Tech Brew Ride Home - Thu. 02/29 – What If The Vision Pro Is Selling Better Than We Think?
Episode Date: February 29, 2024The SEC has subpoenaed OpenAI. What if the Vision Pro is selling better than even Apple thought? Beware of the repo attack affecting GitHub. Beware of the video doorbells that are ridiculously easy to... take over. And is robotics the next big tech industry we need to be paying attention to? Links: SEC Investigating Whether OpenAI Investors Were Misled (WSJ) EA to lay off 5% of workforce, or about 670 employees (CNBC) Vision Pro demand higher than expected; returns down to 1% – Kuo (9to5Mac) Kuo: Apple Vision Pro on Track to Launch in More Countries Before WWDC in June (MacRumors) Apple Vision Pro return rate is about the same as the iPhone 15 Pro (Apple Insider) StarCoder 2 is a code-generating AI that runs on most GPUs (TechCrunch) GitHub besieged by millions of malicious repositories in ongoing attack (ArsTechnica) These Video Doorbells Have Terrible Security. Amazon Sells Them Anyway. (Consumer Reports) Humanoid robot startup Figure AI valued at $2.6 billion as Bezos, OpenAI, Nvidia join funding (CNBC) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco.
Hey, who did this to you?
What happened next turned the story into a political firestorm.
Reports have identified the victim as Bob Lee, the founder of Cash App.
From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16.
Welcome to the TechMeme right home for Thursday, February 29th, 2020.
I'm Brian McCullough today. The SEC has subpoenaed OpenAI.
What if the Vision Pro is selling better than even Apple thought?
Beware of the repo attack affecting GitHub.
Beware of the video doorbells that are ridiculously easy to take over.
And is robotics the next big tech industry we need to be paying attention to?
Here's what you miss today in the world of tech.
I was wondering if the feds were going to take a look at this.
Sources are telling the journal that the U.S.
has sent a subpoena to OpenAI. They did so in December, actually, seeking internal records after the board's
decision to fire Sam Altman as CEO back in November. Quote, SEC officials based in New York are
conducting the investigation and have asked that some senior Open AI officials preserve internal documents.
The SEC enforces laws that forbid people from misleading investors regardless of whether
fundraisers seek capital in public or private markets. The SEC often close.
closes investigations without making formal accusations of wrongdoing. Some of the people familiar with
the investigation described it as a predictable response to the former OpenAI board's claim in its November
statement. One of the people said that the SEC hasn't pointed to any specific statement or communication
by Altman that it has deemed misleading. The SEC's civil investigation has been percolating in the
background as open AI officials pitched investors as part of its recently closed tender offer,
which valued the AI juggernaut behind viral chatbot chat GPT at more than $80 billion.
The SEC probe abbs to a growing list of government and legal challenges confronting OpenAI,
reflecting intense global scrutiny of the company's business practices and impact on the world.
It also shows how the company is still dealing with the fallout from the failed Alster of Altman last year.
At that time of the leadership turmoil, Open AI executives started getting questions from regulators
and law enforcement entities such as the Manhattan U.S. Attorney's Office about the board's accusation
of Altman's lack of candor, the Wall Street Journal reported in November.
That criminal investigation is ongoing. People familiar with the matter said, its focus couldn't be learned.
Government officials in the U.S. and Europe also have launched competition inquiries into the relationship between OpenAI and Microsoft, which also has a commercial partnership with the company, end quote.
Another day, another one of these, sadly, EA plans to cut 5% of its workforce, part of a plan that includes reducing office space and sunsetsetting some games.
EA employed 13,400 workers as of March of last year.
Quoting CNBC.
EA CEO Andrew Wilson wrote in a memo to employees on Wednesday that the video game company is,
quote, streamlining our company operations to deliver deeper, more connected experiences for fans everywhere.
We are continuing to optimize our global real estate footprint to best support our business,
Wilson wrote in his Wednesday note.
