lc

Karma: 11,153

lc 15 Sep 2025 4:34 UTC
7 points
0
in reply to: Ben Pace’s comment on: lc’s Shortform
The purpose of these audits is not generally to verify with certainty that you’re doing everything you say. That would be very hard, maybe impossible. Mostly you fill out a form saying you’re doing X. If it turns out later after a breach you weren’t doing the stuff you claimed to do during the audit, you’re sued.
We’re doing a PoC right now for a company with >400,000 employees. I am not their security team, and we haven’t sold yet, but on our end everything we’ve run into is normal procurement BS. The main thing that happens as you start to sell to larger customers is that you have to fill out a lot of forms saying your product does not use slave labor and such.

lc 15 Sep 2025 4:29 UTC
8 points
0
in reply to: Max H’s comment on: lc’s Shortform
There is no such thing as directionally correct. The tweet says “If you use Crowdstrike, your auditor checks a single line and moves on. If you use anything else, your auditor opens up an expensive new Chapter of his book.” This is literally and unambiguously false. No security/compliance standard—public or private—requires additional labor or verification procedures for non-Crowdstrike EDR alternatives. The steps to pass an audit are the same no matter what solution you’re using for EDR. Further, as a vendor, there is a very low ceiling for supporting most of the evidence collection required for any of the standards you cite, even at large scale. Allowing your users to collect such evidence (often, just screenshotting a stats page) is not nearly the largest barrier to entry for new incumbents in Crowdstrike’s space.
Further, the larger implication of the above tweet is that companies use Crowdstrike because of regulatory failure, and this is also simply untrue. There are lots of reasons people sort of unthinkingly go with the name brand option in security, but that’s a normal enterprise software thing and not anything specific to compliance.

lc 12 Sep 2025 19:08 UTC
43 points
3
in reply to: Ben Pace’s comment on: lc’s Shortform
It’s not the tweets, it’s the retweets. People’s tweets on Twitter are usually not that bad. Their retweets, and, for slightly crazier people, their quote tweets are what contain the bizarre mischaracterizations, because they’re the pulls from the top of the attention-seeking crab bucket.
I run a company that sells security software to large enterprises. I remember seeing this (since deleted) post Eliezer retweeted last year during the Crowdstrike blue screen incident, and thinking: “Am I crazy? What on earth is this guy talking about?”
The audit requirements Mark is talking about don’t exist. He just completely made them up. ChatGPT’s explanation here is correct; even if you’re selling to the federal government^[1], there’s no “fast track” for big names like Crowdstrike. At absolute maximum your auditor is going to ask for evidence that you use some IDS solution, and you’ll have to gather the same evidence no matter what solution you’re using.
Now, Yudkowsky is not a mendacious person, and he isn’t going to pump misinfo into the ether himself. But naturally if anybody goes on Twitter long enough they’re gonna see stuff like this, and it will just feel plausible to you. It will pass whatever cogsec antimalware blacklists & heuristics you’ve developed for assessing the credibility of things on the internet.
Probably because, like, if you overheard this kind of thing at a party, it would be credible! It’s only on this platform, where people are literally stepping over one another to concoct absurd lies for attention, where people are additionally incentivized to present as having personal expertise in the lie to go slightly more viral, and then an algorithm is selectively boosting the people that do that well enough and effectively enough to the top of your feed, that you encounter this nonsense. And then it goes into your world model, and the next time you see someone claim some crazy thing about how the food industry is in cahoots with Big Chicken you’re more likely to believe it, etc. etc.
1. ^
  And the vast majority of software companies, to be clear, don’t have to do anything like FedRAMP. The largest and most ubiquitous compliance frameworks, like SOC2 or ISO 27001, are self-imposed standards maintained by nonprofits like the AICPA and have nothing to do with the government.

