tech

There are 188 posts filed in tech (this is page 1 of 19).

GPT based “Denial of Information” attack

Academic journals, archives, and repositories are seeing an increasing number of questionable research papers clearly produced using generative AI. They are often created with widely available, general-purpose AI applications, most likely ChatGPT, and mimic scientific writing. Google Scholar easily locates and lists these questionable papers alongside reputable, quality-controlled research. Our analysis of a selection of
— Read on misinforeview.hks.harvard.edu/article/gpt-fabricated-scientific-papers-on-google-scholar-key-features-spread-and-implications-for-preempting-evidence-manipulation/

I think we can define a new type of attack on the Internet. Much like the Denial of Service attack makes a service unavailable to ordinary users, a Denial of Information attack makes readily searchable information obscure by inundating it with generative AI based nonsense or outright misinformation.

This can be both a malicious attack or negligence.

A malicious attack would be threat actors specifically targeting information silos such as social media or SEO with misinformation intended to influence society.

A negligent attack is either in the form of misguided attempts by end users to use LLMs to churn out content faster, thereby inundating traditional systems with unverifiable data; or a negligent attack can come in the form of data retrieval infrastructure (such as search engines or LLMs) using generative AI to compile information without adequate gates to verify such information.

A Denial of Information attack is more insidious than a Denial of Service attack because it’s much more difficult to detect and even harder to neutralize due to the individualistic nature of information retrieval and consumption.

Steam Deck’s Killer App (Game)

I’ve owned a Steam Deck since April – a birthday gift I deeply desired.

In the first few months, I fired up the old favorite of Counter Strike and figured out what else out of my 100 game Steam collection is playable on the Deck. But I couldn’t figure out one thing – what’s the killer game for this device?

What’s the one thing that will make me keep coming back and wanting to keep coming back when I can’t?

I couldn’t find it. I spent some money here and there, played some demos here and there. But nothing stuck.

100 games – that’s a big collection. Though, out of that, only about 40 or so seem to have exceptional support on the Deck. Of those, only 20 or so interested me in terms of graphics and what I’m doing with the game.

Of those, basically none captured my imagination.

Then, about a month ago, I came across Skyrim on a bargain bin site. I remember happy hours playing this game. Not too challenging, adequately open world, a storyline that catches you every once in a while because a random dragon will plop down and force you to kill it. With the Skyrim Special Edition I have on Steam now, I get a lot more missions, artifacts, strange tales. I also get to explore the idea of mods. I’ve never modded any games. With Skyrim, I can dip my toes into that space and see how it works. Folks online swear by running Skyrim as an NPC, or in Cozy mode, or adding skins and missions and areas, all of which is very interesting to me.

But most importantly – it beckons me. I want to go back to it at the end of every day, to unwind as I roam the terrain in search of one mission or one cave or one challenge to conquer. I can’t get to it every day. But when I do, I come out satisfied by the experience.

I don’t know how long Skyrim will hold my interest. Last time, once I’d finished the main quest, I dropped the game. But this time, I want to revisit it and play as some other character, and see if I can install mods to make it a wild ride. With Skyrim, it’s possible, simply because even 17 or so years later, this game still compels people.

It’s a proper killer game for the Steam Deck.

Addled

“I’m really concerned about you.”

This is how my wife started the conversation the other day, as she sat in the car.

I didn’t know how to proceed, but blood rushed to my face, unsure but embarrassed.

“What happened?”

“These videos you keep watching… You really need to stop. Go back to reading. You used to read. Go back to that. Do anything, but stop watching these videos.”

Ah.

See… while I was waiting for my wife to get ready to leave the house, I sat down and hit up YouTube to watch some Shorts. I’d been doing that a lot lately. Enough to know that the algorithm is irritating. Enough to not know that I need to stop.

This was an intervention.

