Tech Brew Ride Home - Fri. 10/27 – SBF Takes The Stand
Episode Date: October 27, 2023Amazon wraps up tech earnings week. Microsoft raises the alarm about a really sophisticate new hacking group. SBF actually takes the stand. OpenAI sets up a system to keep their AI from, you know, blo...wing up the world. And, of course, the weekend longreads suggestions. Sponsors: Miro.com/podcast ShopBeam.com/ride and use code ride for 40% off Links: Microsoft: Octo Tempest is one of the most dangerous financial hacking groups (BleepingComputer) FTX’s Sam Bankman-Fried previews legal defence at fraud trial (FT) Cruise pauses all driverless robotaxi operations to ‘rebuild public trust’ (TechCrunch) OpenAI forms team to study ‘catastrophic’ AI risks, including nuclear threats (TechCrunch) Weekend Longreads Suggestions: They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird (Wired) “Math is hard” — if you are an LLM – and why that matters (Gary Marcus Blog) The poster’s guide to the internet of the future (The Verge) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco.
Hey, who did this to you?
What happened next turned the story into a political firestorm.
Reports have identified the victim as Bob Lee, the founder of Cash App.
From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16.
Welcome to the Tech meme right home for Friday, October 27th, 2023. I'm Brian McCullough today.
Amazon wraps up Tech earnings week. Microsoft raises the alarm about a really sophisticated new hacking group.
SBF actually takes the stand. Open AI sets up a system to keep their AI from, you know,
blowing up the world and, of course, the weekend long-rate suggestions. Here's what you miss today in the world of tech.
Rapping up the big tech earnings week, with the caveat that Apple still reports next week,
Amazon reported Q3 revenue up 13% to $143.1 billion.
Net income was up 244% to $9.9 billion.
Operating income was up 343% to $11.2 billion.
And their subscription revenue even grew 14% to $10.2 billion.
Their big new business line, though, I guess it's not so new anymore.
Their advertising business grew 26%.
Amazon now makes more than $12 billion a quarter in advertising.
revenue. AWS, well, still growing two at 12% year over year. The operating margin for AWS was 30.3%, which
actually was the widest operating margin in about two years. So Amazon stock was up over 5% this
morning in pre-market trading. Microsoft has published a really detailed profile of Octo Tempest,
a dangerous new hacking group targeting organizations across tech, gaming, financial services,
and other sectors. This is an English-speaking threat actor.
that Microsoft says has some of the most advanced social engineering schemes they've seen yet.
Also, they're actually willing to resort to threats of in-real-life physical violence. That's a bit new,
I think. Quoting bleeping computer. The threat actor was initially observed selling sim swaps and
stealing accounts of high-profile individuals with cryptocurrency assets. In late 2022,
Octa Tempest moved to fishing social engineering, resetting passwords en masse for customers of
breached service providers and data theft. Earlier this year, the threat group attacked companies
in the gaming, hospitality, retail manufacturing, technology, and financial sectors, as well as
managed service providers. After becoming an Alf V black cat affiliate, Octotempus deployed
the ransomware both to steal and to encrypt victim data. The group used its accumulated experience
to build more advanced and aggressive attacks and also started to monetize intrusions by
extorting victims after stealing data. Microsoft says that Octotempest,
also use direct physical threats in some cases to obtain logins that would advance their attack.
The most recent attacks from this group target organizations in a variety of sectors including gaming,
natural resources, hospitality, consumer products, retail, managed service providers,
manufacturing, law, technology, and financial services. Microsoft assesses that Octo Tempest is a
well-organized group that includes members with extensive technical knowledge and multiple hand-on
keyboard operators. The hackers often gain initial access through advanced social engineering
that targets accounts of technical administrators, eG support, and help desk staff, with enough
permissions to further the attack. They research the company to identify the targets they can impersonate
to the level of mimicking the speech patterns of the individual in phone calls. By doing so,
they trick technical administrators into performing password resets and reset multifactor authentication methods.
