The idea that someone is going to invent and remember a password for every dumb service is not real, and when you build another password based authentication system, you are doing a kind of LARP.
Passwords are used in one of two ways:
1. a password manager guarded by a single actual password
2. the same password repeated between services
Practically every service offers e-mail recovery, so, in practice, your e-mail is your authentication.
Personal e-mail accounts are rarely replaced, not shared, and aren't reused. You've probably had your personal e-mail longer than your phone number. I've had at least five phone numbers in the life time of my current e-mail address. Other people now have those numbers.
There are also derived passwords, which are kind of a hybrid. Either as a pattern the human remembers or a manager that does the calculation per domain.
I'd also add that forgot password features at least notify the address owner of every attempt. Password based logins don't always email on every login from a new location.
Apple has made the incredibly annoying “you can’t just enter your 1Password/keychain password, you have to dick around with email” process much nicer; at least when it can recognize the email/text and enter the code for you.
Apple is the worst about this. The only option is that they send a message to an Apple device. I only have an iPad and not an iPhone or Macbook, so I often simply cannot log into my Apple account because they refuse to do anything else besides send it to an Apple device.
Yes, it is true. There are indeed cases where you are not presented with SMS options.
And I'm not going to purchase and carry around a hardware key just for the privilege of periodically logging into my Apple accounts.
Maybe Apple shouldn't force you to own an Apple device to login to your accounts? They've been sued about this before and lost. If Microsoft did this, people would lose their minds.
One may notice this has something to do with mutability. If there isn’t a surrogate key, the record isn’t mutable. The database may let you change it, but the new record has a new identity. Mutability as a concept requires a common identity across time. Languages permitting mutability are using a pointer or reference as an implicit surrogate identity. A typical database can’t offer this, hence the need to put explicit surrogate keys into the schema. You cannot say “this changed” unless you can refer to both samples as a common “this”.
While that is true, for correctness appends should supplant updates. On HN, many users (like myself) have posted comments for over a decade. Suppose I changed my username from "bjourne" to "SpongeBob"... Should the comments I wrote in 2010 show up as having been authored by "SpongeBob" or "bjourne"? I'd strongly argue in favor of the latter since the former would constitute falsifying history. The "change" in username should be viewed as the creation of a new personae rather than a "change".
DC-X predates Carmack and SpaceX both. The actual challenge is to produce an economically viable product that can survive beyond grants and investors. This is important, as it determines whether the system continues to operate or not. Falcon 9, and not the DC-X, flies today.
I think doing it with booster capable of actually putting things into orbit must be a challenging aspect of the problem too. DC-X and Carmack weren't doing this part.
This. For inexperienced developers, I advise thus; don't consume answers you don't understand. If you can't read it, interrogate it, and find a question at your own level. When you accept its emission, you're taking responsibility for it, and beyond a certain low level, it can't do your thinking for you.
This is a known design flaw of LLMs. This gets posted once a month for years. It’s disheartening to see very technically adept people still find this exciting. GPT3 has been out for years, why don’t more “hackers” know about tokenizers?
Basically, LLMs are “blind”. Fragments of text are converted to tokens, forming something like a big enum of possible tokens.
They can’t see spellings; they cannot see the letters.
So, they can’t handle things like “how many letters are in Mississippi?” reliably.
Due to chat bots running with nonzero temperature, they will sometimes emit a right answer just because the dice rolled in its favor. So if you go try this and get a good answer, that’s not conclusive either.
That’s the thing we’re dealing with, that’s how it works, that’s what it is.
> That’s the thing we’re dealing with, that’s how it works, that’s what it is
That's not how they're being marketed. That's the disconnect. Gemini is being marketed as competent enough to write ad copy [1], to be trusted with your brand. Yet it will confidently tell you to go eat glue [2].
> It’s disheartening to see very technically adept people still find this exciting.
I dont think this is what people find amusing. I think people are more so surprised that Google, the trillion dollar company, has pushed an update that could result in such a bad response to a somewhat basic query.
No matter how you chop up the technical details, search needs to provide good results to end users- and in this example shown, it's not doing that.
