Daily Archives: November 20, 2023

Sarah Silverman’s retarded AI Case Isn’t Going Very Well Either

Posted on by

Just a few weeks ago Judge William Orrick massively trimmed back the first big lawsuit that was filed against generative AI companies for training their works on copyright-covered materials. Most of the case was dismissed, and what bits remained may not last much longer. And now, it appears that Judge Vince Chhabria (who has been very good on past copyright cases) seems poised to do the same.

This is the high profile case brought by Sarah Silverman and some other authors, because some of the training materials used by OpenAI and Meta included their works. As we noted at the time, that doesn’t make it copyright infringing, and it appears the judge recognizes the large hill Silverman and the other authors have to climb here:

U.S. District Judge Vince Chhabria said at a hearing that he would grant Meta’s motion to dismiss the authors’ allegations that text generated by Llama infringes their copyrights. Chhabria also indicated that he would give the authors permission to amend most of their claims.

Meta has not yet challenged the authors’ central claim in the case that it violated their rights by using their books as part of the data used to train Llama.

“I understand your core theory,” Chhabria told attorneys for the authors. “Your remaining theories of liability I don’t understand even a little bit.”

Chhabria (who you may recall from the time he quashed the ridiculous copyright subpoena that tried to abuse copyright law to expose whoever exposed a billionaire’s mistress) seems rightly skeptical that just because ChatGPT can give you a summary of Silverman’s book that it’s somehow infringing:

“When I make a query of Llama, I’m not asking for a copy of Sarah Silverman’s book – I’m not even asking for an excerpt,” Chhabria said.

The authors also argued that Llama itself is an infringing work. Chhabria said the theory “would have to mean that if you put the Llama language model next to Sarah Silverman’s book, you would say they’re similar.”

“That makes my head explode when I try to understand that,” Chhabria said.

It’s good to see careful judges like Chhabria and Orrick getting into the details here. Of course, with so many of these lawsuits being filed, I’m still worried that some judge is going to make a mess of things, but we’ll see what happens.

Source: Sarah Silverman’s AI Case Isn’t Going Very Well Either | Techdirt

“Make It Real” AI prototype wows UI devs by turning drawings into working software

Posted on by

collaborative whiteboard app maker called “tldraw” made waves online by releasing a prototype of a feature called “Make it Real” that lets users draw an image of software and bring it to life using AI. The feature uses OpenAI’s GPT-4V API to visually interpret a vector drawing into functioning Tailwind CSS and JavaScript web code that can replicate user interfaces or even create simple implementations of games like Breakout.

Further Reading

ChatGPT update enables its AI to “see, hear, and speak,” according to OpenAI

“I think I need to go lie down,” posted designer Kevin Cannon at the start of a viral X thread that featured the creation of functioning sliders that rotate objects on screen, an interface for changing object colors, and a working game of tic-tac-toe. Soon, others followed with demonstrations of drawing a clone of Breakout, creating a working dial clock that ticks, drawing the snake game, making a Pong game, interpreting a visual state chart, and much more.

Users can experiment with a live demo of Make It Real online. However, running it requires providing an API key from OpenAI, which is a security risk. If others intercept your API key, they could use it to rack up a very large bill in your name (OpenAI charges by the amount of data moving into and out of its API). Those technically inclined can run the code locally, but it will still require OpenAI API access.

Tldraw, developed by Steve Ruiz in London, is an open source collaborative whiteboard tool. It offers a basic infinite canvas for drawing, text, and media without requiring a login. Launched in 2021, the project received $2.7 million in seed funding and is supported by GitHub sponsors. When The GPT-4V API launched recently, Ruiz integrated a design prototype called “draw-a-ui” created by Sawyer Hood to bring the AI-powered functionality into tldraw.

GPT-4V is a version of OpenAI’s large language model that can interpret visual images and use them as prompts.  As AI expert Simon Willison explains on X, Make it Real works by “generating a base64 encoded PNG of the drawn components, then passing that to GPT-4 Vision” with a system prompt and instructions to turn the image into a file using Tailwind. In fact, here is the full system prompt that tells GPT-4V how to handle the inputs and turn them into functioning code:

const systemPrompt = ‘You are an expert web developer who specializes in tailwind css.
A user will provide you with a low-fidelity wireframe of an application.
You will return a single html file that uses HTML, tailwind css, and JavaScript to create a high fidelity website.
Include any extra CSS and JavaScript in the html file.
If you have any images, load them from Unsplash or use solid colored rectangles.
The user will provide you with notes in blue or red text, arrows, or drawings.
The user may also include images of other websites as style references. Transfer the styles as best as you can, matching fonts / colors / layouts.
They may also provide you with the html of a previous design that they want you to iterate from.
Carry out any changes they request from you.
In the wireframe, the previous design’s html will appear as a white rectangle.
Use creative license to make the application more fleshed out.
Use JavaScript modules and unpkg to import any necessary dependencies.’

