I encourage you to dig a little deeper. If LLM s were just probability
machines, no one would be raising any flags.
Hinton, Bengio, Tegmark and many others are not simpletons. It is the fact that
the architecture and specific training (deep NN, back prop / gradient descend)
produces a system with emergent properties, beyond just a probability machine,
when the system size reaches some thresholds, that has them spooked.
They do understand mathematics and stats and probabilities, i assure you. It is
just that you may have only read the layman s articles and not the scientific
ones
I confess: I haven t made much progress in this regard. I gave Vicky Boykis'
Embeddings
a go, and started to get a handle on the math, but honestly had a hard time
following it. I m open to suggestions from anyone with a few good
recommendations for scientific papers accessible to non-math professionals,
particularly ones that explain the emergent properties and what that means.
Meanwhile, regardless of the scientific truths or falsehoods around chat GPT,
the mainstream media continues to miserably fail in helping the rest of us
understand the implications of this technology.
Most recently, I listend to This American Life s First Contact (part of
their Greetings People of Earth
show).
They interviewed several Microsft AI researchers who first experimented with
ChatGPT 4 prior to it s big release.
The focus of the researchers was: can we demonstrate chat GPT s general
intelligence ability by presenting it with logic problems it could not possibly
have encountered before? And the answer: YES!
The two examples were:
Welcome to the June 2023 report from the Reproducible Builds project In our reports, we outline the most important things that we have been up to over the past month. As always, if you are interested in contributing to the project, please visit our Contribute page on our website.
Corrupted build environments can deliver compromised cryptographically signed binaries. Several exploits in critical supply chains have been demonstrated in recent years, proving that this is not just theoretical. The most well secured build environments are still single points of failure when they fail. [ ] This talk will focus on the state of the art from several angles in related Free and Open Source Software projects, what works, current challenges and future plans for building trustworthy toolchains you do not need to trust.Hosted by the Software Freedom Conservancy and taking place in Portland, Oregon, FOSSY aims to be a community-focused event: Whether you are a long time contributing member of a free software project, a recent graduate of a coding bootcamp or university, or just have an interest in the possibilities that free and open source software bring, FOSSY will have something for you . More information on the event is available on the FOSSY 2023 website, including the full programme schedule.
The 2020 Solarwinds attack was a tipping point that caused a heightened awareness about the security of the software supply chain and in particular the large amount of trust placed in build systems. Reproducible Builds (R-Bs) provide a strong foundation to build defenses for arbitrary attacks against build systems by ensuring that given the same source code, build environment, and build instructions, bitwise-identical artifacts are created.However, in contrast to other papers that touch on some theoretical aspect of reproducible builds, the authors paper takes a different approach. Starting with the observation that much of the software industry believes R-Bs are too far out of reach for most projects and conjoining that with a goal of to help identify a path for R-Bs to become a commonplace property , the paper has a different methodology:
We conducted a series of 24 semi-structured expert interviews with participants from the Reproducible-Builds.org project, and iterated on our questions with the reproducible builds community. We identified a range of motivations that can encourage open source developers to strive for R-Bs, including indicators of quality, security benefits, and more efficient caching of artifacts. We identify experiences that help and hinder adoption, which heavily include communication with upstream projects. We conclude with recommendations on how to better integrate R-Bs with the efforts of the open source and free software community.A PDF of the paper is now available, as is an entry on the CISPA Helmholtz Center for Information Security website and an entry under the TeamUSEC Human-Centered Security research group.
comp.unix.programming
. Larry notes that it starts with Jayan asking about comparing binaries that might have difference in their embedded timestamps (that is, perhaps, Foreshadowing diffoscope, amiright? ) and goes on to observe that:
The antagonist is David Schwartz, who correctly says There are dozens of complex reasons why what seems to be the same sequence of operations might produce different end results, but goes on to say I totally disagree with your general viewpoint that compilers must provide for reproducability [sic]. Dwight Tovey and I (Larry Doolittle) argue for reproducible builds. I assert Any program especially a mission-critical program like a compiler that cannot reproduce a result at will is broken. Also it s commonplace to take a binary from the net, and check to see if it was trojaned by attempting to recreate it from source.
