> If LLMs can really find a ton of vulnerabilities in my software, why would I not run them and just patch all the vulnerabilities, leading to perfectly secure software?
Probably because it will be a felony to do so. Or, the threat of a felony at least.
And this is because it is very embarrassing for companies to have society openly discussing how bad their software security is.
We sacrifice national security for the convenience of companies.
We are not allowed to test the security of systems, because that is the responsibility of companies, since they own the system. Also, companies who own the system and are responsible for its security are not liable when it is found to be insecure and they leak half the nations personal data, again.
Are you seeing how this works yet? Let's not have anything like verifiable and testable security interrupt the gravy train to the top. Nor can we expect systems to be secure all the time, be reasonable.
One might think that since we're all in this together and all our data is getting leaked twice a month, we could work together and all be on the lookout for security vulnerabilities and report them responsibly.
But no, the systems belong to companies, and they are solely responsible. But also (and very importantly) they are not responsible and especially they are not financially liable.
>> If LLMs can really find a ton of vulnerabilities in my software, why would I not run them and just patch all the vulnerabilities, leading to perfectly secure software?
>Probably because it will be a felony to do so. Or, the threat of a felony at least.
"my software" implies you own it (ie. your SaaS), so CFAA isn't an issue. I don't think he's implying that vigilante hackers should be hacking gmail just because they have a gmail account.
We need paper ballots because people can understand them. Election conspiracy theories are becoming a problem. Having a counting process that people can understand and trust is a feature.
Paper ballots that we almost never bother manually checking against the insecure digital tallies unless there’s a very close race or explicit challenge to the count.
Nearly every state routinely does statistical audits of voting machines compared with paper records.
People hate to hear this but: statistics work. You can randomly sample a portion (say, 2% to 5%) of ballots and have effective certainty about how much fraud or error there is in your voting system.
Conspiratorial thinking can't be fixed with additional facts. There is no set of facts that conclusively establish any claim to someone who is already committed not to believing the claim.
A common property of conspiracies is that any evidence is evidence of the conspiracy. Not enough data produces "what are they hiding" stuff. More data produces deliberate misunderstandings of the data to justify the conspiracy. We saw this very clearly with covid. When public health agencies were less transparant it was evidence of an evil coverup. When public agencies were more transparant about limitations or things they didn't fully understand it was evidence that public health efforts didn't work.
Why, Imperial Command Enforcement of course. They're a a bit like Hitler's SA (in fact one of them even dressed the part), the Great Leader sends them wherever he wants something stamped on.
I don't know if I'd phrase it like that. It does show they see ICE as a fix all police they can deploy for a wide variety of purposes though. ICE is better funded than some branches of the military, and they are demonstrating they are willing to use ICE for whatever they think needs to be done.
Somehow they will eliminate anonymity for real people, but bots will still be pushing Russian or... some other country's interests with massive bot farms.
I haven't read the article, but my understanding is that a normal curve results from summing several samples from most common probability distributions, and also a normal curve results from summing many normal curves.
All summation roads lead to normal curves. (There might be an exception for weird probability distributions that do not have a mean; I was surprised when I learned these exist.)
Life is full of sums. Height? That's a sum of genetics and nutrition, and both of those can be broken down into other sums. How long the treads last on a tire? That's a sum of all the times the tire has been driven, and all of those times driving are just sums of every turn and acceleration.
I'm not a data scientist. I'm just a programmer that works with piles of poorly designed business logic.
How did I do in my interview? (I am looking for a job.)
Say I have N independent and identically distributed random variables with finite mean. Assuming the sum converges to a distribution, what is the distribution they converge to?
If I had made the extra condition that the random variables had finite variance, you'd be correct. Without the finite variance condition, the distribution is Levy stable.
Levy stable distributions can have finite mean but infinite variance. They can also have infinite mean and infinite variance. Only in the finite mean and finite variance case does it imply a Gaussian.
Levy stable distributions are also called "fat-tailed", "heavy-tailed" or "power law" distributions. In some sense, Levy stable distributions are more normal than the normal distribution. It might be tempting to dismiss the infinite variance condition but, practically, this just means you get larger and larger numbers as you draw from the distribution.
This was one of Mandelbrot's main positions, that power laws were much more common than previously thought and should be adopted much more readily.
As an aside, if you do ever get asked this in an interview, don't expect to get the job if you answer correctly.
But if you haven't had exposure to this either through work experience or through course work it would be unfair to ask this question and use your answer to judge competence.
For a potential coworker role I would certainly be curious about your curiosity but a sharp ended question is not a way to explore that.
I've always felt laws should be applied equally to all people without regard to those things.
reply