new | ask | show | jobs
ben_w 12 hours ago  [ - ]

While I appreciate the desire to have the best:

> Or I guess the inverse question: why aren't they allowed that audit?

There's undeniably a lot of unsecured software in the world.

Given that ID verification is hard and these companies are clearly new at it (or don't understand the implications of it, cough Worldcoin's eye-scanning orbs cough), which is worse:

(1) sufficiently good AI* is released to everyone: critical infrastructure and open source projects gets better hacking tools to white-hack their own code at exactly the same time as black hat hackers

(2) sufficiently good AI* is released to critical infrastructure and open source projects first: everyone else, the average paying customer has to wait but so too do the black hats

Because (2) is either the status quo or better depending on if you have access or not; and because (1) seems to me to lead to an acceleration of zero-days, I lean towards (1) being the worse.

* having no experience of pen-testing, I take no position on if this is "it" or not

akmiller 6 hours ago  [ - ]

1 assumes that some "private entity" gets to decide what is crucial infrastructure and what is not, what gets the opportunity to be patched and what doesn't.

I'm not ok with that and don't know why anyone would be.

pixl97 5 hours ago  [ - ]

Because it's their property. Now you can try to make an argument that it's stolen IP and that matters in some way, but that's just more likely to ensure no one has access.

Even more so they are getting push back from the government (good job electing idiots) that said models are a security risks.

But until then the company can charge/give access to whoever they want for however much they want except in the cases the law says no.

And if you don't like it raise a trillion dollars and make your own.

ben_w 4 hours ago  [ - ]

The owner of a thing deciding to whom they wish to provide access to the thing they own, is a necessary consequence of the concept of private property.

The only two alternative to a private entity making this decision are a government making this decision, or nobody making this decision, the latter of which is equivalent to both government and a private entity making the decision to do (1).

akmiller 25 minutes ago  [ - ]

That's a complete false dichotomy.

We create all kinds of consortiums to manage complex decisions that shouldn't be owned by one entity.