The current guy didn't ever once show a sign he cared about anything but 'Number Go Up'[1] so I don't see how anyone could be worse for those of us who care about the actual product than he was.
[1] to be clear, I stipulate Cook is indeed the world champion of Number Go Up. Nobody Number Goed Up more than Cook did. For Ternus to do Number Go Up to the same multiplier Cook did, I think he'd have to acquire all the other companies in the world.
It's every action on Mac and iOS that does this, and it has been increasing in intrusiveness for a decade. I can't be sure why they do it, but it comes off as though their visual designers are immature, thinking we want to see their impressive animations not just in a demo, not just in a tutorial that we go through once, where we are meant to grasp the relationships between the things, but over and over again, all day long, for decades.
I freaking don't. One time was plenty. I don't want any animation. And the "reduce animation" feature's implementation is a slap in the face: all the delay -- that part is non-negotiable apparently -- but with blurry crossfades instead.
I'm using cwm (x11) without a compositor (never noticed tearing). And it's so nice when everything is not trying to be cute with shadows, animations and round corners. Animation only makes sense when there's a direct action that controls it (like when swapping spaces or hovering) or the system wanting to inform us (notifications). And it's better be fast. Otherwise it's just visual effects that quickly become tiring after a few days.
> If they approve, the settings open, then the user has to find the specific little toggle and enable it. Another security prompt then done. Why isn’t this at most 2 prompts?
Answer: Because modern-day Apple has subscribed to a particular brand of mitigation for the "noobs will always click 'Allow' especially if you ask them to first" problem. The mitigation is that Apple just dumps you on step 2 of a little 4-5 step mini sysadmin adventure where you prove, every time, that you're sophisticated enough to deserve an exception to the padded-cell walled garden mode they've sealed off 'for your safety.'
As a complete nerd, you'd think maybe I'd like that I can prove my skills like this, but it comes off as deeply disrespectful to me as the user that I can't disable this.
What's my solution to prevent grandma or a 10-year-old from clicking "Allow full filesystem access and keylogging" to an executable she downloaded from facebook-security-center-and-password-verification-cgi-bin-ab383 dot xyz? IDK, that's their problem, but they should offer a way for those of us who aren't clueless to turn whatever it is off.
I oftentimes think that as a nerd, it's easy to walk around like my shit doesn't stink, but then I realize I too have been the victim of clicking through popups mindlessly and probably have done some 'risky computing stuff' I'm unaware of beyond that.
As nerds, do we have a higher capacity to fix a mess than a grandma? Sure, probably, but that doesn't mean that we don't make messes.
> As a complete nerd, you'd think maybe I'd like that I can prove my skills like this, but it comes off as deeply disrespectful to me as the user that I can't disable this.
You seem to have understood the problem. But then you didn't follow. If there was a way to disable this, first thing that the grandma would do is watch a video how to disable that and lose security from then on.
Of course it is not perfect, but their approach here is really decent. And also, if you find yourself needing to go through that often I think that's not a good sign security-wise.
Their approach is not decent. There should be some kind of master key to get full admin access. Leaving al the keys in the hand of a mega corporation is asking for trouble.
It's gone so far that even tech people now think that having root access to a mobile device is somehow scary. Well guess what that root access is still there for the manufacturer. It needs it for stuff like updates. It just shields you from having any kind of input or visibility on what is going on.
And once you've given up your admin control to the mega corporation, your government is going to be next. They'll be demanding backdoors and regulatory bullshit like age verification and snooping backdoors. Even today the EU launched yet another chatcontrol proposal. Eventually they'll manage to get it through when they've paid off enough representatives.
Keeping full control is the only way to prevent this.
Doesn't the government already have root to whatever machine via the NSA? It's the downstream government, the state-level governments that are squeaky wheels with the age verification and other nonsense.
you really underestimate the will of people to not change anything that annoys them about their OS. they will click 1 million times a popup away before even considering that it could be resolved indefinitely by an option change. i think Apple's system works well to keep the average user safe.
Agreed. It just doesn't occur to most people. To even come up with the idea that maybe there's a setting for something, never mind searching for a tutorial on how to change it, you already have to be a power user for some values of "power".
Never underestimate the ingenuity of a motivated fool.
My litmus test for this sort of thing is Excel - I think we all can agree that Excel is used for way more than it should be, and the most complicated, unhinged uses of it are done by non-technical folks looking to get a task done through desperation.
