
- Whether your browser prefers dark mode or not
- Whether your browser reports itself as screen or print media
- The device size, device pixel ratio, frame size, and frame position reported by your browser
- Your browser's HTTP request headers
- The success or failure of fetching a URL included in the Easylist ad-block list
- Whether or not an element associated with the Easylist element hiding list was hidden or not
- Your IP address
- The result of tracerouting your IP address from one of our servers
- Browser Local and/or Session Storage
- The state of the WebSQL and/or IndexedDB database for our website
- The state of the OPFS filesystem store associated with our website
- Whether or not there was an HTTP cache hit for our website
- Whether or not there was a DNS entry cached for our website
- A hash of the pixels in a WebGL and/or WebGPU scene
- The browser's default styling
- The browser's minimum font size
- The browser's default font family
- The font file chosen for a variety of character (or ligature) and font-family combinations
- A hash of the pixels of a canvas with a variety of font families and shapes written into it
- A report on the presence or absence of various browser CVEs in your browser
- Information about any other open tabs that happen to include technologies from Not-A-Cookie-I-Swear Technologies LTD
- What video, audio, and/or image codecs are supported by your browser
- Whether or not your browser enables video auto play (and whether or not it's muted by default)
- Whether your browser supports MathGL or not
- Whether your browser recognizes any origin trials that Not-A-Cookie-I-Swear Technologies LTD happens to have opted into at any given time
- The behavior of your browser against various web standards edge cases or the presence or absense of features in draft web standards (e.g. Web Platform Tests or Can-I-Use tests)
- Whether or not your browser supports Widevine video DRM
- Various browser performance characteristics
- All key press events
- Various form auto-fill data (if triggered)
- Any mouse down, mouse move, or mouse up events
- A rough geolocation calculated by examining the relative latency of fetches to a number of geographically distributed web servers
- The presence or absence of various browser plugins developed by, purchased by, or affilated with Not-A-Cookie-I-Swear Technlogies LTD (and any data therein as agreed to by the extension permissions dialog -- up to and including microphone, webcam, or full page DOM)
Some stuff in this list is me being silly, but overall it shows that the talk about "privacy-enhancing technologies" is premature on the web platform. The web has been trying to have better privacy defaults over time; but there's a long legacy of features from before this was considered as much, as well as Google tossing around their weight in the web standards and browser space.
now i wonder how much of that is blocked by firefox enhanced tracking protection. not all, of course, and it's probably much more than needed for unique identifier. there's mozilla security blog post on this topic says that some anti-fingerprinting measures were built in all the way back in 2020 (firefox 72)
Above I listed a bunch of things which would help narrow down browser version, but that's hopeless anyway -- an adversary will probably be able to figure out your rough browser version even if you fake the UA string, and that you're running in anti-fingerprinting mode.
So assuming that's out of scope I think these are probably the big categories:
- Normalize any system information presented to webpage (e.g. remove minor version from UA header, remove OS from UA header, etc)
- Canvas, WebGL, and WebGPU need to be implemented in software in a deterministic way. Similarly any compositing (including stuff like font shaping, SVG rendering, page layout) must be done in software (prevent GPU fingerprinting)
- A fixed font set must be used rather than using the system font set (prevent fingerprinting font enthusiasts)
- The device size / frame size (and position) must be lied about (e.g. rounded to a common resolution or a multiple of 100px), and layout adjusted appropriately (Mozilla calls this "Letterboxing") (prevent fingerprinting psychos who don't run their browser in fullscreen mode).
- Page storage should be disabled or cleared (local / session storage, cookies, service workers, indexeddb, etc) (A cookie by any other name would taste as sweet)
- Caching is a big problem, probably have to disable it entirely (including HTTP caching, HTTP caching at the ISP level*, DNS lookups, favicons, JavaScript compilation cache) (Pesky pesky global state).
- Performance metrics are another big problem. Disabling JavaScript would go a long way here but you probably can't prevent them entirely unless you're prepared to go to unhealthy extremes** (this is like the past 10 years of cutting edge security research so we're doomed)
- Disable any plugins or other customizations which may provide a fingerprint accessible to the webpage (oops it turned out the FBI caught me because I configured my browser to inject pictures of cute bunnies into every webpage).
- And of course IP address, which you presumably want to do something about (proxy?)
That said while I've worked with browsers, I'm not in the biz of fingerprinting or anti-fingerprinting, so there's surely stuff I haven't thought of.
* Actually we should probably just disable non-HTTPS entirely...
** Running under a VM is probably the minimum required to mitigate the chances of cutting-edge side-channel timing attacks from James Bond level adversaries, but at that point maybe you just want a dedicated browsing computer heh. I did chuckle at the idea of someone trying to apply cryptographic constant-time algorithm techniques to writing a browser though.
view more: next ›