Weekend Edition 50: Trojan Apps, Teams Now Separate in EU, NVIDIA News, AI, and Tesla Nonsense
Weekend Edition 50: Trojan Apps, Teams Now Separate in EU, NVIDIA News, AI, and Tesla Nonsense
Be Careful, Little Droids, What You Install
Remember that Fine? Microsoft Doesn’t Want to Fight it Anymore
Nvidia AI Chip Restrictions Expand
Nvidia Closes Deal with Google
OpenAI Violates GDPR? You Don’t Say…
Protect Some of Your Data on Meta… Or Just Delete Your Account
‘Enterprise-Grade’ ChatGPT, Right….
NHTSA Raising Cain over Elon Mode Autopilot Mode
WE 1 – Chinese Trojan Apps Detected in Play Store
ESET, one of the premier antivirus providers, recognized two fresh CCP malware-embedded communications apps in the Play Store last month. They have been taken down, now, but they were also uploaded to the Samsung Galaxy Store. They were Signal Plus Messenger and Flygram. The first is a modification of the popular encrypted messaging app, Signal. This one can “collect similar sensitive data, such as the phone’s contact list, while also spying on a victim’s communications. “It can extract the Signal PIN number that protects the Signal account,” Stefanko wrote. In addition, the malicious code can allow the hacker to exploit the “link device” function to view their messages on the Trojanized Signal app.” What’s that mean? If you installed this modified app, your data would be anything but secure or private, in fact, it would be funneled to some server or servers in China. The malicious code injected into these apps is familiar to industry professionals, and is called BadBazaar. Here’s how you can avoid these sorts of apps, though, even if they make it through the screens and onto trusted stores: 1) make sure that the name of the app actually matches the official name, without modifications or tweaks; 2) Check the reviews for the app before you install it on your phone or computer; and 3) Make sure that you are properly sourcing your apps, direct from the developers, if possible (you can easily download and install Telegram from telegram.org and signal from signal.org if you’d like to do that, I actually suggest you do that, rather than depending on Google or Samsung, as those apps have extra censorship anyway).
https://www.pcmag.com/news/chinese-hackers-uploaded-trojanized-signal-app-to-google-play-store
WE 2 – Remember How Microsoft was About to Get Fined in the EU?
Well, they decided to split Teams off from MS365 in the EU to avoid the cost of litigation and fines. I’m somewhat shocked, to be honest. Then again, many municipalities and governments in the EU have gotten away from Microsoft products already, so MS is on its back foot in the EU. They do not want to make themselves any more odious in the Euro Zone than they already are. As of October, business, education, and private users will be able to select a cheaper Teams-less subscription option (saving $26/ year per user), or to buy Teams on its own for $65/ user per year. I made hay on the story about the potential fines to be assessed about a month ago, but MS kind of took the wind out of my sails here, by preemptively moving to split up its bundles in the Eurozone. Darn it all. Darn it all to heck. Will they voluntarily do this elsewhere? Here, perhaps? What would that do to businesses which depend on Teams and its integrations with the rest of O365? Many businesses depend on this collaboration suite, in all its facets, so if they did, it might hurt those small businesses. On the other hand, there is another aspect to this: MS is also set to provide easier API integration access to Slack and Zoom with O365 (calendars, email, etc).
https://www.pcmag.com/news/microsoft-to-sell-teams-separately-in-eu
WE 3 – Nvidia to Face Stricter Limits on AI GPU Sales
You know how the US has put restrictions on which and how many GPUs Nvidia could sell to China recently? Well, Depends’ handlers are concerned about Chinese diplomats and corporate getting their hands on this technology in the Middle East and shipping it back home. Thus, they are poised to apply similar limits in Saudi Arabia, Yemen, Jordan, and others. This could really hurt the chip designer. They could topple from their lofty perch as a $1 trillion dollar market cap company. Yes, AI has shot them to the moon that much. Their shifted focus could also trickle down in the form of GPU shortages to the consumer sector because all of their emphasis is on handling the demand for these insane number crunchers for AI development. Even with a company as massive as Nvidia, you have to remember that they only have so much time and resources that they can purchase in the form of “fab” time at TSMC. Remember, TSMC also makes chips for AMD and Intel, and must make time for that as well.
