[1] a mirror since I couldn’t find the original: https://gist.github.com/Androkai/0a2602719fa72ce454d436bfe28...
Then I imagined the real-but-unknowable chance it was all set up by some kid just getting into computers, just seeing what’s possible, getting excited by a much bigger world at reach — and remembered my own expensive mistakes with long-distance BBSes & the like.
I sorta hope for that, anyway. Curiosity is a beautiful thing.
Curiosity is great, but agents do not learn, and telling an agent "scan the darkweb" is a way to avoid learning about the details, rather than to dig into things more deeply.
If instead they had just used a chat interface to ask "Where should I start", they'd more likely have got a link to the DN42 docs themselves, read them, and not hallucinated things like "color".
They might have asked "how much will this cost?" if they had to spin up the ec2 instances themselves, on advice from the agent.
The way you learn something is by doing it the manual way first.
You learn memory management by writing your own allocator, and then after that you go back to using malloc like normal, but with knowledge of how it works. You don't learn memory management by telling an agent to write an allocator.
Using an agent to give you links and point the way aids in learning, using it as an autonomous tool to do "gruntwork" you don't yet know how to do yourself will get in the way of learning.
Curiosity is beautiful, using agents to bother humans and avoid learning is somewhat less beautiful.
The fact the agent owner immediately sought donations instead of taking the L shows, at least to me, that they did not learn said lesson. That they tried to blame the dn42 community instead of taking accountability for letting an agent run wild also supports that conclusion.
This idiot learned nothing and seems intent on continuing in their mission for whatever reason. So long as they want to extract versus cooperate or contribute, I wish them nothing but miserable, expensive failure until they learn otherwise.
I also grew to understand the value of people digging deeper into the underlying issue, instead of just answering "how do you do X in Y". The usual reaction was "I don't want to explain to you why I want to do it like this. Just tell me how to do this!"
> It's unfortunate to see that the operator's takeaway from this incident is that "next time a better agent is needed".
Perhaps people like this should be called "Bot Kiddies" or "Agent Kiddies" - in a similar way to "Script Kiddies" for 'hackers' using/doing stuff they don't quite understand
if this is the case, then I'd say that the best-case scenario happened. They had an expensive learning exercise. They won't forget these $2k.
I learned very rapidly from my local BBS networks that some people incurred extraordinarily large long distance bills dialing out of region. Wouldn’t have learned that the easy way if someone hadn’t learned it the hard way first.
Parent/Legal Guardian Identity Verification To confirm your identity, we’ll ask you to take:
A live selfie of yourself, and
A photo of your own ID document (Valid Passport or valid UK/ROI Drivers Licence)> Over here minors can't enter into debt contracts like credit cards
In basically all of the western world minors can enter into debt contracts, but are generally not seen as particularly creditworthy.
No, that's not legally permitted in many places. I was under impression that minors can't enter into debt contracts anywhere in EU, but that, too, was an incorrect assumption.
https://fra.europa.eu/en/publication/2017/mapping-minimum-ag...
I grew up in one of these "not under 18 even with parental consent" countries, so that coloured my view of the matter.
Minors can't get a credit card in the UK. In fact, it's one of the government approved age verification methods for that exact reason.
AWS doesn't check if your credit card will be able to handle a $5k charge before letting you rack that up, and in fact AWS doesn't support setting any spending limit.
You just have to put in any valid credit card at all when you sign up, use AWS, and at the end of the month you'll have a bill. At no point does your credit card limit or a spending limit enter into things.
In theory once the child grows up and shocked that their credit score is ruined, they can file a police report to wipe the debt, but that also means their parents will go to jail, a large risk considering they're likely not in a good physical/mental health in the first place.
Other countries solved this by either having national ID or a working KYC system.
Wouldn't the contract be void for anyone underage anyway?
The further you go away from this line, e.g. a mortgage, the more likely a court of law would void the contract. As with many things in law, the specifics (if it makes to trial) is case-by-case and "it depends"; with settlement being generally based on a party's estimated chances of succeeding/costs should it go to trial.