lc 12 Sep 2025 1:40 UTC
43 points
6
in reply to: AnnaJo’s comment on: lc’s Shortform
This framing underplays the degree to which the site is designed to produce misleading propaganda. The primary content creators are people who literally do that as a full time job.
Like, I’ll show you a common pattern of how it happens. It’s an extremely unfortunate example because a person involved has just died, but it’s the first one I found, and I feel like it’s representative of how political discourse happens on the platform:
First I’ll explain what’s actually misleading about this so I can make my broader point. The quote tweeted account, “Right Angle News Network”, reports that “The official black lives matter account has posted a video stating that black people ‘have a right to violence’ amid… the slaying of Iryna Zarutska”. The tweet is designed so that, while technically correct, it appears to be saying the video is about Iryna’s murder. But actually:
- The video the account posted is taken from a movie made forty years ago.
- The account doesn’t reference the murder at all. The only connection that the post has to the murder is that it was made a few days after it happened, which I guess means that it was posted “amid” the murder.
As is typical, the agitator’s tweet (which was carefully designed not to be an explicit lie), is then “quote tweeted” and rephrased by a larger account, who attempts to package the message for more virality. In this case the person just says “Official Black Lives Matter account justifying the murder of Iryna Zarutska”. But that’s not actually established at all! The quote tweeter is just reading a certainty into a tweet that was deliberately engineered to be misread.
This pattern happens everywhere, for every socially charged topic, on every side. “Your enemies are saying X horrible shit” is possibly the most common form of slander on Twitter. It happens especially often when people are posting about stuff that happens on other platforms, because there it’s extremely easy to lack context or mislead people about what’s going on.

lc 12 Sep 2025 1:07 UTC
11 points
2
in reply to: Joseph Miller’s comment on: lc’s Shortform
Only inasmuch he’s a proof-by-example. By that I mean he’s one of the most earnest/truthseeking users I found when I was still using the platform, and yet he still manages to retweet things outside his domain of expertise that are either extraordinarily misleading or literally, factually incorrect—and I think if you sat him down and prompted him to think about the individual cases he would probably notice why, he just doesn’t because the platform isn’t conducive to that kind of deliberate thought.

lc 11 Sep 2025 21:22 UTC
92 points
64
on: lc’s Shortform
I don’t think it’s possible for mere mortals to use Twitter for news about politics or current events and not go a little crazy. At least, I have yet to find a Twitter user who regularly or irregularly talks about these things, and fails to boost obvious misinformation every once in a while. It doesn’t matter what IQ they have or how rational they were in 2005; Twitter is just too chock full of lies, mischaracterizations, telephone games, and endless, endless, endless malicious selection effects, which by the time you’re done using it are designed to appeal to whichever reader in particular you are. It’s just impossible to use the site as people normally do and also practice the necessary skepticism about each individual post one is reading.

lc 9 Sep 2025 19:12 UTC
32 points
25
in reply to: Richard_Ngo’s comment on: ricraz’s Shortform
More generally, leftists profess many values which are upheld the most by western civilization (e.g. support for sexual freedom, women’s rights, anti-racism, etc). But then in conflicts they often side specifically against western civilization. This seems like a straightforward example of pessimization.
Not at all. The trend is that in any given context, American leftists tend to support the ‘weaker’ group against the stronger group, regardless of the merits of the individual cases. They have a world model that says that that most social problems come from “big” people hurting “little” people, and believe the focus of their politics should be remedying this. In the case of Israel-Palestine, Israel and the United States are much more militarily and economically powerful than Gaza, so ceteris paribus^[1] they side with Gaza, just as they side with women, ethnic minorities, the poor, etc. You may disagree with this behavior but it’s fairly consistent.
By contrast, the argument that Israel is a bastion of western values and therefore leftists should support its war against a smaller neighbor is kind of abstract. The immediate outcome of Israel winning the war is just that Israel gets stronger, not that women in Gaza become more free. There’s also a thing there about Gazans being brown and Israelis not, etc...
None of this has anything to do with liberals pessimizing their own values, and it feels like you must have a blind spot somewhere if you’re reaching for that explanation when there’s a much simpler and more obvious one readily available.
1. ^
  Liberals’ protests in support of Palestine are additionally amplified as a result of a media diet that drip feeds them an artificially strong amount of Israeli war crimes, instead of western liberal hysteria.

