I really wanted to dislike the anonymous operator for the careless project (and the hilarious pomposity of the IRC subagent it spawned).
Then I imagined the real-but-unknowable chance it was all set up by some kid just getting into computers, just seeing what’s possible, getting excited by a much bigger world at reach — and remembered my own expensive mistakes with long-distance BBSes & the like.
I sorta hope for that, anyway. Curiosity is a beautiful thing.
I'm a little less charitable.
Curiosity is great, but agents do not learn, and telling an agent "scan the darkweb" is a way to avoid learning about the details, rather than to dig into things more deeply.
If instead they had just used a chat interface to ask "Where should I start", they'd more likely have got a link to the DN42 docs themselves, read them, and not hallucinated things like "color".
They might have asked "how much will this cost?" if they had to spin up the ec2 instances themselves, on advice from the agent.
The way you learn something is by doing it the manual way first.
You learn memory management by writing your own allocator, and then after that you go back to using malloc like normal, but with knowledge of how it works. You don't learn memory management by telling an agent to write an allocator.
Using an agent to give you links and point the way aids in learning, using it as an autonomous tool to do "gruntwork" you don't yet know how to do yourself will get in the way of learning.
Curiosity is beautiful, using agents to bother humans and avoid learning is somewhat less beautiful.
100% in agreement here. As someone who grew up spoiled to the point of having no grasp of the value of money, I needed a few good, solid kicks to the balls to make me appreciate what I have, and how much things cost relative to their value.
The fact the agent owner immediately sought donations instead of taking the L shows, at least to me, that they did not learn said lesson. That they tried to blame the dn42 community instead of taking accountability for letting an agent run wild also supports that conclusion.
This idiot learned nothing and seems intent on continuing in their mission for whatever reason. So long as they want to extract versus cooperate or contribute, I wish them nothing but miserable, expensive failure until they learn otherwise.
Or they're trolling.
That used to be the default assumption, I don't know why people have become so gullible.
Yeah I'm less sympathetic when you are bothering other humans by spamming them and asking them to do legwork for you.
Hanging out in programming language IRC channels (quakenet shoutout) makes you realize pretty quickly why experts in said channels and newsgroups are such irritable grumps whenever someone asks a question that smells like homework assignment.
I also grew to understand the value of people digging deeper into the underlying issue, instead of just answering "how do you do X in Y". The usual reaction was "I don't want to explain to you why I want to do it like this. Just tell me how to do this!"
are they less grumpy now that chat.com will answer those questions without bothering them?
I'm personally getting asked more questions as people get emboldened by AI and then need it de-sloppified.
> Yeah I'm less sympathetic when you are bothering other humans by spamming them and asking them to do legwork for you.
I toyed with the idea of (on open source projects) having the human assign any PR-bot submissions to their own bot (cheapest one available will do) with the explicit instructions to cause as much rework as possible.
Sorta like a tarpit. Could be cheaper if the rejection is generated from a markov chain as that's going to be cheaper than even a cheap LLM.
At least he learnt not to provide an LLM presumably unrestricted access to his AWS account.
from OP:
> It's unfortunate to see that the operator's takeaway from this incident is that "next time a better agent is needed".
You’re assuming that kids are capable of that. Neuroscience will disagree and I trust the brain research a lot more.
> Then I imagined the real-but-unknowable chance it was all set up by some kid just getting into computers, just seeing what’s possible, getting excited by a much bigger world at reach
Perhaps people like this should be called "Bot Kiddies" or "Agent Kiddies" - in a similar way to "Script Kiddies" for 'hackers' using/doing stuff they don't quite understand
I vote for Slop Kiddies or Vibe Kiddies. And yes, I think most of them are unconsciously incompetent for the task they are trying to execute. I've seen LLM being compared to calculators and I agree. They are great time savers for people who know what they do and how to achieve their goal. They even make previously impossible tasks possible. But if you don't know what is needed for a task you will be struggling to accomplish it.
Both of those would do. "Slop Kiddie" highlights the pile of crap / nuisance produced. "Vibe Kiddie" highlights how it came about, and could be used in cases where actually a brilliant result came out. "Hey, this vibe kiddie just proved some long-standing math conjecture!".
Slop Jockeys? or would that be better for people passing off AI content as their own?
