lc

Karma: 11,562

lc 4 Nov 2025 22:49 UTC
2 points
0
on: Solving adversarial attacks in computer vision as a baby version of general AI alignment
This is a cool paper. Quoting for visibility:
I spent the last few months trying to tackle the problem of adversarial attacks in computer vision from the ground up. The results of this effort are written up in our new paper Ensemble everything everywhere: Multi-scale aggregation for adversarial robustness (explainer on X/Twitter). Taking inspiration from biology, we reached state-of-the-art or above state-of-the-art robustness at 100x – 1000x less compute, got human-understandable interpretability for free, turned classifiers into generators, and designed transferable adversarial attacks on closed-source (v)LLMs such as GPT-4 or Claude 3. I strongly believe that there is a compelling case for devoting serious attention to solving the problem of adversarial robustness in computer vision, and I try to draw an analogy to the alignment of general AI systems here.

lc 3 Nov 2025 14:06 UTC
15 points
0
on: An Opinionated Guide to Privacy Despite Authoritarianism
The best privacy/security guide I am aware of is Michael Bazzells book. Michael Bazzell is a former computer crimes investigator, and his methods are red teamed at least in the sense that he works with e.g. people with extremely determined stalkers. Some things that book goes over that this doesn’t:
- How to buy your home/car/P.O. box with LLCs and keep them out of your name, how to get a SIM card not tied to you personally.
- The who/what/where of how your personal information (incl. address, phone number, etc.) gets collected in the first place, and ends up in public databases (which of course the government also leverages). What you can do about data already there, to the extent that you can do something.
- (For people in really advanced situations) How to disinform in a way that actually works & ends up poisoning records, for example by taking up an electricity bill inside a building you don’t own.
Obviously the government has capabilities that private individuals don’t, so maybe the threat model here is different. For the most part though I would say that peoples’ biggest privacy/security risk is that there are infinity public databases with all of their personal information, and anybody with a credit card can pull up their address. Stopping the inflow to those should be priority #1 and the solution isn’t even really that digital, it’s just arcane legal procedures.

lc 30 Oct 2025 17:46 UTC
24 points
0
in reply to: peterbarnett’s comment on: AISLE discovered three new OpenSSL vulnerabilities
Two of the bugs AISLE highlighted are memory corruption primitives. They could be used in certain situations to crash a program that was running OpenSSL (like a web server), which is a denial of service risk. Because of modern compiler safety techniques, they can’t on their own be used to access data or run code, but they’re still concerning because it sometimes turns out to be possible to chain primitives like these into more dangerous exploits.
The third bug is a “timing side-channel bug” with a particular opt-in certificate algorithm that OpenSSL provides, when used on ARM architectures. It’s a pretty niche circumstance but it does look legitimate to me. The only way to know if it’s exploitable would be to try to build some kind of a PoC.
OpenSSL is a very hardened target, and lots of security researchers look at it. Any security-relevant bugs found on OpenSSL are pretty impressive.
What links here?
- Mo Putera's comment on Mo Putera’s Shortform by Mo Putera (4 Nov 2025 12:47 UTC; 16 points)

lc 30 Oct 2025 16:49 UTC
19 points
0
on: AISLE discovered three new OpenSSL vulnerabilities
I don’t know if OpenSSL actually goes through the process of minting CVEs for a lot of the security problems they patch, so this may sound more impressive than it is. My company has reported several similar memory corruption primitives to OpenSSL in the last month found by our scanner and I’m not sure if we ever got any CVEs for it.
Because AI security startups are trying to attract media attention, they have a habit of crediting findings to an AI when they actually involved a bunch of human effort—especially when their tools are not publicly available. You should be healthily skeptical of anything startups report on their own. For a practitioner’s perspective on the state of security scanning, there was a blog post posted last month that provided a good independent overview at the time: https://joshua.hu/llm-engineer-review-sast-security-ai-tools-pentesters^[1]
1. ^
  Full disclosure: we’ve since hired this guy, but we only reached out to him after he posted this blog.
What links here?
- Mikhail Samin's comment on AISLE discovered three new OpenSSL vulnerabilities by Jan_Kulveit (30 Oct 2025 18:55 UTC; 6 points)

lc 27 Oct 2025 15:47 UTC
29 points
41
in reply to: 1a3orn’s comment on: 1a3orn’s Shortform
As a rationalist I also strongly dislike subtweeting

lc 20 Oct 2025 16:35 UTC
3 points
0
on: Cheap Labour Everywhere
One small thing I noticed when living in India is how the escalators would stop moving when people got off them, just to save a little power.