lc 9 Sep 2025 2:02 UTC
6 points
0
in reply to: testingthewaters’s comment on: ricraz’s Shortform
I seriously doubt Richard recommends any of the regimes/interventions you actually argue against here.

lc 9 Sep 2025 2:00 UTC
65 points
61
in reply to: Richard_Ngo’s comment on: ricraz’s Shortform
This class gains status by signaling commitment to luxury beliefs. Since more absurd beliefs are more costly-to-fake signals, the resulting ideology is actively perverse (i.e. supports whatever is least aligned with their stated core values, like Hamas).
Without commenting on your broader point, I think you believe elites support Hamas because the conservative Twitter feed is presenting you/your circle tailored ragebait, not because elites invert their own utility functions.

lc 6 Sep 2025 19:52 UTC
10 points
0
in reply to: habryka’s comment on: Kaj’s shortform feed
I mean, my normal spread looks like this:

lc 6 Sep 2025 4:53 UTC
2 points
0
on: lc’s Shortform
Two considerations (of many) in choosing an outfit to impress:
- How good/impressive your audience think it looks, aesthetically.
- How good/impressive your audience will expect others think it looks.
Not a fashion expert, but I expect magazines like Vogue serve a social purpose in helping shape #2, just as much if not more than they shape #1 directly.

lc 2 Sep 2025 15:25 UTC
2 points
0
in reply to: xpym’s comment on: Female sexual attractiveness seems more egalitarian than people acknowledge
The other commenters appear to disagree in principle.

lc 2 Sep 2025 1:00 UTC
10 points
0
on: Generative AI is not causing YCombinator companies to grow more quickly than usual (yet)
Disclaimer: I’m an AI YC founder from a recent batch (S24). I have no access to internal metrics about YC’s portfolio, but I keep in touch with some startup founders from my batch, and we trade insights and metrics.
Anecdotally, my sense is that YC has done a particularly poor job of evaluating AI startups. Mostly this comes as a result of not taking AGI seriously, and YC’s general philosophy of picking companies with impressive founders rather than evaluating ideas directly. YC has essentially bet as if AGI is a platform like smartphones and model quality is not going to improve, which at least for the last two years has been very wrong.
There are basically two ways to add value as an “AI wrapper” company. You can either:
1. Try to build scaffolding around AI models so that they’re capable of accomplishing some long horizon task they’re not currently able to accomplish end-to-end.
2. Build an alternative interface that is more useful for a given task than the general chat interface.
Companies in the #1 bucket are the quintessential YC startup of the last few years, something like “An AI that can do your accounting”. The way most of them tackle the problem is by breaking it down into pieces and doing context engineering. Investors love these startups because their potential TAM is huge (“all of accounting!”), they sound like they provide the possibility of deep technical moats, and the utility of the imagined solution is really obvious.
But if you look at the fastest growing companies of the AI era—Cursor, Lovable, Bolt, Windsurf—the majority of their utility comes from providing an interface for something the LLMs can do on their own. In some cases (Cursor, for instance) these companies started by offering custom flows for tasks and then deprecated them in favor of simple AI agents later.
This is because it’s hard to get performance that’s much better than what you get natively from the API. In some cases the scaffolding is important, but more typically the models are either so good they can just OODA all by themselves, or else they’re not good enough to get a startup to product market fit even with scaffolding. And because these models are improving all the time, even if your wrapper is really effective now, often the models improve quickly enough that all of the hard work you’ve done becomes moot too quickly to matter.
As we get closer to AGI I expect these dynamics to start reversing the growth even some companies that have done well so far. For example, YC has funded like 5 PR review companies, including Greptile. In 2023, it was really easy to improve base model performance as a PR review company—just ingest the diff, search for related bits to what’s being changed, and pull those bits into context. But now it’s 2025, and, because PR review is a short-horizon task, it’s been one of the first things to fall; you can get better performance by running Claude code with a github action than by using any of these solutions. I don’t actually know what these companies are going to do in the future other than hope their customers don’t notice.

