to me, just that these lines from DeepSeek founder/CEO Liang Wenfeng gives a clue that China communist party involvement in DeepSeek-R1 is minimal or nothing. If CCP is involved in a big way, we won't see these words from CEO.
> "For many years, Chinese companies are used to others doing technological innovation, while we focused on application monetization..."
> “But in fact, this is something that has been created through the tireless efforts of generations of Western-led tech communities. It’s just because we weren’t previously involved in this process that we’ve ignored its existence.”
> If CCP is involved in a big way, we won't see these words from CEO.
you don't know cpc
you don't know china
and you don't know chinese
you just imagine cpc and chinese as characters in some shit comics
every chinese could possibly said that, and cpc say this a lot everyday, and cpc made national strategy base on that, you can find these words in many gov documents
so you guys are right about one thing: china is a threat, because from cpc to normal chinese, there're tons of people
in china think like this, and many of them eager to challenge this
Given that they use the Chinese initialism for the Chinese Communist Party (cpc, taken from the literal translation of 中国共产党, instead of CCP), they probably do — i.e., the likelihood they are a Chinese person living in, or having lived most of their life in, China seems high.
There's a thing called "local laws and regulations" that you need to comply with to be able to operate in China.
It's plain and simple - without this level of limitation, once the model is viral it will be on the radar and then censorship will apply anyway. May as well implement that from the beginning. So I don't believe CCP is actively "involved" in this, but rather the laws impacted the behavior of the company.
Microsoft apply censorship to Bing search results in China. It doesn't mean they are controlled by CCP. They just got impacted by law and they want to keep operate in China.
The question is whether the weights they've released have such censorship in the training data, for which future users would be unable to detect nor remove.
I don't care that deepseek's own service has censorship. I would care, if they have this censored weights but haven't revealed it was (aka, fraud by omission).
I would not be super surprised if they intend to do, but I felt that's going to be very hard to implement. The censorship very likely comes from another layer.
Such a relief/contrast to the period between 2010 and 2020, when the top five Google, Apple, Facebook, Amazon, and Microsoft monopolized their own regions and refused to compete with any other player in new fields.
Google : Search
Facebook : social
Apple : phones
Amazon : shopping
Microsoft : enterprise ..
> Even still, this monthly progress across all companies is exciting to watch. Its very gratifying to see useful technology advance at this pace, it makes me excited to be alive.
what many people of not taking is that why we are here:
one simple reason:
all eggs in one Microsoft PC basket
why in one Microsoft PC basket?
- most corporate desktop apps are developed for Windows ONLY
Why most corporate desktop apps are developed for Windows ONLY?
- it is cheaper to develop and distribute since, 90% of corporations use Windows PCs ( Chicken and Egg problem)
- alternate Mac Laptops are 3x more expensive, so corporations can't afford
- there are no robust industrial grade Linux laptops from PC vendors (lack of support, fear of Microsoft may penalize for promoting Linux laptops etc.)
1/ Most large corporations (Airlines, Hospitals etc..) can AFFORD & DEMAND their Software vendors to provide their ' business desktop applications' both in Windows and Linux versions and install mix of both Operating systems.
2/ majority of corporate desktop applications can be Web applications (Browser based) removing the single vendor Microsoft Windows PC/Laptops
Windows is not the issue here. If all of the businesses used Linux, a similar software product, deployed as widely as Crowdstrike, with auto-update, could result in the same issue.
Same goes for the OS; if let's say majority of businesses used RHEL with auto updates, RedHat could in theory push an update, that would result bring down all machines.
Agree. The monoculture simply accelerates the infection because there are no sizable natural barriers to stop it.
Windows and even Intel must take some blame, because in this day and age of vPro on the board and rollbacks built into the OS it's incredible that there is no "last known good" procedure to boot into the most recent successfully booted environment (didnt NT have this 30 years ago?), or remotely recover the system. I pity the IT staff that are going to have to talk Bob in Accounting through bitlocker and some sys file, times 1000s.
IT get some blame, because this notion that an update from a third party can reach past the logical gatekeeping function that IT provides, directly into their estate, and change things, is unconscionable. Why dont the PCs update from a local mirror that IT has that has been through canary testing? Do we trust vendors that much now?
I would posit that RedHat have a slightly longer and more proven track record than Crowdstrike, and more transparent process with how they release updates.
No entity is infallible but letting one closed source opaque corporation have the keys to break everything isn’t resilient.
