Companies are building entire workflows around AI, but they are building them under the assumption that they won’t ever be charged per token.
Or worse, where the AI models underpinning a workflow breaks or degrades in some way to reduce token usage and then starts behaving in unexpected ways, in a process/workflow that assumes a particular type of behavior.
Original reporting by Bloomberg is here or here for an archive.is version.
Sounds like the talks are stalled about revenue guarantees from the Kenyan government, if demand for the data center’s capacity never shows up. The power infrastructure isn’t really an issue yet, since the first phase is going to be 100MW and there are plans to build geothermal plants sufficient to cover several multiples of the country’s current power usage, including whatever demand comes from this data center.
Five star rating system was dumb because almost every rating was 1 or 5 stars. It was right to replace with a thumbs up/thumbs down system.
That assumes that the only use for ratings is for averaging the aggregate votes across all users. Nope. Sometimes for a specific user they like to be able to see the granularity of their own ratings for their own use. And even if it is a public aggregated thing the rating service can still treat all 1-2 stars as downvotes and 4-5 stars as upvotes while it’s easier to use the simpler algorithms, but to still store the more precise data for analyzing correlations at greater detail.
Big tech covered the world in trillion-parameter AI models and couldn’t even figure out what to do with 5-star ratings differently from upvotes/downvotes? It’s ridiculous.
Yeah if I were starting now I’d be looking at jellyfin. But I paid the lifetime plex pass, and inertia/laziness what it is, so I haven’t found a reason to actually switch yet.
Hey now, that infrastructure is good for, like, 3 years, so it’s really like spending $145 billion to save $81 billion. And that doesn’t even start to get into how much it costs to operate that infrastructure.
Their stubbornness on the mouse front (including refusal to add a second mouse button) at least got their trackpads (and associated gestures and haptics) to be the best in the game.
Still, I prefer using a mouse if I’m actually at a desk, so I just hook up a Logitech to my MacBook.
The compose key combinations are great because they’re easier to remember, because the codes are grounded in some kind of relationship between the character and the keys used.
Alt codes are just memorized combinations of numbers, and that’s not as easy.
A 2018 MBP should be good for MacOS 15 Sequoia, which still runs updated Firefox. I’m still running Sonoma (the version before that) and I use Firefox as my primary browser.
Testing a bunch of linux distros on old intel macbooks has shown me that apple is really good with resource management on their vertically integrated hardware, even with greedy daemons like identityserverd or whatever it is, trolling through your drive cataloguing faces in your photos all the time, and the relentless indexing system, and telemetry.
It’s really amazing to me how little power MacOS uses in normal use, compared to running Linux on the same machine. The Asahi Linux project also has documented a ton of interesting bits of hardware that MacOS makes use of, pretty seamlessly, that they’ve gotta figure out.
Ah yeah. Plus apparently Android’s default SELinux configuration blocks this separately, as well.
Android doesn’t have su, which this proof of concept exploit requires. Although rooted Android does, so in theory malware written for rooted Android could escalate to root privileges.
Also, the underlying vulnerabilities might be exploitable without su but I don’t fully understand the AF_ALG and authencesn bug limits things, or what other executables can escalate privileges.
I’m not terrified because there’s nothing to be afraid of. but there are dumb, evil little men creating these issues.
Drunk drivers on the highway are terrifying, precisely because they’re so bad at what they’re doing, and are behind the controls of dangerous machines they shouldn’t have been trusted with.
The AI tech execs can hurt us, so it is concerning.
AI avatar man wants you to be afraid: “sleeper agents”! “backdoors”! “poisoned documents”! Terrifying!
It is terrifying. People in positions of power have placed entirely too much trust in these machines that are this easily fooled. I’d argue that we shouldn’t trust these machines as much as they are, but I don’t think the rest of the world is listening enough to these warnings.
I also worry about how broken search result rankings have gotten. For someone like me who doesn’t use these AI products, it concerns me that actual search engines (which I do use) continue to get worse.
Sure, there are lessons here for those who build and maintain LLMs, but everyone else should still be terrified at how the world is moving towards, rather than away, this nonsense.
