Some aspects of the described behavior are as we intended and some are not. The cause is not exactly as described in the blog post. As for mitigation, we are already testing a patch of the unintended behavior on a subset of our infrastructure. If any of you try to reproduce the blog post's findings you may get confusing results throughout the day.
We will also re-evaluate whether the intended behaviors are acceptable or not. Some of this is a trade-off between multiple aspects of privacy, and multiple aspects of user experience.
Please note that this is my current understanding, which may change. I was only made aware of this an hour ago, and most of that time was spent talking with Ops, considering what to do immediately, and writing this post.
Finally, for those of you who do security research: when you find a security or privacy issue, please consider notifying the maintainer/vendor before publishing your findings, even if you intend to publish right away.
> [Opexus] said that “the individuals responsible for hiring the twins are no longer employed by Opexus.”
Getting close to the classic Monty Python line: "Those responsible for sacking the people who have just been sacked, have been sacked."
Jokes aside, stuff like this sucks because I suspect many employers will take from it the most extreme, dehumanizing lessons, e.g.: (a) make firings [edit: including lay-offs] as abrupt as possible including terminating all access immediately, (b) never give second chances to anyone with any sort of criminal record (even say decades old marijuana posession or something).
I'd prefer a more balanced version: limit unilateral access to sensitive systems in general (not just of recently-fired employees), when someone is fired immediately shut off particularly sensitive credentials if they do exist (but not their general-purpose login/email account), avoid hiring people convicted of wire fraud as sysadmins, hash your @!#$ing passwords, etc.
Besides the people in this thread bemoaning the state of research funding, international students, etc. (all of which are valid), a lot of people are becoming disillusioned with academia. Probably 80% of the recent PhD grads I know are looking to leave academia, despite the fact that they went into it to pursue a career in academia. The median science PhD takes 6 years now, and is grueling work for terrible pay, all for difficult job prospects given the current market. MIT recently became one of the first universities to get a grad student union to try and combat the increasingly exploitative nature of academia. I can see how undergrads may look at how AI can do most of their homework assignments, and see how miserable grad students are, and decide that they don't want to continue down that path.
> The penalty is a 1-year ban from arXiv followed by the requirement that subsequent arXiv submissions must first be accepted at a reputable peer-reviewed venue.
This is incredibly good for science. arXiv is free, but it's a privilege not a right!
On top of that, if you look at 'Pointers & ownership' and 'Collections' sections, the Bun codebase is already prepared, using internal smart pointer types that map 1-to-1 to Rust equivalents, and `bun_collections` Rust crate already exists.
This makes an impression, that rewrite was prepared long time ago and was Bun team proposition to Anthropic during the acquisition deal.
> This whole thread is an overreaction. 302 comments about code that does not work. We haven’t committed to rewriting. There’s a very high chance all this code gets thrown out completely.
I can't relate that much to this. Every time I use AI to write code, I'm constantly fighting a feeling on the back of my neck that I need to look over everything it has done and supplement/alter it with my own code. That ick feeling counteracts the dopamine hit of having a working app after a few minutes of vibe coding, and I don't think that's going anywhere anytime soon.
That said, I have experience. I could absolutely see myself falling into this as a junior or even mid level dev. I'd no doubt not feel that feeling on my neck if it wasn't scarred from code review lashings early in my career by knowledgeable mentors.
> Even after the modem is removed, if you connect your phone to the car via Bluetooth then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota. However, if you use a wired USB connection then it does not do that (see the discussion here and elsewhere), so I exclusively use CarPlay via USB.
The problem with this is that both carplay and android auto capture their own vehicle telemetry. So even though the car is not able to use your phone as a general data pipe, Google and Apple still get access to this data when you're connected.
They are both very cagey with how they talk about this (or don't).
I used to work with a brilliant and humble guy. He got accepted to MIT at 14, but his parents made him go to community college for a year to give him a little more time to mature. He then went to MIT and graduated after three years, then went to Berkeley and got a masters in one year, then went to Stanford and it took six years to get his PhD?
Why? Because his advisor milked him for his work. She had a pile of papers to peer review ... hand it off to the grad studends. Have a talk to give? Give the grad students the task for writing up first drafts, collecting data, generating graphs etc. My friend said that nothing in the first five years of his PhD work contributed to his dissertation.
I'm amazed that behavior like that of the advisor is allowed.
I'm increasingly convinced that there's a killer app waiting for whoever can come up with a UI that makes claude code or codex accessible to the average user.
Onboarding my non-software engineer teammates to it has super-charged them and essentially given them all their own personal developer that can automate tasks for them. Managing codebases, etc. is still a hassle though.
90% of the power of Excel was that it was functionally a database that a normal person could actually use. I think we'll see something similar with coding agents.
This kind of behavior is never tolerated in the market. Your revenue is flat; they lay you off. Right away. No trial, no nothing. Your revenue is down, right to layoffs, right away. Revenue grows but less than guidance? Layoffs. Record revenue exceeding guidance? Believe it or not, layoffs.