https://www.pcmag.com/news/nvidia-faces-more-restrictions-on-ai-chip-sales-this-time-in-the-middle
WE 4 – Speaking of Nvidia and AI, Nvidia Has Just Inked a Major Deal with Google
Just what we needed, right? Nvidia partnering with yet another of the abusive tech giants, arguably one of the worst. Then again, they already have deals with Microsoft and Amazon to have severs based on the H100 GPUs running to power their various AI models and tools. This news caused a 4.2% spike in the stock value for Nvidia. It closed at $493.55 on Thursday August 31, 2023, which is its highest close ever. That is huge for the chip maker, as their stock has historically tended to be closer to the $100-200 per share range, and in the last year, they have seen a >100% stock price value boom. This has sent them over into the trillion+ dollar market cap club, with the likes of companies like Apple, Google, and Microsoft. That is nuts. Understandable with Microsoft driving the AI boom, not to mention Windows and Office/ MS 365 sales, along with hardware and Azure and their big cash cow, OpenAI. There is a part of me that wants to speak ill of their success, but aside from when they pop up in the news for doing something stupid, these titans just keep on trucking, almost no matter what happens.
As an aside: because of their horrible business practices (here’s looking at you, Microsoft, Apple, and Google), I cannot be entirely happy with their success, as they hock typically sub-par products which spy on and treat their users like data mines rather than people who have rights to privacy and the like. Microsoft products are terrible, both on a functional level and in terms of privacy and security, and they spy on you like there is no tomorrow. Their telemetry is so embedded that it is almost impossible to root it out without impairing the already limited functionality of their OS and other software as a service options that my suggestion is to ditch it altogether and learn Linux so you can be free again.
As far as Google, we all know that they are a spy company by now. They exist to scrape data from your search queries, gmail messages, youtube histories, android usage history, and Maps data, among their other “free” products. There are alternatives for their services which do not entail bowing the knee to the monster Gates bred. Ones which will not force ads down your throat or scrape your usage data.
And Apple… don’t get me wrong, the Apple silicon hardware is a thing to behold and deserves the spotlight, but I do not like how they lock their users into a walled garden. Notice I called them users, not device owners. Apple does not treat people who buy their hardware as though they had bought it, but as though they were simply leasing these devices.
But I digress… Good job, Nvidia, for being astute enough in your planning to see this AI thing coming far enough ahead to capitalize on it the way that you have in the last year. That is not to say that Nvidia is a perfect company, either… They have stiffed their most loyal customers so many times, extorting them for marginal gains in their rigs, down to spiking the prices for those crucial parts to the moon. I’m still not convinced that RTX is that important, but because of the mindshare that Nvidia enjoys among PC enthusiasts, they have been able to steer the market in a very Apple-like way and set the tone for the other GPU makers (AMD, and lately, Intel).
https://www.cnbc.com/2023/08/29/nvidias-stock-closes-at-record-after-google-ai-partnership.html
WE 5 – ChatGPT Doesn’t Respect the GDPR? You Don’t Say…
A Polish researcher has filed a 17-page complaint with the local privacy watchdog relative to his experience with using ChatGPT to write a biography of himself and found mistakes in the results. Not sure how that made him question the privacy here, but he did dive into the terms of service and whatnot. When he did that, he found what appeared to be GDPR violations in regard to vagaries around how they handle personal data. Gee whiz, I wonder why they would have to be vague about privacy, given Microsoft’s involvement and attitude toward AI as a whole. Remember the last couple of weeks when we have talked about the “wild west of AI”, the responsibility for which is squarely at the feet of Microsoft, who bought OpenAI, the makers of ChatGPT. They took a, “do it now” approach to AI development, and discarded most of the safeguards which had been in place by the developers at OpenAI, among others. This has radically, and I would say, negatively, impacted AI development as a whole, as they chose to throw safety, functionality, and privacy concerns, burn them, and piss on the ashes. This infected the rest of the companies who had already invested r&d time and money into AI, because now they had to play catch-up with Microsoft’s new data mining toy, ChatGPT.
I think that that is the main draw for these mega corporations to blindly rush into generative AI models and tools. While this has spurred much rapid development in the space, which is good on some levels, it has also made this data grab that much more transparent. After all, if they can train their models and algorithms well enough, they can accurately predict our decisions and preferences and feed us ads and information to keep us in those patterns. This is about control. If knowledge is power, and data equals knowledge, and control comes through power, which is data in this equation, then data plus egomania equals control over the masses. That control leads to panics which we have seen in the last few years, from masking, vaxing, and social distancing, to lockdowns and runs on toilet paper and other commodity items. What is the solution? Refusing to participate. Do not use these generative AI tools any more than you already have, opt out of Microsoft, Apple, and Google products wherever you possibly can, and learn to live free.