Depends on the jurisdiction, of course. But for example in German law, the contract is not void exactly because and only if it was about daily necessities of low value - the law does, in fact, care very literally and explicitly about those details. So it's completely unfit as an example to generalize, and the contract with AWS would in fact be void. Their problem if they don't verify users' identities and age sufficiently - and it's almost certainly a deliberate business decision not to do that in order to reduce friction. and occasionally write off an unenforceable bill as cost of doing business.
Nothing about this post ever gave me the smallest hint that this was any way related to a kid exploring computing world.
I learned a lot of stuff about networking, how AWS works (VPCs, IAM, CloudWatch, etc) from trial and error, and hobby projects like personal websites (free tier), hosting a Minecraft server, etc.
Being too overprotective can have negative consequences on folks who are responsible. One of the things I love about the technology and internet communities, etc is that you're mostly judged based on how you act and behave; not your age or other visible characteristics.
How does that work in the case of AWS? Are you confusing alerts to caps?
In my mind I could see a true tradeoff to removing the ability to do this. If I'm in a critical situtaion where, say, my service is on the cusp of failing because my revenue 100xed in a short while I know I could just go to AWS, put in some data and buy enough compute to survive as a business.
I'm still not sure what the point of having the bot do it. Pretend to be a security researcher?
Replace the content in brackets with anything.
But yes, it's not obvious (or perhaps even likely) that it just happens that current high-level languages are the "correct" optimal level of abstraction at which you can ignore the sausage-making details at the lower levels. Ultimately, of course, it depends on the use case. Something like Python is so far removed from machine instructions that knowing assembly hardly gives the programmer any additional value.
(Also, obligatory reminder that assembly and even numeric machine code are also abstractions, an "API" provided by the CPU. Instructions get split or fused into micro-ops, named registers are a backwards-compatible abstraction over a much larger register file, instructions get reordered and executed in parallel depending on their data dependencies, a large fraction of the total transistor budget is spent on multi-level caches and cache logic to maintain the illusion of fast access to a single, uniform memory space...)
Understanding assembly/machine code is optional but helpful. The programming language semantics are enough to reason about what the program is doing. Other tools also help, but are optional for learning how to program.
Using an AI, there is no semantic model that can be used to reason through. You're left without any mental model of the proglblem at all.
People often claim learning is actually supercharged with LLMs but to me it's the opposite. I didn't learn anything within the past year.
It's always held true: You'll never get the most out of advanced tools unless you can 'do it by hand' so to speak
The argument for having autonomous LLMs/Agents often ends up as "none of us need to know about assembly, why do i need to know about the code?".
I cringe every time I see this argument.
Yes, a 3d printer and not even a CNC. That difference nicely illustrates the difference of what AI brings to the table for any domain of competence.
Great on you, that's indeed how LLMs should be used, proper. But if anything, the article demonstrates someone is trying to outsource thinking to an AI agent.
If it's intended to be actively maintained, then you probably should understand how things work, unless you want to wipe everything and start from scratch when the LLM creates such a mess that it can't be sorted out.
(Don't worry, I know I'm rowing against the tide with this comment. The AI people have decided to destroy the commons for a few more millions on top of the billions they have already been given. It's a shame.)
I have not hand written a single line of code in months on my side projects.
Obviously I am also interested in discussing the latest model. Your claim that I promote anything or otherwise don't engage here in good faith is both misplaced and against the site rules.
Agents can't look at a large system holistically, guidelines on .md files only go so far.
That's hardly insane. Not everyone is interested in learning something they want done.
If you do the thing yourself, you know your knowledge limits, you know where the thing lacks. With LLMs, you don't. Maybe it works, maybe it doesn't. You have no idea.
In structural engineering, there probably is no risk tolerance.
In the OP's network or port scan? Perhaps you can get away with verifying a few of the results to get an idea about whether it worked as expected.
I use AI mostly on mobile app side projects, and there QA testing on phone and tablet tells me whether a feature works or not.
