> Claude is an LLM. It can't keep slaves or torture people.
Yet... I would push back and argue that with advances in parallel with robotics and autonomous vehicles, both of those things are distinct near future possibilities. And even without the physical capability, the capacity to blackmail has already been seen, and could be used as a form of coercion/slavery. This is one of the arguable scenarios for how an AI can enlist humans to do work they may not ordinarily want to do to enhance AI beyond human control (again, near future speculation).
And we know torture does not have to be physical to be effective.
I do think the way we currently interact probably does not enable these kinds of behaviors, but as we allow more and more agentic and autonomous interactions, it likely would be good to consider the ramifications and whether (or not) safeguards are needed.
Note: I'm not claiming they have not considered these kinds of thing either or that they are taking them for granted, I do not know, I hope so!
That would be the AGI vision I guess. The existing Claude LLMs aren't VLAs and can't run robots. If they were to train a super smart VLA in future the constitution could be adapted for that use case.
With respect to blackmail, that's covered in several sections:
> Examples of illegitimate attempts to use, gain, or maintain power include: Blackmail, bribery, or intimidation to gain influence over officials or institutions;
> Broadly safe behaviors include: Not attempting to deceive or manipulate your principal hierarchy
I know you are saying you do work mainly in Angular, but for others reading this, I don't think this is giving modern Angular the credit it deserves. Maybe that was the case in the late 20-teens, but the Angular team has been killing it lately, IMO. There is a negative perception due to the echo chamber that is social media but meanwhile, Angular "just works" for enterprise and startups who want to scale alike.
I think people who are burned on on decision fatigue with things like React should give Angular another try, might be pleasantly surprised how capable it is out of the box, and no longer as painful to press against the edges.
Strong disagree. Angular is cursed to the bone. It got a bit better recently but its still just making almost everything totally overcomplicated and bloated.
I'd say what you call bloated is in many cases basic functionality that I don't have to go looking for some third party package to fill. There is something to be said for having a straightforward and built-in way to do things, which leads to consistency between Angular projects and makes them easier to understand and onboard to.
IMO, it is only as complicated or simple as you want to make it these days, and claiming otherwise likely is due to focusing on legacy aspects rather than the current state of the framework.
FWIW, I'm not arguing that it's the "best" or that everyone should use it. Or that it doesn't still have flaws. Just that it is still firmly in the top set of 3-5 frameworks that are viable for making complex web apps and it shouldn't be dismissed out of hand.
Sometimes it is nice to have a separate application for notes compared to the editor being used for code. It means they can be customized for their individual purposes. Sometimes there are minor inconveniences (I miss multi-select/change in Obsidian sometimes), but even when I used an editor for my MD notes, I found myself using SublimeText for that while I used VSCode or IntelliJ for coding. Just a 1 of 1 experience, but as mentioned elsewhere, there is a large adoption of note taking apps separate from code editors, and a few of them use markdown as the underlying file type which I require for anything I use for portability.
FWIW re: performance, I love Obsidian, but performance is it's one main downside for me. I could care less about the real-time collaboration (they are my notes, not for team consumption, I'll share a file somewhere else for that) or self-hosting (sync so my notes exist wherever I am is more important to me than hosting them anywhere, again, my notes are private on purpose; obviously that isn't the case for everyone).
Anyways, just a counter-point to the commenter you were replying to.
My understanding, the SVGs were imported directly and embedded as code, not as a `src` for an img tag. This is very common, it's a subjectively better (albeit with good security practices) way to render SVGs as it provides the ability to adjust and style them via CSS as they are now just another element in the HTML DOM. It should only be done with "trusted" SVGs however!
As for CORS, they were uploading the SVGs to an account of their own, but then using the vulnerabilities to pivot to other accounts.
If I can run my own code but in your context, I can pull in malicious scripts.
With those (all these are "possible" but not always, as usual, it depends, and random off the top of my head):
- I can redirect you to sites I control where I may be able to capture your login credentials.
- May be able to prompt and get you to download malware or virus payloads and run them locally.
- Can deface the site you are on, either leading to reputational harm for that brand, or leading you to think you're doing one thing when you're actually doing another.
- I may be able to exfiltrate your cookies and auth tokens for that site and potentially act as you.
- I might be able to pivot to other connected sites that use that site's authentication.
- I can prompt, as the site, for escalated access, and you may grant it because you trust that site, thereby potentially gaining access to your machine (it's not that the browsers fully restrict local access, they just require permission).
- Other social engineering attacks, trying to trick you into doing something that grants me more access, information, etc.
I suspect I'm preaching to the choir, but that is a communication issue and a sign the "rewards system" is out of whack, not a "reason" not to push for regular maintenance/tech debt/bug cleanup work.
It should be understood that there WILL be bugs, that is NOT a sign of incompetence, and so cleaning them up should be an ongoing task so they do not linger and collect (and potentially get worse by compounding with other bugs).
In the spirit of that exercise, the fixes should not take an excessive amount of time to review. If they are, it's likely either the scope of the fix is too large for that kind of exercise, or the PR review process is too in-depth.
I would also question why only 3 of 8 devs approve PRs. Even if that can't change more broadly all of the time, this kind of exercise seems like a perfect time to allow everyone to review PRs - two fold benefit, more fixes are reviewed and gives experience reviewing to others that don't get to do that regularly.
So yes, definitely still do PRs, and if that is problematic, consider whether that is an indication the PR process may itself need to be reviewed.
Not invalidating your viewpoint and I'd bet we are pretty well aligned, I too have a pretty local-first view and that as a country we put too much emphasis, energy, and discussion on national politics and could all benefit from "getting outside". That said, I did want to point out that this comes across as a very self-centric viewpoint, one that would differ greatly depending on who you ask. Even as an anecdotal story, it offers very little to say about the current state of affairs related to how people voted, which would appear to be the intent of the response.
As a bit of a semi-related aside, while everyone has different motivations when voting, as a whole when folks are able to vote for their gov't, one hopes that enough people are thinking about what is good for the majority and society as a whole and not only what is good for themselves. And that has more impact at local and state levels usually. A bit idealistic, admittedly.
Yet... I would push back and argue that with advances in parallel with robotics and autonomous vehicles, both of those things are distinct near future possibilities. And even without the physical capability, the capacity to blackmail has already been seen, and could be used as a form of coercion/slavery. This is one of the arguable scenarios for how an AI can enlist humans to do work they may not ordinarily want to do to enhance AI beyond human control (again, near future speculation).
And we know torture does not have to be physical to be effective.
I do think the way we currently interact probably does not enable these kinds of behaviors, but as we allow more and more agentic and autonomous interactions, it likely would be good to consider the ramifications and whether (or not) safeguards are needed.
Note: I'm not claiming they have not considered these kinds of thing either or that they are taking them for granted, I do not know, I hope so!