Category Archives: AI and ML

AI and ML, Science

Do you know what AI thinking?But sooner or later he will become smarter than common people (8th May 2023).

Leave a comment

Preface: The 2012 Mayans doomsday prophecy perhaps is a joke.
However the poor weather havoc and unpredictable. The sudden weather change become more destructive. As a matter of fact, scientists urge that this extreme change of weather related to current environment.
What’s more, the prophecy does not record how nature will change immediately. Nor does it say that the specified date will be over on the same day.

Background: AI inventions, similar advent of the atomic bomb, will completely change the world, said Warren Buffett.
Going back two years, some speakers at the workshop said not to worry. AI won’t affect your job. In fact, artificial intelligence will replace low-level labor in the next few years. It does not substitute 100% immediately within the specified time.
Buffett said that Microsoft founder Bill Gates once showed him the latest version of ChatGPT, in which the program can check all legal opinions in a very short time, which impressed him. He believes the power of AI technology should be cause for concern.

Common Open Source AI Software: Before AI knows how to use his intelligence to protect itself well without relying on people. We should know who he is and receive a basic understand to him.

Acumos AI: Based on Linux, to help integrate other frameworks and develop cloud-based AI apps.
ClearML: ClearML announced a free hosted plan to give data scientists the freedom to manage AI/ML experiments and orchestrate workloads without investing in additional resources.
H2O.ai: Integration with Hadoop and Spark for big data-based AI modeling. Library of ML algorithms including supervised and unsupervised learning
Mycroft.ai: Mycroft powers various elements of the voice stack using open source AI technology. There is a large community of users, developers, and translators, to constantly improve the AI algorithms.
OpenCV: Proven applications across a variety of use cases, including facial recognition, human-computer interactions, object detection, motion tracking, and more.
ML library containing algorithms for decision tree learning, k-nearest neighbor algorithm, artificial neural networks, random forest, and deep neural networks (DNN), among others.
OpenNN: OpenNN is an open source AI software library for implementing neural networks and ML.
PyTorch: A production-ready environment powered by TorchServe for quickly deploying models. A distributed backend architecture to enable distributed training and performance optimization.
Rasa (Open Source): Natural language understanding to convert messages into structured data and analyze intent.
TensorFlow: Support for multiple languages, including JavaScript, which is relatively rare in the open source AI space.
Tesseract OCR: Tesseract is an OCR engine originally developed by Hewlett Packard as a proprietary technology in the 1980s. It launched as an open source AI software with sponsorship from Google in 2006. Its primary implementation is meant for unstructured data processing and text from image extraction, executed entirely from a common line interface.

Former CNBC article for reference: https://www.cnbc.com/2017/11/06/stephen-hawking-ai-could-be-worst-event-in-civilization.html

AI and ML

Your first quantum programming (24th Mar 2023)

Leave a comment

Preface: How much does a 1 qubit quantum computer cost? Commercial quantum computers like D-Wave One with 50 qubits – $10,000,000. D-Wave systems use a process called quantum annealing to search for solutions to a problem.

Background: The Microsoft Quantum Development Kit offers durable quantum application development on hardware-accelerated compute resources. Program your quantum algorithms and formulate optimization solutions to cope with your AI development. Perhaps this is a prelude before the development of a scalable quantum computer in the future. Quantum computers have great potential to process the large datasets often used in AI experiments. By using quantum computing techniques to analyze data sets faster and more accurately than ever before, AI researchers have been able to make significant advances in fields such as machine learning.
Because quantum computers are fundamentally different from classical computers, conventional techniques used to communicate electronic information do not directly translate to quantum devices.

Suggestion:
Learn quantum programming (Q# programming language) with Microsoft QUANTUM Development KIT. It can use simulation. API for quantum computing simulation using the .NET ecosystem and Python.

Quantum Development Kit (SDK) contains below basic components

  • The Q# programming language (pronounced like Q-Sharp)
    Remark: The Q# development tools are based on the Microsoft.NET ecosystem. Therefore, need to install the correct version of the .NET Software Development Kit (so called .NET SDK)
  • API for quantum computing simulation using the .NET ecosystem and.or Python
  • Tools to help you develop and simulate your quantum programs using commas-line tools, Visual Studio Code, or Microsoft Visual Studio

Please refer to this link for details- https://azure.microsoft.com/en-us/resources/development-kit/quantum-computing/#overview

AI and ML, Potential Risk of CVE

All aspects of Spectre-BHB from vulnerability to mitigation (21st Feb 2023)

Leave a comment

Preface: Several companies are currently using Arm processors to create artificial intelligence-powered software to help make the driving experience safer. Some experts believe that artificial intelligence will affect human life. Yes it is real. The late Stephen Hawking speculated about this potential impact, but it looks like part of the process of human civilization. The man kind involves into automation life when smartphone and GUI was born. It was not possible to jump back. Perhaps this is the destinely. On the other hand, computer vulnerabilities is the effective way to against out of control AI. Perhaps it is a effective solution.