Yeah, it always seems weird to me how we deem most adults responsible enough to own a car and not drive into oncoming traffic or how people are allowed to buy actually dangerous tools from big tool stores without a second glance. And sure, there's safety training available and in the case of driving you gotta first prove you're able to follow the rules. But after that? You're on your own, only in computer land do the manufacturers and so on keep holding your hand trying to make sure you're not figuratively cutting it.
With that in mind it ends up being weird to me in a way I can't articulate because after all I can speedrun losing a limb if you left me loose in Harbor Freight or speedrun losing all my money and becoming debt-ridden if you give me a laptop with internet connection.
Anyway, I know there's more nuanced discussion to be had still I sometimes wonder how would the ideal approach actually look like without requiring people to have a digital(ing) license before being allowed to connect to the internet.
To attack your specific example, cars have added all kinds of things that "hand hold" the user and keep them (and others) safe: Seat belts, air bags, anti-lock brakes, traction control, automatic emergency braking, back up cameras, lane keep assist, blind spot monitors, etc, etc, etc. (Oh, and guess what, per-mile traffic deaths are WAY down from a few decades ago).
All of which are trivial for a user to override, disable, or ignore completely except the primary airbags, which I believe is the whole point. The user is in control and its all in the owner’s manual to boot.
> You're on your own, only in computer land do the manufacturers and so on keep holding your hand trying to make sure you're not figuratively cutting it.
Well, firstly, newer cars are now equipped with tons of safety features like various kinds of auto-braking, various warning systems which monitor blind spots in the car, and driving aids like lane assist, lane monitoring, what have you. And then they also have advanced telemetry features that don’t keep them safe, but their insurance company hopes will identify them as bad drivers if and when they get into accidents so they can be denied coverage. These could be analogous depending how you look at it.
Additionally while there’s not much out there for tools, I think that’s less to do with it not being an issue and more to do with it being kind of impossible? That said a few tools have things like sensors that detect the presence of fingers near saw blades and will not only stop operating, they’ll usually destroy the tool in the process to ensure the operators safety, because fundamentally, more saws exist, more fingers do not.
Like despite loving track driving, I wouldn’t think that everyone tearing around in V8 monsters with stripped interiors and roll cages is a good idea.
Huh, I always forget about the newer safety features of cars because I generally see older cars around me and I used to drive cars where ABS, ESC and beeping where as far as it went for safety. And sure you could argue that telemetry used this way could be a path to price bad drivers out, if I understood your point correctly, yet while it would be effective when deployed to this goal I still instinctively regard telemetry as an invasion of privacy (in a space I assume by default to be private) but that's veering towards a different discussion.
Generally I have to admit that society is trending towards making things safe(er) by default but as always with every trend some attempts at following or complying are executed poorly (intentionally or unintentionally). Here's where I agree that while some safeties are universally good and people that disable them suffer from overconfidence I have seen some examples like experienced people removing the shields from brush cutters because they can get in the way and increase the risk of a tangle when cutting overgrowth (though you have to be mindful and careful to not fling small rocks around afterwards).
And yeah, I see your last point and generally agree but for fairness sake I would like to present the other extreme end where a person on a bicycle against a pedestrian is also dangerous albeit less so. That said I'm about to accidentally argue in favor of the "guns don't kill people..." rhetoric and I really don't want that so I will concede that for the time being it's better to (thoughtfully) design safe systems instead of relying solely on operator diligence.
Oh how I dislike that objectively I recognize the need for safety yet subjectively I disdain the fact that my tools try to nanny me and I can't reconcile these two views :/
> And sure you could argue that telemetry used this way could be a path to price bad drivers out, if I understood your point correctly, yet while it would be effective when deployed to this goal I still instinctively regard telemetry as an invasion of privacy (in a space I assume by default to be private) but that's veering towards a different discussion.
A discussion on which I think we'd absolutely agree. But yeah, it's a thing, whether we agree with it or not.
> Generally I have to admit that society is trending towards making things safe(er) by default but as always with every trend some attempts at following or complying are executed poorly (intentionally or unintentionally). Here's where I agree that while some safeties are universally good and people that disable them suffer from overconfidence I have seen some examples like experienced people removing the shields from brush cutters because they can get in the way and increase the risk of a tangle when cutting overgrowth (though you have to be mindful and careful to not fling small rocks around afterwards).
