Start Up No.1967: hackers drain bitcoin ATMs, running GPT-3 locally, Musk and the hateful tweets, burning batteries, and more

A former computer science professor reckons that AI prompts will replace programming in just a few years. CC-licensed photo by Fredrik Walløe on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Don’t learn to code? I’m @charlesarthur on Twitter. On Mastodon: Observations and links welcome.

Hackers drain bitcoin ATMs of $1.5m by exploiting 0-day bug • Ars Technica

Dan Goodin:


Hackers drained millions of dollars in digital coins from cryptocurrency ATMs by exploiting a zero-day vulnerability, leaving customers on the hook for losses that can’t be reversed, the kiosk manufacturer has revealed.

The heist targeted ATMs sold by General Bytes, a company with multiple locations throughout the world. These BATMs, short for bitcoin ATMs, can be set up in convenience stores and other businesses to allow people to exchange bitcoin for other currencies and vice versa. Customers connect the BATMs to a crypto application server (CAS) that they can manage or, until now, that General Bytes could manage for them. For reasons that aren’t entirely clear, the BATMs offer an option that allows customers to upload videos from the terminal to the CAS using a mechanism known as the master server interface.

Over the weekend, General Bytes revealed that more than $1.5m worth of bitcoin had been drained from CASes operated by the company and by customers. To pull off the heist, an unknown threat actor exploited a previously unknown vulnerability that allowed it to use this interface to upload and execute a malicious Java application. The actor then drained various hot wallets of about 56 BTC, worth roughly $1.5m. General Bytes patched the vulnerability 15 hours after learning of it, but due to the way cryptocurrencies work, the losses were unrecoverable.


Never change, cryptocurrency. Which I suppose is an easy wish to have granted. It can’t possibly change, after all.
unique link to this extract

The End of Programming • Communications of the ACM

Matt Welsh is a former professor of computer science at Harvard University:


In situations where one needs a “simple” program (after all, not everything should require a model of hundreds of billions of parameters running on a cluster of GPUs), those programs will, themselves, be generated by an AI rather than coded by hand.

I do not think this idea is crazy. No doubt the earliest pioneers of computer science, emerging from the (relatively) primitive cave of electrical engineering, stridently believed that all future computer scientists would need to command a deep understanding of semiconductors, binary arithmetic, and microprocessor design to understand software. Fast-forward to today, and I am willing to bet good money that 99% of people who are writing software have almost no clue how a CPU actually works, let alone the physics underlying transistor design. By extension, I believe the computer scientists of the future will be so far removed from the classic definitions of “software” that they would be hard-pressed to reverse a linked list or implement Quicksort. (I am not sure I remember how to implement Quicksort myself.)

AI coding assistants such as CoPilot are only scratching the surface of what I am describing. It seems totally obvious to me that of course all programs in the future will ultimately be written by AIs, with humans relegated to, at best, a supervisory role. Anyone who doubts this prediction need only look at the very rapid progress being made in other aspects of AI content generation, such as image generation. The difference in quality and complexity between DALL-E v1 and DALL-E v2—announced only 15 months later—is staggering. If I have learned anything over the last few years working in AI, it is that it is very easy to underestimate the power of increasingly large AI models. Things that seemed like science fiction only a few months ago are rapidly becoming reality.

So I am not just talking about things like Github’s CoPilot replacing programmers.1 I am talking about replacing the entire concept of writing programs with training models. In the future, CS students are not going to need to learn such mundane skills as how to add a node to a binary tree or code in C++. That kind of education will be antiquated, like teaching engineering students how to use a slide rule.


unique link to this extract

You can now run a GPT-3-level AI model on your laptop, phone, and Raspberry Pi • Ars Technica

Benj Edwards:


Things are moving at lightning speed in AI Land. On Friday, a software developer named Georgi Gerganov created a tool called “llama.cpp” that can run Meta’s new GPT-3-class AI large language model, LLaMA, locally on a Mac laptop. Soon thereafter, people worked out how to run LLaMA on Windows as well. Then someone showed it running on a Pixel 6 phone, and next came a Raspberry Pi (albeit running very slowly).

If this keeps up, we may be looking at a pocket-sized ChatGPT competitor before we know it.

But let’s back up a minute, because we’re not quite there yet. (At least not today—as in literally today, March 13, 2023.) But what will arrive next week, no one knows.

Since ChatGPT launched, some people have been frustrated by the AI model’s built-in limits that prevent it from discussing topics that OpenAI has deemed sensitive. Thus began the dream—in some quarters—of an open source large language model (LLM) that anyone could run locally without censorship and without paying API fees to OpenAI.

Open source solutions do exist (such as GPT-J), but they require a lot of GPU RAM and storage space. Other open source alternatives could not boast GPT-3-level performance on readily available consumer-level hardware.


That was a week ago. Pretty soon everything’s going to be open sourced and running locally.
unique link to this extract

How Elon Musk’s tweets unleashed a wave of hate • BBC News

Marianna Spring:


I had just finished my investigation into whether Twitter can protect users under Elon Musk’s ownership, when – to my surprise – the man himself tweeted about it.