“I know, I know. I need to stop. I’ve said it myself. The algorithm sucks too… It’s pinned me down and shows me only a few categories of videos. A few SNL shorts, specially the news ones. A few geeky shorts from a YouTube channel that focuses on DND and other table-top and online RPGs, and…”

That was my defense. It was clearly meant to deflect.

“That’s fine,” my wife countered, “but these videos suck you in. You can’t stop watching them. Trust me. I know. I watch them on Instagram. I know I need to stop too. But you definitely need to stop. This stuff addles your brain.”

“You’ve spent over thirty years,” she continued, “not getting addicted to any of this stuff. You read books. You read articles and blogs. You need to go back to those. We can’t all be addicts.”

She knows of my RSS feeds and Instapaper “habit”. I reckon a habit needs to be something you do regularly, but I don’t follow up on those often enough. Not anymore.

I thought for a second about how true her words are. My wife has been sucked into Instagram. It’s part true social network for her, with a constant line of communication with her girlfriends; it’s part addiction. Any time I see her phone, it’s open to Instagram.

My brother has been sucked into TikTok. He’s on it constantly. He sends me videos here and there. He is always mentioning it in our conversations. Taking decisions based on it. I don’t know if it’s an echo chamber for him, though I wouldn’t be surprised. Clearly… something has clicked for him there, the way Instagram has for my wife and YouTube Shorts has for me.

I’ve struggled against algorithms all my Internet life. From the time life on the Internet became easier thanks to search engines and ludicrously plentiful email accounts and social networks that just felt like natural connections (till they didn’t), I’ve had to constantly feed the side of me that says “enough” to someone else deciding what I should be seeing and reading and consuming. It’s why I’ve maintained some RSS feed reader or other since 2012, when I bought my first RSS reader – Fever. I’ve also been paying for Instapaper since I gave myself an annual subscription as a birthday gift a half decade ago. But it’s a struggle to keep that hunger fed. I’ve often burned down my RSS subs (numbering to around 400) to the ground and rebuilt them, only to realize that if I don’t have the firehose pointed at me, I get bored of it. It’s a constant push and pull of having enough to read and having too much to read in every single blog post. (Hence, Instapaper.)

So when it became as easy as opening the YouTube app (an app that lives on my phone’s first page anyways, due to the myriad other uses of the service) and getting dropped into an algorithmic feed, the question didn’t even present itself. I was constantly on it, filling up time at first – the interstitial time of waiting for buses, waiting for other people, waiting for the microwave to finish its dance. Then, I was finding time for it – standing at the microwave longer than I should, stealing moments when I should have been paying attention to my family, being awake for hours in bed. All of these video platforms are excellent for revenge bedtime procrastination, I’ve learnt.

But it’s time to pull back.

We can’t be going into our 40s getting sucked into echo chambers and algorithmic escapes. That’s not the way to live a life.

Immediately after my wife pointed this out to me, I cut myself off completely. Cold turkey, as they say. Then, a week later, I found myself going back into the warm embrace of short form videos. It’s just too easy to switch off your brain for a minute, or thirty.

But it’s time to pull back.

Maybe this time it’ll not be cold turkey. I might keep going back to Shorts every few days, only to taper off my usage over the next few weeks or months. Or maybe this is what remission looks like and I just don’t know it yet.

We’ll have to wait and watch keep reading.

A brief internet dive

Last night I came across a ListenLater.net which has an interesting value proposition – send them text or the link to an article and they’ll convert it into a podcast using AI TTS.  The podcast link will be public so you can use it in your favorite podcast player, which is such a nice touch! The voice they used seemed familiar but I couldn’t immediately place it.

Digging into their help pages or pricing didn’t give me a lot of details about how they’re generating the audio. They just keep claiming it’s “advanced AI Text-to-Speech”.

Their EULA says you can’t use the audio for commercial use. It has to be personal use only. This is partly because they acknowledge that they claim no ownership to the content you send to them and so if you use it commercially, they don’t want to be held liable for that.

