• 1 Post
  • 525 Comments
Joined 3 years ago
cake
Cake day: July 5th, 2023

help-circle
  • the growth itself is hella juiced because the GPUs are only relevant for about 3 years till the new ones are out and make more AI for less power. And they depreciate them over 7 years. More than twice as long as they can or should use the GPUs for.

    We don’t actually know this for sure, yet. I had expected the A100 generation (released in 2020) to no longer be profitable to run by now, but the backlog in new data centers being turned on and the high demand from Anthropic and OpenAI still leaves those chips useful for inference. You can rent those 2020 chips out today at some price above what they cost to continue running (300W, so electricity prices of USD $0.20 per kWh would translate into about 6 cents per hour. Prevailing spot prices appear to be about $2/hour right now.

    But just because I was wrong on 2020 chips, originally sold for about $15,000 in a low interest rate environment, doesn’t mean that I’m wrong about 2024 chips, the B100s that use 1000W and were sold for $35,000, requiring a ton more specialized cooling, power, and network infrastructure. Or the 2026 R100s that use 2000W, and whose prices I can’t seem to find published anywhere, but were set after the memory companies basically locked in their record breaking prices for their HBM. That’s an unsustainable path and at some point, data centers start struggling to find users willing to pay the bare minimum necessary to continue turning a profit on GPU usage.

    I doubt the 2024 chips stay in service to 2031. And I’m really, really skeptical that the 2026 chips stay in service to 2033, especially after NVIDIA switches to yearly release cycles next year.


  • But it isn’t encoding knowledge, it’s encoding word correlations.

    I’m saying that humans do this a lot, too. Qualitatively, it’s different, in that this particular batch of frontier LLMs will get things wrong in ways that most human brains wouldn’t, but as a category of error it’s not unique to LLMs.

    I know a ton of facts that I learned only through reading, and have no actual firsthand knowledge/experience or ability to test it: Jupiter is larger than Saturn, the atmosphere during the Carboniferous period was high in oxygen, cigarettes cause cancer, Thomas Jefferson owned slaves, the capital of Norway is Oslo. At best, I can cross reference other sources and see that things are consistent with each other. Is my belief in those facts “knowledge,” or is it merely recognizing from my training data that those particular words can validly be presented in that order?

    If you ask average people on the street whether FAT32 is a good filesystem for a 64GB removable drive, most of them won’t know, but there are a handful of bullshitters who might confidently parrot back things they can Google but not understand. That’s part of the human condition, too.

    I’m by no means an AI booster/enthusiast. I suspect LLMs/transformers are actually a dead end, and expect the upcoming crash to be economically and financially devastating to the tech and financial sectors. But I also have a pretty dim view of human intelligence, too, and see way too many parallels in LLMs as bullshit artists to humans as bullshit artists, too.


  • It modifies the prompt, aka the input, not the output. It is smuggling 3 bits of secret user/session data in a wrapper that doesn’t look like it contains that data. As the article explains:

    So the marker becomes part of the system context sent to the model.

    This is a normal timestamp on a prompt:

    Today's date is 2026-07-11.

    But if your system timezone is a Chinese mainland timezone, it looks like:

    Today's date is 2026/07/11.

    Then, if your base URL includes a keyword like “deepseek,” it silently replaces the apostrophe from a ' to a ʼ:

    Todayʼs date is 2026-07-11.

    Or if the base URL has one of the domains on the list, like any .cn domain, it replaces the apostrophe with another apostrophe character:

    Today’s date is 2026-07-11.

    And if it has both a URL and a keyword on the watchlist, the prompt context includes:

    Todayʹs date is 2026-07-11

    That’s 3 bits of information: does this system have a mainland Chinese time zone, does the base URL contain a known keyword (associated with Chinese AI competitors) or a known domain (associated with mainland China or its major tech companies). And it sneaks it on by without making it obvious.

    That’s steganography.



  • It’s that they are trying to use statistics to encode entire thought processes into hidden variables from conversation snippets. They want to use statistics to go from many individual interactions to a large model, and then use that model to predict individual interactions again.

    Has it been shown that the human brain doesn’t model the world in a similar way, though? A huge portion of human knowledge is both stored and transmitted in the form of language. Lots of human knowledge also follows the garbage in, garbage out theory, where you can have entire areas of knowledge that aren’t actually true but might be internally consistent, at least within certain scopes: conspiracy theories, belief in the supernatural, entire academic disciplines built on a religion or theology that not everyone believes, etc. Or even world building in fiction, the words on a page can be enough to convey ideas such that it “tricks” human brains into filling in the gaps so that they internally see a rich, fleshed out world that is entirely fictional and where specific details might not find strong direct support in the underlying text.

    it has no concept of correctness

    But statistical weight on what is more or less likely to be correct still makes a difference to objective quality of the outputs. If the model weights are trained on the reality that high quality university texts describe something and reflect some sort of underlying model of what is described using language, then can’t the model itself learn as much as a human could from those words on a page?