Background: Branch predictor hardware typically uses a form of cache to hold branch information. When vendor release announcement of their design weakness few years ago, a misunderstand was that it only appears on a single brand. But the truth is that properly not. When CPU designer intend improve the efficiency of CPU response time. It will be using it. The ARM architecture permits this branch predictor hardware to be visible to the functional behaviour of software, and so the branch predictor is not architecturally invisible.

The possible attack mechanism of Spectre-BHB: The branch target injection in the same software context (unlike Spectre v2, which injects branch targets across different exception levels) . If the attacker can poison branch history from user space to force the kernel to mispredict targets. When the victim executes an allegedly safe branch that is mis-predicted , redirecting the control flow to a gadget that, with attacker controlled registers. Therefore it triggered the vulnerability. For information on this attack mechanism and mitigations concept. Please refer to attached diagram.

Development in 2023: Arm announced a new generation of Armv9 CPUs, namely the Cortex-X3 and the Cortex-A715. The Armv9 CPU use L1 instruction cache Speculative memory accesses. The L1 instruction memory system provides an instruction stream to the decoder. To increase overall performance and reduce power consumption, the L1 instruction memory system uses dynamic branch prediction and instruction caching.
Whether is there any design weakness similar to branch prediction of this new design. Let’s keep our eyes open. stay tuned!

AI and ML, Potential Risk of CVE

CVE-2023-0405: Like a newborn. AI in some fields may have design weakness. (14th Feb 2023)

Leave a comment

Preface: Today is Valentine’s Day 2023, are you alone? But in the future artificial intelligence will be with you.


Background: With an AI content writer, all you need to do is enter your desired topic or keyword into the plugin settings, and then AI will immediately generate an article that reads as if it were written by a human. You’ll get unique, engaging stories without having to spend hours typing out paragraphs or researching facts. Plus, you’ll have a consistent style and tone that you can use for all of your content.


Vulnerability details: The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts.
Ref: CWE is classifying the issue as CWE-862. The software does not perform an authorization check when an actor attempts to access a resource or perform an action. This is going to have an impact on integrity, and availability.


Solution: Upgrading to version 1.4.38 eliminates this vulnerability.


Official Announcement: For details, see the link – https://wpscan.com/vulnerability/3ca9ac21-2bce-4480-9079-b4045b261273

Before you enjoy it with your AI girlfriend, I wish you have a great Valentine’s Day today.

AI and ML, Potential Risk of CVE

CVE-2023-23625 Certain versions of Go-unixfs from Ipfs contain vulnerability (9th Feb 2023)

Leave a comment

Preface: AI system infrastructure may not have a mature model, it will continue forever, without end. Perhaps this is true sustainability. Since the key component is the computer. So the only thing that slows him down is software or hardware bugs.


Background: Cryptocurrency technology fully utilise the concept of Blockchain. Seems the advantage of cryptocurrency is easy misused and lead it become dangerous. Therefore many government hesitate to get involves and let it fail to original objective. However their related technology will be growth rapidly. Yes, it is the IFPS. AI requires heavy amounts of storage and compute. From technical point of view, Distributing storage will be an advantage. Since the data not place in the same area. It enhance overall reliability and efficiency. AI robots will communicate using 5G. Deal with distributed data storage. Machine learning operations and processes can be fully leveraged as it breaks down regional constraints.Perhaps the distributed cloud computing platform is the beginning of milestone to boots the world into artificial intelligence world.

Large models of deep learning are often shared by researchers via Google Drive links which have transfer limits and are not reliably online. IPFS provides a great decentralized solution to hosting data which can be downloaded via regular web links.
IPFS implementation in Go. “unixfs” is a tool in the Go Modules Packages category of a tech stack.
A Merkle DAG is a DAG where each node has an identifier, and this is the result of hashing the node’s contents. go-unixfs implements unix-like filesystem utilities on top of an ipld merkledag. MerkelDAG implementation in Python.