But that voice…

In a spectacular feat of google-fu, I typed in “What TTS is listenlater.net using?”

I learnt that there is a similar service called Listenlater.fm which uses a horrible non-neural TTS (feedback from HackerNews) which is unbearable. Also, though the site is up, the audio samples are not available, which tells me that maybe that service isn’t doing so well. But also, their pricing model is funky – 5 free articles per month and if you want more, $36/year for unlimited.

Listenlater.net instead uses a more AI-aligned pricing of $0.03 per 1000 tokens (about 750 words according to them). This is a clear indication that they’re using a third party service without telling us which.

I then came across a service called listnr.ai which… takes text and gives you a podcast. You can also use their output for YouTube videos, TikToks, Reels, Shorts, Gaming, Social Media, and audiobooks. (Also, they’ve done a nice job of comparing their service to others in the same space. Thanks for doing the market-research for me, folks!)

Except… their terms say you can only use the content you download from their site for “personal, non-commercial use”. So… their own sales are violating their own TOS?

But the service is in India, so I guess they can ignore these rules.

But what’s the point of finding listnr.ai if I can’t validate that they have the same voice as Listenlater.net? It has to match! I listened to 50 voices and the absolutely last one, called “Shimmer” was a match!

Ok, but where is Shimmer coming from? I don’t trust listnr.ai to have built their own AI TTS just like I don’t trust listenlater.net to have.

Back to the Google-board! “Shimmer tts voice”

The first few results are some shitty site called 101soundboards.com and then one from a listnr.ai competitor called FakeYou. Then, below the Google fold of “People also ask”, we get the result we’re looking for. Mirroring the last 6 voices that listnr.ai supports are –

OpenAI’s alloy , echo , fable , onyx , nova , and shimmer.

Ah. There it is. I listened to a sample and sure enough, it matches exactly what listnr.ai is selling and very, very close to listenlater.net’s primary voice. So both these services are basically built on top of OpenAI and they just don’t want to talk about it. Why?

Well, OpenAI’s TTS documentation page says “Please note that our usage policies require you to provide a clear disclosure to end users that the TTS voice they are hearing is AI-generated and not a human voice.”

So while they’re very happy telling you that you’ll be listening to AI TTS, if you use the audio commercially and OpenAI comes after you, these companies want to protect their businesses. Nothing wrong with that.

Also, nothing wrong with reselling OpenAI’s service either. The service is API based. So normal users can’t use it. Building a website, a service, a podcast hosting setup, and supporting all this takes Engineering and Business hours and is well worth the added cost that these services might be pushing to their users. In the case of listenlater.net, it seems that’s not true either. OpenAI charges $30 per 1 million characters for their HD voices and $15 for non-HD. The difference is quality vs speed. Listenlater.net charges the same – $0.03 per 1 thousand characters. So if they’re not using the HD TTS, they’re pocketing half the money. Or they’re not and you’re getting a service that’s running out of love.

Listnr.ai’s pricing is a little more FU – it starts at 4000 words per month for $5 per month. But considering they are adding a lot more bells and whistles to their services – unlimited downloads and audio embeds, 25GB storage, 1000 voices (I didn’t bother finding out where they’re getting their other voices. Most seem to be coming from ElevenLabs, including Santa Clause. Exercise left to the reader), it might be worth it to someone out there.

Anyways, good dive.

Migrated VPS

black server racks on a room

When I started hosting this website on DigitalOcean about 9 years ago, the version of Ubuntu that was all the rage was 14.04 LTS. So I started my hosting journey with that. Pretty soon though, 16.04 came along and since I was ever active on my server, I upgraded to that using nothing more than a few apt update commands. Since then, other than a few forced efforts to secure the OS and install what I needed for experimentation, I didn’t do much to upgrade the underlying software.

