Smart Software Project Road Blocks: An Up-to-the-Minute Report
October 1, 2024
![green-dino_thumb_thumb_thumb_thumb_t[2]_thumb_thumb](https://arnoldit.com/wordpress/wp-content/uploads/2024/09/green-dino_thumb_thumb_thumb_thumb_t2_thumb_thumb-2.gif "green-dino_thumb_thumb_thumb_thumb_t[2]_thumb_thumb")
This essay is the work of a dumb dinobaby. No smart software required.
I worked through a 22-page report by SQREAM, a next-gen data services outfit with GPUs. (You can learn more about the company at this buzzword dense link.) The title of the report is:
The report is a marketing document, but it contains some thought provoking content. The “report” was “administered online by Global Surveyz [sic] Research, an independent global research firm.” The explanation of the methodology was brief, but I don’t want to drag anyone through the basics of Statistics 101. As I recall, few cared and were often good customers for my class notes.
Here are three highlights:
- Smart software and services cause sticker shock.
- Cloud spending by the survey sample is going up.
- And the killer statement: 98 percent of the machine learning projects fail.
Let’s take a closer look at the astounding assertion about the 98 percent failure rate.
The stage is set in the section “Top Challenges Pertaining to Machine Learning / Data Analytics.” The report says:
It is therefore no surprise that companies consider the high costs involved in ML experimentation to be the primary disadvantage of ML/data analytics today (41%), followed by the unsatisfactory speed of this process (32%), too much time required by teams (14%) and poor data quality (13%).
The conclusion the authors of the report draw is that companies should hire SQREAM. That’s okay, no surprise because SQREAM ginned up the study and hired a firm to create an objective report, of course.
So money is the Number One issue.
Why do machine learning projects fail? We know the answer: Resources or money. The write up presents as fact:
The top contributing factor to ML project failures in 2023 was insufficient budget (29%), which is consistent with previous findings – including the fact that “budget” is the top challenge in handling and analyzing data at scale, that more than two-thirds of companies experience “bill shock” around their data analytics processes at least quarterly if not more frequently, that that the total cost of analytics is the aspect companies are most dissatisfied with when it comes to their data stack (Figure 4), and that companies consider the high costs involved in ML experimentation to be the primary disadvantage of ML/data analytics today.
I appreciated the inclusion of the costs of data “transformation.” Glib smart software wizards push aside the hassle of normalizing data so the “real” work can get done. Unfortunately, the costs of fixing up source data are often another cause of “sticker shock.” The report says:
Data is typically inaccessible and not ‘workable’ unless it goes through a certain level of transformation. In fact, since different departments within an organization have different needs, it is not uncommon for the same data to be prepared in various ways. Data preparation pipelines are therefore the foundation of data analytics and ML….
In the final pages of the report a number of graphs appear. Here’s one that stopped me in my tracks:
The sample contained 62 percent user of Amazon Web Services. Number 2 was users of Google Cloud at 23 percent. And in third place, quite surprisingly, was Microsoft Azure at 14 percent, tied with Oracle. A question which occurred to me is: “Perhaps the focus on sticker shock is a reflection of Amazon’s pricing, not just people and overhead functions?”
I will have to wait until more data becomes available to me to determine if the AWS skew and the report findings are normal or outliers.
Stephen E Arnold, October 1, 2024
FOGINT: Telegram Changes Its Tune
October 1, 2024
![green-dino_thumb_thumb_thumb_thumb_t[2]_thumb](https://arnoldit.com/wordpress/wp-content/uploads/2024/09/green-dino_thumb_thumb_thumb_thumb_t2_thumb-2.gif "green-dino_thumb_thumb_thumb_thumb_t[2]_thumb")
This essay is the work of a dumb dinobaby. No smart software required.