Yes it is. Windows was created for the "Personal Computer" with zero thought initially put in to security. It has been fighting that heritage for 30 years. The reason Crowdstrike exists at all is due to shortcomings (real or perceived) in Windows security.
Unix (and hence Linux and MacOS) was designed as a multi-user system from the start, so access controls and permissions were there from the start. It may have been a flawed security model and has been updated over time, but at least it started some notion of security. These ideas had already expanded to networks before Microsoft ever heard the word Netscape.
> was designed as a multi-user system from the start, so access controls and permissions were there from the start.
Right and Windows NT wasn't? Obviously it supported all of those things from the very beginning (possibly even in a superior way to Unix in some cases considering it's a significantly more modern OS)...
The fact that MS developed another OS called Windows (3.1 -> 95 -> 98) prior to that which was to some extent binary compatible with NT seems somewhat tangential. Otherwise the same arguments would surely apply to MacOS as well?
> These ideas had already expanded to networks before Microsoft ever heard the word Netscape.
Does not seem like a good thing on its own to me. Just solidifies the fact the it's an inherently less modern OS than Windows(NT) (which still might have various design flaws obviously, that might be worth discussing, it just has nothing to do whatsoever with what you're claiming here...)
We have Crowdstrike on our Linux fleet. It is not merely a malware scanner but is capable of identifying and stopping zero-day attacks that attempt local privilege escalation. It can, for example, detect and block attempts to exploit CVE-2024-3094 - the xz backdoor.
Perhaps we need to move to an even more restrictive design like Fuschia, or standardize on an open source eBPF based utility that's built, tested, and shipped with a distribution's specific kernel, but Windows is not the issue here.
Security is a complex and deeply evolved field. Many modern required security practices are quite recent from a historical perspective because we simply didn't know we would need them.
A safe security first OS from 20 years ago would most likely be horribly insecure now.
yes, staggered software update is the way to go. there was reply in this thread why Crowdstrike did not do it -- don't want extra cost of Engineering for that
having 1/3 of Airlines computers Windows, RHEL, Ubuntu .. all unlikely to hit same problems at same time.
But you're more likely to encounter problems. That's likely a good thing as it improves your DR documentation and processes but could be a harder sell to the suits.
But then it'd be putting all eggs in the Linux pc basket, wouldn't it? I think they point was that more heterogeneity would make this not be a problem. If all your potatoes are the same potato it only takes one bad blight epidemic to kill off all farmed potatoes in a country. If there's more heterogeneity things like that doesn't happen.
The difference being that RHEL has a QA process which crowd strike apparently does not. The quality practices for open source involved companies is apparently much higher than for large closed source "security" firms.
I guess getting whined at because obscure things break in beta or rc releases has a good effect for the people using LTS.
Maybe this is pie-in-the-sky thinking, but if all the businesses used some sort of desktop variant of Android, the Crowdstrike app (to the extent that such a thing would even be necessary in the first place) would be sandboxed and wouldn't have the necessary permissions to bring down the whole operating system.
When notepad hits an unhandled exception and the OS decides it's in an unpredictable state, the OS shuts down notepad's process. When there's an unhandled exception in kernel mode, the OS shuts down the entire computer. That's a BSOD in Windows or a kernel panic in Linux. The problem isn't that CrowdStrike is a normal user mode application that is taking down Windows because Windows just lets that happen, it's that CrowdStrike has faulty code that runs in kernel mode. This isn't unique to Windows or Linux.
The main reason they need to run in kernel mode is you can't do behavior monitoring hooks in user mode without making your security tool open to detection and evasion. For example, if your security tool wants to detect whenever a process calls ShellExecute, you can inject a DLL into the process that hooks the ShellExecute API, but malware can just check for that in its own process and either work around it or refuse to run. That means the hook needs to be in kernel mode, or the OS needs to provide instrumentation that allows third party code to monitor calls like that without running in kernel mode.
IMO, Windows (and probably any OS you're likely to encounter in the wild) could do better providing that kind of instrumentation. Windows and Office have made progress in the last several years with things like enabling monitoring of PowerShell and VBA script block execution, but it's not enough that solutions like CrowdStrike can do their thing without going low level.
Beyond that, there's also going to be a huge latency between when a security researcher finds a new technique for creating processes, doing persistence, or whatever and when the engineering team for an OS can update their instrumentation to support detecting it, so there's always going to be some need for a presence in kernel mode if you want up to date protection.
