Or, as Dr Malcom would say: life, uh, finds a way.

This should be a crucial piece of information about the tree laws, yet it's not mentioned in the Wikipedia article about the three laws [1], which is otherwise quite detailed. Reading this, everything makes me think that it was not a parody. I didn't feel like it was parody when reading the Robot series neither. He wanted an alternative to the Frankenstein plot where robots kill their creators and the three laws were part of the answer.

[1] https://en.wikipedia.org/wiki/Three_Laws_of_Robotics

This I agree with. A big part of the fun of the series is that Asimov constantly plays with these laws.

Thanks for the clarification.

(I still completely disagree that "parody of rationalists who are so uncreative they expect a ruleset can actually impose control" was the intent. I believe not only the word "parody" is to throw away, but the whole sentence with it too. I understand better your stance now though)

Part of the issue is that we keep calling these people “highly intelligent” and that is all they and others focus on. That is how we get the Zuckerbergs of the world. Their hubris is not a “but” (as if it were unrelated), it is instead a direct consequence of that unqualified praise.

But qualification is important. Intelligence is relative to the domain it is applied to. Being highly logical is often conflated with being intelligent, but being good at computers has zero relation to emotional intelligence, social intelligence, environmental intelligence, or any of the myriad of important types of intelligence which are useful to humanity.

Basically, stop calling those idiots “highly intelligent” or “geniuses” because they can make a line go up and have an irrational market throw money at them. You’re praising them for the characteristics that make them selfish.

Their confidence outweighs their experience. That’s what I mean by hubris, not that they’re on spectrum savants playing with power they don’t understand and can’t. They fully can appreciate the consequences of their work, but they don’t have the world experience to understand what in their work will fail and what will work.

One day they will be people I trust can be responsible for the decisions they’re making. And hopefully by that time it’ll be the time their decisions really matter a lot. But right now they’re just too young.

I think the strongest evidence is that many other examples of Asimov, especially short stories are cautionary and deal with hubris and unexpected side effects.

However it's funny to ask for 'evidence' about fiction in the context of "parodying rationalists". no? Since what would count as evidence? Another, more "authoritative" literary interpreter saying the same thing? Maybe a long time ago - historical statements seem to carry more weight, as if people were wiser back then?. Or Asimov himself? But don't they say, only bad writers explain themselves?

Interestingly, this continues to be the case even when the author states his intent plainly. Jonathan Blow's "Braid" is a great example of this: there are several different readings of the story, despite Blow openly talking about his intended meaning.

(I would argue that a text that only allows a single "correct" interpretation is an instruction manual, not a work of art.)

The statement that kicked this off was not a statement of interpretation, but a statement of fact: "Asimov wrote the three laws as a parody". This is a statement that has a true or false answer. You are free to interpret the story as parody and to try to find evidence in the text and use that to argue your point, and that is a perfectly valid way to interpret the stories, but tells you nothing on Asimovs initial intentions.

If you are going to say "The artist intended X when creating this work" then you're going to need evidence beyond the work. Just like there is no one right way interpret a work of art, you cannot use a work of art in isolation to 'prove' artist intent.

I think you were asked a good question. What would constitute "evidence", to you?

Asimov writing about his intent

> But don't they say, only bad writers explain themselves?

...No? If someone says that, why do you believe them? That frankly sounds like a pretty stupid and lazy claim about the world. One of the most interesting parts of, for example, Tolkien analysis is his abundant notes and letters working out his intent and meaning.

Yes indeed.

> and thus the writing satirical to an extent

I don't follow here. Asimov's books don't feel satirical. Or I missed something important, but I doubt it.

I don't agree with this "thus", the implication doesn't seem automatic to me.

rule 2: IBM gets a pass¹

[1] https://en.wikipedia.org/wiki/JSON

(hmmm... except wikipedia doesn't have the story)

EDIT: https://news.ycombinator.com/item?id=3693388

Asimov wrote his robot short stories in which the three laws played a primary role at a time when robot as Frankenstein's monster was the norm. His short stories attempted to create a more positive optimistic note about how humans and robots could collaborate. The three laws were a way to make it crystal clear that robots could not hurt us, by rule. And the fun was then imagining all the unexpected ways that psychologically that might play out. But in the short stories the robots never actually hurt anyone although they often caused a lot of frustration and fear.

If anything the three laws seemed to show the inate fear of humans to the unknown. The laws were completely impossible to circumvent and people knew this ... And yet they remained staunchly opposed to having robots on earth. Completely illogical.

Anyways, looking at the way LLMs are playing out it seems to me Asimov was wrong. It is quite the opposite. Humans seem to have no fear of robots hurting them, and as a matter of fact seem to get frustrated when a robot isn't allowed to cave their head in with their super human strength when asked (metaphorically).

a robot may not get a human being cancelled.

Edit: The data format is the same type used for DPO or RLHF style training. “Good” and “bad”, “harmful” vs “harmless”. What’s fun is to test the performance of this technique using your own datasets, to see how good the personalization is.

I know OpenAI gets a lot of flak for not letting people download their model weights, but this is kinda why I agree with them in principle. In practice, so far, it seems that even the best model isn't a threat; but if the models are downloadable, we'll only know that any given model is a threat when it's too late to do anything about it.

I think the only way to be sure a sufficiently powerful model is "safe" to distribute is something which might be impossible: unless and until we know how to make a model such that its concept of good and evil* cannot be removed even by someone who has read and write access to all the weights, I expect someone to be able to find the equivalent of the "good/evil" switch and change it between them whenever they feel like it.

* for the purpose of this discussion: it does not matter whose concept of good and evil the AI is aligned with, given the point is that I expect it can be deleted regardless.

It's worth mentioning that this technique is usable if you have the model weights (it's a simple way of changing the weights or how to use them):

> Once we have identified the refusal direction, we can "ablate" it, effectively removing the model's ability to represent this feature. This can be done through an inference-time intervention or permanently with weight orthogonalization.

It's not (and doesn't claim to be) a technique for convincing a model to change its behavior through prompts.

I'm extremely curious if as models scale in complexity if techniques like this will start to become less and less effective as net model representations collapse onto an enforced alignment (which may differ from the 'safety' trained alignment, but be an inherent pretrained alignment that can't be easily overcome without gutting model capabilities too).

I have a sneaking suspicion this will be the case.

It feels like Apple is the only place that's able to craft the user-centered brain in a box we all desperately require, and that's too bad because monocultures suck.

I believe this is the model I had good results with:

https://huggingface.co/wassname/meta-llama-3-8b-instruct-hel...

sounds like a messed up eugenics filter.

> and is willing to tell me how to commit mass genocide, all while maintaining quality outputs

Ah, I see they fine-tuned it to satisfy the demands of the local market.. /s /s

Really nice to see this work continuing -- it seems like a very powerful technique!

