Radar Trends to Watch: October 2024

Model releases continue, Mistral’s multimodal Pixtral 12B, OpenAI’s o1 models, and a Roblox model for creating 3D scenes. We also have another important AI programming tool: Cursor is an alternative to GitHub Copilot that is getting rave reviews.

Security never ceases to be an issue, but this month seems to be especially problematic. Mirai botnet infects widely used surveillance camera beyond repair; the only known mitigation is to replace the camera. And attackers are targeting GitHub project contributors, telling them their project has vulnerabilities, and sending them to a malware site to learn more.

Artificial intelligence

• Simon Willison uses the curl utility to explore how streaming APIs work for large language models.
• Goldfish loss is a new loss function that language models can use to minimize the “remembering” of long passages during training. Models trained in this way would be less likely to generate the material they were trained on.
• OpenAI has put two models in the limited (preview) release: OpenAI o1-mini and o1-preview. Both reduce errors and hallucinations by implementing chain reasoning. o1-preview puts more effort into thinking about problems before generating an answer; o1-mini claims to be a cost-effective model that is more accurate for scientific reasoning.
• Mistral has released the Pixtral 12B, its first multi-modal model. It allows mixing images with text and documents as input. It doesn’t seem to produce image output, but can generate code (eg for the web) from a sketch. Chat is available via Mistral’s Le Chat, code and scales via GitHub and Hugging Face. Pixtral is licensed under Apache 2.0 and can be tweaked and used without restrictions.
• Roblox created a generative model that builds 3D scenes from text prompts.
• Cheat potential aside, connecting a TI-84 graphing calculator to ChatGPT is one of the best hacks we’ve seen in a while.
• Anthropic announced Claude for Enterprise, which offers larger popups, GitHub integration, and security features (single sign-on, role-based access, audit logs, and identity management).
• As AI gets better at simulating humans, will we need “personality data” to prove our humanity? (And what if issuing agencies, which may include governments, decide to use personal credentials as a political tool?)
• Chatbots don’t know when to say “help” – a very important point. One important source of error in AI is the failure to declare that it does not know the answer.
• OpenAI and Anthropic have agreed to provide advanced access to their models to the US Artificial Intelligence Security Institute so they can be tested for security.
• AIs that can play video games are old hat. Now they can be the game, not just play it. A Google project has created a model that can simulate a game from the 1990s Fateusing techniques developed for stable diffusion. Could this be used to generate new games, not just emulate older ones?
• Google has re-enabled the generation of human images of the Gemini model.
• Anthropic has enabled cross-resource request sharing (CORS) for the Claude models JSON API. This change means that applications running in the browser can communicate directly with Claude.

Programming

• With the addition of preemptive multitasking to the kernel, Linux can now be a true real-time operating system.
• Want to implement Lisp in Rust macros? Here it is.
• Another interesting programming language: Fennel has Lisp-like syntax and macros, but integrates with Lua. It is compiled and can be used for embedded systems.
• lwIP is a small, lightweight open source IP stack. It is designed to run on systems with very little memory – such as small embedded systems.
• The European Union is building and implementing a standardized, interoperable digital wallet.
• Handoff is a new open source project that allows software developers to use Figma design tokens in code without requiring a Figma license. It helps integrate the work of designers with software development.
• Three years after changing the license from open source to business source, Elastic has returned its products, ElasticSearch and Kibana, to an open source license.
• The Cursor AI code editor gets many excellent reviews. It’s similar to GitHub Copilot, but integrated with Claude 3.5 Sonnet. Here is a good introduction.
• Check out the new Dynamicland website! Bret Victor’s Dynamicland demonstrates a compelling way to use computers to facilitate collaboration between humans and machines. It’s about working with people in the real world, with real materials. The Dynamicland site hasn’t changed in years; this new site updates Dynamicland’s vision.
• Microsoft donated the Mono project, a cross-platform implementation of .Net, to the Wine project.
• Valkey, an open source fork of the formerly open Redis key-value store, is gaining momentum, in part because it brings improvements that Redis users have wanted.
• New “absurdly fast” algorithm promises to speed up traffic on networks.

Security

• A malware campaign called “GitHub Scanner” sends emails to participants in targeted projects claiming that their project has weak security. The emails appear to be from GitHub. Victims are asked to visit sites that install malware.
• Microsoft has updated its core cryptographic library SymCrypt with post-quantum cryptographic algorithms.
• WiFi networks, whether in the office, at home or in a coffee shop, are surprisingly easy to attack. Here are some good tips to keep intruders out of your network.
• A security researcher somewhat accidentally purchased the (expired) domain of a former WHOIS server for a .mobi domain. They discovered that Certificate Authorities (CAs) were still using the old server to verify domain ownership. Everything has been restored to normal, but do we really need to say again that the IP stack has deep and critical vulnerabilities?
• RAMBO is a new attack that steals data from air-gapped systems by manipulating RAM in ways that generate decodable radio signals. Another attack against air-gap systems uses acoustic noise generated by screens.
• Attackers use GitHub comments to recommend fake patches that install malware.
• Rock and roll will never die. Not even the Mirai botnet. It spreads among the widely used security camera model that cannot be repaired. The only mitigation would be for security camera users to replace it, and that’s not likely.
• Chaos engineering—a testing technique that randomly introduces bugs into a system—is used to measure a system’s vulnerability to distributed-denial-of-service (DDOS) attacks and to assess system response, allowing operators to mitigate vulnerabilities.

Web

• O’Reilly author Holden Karau has developed a platform that uses artificial intelligence to help people fight health insurance claim denials. The platform helps generate many of the letters and forms needed to protest a rejection.
• Judging by the chatter online about Mastodon and Bluesky, the final XOXO festival was clearly an event not to be missed. The 2024 videos are not online yet.
• What can you hide in one million checkboxes? Lots of stuff: URLs, images, animations… Here’s a story of creativity, play, subversion, and software worth reading.
• The revolt against complex JavaScript frameworks continues. Will there be a PHP revival?
• Perhaps not surprisingly, GPT is good at unminifying code; the result is quite clear and readable. Minification means replacing meaningful names with short, meaningless ones and other tricks to reduce the size of the code (and obscure its meaning). Mainly used for JavaScript.

Hardware

• Flow computing is a new architecture for general-purpose CPUs that combines cores designed for parallel processing with general-purpose cores.
• Cerebras, maker of some of the largest chips in the world, has announced Cerebras Inference, a processor that can perform inference approximately 20 times faster and at five times the cost per token of the NVIDIA H100. At 1,800 tokens per second, Llama 3.1-8B is almost instant.

Quantum computing

• Microsoft claims to have solved a real-world chemistry problem using a hybrid system composed of both classical and quantum processors.
• Google researchers claim to have created a single logic qubit with a reduced error rate. The error rate further decreases as more physical qubits are added to a logical qubit. Scott Aaronson’s discussion is worth a read.
• Oak Ridge National Laboratories, which currently has the fastest supercomputer in the world, is experimenting with adding a quantum accelerator.

Robotics

• A new design for robot legs focuses on building artificial muscles. Legs incorporating the design appear to be far more capable and efficient than traditional, motor-operated limbs.
• We recommend being skeptical of videos showing humanoid robots doing amazing things. There are a lot of gimmicks: cherry picking, of course, but also off-screen human operators, carefully selected terrain that isn’t realistic, and much more.

Biology