this post was submitted on 15 Jun 2024
108 points (100.0% liked)

Technology

68348 readers
3176 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
108
AI Loophole #1; Your GitHub README.md (lemmy.world)
submitted 9 months ago* (last edited 9 months ago) by [email protected] to c/[email protected]
72 comments fedilink hide all child comments
 

I used to be the Security Team Lead for Web Applications at one of the largest government data centers in the world but now I do mostly "source available" security mainly focusing on BSD. I'm on GitHub but I run a self-hosted Gogs (which gitea came from) git repo at Quadhelion Engineering Dev.

Well, on that server I tried to deny AI with Suricata, robots.txt, "NO AI" Licenses, Human Intelligence (HI) License links in the software, "NO AI" comments in posts everywhere on the Internet where my software was posted. Here is what I found today after having correlated all my logs of git clones or scrapes and traced them all back to IP/Company/Server.

Formerly having been loathe to even give my thinking pattern to a potential enemy I asked Perplexity AI questions specifically about BSD security, a very niche topic. Although there is a huge data pool here in general over many decades, my type of software is pretty unique, is buried as it does not come up on a GitHub search for BSD Security for two pages which is all most users will click, is very recent comparitively to the "dead pool" of old knowledge, and is fairly well recieved, yet not generally popular so GitHub Traffic Analysis is very useful.

The traceback and AI result analysis shows the following:

  1. GitHub cloning vs visitor activity in the Traffic tab DOES NOT MATCH any useful pattern for me the Engineer. Likelyhood of AI training rough estimate of my own repositories: 60% of clones are AI/Automata
  2. GitHub README.md is not licensable material and is a public document able to be trained on no matter what the software license, copyright, statements, or any technical measures used to dissuade/defeat it. a. I'm trying to see if tracking down whether any README.md no matter what the context is trainable; is a solvable engineering project considering my life constraints.
  3. Plagarisation of technical writing: Probable
  4. Theft of programming "snippets" or perhaps "single lines of code" and overall logic design pattern for that solution: Probable
  5. Supremely interesting choice of datasets used vs available, in summary use, but also checking for validation against other software and weighted upon reputation factors with "Coq" like proofing, GitHub "Stars", Employer History?
  6. Even though I can see my own writing and formatting right out of my README.md the citation was to "Phoronix Forum" but that isn't true. That's like saying your post is "Tick Tock" said. I wrote that, a real flesh and blood human being took comparitvely massive amounts of time to do that. My birthname is there in the post 2 times [EDIT: post signature with my name no longer? Name not in "about" either hmm], in the repo, in the comments, all over the Internet.

[EDIT continued] Did it choose the Phoronix vector to that information because it was less attributable? It found my other repos in other ways. My Phoronix handle is the same name as GitHub username, where my handl is my name, easily inferable in any, as well as a biography link with my fullname in the about.[EDIT cont end]

You should test this out for yourself as I'm not going to take days or a week making a great presentation of a technical case. Check your own niche code, a specific code question of application, or make a mock repo with super niche stuff with lots of code in the README.md and then check it against AI every day until you see it.

P.S. I pulled up TabNine and tried to write Ruby so complicated and magically mashed, AI could offer me nothing, just as an AI obsucation/smartness test. You should try something similar to see what results you get.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 51 points 9 months ago (4 children)

Anything you put publicly on the internet in a well known format is likely to end up in a training set. It hasn’t been decided legally yet, but it’s very likely that training a model will fall under fair use. Commercial solutions go a step further and prevent exact 1:1 reproductions, which would likely settle any ambiguity. You can throw anti-AI licenses on it, but until it’s determined to be a violation of copyright, it is literally meaningless.

Also if you just hope to spam tab with any of the AI code generators and get good results, you’re not. That’s not how those work. Saying something like this just shows the world that you have no idea how to use the tool, not the quality of the tool itself. AI is a useful tool, it’s not a magic bullet.

[–] [email protected] 5 points 9 months ago* (last edited 9 months ago) (1 children)

Sounds like AI or an AI influencer post. The first paragaph is so far off-topic, might as well be talking about sailing. You completely mis-understood what I meant using TabNine. I wrote my own code and obfuscated my own code. Then tried to have AI complete another function using my code.

Nothing you said is relevant is any way, shape, or form.

[EDIT} https://www.tabnine.com/

[–] [email protected] 33 points 9 months ago* (last edited 9 months ago) (2 children)

My guy, your posts are particularly hard to follow, and you are very very quick to jump to the conclusion that you're somehow being targeted and under attack. It's no surprise that people aren't responding to what you think is appropriate for them to respond to.