So it happened that, when at the beginning of the year I tried to upgrade from PHP 7.3 to 7.4 (a process which failed), I was made aware of the fact that the chasm between where my software stack is and where it ought to be is rather large. I tried running a straightforward upgrade from 16.04 to 20.04. The blocker was mysql. Apparently, no matter what third party repos I tried, the upgrade from what I was running to whatever’s the current just wasn’t possible. Well, it may be possible, but it would not be easy. The recommended path, on multiple websites, forums, and blogs, was to just fire up a new VPS and migrate my websites and services manually. Daunting.

When I learnt of this, I realized that the amount of time and effort it would take was too much for me to give at that moment. Family needs and other projects held precedence. Right now, I wouldn’t say those needs have abated, just that I’ve adjusted to both those asks, and I’ve given myself enough time and another factor for this migration – money. DigitalOcean is a nice provider in that they’ll only charge me for what I use through the number of days that I use it. I know this is sort of the norm everywhere now, but it’s a nice-to-have and a nice-to-mention nevertheless. Instead of doing the entire migration within the span of a few hours, tiring myself, and increasing the odds of a failed migration, I spread the entire project over the last few days. I moved my other WordPress install first, the one whose failure wouldn’t affect me directly and personally. It’s a side project that we’ve gotten side-tracked from. I’d be totally fine if it craps out.

Moving WordPress seemed daunting, until I realized that I have a tool that can make it extremely easy. I’ve been backing up this website to Dropbox using UpdraftPlus for the longest time. It’s fast, easy, and totally a background process which has not needed my input since I set it up. I checked it out and sure enough, it’s got a pretty straightforward restore process too, included in the free version of the plugin. Of course, they offer paid tools for much easier migration. But I reckoned the free one has got to work just as well. UpdraftsPlus creates a bunch of separate zip files for the database, uploads, themes, plugins, and “other”. All you have to do to migrate is to create a fresh install of WordPress, install the plugin and drop the files into the interface and then hit restore.

This blog’s backup comes in at about 750 MB, while the other site is about 160 MB. I did the latter first, and since it stayed up just fine over the last few days, while for the first time in my life I ran two VPS in parallel in DigitalOcean, I ported over this blog as well as the other applications and sites which I wanted to keep. It ended up being a good housekeeping too, since most of the active nginx sites were not doing anywhere and thus were liable to be security issues. Plus, it gave me a chance to really start from scratch.

Over the years, I let the older VPS grow organically and get cluttered as all in-use systems do. When I was attacked by a script kiddie trying to get into this site and wreak havoc (at which they partially succeeded), I installed fail2ban and went aggressive with it, to the point where I got locked out of SSH quite a few times and had to recover via console. I installed multiple versions of node to run shortlived telegram bots or expressJS apps. I installed numpy to create a webUI for an experiment my brother wanted to run. I also created a series of scripts to run via cron – to periodically free up space and memory, to pull in data and recycle logs.

All of this had become a sore point for me anyways. The services running on the VPS often went down. The APIs responded only half the time. The downtime was somewhat acceptable till it wasn’t.

So this new VPS, well, I’ll run it as clean as I can for as long as I can. Of course, I’ll get hit by something or the other and I’ll have to respond with better security measures. But I wasn’t running any firewall before and ubuntu 20.04 seems to be running ufw by default, which is nice. I was also able to update PHP from v7.3 all the way to v8.0, which is nice, but came with it’s own set of challenges. One function in WordPress and another in a homegrown bookmarking tool were failing since they don’t work in PHP 8.0, so I had to spend some time figuring that out. But it’s good to have the latest software and to hope I’ll keep things updated better this time around.

All in all, a good experience. My old VPS is now sitting in shutdown mode. I’ll let it sit for a couple weeks, while I test out the new system and see if I forgot to move some settings or such. I know it’ll cost me almost twice as much for the month to run both machines in parallel, but it’s worth the peace of mind I’m getting.

