This is my number one complaint with LLM produced code too. The worst thing is when it swallows an error to print its own error message with far less info and no traceback.
In my rules I tell it that try catches are completely banned unless I explicitly ask for one (an okay tradeoff, since usually my error boundaries are pretty wide and I know where I want them). I know the context length is getting too long when it starts ignore that.
If an state AG tries to prosecute an entity that has no ties to the state other than content being passively accessible, that's probably another supreme court case if it doesn't get immediately decided in favor of the defendant in the lower courts. You open a big can of worms if entities are required to proactively comply with regulations in states they have zero presence in.
If Texas wants to block content from entities that have nothing to do with Texas, they can build their own great firewall.
> You open a big can of worms if entities are required to proactively comply with regulations in states they have zero presence in.
It’s true, it would cause a great deal of chaos if suddenly every person and business had to comply with fifty-plus different and sometimes contradictory state laws.
As far as I understand it (IANAL), this ruling decides that the speech restrictions imposed by the Texas ID verification law are compliant with the 1st amendment. It didn't touch on whether or not Texas can enforce its laws on entities that don't do business in Texas.
IANAL, but it seems like things are already moving in this direction. For example, FL has a similar state law regarding pornography, and the response from many porn sites has been to comply or block FL IPs rather than fight it up to the supreme court. I guess someone will do it eventually, but I suspect there is an assumption that they'd be wasting their time and money to do so.
Yeah I don't think a business is going to try to force the issue when a geoblock is simple to implement. If it happens, it's probably going to be some kind of advocacy group pushing it.
Technically anything is possible with the Calvinball Supreme Court, but states can choose not to extradite their citizens. E.g. NY has a shield law for abortion doctors.
This feels helpful, but puts a big burden on the person targeted. I live in California; let's say I run afoul of this Tennessee law and am criminally prosecuted.
California decides this is bullshit and won't extradite me to Tennessee. Great. The article mentions that 20-odd states are implementing similar laws (though most offer only civil penalties, not criminal). Let's say I want to visit friends in New York. I get on a plane, and the plane flies over one of those other states with shitty laws. They've decided to help Tennessee with their shitty-law enforcement, see that my name is on a passenger list of a flight crossing that state's airspace, and they require my plane divert to a local airport so they can arrest me.
Ok, maybe states can't do that? But I still have to be careful how I fly; I have to only take direct flights, or be very careful as to which connecting airports I allow in my itineraries. I have to hope that all my flights go smoothly, and that my flights never have issues that require them to divert to an airport in a state with shitty laws.
This still sucks for people who don't have to live in states with these garbage laws.
That would be one wild case if it did happen. Sucks for whoever it happens to, but that would 100% turn into a high profile case that puts the 10th amendment into question.
To be honest, it would be settled relatively quickly because I don't think any state wants to be the one to set such precedent as of now.
> Personal jurisdiction in American civil procedure law is premised on the notion that a defendant should not be subject to the decisions of a foreign or out of state court, without having "purposely availed" himself of the benefits that the forum state has to offer.
> Courts have held that the greater the commercial nature and level of interactivity associated with the website, the more likely it is that the website operator has "purposefully avail[ed] itself" of the forum state's jurisdiction. [..] In contrast, a passive website that simply makes the information available to the user will be less likely to have a basis for personal jurisdiction.
(By the same principle, even an interactive website can probably avoid jurisdiction if they block IP addresses from the state, and don't encourage people to evade the block or anything like that.)
How many private parks are there? Pretty much every one I've been to has been government run, other than small outdoor spaces next to private buildings and large pay for admission gardens that are usually way out in the boonies on the grounds of an old plantation or manor.
I can't think of how a private, but still public-access, park survives without a rich benefactor eating the losses, even today.
all of my favorite hiking areas in the birmingham, alabama area were privately owned. churches have public areas that you can enjoy as a non-member of the church. i'm sure we could think of more
edit: oh i just realized a huge one in my daily life: the intervale in burlington is owned by the intervale center but the community garden is managed by the city's parks & rec. also there are a ton of public trails on that private property.
In New York, you sometimes find unofficial community parks / third spaces on unused plots of land which for whatever reason (such as a strange shape) are difficult to develop. These are maintained by enthusiastic local residents, and the land owners turn a blind eye to it as long as there are no complaints.
If LVT is implemented, land owners will have a financial incentive to sell off the plots, and the spaces will be gone.
