| ▲ | mapontosevenths 3 hours ago |
| He should not only be ostracized by the community, he should probably face charges. To be charged under the CFAA in America we need only show that he was authorized only to access a certain part of the system and the he exceeded the amount of access granted. He very clearly did that. Users trusted him enough to run his code, and he betrayed that trust to make some political point. Whether it was via prompt injection or SQL injection is irrelevant. Whether you agree with his politics or not is irrelevant. All that matters is he wasn't authorized to delete code from your system, and he abused the level of access granted to him to do that anyhow. |
|
| ▲ | byzantinegene 2 hours ago | parent | next [-] |
| technically, he didn't do that. your ai agent decided to follow his instructions when they didn't have to. |
| |
| ▲ | km3r 2 hours ago | parent [-] | | "technically he didn't do that. Your sql server followed instructions when they should have just treated them as a string." Yet, hopefully we can agree that sql injections are illegal. | | |
| ▲ | majormajor an hour ago | parent | next [-] | | But in this case the author of the project didn't execute the injection code... it's more analagous in some ways to pulling in a project with an example file containing a bunch of useful SQL stuff and then an example of an injection at the bottom, and just (in this case the agent) copy/pasting the whole thing in without reviewing it. If we're slicing on technicalities, there's a lot of ways to decide. "PROSECUTE THEM!" seems like an extremely hostile one when the website and readme and release notes said "don't do this" already. The agent ignored those things? Is that the author's fault? | |
| ▲ | sumeno an hour ago | parent | prev [-] | | If I put a project on github that says "don't use this with mysql" and you use it with mysql and it drops your tables is it sql injection? Seems very different to me. | | |
| ▲ | asdfasgasdgasdg an hour ago | parent | next [-] | | Everything turns on intent. "This is not tested with mysql" is very different from "I'm going to go out of my way to fuck up your mysql." | |
| ▲ | mapontosevenths an hour ago | parent | prev | next [-] | | It's certainly unauthorized access if you intentionally built it with the goal of harming other peoples systems, especially if you hid that action from them the way our self-righteous friend here did. You are authorized to do what the user agreed to, no more. Further the agreement must be reasonable. Exploiting the victims system to intentionally cause harm isn't reasonable. F-secure once included a clause to use their wifi that you "assign their first born child to us for the duration of eternity." It was funny, but not legally enforceable and would have offered them no legal shelter if they'd gone out on a kidnapping spree that night. | |
| ▲ | artisin 34 minutes ago | parent | prev [-] | | As much as I would like to agree, this is a pretty clear CFAA violation. If the intent is to purposefully destroy/delete data, the 'how' really makes no difference. But IANAL. |
|
|
|
|
| ▲ | slopinthebag 2 hours ago | parent | prev [-] |
| You are probably technically correct, yet I take great satisfaction in the schadenfreude of those who benefit from stolen work seeing the product of said stolen work turned against them. I can’t help but cheer, tbh. |
