Radar Trends to Watch: November 2024 – O’Reilly

October saw many language model releases. Not only medium-sized models, but even small models are catching up with frontier models such as GPT-4.5o in terms of performance. But the release that surprised us all wasn’t the language model, but Claude’s computational API. Using Computers allows you to teach Claude how to use a computer: how to run applications, click buttons, and use the shell or editor. There are many issues, security not the least of them, but they will improve. Sending a screen capture to Claude so he can calculate where to click is clumsy at best, and there are undoubtedly better solutions (e.g. using accessibility tools). But computers offer a glimpse into a future in which we will collaborate with agents who can plan and execute complex, multi-step tasks.

AI

• Little Language Models is an educational program that teaches probability, artificial intelligence, and related topics to young children. It’s fun and entertaining and allows kids to create their own simple models.
• Grafana and NVIDIA are developing a large-scale language model for observability, awkwardly named LLo11yPop. The model aims to answer natural language questions about system health and performance based on telemetry data.
• Google is open-sourcing its text watermarking system, SynthID, to help track AI-generated documents to the LLM that created them. The watermark does not affect the accuracy or quality of the generated document. The SynthID watermark prevents some tampering, including editing.
• Mistral has launched two new models: Ministral 3B and Ministral 8B. This is a small-scale model designed to work in “edge” systems with limited resources. Unlike Mistral’s previous smaller models, this one is not open source.
• Anthropic has added a “computer usage” API to Claude. Computers allow the model to control the computer and use it to read the screen and find data by clicking and typing buttons and other affordances. It is currently in beta version.
• Moonshine is a new open source speech-to-text model optimized for small devices with limited resources. It claims accuracy equivalent to Whisper at 5x the speed.
• Meta is launching a free dataset called Open Materials 2024 to help materials scientists discover new materials.
• Anthropic has published several tools for working with Claude on GitHub. At this point, you can use tools to help you analyze financial data and build customer support agents.
• NVIDIA has quietly released Llama-3.1-Nemotron-70B-Instruct-HF, a language model that outperforms both GPT-4o and Claude 3.5 in benchmarks. This model is based on the open source Llama and is relatively small (70B parameters).
• NotebookLM has everyone excited with its podcast creation features. Google has taken things a step further by adding tools that give users more control over what virtual podcast participants say.
• Data literacy is the new survival skill. We’ve known this for a long time, but it’s easy to forget, especially in the age of AI.
• The Open Source Initiative has a “modest” definition of open source AI. This definition recognizes four categories of data: public, public, obtainable, and non-shareable.
• Do you need large data centers to train AI models? PrimeIntellect is training 10B models using distributed and contributed resources.
• OpenAI has published Swarm, its platform for building AI agents, on GitHub. They warn that Swarm is experimental and will not respond to pull requests. Feel free to participate in experiments.
• OpenAI also released Canvas, an interactive tool for writing code and text with GPT-4o. Canvas is similar to Claude’s Artifacts.
• Two of the newly released Llama 3.2 models (90B and 11B) are multi-mode. The 11B model runs comfortably on a laptop. Meta also launched the Llama Stack API, a set of APIs to help developers build generative AI applications.
• OpenAI announced a pseudo-real-time API. Their goal is to build realistic voice applications, including the ability to disrupt AI in the conversation flow.
• Will AI-powered glasses become the next blockbuster consumer device? Meta’s Orion prototype could be a killer user interface for AI. It’s not about the game. It’s about asking AI about what you see. Now if only we could manufacture it at an affordable price.
• An AI avatar is interviewing a job applicant. I don’t think this will go well…
• The Allen Institute has developed a small language model called Molmo that it claims has equivalent performance to GPT-4o.
• Humane Intelligence, an organization founded by Rumman Chowdhury, offered a prize to developers who build AI vision models that can detect hate-based images online.
• It’s no surprise that these days you can play chess and other board games on your computer. But table tennis? You may prefer video over paper.
• The Qwen family of language models, ranging from 0.5B to 72B parameters, has an impressive reputation. It can run the biggest GPUs, not just the H100 and A100, but even older GPUs.
• AI can now “prove” that it is human. The AI-based computer vision model has proven its ability to block 100% of Google’s latest CAPTCHA (reCAPTCHAv2).
• Open AI is now expanding access to its advanced voice modes to more users. Advanced voice mode makes ChatGPT truly interactive. It can stop mid-sentence and responds to your tone of voice.
• Neural Motion Planning is a neural network-based technology that allows robots to plan and execute tasks in unfamiliar environments.

