We’ve been very lucky. A couple of weeks ago, a supply-chain attack against the Linux xz Utils package, which includes the liblzma compression library, was discovered just weeks before the compromised version of the library would have been incorporated into the most widely used Linux distributions. The attack inserted a backdoor into sshd that would have given threat actors remote shell access on any infected system. The details of the attack have been thoroughly discussed online. If you want a blow-by-blow exposition, here are two chronologies. ArsTechnica, Bruce Schneier, and other sources h ..read more

A recent article in Fast Company makes the claim “Thanks to AI, the Coder is no longer King. All Hail the QA Engineer.” It’s worth reading, and its argument is probably correct. Generative AI will be used to create more and more software; AI makes mistakes and it’s difficult to foresee a future in which it doesn’t; therefore, if we want software that works, Quality Assurance teams will rise in importance. “Hail the QA Engineer” may be clickbait, but it isn’t controversial to say that testing and debugging will rise in importance. Even if generative AI becomes much more reliable, the problem of ..read more

“The economic problem of society…is a problem of the utilization of knowledge which is not given to anyone in its totality.” —Friedrich A. Hayek, “The Use of Knowledge in Society” Silicon Valley venture capitalists and many entrepreneurs espouse libertarian values. In practice, they subscribe to central planning: Rather than competing to win in the marketplace, entrepreneurs compete for funding from the Silicon Valley equivalent of the Central Committee. The race to the top is no longer driven by who has the best product or the best business model, but by who has the blessing of the venture c ..read more

There are lots of new models, including one from Apple, but that’s hardly news. AI news is infiltrating other sections of Trends (particularly Programming and Security)—but that’s also hardly news. NVidia CEO Jensen Huang has said that AI will replace coding—but again, he’s not the first. But what’s new is Devin: an AI software engineer from Cognition Labs. Its makers claim that it “can execute complex engineering tasks requiring thousands of decisions. Devin can recall relevant context at every step, learn over time, and fix mistakes.” Devin is in early access; what we’ve heard from those who ..read more

TL;DR LLMs and other GenAI models can reproduce significant chunks of training data. Specific prompts seem to “unlock” training data. We have many current and future copyright challenges: training may not infringe copyright, but legal doesn’t mean legitimate—we consider the analogy of MegaFace where surveillance models have been trained on photos of minors, for example, without informed consent. Copyright was intended to incentivize cultural production: in the era of generative AI, copyright won’t be enough. In Borges’s fable “Pierre Menard, Author of The Quixote,” the eponymous Monsieur Men ..read more

I’ve had a ham radio license since the late 1960s and observed the transition from vacuum tubes (remember them?) to transistors firsthand. Because we’re allowed to operate high power transmitters (1500 watt output), tubes hang on in our world a lot longer than elsewhere. There’s a good reason: tubes are ideal high power devices for people who don’t always know what they’re doing, people who are just smart enough to be dangerous. About the only way you can damage them is by getting them hot enough to melt the internal components. That happens… but it means that there’s a huge margin for error ..read more

January was a dull month, at least in my opinion. Maybe everyone was recovering from their holidays. February was a short month, but it was far from dull. And I’m not even counting the first shipments of Apple Vision. OpenAI has demoed an impressive text-to-vision model called SORA; Google has two very impressive small language models, a model specialized for time series, and they opened Gemini to the public. Outside of AI, there’s a JVM for web assembly; you can use it to run applications like Minecraft in the browser. There are some new ultralight web frameworks. And one of the world’s bigge ..read more

In SQL: The Universal Solvent for REST APIs we saw how Steampipe’s suite of open-source plugins that translate REST API calls directly into SQL tables. These plugins were, until recently, tightly bound to the open-source engine and to the instance of Postgres that it launches and controls. That led members of the Steampipe community to ask: “Can we use the plugins in our own Postgres databases?” Now the answer is yes—and more—but let’s focus on Postgres first. NOTE: Each Steampipe plugin ecosystem is now also a standalone foreign-data-wrapper extension for Postgres, a virt ..read more

Since its release in November 2022, almost everyone involved with technology has experimented with ChatGPT: students, faculty, and professionals in almost every discipline. Almost every company has undertaken AI projects, including companies that, at least on the face of it, have “no AI” policies. Last August, OpenAI stated that 80% of Fortune 500 companies have ChatGPT accounts. Interest and usage have increased as OpenAI has released more capable versions of its language model: GPT-3.5 led to GPT-4 and multimodal GPT-4V, and OpenAI has announced an Enterprise service with better guarantees f ..read more

Since The New York Times sued OpenAI for infringing its copyrights by using Times content for training, everyone involved with AI has been wondering about the consequences. How will this lawsuit play out? And, more importantly, how will the outcome affect the way we train and use large language models? There are two components to this suit. First, it was possible to get ChatGPT to reproduce some Times articles, very close to verbatim. That’s fairly clearly copyright infringement, though there are still important questions that could influence the outcome of the case. Reproducing The New York T ..read more