A bug existing or not for a person is a statement about that person's knowledge of the bug.
Is your assertion that, since you specifically didn't know about the bugs that nobody, not in Russia or anywhere else did?
Obviously if bugs are out there existing in software and you don't know about them, or the CVE system doesn't know about them, or whatever ... this does not preclude bad guys from knowing about them. In the era of agents, knowing the bug exists is equivalent to having a PoC, so the distinction completely collapses.
It's a common trope, all through the training data, and all the modern AIs have read it, and would probably act similarly? Is that what we should take away from your comment?
so we have nothing to worry about. Makes sense. Really, it's just a common trope.
There's something really interesting here with Goguen Institutions. Also sometimes an argument just "clicks" into place fully-formed, rather than being generated token-by-token? Is that "knowing like a steam engine?"
If this many are public right now, what does that say about the dark matter of private ones? What's the typical public-private rate for this sort of thing/can someone help me calibrate my base rate expectations?
Playwright, the end-to-end testing framework for the web, provides a strong incentive to give sites good a11y: Playwright tests are an absolute delight to read, write and maintain on properly accessible sites, when using the accessibility locators. Somewhat less so when using a soup of CSS selector and getByText()-style locators.
One thing I am curious about is a hybrid approach where LLMs work in conjunction with vision models (and probes which can query/manipulate the DOM) to generate Playwright code which wraps browser access to the site in a local, programmable API. Then you'd have agents use that API to access the site rather than going through the vision agents for everything.
I've mentioned several times and gotten snarky remarks about how rewriting your code so it fits in your head, and in the LLM's context helps the LLM code better, to which people complain about rewriting code just for an LLM, not realizing that the suggestion is to follow better coding principles to let the LLM code better, which has the net benefit of letting humans code better! Well looks like, if you support accessibility in your web apps correctly, Playwright MCP will work correctly for you.
Was looking for this comment. I'd like to see this approach in the comparison...having the LLM build a playwright script and use it. I suspect it would beat time-to-market for the api, and be close-ish in elapsed time per transaction.
Harder to scale if it's doing a lot of them, I suppose.
There is also Testing Library, which I’ve mostly seen and used for unit tests (vitest) and component tests (Storybook), that practically forces you into setting things up in an accessible way. The methods for finding elements are along the lines of “find by ARIA role” or “get by label” - in fact, querying the DOM with selectors is afaik either not a part of the library or very difficult to do because their focus is ensuring your app is actually accessible as part of your testing strategy.
I've found that by far the most useful websites as a programmer are also the ones most resistant to AI. This would be a huge loss for anyone vision impaired
What sorts of sites are you thinking of? To me, “most useful to a programmer” evokes docs and blogs and github issues and forum posts. I suppose some forums might be AI-resistant (login wall), but the others are trivially AI accessible.
That's less a value judgment, more a necessary evil due to the plethora of bad actors out there. I doubt it will get in the way of a local model used in a reasonable manner.
Most wikis you can mirror locally if you really need to hammer them.
And lets not forget that not all disabilities are chronic. Many disabilities are situational or temporary. AI is a great assist for a hangover day for example...
as someone who doesnt do web stuff, i found some humor in having no idea what "a11y" was, having to look it up, and finding out it is supposed to be "accessibility".
my quick accessibility tip: introduce what your acronyms, initialisms, and numeronyms stand for at least once.
a11y is pretty pervasive and well understood in the context around what is being discussed. I18n as well, you get to look that one up to because that makes you one of today's lucky 10000 https://xkcd.com/1053/
I mean…I guess. But this is ridiculous - how many layers does our technology need to bash through to update two records on remote systems? I get that value is being added at some point - but just charge some micropayment for transactions. This is just too much.
What's gonna really be funny is the first time a state legislates that an AV company has to keep a bug in their software to maintain a municipal income flow.
Twin Cities, 2010-2014: 95 pedestrians killed in 3,069 crashes. 28 drivers were charged and convicted of a crime, most often a misdemeanor ranging from speeding to careless driving. ~70% of pedestrian-killing drivers faced no criminal charge[0].
Bay Area, 2007-2011 (CIR investigation): sixty percent of drivers that were at fault, or suspected of being at fault, faced no criminal charges. Over 40 percent of drivers charged did not lose their driver's licenses, even temporarily[1].
Philadelphia, 2017–2018: just 16 percent of the drivers were charged with a felony in fatal crashes[2].
Los Angeles, 2010–2019: 2,109 people were killed in traffic collisions on L.A. streets... and nearly half were pedestrians. Booked on vehicular manslaughter: 158 people. The vast majority of drivers who kill someone with their car are not arrested[3].
I can literally do this all day. The original statement was correct, the case representative.
Now we’re talking. So much misinformation in this thread. There’s a reason that the saying, “if you want to kill someone, do it with a car” exists. Fortunately, it seems like judges are finally starting to wake up to the idea that it’s unreasonable for drivers to claim ignorance about the increased risks (and thus intent) of making poor/illegal decisions when being the wheel.
This thread talks about driverless cars; vehicular manslaughter requires negligence or intent, do you want to find narrowed statistics for driverless cars that are restricted to negligence or intent?
Criminality is basically just a checkbox for this stuff. Most of the time people wouldn't be going to jail for these sorts of crimes, it'd just be big fines and penalties. There's almost always administrative/civil infractions of the same or similar name that has the same or greater punishment but are far more efficient for the state to prosecute because the accused has fewer rights.
It makes for good appeal to emotion headlines to say these people aren't getting charged with crimes, but that's only half the story. They're likely lawyering up and pleading to a civil infraction that has approx the same penalties.
And this is true not just for this issue but for many subject areas of administrative law. Taxes, SEC, environmental, etc, etc, all operate mostly like this.
It's easy for a writer to pander to certain demographics and get people whipped into a frenzy by writing an easy article about prosecuting rates using public data. Actually contacting these agencies and figuring out what they actually did is hard and in the modern media economy doesn't offer much upside for the work.
Someone (i forget who) wrote that if someone invented a technology equally beneficial and equally harmful it wouldnt even be considered today but 100 years ago they wouldnt even question it. It was labor as usual.
Personally i would like to see a more granual permission to drive based on performance, need and demography.
Wait until you learn about what we do to chickens.
reply