Apart from the actual exploit, it is intriguing to see how a security researcher can leverage an AI tool to give them an asymmetric advantage to the actual developers of the code. Devs are pretty focused on their own subsystem and it would take serendipity or a ton of experience to be able to spot such patterns.
Thinking about this more .. given all the AI generated code being put into production these days (I routinely see posts of anthropic and others boast how much code is being written by AI). I can see it being much, much harder to review all the code being written by AIs. It makes a lot of sense to use an AI system to find vulnerabilities that humans don't have time to catch.
Seems like a space that is really heating up. I recall most of the foundational labs announced some kind of agentic security product last year (OpenAI's Aardvark, Claude Code security reviewer, etc.)
I fear SK is a harbinger of what's to come in other developed western countries. Companies seem to follow each other in getting more out of workers. When jobs and career become the most important thing (for survival, professional satisfaction or lifestyle), then family life suffers. Even with superb (albeit costly) child care that I avail, my wife has to throttle down her career to put taking care of the kids first, while I prioritize income generation. I have to put considerable thought into how I spend quality time with my kids (including taking a risk that a delayed email response will have professional costs for me). But I feel far more fortunate than my wife (who has to pay a heavy toll forgoing her professional aspirations). Society needs to evolve to do better to support working parents and caregivers.
I think small scale entrepreneurship might be a solution to the current corp craziness. Also, need to ensure lifestyle creep doesn't occur. Easier said then done.
It's even worse when you look at the studies of child outcomes based on if their mother stayed with them during their childhood vs working/daycare.
It is without doubt beneficial for children to have their mother with them in early childhood. This work over all else society is harming the next generation and ripping new mothers away from their babies a few weeks/months after birth.
The problem will solve itself; political leanings are heritable and in the past couple decades conservative birthrates are significantly higher than liberal birthrates, so eventually the genes that incline people towards prioritising work over family will be bred out.
I have a similar theory, that desire to procreate is heritable, in a way that was previously inextricable from desire to have sex. With easy birth control, those desires can now be fulfilled separately. We're still working through the mass die-off of the genes that mostly just wanted the sex half of the equation.
In a few generations, most everyone alive will be the progeny of people who really wanted children. This is probably heritable and will probably stabilize birth rates.
Maybe. I think the difficulty is that in a place like Korea, the dependency ratio will become extremely high, and so taxes will have to go up sharply. Most voters will be retired and so will vote for the few young people to pay them. This will lead the young people to emigrate unless they’re prevented from doing so.
> I think small scale entrepreneurship might be a solution to the current corp craziness.
That would mean breaking up big tech and prohibiting firms above a certain size from buying competitors.
Otherwise, there're huge swaths of the economy that used to be accessible to entrepreneurs that now aren't economically viable (without an attached unrelated business pumping in cash).
in at least some european companies, contacting employees during off hours is already illegal.
what we need is better protection for employees, and especially for parents.
in my vision childcare times are counted towards pension times. stay at home times are required to be taken by both parents equally, so that their careers are affected equally and there is no question on who has to throttle their career because it's both.
that still leaves a career difference between those who have children and those who don't. not sure what to do about that other than serious tax benefits for every child. in germany you get 250euro per month per child in cash until the child is grown up. unconditionally. that's a start, but may not be enough. somehow the income difference needs to be made up. not having children should simply not have benefits in terms of income and career.
just throwing out ideas here: how about preferential hiring for parents? but that's difficult to enforce. same goes for promotion.
actually, with automation taking over jobs maybe the simplest solution to equalize career chances is to reduce everyones working hours. if working time is limited to 20 or at the most 30 hours per week, then childless people get more free time, but parents get more time for their children without having to throttle their careers.
Could you share, if only for reference and comparison, where you live? I'm assuming, because of the missing work/life balance, that you live in the US?
It always seemed crazy to me that there still are societies and countries out there not offering more support to new parents, and even existing parents. It's literally what makes the country survive long-term, and without new children, you'll obviously end up in stagnation. So why not make it really easy and worry-free?
