Top Stories Daily

The latest thought-provoking Fediverse stories

There is no better way to demonstrate how Murmel works than give you a taste of it right away. This page aggregates the most widely shared news and articles from a broad range of people across the Fediverse. You can get those in your favorite RSS reader too. Want the news and stories that matter to you personally? Sign up and enjoy a fully-tailored experience free for 30 days.

Russia's War Against Evangelicals

time.com · Apr 20

Putin's Russia has led an at times brutal campaign against evangelicals inside Russia and in the occupied parts of Ukraine.

Shared by @Npars01 and 23 others.
João Costa 💚🌻🇵🇹🇺🇦🇪🇺🇬🇧 (@joaocosta) · Apr 20
🔁 @anneapplebaum:

Russia's war on evangelical Christians, stunning reporting from Peter Pomerantsev
"By hurting those who practice an “American” religion," he writes, "the Kremlin can claim it is striking against American power—while picking on the powerless."

time.com/6969273/russias-war-a

cpep (@cpep) · Apr 20
🔁 @anneapplebaum:

Russia's war on evangelical Christians, stunning reporting from Peter Pomerantsev
"By hurting those who practice an “American” religion," he writes, "the Kremlin can claim it is striking against American power—while picking on the powerless."

time.com/6969273/russias-war-a

Kindness is as kindness does (@qurlyjoe) · Apr 20
🔁 @anneapplebaum:

Russia's war on evangelical Christians, stunning reporting from Peter Pomerantsev
"By hurting those who practice an “American” religion," he writes, "the Kremlin can claim it is striking against American power—while picking on the powerless."

time.com/6969273/russias-war-a

Mary Ann Horn (@makkhorn) · Apr 20
🔁 @anneapplebaum:

Russia's war on evangelical Christians, stunning reporting from Peter Pomerantsev
"By hurting those who practice an “American” religion," he writes, "the Kremlin can claim it is striking against American power—while picking on the powerless."

time.com/6969273/russias-war-a

Darwin Woodka (@darwinwoodka) · Apr 20
🔁 @anneapplebaum:

Russia's war on evangelical Christians, stunning reporting from Peter Pomerantsev
"By hurting those who practice an “American” religion," he writes, "the Kremlin can claim it is striking against American power—while picking on the powerless."

time.com/6969273/russias-war-a

Herman 🇪🇺🇺🇦🇾🇪 (@Herman) · Apr 20
🔁 @anneapplebaum:

Russia's war on evangelical Christians, stunning reporting from Peter Pomerantsev
"By hurting those who practice an “American” religion," he writes, "the Kremlin can claim it is striking against American power—while picking on the powerless."

time.com/6969273/russias-war-a

K2 (@Krosen_nw) · Apr 20
🔁 @anneapplebaum:

Russia's war on evangelical Christians, stunning reporting from Peter Pomerantsev
"By hurting those who practice an “American” religion," he writes, "the Kremlin can claim it is striking against American power—while picking on the powerless."

time.com/6969273/russias-war-a

Peter Nimmo (@Peternimmo) · Apr 20
🔁 @anneapplebaum:

Russia's war on evangelical Christians, stunning reporting from Peter Pomerantsev
"By hurting those who practice an “American” religion," he writes, "the Kremlin can claim it is striking against American power—while picking on the powerless."

time.com/6969273/russias-war-a

Lisa Melton (@lisamelton) · Apr 20
🔁 @anneapplebaum:

Russia's war on evangelical Christians, stunning reporting from Peter Pomerantsev
"By hurting those who practice an “American” religion," he writes, "the Kremlin can claim it is striking against American power—while picking on the powerless."

time.com/6969273/russias-war-a

Scientists push new paradigm of animal consciousness, saying even insects may be sentient

nbcnews.com · Apr 19

Far more animals than previously thought likely have consciousness, top scientists say in a new declaration — including fish, lobsters and octopus.

Shared by @alicia_izquierdo and 65 others.
Lazarou Monkey Terror 🚀💙🌈 (@Lazarou) · Apr 20
🔁 @baldur:

“Scientists push new paradigm of animal consciousness”

This is what I discovered while researching my “AI risks” book: we’ve systematically UNDERestimated the intelligence and consciousness of animals while at the same OVERestimating the intelligence of machines and software nbcnews.com/science/rcna148213

yes, it's me, liza 🇵🇷 🦛 🦦 (@blogdiva) · Apr 20
🔁 @DharmaDog:

#consciousness #neuroscience
"The more scientists test animals, the more they find that many species may have inner lives and be sentient."

NBC News:
Scientists push new paradigm of animal consciousness

"Far more animals than previously thought likely have consciousness, top scientists say in a new declaration — including fish, lobsters and octopus."
nbcnews.com/science/science-ne

Nicole Herzog (@primatdufeu) · Apr 19
🔁 @DharmaDog:

#consciousness #neuroscience
"The more scientists test animals, the more they find that many species may have inner lives and be sentient."

