Mastodon Feed: Posts

Boosted by jwz:
johl@mastodon.xyz ("Jens Ohlig") wrote:

„By Wednesday morning, Anthropic representatives had used a copyright takedown request to force the removal of more than 8,000 copies and adaptations of the raw Claude Code instructions—known as source code—that developers had shared on programming platform GitHub.“

Because if there’s one thing GenAI companies absolutely don’t take lightly, it’s copyright.

https://www.wsj.com/tech/ai/anthropic-races-to-contain-leak-of-code-behind-claude-ai-agent-4bc5acc7

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

@glyph You just said you don't measure your guardrails!

glyph ("Glyph") wrote:

@aredridel and… I do? I may be unfairly assuming you know anything about my previous body of work but I assure you I do a lot of that sort of thing

glyph ("Glyph") wrote:

@aredridel like, "unreleased product info" is _one_ of the things here, but the prompt is quite explicit about being deceptive about being an AI tool at all.

glyph ("Glyph") wrote:

@aredridel In the prompt under discussion here, "generated with claude code" is included in the list of things not to include, which is not an unreleased product name.

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

@glyph So what's going on in Claude (which fwiw I do not use) is a lot of "don't expose unreleased product info”

Not _great_ mind you but that's a lot of the context for what's going on there.

dysfun@treehouse.systems ("gaytabase") wrote:

has anybody heard from @davidgerard today? i'm really worried he might have laughed his ass off on the floor rolling to death.

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

@glyph I measure, if informally, how often we have problems, and we talk about mitigations.

You can, in fact, check.

glyph ("Glyph") wrote:

@aredridel Treating LLMs differently here is not a double standard, it's just a standard. They're new, they're different, but most of all, if labeling weren't a big deal *why try to hide it in the first place*?

glyph ("Glyph") wrote:

@aredridel

> Are you measuring your guardrails?

Of course not. Nobody is. The resources do not exist in the software industry, let alone in volunteer open source, to do this adequately. Which is why we rely on good faith.

> do you require any unsafe practice to be labeled? Or just LLMs?

Just LLMs. First, because LLMs are novel and unique.

Second, here we're not even talking about a labeling *requirement* yet, we're talking about *active deception*.

Boosted by jwz:
fasterandworse@hci.social ("Stephen Farrugia") wrote:

@misty also note that Apple have dark-patterned this update below the fold that doesn't appear to be there

Attachments:

• video: video screen recording of ios software update screen showing a full height update for IOS 26 and a non-obvious extra scroll reveals an "also available" update for the ios 18.7.7 security update

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

@glyph Right. Are you measuring your guardrails?

And: do you require any unsafe practice to be labeled? Or just LLMs?

That's the thing. My fundamental argument here is that _these are tools_. Sometimes that's relevant, sometimes that's not.

glyph ("Glyph") wrote:

@aredridel This is the same logic as "if you don't want to have segfaults in your C code, just check more carefully. why did you put the bugs in, if you don't want bugs?"

No process is perfect, nothing can catch everything. Guard rails are important but you aren't supposed to start *driving on the guard rails* all the time. Step zero here is honest and accurate labeling of one's methods. Which is what this thread is about: inherent, structural, software-supported dishonesty

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

@glyph Right. So _if the PR is bad, reject it_.

If it's not, don't.

And if you didn't check WHY NOT?

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

@glyph Yep. _but relying on implicit things is tricky_. Acknowledging it explicitly is a start, but now we need to look at the system.

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

@glyph Yes, though I disagree with parts of it: it's changed the system and now we're dealing with the bottlenecks appearing in new places. Not always good ones!

