| ▲ | mrkeen 4 hours ago |
| Daniel Stenberg has been vocal the last few months on Mastodon about being overwhelmed by false security issues submitted to the curl project. So much so that he had to eventually close the bug bounty program. https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-b... |
|
| ▲ | tptacek 3 hours ago | parent | next [-] |
| We're discussing a project led by actual vulnerability researchers, not random people in Indonesia hoping to score $50 by cajoling maintainers about atyle nits. |
| |
| ▲ | malfist 3 hours ago | parent | next [-] | | Vulnerability researches with a vested interest in making LLMs valuable. The difference isn't meaningful | | |
| ▲ | tptacek 3 hours ago | parent [-] | | I don't even understand how that claim makes sense. | | |
| ▲ | judemelancon 2 hours ago | parent [-] | | The first three authors, who are asterisked for "equal contribution", appear to work for Anthropic. That would imply an interest in making Anthropic's LLM products valuable. What is the confusion here? | | |
| ▲ | tptacek 2 hours ago | parent [-] | | The notion that a vulnerability researcher employed by one of the highly-valued companies in the hemisphere, publishing in the open literature with their name signed to it, is on a par with a teenager in a developing nation running script-kid tools hoping for bounty payoffs. | | |
| ▲ | judemelancon an hour ago | parent | next [-] | | To preemptively clarify, I'm not saying anything about these particular researchers. Having established that, are you saying that you can't even conceptualize a conflict of interest potentially clouding someone's judgement any more if the amount of money and the person's perceived status and skill level all get increased? Disagreeing about the significance of the conflict of interest is one thing, but claiming not to understand how it could make sense is a drastically stronger claim. | | |
| ▲ | tptacek an hour ago | parent | next [-] | | I'm responding to "the difference isn't meaningful". Obviously, the difference is extremely meaningful. | |
| ▲ | mpyne an hour ago | parent | prev [-] | | > Having established that, are you saying that you can't even conceptualize a conflict of interest potentially clouding someone's judgement any more if the amount of money and the person's perceived status and skill level all get increased. If I used AI to make a Super Nintendo soundtrack, no one would treat it as equivalent to Nobuo Uematsu or Koji Kondo or Dave Wise using AI to do the same and making the claim that the AI was managing to make creatively impressive work. Even if those famous composers worked for Anthropic. Yes there would be relevant biases but there could not be a comparison of my using AI to make music slop vs. their expert supervision of AI to make something much more impressive. Just because AI is involved in two different things doesn't make them similar things. |
| |
| ▲ | delusional 2 hours ago | parent | prev | next [-] | | You don't see how thats even directionally similar? I guess I'll spell it out. One is a guy with an abundance of technology, that he doesn't know how to use, that he knows can make him money and fame, if only he can convince you that his lies are truth. The other is a bangladeshi teenager. | | | |
| ▲ | drekipus an hour ago | parent | prev [-] | | You have to be doing this willfully. This is obtuse |
|
|
|
| |
| ▲ | PunchyHamster 42 minutes ago | parent | prev | next [-] | | I'm not sure the gap between the two is all that wide | | | |
| ▲ | ath3nd 3 minutes ago | parent | prev [-] | | [dead] |
|
|
| ▲ | pityJuke 3 hours ago | parent | prev [-] |
| Daniel is a smart man. He's been frustrated by slop, but he has equally accepted [0] AI-derived bug submissions from people who know what they are doing. I would imagine Anthropic are the latter type of individual. [0]: https://mastodon.social/@bagder/115241241075258997 |
| |
