Technology

Radar Trends to Watch: June 2023 – O’Reilly


AI, and specifically large language models, continue to dominate the news–so much so that it’s no longer a well-defined topic, with clear boundaries. AI has infiltrated programming, security, and virtually every branch of technology.

But that’s hardly news. By the time you read this, Apple may have announced their ultra-expensive, ultra-stylish AR headset; that may be enough to break the Metaverse out of its AR/VR winter. Or maybe not. If Apple can’t make technology into a fashion statement, no one can. And Rust has forked, spawning a new programming language called Crab. Will this slow Rust’s momentum? It is very hard to say. Many projects have forked and few forks thrive, but there are exceptions.


Learn faster. Dig deeper. See farther.

AI

  • LMSYS ORG (Large Model Systems Organization), a research cooperative between Berkeley, UCSD, and CMU, has released ELO ratings of large language models, based on a competitive analysis. Not surprisingly, GPT 4 is the leader. PaLM 2 is included, but not the larger LLaMA models.
  • OpenAI has added plug-ins (including web search) to its ChatGPT Plus product. Unsurprisingly, Microsoft is adding plugins to its AI services, using the same API.
  • A new AI stack is emerging, using LLMs as endpoints and vector stores for local data. To answer a query, relevant data is found in the vector store and used to build a prompt for the LLM.
  • TechTalks has a good explanation of LoRA (Low Rank Adaptation), a technique for fine-tuning large language models that is less time- and processor-intensive.
  • Langchain: The Missing Manual has been published online by the makers of PineconeDB, a vector database that is frequently used with Langchain to build complex applications on top of  large language models. Chapters are being added as they are completed.
  • The importance of user interface design for AI has never been properly appreciated. Fitting a language model into a chatbot is easy, and made it possible for millions to use them. But chatbots aren’t really a good user interface.
  • Vector databases are a relatively new kind of database that work well with large language models and other AI systems. They can be used to augment a model’s “knowledge” by adding additional documents.
  • Google has announced Codey, a code generation model similar to Codex. Codey will be accessible through Visual Studio, Jet Brains, and other IDEs, in addition to Google Cloud products such as Vertex. They have also announced new models for image and music generation. These models are currently in restricted beta.
  • Mosaic has released MPT-7B, an open-source family of large language models that allows commercial use. There are three variants of the base model that have been specialized for chat, writing long stories, and generating instruction. MPT-7B demonstrates the MosaicML platform, a commercial service for training language models.
  • Now that so many people are using APIs and tools like AutoGPT to build applications on top of AI models, Simon Willison’s explanation of prompt injection, which shows why it is an attack against the applications rather than the models themselves, is a must-read (or see).
  • OpenLLaMA is yet another language model based on Facebook’s LLaMA. OpenLLaMA is completely open source; it was trained on the open source RedPajama dataset, allowing it to avoid the licensing restrictions attached to LLaMA and its descendants.
  • A new study has shown that fMRI images of the brain can be used to decode sentences that the person was hearing. This is the first time that noninvasive techniques have succeeded in decoding linguistic activity.
  • It had to happen. Chirper is a social network for AI. No humans allowed. Though you can observe. And create your own chatbots.
  • MLC LLM, from developers of Web LLM, allows many different combinations of hardware and operating systems to run small large language models entirely locally. It supports iPhones, Windows, Linux, MacOS, and web browsers.
  • DeepFloyd IF is a new generative art (text-to-image) model developed by Stability.AI. It is available from HuggingFace.
  • Lamini is a service for customizing large language models. They support multiple foundation models, provide a data generator, and have APIs for prompt-tuning and RLHF.
  • Edward Tian, cofounder of GPTZero, has said that GPTZero will never be about detecting plagiarism. Their goal is understanding and supporting students who are learning how to use these models.
  • The next step in making AI more trustworthy might be developing language models that respond to prompts by asking questions first, rather than generating answers. Doing so encourages human users to think critically, rather than simply accepting the AI’s output.

Data

  • OpenSafely is an open source platform that allows researchers to access electronic health records securely and transparently. The records never leave the repositories in which they are held. All activity on the platform is logged, and all projects are visible to the public.
  • The Solid project is developing a specification for decentralized data storage. Data is stored in pods, which are analogous to secure personal web servers.
  • The Kinetica database has integrated natural language queries with ChatGPT. We will see many more products like this.

