Most of this is just marketing crap from Anthropic.

Finding vulnerabilities in code and generating complex, multistep exploits with publicly available models is possible now. This biggest hurdles now is setting correct context and actually knowing what to look for. Any “guardrails” for this behavior are easily bypassed by framing the detection and exploit generation as a valid dev style question in the most difficult of situations.

They likely just trained a model without guardrails in this case.

What they are doing here is over-hyping a problem and framing it like they are the only ones with a solution. LLM security issues are more in-focus now that companies have dumped a ton of resources into building AI systems they don’t really understand.

Companies these days do what is right for their shareholders and if Claude makes money, or appears to make money, then the shareholders are happy.

000, 666 and 900-999 are invalid area numbers and any digit group of all zeros is also invalid. Thanks for playing!

I am making a slightly different point and have a bias to this perspective: https://www.legis.iowa.gov/docs/publications/SD/19230.pdf

I am saying that an SSN can be part of a larger validation scheme, not the only key to the castle. Specifically for government sites, SSNs can be linked to IRS data to verify places of last residence. A person generally needs to verify multiple items that are referenced by the SSN before basic authentication can be established and set by the user. (This is part of the full Authentication, Authorization and Access Control triad.)

An SSN is just a broad level identifier. If you look at many laws around the release of SSNs, the redaction is usually in place to prevent the linking of different documents and other data points.

If I released my SSN in this chat, I could be fully doxxed in a matter of seconds. It’s mainly because there are many legal systems in place that use an SSN as a primary key, of sorts. (It’s a bit more than that, as SSNs can be duplicated in some circumstances.)

So to say, at a high level, an SSN is considered private is absolutely correct. However, it’s so easily referenced and obtainable it really isn’t fully private either.

If I was to generate a full list of every possible SSN in the US (which I have done, multiple times), that list is effectively useless to anyone who obtains a copy of it. So, by itself, an SSN is effectively public.

SSNs are generally considered public information but how the SSN is linked to other information is usually the more difficult bit to find and it’s generally pay-walled. (Any jackass with a business license and a credit card can usually buy background check information for ‘hiring’.)

But no, it shouldn’t be solely used for authentication. That is just dumb. However, it can be used as part of a larger verification and validation scheme while building authentication/authorization profiles. In most systems that I have seen that use full or partial SSNs, it is always linked to several other identifiers that need to match.

69% of developers report losing 8+ hours weekly to inefficiencies—20% of their time (Atlassian, 2024)

Yep. If there is any company that knows what it takes to drive inefficiencies, it’s Atlassian. (Fuck them and their software.)

We expect to see Wi-Fi devices able to detect the distance to other devices that are nearby, not only the distance, but what is the direction to those devices, with the ability to become a sensor to detect distance, to detect the presence of people, to detect gestures," Cordeiro claimed.

“Essentially what we are doing is that we’re going to be able to make devices be context aware, aware of their surroundings, and that’s going to enable and open up the ability for new applications to be developed,” he added.

Yay. Granular tracking. Exactly what we were asking for with a WIFI protocol.

Except for their search engine. It’s completely unusable.

Press stunt to get attention on older cards, maybe?

Do a look-through of that XML folder as well. Images could be base64 encoded in those XML files. I remember several instances where XML was used as a template “language” for old style GUIs. (When XML and HTML diverged, a lot of that kind of thing was happening.)

There are some kind of instructions in this video that go through a logo change process. I don’t know if this helps, but I tried: https://youtu.be/QrobPTgu7C0

Also, does it use some kind of database? The images seem like they would be small enough to jam into a blob and just store alongside regular inventory information. If there is a database, it’s probably third-party. If it’s third-party, I would see if it had its own installer packaged inside of the application installer itself. (A third party database would likely be outside of the main app folder.)

Just dumping random thoughts.

When I use it, I use it to create single functions that have known inputs and outputs.

If absolutely needed, I use it to refactor old shitty scripts that need to look better and be used by someone else.

I always do a line-by-line analysis of what the AI is suggesting.

Any time I have leveraged AI to build out a full script with all desired functions all at once, I end up deleting most of the generated code. Context and “reasoning” can actually ruin the result I am trying to achieve. (Some models just love to add command line switch handling for no reason. That can fundamental change how an app is structured and not always desired.)

Apps are somewhat buggy right now. My shokz will partially disconnect after the first song and exercise audibles are non-existent. (The audio mutes, but the watch still responds to play/pause button presses. This could be just an issue with the shokz app being confused for the time being.)

No difference in GPS connect time from the pixel watch 3, which has been historically buggy at times.

But yeah, random glitches all over the place. It’s tolerable enough and would expect app updates to fix most of them.

*exabyte

If you do the one million terabytes thing, you have to do an evil laugh after you say it. It’s mandatory.

I think a conversation about Hannah Montana Linux could be quite entertaining.

Oh, was I using the correct lingo for hundred year old methane powered shit gushers? I had no idea. Lol!

use spent oil reservoirs

Ok, that lead to some giggles thinking about some company drilling in the future thinking they were about to hit a strangely untapped oil field.

Add a hundred years of methane pressure build up and that could be really interesting gusher.

They should probably find a way to turn humans into mice. It’s a shame to leave billions of dollars on the table like that.

The fan is good, but the orientation seems like it would struggle pushing air between the drives. Maybe a push-pull setup with a second fan?

My general attitude is similar to yours. Let OP figure out that the reporting and blocking is basically just creating more noise that has to gets filtered out and bot supply is basically infinite.

“It’s a learning experience.”