WE 6 – How to Protect Your Data from Llama2 on Meta
Now you can opt out of your data being used to train this open source monstrosity. It allows you to delete or exclude some of your personal data from being used to train LLAMA 2. This only pertains to info not scraped from Meta properties (Facebook posts, comments, pictures, etc, as well as posts on Instagram or the DOA Threads platform). They do claim that they have yet to roll out any AI products or services on their platforms, but how can we take them seriously, anyway? This is all about data they scrape from other sources for their LLM. Do you believe that this opt-out or delete option is something that will actually be respected, at least here in the US, where our privacy laws and regulations aren’t hardly up to the task? I think that people in the EU have a good chance, or at least a better chance, of being respected by Meta in this, because they know that if they fail to do so, they will have hell to pay from the boys and girls in Brussels. My best advice is to ditch these platforms if you are able to in the least. If not, then you’ll need to dig around in the privacy policy a bit to find the “Generative AI Data Subject Rights” form there, and click “Learn More and Submit Requests Here” link, then pick option two to delete any gathered third-party data from Llama 2. After you click submit, you will be required to pass a security check, which may or may not work. At least you will have done your best to limit their data gathering, whether it winds up meaning anything or not.
WE 7 – “Secure” and “Private” ChatGPT? Press “X” to Doubt
Well, now the world has “enterprise-grade” ChatGPT, with access to GPT-4 and all. So, why should big business want this? It is allegedly personalized, more or less a one-off of the GPT-4 LLM (large language model) which can privately be trained by each enterprise licensee. They say that it is secured with 256-bit AES encryption when the data is at rest, and TLS 1.2+ while in transit. That sounds all well and good, but how can I trust that my “version” of ChatGPT won’t make the whole thing more better by using my company’s inputs to train it? This reminds me of Bedrock, the AWS equivalent. Perhaps this is my anti-Microsoft bias showing through again, but I don’t trust anything that they have their grubby paws involved with. I dare you to try to convince me that they are actually trustworthy. Is this data truly end-to-end encrypted? Does OpenAI have access to each customer’s version? How much access do they have? 32k tokens in a company of 30-50k people seems rather constrained to me. That is what they are targeting, the whales of the world, those Fortune 500+ type of companies who have massive budgets to throw at automation and AI, to “stay at the bleeding edge” in terms of competition. It removes the 50 messages / 3 hours limit that regular Plus users have to contend with. I’m sure that Connor will have more to say about this than I do at the moment, but this, while I’m sure that it is true that these “whale” corporations do mostly use it to some extent, feels monumentally stupid to me right now. Given, most companies in that rarefied air already use O365 and the rest of the MS software stack, but why give them any more data than they already have? Again, I recognize my bias against Microsoft, here, but come on. You guys must see that this is at least problematic.
https://www.computerworld.com/article/3705551/openai-launches-enterprise-grade-chatgpt.html
WE 8 – “Elon Mode” Autopilot Is a Thing, Apparently…
So usually when a Tesla occupant engages “Full Self-Driving” Mode, there is a nag which is in place to remind you to put your hands back on the wheel and pay attention to the road. This “nag” starts as a blinking symbol on the giant touchscreen in the dash, if you ignore it, the car will start to beep at you until you put your hands back on the wheel. “Elon Mode”, also known as, “Look ma, no hands” mode (not really), turns the nag off entirely. The NHTSA is not happy with this, as self-driving tech has not been proven safe as yet, and in communities where autonomous taxis have become a thing, they are being removed because they have had more wrecks than human drivers do. Given, those are not Tesla systems, but the ability, no matter how “secret”, to turn off safety features like that is a rather disconcerting back door, if you ask me. Musk used it in his livestreamed demo on X, almost as if to rub the government’s nose in it. I could get into how little I trust Elon right now, but that is besides the point, isn’t it? My cynical side sees all of this “self-driving” and “AI” stuff as a tool to control us more fully, but then, that is the point of govern-ment, isn’t it? To control the minds of the populace… Maybe I need to get my fin foil hat back out, but even as a tech guy, I am uncomfortable with these things. I want to own, control, and be able to manage all of my stuff as much as possible, particularly when it comes to tech. Call me paranoid, but I think that you will see that I’m right if we let this timeline spool out too much further in the direction it is headed right now. We need to jump tracks, y’all. This ends here, and now. If there were a way to do these things effectively without reference to something centralized and out of our control, then I’d be more amenable to it by far. The problem is that anything that is electronic and has open network ports anywhere can be hacked. Anything electronic can be shut down via EMP, so low-tech is the best way to go if you want to avoid that sort of nonsense. Inconvenient? Absolutely. Painful? At times. Am I something of a hypocrite in talking about this as I type on my MS Surface (running Linux since I got it) and post through my T-Mobile home internet connection? Probably. Thus is life, and at least I fully admit to hypocrisy where it exists.