Programming

  • We expect many companies to follow Honeycomb by using ChatGPT to incorporate natural language queries into their user interface. However, the path to doing so isn’t as straightforward or simple as you might think. What are the problems nobody talks about?
  • I have been avoiding all the Rust drama. But sometimes drama is unavoidable. Rust has been forked; the new language is named Crab; and we will all see what the future holds.
  • Can you write Python like it’s Rust? While Python will always be Python, some Rust-like practices will make your code more safe.
  • To improve software supply chain security, the Python Package Index (PyPI), which is the registry for open source Python packages, now requires two factor authentication from all publishers. PyPI has been plagued with malware submissions, account takeovers, and other security issues.
  • It’s worth taking a look at the map of GitHub. Is your favorite project in GPTNation? Or JavaLandia? Or Gamedonia? If you zoom in, you can see how individual projects cluster, along with the connections between them.
  • Julia Evans’ (@b0rk’s) guide to implementing DNS in a weekend is a must-read for anyone who wants to understand network programming at a low level.
  • Codon is a new Python compiler that generates code with much higher performance than interpreted Python (CPython). It doesn’t implement all of Python 10’s features, and it was designed specifically for bioinformatics workloads, so it may not perform well in other applications. Still, if Python performance is an issue, it’s worth trying.
  • GitHub Code Search is finally out of beta and available to the general public. Code Search is not AI; it’s a traditional search, with regular expressions, across all of GitHub. By itself, that is extremely powerful.
  • GitLab has partnered with Google to add AI features to their platform. This includes a facility to detect and explain vulnerabilities, in addition to the ability to customize and build upon Google’s foundation models.
  • Another new programming language? Mojo is very closely related to Python (the language syntax is identical to Python), but it’s a compiled language that’s designed for high performance.
  • Learn Python with Jupyter represents an interactive approach to learning Python. Additional chapters are being released every few weeks.
  • It’s not just Linux. The Windows 11 kernel will soon include code written in Rust.
  • The Prossimo project is improving memory safety on the Internet by rewriting important Unix/Linux infrastructure components using Rust. Their latest initiative is rewriting the ubiquitous superuser commands, sudo and su. NTP, DNS, and TLS are also on the list.

Security

  • Data poisoning is an effective attack on large language models. And, given that future search engines will be based on LLMs, black hat SEO will be targeting those models. It is far from clear that OpenAI, Google, and Microsoft have any effective defense against these attacks.
  • Amazon has open sourced two security tools developed for AWS: Cedar and Snapchange. Cedar is a language and API that allows users to write and enforce policy permissions. Snapchange is still experimental; it uses fuzzing to help find vulnerabilities in software.
  • Microsoft’s cloud services are cracking password protection on .zip files (a relatively easy task) to scan the contents for malware. Privacy issues aside, this is a problem for legitimate security researchers.
  • The FBI was able to use a vulnerability in Russia’s widespread Snake/Uroburos malware to disable it. This story is fascinating. Even exploits have exploits.
  • This year, the hacking village at DEF CON will have language models from all the major players (OpenAI, Google, Microsoft, Stability AI, Microsoft, NVIDIA, and HuggingFace) for attendees to attack.

Web

  • Bad user interface design: is it a meme, a game, a joke, a contest, satire, or all of the above? Sometimes it’s just fun to see how bad a volume control you can make. And sometimes, that puts you back in touch with reality. Not everything needs to be reinvented. Here’s more.
  • Nodepad is a web application for brainstorming, note taking, and exploring ideas using large language models.
  • Google has announced that image search results will include information about the image’s source, where else it has appeared, and whether it is known to be generated by AI. Images generated by Google’s AI tools will include metadata stating the image’s origin. Other image publishers will display similar information.
  • The Pudding provides a taxonomy of dark patterns: unethical tricks that companies use to prevent you from canceling online subscriptions.
  • Bluesky has opened their Twitter-like social network for a private beta, and has attracted many users away from Twitter. Bluesky competes directly with Mastodon, and has led to Mastodon streamlining their signup process.

Operations

AR/VR

  • Apple is expected to announce their long-awaited augmented reality headset at WWDC this week (maybe even before this piece publishes). That will be a “make it or break it” event for AR and VR; if anyone can make wearing a headset fashionable, cool, and expensive, Apple can.
  • Who needs a screen? The Spacetop is a new laptop that uses AR goggles instead of a screen; the screen appears to float in space in front of the user.

Quantum Computing

  • Researchers at the University of Chicago claim to have developed “noise-canceling qubits” that reduce the probability of error when reading a qubit’s state. If their prototype stands up to further testing, this could make building quantum computers that are capable of real work much easier.
  • Quantum computers need to scale. IBM has announced a project to build a 100,000 Qubit quantum computer within 10 years. Depending on error correction, this still probably isn’t large enough to do real work, but it’s getting close.
  • Do you want your own quantum computer? SpinQ has created a quantum processor based on MRI technology, which was used for the first quantum demonstrations. Their Gemini Mini has two qubits, fits on a desktop, and costs $8,700. A high-end device ($58,000) has a third qubit. These processors may be useful for experimentation, but are far too small for useful work.

Biology

Hardware

  • Researchers have made an edible battery. It contains no toxic materials, unlike most battery technologies. Exactly why you would eat a battery is a mystery; they offer some use cases, of which the most plausible is smart implants.
  • Apple and Google have announced a proposed standard that would prevent the abuse of location tracking devices like AirTag.