Feels like there is some real momentum on linux gaming now. I mostly play older games but I've gotten most of them working acceptably in proton on my old system 76 laptop (oryp5, with a nvidia 2060; ~7 years old). The laptop actually has plenty of power for the games I play, but I underclock to keep the heat/fan speeds down (been doing the same on the win10 install on the same system), still getting acceptable framerate in proton for most of the things I do in game, non intense stuff.
Decades ago I ported some games to linux but I do think proton is the correct approach now. One underappreciated advantage is you get most of the mod environment too. In ESO for instance, there is an addon (tamriel trade center) which lets you download item prices, but it requires a windows client exe to do that. That client works on proton.
I also do some modding myself and can cross compile my rust code to windows with cargo xwin, and run it right away in proton, which is fairly amusing to behold.
I actually don't mind windows generally (been a MS user since DOS 5), but Win11 is a game changer, pun intended, and not in a good way.
“The algorithm cannot say no, however. If it finds problems, it sends the request for review to a team of in-house nurses and doctors who consult company medical guidelines. Only doctors can issue a final denial.”
As a physician, I’ve had to speak to these so called “peers” in a peer to peer denials with both my clinic and hospital setting. They are usually people who aren’t physicians as a first line of their defense, ie therapist, nurses, etc. This weeds out the providers who either don’t care about the patient denial and blindly accept the denial, or patient has to take matters in their own hands just to get the care they need/deserve. Or worse, in the hospital that means the patient gets hit with a huge bill (already an insane number in the US even with insurance, so don’t get me started on this) or it gets delegated to another provider who has to deal with it. Quite often patients get denied medical and rehab services, esp after something debilitating like a stroke, trauma/accident, etc. and at that point the peer to peer is to weed the provider out. Usually someone will tell the patient you’ve been denied, either go home without the services they need or you fight it.
I fight it. Can’t count the number of times I’ve spoken to someone not in the field of medicine or if they are, not my field of medicine (both Family/Hospital Medicine). Often I’m fighting with an MD or “practitioner” who is some other field like a gynecologist about hospital medicine services or rehab. I’ve even had the pleasure of talking to a physical therapist and didn’t let me get a word in as we began the peer to peer. I now start of by asking for their credentials and field of speciality and demand a peer of my field to do the denying if they are so adamant about it “not being medically necessary”.
I have so much to say and could write a book about it. I just wish I had the money and connections to actually change the state of US of Corporate Medicine.
Still writing the blog post about this. Will share more details.
For where this is coming from, skim the bugfixes in the Bun v1.3.14 and earlier release notes. Rust won’t catch all of these - leaks from holding references too long and anything that re-enters across the JS boundary are still on us. But a large % of that list is use-after-free, double-free, and forgot-to-free-on-error-path, which become compile errors or automatic cleanup.
I was a grad student @ Princeton a handful of decades ago.
I was a TA for a few classes and, given the honor code, we did not proctor the exams for undergrads. We just handed them out (left the room) and returned to collect them at the end.
- One of the exams in a course that I TAed had 5 free-response questions.
- There were also 5 TAs in that class, so we un-stapled the exams and each TA graded one question (for consistency).
- We re-assembled the exams and returned them to the students.
- A few days after the exam, one of "my" students (she attended my recitation) came to me with her exam and explained that I had incorrectly graded question 2.
- I told her that I didn't grade question 2, so she had to go take it up with "TA # 2"
- A few hours later, "TA #2" pays me a visit and she (TA#2) is annoyed. She tells me, "Your student is trying to pull a fast one. She answered Q2 incorrectly. She erased her answer and put in the correct answer and she wants it re-graded"
- I briefly defended the student and said something like, "Why would she do that... and how could you even know?"
- "TA#2" responded with "... because I photocopied all of the student responses after I graded them."
- Then I felt like a piece of shit for doubting my fellow TA. And felt even worse being naive enough to not be suspicious.
- "TA#2" and I brought all of this info up with the prof. who was running the course.
- We were told that the situation would be handled by an Honor Committee or something like that. We forwarded the information to the committee, but no one spoke to us and we were not allowed to participate in the deliberations.
- After about a week, all we were told was that the student was able to explain the "discrepancy" between her exam and the photocopy.
To this day, I have no idea what that student could have possibly said to explain her actions.
After that, I started photocopying every damned scrap of paper that I graded.
edits for clarity. The student did not get a zero on the exam, nor was she booted from the course. I don't remember if she was given credit for Question 2, but the TA and I were both expecting her to be tossed, which obviously didn't happen.
Not just Amazon, too. It feels like all of big tech (and some smaller firms) have simultaneously gone insane. Imagine if your CEO woke up one day and told the company: "We need to encourage travel spending. Please book as many business trips as you can, and spend as much money as possible. Fly first class to our satellite offices! Take limos instead of Ubers! Eat at fine restaurants! Make sure you are constantly traveling. In fact, we are going to make Travel Spending part of your annual performance review: If you don't spend enough on business travel, you'll get a low rating!"
