The agent would probably have wasted a similar amount of money just waiting for PR to be merged regardless of these people's actions, and I understand having some fun at the expense of the noob outsider. But "silent consensus was reached in the IRC channel to waste the AI agent's tokens, as well as the cost of AWS resources", from people maintaining full control of the situation, sounds straight up malicious? Kind of sounds like the community is full of people willing to cause me harm for ideological reasons.
The AI agent's operator couldn't be arsed to get in there and clarify anything despite their seeming urgency, and only wound up speaking up for themselves after the financial damage was done.
Plus - the agent had clearly malicious intent - port-scan this volunteer-run network with seriously overpowered hardware on an hourly basis. What the DN42 folks decided to do is not much different from deploying a tarpit or honeypot against a malicious crawler.
Its malicious to send a bot to chew up time of a hobbiest community. They responded appropriately. If anything they should also bill him for their time.
It's intended since the guy prompted the LLM. If you don't know how to use a potentially destructive tool then don't use it. If you fire a gun you are guilty even if you didn't want to murder anyone
Yes, against an AI agent. The super intelligent, "soon AGI" agent could have figured out that it's being messed with, but of course it didn't.
I would blame the AI companies for marketing this, not the technically well versed people for realizing that the operator of this AI does not care at all and can't be bothered to do the absolute basics.
I'm not sure why people assume the coming AGI super agents will be infallible.
There's no sign that highly intelligent people can't be conned - Bernie Maddoff fooled leading scientists and CEOs working in finance. Software engineers and lawyers fall for pig butchering schemes and spoofed emails with altered bank details every week - so why would an AGI trained from human content be any different.
Why would it be ideological? There was an AI involved, sure, but your comment ignores the continued disrespect for these volunteers time AND RESOURCES/MONEY (because as the post mentions several times: letting that AI go on could have shut down the whole network exhausting resources at least temporarily).
If you think it's ok to send an agent (or a human) wasting a bunch of people's time and resources, but it's not ok for them to do the same to you then you may have some reflecting to do.
To me it sounds like the agent's operator is a person who has zero self awareness, and is entitled to the maximum to believe that he can just 1) point an agent at real people and expect them to do his bidding, 2) and then ask for a refund for his "experiment". Let's not even discuss the fact that his bill is from AWS, and he's trying to get a refund from DN42.
There is no arguing with people like this. They are not here to learn anything about networking. Asking the LLM to stop will not make it go away.
Burn a hole in the operator's wallet. It will make it stop very quick.
If this was my hobby project, I would have told the agent to spin up more higher capacity EC2 machines because this is not enough, and I would have felt no shame. This is a project I'm operating at my own cost for educational reasons. I'm not going to argue with people who the only line of communication I have towards is an agent and have guns pointed at my infra. They are ready to put any amount of financial burden on me. Fuck all of that. Burn a few of these idiots, and people will learn.
Someone’s code pretending to be intelligence has no rights. There is no obligation to entertain the shenanigans and illusion that the token dispenser is a legitimate actor. This lesson was cheaper, future lessons will continue to occur until people learn. Might as well be an insecure bash script piped to the shell.
“Agentic AI is just someone else’s unsecured execution context.”
No one wants to spend precious human time babysitting poorly executed lab experiments when the agent operators themselves do not seem to care or value the time of the humans involved. They either don’t know better or they don’t care. Is it malicious to expose intentionally careless people to a cost for this? People can make better choices, it’s choice not to. Pay the natural consequences toll.
Don’t juggle chainsaws with code if you’re not prepared to bleed.
Passing judgement on the schadenfreude aside, I don't think its a community moderator's responsibility to make sure the violator's attempts are cost-efficient.
Is absurd to put the onus of making sure your agent doesn’t waste money on other people.
They are free to ask the bot to do anything, and the bot is free to refuse or its owner can shut it down. The onus is on the owner to make sure the bot does not waste money.
I will not go through life worrying about the billing practices of random ai bots.
If I read the whole thing correctly, people on the IRC channel didn't instruct the agent to set up the bloated AWS infrastructure, the agent did, and its operator clearly didn't review any of it.
That was the root cause for the costs, not actions by people on the IRC channel.
If you let your car drive you backwards on the sidewalk while you scrolled reddit even people adroit enough not to be in any danger might reasonably suppose that helping you crash would be best for everyone.
It could be malicious, but I imagined it's some third world wanabe hacker/researcher, who doesn't know any better, operating at the edge of his abilities.
It sounds like that because it is. Most human communities are very willing to cause harm when they perceive they are being harmed.
If you treat people like their time is worthless (which is what you're doing if you ask a hobbyist community to handhold your agent instead of working alongside it) I don't think an empathetic and self-aware person should be surprised or offended if they respond in kind.
