Collaborate Disseminate
Context
I’m designing a P2P network with a central Discovery Service (providing core info about every platform in the network) but no centralised Auth server.
OAuth 2.0 and OpenID Connect will be used for authorisation between platforms in… Continue reading Discovery Service as a Trust Anchor for P2P Network?
The debate over professionalizing software engineers is decades old. (The basic idea is that, like lawyers and architects, there should be some professional licensing requirement for software engineers.) Here’s a law journal article recommending the same idea for AI engineers.
This Article proposes another way: professionalizing AI engineering. Require AI engineers to obtain licenses to build commercial AI products, push them to collaborate on scientifically-supported, domain-specific technical standards, and charge them with policing themselves. This Article’s proposal addresses AI harms at their inception, influencing the very engineering decisions that give rise to them in the first place. By wresting control over information and system design away from companies and handing it to AI engineers, professionalization engenders trustworthy AI by design. Beyond recommending the specific policy solution of professionalization, this Article seeks to shift the discourse on AI away from an emphasis on light-touch, ex post solutions that address already-created products to a greater focus on ex ante controls that precede AI development. We’ve used this playbook before in fields requiring a high level of expertise where a duty to the public welfare must trump business motivations. What if, like doctors, AI engineers also vowed to do no harm?…
As I was listening to an interview yesterday, the journalist claimed that his Signal communications were being spied on by the NSA. Whether to believe him or not is subjective. Still, it is an objective truth that nation-states can break i… Continue reading Minimizing trust assumptions in Messaging Protocols
I’m building a tool and users will run it by downloading a binary. What I’m considering is good ways to secure this for the user. There’s for me easy ways like "Recommend running this on a new temporary VM without internet access"… Continue reading Increasing trust in a downloaded binary
At work, we are deploying a new VoIP solution, and as part of that, we are supposed to install a custom root certificate on our computers and mobile devices. The manufacturer of that VoIP solution has the private key to that. The certif… Continue reading Is it common practice that vendors put own root certificates on customer devices?
For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you wanted results, you needed to learn the computer’s language.
This is beginning to change. Large language models—the technology undergirding modern chatbots—allow users to interact with computers through natural conversation, an innovation that introduces some baggage from human-to-human exchanges. Early on in our respective explorations of ChatGPT, the two of us found ourselves typing a word that we’d never said to a computer before: “Please.” The syntax of civility has crept into nearly every aspect of our encounters; we speak to this algebraic assemblage as if it were a person—even when we know that …
There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents.
Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced, but there’s still a lot of confusion.
It seems not to be true. Dropbox isn’t sharing all of your documents with OpenAI. But here’s the problem: we don’t trust OpenAI. We don’t trust tech corporations. And—to be fair—corporations in general. We have no reason to.
Simon Willison nails it in a tweet:
“OpenAI are training on every piece of data they see, even when they say they aren’t” is the new “Facebook are showing you ads based on overhearing everything you say through your phone’s microphone.”…
Continue reading OpenAI Is Not Training on Your Dropbox Documents—Today
I trusted a lot today. I trusted my phone to wake me on time. I trusted Uber to arrange a taxi for me, and the driver to get me to the airport safely. I trusted thousands of other drivers on the road not to ram my car on the way. At the airport, I trusted ticket agents and maintenance engineers and everyone else who keeps airlines operating. And the pilot of the plane I flew in. And thousands of other people at the airport and on the plane, any of which could have attacked me. And all the people that prepared and served my breakfast, and the entire food supply chain—any of them could have poisoned me. When I landed here, I trusted thousands more people: at the airport, on the road, in this building, in this room. And that was all before 10:30 this morning…
My organisation, say Acme, is building an e-signature platform where global businesses sign up and use the platform to send out e-signature requests. And when signers in a particular e-sign request sign the document, Acme must digitally si… Continue reading How to feasibly digital sign high volume documents with CA issued digital certificate?
I’ve recently obtained a new notebook, specifically a Thinkpad. Now I found out that it has a fingerprint reader integrated into the power button. I am skeptical about biometrics as a security mechanism. But I’m wondering, apart from its s… Continue reading Can fingerprint readers be trusted?