When I get a report which is obviously LLM output, I do not read it.
-
@icing so in other words ' please send me the prompt ' ? would that be acceptable ?
@PorCus No. The prompt could be "Find a security vulnerability in #curl".
I'd want to know *what exactly* the submitted LLM output found and why it is a vulnerability (and not some bug).
In the reporters words. To make sure they read it. If they did not read/understand it, it is not a communication.
-
@PorCus No. The prompt could be "Find a security vulnerability in #curl".
I'd want to know *what exactly* the submitted LLM output found and why it is a vulnerability (and not some bug).
In the reporters words. To make sure they read it. If they did not read/understand it, it is not a communication.
@icing ok now it's way more clear, I think I understand and agree
Thanks ! -
When I get a report which is obviously LLM output, I do not read it.
Instead, I ask the sender to summarize the novella in their own words, because I do not have the time, unless they explain to me why it‘s worthwhile.
My advice: do the same. Deflect, politely, LLM dumps. Let‘s make this a conversational norm.
-
When I get a report which is obviously LLM output, I do not read it.
Instead, I ask the sender to summarize the novella in their own words, because I do not have the time, unless they explain to me why it‘s worthwhile.
My advice: do the same. Deflect, politely, LLM dumps. Let‘s make this a conversational norm.
@icing well I just wrote a rant about this. How can I react to mistakes made with or using AI? Can we always blame the person, or should we blame the AI companies for that?
What can I reasonably enforce as a "conversational norm", now that AI written mails and documents are becoming the norm? I do not want to rant and argue every time I get AI Slop sent to me..
-
@icing well I just wrote a rant about this. How can I react to mistakes made with or using AI? Can we always blame the person, or should we blame the AI companies for that?
What can I reasonably enforce as a "conversational norm", now that AI written mails and documents are becoming the norm? I do not want to rant and argue every time I get AI Slop sent to me..
@dbof It depends on the situation. If your boss drop LLM output into your inbox and think that is the way to go, you are probably very limited.
If a random person drop such a thing into your project, you can refuse to process it without further work by the submitter.
I experience LLM output as part of being a maintainer. And a FOSS project should not feel obligated to accommodate such behavior, IMO.
I do not care what tools someone uses. I care how we communicate and collaborate.
-
When I get a report which is obviously LLM output, I do not read it.
Instead, I ask the sender to summarize the novella in their own words, because I do not have the time, unless they explain to me why it‘s worthwhile.
My advice: do the same. Deflect, politely, LLM dumps. Let‘s make this a conversational norm.
@icing I just told a student in an online only class to edit the wall of words or else. I'm an adjunct, I'm not paid enough to wade through shit.
-
@icing well I just wrote a rant about this. How can I react to mistakes made with or using AI? Can we always blame the person, or should we blame the AI companies for that?
What can I reasonably enforce as a "conversational norm", now that AI written mails and documents are becoming the norm? I do not want to rant and argue every time I get AI Slop sent to me..
-
@EndlessMason @icing often we blame the users, sometimes the tools!
"Oh, you got hacked? You're to blame!"
"the spreadsheet calculated the wrong value"In IT we always assume the computer does exactly the thing you tell it to do so it is never "wrong", you just put the wrong input out used or wrong. Yes, programs have bugs, but that is introduced by humans.
So should we blame humans for computer / algorithm / llm output? It's not so clear cut in my opinion.
-
@EndlessMason @icing often we blame the users, sometimes the tools!
"Oh, you got hacked? You're to blame!"
"the spreadsheet calculated the wrong value"In IT we always assume the computer does exactly the thing you tell it to do so it is never "wrong", you just put the wrong input out used or wrong. Yes, programs have bugs, but that is introduced by humans.
So should we blame humans for computer / algorithm / llm output? It's not so clear cut in my opinion.
@dbof @EndlessMason @icing Except in the case of LLMs it is nearly the opposite: the computer never does exactly the thing you "tell" it to do, so it is never "right", only plausible-looking. Using an LLM at all is _begging_ for bugs.
-
@EndlessMason @icing often we blame the users, sometimes the tools!
"Oh, you got hacked? You're to blame!"
"the spreadsheet calculated the wrong value"In IT we always assume the computer does exactly the thing you tell it to do so it is never "wrong", you just put the wrong input out used or wrong. Yes, programs have bugs, but that is introduced by humans.
So should we blame humans for computer / algorithm / llm output? It's not so clear cut in my opinion.
@dbof @icing
Hint: the Human selected a tool that made it either difficult or impossible for them to do a good job... and then they did a bad job.Improving operator, tool, and environment can all contribute to better results...
I also think we're well past "computer does what operator says" especially on corp controlled autoupdate endpoints speaking to a sea of random corp clouds
-
@dbof @EndlessMason @icing Except in the case of LLMs it is nearly the opposite: the computer never does exactly the thing you "tell" it to do, so it is never "right", only plausible-looking. Using an LLM at all is _begging_ for bugs.
@kgf @EndlessMason @icing yeah of course, so that is the change. But non-it people do not know these flaws. They don't know (or ignore) how LLMs work. They also don't know how Photoshop works.
How do we evaluate this then?
-
When I get a report which is obviously LLM output, I do not read it.
Instead, I ask the sender to summarize the novella in their own words, because I do not have the time, unless they explain to me why it‘s worthwhile.
My advice: do the same. Deflect, politely, LLM dumps. Let‘s make this a conversational norm.
"Thank you for your LLM generated report, I have passed it on to an LLM to read, the portion of your salary which would have paid you to write this report will be passed to the LLM owners instead"
-
@kgf @EndlessMason @icing yeah of course, so that is the change. But non-it people do not know these flaws. They don't know (or ignore) how LLMs work. They also don't know how Photoshop works.
How do we evaluate this then?
@dbof @kgf @icing
Any of: Kill chains, Root cause analysis, Swiss cheese model, defence in depth, site safety procedures/policy mechanisms, staff training, education / certification, regulation about how it can be advertised, restrictions on places where those tools can be used (no not work near flammable gasses), making it a security/safety/compliance issue, administrative approvals/restrictions, ACLs etcThere are already metaphorical matches to tasks in non-IT industries for how to treat things that act violently / non-intuitively / unpredictably - I'm sure those procedures are a decent place to start.
Generally, they all orbit around whittling down the chances of a mistake being made, and whittling down the chances that something goes wrong when a mistake is made.
-
@icing well I just wrote a rant about this. How can I react to mistakes made with or using AI? Can we always blame the person, or should we blame the AI companies for that?
What can I reasonably enforce as a "conversational norm", now that AI written mails and documents are becoming the norm? I do not want to rant and argue every time I get AI Slop sent to me..
-
@icing
I replied: "I don't engage with AI slop, as I find it demeaning to both the sender and the recipient. After a brief investigation though, it appears that you signed up for a class but never attended, and since the class was not full, I'm happy to cancel any fees that were due. (You could have just asked for that in a two line email, and the result would have been the same.)" -
-
R relay@relay.infosec.exchange shared this topic