As more people experiment with GPT-4V and combine it with other frameworks, we’ll likely see more novel applications of OpenAI’s vision-parsing technology emerging in the weeks ahead. Also on Wednesday, a developer used the GPT-4V API to create a live, real-time narration of a video feed by a fake AI-generated David Attenborough voice, which we have covered separately.

For now, it feels like we’ve been given a preview of a possible future mode of software development—or interface design, at the very least—where creating a working prototype is as simple as making a visual mock-up and having an AI model do the rest.

Source: “Make It Real” AI prototype wows devs by turning drawings into working software | Ars Technica

The EU DMA will finally free Windows users from Bing (but not Edge) and allow 3rd parties into the widgets

Posted on by

Microsoft will soon let Windows 11 users in the European Economic Area (EEA) disable its Bing web search, remove Microsoft Edge, and even add custom web search providers — including Google if it’s willing to build one — into its Windows Search interface.

All of these Windows 11 changes are part of key tweaks that Microsoft has to make to its operating system to comply with the European Commission’s Digital Markets Act, which comes into effect in March 2024. Microsoft will be required to meet a slew of interoperability and competition rules, including allowing users “to easily un-install pre-installed apps or change default settings on operating systems, virtual assistants, or web browsers that steer them to the products and services of the gatekeeper and provide choice screens for key services.”

Alongside clearly marking which apps are system components in Windows 11, Microsoft is also responding by adding the ability to uninstall the following apps:

  • Camera
  • Cortana
  • Web Search from Microsoft Bing, in the EEA
  • Microsoft Edge, in the EEA
  • Photos

Only Windows 11 users in the EEA will be able to fully remove Microsoft Edge and the Bing-powered web search from Windows Search. Microsoft could easily extend this to all Windows 11 users, but it’s limiting this extra functionality to EEA markets to comply with the rules. “Windows uses the region chosen by the customer during device setup to identify if the PC is in the EEA,” explains Microsoft in a blog post. “Once chosen in device setup, the region used for DMA compliance can only be changed by resetting the PC.”

In EEA markets — which includes EU countries and also Iceland, Liechtenstein, and Norway — Windows 11 users will also get access to new interoperability features for feeds in the Windows Widgets board and web search in Windows Search. This will allow search providers like Google to extend the main Windows Search interface with their own custom web searches.

[…]

We had hoped Microsoft would finally stop forcing Windows 11 users in Europe into Edge if they clicked a link from the Windows Widgets panel or from search results, but Microsoft appears to have changed exactly how it’s implementing this. The software maker previously said it would start testing a change to Windows 11 that would see “Windows system components use the default browser to open links” in EEA markets, but that change never appeared in Windows Insider builds.

“In the EEA, Windows will always use the customers’ configured app default settings for link and file types, including industry standard browser link types (http, https),” says Microsoft. “Apps choose how to open content on Windows, and some Microsoft apps will choose to open web content in Microsoft Edge.”

[…]

Source: The EU will finally free Windows users from Bing – The Verge

Zimbra email vulnerability let hackers steal gov data – fix (and exploit) was easily visible on repository before updates

Posted on by

Google’s Threat Analysis Group revealed on Thursday that it discovered and worked to help patch an email server flaw used to steal data from governments in Greece, Moldova, Tunisia, Vietnam and Pakistan. The exploit, known as CVE-2023-37580, targeted email server Zimbra Collaboration to pilfer email data, user credentials and authentication tokens from organizations.

It started in Greece at the end of June. Attackers that discovered the vulnerability and sent emails to a government organization containing the exploit. If someone clicked the link while logged into their Zimbra account, it automatically stole email data and set up auto-forwarding to take control of the address.

While Zimbra published a hotfix on open source platform Github on July 5, most of the activity deploying the exploit happened afterward. That means targets didn’t get around to updating the software with the fix until it was too late. It’s a good reminder to update the devices you’ve been ignoring now, and ASAP as more updates become available. “These campaigns also highlight how attackers monitor open-source repositories to opportunistically exploit vulnerabilities where the fix is in the repository, but not yet released to users,” the Google Threat Analysis Group wrote in a blog post.

Around mid-July, it became clear that threat group Winter Vivern got ahold of the exploit. Winter Vivern targeted government organizations in Moldova and Tunisia. Then, a third unknown actor used the exploit to phish for credentials from members of the Vietnam government. That data got published to an official government domain, likely run by the attackers. The final campaign Google’s Threat Analysis Group detailed targeted a government organization in Pakistan to steal Zimbra authentication tokens, a secure piece of information used to access locked or protected information.

Zimbra users were also the target of a mass-phishing campaign earlier this year. Starting in April, an unknown threat actor sends an email with a phishing link in an HTML file, according to ESET researchers. Before that, in 2022, threat actors used a different Zimbra exploit to steal emails from European government and media organizations.

As of 2022, Zimbra said it had more than 200,000 customers, including over 1,000 government organizations. “The popularity of Zimbra Collaboration among organizations expected to have lower IT budgets ensures that it stays an attractive target for adversaries,” ESET researchers said about why attackers target Zimbra.

Source: An email vulnerability let hackers steal data from governments around the world