ansuz

happy Suez Canal Obstruction day to those who celebrate

https://en.wikipedia.org/wiki/2021_Suez_Canal_obstruction

#boatStuck

At some point in the past I put World Frog Day on my calendar because silly events like that are an easy way to make my future self laugh.

Unfortunately, it seems that the guy who runs the World Frog Day website has gone all-in on "AI art", aka #slop.

His "art" page is a bunch of frog images generated with MidJourney, and I guess he's already gotten so much hate mail about it that he wrote up a page explaining "The Environmental Benefits of AI-Generated Art" which is just painfully wrong 😬​

I like the idea of raising awareness of the importance of frogs in ecosystems, but uhhhh, fuck this guy.

A friend sent me a link to some music on youtube ("1 hour Iranian Jazz").

It was just a still image with some music in the background, a classic pattern for slop music, so I was suspicious.

I looked in the description and saw some jazz musicians I recognized, so I figured maybe it was just an audio recording from some live session that got thrown on youtube.

After listening for a bit, I started to get the sense that it wasn't who it claimed to be. One of the listed musicians was Vijay Iyer, who has a fairly recognizable style on piano, and this didn't seem like him.

I scrolled through the comments for bit, and eventually stumbled across a comment from Vijay Iyer himself asking politely to have his name removed.

I am so incredibly tired of this bullshit.

#music #slop #ai

I find it very distressing to see that ImageMagick is included in the "open-slopware" list, not due to "purity culture" as boosters propose, but because of good old-fashioned threat modeling.

It is incredibly difficult (bordering on impossible) to write large projects in the C language without introducing memory-safety issues that can introduce Remote Code Execution (RCE) vulnerabilities.

Code for converting between exotic media formats is particularly prone to bugs which enable RCE (see this list of fairly recent RCE vulns in Imagemagick).

The more popular a particular software dependency is, the more valuable it is for attackers who want to introduce a backdoor. We were very lucky that a backdoor in xz was discovered before it could be meaningfully exploited, but we honestly have no idea just how many instances of such a social engineering attack have gone undiscovered.

It isn't particularly difficult to poison LLMs with information related to specific domains. BBC reporter Thomas Germain recently manipulated ChatGPT into returning results confirming that he he ranked 1st place in a non-existent hot-dog eating contest.

1. Imagemagick is written in C
2. it handles basically every exotic image format you can think of
3. it's used by approximately everyone, from big tech to the mastodon server on which you are probably reading this post
4. they're now using LLMs trained on data that anyone could have poisoned to develop new features

I sincerely doubt this will end well.