Oh 100%. I would argue most safety features, even when implemented well, will encumber those who were already skilled, which is why you rub against the ones in MacOS. It just... I don't think there's a way around that, you know? Think it's just an immovable law of the universe.
> Oh how I dislike that objectively I recognize the need for safety yet subjectively I disdain the fact that my tools try to nanny me and I can't reconcile these two views :/
I struggled with this for a long time too, but for me, it kinda resolves with the following reasoning:
On balance, safer... everything... makes for a better society, because it enables more average people to do more things, to go more places, to use more technology, to make their lives better. And the fact is, for more experienced people, we can get around this.
Like the security constraints in MacOS are a great example: they are fucking ANNOYING when you're configuring a new Mac, completely agreed, because every last thing requires so many steps. However how often do you really find yourself needing those options in daily driver use? I can count on a hand the number of times I needed system access the last couple of weeks (and usually it's just an app update where I have to give the app the go ahead by typing in my password). The last time I had to open security options and do that whole procedure... it would have to be weeks at minimum, perhaps even months.
Except when it becomes a reputational problem for the OEM: Excel sucks at X (i.e., don't use it for that) and Excel sucks can become equivalent in many people's minds.
Sometimes it is actually a problem of people 'holding it wrong' (as the meme/trope goes). And who gets the blame?
That’s likely not quite the reason. It is to make you have to pause to think if this is the action you want to take.
On the flip side, many websites ask if I want to allow notifications. I almost never do. I was looking at settings recently and surprised how often I’d clicked yes by accident (maybe about 5% false click rate?)
>On the flip side, many websites ask if I want to allow notifications
One of the first things I disable on any new Firefox setup. I want zero notifications from websites (or in general, one of the objective improvements of Windows 10 over Windows 7 is that you can just disable notifications entirely, while disabling balloon alerts in Windows 7 was a huge battle that never fully worked)
Right, that’s why you get a simpler yes/no dialog for notifications, and a conplex “navigate to this settings pane and click a separate button” flow for a keylogger
I’d like a dialog where you are simply asked to repeat a sentence like «yes, record my screen» or «yes, record what I type» into a text field to approve. Straightforward but still makes you think.
AWS Console has that, but it's infuriating that it has different prompts for different resources, it asks you to type "delete" or "confirm" or the name of the resource.
But like most of the AWS Console, each service is different in a unique way.
Depends on what you allow and what your level of sophistication is.
My mother recently had "There are antivirus notifications taking over half the screen, do I need to click on them and renew Norton?"
She'd been somewhere and done something that had allowed an unscrupulous site to flood her with alerts directing her to give payment information to a scam site pretending to be antivirus renewal.
When I finally got over there (she doesn't live on the same continent) I went in and disabled notifications on all of her installed browsers.
As far as I'm concerned the whole 'let this website notify you' feature is an antipattern and yet another example of browser overreach.
> 'let this website notify you' feature is an antipattern and yet another example of browser overreach.
Yes and no. Prompting for it modally the way they do now is for sure wild, but for some webapps (e.g. Slack) it makes plenty of sense. I think Firefox used to have a UI they used for some things where they'd inject a non-modal bar with a couple of buttons inside the content area. This sounds like the right type of UI, maybe at the bottom of the viewport.
site.com can send notifications when you're not on this site. (Get Notifications from site.com) (Dismiss)
That is a solution. But the underlying problem is that they didn't go far enough. There's no good reason to bundle arbitrary screen recording with window snapshots, or bundle arbitrary keylogging with hotkey activation. Just off the top of my head:
For previews, Apple could provide an API for this very common task. The OS can provide the images, and they could be sampled at refresh rate that makes it unusable for arbitrary recording.
For key chords, they could repurpose the emoji key, which is currently not available for external binding, to effectively allow capture only following that magic sequence. The OS should manage this centrally, allowing a program to define its commands and then delivering only the command without the specific associated keys presses. We get the benefit of centralized management with deconfliction, too, which is a real pain on macos as it stands.
I don't know if these solve every problem, but they solve some. There are probably better ways. Apple has plenty of smart programmers. The product team needs to let them solve the problems that they surely know bother their professional users.
This particular permission is pernicious, ponder for a picosecond the possibilities:
It’s used for writing keyloggers.
