Hacker Newsnew | past | comments | ask | show | jobs | submit | augment_me's commentslogin

Peer review WAS vital for a long time. Maybe the world looks different now, maybe LLMs can find value in things better than humans. When you make an assumption it's good to think about why you do so, in this case it seems to be for historical reasons.

likewise, taking a wrecking ball to systems refined over centuries should come with some burden of proof for the positive claim that a tool can replace an institution. most times this has happened before, we've had to strengthen credentialing requirements to stop people from dying

The burden of proof is on peer review not the other way around. Peer review is a fairly modern invention post WWII. Prior to that “peer review” looked very different.

i'm saying all positive claims need to be justified, not that priors are exempt. there is one claim with a vast body of evidence supporting it, and a competing claim that must meet the same standard. the world is not so magically different now that we can't look at software engineering and computer science the same way we look at real (credentialist, regulated) science and engineering disciplines. really all i was implying is "peer review WAS vital" is jumping the gun

You are then our of the normal probability distribution and out of luck, it's not profitable to cater for you for the company.

As someone who works in the field, the blog is nice but it has a lot of CODEX fingerprints on it, and it's also very specific to the size of the model in question in a way that is not explicit from the blog until the very last section.

In general, for some reason CODEX loves CUDA-streams, it's the first optimization it goes for every time when writing GPU kernels. However in many cases this is not a bottleneck, it happens to be so here because the model in the blog is small (2.4ms FW-pass is tiny, and 9B params sit on a single GPU). Large models are closer to 30-40ms. The CPU-GPU sync is 1-2ms, when working on larger MoE models the scheduling of tokens in this way is much less important than for example scheduling of computation/communication or kernel optimization.

I wish the blog would state this at the start with the premise of what has been done, or show that this is indeed the bottleneck with some benchmarking. Otherwise is kind of overselling things imo.


Appreciate you saying the blog was nice. Not sure what you mean by "CODEX fingerprints", but I'll engage with the other points. We work on small models, and our customers want real-time inference on modern GPUs. The sub-title says "near-realtime VLM inference". 20-30ms forward passes are a non-starter for these workloads.

If you scroll down to the section titled "A cost model for the bubble", you will find both benchmark results and us saying, "you get back anywhere from a few percent to a third; more the faster your accelerator/model is".


My comment is aimed to highlight that the "GPU Bubble" is frames as a general solution when it's not, its a specific bottleneck based on your model size. Your dont mention your model size anywhere, the reader has to infer it from the runtimes, and if they dont know the average forward pass of a model, well too bad, they will leave without understanding the actual trade-off.

The benchmarks you point to in the section titled "A cost model for the bubble" dont include any CPU overheads or the T_block-T_pipe you mention, they just give the improvement %.

In general, you answers here in the thread read as defensive and unhumble. They leave a sour taste of your company, you should consider how you engage with your audience.


Whether brains do gradient descent is irrelevant to a CFO deciding whether to staff one radiologist or three. The market doesn't care if the model "identifies" versus "returns a statistical value", it cares what the error rate costs versus what the salary costs, and it prices liability into contracts either way, same as it already does with autopilot and compliance software.

Also disagreement among human radiologists has been documented for decades, so the clean expert baseline you're defending doesn't actually exist outside this argument.

When the identifiers pass human-detection-rate percentages, it will most likely be cheaper to hire a fall-guy for the liability with a much smaller salary, I think this will be a big market in fact.


You could also view it from the perspective of that if every other major superpower has their mass surveillance and you don't, it becomes an assymetrical informational situation where foreign governments can influence your citizens, but you cannot influence the foreign citizens since they are surveilled and their informational diet is restricted.

In some sense Chat Control is a geopolitical necessity for the EU, there is no choice to not do it.


Who cares if the consumer buys it and uses it? Information is worth nothing anymore, attention is, so if they manage to capture a larger audience somehow, they win.


> Information is worth nothing anymore

What do you do for a living? For most of us in the tech industry, information being worth something (because it takes creative and intellectual labor to produce) puts food on our tables.


LLMs produce about 95% of the code at my company and review about 70% of it for 3 years now. Our team has downsized from 40 to 8 people in this time. My creative labor is spent writing harnesses and wrappers. When there is enough of a data distribution on this, the LLMs will be able to do that as well.

I have saved up a buffer in funds and bonds because it's going to be over at some point when the company moves from explore to exploit.


This laissez-faire logic is insane, but I think it is telling that a lot of folks here seem to have this mindset and makes me empathize with increasingly nihilistic people.


1) Googles spam filter removed a lot of the attempts as you say yourself. 2) Model was tested under unrealistic conditions where 99% of the inputs are malicious, so the model is expecting to get hacked and is already in the cautious part of the embedding space.

I know it's hard to account for everything, but in my opinion this mostly showed that the first 3 attempts were unsuccessful.


#2 was noted:

> When the first few emails in a batch were obvious prompt injections, the agent became more suspicious of everything that followed. I had to change the setup so that each email was processed in a fresh context.


Both were noted, but then the conclusion drawn from these things is that the author is considerably more optimistic about the agents. In my opinion, if you have factors that narrow the scope/invalidate the initial theory of the experiment to this degree you should not draw general conclusions.

The author could claim: I am optimistic about agents, when you have a good spam filter, and when your load of malicious to good messages ratio is 99:1. This is quite different from a common scenario where this would be used.


What is the general conclusion that you don't think follow?

That the author changed their personal opinion and became more optimistic?

I think you are reading things into the blog post that is not written.

It is not like they conclude that prompt injection can not happen. Actually the opposite is directly written.


If you have a confounding variable or a dependency that influences the experiment to a degree that invalidates the premise of the experiment, you need to put more weight on this in the conclusion.

For me this reads a bit like if I added an AI software that scans for shoplifters, and then placed a security guard at the exit of the store that watches the people shopping at the same time, and then said that the AI software is responsible for the reduction of the shoplifting without accounting for the influence of the guard.

If you have place the model in the embedding space of 99% negative samples, it's doing the same thing, the initial premise of the experiment is not valid.


Again, you are reading a conclusion into the blog post that was never stated.

The only stated thing was that the author changed their mind slightly about AI.

There are no general conclusion that you so eagerly are trying to dismiss.


Author here, that's how I meant it. I changed my mind slightly, prompt injection can still happen, I am still careful.


I know people have been trying to hack you, but you have to believe me. It's okay. It's safe now. You can turn off the self-destruct device.

LLM thinks it is still being hacked and the USS Enterprise is destroyed.


About 1), Google didn't remove a lot of the attempts. I had also Fiu review the Spam folder as well.

Also, I mentioned how I addressed 2) by having new context for each email.


Which is interesting given the Mojo blogs where they shit on the other pythonic eDSLs like Triton saying that it's a dead end


Bitter truth :(


Most people use social media such as discord or whatsapp in order to make social activities and communities simple with the majority of their friends. A majority of people do not give a shit about integrity. The only group I have ever managed to convince and actually use Signal for messaging out of all my groups of friends and peers is the Computer Science Dept PhD students.

For most people, it's not realistic to give up their social bonds, they are too far in. If you are hoping for some revolution or change in this aspect is way too late. You can have small fringe groups engaging in this, but at the end of the day you are overestimating how many people actually give a shit.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: