You're not explaining why the trifecta doesn't solve the problem. What attack vector remains?

None, but your product becomes about as useful and functional as a rock.

This is what reasonable people disagree on. My employer provides several AI coding tools, none of which can communicate with the external internet. It completely removes the exfiltration risk. And people find these tools very useful.

Are you sure? Do they make use of e.g. internal documentation? Or CLI tools? Plenty of ways to have Internet access just one step removed. This would've been flagged by the trifecta thinking.

Yes. Internal documentation stored locally in Markdown format alongside code. CLI tools run in a sandbox, which restricts general internet access and also prevents direct production access.

Can it _never_ _ever_ create a script or a html file and get the user to open it?

That’s different. Now you are asking the user to do an action.

The user could also be another program, or another AI agent.

I see where you're coming from. But I often find that when I have some idea or challenge that I want to solve, I get bogged down in details (like how do I build that project)... before I even know if the idea I _wanted_ to solve is feasible.

It's not that I don't care about learning how to build Rust or think that it's too big of a challenge. It's just not the thing I was excited about right now, and it's not obvious ahead of time how sidetracked it will get me. I find that having an LLM just figure it out helps me to not lose momentum.

Maybe not slower once it has warmed up, though for memory-bandwidth bound use cases I would still say the lack of mutable records has you fighting the language to get reasonable cache locality (and everybody will hate your code for not being good Java). The fact that everything is a pointer kills the CPU execution pipeline and cache.

But even for I/O bound applications it still feels slow because excessive memory usage means more swap thrashing (slowing down your entire OS), and startup time suffers greatly from having to fire up VM + loading classes and waiting for the JIT to warm up.

I can start a C/C++/Rust based web server in under a second. The corresponding server in Java takes 10 seconds, or minutes once I have added more features.

The article got off on the wrong foot from the start by separating the purpose from the product. To my mind the purpose is the product and always will be.

> To my mind the purpose is the product and always will be.

A lot of industries would disagree with you. There are plenty of products where the physical form and direct purpose of the product itself is quite disjoint from the product they are actually selling.

For example, Hermès doesn't sell bags to carry stuff in - they sell status symbols. Restaurants don't sell food for sustenance - they sell a dining experience. Car companies only tangentially sell modes of transportation - they are treated more like fashion items in practice. Items like wedding rings have zero purpose - what they are selling is a physical manifestation of an emotion.

If everything we ever interacted with was 100% utilitarian, we'd be living in a very dull world.

You misunderstand my point. I'm not saying that the purpose of Hermès is to sell bags. I'm saying that the _product_ that Hermès sells is status, and the product of a restaurant is a dining experience.

Promote a better constitution that protects people from laws like this?

That is a wish, not an actionable step.

We could instead say “promote a utopia where everyone is treated fairly and empathetically and everyone’s needs are met without destroying the planet or a need for government”. That’d “fix” the current problem and more, the issue is what exactly can we do to “promote” that change.

It's actionable if you have some imagination. Raise funds for a nonprofit. Start lobbying on both sides of the aisle. Enlist an advertising company to show the dystopian future if something like chat control comes into effect, poll for focus groups and target them. Find ways to undermine and expose the forces that are pushing for authoritarian legislation.

I think we already ticked that box

the school to prison pipeline is talked about a lot.

I thought it was "there's no position in chess that requires more than 218 moves to reach."

I thought “there is no chess problem that is both reachable from starting position and requires more than 218 moves to solve”

There are no more than 218 ways to interpret this title

It'll take at most 218 comments on HN to figure out the meaning of the submission title

It'll take at most 218 characters to express the fact I did not understand the submitted article's title.

I seriously thought they meant "it's not possible to have a chess game with more than 218 moves"

Yeah, I'm still confused.

There is no reachable[1] chess position[2] at which a player has more than 218 valid moves[3] to choose from.

[1] Able to happen while following the rules of chess

[2] The arrangement of chess pieces on the board

[3] A valid move is the motion of one piece to a place on the board, which doesn't break the rules of chess - e.g: "King to E4."

Every corporate meeting should start with reminding ourselves that we're all going to die. And it most likely won't be from anything happening at the office.

> The amount of shady things going on in this domain (AI trained on stolen content, no proper attribution, not proper way to audit what's going out to third party servers etc.) should be a huge red flag for any professional developer.

If you already have your entire information infrastructure in Office 365 (including all email, Excel sheets with material non-public information etc) I think this point is moot. Why would MS abuse information only from Copilot and not the rest of its products when the legal agreements permit them to do neither?