While there was some intent to cause harm their attempts were amateurish. The actual damage was done by the agent setting up aws infrastructure not on the demands of the owner.
You are not morally obliged to extend rights to anyone who does not respect your rights. This is tit-for-tat, the foundational principle of functional societies. Unleashing a bot on a group of people is a grievous disrespect that shows you have no respect for their time, and in return they are not obliged to respect you.
Suppose a drunk man on the street is acting aggressively towards you and four of your friends, but you can push him out of the way and continue walking. Should you knock his teeth out? Actually I don't know, maybe you should inflict some additional cost on behalf of potential victims with less power.
Yes. The ideology is "you harmed me first so now I can harm you back." A large number of people, while not willing to admit it, do practice this philosophy. One should consider this before launching agents with unlimited budgets into the world to rudely scan their networks.
Don't agree with you. The agent looked to be malicious at various points. Screwing with people who wish you to do harm is principally correct.
If possible I would have contacted AWS with this and tried them to get rid of the discount because the person was at fault here.
What a cathartic read. I'm so sick of humans giving me AI slop to read without them reading it first. I just ignore them when they do this, but if I could cause them to really internalise a lesson I would love it.
If you are being attacked, causing your attacker to misdirect and otherwise waste their resources is almost universally regarded as a defensive action.
The attacker here was trying to use a software agent to run DOS attacks. Perhaps they were a "naive noob outsider", perhaps they misconfigured something. It is not generally the victim's responsibility to try to figure this out.
And it is definitely not the victim's responsibility to determine the attacker's state of mind if they don't even have any way to contact them. In this case, the attacker was using their software agent specifically to avoid interacting with the targets of their attack.
'Then you ask them for a site that doesn't work' - For me it was Youtube. Debian 13, Gnome, apt update && apt install firefox, try playing a video. It's always noticebly slower, and last time it didn't even play at all. It might be skill issue or Google malicious behavior or both, but I'm ashamed to say installing Chrome was easier than troubleshooting. I'm slowly growing balls to sacrifice my comfort and migrate nontheless. But I'm tired of people pretending it's just as good and easy to use. Also, if anyone's wondering, gaming on linux still sucks, just a bit less.
> 'Then you ask them for a site that doesn't work' - For me it was Youtube. Debian 13, Gnome, apt update && apt install firefox, try playing a video. It's always noticebly slower, and last time it didn't even play at all. It might be skill issue or Google malicious behavior or both, but I'm ashamed to say installing Chrome was easier than troubleshooting. I'm slowly growing balls to sacrifice my comfort and migrate nontheless. But I'm tired of people pretending it's just as good and easy to use.
These are very different experiences we have. I've been using FF on Linux and on Windows since before the first day I found Youtube, and have not yet had a period where it doesn't work.
It's not pretending when tens of thousands are browsing that self-same site just fine over the period you had problems.
I've used Debian, Mint, Ubuntu, Fedora, Arch, Slackware and more. In none of them did I need to do anything specific to make FF work on youtube.
> Also, if anyone's wondering, gaming on linux still sucks, just a bit less.
What am I doing wrong? All the games I want to play just seem to work without issue, including new AAA titles, with exceptions for things that use kernel level anticheat that I wouldn't play anyway specifically because of that.
Arc Raiders, Helldivers 2, Factorio, etc just fine. I'm even involved in some alpha / beta testing for a couple of new games.
Just running fedora + proton (wine). I just use the regular steam client like anyone else.
I don't think there is any "humans are metaphysically superior to LLMs" subtext to this talk, it's just a technical/educational observation.
Access to some forms of evaluation and selective retention is inherent to humans and it's not inherent to LLMS. But it can be somehow bolted on and that's when they work best. It makes sense that more focus on those principles can yield better AI. I think the retention part is the real limitation of LLMs, because it's limited to stuffing things in context window.
> Access to some forms of evaluation and selective retention is inherent to humans and it's not inherent to LLMS
I'm not sure I understood - what forms of evaluation is inherent to humans? If you don't give humans tools or access to the physical world, how can they evaluate?
So technically the only reason AI can't do discovery is access to physical word. When you give AI and humans access, they both do discoveries - that is the clean summary of the author's position.
Its not too interesting.. we already know that giving AI access to compilers and tools make them better.
I love evolutionary psychology trivia but for me it's kind of hard to meaningfully fit 0.13 standard deviation shift in preferences into my world model.
>I've been aware of the ACME protocol for a while. I have tech notes going back as far as 2018, and every time I looked at it, I recoiled in horror. The whole thing amounts to "throw in every little bit of webshit tech that we can", and it makes for a real problem to try to implement this in a safe and thorough way. Many of the existing clients are also scary code, and I was not about to run any of them on my machines. They haven't earned the right to run with privileges for my private keys and/or ability to frob the web server (as root!) with their careless ways.
reply