None of these articles address how we'll go from novice to expert, as either self-taught or through the educational system, and all the bloggers got their proverbial "10k hours" before LLMs were a thing. IMO This isn't abstractions, the risk is wholesale outsourcing of learning. And no, I don't accept the argument that correct and LLMs errors is the same as correcting a junior devs errors because the junior dev would (presumably) learn and grow to become a senior. The technology doesn't exist for an LLM to do the same today and there's no viable path in that direction.
Can someone tell me what the current thinking is on how we'll get over that gap?
> I don't accept the argument that correct and LLMs errors is the same as correcting a junior devs errors because the junior dev would (presumably) learn and grow to become a senior. The technology doesn't exist for an LLM to do the same today and there's no viable path in that direction.
But the technology does exist. The proof is in the models you can use today, on two lines:
First, what you describe is exactly what the labs are doing. We went from "oh, look, it writes poems and if you ask for code it almost looks like python" 3 years ago. Since then, the models can handle most programming tasks, with increasing difficulty and increasing accuracy. What seemed SF 3 years ago is literally at your fingertips today. Project scaffolding, searching through codebases, bug finding, bug solving, refactorings, code review. All of these are possible today. And it all became possible because the labs used the "signals" from usage + data from subsidising models + RL + arch improvements to "teach" the models more and more. So if you zoom out, the models are "learning", even if you or I can't teach them in the sense you meant.
Secondly, when capabilities become sufficiently advanced, you can do it locally, for your own project, with your own "teachings". With things like skills, you can literally teach the models what to do on your code base. And they'll use that information in subsequent tasks. You can even use the models themselves for this! A flow that I use regularly is "session retro", where I ask the model to "condense the learnings of this session into a skill". And then those skills get invoked on the next task dealing with the same problem. So the model doesn't have to scour the entire code base to figure out where auth lives, or how we handle migrations, and so on. This is possible today!
You spent the proverbial 10k hours like before. I don't know by AI has to lead to the lack of learning. I don't find people stop learning digital painting so far, even digital painting, from my perspective, is even more "solved" than programming by machines.
I heard that Pixar had a very advanced facial expression simulation system a decade ago. But I am very willing to bet that when Pixar hires animators they still prefer someone who can animate by hand (either in Maya or frame-by-frame on paper).
I can tell you the current thinking of most of the instructors I know: teach the same fundamentals as always, and carefully add a bit of LLM use.
To use LLMs effectively, you have to be an excellent problem-solver with complex technical problems. And developing those skills has always been the goal of CS education.
Or, more bluntly, are you going to hire the junior with excellent LLM skills, or are you going to hire the junior with excellent LLM skills and excellent technical problem-solving skills?
But they do have to be able to use these tools in the modern workplace so we do cover some of that kind of usage. Believe me, though, they are pretty damned good at it without our help. The catch is when students use it in a cheating way and don't develop those problem-solving skills and then are screwed when it comes time to get hired.
So our current thinking is there's no real shortcut other than busting your ass like always. The best thing LLMs offer here is the ability to act as a tutor, which does really increase the speed of learning.
Thanks for the response, I appreciate it. I absolutely agree with you about CS education. I went to school to learn how to learn. So, the best-case outcome is everyone has A Young Lady's Illustrated Primer available to them. At that point I suppose to really does live with the individual as to whether they want to see how much potential they really have.
Agreed. If someone could help answer the question of "how" I'd appreciate it. I'm currently skeptical but not sure I'm knowledgeable enough to prove myself right or wrong.
But, it just seems to me that some of the 'vulnerabilities' are baked in from the beginning, e.g. control and data being in the same channel AFAIK isn't solvable. How is it possible to address that at all? Sure we can do input validation, sanitization, restrict access, etc. ,etc., and a host of other things but at the end of the day isn't it still non-zero chance that something is exploited and we're just playing whack-a-mole? Not to mention I doubt everyone will define things like "private data" and "untrusted" the same. uBlock tells me when a link is on one of it's lists but I still click go ahead anyways.
At least in its current state we just use an LLM to categorise each individual tool. We don't look at the data itself, although we have some ideas of how to improve things, as currently it is very "over-defensive". For example, if you have the filesystem MCP and a web search MCP, open-edison will block if you perform a filesystem read, a web search, and then a filesystem write. Still, if you rarely perform writes open-edison would still be useful for tracking things. The UX is such that after an initial block you can make an exception for the same flow the next time it occurs.
Thanks for the follow up. I can see the value in trying to look at the chained read - search - write or similar patterns to alert the user. Awareness of tool activity is definitely helpful.
It is possible to configure it like that - when a trifecta is detected, it is possible for the gateway to wait for confirmation before allowing the last MCP call to proceed. The issue with that MCP clients are still in early stages and some of them don't like waiting for a long time until they get a response and act in weird or inconvenient ways if something times out (some of them sensibly disable the entire server if a single tool times out, which in our case disables the entire gateway and therefore all MCP tools). As it is, it's much better to default to returning a block message, and emit a web notification from the gateway dashboard to get the user to approve the usecase, then rerun their previous prompt.
