I always have the feeling that I'm chatting with a model oriented towards engineering tasks. The seriousness, lack of interest of being humorous or cool.
I don't know if this is because I interact with Gemini only through AI Studio, and it may have different system instructions (apart from those one can add oneself, which I never do) than the one at gemini.google.com.
I never use gemini.google.com because of the lack of a simple export feature. And it's not even possible to save one chat to disk (well, neither do the others), I just wish it did.
AI Studio saving to Google Drive is really useful. I lets you download the chat, strip it of verbose things like the thinking process, and reuse it in a new chat.
I wish gemini.google.com had a "Save as Markdown" per answer and for the complete chat (with a toggle to include/exclude the thinking process). Then it would be a no brainer for me.
It's the same as if Google Docs would not have an "Download.." menu entry but you could only "save" the documents via Takeout.
I love this. When ChatGPT compliments me on my great question or tries to banter it causes me great despair.
The other day I asked a fairly innocuous question and it LOLed and said it’d give me the ‘no Bullshit answer’
For example, if I want to quickly create a Python script to list all VMs via libvirt and output their attached drives and filesystems, that's a task for ChatGPT.
But for the things where I don't want an AI to "suck up" to me and instead "stay professional", that's Gemini.
While being entirely wrong and I cringe a little
I didn't realize just how big the difference was until I tested it.
"How do I clear a directory of all executable files on Debian?"
Gemini 2.0 Flash: (responses manually formatted)
find /path/to/directory -type f -executable -delete
Replace /path/to/directory with the actual path.
To clear (delete) all executable files from a directory on Debian (or any Linux system), you can use the find command. Here's a safe and effective way to do it:
# [checkmark emoji] Command to delete all executable files in a directory (not recursively): [..]
# [magnifying glass emoji] Want to preview before deleting? [..]
# [caution sign emoji] Caution: [..]
Google never seemed to personify theirs, IIRC. They always presented their AI tools in a utilitarian way.
Ask Claude to generate a .md of the conversation, it will do that with the option to download that or a PDF of it. A lovely, but well hidden feature!
The only drawback I see is that it requires enough free space in the context window to duplicate the visual part of the chat.
^ like that.
I remain still skeptical about LLMs in this space, although I might be proven wrong, as often happens. Nevertheless, OSV has already been a big advance, so it is great that it gets a further commitment.
From the description re data integrations it sounds like the latter, unless the data mentioned is in fact used for training.
The distinction is important because a security-tuned model will have different limitations and uses than an actual pre-build security LLM app. Being an app also makes benchmarking against other "models" less straightforward.
But in the affected systems section it states:
> Also Hitachi Energy RTU500 firmware and Siemens Ruggedcom APE1808 firmware.
I cannot find any reference that this Hitachi device is vulnerable to that CVE. Hitachi has a nice interface to list all vulnerabilities of their devices, this CVE is not part of it. In the Mitigation section any mention of Hitachi is also missing. Almost as if this device is not vulnerable.
There is some more weirdness, like it doesn't mention the "portal" feature is also vulnerable.
As far as I can tell, the only connection between those is, that CISA released this alert which mentions multiple unrelated advisories in one post. Which happens to be the Siemens Palo Alto and another unrelated Hitachi advisory in RTU500: https://www.cisa.gov/news-events/alerts/2024/04/25/cisa-rele...
Imagine if a relatively clueless intern left something out of a report because the textbook "seemed wrong".
Saying that the input data is wrong and the AI didn't hallucinate that data is also kind of a "trust me bro" statement. The Mandiant feed is not public, so I cannot check what was fed to it.
I don't really care why its wrong. It is wrong. And using that as the example prompt in your announcement is an interesting choice.
In other words, even with humans, their skills and experience are never enough. they have to show the reasoning behind their conclusions and then show that reasoning is backed up by an independent source of fact. Short of that, you can still perform analysis, but then you must clearly state that your analysis is weak and requires more follow-up work and validation.
So with LLMs, I'm torn up because they kind of make your life a lot easier, but does it just feel that way or are they adding more work and uncertainty where that is intolerable?
I expect attackers will also use AI systems, trained on the latest in effective attacks. What about defense would make defenders' AI systems more effective than attackers'?
I think it's necessary because, if the attackers use AI systems then the defenders need to keep up.
Also, we need to be creating far more secure systems to start with. Now it is, to a degree, security through obscurity - something is secure when attackers can't find the bugs fast enough. Security through obsurity wouldn't seem to work well when the attacker uses AI software.
Specifically, in their own example they are just citing Mandiant, which may itself be wrong...
So what’s the big breakthrough here?