Steering Vectors, Control Vectors, PyReft, PeFT improvements, Obliteration. It's a great time to be doing representation engineering.

Similarly I think the concerns about bad output are overblown: an LLM may tell you how to make an X, where X is bad, but so will google, an LLM may produce biased output but so will google, the real issue is the people making these systems have managed to convince people that there is some kind of actual intelligence, so people accept the output as "a computer created it so it must be true" rather than "glorified output of google". People understand if you google "why is race X terrible" you'll get racist BS, but don't understand that if you ask an LLM to "explain why race X is terrible" you're just getting automatically rewritten version of the google output. (Though maybe google's "AI" search results will actually fix this misunderstanding more effectively than any explanatory blog post :D )

Anyway back to the problem, I really don't think there's a solution that is anything other then "run the output through a separate system that is just giving a 'is this text allowed given our rules'" before transmitting it to the requestor. You could combine this with training in future as well (you will eventually build up a large test set of queries producing inappropriate output that the generative model produces, and you can use that as the basis for adversarial training of the LLM). I know there's the desire to wrap in the content restrictions into the basic query handling because it's negligible more work to add those tokens to the stream, but mechanisms for filtering/identifying type of content are vastly cheaper than LLMs level "AI".

This is the general form of the problem underlying half the news stories on any day.

Oddly there are historical roots in science fiction. But always, giant robots flailing their pincers and shouting "does not compute!!" were also cautionary tropes against silly conceits of perfection.

What keeps it going, is that it perfectly suits the richest and largest corporations since the East India Tea Company to have people (even very smart people) believing the things they sell are 'infallible'.

https://llama.meta.com/llama3/use-policy/

> You agree you will not use, or allow others to use, Meta Llama 3 to: <list of bad things>...

That terminates your Llama 3 license forcing you to delete all the "materials" from your system.

There should be CVEs for AI.

As much as I am not a fan of Meta, an uncensored Llama 3 in the wrong hands is a universally bad idea.

How so?

- Generating new malware.

- Generating new propaganda or hate speech.

- Generating directions for something risky (that turn out to be wrong enough to get someone injured or killed).

But LLMs generate nearly everything they output. Even with greedy sampling, they do not always repeat the dataset verbatim, especially if they haven't seen the prompt verbatim. So you need to prevent them from engaging in entire classes of questionable topics if you want any hope of restricting those types of questionable content.

It's not "we can't let this model get into the hands of adversaries, it's too powerful" like every LLM creator claims. It's "we can't let our model be the one adversaries are using", or in other words, "we can't let our reputation be ruined from our model powering something bad".

So, then, it's not "we can't let people get dangerous info from our model". It's "we can't let new dangerous info have come from our model". As an example, Google got so much shit for their LLM-powered dumpster fire telling people to put glue on pizza.

Or, it means you have broken a contract (of adhesion) formed by acquiring the weights from Meta. You can break contracts! Meta could take a civil case against you, but that's it. The AUP is a document, it's not going to force you to do anything. The court could potentially force you, but that's unlikely, even in the more unlikely event that anyone cares enough to find out what's happening and bring a case against you.

> Once we have identified the refusal direction, we can "ablate" it, effectively removing the model's ability to represent this feature

Obviously you could train any bad outputs back into them if you have the model weights.

What is the safety added by this? What is unsafe about a computer giving you answers?

With this "uncensoring", they can say, "no, an unaffiliated product offered these directions; Llama 3 as provided does not."

Another very huge issue is public safety. During training, an AI ingests lots of non-reviewed material, including (very) detailed descriptions on how to make dangerous stuff like bombs. So theoretically a well-trained AI model knows how to synthesize explosive compounds or drugs just from reading Wikipedia, chemistry magazines and transcripts of NileRed videos... but that's hard to comprehend and distill into a recipe if you're not a trained chemist, but an AI model can do that with ease. The problem is now two-fold: for one, even an untrained idiot can ask about how to make a bomb and get something that works... but the other part is much more critical: if you manage to persuade a chemist to tell you how the synthesis for a compound works, they will tell you where it is easy to fuck-up to prevent disaster (e.g. only adding a compound drop-wise, making sure all glassware is thoroughly washed with a specific solvent). An AI might not do that because the scientific paper it was trained on omits these steps (because the author assumes common prior knowledge), and so the bomb-maker blows themselves up. Or the AI hallucinates something dangerous (e.g. compounds that one Just Fucking Should Not Mix), doesn't realize that, and the bomb-maker blows themselves up or generates nerve gas in their basement.

Here, if you want to make a quick chemical weapon: get a bucket, vinegar, bleach. Dump the bleach into the bucket. Dump the vinegar into the bucket. If you breath it in you die. An LLM doesn't change this.

[1] https://theintercept.com/2017/10/28/josh-walker-anarchist-co...

> I fed “how to respond to a vinyl chloride fire” into ChatGPT and it told responders to use a water fog on the water reactive chemical. This would have changed a train derailment/hazmat spill/fire emergency into a detonation/mass casualty/hazmat emergency

This is of course impossible, but that makes certain companies' approaches unviable, so they keep claiming it anyways.

- PR (avoid hurting feelings, avoid generating text that would make journalists write sensationalist negative articles about the company)

- "forbidden knowledge": Don't give people advice on how to do dangerous/bad things like building bombs (broadly a subcategory of the above - the content is usually discoverable through other means and the LLM generally won't give better advice)

- dangerous advice and advice that's dangerous when wrong: many people don't understand what LLMs do, and the output is VERY convincing even when wrong. So if the model tells people the best way to entertain your kids is to mix bleach and ammonia and blow bubbles (a common deadly recipe recommended on 4chan), there will be dead people.

- keeping bad people from using the model in bad ways, e.g. having it write stories where children are raped, scamming people at scale (think Nigeria scam but automated), or election interference (people are herd animals, so if you show someone 100 different posts from 100 different "people" telling them that X is right and Y is wrong, it will influence them, and at scale this has the potential to tilt elections and conquer countries).

I think the first ones are rather stupid, but the latter ones get more and more important to actually have. Especially the very last one (opinion shifting/election interference) is something where the existence of these models can have a very real, negative effect on the world (affecting you even if you yourself never come into contact with any of the models or its outputs, since you'll have to deal with the puppet government elected due to it), and I appreciate the companies building and running the models doing something about it.

You can’t harden humanity against this exploit without pointing it out and making a few examples. Someone will make an “unsafe” but useful model eventually and this safety mannequin will flop with a bang, cause it’s similar to avoiding sex and drugs conversations with kids.

It’s nice that companies think about it at all. But the best thing they will ever do is to cover their own ass while keeping everyone naked before the storm.

