Their infotaiment uses a customized Debian distro. On a Model S you could easily get a shell into it, because they used a freaking SSH with a password-based authentication over Ethernet to connect from the instrument cluster to the computer in the central console.
This is a gist created 1 hour ago. No proof of the attack vector. What's the point of posting a private key?
Also, so what if they used Debian? Linux is used on everything. Debian has multiple licenses, it also has BSD3 and others to choose from: https://www.debian.org/legal/licenses/
In case anybody wants it. I can do a more detailed writeup about hacking into my Tesla, but I'm not particularly interested in that. In short, I bought an Tesla instrument cluster on eBay and dumped the NAND chips from it.
They use plenty of GPL software there, including the Linux kernel itself.
Ok, you seem to be implying that just the use of GPL software necessitates the open sourcing of anything you build on it or with it. If that were the case, then all of AWS would be open sourced and all of the server backends built on Ubuntu clusters would have to be open sourced.
As far as I understand, its only "derivative" works that must be open sourced. Not merely building a software program or hardware device on top of a Debian OS. Tesla's control console is hardly a derivative work.
Eh, if they were being compliant and merely building modules ontop of and called by BusyBox, they could get away with Mere Aggregation [0]*, but from a little looking around it looks like they were called out years ago for distributing modified BusyBox binaries without acknowledgement [1] and promised to work with the Software Conservancy to get in compliance. [2]
*but I would argue (a judge would be the only one to say with certainty) that Tesla does not provide an infotainment application "alongside" a linux host to run it on, they deliver a single product to the end user of which Debian/BusyBox/whatever is a significant constituent.
(P.S. to cyberax: if you can demonstrate that Tesla is still shipping modified binaries as in [1] I think it would make a worthwhile update to the saga.)
> I would say it is trust worthy because if it were found to be gamed then Anthropic’s reputation would crater.
But on the other hand, how would we found out that they've gamed the numbers, if they were gamed? Unless you work at Anthropic and have abnormally high ethics/morals, or otherwise private insight into their business, sounds like we wouldn't be able to find out regardless.
I tend to agree that ? looks like "if then" when what we really want is some sort of coalescing, or "if not then".
foo ?? { bar }
foo ?/ { bar }
foo ?: { bar }
foo ?> { bar }
foo ||> { bar }
Im not sure I like the idea at all though. It seems like a hack around a pretty explicit design choice. Although I do tend to agree the error handling boilerplate is kind of annoying.
It's all a matter of degree. Even in deterministic systems, bit flipping happens. Rarely, but it does. You don't throw out computers as a whole because of this phenomena, do you? You just assess the risk and determine if the scenario you care about sits above or below the threshold.
My point is that your confidence level depends on your task. There are many tasks for which I'll require ECC. There are other tasks where an LLM is sufficient. Just like there are some tasks where dropped packets aren't a big deal and others where it is absolutely unacceptable.
If you don't understand the tolerance of your scenario, then all this talk about LLM unreliability is wasted. You need to spend time understanding your requirements first.
You generally cannot know because we don't measure for it? Especially not on personal computers, maybe ECC ram reports this information in some way?
In practice I think it happens often enough, and I remember a blackhat conference talk from around a decade ago where the hacker squatted typoed variants of the domain of a popular facebook game, and caught requests from real end users. Basing his attack on the random chance of bitflips during dns lookups.
Several large companies could benefit from ignoring GenAI. Unfortunately, "benefit" would only mean "save money and produce better products for customers" instead of "make stock price go up".
Instead, all of these companies are effectively forced to play hype ball.
All current LLMs openly make simple mistakes that are completely incompatible with true "reasoning" (in the sense any human would have used that term years ago).
If you showed the raw output of, say, QwQ-32 to any engineer from 10 years ago, I suspect they would be astonished to hear that this doesn't count as "true reasoning".