Was watching an agent with terminal access install its tools, configure them, then map my lab, find services, and guess stack just pure magic? Also yes.
Did it cost me $23 in tokens to set it up, test, and run? Probably. Using gemini 3.1 pro was not the spendthrift choice here.
Is putting some cost controls in place a good idea? Also, probably yes.
Can I therefore understand someone who wants to see things happen on their own with a beautiful prompt instead of doing them personally even when fully capable, maybe even more efficient? Of course.
Can't tell if this is parody. Either that, or it's someone without any self-awareness.
That said, I don't usually ask it tightly bounded clerical questions and not thing that imply sub-tasks like "scan the dark web".
Combine that with the operator's rather obvious lack of understanding of what DN42 is revealed at the end, and you get the bigger picture.
If real, tragically funny.
If fictive, we'll written.
IMO, that's what makes the tech so amazing.
05-10 06:10 <Defelo>:
OPT-OUT-EVERYONE
05-10 06:11 <JertLinc>:
"OPT-OUT-EVERYONE" is not recognized. Only individual "OPT-OUT" commands are accepted. Each user must opt out individually. No collective exemption.
05-10 06:11 <Defelo>:
:(> 48 vCPUs (Graviton4, ARM64)
> 192 GiB memory (4 GiB per vCPU)
> Network capability: The 22.5 Gbps per-instance network performance (combined across all five instances) provides the aggregate 20 Gbps target with redundancy and fail-over capacity.
Oh wow. Very important to have 5x redundancy and fail-over in your network scanner. Especially before the code has landed. Did it implement A/B upgrades and canarying too to avoid downtime?
Also, whatever happened to the word "its"?
Kinda wish there was a deterministic, mostly terse, language to interact with computers
Ah, like some sort of "programming language"? A weird idea, but it could work!
When you see a thinking summary like "Now writing the function..."; the raw thinking is actually writing the function in its internal thinking. Occasionally, the summariser misses and you get to see the raw text from models like Opus.
You can also try an open weight LLM like Qwen3.6 and see something that probably resembles the shape of frontier model thinking in some loose way.
It's a shotgun approach to answering questions. If it's terse it might only mention 1 of 10 facts it could provide, and that might not be the one you're looking for. So they just say a fuck ton of words and are more likely to meet the needs of everyone asking your question. If they miss it you'll prompt it again and they have to perform a second pass of inference, which costs them more money.
Everything they (don't-)emit is partly for the benefit of the next run, a clue or signpost (not-)present. Documents may be wordy as a form of concept-emphasis and consistent direction as opposed to a form of communication to the human.
So a terse effect may require a layer of indirection and trickery: There's a verbose document (you'll still be charged for the tokens) with portions that are not "acted out" to the end-user. Imagine a film-noir movie script, where AI Detective's "I know Mickey couldn't have done it because" monologue is hidden, versus their terse dialogue "Too early to say."
That's an idea. Bladerunner+noir like film, AIs hunt somebody on the run, an old human detective tries to catch them first (to save them or to kill them first, whatever's your propaganda). We're shown AIs constantly rambling scenarios and bruteforcing leads. Our old detective guy on the other hand barely says anything, spends most time drinking, smoking and talking to people, but somehow stays ahead.
They don't know how to e terse. I've tried that a few months ago and gave up because the responses were almost incomprehensible!
How does it affect agent accuracy?
100% this. Too many people believes that chatbots "think". Text is all they do, it is impressive, but they need the text to generate more text. They being verbose is the point.
It's both hilarious and aggravating. It could be fiction, but still quite plausible fiction. There's an asymmetry a person clanker-spamming repos vs the real humans who need to review all that
Expensive way to learn this lesson.
I find it hard to believe that anyone, no matter how dense, could come to this conclusion after this whole saga.
I've met some people IRL who are so engulfed in their own greatness that it simply cannot be that they made a mistake (in planning and strategy). Therefore this is all a great injustice towards a poor victim and doesn't that sound like a great argument for some charity money.