You've gone out of your way to provide extra info about irrelevant details: Why does the particular flavor of git you use matter at all to this conversation beyond the fact that you self host, why does it matter that you are on github as well when we are specifically discussing things you believe were sourced from readme.mds you have self hosted?

Meanwhile you don't give many details or explanation about the core thing you are trying to discuss, seemingly expecting people to be able to just follow your ramblings.

Edit: After having re-read your OP, it's less messy than I initially thought, but jesus christ man you need to work on arranging your points better. It shouldn't take reading your main post, a few of your comments, and the main post again to get your point: "AI data scrapers appear to treat readme files as public data regardless of any anti-AI precautions or licensing you've tried to apply, and they appear to not only grab from github bit also from self-hosted git repositories."

[–] [email protected] 27 points 9 months ago

Seriously. OP might have a legitimate point but they’re making it with the energy of someone trying to convince me that vole people live in the antiposition of the time cube.

[–] [email protected] 9 points 9 months ago

In fairness, a lot of the more exceptional engineers I've worked with couldn't write their way out of a wet paper bag.

On top of that, even great technical writers are often bad at picking - or sticking with - an appropriate target audience.

[–] [email protected] 3 points 9 months ago (1 children)

I think that training models for fair use purposes, like education, not commercialization, will also fall under fair use. But even so, it's very difficult to prove that someone has trained their model on your data without a license, so as long as it's available, I'm sure that it'll be used.

[–] [email protected] 7 points 9 months ago

This "fair use" argument is excellent if used specifically in the context of "education, not commercialization". Best one I've seen yet, actually.

The only problem is that perplexity.ai isn't marketing itself as educational, or as a commentary on the work, or as parody. They tout themselves as a search engine. They also have paid "pro" and "enterprise" plans. Do you think they're specifically contextualizing their training data based on which user is asking the question? I absolutely do not.

load more comments (2 replies)
[–] [email protected] 12 points 9 months ago (2 children)

So... if you don't want the world to see your work, why are you hosting it publicly?

[–] [email protected] 20 points 9 months ago (1 children)

"The world seeing [their] work" is not equal to "Some random company selling access to their regurgitated content, used without permission after explicitly attempting to block it".

LLMs and image generators - that weren't trained on content that is wholly owned by the group creating the model - is theft.

Not saying LLMs and image generators are innately thievery. It's like the whole "illegal mp3" argument. mp3s are just files with compressed audio. If they contain copyrighted work, and obtained illegitimately, THEN their thievery. Same with content generators.

[–] [email protected] 2 points 9 months ago (6 children)

stealing removes something. copying makes more of it. it's not theft

load more comments (6 replies)
[–] [email protected] 11 points 9 months ago

If I copy McDonald's site one by one for my own restaurant and just change the name, you can expect to be sued.

And yet, their site is available publicly?

[–] [email protected] 4 points 9 months ago* (last edited 9 months ago)

Thanks for all the comments affirming my hard working planned 6 month AI honeypot endeavouring to be a threat to anything that even remotely has the possibility of becoming anti-human. It was in my capability and interest to do, so I did it. This phase may pass and we won't have to worry, but we aren't there yet, I believe.

I did some more digging in Perplexity on niche security but this is tangential and speculative un-like my previous evidenced analysis, but I do think I'm on to something and maybe others can help me crack it.

I wrote this nice article https://www.quadhelion.engineering/articles/freebsd-synfin.html about FreeBSD syscontrols tunables, dropping SYN FIN and it's performance impact on webhosting and security, so I searched for that. There are many conf files out there containing this directive and performance in aggregate but I couldn't find any specific data on a controlled test of just that tunable, so I tested it months ago.

Searched for it Perplexity:

  • It gave me a contradictorily worded and badly explained answer with the correct conclusion as from two different people
  • None of the sources it claimed said anything* about it's performance trade-off
  • The answers change daily
  • One answer one day gave an identical fork of a gist with the authors name in comments in the second line. I went on GitHub and notified the original author. https://gist.github.com/clemensg/8828061?permalink_comment_id=5090233#gistcomment-5090233 Then I went to go back and take a screenshot I would say, maybe 5-10 minutes later and I could not recreate that gist as a source anymore. I figured it would be consistent so I didn't need to take a screenshot right then!

The forked gist was: https://gist.github.com/gspu/ac748b77fa3c001ef3791478815f7b6a

[Contradiction over time] The impact was none, negligible, trivial, improve

[Errors] Corrected after yesterday, and in following with my comments on the web that it actually improves performance as in my months old article

  1. It is not minimal -> trivial, it's a huge decision that has definite and measurable impact on todays web stacks. This is an obvious duh moment once you realize you are changing the TCP stacks and that is hardly ever negligible, certainly never none.
  2. drop_synfin is mainly mitigating fingerprinting, not DOS/DDoS, that's a SYN flood it's meaning, but I also tested this in my article!