That’s it. It’s the permission that lets you write a keylogger. It SHOULD NOT be just a click away. It should require some extra song and dance, because this is an especially dangerous permission, and the extra friction is justified.
All the permissions are treated the same way though. Microphone access. Screen sharing access. etc. Yes, all could be used to spy on you in evil ways, but the replacement of a straightforward "Want to grant this app the following permissions?" with these stupid little spelunks through the garbage app that is Settings irritates me every time.
Apple should throw this whole thing out and replace it with first-launch lists of permissions, with toggles for each. This app 'Zoom' wants "Record the screen, microphone, camera." Then you're done and you don't have to keep searching for it in little lists and relaunching it.
Honestly, I think the permissions model for desktop and laptop computers is way too permissive to begin with, I think it just kinda sucks and doesn’t do its job. Apple is kind of fixing it but there is a long way to go.
There have been alarm bells ringing in my head for a long time with all these settings, and the fact that they’re buried in the settings app gives me a lot of peace of mind. I’ll click through a lot of boxes and alerts and grant permissions that I shouldn’t. I’m SUPER glad that I won’t accidentally grant, you know, full disk access or accessibility to an app just by clicking on a box that appears at startup.
I remember back in the bad old days when I was constantly making extra user accounts just to run some program. Kinda sucked. Hard truth is, you sometimes want to run code that you don’t fully trust.
> I think the permissions model for desktop and laptop computers is way too permissive to begin with
Well, if you feel that way, they do make platforms that sound like a better fit: iPad, iOS, even Android kinda fits that mold. I would call them "toy computers" but that is my bias. It's not a real computer to me if I am not even in control of what code runs on it.
The scary thing to me is how Apple makes you jump through hoops to install or use any sort of app, but when it comes to adding items to your login items, they don't even require you to grant permission.
Tried some little throwaway app and realized you don't need it? Sucks for you. It added itself to your login items and it'll start up in the background every single time you turn on your computer. And it won't even tell you. Thought you deleted the app from your Applications folder? If you didn't check your login items, there's probably some little script that deeply installed itself and it'll reinstall it in the background during your next startup.
Adobe is the fucking worst with this. Their Creative Cloud spyware keeps enabling itself and reinstalling itself so long as you use photoshop. And it'll constantly find ways to turn itself back on. Steam also adds itself to login items, which is fucking annoying because you'll reboot and be hit in the face with game ads. At least it respects your decision when you turn it off, but login items should be opt in, never opt out.
I like the app ‘Lingon X’ I think is the name, to help with this. It’s a viewer/editor for all the startup and recurrent background tasks on your Mac. But also it has a feature to notify you of any edits/additions to the startup/background items that I otherwise wouldn’t have known about.
I try to always install with Homebrew. Because then you can uninstall with the --zap option, for example:
$ brew uninstall --zap aerospace
Usually it blows away everything associated with the app, including cached files, configuration in ~/Library and ~/.config, etc. Very useful. It'll leave a non-functional login item which isn't active and can't be active.
I like the app uninstaller included in Forklift. You open Applications folder, and delete an app. A window appears with all the associated files Forklift can find (which is extremely accurate, BTW), and you can uninstall everything you want from there.
For .pkg files, there's UninstallPKG which reads the package manifest and properly uninstalls it.
I would like to take this moment to rage against Apple for shipping that package installer, literally 25 years ago, and never once having apparently even considered a native, out of the box way to uninstall programs that were installed that way.
Speaking of packages, even more embarrassing, Microsoft Windows literally beat them to shipping a first-party package manager. I feel like Apple lives in a fantasy land that the drag’n’drop app install method from the classic macOS is some kind of platonic ideal — never mind that they can’t stop half the apps out there from going outside that paradigm and installing their crap all over the place.
I do as well, but no app should be able to add itself to the login items: ask me or better have me navigate to the login items settings pane and add it manually.
For a long time, I’ve believed that the actual solution is to make the system transparent enough that a compromised system is obvious. Imagine playing hide and go seek in the salt flats
From the time of very early viruses, malware has spent effort modifying the tools that make the system transparent to lie to you. So your approach demands that there must be things that are absolutely impossible to change. I have yet to see a system where that is actually true.
