☆ Yσɠƚԋσʂ ☆
- 2.25K Posts
- 2.63K Comments
1·6 小时前Yes, these are absolutely things humans struggle to do. And finding more exploits faster is literally better.
Again, you just keep ignoring what I write here and you clearly don’t understand how these tools are actually used. You’re not just having LLM come up with some hypothesis at random here. You use the tool to do the attack. I don’t know why this bit of information is so hard for you to process.
Also, it should be obvious why it’s hard to find correlations in a large set of data than in a small one. Go think about why where’s waldo is hard for humans.
Or not. Maybe for you it would be, but not for a trained researcher.
Maybe you should stop trying to debate a topic you’re very clearly not qualified to have an opinion on. It doesn’t matter if there are intermediate steps which are necessary to make or not. The discussion is about exploits. Either you get unauthorized access or you don’t. Either you have a hole in your system or you don’t.
And as I’ve repeatedly explained to you, and you studiously ignored, finding and exploiting these vulnerabilities is part of the same process. The LLM tests what it does against a live system, and it builds the exploit step by step.
Also, here’s what Linus has to say on the subject since you’re just going to ignore anything I say. https://www.theregister.com/security/2026/05/18/linus-torvalds-says-ai-powered-bug-hunters-have-made-linux-security-mailing-list-almost-entirely-unmanageable/5241633
What I’m saying here is that the way you actually use LLMs is by having them go through the steps of the exploit. It makes a hypothesis and then it tries it, and then you see the result. There’s nothing to be fooled by here because the steps it takes either work or they don’t.
The reason LLMs are much better at finding these vulnerabilities is because a human can’t keep a large codebase in their head all at once. If you look at a project like Lemmy for example, there’s a ton of code in it. You have to be an expert in what that code is doing, how the moving pieces relate to each other, and the domain itself to find the exploit. The LLM can zero in on the problems much easier, and actually take the steps to try the exploit. For example, for the case I mentioned with piefed, the issue was very subtle way the oauth token was being misused. It wasn’t localized in one place where auth was done, but manifested in a different part of the codebase that relied on it. Something like that would take a lot of dedicated work to find manually.
Thanks for further clarifying you don’t understand what socialism actually is.
And then it’s been clarified to you over and over in this thread.
Yes, and as I’ve repeatedly clarified here, I was making that statment in the context of software.
Again, I’m not disagreeing that you can use LLMs to audit all these things. All I’m saying is that software is by far the easiest place to apply models and actually try out exploits end to end.
Sure, you can do all that as well, but the context is an article about cyber security.
The context here is obviously software exploits given that we’re talking about LLM finding them.
No, I’m a software developer.
reading comprehension is really not your forte is it?
I have actually, but I don’t see how that’s relevant to being informed on China.
Yes, quite extensively in fact. That’s how I found a massive security hole in piefed that I mentioned earlier in fact.
And I gave you a concrete example of how LLMs both find and exploit these vulnerabilities. It’s quite evident that your disagreement stems from not having actually used these tools to find vulnerabilities.
You’re entitled to your opinion, but finding vulnerabilities goes far beyond simply doing static analysis. LLMs are able to find vulnerabilities that emerge from subtle interactions between different features, where things like keys and security credentials aren’t handled properly, and finding these by hand in a large codebase is nearly impossible.
The very process of finding these vulnerabilities gives you a path towards making an exploit. And the LLM can actually do this laborious process largely autonomously as well. It can probe a site for example, look at the results, and iterate on them. It’s an incredibly effective tool for both finding exploits and testing them out in the wild.
In fact, you can ask piefed devs about their recent security debacle that an LLM exposed and gave a step by step guide for exploiting.
Maybe you should spend a bit of time to actually learn about modern China and then form an educated opinion on the subject. Modern China is a socialist state where the working class holds power, but capitalist relations have not yet been abolished. That’s what socialism is, it’s a transitional state between capitalism and communism.