We are also sunsitting games and moving away from development of future licensed IP that we do
not believe will be successful in our changing industry, end quote.
Wilson added that the cuts will enable EA to focus more of
on its, quote, biggest opportunities, including our owned IP, sports, and massive online communities,
end quote.
A couple of weeks ago, the internets were a buzz with anecdotal stories of people returning their
Apple Vision Pros while they still could.
This led to a general assumption that maybe the Vision Pro was having a disappointing launch,
but what this segment presupposes is, maybe that wasn't true.
According to Apple analysts Ming Chi Quo, Vision Pro demand is actually higher than Apple originally
expected, with U.S. shipments expected to hit 200 to 250,000 units this year. Return rates,
according to Quo, are also now below 1 percent, with some caveats, quoting 9 to 5 Mac. Quote
noted that shipping times peaked at well over a month, with some pre-orders placed on January 19th
getting shipping dates into early March. This has since reduced to just a few days, suggesting
that production is now keeping pace with demand. Vision Pro shipping time has now improved to three to five
days early March. The shipping time after pre-orders opened on 19th January was in early March,
meaning that although Vision Pro sold out after pre-orders opened due to early adopters buying it,
demand for the device declined rapidly and has stayed the same. Quo said that current estimates
of 2024 sales are considerably higher than Apple originally expected, though the ranges he
cites are large. Apple has asked suppliers to increase production, which Quo believes is due to a
mix of relatively high U.S. demand and plans to roll out sales to other countries in the coming months.
Quoting Mac rumors. Quote said demand for the Vision Pro in the U.S. has, quote, slowed down significantly since the headset launched there on February 2nd. He estimated that U.S. shipments of the headset will total to 250,000 units this year, which he said is better than Apple's original estimate of 150 to 200,000 units, but it is still what he calls a, quote, niche market. In recent weeks, there was a lot of discussion about Vision Pro returns on social media. However, based on his inspection of the, quote, repair refurbishment production line for the headset,
Quote estimated that the current return rate is less than 1%. End quote. And quoting Apple Insider.
According to my inspection of the repair slash refurbishment production line, the current return rate for Vision Pro is less than 1% with no anomalies, quote, said in his medium post on Wednesday.
It is worth noting that 20 to 30% of the returns are due to users not knowing how to set up Vision Pro, end quote.
Data collected by Apple Insider over the years suggests that this is about the same as the pro line of iPhones return to retail.
In the first month, the rate of return on those is about 1.2% with the non-pro return rate at about 1.4%.
About two years ago, a source within AT&T told us that their rate of smartphone returns from all vendors combined is about 2.5% of all units sold after the first month of release.
They acknowledged to us at the time that iPhone return rates were less than half of that, end quote.
Want to run your own code generating AI model, but don't want to pay someone else to do that?
Well, Service Now, Hugging Face, and NVIDIA have released free code-generating AI models StarCoder 2, 3B7B, and 15B, the first two of which can run on most modern consumer GPUs.
Quoting Crunch.
StarCoder 2 isn't a single code generating model, but rather a family.
The 3 billion parameter model was trained by Service Now, the 7 billion parameter model was trained by HuggingFace, and a 15 billion parameter model was trained by Nvidia.
the newest supporter of the StarCoder Project. Like most other code generator, StarCoder 2 can suggest
ways to complete unfinished lines of code as well as summarize and retrieve snippets of code when asked
in natural language. Trained with 4x more data than the original StarCoder, 67.5 terabytes
versus 6.4 terabytes. StarCoder 2 delivers what Hugging Face Service Now and Nvidia
characterize as, quote, significantly improved performance at lower costs to operate.
StarCoder 2 can be fine-tuned in a few hours using a GPU like the Nvidia A-100,
on first or third-party data to create apps such as chatbots and personal coding assistance.
And because it was trained on a larger and more diverse data set than the original StarCoder,
around 619 programming languages, StarCoder 2 can make more accurate context-aware predictions,
at least hypothetically, end quote.