> having an economy that produces high-paying jobs for most young adults willing to work hard
I was gonna check how it looks like right now in the US, but seems the government been unable to publish official reports about employment for some reason, so hard to know exactly, but suddenly avoiding to release official reports usually isn't a signal that things are going great.
3rd parties seems to indicate the progress of "producing high-paying jobs" isn't going all so well:
> Wednesday’s decision was justified primarily by weakening conditions in the job market. Hiring has slowed markedly since the summer, while unemployment has ticked up and businesses across industries have begun signaling greater caution
> Private-sector signals have flashed more urgency. ADP’s November report showed employers shedding a net 32,000 jobs, the sharpest decline in more than two years
> hiring remained stuck at 3.2%, consistent with what economists and Powell himself have called a “low hire, low fire” labor market. Companies aren’t slashing staff outright—but they aren’t expanding either. That’s enough to worry economists.
Seems to be working so well all those demographic numbers are going up and to the right! That correlation between wealth and number of children is staggering it's almost causal if only I could prove it. Let's double down on it!
I recently got a 5090 with 64 GB of RAM (intel cpu). Was just looking for a strong model I can host locally. If I had performance of GPT4-o, I'd be content. Are there any suggestions or cases where people got disappointed?
GPT-OSS-20B at 4- or 8-bits is probably your best bet? Qwen3-30b-a3b probably the next best option. Maybe there exists some 1.7 or 2 bit version of GPT-OSS-120B
LlamaCPP supports offloading some experts in a MoE model to CPU. The results are very good and even weaker GPUs can run larger models at reasonable speeds.
I am a manager. It is pretty bad in terms of tracking. Wandb looks great but really expensive (small team in a super large corp, pricing we were quoted plus the challenges of no-saas made this a no go for me). Been trying to get team members to mlflow and some adjacent tools but it is too hard to do it right.
Yeah, I totally relate — I often lose track of filtering logic, feature engineering, and other preprocessing steps. Those seem way harder to version and track than just model runs. I’m curious, how did your team build a workflow for managing that kind of complexity?
Amazon is the same I think? I live in constant fear we will have a runaway job one day. I get daily emails to myself (as a manager) and to my finance person. We had one instance where a team member forgot to turn off a machine for a few months :(
I get why it is a business strategy to not have limits .. but I wonder if providers would get more usage if people had more trusts on costs/predictability.
I remember going out to dinner, years ago, with a fairly senior AWS billing engineer. An acquaintance of a coworker.
He looked completely surprised when I asked about runaway billing and why there wasn't any simple options to cap a given resource to prevent those cases.
His response was that they didn't build that because none of their customers wanted anything like that, as far as he was aware.
Disclaimer: I work at Google but not on cloud. Opinions my own.
I think the reason this doesn’t get prioritized is that large customers don’t actually want a “stop serving if I pass this limit” amount. If there’s a spike in traffic, they probably would rather pay the money to serve it. The customers that would want this feature are small-dollar customers, and from an economic perspective it makes less sense to prioritize this feature, since they’re not spending very much relative to customers who wouldn’t want this feature.
Maybe if there weren’t more feature requests to get prioritized this might happen, but the reality is that there are always more feature requests than time to implement them, and a feature request used almost exclusively by the smallest dollar customers will always lose to a feature for big-dollar customers.
Every large enterprise has insurmountable difficult even imagining why customers would want something as bizarre as a "stop loss" on their spending...
... right up until it's their own bottom line that is at risk, and then like magic spending limits become a critical feature.
For example, Azure has no stop-loss feature for paid customers, but it does for the "free" Visual Studio subscriber credits. Because if some random dev with a VS subscription blows through $100K of GPU time due to a missing spending constraint, that's Microsoft's problem, not their own.
As noted above, there is enough value here such that AWS implemented this several years ago. Said implementation is appropriate for both personal AWS accounts and large scale multi-account organizations.