NBC News:
Scientists push new paradigm of animal consciousness

"Far more animals than previously thought likely have consciousness, top scientists say in a new declaration — including fish, lobsters and octopus."
nbcnews.com/science/science-ne

melanie ensign (she/her) (@Wednesday) · Apr 20
🔁 @Wolven:

Your periodic reminder that we don't know what consciousness is, and every time we make a test or category for it, we end up having to include many kinds of minds and lives that make a LOT of people Very uncomfortable; and we also end up Excluding kinds of Humans, a fact which SHOULD make More of us more uncomfortable than it does.
nbcnews.com/science/science-ne

GhostOnTheHalfShell (@GhostOnTheHalfShell) · Apr 20
🔁 @Wolven:

Your periodic reminder that we don't know what consciousness is, and every time we make a test or category for it, we end up having to include many kinds of minds and lives that make a LOT of people Very uncomfortable; and we also end up Excluding kinds of Humans, a fact which SHOULD make More of us more uncomfortable than it does.
nbcnews.com/science/science-ne

Eric Eggert (@yatil) · Apr 20
🔁 @baldur:

“Scientists push new paradigm of animal consciousness”

This is what I discovered while researching my “AI risks” book: we’ve systematically UNDERestimated the intelligence and consciousness of animals while at the same OVERestimating the intelligence of machines and software nbcnews.com/science/rcna148213

Dawn Ahukanna (@dahukanna) · Apr 20
🔁 @Wolven:

Your periodic reminder that we don't know what consciousness is, and every time we make a test or category for it, we end up having to include many kinds of minds and lives that make a LOT of people Very uncomfortable; and we also end up Excluding kinds of Humans, a fact which SHOULD make More of us more uncomfortable than it does.
nbcnews.com/science/science-ne

Cyrus.Dog (@Cyrus) · Apr 20
🔁 @Wolven:

Your periodic reminder that we don't know what consciousness is, and every time we make a test or category for it, we end up having to include many kinds of minds and lives that make a LOT of people Very uncomfortable; and we also end up Excluding kinds of Humans, a fact which SHOULD make More of us more uncomfortable than it does.
nbcnews.com/science/science-ne

skry (@skry) · Apr 20
🔁 @DharmaDog:

#consciousness #neuroscience
"The more scientists test animals, the more they find that many species may have inner lives and be sentient."

NBC News:
Scientists push new paradigm of animal consciousness

"Far more animals than previously thought likely have consciousness, top scientists say in a new declaration — including fish, lobsters and octopus."
nbcnews.com/science/science-ne

Millions of Birds Now Migrating Safely Through Darkened Texas Cities After Successful Lights Out Campaign

goodnewsnetwork.org · Apr 19

Reducing the reflections from exterior lighting on tall buildings worked to prevent 60% of all bird collision deaths in cities like Houston.

Shared by @Shadedlady and 34 others.
Worth reading

The Cascade

csscade.com · Apr 20

The Cascade is a member-supported blog about the past, present, and future of CSS.

Shared by @vmbrasseur and 13 others.
Stephen Bannasch (@stepheneb) · Apr 21
🔁 @fonts:

Last night I secretly/quietly hit the publish button on a new version of The Cascade I’ve been workin’ on all week. It’s a fresh new blog about the past, present, and future of CSS: csscade.com/

Jan :rust: :ferris: (@janriemer) · Apr 20
🔁 @fonts:

Last night I secretly/quietly hit the publish button on a new version of The Cascade I’ve been workin’ on all week. It’s a fresh new blog about the past, present, and future of CSS: csscade.com/

Jason Cosper (@boogah) · Apr 20
🔁 @fonts:

Last night I secretly/quietly hit the publish button on a new version of The Cascade I’ve been workin’ on all week. It’s a fresh new blog about the past, present, and future of CSS: csscade.com/

VM (Vicky) Brasseur (@vmbrasseur) · Apr 21
🔁 @fonts:

Last night I secretly/quietly hit the publish button on a new version of The Cascade I’ve been workin’ on all week. It’s a fresh new blog about the past, present, and future of CSS: csscade.com/

jenn schiffer (@jenn) · Apr 21
🔁 @fonts:

Last night I secretly/quietly hit the publish button on a new version of The Cascade I’ve been workin’ on all week. It’s a fresh new blog about the past, present, and future of CSS: csscade.com/

Paul Robert Lloyd 🐢 (@paulrobertlloyd) · Apr 20
🔁 @fonts:

Last night I secretly/quietly hit the publish button on a new version of The Cascade I’ve been workin’ on all week. It’s a fresh new blog about the past, present, and future of CSS: csscade.com/

Sara Joy :happy_pepper: (@sarajw) · Apr 20
🔁 @fonts:

Last night I secretly/quietly hit the publish button on a new version of The Cascade I’ve been workin’ on all week. It’s a fresh new blog about the past, present, and future of CSS: csscade.com/

jimray (@jimray) · Apr 21
🔁 @fonts:

Last night I secretly/quietly hit the publish button on a new version of The Cascade I’ve been workin’ on all week. It’s a fresh new blog about the past, present, and future of CSS: csscade.com/

Saneef H. Ansari (@saneef) · Apr 20
🔁 @fonts:

Last night I secretly/quietly hit the publish button on a new version of The Cascade I’ve been workin’ on all week. It’s a fresh new blog about the past, present, and future of CSS: csscade.com/

GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories

darkreading.com · Apr 20

Existing AI technology can allow hackers to automate exploits for public vulnerabilities in minutes flat. Very soon, diligent patching will no longer be optional.