lc 19 Oct 2025 18:23 UTC
9 points
2
in reply to: Vladimir_Nesov’s comment on: lc’s Shortform
As soon as you convincingly argue that there is an underestimation, it goes away
It’s not a belief. It’s an entire cognitive profile that affects how they relate to and interact with other people, and the wrong beliefs are adaptive. For nice people, treating other people you know as nice-until-proven-evil opens up a much wider spectrum of cooperative interactions. For evil people, genuinely believing the people around you are just as self-interested gives you a bit more cover to be self-interested too.
What links here?
- Vladimir_Nesov's comment on Shortform by lc (19 Oct 2025 19:49 UTC; 3 points)

lc 19 Oct 2025 2:00 UTC
59 points
52
on: lc’s Shortform
Bad people underestimate how nice some people are and nice people underestimate how bad some people are.

lc 11 Oct 2025 2:31 UTC
10 points
−4
in reply to: Daniel Kokotajlo’s comment on: Daniel Kokotajlo’s Shortform
You left out the best part:
“Nishin,” you say. “Nobody is accepting your romantic overtures because of Twitter. Nobody is granting you power. Nobody is offering you mon(ey).”

lc 7 Oct 2025 2:12 UTC
104 points
73
in reply to: abramdemski’s comment on: abramdemski’s Shortform
Even if this rumor isn’t true, it is strikingly plausible and worrying

lc 30 Sep 2025 15:33 UTC
8 points
8
on: On Dwarkesh Patel’s Podcast With Richard Sutton
Obviously the training data of LLMs contains more than human dialogue, so the claim that the pretrained LLMs are “strictly imitating humans” is clearly false. I don’t know why this was never brought up.

lc 26 Sep 2025 23:23 UTC
81 points
27
on: lc’s Shortform
The background of the Stanislav Petrov incident is literally one of the dumbest and most insane things I have ever read (attached screenshot below):

lc 15 Sep 2025 4:34 UTC
7 points
0
in reply to: Ben Pace’s comment on: lc’s Shortform
The purpose of these audits is not generally to verify with certainty that you’re doing everything you say. That would be very hard, maybe impossible. Mostly you fill out a form saying you’re doing X. If it turns out later after a breach you weren’t doing the stuff you claimed to do during the audit, you’re sued.
We’re doing a PoC right now for a company with >400,000 employees. I am not their security team, and we haven’t sold yet, but on our end everything we’ve run into is normal procurement BS. The main thing that happens as you start to sell to larger customers is that you have to fill out a lot of forms saying your product does not use slave labor and such.

lc 15 Sep 2025 4:29 UTC
8 points
0
in reply to: Max H’s comment on: lc’s Shortform
There is no such thing as directionally correct. The tweet says “If you use Crowdstrike, your auditor checks a single line and moves on. If you use anything else, your auditor opens up an expensive new Chapter of his book.” This is literally and unambiguously false. No security/compliance standard—public or private—requires additional labor or verification procedures for non-Crowdstrike EDR alternatives. The steps to pass an audit are the same no matter what solution you’re using for EDR. Further, as a vendor, there is a very low ceiling for supporting most of the evidence collection required for any of the standards you cite, even at large scale. Allowing your users to collect such evidence (often, just screenshotting a stats page) is not nearly the largest barrier to entry for new incumbents in Crowdstrike’s space.
Further, the larger implication of the above tweet is that companies use Crowdstrike because of regulatory failure, and this is also simply untrue. There are lots of reasons people sort of unthinkingly go with the name brand option in security, but that’s a normal enterprise software thing and not anything specific to compliance.

lc 12 Sep 2025 19:08 UTC
44 points
6
in reply to: Ben Pace’s comment on: lc’s Shortform
It’s not the tweets, it’s the retweets. People’s tweets on Twitter are usually not that bad. Their retweets, and, for slightly crazier people, their quote tweets are what contain the bizarre mischaracterizations, because they’re the pulls from the top of the attention-seeking crab bucket.
I run a company that sells security software to large enterprises. I remember seeing this (since deleted) post Eliezer retweeted last year during the Crowdstrike blue screen incident, and thinking: “Am I crazy? What on earth is this guy talking about?”
The audit requirements Mark is talking about don’t exist. He just completely made them up. ChatGPT’s explanation here is correct; even if you’re selling to the federal government^[1], there’s no “fast track” for big names like Crowdstrike. At absolute maximum your auditor is going to ask for evidence that you use some IDS solution, and you’ll have to gather the same evidence no matter what solution you’re using.
Now, Yudkowsky is not a mendacious person, and he isn’t going to pump misinfo into the ether himself. But naturally if anybody goes on Twitter long enough they’re gonna see stuff like this, and it will just feel plausible to you. It will pass whatever cogsec antimalware blacklists & heuristics you’ve developed for assessing the credibility of things on the internet.
Probably because, like, if you overheard this kind of thing at a party, it would be credible! It’s only on this platform, where people are literally stepping over one another to concoct absurd lies for attention, where people are additionally incentivized to present as having personal expertise in the lie to go slightly more viral, and then an algorithm is selectively boosting the people that do that well enough and effectively enough to the top of your feed, that you encounter this nonsense. And then it goes into your world model, and the next time you see someone claim some crazy thing about how the food industry is in cahoots with Big Chicken you’re more likely to believe it, etc. etc.
1. ^
  And the vast majority of software companies, to be clear, don’t have to do anything like FedRAMP. The largest and most ubiquitous compliance frameworks, like SOC2 or ISO 27001, are self-imposed standards maintained by nonprofits like the AICPA and have nothing to do with the government.

