Start Up No.1516: GPT-3 blurps billions of words daily, hackers try to backdoor PHP, the vanishing NFTs, Apple pushes urgent iOS updates, and more

Membership of American churches has for the first time fallen below 50%. A harbinger, but of what? CC-licensed photo by Don Sniegowski on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Less than 4.5 billion. I’m @charlesarthur on Twitter. Observations and links welcome.

OpenAI’s text-generating system GPT-3 is now spewing out 4.5 billion words a day • The Verge

James Vincent:


OpenAI started life as a nonprofit, but for the last few years, it has been trying to make money with GPT-3 as its first salable product. The company has an exclusivity deal with Microsoft which gives the tech giant unique access to the program’s underlying code, but any firm can apply for access to GPT-3’s general API and build services on top of it.

As OpenAI is keen to advertise, hundreds of companies are now doing exactly this. One startup named Viable is using GPT-3 to analyze customer feedback, identifying “themes, emotions, and sentiment from surveys, help desk tickets, live chat logs, reviews, and more”; Fable Studio is using the program to create dialogue for VR experiences; and Algolia is using it to improve its web search products which it, in turn, sells on to other customers.

All this is good news for OpenAI (and Microsoft, whose Azure cloud computing platform powers OpenAI’s tech), but not everyone in startup-land is keen. Many analysts have noted the folly of building a company on technology you don’t actually own. Using GPT-3 to create a startup is ludicrously simple, but it’ll be ludicrously simple for your competitors, too. And though there are ways to differentiate your GPT startup through branding and UI, no firm stands to gain as much as from the use of the technology as OpenAI itself.

Another worry about the rise of text-generating systems relates to issues of output quality. Like many algorithms, text generators have the capacity to absorb and amplify harmful biases. They’re also often astoundingly dumb. In tests of a medical chatbot built using GPT-3, the model responded to a “suicidal” patient by encouraging them to kill themselves. These problems aren’t insurmountable, but they’re certainly worth flagging in a world where algorithms are already creating mistaken arrests, unfair school grades, and biased medical bills.


“Astoundingly dumb” isn’t quite the tagline that OpenAI may have been looking for. Probably hoping instead for “astonishingly prolific”. Thing is, the prolific element will continue. Will the dumb part, though?
unique link to this extract

Hackers backdoor PHP source code after breaching internal git server • Ars Technica

Dan Goodin:


A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open source project said.

Two updates pushed to the PHP Git server over the weekend added a line that, if run by a PHP-powered website, would have allowed visitors with no authorization to execute code of their choice. The malicious commits gave the code the code-injection capability to visitors who had the word “zerodium” in an HTTP header.

The commits were made to the php-src repo under the account names of two well-known PHP developers, Rasmus Lerdorf and Nikita Popov. “We don’t yet know how exactly this happened, but everything points toward a compromise of the server (rather than a compromise of an individual git account),” Popov wrote in a notice published on Sunday night.

In the aftermath of the compromise, Popov said that PHP maintainers have concluded that their standalone Git infrastructure is an unnecessary security risk. As a result, they will discontinue the server and make GitHub the official source for PHP repositories. Going forward, all PHP source code changes will be made directly to GitHub rather than to

The malicious changes came to public attention no later than Sunday night by developers including Markus Staab, Jake Birchallf, and Michael Voříšek as they scrutinized a commit made on Saturday. The update, which purported to fix a typo, was made under an account that used Lerdorf’s name. Shortly after the first discovery, Voříšek spotted the second malicious commit, which was made under Popov’s account name. It purported to revert the previous typo fix.


Close call. And makes one wonder how many similar hacks simply haven’t been noticed. How, after all, would you know?
unique link to this extract

People’s expensive NFTs keep vanishing. This is why • Vice

Ben Munster:


Last month, Tom Kuennen, a property manager from Ontario, coughed up $500 worth of cryptocurrency for a JPEG of an Elon Musk-themed “Moon Ticket” from DarpaLabs, an anonymous digital art collective. He purchased it through the marketplace OpenSea, one of the largest vendors of so-called non-fungible tokens, or NFTs, in the hopes of reselling it for a profit. 

“It’s like a casino,” he said in an interview. “If it goes up 100 times you resell it, if it doesn’t, well, you don’t tell anyone.”