Editor note: The term Fogint is a way for us to identify information about online services which obfuscate or mask in some way some online activities. The idea is that end-to-end encryption, devices modified to disguise Internet identifiers, and specialized “tunnels” like those associated with the US MILNET methods lay down “fog”. A third-party is denied lawful intercept, access, or monitoring of obfuscated messages when properly authorized by a governmental entity. Here’s a Fogint story with the poster boy for specialized messaging, Pavel Durov.
Coindesk’s September 23, 2024, artice “Telegram to Provide More User Data to Governments After CEO’s Arrest” reports:
Messaging app Telegram made significant changes to its terms of service, chief executive officer Pavel Durov said in a post on the app on Monday. The app’s privacy conditions now state that Telegram will now share a user’s IP address and phone number with judicial authorities in cases where criminal conduct is being investigated.
Usually described as a messaging application, Telegram is linked to a crypto coin called TON or TONcoin. Furthermore, Telegram — if one looks at the entity from 30,000 feet — consists of a distributed organization engaged in messaging, a foundation, and a recent “society” or “social” service. Among the more interesting precepts of Telegram and its founder is a commitment to free speech and a desire to avoid being told what to do.
Art generated by the MSFT Copilot service. Good enough, MSFT.
After being detained in France, Mr. Durov has made several changes in the way in which he talks about Telegram and its precepts. In a striking shift, Mr. Durov, according to Coindesk:
said that “establishing the right balance between privacy and security is not easy,” in a post on the app. Earlier this month, Telegram blocked users from uploading new media in an effort to stop bots and scammers.
Telegram had a feature which allowed a user of the application to locate users nearby. This feature has been disabled. One use of this feature was its ability to locate a person offering personal services on Telegram via one of its functions. A person interested in the service could use the “nearby” function and pinpoint when the individual offering the service was located. Creative Telegram users could put this feature to a number of interesting uses; for example, purchasing an illegal substance.
Why is Mr. Durov abandoning his policy of ignoring some or most requests from law enforcement seeking to identify a suspect? Why is Mr. Durov eliminating the nearby function? Why is Mr. Durov expressing a new desire to cooperate with investigators and other government authority?
The answer is simple. Once in the custody of the French authorities, Mr. Durov learned of the penalties for breaking French law. Mr. Durov’s upscale Parisian lawyer converted the French legal talk into some easy to understand concepts. Now Mr. Durov has evaluated his position and is taking steps to avoid further difficulties with the French authorities. Mr. Durov’s advisors probably characterized the incarceration options available to the French government; for example, even though Devil’s Island is no longer operational, the Centre Pénitentiaire de Rémire-Montjoly, near Cayenne in French Guiana, moves Mr. Durov further from his operational comfort zone in the Russian Federation and the United Arab Emirates.
The Fogint team does not believe Mr. Durov has changed his core values. He is being rational and using cooperation as a tactic to avoid creating additional friction with the French authorities.
Stephen E Arnold, October 1, 2024
Surveillance Watch Maps the Surveillance App Ecosystem
October 1, 2024
Here is an interesting resource: Surveillance Watch compiles information about surveillance tech firms, organizations that fund them, and the regions in which they are said to operate. The lists, compiled from contributions by visitors to the site, are not comprehensive. But they are full of useful information. The About page states:
“Surveillance technology and spyware are being used to target and suppress journalists, dissidents, and human rights advocates everywhere. Surveillance Watch is an interactive map that documents the hidden connections within the opaque surveillance industry. Founded by privacy advocates, most of whom were personally harmed by surveillance tech, our mission is to shed light on the companies profiting from this exploitation with significant risk to our lives. By mapping out the intricate web of surveillance companies, their subsidiaries, partners, and financial backers, we hope to expose the enablers fueling this industry’s extensive rights violations, ensuring they cannot evade accountability for being complicit in this abuse. Surveillance Watch is a community-driven initiative, and we rely on submissions from individuals passionate about protecting privacy and human rights.”