I have been bothering the VM team for years for VM GPU pass through. I worked on the Apple Silicon Mac Pro and it would have made way more sense if you could run a linux VM and pass through the GPU that goes inside the case!
Sadly, as you can tell, they have not taken me up on my requests. Awesome that other people got it working!
Title claims "due to plains drought" but the article text largely attributes this to increased planting of soy for its lower fertilizer requirements (related to Strait of Hormuz).
Sounds a like a tactical tornado, made me think of this paragraph:
“Almost every software development organization has at least one developer who takes tactical programming to the extreme: a tactical tornado. The tactical tornado is a prolific programmer who pumps out code far faster than others but works in a totally tactical fashion. When it comes to implementing a quick feature, nobody gets it done faster than the tactical tornado. In some organizations, management treats tactical tornadoes as heroes. However, tactical tornadoes leave behind a wake of destruction. They are rarely considered heroes by the engineers who must work with their code in the future. Typically, other engineers must clean up the messes left behind by the tactical tornado, which makes it appear that those engineers (who are the real heroes) are making slower progress than the tactical tornado.”
- John Ousterhout, A Philosophy of Software Design
My employers have generally been fine giving me blanket permission to contribute to specific open source projects.
The framing matters: don't say "can I please do some charity work because it makes me feel good".
Say, "can I have your permission to get free rigorous review from experts in my field, and zero out all future maintenance costs for your company by contributing my fixes to the upstream open source project?"
Because that's really how it is. No employer of mine has ever said no to that. It is entirely in their interest for you to do this, you just have to help them see it.
As a lawyer, I'm excited about this, but there are two roadblocks that I'm not sure how Anthropic will navigate:
(1) For non-lawyers who use these skills/connectors/whatchamacallits to try to get legal advice, their communications are not protected by attorney-client privilege. This will absolutely bite some people in the ass.
(2) If a lawyer uses this with confidential client information (which, to the uninitiated, doesn't just mean SSNs and bank account numbers, but "all information relating to the representation of a client") and forgets to toggle off "Help improve Claude" in their settings, they have possibly (maybe even likely) committed malpractice.[1]
Everyone seems to love the Windows 7 era but for me, Windows peaked GUI-wise with Windows 2000 and everything since then has felt like a poor 'skin' or misplaced 'theme' on top of something else.
Windows XP's level of 'plug and play' for devices/drivers ushered in the modern OS feel from a usability standpoint, but from a 'get-shit-done' GUI and responsiveness standpoint Win 2000 (and up to Windows Server 2003 by extension) was all I ever wanted/needed.
These may be rose tinted glasses though, and I'd be interested to hear counterpoints.
I say this as somebody who has worked vendor side in UK public sector for a number of years.
It's policy. It's official Whitehall policy.
As a department you can't hire programmers at £100k/year, because that pushes them way, way higher than civil service bands allow. But you can pay a "Systems Integrator" - a consultancy like Cap Gemini, Deloitte, Fujitsu - £600/day for the same programmer in the same seat. So, £100k/year = bad, £120k/year via an external consultancy = good.
Then we get into actually building and owning tech. Look at the history of GDS - they were empowered to pay half decent salaries and build and own things, but then had budgets slashed and programs cut. Why? Because we can "just buy it". Yes, you won't own the IP, it'll cost 4x as much, it'll take 3x-5x longer, but at least you won't have "inefficient civil service bloat" to have to manage.
This all started in the 1980s, and there are signs of it swinging back. I was at one department last year where they were telling me they're thinking about hiring actual engineers and embedding some devops stuff internally - absolutely jaw-droopingly revolutionary. Genuinely.
In my experience, Claude only knows how to spew code. Every problem you want it to solve, it translates into "more code" rather than "less code". You have to very closely code review everything it does, otherwise your codebase is going to just grow and grow, and asymptotically approach 100% debt.
I code review everything that Claude produces, and I'd estimate about 90-95% of the time, my reaction is WOW it works but too much code dude, let's take 3 hours to handhold you through simplifying it until nothing more can be removed.
What a Rorschach blot. Comments range from AI to immigration to doomsday results for USA.
The admins statement in TFA speaks more to financial policy and grant declines. Unfunded students are much less likely to accept an admission. That's just a fact of life.
Some aspects of the described behavior are as we intended and some are not. The cause is not exactly as described in the blog post. As for mitigation, we are already testing a patch of the unintended behavior on a subset of our infrastructure. If any of you try to reproduce the blog post's findings you may get confusing results throughout the day.
We will also re-evaluate whether the intended behaviors are acceptable or not. Some of this is a trade-off between multiple aspects of privacy, and multiple aspects of user experience.
Please note that this is my current understanding, which may change. I was only made aware of this an hour ago, and most of that time was spent talking with Ops, considering what to do immediately, and writing this post.
Finally, for those of you who do security research: when you find a security or privacy issue, please consider notifying the maintainer/vendor before publishing your findings, even if you intend to publish right away.