“Sorry for turning Twitter from nurturing paradise into a place that has… trolls,” he said in one tweet, posting a screengrab of the report. According to Twitter’s own data, that tweet was seen by more than 30 million profiles.

“Trolls are kinda fun,” Mr Musk said in another reply, in his response to my BBC investigation – Twitter insiders: We can’t protect users from trolling under Musk.

The investigation made clear Twitter was never perfect. But it had exposed how hate is thriving under Twitter’s new owner. Current and former Twitter employees told me “nobody is taking care of” features designed to protect users from hate and harm.

I had approached Elon Musk as part of my Panorama investigation, but he didn’t respond. Instead, he decided to share his reaction to it afterwards with more than 130 million followers on his social media site.

His tweets then unleashed a torrent of abuse against me from other users. There have been hundreds of posts, many including misogynistic slurs and abusive language. There have also been threatening messages, including depictions of kidnap and hanging.

Mr Musk posted again, responding to one tweet that was critical of the BBC investigation. He wrote “roflmao” – “rolling on the floor laughing my ass off.”

I now found myself wading through more hateful messages sent from accounts predominantly based in the US and UK. Mr Musk’s tweets triggered a huge volume of hate, some sent from accounts which had previously been suspended. More proof to back up BBC Panorama’s investigation – that hate on Twitter is thriving.


Musk’s behaviour is so truly reprehensible. An awful, awful person.
unique link to this extract

Electric car fires aren’t the only ones to worry about • Autoweek

Emmet White:


Lithium-ion batteries are fueling the auto industry’s conversion to battery-electric vehicles, but they’ve also been a catalyst in a series of transportation-related fires that have halted pickup truck production, burned down a neighborhood grocery store in the Bronx, and forced an emergency landing because of a smoking overhead bin on a commercial jet.

Fires have also allegedly been started by electric bicycle battery packs. The New York City Fire Department says lithium-ion batteries were responsible for over 200 fires within the five boroughs in 2022, resulting in six deaths and over 150 injuries while displacing thousands of residents. That’s double the number of battery-related fires as compared to 2021, according to an FDNY statement to NBC News.

It’s not just a problem for urban, dense cities, either. A Connecticut Transit electric bus caught fire at the agency’s suburban depot in Hamden last summer, and firefighters elected to let the bus burn as the safest way to manage the blaze. Electric scooters have sparked fires and leveled homes in rural Massachusetts and Pennsylvania. Even Ford had to temporarily shut down Michigan production of its battery-electric F-150 Lightning pickup truck due to a fire in a pre-production holding lot. And how could we forget the various EV-related ship fires that ultimately scuttled the shipment of thousands of vehicles?

Analysis of fire and crash data from the Bureau of Transportation Statistics and the National Transportation Safety Board show there were 1529.9 fires per 100,000 sales for gasoline vehicles and just 25.1 fires per 100,000 sales for electric vehicles. But the bigger concern is the number of fires linked to gas-electric hybrid vehicles: 3474.5 fires per 100,000 sales.


After all, by contrast, non-electric cars are fuelled by a substance that absolutely never catches fire. Well, apart from the 174,000 occasions on highways in 2021 which killed 650 people. (“Risky cars” seems to be a trope that’s getting tired already.)
unique link to this extract

Taken for a ride • The Verge

Ian Frisch:


Although [self-made tech millionaire] Mike [Vallejo] had previously hooked up with Lauren, he explained that he began dating Haley after the threesome. (“We were not dating,” Haley said. “I can’t have anyone think I was dating him. Let’s just say we were, um, hanging out and he liked me.”) In November, Haley left town for a family vacation. 

Mike, missing her, decided to distract himself by joining Tinder. “I got, like, 15 matches within the first 12 hours,” he said. 

The dopaminergic rush of the matches, and the potential of meeting up with the women on the other end of his screen, temporarily soothed the loneliness brought on by Haley’s absence and Mike’s ongoing marital separation. “I feel like my wife leaving me made me want, even more, to give the best to others,” he said. “I just wanted to spend time with someone. It was more of feeling like there’s a void that I needed to fill by getting attention or affection from others.” 

Mike quickly matched with a woman named Ky. She seemed cute, if somewhat inscrutable, with no biographical details and photographs that included only a mirror selfie and a snapshot of her butt in a bikini. “I am the sweetest person you will ever meet,” she would later tell him. Mike had never used Tinder before; he told Ky that he’d be happy to get together.

So Mike got ready for their date. He put on jeans and a high-end watch, his short haircut neatly framing his boyish face. He trimmed the shadowy stubble that stretched from chin to cheek into a uniform blanket of mature bachelorhood. He was rich, single, and ready to have some more fun. 

But then Ky started messaging Mike strange questions. Do you want to get a hotel? Sure. How will you pay? Credit card. Can you pull out cash instead? Okay. (Thankfully for Mike, he never hit up an ATM.) 


