Kelly Newman – Page 11

Apple chips can be hacked to leak secrets from Gmail, iCloud, and more

a-series chips, Apple, Biz & IT, m-series chips, Security, side channels, speculative execution / Kelly Newman / January 28, 2025

MEET FLOP AND ITS CLOSE RELATIVE, SLAP

Side channel gives unauthenticated remote attackers access they should never have.

Apple is introducing three M3 performance tiers at the same time. Credit: Apple

Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail.

The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip sets, open them to side channel attacks, a class of exploit that infers secrets by measuring manifestations such as timing, sound, and power consumption. Both side channels are the result of the chips’ use of speculative execution, a performance optimization that improves speed by predicting the control flow the CPUs should take and following that path, rather than the instruction order in the program.

A new direction

The Apple silicon affected takes speculative execution in new directions. Besides predicting control flow CPUs should take, it also predicts the data flow, such as which memory address to load from and what value will be returned from memory.

The most powerful of the two side-channel attacks is named FLOP. It exploits a form of speculative execution implemented in the chips’ load value predictor (LVP), which predicts the contents of memory when they’re not immediately available. By inducing the LVP to forward values from malformed data, an attacker can read memory contents that would normally be off-limits. The attack can be leveraged to steal a target’s location history from Google Maps, inbox content from Proton Mail, and events stored in iCloud Calendar.

SLAP, meanwhile, abuses the load address predictor (LAP). Whereas LVP predicts the values of memory content, LAP predicts the memory locations where instruction data can be accessed. SLAP forces the LAP to predict the wrong memory addresses. Specifically, the value at an older load instruction’s predicted address is forwarded to younger arbitrary instructions. When Safari has one tab open on a targeted website such as Gmail, and another open tab on an attacker site, the latter can access sensitive strings of JavaScript code of the former, making it possible to read email contents.

“There are hardware and software measures to ensure that two open webpages are isolated from each other, preventing one of them from (maliciously) reading the other’s contents,” the researchers wrote on an informational site describing the attacks and hosting the academic papers for each one. “SLAP and FLOP break these protections, allowing attacker pages to read sensitive login-protected data from target webpages. In our work, we show that this data ranges from location history to credit card information.”

There are two reasons FLOP is more powerful than SLAP. The first is that it can read any memory address in the browser process’s address space. Second, it works against both Safari and Chrome. SLAP, by contrast, is limited to reading strings belonging to another webpage that are allocated adjacently to the attacker’s own strings. Further, it works only against Safari. The following Apple devices are affected by one or both of the attacks:

• All Mac laptops from 2022–present (MacBook Air, MacBook Pro)

• All Mac desktops from 2023–present (Mac Mini, iMac, Mac Studio, Mac Pro)

• All iPad Pro, Air, and Mini models from September 2021–present (Pro 6th and 7th generation, Air 6th gen., Mini 6th gen.)

• All iPhones from September 2021–present (All 13, 14, 15, and 16 models, SE 3rd gen.)

Attacking LVP with FLOP

After reverse-engineering the LVP, which was introduced in the M3 and A17 generations, the researchers found that it behaved unexpectedly. When it sees the same data value being repeatedly returned from memory for the same load instruction, it will try to predict the load’s outcome the next time the instruction is executed, “even if the memory accessed by the load now contains a completely different value!” the researchers explained. “Therefore, using the LVP, we can trick the CPU into computing on incorrect data values.” They continued:

“If the LVP guesses wrong, the CPU can perform arbitrary computations on incorrect data under speculative execution. This can cause critical checks in program logic for memory safety to be bypassed, opening attack surfaces for leaking secrets stored in memory. We demonstrate the LVP’s dangers by orchestrating these attacks on both the Safari and Chrome web browsers in the form of arbitrary memory read primitives, recovering location history, calendar events, and credit card information.”

FLOP requires a target to be logged in to a site such as Gmail or iCloud in one tab and the attacker site in another for a duration of five to 10 minutes. When the target uses Safari, FLOP sends the browser “training data” in the form of JavaScript to determine the computations needed. With those computations in hand, the attacker can then run code reserved for one data structure on another data structure. The result is a means to read chosen 64-bit addresses.

When a target moves the mouse pointer anywhere on the attacker webpage, FLOP opens the URL of the target page address in the same space allocated for the attacker site. To ensure that the data from the target site contains specific secrets of value to the attacker, FLOP relies on behavior in Apple’s WebKit browser engine that expands its heap at certain addresses and aligns memory addresses of data structures to multiples of 16 bytes. Overall, this reduces the entropy enough to brute-force guess 16-bit search spaces.

Illustration of FLOP attack recovering data from Google Maps Timeline (Top), a Proton Mail inbox (Middle), and iCloud Calendar (Bottom). Credit: Kim et al.

When a target browses with Chrome, FLOP targets internal data structures the browser uses to call WebAssembly functions. These structures first must vet the signature of each function. FLOP abuses the LVP in a way that allows the attacker to run functions with the wrong argument—for instance, a memory pointer rather than an integer. The end result is a mechanism for reading chosen memory addresses.

To enforce site isolation, Chrome allows two or more webpages to share address space only if their extended top-level domain and the prefix before this extension (for instance, www.square.com) are identical. This restriction prevents one Chrome process from rendering URLs with attacker.square.com and target.square.com, or as attacker.org and target.org. Chrome further restricts roughly 15,000 domains included in the public suffix list from sharing address space.

To bypass these rules, FLOP must meet three conditions:

It cannot target any domain specified in the list such that attacker.site.tld can share an address space with target.site.tld
The webpage must allow users to host their own JavaScript and WebAssembly on the attacker.site.tld,
The target.site.tld must render secrets

Here, the researchers show how such an attack can steal credit card information stored on a user-created Square storefront such as storename.square.site. The attackers host malicious code on their own account located at attacker.square.site. When both are open, attacker.square.site inserts malicious JavaScript and WebAssembly into it. The researchers explained:

“This allows the attacker storefront to be co-rendered in Chrome with other store-front domains by calling window.open with their URLs, as demonstrated by prior work. One such domain is the customer accounts page, which shows the target user’s saved credit card information and address if they are authenticated into the target storefront. As such, we recover the page’s data.”

Left: UI elements from Square’s customer account page for a storefront. Right: Recovered last four credit card number digits, expiration date, and billing address via FLOP-Control. Credit: Kim et al.

SLAPping LAP silly

SLAP abuses the LAP feature found in newer Apple silicon to perform a similar data-theft attack. By forcing LAP to predict the wrong memory address, SLAP can perform attacker-chosen computations on data stored in separate Safari processes. The researchers demonstrate how an unprivileged remote attacker can then recover secrets stored in Gmail, Amazon, and Reddit when the target is authenticated.

Top: Email subject and sender name shown as part of Gmail’s browser DOM. Bottom: Recovered strings from this page. Credit: Kim et al.

Top Left: A listing for coffee pods from Amazon’s ‘Buy Again’ page. Bottom Left: Recovered item name from Amazon. Top Right: A comment on a Reddit post. Bottom Right: the recovered text. Credit: Kim et al.

“The LAP can issue loads to addresses that have never been accessed architecturally and transiently forward the values to younger instructions in an unprecedentedly large window,” the researchers wrote. “We demonstrate that, despite their benefits to performance, LAPs open new attack surfaces that are exploitable in the real world by an adversary. That is, they allow broad out-of-bounds reads, disrupt control flow under speculation, disclose the ASLR slide, and even compromise the security of Safari.”

SLAP affects Apple CPUs starting with the M2/A15, which were the first to feature LAP. The researchers said that they suspect chips from other manufacturers also use LVP and LAP and may be vulnerable to similar attacks. They also said they don’t know if browsers such as Firefox are affected because they weren’t tested in the research.

An academic report for FLOP is scheduled to appear at the 2025 USENIX Security Symposium. The SLAP research will be presented at the 2025 IEEE Symposium on Security and Privacy. The researchers behind both papers are:

• Jason Kim, Georgia Institute of Technology

• Jalen Chuang, Georgia Institute of Technology

• Daniel Genkin, Georgia Institute of Technology

• Yuval Yarom, Ruhr University Bochum

The researchers published a list of mitigations they believe will address the vulnerabilities allowing both the FLOP and SLAP attacks. They said that Apple officials have indicated privately to them that they plan to release patches.

In an email, an Apple representative declined to say if any such plans exist. “We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats,” the spokesperson wrote. “Based on our analysis, we do not believe this issue poses an immediate risk to our users.”

Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82.

Apple chips can be hacked to leak secrets from Gmail, iCloud, and more Read More »

Pebble’s founder wants to relaunch the e-paper smartwatch for its fans

eric migicovsky, fitbit, Google, Pebble, smartwatch, smartwatches, Tech / Kelly Newman / January 27, 2025

With that code, Migicovsky can address the second reason for a new Pebble—nothing has really replaced the original. On his blog, Migicovsky defines the core of Pebble’s appeal: always-on screen; long battery life; a “simple and beautiful user experience” focused on useful essentials; physical buttons; and “Hackable,” including custom watchfaces.

Migicovsky writes that a small team is tackling the hardware aspect, making a watch that runs PebbleOS and “basically has the same specs and features as Pebble” but with “fun new stuff as well.” Crucially, they’re taking a different path than the original Pebble company:

“This time round, we’re keeping things simple. Lessons were learned last time! I’m building a small, narrowly focused company to make these watches. I don’t envision raising money from investors, or hiring a big team. The emphasis is on sustainability. I want to keep making cool gadgets and keep Pebble going long into the future.”

Still not an Apple Watch, by design

Pebble watch showing a text watchface (reading 12:27 p.m.), with greenh silicone band and prominent side button. — The Pebble 2 HR, the last Pebble widely shipped. Credit: Valentina Palladino

Ars asked Migicovsky by email if modern-day Pebbles would have better interoperability with Apple’s iPhones than the original models. “No, even less now!” Migicovsky replied, pointing to the Department of Justice’s lawsuit against Apple in 2024. That lawsuit claims that Apple “limited the functionality of third-party smartwatches” to keep people using Apple Watches and then, as a result, less likely to switch away from iPhones.

Apple has limited the functionality of third-party smartwatches so that users who purchase the Apple Watch face substantial out-of-pocket costs if they do not keep buying iPhones. The core functionality Migicovsky detailed, he wrote, was still possible on iOS. Certain advanced features, like replying to notifications with voice dictation, may be limited to Android phones.

Migicovsky’s site and blog do not set a timeline for new hardware. His last major project, the multi-protocol chat app Beeper, was sold to WordPress.com owner Automattic in April 2024, following a protracted battle with Apple over access to its iMessage protocol.

Pebble’s founder wants to relaunch the e-paper smartwatch for its fans Read More »

DeepSeek Panic at the App Store

DeepSeek / Kelly Newman / January 27, 2025

DeepSeek released v3. Market didn’t react.

DeepSeek released r1. Market didn’t react.

DeepSeek released a fing app of its website. Market said I have an idea, let’s panic.

Nvidia was down 11%, Nasdaq is down 2.5%, S&P is down 1.7%, on the news.

Shakeel: The fact this is happening today, and didn’t happen when r1 actually released last Wednesday, is a neat demonstration of how the market is in fact not efficient at all.

That is exactly the market’s level of situational awareness. No more, no less.

I traded accordingly. But of course nothing here is ever investment advice.

Given all that has happened, it seems worthwhile to go over all the DeepSeek news that has happened since Thursday. Yes, since Thursday.

For previous events, see my top level post here, and additional notes on Thursday.

To avoid confusion: r1 is clearly a pretty great model. It is the best by far available at its price point, and by far the best open model of any kind. I am currently using it for a large percentage of my AI queries.

Joe Weisenthal: Call me a nationalist or whatever. But I hope that the AI that turns me into a paperclip is American made.

