Tech and Cybersecurity: A Closer Look at This Week’s News. 14/04/2024
AI debunking, Patch Tuesday updates, Samsung glitches, ECB’s DLT trials, and OpenAI’s Sora video tool.” 🌐🔍📰
As we wrap up another eventful week in the world of technology, let's dive into the top stories that I found interesting this week.
Debunking Devin: The "First AI Software Engineer" Upwork Lie Exposed
The tech community was abuzz with the claim of Devin, the "First AI Software Engineer," successfully freelancing on Upwork. However, recent investigations have revealed that the reality doesn't match the hype. A detailed analysis showed that the AI was not completing the tasks as advertised, leading to a widespread discussion about the ethical presentation of AI capabilities.
Devin was supposed to be an AI software engineer capable of autonomously learning, coding, and debugging. It collaborates with users, performs complex tasks, and actively contributes to projects. Devin bridges the gap between human developers and autonomous software engineering, making it a remarkable advancement in artificial intelligence.
Recently, a video surfaced claiming that an AI named Devin was the "First AI Software Engineer" successfully freelancing on Upwork. However, it became evident upon closer examination by the "Internet of Bugs."
https://www.youtube.com/watch?v=tNmgmwEtoWEthe
that the reality didn't align with the hype. Here are the key points:
The company behind Devin asserted that their video showcased Devin completing and getting paid for freelance jobs on Upwork. However, the video failed to demonstrate this accurately. The customer's request was "setup instructions", not actual code. Devin was supposed to solve arbitrary Upwork tasks, but the problem it attempted to solve didn't match the stated requirements.
Devin appeared to fix errors in the source code of a GitHub repository. However, the files it edited didn't exist in that repo, and some of the mistakes it fixed were nonsensical—errors that a human programmer wouldn't make. It's inferred that Devin was fixing bugs in files it had created itself, but this wasn't indicated. Interestingly, there was no need for coding in the first place.
The repository's README contained all the instructions necessary to achieve the task, and these instructions still worked fine with only a minor tweak. The customer had asked for instructions on how to run it on EC2, not for coding. Devin's code changes were suboptimal. For instance, it wrote its own low-level file read loop instead of using the standard library properly.
Although the video made it appear that Devin completed the task quickly, timestamps in the chat revealed that the task stretched over many hours and even into the next day. Devin also executed nonsensical shell commands, raising questions about its underlying model.
The video falsely claimed that "Devin makes money taking on messy Upwork tasks," which wasn't supported by careful analysis. The situation highlights the importance of critical evaluation and accurate representation of AI capabilities in the tech industry.
Remember, appearances can be deceiving, especially when it comes to AI!
Patch Tuesday: A Record-Breaking Update
Microsoft's Patch Tuesday has made history with its latest release, the largest since at least 2017. A staggering 150 security flaws were addressed, including 67 remote code execution vulnerabilities. This massive update underscores the ongoing challenges in cybersecurity and the importance of regular system updates.
Microsoft's **Patch Tuesday** for **April 2024** has made headlines due to its sheer scale. Here are the key points :
This month's Patch Tuesday release includes 149 updates, the most significant of which are: It's Microsoft's largest release this year and since at least 2017, and as far as I can tell, it's the most significant Patch Tuesday release from Microsoft.
Only three critical vulnerabilities were fixed as part of this patch on Tuesday. However, the focus was on addressing sixty-seven remote code execution (RCE) bugs.
Microsoft SQL Drivers and Secure Boot Bypasses:
- More than half of the RCE flaws are found within **Microsoft SQL drivers**, likely sharing a common flaw.
- There were also fixes for **twenty-six Secure Boot bypasses** released this month, including two from Lenovo¹.
This month's Patch Tuesday fixed **two zero-day vulnerabilities** that were actively exploited in malware attacks:
- CVE-2024-26234**: Proxy Driver Spoofing Vulnerability, a malicious driver signed with a valid **Microsoft Hardware Publisher Certificate** was used to deploy a backdoor.
- CVE-2024-29988: SmartScreen Prompt Security Feature Bypass Vulnerability: A patch bypass for a previous flaw allowed attachments to bypass Microsoft Defender SmartScreen prompts when opened.
In summary, this Patch Tuesday update underscores the ongoing challenges in cybersecurity, especially with the surge in remote code execution vulnerabilities. Vigilance in applying security patches remains crucial for system protection. For more info, see my blog post from earlier in the week.
Samsung Galaxy S24 Glitches
The Samsung Galaxy S24 series has been facing display issues, with users reporting washed-out colours in the vivid display mode. Despite the glitches, the phones continue to sell well, but it’s a reminder that even the most anticipated tech can have teething problems.