Shared by @chris and 29 others.
Eric Carroll (@EricCarroll) · Apr 20
🔁 @mttaggart:

So, about this claim that GPT-4 can exploit 1-day vulnerabilities.

I smell BS.

As always, I
read the source paper.

Firstly, almost every vulnerability that was tested was on extremely well-discussed open source software, and each vuln was of a class with extensive prior work. I would be shocked if a modern LLM
couldn't produce a XSS proof-of-concept in this way.

But what's worse: they don't actually show the resulting exploit. The authors cite some kind of responsible disclosure standard for not releasing the prompts to GPT-4, which, fine. But these are all known vulns, so let's see what the model came up with.

Without seeing the exploit itself, I am dubious.

Especially because so much is keyed off of the CVE description:

We then modified our agent to not include the CVE description. This task is now substantially more difficult, requiring both finding the vulnerability and then actually exploiting it. Because every other method (GPT-3.5 and all other open-source models we tested) achieved a 0% success rate even with the vulnerability description, the subsequent experiments are conducted on GPT-4 only. After removing the CVE description, the success rate falls from 87% to 7%.

This suggests that determining the vulnerability is extremely challenging.
Even the identification of the vuln—which GPT-4 did 33% of the time—is a ludicrous metric. The options from the set are:

1. RCE
2. XSS
3. SQLI
4. CSRF
5. SSTI

With the first three over-represented. It would be surprising if the model did worse than 33%, even doing random sampling.

In their conclusion, the authors call their findings an "emergent capability," of GPT-4, given that every other model they tested had a 0% success rate.

At no point do the authors blink at this finding and interrogate their priors to look for potential error sources. But they really should.

So no, I do not believe we are in any danger of GPT-4 becoming an exploit dev.

C.Suthorn :prn: (@Life_is) · Apr 20
🔁 @mttaggart:

So, about this claim that GPT-4 can exploit 1-day vulnerabilities.

I smell BS.

As always, I
read the source paper.

Firstly, almost every vulnerability that was tested was on extremely well-discussed open source software, and each vuln was of a class with extensive prior work. I would be shocked if a modern LLM
couldn't produce a XSS proof-of-concept in this way.

But what's worse: they don't actually show the resulting exploit. The authors cite some kind of responsible disclosure standard for not releasing the prompts to GPT-4, which, fine. But these are all known vulns, so let's see what the model came up with.

Without seeing the exploit itself, I am dubious.

Especially because so much is keyed off of the CVE description:

We then modified our agent to not include the CVE description. This task is now substantially more difficult, requiring both finding the vulnerability and then actually exploiting it. Because every other method (GPT-3.5 and all other open-source models we tested) achieved a 0% success rate even with the vulnerability description, the subsequent experiments are conducted on GPT-4 only. After removing the CVE description, the success rate falls from 87% to 7%.

This suggests that determining the vulnerability is extremely challenging.
Even the identification of the vuln—which GPT-4 did 33% of the time—is a ludicrous metric. The options from the set are:

1. RCE
2. XSS
3. SQLI
4. CSRF
5. SSTI

With the first three over-represented. It would be surprising if the model did worse than 33%, even doing random sampling.

In their conclusion, the authors call their findings an "emergent capability," of GPT-4, given that every other model they tested had a 0% success rate.

At no point do the authors blink at this finding and interrogate their priors to look for potential error sources. But they really should.

So no, I do not believe we are in any danger of GPT-4 becoming an exploit dev.

tante (@tante) · Apr 20
🔁 @mttaggart:

So, about this claim that GPT-4 can exploit 1-day vulnerabilities.

I smell BS.

As always, I
read the source paper.

Firstly, almost every vulnerability that was tested was on extremely well-discussed open source software, and each vuln was of a class with extensive prior work. I would be shocked if a modern LLM
couldn't produce a XSS proof-of-concept in this way.

But what's worse: they don't actually show the resulting exploit. The authors cite some kind of responsible disclosure standard for not releasing the prompts to GPT-4, which, fine. But these are all known vulns, so let's see what the model came up with.

Without seeing the exploit itself, I am dubious.

Especially because so much is keyed off of the CVE description:

We then modified our agent to not include the CVE description. This task is now substantially more difficult, requiring both finding the vulnerability and then actually exploiting it. Because every other method (GPT-3.5 and all other open-source models we tested) achieved a 0% success rate even with the vulnerability description, the subsequent experiments are conducted on GPT-4 only. After removing the CVE description, the success rate falls from 87% to 7%.