SOURCE_DATE_EPOCH
environment variable [ ], Chris Lamb made it easier to parse our summit announcement at a glance [ ], Mattia Rizzolo added the summit announcement at a glance [ ] itself [ ][ ][ ] and Rahul Bajaj added a taxonomy of variations in build environments [ ].
randomness_in_documentation_generated_by_mkdocs
toolchain issue was added by Chris Lamb [ ], and the deterministic
flag on the paths_vary_due_to_usrmerge
issue as we are not currently testing usrmerge
issues [ ] issues.
bullseye
, bookworm
, trixie
and sid
, but he also mentioned amongst many changes that not only are the non-free
images being built (and are reproducible) but that the live images are generated officially by Debian itself. [ ]
CFLAGS
environment variable. [ ]
bcachefs
(sort find / filesys)build-compare
(reports files as identical)build-time
(toolchain date)cockpit
(merged, gzip mtime)gcc13
(gcc13 toolchain LTO parallelism)ghc-rpm-macros
(toolchain parallelism)golangcli-lint
(date)gutenprint
(date+time)mage
(date (golang))mumble
(filesys)pcr
(date)python-nss
(drop sphinx .doctrees)python310
(merged, bisected+backported)warpinator
(merged, date)xroachng
(date)elinks
.multipath-tools
.mkdocstrings-python-handlers
.fribidi
.jtreg7
.python-bitstring
(forwarded upstream).gradle-kotlin-dsl
.libsdl-console
.kawari8
.freetds
.gbrowse
.bglibs
.advi
.afterstep
.simstring
.manderlbot
.erlang-proper
.comedilib
.libint
.newlib
.binutils-msp430
.c-munipack
.python-marshmallow-sqlalchemy
.mplayer
.menu
.mini-buildd
.pnetcdf
.liblopsub
.wcc
.shotcut
.icu
.libapache-poi-java
.atf
.valgrind
.amd64
, armhf
, and i386
architectures to Debian bookworm, with the exception of the Jenkins host itself which will be upgraded after the release of Debian 12.1. In addition, Mattia Rizzolo updated the email configuration for the @reproducible-builds.org
domain to correctly accept incoming mails from jenkins.debian.net
[ ] as well as to set up DomainKeys Identified Mail (DKIM) signing [ ]. And working together with Holger, Mattia also updated the Jenkins configuration to start testing Debian trixie which resulted in stopped testing Debian buster. And, finally, Jan-Benedict Glaw contributed patches for improved NetBSD testing.
#reproducible-builds
on irc.oftc.net
.
rb-general@lists.reproducible-builds.org
Thanks to my CRANberries, you can also look at a diff to the previous release. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page. Bugs reports are welcome at the GitHub issue tracker as well (where one can also search among open or closed issues); questions are also welcome underChanges in Rcpp version 1.0.11 (2023-07-03)
- Changes in Rcpp API:
Rcpp:::CxxFlags()
now quotes only non-standard include path on linux (Lukasz in #1243 closing #1242).- Two unit tests no longer accidentally bark on stdout (Dirk and I aki in #1245).
- Compilation under C++20 using clang++ and its standard library is enabled (Dirk in #1248 closing #1244).
- Use backticks in a generated
.Call()
statement inRcppExports.R
(Dirk #1256 closing #1255).- Switch to
system2()
to capture standard error messages in error cases (I aki in #1259 and #1261 fixing #1257).- Changes in Rcpp Documentation:
- Changes in Rcpp Deployment:
- A test for
qnorm
now uses the more accurate value from R 4.3.0 (Dirk in #1252 and #1260 fixing #1251).- Skip tests with path issues on Windows (I aki in #1258).