Because you mentioned the use case specifically, I wanted to point you to the fact that Excel has been able to convert images to tables for a while now. Literally screenshot a table from your PDF and it will convert to table. Not trying to diminish any additional capabilities you're getting from Gemini, but this screenshot to table feature has been huge for my finance team.
Honestly I think you might be grappling with getting older and the change that naturally comes with it.
>I've let many of my most meaningful friendships fade.
At least you acknowledge that part and aren't bitter at your friends that it is somehow their fault.
>but it doesn't feel like when I was in college and hung out with a crew of 10+ people on a weekly basis
And it won't, ever again. They'll get married, move away, have kids, whatever. Just like if you played a sport in high school, or were in the band, that same group of people will never be together doing that same activity again after the last time.
>curated events and meaningful connections for men who don’t want their friendships to atrophy post-college
Except you acknowledge above your role in the "atrophying" and while you can say you didn't/don't want that to happen, you still allowed it to didn't you?
>The goal is to get people in the same place on a consistent basis.
Isn't that called the gym, the range, the golf course, softball/kickball/pickle ball team, bar, etc? I've struggled (still?) with exactly this thing as well and don't have any good advice. I will say it feels related to the notion of wanting to have a significant other but never leaving the house, you gotta put the effort in. On the bright side I read an article about a couple that missed neighborhood connections so started having coffee on their porch on Saturday mornings (or some consistent day of the week) and eventually neighbors walking by started saying hello, then stopping to chat, then bringing their own coffee, and then it became this whole neighborhood thing. So I guess I'm saying don't lose hope that you can't change things in your situation.
You're definitely on to something. Although early 30s doesn't seem so old, the intense nostalgia of college has definitely waned. I would say I'm more grappling with the reality that it really won't ever again feel like that. I know it's true from a time perspective... I'm married and have a full-time job. But I figured I couldn't let the dream die that easily :)
Do you really develop lasting friendships on the course or in rec league sports? I just haven't had that experience and the popularity of those activities is sky rocketing (see: running clubs) while the problem doesn't seem to be getting any better.
> Do you really develop lasting friendships on the course or in rec league sports? I just haven't had that experience and the popularity of those activities is sky rocketing (see: running clubs) while the problem doesn't seem to be getting any better.
When I did rec league sports most of the guys were there to meet women
That’s what I notice with a lot of meetups, etc. guys don’t even want to talk to other guys, they gotta talk to women only, personally I’ll talk to whoever
I think you can develop lasting friendships doing pretty much any group activity. But it can require a lot more effort (perhaps on your part) to get the ball rolling. Depending on the activity, you probably won't be having deep (or any) conversations while doing the activity, so you need to actively engage with people before or after the activity. That might be very small at first, but over many weeks or months might grow into grabbing a drink or meal after the activity, and being open to starting deeper conversations.
I'm terrible at this. I struggle to push myself to ask deeper questions of new friends, feeling like I'm being intrusive or prying, but I think it's necessary to do this in order to move forward. When we were in college, making friends was easy, because there was a shared experience right in front of us to talk about, and that could naturally lead to deeper conversations. As we get older, that isn't really there, and it takes active, deliberate effort to get there.
I think to the parent's point it is as you say: there is already untapped capacity that isn't being used due to (geo)political forces maintaining the scarcity side of the argument. Using your agriculture example, a simple Google search will yield plenty of examples going back more than a decade of food sitting/rotting in warehouses/ports due to red tape and bureaucracy. So, we already can/do produce enough food to feed _everyone_ (abundance) but cannot get out of our own way to do so due to a number of human factors like greed or politics (scarcity).
And that sort of analysis is exactly what is suspect to me about this. Have people considered why an onion might be in a warehouse or why it might go unsold after a time? The answer is no and reveals a lack of understanding of nuance of how the global economy actually works. Everything has some loss factor and removing it all to nill might not be realistic at all at the scale we do things to feed ourselves. Its like making pancakes: some mix stays in the bag you can’t get out, some batter stays on your bow, some stays on your spoon, you make pancakes with some, some scrap is left in the pan, some crumbs on your plate. All this waste making pancakes and yet to chase down every scrap would be impossible. And at massive scale that scrap probably ads up.
Besides we are crushing global hunger over the decades so something is working on that front. The crisis in most of the western world today at least is that merely wages are depressed compared to costs for housing (really land) versus not being able to afford food.
https://web.archive.org/web/20080930065642/http://www.whywor...
"I [Bob Black] don't suggest that most work is salvageable in this way. But then most work isn't worth trying to save. Only a small and diminishing fraction of work serves any useful purpose independent of the defense and reproduction of the work-system and its political and legal appendages. Twenty years ago, Paul and Percival Goodman estimated that just five percent of the work then being done -- presumably the figure, if accurate, is lower now -- would satisfy our minimal needs for food, clothing and shelter. Theirs was only an educated guess but the main point is quite clear: directly or indirectly, most work serves the unproductive purposes of commerce or social control. Right off the bat we can liberate tens of millions of salesmen, soldiers, managers, cops, stockbrokers, clergymen, bankers, lawyers, teachers, landlords, security guards, ad-men and everyone who works for them. There is a snowball effect since every time you idle some bigshot you liberate his flunkies and underlings also. Thus the economy implodes."