Perhaps you can see where this is going, but if you can, you’re smarter than self-made tech millionaire Mike. Or possibly not blinded by lust. Anyhow, it’s a great read.
unique link to this extract

How AI could write our laws • MIT Technology Review

Nathan Sanders and Bruce Schneier:


“Microlegislation” is a term for small pieces of proposed law that cater—sometimes unexpectedly—to narrow interests. Political scientist Amy McKay coined the term. She studied the 564 amendments to the Affordable Care Act (“Obamacare”) considered by the Senate Finance Committee in 2009, as well as the positions of 866 lobbying groups and their campaign contributions. She documented instances where lobbyist comments—on health-care research, vaccine services, and other provisions—were translated directly into microlegislation in the form of amendments. And she found that those groups’ financial contributions to specific senators on the committee increased the amendments’ chances of passing.

Her finding that lobbying works was no surprise. More important, McKay’s work demonstrated that computer models can predict the likely fate of proposed legislative amendments, as well as the paths by which lobbyists can most effectively secure their desired outcomes. And that turns out to be a critical piece of creating an AI lobbyist.

Lobbying has long been part of the give-and-take among human policymakers and advocates working to balance their competing interests. The danger of microlegislation—a danger greatly exacerbated by AI—is that it can be used in a way that makes it difficult to figure out who the legislation truly benefits.

Another word for a strategy like this is a “hack.” Hacks follow the rules of a system but subvert their intent. Hacking is often associated with computer systems, but the concept is also applicable to social systems like financial markets, tax codes, and legislative processes. 


“AI lobbyist” *shudders*. But this is inevitable, isn’t it. If there’s a gap that can be filled by automation like this, it will be.
unique link to this extract

Tracking the Chinese balloon from space • The New York Times

Muyi Xiao, Ishaan Jhaveri, Eleanor Lutz, Christoph Koettl and Julian E. Barnes:


In early February, a giant white balloon was seen floating over U.S. skies, prompting speculation about its provenance and purpose. An exclusive analysis of millions of square miles of satellite imagery traces the balloon hours after its launch in China, across the Philippine Sea and then to North America. It also reveals that the balloon was remotely maneuvered at points on its journey.

The New York Times worked with the artificial intelligence company Synthetaic to detect and analyze the Chinese balloon in satellite images captured by Planet Labs. This process was the first to track the balloon itself, not just its expected path based on weather projections.

Jan. 19 to 21 The balloon appears to change altitude daily as it moves over the Philippine Sea, descending from around 58,000 feet to 52,000 feet, and then ascending to 64,000 feet. These changes are not caused by natural wind or air flows, according to Mr. Farley. They are made by operators remotely steering the balloon up and down to ride wind currents that blow in different directions, he said.

“It truly was an altitude-control vehicle,” he said after reviewing The Times’s calculations, referring to the balloon’s remote steering. Both Mr. Farley and U.S. officials told The Times that the balloon’s altitude was controlled by adding or releasing compressed gas in an internal compartment.


Now things are getting interesting, aren’t they? (Thanks G for the link.)
unique link to this extract

The impossible job: inside the world of Premier League referees • The Guardian

William Ralston:


Ever since it was introduced, VAR has been making people furious. At its most enjoyable, football is fast and charged with emotion. VAR, by contrast, can be agonisingly slow and joyless. Its presence makes it hard to enjoy a goal without worrying that it will be ruled out for some minor infraction that occurred 15 seconds earlier. Worst of all, VAR regularly fails to do the thing it was specifically introduced to do: prevent blatant errors. “My 12-year-old would be better than some of the decisions I’ve seen this season,” said former player and pundit Danny Murphy recently.

According to some former officials, VAR has also lowered the standard of on-field refereeing. Urs Meier, a retired Swiss football referee who officiated at the 1998 and 2002 World Cups, told me that it has made referees complacent, leading them to dodge big decisions and neglect the basics, such as positioning. When I brought this up with [Premier League referee] Darren England, he admitted that it is a concern. “It’s like everybody knows now that you’ve got a second chance to get the decision right,” he said.

Roberto Rosetti, Uefa’s refereeing chief, believes that the root of these problems lies not in the technology itself, but in how it’s being implemented. VAR was introduced to “delete the scandals, the clear mistakes of the referees”, such as the infamous Thierry Henry handball that denied Ireland a place at the 2010 World Cup. Too often, said Rosetti, it’s being used to “investigate every single detail” of matches. Using VAR in this way is “dangerous”, he continued, because good refereeing means accounting for the “spirit of the game”, which technology cannot do. Once, when Rosetti experimented with using VAR to review every incident in a single match, he found seven penalties and three red cards, according to a strict reading of the laws of the game. “But this is not football,” he said.


The whole piece gives a great insight into the challenge of refereeing a fast-moving game where you can’t be sure quite what happened.
unique link to this extract

• Why do social networks drive us a little mad?
• Why does angry content seem to dominate what we see?
• How much of a role do algorithms play in affecting what we see and do online?
• What can we do about it?
• Did Facebook have any inkling of what was coming in Myanmar in 2016?

Read Social Warming, my latest book, and find answers – and more.

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.