Plus, this migration got me in touch with some projects I’d forgotten! I regularly use my liveblog, but completely forgot about “SomeDay”, a bookmark/linkblog of articles I didn’t finish reading and hope to, some day. It’s got an RSS feed and all, so maybe you can find something in there that you might want to read, today.

Links to everything currently hosted on my new VPS –

this blog

tempdeals.net

scratch.nikhco.in – a minimal writing tool with local browser storage and ability to start a TogetherJS session to collaborate with others in real time.

liveblog.nitinkhanna.com

someday.nitinkhanna.com – I haven’t read these articles yet. Maybe you should try?

ReplikaAI

Saw an ad on Instagram today for Replika AI, where it was touting the romantic relationships feature of the chatbot service, including photo sharing, role playing, and “caring and loving”. All of these, with an AI.

Replika started off as an experiment by an engineer who lost a dear friend. She had experience with chatbots and decided to feed her friend’s text messages into a neural network to create a “digital memorial” of him. Read more about it in this Wired article.

But the ad I saw today was something wildly different. It was gross and far from a “digital friend” or a likeness thereof. Over the years, while I’ve not used Replika much, I’ve kept my eye on the service. I stopped using it right when it started leaning into this romantic aspect instead of friendship. It started asking me to share pics of my day-to-day life, selfies to get started with the app after I came back after a break of a few months, and to voice chat with it. It felt gross the way the app was transforming right in front of me.

Now, wherever there are chatbots and turing tests, there’s the baseness and loneliness of humanity. I understand that. I understand that people were seeing this “friend” app and asking it romantic questions, and laughing when it was giving them even slightly romantic responses. But for the service to lean into that feels like a betrayal of the original intent.

Dystopian storytelling often pins on this idea of people being so isolated from society that only an AI gives them the comfort of a relationship. Heck, we don’t need to look to science fiction for that. Real news coming out of China about people’s social media usage behavior often shows how messed up the landscape already is.

But to see an app in the US be so blatant in its disregard for real human connection and its outright mission to replace it with a chatbot feels like something society and politicians should condemn.

What I also don’t understand is how this app isn’t violating at least one or more of Apple’s ridiculous App Store policies. Thoughts?

Folks, I made a thing – NYT Redirect

So, The New York Times provides a nice service where they put the day’s newspaper’s front page as a PDF up on an obscure URL for anyone to see

https://static01.nyt.com/images/2022/08/26/nytfrontpage/scan.pdf

If you’re a logged in user who wants to use their webapp instead, you can go to –

https://www.nytimes.com/section/todayspaper

If you’re like me, you can never remember how to get to these links.

So, using the power of Cloudflare Workers, I made a little URL redirector that takes you to these pages.

You can access it by going to these URLs –

https://nyt.nitinkhanna.com or https://nyt.nitinkhanna.com/front for the PDF version

https://nyt.nitinkhanna.com/today or https://nyt.nitinkhanna.com/todayspaper for the webapp version

https://nyt.nitinkhanna.com/about for my omg.lol profile which has all this information, including a link to the GitHub repo for this little thing 🙂

Cheers!

Some quality of life improvements on my iPhone

When iOS 15 dropped, I noticed that it added a feature that Shortcuts could run on their own, without user approval every time. This is a pretty major change to the way they were working before, and allows for some truly good automation.

A few months ago, I created a folder in my Photos app called Wallpapers and added subfolders called Morning and Evening. I created automation that runs at Sunrise and Sunset and sets a random wallpaper from the folders as the lockscreen wallpaper. It’s a nice way to update my lockscreen frequently.

Over time though, I got bored of the same few wallpapers, so I’ve created two more automations – these go out to source.unsplash.com and pull wallpapers using simple search terms.