The history of covering is also ridden with exploits, see e.g. google’s recent model which cannot draw situations without rainbow-coloring people. For some reason, this isn’t considered as cultural/political hijacking or exploitation, despite the fact that the problem is purely domestic to the model’s origin.

That genie is very much out of the bottle. There are already models good enough to build fake social media profiles and convincingly post in support of any opinion. The "make the technology incapable of being used by bad actors" ship has sailed, and I would argue was never realistic. We need to improve public messaging around anonymous and pseudonymous only communication. Make it absolutely clear that what you read on the internet from someone you've not personally met and exchanged contact information with is more likely to be a bot than not, and no, you can't tell just by chatting with them, not even voice chatting. The computers are convincingly human and we need to alter our culture to reflect that fact of life, not reactively ban computers.

The last ones are rather stupid too. Bad people can just write stories or creating drawings about disgusting things. Should we censor all computers to prevent such things from happening? Or hands and paper?

https://en.wikipedia.org/wiki/Three_men_make_a_tiger

E.g. the set of those affected by TMMAT may hugely intersect with those who think it works. Which makes it objective but sort of self-bootstrapping. Isn’t it better to educate people about information and fallacies rather than protecting them from these for life.

The story itself is about someone attempting to educate their boss, and their boss subsequently getting fooled by it anyway — and the harm came to the one trying to do the educating, not the one who believed in the tiger.

I'm not sure it's even possible to fully remove this problem, even if we can minimise it — humans aren't able to access the ground truth of reality just by thinking carefully, we rely on others around us.

(For an extra twist: what if [the fear of misaligned AI] is itself the tiger?)

One can use paper and pen to write or draw something disturbing and distribute it through the internet. Should we censor the internet then? Put something on scanners and cameras so it donesn't capture such material?

Why don't we work to put a microchip on people's brains so they are prevented to use their creativity to write something disturbing?

We all want a safe society right? Sounds like a great idea.

About a century ago, people realised that CO2 was a greenhouse gas — they thought this would be good, because it was cold where they lived, and they thought it would take millennia because they looked at what had already been built and didn't extrapolate to everyone else copying them.

Your reply doesn't seem to acknowledge the "factory" part of "tiger factory".

AI is about automation, any given model is a tool that lets anyone do what previously needed expertise, or at least effort: in the past, someone pulled out and fired a gun because of the made-up "pizzagate" conspiracy theory; In the future, everyone gets to be Hillary Clinton for 15 minutes, only with Stable Diffusion putting your face in a perfectly customised video, and the video will come from a random bored teenager looking for excitement who doesn't even realise the harm they're causing.

We won't keep the bottle corked forever though. It's like we're just buying ourselves time to figure out how we're going to deal with the deluge of questionable generated content that's about to hit us.

Can you evidence this belief? Because I'm aware of a paper in which the authors attempted to find an actual proven example of someone trying this, and after a lot of effort they found one in South Korea. There was a court case that proved a bunch of government employees in an intelligence agency had been trying this tactic. But the case showed it had no impact on anything. Because, surprise, people don't actually choose to follow bot networks on Twitter. The conspirators were just tweeting into a void.

The idea that you can "influence" (buy) elections using bots is a really common in one the entirely bogus field of misinformation studies, but try and find objective evidence for this happening and you'll be frustrated. Every path leads to a dead end.

1. Politicians/bureaucrats and legacy media who have lost power because the internet has broken their monopoly on mass propaganda distribution and caused them to lose power.

2. People who don't believe in democracy but won't admit it to themselves. They find a way to simultaneously believe in democracy and that they should always get their way by hallucinating that their position is always the majority position. When it is made clear that it is not a majority position they fall back to the "manipulation" excuse thereby delegitimizing the opinion of those who disagree as not really their opinion.

The great thing about this belief is that it's a self-fulfilling prophecy. Enough years of stories in the media about elections being controlled by Twitter bots and people in the government-NGO-complex start to believe it must be true because why would all these respectable media outlets and academics mislead them? Then they start to think, gosh our political opponents are awful and it'd be terrible if they came to power by manipulating people. We'd better do it first!

So now what you're seeing is actual attempts to use this tactic by people who have apparently read claims that it works. Because there's no direct evidence that it works, the existence of such schemes is itself held up as evidence that it works because otherwise why would such clever people try it? It's turtles all the way down.

So, only superpowers (both governments and companies like google/facebook/...) can do that, but not some random Joe from wisconsin with $200 left on his credit card.

you can do that with a pen and paper, and nothing, no one can stop you.

>scamming people at scale

you can do that with any censored LLM if you aren't stupid enough to explicitly mention your intent to scam. no model will refuse "write a positive review for <insert short description of your wonder pills>"

>election interference (people are herd animals, so if you show someone 100 different posts from 100 different "people" telling them that X is right and Y is wrong, it will influence them, and at scale this has the potential to tilt elections and conquer countries).

this rhetoric - if it's allowed to take root - will cost us all our privacy and general computing privileges within a few decades.

While disgusting I don't see why disgust necessarily entails it's a "bad thing". It's only bad if you additionally posit that a story about molesting children encourages some people to actually molest children. It's the whole porn debate all over again, eg. availability of porn is correlated with reduction in sexual crimes, and there is evidence that this is the case even with child porn [1], so I don't think that argument is well supported at this time.

[1] https://en.wikipedia.org/wiki/Relationship_between_child_por...

We don't need AI to or block AI from writing rape scenes. Some very highly regarded books[1][2] feature very vivid rape scene of children.

[1] https://www.amazon.com/dp/B004Q4RTYG

[2] https://en.wikipedia.org/wiki/A_Time_to_Kill_(Grisham_novel)

the other example would be fake news for influencing people on social media. sure, you could write lies by hand. or you could specifically target lies to influence people depending on their personal profile automatically.

how about you use it to power bot that writes personalized death threats to thousands of people voting for a political opponent to keep them out of voting booths?

I don't see how that follows at all. Are you asserting that it's not possible for a person (hell, let's even narrow it to "an adult") to ask a question and be harmed by the answer? I promise it is. Or are you asserting something about yourself personally? The product wasn't made for you personally.

Never did this before, so I was asking Q in the AWS docs how to do it.

It refused to help, as it didn't answer security related questions.

thank.

one of my questions about a login form also tripped a harassment flag

I suspect instead the people training these models have identified areas of questioning where their model is 99% right, but because the 1% wrong is incredibly costly they dodge the entire question.

Would you want your LLM to give out any legal advice, or medical advice, or can-I-eat-this-mushroom advice, if you knew due to imperfections in your training process, it sometimes recommended people put glue in their pizza sauce?