This suggests that determining the vulnerability is extremely challenging.
Even the identification of the vuln—which GPT-4 did 33% of the time—is a ludicrous metric. The options from the set are:

1. RCE
2. XSS
3. SQLI
4. CSRF
5. SSTI

With the first three over-represented. It would be surprising if the model did worse than 33%, even doing random sampling.

In their conclusion, the authors call their findings an "emergent capability," of GPT-4, given that every other model they tested had a 0% success rate.

At no point do the authors blink at this finding and interrogate their priors to look for potential error sources. But they really should.

So no, I do not believe we are in any danger of GPT-4 becoming an exploit dev.

Jan (@jmalonzo) · Apr 20
🔁 @mttaggart:

So, about this claim that GPT-4 can exploit 1-day vulnerabilities.

I smell BS.

As always, I
read the source paper.

Firstly, almost every vulnerability that was tested was on extremely well-discussed open source software, and each vuln was of a class with extensive prior work. I would be shocked if a modern LLM
couldn't produce a XSS proof-of-concept in this way.

But what's worse: they don't actually show the resulting exploit. The authors cite some kind of responsible disclosure standard for not releasing the prompts to GPT-4, which, fine. But these are all known vulns, so let's see what the model came up with.

Without seeing the exploit itself, I am dubious.

Especially because so much is keyed off of the CVE description:

We then modified our agent to not include the CVE description. This task is now substantially more difficult, requiring both finding the vulnerability and then actually exploiting it. Because every other method (GPT-3.5 and all other open-source models we tested) achieved a 0% success rate even with the vulnerability description, the subsequent experiments are conducted on GPT-4 only. After removing the CVE description, the success rate falls from 87% to 7%.

This suggests that determining the vulnerability is extremely challenging.
Even the identification of the vuln—which GPT-4 did 33% of the time—is a ludicrous metric. The options from the set are:

1. RCE
2. XSS
3. SQLI
4. CSRF
5. SSTI

With the first three over-represented. It would be surprising if the model did worse than 33%, even doing random sampling.

In their conclusion, the authors call their findings an "emergent capability," of GPT-4, given that every other model they tested had a 0% success rate.

At no point do the authors blink at this finding and interrogate their priors to look for potential error sources. But they really should.

So no, I do not believe we are in any danger of GPT-4 becoming an exploit dev.

roland (@roland) · Apr 20
🔁 @mttaggart:

So, about this claim that GPT-4 can exploit 1-day vulnerabilities.

I smell BS.

As always, I
read the source paper.

Firstly, almost every vulnerability that was tested was on extremely well-discussed open source software, and each vuln was of a class with extensive prior work. I would be shocked if a modern LLM
couldn't produce a XSS proof-of-concept in this way.

But what's worse: they don't actually show the resulting exploit. The authors cite some kind of responsible disclosure standard for not releasing the prompts to GPT-4, which, fine. But these are all known vulns, so let's see what the model came up with.

Without seeing the exploit itself, I am dubious.

Especially because so much is keyed off of the CVE description:

We then modified our agent to not include the CVE description. This task is now substantially more difficult, requiring both finding the vulnerability and then actually exploiting it. Because every other method (GPT-3.5 and all other open-source models we tested) achieved a 0% success rate even with the vulnerability description, the subsequent experiments are conducted on GPT-4 only. After removing the CVE description, the success rate falls from 87% to 7%.

This suggests that determining the vulnerability is extremely challenging.
Even the identification of the vuln—which GPT-4 did 33% of the time—is a ludicrous metric. The options from the set are:

1. RCE
2. XSS
3. SQLI
4. CSRF
5. SSTI

With the first three over-represented. It would be surprising if the model did worse than 33%, even doing random sampling.

In their conclusion, the authors call their findings an "emergent capability," of GPT-4, given that every other model they tested had a 0% success rate.

At no point do the authors blink at this finding and interrogate their priors to look for potential error sources. But they really should.

So no, I do not believe we are in any danger of GPT-4 becoming an exploit dev.

Bianca Kastl (@bkastl) · Apr 20
🔁 @mttaggart:

So, about this claim that GPT-4 can exploit 1-day vulnerabilities.

I smell BS.

As always, I
read the source paper.

Firstly, almost every vulnerability that was tested was on extremely well-discussed open source software, and each vuln was of a class with extensive prior work. I would be shocked if a modern LLM
couldn't produce a XSS proof-of-concept in this way.

But what's worse: they don't actually show the resulting exploit. The authors cite some kind of responsible disclosure standard for not releasing the prompts to GPT-4, which, fine. But these are all known vulns, so let's see what the model came up with.

Without seeing the exploit itself, I am dubious.

Especially because so much is keyed off of the CVE description:

We then modified our agent to not include the CVE description. This task is now substantially more difficult, requiring both finding the vulnerability and then actually exploiting it. Because every other method (GPT-3.5 and all other open-source models we tested) achieved a 0% success rate even with the vulnerability description, the subsequent experiments are conducted on GPT-4 only. After removing the CVE description, the success rate falls from 87% to 7%.