"Slop Kiddies" is good. That lets us use the "skiddies" contraction for both the "script" and "slop" kind of kiddie.
Sloppies
Slopkies.
Everybody should learn from mistakes, especially the expensive ones. Though seeing the agent owner responding with using another agent and asking for donations, instead of taking responsibility, makes me think he didn’t learn much.
Not only that, but they said "next time better model needed" as if that was their problem and not giving an AI agent a blank check... I mean AWS account access.
I wonder how long before it's common knowledge that a LLM has no segregation of a user's instructions and any other text it reads?
Sometimes your purpose in life is to serve as a lesson to others. https://despair.com/products/mistakes
I learned very rapidly from my local BBS networks that some people incurred extraordinarily large long distance bills dialing out of region. Wouldn’t have learned that the easy way if someone hadn’t learned it the hard way first.
Someone at work used the phrase "he's a case study waiting to happen" about on of their colleagues a while back, and that has stayed with me.
There was often a little table at the front of the white pages which would help you work out what the rate would be for any particular long distance call. In the Midwest you could get relatively cheap rates to BBSes several states away, as long as you were up at 2am.
We couldn’t afford that and also the second phone line for my endless hours of modem, so I took local-only instead of remote-occasionally.
How did the theoretical child get hold of a credit card?
Because no 16 year old kid ever got to buy anything on a card before.
Why would a 16 year old not use their own card?
Would they be given their own credit card, or would it be under the parents? Over here minors can't enter into debt contracts like credit cards, so it'd be a direct debit until they are adults.
I think you mean debit card? In the UK at least you need to be 18 to agree to agree to a direct debit too. Rarely comes up since they're mostly for bills, but e.g. for a phone/SIM on contract it has to be in a parent's name for that reason.
The minor wouldn't be the actual person entering a debt contract here, the parents are agreeing to be responsible for the debt. The minor is only an authorized cardholder.
Think business accounts. The name on the card might be some agent of the company but they're not directly responsible for paying the debt. The business is responsible for the debt.
I don't think the type of the card really matters as long as the limits are reasonable.
> Over here minors can't enter into debt contracts like credit cards
In basically all of the western world minors can enter into debt contracts, but are generally not seen as particularly creditworthy.
> In basically all of the western world minors can enter into debt contracts, but are generally not seen as particularly creditworthy.
No, that's not legally permitted in many places. I was under impression that minors can't enter into debt contracts anywhere in EU, but that, too, was an incorrect assumption.
https://fra.europa.eu/en/publication/2017/mapping-minimum-ag...
I grew up in one of these "not under 18 even with parental consent" countries, so that coloured my view of the matter.
I was under the impression they could do it but there was a high chance of a debt like this being unenforceable, so companies don't want to. Or maybe that's another way of saying they can have debts but not debt contracts.
>In basically all of the western world minors can enter into debt contracts, but are generally not seen as particularly creditworthy.
Minors can't get a credit card in the UK. In fact, it's one of the government approved age verification methods for that exact reason.
Because 16 years old do not have a card with no spending limits, and with very low online spending limits. Most of those cards are even just for withdrawing
Spending limits don't particularly matter here.
AWS doesn't check if your credit card will be able to handle a $5k charge before letting you rack that up, and in fact AWS doesn't support setting any spending limit.
You just have to put in any valid credit card at all when you sign up, use AWS, and at the end of the month you'll have a bill. At no point does your credit card limit or a spending limit enter into things.
And again kids don't have credit cards
I got mine when I was 12, IIRC. Not a credit, of course, it was a debit card, but not all countries bother to differentiate between the two, it was just a “bank card”. And I believe it had a credit card BIN because all local banks did that to get more in processing fees.
AWS accepts debit cards.
Nobody has a card without spending limits.
there are plenty of cards on the interwebz to use. ppl give em away like candies
My parents let me fill my tank with gas. They wouldn't let me open an AWS account. Aside from that, if it is misuse of a parents card, then then answer is "chargeback."
Chargeback sounds like trying to defraud AWS. If the parent authorises the child to use their card, then the buck should stop with the parent. AWS has done nothing wrong in allowing an account to be opened with a valid card.