lc 12 Sep 2025 1:40 UTC
43 points
8
in reply to: AnnaJo’s comment on: lc’s Shortform
This framing underplays the degree to which the site is designed to produce misleading propaganda. The primary content creators are people who literally do that as a full time job.
Like, I’ll show you a common pattern of how it happens. It’s an extremely unfortunate example because a person involved has just died, but it’s the first one I found, and I feel like it’s representative of how political discourse happens on the platform:
First I’ll explain what’s actually misleading about this so I can make my broader point. The quote tweeted account, “Right Angle News Network”, reports that “The official black lives matter account has posted a video stating that black people ‘have a right to violence’ amid… the slaying of Iryna Zarutska”. The tweet is designed so that, while technically correct, it appears to be saying the video is about Iryna’s murder. But actually:
- The video the account posted is taken from a movie made forty years ago.
- The account doesn’t reference the murder at all. The only connection that the post has to the murder is that it was made a few days after it happened, which I guess means that it was posted “amid” the murder.
As is typical, the agitator’s tweet (which was carefully designed not to be an explicit lie), is then “quote tweeted” and rephrased by a larger account, who attempts to package the message for more virality. In this case the person just says “Official Black Lives Matter account justifying the murder of Iryna Zarutska”. But that’s not actually established at all! The quote tweeter is just reading a certainty into a tweet that was deliberately engineered to be misread.
This pattern happens everywhere, for every socially charged topic, on every side. “Your enemies are saying X horrible shit” is possibly the most common form of slander on Twitter. It happens especially often when people are posting about stuff that happens on other platforms, because there it’s extremely easy to lack context or mislead people about what’s going on.

lc 12 Sep 2025 1:07 UTC
11 points
2
in reply to: Joseph Miller’s comment on: lc’s Shortform
Only inasmuch he’s a proof-by-example. By that I mean he’s one of the most earnest/truthseeking users I found when I was still using the platform, and yet he still manages to retweet things outside his domain of expertise that are either extraordinarily misleading or literally, factually incorrect—and I think if you sat him down and prompted him to think about the individual cases he would probably notice why, he just doesn’t because the platform isn’t conducive to that kind of deliberate thought.

lc 11 Sep 2025 21:22 UTC
93 points
67
on: lc’s Shortform
I don’t think it’s possible for mere mortals to use Twitter for news about politics or current events and not go a little crazy. At least, I have yet to find a Twitter user who regularly or irregularly talks about these things, and fails to boost obvious misinformation every once in a while. It doesn’t matter what IQ they have or how rational they were in 2005; Twitter is just too chock full of lies, mischaracterizations, telephone games, and endless, endless, endless malicious selection effects, which by the time you’re done using it are designed to appeal to whichever reader in particular you are. It’s just impossible to use the site as people normally do and also practice the necessary skepticism about each individual post one is reading.

lc 9 Sep 2025 19:12 UTC
37 points
25
in reply to: Richard_Ngo’s comment on: ricraz’s Shortform
More generally, leftists profess many values which are upheld the most by western civilization (e.g. support for sexual freedom, women’s rights, anti-racism, etc). But then in conflicts they often side specifically against western civilization. This seems like a straightforward example of pessimization.
Not at all. The trend is that in any given context, American leftists tend to support the ‘weaker’ group against the stronger group, regardless of the merits of the individual cases. They have a world model that says that that most social problems come from “big” people hurting “little” people, and believe the focus of their politics should be remedying this. In the case of Israel-Palestine, Israel and the United States are much more militarily and economically powerful than Gaza, so ceteris paribus^[1] they side with Gaza, just as they side with women, ethnic minorities, the poor, etc. You may disagree with this behavior but it’s fairly consistent.
By contrast, the argument that Israel is a bastion of western values and therefore leftists should support its war against a smaller neighbor is kind of abstract. The immediate outcome of Israel winning the war is just that Israel gets stronger, not that women in Gaza become more free. There’s also a thing there about Gazans being brown and Israelis not, etc...
None of this has anything to do with liberals pessimizing their own values, and it feels like you must have a blind spot somewhere if you’re reaching for that explanation when there’s a much simpler and more obvious one readily available.
1. ^
  Liberals’ protests in support of Palestine are additionally amplified as a result of a media diet that drip feeds them an artificially strong amount of Israeli war crimes, instead of western liberal hysteria.

lc 9 Sep 2025 2:02 UTC
6 points
0
in reply to: testingthewaters’s comment on: ricraz’s Shortform
I seriously doubt Richard recommends any of the regimes/interventions you actually argue against here.