Having implemented this on behalf of others several times, I'll share the common pain points:
* There's a long lead time. You need to enable Cost Explorer (24-48 hours). If you're trying for fine distinctions, activating tags as cost allocation tags is another 24 hours
* AWS cost data is a lagging indicator, so you need to be able to absorb a day of charges
* Automation support is poor, especially for organizations
* Organization budgets configured at the account level are misleading if you don't understand how they're configured
What's really wanted here is that AWS needs to commit to more timely cost data delivery such that you can create an hourly budget with an associated action.
Aren't bars actually required to cap drinks? It's usually phrased as having to refuse serving if you're visibly drunk, but still effectively a cap. That said, a big cloud bill doesn't make you intoxicated. The more I examine this analogy, the less it makes sense.
I don't know if the analogy works that well, the assumption is that you're making more money then you put in the more traffic you get. As a bar owner is the choice between closing your bar for the month when you run out of beer or running to the supplier to bring more kegs.
I'm sure lot of people at Amazon and Google are aware small customers want this and it's a feature they'd like to brag about, but it is much harder to implement a real time quota on spend than a daily batched job for the money part + realtime resource scoped quotas.
There's a coarse option: Set up a budget and then a budget action. While ECS doesn't have GPU capabilities, the equivalent here would be "IAM action of budget sets deny on expensive service IAM action" (SCP is also available, but that requires an AWS Org, at which point you've probably got a team that already knows this)
It's coarse because it's daily and not hourly. However, you could also self-service do some of this with CloudWatch metrics to map to a cost and then have an alarm action.
> I get why it is a business strategy to not have limits...
What is the strategy? Is is purely market segmentation? (As in: "If you need to worry about spending too much, you're not the big-money kind of enterprise customer we want"?)
It's not a strategy. It's technically difficult, opens them to liability if runaway happens so fast their system can't stop it, and is only wanted by bottom of the barrel customers.
Just a thought: Maybe if they had some kind of opt-in insurance against overuse until the circuit breaker can kick in?
But, looking from the outside, the lack of protection is effectively a win for them. They don't need to invest in building that out, and their revenue is increased by not having it (if you ignore the effect of throttling adoption). So I have always assumed that there is simply no business case for that, so why bother?
Did you buy a home > 10 years ago? Given inflation, isn't your mortgage not easy to pay off at this point (even if you did pay the minimum?). I can imagine one of two scenarios: (a) at the start, you really stretched and got a nice place to live (bravo!! in hindsight that was a genius move as you enjoyed many years of good quality living) or (b) your income has been stagnant (sorry :( )
I got a place 5 years back and did not overstretch at all ... now, the biggest challenge is our place is too small and has other inconveniences (lack of commute) that is painful. Selling and rebuying is trauma I don't want to inflict again.
CS PhD here. I've been involved in deep learning for many years now, and generative AI for the last couple of years. I saw some other major revolutions in my life starting with the Internet/Web explosion and the Smartphone explosion. You can say cloud and social networking were significant events but I would not put them in the same class as the first two. I would put the current embodiment of VR and crypto on an even lower rung of the "society impact" ladder. My personal opinion is that Gen AI tech (particularly LLMs but perhaps also the related stuff - diffusion, MLLMs) are more like Internet and Smartphone as game changers for society. Now, for the Internet boom, there was a ton of hype. I don't recall smartphones being as frothy but maybe I am forgetting the froth that was Angry Birds. So while I agree there is way too much hype at the moment, I think this is going to be big.
Hi .. wondering what the situation is for a senior Canadian scientist wanting to raise funds/do a start up in the US? Had H1B many years ago (and possibly have a year of time left on it .. not sure that matters). Lots of papers so can go the EB1 route if needed. Want something simple and straightforward. Is transferring via existing employer beneficial (with delaying future plans)?
Thinking about this more .. given all the AI generated code being put into production these days (I routinely see posts of anthropic and others boast how much code is being written by AI). I can see it being much, much harder to review all the code being written by AIs. It makes a lot of sense to use an AI system to find vulnerabilities that humans don't have time to catch.