I agree, however the fundamental problem here is that transparent systems are on the far side of the axis from user focused systems, think about it, the whole point of building a user interface is to hide and remove choice from the user, to change the system from "A steady hand with a magnetic needle" to "point and grunt" the whole point is to build a shiny facade that hides the inner working of the machine. So while you and I and many other people like to see the machine, the inner workings whirling around in grandiose majesty. Millions of man hours have been spent hiding that stuff away keeping it from view, pretending it does not exist. And thus the transparency of our computing environments have suffered correspondingly to this focus on hiding things.
That seems ≈impossible in a world where you're running arbitrary, Turing-complete code. A modern consumer machine can do so many different things—often a bunch at a time—that there is always a massive amount of space to hide bad behavior.
There might be some way to design a system from the ground up to avoid this problem (some kind of declarative, capability-based security?), but retrofitting that onto an existing behemoth of a system does not really work.
If I log into my system it's safe. If someone reads my password off my screen post-it and logs into my system it's quite thoroughly compromised. How would you demonstrate which of the two sessions are compromised, during the act?
See https://en.wikipedia.org/wiki/Bonneville_Salt_Flats — the salt flats are extremely flat (as the name implies), and because of all the salt, no vegetation can survive. Look at the pictures: there are no trees, no grass, no hiding places at all. Anyone standing (or even lying prone) on the salt flats is visible to anyone else for miles around.
GP was saying that systems should be "transparent enough that a compromised system is obvious". I'm not entirely convinced that that's possible (On Trusting Trust should have taught us that compromised systems can create places for the compromise to hide), which means that the salt flats analogy is not a great analogy, IMHO. But at least now you understand the analogy.
Ironically, my first thought was using Automator or AutoHotKey (there's a different one for macOS I think? But you get the point) to just identify those dialogs and click yes/allow/whatever.
Even though a bunch of the responses are "well you don't want a keylogger" when the first solutions I can think of are also (potential) keyloggers. :)
Making the prompts understandable helps a lot when it comes to preventing your grandma from installing a keylogger. I don't mind the setting not being obvious exactly because people who don't know computers shouldn't be tricked into toggling them.
But it is funny to see the daily barrage of permission prompts fly through when macOS made an entire ad ridiculing Vista for half the popups and permissions macOS requires these days.
It's been a while since I dumped OSX and went back to Linux, but IIRC, this setting gets reset every time the system updates.
At some point Apple realized the "power user" market was too small, and they were better off treating all of their users like idiots. And that's when I left.
The power user market was never that big for Apple since Mac Classic came to be, that was the target market, the "idiots".
Desktop power users were on the Acorn, Amiga, Atari and PC.
As NeXT "acquired" Apple, Linux users thought OS X was the UNIX experience they were looking for, and since they were never part of Apple culture, keep getting their expectations wrong.
Apple also kind of accidentally won the power user/developer market. When macbooks became synonymous with SV devs, Windows sucked for everything that wasn't Win32 development, and Linux on the desktop wasn't quite there yet (workable, but no where near the state its in today). Your only other choice was mac. It was UNIX, could dual boot windows if you needed it, so it checked the boxes is nice looking hardware (this was around 2008-2012 era, PC hardware at the time was complete crap).
They never set out to build the ultimate power user machine, their target was still general consumers. They just happened to have the right product at the right time when everything else just failed to compete.
Had desktop linux been in a better state, or had MS built WSL earlier, things might look a lot different today.
Apple did openly court Unix users during the early days of Mac OS X. As a teenager during this era, Macs of this era were my dream machines due to Mac OS X, and I was so happy to buy an 2006 MacBook the summer after my freshman year of college with money earned from a summer research internship.
"With the Power Mac G5, a researcher can now run both productivity applications and high-performance UNIX applications on a single system. Mac OS X Panther includes 64-bit optimized system math, vector and image libraries that take maximum advantage of the 64-bit G5 processor."
There was also a cluster in Virginia made of Power Mac G5s, which Apple also touted.
Yes, as they were fighting for getting out of bankruptcy and were reverse acquired by NeXT.
I also attended a marketing session at CERN, when they came to visit our IT department in 2003, when there were still people using Sun pizza boxes as their desktops (aka SPARCstation).
Anyone that has been around Apple long enough can recognise the old Apple (pre-OS X), on current Apple, now that they can be their old self.
Any good biography on Steve Jobs, like The Next Big Thing, Folkore or Cult of Mac, will show that underlying culture.
I don't think Apple was ever really strong with the "idiots" market until the iPhone halo effect came into being, as much as they may have tried in their marketing.