This suggests that determining the vulnerability is extremely challenging.
Even the identification of the vuln—which GPT-4 did 33% of the time—is a ludicrous metric. The options from the set are:

1. RCE
2. XSS
3. SQLI
4. CSRF
5. SSTI

With the first three over-represented. It would be surprising if the model did worse than 33%, even doing random sampling.

In their conclusion, the authors call their findings an "emergent capability," of GPT-4, given that every other model they tested had a 0% success rate.

At no point do the authors blink at this finding and interrogate their priors to look for potential error sources. But they really should.

So no, I do not believe we are in any danger of GPT-4 becoming an exploit dev.

MaineC (@mainec) · Apr 20
🔁 @mttaggart:

So, about this claim that GPT-4 can exploit 1-day vulnerabilities.

I smell BS.

As always, I
read the source paper.

Firstly, almost every vulnerability that was tested was on extremely well-discussed open source software, and each vuln was of a class with extensive prior work. I would be shocked if a modern LLM
couldn't produce a XSS proof-of-concept in this way.

But what's worse: they don't actually show the resulting exploit. The authors cite some kind of responsible disclosure standard for not releasing the prompts to GPT-4, which, fine. But these are all known vulns, so let's see what the model came up with.

Without seeing the exploit itself, I am dubious.

Especially because so much is keyed off of the CVE description:

We then modified our agent to not include the CVE description. This task is now substantially more difficult, requiring both finding the vulnerability and then actually exploiting it. Because every other method (GPT-3.5 and all other open-source models we tested) achieved a 0% success rate even with the vulnerability description, the subsequent experiments are conducted on GPT-4 only. After removing the CVE description, the success rate falls from 87% to 7%.

This suggests that determining the vulnerability is extremely challenging.
Even the identification of the vuln—which GPT-4 did 33% of the time—is a ludicrous metric. The options from the set are:

1. RCE
2. XSS
3. SQLI
4. CSRF
5. SSTI

With the first three over-represented. It would be surprising if the model did worse than 33%, even doing random sampling.

In their conclusion, the authors call their findings an "emergent capability," of GPT-4, given that every other model they tested had a 0% success rate.

At no point do the authors blink at this finding and interrogate their priors to look for potential error sources. But they really should.

So no, I do not believe we are in any danger of GPT-4 becoming an exploit dev.

Tod Beardsley 🏴‍☠️ (@todb) · Apr 20
🔁 @mttaggart:

So, about this claim that GPT-4 can exploit 1-day vulnerabilities.

I smell BS.

As always, I
read the source paper.

Firstly, almost every vulnerability that was tested was on extremely well-discussed open source software, and each vuln was of a class with extensive prior work. I would be shocked if a modern LLM
couldn't produce a XSS proof-of-concept in this way.

But what's worse: they don't actually show the resulting exploit. The authors cite some kind of responsible disclosure standard for not releasing the prompts to GPT-4, which, fine. But these are all known vulns, so let's see what the model came up with.

Without seeing the exploit itself, I am dubious.

Especially because so much is keyed off of the CVE description:

We then modified our agent to not include the CVE description. This task is now substantially more difficult, requiring both finding the vulnerability and then actually exploiting it. Because every other method (GPT-3.5 and all other open-source models we tested) achieved a 0% success rate even with the vulnerability description, the subsequent experiments are conducted on GPT-4 only. After removing the CVE description, the success rate falls from 87% to 7%.

This suggests that determining the vulnerability is extremely challenging.
Even the identification of the vuln—which GPT-4 did 33% of the time—is a ludicrous metric. The options from the set are:

1. RCE
2. XSS
3. SQLI
4. CSRF
5. SSTI

With the first three over-represented. It would be surprising if the model did worse than 33%, even doing random sampling.

In their conclusion, the authors call their findings an "emergent capability," of GPT-4, given that every other model they tested had a 0% success rate.

At no point do the authors blink at this finding and interrogate their priors to look for potential error sources. But they really should.

So no, I do not believe we are in any danger of GPT-4 becoming an exploit dev.

Taggart :donor: (@mttaggart) · Apr 20

So, about this claim that GPT-4 can exploit 1-day vulnerabilities.

I smell BS.

As always, I
read the source paper.

Firstly, almost every vulnerability that was tested was on extremely well-discussed open source software, and each vuln was of a class with extensive prior work. I would be shocked if a modern LLM
couldn't produce a XSS proof-of-concept in this way.

But what's worse: they don't actually show the resulting exploit. The authors cite some kind of responsible disclosure standard for not releasing the prompts to GPT-4, which, fine. But these are all known vulns, so let's see what the model came up with.

Without seeing the exploit itself, I am dubious.

Especially because so much is keyed off of the CVE description:

We then modified our agent to not include the CVE description. This task is now substantially more difficult, requiring both finding the vulnerability and then actually exploiting it. Because every other method (GPT-3.5 and all other open-source models we tested) achieved a 0% success rate even with the vulnerability description, the subsequent experiments are conducted on GPT-4 only. After removing the CVE description, the success rate falls from 87% to 7%.