Yes, the site makes it easy to contribute information to its roundup. Anonymously, if one desires. The site’s information is divided into three alphabetical lists: Surveilling Entities, Known Targets, and Funding Organizations. As an example, here is what the service says about safeXai (formerly Banjo):
“safeXai is the entity that has quietly resumed the operations of Banjo, a digital surveillance company whose founder, Damien Patton, was a former Ku Klux Klan member who’d participated in a 1990 drive-by shooting of a synagogue near Nashville, Tennessee. Banjo developed real-time surveillance technology that monitored social media, traffic cameras, satellites, and other sources to detect and report on events as they unfolded. In Utah, Banjo’s technology was used by law enforcement agencies.”
We notice there are no substantive links which could have been included, like ones to footage of the safeXai surveillance video service or the firm’s remarkable body of patents. In our view, these patents represent an X-ray look at what most firms call artificial intelligence.
A few other names we recognize are IBM, Palantir, and Pegasus owner NSO Group. See the site for many more. The Known Targets page lists countries that, when clicked, list surveilling entities known or believed to be operating there. Entries on the Funding Organizations page include a brief description of each organization with a clickable list of surveillance apps it is known or believed to fund at the bottom. It is not clear how the site vets its entries, but the submission form does include boxes for supporting URL(s) and any files to upload. It also asks whether one consents to be contacted for more information.
Cynthia Murrell, October 1, 2024
Open Source Versus Commercial Software. The Result? A Hybrid Which Neither Parent May Love
September 30, 2024
This essay is the work of a dumb dinobaby. No smart software required.
I have been down the open source trail a couple of times. The journey was pretty crazy because open source was software created to fulfill a computer science class requirement, a way to provide some “here’s what I can do” vibes to a résumé when résumés were anchored to someone’s reality, and “play” that would get code adopted so those in the know could sell services like engineering support, customizing, optimizing, and “making it mostly work.” In this fruit cake, were licenses, VCs, lone-wolves, and a few people creating something useful for a “community” which might or might not “support” the effort. Flip enough open source rocks and one finds some fascinating beasts like IBM, Microsoft, and other giant technology outfits.
Some hybrids work; others do not. Thanks, MSFT Copilot, good enough.
Today I learned their is now a hybrid of open source and proprietary (commercial) software. According to the “Some Startups Are Going Fair Source to Avoid the Pitfalls of Open Source Licensing” states:
The fair source concept is designed to help companies align themselves with the “open” software development sphere, without encroaching into existing licensing landscapes, be that open source, open core, or source-available, and while avoiding any negative associations that exist with “proprietary.” However, fair source is also a response to the growing sense that open source isn’t working out commercially.
Okay. I think “not working out commercially” is “real news” speak for “You can’t make enough money to become a Silicon Type mogul.” The write up adds:
Businesses that have flown the open source flag have mostly retreated to protect their hard work, moving either from fully permissive to a more restrictive “copyleft” license, as the likes of Element did last year and Grafana before it, or ditched open source altogether as HashiCorp did with Terraform.
These are significant developments. What about companies which have built substantial businesses surfing on open source software and have not been giving back in equal measure to the “community”? My hunch is that many start ups use the open source card as a way to get some marketing wind in their tiny sails. Other outfits just cobble together a number of open source software components and assemble a new and revolutionary product. The savings come from the expense of developing an original solution and using open source software to build what becomes a proprietary system. The origins of some software is either ignored by some firms or lost in the haze of employee turnover. After all, who remembers? A number of intelware companies which off specialized services to government agencies incorporate some open source software and use their low profile or operational secrecy to mask what their often expensive products provide to a government entity.
