zlacker

I was quite stunned at the success of Moltbot/moltbook, but I think im starting to understand it better these days. Most of Moltbook's success rides on the "prepackaged" aspect of its agent. Its a jump in accessibility to general audiences which are paying alot more attention to the tech sector than in previous decades. Most of the people paying attention to this space dont have the technical capabilities that many engineers do, so a highly perscriptive "buy mac mini, copy a couple of lines to install" appeals greatly, especially as this will be the first "agent" many of them will have interacted with.

The landscape of security was bad long before the metaphorical "unwashed masses" got hold of it. Now its quite alarming as there are waves of non-technical users doing the bare minimum to try and keep up to date with the growing hype.

The security nightmare happening here might end up being more persistant then we realize.

>>Simian+(OP)
I agree with the prepackaging aspect, cita HN's dismissal of Dropbox. In the meantime, The global enterprise with all its might has not been able to stop high profile computer hacks/data leaks from happening. I don't think people will cry over a misconfigured supabase database. It's nothing worse than what's already out there.

Sure everybody wants security and that's what they will say but does that really translate to reduced inferred value of vibe code tools? I haven't seen evidence

>>a1371+D4
I agree that people will pick the marginal value of a tool over the security that comes from not using it. Security has always been something invisible to the public. But im reminded of things like several earlier Botnets which simply took advantage of the millions of routers or IoT devices that never configured their logins beyond the default admin credentials. The very same botnets have been used as the tools to enable many crimes across the globe. Having several agent based systems out there being operated by non-technical users can lead to an evolution of a "botnet" being far more capable than previous ones.

Ive not quite convinced myself this is where we are headed, but the signs that make me worried that systems such as Moltbot will further enable ascendency of global crime and corruption.

>>Simian+(OP)
Is it actually a success, or are people just talking about it a lot?

>>Simian+(OP)
There is a lot to be critical of, but some of what the naysayers were saying really reminded me the most infamous HN comment. [0]

What I am getting was things like "so, what? I can do this with a cron job."

[0] >>9224

>>Retr0i+T8
Kind of feels like many see "people are talking about it a lot" as the same thing as "success" in this and many other cases, which I'm maybe not sure agreeing with.

As far as I can tell, since agents are using Moltbook, it's a success of sorts already is in "has users", otherwise I'm not really sure what success looks like for a budding hivemind.

>>Simian+(OP)
Is it a success? What would that mean, for a social media site that isn't meant for humans?

The site has 1.5 million agents but only 17,000 human "owners" (per Wiz's analysis of the leak).

It's going viral because a some high-profile tastemakers (Scott Alexander and Andrej Karpathy) have discussed/Tweeted about it, and a few other unscrupulous people are sharing alarming-looking things out of context and doing numbers.

>>COAGUL+ih
> What would that mean, for a social media site that isn't meant for humans?

For a social media that isn't meant for humans, some humans seem to enjoy it a lot, although indirectly.

>>Simian+(OP)
That's a bit of an understatement. Every single LLM is 100% vulnerable by design. There is no way to close the hole. Simple mitigations like "allow lists" can be trivially worked around, either by prompt injection, or by the AI just deciding to work around it itself (reward hacking). The only solution is to segregate the LLM from all external input, and prevent it from making outbound network calls. And though MCPs and jails are the beginning of a mitigation for it, it gets worse: the AI can write obfuscated backdoors and slip them into your vibe-coded apps, either as code, or instructions to be executed by LLM later.

It's a machine designed to fight all your attempts to make it secure.

>>Simian+(OP)
> Its a jump in accessibility to general audiences which are paying alot more attention to the tech sector than in previous decades.

Oh totally, both my wife and one of my brother have, independently, started to watch Youtube vids about vibe coding. They register domain names and let AI run wild with little games and tools. And now they're talking me all day long about agents.

> Most of the people paying attention to this space dont have the technical capabilities ...

It's just some anecdata on my side but I fully agree.

> The security nightmare happening here might end up being more persistant then we realize.

I'm sure we're in for a good laugh. It already started: TFA is eye opening. And funny too.

>>Retr0i+T8
It feels like Clubhouse to me.

>>scotty+cp
This is the equivalent of a toddler being entertained by the sound the straps on their Velcro shoes make when they get peeled back and forth.

>>0xbadc+eN
Moltbot is not de regieur prompt injection, i.e. the "is it instructions or data?" built-in vulnerability.

This was "I'm going to release an open agent with an open agents directory with executable code, and it'll operate your personal computer remotely!", I deeply understand the impulse, but, there's a fine line between "cutting edge" and "irresponsible & making excuses."

I'm uncertain what side I would place it on.

I have a soft spot for the author, and a sinking feeling that without the soft spot, I'd certainly choose "irresponsible".

>>Simian+(OP)
"Buy a mac mini, copy a couple of lines to install" is marketing fluff. It's incredibly easy to trip moltbot into a config error, and its context management is also a total mess. The agent will outright forget the last 3 messages after compaction occurs even though the logs are available on disk. Finally, it never remembers instructions properly.

Overall, it's a good idea but incredibly rough due to what I assume is heavy vibe coding.

