Leaked Internal Google Document Claims Open Source AI Will Outcompete Google And OpenAI

May 5, 2023 by Maya Posch 37 Comments

In the world of large language models (LLM), the focus has for the longest time been on proprietary technologies from companies such as OpenAI (GPT-3 & 4, ChatGPT, etc.) as well as increasingly everyone from Google to Meta and Microsoft. What’s remained underexposed in this whole discussion about which LLM will do more things better are the efforts by hobbyists, unaffiliated researchers and everyone else you may find in Open Source LLM projects. According to a leaked document from a researcher at Google (anonymous, but apparently verified), Google is very worried that Open Source LLMs will wipe the floor with both Google’s and OpenAI’s efforts.

According to the document, after the open source community got their hands on the leaked LLaMA foundation model, motivated and highly knowledgeable individuals set to work to take a fairly basic model to new levels where it could begin to compete with the offerings by OpenAI and Google. Major innovations are the scaling issues, allowing these LLMs to work on far less powerful systems (like a laptop or even smartphone).

An important factor here is Low-Rank adaptation (LoRa), which massively cuts down the effort and resources required to train a model. Ultimately, as this document phrases it, Google and in extension OpenAI do not have a ‘secret sauce’ that makes their approaches better than anything the wider community can come up with. Noted is also that essentially Meta has won out here by having their LLM leak, as it has meant that the OSS community has been improving on the Meta foundations, allowing Meta to benefit from those improvements in their products.

The dire prediction is thus that in the end the proprietary LLMs by Google, OpenAI and others will cease to be relevant, as the open source community will have steamrolled them into fine, digital dust. Whether this will indeed work out this way remains to be seen, but things are not looking up for proprietary LLMs.

(Thanks to [Mike Szczys] for the tip)

This Week In Security: Oracle Opera, Passkeys, And AirTag RFC

May 5, 2023 by Jonathan Bennett 10 Comments

There’s a problem with Opera. No, not that kind of opera. The Oracle kind. Oracle OPERA is a Property Management Solution (PMS) that is in use in a bunch of big-name hotels around the world. The PMS is the system that handles reservations and check-ins, talks to the phone system to put room extensions in the proper state, and generally runs the back-end of the property. It’s old code, and handles a bunch of tasks. And researchers at Assetnote found a serious vulnerability. CVE-2023-21932 is an arbitrary file upload issue, and rates at least a 7.2 CVSS.

It’s a tricky one, where the code does all the right things, but gets the steps out of order. Two parameters, jndiname and username are encrypted for transport, and the sanitization step happens before decryption. The username parameter receives no further sanitization, and is vulnerable to path traversal injection. There are two restrictions to exploitation. The string encryption has to be valid, and the request has to include a valid Java Naming and Directory Interface (JNDI) name. It looks like these are the issues leading Oracle to consider this flaw “difficult to exploit vulnerability allows high privileged attacker…”.

The only problem is that the encryption key is global and static. It was pretty straightforward to reverse engineer the encryption routine. And JDNI strings can be fetched anonymously from a trio of endpoints. This lead Assetnote to conclude that Oracle’s understanding of the flaw is faulty, and a much higher CVSS score is appropriate. Particularly with this Proof of Concept code, it is relatively straightforward to upload a web shell to an Opera system.

The one caveat there is that an attacker has to get network access to that install. These aren’t systems intended to be exposed to the internet, and my experience is that they are always on a dedicated network connection, not connected to the rest of the office network. Even the interconnect between the PMS and phone system is done via a serial connection, making this network flaw particularly hard to get to. Continue reading “This Week In Security: Oracle Opera, Passkeys, And AirTag RFC” →

Virgin Galactic Cautiously Returns To Flight

May 4, 2023 by Tom Nardi 32 Comments

After Richard Branson delivered some inspiring words from his seat aboard SpaceShipTwo Unity, he unbuckled himself and started to float around the vehicle’s cabin along with three other Virgin Galactic employees. Reaching an apogee of 86 kilometers (53 miles), the passengers enjoyed four minutes of weightlessness during the July 2021 flight that was live-streamed over the Internet to an audience of millions. After years of delays, SpaceShipTwo had finally demonstrated it was capable of taking paying customers to the edge of space. As far as victories go — it was pretty impressive.

Yet despite the spectacle, weeks and months went by without an announcement about when commercial flights of the world’s first “spaceline” would finally begin. Now, nearly two years after Branson’s flight, Unity has flown again. Except instead of carrying the first group of customers, it performed the sort of un-powered test flight that Virgin Galactic hasn’t performed since 2017. Clearly, something didn’t go to plan back then.