I love it! I was not expecting the math based aspect and that took me back to my younger days playing Math Blaster Plus and Number Muncher. Thank you for the trip down memory lane.
1) Kitchen dish towels. The white with blue herringbone kind you see in restaurants or cooking content creators. I bought two dozen of them (~$1.65/each) and keep them all around the kitchen and use them with reckless abandon (some for drying, some for wiping spills, etc.). Having plenty of them means I can use one per day for general use and not run out by the time laundry day comes.
2) Deli containers. Picked up 48 in 8 oz, 16 oz, 32 oz sizes with airtight lids. Completely changed how I prep food and save leftovers. Almost entirely I've switched to using these over what hodgepodge of tupperware I have accumulated over the years.
I've been involved with carding for 10+ years and issues with MIFARE Classic cards have been around and known for at least that long. Anyone in the carding industry will (should at the very least) tell you not to use them and move on to DESFire or some other newer safer chips. The introduction even says as much "By 2024, we all know MIFARE Classic is badly broken." If you're still deploying MIFARE Classic cards you reap what you sow.
Yup… the vending machines at my university used to use mifare classic tokens with credit on such tokens… in like 2014 i was a student and ran out of money in the middle of july and barely had the money to buy a train ticket to go home for vacation… but thanks to mommy mifare i managed to survive on sandwiches from said vending machines for like two weeks.
My university had something similar, but with ID numbers correlated to each person in a database that recorded how many credits they had left.
Tapping the vending machine with your card sends the ID in plaintext over the wire to the upstream server, which responds in plaintext for the machine to either accept or reject the transaction.
Tomfoolery may or may not have been performed by a bunch of bored, hungry college students at 1AM one night...
The main point from that is that you should never do a system with stored value on a smart card. The vendors will show you various methods for that, but well it is 2024, just do that online (and the card is just an ID, which optionally can produce ECC signature of some challenge).
No, stored value is a good solution if you want the system to function without online connection. You should still collect all transactions centrally where inconsistencies can be exposed. If that were been implemented GP would have been looking at a fraud charge.
having a pos in places without a reliable internet connection is enough of a reason for stored value cards to be a thing. Some things shouldn't require the mothership to be alive and reachable to work.
You don't need the system to be invulnerable to fraud, you just need to be able to detect it. Offline stored value cards plus separately shipping transactions to a central system with eventual consistency can give you that. The vending machine in question probably isn't invulnerable to physical break in either.
Nice idea in theory, except that now you have a system that immediately and catastrophically breaks if there is ever a backend outage (due to, say, a cyberattack or incompetent software trying to prevent one) or your reader loses network connectivity.
> you should never do a system with stored value on a smart card
...if you can afford to ignore the disadvantages of not doing it. Quite often, you think you can, until you can't.
MIFARE Classic are cheap and reliable, only their encryption is broken. One can use them as simple storage and encrypt/authenticate data by different means. Nothing wrong with that. I did that, ECC signatures are small enough to fit in 2K/4K cards.
A signature fits but what good does it do you? The cards can't sign a challenge, and so someone with access to a valid card can just clone it. (or access to a card and reader, in the case encryption is used)
RFIDs are rarely certified as possession factors, you need an EMV card for that. TPM chips may protect readers. Depends on reader/card ratio, if it's feasible.
Clones/double use/double spend must be caught on reader/server anyway. One can pass a card to another person, and you do not want two people to enter building with the same card.
I implemented double spend protection by introducing a simple operation counter. If the sequence of operation IDs is not continuous, card is blocked. Clones were added to block list within minutes. It was good enough for the use case. Again, MiFARE is very cheap, so tradeoffs are expected.
MIFARE Cards are not RFID cards, and similar systems can absolutely be used as possession factors.
There are also many other authentication-capable cards other than EMV (which is optimized for payments, not really general-purpose authentication) such as various building access cards, national ID cards, ICAO biometric passports etc.
> I implemented double spend protection by introducing a simple operation counter. If the sequence of operation IDs is not continuous, card is blocked. Clones were added to block list within minutes. It was good enough for the use case.
Using that scheme, you could just as well use regular old barcodes, no? Makes for much cheaper readers and even wider compatibility.
> Again, MiFARE is very cheap, so tradeoffs are expected.
There are equally-cheap but secure options that actually prevent cloning or even implement the "electronic purse" use case in a fully offline way.
Usually, MIFARE Classic is only used because there's a huge installed base of readers and/or cards (and/or attached backend software).
Yes, and more generally I've been baffled by the fact that manufacturers - including ARM-based SoCs with SecureBoot (or similar); you know, those PDF spec docuements that disable copy-paste and a nice "confidential" watermark - put their cyber-security stuff under NDA. As if it security-by-obscurity was still a thing.
Oyster has been using MIFARE DESfire, and stopped using MIFARE Classic, for over a decade now.
They're stopping it for completely unrelated reasons (primarily convenience – people don't like having to buy and top up a card – and not having to maintain a vending machine and top-up infrastructure).
Can someone tell me what the current thinking is on how we'll get over that gap?
reply