I’ve seen several projects like this that offer a network server with access to these Apple models. The danger is when they expose that, even on a loop port, to every other application on your system, including the browser. Random webpages are now shipping with JavaScript that will post to that port. Same-origin restrictions will stop data flow back to the webpage, but that doesn’t stop them from issuing commands to make changes.
Some such projects use CORS to allow read back as well. I haven’t read Apfel’s code yet, but I’m registering the experiment before performing it.
They offer it as an option but default it to false! This is still a --footgun option but it’s the least unsafe version I’ve seen yet! Well done, Apfel authors.
FWIW this was the status quo (webpage could ping arbitrary ports but not read data, even with CORS protections) - but it is changing.
This is partially in response to https://localmess.github.io/ where Meta and Yandex pixel JS in websites would ping a localhost server run by their Android apps as a workaround to third-party cookie limits.
So things are getting better! But there was a scarily long time where a rogue JS script could try to blindly poke at localhost servers with crafty payloads, hoping to find a common vulnerability and gain RCE or trigger exfiltration of data via other channels. I wouldn't be surprised if this had been used in the wild.
There is a CORS preflight check for POST requests that don't use form-encoding. It would be somewhat surprising if these weren't using JSON (though it wouldn't be that surprising if they were parsing submitted JSON instead of actually checking the MIME-type which would probably be bad anwyay)
Isn't there a CORS preflight check for this? In most cases. I guess you could fashion an OG form to post form fields. But openai is probably a JSON body only.
The default scenario should be secure. If the local site sends permissive CORS headers bets may be off. I would need to check but https->http may be a blocker too even in that case. Unless the attack site is http.
I do not agree with your interpretation of copyright law. It does ban copies: there has to be information flow from the original to the copy for it to be a "copy." Spontaneous generation of the same content is often taken by the courts to be a sign that it's purely functional, derived from requirements by mathematical laws.
Patent law is different and doesn't rely on information flow in the same way.
Derivative works can also run afoul of copyright. An LLM trained on a corpus of copyrighted code is creating derivative works no matter how obscure the process is.
This actually isn't what legal precedent currently says. The precedent is currently looking at actual output, not models being tainted. If you think this is morally wrong, look into getting the laws changed (serious).
Judge Alsup --
U.S. District Judge William Alsup said Anthropic made "fair use" of books, deeming it "exceedingly transformative."
"Like any reader aspiring to be a writer, Anthropic's LLMs trained upon works not to race ahead and replicate or supplant them — but to turn a hard corner and create something different"
I disagree that information flow is required. Do you have a reference for that? Certainly it is an important consideration. But consider all the real literary works contained in the infinite library of babel.[1] Are they original works just because no copy was used to produce them?
The US FDA requires that schools not serve whole milk or any products containing normal and natural saturated fats, and instead serve “low fat” versions which literally remove the fats and replace them with sugar.
You say nobody is doing this, but all the subsidized meals for my kids do this.
Taking the cream out is (by some diet theories) bad. The fat in whole milk slows down the absorption of lactose, leading to a slower rise in blood glucose compared to skim milk. Whole milk is more satiating as well, because of the fat.
If you are trying to have some reasonable balance of fat, protein, and carbs in your diet, pushing kids from whole to skim milk is going to move the diet towards consuming more sugar/carbs, even if you have a seperate rule trying to tighten sugar consumption.
When you take a high satiety, high fat item, and replace it with a non-fat, low satiety item, you are in effect replacing fat with sugar, because you will eat/drink more of it to get same number of calories, and same amount of fullness.
Drink a glass of whole milk, then drink a cup of skim milk and tell me there is no difference. Try the same with full fat yogurt and non-fat yogurt. Big difference in satiety, but more importantly blood sugar response. Roughly the same amount of fat in a glass of whole milk as 1/4 pound burger.
>Big difference in satiety, but more importantly blood sugar response.
There is a negligible difference in glycemic index / glycemic load between the variations of M.F. milk products. Some analysis has skim milk as having a lower GI.
Unflavoured Milk is not relevant to the GI conversation.
I don't think anyone ( at least around me ) is drinking milk based drink twice as much just because they feel like they get less energy per drink from skimmed milk.
You are making an argument that people do so, do you have any evidence for this ?
Skim milk is not "low fat". It is fat free. In the US milk labeled as low fat is 1% or 2% milk fat (usually 2%). Whole milk is around 4%. Skim milk rounds to 0%.
Is it added deliberately or just concentrated as a side-effect? Say fat comprised, let me guess, 5% of whole milk volume. If you take away this 5% v/v component, now everything else in one liter of skim milk is 5% concentrated by comparison, unless they add water.
It's saying it's you give all your change away and then replace it with new money then you increase your bill value.
The meal does not get smaller. The meal has a calorie target, and the milkfat gets replaced with new food. And almost never will that new food be a chunk of lard, so it will increase the carb ratio.
>which literally remove the fats and replace them with sugar.
This is not accurate.
No they didn't "replace" the fats with sugar. There is a chocolate milk option, just as there was before, but all options need to be 1% or low M.F., which nutrition and medical science overwhelmingly supports.
Is chocolate milk not ideal? Of course. We all know that. They shouldn't serve it either.
A major difference is when we have to read and understand it because of a bug. Perhaps the LLM can help us find it! But abstraction provides a mental scaffold
I feel like "abstraction" is overloaded in many conversations.
Personally I love abstraction when it means "generalize these routines to a simple and elegant version". Even if it's harder to understand than a single instance it is worth the investment and gives far better understanding of the code and what it's doing.
But there's also abstraction meaning to make less understandable or more complex and I think LLMs operate this way. It takes a long time to understand code. Not because any single line of code is harder to understand but because they need to be understood in context.
I think part of this is in people misunderstanding elegance. It doesn't mean aesthetically pleasing, but to do something in a simple and efficient way. Yes, write it rough the first round but we should also strive for elegance. It more seems like we are just trying to get the first rough draft and move onto the next thing.
Having something that read everything I read and could talk with me about it, help remember things and synthesize? That’s awesome. Follow links and check references.
This use case feels better served by a dedicated utility with a specialized UI rather than shoehorned into a browser. It'd fit the macOS services model (which adds items to context and application menus, e.g. "Research this…" when right-clicking a link or text selection) and could optionally also be summoned by the system app launcher (like Spotlight).
And now every kid in Massachusetts gets free lunch—funded through the millionaire’s tax. Unfortunately, the food is in general pretty gross. It has to conform to Federal guidelines, which means low fat, low sodium, high sugar to hit calorie targets.
Some such projects use CORS to allow read back as well. I haven’t read Apfel’s code yet, but I’m registering the experiment before performing it.
reply