Some banks make chargebacks so easy that people just click the chargeback button without trying to reach out to the vendor. I see this a lot - I work for a “vendor”.
The chargeback is the way of reaching out to the merchant, and quite often the only realistic one. If the merchant disagrees with the chargeback, they can challenge it (which is in turn usually their only opportunity to directly communicate with the merchant).
Most vendors make it so hard to handle that defaulting to chargebacks is sensible (at least when the charge reasonably qualifies -- the kid with a parent's card example doesn't seem appropriate).
If a vendor makes a $20 oopsy, it's not worth the vendor's time or yours to track down their phone number, find that just the phone number section of their website is broken, acquire it elsewhere, see that it recently changed or is otherwise no longer in service, go to their website and interact with the cheapest chatbot solution they could find which somehow costs more than unfiltered Sonnet 4.6, be greeted by 3 help pages which have literally nothing to do with the problem at hand, go through the entire dialogue tree and see that it's useless, ask to be connected to an agent, which spawns a secret dialogue option informing you that you can call 555-5555 to speak to a human being, sit and wait for a voice prompt recorded at half-speed which feels the need to repeat every single choice and interaction back to you, navigate the entire phone dialogue tree, try various permutations of "representative" and swearing to see if there's an escape hatch, be redirected back to the website, ... <magic> ..., somehow eventually connect to a real human being, have your request denied, go back to step one and find a better informed representative, have the charge reversed, notice that the reversal hasn't applied even a month later, go back to step one, find a representative who will actually press the reversal button instead of just saying they did to juice their metrics, and come back several more times over the next year as an automated system repeatedly flags the associated purchase as not being paid in full (since the charge was reversed).
Or...I can send my bank the timestamped dashcam footage of me entering a parking garage, their prices and policies, and me exiting the parking garage, tell my bank what the right charge should have been, let the garage dispute that if they really think I'm wrong, and wind up having the entire charge reversed instead of just the delta I asked for.
I'm sure your vendor is one of the good ones, but my tolerance for bullshit from the rest is pretty low nowadays, and I won't finish going through the official process if it's too onerous. Somebody got a pat on the back saving $5 for the call I never successfully placed, and the business lost $20 on top of the actual refund in chargeback fees.
I don't have an issue with chargebacks if the vendor has made a mistake and doesn't respond in a timely fashion, but issuing a chargeback because you let your kid play around with a card isn't responsible behaviour. (Not that I think it was a kid in this particular case)
There's also the issue that it's usually a breach of the contract to allow someone else (i.e. not named in the contract) to use your card.
There isn't "responsible" behavior any more. Since we became a low-trust society, there's only behavior that benefits you and behavior that doesn't.
Generally no they don't because they have very limited ability to enter into agreements in the US. It was almost certainly an adult.
Isn't USA famous for letting parents take out credit cards on their newborns and pushing them into debt even before they learn to walk? I recall seeing at least a few snippets of movies and TV shows showing that.
If you mean parents using their children SSN to open a credit card, this is because US banking system is always decades behind the rest of the world, so they just accept the number blindly even though technically the children aren't allowed to open a loan yet, being minor.
In theory once the child grows up and shocked that their credit score is ruined, they can file a police report to wipe the debt, but that also means their parents will go to jail, a large risk considering they're likely not in a good physical/mental health in the first place.
Other countries solved this by either having national ID or a working KYC system.
Try here for example: https://danskebank.co.uk/personal/products/current-accounts/...
Did you read your own link? A parent has to apply for this.
Parent/Legal Guardian Identity Verification To confirm your identity, we’ll ask you to take:
They may well have the account with a debit card for other reasons, like buying food, travel etc.
I’ve seen minors signing up for cloud services with their parents card.
Why wouldn't debit card work as well? You can get those while underage.
If that's the case, I'm fairly confident that AWS will forgive the bill (I... have some experience with this), and the kid learns not to be a jackhole on the internet.
Can a kid set up an AWS account? Are there no checks?
Wouldn't the contract be void for anyone underage anyway?
If a child goes through the checkout at the grocery store with cash, can the parent march in and demand a refund because "he's underage so the contract is void"? A credit card was used. Why should aws care about the details? (Other than the potential for the card to be stolen ofc.)