The write up notes:
For now, the main recommended fair source license is the Functional Source License (FSL), which Sentry itself launched last year as a simpler alternative to BUSL. However, BUSL itself has also now been designated fair source, as has another new Sentry-created license called the Fair Core License (FCL), both of which are included to support the needs of different projects. Companies are welcome to submit their own license for consideration, though all fair source licenses should have three core stipulations: It [the code] should be publicly available to read; allow third parties to use, modify, and redistribute with “minimal restrictions“; and have a delayed open source publication (DOSP) stipulation, meaning it converts to a true open source license after a predefined period of time. With Sentry’s FSL license, that period is two years; for BUSL, the default period is four years. The concept of “delaying” publication of source code under a true open source license is a key defining element of a fair source license, separating it from other models such as open core. The DOSP protects a company’s commercial interests in the short term, before the code becomes fully open source.
My reaction is that lawyers will delight in litigating such notions as “minimal restrictions.” The cited article correctly in my opinion says:
Much is open to interpretation and can be “legally fuzzy.”
Is a revolution in software licensing underway?
Some hybrids live; others die.
Stephen E Arnold, September 30, 2024
Microsoft Security: A World First
September 30, 2024
![green-dino_thumb_thumb_thumb_thumb_t[2]](https://arnoldit.com/wordpress/wp-content/uploads/2024/09/green-dino_thumb_thumb_thumb_thumb_t2.gif "green-dino_thumb_thumb_thumb_thumb_t[2]")
This essay is the work of a dumb dinobaby. No smart software required.
After the somewhat critical comments of the chief information security officer for the US, Microsoft said it would do better security. “Secure Future Initiative” is a 25 page document which contains some interesting comments. Let’s look at a handful.
Some bad actors just go where the pickings are the easiest. Thanks, MSFT Copilot. Good enough.
On page 2 I noted the record beating Microsoft has completed:
Our engineering teams quickly dedicated the equivalent of 34,000 full-time engineers to address the highest priority security tasks—the largest cybersecurity engineering project in history.
Microsoft is a large software company. It has large security issues. Therefore, the company undertaken the “largest cyber security engineering project in history.” That’s great for the Guinness Book of World Records. The question is, “Why?” The answer, it seems to me, is, “Microsoft did “good enough” security. As the US government’s report stated, “Nope. Not good enough.” Hence, a big and expensive series of changes. Have the changes been tested or have unexpected security issues been introduced to the sprawl of Microsoft software? Another question from this dinobaby: “Can a big company doing good enough security implement fixes to remediate “the highest priority security tasks”? Companies have difficulty changing certain work practices. Can “good enough” methods do the job?
On page 3:
Security added as a core priority for all employees, measured against all performance reviews. Microsoft’s senior leadership team’s compensation is now tied to security performance
Compensation is lined to security as a “core priority.” I am not sure what making something a “core priority” means, particularly when the organization has implement security systems and methods which have been found wanting. When the US government gives a bad report card, one forms an impression of a fairly deep hole which needs to be filled with functional, reliable bits. Adding a “core priority” does not correlate with security software from cloud to desktop.
On page 5:
To enhance governance, we have established a new Cybersecurity Governance Council…
The creation of a council and adding security responsibilities to some executives and hiring a few other means to me:
- Meetings and delays
- Adding duties may translate to other issues
- How much will these remediating processes cost?
Microsoft may be too big to change its culture in a timely manner. The time required for a council to enhance governance means fixing security problems may take time. Even with additional time and “the equivalent of 34,000 full time engineers” may be a project management task of more than modest proportions.
On page 7:
Secure by design
Quite a subhead. How can Microsoft’s sweep of legacy and now products be made secure by design when these products have been shown to be insecure.
On page 10:
Our strategy for delivering enduring compliance with the standard is to identify how we will Start Right, Stay Right, and Get Right for each standard, which are then driven programmatically through dashboard driven reviews.
The alliteration is notable. However, what is “right”? What happens when fixing up existing issues and adhering to a “standard” find that a “standard” has changed. The complexity of management and the process of getting something “right” is like an example from a book from a Santa Fe Institute complexity book. The reality of addressing known security issues and conforming to standards which may change is interesting to contemplate. Words are great but remediating what’s wrong in a dynamic and very complicated series of dependent services is likely to be a challenge. Bad actors will quickly probe for new issues. Generally speaking, bad actors find faults and exploit them. Thus, Microsoft will find itself in a troublesome mode: Permanent reactions to previously unknown and new security issues.
