Radar Trends to Watch: October 2024 – O’Reilly


The model release train continues, with Mistral’s multimodal Pixtral 12B, OpenAI’s o1 models, and Roblox’s model for building 3D scenes. We also have another important AI-enabled programming tool: Cursor is an alternative to GitHub Copilot that’s getting rave reviews.

Security will never cease to be a problem, but this month seems particularly problematic. The Mirai botnet is infecting a widely used surveillance camera that is unpatchable; the only known mitigation is to replace the camera. And attackers are targeting participants in GitHub projects, telling them that their project has vulnerabilities and sending them to a malware site to learn more.


Learn faster. Dig deeper. See farther.

Artificial Intelligence

  • Simon Willison uses the curl utility to discover how streaming APIs for large language models work.
  • Goldfish loss is a new loss function that language models can use to minimize the “memorization” of long passages during training. Models trained this way would be less likely to output material they were trained on.
  • OpenAI has put two models into limited (preview) release: OpenAI o1-mini and o1-preview. Both reduce errors and hallucinations by implementing chain-of-thought reasoning. o1-preview spends more effort reasoning through problems before generating a response; o1-mini claims to be a cost-effective model that’s more accurate for scientific reasoning.
  • Mistral has released Pixtral 12B, its first multimodal model. It allows images to be mixed with text and documents as input. It doesn’t appear to create image output, but it can generate code (e.g., for a website) from a sketch. Chat is available through Mistral’s Le Chat, code and weights through GitHub and Hugging Face. Pixtral is licensed under Apache 2.0 and can be fine-tuned and used without restrictions.
  • Roblox has created a generative model that builds 3D scenes from text prompts.
  • Cheating potential aside, connecting a TI-84 graphing calculator to ChatGPT is one of the coolest hacks we’ve seen for quite a while.
  • Anthropic has announced Claude for Enterprise, which offers larger context windows, GitHub integration, and security features (single sign-on, role-based access, audit logs, and identity management).
  • As AI becomes better at simulating humans, will we need “personhood credentials” to prove our humanity? (And what if issuing agencies, which might include governments, decide to use personhood credentials as a political tool?)
  • Chatbots don’t know when to say “help”—a very important point. One important source of errors in AI is the inability to state that it doesn’t know the answer.
  • OpenAI and Anthropic have agreed to give advanced access to their models to the US Artificial AI Safety Institute so they can be tested for safety.
  • AIs that can play video games are old hat. Now they can be the game, not just play it. A Google project has built a model that can simulate the 1990s game Doom, using techniques developed for Stable Diffusion. Could it be used to generate new games, not just emulate older ones?
  • Google has reenabled the Gemini model’s generation of human images.
  • Anthropic has enabled cross-origin request sharing (CORS) for the Claude models’ JSON APIs. This change means that applications running in a browser can interact directly with Claude.

Programming

  • With the addition of preemptive multitasking to the kernel, Linux can now be a true real-time operating system.
  • Want Lisp implemented in Rust macros? Here it is.
  • Yet another interesting programming language: Fennel has Lisp-like syntax and macros but integrates with Lua. It’s compiled, and it can be used for embedded systems.
  • lwIP is a small, lightweight open source IP stack. It’s designed to run on systems with very little memory—for example, small embedded systems.
  • The European Union is building and deploying a standardized, interoperable digital wallet.
  • Handoff is a new open source project that allows software developers to use Figma design tokens in code without requiring a Figma license. It helps integrate designers’ work with software development.
  • Three years after changing its license from open source to business source, Elastic has returned its products, ElasticSearch and Kibana, to an open source license.
  • The Cursor AI code editor has been getting many excellent reviews. It’s similar to GitHub Copilot but integrated with Claude 3.5 Sonnet. Here’s a good intro.
  • Check out the new Dynamicland website! Bret Victor’s Dynamicland demonstrates a compelling way of using computers to facilitate collaboration between people and machines. It’s about computing with people in the real world, with real materials. The Dynamicland site hadn’t changed in years; this new site updates the Dynamicland vision.
  • Microsoft has donated the Mono project, the cross-platform implementation of .Net, to the Wine project.
  • Valkey, the open source fork of the formerly open source Redis key-value store, is gaining momentum, in part because it’s making improvements that Redis users have wanted.
  • A new “absurdly fast” algorithm promises to speed up traffic through networks.