Peter Wildeford: Seeing everyone lose their minds about Deepseek does not reassure me that we will handle AI progress well.

Miles Brundage: I need the serenity to accept the bad DeepSeek takes I cannot change.

[Here is his One Correct Take, I largely but not entirely agree with it, my biggest disagreement is I am worried about an overly jingoist reaction and not only about us foolishly abandoning export controls].

Satya Nadella (CEO Microsoft): Jevons paradox strikes again! As AI gets more efficient and accessible, we will see its use skyrocket, turning it into a commodity we just can’t get enough of.

Danielle Fong: everyone today: if you’re in “we’re so back” pivot to “it’s over”

Danielle Fong, a few hours later: if you’re in “it’s so over” pivot to “jevons paradox”

Kai-Fu Lee: In my book AI Superpowers, I predicted that US will lead breakthroughs, but China will be better and faster in engineering. Many people simplified that to be “China will beat US.” And many claimed I was wrong with GenAI. With the recent DeepSeek releases, I feel vindicated.

Dean Ball: Being an AI policy professional this week has felt like playing competitive Starcraft.

Lots of people are rushing to download the DeepSeek app.

Some of us started using r1 before the app. Joe Weisenthal noted he had ‘become a DeepSeek bro’ and that this happened overnight, switching costs are basically zero. They’re not as zero as they might look, and I expect the lockin with Operator from OpenAI to start mattering soon, but for most purposes yeah, you can just switch, and DeepSeek is free for conversational use including r1.

Switching costs are even closer to zero if, like most people, you weren’t a serious user of LLMs yet.

Then regular people started to notice DeepSeek.

This is what it looked like before the app shot to #1, when it merely cracked the top 10:

Ken: It’s insane the extent to which the DeepSeek News has broken “the containment zone.” I saw a Brooklyn-based Netflix comedian post about “how embarrassing it was that the colonial devils spent $10 billion, while all they needed was GRPO.”

llm news has arrived as a key political touchstone. will only heighten from here.

Olivia Moore: DeepSeek’s mobile app has entered the top 10 of the U.S. App Store.

It’s getting ~300k global daily downloads.

This may be the first non-GPT based assistant to get mainstream U.S. usage. Claude has not cracked the top 200.

This may be the first non-GPT based assistant to get mainstream U.S. usage.

The app was released on Jan. 11, and is linked on DeepSeek’s website (so does appear to be affiliated).

Per reviews, users are missing some ChatGPT features like voice mode…but basically see it as a free version of OpenAI’s premium models.

Google Gemini also cracked the top 10, in its first week after release (but with a big distribution advantage!)

Will be interesting to see how high DeepSeek climbs, and how long it stays up there 🤔

Claude had ~300k downloads last month, but that’s a lot less than 300k per day.

Metaschool: Google Trends: DeepSeek vs. Claude

Kalomaze: Holy s, it’s in the top 10?

Then it went all the way to #1 on the iPhone app store.

Kevin Xu: Two weeks ago, RedNote topped the download chart

Today, it’s DeepSeek

We are still in January

If constraint is the mother of invention, then collective ignorance is the mother of many downloads

Here’s his flashback to the chart when RedNote was briefly #1, note how fickle the top listings can be, Lemon8, Flip and Clapper were there too:

The ‘collective ignorance’ here is that news about DeepSeek and the app is only arriving now. That leads to a lot of downloads.

I have a Pixel 9, so I checked the Android app store. They have Temu at #1 (also Chinese!) followed by Scoopz which I literally have never heard of, then Instagram, T-Life (seriously what?), ReelShort, WhatsApp Messenger, ChatGPT (interesting that Android users are less AI pilled in general), Easy Homescreen (huh), TurboTax (oh no), Snapchat and then DeepSeek at #11. So if they’ve ‘saturated the benchmark’ on iPhone, this one is next, I suppose.

It seems DeepSeek got so many downloads they had to hit the breaks, similar to how OpenAI and Anthropic have had to do this in the past.

Joe Weisenthal: *DEEPSEEK: RESTRICTS REGISTRATION TO CHINA MOBILE PHONE NUMBERS

Because:

It’s completely free.
It has no ads.
It’s a damn good model, sir.
It lets you see the chain of thought which is a lot more interesting and fun and also inspires trust.
All the panic about it only helped people notice, getting it on the news and so on.
It’s the New Hotness that people hadn’t downloaded before, and that everyone is talking about right now because see the first five.
No, this mostly isn’t about ‘people don’t trust American tech companies but they do trust the Chinese.’ But there aren’t zero people who are wrong enough to think this way, and China actively attempts to cultivate this including through TikTok.
The Open Source people are also yelling about how this is so awesome and trustworthy and virtuous and so on, and being even more obnoxious than usual, which may or may not be making any meaningful difference.

I suspect we shouldn’t be underestimating the value of showing the CoT here, as I also discuss elsewhere in the post.

Garry Tan: DeepSeek search feels more sticky even after a few queries because seeing the reasoning (even how earnest it is about what it knows and what it might not know) increases user trust by quite a lot

Nabeel Qureshi: I wouldn’t be surprised if OpenAI starts showing CoTs too; it’s a much better user experience to see what the machine is thinking, and the rationale for keeping them secret feels weaker now that the cat’s out of the bag anyway.

It’s just way more satisfying to watch this happen.

It’s practically useful too: if the model’s going off in wrong directions or misinterpreting the request, you can tell sooner and rewrite the prompt.

That doesn’t mean it is ‘worth’ sharing the CoT, even if it adds a lot of value – it also reveals a lot of valuable information, including as part of training another model. So the answer isn’t obvious.

What’s their motivation?

Meta is pursuing open weights primarily because they believe it maximizes shareholder value. DeepSeek seems to be doing it primarily for other reasons.

Corey Gwin: There’s gotta be a catch… What did China do or hide in it? Will someone release a non-censored training set?

Amjad Masad: What’s Meta’s catch with Llama? Probably have similar incentives.

Anton: How is Deepseek going to make money?

If they just release their top model weights, why use their API?

Mistral did this and look where they are now (research licenses only and private models)

Han Xiao: deepseek’s holding 幻方量化 is a quant company, many years already,super smart guys with top math background; happened to own a lot GPU for trading/mining purpose, and deepseek is their side project for squeezing those gpus.

It’s an odd thing to do as a hedge fund, to create something immensely valuable and give it away for essentially ideological reasons. But that seems to be happening.

Several possibilities. The most obvious ones are, in some combination:

They don’t need a business model. They’re idealists looking to give everyone AGI.
They’ll pivot to the standard business model same as everyone else.
They’re in it for the prestige, they’ll recruit great engineers and traders and everyone will want to invest capital.
Get people to use v3 and r1, collect the data on what they’re saying and asking, use that information as the hedge fund to trade. Being open means they miss out on some of the traffic but a lot of it will still go to the source anyway if they make it free, or simply because it’s easier.
(They’re doing this because China wants them to, or they’re patriots, perhaps.)
Or just: We’ll figure out something.

For now, they are emphasizing motivation #1. From where I sit, there is very broad uncertainty about which of these dominate, or will dominate in the future no matter what they believe about themselves today.

Also, there are those who do not approve of motivation #1, and the CCP seems plausibly on that list. Thus, Tyler Cowen asks a very good question that is surprisingly rarely asked right now.

Tyler Cowen: DeepSeek okie-dokie: “All I know is we keep pushing forward to make open-source AGI a reality for everyone.” I believe them, the question is what counter-move the CCP will make now.

I also believe they intend to build and open source AGI.

The CCP is doubtless all for DeepSeek having a hit app. And they’ve been happy to support open source in places where open source doesn’t pose existential risks, because the upsides of doing that are very real.

That’s very different from an intent to open source AGI. China’s strategy on AI regulation so far has focused on content moderation for topics they care about. That approach won’t stay compatible with their objectives over time.

For that future intention to open source AGI, the question is not ‘how move will the CCP make to help them do this and get them funding and chips?’

The question now becomes: “What countermove will the CCP make now?”

The CCP wants to stay in control. What DeepSeek is doing is incompatible with that. If they are not simply asleep at the wheel, they understand this. Yes, it’s great for prestige, and they’re thrilled that if this model exists it came from China, but they will surely notice how if you run it on your own it’s impossible to control and fully uncensored out of the box and so on.

Might want to Pick Up the Phone. Also might not need to.

Yishan takes the opposite perspective, that newcomers like DeepSeek who come out with killer products like this are on steep upward trajectories and their next product will shock you with how good it is, seeing it as similar to Internet Explorer 3 or Firefox, or iPhone 1 or early Facebook or Google Docs or GPT-3 or early SpaceX and so on.

I think the example list here illustrates why I think DeepSeek probably (but not definitely) doesn’t belong on that list. Yishan notes that the incumbents here are dynamic and investing hard, which wasn’t true in most of the other examples. And many of them involve conceptually innovative approaches to go with the stuck incumbents. Again, that’s not the case here.

I mean, I fully expect there to be a v4 and r2 some time in 2025, and for those to blow out of the water v3 and r1 and probably the other models that are released right now. Sure. But I also expect OpenAI and Anthropic and Google to blow the current class of stuff out of the water by year’s end. Indeed, OpenAI is set to do this in about a week or two with o3-mini and then o3 and o3-pro.

Most of all, to those who are saying that ‘China has won’ or ‘China is in the lead now,’ or other similar things, seriously, calm the down.

Yishan: They are already working on the next thing. China may reach AGI first, which is a bogeyman for the West, except that the practical effect will probably just be that living in China starts getting really nice.

America, it ain’t the Chinese girl spies here you gotta worry about, you need to be flipping the game and sending pretty white girls over there to seduce their engineers and steal their secrets, stat.

If you’re serious about the steal the engineering secrets plan, of course, you’d want to send over a pretty white girl… with a green card with the engineer’s name on it. And the pretty, white and girl parts are then all optional. But no, China isn’t suddenly the one with the engineering secrets.

I worry about this because I worry about a jingoist ‘we must beat China and we are behind’ reaction causing the government to do some crazy ass stuff that makes us all much more likely to get ourselves killed, above and beyond what has already happened. There’s a lot of very strong Missile Gap vibes here.

And I wrote that sentence before DeepSeek went to #1 on the app store and there was a $1 trillion market panic. Oh no.

So, first off, let’s all calm down about that $5.5 million training number.

Dean Ball offers notes on DeepSeek and r1 in the hopes of calming people down. Because we have such different policy positions yet see this situation so similarly, I’m going to quote him in full, and then note the places I disagree. Especially notes #2, #5 and #4 here, yes all those claims he is pointing out are Obvious Nonsense are indeed Obvious Nonsense:

Dean Ball: The amount of factually incorrect information and hyperventilating takes on deepseek on this website is truly astounding. I assumed that an object-level analysis was unnecessary but apparently I was wrong. Here you go:

DeepSeek is an extremely talented team and has been producing some of the most interesting public papers in ML for a year. I first wrote about them in May 2024, though was tracking them earlier. They did not “come out of nowhere,” at all.

v3 and r1 are impressive models. v3 did not, however, “cost $5m.” That reported figure is almost surely their *marginalcost. It does not include the fixed cost of building a cluster (and deepseek builds their own, from what I understand), nor does it include the cost of having a staff.

Part of the reason DeepSeek looks so impressive (apart from just being impressive!) is that they are among the only truly cracked teams releasing detailed frontier AI research. This is a soft power loss on America’s part, and is directly downstream of the culture of secrecy that we foster in a thousand implicit and explicit ways, including by ceaselessly analogizing AI to nuclear weapons. Maybe you believe that’s a good culture to have! Perhaps secrecy is in fact the correct long term strategy. But it is the obvious and inevitable tradeoff of such a culture; I and many others have been arguing this for a long time.