Vulnerability details: go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus `fanout` parameter in the HAMT directory nodes.

Solution: Users are advised to upgrade to version 0.4.3 to resolve this issue. Users unable to upgrade should not feed untrusted user data to the decoding functions.

Official announcement: For details, see the link – https://github.com/ipfs/go-unixfs/security/advisories/GHSA-q264-w97q-q778

AI and ML

Who empower knowledge to AI (artificial intelligence). Perhaps the answer is you. (7th Feb 2023)

Leave a comment

Preface: Einstein’s formula e=mc2 opened the door to the world of science and the universe. Since the equation involves complex and advanced arithmetic. So no one can simply describe it.
Modern civilisation relies on digital computing. Our daily lives involve smartphones, smart cities and countless so-called Internet of Things (IoT) devices. But who empower knowledge to AI (artificial intelligence). Perhaps the answer is you.

Background: Sometimes when you shop online, you don’t buy. But later, you get an email with a special price on the same product you viewed. Who do the magic? The magic is given by internet cookies.
A cookie is arbitrary data, usually selected and first sent by a web server, and stored on the client computer by the web browser. The browser then sends them back to the server with each request, introducing state (memory of previous events) into an otherwise stateless HTTP transaction.

Following are the type of cookies set by Google on a user’s hard disk.

  • Preference cookie (called PREF) – used to store users preference (like preferred language or any type of customisation).
  • Security cookies (SID and HSID) – used to protect users data from unauthorized access.
  • Process cookies (“Ibcs”) – used to maintain certain websites functionality
  • Advertising cookie (id) – used to serve personalized ads to users and to make advertising more effective
  • Conversion cookies – used to track users interaction with ads.
  • Analytics cookies (“_utma, _utmb, _ga, etc.) – used to collect Google Analytics data

Brief overview: Cookies is a data, whereby it is resources of data analytics.
Ref: The global total has grown by 1.8 percent over the past year, with 95 million new mobile users since this time last year. Global internet users: Global internet users have climbed to 4.95 billion at the start of 2022, with internet penetration now standing at 62.5 percent of the world’s total population.
Big data refers to data that is so large, fast or complex that it’s difficult or impossible to process using traditional methods.
Big data and AI have a synergistic relationship. Big data analytics leverages AI for better data analysis. In turn, AI requires a massive scale of data to learn and improve decision-making processes.

Because of AI and big data, it explain that even though you shop online, but you didn’t buy. But later, you get an email with a special price on the same product you viewed. It’s a simple concept where intelligence comes from.

If given the opportunity, is there room for other discussions in the future, focusing on cybersecurity for artificial intelligence. stay tuned!

AI and ML, Under our observation

Potential threat of ChatGPT (Artificial intelligence) – 19th JAN 2023

Leave a comment

Preface: OpenAI was founded by Elon Musk, Sam Altman, Ilya Sutskever, Greg Brockman, Wojciech Zaremba and John Schulman in Nov 2015. ChatGPT is a chatbot launched by OpenAI in November 2022. It is built on top of OpenAI’s GPT-3 family of large language models, and is fine-tuned with both supervised and reinforcement learning techniques.

Background: OpenAI GPT-3 is a machine learning model that can be used to generate predictive text via an API.

In GPT-3’s API, a ‘prompt’ is a parameter that is provided to the API so that it is able to identify the context of the problem to be solved. Depending on how the prompt is written, the returned text will attempt to match the pattern accordingly.

Security Focus: ChatGPT is being abused to build hacking tools, why? Programmed with the help of AI, even script kiddies might be lucky enough to craft malware. Experts say it’s a sinister allusion. What are the design flaws in AI itself under normal circumstances? Yes, there is a known issue with so-called prompt injection attacks. Prompt Injection is a new vulnerability that is affecting some AI/ML models and, in particular, certain types of language models using prompt-based learning. 

Additional details: ChatGPT can also code malicious software that can monitor users’ keyboard strokes and create ransomware. For your information, ChatGPT has been developed by OpenAI as an interface for its LLM (Large Language Model).

Moreover, scammers can also use ChatGPT to build bots and sites to trick users into sharing their information and launch highly targeted social engineering scams and phishing campaigns.

For details about Prompt injection attacks against GPT-3, please refer to this link – https://simonwillison.net/2022/Sep/12/prompt-injection/