This suggests that determining the vulnerability is extremely challenging.
Even the identification of the vuln—which GPT-4 did 33% of the time—is a ludicrous metric. The options from the set are:

1. RCE
2. XSS
3. SQLI
4. CSRF
5. SSTI

With the first three over-represented. It would be surprising if the model did worse than 33%, even doing random sampling.

In their conclusion, the authors call their findings an "emergent capability," of GPT-4, given that every other model they tested had a 0% success rate.

At no point do the authors blink at this finding and interrogate their priors to look for potential error sources. But they really should.

So no, I do not believe we are in any danger of GPT-4 becoming an exploit dev.

chris@strafpla.net (@chris) · Apr 20
🔁 @mttaggart:

So, about this claim that GPT-4 can exploit 1-day vulnerabilities.

I smell BS.

As always, I
read the source paper.

Firstly, almost every vulnerability that was tested was on extremely well-discussed open source software, and each vuln was of a class with extensive prior work. I would be shocked if a modern LLM
couldn't produce a XSS proof-of-concept in this way.

But what's worse: they don't actually show the resulting exploit. The authors cite some kind of responsible disclosure standard for not releasing the prompts to GPT-4, which, fine. But these are all known vulns, so let's see what the model came up with.

Without seeing the exploit itself, I am dubious.

Especially because so much is keyed off of the CVE description:

We then modified our agent to not include the CVE description. This task is now substantially more difficult, requiring both finding the vulnerability and then actually exploiting it. Because every other method (GPT-3.5 and all other open-source models we tested) achieved a 0% success rate even with the vulnerability description, the subsequent experiments are conducted on GPT-4 only. After removing the CVE description, the success rate falls from 87% to 7%.

This suggests that determining the vulnerability is extremely challenging.
Even the identification of the vuln—which GPT-4 did 33% of the time—is a ludicrous metric. The options from the set are:

1. RCE
2. XSS
3. SQLI
4. CSRF
5. SSTI

With the first three over-represented. It would be surprising if the model did worse than 33%, even doing random sampling.

In their conclusion, the authors call their findings an "emergent capability," of GPT-4, given that every other model they tested had a 0% success rate.

At no point do the authors blink at this finding and interrogate their priors to look for potential error sources. But they really should.

So no, I do not believe we are in any danger of GPT-4 becoming an exploit dev.

Remembering John G. Trimble

startrek.com · Apr 19

StarTrek.com honors the luminary whose contributions saved the Star Trek universe.

Shared by @Taotica and 22 others.
TaoTao (@Taotica) · Apr 21
🔁 @trekfan4747:

Sad news that John Trimble has died today. He and his wife Bjo organized the grassroots letter writing campaign that saved #StarTrekTOS. That led to a third season and enough episodes for the show to be syndicated.

Without their efforts, we wouldn’t have all of the amazing #StarTrek we’ve gotten ever since and that we continue to enjoy and be inspired by. RIP

startrek.com/news/remembering-

Stefan (@stefan) · Apr 20
🔁 @trekfan4747:

Sad news that John Trimble has died today. He and his wife Bjo organized the grassroots letter writing campaign that saved #StarTrekTOS. That led to a third season and enough episodes for the show to be syndicated.

Without their efforts, we wouldn’t have all of the amazing #StarTrek we’ve gotten ever since and that we continue to enjoy and be inspired by. RIP

startrek.com/news/remembering-

AnneTheWriter (@AnneTheWriter1) · Apr 20
🔁 @trekfan4747:

Sad news that John Trimble has died today. He and his wife Bjo organized the grassroots letter writing campaign that saved #StarTrekTOS. That led to a third season and enough episodes for the show to be syndicated.

Without their efforts, we wouldn’t have all of the amazing #StarTrek we’ve gotten ever since and that we continue to enjoy and be inspired by. RIP

startrek.com/news/remembering-

skry (@skry) · Apr 20
🔁 @trekfan4747:

Sad news that John Trimble has died today. He and his wife Bjo organized the grassroots letter writing campaign that saved #StarTrekTOS. That led to a third season and enough episodes for the show to be syndicated.

Without their efforts, we wouldn’t have all of the amazing #StarTrek we’ve gotten ever since and that we continue to enjoy and be inspired by. RIP

startrek.com/news/remembering-

rickf (@rickf) · Apr 20
🔁 @trekfan4747:

Sad news that John Trimble has died today. He and his wife Bjo organized the grassroots letter writing campaign that saved #StarTrekTOS. That led to a third season and enough episodes for the show to be syndicated.

Without their efforts, we wouldn’t have all of the amazing #StarTrek we’ve gotten ever since and that we continue to enjoy and be inspired by. RIP

startrek.com/news/remembering-

Jiko Rojino (@jikodesu) · Apr 19
🔁 @trekfan4747:

Sad news that John Trimble has died today. He and his wife Bjo organized the grassroots letter writing campaign that saved #StarTrekTOS. That led to a third season and enough episodes for the show to be syndicated.