Security

  • A malware campaign called “GitHub Scanner” sends emails to participants in targeted projects claiming that their project has security vulnerabilities. The emails appear to come from GitHub. Victims are asked to visit a site that installs malware.
  • Microsoft has updated its core cryptographic library, SymCrypt, with postquantum cryptographic algorithms.
  • WiFi networks, whether in the office, home, or a coffee shop, are surprisingly easy to attack. Here’s some good advice for keeping intruders off of your network.
  • A security researcher has, somewhat accidentally, purchased the (expired) domain of the former WHOIS server for the .mobi domain. They discovered that certificate authorities (CAs) were still using the old server to verify domain ownership. All has been restored to normal, but do we really need to say again that the IP stack has deep and fundamental vulnerabilities?
  • RAMBO is a new attack that steals data from air-gapped systems by manipulating RAM in ways that generate decodable radio signals. Another attack against air-gapped systems takes advantage of acoustic noise generated by screen displays.
  • Attackers are using comments on GitHub to recommend fake fixes that install malware.
  • Rock and roll will never die. Neither will the Mirai botnet. It’s been spreading among a widely used, unpatchable security camera model. The only mitigation would be for the users of the security camera to replace it, and that’s not likely.
  • Chaos engineering—a testing technique that randomly introduces faults into a system—has been used to measure a system’s vulnerability to distributed-denial-of-service (DDOS) attacks and assess the system’s response, allowing the operators to mitigate vulnerabilities.

Web

  • O’Reilly author Holden Karau has developed a platform that uses AI to help people fight health insurance claim denials. The platform helps generate the many letters and forms required to protest a rejection.
  • Judging from the online chatter on Mastodon and Bluesky, the final XOXO festival was clearly the event not to miss. Videos from 2024 aren’t yet online.
  • What can you hide in one million checkboxes? A lot of stuff: URLs, images, animations… Here’s a story about creativity, play, subversion, and software that’s worth reading.
  • The revolt against complex JavaScript frameworks continues. Will there be a PHP revival?
  • Perhaps it’s not surprising, but GPT is good at unminifying code; the result is quite clear and readable. Minifying means replacing meaningful names with short, meaningless ones and doing other tricks to reduce code size (and obfuscate its meaning). It’s used mostly for JavaScript.

Hardware

  • Flow computing is a new architecture for general-purpose CPUs that combines cores designed for parallel processing with general-purpose cores.
  • Cerebras—maker of some of the largest chips in the world—has announced Cerebras Inference, a processor that can do inference at roughly 20 times the speed and one-fifth the cost per token of the NVIDIA H100. At 1,800 tokens per second, Llama 3.1-8B is almost instantaneous.

Quantum Computing

  • Microsoft claims to have solved a real-world chemistry problem using a hybrid system composed of both classical and quantum processors.
  • Researchers at Google claim to have created a single logical qubit with reduced error rates. The error rate decreases further as more physical qubits are added to the logical qubit. Scott Aaronson’s discussion is worth reading.
  • Oak Ridge National Laboratories, which currently has the world’s fastest supercomputer, is experimenting with adding a quantum accelerator.

Robotics

  • A new design for robot legs focuses on building artificial muscles. Legs incorporating the design appear to be much more capable and efficient than traditional, motor-actuated limbs.
  • We’re advised to be skeptical of videos showing humanoid robots doing amazing things. There are a lot of tricks: cherry picking, of course, but also off-screen human operators, carefully chosen terrain that isn’t realistic, and many others.

Biology