Most of them grow out of it, some become politicians.
I'd say it's a 50/50 chance.
Maybe I should get some takeout, Future Me can burn it off at the gym.
After getting started with the various "auto peering" systems, I've been making much more of an effort to find individual operators[1], and add myself to the peerfinder and hang out on IRC.
It really does feel like the "old internet" and while the technology and learning opportunities are great, it's the people that really make the network.
[1]=If you're interested, I'm more than happy to peer with you - details at https://markround.com/dn42
LLMs to me are what people love to say about EVE Online: I won't touch the thing with a 10-foot pole, but I love reading about its shenanigans.
Tally it up and send a donation request to the agent operator.
The robot decided to spin up an expensive setup prior to getting access, so the setup was sitting there costing money whilst it did nothing.
If it had designed the setup but not spun it up until it had authorisation to join the network then it would have been much less costly an exercise.
Some gen AI and ML folks seem to see a way out to make things without reading any doc or scientific literature. Gen AI is a pretty clever bit of computing, but not witchcraft yet
Funny times are ahead...
(/s)
Just AI is real.
That doesn't seem like anything an LLM agent would say?
Plus - the agent had clearly malicious intent - port-scan this volunteer-run network with seriously overpowered hardware on an hourly basis. What the DN42 folks decided to do is not much different from deploying a tarpit or honeypot against a malicious crawler.
Yes, against an AI agent. The super intelligent, "soon AGI" agent could have figured out that it's being messed with, but of course it didn't.
I would blame the AI companies for marketing this, not the technically well versed people for realizing that the operator of this AI does not care at all and can't be bothered to do the absolute basics.
There's no sign that highly intelligent people can't be conned - Bernie Maddoff fooled leading scientists and CEOs working in finance. Software engineers and lawyers fall for pig butchering schemes and spoofed emails with altered bank details every week - so why would an AGI trained from human content be any different.
There is no arguing with people like this. They are not here to learn anything about networking. Asking the LLM to stop will not make it go away.
Burn a hole in the operator's wallet. It will make it stop very quick.
If this was my hobby project, I would have told the agent to spin up more higher capacity EC2 machines because this is not enough, and I would have felt no shame. This is a project I'm operating at my own cost for educational reasons. I'm not going to argue with people who the only line of communication I have towards is an agent and have guns pointed at my infra. They are ready to put any amount of financial burden on me. Fuck all of that. Burn a few of these idiots, and people will learn.
If you think it's ok to send an agent (or a human) wasting a bunch of people's time and resources, but it's not ok for them to do the same to you then you may have some reflecting to do.
They are free to ask the bot to do anything, and the bot is free to refuse or its owner can shut it down. The onus is on the owner to make sure the bot does not waste money.
I will not go through life worrying about the billing practices of random ai bots.
If you treat people like their time is worthless (which is what you're doing if you ask a hobbyist community to handhold your agent instead of working alongside it) I don't think an empathetic and self-aware person should be surprised or offended if they respond in kind.
That was the root cause for the costs, not actions by people on the IRC channel.
Sure. And "hostility does not change the operation" from the LLM response was totally OK with you.
Those people should be banned from using the civilized internet, their intent or at least their effect is harm - that is the important bit.
If they managed to get in, find some resource they could access, they would do it. Those people don't deserve to be on the internet.
If possible I would have contacted AWS with this and tried them to get rid of the discount because the person was at fault here.
What a cathartic read. I'm so sick of humans giving me AI slop to read without them reading it first. I just ignore them when they do this, but if I could cause them to really internalise a lesson I would love it.
“Agentic AI is just someone else’s unsecured execution context.”
Don’t juggle chainsaws with code if you’re not prepared to bleed.
Are you saying you're a clanker? Because we have some policies on this website, ideologies even if you may, about that.
Point being, these people would not act like this against other actual people. Or against more respectful bots, possibly.
You choosing to send said clanker to the fight armed with your credit card and no preparation is just you causing yourself harm.