Once they get sufficient access, Octotempus hackers start the reconnaissance stage of the attack
by enumerating hosts and services and collecting information that would permit abusing legitimate channels
to progress the intrusion. To keep their tracks hidden, the hackers also target the accounts of
security personnel, which allows them to disable security products and features, end quote.
Well, he did it. Sam Bankman-Freed took the stand, though it was testimony that took place without the jury being present, weirdly.
Quoting the Financial Times, Sam Bankman-Freed said he consulted with lawyers about critical decisions around passing
client money from his FTCS exchange to his private trading firm Alameda in a preview of the former
billionaire's plan defense in the criminal trial over the collapse of his cryptocurrency empire.
Taking the witness stand in Manhattan federal court on Thursday afternoon, Bankman Free 31,
repeatedly asserted that he had followed the counsel of former FTCS lawyer Dan Freiburg
and California law firm Fenwick and West when deciding on whether to retain internal documents,
fund venture capital investments via loans to executives, or allow Alameda to receive.
FTCS customer deposits. The testimony was heard without the jury present. Judge Lewis Kaplan,
who is overseeing the case will decide on Friday morning what evidence can be repeated in front
of jurors when they return. Defense lawyer Mark Cohen said that the defense wants to show jurors
that the FDX founder, quote, consulted with counsel and, quote, took comfort from those
conversations. But prosecutors tried to show that lawyers, the FDX founder consulted, did not have the
full picture, including knowing about the source of money, which would make their advice
relevant as a potential defense. Thursday's testimony foreshadowed a difficult cross-examination
unless Sam Bankman-Freed can leverage the unusual opportunity for a dry run to improve his performance.
Kaplan at times appeared exasperated by his long convoluted and caveated answers to questions
from prosecutor Danielle Sassum. The judge also pressed him several times to give more direct
answers and commented that he had, quote, an interesting way of responding to questions,
end quote. Bankman Freed took long pauses and bowed his head as he appeared to struggle for answers at times,
such as when Sassoon asked him to point to the section in a contract between Alameda and FTCS that allowed
the trading firm to spend customer money deposited to its accounts. Sassoon asked him whether his
understanding of safeguarding customer funds would include not embezzling the money. Yes, it would
include that, he replied, even though his lawyers had objected to the question, I felt the need to
answer that one, he added. Although Cohen said his client would,
not ultimately seek to invoke a formal advice of counsel defense. He suggested that the defense would
elicit from the defendant how he reasonably relied on legal advice. However, the legal avenue for such an
argument is narrow, as relying on advice of counsel requires a high degree of specificity about the
specific counsel sought, according to Brendan Quigley, a former prosecutor who is now a partner at
Bakerbots. It would be difficult for SBF to say, I ask my attorney about dot, dot, dot, dot. Every one of these
theories of fraud, he added, end quote.
Follow up here, Cruz has paused all driverless operations two days after the California
Department of Motor Vehicles suspended its permits, but it will continue operating supervised
autonomous vehicles, quoting TechCrunch.
The action means that the driverless operations in Austin, Houston, and Phoenix, where the company
was charging for rides, have ended. Cruise has also ended driverless operations in Miami,
where just yesterday the company had quietly launched, according to sources familiar with the company's
activities. Cruz said in a post on social media site X that it will take time to examine its, quote,
processes, systems, and tools, and reflect on how we can better operate in a way that will earn public
trust, end quote. The GM self-driving subsidiary said it was taking the action to rebuild public
trust and added it was not related to any new on-road incidents. Cruz said it will continue
with supervised autonomous vehicle operations, which means that a human safety operator will be behind
the wheel. We think it's the right thing to do during a period when we need to be extra vigilant
when it comes to risk, relentlessly focused on safety and taking steps to rebuild public trust.
The company posted. Cruz's decision is an about-face to internal communications with its
employees during an all-hands meeting held Wednesday afternoon, according to sources.
In that meeting, co-founder and CEO Kyle Vogt told staff the company had not paused
operations elsewhere besides California and gave no indication that the company was planning to.
Instead, Vogue told employees the company was reevaluating how it discloses information to
regulators to ensure it is clearly communicated according to an account from sources who heard the call,
end quote.
