sarahjamielewis

sarahjamielewis, 6 months ago

• The Drugs section is a whole clusterfuck of overreach. I am in Canada, where Cannabis is legal.

Annex 10 states "It is not relevant whether the drug is a controlled substance in the state or territory from which the post originated." and seems to require all dispensaries in Canada to put "offer is not extended to users
within the United Kingdom" on all social media posts that might be seen in the UK.

sarahjamielewis, 6 months ago

Annex 10 also appears to require service providers to censor any links to sites where 3d printer blueprints are shared as pretty much all of them have files that in someway relate to the construction of firearms.

sarahjamielewis, 6 months ago

Ultimately I don't think these documents or the overall act matter all that much.

Governments around the world have decided that this is the Internet they want. A highly censored, corporatized collection of services - filtered through they're own prejudice, and politics.

Any hope I have for humanity is rooted in the idea that people, on the whole, will reject that.

So it doesn't matter either way.

sarahjamielewis, 6 months ago

It is difficult to conceive of a world where those blobs become worse...it is very easy to imagine a future where those blobs become even, more effective, smaller, and better integrated.

The part of me that has been around computers for many decades finds this all amazing and fascinating. Things I once thought impossible for a humble computer are now achieved by a matrix so small it can fit in local RAM many times over.

sarahjamielewis, 6 months ago

We are still in a time where it take some effort to get useful results out of the local models.

There exist a few simplified, streamlined, interfaces, but many of the more powerful features require some familiarity with the underlying concepts.

But that bar is getting lower as the months go by.

Much of the public conversation of AI has focused on the commercial offerings of large models...and there is definitely a conversation to have there...

However,I think that obscures the real story.

sarahjamielewis, 6 months ago

A few examples: A few years ago I had a side project that I had to stop because it was dependent upon speech-to-text and after testing 10s of solutions the quality and speed just wasn't there.

Whisper Medium (1.5 GB on disk) solves that problem. Completely. Whisper.cpp provides CPU inference.

I've also used it to transcribe and search videos I had that lacked subtitles, and a fair few other projects.

sarahjamielewis, 6 months ago

Another example: A few months ago I spent a good 15 minutes attempting various searches for the answer to a generic error condition with little success.

In an act of desperation I loaded up code llama and asked it the question. It solved my problem. I've also used it to generate test cases for code sketches, with variable results.

But what I've just described was basically impossible a year ago. In 6-12 months?

sarahjamielewis, 6 months ago

One concern I do have is that many of the more public critiques I have seen of the technical capabilities of these models are based on older iterations or the interface limitations of commercial offerings - which tends to create this effect of any mainstream criticism being months out of date.

Which creates this unfortunate position where as soon as someone attaches a technical critique to the ethical argument, they instantly lose the attention of many who are actually using the technology.

sarahjamielewis, 6 months ago

The point of this ramble:

When it comes to generative AI that can be run locally on your machine: many things are possible now that weren't possible a year ago.

Expect more things to be possible soon. Probably faster than you think is possible.

I don't have a good grip on exactly how impactful this trend will be, or where the progress will stop. I've been constantly amazed this year.

It might be worth grabbing some of these models and playing around.

sarahjamielewis, 6 months ago

I didn't spend the last 6 years building open source, peer to peer metadata resistant communication applications and libraries for fun.

I did it because any secure communications that rely on a centralized service provider is forever reliant on the whims of whatever jurisdiction regulates it's existence - that is not ground on which you want to anchor your rights to communicate and associate free of surveillance.

sarahjamielewis, 7 months ago

@hyc yup! thank you :)

sarahjamielewis, 7 months ago

With generative AI there are at least some very real concerns, grounded in reality - and yet all I've seen the last few days are a moral panic about machines drawing pictures of copyrighted characters in R-rated situations (always on the request of a person asking for the very thing the machine created)

sarahjamielewis, 7 months ago

Ultimately the real threat from these technologies is that they exist at all.

Once something is shown to be possible there is no bottling the consequences back up.

But instead of having a real discussion about how society should restructure itself to best serve its needs and take advantage of these new tools - we are instead drowning in takes about how and why matrices should detect illegal numbers again.

sarahjamielewis, 7 months ago

I don't think I've ever seriously audited an electron app and not found a critical vulnerability related to the fact it was an electron app.

The webp vuln impacted basically anything that touched webp files - which includes a lot of things that are not browser engines.

It's an argument for stronger vetting of new file formats - especially those implemented in unsafe languages - separate from not using electron (though you should also probably not use electron)

sarahjamielewis, 7 months ago

Ultimately the biggest problem is there is little investment in cross-platform UI tooling that isn't coming from the the browser space.

Small teams can't afford to build an application for every given platform stack, so they pick the path of least resistance. As a result machines and people are increasingly vulnerable as applications are absorbed into the web context.

There us nothing on the horizon that changes that fundamental economic consideration.

sarahjamielewis, 7 months ago

@wtwagg I haven't, but I believe the very first CVE registered for Signal desktop was trivial javascript code execution because the rendering context wasn't locked down.

Since then the Signal Foundation have received a lot of funding so I imagine they have the budget and staff to very carefully audit new features to ensure the risk of those kinds of things happening is minimal.

But the thing with Electron is, it only takes a single mistake in that auditing.