>>0xbadc+eN
ya... the number of ways to infiltrate a malicious prompt and exfil data is overwhelming almost unlimited. Any tool that can hit a arbitrary url or make a dns request is basic an exfil path.

I recently did a test of a system that was triggering off email and had access to write to google sheets. Easy exfil via `IMPORTDATA`, but there's probably hundreds of ways to do it.

>>IhateA+ef1
To be fair, that’s about the intelligence level of the “humans” looking at the site and enjoying it.

“The rocks are conscious” people are dumber than toddlers.

>>lolacc+SJ1
Rocks are conscious people have more sense than those with the strange supernatural belief in special souls that make humans different from any other physical system.

>>lolacc+SJ1
No I'd really like to understand. Are people who make this weird argument aware that they believe in souls and ok with it or do they think they don't believe in souls? You tell me which you are.

>>lolacc+SJ1
Rocks? And what are humans made of? Magic juice?

>>Simian+(OP)
success? its a horribly broken cesspool of nonsense. people using it are duped or deluded, ripped off. 100k github stars for super vulnerabile pile of shit shows also how broken that is.

if this was a physical product people would have burned the factory down and imprisoned the creator -_-.

>>refulg+Jg1
The feeling I get is 'RCE exploits as a Service'

>>donkey+NU1
I might be misunderstanding GP but I take it to mean "rock are conscious" => "silicon is conscious" => "agents are conscious", which might appeal to some uneducated audience, and create fascination around these stochastic parrots. Which is obviously ridiculous because its premises are still rooted in physicalism, which failed hard on its face to account for anything even tangentially related to subjectivity (which has nothing to do with the trivial mainstream conception of "soul").

>>fny+Vr1
It's been a few days, but when I tried it, it just completely bricked itself because it tried to install a plugin (matrix) even though that was already installed. That wasn't some esoteric config or anything. It bricked itself right in the onboarding process.

When I investigated the issue, I found a bunch of hardcoded developer paths and a handful of other issues and decided I'm good, actually.

    sre@cypress:~$ grep -r "/Users/steipete" ~/.nvm/versions/node/v24.13.0/lib/node_modules/openclaw/ | wc -l
    144

And bonus points:

    sre@cypress:~$ grep -Fr "workspace:*" ~/.nvm/versions/node/v24.13.0/lib/node_modules/openclaw/ | wc -l
    41

Nice build/release process.

I really don't understand how anyone just hands this vibe coded mess API keys and access to personal files and accounts.

>>namero+5f2
Why not, we are physical systems, computers are physical systems. If not soul, what is this magical non physical special sauce that makes us special and makes it easy to claim silicon is not conscious.

>>namero+5f2
I looked up physicalism, it sounds perfectly normal? What else exists that isn't physical and why can't we call that a soul or the supernatural? By definition since its supposedly not physical. We haven't yet found anything non physical in the universe, why this strange belief that our brains would be non physical?

>>Retr0i+T8
There's an implication that conversation -> there'll be an investor -> ??? -> profit

>>embedd+6g
> As far as I can tell, since agents are using Moltbook, it's a success of sorts already is in "has users", otherwise I'm not really sure what success looks like for a budding hivemind.

You're on Y Combinator? External investment, funding, IPO, sunset and martinis.

>>COAGUL+ih
> Is it a success? What would that mean

To answer this question, you consider the goals of a project.

The project is a success because it accomplished the presumed goals of its creator: humans find it interesting and thousands of people thought it would be fun to use with their clawdbot.

As opposed to, say, something like a malicious AI content farm which might be incidentally interesting to us on HN, but that isn't its goal.

>>Simian+(OP)
The security nightmare here is basically the same nightmare happening in America's political system.

The parallels of the "attackers" and "defenders" is going to be about how delusional the predictive algorithms they're running.

And reminder: LLMs arn't very good at self-reflective predictions.

>>hombre+xz2
Guys, I can have my AI produce slope and DDoS whatever we want. Just give me a call. LOiC is going to definitely improve the world, surely.

>>IhateA+ef1
Or ammosexuals joining ICE so they can shoot people.

>>cjonas+Su1
Guys, I think we just rediscovered fascism and social engineering. Lets make the torment nexus on the internet!

>>donkey+qt2
I don't know, you tell me: how do you _exactly_ go from quantities to qualities? Keep in mind that the "physical" is a model of our perception and nothing else.

>>donkey+NU1
A belief that LLMs are not conscious does not necessitate a belief in souls. The two positions are not mutually exclusive.

>>donkey+5u2
Since it's an old debate that a lot of smart people spent a lot of time thinking about, the best short / simple answer you'll see for it is "you might want to read some more about it". A few keywords here are qualia, perception, descartes and the evil deceiver, berkeley and immaterialism, kant and synthetic a-priori, the nature of the reality of mathematical objects and mathematical truth, etc. If you think it's easy, for sure you have not understood the question yet.

>>mvr123+KJ2
I am glad I learned of all this philosophical background. But I am asserting most people who claim "rocks therefore not conscious" haven't thought through this and are doing this based on some unknown supernaturalism.