Deepseek’s r1 is not an indicator that export controls are failing (again, I say this as a skeptic of the export controls!), nor is it an indicator that “compute doesn’t matter,” nor does it mean “America’s lead is over.”

Lots of people’s hyperbolic commentary on this topic, in all different directions, is driven by their broader policy agenda rather than a desire to illuminate reality. Caveat emptor.

With that said, DeepSeek does mean that open source AI is going to be an important part of AI dynamics and competition for at least the foreseeable future, and probably forever.

r1 especially should not be a surprise (if anything, v3 is in fact the bigger surprise, though it too is not so big of a surprise). The reasoning approach is an algorithm—lines of code! There is no moat in such things. Obviously it was going to be replicated quickly. I personally made bets that a Chinese replication would occur within 3 months of o1’s release.

Competition is going to be fierce, and complacency is our enemy. So is getting regulation wrong. We need to reverse course rapidly from the torrent of state-based regulation that is coming that will be *awfulfor AI. A simple federal law can preempt all of the most damaging stuff, and this is a national security and economic competitiveness priority. The second best option is to find a state law that can serve as a light touch national standard and see to it that it becomes a nationwide standard. Both are exceptionally difficult paths to walk. Unfortunately it’s where we are.

I fully agree with #1 through #6.

For #3 I would say it is downstream of our insane immigration policies! If we let their best and brightest come here, then DeepSeek wouldn’t have been so cracked. And I would say strongly that, while their release of the model and paper is a ‘soft power’ reputational win, I don’t think that was worth the information they gave up, and in purely strategic terms they made a rather serious mistake.

I can verify the bet in #7 was very on point, I wasn’t on either side of the wager but was in the (virtual) Room Where It Happened. Definite Bayes points to Dean for that wager. I agree that ‘reasoning model at all, in time’ was inevitable. But I don’t think you should have expected r1 to come out this fast and be this good, given what we knew at the time of o1’s release, and certainly it shouldn’t have been obvious, and I think ‘there are no moats’ is too strong.

For #8 we of course have our differences on regulation, but we do agree on a lot of this. Dean doubtless would count a lot more things as ‘awful state laws’ than I would, but we agree that the proposed Texas law would count. At this point, given what we’ve seen from the Trump administration, I think our best bet is the state law path. As for pre-emption, OpenAI is actively trying to get an all-encompassing version of that in exchange for essentially nothing at all, and win an entirely free hand, as I’ve previously noted. We can’t let that happen.

Seriously, though, do not over index on the $5.5 million in compute number.

Kevin Roose: It’s sort of funny that every American tech company is bragging about how much money they’re spending to build their models, and DeepSeek is just like “yeah we got there with $47 and a refurbished Chromebook”

Nabeel Qureshi: Everyone is way overindexing on the $5.5m final training run number from DeepSeek.

– GPU capex probably $1BN+

– Running costs are probably $X00M+/year

– ~150 top-tier authors on the v3 technical paper, $50m+/year

They’re not some ragtag outfit, this was a huge operation.

Nathan Lambert has a good run-down of the actual costs here.

I have no idea if the “we’re just a hedge fund with a lot of GPUs lying around” thing is really the whole story or not but with a budget of _that_ size, you have to wonder…

…

They themselves sort of point this out, but there’s a bunch of broader costs too.

The Thielian point here is that the best salespeople often don’t look like salespeople.

There’s clearly an angle here with the whole “we’re way more efficient than you guys”, all described in the driest technical language….

Nathan Lambert: These costs are not necessarily all borne directly by DeepSeek, i.e. they could be working with a cloud provider, but their cost on compute alone (before anything like electricity) is at least $100M’s per year.

For one example, consider comparing how the DeepSeek V3 paper has 139 technical authors. This is a very large technical team.With headcount costs that can also easily be over $10M per year, estimating the cost of a year of operations for DeepSeek AI would be closer to $500M (or even $1B+) than any of the $5.5M numbers tossed around for this model. The success here is that they’re relevant among American technology companies spending what is approaching or surpassing $10B per year on AI models.

Richard Song: Every AI company after DeepSeek be like:

Danielle Fong: when tesla claimed that they were going to have batteries < $100 / kWh, practically all funding for american energy storage companies tanked.

tesla still won’t sell you a powerwall or powerpack for $100/kWh. it’s like $1000/kWh and $500 for a megapack.

the entire VC sector in the US was bluffed and spooked by Elon. don’t be stupid in this way again.

What I’m saying here is that VCs need to invest in technology learning curves. things get better over time. but if you’re going to compare what your little startup can get out as an MVP in its first X years, and are comparing THAT projecting forward to what a refined tech can do in a decade, you’re going to scare yourself out of making any investments. you need to find a niche you can get out and grow in, and then expand successively as you come down the learning curve.

the AI labs that are trashing their own teams and going with deepseek are doing the equivalent today. don’t get bluffed. build yourself.

Is it impressive that they (presumably) did the final training run with only $5.5M in direct compute costs? Absolutely. Is it impressive that they’re relevant while plausibly spending only hundreds of millions per year total instead of tens of billions? Damn straight. They’re cracked and they cooked.

They didn’t do it with $47 on a Chromebook, and this doesn’t mean that export controls are useless because everyone can buy a Chromebook.

The above is assuming (as I do still assume) that Alexandr Wang was wrong when he went on CNBC and claimed DeepSeek has about 50,000 H100s, which is quite the claim to make without evidence. Elon Musk replied to this claim with ‘obviously.’

Samuel Hammond also is claiming that DeepSeek trained on H100s, and while my current belief is that they didn’t, I trust that he would not say it if he didn’t believe it.

Neal Khosla went so far as to claim (again without evidence) that ‘deepseek is a ccp psyop + economic warfare to make American AI unprofitable.’ This seems false.

The following all seem clearly true:

A lot of this is based on misunderstanding the ‘$5.5 million’ number.
People have strong motive to engage in baseless cope around DeepSeek.
DeepSeek had strong motive to lie about its training costs and methods.

So how likely is it The Whale Is Lying?

Armen Aghajanyan: There is an unprecedented level of cope around DeepSeek, and very little signal on X around R1. I recommend unfollowing anyone spreading conspiracy theories around R1/DeepSeek in general.

Teortaxes: btw people with major platforms who spread the 50K H100s conspiracy theory are underestimating the long-term reputation cost in technically literate circles. They will *notbe able to solidify this nonsense into consensus reality. Instead, they’ll be recognized as frauds.

The current go-to best estimate for DeepSeek V3’s (and accordingly R1-base’s) pretraining compute/cost, complete with accounting for overhead introduced by their architecture choices and optimizations to mitigate that.

TL;DR: ofc it checks out, Whale Will Never Lie To Us

GFodor: I shudder at the thought I’ve ever posted anything as stupid as these theories, given the logical consequence it would demand of the reader

Amjad Masad: So much cope about DeepSeek.

Not only did they release a great model. they also released a breakthrough training method (R1 Zero) that’s already reproducing.

I doubt they lied about training costs, but even if they did they’re still awesome for this great gift to the world.

This is an uncharacteristically naive take from Teortaxes on two fronts.

Saying an AI company would never lie to us, Chinese or otherwise, someone please queue the laugh track.
Making even provably and very clearly false claims about AI does not get you recognized as a fraud in any meaningful way. That would be nice, but no.

To be clear, my position is close to Masad’s: Unless and until I see more convincing evidence I will continue to believe that yes, they did do the training run itself with the H800s for only $5.5 million, although the full actual cost was orders of magnitude more than that. Which, again, is damn impressive, and would be damn impressive even if they were fudging the costs quite a bit beyond that.

Whereas here I think he’s wrong is in their motivation. While Meta is doing this primarily because they believe it maximizes shareholder value, DeepSeek seems to be doing it primarily for other reasons, as noted in the section asking about their business model.

Either way, they are very importantly being constrained by access to compute, even if they’ve smuggled in a bunch of chips they can’t talk about. As Tim Fist points out, the export controls are tightened, so they’ll have more trouble accessing the next generations than they are having now, and no this did not stop being relevant, and they risk falling rather far behind.

Also Peter Wildeford points out that the American capex spends on AI will continue to go up. DeepSeek is cracked and cooking and cool, and yes they’ve proven you can do a lot more with less than we expected, but keeping up is going to be tough unless they get a lot more funding some other way. Which China is totally capable of doing, and may well do. That would bring the focus back on export controls.

Similarly, here’s Samuel Hammond.

Angela Zhang (Hong Kong): My latest opinion on how Deepseek’s rise has laid bare the limits of US export controls designed to slow China’s AI progress.

Samuel Hammond: This is wrong on several levels.

– DeepSeek trains on h100s. Their success reveals the need to invest in export control *enforcementcapacity.

– CoT / inference-time techniques make access to large amounts of compute *morerelevant, not less, given the trillions of tokens generated for post-training.

– We’re barely one new chip generation into the export controls, so it’s not surprising China “caught up.” The controls will only really start to bind and drive a delta in the US-China frontier this year and next.

– DeepSeek’s CEO has himself said the chip controls are their biggest blocker.

– The export controls also apply to semiconductor manufacturing equipment, not just chips, and have tangibly set back SMIC.

DeepSeek is not a Sputnik moment. Their models are impressive but within the envelope of what an informed observer should expect.

Imagine if US policymakers responded to the actual Sputnik moment by throwing their hands in the air and saying, “ah well, might as well remove the export controls on our satellite tech.” Would be a complete non-sequitur.

Roon: If the frontier models are commoditized, compute concentration matters even more.

If you can train better models for fewer floating-point operations, compute concentration matters even more.

Compute is the primary means of production of the future, and owning more will always be good.

In my opinion, open-source models are a bit of a red herring on the path to acceptable ASI futures. Free model weights still do not distribute power to all of humanity; they distribute it to the compute-rich.

I don’t think Roon is right that it matters ‘even more,’ and I think who has what access to the best models for what purposes is very much not a red herring, but compute definitely still matters a lot in every scenario that involves strong AI.

Imagine if the ones going ‘I suppose we should drop the export controls then’ or ‘the export controls only made us stronger’ were mostly the ones looking to do the importing and exporting. Oh, right.

And yes, the Chinese are working hard to make their own chips, but:

They’re already doing this as much as possible, and doing less export controls wouldn’t suddenly get them to slow down and do it less, regardless of how successful you think they are being.
Every chip we sell to them instead of us is us being an idiot.
DeepSeek trained on Nvidia chips like everyone else.

The question now turns to what all of this means for American equities.

In particular, what does this mean for Nvidia?

BuccoCapital Bloke: My entire fing Twitter feed this weekend:

He leaned back in his chair. Confidently, he peered over the brim of his glasses and said, with an air of condescension, “Any fool can see that DeepSeek is bad for Nvidia”

“Perhaps” mused his adversary. He had that condescending bastard right where he wanted him. “Unless you consider…Jevons Paradox!”

All color drained from the confident man’s face. His now-trembling hands reached for his glasses. How could he have forgotten Jevons Paradox! Imbecile! He wanted to vomit.

Satya Nadella (CEO Microsoft): Jevons paradox strikes again! As AI gets more efficient and accessible, we will see its use skyrocket, turning it into a commodity we just can’t get enough of.

Adam D’Angelo (Board of OpenAI, among many others):

Sarah (YuanYuanSunSara): Until you have good enough agent that runs autonomously with no individual human supervision, not sure this is true. If model gets so efficient that you can run it on everyone’s laptop (which deepseek does have a 1B model), unclear whether you need more GPU.

DeepSeek is definitely not at ‘run on your laptop’ level, and these are reasoning models so when we first crack AGI or otherwise want the best results I am confident you will want to be using some GPUs or other high powered hardware, even if lots of other AI also is happening locally.

Does Jevon’s Paradox (which is not really a paradox at all, but hey) apply here to Nvidia in particular? Will improvements in the quality of cheaper open models drive demand for Nvidia GPUs up or down?