Quoting Venture beat.
While BigCode's original StarCoder LLM debuted in 115 billion parameter size and was trained
on about 80 programming languages, according to BigCode, the training data for the new models
known as the stack was more than seven times larger than the one used last time.
More importantly, the big code community used new training techniques for the latest generation
to ensure that the models can understand and generate low-resource programming languages like
Cobol, mathematics, and program source code discussions.
While it remains to be seen how well these models perform in different coding scenarios,
the companies did note that the performance of the smallest 3B model alone
match that of the original 15B StarCoder LOM, end quote.
But caveat, caveat, quoting TechCrunch again, StarCoder's two license might prove to be a roadblock for some.
StarCoder 2 is licensed under the Big Code Open Rail M1.0, which aims to promote responsible use by imposing light touch restrictions on both model licensees and downstream users.
While less constraining than many other licenses, RailM isn't truly open in the sense that it doesn't permit developers to use StarCoder 2 for every conceivable application.
medical advice-giving apps are strictly off-limits, for example.
Some commentators say Rail-M's requirements may be too vague to comply with, in any case,
and that Rail-M could conflict with AI-related regulations like the EU AI Act, end quote.
A couple of servicey news you can use pieces now.
First up for devs.
Be aware that researchers have found an ongoing repo-confusion attack,
which involves cloning existing repos and infecting them with malware loaders,
impacting more than 100,000 GitHub repos.
Quoting RASTechnica,
the malicious repositories are clones of legitimate ones,
making them hard to distinguish to the casual eye.
An unknown party has automated a process
that forks legitimate repositories,
meaning the source code is copied so developers can use it
in an independent project that builds on the original one.
The result is millions of forks with names identical to the original one
that add a payload that's wrapped under seven layers of obfuscation.
To make matters worse, some people unaware of the malice of these imitators are forking the forks, which adds to the flood.
Given the constant churn of new repos being uploaded and GitHub's removal, it's hard to estimate precisely how many of each there are.
The researchers said the number of repos uploaded or forked before GitHub removes them is likely in the millions.
They said the attack, quote, impacts more than 100,000 GitHub repositories.
Supply chain attacks that target users of developer platforms have existed since at least 2016,
when a college student uploaded custom scripts to Ruby gems, Pi Pi and NPM. The scripts bore names similar to widely used legitimate packages but otherwise had no connection to them. A phone home feature in the student's script showed that the imposter code was executed more than 45,000 times on more than 17,000 separate domains, and more than half the time, his code was given all-powerful administrative rights.
Two of the affected domains ended in a dot-M-I-L, an indication that people inside the U.S. military had run his script.
This form of supply chain attack is often referred to as typo-squatting because it relies on users making small errors when choosing the name of a package they want to use.
The flow of this particular campaign is simple.
Cloning existing repos, for example, Twitter followbot, WhatsApp bot, Discord boost tool, Twitch followbot, and hundreds more.
Infecting them with malware loaders, uploading them back to GitHub with identical names,
automatically forking each thousands of times, then covertly promoting them across the web
via forums, discord, etc. Developers who use any of the malicious repos in the campaign
unpack a payload buried under seven layers of obfuscation to receive malicious Python code
and later an executable file. The code, mainly consisting of modified versions of the open source
black cap grabber, then collects authentication cookies and login credentials from various apps
and sends them to a server controlled by the attacker. The researchers said the malicious repo,
quote, performs a long series of additional malicious activities, end quote.
And the news you really need to use, if you're using an off-brand video doorbell,
researchers have found serious security flaws in cheap video doorbells sold by a Chinese company
under various brand names on Amazon, Sheehan, and other sites, quoting Consumer Reports.
Blair and Dela Raca discovered the problems while evaluating a number of video doorbells
for our regular ratings program. They were sold under two brand names, Eakin and Tuck,
The two devices stood out not just because of the security problems, but also because they
appeared to be identical right down to the plain white box they came in, despite having
different brand names.