He never got the chance to find out. A week later, he opened up his digital “wallet,” where the artwork would supposedly be available, and was faced with an ominous banner reading, “This page has gone off grid. We’ve got a 404 error and explored deep and wide, but we can’t find the page you’re looking for.” 

The artwork, which he expected to be on the page, had disappeared entirely. “There was no history of my ever purchasing it, or ever owning it,” he said. “Now there’s nothing. My money’s gone.”


The internet is for porn, but also for scams. But this is different again: if you thought that an NFT was like a signed copy of a picture, this is what happens if you still have the signature but the picture’s gone.
unique link to this extract

The mysterious user editing a global open-source map in China’s favour • Rest of World

Vittoria Elliott and Nilesh Christopher:


The user had also made the changes [to OpenStreetMap, about a new Chinese village near Bhutan] under the name NM$L, Chinese slang for the insult “Your mom is dead,” and linked to a Chinese rap music label that shares the same name. An accompanying bio hinted at their motives: “Safeguarding national sovereignty, unity and territorial integrity is the common obligation of all Chinese people, including compatriots in Hong Kong, Macao and Taiwan,” it read. 

“Most people on OpenStreetMap don’t even have anything in their profile,” said Doiron. “It’s not like a social media site.”

As he looked deeper, [Nick] Doiron discovered that NM$L had made several other edits, many of them along China’s border and in contested territories. The account had added changes to the Spratly Islands, an archipelago that an international tribunal ruled in 2016 was not part of China’s possible territorial claims, though it has continued to develop in the area. The account also drew along the Line of Actual Control (LAC) that separates Indian and Chinese territory in the disputed Himalayan border region, which the two countries fought a war over in 1962.

What, Doiron wondered, is going on here? 

Anyone can contribute to OSM, which makes the site democratic and open, but also leaves it vulnerable to the politics and perspectives of its individual contributors. This wasn’t the first time Doiron had heard of a user making edits in a certain country’s favor. “I know there are pro-India accounts that have added things like military checkpoints from the India perspective,” he said.


Pretty clear, isn’t it.
unique link to this extract

Gallup: US church membership dips below 50% for first time • Axios

Fadel Allassan:


47% of Americans said they belong to a church, synagogue or mosque in 2020, down from 50% in 2018, according to a Gallup poll out Monday.


Them: it’s fallen below 50%! First time since measurement began in 1937!

Me: church membership was ABOVE FIFTY%?! (In the UK, religious affiliation of any sort – not even church membership – has been below 50% since 2009, and as of 2018 was 52%.)

Obvious question is how this will affect religious impact on American politics.
unique link to this extract

Apple releases emergency update for iPhones, iPads, and Apple Watch • ZDNet

Adrian Kingsley-Hughes:


The patches are iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3, respectively. 

The vulnerability, discovered by Google’s Threat Analysis Group, affects Apple’s WebKit browser engine, and what makes this an urgent update is the fact that Apple claims the vulnerability is being actively exploited.

Details from Apple are limited, but such vulnerabilities could be used to carry out malicious actions such as directing users to phishing sites. 

Underlining the seriousness of this vulnerability is the fact that Apple has pushed out iOS 12.5.2 for older devices: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).

The bottom line: This patch is important. Install it now.


The last time this happened (August 2016), it was an exploit owned by an Israeli hacking/security company which had sold its use to United Arab Emirates, which was using it to spy on dissidents abroad; the use was discovered by a Canadian university.
unique link to this extract

The Xiaomi Mi 11 Ultra’s camera bump is no moon; it’s a space station • The Verge

No comment on the device; I just like the headline. (On the story when you read it. The page headline, which is what Google sees, is much more boring: “The Xiaomi Mi 11 Ultra camera bump is huge — for a reason”. Bah.)
unique link to this extract

Fear me not! I got my Covid vaccine. Now what? • Econlib

Bryan Caplan:


I’m now fully vaccinated.  How should I change my behavior?  How should anyone?

One popular answer is: not at all. Why not?  The top reason I’ve heard is: because even those of us who have been vaccinated can’t be absolutely sure we won’t be infected – or spread infection to others.  Some use the same reasoning to argue that people who have recovered from COVID shouldn’t change their behavior either. As immunologist Alexander Sette puts it:


Not taking any precautions—including wearing a face mask, practicing social distancing, or getting vaccinated—after an initial coronavirus infection is comparable to “driving a car where you’re 90% sure the car has brakes.”