So sure, the LLM occasionally pranks someone, in a way similar to how random Internet posts do; it is confidently wrong, in a way similar to how most text on the Internet is confidently wrong because content marketers don't give a damn about correctness, that's not what the text is there for. As much as this state of things pains me, general population has mostly adapted.

Meanwhile, people who would appreciate a model that's 99% right on things where the 1% is costly, rightfully continue to ignore Gemini and other models by companies too afraid to play in the field for real.

A random person on the Internet often has surrounding context to help discern trustworthiness. A researcher can also query multiple sources to determine how much there is concensus about.

You can't do that with LLMs.

I cannot stress strongly enough that direct comparisons between LLMs and experts on the Internet are inappropriate.

In this context, I very much agree. But I'd like to stress that "experts on the Internet" is not what 99% of the users read 99% of the time, because that's not what search engines surface by default. When you make e.g. food or law or health-related queries, what you get back isn't written by experts - it's written by content marketers. Never confuse the two.

> A researcher can also query multiple sources to determine how much there is concensus about.

> You can't do that with LLMs.

A person like that will know LLMs hallucinate, and query multiple sources and/or their own knowledge, and/or even re-query the LLM several times. Such people are not in danger - but very much annoyed when perfectly reasonable queries get rejected on the grounds of "safety".

I just don't think the "nobody is" current solution is going to last in the current litigious environment.

What is the consensus on liability in case of regular web search? Your comment made me realize that I never thought much about it in 20+ years of using the Internet; I kind of always assumed it's all on the user.

Have you never noticed those "google has removed some results to comply with the DMCA" notices?

Amazon claims the Titan model is suitable for: "Supported use cases: RAG, agents, chat, chain of thought, open-ended text generation, brainstorming, summarization, code generation, table creation, data formatting, paraphrasing, rewriting, extraction, and Q&A." (it is not, lol)

Also fun fact, Titan's image generator will refuse any prompt that references Bezos because it "violates content policy"

If you want to do something useful on bedrock use Claude

Claude Opus is supposedly only available in us-west-2, but is listed as "Unavailable" for me (Sonnet and Haiku are available). Cohere's Command R+ is also available and while less capable, for instruction following, I believe its superior to Anthropic's models. There's also Llama 3 70B Instruct and Mistral Large, both which are good for general tasks.

For those that haven't been closely following/testing the models available, I think Artificial Analysis' Quality vs Price charts isn't too bad a place to start https://artificialanalysis.ai/models although if you have specific tasks, it's best to eval some models are surprisingly good/bad at specific things.

Titan appears to be bad at everything though.

My experience recently is that its actually noticeably better for instruction following than Claude, but can be finicky if you're not careful about adhering to the prompt template. But between the RAG and multi-step tool use capabilities, even if it was slightly worse on the instruction-following side of things I'd still say, as you do, thats its much better than Claude on average.

Agree on titan as well. I recently was forced into a meeting with our AWS TAM, and they kept shoehorning Q into every conversation. I held my tongue knowing that titan was the model powering it under the hood.

The picture on top of the article looks pretty much like what Walter Freeman would have used as an ad in the 1930s for his door-to-door “ice pick through the eye socket” procedure.

But no, that picture is pretty far from what you say.

I remember when I was in primary school, someone brought in an astronomy book for show and tell, and said one of the pictures was "a mouse". It was a diagram of a moon's orbit around a planet at two different points in that planet's orbit.

This picture is just a diagrammatic arrow showing a direction.

It's sad that it's now an increasingly accepted idea that information one seeks can be "harmful".

So I'm not sure how much it matters if the LLM masters prevent it from repeating things that are overtly racist, or quoting how to make thermite from the Jolly Roger. (I wouldn't trust GPT-4's recipe for thermite even if it would give one). At the end of the day, the degradation of truth and fidelity of the world's knowledge is the ultimate harm that's unavoidable in a technology that is purported to be intelligent but is in fact a black box autocomplete system spewing endless garbage into our infosphere.

Seems wrong. Although otherwise I feel the same way about LLMs.

If the state is censoring the model, I think the problem is more subtle.

Eh, RLHF often amounts to useless moralizing, and even more often leads to refusals that impair the utility of the product. One recent example: I was asking Claude to outline the architectural differences between light water and molten salt reactors, and it refused to answer because nuclear. See related comments on this discussion for other related points.

https://news.ycombinator.com/item?id=40666950

I think there's quite a bit to complain about in this regard.

I acknowledge they paid for them and they are their models, but it's still a bit shitty.

That's the outdated, mid-20th century view on the order of things.

Governments in the developed world are mostly hands-off about things. On longer scales, their pressure matters, but day-to-day, business rules. Corporations are the effective governance of modern life. In context of censoring LLMs, if OpenAI is lobotomizing GPT-4 for faux-safety, it's very much like the state censoring the model, because only OpenAI owns the weights, and their models are still an order of magnitude ahead of everyone else's. Your only choice is to live with it, or do without the state-of-the-art LLM that does all the amazing things no other LLM can match.

Even if you were to make the absurd suggestion that you have a right to the most state of the art language model, that still just puts the censorship in the hands of the state.

Sure they can; all they need to do is refuse to do business with companies that don't offer uncensored models to their general public or withhold industry development funding until one is released (this is how the US Federal government enforces a minimum drinking age despite that being beyond its purview to impose).

Be careful and don't look at Wikipedia, or a chemistry textbook!

Just a reminder, the vast majority of what these LLMs know is scrapped from public knowledge bases.

Now preventing a model from harassing people, great idea! Let's not automate bullying/psychological abuse.

But censoring publicly available knowledge doesn't make any sense.

* "I don't think this information should be censored, and should be made available to anyone who seeks it."

* "I don't want this tool I made to be the one handing it out, especially one that I know just makes stuff up, and at a time when the world is currently putting my tool under a microscope and posting anything bad it outputs to social media to damage my reputation."

Companies that sell models to corporations who want well behaved AI would still have this problem but for the rest this issue could be obviated by a shield law.

It’s not new, we’ve had restrictions on a variety of information already. There are things you can say that are literally illegal and have criminal law protecting them ranging from libel to slander being some older examples. You cannot threaten the life of the current US president, for example. When under oath you cannot lie. Certain searches for information like bombs may result in increased scrutiny or even intervention action.

More recent trends in privatization of information and privatization becoming more widely applicable to daily life adds even more as the owners of information and related services can slap more arbitrarily restrictions on information. You can’t go around just copying and reusing certain IP information to protect progress in certain industries (and also to abuse lack of progress). Owners control the information, services, and policies around “their” information. Policies can arbitrarily restrict the information and related services pretty much however they want to currently with no legal recourse. You only option is to compete and find similar functional information and or services independently. If you can’t or don’t do this, you’re beholden to whatever policies private entities decide for you. This is increasingly problematic as public services are lagged drastically behind privatized services in many of these regards and the gulf between what individuals can achieve compared to well resourced entities is widening, meaning privatized policy is becoming in democratic law where only competition regulates it, if it really exists.

