Category Archives: Computing

Misplaced trust

This might be a little technical for some readers, but don’t worry, it’s not actually the technical detail that’s important…

On my home server, I run about half a dozen services that I need to access via a web browser, so they’re all behind a Caddy reverse proxy which connects me to the right one, depending on the name I use in my browser: ‘homeassistant’, ‘unifi’, ‘searxng’, ‘octoprint’ etc. (All of these names are aliases for the same machine.)

One of these services is Nextcloud, which has user accounts, and I was thinking it would be handy if I could use those accounts to authorise access to the other services. Can I allow someone to use my web search frontend only if they have an account on my Nextcloud server, for example?

I thought I’d try out an AI system to see if it could speed up this process, because they’re often good at this kind of thing – Google Gemini, in this case. And, to my delight, it gave me pages of detailed instructions.

It knew that Nextcloud supports the OpenID Connect system, told me how to set it up, and then how to use the oidc directive in the Caddy configuration file to connect the two, so that Caddy could ask Nextcloud whether the user should be allowed in. It gave me nice examples of oidc actually in use, and the parameters you’d need to configure when using it to talk to the Nextcloud instance.

“Great!”, I thought, and grabbed a coffee, went upstairs to my machine, and started typing code to try it out. And it was then that I discovered…

Caddy doesn’t actually have an oidc directive.

Five years before the iPhone

Trying to organise some of my old video footage recently, I came across a little demo I recorded of the AT&T Broadband Phone, a project we started in 1999 but which, sadly, died, along with the research lab that had created it, in 2002.

Looking back at it now, I notice how slow-paced it is compared to the typical YouTube video of today!  So if you watch it, you might need a little patience!  Nonetheless, it’s quite fun to see some of the ideas we were considering back then, five or six years before the launch of the iPhone… things like the suggestion that streamed music “might be a service offered by a record company, where you pay a small amount for each track”, for example…

 

Cordless Broadband phone and iPhone comparison

Direct link.

 

(P.S. I had an idea I had written about this here before… and indeed discovered that I had… but not since 2008, about eighteen months after the iPhone was launched.) 

Data management tip of the day

“Nobody wants ‘backup’.  Everybody wants ‘restore’.”

— Heard on the Self-Hosted show, one of my favourite tech podcasts.

Coffee Pot – The Movie

For a long time, it has both bugged and bemused me that, though the first webcam ran for 10 years taking photos of our departmental coffee pot, there are almost no original images saved from the millions it served up to viewers around the world! I had one or two.

Then, suddenly, in a recent conversation, it occurred to me to check the Internet Archive’s ‘Wayback Machine’, and, sure enough, in the second half of the coffeepot camera’s life — from 1996-2001 — they had captured 28 of its images. I wrote a script to index and download these, and turned them into a slideshow, which you can find in my new and very exciting three-minute video:

Total Recall

The tech news has had a lot of coverage recently of Microsoft’s proposed ‘Recall‘ system, which (as a very rough approximation) takes a screenshot of your display every five seconds, and uses their AI-type Copilot system to allow you to search it. “What was that cafe or restaurant that someone in the call recommended yesterday?”

At first glance, this is a very appealing feature. Back in the 90s, when I was working on human-computer interaction stuff, we used to say things like “the more a secretary knows about you, the more helpful he or she can be”. We were living in a world where your computer knew almost nothing about you except what you typed on your keyboard or clicked with your mouse.

Nowadays, however, users are more often concerned about your computer — or someone with access to your computer — knowing too much about you. The data used by Recall is only stored locally, but in a corporate environment, for example, somebody with admin access to your PC could scroll back to the last time you logged in to your online banking and see screenshots of your bank statements. So, potentially, could a piece of malware running with your access permissions (though that could also probably take snapshots of its own). You can tell the system not to record when you’re using certain apps, or visiting certain websites… as long as you’re using Microsoft’s browser, of course. Or you can opt-out completely… but all of these require you to take action to preserve your privacy – the defaults are for everything to be switched on.

This caused enough of a storm that Microsoft recently switched it from being part of their next general release to being available only through the ‘Windows Insider Program’, pending further discussion.

