The article author and the uploader should _BOTH_ be sentient enough to engage brain and not just ignore it because they feel "it's an abstract concept I'd not get in trouble for when not working in the US or EU".

I... There are parts of the world where certain developers don't understand the way the west tends to work with regard to copyright, or not blindly copying anything that is out there.

This however is a very, VERY poor situation when you end up placing your employer at risk because you think copyright doesn't matter and everything on the internet is fair game.

This is probably the most polite way I would describe this to most, UG. For the rest, jus stop acting like cheating through a situation to get a step up is the norm, it's just dirty behaviour.

> I... There are parts of the world where certain developers don't understand the way the west tends to work with regard to copyright

Yes, like USA. Copyright, and laws in general, are for you but not for me.

Just for reference, teams is not an astounding success it's forced on the workforce by management who want to pay less. It's a classic management square peg into workforce round hole.

Yes I understand sometimes something is better than nothing but teams is _so_ bad it causes user communities to fracture when they would previously congregate on the same platform.

Sure if deployed correctly and not by ape sysadmins with a thump of "deny everything in terms of security" I'm sure teams is a reasonable product, but in the real world, no, it's a nightmare.

And finally we reach the point where you're not shot for explaining if you invest in ownership after everything is over you have something left that has intrinsic value regardless of what you were doing with it.

Otherwise, well just like that gym membership, you get out what you put into it...

I think this is akin to x% of the worker ants doing all the work. Once you get to a big enough scale and have to delegate I'm sure every company hits this.

I just wish we didn't have to rely on hiring 100 on paper workers for 5 excellent people committed to the company...

Which when it leads to abuse it's saving face and when it's incompetence it's saving face.

For a competent doctor it's used too let a patient know they're doing their job and an acknowledgement of symptoms.

Unfortunately to a _lot_ of the field "catch-all" "diagnoses" (in intentionally separating these labels). It's the same as diagnosing someone with chronic fatigue. It's diagnosing via exclusion.

The difference between chronic fatigue and brain disorders being that you're more likely to get someone looking to make a "name for themselves" diagnosing or curing the latter vs the former...

This is basically just a rehash of "trained" DNN are a function which is strongly dependent on the initialization parameters. (Easily provable)

It would be awesome to have a way of finding them in advance but this is also just a case of avoid pure DNNs due to their strong reliance on initialization parameters.

Looking at transformers by comparison you see a much much weaker dependence of the model on the input initial parameters. Does this mean the model is better or worse at learning or just more stable?

This is an interesting insight I hadn’t thought much about before. Reminds me a bit of some of the mechanistic interpretability work that looked at branch specialization in CNNs and found that architectures which had built in branches tended to have those branches specialize in a way that was consistent across multiple training runs [1]. Maybe the multi-headed and branching nature of transformers adds and inductive bias that is useful for stable training over larger scales.

[1] https://distill.pub/2020/circuits/branch-specialization/

1) routing (mis-)config problem - key of remote exploit. This should always be something people double check if they don't understand how it works.

2) hard-coded secrets - this is just against best practice. don't do this _ever_ there's a reason secure enclaves exist, not working it into your workflow is only permissible if you're working with black-box proprietary tools.

3) hidden user - this is again against best practice allowing for feature creep via permissions creep. If you need privileged hidden remote accessible accounts at least restrict access and log _everything_.

4) ssrf - bad but should be isolated so is much less of an issue. technically against best practices again, but widely done in production.

5) use of python eval in production - no, no, no, no, never, _ever_ do this. this is just asking for problems for anything tied to remote agents unless the point of the tool is shell replication.

6) static aes keys / blindly relying on encryption to indicate trusted origin - see bug2, also don't use encryption as origin verification if the client may do _bad_ things

parsing that was... well... yeah, I can see why that turned into a mess, the main thing missing is a high-level clear picture of the situation vs a teardown of multiple bugs and a brain dump

>if they don't understand how it works.

The problem quite often is they think they know how it works, Dunning-Kruger effect and all.

Outside the realm of the testable isn't worth discussing to experimentalists so might as well be a non quantifiable field.

Although sociology is perfectly quantifiable and measurable. Even though arguably the underlying relationships between the measurements are extremely difficult to extract.

A better example is pure philosophy and maths rather than sociology to particle theory. But then again, nobody ever accused QFT of being too simple, so maybe I'm arguing against my own point there.