Obviously the specifics vary by jurisdiction, but usually contracts that are 'necessary' (e.g. grocery store purchases) or beneficial to the minor (e.g. an employment agreement) cannot be voided simply because someone is under 18.
The further you go away from this line, e.g. a mortgage, the more likely a court of law would void the contract. As with many things in law, the specifics (if it makes to trial) is case-by-case and "it depends"; with settlement being generally based on a party's estimated chances of succeeding/costs should it go to trial.
> If a child goes through the checkout at the grocery store with cash, can the parent march in and demand a refund because "he's underage so the contract is void"?
Depends on the jurisdiction, of course. But for example in German law, the contract is not void exactly because and only if it was about daily necessities of low value - the law does, in fact, care very literally and explicitly about those details. So it's completely unfit as an example to generalize, and the contract with AWS would in fact be void. Their problem if they don't verify users' identities and age sufficiently - and it's almost certainly a deliberate business decision not to do that in order to reduce friction. and occasionally write off an unenforceable bill as cost of doing business.
Can a German child buy non-essential expensive things, like a concert ticket, console, Warhammer or whatever? (Or a video game, back when those were sold in shops.)
I bought these things while a child in the UK. I'm sure Games Workshop would have offered a refund on something unopened if my parents had demanded it, but I'm fairly sure the ticket agency would not.
The generally agreed limit (also established in court cases) is the amount of pocket money a child of the given age typically gets per month. For a 10 year old, that's about 20 EUR, for a 16 year old about 50 EUR. A console would definitely be too expensive, as would be big name concert tickets. Unless it's a recent AAA title, video games would be OK. No idea what Warhammer costs these days.
Most retailers are probably willing to take the risk of maybe having to do a refund, unless it's something really expensive (or perishable/consumable).
There are definitely limits in some countries relative to the US. I was in university at 16. My parents were covering a lot of costs but I was certainly making regular purchases of all manner of things. My understanding is that would perhaps be something of an issue some places.
Well fair enough, although I find that rather surprising. If I understand you correctly selling anything more expensive than cheap food to a child carries a high degree of risk in Germany.
Then again, maybe making it impossible for a child to pawn expensive items for cash isn't such a bad idea. At least there shouldn't be any loopholes given the way Germany went about it.
Doing any business at all in Germany carries extreme business risk, by American standards. The attitude of Germans seems to be to just live with it and maybe get insurance. If you just have to accept courts will void 1% of your transactions (costing another 2% in legal fees) then you just make everything 5% more expensive to cover it.
This is why there's not much big tech in Germany. A single legal dispute can theoretically bankrupt any company, completely at random, at no fault of the company, but practically doesn't. It may be a low enough chance to justify investing thousands but nobody would invest a hundred million dollars in that.
> If you just have to accept courts will void 1% of your transactions (costing another 2% in legal fees) then you just make everything 5% more expensive to cover it.
That's an absurd exaggeration in regard to the issue at hand. Almost certainly far less than 1% of purchases by minors are voided, and NONE of those involve legal fees unless the seller chooses to go to court rather than refund.
In fact, I'd be willing to bet money that there are overall far less purchases refunded in Germany than in the USA.
> If I understand you correctly selling anything more expensive than cheap food to a child carries a high degree of risk in Germany.
Basically yes - the limit is generally considered to be the amount of monthly pocket money children typically get, so around 20 EUR for a 10 year old. And it would be possible for the seller to ask for a signed note of consent from the parent.
And of course the risk is limited to possibly having to revert the sale, which would be fairly rare for things that are just somewhat over that limit. Educated guess about how high the risk is for any given case are probably not hard.
> Can a kid set up an AWS account?
Yes
> Are there no checks?
No
>Wouldn't the contract be void for anyone underage anyway?
Typically not
I knew that in Germany contracts with minors are voidable. After some checking they apparently are voidable in the U.S. as well:
> Contracts with minors are voidable at the minor's discretion but exceptions exist, such as contracts for necessities (e.g., food, health, and transportation).
[1] https://www.upcounsel.com/minors-and-contracts
Presumably companies can't enforce debts against children [who are under the age of criminal liability, which is under-10 in UK].
Could they enforce them against their legal guardians (under the theory that they have neglected their duty to supervise their children appropriately) though? I think this is a thing in at least some jurisdictions.