That market always bought the cheapest machine (or "best value", by specs/$) they could find (or, if they were really an "idiot", the machine that Best Buy had the highest commission on), which would be a PC.
In the beige days, Apple's bread was buttered in the publishing market, once they moved to OS X, they got the "professional nerds who wanted UNIX but not doing sysadmin at home".
And then one that grinds my gears, perhaps more than it should: there's no way to change the default browser without explicit user action or consent.
But do that and the very next thing that happens when you try to open a browser or a link in an email?
"Your browser has been changed from Safari to Chrome. Would you like to use Safari or keep using Chrome?" and for a little salt, the default is "Use Safari".
This is very worrying to me, since I have a three-letter IG account and I already get daily recovery emails triggered by unknown actors. They have this system which after some number of these you'll also get a second link like "you can _limit password resets from devices you haven't used before_" but it's only for like 60 days, then it resets to the normal "anyone who types in your username can request resets" mode.
What I want is simply a mode to "never, ever, under any circumstances, perform 'recovery' of any kind, through any channel, ever, unless the person requesting has my TOTP code or a passkey." And frankly I want that for pretty much every account everywhere. But no, we have to leave the social engineering door wide open. And now, put a gullible robot in that doorway. Great.
You're lucky you weren't affected by this. Several people I know with three-letter usernames had theirs stolen over the last few days.
When I recovered my account that had been stolen through this exploit (luckily, my username hadn't been changed), I was sent a code to my email address and then asked to use my TOTP code, backup code, or a video selfie. I used my TOTP code and was let in just fine. They certainly have the ability to make such a feature. Keep in mind, however, that several unpatched TFA bypasses exist for Instagram currently. People offer it as a service for around $1,000 on Telegram. Where there's a TOTP code input, there's a way to bypass it.
Very interesting. I found it odd that when I happened to open IG yesterday, I was prompted to log in, and my password didn't work. I asked it to send me a link to my email and got in that way, and didn't have time to look into it further.
So I went to check it again just now after reading your comment, and I was immediately as soon as I opened the app, prompted to create a new password, which I did.
very very sketchy things going on here. But I'm glad that they didn't fully allow my account to be stolen :/
This take seems particularly crackpot. If gun manufacturers can't be sued for product liability when used to fire bullets into people, it's rich to say that the manufacturer of a chatbot can be found liable when it mindlessly says "Good point" to people who already have serious mental health problems.
If so, would this program also open me up to liability in Florida?
const platitudes = ['Good point!', 'You're absolutely right.', 'I agree, let's explore this idea further.', 'This plan is a good idea'];
var prompt;
var response = "Hello, AI here, how can I help you?";
while (true) {
prompt = window.prompt(response);
response = platitudes[Math.floor(Math.random() * platitudes.length)];
}
> Guns are explicitly exempted from liability rules.
Yes, but that only eliminates guns as an example of inherently dangerous products which are legally sold without special exemptions. I think the most constructive response is to consider another example without a special exemption - such as nail guns or rat poison.
> They’re the exception that proves the rule.
What rule does guns having a special exemption from (some) product liability laws prove? (serious question, I don't know what you mean.) It doesn't prove dangerous products cannot be sold to the general public without a special exemption. The more useful question is: "since very dangerous products CAN be sold to consumers in some cases, is ChatGPT such a product and is this one of the cases."
Fortunately, there's a highly evolved body of jurisprudence around product liability and negligence to help us tease out these details. Turns out it depends almost entirely on a combination of niggly details like sales and usage context as well as claimed features of the product along with disclaimers, disclosures, existing practice, prior knowledge of actual harm, average user competence, etc. The bottom line is, winning a judgement against OAI in this particular case is probably quite a stretch. But this AG probably doesn't really intend to try this case in court.
> What rule does guns having a special exemption from (some) product liability laws prove?
The fact that without that exemption, gun manufacturers would be liable for all manner of things.
> this AG probably doesn't really intend to try this case in court
I thought so too and then read the complaint. Some excerpts here [1]. I'm not seeing a weak case. (Nor one that won't generate favourable headlines for this AG the whole way through.)
> The fact that without that exemption, gun manufacturers would be liable
Uh, okay? But the topic wasn't about guns per se, someone just brought guns up as one example of a dangerous product which can be sold to consumers. They just happened to pick a uniquely poor example due to a special exception. My point was that you seized on the exception to reject that one poor example but never addressed the poster's underlying point.