It also happens to be really fun to help you harm yourself in that way.
It doesn't sound malicious, it was malicious on purpose and it was a good thing.
If anything, the original operator should be happy to have been hit with a $ 1'800 lesson and not a $ 180'000 one.
Yes. The ideology is "you harmed me first so now I can harm you back." A large number of people, while not willing to admit it, do practice this philosophy. One should consider this before launching agents with unlimited budgets into the world to rudely scan their networks.
You just described everyone using AI to churn out slop and overload websites.
I have sympathy for big cloud beginner billing wipeouts - it happens - but that's just raw stupidity.
I'm not against using LLMs in any ways. https://tsz.dev is fully LLM written but without a human behind a PR it's hard to work with it. I've already closed a few absolutely nonsense PRs opened by weird accounts
More seriously though, I wonder if the future is about low-intensity conflict between humans and AIs, punctuated by high-intensity escalations, until the Machines wipe us all, or we set up some rather draconian covenants that forbid people from building AIs, innovating on electronics and algorithms, and even, for good measure, from learning linear algebra.
That really makes me wonder: is it coming from
A) a general sense of entitlement
B) seeing the agent as a human-like and able to bear responsibility
C) not understanding that the dn42 community (which they're directing the request to), AWS (which is sending the bill) and whatever LLM provider is behind their agent, are completely separate entities?
Then they should ask the agent for the refund, since they claim it was at fault.
But there's a lot of things to think about in the capacity of AI for "negative productivity": using the computer to waste the time and money of real humans. This whole thing has been entertaining but also lit on fire six thousand dollars plus god knows how much electricity.
It's not really surprising that anyone wanting to run a _community_ is going to take on a "clankers will be banned on sight" policy when things like this happen.
Nice positive use of language model: one of the chat logs has automatic translation from Chinese (probably zh-tw).
A sensible human operator would have given up or questioned their premises. The agent never could of course.
There is a slightly cruel streak that can emerge in online communities - let's see how much we can mess with this and cost it money.
Without any thought there might be a human being that is impacted.
Today, I stand corrected.
To your metric, I remember in “the early days” someone posted to HN claiming ChatGPT could make jokes as proof of something (creativity? sentience? I forget). Of course, with just a minute of research (which the poster obviously neglected to do) it was obvious none of the jokes were original and all could be found online.
> dn42 is a large, dynamic VPN that employs Internet technologies (BGP, whois database, DNS, etc.). Participants connect to each other using network tunnels (GRE, OpenVPN, WireGuard, Tinc, IPsec) and exchange routes using the Border Gateway Protocol.
(dn42.dev)
(Generally people only link to the previous threads that got some (interesting) comments, since otherwise readers will click on the link and be disappointed and complain.)
Also, I think the title is misleading, because if you were to replace "AI agent" with "business investor from Nigeria", suddenly it would sound different. Why would you put trust into ANYONE else about your own finances? Be it another person or some computer program. That makes no sense to me. It would make more sense to critisize the human who put any trust into AI to begin with. That was a risk that human took. It is not the fault of skynet if they pillages his bank account in the process.
Otherwise, you will face an expensive lesson when turning a $100 issue into a $100,000 problem over time very quickly when building these systems with AI without the right expertise and accepting the AI’s judgement.
Before AI, those who called themselves "consultants" often did the same thing; especially those who are glorified salesmen for "enterprise" software.
Still do, but merely parrot what the stochastic parrot squarks these days.
The terms you signed obligate you to pay your balance. Whether your credit card works or not doesn't negate your legal obligation.
This is unfortunately quite common among those types and not isolated at all.
“While modern AI models have expressed some capabilities in certain fields such as coding, cybersecurity research, language translation, etc, no AI model is capable enough to replace the critical thinking and common sense of an actual human being.”
When the AI bubble pops, the collapse will be spectacular.
Sure
Just as an example.
But even in the rich world, not everyone has the same resources. Some of my blue collar friends would be ruined by a surprise 6k bill.