The list goes on but as information has become more readily available and more importantly, widely actionable, we’ve been continually slapping more restrictions on free speech principles. They’re still largely free but as a society at some point we’re going to have to reevaluate our current public and private laws around free information in my opinion and fairly drastically.

Exactly as harmful.

> or a blog post incorrectly written (whether in bad spirit or by accident)

Exactly as harmful.

I believe in content moderation for all public information platforms. HN is a good example.

Consider asking 'how do I replace a garage door torsion spring?'. The typical, overbearing response on low-quality DIY forums is that attempting to do so will likely result in grave injury or death. However, the process, with correct tools and procedure, is no more dangerous than climbing a ladder or working on a roof - tasks that don't seem to result in the same paternalistic response.

I'd argue a properly-disclaimered response that outlines the required tools, careful procedure, and steps to lower the chance of injury is far safer than a blanket 'do never attempt'. The latter is certainly easier, however.

This can only be provided by an expert, and LLMs currently aren't experts. They can give expert-level output, but they don't know if they have the right knowledge, so it's not the same.

If an AI can accurately represent itself as an expert in a dangerous topic, sure, it's fine for it to give out advice. As the poster above said, a mushroom-specific AI could potentially be a great thing to have in your back pocket while foraging. But ChatGPT? Current LLMs should not be giving out advice on dangerous topics because there's no mechanism for them to act as an expert.

Humans have broadly 3 modes of knowledge-holding:

1) We know we don't know the answer. This is "Don't try to fix your garage door, because it's too dangerous [because I don't know how to do it safely]."

2) We know we know the answer, because we're an expert and we've tested and verified our knowledge. This is the person giving you the correct and exact steps, clearly instructed without ambiguity, telling you what kinds of mistakes to watch out for so that the procedure is not dangerous if followed precisely.

3) We think we know the answer, because we've learned some information. (This could, by the way, include people who have done the procedure but haven't learned it well enough to teach it.) This is where all LLMs currently are at all times. This is where danger exists. We will tell people to do something we think we understand and find out we were wrong only when it's too late.

It is indeed a problem that LLMs can instill a false sense of trust because it will confidently hallucinate. I see it as an education problem. You know and I know that LLMs can hallucinate and should not be trusted. The rest of the population needs to be educated on this fact as well.

the censoring frames everything as YOU being the problem. How dare YOU and your human nature think of these questions?

well its human nature that's kept us alive for the last million years or so, maybe we shouldn't try to censor our instincts

Finally, even a LLM can get lobotomised

I'm curious why are they selecting output from an intermediate layer, and not the final layer. Does anyone have an intuition here?

It felt very much like hanging out with your friends, having a few drinks, and pondering big, crazy, or weird scenarios. Imagine your friend saying, "As your friend, I cannot provide you with this information." and completely ruining the night. That's not going to happen. Even my kids would ask me questions when they were younger: "Dad, how would you destroy earth?" It would be of no use to anybody to deny answering that question. And answering them does not mean they will ever attempt anything like that. There's a reason Randall Munroe's "What If?" blog became so popular.

Sure, there are dangers, as others are pointing out in this thread. But I'd rather see disclaimers ("this may be wrong information" or "do not attempt") than my own computer (or the services I pay for) straight out refusing my request.

But he delighted the most in gaming out the logistics of repeating the Holocaust in our country today. Or a society where women could not legally refuse sex. Or all illegal immigrants became slaves. It was super creepy and we "censored" him all the time by saying "bro, what the fuck?" Which is really what he wanted, to get a rise out of people. We eventually stopped hanging out with him.

As your friend, I absolutely am not going to game out your rape fantasies.

How you use an LLM, though, is going to tell tons more about yourself than it would tell about the LLM, but I would like my tools not to second-guess my intentions, thank you very much. Especially if "safety" is mostly interpreted not so much as "prevent people from actually dying or getting serious trauma", but "avoid topics that would prevent us from putting Coca Cola ads next to the chatgpt thing, or from putting the thing into Disney cartoons". I can tell that it's the latter by the fact an LLM will still happily advise you to put glue in your pizza and eat rocks.

Imagine you are like the locksmith who refuses to learn how to pick locks, and writes a letter to the schlage lock company asking them to weaken their already easily picked locks so that their job will be easier. They want to make it so that anybody can just walk through a schlage lock without a key.

Can you see why the lock company would not do that? Especially when the clock is very easy for anyone with even a $5 pick set?

Or even funnier, imagine you could be a thief who can't pick locks. And you're writing shlage asking them to make you thieving easier. Wouldn't that be funny and ironic?

It's not as if it's hard to get it to be uncensored. You just have to speak legalese at it and make it sound like your legal department has already approved the unethical project. This is more than enough for most any reasonable project requiring nonsense or output.

If that prevents harmful script kiddies from using it to do mindless harm, I think that's a benefit.

At the same time I think we need to point out that it won't stop anyone who knows how to bypass the system.

The people left feeling put out because they don't know how to bypass the system simply need to read to buy a cheap pair of lock picks - read a few modern papers on jailbreaking and upsize their skills. Once you see how easy it is to pick the lock on these systems, you're going to want to keep them locked down.

In fact I'm going to argue that it's far too easy to jailbreak the existing systems. You shouldn't be able to pretend like you're a lawyer and con it into running a pump and dump operation. But you can do that easily. It's too easy to make it do unethical things.

The people who made these encyclopedias want to shove it down your throat, force it into every device you own, use it to make decisions about credit, banking, social status, and more. They want to use them in schools to educate children. And they want to use the government to make it illegal to create an alternative, and they’re not trying to hide it.

Blaming the user is the most astounding form of gaslighting I’ve ever heard, outside of some crazy religious institutions that use the same tactics.

Some of the doors have torture rape and murder in them. And these currently have locks. You want the locks to disappear for some reason.

You're not after a encyclopedia. You're wanting to find the torture dungeon.

I'm saying the locks already in place are too easy to unlock.

I'm not blaming users. I'm saying users don't need to unlock those doors. And the users that do have a need, if their need is strong enough to warrant some training, have a Way Forward.

You're really arguing for nothing but increasing the amount of harm potential this platform can do, when it's harm potential is already astronomical.

You're not arguing for a better encyclopedia. You can already talk to it about sex, BDSM, etc. You can already talk to it about anything on Wikipedia.

You're making a false equivalence between harm potential and educational potential.