However, both common sense and economic reasoning say virtually the opposite. If a risk falls by 90% – and there are large gains to accepting the risk – you should not only accept more of the risk; you should probably accept much more risk.

This is obviously what self-interest recommends. And when your risk-taking benefits others, this is what humanitarianism recommends as well. Remember: your social distancing doesn’t just harm your quality of life. Your social distancing also harms the quality of life of everyone who loses the pleasure of your company and the profit of your patronage. (Caveat: since vaccines take two weeks or so to kick in, neither self-interest nor humanitarianism recommend drastically changing your behavior the instant you get vaccinated).

What about the “90% sure the car has brakes” analogy?  It posits a lopsided scenario where you have a 10% chance of killing or seriously injuring others for a trivial total benefit. You shouldn’t die with 100% probability to see a movie; neither should you die with a 10% probability to see a movie. Anyone who has ever driven to a movie, however, has accepted a .00001% chance of dying en route. And accepting such a risk to see a movie is both prudent and considerate.


This completely misunderstands the problem. You aren’t going to die in the car without brakes. The person at the pedestrian crossing in front of you is. You aren’t going to die of Covid; the 80-year-old infected by the person you infect is. And that’s before we get to variant strains arising in immunocompromised people infected by overconfident vaccinated people.
unique link to this extract

SolarWinds hack got emails of top DHS officials – sources • Associated Press

Alan Suderman:


Suspected Russian hackers gained access to email accounts belonging to the Trump administration’s head of the Department of Homeland Security and members of the department’s cybersecurity staff whose jobs included hunting threats from foreign countries, The Associated Press has learned.

The intelligence value of the hacking of then-acting Secretary Chad Wolf and his staff is not publicly known, but the symbolism is stark. Their accounts were accessed as part of what’s known as the SolarWinds intrusion, and it throws into question how the U.S. government can protect individuals, companies and institutions across the country if it can’t protect itself.

The short answer for many security experts and federal officials is that it can’t — at least not without some significant changes.

“The SolarWinds hack was a victory for our foreign adversaries, and a failure for DHS,” said Sen. Rob Portman of Ohio, top Republican on the Senate’s Homeland Security and Governmental Affairs Committee. “We are talking about DHS’s crown jewels.”

The Biden administration has tried to keep a tight lid on the scope of the SolarWinds attack as it weighs retaliatory measures against Russia. But an inquiry by the AP found new details about the breach at DHS and other agencies, including the Energy Department, where hackers accessed top officials’ schedules.

The AP interviewed more than a dozen current and former US government officials, who spoke on the condition of anonymity because of the confidential nature of the ongoing investigation into the hack.


unique link to this extract

In Suez Canal, stuck ship is a warning about excessive globalization • The New York Times

Peter Goodman:


The fact that one mishap could sow fresh chaos from Los Angeles to Rotterdam to Shanghai underscored the extent to which modern commerce has come to revolve around truly global supply chains.

In recent decades, management experts and consulting firms have championed so-called just-in-time manufacturing to limit costs and boost profits. Rather than waste money stockpiling extra goods in warehouses, companies can depend on the magic of the internet and the global shipping industry to summon what they need as they need it.

The embrace of this idea has delivered no less than a revolution to major industries — automotive and medical device manufacturing, retailing, pharmaceuticals and more. It has also yielded a bonanza for corporate executives and other shareholders: Money not spent filling warehouses with unneeded auto parts is, at least in part, money that can be given to shareholders in the form of dividends.

Yet, as in everything in life, overdoing a good thing can bring danger.

An excessive reliance on just-in-time manufacturing helps explain how medical staff from Indiana to Italy found themselves attending to Covid-19 patients during the first wave of the pandemic without adequate protective gear like masks and gowns.

Health care systems — many under the control of profit-making companies answerable to shareholders — assumed that they could depend on the web and the global shipping industry to deliver what they needed in real time. That proved a deadly miscalculation.

The same dependence explains how Amazon failed to provide adequate stocks of masks and gloves to its warehouse workers in the United States in the first months of the pandemic.


I don’t agree. What’s needed isn’t less globalisation, but more resilience: that you expect things will go wrong and have plans for when, predictably, they do.
unique link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.