There’s been enough online debate that I won’t revisit the arguments here about whether such a system could be built securely, whether we’d trust it more if it came from someone other than Microsoft, what the appropriate level of paranoia actually is, and so on.

There are, however, a couple of things I’d like to point out.

The first is that this facility was to be available, in the immediate future at least, only on PCs that meet Microsoft’s ‘CoPilot+’ standard, meaning they had a neural processing unit (NPU) which allowed them to run the necessary neural network models at a sensible speed. And the only machines on the market that currently have that are ARM-based, not powered by AMD and Intel. I find it intriguing that the classic Intel x86 platform which has been so closely tied to Microsoft software for so long is not able to support such a headline feature of Windows. “We are partnering with Intel and AMD to bring Copilot+ PC experiences to PCs with their processors in the future.”

The second is that, ahem, I predicted such a system, right here on this blog, 21 years ago.

Actually, though, my idea wasn’t just based on screenshots. I wanted a jog-wheel that would allow you to rewind or fast-forward through the entire state of your machine’s history: filesystem, configuration and all. One key component for this we didn’t really have then, but it is much more readily available now: filesystems which can save an instantaneous snapshot without using much time or space to do it. As I wrote at the time,

The technology would need a quick way of doing “freeze! – duplicate entire storage! – continue!”.

And that, at least, is now possible with filesystems like ZFS (which I use on my Linux home server), BTRFS (used by my Synology), and APFS (used on my Macs, where such snapshots are a key part of the Time Machine backup system). So one of the key requirements for my wishlist is now on almost all my machines.

And my Linux server is running NixOS, which means that I can, should I so desire, at boot time, select any of the past configurations from the last few months and boot into that — Operating System, applications, configuration and all — instead of the current version.

I haven’t quite got my rewind/fast-forward jog-wheel yet, though. Oh, we do have that AI stuff… all very clever, I’m sure, but I’d rather have my jog-wheel. Let’s give it another 21 years…

Some suggested reading: AI and dopamine

Andrew Curry’s thoughtful newletter ‘Just Two Things’ arrives in my inbox three times a week (which, I confess, is slightly too often for me always to give it the attention it deserves).   The two things he talks about today included some gems, though.

First, he looks at Ted Gioia’s article, The State of the Culture, 2024 , which comes with the subtitle ‘Or a glimpse into post-entertainment society (it’s not pretty)’.

Gioia talks about the old dichotomy between Art and Entertainment:

Many creative people think these are the only options—both for them and their audience. Either they give the audience what it wants (the entertainer’s job) or else they put demands on the public (that’s where art begins).

but he then describes how a dopamine-driven world is changing that into something more complex and rather more worrying. This is only the beginning:

 

 

It’s a good and interesting piece, and well worth reading, but if you find it depressing you should also read Curry’s comments, which suggest things may not be as bad as they seem.

 

In the second of his Two Things, Curry talks about an article by Paul Taylor in the London Review of Books.  (So, yes, you’re reading my comments on Andrew Curry’s comments on Paul Taylor’s comments on other people’s books.  This is starting to resemble that fish picture above!)

The Taylor article is also very good, and I won’t repeat too much of it here.  I will, however, quote a section that Curry also quotes:

We should be genuinely awestruck by what ChatGPT and its competitors are capable of without succumbing to the illusion that this performance means their capacities are similar to ours. Confronted with computers that can produce fluent essays, instead of being astonished at how powerful they are, it’s possible that we should be surprised that the generation of language that is meaningful to us turns out to be something that can be accomplished without real comprehension.

I like this, because it echoes Quentin’s First Theorem of Artificial Intelligence, which I proposed here about a year ago.

What really worries people about recent developments in AI is not that the machines may become smarter than us.

It’s that we may discover we’re not really much smarter than the machines.

Again, the LRB article is well worth your time, if you can get through it before being distracted by things which offer you more dopamine.