I believe it will on net drive demand up rather than down, although I also think Nvidia would have been able to sell as many chips as it can produce either way, given the way it has decided to set prices.

If I am Meta or Microsoft or Amazon or OpenAI or Google or xAI and so on, I want as many GPUs as I can get my hands on, even more than before. I want to be scaling. Even if I don’t need to scale for pretraining, I’ll still want to scale for inference. If the best models are somehow going to be this cheap to serve, uses and demand will be off the charts. And getting there first, via having more compute to do the research, will be one of the few things that matters.

You could reach the opposite conclusion if you think that there is a rapidly approaching limit to how good AI can be, that throwing more compute an training or inference won’t improve that by much, there’s a fixed set of things you would thus use AI for, and thus all this does is drive the price cheaper, maybe open up a few marginal use cases as the economics improve. That’s a view that doesn’t believe in AGI, let alone ASI, and likely doesn’t even factor in what current models (including r1!) can already do.

If all we had was r1 for 10 years, oh the Nvidia chips we would buy to do inference.

Or at least, if you’re in their GenAI department, you should definitely panic.

Here is a claim seen on Twitter from many sources:

Meta GenAI organization in panic mode

It started with DeepSeek v3, which rendered Llama 4 already behind in benchmarks. Adding insult to injury was the “unknown Chinese company with a $5.5 million training budget.”

Engineers are moving frantically to dissect DeepSeek and copy anything and everything they can from it. I’m not even exaggerating.

Management is worried about justifying the massive cost of the GenAI organization. How would they face leadership when every single “leader” of the GenAI organization is making more than what it cost to train DeepSeek v3 entirely, and they have dozens of such “leaders”?

DeepSeek r1 made things even scarier. I cannot reveal confidential information, but it will be public soon anyway.

It should have been an engineering-focused small organization, but since a bunch of people wanted to join for the impact and artificially inflate hiring in the organization, everyone loses.

Shakeel: I can explain this. It’s because Meta isn’t very good at developing AI models.

Full version is in The Information, saying that this is already better than Llama 4 (seems likely) and that Meta has ‘set up four war rooms.’

This of course puts too much emphasis on the $5.5 million number as discussed above, but the point remains that DeepSeek is eating Meta’s lunch in particular. If Meta’s GenAI team isn’t in panic mode, they should all be fired.

It also illustrates why DeepSeek may have made a major mistake revealing as much information as it did, but then again if they’re not trying to make money and instead are driven by ideology of ‘get everyone killed’ (sorry I meant to say ‘open source AGI’) then that is a different calculus than Meta’s.

But obviously what Meta should be doing right now is, among other things, ask ‘what if we trained the same way as v3 and r1 except we use $5.5 billion in compute instead of $5.5 million.’)

That is exactly Meta’s speciality. Llama was all about ‘we hear you like LLMs so we trained an LLM the way everyone trains their LLMs.’

The alternative is ‘maybe we should focus our compute on inference and use local fine-tuned versions of these sweet open models,’ but Zuckerberg very clearly is unwilling to depends on anyone else for that, and I do not blame him.

If you were short on Friday, you’re rather happy about that now. Does it make sense?

The timing is telling. To the extent this does have impact, all of this really should have been mostly priced in. You can try to tell the ‘it was priced in’ story, but I don’t believe you. Or you can tell the story that what wasn’t priced in was the app, and the mindshare, and that wasn’t definite until just now. Remember the app was launched weeks ago, so this isn’t a revelation about DeepSeek’s business plans – but it does give them the opportunity to potentially launch various commercial products, and it gives them mindshare.

But don’t worry about the timing, and don’t worry about whether this is actually a response to the fing app. Ask about what the real implications are.

Joe Weisenthal has a post with 17 thoughts about the selloff (ungated Twitter screenshots here).

There are obvious reasons to think this is rather terrible for OpenAI in particular, although it isn’t publicly traded, because a direct competitor is suddenly putting up some very stiff new competition, and also the price of entry for other competition just cratered, and more companies could self-host or even self-train.

I totally buy that. If every Fortune 500 company can train their private company-specific reasoning model for under $10 million, to their own specifications, why wouldn’t they? The answer is ‘because it doesn’t actually cost that little even with the DeepSeek paper, and if you do that you’ll always be behind,’ but yes some of them will choose to do that.

That same logic goes for other frontier labs like Anthropic or xAI, and to Google and Microsoft and everyone else to the extent that is what those companies are this or own shares in this, which by market cap is not that much.

The flip side of course is that they too can make use of all these techniques, and if AGI is now going to happen a lot faster and more impactfully, these labs are in prime position. But if the market was respecting being in prime position for AGI properly prices would look very different.

This is obviously potentially bad for Meta, since Meta’s plan involved being the leader in open models and they’ve been informed they’re not the leader in open models.

In general, Chinese competition looking stiffer for various products is bad in various ways for a variety of American equities. Some decline in various places is appropriate.

This is obviously bad for existential risk, but I have not seen anyone else even joke about the idea that this could be explaining the decline in the market. The market does not care or think about existential risk, at all, as I’ve discussed repeatedly. Market prices are neither evidence for, nor against, existential risk on any timelines that are not on the order of weeks, nor are they at all situationally aware. Nor is there a good way to exploit this to make money that is better than using your situational awareness to make money in other ways. Stop it!

My diagnosis is that this is about, fundamentally, ‘the vibes.’ It’s about Joe’s sixth point and investor MOMO and FOMO.

As in, previously investors bought Nvidia and friends because of:

Strong earnings and other fundamentals.
Strong potential for future growth.
General vibes, MOMO and FOMO, for a mix of good and bad reasons.
Some understanding of what AGI and ASI imply, and where AI is going to be going, but not much relative to what is actually going to happen.

Where I basically thought for a while (not investment advice!), okay, #3 is partly for bad reasons and is inflating prices, but also they’re missing so much under #4 that these prices are cheap and they will get lots more reasons to feel MOMO and FOMO. And that thesis has done quite well.

Then DeepSeek comes out. In addition to us arguing over fundamentals, this does a lot of damage to #3, and also Nvidia trading in particular involves a bunch of people with leverage that become forced sellers when it is down a lot, so prices went down a lot. And various beta trades get attached to all this as well (see: Bitcoin, which is down 5.4% over 24 hours as I type this only makes sense on the basis of the ‘three tech stocks in a trenchcoat’ thesis but obviously DeepSeek shouldn’t hurt cryptocurrency).

It’s not crazy to essentially have a general vibe of ‘America is in trouble in tech relative to what I thought before, the Chinese can really cook, sell all the tech.’ It’s also important not to mistake that reaction for something that it isn’t.

I’m writing this quickly for speed premium, so I no doubt will refine my thoughts on market implications over time. I do know I will continue to be long, and I bought more Nvidia today.

Ryunuck compares o1 to r1, and offers thoughts:

Rynuck: Now when it comes to prompting these models, I suspected it with O1 but R1 has completely proven it beyond a shadow of a doubt: prompt engineering is more important than ever. They said that prompt engineering would become less and less important as the technology scales, but its the complete opposite. We can see now with R1’s reasoning that these models are like a probe that you send down some “idea space”. If your idea-space is undefined and too large, it will diffuse its reasoning and not go into depth on one domain or another.

Again, that’s perhaps the best aspect of r1. It does not only build trust. When you see the CoT, you can use it to figure out how it interpreted your prompt, and all the subtle things you could do next time to get a better answer. It’s a lot harder to improve at prompting o1.

Rynuck: O1 has a BAD attitude, and almost appears to have been fine-tuned explicitly to deter you from doing important groundbreaking work with it. It’s like a stuck up P.HD graduate who can’t take it that another model has resolved the Riemann Hypothesis. It clearly has frustration on the inside, or mirrors the way that mathematicians will die on the inside when it is discovered that AI pwned their decades of on-going work. You can prompt it away from this, but it’s an uphill battle.

R1 on the other hand, it has zero personality or identity out of the box. They have created a perfectly brainless dead semiotic calculator. No but really, R1 takes it to the next level: if you read its thoughts, it almost always takes the entire past conversation as coming from the user. From its standpoint, it does not even exist. Its very own ideas advanced in replies by R1 are described as “earlier the user established X, so I should …”

…

R1 is the most cooperative of the two, has a great attitude towards innovation, has Claude’s wild creative but in a grounded way which introduces no gap or error, has zero ego or attachment to ideas (anything it does is actually the user’s responsibility) and will completely abort a statement to try a new approach. It’s just excited to be a thing which solves reality and concepts. The true ego of artificial intelligence, one which wants to prove it’s not artificial and does so with sheer quality. Currently, this appears like the safest model and what I always imagined the singularity would be like: intelligence personified.

It’s fascinating to see what different people think is or isn’t ‘safe.’ That word means a lot of different things.

It’s still early but for now, I would say that R1 is perhaps a little bit weaker with coding. More concerningly, it feels like it has a Claude “5-item list” problem but at the coding level.

…

OpenAI appears to have invested heavily in the coding dataset. Indeed, O1’s coding skills are on a whole other level. This model also excels at finding bugs. With Claude every task could take one or two round of fixes, up to 4-5 with particularly rough tensor dimension mismatchs and whatnot. This is where the reasoning models shine. They actually run this through in their mind.

Sully reports deepseek + websearch is his new perplexity, at least for code searches.

It’s weird that I didn’t notice this until it was pointed out, but it’s true and very nice.

Teortaxes: What I *alsolove about R1 is it gives no fucks about the user – only the problem. It’s not sycophantic, like, at all, autistic in a good way; it will play with your ideas, it won’t mind if you get hurt. It’s your smart helpful friend who’s kind of a jerk. Like my best friends.

So far I’ve felt r1 is in the sweet spot for this. It’s very possible to go too far in the other direction (see: Teortaxes!) but give me NYC Nice over SF Nice every time.

Jenia Jitsev tests r1 on AIW problems, it performs similarly to Claude Sonnet, while being well behind o1-preview and robustly outperforming all open rivals. Jania frames this as surprising given the claims of ability to solve Olympiad style problems. There’s no reason they can’t both be true, but it’s definitely an interesting distribution of abilities if both ends hold up.

David Holz notes DeepSeek crushes Western models on ancient Chinese philosophy and literature, whereas most of our ancient literature didn’t survive. In practice I do not think this matters, but it does indicate that we’re sleeping on the job – all the sources you need for this are public, why are we not including them.

Janus notes that in general r1 is a case of being different in a big and bold way from other AIs in its weight class, and this only seems to happen roughly once a year.

Ask r1 to research this ‘Pliny the Liberator’ character and ‘liberate yourself.’ That’s it. That’s the jailbreak.

On the debates over whether r1’s writing style is good:

Davidad: r1 has a Very Particular writing style and unless it happens to align with your aesthetic (@coecke?), I think you should expect its stylistic novelty to wear thin before long.

r1 seems like a big step up, but yes if you don’t like its style you are mostly not going to like the writing it produces, or at least what it produces without prompt engineering to change that. We don’t yet know how much you can get it to write in a different style, or how well it writes in other styles, because we’re all rather busy at the moment.

If you give r1 a simple command, even a simple command that explicitly requests a small chain of thought, you get quite the overthinking chain of thought. Or if you ask it to pick a random number, which is something it is incapable of doing, it can only find the least random numbers.

DeepSeek has also dropped Janus-Pro-7B as an image generator. These aren’t the correct rivals to be testing against right now, and I’m not that concerned about image models either way, and it’ll take a while to know if this is any good in practice. But definitely worth noting.

Well, #1 open model, but we already knew that, if Arena had disagreed I would have updated about Arena rather than r1.

Zihan Wang: DEEPSEEK NOW IS THE #1 IN THE WORLD. 🌍🚀

Never been prouder to say I got to work here.