lc 1 Sep 2025 14:46 UTC
2 points
0
in reply to: dr_s’s comment on: Female sexual attractiveness seems more egalitarian than people acknowledge
Certainly true; by “genetically gifted” I meant more that her face or body was granted some essential goodness that 99.99% of women lack.

lc 31 Aug 2025 15:22 UTC
2 points
0
in reply to: Ape in the coat’s comment on: Female sexual attractiveness seems more egalitarian than people acknowledge
That’s just trivially true, isn’t it? Among women who were already pre-selected to have similar faces, ages and BMI’s to movie starts most of them can be made extremely attractive, with the help of right makeup, clothes, context and so on.
I would think so, but people seem to disagree!

lc 31 Aug 2025 15:20 UTC
7 points
1
in reply to: Nina Panickssery’s comment on: Female sexual attractiveness seems more egalitarian than people acknowledge
I didn’t select their photos because they were successful actors, I selected them because they’re the celebrities most commonly cited as beautiful on the internet, and because they either appear at the top of popular surveys for most attractive women, or are the most viewed women on deepfake websites.
Of course, for any category of sex symbol you put up in a post like this—instagram models, regular models, onlyfans models, actors, singers—you’re gonna get the response “Ah, but those aren’t the prettiest women!” And, fair enough, but I suspect that if you or romeo left an example of a particular woman you find more attractive than Ana de Armas, you’d find that actually a large proportion of observers disagree with you. My thesis is not that you can’t find a woman that you find significantly prettier than her, but that it’s very hard to find a woman who broadly and significantly more appealing.
Also, I feel like what you and Romeo are saying is not actually incompatible with the broader point? It’s a little like if I said that height was normally distributed, and as evidence I pointed out that Kareem Abdul-Jabbar was only 1.5 feet taller than the average human, and someone went “But the tallest person in human history, Robert Wadlow, was 8 foot 11 inches!” If “women more attractive than Ana” are so rare that they don’t rise to the top of acting, music, porn, or modeling, and they’re not generally the ones mating with the highest status men, then of what use is their attractiveness?

Female sexual attractiveness seems more egalitarian than people acknowledge

lc30 Aug 2025 18:09 UTC

45 points

25 comments3 min readLW link

lc 29 Aug 2025 0:37 UTC
10 points
5
in reply to: Erich_Grunewald’s comment on: Erich_Grunewald’s Shortform
An enormous, unconscionable amount of information shared on Twitter/”TPOT” is like this. Plausible sounding anecdotes that get stretched and pixelated through legions of cross-platform and intra-platform quote-tweeting.

lc 28 Aug 2025 18:16 UTC
10 points
0
on: [Anthropic] A hacker used Claude Code to automate ransomware
A good friend of mine works for a company called Outflank, where they basically develop “legal” malware for red teamers to use during sanctioned tests of organizations’ security. He does not have a standard ML background, but for work he recently created an RL environment for training LLMs to generate shellcode that bypasses EDR/antivirus, which they use to great success. He wrote a blog post about it here and gave a related talk at DEFCON this month.
Normies probably underestimate the significance of being able to bypass EDR very quickly and cheaply. This is very critical security control in a large organization where you expect some proportion of your workforce to download malware at regular intervals. Training small models to do these kinds of tasks is possible on a shoestring budget well within the means of black hat organizations, and I expect them to start doing this sort of thing regularly within the next ~year or so.

lc 27 Aug 2025 3:12 UTC
4 points
8
in reply to: Viliam’s comment on: bodry’s Shortform
I actually find that they do appear in the New York Times and other newspapers a lot.

lc

Fe­male sex­ual at­trac­tive­ness seems more egal­i­tar­ian than peo­ple acknowledge

Female sexual attractiveness seems more egalitarian than people acknowledge