Online searches quickly revealed at least 10 more seemingly identical video doorbells being
sold under a range of brand names, all controlled through the same mobile app called
IWIT, A-I-W-T, which is owned by Ecken.
We bought two of these products sold under the FishBot and RakeBlue brands and found the same
vulnerabilities. The security issues are serious. People who face threats from a stalker or a strange
abusive partner are sometimes spied on through their phones, online platforms, and connected smartphone
devices. The vulnerabilities CR found could allow a dangerous person to take control of the video
doorbell on their targets home, watching when they and their family members come and go.
First, these doorbells expose your home IP address and Wi-Fi network name to the internet
without encryption, potentially opening your home security network to online criminals.
Security experts worry there could be more problems, including poor security on the company's servers, where videos are being stored.
The fact that they aren't using encryption is egregious, says Bo Woods, a digital security researcher with the Cybersecurity Advocacy Group, I am the cavalry.
It indicates there may be a whole host of bad practices, he said, end quote.
The video doorbells pose a special threat to individuals who are in danger from people who know where they live.
Anyone who can physically access one of the doorbells can take over the device, no tool,
or fancy hacking skills needed. Let's imagine that an abusive ex-boyfriend wants to watch the
comings and goings of his former partner and her children. He'd simply need to create an account
on the IWIT smartphone app, then go to his targets home and hold down the doorbell button to put it
into pairing mode. He could then connect the doorbell to a Wi-Fi hotspot and take control of the device.
As the new, quote, owner of the device, he could now watch who comes and goes and win. And he can see
the device's serial number. That's dangerous because of the company's poor security systems.
When the stalker pairs the device to his phone, the original owner will get an email saying she no longer has access to the device.
That might seem like a small technological glitch she can solve by simply repairing the device with her own phone, taking back control.
But once the stalker has the serial number, he can continue to remotely access still images from the video feed.
The Consumer Reports journalist provided the serial number to Blair to allow him to remotely access her camera.
No password is needed or even an account with the company, and no notification is sent to the doorbell's own.
owner, end quote. Finally, interesting raise from a company we've discussed previously. Humanoid
robot maker Figure AI confirms it has raised $675 million at a $2.6 billion valuation and is showing
off a general purpose robot called Figure 1, or Figure 01. I can't remember how I said that last time,
quoting CNBC. Founded in 2022, Figure AI has developed a general purpose robot called Figure 01 that
looks and moves like a human. The company sees its robots being put to use in manufacturing,
shipping and logistics, warehousing and retail, where, quote, labor shortages are most severe,
though its machines aren't intended for military or defense applications. Earlier this week,
the company released a video showing Figure Zero One in action. The robot attached to a tether
walks on two legs and uses its five-fingered hands to pick up a plastic crate,
then walks several more steps before placing the box on a conveyor belt. Figures ultimate aim for
figure 01 is to be able to perform everyday tasks autonomously. The company says getting there will
require it to develop more robust AI systems. Meanwhile, figure is part of a crowded field of
companies vying to make humanoid robots a reality. Amazon-backed agility robotics plans to open a
factory that can produce up to 10,000 of its bipedal digital robots per year. Tesla is also trying
to build a humanoid robot called Optimus, while robotics company Boston Dynamics has developed
several models. Norwegian humanoid robot startup 1X technologies,
recently raised $100 million with backing from Open AI. The market is nascent. Analysts at Goldman Sachs
expect the humanoid robot market to reach $38 billion by 2035 and project that more than 250,000
units could be shipped in 2030, end quote. All these years, robotics has seemed like a someday,
a down-the-road industry, a maybe industry, but if the investing hype around AI-enabled robotics
bears out, we could soon be regularly talking about the robotics industry on the show,
like we do any other industry, self-driving cars, AI, social media, any other technique we talk about.
Nothing for you today. Talk to you tomorrow.