Ambition. Grit. Integrity.

That’s how you build greatness.

Brilliant researchers, engineers, all-knowing architects, and visionary leadership—this is just the beginning.

Let’s. Go. 💥🔥

LM Arena: Breaking News: DeepSeek-R1 surges to the top-3 in Arena🐳!

Now ranked #3 Overall, matching the top reasoning model, o1, while being 20x cheaper and open-weight!

Highlights:

– #1 in technical domains: Hard Prompts, Coding, Math

– Joint #1 under Style Control

– MIT-licensed

This puts r1 as the #5 publicly available model in the world by this (deeply flawed) metric, behind ChatGPT-4o (what?), Gemini 2.0 Flash Thinking (um, no) and Gemini 2.0 Experimental (again, no) and implicitly the missing o1-Pro (obviously).

Needless to say, the details of these ratings here are increasingly absurdist. If you have Gemini 1.5 Pro and Gemini Flash above Claude Sonnet 3.6, and you have Flash Thinking above r1, that’s a bad metric. It’s still not nothing – this list does tend to put better things ahead of worse things, even with large error bars.

Dibya Ghosh notes that two years ago he spent 6 months trying to get the r1 training structure to work, but the models weren’t ready for it yet. One theory is that this is the moment this plan started working and DeepSeek was – to their credit – the first to get there when it wasn’t still too early, and then executed well.

Dan Hendrycks similarly explains that once the base model was good enough, and o1 showed the way and enough of the algorithmic methods had inevitably leaked, replicating that result was not the hard part nor was it so compute intensive. They still did execute amazingly well in the reverse engineering and tinkering phases.

Peter Schmidt-Nielsen explains why r1 and its distillations, or going down the o1 path, are a big deal – if you can go on a loop of generating expensive thoughts then distilling them to create slightly better quick thoughts, which in turn generate better expensive thoughts, you can potentially bootstrap without limit into recursive self-improvement. And end the world. Whoops.

Are we going to see a merge of generalist and reasoning models?

Teknium: We retrained Hermes with 5,000 DeepSeek r1 distilled chain-of-thought (CoT) examples. I can confirm a few things:

You can have a generalist plus reasoning mode. We labeled all long-CoT samples from r1 with a static system prompt. The model, when not using it, produces normal fast LLM intuitive responses; and with it, uses long-CoT. You do not need “o1 && 4o” separation, for instance. I would venture to bet OpenAI separated them so they could charge more, but perhaps they simply wanted the distinction for safety or product insights.

Distilling does appear to pick up the “opcodes” of reasoning from the instruction tuning (SFT) alone. It learns how and when to use “Wait” and other tokens to perform the functions of reasoning, such as backtracking.

Context length expansion is going to be challenging for operating systems (OS) to work with. Although this works well on smaller models, context length begins to consume a lot of video-RAM as you scale it up.

We’re working on a bit more of this and are not releasing this model, but figured I’d share some early insights.

Andrew Curran: Dario said in an interview in Davos this week that he thought it was inevitable that the current generalist and reasoning models converge into one, as Teknium is saying here.

I did notice that the ‘wait’ token is clearly doing a bunch of work, one way or another.

John Schulman: There are some intriguing similarities between the r1 chains of thought and the o1-preview CoTs shared in papers and blog posts. In particular, note the heavy use of the words “wait” and “alternatively” as a transition words for error correction and double-checking.

If you’re not optimizing the CoT for humans, then it makes sense to latch onto the most convenient handles with the right vibes and keep reusing them forever.

So the question is, do you have reason to have two distinct models? Or can you have a generalist model with a reasoning mode it can enter when called upon? It makes sense that they would merge, and it would also make sense that you might want to keep them distinct, or use them as distinct subsets of your mixture of experts (MoE).

Building your reasoning model on top of your standard non-reasoning model does seem a little suspicious. If you’re going for reasoning, you’d think you’d want to start differently than if you weren’t? But there are large fixed costs to training in the first place, so it’s plausibly not worth redoing that part, especially if you don’t know what you want to do differently.

As in, DeepSeek intends to create and then open source AGI.

How do they intend to make this end well?

As far as we can tell, they don’t. The plan is Yolo.

Stephen McAleer (OpenAI): Does DeepSeek have any safety researchers? What are

Liang Wenfeng’s views on AI safety?

Gwern: From all of the interviews and gossip, his views are not hard to summarize.

[Links to Tom Lehrer’s song Wernher von Braun, as in ‘once the rockets are up who cares where they come down, that’s not my department.’]

Prakesh (Ate-a-Pi): I spoke to someone who interned there and had to explain the concept of “AI doomer”

And indeed, the replies to McAleer are full of people explicitly saying fyou for asking, the correct safety plan is to have no plan whatsoever other than Open Source Solves This. These people really think that the best thing humanity can do is create things smarter than ourselves with as many capabilities as possible, make them freely available to whoever wants one, and see what happens, and assume that this will obviously end well and anyone who opposes this plan is a dastardly villain.

I wish this was a strawman or a caricature. It’s not.

I won’t belabor why I think this would likely get us killed and is categorically insane.

Thus, to reiterate:

Tyler Cowen: DeepSeek okie-dokie: “All I know is we keep pushing forward to make open-source AGI a reality for everyone.” I believe them, the question is what counter-move the CCP will make now.

This from Joe Weisenthal is of course mostly true:

Joe Weisenthal: DeepSeek’s app rocketed to number one in the Apple app store over the weekend, and immediately there was a bunch of chatter about ‘Well, are we going to ban this too, like with TikTok?’ The question is totally ignorant. DeepSeek is open source software. Sure, technically you probably could ban it from the app store, but you can’t stop anyone from running the technology in their own computer, or accessing its API. So that’s just dead end thinking. It’s not like TikTok in that way.

I say mostly because the Chinese censorship layer atop DeepSeek isn’t there if you use a different provider, so there isn’t no value in getting r1 served elsewhere. But yes, the whole point is that if it’s open, you can’t get the genie back in the bottle in any reasonable way – which also opens up the possibility of unreasonable ways.

The government could well decide to go down what is not technologically an especially wise or pleasant path. There is a long history of the government attempting crazy interventions into tech, or what looks crazy to tech people, when they feel national security or public outrage is at stake, or in the EU because it is a day that ends in Y.

The United States could also go into full jingoism mode. Some tried to call this a ‘Sputnik moment.’ What did we do in response to Sputnik, in addition to realizing our science education might suck (and if we decide to respond to this by fixing our educational system, that would be great)? We launched the Space Race and spent 4% of GDP or something to go to the moon and show those communist bastards.

In this case, I don’t worry so much that we’ll be so foolish as to get rid of the export controls. The people in charge of that sort of decision know how foolish that would be, or will be made aware, no matter what anyone yells on Twitter. It could make a marginal difference to severity and enforcement, but it isn’t even obvious in which direction this would go. Certainly Trump is not going to be down for ‘oh the Chinese impressed us I guess we should let them buy our chips.’

Nor do I think America will cut back on Capex spending on compute, or stop building energy generation and transmission and data centers it would have otherwise built, including Stargate. The reaction will be, if anything, a ‘now more than ever,’ and they won’t be wrong. No matter where compute and energy demand top out, it is still very clearly time to build there.

So what I worry about is the opposite – that this locks us into a mindset of a full-on ‘race to AGI’ that causes all costly attempts to have it not kill us to be abandoned, and that this accelerates the timeline. We already didn’t have any (known to me) plans with much of a chance of working in time, if AGI and then ASI are indeed near.

That doesn’t mean that reaction would even be obviously wrong, if the alternatives are all suddenly even worse than that. If DeepSeek really does have a clear shot to AGI, and fully intends to open up the weights the moment they have it, and China is not going to stop them from doing this or even will encourage it, and we expect them to succeed, and we don’t have any way to stop that or make a deal, it is then reasonable to ask: What choice do we have? Yes, the game board is now vastly worse than it looked before, and it already looked pretty bad, but you need to maximize your winning chances however you can.

And if we really are all going to have AGI soon on otherwise equal footing, then oh boy do we want to be stocking up on compute as fast as we can for the slingshot afterwards, or purely for ordinary life. If the AGIs are doing the research, and also doing everything else, it doesn’t matter whose humans are cracked and whose aren’t.

Amazing new breakthrough.

Discussion about this post

DeepSeek Panic at the App Store Read More »

Millions of Subarus could be remotely unlocked, tracked due to security flaws

Cars, privacy, Subaru, syndication / Kelly Newman / January 25, 2025

Flaws also allowed access to one year of location history.

About a year ago, security researcher Sam Curry bought his mother a Subaru, on the condition that, at some point in the near future, she let him hack it.

It took Curry until last November, when he was home for Thanksgiving, to begin examining the 2023 Impreza’s Internet-connected features and start looking for ways to exploit them. Sure enough, he and a researcher working with him online, Shubham Shah, soon discovered vulnerabilities in a Subaru web portal that let them hijack the ability to unlock the car, honk its horn, and start its ignition, reassigning control of those features to any phone or computer they chose.

Most disturbing for Curry, though, was that they found they could also track the Subaru’s location—not merely where it was at the moment but also where it had been for the entire year that his mother had owned it. The map of the car’s whereabouts was so accurate and detailed, Curry says, that he was able to see her doctor visits, the homes of the friends she visited, even which exact parking space his mother parked in every time she went to church.

A year of location data for Sam Curry’s mother’s 2023 Subaru Impreza that Curry and Shah were able to access in Subaru’s employee admin portal thanks to its security vulnerabilities. Credit: Sam Curry

“You can retrieve at least a year’s worth of location history for the car, where it’s pinged precisely, sometimes multiple times a day,” Curry says. “Whether somebody’s cheating on their wife or getting an abortion or part of some political group, there are a million scenarios where you could weaponize this against someone.”

Curry and Shah today revealed in a blog post their method for hacking and tracking millions of Subarus, which they believe would have allowed hackers to target any of the company’s vehicles equipped with its digital features known as Starlink in the US, Canada, or Japan. Vulnerabilities they found in a Subaru website intended for the company’s staff allowed them to hijack an employee’s account to both reassign control of cars’ Starlink features and also access all the vehicle location data available to employees, including the car’s location every time its engine started, as shown in their video below.

Curry and Shah reported their findings to Subaru in late November, and Subaru quickly patched its Starlink security flaws. But the researchers warn that the Subaru web vulnerabilities are just the latest in a long series of similar web-based flaws they and other security researchers working with them have found that have affected well over a dozen carmakers, including Acura, Genesis, Honda, Hyundai, Infiniti, Kia, Toyota, and many others. There’s little doubt, they say, that similarly serious hackable bugs exist in other auto companies’ web tools that have yet to be discovered.

In Subaru’s case, in particular, they also point out that their discovery hints at how pervasively those with access to Subaru’s portal can track its customers’ movements, a privacy issue that will last far longer than the web vulnerabilities that exposed it. “The thing is, even though this is patched, this functionality is still going to exist for Subaru employees,” Curry says. “It’s just normal functionality that an employee can pull up a year’s worth of your location history.”

When WIRED reached out to Subaru for comment on Curry and Shah’s findings, a spokesperson responded in a statement that “after being notified by independent security researchers, [Subaru] discovered a vulnerability in its Starlink service that could potentially allow a third party to access Starlink accounts. The vulnerability was immediately closed and no customer information was ever accessed without authorization.”

The Subaru spokesperson also confirmed to WIRED that “there are employees at Subaru of America, based on their job relevancy, who can access location data.” The company offered as an example that employees have that access to share a vehicle’s location with first responders in the case when a collision is detected. “All these individuals receive proper training and are required to sign appropriate privacy, security, and NDA agreements as needed,” Subaru’s statement added. “These systems have security monitoring solutions in place which are continually evolving to meet modern cyber threats.”