On page 11, the security manifesto launches into “pillars.” I think the idea is that good security is built upon strong foundations. But when remediating “as is” code as well as legacy code, how long will the design, engineering, and construction of the pillars take? Months, years, decades, or multiple decades. The US CISO report card may not apply to certain time scales; for instance, big government contracts. Pillars are ideas.
Let’s look at one:
The monitor and detect threats pillar focuses on ensuring that all assets within Microsoft production infrastructure and services are emitting security logs in a standardized format that are accessible from a centralized data system for both effective threat hunting/investigation and monitoring purposes. This pillar also emphasizes the development of robust detection capabilities and processes to rapidly identify and respond to any anomalous access, behavior, and configuration.
The reality of today’s world is that security issues can arise from insiders. Outside threats seem to be identified each week. However, different cyber security firms identify and analyze different security issues. No one cyber security company is delivering 100 percent foolproof threat identification. “Logs” are great; however, Microsoft used to charge for making a logging function available to a customer. Now more logs. The problem is that logs help identify a breach; that is, a previously unknown vulnerability is exploited or an old vulnerability makes its way into a Microsoft system by a user action. How can a company which has a poor report card issued by the US government become the firm with a threat detection system which is the equivalent of products now available from established vendors. The recent CrowdStrike misstep illustrates that the Microsoft culture created the opportunity for the procedural mistake someone made at Crowdstrike. The words are nice, but I am not that confident in Microsoft’s ability to build this pillar. Microsoft may have to punt and buy several competitive systems and deploy them like mercenaries to protect the unmotivated Roman citizens in a century.
I think reading the “Secure Future Initiative” is a useful exercise. Manifestos can add juice to a mission. However, can the troops deliver a victory over the bad actors who swarm to Microsoft systems and services because good enough is like a fried chicken leg to a colony of ants.
Stephen E Arnold, September 30, 2024
Salesforce: AI Dreams
September 30, 2024
This essay is the work of a dumb dinobaby. No smart software required.
Big Tech companies are heavily investing in AI technology, including Salesforce. Salesforce CEO Marc Benioff delivered a keynote about his company’s future and the end of an era as reported by Constellation Research: “Salesforce Dreamforce 2024: Takeaways On Agentic AI, Platform, End Of Copilot Era.” Benioff described the copilot era as “hit or miss” and he wants to focus on agentic AI powered by Salesforce.
Constellation Research analyst Doug Henschen said that Benioff made compelling case for Salesforce and Data Cloud being the platform that companies will use to build their AI agents. Salesforce already has metadata, data, app business logic knowledge, and more already programmed in it. While Dream Cloud has data integrated from third-party data clouds and ingested from external apps. Combining these components into one platform without DIY is a very appealing product.
Benioff and his team revamped Salesforce to be less a series of clouds that run independently and more of a bunch of clouds that work together in a native system. It means Salesforce will scale Agentforce across Marketing, Commerce, Sales, Revenue and Service Clouds as well as Tableau.
The new AI Salesforce wants to delete DIY says Benioff:
“‘ DIY means I’m just putting it all together on my own. But I don’t think you can DIY this. You want a single, professionally managed, secure, reliable, available platform. You want the ability to deploy this Agentforce capability across all of these people that are so important for your company. We all have struggled in the last two years with this vision of copilots and LLMs. Why are we doing that? We can move from chatbots to copilots to this new Agentforce world, and it’s going to know your business, plan, reason and take action on your behalf.
It’s about the Salesforce platform, and it’s about our core mantra at Salesforce, which is, you don’t want to DIY it. This is why we started this company.’”
