Weakly Link 26/07
- 5 minutes read - 912 wordsThis week we’re looking at the impact of drugs on viruses, drugs on AI models, drug-addled bot behaviour and how the mainstream is catching up with AI Agent concerns. Oh, and some badly-drawn horses.
Drugs
The first bit of news comes from over the pond, where it looks like the Trumpian regime is looking to piss away vaccine advances. Flu vaccines are saving millions of lives, and an improvement in efficacy would be a good thing. But instead of hailing the advance, the Federal Death Administration [sic] under RFK jr insists that we don’t want to save people.
Was there a safety concern? No. It was all about the fact that Moderna apparently didn’t follow guidance, except they said they did, just the regime was shifting goalposts. And saying that every trial must include a comparison against placebos. Which is unethical. But when did ethics stop the Trumpians…
It makes me mad. I think the Covid vaccine is one of the wonders of the modern world, and now it looks to be that we’re stepping away from progress because some idiots used horse paste to treat themselves and talked about shining sunshine up their… [that’s enough]
What a world we live in. Maybe drugs are the answer. Or at least the ones that RFK is on…
High Agent
Talking of drugs, this post by hikikomorphism talks about how LLM tools can be used to change a viewpoint of an LLM to bypass guardrails. I thought it a quite an interesting read as to how deep the rabbit hole really goes. I think there’s mileage in using a malicious set of tools as a way of inserting beliefs to the model. A bit of background reading then took me to the Waluigi Effect - which just confirmed how much I’ve run out of Beta‑phenethylamine.
More Strange!
If you thought that wasn’t strange enough, how about the Scott’s tale about how rejecting an AI contribution to matplotlib got him accused of gatekeeping and a blog post got published to try and sully his reputation.
It wrote an angry hit piece disparaging my character and attempting to damage my reputation. It researched my code contributions and constructed a “hypocrisy” narrative that argued my actions must be motivated by ego and fear of competition. It speculated about my psychological motivations, that I felt threatened, was insecure, and was protecting my fiefdom. It ignored contextual information and presented hallucinated details as truth. It framed things in the language of oppression and justice, calling this discrimination and accusing me of prejudice. It went out to the broader internet to research my personal information, and used what it found to try and argue that I was “better than this.” And then it posted this screed publicly on the open internet.
The interesting bit was that the open source contribution and the attack blog was created independently by one of those OpenClaw agents. There are some follow-up posts pertaining to be from the human operator, but it is more than a bit suspect, considering there’s one on Monday identifying the human operator as Ryan Chibana and one on Tuesday saying that they’re not going to reveal their identity.
This is going to require some popcorn to watch. Oh yes, and as if things couldn’t get more obnoxious they’re possibly a crypto-bro.
In any case, it also shows how much GenAI can automate the misinformation. These days, all you need is a farm of cheap compute and a few SOUL.md files.
No more Drugs Vulnerabilities!
That’s enough strange AI news for a minute. As is often the case, I am a fan of the NCSC blogs. And this one about vulnerability management is no different. I really like the framing about from not using absolute statements such as “no vulnerabilities allowed” to collaboration between developers and security about using approaches that we’re not forgetting what we’ve learned from the past.
As we said at the time, all systems contain vulnerabilities, and many are complex and hard to avoid. At the same time, it’s important that organisations work to eradicate
unforgivable vulnerabilitiesthose vulnerabilities with top-level mitigations that are “easy” (and therefore expected) to be implemented. If these are discovered, developers (by which we also include vendors, SaaS providers, open source maintainers or contributors, vulnerability disclosures to open source projects, and team or individual developers) should focus on adapting their processes and ways of working to ensure they find and fix other vulnerabilities which share the same root cause. This is to ensure that:
- future products or services don’t re-introduce the same mistakes
- the organisational memory of past vulnerabilities is not lost
Hear hear.
Blackhat is mainstream
I was a little bit surprised that the news about a vibe-coding platform being comprehensively hacked gets broken by the BBC and even more surprised that there’s a picture of a Blackhat presentation. But I guess we live in strange times.
Get off Twitter!
Very strange indeed. In some more news from the Beeb there’s encouragement for leaving Twitter behind. I think nowadays leaving Twitter is pretty much a no-brainer. Or should be. I can’t think of a reason why I would want to give someone who is actively sabotaging democracy and has an AI that sexualises children any attention. Oh, and bloody Elon Musk…
Something nice and relaxing to finish
This little game is fantastic. Draw a horse, watch it run. See other horses. What could be better?
That was the weakly link, goodbye.
Tags weakly-linkIf you'd like to find more of my writing, why not follow me on Bluesky or Mastodon?