The company is being as tight-lipped as ever, saying only that this test flight was necessary to “evaluate the performance of the spaceship…following the modification period.” The exact nature of these modifications is unclear, but for some hints, we could look at the New Yorker article from September 2021. It alleged that, unwilling to derail Branson’s highly publicized flight, Unity’s pilots decided not to abort their ascent despite several warning lights in the cockpit alerting them that the vehicle’s trajectory was deviating from the norm. Virgin Galactic later denied their characterization of the event, but the fact remains that Unity did leave its designated airspace during the flight, and that the Federal Aviation Administration grounded the spacecraft until an investigation into the mishap could be completed. Continue reading “Virgin Galactic Cautiously Returns To Flight” →

NASA’s Curiosity Mars Rover Gets A Major Software Upgrade

May 2, 2023 by Maya Posch 21 Comments

Although the Curiosity rover has been well out of the reach of human hands since it touched down on Mars’ surface in 2012, this doesn’t mean that it isn’t getting constant upgrades. Via its communication link with Earth it receives regular firmware updates, with the most recent one being the largest one since 2016. In addition to code clean-up and small tweaks to message formats, this new change should make Curiosity both smarter and have its wheels last longer.

The former helps to avoid the long idle times between navigating, as unlike its younger sibling, Curiosity does not have the dedicated navigation computer for more autonomous driving. Although it won’t make the 11-year old rover as nimble as its sibling, it should shorten these pauses and allow for more navigating and science to be done. Finally, the change to reduce wear on the wheels is fairly simple, but should be rather effective: this affects the amount of steering that Curiosity needs to do while driving in an arc.

With these changes in place, Curiosity should be all ready to receive its newest sibling as it arrives in a few years along with even more Mars helicopters.

Getting Ready For Act 2 Of The Great American Eclipse

May 2, 2023 by Dan Maloney 41 Comments

It seems like only yesterday that the “Great American Eclipse” swept from coast to coast, and for those who were lucky enough to watch it from along the path of totality, it was a true life experience. No natural phenomenon can compete with the beauty of a total solar eclipse, and if there’s one thing I heard more than anything else in those golden moments after the Sun returned from behind the Moon, it was, “When’s the next one?” Everyone wanted to do it again, and for good reason.

Back in 2017, that question was kind of rhetorical; everyone knew the next eclipse to cross the United States was a mere seven years off. For me personally, the passage of time has not dampened my enthusiasm for eclipses one bit, and I suspect the feeling is mutual among the many people who gazed in wonder and childlike glee at the celestial proceedings of 2017. But except for the very lucky who live within the path of totality, mounting an expedition that optimizes the viewing experience takes preparation. Now that we’re a little less than a year away for the next one, it’s time to get geared up and make plans for the 2024 eclipse.

Where and When?

The 2017 eclipse’s “Great American Eclipse” moniker was well earned, as the continental United States was the sole beneficiary of the view. This time around, the US isn’t the only country along the path; Mexico and Canada will also get in on the fun. In fact, Mexico may well be the best place to watch the eclipse from, but more on that later. Continue reading “Getting Ready For Act 2 Of The Great American Eclipse” →

ESA’s Jupiter-bound Probe Hits Antenna Snag

May 1, 2023 by Tom Nardi 27 Comments

While the few minutes it takes for a spacecraft’s booster rocket to claw its way out of Earth’s gravity well might be the most obviously hazardous period of the mission, an incredible number of things still need to go right before anyone on the ground can truly relax. Space is about as unforgiving an environment as you can imagine, and once your carefully designed vehicle is on its way out to the black, there’s not a whole lot you can do to help it along if things don’t go according to plan.

That’s precisely where the European Space Agency (ESA) currently finds themselves with their Jupiter Icy Moons Explorer (Juice) spacecraft. The April 14th launch from the Guiana Space Centre went off without a hitch, but when the probe’s 16 meter (52 foot) radar antenna was commanded to unfurl, something got jammed up. Judging by the images taken from onboard cameras, the antenna has only extended to roughly 1/3rd its total length.

The going theory is that one of the release pins has gotten stuck somewhere, preventing the antenna from moving any further. If that’s the case, it could mean jiggling the pin a few millimeters would get them back in the game. Unfortunately, there’s no gremlins with little hammers stowed away in the craft, so engineers on the ground will have to get a little more creative. Continue reading “ESA’s Jupiter-bound Probe Hits Antenna Snag” →

Patent Spat Leaves DJI Owing Textron $279M

May 1, 2023 by Navarre Bartz 46 Comments

Patents are the murky waters where technical jargon and legalese meet, and in this vast grey area of interpretation, DJI now owes Textron $279M.

At issue in the case were two patents issued to Textron (#8,014,909 and #9,162,752) regarding aircraft control systems for relative positioning to other vehicles and automatic hovering. The jury found that Textron’s intellectual property (IP) had been infringed and that damages amounted to $279M. DJI asserts that Textron’s patents are not valid and will appeal the decision. Appeals in patent trials are handled by the Federal Circuit and can be kicked up to the US Supreme Court, so don’t expect a final decision in the case anytime soon.

We’re not lawyers, so we won’t comment on the merits of the case, but, while it was a jury trial, it was one of many cases decided in the court of Judge Alan Albright, who has been the focus of scrutiny despite efforts to assign fewer cases to his docket amid wider efforts to stymie venue shopping in patent cases. Despite these efforts, the Western District of Texas is such a popular venue for patent cases that Berkeley offers a CEU on going to trial in Waco.

If you’re curious about more IP shenanigans, checkout the Honda mass takedown, the legality of making something similar, or why E3D patents some of their work.