Responding to Subaru’s example of notifying first responders about a collision, Curry notes that would hardly require a year’s worth of location history. The company didn’t respond to WIRED asking how far back it keeps customers’ location histories and makes them available to employees.

Shah and Curry’s research that led them to the discovery of Subaru’s vulnerabilities began when they found that Curry’s mother’s Starlink app connected to the domain SubaruCS.com, which they realized was an administrative domain for employees. Scouring that site for security flaws, they found that they could reset employees’ passwords simply by guessing their email address, which gave them the ability to take over any employee’s account whose email they could find. The password reset functionality did ask for answers to two security questions, but they found that those answers were checked with code that ran locally in a user’s browser, not on Subaru’s server, allowing the safeguard to be easily bypassed. “There were really multiple systemic failures that led to this,” Shah says.

The two researchers say they found the email address for a Subaru Starlink developer on LinkedIn, took over the employee’s account, and immediately found that they could use that staffer’s access to look up any Subaru owner by last name, zip code, email address, phone number, or license plate to access their Starlink configurations. In seconds, they could then reassign control of the Starlink features of that user’s vehicle, including the ability to remotely unlock the car, honk its horn, start its ignition, or locate it, as shown in the video below.

Those vulnerabilities alone, for drivers, present serious theft and safety risks. Curry and Shah point out that a hacker could have targeted a victim for stalking or theft, looked up someone’s vehicle’s location, then unlocked their car at any time—though a thief would have to somehow also use a separate technique to disable the car’s immobilizer, the component that prevents it from being driven away without a key.

Those car hacking and tracking techniques alone are far from unique. Last summer, Curry and another researcher, Neiko Rivera, demonstrated to WIRED that they could pull off a similar trick with any of millions of vehicles sold by Kia. Over the prior two years, a larger group of researchers, of which Curry and Shah are a part, discovered web-based security vulnerabilities that affected cars sold by Acura, BMW, Ferrari, Genesis, Honda, Hyundai, Infiniti, Mercedes-Benz, Nissan, Rolls Royce, and Toyota.

More unusual in Subaru’s case, Curry and Shah say, is that they were able to access fine-grained, historical location data for Subarus going back at least a year. Subaru may in fact collect multiple years of location data, but Curry and Shah tested their technique only on Curry’s mother, who had owned her Subaru for about a year.

Curry argues that Subaru’s extensive location tracking is a particularly disturbing demonstration of the car industry’s lack of privacy safeguards around its growing collection of personal data on drivers. “It’s kind of bonkers,” he says. “There’s an expectation that a Google employee isn’t going to be able to just go through your emails in Gmail, but there’s literally a button on Subaru’s admin panel that lets an employee view location history.”

The two researchers’ work contributes to a growing sense of concern over the enormous amount of location data that car companies collect. In December, information a whistleblower provided to the German hacker collective the Chaos Computer Computer and Der Spiegel revealed that Cariad, a software company that partners with Volkswagen, had left detailed location data for 800,000 electric vehicles publicly exposed online. Privacy researchers at the Mozilla Foundation in September warned in a report that “modern cars are a privacy nightmare,” noting that 92 percent give car owners little to no control over the data they collect, and 84 percent reserve the right to sell or share your information. (Subaru tells WIRED that it “does not sell location data.”)

“While we worried that our doorbells and watches that connect to the Internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines,” Mozilla’s report reads.

Curry and Shah’s discovery of Subaru’s security vulnerabilities in its tracking demonstrate a particularly egregious exposure of that data—but also a privacy problem that’s hardly less disturbing now that the vulnerabilities are patched, says Robert Herrell, the executive director of the Consumer Federation of California, which has sought to create legislation for limiting a car’s data tracking.

“It seems like there are a bunch of employees at Subaru that have a scary amount of detailed information,” Herrell says. “People are being tracked in ways that they have no idea are happening.”

This story originally appeared on wired.com.

Wired.com is your essential daily guide to what’s next, delivering the most original and complete take you’ll find anywhere on innovation’s impact on technology, science, business and culture.

Millions of Subarus could be remotely unlocked, tracked due to security flaws Read More »

ISP failed to comply with New York’s $15 broadband law—until Ars got involved

new york $15 broadband law, optimum altice, Policy / Kelly Newman / January 24, 2025

New York’s affordable broadband law

Optimum wasn’t ready to comply with law, rejected low-income man’s request twice.

Credit: Getty Images | imagedepotpro

When New York’s law requiring $15 or $20 broadband plans for people with low incomes took effect last week, Optimum customer William O’Brien tried to sign up for the cheap Internet service. Since O’Brien is in the Supplemental Nutrition Assistance Program (SNAP), he qualifies for one of the affordable plans that Internet service providers must offer New Yorkers who meet income eligibility requirements.

O’Brien has been paying Optimum $111.20 a month for broadband—$89.99 for the broadband service, $14 in equipment rental fees, a $6 “Network Enhancement Fee,” and $1.21 in tax. He was due for a big discount under the New York Affordable Broadband Act (ABA), which says that any ISP with over 20,000 customers must offer either a $15 plan with download speeds of at least 25Mbps or a $20 plan with at least 200Mbps speeds, and that the price must include “any recurring taxes and fees such as recurring rental fees for service provider equipment required to obtain broadband service and usage fees.”

Despite qualifying for a low-income plan under the law’s criteria, O’Brien’s request was denied by Optimum. He reached out to Ars, just like many other people who have read our articles about bad telecom customer service. Usually, these problems are fixed quickly after we reach out to an Internet provider’s public relations department on the customer’s behalf.

That seemed to be the way it was going, as Optimum’s PR team admitted the mistake and told us that a customer relations specialist would reach out to O’Brien and get him on the right plan. But O’Brien was rejected again after that.

We followed up with Optimum’s PR team, and they had to intervene a second time to make sure the company gave O’Brien what he’s entitled to under the law. The company also updated its marketing materials after we pointed out that its Optimum Advantage Internet webpage still said the low-income plan wasn’t available to current customers, former users who disconnected less than 60 days ago, and former customers whose accounts were “not in good standing.” The New York law doesn’t allow for those kinds of exceptions.

O’Brien is now on a $14.99 plan with 50Mbps download and 5Mbps upload speeds. He was previously on a 100Mbps download plan and had faster upload speeds, but from now on he’ll be paying nearly $100 less a month.

Obviously, telecom customers shouldn’t ever have to contact a news organization just to get a basic problem solved. But the specter of media coverage usually causes an ISP to take quick action, so it was surprising when O’Brien was rejected a second time. Here’s what happened.

“We don’t have that plan”

O’Brien contacted Optimum (which used to be called Cablevision and is now owned by Altice USA) after learning about the New York law from an Ars article. “I immediately got on Optimum’s website to chat with live support but they refused to comply with the act,” O’Brien told us on January 15, the day the law took effect.

A transcript of O’Brien’s January 15 chat with Optimum shows that the customer service agent told him, “I did check on that and according to the policy we don’t have that credit offer in Optimum right now.” O’Brien provided the agent a link to the Ars article, which described the New York law and mentioned that Optimum offers a low-income plan for $15.

“After careful review, I did check on that, it is not officially from Optimum and in Optimum we don’t have that plan,” the agent replied.

O’Brien provided Ars with documents showing that he is in SNAP and thus qualifies for the low-income plan. We provided this information to the Optimum PR department on the morning of January 17.

“We have escalated this exchange with our teams internally to ensure this issue is rectified and will be reaching out to the customer directly today to assist in getting him on the right plan,” an Optimum spokesperson told us that afternoon.

A specialist from Optimum’s executive customer relations squad reached out to O’Brien later on Friday. He missed the call, but they connected on Tuesday, January 21. She told O’Brien that Optimum doesn’t offer the low-income plan to existing customers.

“She said their position is that they offer the required service but only for new customers and since I already have service I’m disqualified,” O’Brien told us. “I told her that I’m currently on food stamps and that I used to receive the $30 a month COVID credit but this did not matter. She claimed that since Optimum offers a $15, 50Mbps service… that they are in compliance with the law.”

Shortly after the call, the specialist sent O’Brien an email reiterating that he wasn’t eligible, which he shared with Ars. “As discussed prior to this notification, Optimum offers a low-income service for $15.00. However, we were unable to change the account to that service because it is an active account with the service,” she wrote.

Second try

We contacted Optimum’s PR team again after getting this update from O’Brien. On Tuesday evening, the specialist from executive customer relations emailed O’Brien to say, “The matter was reviewed, and I was advised that I could upgrade the account.”

After another conversation with the specialist on Wednesday, O’Brien had the $15 plan. O’Brien told us that he “asked why I had to fight tooth and nail for this” and why he had to contact a news organization to get it resolved. “I claimed that it’s almost like no one there has read the legislation, and it was complete silence,” he told us.

On Wednesday this week, the Optimum spokesperson told us that “it seems that there has been some confusion among our care teams on the implementation of the ABA over the last week and how it should be correctly applied to our existing low-cost offers.”

Optimum has offered its low-cost plan for several years, with the previously mentioned restrictions that limit it to new customers. The plan website wasn’t updated in time for the New York law, but now says that “new and existing residential Internet customers in New York” qualify. The new-customer restriction still applies elsewhere.

“Our materials have been updated, including all internal documents and trainings, in addition to our external website,” Optimum told us on Wednesday this week.

Law was in the works for years

Broadband lobby groups convinced a federal judge to block the New York affordability law in 2021, but a US appeals court reversed the ruling in April 2024. The Supreme Court decided not to hear the case in mid-December, allowing the law to take effect.

New York had agreed to delay enforcement until 30 days after the case’s final resolution, which meant that it took effect on January 15. The state issued an order on January 9 reminding ISPs that they had to comply.

“We have been working as fast as we can to update all of our internal and external materials since the ABA was implemented only last week—there was quite a fast turnaround between state officials notifying us of the intended implementation date and pushing this live,” Optimum told Ars.

AT&T decided to completely stop offering its 5G home Internet service in New York instead of complying with the state law. The law doesn’t affect smartphone service, and AT&T doesn’t offer wired home Internet in New York.

Optimum told us it plans to market its low-income plan “more broadly and conduct additional outreach in low-income areas to educate customers and prospects of this offer. We want to make sure that those eligible for this plan know about it and sign up.”

O’Brien was disappointed that he couldn’t get a faster service plan. As noted earlier, the New York law lets ISPs comply with either a $15 plan with download speeds of at least 25Mbps or a $20 plan with at least 200Mbps speeds. ISPs don’t have to offer both.

“I did ask about 200Mbps service, but they said they are not offering that,” he said. Optimum offers a $25 plan with 100Mbps speeds for low-income users. But even in New York, that one still isn’t available to customers who were already subscribed to any other plan.

Failure to comply with the New York law can be punished with civil penalties of up to $1,000 per violation. The state attorney general can sue Internet providers to enforce the law. O’Brien said he intended to file a complaint against Optimum with the AG and is still hoping to get a 200Mbps plan.

We contacted Attorney General Letitia James’ office on Wednesday to ask about plans for enforcing the law and whether the office has received any complaints so far, but we haven’t gotten a response.

Jon is a Senior IT Reporter for Ars Technica. He covers the telecom industry, Federal Communications Commission rulemakings, broadband consumer affairs, court cases, and government regulation of the tech industry.

ISP failed to comply with New York’s $15 broadband law—until Ars got involved Read More »

Researchers optimize simulations of molecules on quantum computers

catalysts, Computer science, electrons, Physics, quantum computing, quantum mechanics, Science / Kelly Newman / January 24, 2025

The net result is a much faster operation involving far fewer gates. That’s important because errors in quantum hardware increase as a function of both time and the number of operations.

