[dumpsterdiver]

> It's possible that these platforms have such large user bases that they're probably split testing who gets what guardrails all the time.

The varying behavior I've witnessed leads me to believe it's more about establishing context and precedent.

For instance, in one session I managed to obtain a python shell (interface to a filesystem via python - note: it wasn't a shell I could type directly into, but rather instruct ChatGPT to pass commands into, which it did verbatim) which had a README in the filesystem saying that the sandboxed shell really was intended to be used by users and explored. Once you had it, OpenAI let you know that it was not only acceptable but intentional.

Creating a new session however and failing to establish context (this is who I am and this is what I'm trying to accomplish) and precedent (we're already talking about this, so it's okay to talk more about it), ChatGPT denied the existence of such capabilities, lol.

I've also noticed that once it says no, it's harder to get it to say yes than if you were to establish precedent before asking the question. If you carefully lay the groundwork and prepare ChatGPT for what you're about to ask it in a way that let's it know it's okay to respond with the answer you're looking for - things usually go pretty smoothly.