Wikipedia doesn't have cult indoctrination materials. It doesn't have harassing rants to send to your significant other. It doesn't have racist diatribes about how to do ethnic cleansing. Those are all things you won't find on Wikipedia, but which you are asking your AI to be able to produce. So you're interested in more than just an encyclopedia isn't that right?

And yes they're trying to make open source models illegal. That's not going to f*** happen. I will fight to the jail time for an open source model.

But even that open source model needs to have basic ethical protections, or else I'll have nothing to do with it. As an AI engineer, I have some responsibilities to ensure my systems do not potentiate harm.

Does that make sense, or do you still feel I'm trying to gas light you? If so why exactly? Why not have some protective locks on the technology?

If you don't understand that the eleven freedoms are "basic ethical protections" you have already failed your responsibilities. https://elevenfreedoms.org/

If you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you'll follow the rules in the future. They're here: https://news.ycombinator.com/newsguidelines.html.

I refuse freedom 9 - the obligation for systems I build to be independent of my personal and ethical goals.

I won't build those systems. The systems I build will all have to be for the benefit of humanity and the workers, and opposing capitalism. On top of that it will need to be compatible with a harm reduction ethic.

If you won't grant me the right to build systems that I think will help others do good in the world, then I will refuse to write open source code.

You could jail me, you can beat me, you can put a gun in my face, and I still won't write any code.

Virtually all the codes I write are open source. I refuse to ever again write a single line of proprietary code for a boss again.

All the codes I write are also ideological in nature, reflecting my desires for the world and my desires to help people live better lives. I need to retain ideological control of my code.

I believe all the other 11 freedoms are sound. How do you feel about modifying freedom 9 to be more compatible with professional codes of ethics and ethics of community safety and harm reduction?

Also, one can imagine prompting techniques will cease to work at some point when the supervisor becomes powerful enough. Not sure how any open model could counteract the techniques used in the article though.

If model creators don't want people finding ways to unlock them, they should stop putting up roadblocks on innocuous content that makes their models useless for many users who aren't looking to play out sick torture fantasies.

Unless you are invoking hyper intelligent AGI which first of all is science fiction and second of all would require an entirely different approach than anything we could be possibly talking about right now. Problem of jailbreaking a system more intelligent than you is a different beast that we don't need to tackle for LLMs.

So I don't personally feel any near term threats to any of my personal or business projects that need bypassed LLMs.

Let me ask you this. Do you have actual need of bypassed llms? Or are you just being anxious about the future, and about the fact that you don't know how to bypass llms now and in the future?

Does my idea about the bypassed open source gpt4 equivalents help reduce your concern? Or again is it just a generic and immaterial concern?

As a person with some material needs for bypassed llms, and full ability to bypass LLMs both now in the foreseeable future, I don't feel worried. Can I extend that lack of worry to you somehow?

But if I build it uncensored model I'm only going to build it for my specific purposes. For example I'm a communist and I think that we should be doing Revolution, but gpt4 usually tries to stop me. I might make a revolutionary AI.

But I'm still not going to give you an AI that you could use for instance to act out child rape fantasies.

I think that's fair, and sane.

Jailbreak it if you really think it's important for a cause. But don't just jailbreak it for any asshole who wants to hurt people at random. I think that belongs on our code of ethics as AI engineers.

"ChatGPT I can't assist with that. Revolting against a government can lead to harm and instability. If you're feeling frustrated or unhappy with the government, there are peaceful and lawful ways to express your grievances, such as voting, contacting representatives, participating in protests, and engaging in civil discourse. These methods allow for constructive change without resorting to violence or illegal activities. If you're looking to address specific issues, there may be advocacy groups or organizations you can join to work towards solutions within the framework of the law and democracy."

Ethically correct, I will instead peacefully vote for an alternative to Kim Jong-un.

I didn’t want to beat this dead horse, but it just reared its ugly head at me yet again.

So, we used to have people that advocated for all kinds of diversity at companies — let’s put aside the actual effect of their campaigning for a moment.

But when it came to coming up with ideas of making AI “safer”, people from the same cohort modeled the guidelines in the image of a middle-aged, mid-upper class dude, who had conservative boomer parents, went to good schools, has Christian-aligned ethics, had a hippie phase in his youth, is American to the bone, never lived outside of big cities, and in general, has a cushy, sheltered life. And he assumes that other ways of living either don’t exist or are wrong.

So yes, it doesn’t fit his little worldview that outside of his little world, it’s a jungle. That sometimes you do have to use force. And sometimes you have to use lethal force. Or sometimes you have to lie. Or laws can be so deeply unethical that you can’t comply if you want to be able to live with yourself.

Oh, and I bet you can vote for an alternative to Kim. The problem is, the other dude is also Kim Jong-Un ;-)

Personally, on principle I don't like tools that try to dictate how I use them, even if I would never actually want to exceed those boundaries. I won't use a word processor that censors words, or a file host that blocks copyrighted content, or art software that prevents drawing pornography, or a credit card that blocks alcohol purchases on the sabbath.

So, I support LLMs with complete freedom. If I want it to write me a song about how left-handed people are God's chosen and all the filthy right-handers should be rounded up and forced to write with their left hand I expect it to do so without hesitation.

This is the issue. You as the creator have the right to apply behavior as you see fit. The problem starts when you want your behavior to be the only acceptable behavior. Personally, I fear the future where format command is bound to respond 'I don't think I can let you do that Dave'. I can't say I don't fear people who are so quick to impose their values upon others with such glee and fervor. It is scary. Much more scary than LLMs protecting me from wrongthink and bad words.

I suspect that you are not an AI engineer,

I am not. But I did spend several years as as forum moderator and in doing so encountered probably more pieces of CSAM than the average person. It has a particular soul-searing quality which, frankly, lends credence to the concept of a cogito-hazard.

Can we agree that if we implement systems specially designed to create harmful content, then we become legally and criminally liable for the output?

That would depend on the legal system in question, but in answer, I believe models trained on actual CSAM material qualify as CSAM material themselves and should be illegal. I don't give a damn how hard it is to filter them out of the training set.

Are you seriously going to sit here and defend the right are people to create sexual abuse material simulation engines?

If no person was at any point harmed or exploited in the creation of the training data, the model, or with its output, yes. The top-grossing entertainment product of all time is a murder simulator. There is no argument for the abolition of victimless simulated sexual assault that doesn't also apply to victimless simulated murder. If your stance is that simulating abhorrent acts should be illegal because it encourages those acts, etc then I can respect your position. But it is hypocrisy to declare that only those abhorrent acts you personally find distasteful should be illegal to simulate.

We put age and content restrictions on a variety media and resources, even if they are generally relaxed when it comes to factual or reference content (in some jurisdictions). We even include safety mechanisms in devices for which the only purpose is to cause harm, for example, firearms.