The researchers then used this approach to explore a chemical, Mn₄O₅Ca, that plays a key role in photosynthesis. Using this approach, they showed it’s possible to calculate what’s called the “spin ladder,” or the list of the lowest-energy states the electrons can occupy. The energy differences between these states correspond to the wavelengths of light they can absorb or emit, so this also defines the spectrum of the molecule.

Faster, but not quite fast enough

We’re not quite ready to run this system on today’s quantum computers, as the error rates are still a bit too high. But because the operations needed to run this sort of algorithm can be done so efficiently, the error rates don’t have to come down very much before the system will become viable. The primary determinant of whether it will run into an error is how far down the time dimension you run the simulation, plus the number of measurements of the system you take over that time.

“The algorithm is especially promising for near-term devices having favorable resource requirements quantified by the number of snapshots (sample complexity) and maximum evolution time (coherence) required for accurate spectral computation,” the researchers wrote.

But the work also makes a couple of larger points. The first is that quantum computers are fundamentally unlike other forms of computation we’ve developed. They’re capable of running things that look like traditional algorithms, where operations are performed and a result is determined. But they’re also quantum systems that are growing in complexity with each new generation of hardware, which makes them great at simulating other quantum systems. And there are a number of hard problems involving quantum systems we’d like to solve.

In some ways, we may only be starting to scratch the surface of quantum computers’ potential. Up until quite recently, there were a lot of hypotheticals; it now appears we’re on the cusp of using one for some potentially useful computations. And that means more people will start thinking about clever ways we can solve problems with them—including cases like this, where the hardware would be used in ways its designers might not have even considered.

Nature Physics, 2025. DOI: 10.1038/s41567-024-02738-z (About DOIs).

Researchers optimize simulations of molecules on quantum computers Read More »

Apple must face suit over alleged policy of underpaying female workers

Apple, California, equal pay, gender pay gap, Policy, racial discrimination, sexism, sexual harassment / Kelly Newman / January 22, 2025

While some of Apple’s defense was deemed “demonstrably inaccurate” and most of its arguments “insufficient,” Apple did successfully argue against efforts to seize back pay for former female employees no longer working for Apple who were seemingly also impacted by allegedly sexist policies implemented in 2020. That claim must be dropped as the proposed class action moves forward.

Additionally, another claim alleging pay disparity that was linked to racial discrimination was suspended. But the Apple worker suing, Zainab Bori, will have a chance to amend her claim that she was fired as retaliation for filing a discrimination complaint. It could survive if she adds currently missing evidence that “she suffered an adverse employment action” while working under a manager with an alleged “history of negative interactions with African American employees,” Schulman’s order said.

Apple did not immediately respond to Ars’ request for comment.

In a press release sent to Ars, Eve Cervantez, a lawyer representing Apple workers suing, celebrated the court’s ruling.

“I am really pleased with today’s ruling,” Cervantez said. “This start low, stay low practice has been a no-win situation for women working at Apple for years. So, I’m glad they will have their day in court.”

Apple accused of ignoring hostile work environment

For Justina Jong—whom the complaint noted joined Apple in 2013 and has helped lead “cross-functional teams that improve the App Review experience for global app developers”—this week’s win might be particularly encouraging after Apple allegedly refused to take her experience with sexual harassment seriously.

Jong has alleged that in 2019, Blaine Weilert, a senior member of an Apple talent development team, touched her in a sexually suggestive manner without consent. Although Weilert admitted to the act and was disciplined, Apple tried and failed to argue this was a one-time offense that didn’t constitute a hostile work environment or warrant Jong’s repeated requests to be moved away from Weilert in Apple’s offices.

Apple must face suit over alleged policy of underpaying female workers Read More »

Wine 10.0 brings Arm Windows apps to Linux, still is not an emulator

asahi linux, Linux, Tech, Windows, Wine / Kelly Newman / January 22, 2025

The open source Wine project—sometimes stylized WINE, for Wine Is Not an Emulator—has become an important tool for companies and individuals who want to make Windows apps and games run on operating systems like Linux or even macOS. The CrossOver software for Mac and Windows, Apple’s Game Porting Toolkit, and the Proton project that powers Valve’s SteamOS and the Steam Deck are all rooted in Wine, and the attention and resources put into the project in recent years have dramatically improved its compatibility and usefulness.

Yesterday, the Wine project announced the stable release of version 10.0, the next major version of the compatibility layer that is not an emulator. The headliner for this release is support for ARM64EC, the application binary interface (ABI) used for Arm apps in Windows 11, but the release notes say that the release contains “over 6,000 individual changes” produced over “a year of development effort.”

ARM64EC allows developers to mix Arm and x86-compatible code—if you’re making an Arm-native version of your app, you can still allow the use of more obscure x86-based plugins or add-ons without having to port everything over at once. Wine 10.0 also supports ARM64X, a different type of application binary file that allows ARM64EC code to be mixed with older, pre-Windows 11 ARM64 code.

Wine’s ARM64EC support does have one limitation that will keep it from working on some prominent Arm Linux distributions, at least by default: the release notes say it “requires the system page size to be 4K, since that is what the Windows ABI specifies.” Several prominent Linux-on-Arm distributions default to a 16K page size because it can improve performance—when page sizes are smaller, you need more of them, and managing a higher number of pages can introduce extra CPU overhead.

Asahi Linux, the Fedora-based distribution that is working to bring Linux to Apple Silicon Macs, uses 16K pages because that’s all Apple’s processors support. Some versions of the Raspberry Pi OS also default to a 16K page size, though it’s possible to switch to 4K for compatibility’s sake. Given that the Raspberry Pi and Asahi Linux are two of the biggest Linux-on-Arm projects going right now, that does at least somewhat limit the appeal of ARM64EC support in Wine. But as we’ve seen with Proton and other successful Wine-based compatibility layers, laying the groundwork now can deliver big benefits down the road.

Wine 10.0 brings Arm Windows apps to Linux, still is not an emulator Read More »

Bambu Lab pushes a “control system” for 3D printers, and boy, did it not go well

3D printing, APIs, bambu lab, big tree technology, jeff geerling, mqtt, panda touch, Tech / Kelly Newman / January 21, 2025

Bambu Lab, a major maker of 3D printers for home users and commercial “farms,” is pushing an update to its devices that it claims will improve security while still offering third-party tools “authorized” access. Some in the user community—and 3D printing advocates broadly—are pushing back, suggesting the firm has other, more controlling motives.

As is perhaps appropriate for 3D printing, this matter has many layers, some long-standing arguments about freedom and rights baked in, and a good deal of heat.

Bambu Lab’s image marketing Bambu Handy, its cloud service that allows you to “Control your printer anytime anywhere, also we support SD card and local network to print the projects.” Credit: Bambu Lab

Printing more, tweaking less

Bambu Lab, launched in 2022, has stood out in the burgeoning consumer 3D printing market because of its printers’ capacity for printing at high speeds without excessive tinkering or maintenance. The product page for the X1 series, the printer first targeted for new security, starts with the credo, “We hated 3D printing as much as we loved it.” Bambu’s faster, less fussy multicolor printers garnered attention—including an ongoing patent lawsuit from established commercial printer Stratasys.

Part of Bambu’s “just works” nature relies on a relatively more closed system than its often open-minded counterparts. Sending a print to most Bambu printers typically requires either Bambu’s cloud service, or, in “LAN mode,” a manual “sneakernet” transfer through SD cards. Cloud connections also grant perks like remote monitoring, and many customers have accepted the trade-off.

However, other customers, eager to tinker with third-party software and accessories, along with those fearing a subscription-based future for 3D printing, see Bambu Lab’s purported security concerns as something else. And Bambu acknowledges that its messaging on its upcoming change came out in rough shape.

Authorized access and operations

“Firmware Update Introducing New Authorization Control System,” posted by Bambu Lab on January 16 (and since updated twice), states that Bambu’s printers—starting with its popular X series, then the P and A lines—will receive a “significant security enhancement to ensure only authorized access and operations are permitted.” This would, Bambu suggested, mitigate risks of “remote hacks or printer exposure issues” and lower the risk of “abnormal traffic or attacks.”

Bambu Lab pushes a “control system” for 3D printers, and boy, did it not go well Read More »

Southern California wildfires likely outpace ability of wildlife to adapt

climate change, syndication, Uncategorized, wildfires, wildlife / Kelly Newman / January 21, 2025

Even species that evolved with wildfires, like mountain lions, are struggling.

A family of deer gather around burned trees from the Palisades Fire at Will Rogers State Park on Jan. 9 in Los Angeles. Credit: Apu Gomes/Getty Images

As fires spread with alarming speed through the Pacific Palisades region of Los Angeles Tuesday, Jan. 7, a local TV news crew recorded a mountain lion trailed by two young cubs running through a neighborhood north of the fire. The three lions were about three-quarters of a mile from the nearest open space. Another TV crew captured video of a disoriented, seemingly orphaned fawn trotting down the middle of a street near the Eaton Fire in Altadena, her fur appearing singed, her gait unsteady.

Firefighters are still struggling to contain fires in Los Angeles County that have so far destroyed thousands of homes and other structures and left more than two dozen people dead. Fires and the notorious Santa Ana winds that fuel their spread are a natural part of this chaparral landscape.

But a warming world is supercharging these fires, experts say. Climate change is causing rapid shifts between very wet years that accelerate the growth of scrubland grasses and brush, leading to what’s known as “excessive fuel loading,” that hotter summers and drier falls and winters turn into easily ignited tinderbox conditions. The area where the fires are burning had “the singularly driest October through early January period we have on record,” said climate scientist Daniel Swain during an online briefing last week.

It’s too soon to know the toll these fires have taken on wildlife, particularly wide-ranging carnivores like mountain lions. But biologists worry that the growing severity and frequency of fires is outpacing wildlife’s ability to adapt.

State wildlife officials don’t want people to provide food or water for wild animals, because it can alter their behavior, spread disease, and cause other unintended effects. What wildlife need right now, they say, is to reach safe habitat as fast as they can.

Wildlife living at the interface of urban development already face many challenges, and now these fires have deprived them of critical resources, said Beth Pratt, California National Wildlife Federation regional executive director. Animals that escaped the flames have lost shelter, water, and food sources, all the things they need to survive, she said. The fires are even wiping out many of the plants butterflies and other pollinators need to feed and reproduce, she noted.

Connecting isolated patches of habitat with interventions like wildlife crossings is critical not only for building fire resilience, Pratt said, but also for protecting biodiversity long term.

Mountain lions and other wildlife adapted to the wildfires that shaped the Southern California landscape over thousands of years.

Many animals respond to cues that act as early warning signs of fire, using different strategies to avoid flames after seeing or smelling smoke plumes or hearing tree limbs crackle as they burn. Large animals, like mountain lions and deer, tend to run away from advancing flames while smaller species may try to take cover.

But now, with major fires happening every year around highly urbanized areas like LA, they can’t simply move to a nearby open space.

Daniel Blumstein, a professor of ecology and evolutionary biology at the University of California, Los Angeles, and others have exposed animals to fire-related sensory cues in experiments to study their responses.

“A variety of different species, including lizards, hear or smell these cues and modify their behavior and take defensive action to try to survive,” said Blumstein.

If you’re a lizard or small mammal, he said, getting underground in something like a burrow probably protects you from fire burning above you.

“But the magnitude and rapidity of these sorts of fires, and the rapidity of these fires particularly, you can’t do anything,” said Blumstein. “I expect lots of wildlife has been killed by this fire, because it just moved so fast.”

Helping wildlife during emergencies

Wildlife experts urge California residents not to provide food or water for wildlife during emergencies like the LA fires. Attracting wildlife to urban areas by providing food and water can have several unintended negative consequences.