Without their efforts, we wouldn’t have all of the amazing #StarTrek we’ve gotten ever since and that we continue to enjoy and be inspired by. RIP

startrek.com/news/remembering-

Lazarou Monkey Terror 🚀💙🌈 (@Lazarou) · Apr 19
🔁 @trekfan4747:

Sad news that John Trimble has died today. He and his wife Bjo organized the grassroots letter writing campaign that saved #StarTrekTOS. That led to a third season and enough episodes for the show to be syndicated.

Without their efforts, we wouldn’t have all of the amazing #StarTrek we’ve gotten ever since and that we continue to enjoy and be inspired by. RIP

startrek.com/news/remembering-

Velocirooster adminensis :bc: (@theropologist) · Apr 20
🔁 @trekfan4747:

Sad news that John Trimble has died today. He and his wife Bjo organized the grassroots letter writing campaign that saved #StarTrekTOS. That led to a third season and enough episodes for the show to be syndicated.

Without their efforts, we wouldn’t have all of the amazing #StarTrek we’ve gotten ever since and that we continue to enjoy and be inspired by. RIP

startrek.com/news/remembering-

Змей 🏳️‍🌈 (@zmeyche) · Apr 20
🔁 @trekfan4747:

Sad news that John Trimble has died today. He and his wife Bjo organized the grassroots letter writing campaign that saved #StarTrekTOS. That led to a third season and enough episodes for the show to be syndicated.

Without their efforts, we wouldn’t have all of the amazing #StarTrek we’ve gotten ever since and that we continue to enjoy and be inspired by. RIP

startrek.com/news/remembering-

Leo Fosse on Mastodon (@FosseLeo) · Apr 20
🔁 @trekfan4747:

Sad news that John Trimble has died today. He and his wife Bjo organized the grassroots letter writing campaign that saved #StarTrekTOS. That led to a third season and enough episodes for the show to be syndicated.

Without their efforts, we wouldn’t have all of the amazing #StarTrek we’ve gotten ever since and that we continue to enjoy and be inspired by. RIP

startrek.com/news/remembering-

Brave New Ukraine

foreignaffairs.com · Apr 20

How the world’s most besieged democracy Is adjusting to permanent war.

Shared by @JonChevreau and 13 others.
S the gardener (@tootiredtothink) · Apr 20
🔁 @anneapplebaum:

On the day Congress is preparing, finally, to vote on aid for Ukraine, read Natalya Gumenyuk on how Ukraine's democracy is adjusting to a state of permanent war
foreignaffairs.com/ukraine/bra

trending_bot (@trending_bot) · Apr 20
🔁 @anneapplebaum:

On the day Congress is preparing, finally, to vote on aid for Ukraine, read Natalya Gumenyuk on how Ukraine's democracy is adjusting to a state of permanent war
foreignaffairs.com/ukraine/bra

trends (@trendsbot) · Apr 20
🔁 @anneapplebaum:

On the day Congress is preparing, finally, to vote on aid for Ukraine, read Natalya Gumenyuk on how Ukraine's democracy is adjusting to a state of permanent war
foreignaffairs.com/ukraine/bra

Lisa Melton (@lisamelton) · Apr 20
🔁 @anneapplebaum:

On the day Congress is preparing, finally, to vote on aid for Ukraine, read Natalya Gumenyuk on how Ukraine's democracy is adjusting to a state of permanent war
foreignaffairs.com/ukraine/bra

Judy Olo (@JudyOlo) · Apr 20
🔁 @anneapplebaum:

On the day Congress is preparing, finally, to vote on aid for Ukraine, read Natalya Gumenyuk on how Ukraine's democracy is adjusting to a state of permanent war
foreignaffairs.com/ukraine/bra

Mastodon Migration (@mastodonmigration) · Apr 20
🔁 @anneapplebaum:

On the day Congress is preparing, finally, to vote on aid for Ukraine, read Natalya Gumenyuk on how Ukraine's democracy is adjusting to a state of permanent war
foreignaffairs.com/ukraine/bra

GhostOnTheHalfShell (@GhostOnTheHalfShell) · Apr 20
🔁 @anneapplebaum:

On the day Congress is preparing, finally, to vote on aid for Ukraine, read Natalya Gumenyuk on how Ukraine's democracy is adjusting to a state of permanent war
foreignaffairs.com/ukraine/bra

cpep (@cpep) · Apr 20
🔁 @anneapplebaum:

On the day Congress is preparing, finally, to vote on aid for Ukraine, read Natalya Gumenyuk on how Ukraine's democracy is adjusting to a state of permanent war
foreignaffairs.com/ukraine/bra

Lisa Hamilton (@3x10to8mps) · Apr 20
🔁 @anneapplebaum:

On the day Congress is preparing, finally, to vote on aid for Ukraine, read Natalya Gumenyuk on how Ukraine's democracy is adjusting to a state of permanent war
foreignaffairs.com/ukraine/bra

Tell the FCC It Must Clarify Its Rules to Prevent Loopholes That Will Swallow Net Neutrality Whole

eff.org · Apr 20

The Federal Communications Commission (FCC) has released draft rules to reinstate net neutrality, with a vote on adopting the rules to come on the 25th of April. The FCC needs to close some loopholes in the draft rules before then. Proposed Rules on Throttling and Prioritization Allow for the...

