Funny, I am european and i never have used Whatsapp, and i can comunicate with everybody i need. There's also good old sms, that i think all phones still use. Anyway, doesn't he know how to make a simple phone call? Why are all comunications restricted to Whatsapp?
For the ZX81 there was almost none programs! I could get a chess and a flight simulator (1kb Ram), the rest i used to get from printed magazines. But for later with the Spectrum the double deck tape player was a must! We would go to the local shop and buy one game, when home, duplicate it then return it saying that it didn't load well. want another and pick a different one and so on...
> and manpower to repair it and use it are available everywhere
So why each time i announce myself as working with computers, there is always someone that approaches me saying "great, i have a problem with my computer, can you ..."? I just make them stop and ask "Are you talking about Windows?", and when the answer is affirmative i just say "Sorry, I only work on Linux." and they go "What is that?", lol, i would like you to see their faces when i say "It's a professional system!" and leave. :)
I think you do know the answer, and are just being coy.
In case you don't: The products that people report problems with are the products that people actually use frequently. When "Linux as daily driver" market share is the same order of magnitude as Windows, then such observations will tell us something about the two systems' relative usability.
It has a freepascal/lazarus project file, so it can be compiled for a lot of platforms, i don't about midi drivers on those platforms, so midi could not work or need more code.
Pascal! So that’s how the comment above about a “refreshing” lightness in code size was achieved.
It’s pretty consistent these days that when some indie / hobby app appears and is lightweight, there’s a very decent chance it’s Delphi, Free Pascal, or similar. A bit of a secret weapon in the Electron age.
How about applying this kind of surveillance to the government? After all we are paying for them to rules us, so why not publish all government, politicians, law enforcement, military messages for everyone to read? Why everybody must be treated as a criminal, because they cant do their job of keeping us safe?
The principle says that information is non-confidential by default, rather than the other way around.
We can request almost any information held by government agencies, including copies of communication like email and documents.
One thing that has surprised European acquaintances is the fact that this includes government-held info about individuals, e.g. address and tax returns.
When I was in Sweden many years ago I was very surprised that you could just call a phone number and they would tell you the name and address of the person or company a vehicle license plate was registered to.
I thought that local LLMs means they run on local computers, without being exposed to the internet.
If an attacker can exploit a local LLM, means it already compromised you system and there are better things they can do than trick the LLM to get what they can get directly.
LLMs don't have any distinction between instructions & data. There's no "NX" bit. So if you use a local LLM to process attacker-controlled data, it can contain malicious instructions. This is what Simon Willson's "prompt injection" means: attackers can inject a prompt via the data input. If the LLM can run commands (i.e. if it's an "agent") then prompt injection implies command execution.
>LLMs don't have any distinction between instructions & data
And this is why prompt injection really isn't a solvable problem on the LLM side. You can't do the equivalent of (grep -i "DROP TABLE" form_input). What you can do is not just blindly execute LLM generated code.
I guess if you were using the LLM to process data from your customers, e.g. categorise their emails, then this argument would hold that they might be more risky.
Agreed. Some of the big companies seem to be claiming that by going with ReallyBitCompany's AI you can do this safely, but you can't. Their models are harder to trick, but simply cannot be made safe.
Local LLMs may not be exposed to the internet, but if you want them to do something useful you're likely going to hook them up to an internet-accessing harness such as OpenCode or Claude Code or Codex CLI.
Yeah, that's fair. A good LLM (gpt-oss-20b, even some of the smaller Qwens) can be entirely useful offline. I've got good results from Mistral Small 3.2 offline on a flight helping write Python and JavaScript, for example.
Having Claude Code able to try out JSON APIs and pip install extra packages is a huge upgrade from that though!
> Local LLMs may not be exposed to the internet, but if you want them to do something useful you're likely going to hook them up to an internet-accessing harness such as OpenCode or Claude Code or Codex CLI.
is not "someone finding useful to have a local llm ingest internet content" - it was someone suggesting that nothing useful can be done without internet access.
I guess I don't read that how you do. It says you're likely to do that, which I take to mean that's a majority use case, not that it's the only use case.
Fair enough. Forgive my probably ignorance, but if Claude Code can be attacked like this, doesn’t that means that also foundation LLMs are vulnerable to this, and is not a local LLM thing?
It's not an LLM thing at all. Prompt injection has always been an attack against software that uses LLMs. LLMs on their own can't be attacked meaningfully (well, you can jailbreak them and trick them into telling you the recipe for meth but that's another issue entirely). A system that wraps an LLM with the ability for it to request tool calls like "run this in bash" is where this stuff gets dangerous.
yes and I think better local sandboxing can help out in this case, it’s something ive been thinking about a lot and more and more seems to be the right way to run these things
Welcome to corporate security. "If an attacker infiltrates our VPN and gets on the network with admin credentials and logs into a workstation..." Ya, no shit, thanks Mr Security manager, I will dispose of all of our laptops.
Yeah, I don't understand what the hosting environment of the LLM has to do with this. Seems like FUD from people with an interest in SaaS LLMs.
If you're leveraging an LLM that can receive arbitrary inputs from vetted sources, and allowing that same LLM to initiate actions that target your production environment, you are exposing yourself to the same risk regardless of whether the LLM itself is running on your servers or someone else's.
The only "secret trick" to play guitar that I know is practice, practice, practice. Nothing beats everyday practice, even it is for 10 minutes. Not even telling what you can achieve with 4 hours daily practice. The continuous interaction with your instrument, will make you learn that when you hear a sequence of musical notes, your fingers would naturally went to the correct position on the neck to reproduce it, even without thinking.
Agreed, and I slightly hesitated to use that phrase, but I do think the "sing and play" exercise is a uniquely good thing to practice, practice, practice. It just seems to really work to connect the part of your brain that comes up with melodies to the part of your brain that runs the fingers. YMMV, of course.
reply