Unsplash has run their free Source endpoint for a long time and even though it’s technically deprecated, they don’t prevent it’s use if you know what you’re doing. The search terms I use are –

https://source.unsplash.com/1080×1920/?Morning and

https://source.unsplash.com/1080×1920/?Sunset

Note that if you put the search term as “Evening”, it leads to some particularly Non-Family Friendly results.

So now, I’ve got 4 automations – on Mondays, Wednesdays, and Fridays, I set Morning and Evening wallpapers from my local folder. On the rest of the days, I let Unsplash send me some nice wallpapers for my phone twice a day.

The best part of this is that the wallpapers from Unsplash don’t get downloaded to my phone and clutter my photos. They directly get used as wallpapers.

The other quality of life improvement I’ve made is webapps!

At some point, I found this shortcut which lets you create a fullpage standalone browser app icon on your iOS homescreen for any URL or website you pass to it.

I had just installed Amazon Luna and rocketcrab as webapps using Safari’s Add to Homescreen feature some time before that, and really like how they come off almost as proper apps (as good an app as Amazon can make, and they make some spectacularly terrible apps).

When you try to turn a website into a webapp but it doesn’t support this feature, it opens in a new tab in Safari, which takes away from the feeling of a standalone app. But the shortcut above solves that problem!

It creates a webapp using a configuration profile, which you then have to go into the settings app to accept. It’s an unsigned profile, so the risk is all yours. But you can look at what the Shortcut is doing and let me know if there are any security concerns.

One caveat – the shortcut asks for an icon image. You better have one ready when you’re using the shortcut and it has to be more than 128×128 pixel. I tried an image that was 64×64 and the icon just turned out blank.

Since I discovered this, I’ve gone on somewhat of a binge. I made webapps (or Web Clips, as iOS calls them) of three webbooks I’m reading on and off (these aren’t available as ebooks in any way). I also often have to check up on my GitHub Actions runs of a particular secret project, so I made a webapp of that direct URL. I made one of my blog, so I can easily go into the admin section and make edits to my posts in the Gutenberg editor (which still doesn’t have proper support in WordPress iOS apps). The only one I haven’t made (and thus opens in Safari) is solitaired.com and that’s basically because I got lazy. I’ll make it one of these days.

From the time I started writing this post, I made another improvement.

I don’t really like Wallpapers cluttering my photos app. Over time, they make a mess, the good ones used to get lost when I moved phones, and overall, it’s a lot of pain to manage them in the Photos app, which needs a long overdue overhaul, Apple.

I figured out that I can make a shortcut that actually picks a random file from a folder in the Files app. So I moved both the Morning and Evening folders to the iCloud Drive and now I can add any good wallpapers I find on my desktop to my phone too! 🙂

I like when things fall into place nicely like this 😀

Cover art is from emoji.supply, which is a ridiculously awesome source of emoji based wallpapers!

Ev gives up. Yay!

black text on gray background

Ev Williams Gives up

No schadenfreude, but I’ve always thought that Ev Williams and the other twitter ilk were never too good at execution. Someone, somewhere along the story of twitter helped make it what it is, but neither Jack, nor Ev have been amazing at the business side of things.

But a former employee of Medium says it much better than I ever could –

I don’t know what’s in store for Medium, but it could have been a lot more than what it is today. Yes, the blogosphere is overcrowded. Yes, the true spiritual successor of WordPress is Ghost (or it’s Gutenberg, if you ask automattic). Yes, blogging is such an essential activity to the web that if every free and open source and well made CMS were to disappear tomorrow, someone would start making another one from scratch almost instantly. (heck, I made two for my personal use!) So where does that leave Medium? I don’t know.

I like the insight this write up by Casey Newton gives into what Ev thought he was doing with Medium.

To think that he can “fix the internet” and “increase depth of understanding” are grandiose plans if what you’re going to do is start a blogging platform that’s half-baked on day one of launch. Medium is often like LinkedIn now – it’ll throw up a soft paywall and you can just wander away and get your information fix elsewhere.

I do hope better things are in store.