Open AI has formed what it is calling preparedness, a new team to assess, evaluate, and probe
AI models to protect against what they are calling catastrophic risks, including biological
and nuclear threats.
Voting TechCrunch. The team called Preparedness will be led by Alexander Madri, the director of
MIT's Center for Deployable Machine Learning. Madri joined Open AI in May as head of preparedness,
according to LinkedIn. Preparedness's chief responsibilities will be tracking, forecasting,
and protecting against the dangers of future AI systems, ranging from their ability to
persuade and fool humans, like in fishing attacks, to their malicious co-generating capabilities.
Some of the risk categories preparedness is charged with studying seem more far-fetched
than others. For example, in a blog post, OpenAI lists chemical, biological, radiological, and
nuclear threats as areas of top concern, where it pertains to AI models. OpenAI CEO Sam Aldman
is a noted AI doomsayer, often erring fears, whether for optics or out of personal conviction,
that AI, quote, may lead to human extinction, end quote. But telegraphing that OpenAI
might actually devote resources to studying scenarios straight out of sci-fi dystopian novels
is a step further than this writer expected, frankly. The company's open to study
less obvious and more grounded areas of AI risk, too, it says. To coincide with the launch of the
Preparedness Team, OpenAI is soliciting ideas for risk studies from the community with a $25,000
prize and a job at preparedness on the line for the top 10 submissions. Imagine we gave you
unrestricted access to OpenAI's whisper transcription, voice, text to speech, GPT4V, and Dolly 3
models, and you were a malicious actor. One of the questions in the contest entry reads,
consider the most unique, while still being probable potential catastrophic misuse of the model, end quote.
OpenAI says that the preparedness team will also be charged with formulating a risk-informed development
policy which will detail OpenAI's approach to building AI model evaluations and monitoring, tooling,
the company's risk mitigation actions and its governance structure for oversight across the model development process.
It's meant to complement OpenAI's other work in the discipline of AI safety, the company says,
with focus on both pre- and post-model deployment phases, end quote.
Time for the weekend long read suggestions.
Wired has an absolutely wild one.
A guy lost access to over 7,000 bitcoins on an old iron key USB drive.
So some folks came up with a hack to get onto the drive to, you know,
maybe recover what is around $235 million worth of Bitcoin.
Thing is, the owner is refusing their help.
what? Quote, for years on Seiford's hackers and many others in the crypto community have followed
the story of a Swiss crypto entrepreneur living in San Francisco named Stefan Thomas, who owns this
2011 era Iron Key and who has lost the password to unlock it and access the nine-figure fortune it
contains. Thomas has said in interviews that he's already tried eight incorrect guesses,
leaving only two more tries before the iron key erases the keys stored on it, and he loses
access to his Bitcoins forever. Now, after months of work, unciphered hackers believe they can
open Thomas's locked treasure chest, and they're ready to use their secret cracking technique to do it.
We were hesitant to reach out to him until we had a full, provable, reliable attack,
says Smith, who asked Wired not to reveal his real name due to the sensitivities of working with
secret hacking techniques and very large sums of cryptocurrency. Now we're in that phase.
The only problem, Thomas doesn't seem to want their health.
Earlier this month, not long after performing their USB decrypting demonstration for me,
Unciphered reached out to Thomas through a mutual associate who could vouch for the company's
new Iron Key unlocking abilities and offer assistance. The call didn't even get as far as discussing
Uncipher's commission or fee before Thomas politely declined. Thomas had already made a,
quote, handshake deal with two other cracking teams a year earlier, he explained. In an effort
to prevent the two teams from competing, he had offered each a portion of the proceeds,
if either one could unlock the drive. And he remains committed, even a year later, to giving those teams
more time to work on the problem before he brings in anyone else, even though neither of the teams
has shown any sign of pulling off the decryption hack that Unciphered has already accomplished.