- Container deployment in continuous integrations was improved. (I aki and Dirk in #1264, Dirk in #1269).
- Several files receives minor edits to please
R CMD check
from r-devel (Dirk in #1267).
rcpp
tag at StackOverflow which also allows searching among the
(currently) 2994 previous questions.
If you like this or other open-source work I do, you can sponsor me at
GitHub.
This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.
Courtesy of my CRANberries, there is a diffstat report relative to previous release. More detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the Rcpp R-Forge page. If you like this or other open-source work I do, you can sponsor me at GitHub.Changes in RcppArmadillo version 0.12.4.1.0 (2023-06-17)
- Upgraded to Armadillo release 12.4.1 (Cortisol Profusion Redux)
- fix bug in
SpMat::shed_cols()
- functions such as
.is_finite()
andfind_nonfinite()
will now emit a runtime warning when compiled in fast math mode; such compilation mode disables detection of non-finite values- Accommodate upcoming change in package Matrix (Mikael Jagan in #417 addressing #415)
This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.
Welcome to the May 2023 report from the Reproducible Builds project In our reports, we outline the most important things that we have been up to over the past month. As always, if you are interested in contributing to the project, please visit our Contribute page on our website.
When using open-source NPM packages, most developers download prebuilt packages on npmjs.com instead of building those packages from available source, and implicitly trust the downloaded packages. However, it is unknown whether the blindly trusted prebuilt NPM packages are reproducible (i.e., whether there is always a verifiable path from source code to any published NPM package). [ ] We downloaded versions/releases of 226 most popularly used NPM packages and then built each version with the available source on GitHub. Next, we applied a differencing tool to compare the versions we built against versions downloaded from NPM, and further inspected any reported difference.The paper reports that among the 3,390 versions of the 226 packages, only 2,087 versions are reproducible, and furthermore that multiple factors contribute to the non-reproducibility including flexible versioning information in package.json file and the divergent behaviors between distinct versions of tools used in the build process. The paper concludes with insights for future verifiable build procedures. Unfortunately, a PDF is not available publically yet, but a Digital Object Identifier (DOI) is available on the paper s IEEE page.
ecbuild
issues. [ ]
242
was uploaded to Debian unstable by Chris Lamb who also made the following changes:
binwalk
is not available, ensure the user knows they may be missing more info. [ ]0.7.24
and 0.7.25
to Debian unstable which added support for Tox versions 3 and 4 with help from Vagrant Cascadian [ ][ ][ ]
mtools
(forwarded upstream).lombok
.lcov
.lucene8
.bnd
.clc-intercal
.proj
.gcc-13
.pygopherd
.pytorch-audio
.vcmi
.proj
.generateLocaleConfig
in Android Gradle Plugin version 8.1.0 generates XML files using non-deterministic ordering, breaking reproducible builds. [ ]
arm64
nodes only put required modules in the initrd
to save space in the /boot
partition. [ ]--fetch
, --help
, --no-future
and --verbose
options [ ][ ][ ][ ] as well as adding a suite of new actions, such as apt-upgrade
, command
, deploy-git
, rmstamp
, etc. [ ][ ][ ][ ] in addition a significant amount of refactoring [ ][ ][ ][ ].apt
has updates to install. [ ]bind9-dnsutils
on some Ubuntu 18.04 nodes. [ ][ ]apt
upgrades are available. [ ]nocheck
, nopgo
and nolto
when building gcc-*
and binutils
packages [ ] as well as performed some node maintenance [ ][ ]. In addition, Roland Clobus updated the openQA configuration to specify longer timeouts and access to the developer mode [ ] and updated the URL used for reproducible Debian Live images [ ].
