☆ Yσɠƚԋσʂ ☆

  • 2.26K Posts
  • 2.64K Comments
Joined 6 years ago
cake
Cake day: January 18th, 2020

help-circle










  • Oh just can’t continue down the thread, might have to start a new one. I basically can’t reply below this reply anymore. :)

    And yes, it’s not a given that it will happen, but we are very much moving towards that becoming a real possibility. The reality is that Russia needs to restore deterrent, and doing nothing will only mean continued escalation on the part of the west because there are no consequences.

    There is of course a second view here which is that European economies are imploding, and it’s possible that regime changes might actually start happening in major European countries. The winter isn’t just going to be bad for Ukraine, it’s going to be very bad for Europe too. European gas storage is already tapped out, and there’s no way to refill thanks to the war on Iran that’s ongoing. https://energynewsbeat.co/international-news/europe-is-at-its-lowest-gas-storage-in-15-years

    A political crisis in Germany, France, or UK is extremely likely at this point. So, Russia simply absorbing the current escalations may be a rational strategy. Doing something like strikes in Europe could be counterproductive if Russia expects Europe to collapse politically and economically in the near future.

    Meanwhile, the whole Anchorage thing has a second dimension to it which is creating a lot of tension within NATO. The war isn’t really about Ukraine in the end, and if Russia thought they could peel the US off from Europe then it was worth pursuing that. Ukraine is just a proxy here the west is using, but the real problem is with NATO itself.



















  • Yes, these are absolutely things humans struggle to do. And finding more exploits faster is literally better.

    Again, you just keep ignoring what I write here and you clearly don’t understand how these tools are actually used. You’re not just having LLM come up with some hypothesis at random here. You use the tool to do the attack. I don’t know why this bit of information is so hard for you to process.

    Also, it should be obvious why it’s hard to find correlations in a large set of data than in a small one. Go think about why where’s waldo is hard for humans.

    Or not. Maybe for you it would be, but not for a trained researcher.

    Maybe you should stop trying to debate a topic you’re very clearly not qualified to have an opinion on. It doesn’t matter if there are intermediate steps which are necessary to make or not. The discussion is about exploits. Either you get unauthorized access or you don’t. Either you have a hole in your system or you don’t.

    And as I’ve repeatedly explained to you, and you studiously ignored, finding and exploiting these vulnerabilities is part of the same process. The LLM tests what it does against a live system, and it builds the exploit step by step.

    Also, here’s what Linus has to say on the subject since you’re just going to ignore anything I say. https://www.theregister.com/security/2026/05/18/linus-torvalds-says-ai-powered-bug-hunters-have-made-linux-security-mailing-list-almost-entirely-unmanageable/5241633



  • What I’m saying here is that the way you actually use LLMs is by having them go through the steps of the exploit. It makes a hypothesis and then it tries it, and then you see the result. There’s nothing to be fooled by here because the steps it takes either work or they don’t.

    The reason LLMs are much better at finding these vulnerabilities is because a human can’t keep a large codebase in their head all at once. If you look at a project like Lemmy for example, there’s a ton of code in it. You have to be an expert in what that code is doing, how the moving pieces relate to each other, and the domain itself to find the exploit. The LLM can zero in on the problems much easier, and actually take the steps to try the exploit. For example, for the case I mentioned with piefed, the issue was very subtle way the oauth token was being misused. It wasn’t localized in one place where auth was done, but manifested in a different part of the codebase that relied on it. Something like that would take a lot of dedicated work to find manually.