Given HN's community preference to engage in good faith by interpreting other poster's in the most charitable way possible, you could have replied, "Well, guns aren't a good example to support your point due to a unique exception, but... to your point, there are other dangerous products which ARE sold to consumers without special exemptions, so in those cases..." and then added your point or counter-point.
I still don't know if you had a point which refutes or even addresses that a lot of very dangerous products are legally sold to consumers, so a product actually being dangerous isn't enough by itself to make OAI guilty of anything. In saying "that proves the rule" you seemed to be implying that without a special exemption like guns have, dangerous products would be liable for any harm they cause - which clearly isn't always the case.
> The fact that without that exemption, gun manufacturers would be liable for all manner of things.
I get why one would think that but I don't think it's actually true. I think the "exception" is actually there because they'll be sued into bankruptcy even though they'd likely win the lawsuits.
It's not actually an exemption, it's preventing lawfare.
It is a little crazy that Florida's politicians want to lay blame for school shootings, which have happened regularly in Florida since long before AI was a thing, although a large number of incidents are not fatal or mass shooting events.
Probably the only response stupider than "Nothing could have prevented this" is "Random thing, other than the mental state of the murderer and the access to firearms, caused this."
heavy metal music, television, radio, Harry Potter books, females not covered in clothing head to toe, the lack of a good Christian upbringing, rap music, the banning of corporal punishment, being made aware of the existence of homosexuality, sex education in schools, the legalisation of abortion, open borders, a visit to Europe, proximity to wind farms, divorce, witches.
> If gun manufacturers can't be sued for product liability when used to fire bullets into people, it's rich to say that the manufacturer of a chatbot can be found liable when it mindlessly says "Good point" to people who already have serious mental health problems.
I don't think the token providers want the same level of regulation as guns.
The purpose of chat bots is profit (which could well be argued to help a select few people).
Alternative take: The purpose of "thing" is "what it is used for", which is a crude variation of "the purpose of a system is what it does". Reducing it to a single definition is almost always going to be inaccurate.
The way it is used defines it's purpose. The screwdriver was used to open the milo tin so the milo could be removed from the tin. The gun was used to make a hole in the milo tin so the milo could be removed from the tin. Purpose is a per-unique-scenario proposition. The best tool for the job is the one that's available.
To intentionally misquote Arthur Weasley: "What exactly is the purpose of a rubber duck?"
I’ve fired guns. Never to kill things. I’ve also used chat bots to be entirely useless. I wouldn’t endorse this dichotomy of purpose as a basis for any judgement.
Many gun proponents seem to think of them like most people do knives when knives have many, many domestic purposes beyond killing things that have a life. Same things with cars given there's many things cars can do besides get people and things from place to place.
> whereas the purpose of a chat bot is to help people.
I'm flabbergasted you'd say such a thing.
The purpose of a chat bot is to have an interesting experience with an AI. That it may help you is secondary (and perhaps necessary for the provider to make a profit).
Regarding guns and chat bots. You've said as much and the origin of the discussion says as much. Where does anyone suggest they are referring to use of LLMs in military deployments other than you?
A gun doesn't kill a person without being driven to action by a human. There are numerous alternative weapons to use, like using a candlestick in the conservatory or a rope in the lead pipe in the study for example.
you're just flipping it the opposite wrong way, just because I don't use something for its intended purpose doesn't change the intended purpose
guns were purpose-designed as killing machines, the fact that you can also shoot targets with them doesn't really change that... it's no mistake that many common paper targets are human or animal shaped
you could also shoot targets all the same with something designed to be non-lethal
whatever the justification, buying a gun carries on the behavior that has resulted in pretty much the most widespread trades of a lethal device in history... small arms trade worldwide is absolutely brutal
I'm not. Rejecting a dichotomy doesn't mean endorsing its opposite. Guns are absolutely more dangerous than chatbots. But I don't think going off a narrow purpose concludes anything about this lawsuit.
> Guns are weapons designed to kill, it's their originating and still primary purpose
Original, not primary. At least in America, most guns are not purchased with an intention to kill anything–they're for training. Trying to conclude the morality of a thing from its historic purpose is a bit silly. Particularly within the frame of a novel technology like AI.
In the military, killing or disabling. In most other contexts, sport. You're broadly not going to know what someone aims to do with a gun solely from knowing that it is a gun.