#reproducible-builds
on irc.oftc.net
.
rb-general@lists.reproducible-builds.org
Series: | Discworld #29 |
Publisher: | Harper |
Copyright: | November 2002 |
Printing: | August 2014 |
ISBN: | 0-06-230740-1 |
Format: | Mass market |
Pages: | 451 |
Keep the peace. That was the thing. People often failed to understand what that meant. You'd go to some life-threatening disturbance like a couple of neighbors scrapping in the street over who owned the hedge between their properties, and they'd both be bursting with aggrieved self-righteousness, both yelling, their wives would either be having a private scrap on the side or would have adjourned to a kitchen for a shared pot of tea and a chat, and they all expected you to sort it out. And they could never understand that it wasn't your job. Sorting it out was a job for a good surveyor and a couple of lawyers, maybe. Your job was to quell the impulse to bang their stupid fat heads together, to ignore the affronted speeches of dodgy self-justification, to get them to stop shouting and to get them off the street. Once that had been achieved, your job was over. You weren't some walking god, dispensing finely tuned natural justice. Your job was simply to bring back peace.When Vimes is thrown back in time, he has to pick up the role of his own mentor, the person who taught him what policing should be like. His younger self is right there, watching everything he does, and he's desperately afraid he'll screw it up and set a worse example. Make history worse when he's trying to make it better. It's a beautifully well-done bit of tension that uses time travel as the hook to show both how difficult mentorship is and also how irritating one's earlier naive self would be.
He wondered if it was at all possible to give this idiot some lessons in basic politics. That was always the dream, wasn't it? "I wish I'd known then what I know now"? But when you got older you found out that you now wasn't you then. You then was a twerp. You then was what you had to be to start out on the rocky road of becoming you now, and one of the rocky patches on that road was being a twerp.The backdrop of this story, as advertised by the map at the front of the book, is a revolution of sorts. And the revolution does matter, but not in the obvious way. It creates space and circumstance for some other things to happen that are all about the abuse of policing as a tool of politics rather than Vimes's principle of keeping the peace. I mentioned when reviewing Men at Arms that it was an awkward book to read in the United States in 2020. This book tackles the ethics of policing head-on, in exactly the way that book didn't. It's also a marvelous bit of competence porn. Somehow over the years, Vimes has become extremely good at what he does, and not just in the obvious cop-walking-a-beat sort of ways. He's become a leader. It's not something he thinks about, even when thrown back in time, but it's something Pratchett can show the reader directly, and have the other characters in the book comment on. There is so much more that I'd like to say, but so much would be spoilers, and I think Night Watch is more effective when you have the suspense of slowly puzzling out what's going to happen. Pratchett's pacing is exquisite. It's also one of the rare Discworld novels where Pratchett fully commits to a point of view and lets Vimes tell the story. There are a few interludes with other people, but the only other significant protagonist is, quite fittingly, Vetinari. I won't say anything more about that except to note that the relationship between Vimes and Vetinari is one of the best bits of fascinating subtlety in all of Discworld. I think it's also telling that nothing about Night Watch reads as parody. Sure, there is a nod to Back to the Future in the lightning storm, and it's impossible to write a book about police and street revolutions without making the reader think about Les Miserables, but nothing about this plot matches either of those stories. This is Pratchett telling his own story in his own world, unapologetically, and without trying to wedge it into parody shape, and it is so much the better book for it. The one quibble I have with the book is that the bits with the Time Monks don't really work. Lu-Tze is annoying and flippant given the emotional stakes of this story, the interludes with him are frustrating and out of step with the rest of the book, and the time travel hand-waving doesn't add much. I see structurally why Pratchett put this in: it gives Vimes (and the reader) a time frame and a deadline, it establishes some of the ground rules and stakes, and it provides a couple of important opportunities for exposition so that the reader doesn't get