Final Fantasy IV Java Edition would be a pretty wild guess by anyone's standards. I certainly wouldn't have thought of it, and I'm an ex-java developer who speaks Japanese and was extremely fond of FF4.
I've been rethinking IoT devices lately. All that Alexa has actually been useful for is "Alexa, what's the time?", "Alexa, what day is it?", "Alexa, set a 2 minute timer", and "Alexa what does X mean?".
That's 99% of my uses.
I want a device that does only that and runs purely offline. I'm sure between Whisper.cpp and LLaMA.cpp I could make this a reality with an old spare laptop.
I definitely think this is playing a role. I've seen reports of people saying "oh it now refuses to act as my therapist" and "it wouldn't write my essay for me". Those are just a couple of anecdotes I've seen on Reddit, and haven't verified myself, but it wouldn't surprise me if OpenAI felt the need to make adjustments along those lines.
>To me, it feels like it's started giving superficial responses and encouraging follow-up elsewhere -- I wouldn't be surprized if its prompt has changed to something to that effect.
That's the vibe I've been getting. The responses feel a little cagier at times than they used to. I assume it's trying to limit hallucinations in order to increase public trust in the technology, and as a consequence it has been nerfed a little, but has changed along other dimensions that certain stakeholders likely care about.
Seems like the metric they're optimising for is reducing the number of bad answers, not the proportion of bad answers, and giving non-answers to a larger fraction of questions will achieve that.
I haven't noticed ChatGPT-4 to give worse answers overall recently, but I have noticed it refusing to answer more queries. I couldn't get it to cite case law, for example (inspired by that fool of a lawyer who couldn't be bothered to check citations).
Small c compromise, not big C. These are invented toy examples, but when I say compromise I mean things like chat logs, public transportation/taxi ride history, supply chain attacks, etc.
If you want to think about the attack surface, look at companies that serve other companies and ask "what can someone with root on all of this companies machines do?" and more importantly "How mature are these companies security teams?" Imagine compromising a law firm, a public relation agency, or a newspaper. A VPN provider, a corpnet provider, or a cloud provider.
My password vault doesn't have my ssh keys, but it does have my no 2fac required github recovery tokens. Phones have a lot more than just security tokens. They could provide information useful for phishing or extortion, too.
I think you asked this because I used a rather grand example and that's fair. If I were to look at my post critically I think I under-stated both the potential security mitigations in place by competent security teams and the difficulty of really compromising someone's phone, and therefore somewhat overstated the problem.
When playing war games, you give your opponent every conceivable advantage somewhat grounded in reality, and I have given this idealized attacker the advantage of an incompetent security team, easy compromise of phone, and lack of political consequences for taking a phone out of someone's sight and/or compelling them to enter passwords by threat of force.
If you had an intelligence agency with a significant amount of APT penetration, you might look up every person who requests a visa on LinkedIn and determine if they can amplify the position of your APTs. Maybe you have compromised a taxi app or and and know what hotel they are going to and you can steal a notebook when they leave the room.
I think phone out of your possession is a credible attack, maybe less so today, absolutely 10 years ago it was. Pegasus is a thing, and there were definitely rumors that Chinese police had a little USB stick they could put into peoples phones that would install an app that then disappears from the home screen.
For as long as I can remember, it is hammered into every person who works around security that "no physical security means no security." Losing possession of your phone is the loss of physical security.
Right, I'm with you. I can totally appreciate what even small compromises can open up.
My wife's laptop just got compromised a couple of weeks ago, and I've been diving down the security rabbit hole of figuring out how it happened, what's going on on my network and my computer and phones etc. It has been a rude awakening as to the sheer amount of blind trust I've been placing in all my devices. After watching what network traffic comes and goes on my laptop and how much info gets recorded by the system I've come to the conclusion that modern OSes and browsers that aren't explicitly privacy focuses are basically spyware. My new mindset is 'assume everything is compromised at all times and treat it accordingly'.
I ran OSForensics on the machine last night. It was my first time running a tool like this, and I while I didn't manage to find a smoking gun, I did find some questionable files masquerading as an installer where there were all kinds of different files and file types but they were actually all executables. I wound up deleting those.
What I did discover is that by default Chrome captures and stores every field you submit to every form in a SQLite database. The amount of PII that turned up was absolutely staggering. If I could only exfiltrate one file from a machine, it would be that.
It sort of boggles the mind that that's a thing at all. I don't ever want to touch a browser ever again.
It's naïve in our system where problems are not solved as a group, but as a sum of individuals. If you don't trust someone to do something on your computer, then you also probably don't trust them to do much more outside; how can they be a part of the community if they aren't to be trusted ? We have abandoned all community-building to the state, and the state decides collective rules even though the state cannot manage a group this size with the best intents, especially considering the political-economic system we're in; it must assume everyone is problematic by default, and everyone's interest is at odds with the state interest.
Stallman talks about anarchy, a system that seems to have been in place there at the time; one of the central tenet of anarchism is conviviality and building a community together. Everyone who is part of the community is trusted. In this system, you don't need passwords.