Benioff has big plans for Salesforce and based off this Dreamforce keynote it will succeed. However, AI is still experimental. AI is smart but a human is still easier to work with. Salesforce should consider teaming AI with real people for the ultimate solution.
Whitney Grace, September 30, 2024
Social Media: A Glimpse of What Ignorance Fosters
September 27, 2024
This essay is the work of a dumb dinobaby. No smart software required.
The US Federal Trade Commission has published a free report. “A Look Behind the Screens Examining the Data Practices of Social Media and Video Streaming Services” is about 80 pages comprising the actual report. The document covers:
- A legal framework for social media and streaming services
- Some basic information about the companies mentioned in the report
- The data “practices” of the companies (I would have preferred the phrase “procedures and exploitation”)
- Advertising practices (my suggestion is to name the section “revenue generation and maximization”)
- Algorithms, Data Analytics, or AI
- Children and teens
The document includes comments about competition (er, what?), some conclusions, and FTC staff recommendations.
From the git-go, the document uses an acronym: SMVSSs which represents Social Media and Video Streaming Services. The section headings summarize the scope of the document. The findings are ones which struck me as fairly obvious; specifically:
- People have no idea how much data are collected, analyzed, and monetized
- Revenue is generated by selling ad which hook to the user data
- Lots of software (dumb and smart) are required to make the cost of operations as efficient as possible
- Children’s system use and their data are part of the game plan.
The report presents assorted “should do” and “must do.” These too are obvious; for example, “Companies should implement policies that would ensure greater protection of children and teens.”
I am a dinobaby. Commercial enterprises are going to do what produces revenue and market reach. “Should” and “would” are nice verbs. Without rules and regulations the companies just do what companies do. Consequences were needed more than two decades ago. Now the idea of “fixing up” social media is an idea which begs for reasonable solutions. Some countries just block US social media outfits; others infiltrate the organizations and use them and the data as an extension of a regime’s capabilities. A few countries think that revenue and growth are just dandy. Do you live in one of these nation states?
Net net: Worth reading. I want a T shirt that says SMVSSs.
Stephen E Arnold, September 27, 2024
Solana: Emulating Telegram after a Multi-Year Delay
September 27, 2024
This essay is the work of a dumb dinobaby. No smart software required.
I spotted an interesting example of Telegram emulation. My experience is that most online centric professionals have a general awareness of Telegram. Its more than 125 features and functions are lost in the haze of social media posts, podcasts, and “real” news generated by some humanoids and a growing number of gradient descent based software.
I think the information in “What Is the Solana Seeker Web3 Mobile Device” is worth noting. Why? I will list several reasons at the end of this short write up about a new must have device for some crypto sensitive professionals.
The Solana Seeker is a gizmo that embodies Web3 goodness. Solana was set up to enable the Solana blockchain platform. The wizards behind the firm were Anatoly Yakovenko and Raj Gokal. The duo set up Solana Labs and then shaped what is becoming the go-to organization Lego block for assorted crypto plays: The Solana Foundation. This non-profit organization has made its Proof of History technology into the fires heating the boilers of another coin or currency or New Age financial revolution. I am never sure what emerges from these plays. The idea is to make smart contracts work and enable decentralized finance. The goals include making money, creating new digital experiences to make money, and cash in on those to whom click-based games are a slick way to make money. Did I mention money as a motivator?
A hypothetical conversation between two crypto currency and blockchain experts. What could go wrong? Thanks, MSFT Copilot. Good enough.
How can you interact with the Solana environment? The answer is to purchase an Android-based digital device. The Seeker allows anyone to have the Solana ecosystem in one’s pocket. From my dinobaby’s point of view, we have another device designed to obfuscate certain activities. I assume Solana will disagree with my assessment, but things crypto evoke things at odds with some countries’ rules and regulations.