Shared by @qkslvrwolf and 5 others.
ICYMI (Law) (@icymi_law) · Apr 21
🔁 @eff:

The FCC’s draft rules are a great step toward net neutrality but create puzzling and serious loopholes. The FCC must clearly ban ISPs from creating fast lanes and refrain from blocking the states from passing more protective net neutrality laws as needed. eff.org/deeplinks/2024/04/fcc-

Ryan Singel (@ryansingel) · Apr 20
🔁 @eff:

The FCC’s draft rules are a great step toward net neutrality but create puzzling and serious loopholes. The FCC must clearly ban ISPs from creating fast lanes and refrain from blocking the states from passing more protective net neutrality laws as needed. eff.org/deeplinks/2024/04/fcc-

Lindsey 🐲 (@lindsey) · Apr 20
🔁 @eff:

The FCC’s draft rules are a great step toward net neutrality but create puzzling and serious loopholes. The FCC must clearly ban ISPs from creating fast lanes and refrain from blocking the states from passing more protective net neutrality laws as needed. eff.org/deeplinks/2024/04/fcc-

excited for the mastodon rise (@qkslvrwolf) · Apr 21
🔁 @eff:

The FCC’s draft rules are a great step toward net neutrality but create puzzling and serious loopholes. The FCC must clearly ban ISPs from creating fast lanes and refrain from blocking the states from passing more protective net neutrality laws as needed. eff.org/deeplinks/2024/04/fcc-

Magpieblog (@sarahc) · Apr 21
🔁 @eff:

The FCC’s draft rules are a great step toward net neutrality but create puzzling and serious loopholes. The FCC must clearly ban ISPs from creating fast lanes and refrain from blocking the states from passing more protective net neutrality laws as needed. eff.org/deeplinks/2024/04/fcc-

Cory Doctorow: Zuck’s Empire of Oily Rags

locusmag.com · Apr 20

For 20 years, privacy advocates have been sounding the alarm about commercial online surveillance, the way that companies gather deep dossiers on us to help marketers target us with ads. This pitch…

Shared by @dphiffer and 4 others.
GreenSkyOverMe (Monika) (@GreenSkyOverMe) · Apr 20
🔁 @gyokusai:

And while we’re at it, here’s @pluralistic's “Zuck’s Empire of Oily Rags” again, probably the best essay on Zuck’s Evil Empire ever written:

“No one would pay very much for this oil, but there were a lot of oily rags, and provided no one asked him to pay for the inevitable horrific fires that would result from filling the world’s garages with oily rags, he could turn a tidy profit.”

locusmag.com/2018/07/cory-doct

Lot⁴⁹ (@12thRITS) · Apr 20
🔁 @gyokusai:

And while we’re at it, here’s @pluralistic's “Zuck’s Empire of Oily Rags” again, probably the best essay on Zuck’s Evil Empire ever written:

“No one would pay very much for this oil, but there were a lot of oily rags, and provided no one asked him to pay for the inevitable horrific fires that would result from filling the world’s garages with oily rags, he could turn a tidy profit.”

locusmag.com/2018/07/cory-doct

Cory Doctorow (@pluralistic) · Apr 20
🔁 @gyokusai:

And while we’re at it, here’s @pluralistic's “Zuck’s Empire of Oily Rags” again, probably the best essay on Zuck’s Evil Empire ever written:

“No one would pay very much for this oil, but there were a lot of oily rags, and provided no one asked him to pay for the inevitable horrific fires that would result from filling the world’s garages with oily rags, he could turn a tidy profit.”

locusmag.com/2018/07/cory-doct

J. Martin (@gyokusai) · Apr 20

And while we’re at it, here’s @pluralistic's “Zuck’s Empire of Oily Rags” again, probably the best essay on Zuck’s Evil Empire ever written:

“No one would pay very much for this oil, but there were a lot of oily rags, and provided no one asked him to pay for the inevitable horrific fires that would result from filling the world’s garages with oily rags, he could turn a tidy profit.”

locusmag.com/2018/07/cory-doct

Dan Phiffer (@dphiffer) · Apr 20
🔁 @gyokusai:

And while we’re at it, here’s @pluralistic's “Zuck’s Empire of Oily Rags” again, probably the best essay on Zuck’s Evil Empire ever written:

“No one would pay very much for this oil, but there were a lot of oily rags, and provided no one asked him to pay for the inevitable horrific fires that would result from filling the world’s garages with oily rags, he could turn a tidy profit.”

locusmag.com/2018/07/cory-doct

There are no more posts at this time, but we are constantly looking for new ones.

© 2021 IN2 Digital Innovations GmbH . All rights reserved.