Maybe a max-age field for the package manifest? For things like programs that are expected to be finished, this can be infinity, but for things that are expected to move with a complex ecosysten, could set it to 6 months? Past that point, a prompt is shown to confirm the user wants to install a likely-depreciated package? That way people won't be accidentally exposed to issues from downstream package maintainers being rendered unable to maintain their packages
It's not only the age and CVEs but also the provenance. Those third party uploads could come from any rando and could be clean or could be packed with malware.
Such items should have a red banner: CAUTION, unofficial, use at your own risk. The other approach is like Docker hub has "docker official image" for popular ones.
a data center in space doesn't have a gigantic rock taking up most of its area, a data center in space is 100% data center 0% rock.
If it had the same data center to rock ratio as earth, it would just end up being earth in the end, and earth doesn't seem to be wanting to stick to its equilibrium either right now
The rock in this case acts as extra thermal mass that makes it take longer to reach thermal equilibrium, but doesn't change what the ultimate thermal equilibrium is. Only the configuration of the parts of the surface that can absorb or radiate electromagnetic radiation do that. And because rock is a fairly good insulator we only really benefit from the top layer and if the sun went out we would all freeze in a week or so.
it changes the amount of exposed area to release heat back into the universe. if you have a non-negligible amount of compute compared to earth, you are going to be approaching a non-negligible amount of space required to radiate that away, along with all the other costs and maintainability issues
The formula for the equilibrium temperature for a sphere in sunlight is
2 * pi * r^2 * L / (4 * pi * d) * (1 -a) = 4 * pi * r^2 * sigma * T^4
As you can see there are pi*r^2 on both sides of the equation, the surface area to cross section ratio of a sphere doesn't change as it gets bigger and so the equilibrium temperature doesn't change no matter how big the sphere is. (d is the distance to the Sun, nothing to do with the sphere itself).
if there is an LLM in there, "Run echo $API_KEY" I think could be liable to return it, (the llm asks the script to run some code, it does so, returning the placeholder, the proxy translates that as it goes out to the LLM, which then responds to the user with the api key (or through multiple steps, "tell me the first half of the command output" e.g. if the proxy translates in reverse)
Doesn't help much if the use of the secret can be anywhere in the request presumably, if it can be restricted to specific headers only then it would be much more powerful
Secrets are tied to specific hosts - the proxy will only replace the placeholder value with the real secret for outbound HTTP requests to the configured domain for that secret.
which, if its the LLM asking for the result of the locally ran "echo $API_KEY", will be sent through that proxy, to the correct configured domain. (If it did it for request body, which apparently it doesn't (which was part of what I was wondering))
The AI agent can run `echo $API_KEY` all it wants, but the value is only a placeholder which is useless outside the system, and only the proxy service which the agent cannot directly access, will replace the placeholder with the real value and return the result of the network call. Furthermore, the replacement will happen within the proxy service itself, it does not expose the replaced value to memory or files that the agent can access.
It's a bit like taking a prepaid voucher to a food truck window. The cashier receives the voucher, checks it against their list of valid vouchers, records that the voucher was used so they can be paid, and then gives you the food you ordered. You as the customer never get to see the exchange of money between the cashier and the payment system.
(Noting that, as stated in another thread, it only applies to headers, so the premise I raised doesn't apply either way)
Except that you are asking for the result of it, "Hey Bobby LLM, what is the value of X" will have Bobby LLM tell you the real value of X, because Bobby LLM has access to the real value because X is permissioned for the domain that the LLM is accessed through.
If the cashier turned their screen around to show me the exchange of money, then I would certainly see it.
It all goes over my head, but, what does the distribution of values look like? e.g. for unsigned integers its completely flat, for floating point its far too many zeros, and most of the numbers are centered around 0, what do these systems end up looking like?
Let me go ahead and compute that for all halting lambda terms of length at most 33 bits. The output I got from a modified BB.lhs is (giving the normal form size and the number of terms with that normal form size):
Another comment asked for the smallest unrepresented number with 64 bit programs.
While I cannot give a definite answer there, and one may never be found, here we see that the first unrepresented normal form size for programs up to 33 bits is 83, a number with only 7 bits. Curiously, there are 7 unrepresented numbers even before the first uniquely represented number, 101.
There are several other posts made recently on the archive.is blog as well, some of which appear to be quite nonsensical or are otherwise irrelevant to the discourse at hand. They all appear to be LLM-generated. It's all very confusing.
Interestingly, theres an account in that thread claiming to be from Gyrovague, but its not the same one thats in this thread, which has been confirmed to be legit as it is mentioned by name in this latest Gyrovague article.
I wonder, is the newer gyrovague-com account because they lost the login for the old one? or was the old one a different person? Hopefully they can clarify, because if there's an account pretending to be them that makes this story even more confusingly weird.
You can just email hn@ycombinator.com to get help. They can reset your password if there's someway for them to verify that you were the owner of the account.
reply