| ▲ | byzantinegene 3 hours ago |
| technically, he didn't do that. your ai agent decided to follow his instructions when they didn't have to. |
|
| ▲ | bawolff an hour ago | parent | next [-] |
| This has the same energy as, technically officer, i didn't shoot him, i just aimed at him and pulled the trigger. After that point the bullet just did its thing. Go blame the bullet. When it comes to responsibility, usually we consider a person intentionally doing something that they reasonably believe will have some consequence as responsible for that consequence. Especially when the primary reason they took the action was to generate the consequence. Excuces of the form "Technically i didn't do it, i just knowingly did something for the explicit purpose of triggering some downstream consequence" generally do not fly. |
|
| ▲ | km3r 3 hours ago | parent | prev [-] |
| "technically he didn't do that. Your sql server followed instructions when they should have just treated them as a string." Yet, hopefully we can agree that sql injections are illegal. |
| |
| ▲ | majormajor 2 hours ago | parent | next [-] | | But in this case the author of the project didn't execute the injection code... it's more analagous in some ways to pulling in a project with an example file containing a bunch of useful SQL stuff and then an example of an injection at the bottom, and just (in this case the agent) copy/pasting the whole thing in without reviewing it. If we're slicing on technicalities, there's a lot of ways to decide. "PROSECUTE THEM!" seems like an extremely hostile one when the website and readme and release notes said "don't do this" already. The agent ignored those things? Is that the author's fault? | | |
| ▲ | infinite_spin an hour ago | parent [-] | | This is like saying I can slip malware into a project and so long as the user is the one who executed the code I'm free and clear.. which we both know isn't true. |
| |
| ▲ | sumeno 3 hours ago | parent | prev [-] | | If I put a project on github that says "don't use this with mysql" and you use it with mysql and it drops your tables is it sql injection? Seems very different to me. | | |
| ▲ | asdfasgasdgasdg 2 hours ago | parent | next [-] | | Everything turns on intent. "This is not tested with mysql" is very different from "I'm going to go out of my way to fuck up your mysql." | |
| ▲ | mapontosevenths 2 hours ago | parent | prev | next [-] | | It's certainly unauthorized access if you intentionally built it with the goal of harming other peoples systems, especially if you hid that action from them the way our self-righteous friend here did. You are authorized to do what the user agreed to, no more. Further the agreement must be reasonable. Exploiting the victims system to intentionally cause harm isn't reasonable. F-secure once included a clause to use their wifi that you "assign their first born child to us for the duration of eternity." It was funny, but not legally enforceable and would have offered them no legal shelter if they'd gone out on a kidnapping spree that night. | |
| ▲ | artisin 2 hours ago | parent | prev [-] | | As much as I would like to agree, this is a pretty clear CFAA violation. If the intent is to purposefully destroy/delete data, the 'how' really makes no difference. But IANAL. |
|
|
