@david_chisnall how quickly can you emulate CHERI on x86-64? (Does qemu support it for example?) If you compile your C code, or language bindings/runtime to a CHERI architecture could that act as a better valgrind/ASAN? Probably not what you had in mind when designing the hardware, but might be a useful intermediate step until CHERI hardware is widely available.
Someone recently suggested to me that AI systems bring the users' ability closer to the average. I was intrigued by this idea because it reflects my experience. I am, for example, terrible at any kind of visual art, but with something like Stable Diffusion I can produce things that are merely quite bad, whereas without it I can produce things that are absolutely terrible. Conversely, with GitHub Copilot I can write code with more bugs that's harder to read. Watching non-programmers use it and ChatGPT with Python, they can produce fairly mediocre code that mostly works.
I suppose it shouldn't surprise anyone that a machine that's trained to produce output from a statistical model built from a load of examples would tend towards the mean.
An unflattering interpretation of this would suggest that the people who are most excited by AI in any given field are the people with the least talent in that field.
Someone recently suggested to me that AI systems bring the users' ability closer to the average. I was intrigued by this idea because it reflects my experience. I am, for example, terrible at any kind of visual art, but with something like Stable Diffusion I can produce things that are merely quite bad, whereas without it I can produce things that are absolutely terrible. Conversely, with GitHub Copilot I can write code with more bugs that's harder to read. Watching non-programmers use it and ChatGPT...
I agree with this take on the AI Hype in that, pretty obviously what we have in general AI applications is a regression to the mean.
The real shame is that there are quite a few fields in science where machine learning is really extremely useful in finding patterns in data that might be too subtle for ordinary perception. The hype covers up (for people in the general public) this actual advance.
It’s really not fair to blame CrowdStrike for the outages today. The blame lies with the people in a position to make procurement decisions, who saw a product that added a load of additional code that runs in Ring 0 and though ‘yes, this will make us more secure, I will mandate this must be deployed across the entire company’. A large part of the blame lies with the people who created auditing frameworks that would lead people to believe that this was necessary for compliance.
@david_chisnall As usual, fantastic blog :)
@david_chisnall how quickly can you emulate CHERI on x86-64? (Does qemu support it for example?) If you compile your C code, or language bindings/runtime to a CHERI architecture could that act as a better valgrind/ASAN?
Probably not what you had in mind when designing the hardware, but might be a useful intermediate step until CHERI hardware is widely available.