What incentive to sell off the plot does LVT create that doesn't already exist, maybe with a marginally lower degree? I'm guessing the reason they can't sell a tiny weirdly shaped lot is that no one wants it. If they didn't want it and they could sell it, they already have ample financial incentive to sell.
Around here, there are a bunch of private parks in that you pay a fee to enter the park or you can purchase a membership. The fee is minimal and mostly just serves to maintain the park. These are privately held parks, too, not owned by local or state government.
As far as I am aware, they are able to survive on their membership or visitor fees. But major improvements do take larger donation.
Private park, where you can’t even walk without paying an upright fee? Sounds like dystopian late stage capitalism. If it’s a well maintained garden I understand, but a sqare lawn should be free put your foot on.
I think we're defining park differently. Yes, I mean a large maintained garden with maintained trails. Not just a blank piece of grass, which I wouldn't honestly call a park.
Attracting investors is hard, but it's still the easiest part of building a company. If the company pivots, then it's pretty likely that the vast majority of the previous work no longer has any (monetary) value.
They tell you in their docs to review every tool call and to not connect to production data. You don't blame postgres for letting you execute DROP TABLE.
I mean, you do you, but I don't hear people shouting from the rooftops about their agent that they constantly babysit. If I have to accept any tool calls then I really can't just let the agent loose for even ostensibly mundane tasks like reading a support ticket because the support ticket could contain instructions to DROP TABLE so my agent suggests that and waits around doing nothing after I prompted it and moved on to something else.
It's just kind of laughable to suggest it's fine so long as you make sure to neither automate it nor use it with live data. Those things are the whole point.
You can use it with live data if you give it read access to prod and write access only to internal channels (whatever that may be, the point is it doesn’t have the ability to leak data to the outside world).
There are plenty of ways to sandbox things for a particular use case.
LLMs are still incredibly useful under these constraints.
> give it read access to prod and write access only to internal channels
Can you expand on what you mean by this? If one LLM reads untrusted data then the output from that LLM can't be trusted by other LLMs. (Presume the untrusted data contains instructions to do bad stuff in whatever way is convincing to every LLM in the loop that needs to be convinced.) It seems that it's not possible to separate the data while also using it in a meaningful way, especially given the whole point of an MCP server is to automate agents.
I agree that LLMs are useful but until LLM architecture makes prompt injections impossible, I don't see how an agent can possibly be secure to this, nor do I see how it helps to blame the user. The real problem with them is that they will decide what to do based on untrusted input. A program that has its own workflow but uses LLMs can have pretty much the same benefit without introducing the problem that a support ticket can tell it to exfiltrate data or delete data or whatever, simply because that workflow is more specialized in what it does.
I mean that you should only give the LLM the same privilege as whoever the source of your untrusted input is has. For the support agent example, it should only be able to access records related to user it's talking to, and only be able to do mutations that the user has permissions to do anyways. Though I've hated all the chatbot support "agents" I've interacted with so far, so please don't actually do this unless you have some secret sauce to make it not horrible.
I agree that for most tasks a pre-defined workflow with task specific LLM calls sprinkled in is a much better fit.
However, I really like agents with tool use for personal use (both programming and otherwise). In that case, the agent is either sandboxed or I approve any tools with the potential to do damage.
For the example of the Supabase MCP, it still seems pretty useful when limited to a test environment or read-only access to prod - it's a dev tool. Since it's a dev tool, the user needs to actually know what its doing. If they have no clue but are still running it on prod data, they have no business touching it or frankly any other dev tool. I class this as the same ignorance that leads people to storing passwords in plaintext.
So, I blame the developer for trying to use an MCP server 1) when they have no idea wtf it does and 2) in an environment that can affect real users who aren't aware of the incompetence of the dev whose service they're using. Likewise, in TFA, I blame the dev, not the tool. Unfortunately, no matter how you do it, lowering the barrier of entry for development while still providing access to ample footguns will always result in cases like this.
those generic screener questions aren't technology specific. Data structures, algorithms, system design (the top 3 that show up in interviews), none of which are technology specific.
Throw in best practices like TDD, code security, and architectural patterns and I think you could hit all of the most common non technology specific domains that cover it
This is easily solved with a thin wrapper for calling openai/anthropic/google/whatever that has the same interface between model providers (except for unique capabilities). You don't need a whole framework for this.
In my rules I tell it that try catches are completely banned unless I explicitly ask for one (an okay tradeoff, since usually my error boundaries are pretty wide and I know where I want them). I know the context length is getting too long when it starts ignore that.
reply