The cited article points out that the device is a YAAP (yet another Android phone). The big feature seems to be the Seed Vault wallet. In addition to the usual razzle dazzle about security, the Seeker lets a crypto holder participate in transactions with a couple of taps. The Seeker interface is to make crypto activities smoother and easier. Solana has like other mobile vendors created its own online store. When you buy a Seeker, you get a special token. The description I am referencing descends into crypto babble very similar to the lingo used by the Telegram One Network Foundation. The problem is that Telegram has about a billion users and is in the news because French authorities took action to corral the cowboy Russian-born Pavel Durov for some of his behaviors France found objectionable.
Can anyone get into the generic Android device business, do some fiddling, and deploy a specialized device? The answer is, “Yep.” If you are curious, just navigate to Alibaba.com and search for generic cell phones. You have to buy 3,000 or more, but the price is right: About US$70 per piece. Tip: Life is easier if you have an intermediary based in Bangkok or Singapore.
Let’s address the reasons this announcement is important to a dinobaby like me:
- Solana, like Meta (Facebook) is following in Telegram’s footprints. Granted, it has taken these two example companies years to catch on to the Telegram “play”, but movement is underway. If you are a cyber investigator, this emulation of Telegram will have significant implications in 2025 and beyond.
- The more off-brand devices there are, the easier it becomes for intelligence professionals to modify some of these gizmos. The reports of pagers, solar panels, and answering machines behaving in an unexpected manner goes from surprise to someone asking, “Do you know what’s in your digital wallet?”
- The notion of a baked in, super secret enclave for the digital cash provides an ideal way to add secure messaging or software to enable a network in a network in the manner of some military communication services. The patents are publicly available, and they make replication in the realm of possibility.
Net net: Whether the Seeker flies or flops is irrelevant. Monkey see, monkey do. A Telegram technology road map makes interesting reading, and it presages the future of some crypto activities. If you want to know more about our Telegram Road Map, write benkent2020 at yahoo.com.
Stephen E Arnold, September 27, 2024
Stupidity: Under-Valued
September 27, 2024
We’re taught from a young age that being stupid is bad. The stupid kids don’t move onto higher grades and they’re ridiculed on the playground. We’re also fearful of showing our stupidity, which often goes hand and hand with ignorance. These cause embarrassment and fear, but Math For Love has a different perspective: “The Centrality Of Stupidity In Mathematics.”
Math For Love is a Web site dedicated to revolutionizing how math is taught. They have games, curriculum, and more demonstrating how beautiful and fun math is. Math is one of those subjects that makes a lot of people feel dumb, especially the higher levels. The Math For Love team referenced an essay by Martin A. Schwartz called, “The Importance Of Stupidity In Scientific Research.”
Schwartz is a microbiologist and professor at the University of Virginia. In his essay, he expounds on how modern academia makes people feel stupid.
The stupid feeling is one of inferiority. It’s problem. We’re made to believe that doctors, engineers, scientists, teachers, and other smart people never experienced any difficulty. Schwartz points out that students (and humanity) need to learn that research is extremely hard. No one starts out at the top. He also says that they need to be taught how to be productively stupid, i.e. if you don’t feel stupid then you’re not really trying.
Humans are meant to feel stupid, otherwise they wouldn’t investigate, explore, or experiment. There’s an entire era in western history about overcoming stupidity: the Enlightenment. Math For Love explains that stupidity relative for age and once a child grows they overcome certain stupidity levels aka ignorance. Kids gain the comprehension about an idea, then can apply it to life. It’s the literal meaning of the euphemism: once a mind has been stretched it can’t go back to its original size.
“I’ve come to believe that one of the best ways to address the centrality of stupidity is to take on two opposing efforts at once: you need to assure students that they are not stupid, while at the same time communicating that feeling like they are stupid is totally natural. The message isn’t that they shouldn’t be feeling stupid – that denies their honest feeling to learning the subject. The message is that of course they’re feeling stupid… that’s how everyone has to feel in order to learn math!:
Add some warm feelings to the equation and subtract self-consciousness, multiply by practice, and divide by intelligence level. That will round out stupidity and make it productive.