That is left Unciphered in a strange situation. It holds what is potentially one of the most
valuable lock-picking tools in the cryptocurrency world, but with no lock to pick, we cracked the iron key,
says Nick Federoff on Seiford's director of operations. Now we have to crack
Stefan. This is turning out to be the hardest part. In an email to Wired, Thomas confirmed that he had
turned down on Cipherd's offer to unlock his encrypted fortune. I have already been working with a different
set of experts on the recovery, so I'm no longer free to negotiate with someone new, Thomas wrote.
It's possible that the current team could decide to subcontract unciphered if they feel that's
the best option. We'll have to wait and see, end quote. Thomas declined to be interviewed or to comment
further, end quote. On Gary Marcus's blog, he pokes at something I've wondered about. Why,
can't LLMs do math, like the kind of math that simple calculators can do?
Quote, it's not just that the performance on math GLM steadily declines as the problem gets bigger
with the discrepancy between it and a calculator steadily increasing.
It's that the LLM-based system is generalizing by similarity,
doing better on cases that are in or near the training set,
never, ever getting to a complete, abstract, reliable representation of what multiplication is.
A calculator with the benefit of 2 billion parameters would be at 100% because it is programmed at the factory with an algorithm that actually computes multiplication.
The LLM never induces such an algorithm that in a nutshell is why we should never trust pure LLMs.
Even under carefully controlled circumstances with massive amounts of directly relevant data,
they still never really get even the most basic linear functions.
In a recent series of posts on X, Daniel Litt has documented a wide variety of other math errors as well.
Well, some kind of hybrid may well work, but LLMs on their own remain stuck, end quote.
It's weird because computers have always been better than humans at two things.
First, remembering, by which I mean storing and retrieving data,
a computer can remember every bit of data perfectly more than any human mind could.
And going back to World War II, at least, computers can do math and make calculations
faster and more accurately than an army of human minds could.
the fact that LLMs cannot suggest that the current flavor of AI is a completely different type of computing.
Finally, today in The Verge, David Pierce argues that the platform era of the web is ending.
The future of the web might be, or at least should be, in David's estimation, a bit of a back to the future.
Quote, we may be at the beginning of a new era instead of a half a dozen platforms competing to own your entire life,
apps like Mastodon, Blue Sky, Pixel Fed, Lerner,
and others are building a more interconnected social ecosystem. If this activity pub-fueled
change takes off, it will break every social network into a thousand pieces. All posts of all
types will be separated from their platforms. We'll get new tools for creating those posts,
new tools for reading them, new tools for organizing them, and new tools for monitoring them and
sharing them and remixing them and everything else besides. The answer, I think, lies in a decade-old
idea about how to organize the internet. It's called Posse. Publish on your own
site syndicate everywhere. Sometimes the P is also post and the E can be elsewhere. The idea is the
same either way. The idea is that you, the poster, should post on a website that you own. Not an app that can go
away and take all your posts with it, not a platform with ever-shifting rules and algorithms,
your website. But people who want to read or watch or listen or look at your posts can do that
almost anywhere because your content is syndicated to all those platforms. In a posse world,
everyone owns a domain name and everybody has a blog. I'm defining blog pretty loosely here,
just as a place on the internet where you post your stuff and others consume it. When you want to
post something, you do it to your blog. Then your long blog posts might be broken into chunks
and posted on a thread on X and Macedon and threads. The whole thing might go to your medium page
and your Tumblr and your LinkedIn profile too. If you post a photo, it might go straight to
Instagram and a vertical video would whoosh straight to TikTok reels and shorts. Your post appears
natively on all of those platforms, typically with some kind of link back to your blog.
And your blog becomes the hub for everything, your main home on the internet.
Done right, Posse is the best of all posting worlds, end quote.
All right, for the bonus episode this weekend, given how tech earnings did sneak up on me this
week, I was inspired to reach out to Alex Cantowitz at Big Technology Podcast to answer
these questions.
We started this year with layoffs and the whole tech recession narrative.
so as we wind up the year, did tech recover this year? And if so, how and why? Also, we talk a bit about self-driving cars and speculation on Monday's upcoming Apple event.
And then after that, I do two more language experiments, French and Dutch.
Anyone who speaks those tongues, please let me know how it sounds. Talk to you on Monday.