People are accountable for the results they produce using AI. So a scientist is responsible for made up sources in their paper, which is plain fraud.

"responsible for made up sources" leads to the hilarious idea that if you cite a paper that doesn't exist, you're now obliged to write that paper (getting it retroactively published might be a challenge though)

I completely agree. But “disclosing the use of AI” doesn’t solve that one bit.

I don’t disclose what keyboard I use to write my code or if I applied spellcheck afterward. The result is 100% theirs.

Getting an automated reply concerning the submitted issue is deeply iconic.

> CCC always has been explicit far left/green, looking at its history, as other people in here have mentioned.

Yes, but what has shifted is "the left", to a point were it has basically been taken over for very specific agendas.

> I suspect that Chinese models are largely forced to open source as a trust building step because of general China-phobia in the west.

The obvious bias of the models, when it comes to Chinese politics and history, certainly does not help here.

TBF it obvious to us , in the same way many of our own bias are not obvious to us.

I do not understand. If auth is bypassable, this is not a browser issue, right?

It was a long time ago so i might be misremembering, but i think the idea was that safari would leak the target of redirects cross domain, which allowed the attacker to capture some of the oauth tokens.

So safari was not following the web browser specs in a way that compromised oauth in a common mode of implementation.

It's also a fundamental problem of security research. Lot's of irrelevant, highly contextual "vulnerabilities", submitted to farm internet points (driven by a broken cve system). AI only amplifies this.

Because you should not depend on one payment provider and pull unvendored images, packages, etc directly into your deployment.

There is no reason to have such brittle infra.

Sure, but at that point you go from bog standard to "enterprise grade redundancy for every single point of failure" which I can assure you is more heavily engineered than many enterprises (source: see current outage). Its just not worth the manpower and dollars for a vast majority of businesses.

Pulling unvetted stuff from docker hub, npm, etc. is not a question of redundancy.

OK, you pull it to your own repo. Now where do you store it? Do you also have fallback stores for that? What about the things which arent vendorable, ie external services?

Well, some engineer somewhere made the recommendation to go with AWS, even tho it is more expensive than alternatives. That should raise some questions.

Engineer maybe, executive swindled by sales team? Definitely.

If you are running k8s on prem, the "easy" way is to use a mature operator, taking care of all of that.

https://github.com/percona/percona-xtradb-cluster-operator https://github.com/mariadb-operator/mariadb-operator or CNPG for Postgres needs. They all work reasonable well, and cover all the basic (HA, replication, backups, recovery, etc).

This is blatantly false. There are MLIR based backhands for other languages. This is explicitly mentioned on the landing page at https://developers.googleblog.com/en/introducing-coral-npu-a....

Please language troll somewhere else.