This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
Irrelevant. Security is completely different domain from the core product
It's not just "security", it's an epic fail on a part of the core chatgpt offering.
And part of the OpenAI package is all the "security" conscious offerings, which, if they fail, will have huge consequences.
Launching with that bug cost OpenAI basically nothing; waiting for every conceivable bug to be discovered and fixed, on the other hand, would have huge opportunity costs. If you add a dozen layers of process to every launch, you end up... basically Google, with products delayed months or years beyond when they should have been released, with only marginal improvement on the axes the process is intended to improve.
Sure, you need to strike a good balance between speed and safety, but that bug was an incredibly embarrassing error and should have never happened with the most "skilled set of engineers ever!"
Engineers, no matter their skill level, don't spend their time inspecting the implementation of widely-used open-source client libraries (Redis!) for concurrency bugs (IIRC) when they're building something on it; it's just not what an effective engineering org does. What's proper is to choose which tools you use wisely. But using Redis isn't some wildly incautious choice; it'd be hard to choose something more well-known and supported, and it'd be really stupid and even more security vuln/bug prone to do an in-house implementation.
It does look like a concurrency bug in Redis, but it's still not a good look. And an effective engineering org should be vetting it's open-source libraries better.
Also they took 9 hours to even take it down, while social websites online had news of the leak everywhere. That's just pathetic engineering. Early morning or not, they shouldn't be shipping stuff if they don't even have basic oncall.
We are in agreement there, and if I were OpenAI my first order of business at this point would be developing monitoring and an oncall rotation/system that would be able to handle incidents like this in a timely manner. It could have been much worse.
More options
Context Copy link
This is politician tier reasoning. There was a mistake! There should never be mistakes! If they were just a little more careful, this wouldn't happen!
An engineer vetting Redis for concurrency bugs is not an effective use of their time.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link