90% of families in the country own their home giving China one of the highest home ownership rates in the world. What’s more is that 80% of these homes are owned outright, without mortgages or any other leans. https://www.forbes.com/sites/wadeshepard/2016/03/30/how-people-in-china-afford-their-outrageously-expensive-homes
Student debt in China is virtually non-existent. https://www.forbes.com/sites/jlim/2016/08/29/why-china-doesnt-have-a-student-debt-problem/
Chinese household savings hit another record high in 2024 https://www.wsj.com/livecoverage/stock-market-today-dow-jones-bank-earnings-01-12-2024/card/chinese-household-savings-hit-another-record-high-xqyky00IsIe357rtJb4j
People in China enjoy high levels of social mobility https://www.nytimes.com/interactive/2018/11/18/world/asia/china-social-mobility.html
The typical Chinese adult is now richer than the typical European adult https://www.businessinsider.com/typical-chinese-adult-now-richer-than-europeans-wealth-report-finds-2022-9
Real wage (i.e. the wage adjusted for the prices you pay) has gone up 4x in the past 25 years, more than any other country. This is staggering considering it’s the most populous country on the planet. https://www.youtube.com/watch?v=Cw8SvK0E5dI
The real (inflation-adjusted) incomes of the poorest half of the Chinese population increased by more than four hundred percent from 1978 to 2015, while real incomes of the poorest half of the US population actually declined during the same time period. https://www.nber.org/system/files/working_papers/w23119/w23119.pdf
From 1978 to 2000, the number of people in China living on under $1/day fell by 300 million, reversing a global trend of rising poverty that had lasted half a century (i.e. if China were excluded, the world’s total poverty population would have risen) https://www.semanticscholar.org/paper/China’s-Economic-Growth-and-Poverty-Reduction-Angang-Linlin/c883fc7496aa1b920b05dc2546b880f54b9c77a4
From 2010 to 2019 (the most recent period for which uninterrupted data is available), the income of the poorest 20% in China increased even as a share of total income. https://data.worldbank.org/indicator/SI.DST.FRST.20?end=2019&%3Blocations=CN&%3Bstart=2008
By the end of 2020, extreme poverty, defined as living on under a threshold of around $2 per day, had been eliminated in China. According to the World Bank, the Chinese government had spent $700 billion on poverty alleviation since 2014. https://www.nytimes.com/2020/12/31/world/asia/china-poverty-xi-jinping.html
Over the past 40 years, the number of people in China with incomes below $1.90 per day – the International Poverty Line as defined by the World Bank to track global extreme poverty– has fallen by close to 800 million. With this, China has contributed close to three-quarters of the global reduction in the number of people living in extreme poverty. https://www.worldbank.org/en/news/press-release/2022/04/01/lifting-800-million-people-out-of-poverty-new-report-looks-at-lessons-from-china-s-experience
None of these things happen in capitalist states, and we can make a direct comparison with India which follows capitalist path of development. In fact, without China there practically would be no poverty reduction happening in the world.
If we take just one country, China, out of the global poverty equation, then even under the $1.90 poverty standard we find that the extreme poverty headcount is the exact same as it was in 1981.
https://www.currentaffairs.org/2019/07/5-myths-about-global-poverty
The $1.90/day (2011 PPP) line is not an adequate or in any way satisfactory level of consumption; it is explicitly an extreme measure. Some analysts suggest that around $7.40/day is the minimum necessary to achieve good nutrition and normal life expectancy, while others propose we use the US poverty line, which is $15.
https://www.cgdev.org/blog/12-things-we-can-agree-about-global-poverty
And finally, here are a few books you can read on the subject of China’s development.
I guess we’ll see, I think the only potential left is in the media at this point. And that’s precisely why the west is in a panic again.
I’ve found Russian military bloggers are drama queens of the highest order. They’re really not a useful gauge for what’s actually happening.
Also, think about this logically, if the AFU had serious fighting capacity left then they would be defending Sloviansk/Kramatorsk right now instead of doing raids in Zaporozhye. This is by far the most important part of the front. They know they can’t hold it, so they’re doing ‘offensives’ to demonstrate that there’s fighting capacity left. These have no staying power.
Finding them is a prerequisite to exploiting them, and by far the hardest part. Once you know what the exploit is, abusing it is not difficult.
I have actually, but I don’t see how that’s relevant to being informed on China.
we reached max comment depth for the thread :)
I don’t think these strikes undermine Russia’s internal stability in any meaningful way. What they do is harden the opinion that Putin is not pursuing the war hard enough, and that there needs to be direct retaliation against Europe. At this point, I think it’s a very likely scenario to unfold in the next few months if things keep going the way they are. They already named the factories in Europe, so we know what the targets will be.
I expect it will be done exactly as Karaganov is suggesting. First, they’ll do a conventional strike with an Oreshnik, and if Europe doesn’t get the message, it’ll be a tactical nuclear strike next as a demonstration.
And I just cannot imagine how the current regime in Ukraine survives this. That would basically be a return to status quo, and I don’t see how that would be palatable for Russia. Wherever Russia stops militarily, it is almost certain that there will be a compliant government in Ukraine afterwards.
And AFU can dig in, but this has always worked out the same way. I see no reason to expect anything different this time, especially given how the manpower shortage is only getting worse.
Not only do I understand your opinion, I’ve also spent a lot of time explaining the problems with your claims here.
Also, not sure what the lol here is. What the part you highlighted supports my point which is it’s becoming much easier to find exploits, hence why you see more duplicate reports.
Cheers.