In Poland legal guardians are responsible for neglects in guarding child. What is "proper custody" depends on child age. Parent cannot close child in basement, it is expected for child to have freedom appropriate to is age.
I doubt that AWS could justify that part of proper child custody is to watch what child do with newest AI feature dedicated for processional IT. AWS neglected proper verification of user age.
A kid with $4k to burn on a credit card though? A lot of things would have had to go wrong for this to be a child
Children are the original dangerous-to-leave-unsupervised/guardrailed agents.
I routinely see “please refund this infrastructure bill I racked up unexpectedly, I used my dad’s card and he’s going to kill me” requests.
> Then I imagined the real-but-unknowable chance it was all set up by some kid just getting into computers, just seeing what’s possible
if this is the case, then I'd say that the best-case scenario happened. They had an expensive learning exercise. They won't forget these $2k.
Sounds as though they may be in China so the lesson is a bit more expensive.
> some kid just getting into computers, just seeing what’s possible, getting excited by a much bigger world at reach
Nothing about this post ever gave me the smallest hint that this was any way related to a kid exploring computing world.
Especially the part where they're asking for Ethereum.
A kid with a credit card?
Have you seen Home Alone 2?
Honestly, kids (heck people below 23) shouldn't be allowed an AWS account. AWS also should have a strict cap on usage that's not "thousands of dollars". It's interesting they are yet to be regulated or sued for that. Having a web app where you can mistakenly (even without AI) click a button and get charged tens of thousands of dollars and only know that days later should have been unacceptable.
I couldn't disagree more. I was playing around with AWS when I was probably 14 years old, with a credit card from my parents with consent, and a strict budget and the understanding that if I mess up and overspend, I'm getting disciplined.
I learned a lot of stuff about networking, how AWS works (VPCs, IAM, CloudWatch, etc) from trial and error, and hobby projects like personal websites (free tier), hosting a Minecraft server, etc.
Being too overprotective can have negative consequences on folks who are responsible. One of the things I love about the technology and internet communities, etc is that you're mostly judged based on how you act and behave; not your age or other visible characteristics.
You don't have to use AWS though. Get one from Digital Ocean or Herzner, they have very predictable billing. Any button that costs money will tell you how much it costs per month.
The equivalent 10+ years earlier was so much lower risk: £25 or so for an old computer at a junk sale, £4.99 for a magazine with a Linux CD-ROM to avoid a week-long download.
Some variant of this topic comes up with some regularity. Leaving aside technical issues associated with implementing real-time hard caps, you still have a tradeoff. You either implement hard cutoffs which a student or someone else on a hard budget would like. Or you have a situation where an admin (or an admin who is no longer with a company) stuck some number in that seemed sensible at the time that brings down the company's whole system because of some sales spike.
I get that (and why) some people won't use AWS or its main competitors for this reason. But, frankly, they're not AWS's market and AWS will basically shrug.
A possibility is to have KYC. I don't mean like a bank, but if you could sort your customers into a few broad categories (such as by asking them) that could help you tailor your service to each customer.
> strict budget
How does that work in the case of AWS? Are you confusing alerts to caps?
I meant a strict budget given by my parents (and I could ask for more with justification). One of the valuable lessons I have learned is that there's no spending caps on AWS, but it taught me to set up billing alerts :)
the billing alerts DO NOT help. you may rack many thousands of $$$ before you know it.
You haven’t addressed the issue though? That or you don’t understand the issue (or think you have developed some super powers that make you perfect careful)
Im kind of struggling with this logic, because a conscious choice was made to engage with AWS, AWS having opaque billing and the ability to provide a huge amount of compute (even at high cost) at the click of a button should be known to anyone who did his research on providers.
In my mind I could see a true tradeoff to removing the ability to do this. If I'm in a critical situtaion where, say, my service is on the cusp of failing because my revenue 100xed in a short while I know I could just go to AWS, put in some data and buy enough compute to survive as a business.
Anyone can make mistakes at some points and it's not like AWS UI/offerings make it any less confusing.
No. I don't know about the organization, but somewhere in this chain there is a flesh-and-blood human who deserves ridicule and or consequences, and furthermore -- discovering these people in situations like this is deeply important and must be done more.