Wild. There are 300 open Github issues. One of them is this (also AI generated) security report: https://github.com/clawdbot/clawdbot/issues/1796 claiming findings of hundreds of high-risk issues, including examples of hard coded, unencrypted OAuth credentials.
I skipped over the first few ones and haven't seen critical ones. The hardcoded oauth client secrets is basically present in any open-source or commercial app that is distributed to end users. It doesn't break the security of end users. It mainly allows other apps to impersonate this app, i.e. present itself as clawdbot, which is a moot point given anyone can just change /inject code into it.
If you read the PR, the bad issues are in a few extensions, not the bot itself. The unencrypted oAuth token isn't really a big deal. It should be fixed but its a "if this box is compromised" type thing. Given the nature of clawdbot, you are probably throwing it on a random computer/vps you don't really care about (I hope) without access to anything critical.
You're talking about if a box is compromised, but to clarify, this is hard coded into the source in the repo, not an end-user's credentials (and it's a `client_id` and `client_secret`, not a token): https://github.com/clawdbot/clawdbot/blob/7187c3d06765c9d3a7...
You know, as the rest of us do, that someone has already thrown it loose in the same place where they store their banking information. Oh well, lessons will be learned about containers.
Not happy. I recently purchased the whole suite and now not only is it now free (didn't need to purchase it), but it's no longer even what I want. And it doesn't work on iPad until they finish whatever rewrite, when cross-platform + apple pencil niceness was a huge draw.
Sure, it's free -- but it's no longer the same product with the same priorities.
I don't feel like they owe me a refund in principle, at the end of the day I paid for subscription-free software and they delivered it, and I'm happy to do that exchange. I just don't like the changes and the future direction and that I won't be receiving updates to the one I'm currently using.
Not all rewriting and not all summarization is the same, and the surprising part is that it often makes it seem more legitimate. There's no reason, for example, that it couldn't rephrase it in a way that conveys it as suspicious.
I highly, highly doubt we've reached the level of AI safety required to make it a good idea to replace (or even just supplement) caregivers for children. Nobody has truly solved the safety problems with AI yet, just doing the best they can--seems like a terrible idea to put that in direct intimate access of emotionally vulnerable children. We've already passed the threshold of AI suggesting to testers to commit suicide[0], and the bar has been raised to actual users being told that[1] and someone reportedly following through.[2]
Seems like a variation of https://en.wikipedia.org/wiki/The_Million_Dollar_Homepage but yearly instead of one-time payments. The Million Dollar Homepage had a sort of early-internet novelty vibe to it, but beyond that I don't get the practicality of this kind of thing. Okay so it's a billboard...who drives traffic to it? Who looks at the billboard other than once or twice to see if they want to rent their own space?
Not all ML is built on neural nets. Genetic programming and symbolic regression is fun because the resulting model is just code, and software devs know how to read code.
Symbolic regression has the same failure mode; the reasons why the model failed can be explained in a more digestible way, but the actual truth of what happened is fundamentally similar -- some coefficient was off by some amount and/or some monomial beat out another in some optimization process.
At least with symbolic regression you can treat the model as an analyzable entity from first principles theories. But that's not really particularly relevant to most failure modes in practice, which usually boil down to either missing some qualitative change such as a bifurcation or else just parameters being off by a bit. Or a little bit of A and a little bit of B.
Genetic programming however isn’t machine learning, but instead it’s an AI algorithm. An extremely interesting one as well! It was fun to have my eyes opened after being taught genetic algorithms, to then be brought into genetic programming
Interestingly, you could accomplish a similar thing with GraphQL if the frontend uses the type introspection GraphQL provides and the backend graphql schema implements HATEOAS-like principles to let the frontend become a UI that's agnostic to different backends. That might not be how most GraphQL implementations are used, but it's kind of a cool pattern.
We didn't use GraphQL, but in my last company that was essentially what we did - every API call returned schema information about the parts of the model the current user had access to, with detailed type information and which validations to apply, and metadata that affected presentation, and the frontend built a UI from that.
We then let designers/frontend devs override that on a case by case basis instead of building from scratch, and where possible tried to roll that into the generic UI as components triggered by specific metadata from the backend. It was not entirely agnostic, but it was largely driven by metadata from the backend, so e.g. schema changes rarely needed much, if any, UI work unless they fundamentally changed how the page worked.
The types are no less protectable by authorization policies than the data, although authorization is hard to get right anyways, all else the same this architecture doesn't worsen it much--perhaps just less reverse engineering required to exploit vulnerabilities you already had.
In Django I had code in every view ensuring that the user was not accessing another user's data. If I create an abstraction like a utility function or "model manager" to handle this, I have to remember to call it from every view. In Graphene, this logic would be in a resolver which is used across multiple views.
If serving up metadata about what the site already makes accessible via the API will get their data stolen, then the actual problem is they're not applying access controls to the data, not the introspection.
