found the original post! https://mastodon.social/@kennwhite/112290497758846218 the prompt to make them execute code is incredibly basic. no idea right now if the exploit is in the chatbot framework or the model itself though
oh shit, somehow I figured you knew already! I’ll skim through my browser history and masto boosts and see if I can find one of the articles
last week there were a couple of articles about how easy it is to craft an input that makes public chatgpt bots execute scripts (usually as root) on their hosting containers, which is almost definitely the result of a module like that being implemented for better programming-related results (aka fucking cheating), so this is very likely already happening
tired: stealing hundreds of dollars of electricity to mine hundreds of pennies in crypto
wired: spiking some project manager’s OpenAI bill to unsustainable levels by having their chatbot generate the worst nonsense ever experienced by a human
Prabhakar’s mask falls off and it’s Vlad from Kagi
and then he trips and falls over and we find out Vlad’s just 3 small Peters Thiel in an overcoat
my new gimmick for the occasions I have to post on the orange site is seeing how many question marks I can add to my thread titles and comments before I get shadowbanned
Edit 2: since there's no consensus on this I'm just going to reify that fact via the trailing-question-mark trick and call it a day.
Since killing != killed, your comment already shows that the title is misleading.
(That has a beneficial side effect btw: not having my own opinion about a story makes it easier to not moderate according to my own opinion. I still do that, or try my best to, even when I do have an opinion—but it takes more ATP.)
danny, please log the fuck off
imagine if your posts here meant anything
wow, the fucking bitterness in that thread as the site for clever hackers gets taken down by a really basic spam attack and doesn’t have even obvious mitigations in place (like a signup queue, one of the few anti-spam measures Lemmy implements)
I keep saying this, but the only thing I’ve seen the orange site’s anti-spam mechanisms consistently do is silence marginalized folks and anyone who tries to speak up for them. those mechanisms are fucking terrible at actually handling any volume of real spam, but in spite of what dang and company claim, they’re not really meant to deal with spam at all.
probably! I was a weird shithead at 19 too, though fortunately not this particular strain of weird shithead
this is the fastest I’ve ever seen a project of this size (including all the specs and papers associated with it) get renamed
the inputs required to cause this are so basic, I really want to dig in and find out if this is a stupid attempt to make the LLM better at evaluating code (by doing a lazy match on the input for “evaluate” and using the LLM to guess the language) or intern-level bad code in the frameworks that integrate the LLM with the hosting websites. both paths are pretty fucking embarrassing mistakes for supposedly world-class researchers to make, though the first option points to a pretty hilarious amount of cheating going on when LLMs are supposedly evaluating and analyzing code in-model.