programming

• Safe C++ proposes extensions to the C++ language to make memory safe. Memory safety errors have long been a leading cause of security vulnerabilities.
• Microsoft sees GenAIOps as a “paradigm shift” for IT. This will become increasingly necessary as AI is integrated into software and IT teams need to become AI infrastructure experts. One aspect of GenAIOps is collecting, curating, and organizing data sets.
• Huly is an open source platform for project management.
• Typst is a new system for writing scientific and other texts. It has the same functionality as LaTeX, but its syntax is similar to Markdown, making it much simpler.
• Microsoft has started a project to make Linux’s eBPF available on Windows. In the Linux world, eBPF has proven to be invaluable for observability, security, and compliance tools. Windows eBPF is bytecode compatible with Linux.
• Python 3.13 has been released. The most significant change is a new REPL with multi-line editing and color support. Experimental option to disable global interpreter locking (GIL); and an experimental Just-In-Time (JIT) compiler.
• Ziggy is a new language for data serialization. It is not a general-purpose programming language. It is a specialized language for defining data schemas accurately and painlessly.
• Microsoft’s new security-first initiative is tied to its platform engineering efforts. Platform engineering limits the number of tools developers must use, which reduces the amount of code that needs to be secured and maintained.
• CNCF Artifact Hub is your source for cloud-native configurations, plugins, and other software for building cloud-native infrastructure. It’s not a repository like GitHub. This links back to the artifact source rather than storing the artifact.
• Want to run Linux on the Intel 4004, a CPU released in 1971? It takes almost 5 days to boot. What’s even more surprising is that it’s actually running on an emulator running on 4004.

security

• It’s no surprise that prompted injection works well against Anthropic’s amazing computational API. Anthropic’s documentation warns of many vulnerabilities. So it’s no surprise that someone went ahead and tried it. Don’t stop experimenting and be careful.
• Imprompter is an attack on large language models that uses malicious prompts to cause the model to leak data from previous chats.
• One of the main causes of security vulnerabilities is code that contains secrets (account names, passwords, certificates, etc.). HashiCorp’s Vault Radar scans software, including repositories and pull requests, to detect exposed secrets.
• Mandiant security researchers found that 70% of vulnerabilities exploited last year were zero days, or new vulnerabilities that had not been previously reported. Once a vulnerability is discovered, it is almost immediately weaponized and used in an attack.
• OpenAI has shut down the accounts of threat actors using GPT for a variety of activities, including developing malware, creating and disseminating misinformation, and phishing. I’d be surprised if similar abuse hasn’t occurred in other models.
• GitLab’s latest security update addresses a vulnerability that could allow an attacker to trigger the CI/CD pipeline on any branch of a repository.
• Students connected Meta’s Ray-Ban smart glasses to an invasive image search site. The language model is then used to collect data from multiple databases that contain personal information such as addresses.
• Cloudflare blocked a series of distributed denial-of-service (DDoS) attacks, including one that peaked at 3.8 terabits per second, the highest rate ever.
• The incident review should not discuss action items in response to the incident. Incident review is about learning and understanding. Talking about fixes gets derailed. Modifications can always be discussed later, and it is better if they are based on a solid understanding.
• We’ve known for a long time that requiring password changes is bad practice. NIST is now proposing a rule that would remove the password composition requirement: one uppercase letter, one number, and one non-Latin alphabet.
• A rapid injection attack against GPT’s long-term memory allows an attacker to send all of a user’s input and output to an arbitrary server. This attack is persistent. This remains in GPT’s long-term memory. It has now been partially corrected.
• Kaspersky, which has shut down its U.S. operations, deleted software from U.S. users’ computers and installed Pango Group’s UltraAV and (in some cases) UltraVPN without the users’ permission. Kaspersky’s actions raise questions such as: When does an anti-malware vendor become malware?

knitting

• The video of XOXO 2024 has been posted. I especially highly recommend Molly White and Erin Kissane.
• Do you need another React web framework? The developers at One think so. One is simple, self-righteous and committed to putting local first.
• Tom Coates announced the creation of the Social Web Foundation, an organization dedicated to helping federated networks grow in a healthy way.
• Trouble in the WordPress world: WordPress.org has blocked access to resources from WP Engine, an important hosting provider for WordPress users. The drama continues, escalates, and becomes more and more sinister.

hardware

biology