lost. But it's not good story. The rest of the book is so amazingly good, though, that it doesn't matter (and the framing stories for "what if?" explorations almost never make much sense). The other thing I have a bit of a quibble with is outside the book. Night Watch, as you may have guessed by now, is the origin of the May 25th Pratchett memes that you will be familiar with if you've spent much time around SFF fandom. But this book is dramatically different from what I was expecting based on the memes. You will, for example see a lot of people posting "Truth, Justice, Freedom, Reasonably Priced Love, And a Hard-Boiled Egg!", and before reading the book it sounds like a Pratchett-style humorous revolutionary slogan. And I guess it is, sort of, but, well... I have to quote the scene:
"You'd like Freedom, Truth, and Justice, wouldn't you, Comrade Sergeant?" said Reg encouragingly. "I'd like a hard-boiled egg," said Vimes, shaking the match out. There was some nervous laughter, but Reg looked offended. "In the circumstances, Sergeant, I think we should set our sights a little higher " "Well, yes, we could," said Vimes, coming down the steps. He glanced at the sheets of papers in front of Reg. The man cared. He really did. And he was serious. He really was. "But...well, Reg, tomorrow the sun will come up again, and I'm pretty sure that whatever happens we won't have found Freedom, and there won't be a whole lot of Justice, and I'm damn sure we won't have found Truth. But it's just possible that I might get a hard-boiled egg."I think I'm feeling defensive of the heart of this book because it's such an emotional gut punch and says such complicated and nuanced things about politics and ethics (and such deeply cynical things about revolution). But I think if I were to try to represent this story in a meme, it would be the "angels rise up" song, with all the layers of meaning that it gains in this story. I'm still at the point where the lilac sprigs remind me of Sergeant Colon becoming quietly furious at the overstep of someone who wasn't there. There's one other thing I want to say about that scene: I'm not naturally on Vimes's side of this argument. I think it's important to note that Vimes's attitude throughout this book is profoundly, deeply conservative. The hard-boiled egg captures that perfectly: it's a bit of physical comfort, something you can buy or make, something that's part of the day-to-day wheels of the city that Vimes talks about elsewhere in Night Watch. It's a rejection of revolution, something that Vimes does elsewhere far more explicitly. Vimes is a cop. He is in some profound sense a defender of the status quo. He doesn't believe things are going to fundamentally change, and it's not clear he would want them to if they did. And yet. And yet, this is where Pratchett's Dickensian morality comes out. Vimes is a conservative at heart. He's grumpy and cynical and jaded and he doesn't like change. But if you put him in a situation where people are being hurt, he will break every rule and twist every principle to stop it.
He wanted to go home. He wanted it so much that he trembled at the thought. But if the price of that was selling good men to the night, if the price was filling those graves, if the price was not fighting with every trick he knew... then it was too high. It wasn't a decision that he was making, he knew. It was happening far below the areas of the brain that made decisions. It was something built in. There was no universe, anywhere, where a Sam Vimes would give in on this, because if he did then he wouldn't be Sam Vimes any more.This is truly exceptional stuff. It is the best Discworld novel I have read, by far. I feel like this was the Watch novel that Pratchett was always trying to write, and he had to write five other novels first to figure out how to write it. And maybe to prepare Discworld readers to read it. There are a lot of Discworld novels that are great on their own merits, but also it is 100% worth reading all the Watch novels just so that you can read this book. Followed in publication order by The Wee Free Men and later, thematically, by Thud!. Rating: 10 out of 10
Courtesy of my CRANberries, there is a diffstat report relative to previous release. More detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page. If you like my open-source work, you may consider sponsoring me at GitHub.Changes in RcppArmadillo version 0.12.4.0.0 (2023-05-26)
- Upgraded to Armadillo release 12.4.0 (Cortisol Profusion Redux)
- Added
norm2est()
for finding fast estimates of matrix 2-norm (spectral norm)- Added
vecnorm()
for obtaining the vector norm of each row or column of a matrix
This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.