Anyone feel like an experiment here in this thread and ask ChatGPT the same question for me/us?

[–] [email protected] 3 points 9 months ago

It all started with this today:

Perplexity AI Is Lying about Their User Agent https://rknight.me/blog/perplexity-ai-is-lying-about-its-user-agent/

[–] [email protected] 3 points 9 months ago (1 children)

Discussion Primer: From my perspective and potential millions of others, the readme is part of the software, it is delivered with the software whether zip, tar, git. Itself, Markdown is a specifiction and can be consider the document as software.

In fact README is so integral to the software you cannot run the software without it.

Conclusion: I think we all think of readme, especially ones with examples of your code in your readme, as code. I have evidence AI trains on your README even if you tell it specifally not to use readme, block readme, block markdowns, it still goes after it. Kinda scary?

I want everyone else to have the evidence I have, Science.

[–] [email protected] 18 points 9 months ago (7 children)

I mean this in the best possible way, but have you ever had any mental health evaluations? I'm not sure if they're still calling it paranoid schizophrenia, but the way you write makes me concerned.

[–] [email protected] 8 points 9 months ago* (last edited 9 months ago) (5 children)

It's not paranoia if you have proof that they're stealing your content without permission or compensation.

You come off as an AI bro apologist. What they're doing isn't okay.

[–] [email protected] 15 points 9 months ago (1 children)

These concepts are not mutually exclusive. You can be right about AI considerably overstepping boundaries and still be exhibiting classic signs of paranoia issues, which OP is.

Their immediate response to people not reacting to this post and their comments is to immediately jump to the idea that they're being targeted by their designated enemy. That's not particularly healthy.

I'm worried that AI is becoming the new gangstalking for tech aligned people predisposed to disprdered thinking.

[–] [email protected] 6 points 9 months ago

I agree that their replies are a little... over the top. That's all kind of a distraction from the main topic though, isn't it? Do we really need to be rendering armchair diagnoses about someone we know very little about?

I mean, if I posted a legitimate concern - with evidence - and I was dog-piled with a bunch of responses that I was a nutter, I'd probably go on the defensive too. Some people don't know how to handle criticism or stressful interactions, it doesn't mean we should necessarily write them (or their verified concerns) off.

[–] [email protected] 5 points 9 months ago (1 children)

Just because they are out to get you doesn't mean you're not paranoid, and vice versa.

I have nothing for or against AI/ML as a tool, my issue with it is when companies scrape huge amounts of data in violation of the author's rights, as in OP's example. Although I'm not quite sure why he's keeping code in the README.md file; usually that's for basic installation and usage, and full examples are kept in full documentation. That said, I highly doubt README.md files are public domain, so they shouldn't be automatically used as training materials.

[–] [email protected] 2 points 9 months ago (1 children)

I'm not quite sure who's argument you're making here. It reads like you agree with OP and I (e.g. "LLMs shouldn't be using other people's content without permission", et al).

But you called OP paranoid... I assumed because you thought OP thought their content was being used without their permission. And it's extremely clear that this is what is happening...

What am I missing?

load more comments (1 replies)
[–] [email protected] 2 points 9 months ago

Frankly op replied to his own post multiple times with no prompting whatsoever, just reading through this stuff I'm concerned about him as well. LLM stuff not withstanding and even if he's right he seems somewhat obsessed with this in an unhealthy way

load more comments (1 replies)
load more comments (6 replies)
[–] [email protected] 2 points 9 months ago (1 children)

I also just realized why I'm getting heat here, lawsuits.

I just gave legal cause that practice was not properly disclosed by Microsoft, abused by OpenAI, a legal grounds as a README.markdown containg code as being software, not speech, integral to licensed software, which is covered by said license.

If an entity does find out like me your technical writing or code is in AI from a README, they are perhaps liable?

[–] [email protected] 6 points 9 months ago

Eh. This is not a new argument, and not the first evidence of it. I don't think you're gonna be high on their list of retaliation targets, if you register at all (to say nothing of the low-to-middling reach of the fediverse in general).

Hell, just look at photographers/painters v. image generators, or the novel/article/technical authors v. ... practically all LLMs really, or any other of a dozen major stories about "AI" absorbing content and spitting out huge chunks of essentially unmodified code/writing/images.

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago)

Hey Elias, found some confounding info: looks like Perplexity AI doesn't respect the methods of blocking scrapers through robots.txt so this might just be an issue with them specifically being assholes.

Couldn't figure out how to tag you in a comment on the other post, so I'll edit this comment in a moment with the link.

Link: https://lemmy.world/post/16716107

load more comments
view more: next ›