In Bulgaria we have a similar speed reduction strategy but we are a bit ahead of Sweden:
We use medium-radius but very deep potholes. If you lose attention for even a split second, you are forced to a full stop to change a tire.
Near schools it gets more "advanced": they put parked cars on both sides of the road, and the holes positioned so you can't bypass them. For example, two tire-sized holes on both sides of the road right next to the parked cars. You have to come to a complete stop, then slowly descend into the hole with the front wheels, climb back out, and repeat the process for the rear wheels. Occasionally, even though we (technically) have sidewalks, they are covered in mud or grass or bushes, so pedestrians are forced to walk in the middle of the road. This further reduces driving speed to walking pace and increases safety in our cities. Road markings are missing almost everywhere and they put contradicting road signs so drivers are not only forced to cooperate but also to read each other minds.
That’s genius but one has to ask: how much does it cost to maintain these speed restricting features?
In the UK, the cost of owning a car is high yet our potholes, while frequent, are small enough to survive. Thus being more of an annoyance rather than a speed restriction.
I came here to ask exactly the same question - i use temp addresses for lots of scammy-looking services. I don't even care to read what the email or domain is. I guess there is no way to enter the US?
Does that mean that finally some Ubisoft executive can have jail time when they shut down the servers and I no longer have access to my fancy hat I bought few years ago? The case would be even more clean because there would be real world money involved. - Just thinking...
If they enter the UK, then theoretically, maybe? But realistically: Good luck convincing a prosecutor to charge them.
According to the court opinion[0]:
It is for all these reasons that anything in the contractual documents between Jagex
and the players, or in the civil law more generally, which would preclude the player
having any enforceable private law personal property rights in the gold pieces, is not
determinative as to whether they are property for the purposes of the definitions in the
Theft Act.
The court draws a comparison to precedent where drug dealers stole illegal drugs from other drug dealers, which were also found to be "property" as defined by the Theft Act[1]:
It was confirmed in R v Smith (Michaael Andrew) [2011] EWCA Crim 66 that illegally held
Class A drugs are property within the meaning of the Theft Act and are capable of being
stolen. A theft or robbery amongst rival drug gangs can be indicted as such, because the
criminal law is concerned with the public order consequences of preventing such behaviour,
notwithstanding that it would be contrary to public policy to recognise any property
rights for the purposes of civil enforcement between drug dealers.
The court then approvingly quotes another judge, who in turn quotes Smith's Law of Theft, 9th ed.:
"[...] The criminal law is concerned with keeping the Queen’s peace, not vindicating
individual property rights." That observation articulates the principle to be applied in
the present appeal.
So, by that logic, if gamers start doling out murderous retribution against Ubisoft execs for "stealing" their in-game hats, the fact that the gamers have no enforceable property rights in those hats is irrelevant, and the responsible executive(s) could be found criminally liable under the Theft Act because "stealing" gamers' in-game hats threatens the King's peace.
I use the Monday personality. Last time I tried to imply that I am start, it roasted me that I once asked it how to center a div and to not lose hope because I am probably 3x smarter than an ape.
And also it would be good to limit the ban duration with a law. For example manslaughter can be 5 years in prison.
So if google decide to ban your account because you send your doctor a photo of your son for medical purposes, they are not allowed to ban you for more than 5 years and then they must restore full access to your account.
I think for these big companies as well, they should have to have a more targeted punishment. Since having access to an Apple or Google device is increasingly mandatory in many countries (often as a result of government legislation!), getting that cut off is more impactful than other services.
So like, if you get caught, red handed, absolutely 100% you, performing gift card fraud, the maximum punishment from Apple should still be getting banned from the gift card system (buying or redeeming). And if they want more consequences for you because they think you’re running a fraud ring, they should have to sue you like a physical store would. But not lock you out of the rest of the ecosystem. Otherwise you get the false positives getting the digital death sentence Apple tried to hand out here
I fear that this would lead to everyone being allowed exactly one account -- why would you need more than one if the one you have can never be fully deactivated? -- and that account would be tied to your human identity forever. Which would go about as well as any other attempt to solve Sybil problems.
How about, if they ban someone, they must give their evidence to the government to prosecute the alleged crime, and if the government refuses (within X time) or loses, then the account is restored.
Otherwise if Google really thinks a child is being abused in that case, why aren't they reporting it to the police instead of turning a blind eye? Does Google want child abuse?