I suppose if I kept seeing Ford Pintos not only driving down the highway, but replacing Ford owners' other models unannounced (for free, at midnight), and some Ford suit patiently explained to me that the gas tank was "a known design flaw of Ford Pintos", that the design of the Pinto was several years old, and how disheartened he was that "more drivers don't know about rear-end collisions", it would dampen my excitement a little.
I don't read this as a "Look how dumb LLMs are", I read this as, "Look at Google destroying their credibility by putting a technology that has known flaws front and center in their search". For the past 3-5 years there've been a growing number of people talking about how Google search is in decline and stuff like this is just fuel on that fire.
Thing is, LLM advocates/enthusiasts keep saying "it'll get better". That's basically the entire premise of the current LLM bubble; clearly the _current_ stuff is, at best, marginally useful with heavy human supervision, but it's a Jam Tomorrow situation; everything is predicated on it getting better.
And it does not get better. And I mean, in one sense, yeah, obviously it does not, but given the amount of money that's being pumped into this stuff, that it is still broken in the same ways that it was always broken is a concern.
I don't see why some tokens could not get associated with "begins with A". The models are obviously not trained enough on such examples to do it consistently, but I would not say they are "blind".
It answers: “There are three "R"s in the word "przepraszam.””
It’s interesting that you think other LLMs don’t have this issue. I assume you don’t find this technology important. That’s OK and you might be right, but then I don’t know why comment on it.
It would need a bit more than CoT; in this case probably it would actually need to write code, find a dataset and run the code. ChatGPT (the consumer product, not the model) can do part of this, but the model alone will tend to fail as it simply doesn’t have most spellings. A bigger meta problem is that the model doesn’t know if it knows something or not, so letting a model provide information from its “gut” is catastrophically unreliable. It can’t even know if it should look something up or not, except with a stereotype of itself, which will also be very sloppy.
And it’s on top of Google because important people making decisions don’t understand this and think these are “bugs” that will be “fixed”.
The tweet in question was posted today. The point here isn't to rehash how LLMs can't distinguish letters from tokens. It's to highlight how Google's AI-generated answer will grab a blatantly false fact from the internet and use it as an authoritative source for its answers.
No, it doesn’t show that. There is no source in the screenshot. It’s a screenshot of an LLM generated answer, looking exactly how they do. It’s true, however, that someone tweeted this again.
"just" be paranoid? A health person's reaction to a weak response is probably to assume, with some humility, that others didn't appreciate their comment so much. We're talking here about how the social media platform _ought to behave._
I’ve faced this viscerally with copilot. I picked it up to type for me after a sport injury. Last week, though, I had an experience; I was falling ill and “not all there.” None of the AI tools were of any help. Copilot is like a magical thought finisher, but if I don’t have the thought in the first place, everything stops.
With this technology, faster chips will solve it _for an application-specific definition of "solved."_
The models aren't actually capable of taking into account everything in their context window with industrial yields.
These are stochastic processes, not in the "stochastic parrot" sense, but in the sense of "you are manufacturing emissions and have some measurable rate of success." Like a condom factory.
When you reduce the amount of information you inject, you both decrease cost and improve yield.
"RAG" is application specific methods of estimating which information to admit to the context window. In other words, we use domain knowledge and labor to reduce computational load.
When to do that is a matter of economy.
The economics of RAG in 2024 differ from 2022, and will differ in 2026.
So the question that matters is, "given my timeframe, and current pricing, do I need RAG to deliver my application?"
The second question is, "what's an acceptable yield, and how do I measure it?"
You can't answer that for 2026, because, frankly, you don't even know what you'll be working on.
Wow that's fun. Stirs the imagination. Suppose the Sun is "alive". It's entirely probably that it isn't aware of us. Suppose we found evidence of interstellar communications, and attempted to signal the the Sun --- and, like some startled scorpion, it reacts at once by hitting us with its hardest CME.
Passwords are used in one of two ways:
1. a password manager guarded by a single actual password
2. the same password repeated between services
Practically every service offers e-mail recovery, so, in practice, your e-mail is your authentication.
Personal e-mail accounts are rarely replaced, not shared, and aren't reused. You've probably had your personal e-mail longer than your phone number. I've had at least five phone numbers in the life time of my current e-mail address. Other people now have those numbers.