    All models are wrong, but some can be useful. And different models have different quality in different domains. So although I don’t believe LLMs will overtake the hump of getting ahead of human knowledge, I also don’t believe that any given LLM can be evaluated on quality, and that Facebook’s LLMs are significantly behind other LLMs we see.

    And that maybe a huge part of it is its internal process of preparing the model to evaluate the quality of its inputs, such that the output it produces can also score high on quality.





  • Basically they’d need about as much in radiator fin surface area as they would have in solar panel area. The ISS has 8 solar array wings, 35m x 12m, that can produce about 30 kW each, or 240 kW total, in sunlight (which is only half the time). The ISS has a complex cooling system, but relies on 4 radiators about 3.1 m x 13.6 m to reject up to 14 kW of heat each (56 kW total) for cooling the solar arrays themselves. The main cooling system uses 6 radiators, each 23.3 m x 3.4 m, to reject 70 kW of heat (from this report it sounds like each radiator may be capable of rejecting more than 1/6 of the heat but that the system as a whole needs to be kept under 70 kW of heat rejection).

    So that seems like about 650 square meters of radiators can provide about 120 kW of heat rejection.

    Today, a 72-GPU Blackwell server is 130 kW in a single server rack. The next generation rolling out now has 72 Rubin GPUs in a 230 kW server, in a single rack. And that’s not even a “data center.” That’s just a single (albeit very powerful) server. How many can you string together, with networking equipment beaming data connections back down to the ground, before the ratio of solar panels and radiators to the actual ship size becomes unworkable?

    That said, it’s technically possible, especially if you can radiate the heat at higher temperatures than the ISS does, as the Stefan-Boltzmann law shows that the hotter the radiator, the more heat it can reject. Just completely infeasible from an engineering and economical standpoint, for any data center that hopes to be relevant in an age of 100+ MW data centers.




  • I just pulled up the ChatGPT terms of use

    Who’s talking about ChatGPT or OpenAI?

    I just pulled up the Anthropic commercial API terms, since that’s the situation covered by the original article (big corporation using Anthropic’s paid API):

    Use Restrictions. Customer may not and must not attempt to (a) access the Services to build a competing product or service, including to train competing AI models except as expressly approved by Anthropic; (b) reverse engineer or duplicate the Services; or © support any third party’s attempt at any of the conduct restricted in this sentence.

    Ok, so it’s a contract that purports to prohibit pretty much this kind of model weight extraction, and I’m saying that Anthropic probably considers the model weights to be trade secrets.

    Are you under the impression that trade secret protection only happens when the contract says the words “trade secret”?

    Or, analogously, consider customer lists. Having a contract that says “don’t copy my customer lists even if I sometimes disclose a single customer at a time when we partner together on projects” is probably enough to adequately maintain trade secret protection over those customer lists, even if individual customers are sometimes disclosed under a contract.

    I’m just stating what I believe the law is, not what it should be, or even claiming that what the law is today is good. I’m just saying everyone should be aware that the law is quite protective of big corporations and their proprietary secrets. I still think this qualifies as a trade secret that they’ve protected with their own contracts.




  • Sharing trade secrets under the terms of a contract that dictates how one can use the information still retains trade secret protections.

    Without a contract: intentional disclosure to the person who receives it generally destroys the trade secret status of the information, because the “owner” of the information didn’t do a good job trying to protect it.

    With a contract: intentional disclosure to a person under the terms of the contract makes the contract’s own protections of the information relevant, and misuse of the information by the recipient can get them sued under the contract. Plus, the information itself probably retains trade secret protection so that even if that person gives the information to a third party who can’t be sued under a contract they never agreed to, there are still rights to protect that trade secret as property.

    I’d be shocked if any paid API use isn’t under a robust, enforceable contract. The only question is whether the contract language itself effectively prohibits distillation.



  • The actual process of creating semiconductors is basically:

    1. Etch a stencil that has the pattern you want.
    2. Place the stencil over a piece of silicon.
    3. Bombard the silicon and stencil with radiation so that the chemical properties of the silicon change exactly under that stencil.
    4. Repeat the process with multiple other stencils, so that the resulting silicon has basically shapes of wires and logic gates that can perform different functions with the electricity running through those shapes.

    In recent years, step 3 has gotten so complicated, based on needing to create radiation of exactly a particular wavelength of extreme ultraviolet light focused exactly on the silicon (and the mask/stencil above it), because that wavelength allows for the smallest possible features on the silicon. So they take purified tin, melt the tin into molten liquid, and ejecting the molten tin in a liquid jet downward into a vacuum at exactly the right speed to where it forms into droplets of the exact size for the machine (about 50 μm), then blasts each droplet, mid-fall, with a 1.6kW laser that heats it up so hot that it vaporizes and ionizes into plasma at the exact position where a system of highly polished and precisely positioned mirrors focuses the UV radiation evenly onto the silicon surface.

    Oh, and the machine makes one tin droplet every 1/50,000 of a second, so in any given second it ionizes 50,000 droplets in the stream.

    The machine costs something like $300 million, and requires full time experts to make sure that it’s working correctly.

    Everything else in the fabrication facility is similarly complicated, which is why a fab represents something like $30 billion in total costs over its lifetime.