Do you want to run OpenClaw? It may be fascinating, but it also raises significant security dangers. Jim Gumbley, one of my go-to sources on security, has some advice on how to mitigate the risks.
While there is no proven safe way to run high-permissioned agents today, there are practical patterns that reduce the blast radius. If you want to experiment, you have options, such as cloud VMs or local micro-VM tools like Gondolin.
He outlines a series of steps to consider
- Prioritize isolation first.
- Clamp down on network egress.
- Don’t expose the control plane.
- Treat secrets as toxic waste.
- Assume the skills ecosystem is hostile.
- Run endpoint protection.
❄ ❄ ❄ ❄ ❄
Caer Sanders shares impressions from the Pragmatic Summit.
From what I’ve seen working with AI organizations of all shapes and sizes, the biggest indicator of dysfunction is a lack of observability. Teams that don’t measure and validate the inputs and outputs of their systems are at the greatest risk of having more incidents when AI enters the picture.
I’ve long felt that people underestimated the value of QA in production.
Now we’re in a world of non-deterministic construction, a modern perspective of observability will be even more important
Caer finishes by drawing a parallel with their experience in robotics
If I calculate the load requirements for a robot’s chassis, 3D model it, and then have it 3D-printed, did I build a robot? Or did the 3D printer build the robot?
Most people I ask seem to think I still built the robot, and not the 3D printer.
…
Now, if I craft the intent and design for a system, but AI generates the code to glue it all together, have I created a system? Or did the AI create it?
❄ ❄ ❄ ❄ ❄
Andrej Karpathy is “very interested in what the coming era of highly bespoke software might look like.”
He spent half-an-hour vibe coding a individualized dashboard for cardio experiments from a specific treadmill
the “app store” of a set of discrete apps that you choose from is an increasingly outdated concept all by itself. The future are services of AI-native sensors & actuators orchestrated via LLM glue into highly custom, ephemeral apps. It’s just not here yet.
❄ ❄ ❄ ❄ ❄
I’ve been asked a few times about the role LLMs should play in writing. I’m mulling on a more considered article about how they help and hinder. For now I’ll say two central points are those that apply to writing with or without them.
First, acknowledge anyone who has significantly helped with your piece. If an LLM has given material help, mention how in the acknowledgments. Not just is this being transparent, it also provides information to readers on the potential value of LLMs.
Secondly, know your audience. If you know your readers will likely be annoyed by the uncanny valley of LLM prose, then don’t let it generate your text. But if you’re writing a mandated report that you suspect nobody will ever read, then have at it.
(I hardly use LLMs for writing, but doubtless I have an inflated opinion of my ability.)
❄ ❄ ❄ ❄ ❄
In a discussion of using specifications as a replacement to code while working with LLMs, a colleague posted the following quotation
“What a useful thing a pocket-map is!” I remarked.
“That’s another thing we’ve learned from your Nation,” said Mein Herr, “map-making. But we’ve carried it much further than you. What do you consider the largest map that would be really useful?”
“About six inches to the mile.”
“Only six inches!” exclaimed Mein Herr. “We very soon got to six yards to the mile. Then we tried a hundred yards to the mile. And then came the grandest idea of all! We actually made a map of the country, on the scale of a mile to the mile!”
“Have you used it much?” I enquired.
“It has never been spread out, yet,” said Mein Herr: “the farmers objected: they said it would cover the whole country, and shut out the sunlight! So we now use the country itself, as its own map, and I assure you it does nearly as well.”
from Lewis Carroll, Sylvie and Bruno Concluded, Chapter XI, London, 1893, acquired from a Wikipedia article about a Jorge Luis Borge short story.
❄ ❄ ❄ ❄ ❄
Human language needs a new pronoun, something whereby an AI may identify itself to its users.
When, in conversation, a chatbot says to me “I did this thing”, I – the human – am always bothered by the presumption of its self-anthropomorphizatuon.
❄ ❄ ❄ ❄ ❄
My dear friends in Britain and Europe will not come and visit us in Massachusetts. Some folks may think they are being paranoid, but this story makes their caution understandable.
The dream holiday ended abruptly on Friday 26 September, as Karen and Bill were trying to leave the US. When they crossed the border, Canadian officials told them they didn’t have the correct paperwork to bring the car with them. They were turned back to Montana on the American side – and to US border control officials. Bill’s US visa had expired; Karen’s had not.
“I worried then,” she says. “I was worried for him. I thought, well, at least I am here to support him.”
She didn’t know it at the time, but it was the beginning of an ordeal that would see Karen handcuffed, shackled and sleeping on the floor of a locked cell, before being driven for 12 hours through the night to an Immigration and Customs Enforcement (ICE) detention centre. Karen was incarcerated for a total of six weeks – even though she had been travelling with a valid visa.
Speak Your Mind