Whitney Grace, September 27, 2024
AI Maybe Should Not Be Accurate, Correct, or Reliable?
September 26, 2024
This essay is the work of a dumb dinobaby. No smart software required.
Okay, AI does not hallucinate. “AI” — whatever that means — does output incorrect, false, made up, and possibly problematic answers. The buzzword “hallucinate” was cooked up by experts in artificial intelligence who do whatever they can to avoid talking about probabilities, human biases migrated into algorithms, and fiddling with the knobs and dials in the computational wonderland of an AI system like Google’s, OpenAI’s, et al. Even the book Why Machines Learn: The Elegant Math Behind Modern AI ends up tangled in math and jargon which may befuddle readers who stopped taking math after high school algebra or who has never thought about Orthogonal matrices.
The Next Web’s “AI Doesn’t Hallucinate — Why Attributing Human Traits to Tech Is Users’ Biggest Pitfall” is an interesting write up. On one hand, it probably captures the attitude of those who just love that AI goodness by blaming humans for anthropomorphizing smart software. On the other hand, the AI systems with which I have interacted output content that is wrong or wonky. I admit that I ask the systems to which I have access for information on topics about which I have some knowledge. Keep in mind that I am an 80 year old dinobaby, and I view “knowledge” as something that comes from bright people working of projects, reading relevant books and articles, and conference presentations or meeting with subjects far from the best exercise leggings or how to get a Web page to the top of a Google results list.
Let’s look at two of the points in the article which caught my attention.
First, consider this passage which is a quote from and AI expert:
“Luckily, it’s not a very widespread problem. It only happens between 2% to maybe 10% of the time at the high end. But still, it can be very dangerous in a business environment. Imagine asking an AI system to diagnose a patient or land an aeroplane,” says Amr Awadallah, an AI expert who’s set to give a talk at VDS2024 on How Gen-AI is Transforming Business & Avoiding the Pitfalls.
Where does the 2 percent to 10 percent number come from? What methods were used to determine that content was off the mark? What was the sample size? Has bad output been tracked longitudinally for the tested systems? Ah, so many questions and zero answers. My take is that the jargon “hallucination” is coming back to bite AI experts on the ankle.
Second, what’s the fix? Not surprisingly, the way out of the problem is to rename “hallucination” to “confabulation”. That’s helpful. Here’s the passage I circled:
“It’s really attributing more to the AI than it is. It’s not thinking in the same way we’re thinking. All it’s doing is trying to predict what the next word should be given all the previous words that have been said,” Awadallah explains. If he had to give this occurrence a name, he would call it a ‘confabulation.’ Confabulations are essentially the addition of words or sentences that fill in the blanks in a way that makes the information look credible, even if it’s incorrect. “[AI models are] highly incentivized to answer any question. It doesn’t want to tell you, ‘I don’t know’,” says Awadallah.
Third, let’s not forget that the problem rests with the users, the personifies, the people who own French bulldogs and talk to them as though they were the favorite in a large family. Here’s the passage:
The danger here is that while some confabulations are easy to detect because they border on the absurd, most of the time an AI will present information that is very believable. And the more we begin to rely on AI to help us speed up productivity, the more we may take their seemingly believable responses at face value. This means companies need to be vigilant about including human oversight for every task an AI completes, dedicating more and not less time and resources.
The ending of the article is a remarkable statement; to wit:
As we edge closer and closer to eliminating AI confabulations, an interesting question to consider is, do we actually want AI to be factual and correct 100% of the time? Could limiting their responses also limit our ability to use them for creative tasks?
Let me answer the question: Yes, outputs should be presented and possibly scored; for example, 90 percent probable that the information is verifiable. Maybe emojis will work? Wow.
Stephen E Arnold, September 26, 2024
-
- Subscribe to Beyond Search
Feature archive
News archive
-