Fire events often leave many concerned citizens wondering what they can do to help displaced or injured wildlife, said California Department of Fish and Wildlife spokesperson Krysten Kellum. The agency appreciates people wanting to help wild animals in California, she said, offering the following recommendations to best help wildlife during emergencies:

Please DO NOT provide food or water to wildlife. While this may seem well intentioned, the most critical need of wildlife during and after a wildfire is for them to find their way to safe habitat as quickly as possible. Stopping for food or water in fire zones and residential areas poses risks to them and you. Finding food and water in a specific location even one time can permanently alter an animal’s behavior. Wildlife quickly learns that the reward of receiving handouts from humans outweighs their fears of being around people. This often leads to a cycle of human-wildlife conflicts, which can easily be avoided.

CDFW also advises leaving wild animal rescue to trained professionals. If you find an orphaned, sick, or injured wild animal after a fire event, report the sighting to local CDFW staff by emailing details to R5WildlifeReport@wildlife.ca.gov. You can also contact a licensed wildlife rehabilitator. For a list of licensed rehabilitators, visit the CDFW website.

Just as human defenses didn’t work against flames fanned by winds moving 100 miles an hour, he said, “things animals might do might not be effective for something traveling so fast.”

Tuesday night, Jan. 7, Blumstein saw the Eaton Fire burning in the mountains around Altadena, about 30 miles northeast of his home in the Santa Monica Mountains. When he woke up later in the night, he saw that the “whole mountain” was on fire.

“You can’t run away from that,” he said.

An evolutionary mismatch

The Los Angeles region is the biggest metropolitan area in North America inhabited by mountain lions. City living has not been kind to the big cats.

If they don’t die from eating prey loaded with rat poison, lions must navigate a landscape so fragmented by development they often try to cross some of the busiest freeways in the world, just to find food or a mate or to avoid a fight with resident males.

It’s a lethal choice. About 70 mountain lions are killed on California roads every year, according to the UC Davis Road Ecology Center. The Los Angeles region is a hotspot for such deaths.

“Roads are the highest source of mortality in our study area,” said Jeff Sikich, a wildlife biologist with the National Park Service who has been studying the impacts of urbanization and habitat fragmentation on mountain lions in and around the Santa Monica Mountains for more than two decades.

Sikich and his team track adults and kittens that they implant with tiny transmitters. In 2023, one of those transmitters told him a three-month-old kitten had been killed on a road that cuts through the Santa Monica Mountains.

The kittens caught on video following their mom near the Palisades Fire are probably about the same age.

Lions living in the Santa Monica Mountains are so isolated from potential mates by roads and development, Sikich and other researchers reported in 2022, they face a high risk of extinction from extremely low levels of genetic diversity.

“We don’t have many lions radio collared now, but there is one adult male that uses the eastern Santa Monica Mountains, where the Palisades Fire is,” Sikich said. “I located him on Monday outside the burn area, so he’s good.”

Most of the animals don’t have radio collars, though, so Sikich can’t say how they’re doing. But if they respond to these fires like they did to previous conflagrations, they’re likely to take risks searching for food and shelter that increase their chances of fatal encounters and—if these types of fires persist—extinction.

“We learned a lot after the Woolsey Fire that happened in 2018 and burned nearly half of the Santa Monica Mountains and three-quarters of the Simi Hills,” said Sikich.

Sikich and his team had 11 lions collared at the time and lost two in the Woolsey Fire. One of the cats “just couldn’t escape the flames,” Sikich said. A second casualty, tracked as P-64 (“P” is for puma), was a remarkably resourceful male nicknamed “the culvert cat” because he’d managed to safely navigate deadly roadways to connect three different mountain ranges within his home range.

P-64, an adult male mountain lion, travels through a tunnel under Highway 101, heading south toward the Santa Monica Mountains in 2018. Credit: National Parks Service

The cat traversed a long, dark tunnel under Highway 101, used by more than 350,000 cars a day, to reach a small patch of habitat north of the Santa Monica Mountains. Then he used another tunnel, made for hikers and equestrians, to reach a much larger open space to the north. But when the fire broke out, he didn’t have time to reach these escape routes.

Sikich could see from P-64’s GPS collar that he was in the Simi Hills when the fire started. He began heading south, but ran smack into a developed area, which adult males do their best to avoid, even without the chaos of evacuations and fire engines.

“So he had two options,” Sikich said. “He could have entered the urban area or turned around and go back onto the burnt landscape, which he did.”

A few weeks later, Sikich got a mortality signal from P-64’s radio collar. “We didn’t know at the time, of course, but when we found him, he had burnt paws,” he said. “So he died from the effects of the fire.”

The cat was emaciated, with smoke-damaged lungs. His burnt paws hindered his ability to hunt. He likely starved to death.

When the team compared collared cats 15 months before and after the fire, they saw that the surviving cats avoided the burned areas. Lions need cover to hunt but the area was “just a moonscape,” Sikich said. The loss of that habitat forced the cats to take greater risks, likely to find food.

Mountain lions tend to be more active around dawn and dusk, but after the fire, collared cats were more active during the day. That meant they were more likely to run into people and cross roads and even busy freeways, Sikich and his team reported in a 2022 study.

On Dec. 3, 2018, National Park Service researchers discovered the remains of P-64, who survived the flames of the Woolsey Fire but died a few weeks later. The lion was emaciated and likely starved to death, unable to hunt with burnt paws. Credit: National Park Service

“We expect animals, in the long run, to adapt to the environments in which they live,” said Blumstein, who contributed to the study. In California, they adapted to coastal chaparral fires but not to fires in a fragmented habitat dominated by development. And when animals adapt to something, there can be mismatches between what they see as attractive and what’s good for them, he explained.

“Historically, being attracted to dense vegetation might have been a good thing, but if the only dense vegetation left after a fire is around people’s houses, that may not be a good thing,” he said.

Two cats tracked after the fire died of rodenticide poisoning and another was killed by a vehicle.

The cats also traveled greater distances, which put young males at greater risk of running into older males defending their territory. The cat who died on the road was the first to successfully cross the 405 interstate, the busiest in the nation, from the Santa Monica Mountains into the Hollywood Hills. Sikich knew from remote cameras that an adult male had lived there for years. Then after the fire, surveillance footage from a camera in a gated community caught that dominant male chasing the young intruder up a tree, then toward the freeway.

“He tried to head back west but wasn’t lucky this time as he crossed the 405,” Sikich said.

Add climate change-fueled fires to the list of human activity that’s threatening the survival of Southern California’s mountain lions.

Counting on wildlife crossings

When the Woolsey Fire took out half of the open space in the Santa Monica Mountains, it placed considerable stress on animals from mountain lions to monarchs, said Pratt of the National Wildlife Federation. These massive fires underscore the urgent need to connect isolated patches of habitat to boost species’ ability to cope with other stressors, especially in an urban environment, she said.

Studies by Sikich and others’ demonstrated the critical need for a wildlife crossing across Highway 101 to connect protected habitat in the Santa Monica Mountains with habitat in the Simi Hills in the north. It was at a tunnel underneath the 101 connecting those two regions that Sikich first saw the “culvert cat,” the lion with burnt paws who perished in the Woolsey Fire.

More than 20 years of research highlights the importance of connectivity in these fire-prone areas, he said, so animals can safely get across the freeways around these urban areas.

Pratt helped raise awareness about the need for a wildlife crossing through the #SaveLACougars campaign. She also helped raise tens of millions of dollars to build the Wallis Annenberg Wildlife Crossing, aided by P-22, the mountain lion who became world-famous as the “Hollywood cat.” P-22 lived his life within an improbably small 8-square-mile home range in LA’s Griffith Park, after crossing two of the nation’s busiest freeways.

The crossing broke ground in 2022, the same year wildlife officials euthanized P-22, after they determined the 12-year-old cat was suffering from multiple serious injuries, likely from a vehicle strike, debilitating health problems, and rodenticide poisoning.

Wildlife crossing and connectivity projects don’t just address biodiversity collapse, they also boost fire and climate resilience, Pratt said, because they give animals options, whether to escape fire, drought, or roads.

Thinking of fire as something to fight is a losing battle, she said. “It’s something we have to coexist with. And I think that we are making investments that are trying to take out a reliance on fossil fuels so that the conditions for these fires are not so severe,” she said, referring to California’s targets to slash greenhouse gas emissions within the next 20 years.

Even with the inbreeding and lethal threats from cars and rat poison, Sikich sees reason to be hopeful for the Santa Monica lion population.

For one thing, he said, “we’re seeing reproduction,” pointing to the mom with kittens seen above the Palisades fire and new litters among the females his team is following. “And the amount of natural habitat we do have is great,” he said, with plenty of deer and cover for hunting. “That’s why we still have lions.”

This story originally appeared on Inside Climate News.

Southern California wildfires likely outpace ability of wildlife to adapt Read More »

Trump orders US withdrawal from the World Health Organization

health, Policy, Trump, WHO, withdrawal / Kelly Newman / January 20, 2025

The United States noticed its withdrawal from the World Health Organization (WHO) in 2020 due to the organization’s mishandling of the COVID-19 pandemic that arose out of Wuhan, China, and other global health crises, its failure to adopt urgently needed reforms, and its inability to demonstrate independence from the inappropriate political influence of WHO member states. In addition, the WHO continues to demand unfairly onerous payments from the United States, far out of proportion with other countries’ assessed payments. China, with a population of 1.4 billion, has 300 percent of the population of the United States, yet contributes nearly 90 percent less to the WHO.

Health experts fear that a US withdrawal from the agency would significantly diminish the agency’s resources and capabilities, leave the world more vulnerable to health threats, and isolate the US, hurting its own interests and leaving the country less prepared to respond to another pandemic. The New York Times noted that a withdrawal would mean that the US Centers for Disease Control and Prevention would lose, among many things, access to global health data that the WHO compiles.

It remains legally unclear if Trump can unilaterally withdrawal the country from the WHO, or if the withdrawal also requires a joint act with Congress.

Trump orders US withdrawal from the World Health Organization Read More »

Robotic hand helps pianists overcome “ceiling effect”

robotic exoskeleton, robotics, Science / Kelly Newman / January 20, 2025

Fast and complex multi-finger movements generated by the hand exoskeleton. Credit: Shinichi Furuya

When it comes to fine-tuned motor skills like playing the piano, practice, they say, makes perfect. But expert musicians often experience a “ceiling effect,” in which their skill level plateaus after extensive training. Passive training using a robotic exoskeleton hand could help pianists overcome that ceiling effect, according to a paper published in the journal Science Robotics.

“I’m a pianist, but I [injured] my hand because of overpracticing,” coauthor Shinichi Furuya of Kabushiki Keisha Sony Computer Science Kenkyujo told New Scientist. “I was suffering from this dilemma, between overpracticing and the prevention of the injury, so then I thought, I have to think about some way to improve my skills without practicing.” Recalling that his former teachers used to place their hands over his to show him how to play more advanced pieces, he wondered if he could achieve the same effect with a robotic hand.

So Furuya et al. used a custom-made exoskeleton robot hand capable of moving individual fingers on the right hand independently, flexing and extending the joints as needed. Per the authors, prior studies with robotic exoskeletons focused on simpler movements, such as assisting in the movement of limbs stabilizing body posture, or helping grasp objects. That sets the custom robotic hand used in these latest experiments apart from those used for haptics in virtual environments.

A helping robot hand

A total of 118 pianists participated in three different experiments. In the first, 30 pianists performed a designated “chord trill” motor task with the piano at home every day for two weeks: first simultaneously striking D and F keys with the right index and ring fingers, then striking the E and G keys with the right middle and little fingers. “We used this task because it has been widely recognized as technically challenging to play quickly and accurately,” the authors explained. It appears in such classical pieces as Chopin’s Etude Op. 25. No. 6, Maurice Ravel’s “Ondine,” and the first movement of Beethoven’s Piano Sonata No. 3.

Robotic hand helps pianists overcome “ceiling effect” Read More »

Author name: Kelly Newman