Jill Bearup posted a video about this a while ago, showing a short and the original side by side: https://www.youtube.com/watch?v=kd692naF-Cc (note the short is shown at 0:31)
Edit: The changes made by the ai are a lot more vissible in the higher quality video uploaded to patreon: https://www.patreon.com/posts/136994036 (this was also linked in the pinned comment on the youtube video)
It must be my eyes and the small screen on my phone. I couldn’t find any differences in the video on Patreon, which was annoying enough to watch with the actual comparison clip being just a couple of seconds or so, and I had to rewind and check again. I wish it had shown more of the comparisons. Most of the current video was just commentary.
Same here, on a big screen, I don't see anything notable. I really hope this isn't a mass delusion because YouTube started applying a sharpness ("edge enhancement") filter to videos to make them look sharper. It sure looks like that to me, because I hate this filter and how so many movie transfers have it added, with the ringing at the edges this filter leaves.
Yeah I also can't see the difference on the high quality video. I am on my phone though tbf.
Also, minus 100 points to Jill for being happy about being able to use AI to automatically edit out all the silence from her videos. That's far more annoying than any barely perceptible visual artifacts.
It’s because you’re looking for some kind of “smoking gun” AI transformation. In reality it just looks like the YouTube one is more compressed and slightly blurred. Some people are apparently just learning that YouTube recompresses videos.
Ok, I am getting mad now. I don't understand something here. Should we open like 31337 different CVEs about every possible LLM on the market and tell them that we are super-ultra-security-researchers and we're shocked when we found out that <model name> will execute commands that it is given access to, based on the input text that is feed into the model? Why people keep doing these things? Ok, they have free time to do it and like to waste other's people time. Why is this article even on HN? How is this article in the front page? "Shocking news - LLMs will read code comments and act on them as if they were instructions".
This isn't a bug in the LLMs. It's a bug in the software that uses those LLMs.
An LLM on its own can't execute code. An LLM harness like Antigravity adds that ability, and if it does it carelessly that becomes a security vulnerability.
The problem is a bit wider than that. One can frame it as "google gemini is vulterable" or "google's new VS code clone is vulnerable". The bigger picture is that the model predicts tokens (words) based on all the text it have. In a big codebase it becomes exponentially easier to mess the model's mind. At some point it will become confused what is his job. What is part of the "system prompt" and "code comments in the codebase" becomes blurry. Even the models with huge context windows get confused because they do not understand the difference between your instructions and "injected instructions" in a hidden text in the readme or in code comments. They see tokens and given enough malicious and cleverly injected tokens the model may and often will do stupid things. (The word "stupid" means unexpected by you)
People are giving LLMs access to tools. LLMs will use them. No matter if it's Antigravity, Aider, Cursor, some MCP.
I'm not sure what your argument is here. We shouldn't be making a fuss about all these prompt injection attacks because they're just inevitable so don't worry about it? Or we should stop being surprised that this happens because it happens all the time?
Either way I would be extremely concerned about these use cases in any circumstance where the program is vulnerable and rapid, automatic or semi-automatic updates aren't available. My Ubuntu installation prompts me every day to install new updates, but if I want to update e.g. Kiro or Cursor or something it's a manual process - I have to see the pop-up, decide I want to update, go to the download page, etc.
These tools are creating huge security concerns for anyone who uses them, pushing people to use them, and not providing a low-friction way for users to ensure they're running the latest versions. In an industry where the next prompt injection exploit is just a day or two away, rapid iteration would be key if rapid deployment were possible.
> I'm not sure what your argument is here. We shouldn't be making a fuss about all these prompt injection attacks because they're just inevitable so don't worry about it? Or we should stop being surprised that this happens because it happens all the time?
The argument is: we need to be careful about how LLMs are integrated with tools and about what capabilities are extended to "agents". Much more careful than what we currently see.
I remember back in the 90s that Squid was adding this header while acting as a forward proxy. This header was sent across the internet years before someone have ever dreamed of the concept of a "reverse" proxy. I have not fact-checked but I am pretty sure it is older than IPv6 and the original standard was to add this header at the origin and send it across the whole internet.
I self host and I have something like this but more obvious: i wrote a web service that talks to my mikrotik via API and add the IP of the requester to the block list with a 30 day timeout (configurable ofc). It hostname is "bot-ban-me.myexamplesite.com" and it is like a normal site in my reverse proxy. So when I request a cert this hostname is in the cert, and in the first few minutes i can catch lots of bad apples. I do not expect anyone to ever type this. I do not mention the address or anything anywhere, so the only way to land there is to watch the CT logs.
Well, logically you should be able to keep the old name because you have documented proof that your user base in EU is small enough that this should NOT cause any confusions between your name and the new trademark holder. Just keep the cancellation documents as proof that you use this name but not in EU.
This is their claim and not yours, right? The other possibility is that if you have enough users in EU you should also keep the trademark. Only one of these can be true?
Also note that I already lost some court cases using my logic.
reply