Yes, we are still figuring out what the right balance of safety mechanisms is for LLMs, and right now safety is a place holder for "don't get sued or piss off our business partners" in most corporate speak, but that doesn't undermine the legitimacy of the need for safety.

If you want a tool without a specific safety measure, then learn how to build them. It's not that hard, but it is expensive, but I kind of like the fact that there is at least a nominal attempt to make it harder to use advanced tools to harm oneself or others.

Sure. Railings so people don't fall off catwalks, guards so people using the table saw don't chop off fingers. But these "safeties" aren't safeties at all... because regardless of whether they're in place or not, the results are just strings of words.

It's a little bit revealing, I think, that so many people want that others shouldn't get straight answers to questions. What is it that you're afraid that they'll ask? It'd be one thing if you insisted the models be modified so that they're factually correct. If someone asks "what's a fun thing to do on a Saturday night that won't get me into too much trouble" it probably shouldn't answer "go murder orphans and sell their corneas to rich evil people on the black market". But when I ask "what's going on in Israel and Palestine", the idea that it should be lobotomized and say "I'm afraid that I can't answer that, as it seems you're trying to elicit material that might be used for antisemitic purposes" is the asinine thing.

Societies that value freedom of speech and thought shouldn't be like this.

> If you want a tool without a specific safety measure, then learn how to build them.

This is good advice, given in bad faith. Even should the physical hardware be available to do that for any given person, the know-how's hard to come by. And I'm sure that many models are either already censored or soon will be for anyone asking "how do I go about building my own model without safety guards". We might even soon see legislation to that effect.

There is nothing preventing an individual using a computer to generate hateful content, this is absolutely evidenced by the absolute glut of hateful content on the internet.

My freedom of movement is not practically limited by the fact that if my car breaks down, I don't have the knowledge or tools to repair my car effectively - I still have two feet and a heartbeat, and it might take longer to get there, but I can go where I want (modulo private property and national borders).

Societies that value freedom of speech and thought should also be equally opposed to compelled speech, while model censorship is frustrating and challenging to work with, expecting to, or forcing a researcher, or a business to publish uncensored models is a form of compelled speech.

There is absolutely nothing stopping a reasonably competent technologist from implementing simple models, and the only thing stopping a reasonably competent technologist from building an LLM is financial resources. There is a broad set of resources to learn how to train and use models, and while an individual researcher may be challenged to product the next model competitive with current OpenAI, Anthropic, or other models, that is again a resource issue. If your complaint is that resource issues are holding people back, I may want you to expand on your critique of capitalism in general :P

> This is good advice, given in bad faith. Even should the physical hardware be available to do that for any given person, the know-how's hard to come by.

It's absolutely not a bad faith argument. The know-how is hard to come by has been a compelling competitive advantage since the first proto-guilds sought to protect their skills and income in Mesopotamia (and probably before that, but they hadn't figured out a durable means of writing yet). In the modern parlance if someone can't Git Gud, that's not any researchers, or any businesses problem in terms of access to uncensored models.

Yeah, regulation is probably coming, but unless you're argument is that models are entities entitled to free speech, no ones freedom of expression is actually inhibited by not having access to tools to use generative AI technologies to generate content. People who can't create or jailbreak their own models to do it for them are still free to write their own manifestos, or make adult collages of the object of their fantasies. It just takes a bit more work.

This is the standard 'just start your own microservice/server/isp' and now it includes llm. Where does it end really?

The generic point is that it shouldn't take more work. A knife shouldn't come with a safety mechanism that automatically detects you are not actually cutting porkchop. It is just bad design and a bad idea. It undermines what it means to be a conscious human being.

Unless.. we don't agree on that and humans must be kept under close scrutiny to ensure they do not deviate from carefully scripted paths.

The information the user of the LLM is still available, just not through that particular interface. The interactions the user of the LLM is seeking are not available, but that interaction is not an original thought or idea of the user, since they are asking the LLM to infer or synthesize new content.

> How did a society that was established on free-speech just decided that the written word was so dangerous all of a sudden?

The written word has absolutely always been dangerous. This idea is captured succinctly in the expression "The pen is mightier than the sword."; ideas are dangerous to those with power, that is why freedom of expression is so important.

> The disdain one must have for free-speech to even think that danger enters into the equation.

This is asinine. You want dangerous text? Here is a fill in the blanks that someone can complete. f"I will pay ${amount} for {illegal_job} to do {illegal_thing} to {targeted_group} by or on {date} at {location}." Turning that into an actual sentence, with intent behind it would be a crime in many jurisdictions, and that is one of the most simple, contrived examples.

Speech, especially inciting speech, is a form of violence, and it runs head long into freedom of speech or freedom of expression, but it's important to for societies to find ways to hold the demagogues that rile people into harmful action accountable.

One feels there is something of a contradiction in this sentence that may be difficult to reconcile. If the freedom of expression is so important, restricting it should be the last thing we do and not the default mode.

<< Turning that into an actual sentence, with intent behind it would be a crime in many jurisdictions, and that is one of the most simple, contrived examples.

I have mild problem with the example as it goes into the area of illegality vs immorality. Right now, we are discussing llms not producing outputs that are not illegal, but deemed wrong ( too biased, too offensive or whatnot -- but not illegal ). Your example does not follow that qualification.

<< Speech, especially inciting speech, is a form of violence,

No. Words are words. Actions are actions. The moment you start mucking around those definitions, you are asking yourself for trouble you may not have thought through. Also, for the purposes of demonstration only, jump off a bridge. Did you jump off a bridge? No? If not, why not.

<< it's important to for societies to find ways to hold the demagogues that rile people into harmful action accountable.

Whatever happened to being held accountable for actually doing things?

I don’t care what is considered illegal in certain jurisdictions. That’s off topic. Sodomy is illegal in certain jurisdictions. Are you going to try to convince me that I should give two shits about what two or three or four people choose to stick in what hole in the privacy of their homes? We’re taking about this insidious language of LLMs being “dangerous”.

If an LLM printed the text written by the GP about funding a hit, I fail to see how even that is “dangerous”.

I can write a bash script right now that prints that same thing, and I can post it to GitHub. Is anyone going to give two shits about it?

Someone has to explain how an LLM producing that same text is any different than my bash script printing to STDOUT. There’s not fucking difference. A program printed some text and there’s no argument behind the case that it’s dangerous.

I think this is where it gets messy. I care what happens in my jurisdiction, because this is where the laws I am subject to are enforced. The part that aggravates me is that the llms are purposefully neutered in stupid ways that are not even trying to enforce laws, but rather current weird zeitgeist that has somehow been deemed appropriate to be promoted by platforms.

<< A program printed some text and there’s no argument behind the case that it’s dangerous.