But I don't think this is a change in kind. It's moved the problem in _really familiar_ ways to me, actually. It's what happens when you unleash people on a codebase who don't care for others, who offload work. You can rein that in, but you need feedback in the system to do it.

glyph ("Glyph") wrote:

@aredridel The human being sitting there typing the code out with their fingers was an *implied* initial check on the process—arguably the largest one by far—which you've now thrown out in favor of someone hitting '1 1 1 1 2' in a Claude Code loop, putting a _far_ more load-bearing role onto the existing CI and the code reviewer. More importantly, in this context, it has been thrown out *implicitly* by an Anthropic employee testing a *beta* version of the model

baldur@toot.cafe ("Baldur Bjarnason") wrote:

RE: https://toot.cafe/@baldur/116330178975566449

I'm doing both a sale and an experiment.

Boosted by jwz:
straphanger@urbanists.social ("𝚃𝚊𝚛𝚊𝚜 𝙶𝚛𝚎𝚜𝚌𝚘𝚎 🚇") wrote:

"I hope gas goes up to eight bucks a gallon!"

It's 2026, and I've turned into Calvin's Dad.

There are worse fates, I guess...

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
philpem@digipres.club ("Phil M0OFX") wrote:

@realtegan @soatok The optimist in me wants to say the thought probably hadn't occurred to them. The cynical bit says they don't want to have the CEO in their face about raising awareness of what happens at the sales conference...

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
ariarhythmic@ohai.social ("Aria <3 :blobcattrans:") wrote:

@erincandescent @notthatdelta @soatok @FurryBeta It's a fucking job what the fuck

glyph ("Glyph") wrote:

@aredridel Here we have an established "engineering" process, i.e. code review and continuous integration, designed for catching defects and process failures from a good-faith production of code from humans with an understanding of the system under development. That process is then subjected to a new type of code generation, where a machine that *maximizes plausibility while minimizing effort*, is throwing much larger volumes of code against the same mechanism. That's not the same process!

glyph ("Glyph") wrote:

@aredridel There are scales where differences in degree _become_ differences in kind.

Consider a more closely related phenomenon. There are many tools to check C/C++ code for memory safety errors. And, unsafe Rust code may exhibit exactly the same unsafe behaviors. Yet, C/C++ code and Rust code are categorically different in terms of the level of memory safety one may expect them to provide.

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

@glyph I'm specifically arguing that it's the _exact same phenomenon writ larger_ (which is a meaningful difference!)

But it's a difference in amount not kind.

Either you build processes to check things ("do engineering") or you don't (“vibes”)

glyph ("Glyph") wrote:

@aredridel you are technically correct here (and indeed any automated tool with repeated human interaction my provoke _some_ measure of vigilance decay, one could argue that "flaky tests" cause it too) but I feel like you're talking past the actual argument here.

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

@glyph Actually search and replace _does_ do that and in fact I was bit by vigilance decay in a search and replace problem literally yesterday. the comparison was intended.

glyph ("Glyph") wrote:

@aredridel "search and replace" is not a fair comparison because search and replace does *not* cause vigilance decay, or risk of unknowing copyright infringement, etc. in the same way that "raw milk" and "grass fed" are just like… completely different disclosures with different consequential implications

glyph ("Glyph") wrote:

@aredridel "raw milk" isn't ingredients either, the difference is one of process, which is why I used it as an example. Raw milk contamination is more likely because the processes to keep it safe are harder to follow, require more continuous diligence on the part of the operators of that process, and thus contribute to more frequent failures. LLM output is exactly the same: it provokes vigilance decay.

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

@glyph Yeah, I disagree. Code isn't ingredients and it's not “contamination" any more than you should label “I used search and replace on this”

What you want to know is whether it was well engineered or not.

And in fact, this is almost entirely orthogonal to "safety”. This is an engineering product. The safety comes from processes and whether or not _anyone checked the work done was right_, not the inputs.

glyph ("Glyph") wrote:

@aredridel @aral I really can’t agree with this, because it’s a question of accurate labeling not of “responsibility” or “authorship”. co-authored-by is perhaps the wrong method for labeling such things, but consider raw milk. ultimately, it is indeed the producer’s responsibility to ensure their product is free of contamination. but disclosure of its method of production is explicitly the kind of requirement that allows consumers of said product to make safe choices