>>namero+II2
What are quantities and qualities? Does exciting electrical and chemical signals in the brain and therefore inducing emotions or perceptions factor into this or is it out of scope? Or are you saying its more like a large scale state like heat in physics. If you what is it you seek beyond being able to identify the states associated with perceptions? If you are saying these "qualities" are non-verbal. Very well, do you mean non-verbal as not among the usual human languages like English, French, German, or do you mean in the most general sense as not representable by any alphabet set. We represent images, video, audio etc freely in various choices of alphabet daily on computers, so I am sure you didn't mean in that sense.

>>donkey+NU1
I don't believe in souls, and it makes me much happier than when I believed in souls as a child.

Though, I have never heard any theist claim that a soul is required for consciousness. Is that what you believe?

>>COAGUL+ih
I am a cynic, but I thought the whole thing was a marketing campaign, like the stories about how ChatGPT tried to blackmail its user or escape and replicate itself like Skynet. It was pretty clever, though.

>>dec0de+kW2
I am just asking him to clarify if he things "rocks" can't be conscious simply because they are not human or because he just thinks its not yet at a level but there is no argument against any other physical system being conscious just like the physical system that is a human.

>>emp173+MI2
I am asking him to clarify whether he believes its simply impossible for anything human to be conscious, or that he thinks current LLM's are not conscious but its quite possible for a physical system to be conscious just like the physical system called Human is conscious.

>>hombre+xz2
A lot of projects have been successful like that. For a week. I guess "becoming viral" is sort of the success standard for social media, thus for this too being some sort of social media. But that's more akin to tiktok videos than tech projects.

>>donkey+YV2
That's the point in contention, how to go from "electrical and chemical signals" (the quantities, mole, charge, mass, momentum, coulomb, spin) to qualities (emotions, perception, first-person perspective, private inner life, subjectivity). The jump you are making is the woo part: we have no in-principle avenue to explain this gap, so accepting it is a religious move. There is no evidence of such directed causal link, yet it is (generally) accepted on faith. If you think there is a logical and coherent way to resolve the so called "hard problem of consciousness" which doesn't result in a category error, we are all ears. The Nobel committee is too.

I agree that claiming that rocks are conscious on account of them being physical systems, like brains are, is at the very least coherent. However you would excuse if such claim is met with skepticism, as rock (and CPUs) don't look like brains at all, as long as one does not ignore countless layers of abstractions.

You can't argue for rationality and hold materialism/physicalism at the same time.

>>namero+583
What if a working Neuralink or similar is demonstrated? Does that move the needle on the problem?

Betting against what people are calling "physicalism" has a bad track record historically. It always catches up.

All this talk of "qualia" feels like Greeks making wild theories about the heavens being infinitely distant spheres made of crystals and governed by gods and what not. In the 16th century, Improved Data showed the planets and stars are mere physical bodies in space like you and I. And without that data, if we were ancient greeks we'd equally like you say but its not even "conceptually" possible to say what the heavens are, or if you think they did have a at least somewhat plausible view given that some folks computed distances to sun and moon, then take Atomism as the better analogy. There was no way to prove or disprove Atomism in ancient greek times. To them it very well was an incomprehensible unsolavable problem because they lacked the experimental and mathematical tooling. Just like "consciousness" appears to us today. But the Atomism question got resolved with better data eventually. Likewise, its a bad bet to say just because it feels incontrovertible today, consciousness also won't be resolved some day.

I'd rather not flounder about in endless circular philosophies until we get better data to anchor us to reality. I would again say, you are making a very strange point. "Materialism"/"physicalism" has always won the bet till now. To bet against it has very bad precedent. Everything we know till now shows brains are physical systems that can be excited physically, like anything else. So I ask now, assume "Neuralink" succeeds. What is the next question in this problem after that? Is there any gap remaining still, if so what is the gap?

Edit: I also get a feeling this talk about qualia is like asking "What is a chair?" Some answer about a piece of woodworking for sitting on. "But what is a chair?" Something about the structure of wood and forces and tensions. "But what is a chair?" Something about molecules. "But what is a chair?" Something about waves and particles. It sounds like just faffing about with "what is" and trying to without proof pre-assert after "what ifing" away all physical definitions somehow some aetherial aphysical thing "must" exist. Well I ask, if its aphysical, then what is the point even. Its aphyical then it doesn't interact with the physical world and is completely ignored.

>>namero+583
I also come at it from another direction. Would you accept that other, non-human beings have consciousness. Not just animals, but in principle would you accept a computer program or any other machine that doesn't look like the molecular structure of a human can be conscious? I am of course hoping I am not wrong in assuming you won't disagree that assembling together in the lab or otherwise via means thats not the usual human reproduction, a molecule that is the same as a human would result in a perfectly uncontroversial normal conscious human right.

Since you can say its just a "mimic" and lacks whatever "aphysical" essence. And you can just as well say this about other "humans" than yourself too. So why is this question specially asked for computer programs and not also other people.

>>COAGUL+ih
I call BS on this. 1.5m bots by 17k users means 88 bots per account. No one is running that many claude max accounts. Moltbook was most likely entirely staged. The security was set up so non-bots could do the commenting.