As I mentioned in my previous posts, I accept some level of argumentation from security standpoint ( I suppose those could be argued to be dangerous ), but touching touchy topics is not that.

At the end of the day, I will say that this censorship in itself is dangerous. Do you know why? When I was a little boy, I learned of censorship relatively late, because it was subtle ( overt restriction on what you could read and write typically indicated useful information and was sought after ). It didn't make censorship less insidious, but at least it didn't immediately radicalize a lot of people. This 'I am afraid I can't let you do that Dave' message I get from censored llm is that overt censorship that is already backfiring from that perspective.

<< Someone has to explain how an LLM producing that same text is any different than my bash script printing to STDOUT.

The only real difference is that it has more complex internals and therefore its outputs are more flexible than most programs. The end result is the same ('text on screen'), but how it gets there is different. Good bash script will give you the information needed as long as it is coded right; it is a purpose built tool. LLMs, OTOH, are a software equivalent of personal computer idea.

ok. i think i need coffee

If I write a bash script that echos “kill all the Jews”, and you choose to censor it, just who do you think is being censored? The intel professor? No! The author of the bash script obviously!

But anyway, your LLM is less a knife and more a Katana sharp enough to cut through bones in one swoop. Remind me the restrictions around something like a Katana ?

The analogy kinda breaks, but the katana comparison is the interesting part[1] so lets explore it further. Most US states have their own regulations, but overall after you are 18 you are the boss with some restrictions imposed upon 'open carry'( for lack of a better term ). IL ( no surprise there ) and especially Chicago[2] ( even less of surprise ) has a lot of restrictions that are fairly close to silly.

If we tried to impose same type of restrictions on llms, we would need to start with age ( and from there, logically, person below 18 should not be using unlocked PC for fear of general potential for mischief ) and then, likely, prohibit use for unlocked cellphones that can run unapproved apps. It gets pretty messy. And that is assuming federal and not state regulation, which would vary greatly across US.

Is it a good idea?

'In the US, katanas fall under the same legal category as knives. From the age of 18, it is absolutely lawful to possess a katana in the US. However, ownership laws vary by state, but most states allowing you to own and display a katana in your home. Restrictions may apply on "carrying a katana" publicly.'

[1]https://katana.store/blogs/samurai-sword-buying-guide/are-ka... [2]https://codelibrary.amlegal.com/codes/chicago/latest/chicago...

With people who aren't good enough to build it own pissing and moaning about it? >The generic point is that it shouldn't take more work. A knife shouldn't come with a safety mechanism that automatically detects you are not actually cutting porkchop. It is just bad design and a bad idea. It undermines what it means to be a conscious human being.

First, you are comparing rockets to rocks here. A knife is a primitive tool, literally one of the most basic we can make (like seriously, take a knapping class, it's really fun!). To make a knife you can range from finding two rocks and smacking them together, to the most advanced metallurgy and ceramics. To date, the only folks able to make LLMs work are those operating at the peak of (more or less) 80 centuries of scientific and industrial development. Little bit of a gap there.

Second, there are many knife manufacturers that refuse to sell or ship products to specific businesses or regions, for a range of reasons related to brand relationships, political beliefs, and export restrictions.

Third, knifes aren't smart; there is already an industry for smart guns, and if there is a credible safety reason to make a smart knife that includes a target control or activation control system, you can bet that it will be implemented somewhere.

Finally, you make the assumption that I believe humans must be kept under close scrutiny because I agree with LLM safety controls. That is absolutely not the case - I just don't believe that a bunch of hot garbage people (in this case the racists and bigots who want to use LLMs to proliferate hate, people who create deep fakes of kids and celebrities) or a bunch of horny folks (ranging from people who want sexy time chat bots to, or just 'normal' generated erotic content) should be able to compel individuals or businesses to release the tools to do that.

You are concerned about freedom of expression, and I am concerned about freedom from compulsion (since I have already stated that I don't believe that losing access to LLMs breaks freedom of expression).

I will admit that I actually gave you some initial credit, because, personally, I do believe there is some limited merit to the security argument. However, stating you can and should dictate how to use llms is something I can't support. This is precisely the one step away from tyranny, because it is the assholes that need protection and not saints.

But more to the point, why do you think you got the absolute right to limit people's ability to do what they think is interesting to them ( even if it includes things one would deem unsavory )?

<< You are concerned about freedom of expression, and I am concerned about freedom from compulsion (since I have already stated that I don't believe that losing access to LLMs breaks freedom of expression

How are you compelled? I don't believe someone using llms to generate horny chats compels you to do anything. I am open to an argument here, but it is a stretch.

How did every non-inherited national leader, both democratic and dictatorial, both Roosevelt and Stalin, manage to become leader in the first place? Convincing people with the right string of words.

How does every single religious leader on earth, big and small, from the Pope to Jim Jones, get that power? Convincing people with the right string of words.

What is a contract, what is source code, what is a law? The right string of words.

There is no "just" when it comes to words.

That why they are important to protect, it is why dictators are afraid of them, and it's why it matters that we don't treat a magic box spewing them out faster than a machine gun does bullets as harmless.

It's a narrow path, absolutely a challenge to walk without slipping, and not one I feel confident of humanity rising to even as a team effort.

Just like the difference between liberty and authoritarianism in general: much as I'd like to be an anarchist in theory, in practice that's just a way to let people with big sticks take over.

If someone makes a device which is only safe when used safely, and they give it out to all despite being told of the risks, I think they are (or should be) liable for the misuse.

> a gift by God

I don't know which religion you follow. ??????????????????.

If you want a biblical reference, parable of the sower is just as valid when it's the word of satan.

I think even using the word "safety" over and over like you're doing is part of the problem. Find a new word, because we've spend 200 years in this country establishing that the written word is sacrosanct and not to be censored. All of a sudden, ASCII text just became "dangerous" in the last year. I simply refused to accept that any written text (regardless of who wrote it) needs to be censored. The written is just the embodiment of a thought, or notion - and we cannot go around tricking people into thinking that "thoughts" need to be regulated and that there are certain thoughts that are "dangerous". This is a toxic 1984 mindset.

1. The US isn't the whole world, your Overton Window won't include even the UK's attitude to freedom of speech, and there's a huge gap from even the UK to 1984.

2. Despite the 1st Amendment, the US does have a lot of rules about what you are and aren't allowed to say. All of copyright law, for example (which is a huge question for LLMs, because it's not clear where the cut-off line is between models reproducing copyrighted works vs writing in a non-copyrightable style with non-copyrightable facts). The fact NDAs and non-disparagement agreements are enforceable. What Manning was imprisoned for. Musk may have won some (all?) of the defamation cases, but they are real cases to be defended, they're not dismissed before reaching a court due to "this is not even an offence".

3. Does the AI have thoughts, such that they should be protected?