AMD Issues It s just been couple of hard weeks apparently for AMD. The first has been the TPM (Trusted Platform Module) issue that was shown by couple of security researchers. From what is known, apparently with $200 worth of tools and with sometime you can hack into somebody machine if you have physical access. Ironically, MS made a huge show about TPM and also made it sort of a requirement if a person wanted to have Windows 11. I remember Matthew Garett sharing about TPM and issues with Lenovo laptops. While AMD has acknowledged the issue, its response has been somewhat wishy-washy. But this is not the only issue that has been plaguing AMD. There have been reports of AMD chips literally exploding and again AMD issuing a somewhat wishy-washy response. Asus though made some changes but is it for Zen4 or only 5 parts, not known. Most people are expecting a recession in I.T. hardware this year as well as next year due to high prices. No idea if things will change, if ever
Illustrator: | Paul Kidby |
Series: | Discworld #27 |
Publisher: | Harper |
Copyright: | 2001, 2002 |
ISBN: | 0-06-050777-2 |
Format: | Graphic novel |
Pages: | 176 |
Welcome to the March 2023 report from the Reproducible Builds project.
In these reports we outline the most important things that we have been up to over the past month. As a quick recap, the motivation behind the reproducible builds effort is to ensure no malicious flaws have been introduced during compilation and distributing processes. It does this by ensuring identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.
If you are interested in contributing to the project, please do visit our Contribute page on our website.
as
frontend, the -ffile-prefix-map
was being ignored. We were tracking this in Debian via the build_path_captured_in_assembly_objects
issue. It has now been fixed and will be reflected in GCC version 13.
Software Supply Chain Attacks (SSCAs) typically compromise hosts through trusted but infected software. The intent of this paper is twofold: First, we present an empirical study of the most prominent software supply chain attacks and their characteristics. Second, we propose an investigative framework for identifying, expressing, and evaluating characteristic behaviours of newfound attacks for mitigation and future defense purposes. We hypothesize that these behaviours are statistically malicious, existed in the past, and thus could have been thwarted in modernity through their cementation x-years ago. [ ]
#reproducible-builds
on the OFTC network.
build_path_captured_in_assembly_objects
to note that it has been fixed for GCC 13 [ ] and Vagrant Cascadian added new issues to mark packages where the build path is being captured via the Rust toolchain [ ] as well as new categorisation for where virtual packages have nondeterministic versioned dependencies [ ].
cockpit
(gzip mtime)crmsh
(by mcepl: rewrite to avoid python toolchain issue)cx_Freeze
(merged, FTBFS-2038)golangci-lint
(date)guestfs-tools
(gzip mtime)perf
(merged, sort python scandir)perl-Date-Calc-XS
(FTBFS-2038)perl-Date-Calc
(FTBFS-2038)pw3270
(merged, date)python-dtaidistance
(drop unreproducible unnecessary file)sonic-pi
(FTBFS-2038)spack
(parallelism)tesseract
(fixed, CPU, -march=native)esda
.gle-graphics-manual
.transfig/fig2dev
(also in openSUSE ; date in PDF)SOURCE_DATE_EPOCH
environment variable.
megacli
packages that are needed for hardware RAID. [ ][ ]/srv/workspace
directory is owned by by the jenkins
user. [ ].debian.net
names everywhere, except when communicating with the outside world. [ ]docker
group from the janitor_setup_worker
script to the (more general) update_jdn.sh
script. [ ]live-build
images. [ ]238
, and Chris Lamb released versions 239
and 240
. Chris Lamb also made the following changes:
include_package_data=True
[ ], fixed the build under Debian bullseye [ ], fixed tool name in a list of tools permitted to be absent during package build tests [ ] and as well as documented sending out an email upon [ ].
In addition, Vagrant Cascadian updated the version of GNU Guix to 238 [ and 239 [ ]. Vagrant also updated reprotest to version 0.7.23. [ ]
#reproducible-builds
on irc.oftc.net
.
rb-general@lists.reproducible-builds.org
Next.