Checking out the competition

Google has just announced the launch of the Bard chatbot, its competitor to ChatGPT, and I, no doubt like many others, immediately went to compare their performance when asked some of the key questions of our age:

ChatGPT 3.5

The blog "Status-Q" is written by Neil Gaiman, a British author known for his works in the fantasy genre, including novels like "American Gods," "Neverwhere," and "The Sandman" comic book series. Neil Gaiman is also known for his involvement in various creative projects across different media, including writing for television and film. "Status-Q" is his personal blog where he shares thoughts, updates, and various musings. Please note that information may change over time, and it's a good idea to verify the current authorship if there have been any changes since my last knowledge update in January 2022.

Mmm.

OK, well, let’s try…

Bard

Quentin Stafford-Fraser is the author of the blog 'Status-Q'. He is a computer scientist, writer, and filmmaker who has been exploring the nature of reality, consciousness, and the meaning of life for many years. His blog is a forum for his thoughts and ideas on a wide range of topics, from the latest scientific discoveries to the deepest philosophical questions.

Bard gets my vote.

Now, having done that important test, I can return to my career as a filmmaker who has been exploring the nature of reality, consciousness, and the meaning of life.

Sunny suggestion for a student project

I think this would be a fun student project. I would certainly have enjoyed it.


Here’s a year’s worth of my solar-generation data. My roof is oriented approximately 5 degrees west of south.

  1. How close can you get to discovering where I live, from this data alone?
  2. How can you improve your estimate by incorporating other publicly-available data sources?
  3. What further information about the installation would help you improve your estimate?

Feel free to make suggestions in the comments about fun additions.

The AI Ballad Of John Henry

Friends this side of the Atlantic may not be familar with the story of John Henry, but you can read about him on Wikipedia.  John Henry, the story goes, was a ‘steel-driving man’ whose prowess with the hammer was formidable.  

At one point, he took on a steam hammer, side-by-side, and won… but the effort also killed him.

It’s not quite clear whether John Henry was ever anything more than a legend, but he has inspired statues, books, animations, compositions by Aaron Copland… and almost everybody seems to have recorded musical versions of the story, including Jerry Lee Lewis, Bruce Springsteen, Lonnie Denegan, Harry Belafonte, Woodie Guthrie… to name but a few.  For a brief version, here’s Tennessee Ernie Ford, or I rather like the slightly longer story as recorded by Johnny Cash.

My friend Keshav, of course, asked ChatGPT to write a version, which also covers the threat posed to traditional skills by the coming of machines.

 

 

Who’s a pretty Polly?

As is generally well known now, ChatGPT and similar LLM systems are basically just parrots. If they hear people saying ‘Pieces of eight’ often enough, they know it’s a valid phrase, without knowing anything about the Spanish dollar. They may also know that ‘eight’ is often used in the same context as ‘seven’ and ‘nine’, and so guess that ‘Pieces of nine’ would be a valid phrase too… but they’ve never actually heard people say it, so are less likely to use it. A bit like a parrot. Or a human.

And when I say they know nothing about the phrase actually referring to Spanish currencies… that’s only true until they read the Wikipedia page about it, and then, if asked, they’ll be able to repeat phrases explaining the connection with silver coins. And if they read Treasure Island, they’ll also associate the phrase with pirates, without ever having seen a silver Spanish coin. Or a pirate.

A bit like most humans.

The AI parrots can probably also tell you, though they’ve never been there or seen the mountain, that the coins were predominantly made with silver from Potosi, in Bolivia.

A bit like… well… rather fewer humans. (Who have also never been there or seen the mountain, but unfortunately are also not as well-read and are considerably more forgetful.)

Since so much human learning and output comes from reading, watching and listening to things and then repeating the bits we remember in different contexts, we are all shaken up when we realise that we’ve built machines that are better than us at reading, watching and listening to things and repeating the bits they remember in different contexts.

And this leads to Quentin’s first theorem of Artificial Intelligence:

What really worries people about recent developments in AI is not that the machines may become smarter than us.

It’s that we may discover we’re not really much smarter than the machines.

Sign of the times: might ChatGPT re-invigorate GPG?

It’s important to keep finding errors in LLM systems like ChatGPT, to remind us that, however eloquent they may be, they actually have very little knowledge of the real world.

A few days ago, I asked ChatGPT to describe the range of blog posts available on Status-Q. As part of the response it told me that ‘the website “statusq.org” was founded in 2017 by journalist and author Ben Hammersley.’ Now, Ben is a splendid fellow, but he’s not me. And this blog has been going a lot longer than that!