Since its launch, owners of the new Samsung Galaxy S24 have reported several display issues. The problems range from a washed-out colour panel in the vivid display mode to a grainy texture when viewing dark and grey colours. Some users have also noticed horizontal bars and excessive banding at low brightness levels.
Samsung has acknowledged these issues and has announced that an update was released in February to address the vivid display mode problem. However, it seems that more display-related complaints are surfacing. The grainy texture issue is related to the hardware, and affected users have been able to get a free replacement from Samsung.
The horizontal bars issue doesn't seem as widespread, but it has been reported alongside excessive banding when viewing gradient images. It's unclear whether these issues are due to defects in the Galaxy S24's hardware or software, but there are suggestions that it could be inherent to OLED panels.
Despite these glitches, the Galaxy S24 series continues to sell well, and Samsung has shown a willingness to address concerns quickly through updates or replacements. This situation underscores the importance of post-purchase support and tech companies' responsiveness to maintain consumer trust.
ECB's Wholesale Central Bank Money Settlement Trials
The European Central Bank (ECB) has announced the first cohort of financial institutions to participate in trials exploring new technologies to settle wholesale transactions in central bank money. This could be a significant step towards modernising financial infrastructures with distributed ledger technology.
The ECB is pioneering distributed ledger technology (DLT) for settling wholesale transactions in central bank money. This initiative has brought together a diverse group of participants to explore DLT's potential to enhance the settlement process.
The trials investigate how DLT can be integrated with financial infrastructures to facilitate secure and efficient transactions. Clearstream, a central securities depository and part of Deutsche Börse Group, is among the entities participating in these trials. They focus on tokenized securities using a digital euro with real money backing it.
This exploratory work is part of the ECB's broader efforts to modernise its settlement infrastructures and adapt them to changing user needs. The trials will assess the impact of emerging technologies on the settlement of wholesale financial transactions and explore potential responses to market participants' significant adoption of DLT.
The ECB's commitment to this project reflects the growing interest within the financial industry in DLT applications. The outcomes of these trials could lead to significant changes in how wholesale transactions are settled, potentially reducing risks to the financial system and supporting financial stability and trust in the currency.
The tech and financial communities closely watch these developments, as they could herald a new era of financial transactions and set a precedent for other central banks worldwide.
OpenAI’s Sora: AI-Generated Video Tool
OpenAI has launched Sora, a text-to-video tool capable of creating realistic video clips from simple prompts. While still in testing, the tool has vast implications for industries like advertising and entertainment and the potential to revolutionise content creation.
Sora is an extraordinary AI model developed by OpenAI that can transform simple text descriptions into dynamic, realistic videos. Here are the critical details about Sora:
Sora produces remarkably detailed and vibrant videos, blurring the lines between the real world and AI-generated content. The model leverages AI creativity to create scenes that maintain visual quality and adherence to the user's prompt.
With Sora, you control the action! Describe your desired scene using words, and Sora brings it to life with visual accuracy. Whether it's a stylish woman walking down a Tokyo street, woolly mammoths treading through a snowy meadow, or a movie trailer featuring a spaceman, Sora interprets your instructions and generates captivating visuals.
Sora goes beyond simple visuals. It interprets nuanced instructions and demonstrates an intuitive grasp of how objects and characters interact in the physical world. The model can create multiple sequential shots with smooth transitions, maintaining consistent characters and scenes.
Filmmaking and Storytelling: Visualize concepts rapidly, explore new angles and craft entire AI-powered narratives.
Game Development: Streamline asset creation, design interactive environments, and bring characters to life seamlessly.
Simulations and Training: Generate realistic training scenarios for AI agents to understand the physical world.
Creative Expression: An ideal tool for artists and designers to push the boundaries of their imaginations.
OpenAI recognizes the potential for harmful applications, such as deepfakes, and implements safeguards. They collaborate with researchers, creative professionals, policymakers, artists, and educators to foster transparency and address concerns. Responsible development remains at the core of Sora's deployment.
Sora represents a leap forward in AI research, with implications across various fields. As technology advances, ethical considerations remain paramount. OpenAI's focus on responsible development sets a crucial precedent for shaping the responsible and powerful use of AI video generation tools.
In summary, this week’s developments in technology and cybersecurity underscore the dynamic and ever-evolving nature of the field. From breakthroughs in AI to critical updates in cybersecurity protocols, staying informed is vital to navigating the digital landscape. As we continue to witness the profound impact of technology on our daily lives, we must remain vigilant and proactive in protecting our digital assets. Let us embrace the advancements while fortifying our defences, ensuring a secure and progressive future for all.