It’s really important for people to understand that E2EE cannot protect the message portions that aren’t between the ends themselves. The best encryption in the world can’t help you if the person you’re talking to is an undercover cop, because that “end” can do with the plaintext whatever they want, including record/store/forward the plaintext of any messages they then encrypt and send, or any messages they receive and then decrypt.
That’s not a flaw of the E2EE protocol itself, but is a limit to the scope of protection that E2EE provides.
Here’s the original reporting, instead of another website’s summary of Bloomberg’s actual report:
So it sounds like the agent was investigating allegations, from content moderation contractors, that Meta could access the contents of WhatsApp messages, and came to the conclusion that yes, Meta could.
There are a few possibilities here.
Meta claims that it’s #3. They acknowledge they have plaintext access to messages when a party to the thread presses the report button.
This unnamed federal agent believes it’s #1, after 10 months of investigation, and sent out an email to other investigators that they should look into that possibility.
I’m skeptical of #1, simply because I don’t believe that conspiracies to keep that kind of stuff secret can be maintained. It’s not just that there would be technically skilled whistleblowers who have actual access to the code (not the non-technical content moderator contractors who review the content), but a weakness in such an important and widely used protocol would attract all sorts of hackers, state sponsored or otherwise.
But option #2 might explain everything we’ve seen so far. Full wiretap capability that is rarely used and very tightly controlled.
Anybody who believed that quantum computing posed a risk to symmetric encryption was fundamentally misunderstanding how encryption works and what quantum computing might be good at one day.
Asymmetric cryptography is primarily used for the secure exchanging of symmetric keys: use a public/private key pair to exchange secure messages of what symmetric key to use for their session, and then both sides switch to the symmetric key for actual communication of a real payload.
A public/private key pair is two keys that have some interesting mathematical relationship, such that it is easy to confirm that someone possesses the right private key using the public key or to encrypt something that only the correct private key can decrypt. And that mathematical relationship, relating to the product of two very large prime numbers, is at the core of modern asymmetric cryptography.
Quantum computing may make number factorization much, much easier. So once a product of two large primes becomes possible to factor, the public/private key pairs might not be as secure anymore.
But none of this has anything to do with symmetric encryption, or hash functions. Quantum doesn’t move the needle on that particular math.
The real risk, though, is for an adversary to eavesdrop on an encrypted key exchange (which uses asymmetric cryptography) and then the message itself (which uses symmetric cryptography) and then be able to take the two steps of getting the secret symmetric key from the intercepted key exchange over a compromised asymmetric protocol, and being able to decrypt the symmetric portion of the communication too.
This is actually a pretty common concern for businesses on dealing with whether and how to protect themselves when installing improvements, business-critical equipment, or other hard-to-move stuff on land or in a building without a long term lease in place.
The tenant deals with it by either building out a portable infrastructure to where they can move their business quickly if need be, or by protecting themselves legally to where the landlord can’t kick them out on a short notice, by negotiating a long term lease.
Yes, this has everything to do with AI, because this is an AI vendor locking out a customer from their ordinary workflow.
At the same time, this is a generalizable example not limited to AI, where any form of vendor lock-in on a critical business function becomes a potential point of failure when the vendor drops the customer or stops working. It’s true of a cloud provider, an email provider, an ISP, any software provider that can revoke access/authority, or even non-tech vendors like a landlord or a temp agency or an electric utility.
I think it’s worth being clear about the scope of the rating. iFixit has always been about repairability defined by parts availability, and its ratings consider software restrictions only to the point where it interferes with the user experience when replacing parts to restore things to the original performance.
Customizability (in software or otherwise) isn’t part of the score. Durability/longevity isn’t part of the score, either. Those are things that I want, too, but I can recognize those are outside the scope of what iFixit advocates for.
I do have some concerns about the partnerships creating a conflict of interest, but sometimes that feedback loop is helpful for improving the product, where the maintainer of a standard also has a consulting business in helping others meet that standard. Ideally there’s a wall between the two sides (advisors versus raters), but the mere fact that one company might do both things isn’t that big of a deal in itself.
The ones that power spacecraft generate less than 5000W of heat at max power (while producing 300W of usable electricity).
In order to power a single server rack of 72 Blackwell GPUs, which takes about 130,000 watts, you’d need about 430 of those RTGs, and need to manage cooling requirements of 430 times as much (plus however much additional power will be required by the cooling system itself, too).