Simon Willison’s Weblog

Subscribe

December 2023

Dec. 15, 2023

Computer, display Fairhaven character, Michael Sullivan. [...]

Give him a more complicated personality. More outspoken. More confident. Not so reserved. And make him more curious about the world around him.

Good. Now... Increase the character's height by three centimeters. Remove the facial hair. No, no, I don't like that. Put them back. About two days' growth. Better.

Oh, one more thing. Access his interpersonal subroutines, familial characters. Delete the wife.

Captain Janeway, prompt engineering

# 9:46 pm / prompt-engineering, science-fiction, generative-ai, ai, llms

Dec. 16, 2023

Google DeepMind used a large language model to solve an unsolvable math problem. I’d been wondering how long it would be before we saw this happen: a genuine new scientific discovery found with the aid of a Large Language Model.

DeepMind found a solution to the previously open “cap set” problem using Codey, a fine-tuned variant of PaLM 2 specializing in code. They used it to generate Python code and found a solution after “a couple of million suggestions and a few dozen repetitions of the overall process”.

# 1:37 am / google, generative-ai, mathematics, ai, llms

Dec. 18, 2023

Many options for running Mistral models in your terminal using LLM

Visit Many options for running Mistral models in your terminal using LLM

Mistral AI is the most exciting AI research lab at the moment. They’ve now released two extremely powerful smaller Large Language Models under an Apache 2 license, and have a third much larger one that’s available via their API.

[... 2,063 words]

Basically, we’re in the process of replacing our whole social back-end with ActivityPub. I think Flipboard is going to be the first mainstream consumer service that existed in a walled garden that switches over to ActivityPub.

Mike McCue, CEO of Flipboard

# 6:45 pm / mastodon, activitypub, fediverse

Dec. 19, 2023

Facebook Is Being Overrun With Stolen, AI-Generated Images That People Think Are Real. Excellent investigative piece by Jason Koebler digging into the concerning trend of Facebook engagement farming accounts who take popular aspirational images and use generative AI to recreate hundreds of variants of them, which then gather hundreds of comments from people who have no idea that the images are fake.

# 2:01 am / facebook, ai, ethics, generative-ai, jason-koebler

Dec. 20, 2023

Recommendations to help mitigate prompt injection: limit the blast radius

Visit Recommendations to help mitigate prompt injection: limit the blast radius

I’m in the latest episode of RedMonk’s Conversation series, talking with Kate Holterhoff about the prompt injection class of security vulnerabilities: what it is, why it’s so dangerous and why the industry response to it so far has been pretty disappointing.

[... 539 words]

Dec. 21, 2023

OpenAI Begins Tackling ChatGPT Data Leak Vulnerability (via) ChatGPT has long suffered from a frustrating data exfiltration vector that can be triggered by prompt injection attacks: it can be instructed to construct a Markdown image reference to an image hosted anywhere, which means a successful prompt injection can request the model encode data (e.g. as base64) and then render an image which passes that data to an external server as part of the query string.

Good news: they've finally put measures in place to mitigate this vulnerability!

The fix is a bit weird though: rather than block all attempts to load images from external domains, they have instead added an additional API call which the frontend uses to check if an image is "safe" to embed before rendering it on the page.

This feels like a half-baked solution to me. It isn't available in the iOS app yet, so that app is still vulnerable to these exfiltration attacks. It also seems likely that a suitable creative attack could still exfiltrate data in a way that outwits the safety filters, using clever combinations of data hidden in subdomains or filenames for example.

# 4:10 am / prompt-injection, security, generative-ai, openai, chatgpt, ai, llms, markdown-exfiltration

Pushing ChatGPT’s Structured Data Support To Its Limits. The GPT 3.5, 4 and 4 Turbo APIs all provide “function calling”—a misnamed feature that allows you to feed them a JSON schema and semi-guarantee that the output from the prompt will conform to that shape.

Max explores the potential of that feature in detail here, including some really clever applications of it to chain-of-thought style prompting.

He also mentions that it may have some application to preventing prompt injection attacks. I’ve been thinking about function calls as one of the most concerning potential targets of prompt injection, but Max is right in that there may be some limited applications of them that can help prevent certain subsets of attacks from taking place.

# 5:20 pm / max-woolf, generative-ai, openai, ai, llms, prompt-engineering, prompt-injection

Dec. 23, 2023

Spider-Man: Across the Spider-Verse | The Film Score with Daniel Pemberton | “Start a Band” (via) Fabulously nerdy 20 minute YouTube video where Spider-Verse composer Daniel Pemberton breaks down the last track on the film’s soundtrack in meticulous detail.

# 5:59 am / spiderverse, movies

Dec. 31, 2023

iSH: The Linux shell for iOS (via) Installing this iOS app gives you a full Linux shell environment running on your phone, using a “usermode x86 emulator”. You can even install packages: “apk add python3” gave me a working Python 3.9 interpreter, installed from the apk.ish.app repository.

I didn’t think this kind of thing was allowed by the App Store, but that’s not been the case for a few years now: Section 4.5.2 of the App Store guidelines clarifies that “Educational apps designed to teach, develop, or allow students to test executable code may, in limited circumstances, download code provided that such code is not used for other purposes.”

# 4:20 am / appstore, ios, emulator, linux, python

How ima.ge.cx works (via) ima.ge.cx is Aidan Steele’s web tool for browsing the contents of Docker images hosted on Docker Hub. The architecture is really interesting: it’s a set of AWS Lambda functions, written in Go, that fetch metadata about the images using Step Functions and then cache it in DynamoDB and S3. It uses S3 Select to serve directory listings from newline-delimited JSON in S3 without retrieving the whole file.

# 4:32 am / go, s3, aws

Last weeknotes of 2023

I’ve slowed down for that last week of the year. Here’s a wrap-up for everything else from the month of December.

[... 481 words]

datasette-plot—a new Datasette Plugin for building data visualizations. I forgot to link to this here last week: Alex Garcia released the first version of datasette-plot, a brand new Datasette visualization plugin built on top of the Observable Plot charting library. We plan to use this as the new, updated alternative to my older datasette-vega plugin.

# 5:04 am / datasette, plugins, observable, visualization, alex-garcia, observable-plot

There is something so vulnerable and frightening about doing your own thing, because it’s your fault if it doesn’t work. And then there’s this other kind of work, where you’re paid an extraordinary amount of money, you’re the hero before you walk in the door, you’re not even held that accountable, because you have a limited amount of time, and all you can do is make it better.

Craig Mazin

# 8:53 pm / screenwriting, entrepreneurship, startups

Stuff we figured out about AI in 2023

Visit Stuff we figured out about AI in 2023

2023 was the breakthrough year for Large Language Models (LLMs). I think it’s OK to call these AI—they’re the latest and (currently) most interesting development in the academic field of Artificial Intelligence that dates back to the 1950s.

[... 2,960 words]

2023 » December

MTWTFSS
    123
45678910
11121314151617
18192021222324
25262728293031