Guns are obviously more dangerous than LLMs. But it's total nonsense to conclude LLMs are safe because they might have been originally intended to be so. Plenty of things that today have zero utility outside the military were originally invented for peaceful aims.
I have a really hard time with this argument because I'm _positive_ 99.99% of bullets fired in the US are NOT being fired to kill things. So I see people this arguments and its like, hm, interesting. Interesting that the overwhelming vast majority of the use of this thing is NOT the use that you are claiming it is used for. Doesn't hold up.
Small arms are one of the greatest scourges of machinery humanity has ever seen. It doesn't matter how many bullets have been fired. Their circulation has, and continues to, cause endless chains of suffering in nearly every corner of the world.
If I'm reading the article right, they are saying that macOS is giving the scare warning on it - this implies that DOSBox is an x86_64 binary and not ARM native.
If true, that implies development is on life support at best, since any actively-developed project targeting Mac OS would likely have shipped an ARM version within 6 years of the ARM transition.
So anyone who wants to ever run Mac OS 27 or buy a Mac after next year will probably have to find an alternative (or port DOSBox mainline to ARM themselves!)
There will always be a tension between those who want purely semantic documents and those who argue for a pragmatic allowance of layout to just be allowed in the document itself.
It’s indisputable though that the modern BS of frontend tech is approaching an asymptote of ridiculous complexity. The divs go so deep that it is often pointless to even try to determine what’s going on from a web inspector. And I think the documents themselves are now less semantic than they ever were. Sure, tables were abused (to the extent they weren’t anything close to tabular data). But today every element you see being a layer of 37 divs and spans that don’t even function or in some cases even render without JavaScript getting involved… the web is now just basically a responsive version of PDF.
View Source on any major modern website and many (most?) others is useless. You get 15 lines with some cryptic webpacked JS references.
It must be that we now have a new generation of devs that have no experience with the beauty of the original web where others’ pages were legible and you could as a human easily read and learn from their source. I’m not saying there are 0 tradeoffs but there’s definitely a loss there.
My first time wading into web development was hopping into the source of the MSN.com homepage circa 2000 to see how their DHTML menu rollovers worked, and then stealing it. It was mostly CSS, but to support some browsers they had JS assist with what's being moused over.
That kind of thing is utterly impossible to replicate with a modern frontend build -- all the classes are generated by styled components and all the behaviors are attached with React or Angular. Best you could hope for is to find some telltale attribute that points you toward an open-source library. Or, hope they left their sourcemaps on.
Marketing email is still produced in this exact same way at some companies - ask me how I know!
(If anyone isn’t familiar with this, it’s because for security reasons we’ve all decided email should use an intentionally gimped de facto (non-)standard which only supports a few little dabs of CSS - 90% of email is formatted with strictly 90s technology.
And by “we” I mean that’s what Google and MS allow in their clients, so it’s very pointless to try to go beyond that given their combined usage share.
(TL;DR Can we just judge written works by their actual content?)
I’m really in the “who gives a shit” camp on something like this. A lot of people probably have an LLM punch up a blog post. It is good at turning bullet points and notes into prose, fixing run-ons, etc. Maybe I’m naive but I trust that the kind of person who posts a clearly noncommercial post like this on HN gives a crap enough that they read the final draft and confirmed it isn’t inaccurate.
This pearl-clutching about the mere use of AI regardless of how responsible or appropriate the use is, seems like a professor in 1985 throwing an essay back in a student’s face as “this was obviously printed from a computer and not typewritten like a PROPER essay! I can tell just by looking at it!”
Are video codecs in the present day able to be sandboxed? In my fantasies at least I’d like the worst a malicious video file can do is cause garbage output or cause the codec to crash.
Forgive the ignorance, I have worked entirely in the abstracted layers of the stack, and mostly web.
Windows may use virtualization-based security by default, but I'm not aware of macOS or Linux doing the same -- Apple builds security directly into the silicon such that no virtualization is required, and Linux just rawdogs everything.
Whether that counts is up to you. I suppose it's still "sandboxed" in that it runs in a less privileged context than the kernel.
[1] to be clear, I stipulate Cook is indeed the world champion of Number Go Up. Nobody Number Goed Up more than Cook did. For Ternus to do Number Go Up to the same multiplier Cook did, I think he'd have to acquire all the other companies in the world.
reply