Reviews and Comments

Yikes!

Surprising that what is essentially a RCE in an ML model attack has gotten so little attention. Looks like a nice continuation from the image classification attacks.

A @casey recommendation

In this talk, @pluralistic@mamot.fr covers the basic premise of enshittification, how the internet giants have lobbied to change the rules that let them get big to stifle competition, and finally, what can be done about it.

I only recently was made aware of the term enshittification, but had seen the decay of online platforms hasten, be it Twitter, FB, Reddit, Google, etc. The term and "play book" was helpful to draw connections between the behaviors on disparate sites.

I am slightly less hopeful than the author about reversing the course on some of these, but I guess there's something to be said about me posting this review on a distributed, federated service not part of big tech.

Overall a great talk, wake up call, and pointer to some hopeful directions.

This paper formally equates (lossless) compression algorithms with LLM/learning. While the Hutter Prize has postulated the connection, this paper shows how an LLM can act as a better compressor for multi-modality data than the domain specific standards of today. The authors also use the gzip compression algorithm as a generative model, with rather poor success, but build a mathematical framework to build on.

The paper also covers tokenization as compression, which is something that's been lacking in a lot of other scientific discourse on this subject. Overall a nice read, 4* only because it ends abruptly without fully exploring the space of compressors as generative models.

Suggestion from co-worker, especially since it seems to overlap with my blog.thinkst.com/2023/06/meet-zippy-a-fast-ai-llm-text-detector.html work

I skimmed the top-level summary when it came out, but it appears well worth a deeper read.

Interesting story and insider view of the great firewall of China and bypass techniques.

Basically this research combines a legacy IPv6 addressing scheme where the MAC address is put into the address with crowd-sourced WiFi network scanning geo-location databases. The trick is figuring out the delta in MACs between the WAN and WLAN adaptors, but they are usually close, so with some clustering, they were able to get 39m accuracy for ~12M routers in over 100 countries.

Crazy to think putting a MAC address in a world-routing IP address was ever considered a good idea, but with networking gears' long life cycle, it will be a long-lasting mistake!

Came across this in a review in The Economist. I've usually found that scaling people is where orgs seem to struggle, so I'd be keen to hear from someone who oversaw enormous growth at Stripe.

Interesting approach of using a fault-tolerance feature to handle transient HW issues as a way to bypass fingerprint attempt counters. Obviously less practical due to needing invasive physical access and a fingerprint database, but a nice multi-device logic bug class!

Heard about this on @riskybusiness@infosec.exchange and @casey thought it would be a good one to read as a #ThinkstScapes candidate.

Not a ton more than what was in the abstract: it only takes a small number of fine-tuning samples to greatly improve the [human-scored] performance of LLMs.

Rereading for the third time