That's the neat part. You can never know for sure.

No but maybe if you get the correct name extracted by an llm and search it online you'll get cached sites, or links showing that they actually exist

One liner shell scripts can be analyzed. Some of them can be determined to not delete the production database. The others will not be executed.

I got turned off to brave with all the token stuff. Just my take.

Maybe. But probably not. It doesn't matter if it's AGI though. If those other apps and tools do simple things that are predictable, then we can be pretty sure what will happen. If those tools can modify their own configuration and create new cron jobs, it becomes much harder to say anything about what will happen.

Most of us work on software that can modify its own configuration and create new jobs. I, too, have worked in ansible and terraform.

The key break here is the lack of predictability and I think it's important that we don't get too starry eyed and accept that that might be a weakness - not a strength.

A markup language can be an image format. The "G" is for "Graphics" after all.

> Why on earth would you drop [Glyphosate]?

You wouldn't. You'd drop the conversation regarding whether it was safe.

If you're constructing your unsandboxed parent document HTML using string concatenation, you might as well not use the sandboxed iframe at all. But presumably someone who bothers to sandbox untrusted content also knows about setAttribute(), or the srcdoc JS property.

You can entity-encode the content in the srcdoc= attribute to robustly solve that problem, or populate it via the DOM.

s/"/"/g

I've always tried to write code for future maintainers first. That is often me.

I've been opposed to all of it the whole time. But yes, let's stop being hypocritical.

You press the button to capture the photo. As you note, a different verb is used. When I order take-out, I'm not "creating" it.