I corrected the date and the author, and it apologised. (It seems to be doing that a lot recently.) I asked if it learned when people corrected it, and it said yes. I then asked it my original question again, and it got the author right this time.

Later that afternoon, it told me that StatusQ.org was the the personal website of Neil Lawrence.  

Unknown

Neil is also a friend, so I forwarded it to him, complaining of identity theft!

A couple of days later, my friend Nicholas asked a similar question and was informed that “based on publicly available information, I can tell you that Status-Q is the personal blog of Simon Wardley”.  Where is this publicly-available information, I’d like to know!

The moral of the story is not to believe anything you read on the Net, especially if you suspect some kind of AI system may be involved.  Don’t necessarily assume that they’re a tool to make us smarter!

When the web breaks, how will we fix it?

So I was thinking about the whole question of attribution, and ownership of content, when I came across this post, which was written by Fred Wilson way back in the distant AI past (ie. in December).  An excerpt:

I attended a dinner this past week with USV portfolio founders and one who works in education told us that ChatGPT has effectively ended the essay as a way for teachers to assess student progress. It will be easier for a student to prompt ChatGPT to write the essay than to write it themselves.

It is not just language models that are making huge advances. AIs can produce incredible audio and video as well. I am certain that an AI can produce a podcast or video of me saying something I did not say and would not say. I haven’t seen it yet, but it is inevitable.

So what do we do about this world we are living in where content can be created by machines and ascribed to us?

His solution: we need to sign things cryptographically.

Now this is something that geeks have been able to do for a long time.  You can take a chunk of text (or any data) and produce a signature using a secret key to which only you have access.  If I take the start of this post: the plain text version of everything starting from “It’s important” at the top down to “sign things cryptographically.” in the above paragraph, I can sign it using my GPG private key. This produces a signature which looks like this:

-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEENvIIPyk+1P2DhHuDCTKOi/lGS18FAmRJq1oACgkQCTKOi/lG
S1/E8wgAx1LSRLlge7Ymk9Ru5PsEPMUZdH/XLhczSOzsdSrnkDa4nSAdST5Gf7ju
pWKKDNfeEMuiF1nA1nraV7jHU5twUFITSsP2jJm91BllhbBNjjnlCGa9kZxtpqsO
T80Ow/ZEhoLXt6kDD6+2AAqp7eRhVCS4pnDCqayz0r0GPW13X3DprmMpS1bY4FWu
fJZxokpG99kb6J2Ldw6V90Cynufq3evnWpEbZfCkCl8K3xjEwrKqxHQWhxiWyDEv
opHxpV/Q7Vk5VsHZozBdDXSIqawM/HVGPObLCoHMbhIKTUN9qKMYPlP/d8XTTZfi
1nyWI247coxlmKzyq9/3tJkRaCQ/Aw==
=Wmam<
-----END PGP SIGNATURE-----

If you were so inclined, you could easily find my corresponding public key online and use it to verify that signature.  What would that tell you?

Well, it would say that I have definitely asserted something about the above text: in this case, I’m asserting that I wrote it.  It wouldn’t tell you whether that was true, but it would tell you two things:

  • It was definitely me making the assertion, because nobody else could produce that signature.  This is partly because nobody else has access to my private key file, and even if they did, using it also requires a password that only I know. So they couldn’t  produce that signature without me. It’s way, way harder than faking my handwritten signature.

  • I definitely had access to that bit of text when I did so, because the signature is generated from it. This is another big improvement on a handwritten signature: if I sign page 6 of a contract and you then go and attach that signature page to a completely new set of pages 1-5, who is to know? Here, the signature is tied to the thing it’s signing.

Now, I could take any bit of text that ChatGPT (or William Shakespeare) had written and sign it too, so this doesn’t actually prove that I wrote it.  

But the key thing is that you can’t do it the other way around: somebody using an AI system could produce a blog post, or a video or audio file which claims to be created by me, but they could never assert that convincingly using a digital signature without my cooperation.  And I wouldn’t sign it. (Unless it was really good, of course.)

Gordon Brander goes into this idea in more detail in a post entitled “LLMs break the internet. Signing everything fixes it.”   The gist is that if I always signed all of my blog posts, then you could at least treat with suspicion anything that claimed to be by me but wasn’t signed.  And that soon, we’ll need to do this in order to separate human-generated content from machine-generated.

A tipping point?

This digital signature technology has been around for decades, and is the behind-the-scenes core of many technologies we all use.  But it’s never been widely, consciously adopted by ordinary computer users.  Enthusiasts have been using it to sign their email messages since the last millennium… but I know few people who do that, outside the confines of security research groups and similar organisations.  For most of us, the tools introduce just a little bit too much friction for the perceived benefits.

But digital identities are quickly becoming more widespread: Estonia has long been way ahead of the curve on this, and other countries are following along.  State-wide public key directories may eventually take us to the point where it becomes a matter of course for us automatically to sign everything we create or approve.

At which point, perhaps I’ll be able to confound those of my friends and colleagues who, according to ChatGPT, keep wanting to pinch the credit for my blog.

 

 

 

 

 

 

 

Clippy comes of age?

I’m old enough that I can remember going into London to see the early launch demos of Microsoft Word for Windows.  I was the computer officer for my Cambridge college at the time, and, up to that point, everyone I was helping used Word for DOS, or the (arguably superior) WordPerfect.

These first GUI-enabled versions of Word were rather good, but the features quickly piled on: more and more buttons, toolbars, ribbons, bells and whistles to persuade you, on a regular basis, to splash out on the next version, unwrap its shrink-wrapped carton, and install it by feeding an ever-increasing number of floppy disks into your machine.  

ClippyAnd so for some of us, the trick became learning how to turn off and hide as many of these features as possible, partly to avoid confusing and overwhelming users, and partly just to get on with the actual business of creating content, for which we were supposed to be using the machines in the first place.  One feature which became the iconic symbol of unwanted bloatware was ‘Clippy’ (officially the Office Assistant), which was cute for about five minutes and then just annoying. For everybody. We soon found the ‘off’ switch for that one!

These days, I very seldom use any Microsoft software (other than their truly excellent free code editor, VSCode, with which I earn my living), so I certainly haven’t sat through any demos of their Office software since… well, not since a previous millennium.

But today, since it no longer involves catching a train into London, I did spend ten minutes viewing their demo of ‘Microsoft 365 Copilot’ — think Clippy endowed with the facilities of ChatGPT — and I recommend you do too, while remembering that, as with Clippy, the reality will almost certainly not live up to the promise!

Still, it’s an impressive demo (though somewhat disturbing in parts) and though, like me, you may dismiss this as something you’d never actually use, it’s important to know that it’s out there, and that it will be used by others.

 

 

ChatGPT is famous for producing impressively readable prose which often conceals fundamental factual errors.  Now, that prose will be beautifully formatted, accompanied by graphs and photos, and therefore perhaps even more likely to catch people unawares if it contains mistakes.  

The text produced by these systems is often, it must be said, much better than many of the things that arrive in my inbox, and that will have some advantages.  One challenge I foresee, though, is the increasing difficulty in filtering out scams and spams, which often fail at the first hurdle due to grammatical and spelling errors that no reputable organisation would make.  What happens when the scammers have the tools to make their devious schemes grammatically correct and beautiful too?

I would also be interested to know how much of one’s text, business data etc is uploaded to the cloud as part of this process?  I know that most people don’t care too much about that — witness the number of GMail users oblivious to the fact that Google can read absolutely everything and use it to advertise to them and their friends — but in some professions (legal, medical, military?), and in some regimes, there may be a need for caution.

But it’s easy to dwell on the negatives, and it’s not hard to find lots of situations where LLMs could be genuinely beneficial for people learning new languages; struggling with dyslexia or other disabilities; or just having to type or dictate on a small device a message that needs to appear more professional at the other end.

In other words, it can — to quote the announcement on Microsoft’s blog page — help everyone to ‘Uplevel skills‘.  

Good grief.  Perhaps there’s something to be said for letting the machines write the text, after all.

© Copyright Quentin Stafford-Fraser