I mean, to me that's just a convincing argument against using kernel-mode spywa-, err, endpoint protection, with OTA updates that give you no way to stage or test them yourself cannot be secure.
How are those arguments against kernel level detection from a security perspective?
His arguments show that without kernel level, you either can't catch all bad actors as they can evade detection, or that the latency is too big that an attacker basically has free reign for some time after detection.
SolarWinds story was quickly forgotten, and this one will be too, and we'll continue to build such special single points of global catastrophic failure into our craftly architected decentralized highly robust horizontally scaled multi-datacenter-region systems
The SolarWinds story wasn't forgotten. Late last year the SEC launched a complaint against SolarWinds and its CISO. It was only yesterday that many of the SEC's claims against the CISO were dismissed.
Solarwinds is still dealing with the reputation damage and fallout today from that breach. People don’t forget about this stuff. the lawsuits will likely be hitting crowdstrike for years to come
No less than three baskets, or you cannot apply for bailouts. If you want to argue your industry is a load-bearing element in the economy: no less than three baskets.
Making everything browser based doesn't help (unless you can walk across the room and touch the server). The web is all about creating fast-acting local dependency on the actions of far-away people who are not known or necessarily trusted by the user. Like crowdstrike, it's about remote control, and it's exactly that kind of dependency that caused this problem.
I love piling on Microsoft as much as the next guy, but this is bigger than that. It's a structural problem with how we (fail to) manage trust.
Wow !! good to know real reason for non-staggered release of the software ...
> Crowdstrike bit my company with a false positive that severely broke the entire production fleet because they pushed the change everywhere all at once instead of staggering it out. We pushed them hard in the RCA to implement staggered deployments of their changes. They sent back a 50 page document explaining why they couldn't which basically came down to "that would slow down blocks of true positives" - which is technically true but from followup conversations quite clear that is was not the real reason. The real reason is that they weren't ready to invest the engineering effort into doing this.
Losers & Winners from Llama-3-400B Matching 'Claude 3 Opus' etc..
Losers:
- Nvidia Stock : lid on GPU growth in the coming year or two as "Nation states" use Llama-3/Llama-4 instead spending $$$ on GPU for own models, same goes with big corporations.
- OpenAI & Sam: hard to raise speculated $100 Billion, Given GPT-4/GPT-5 advances are visible now.
- Google : diminished AI superiority posture
Winners:
- AMD, intel: these companies can focus on Chips for AI Inference instead of falling behind Nvidia Training Superior GPUs
- Universities & rest of the world : can work on top of Llama-3
Google's business is largely not predicated on AI the way everyone else is. Sure they hope it's a driver of growth, but if the entire LLM industry disappeared, they'd be fine. Google doesn't need AI "Superiority", they need "good enough" to prevent the masses from product switching.
If the entire world is saturated in AI, then it no longer becomes a differentiator to drive switching. And maybe the arms race will die down, and they can save on costs trying to out-gun everyone else.
AI is taking marketshare from search slowly. More and more people will go to the AI to find things and not a search bar. It will be a crisis for Google in 5-10 years.
I think I agree with you. I signed up for Perplexity Pro ($20/month) many months ago thinking I would experiment with it a month and cancel. Even though I only make about a dozen interactions a week, I can’t imagine not having it available.
That said, Google’s Gemini integration with Google Workplace apps is useful right now, and seems to be getting better. For some strange reason Google does not have Gemini integration with Google Calendar and asking the GMail integration what is on my schedule is only accurate if information is in emails.
I don’t intend to dump on Google, I liked working there and I use their paid for products like GCP, YouTube Plus, etc., but I don’t use their search all that often. I am paying for their $20/month LLM+Google One bundle, and I hope that evolves into a paid for high quality, no ad service.
Only if it does nothing. In fact Google is one of the major players in LLM field. The winner is hard to predict, chip makers likely ;) Everybody jumped on bandwagon, Amazon is jumping...
I often use ChatGPT4 for technical info. It's easier then scrolling through pages whet it works. But.. the accuracy is inconsistent, to put it mildly. Sometimes it gets stuck on wrong idea.
Interesting how far LLMs can get? Looks like we are close to scale-up limit. It's technically difficult to get bigger models. The way to go probably is to add assisting sub-modules. Examples would be web search, have it already. Database of facts, similar to search. Compilers, image analyzers, etc. With this approach LLM is only responsible for generic decisions and doesn't need to be that big. No need to memorize all data. Even logic can be partially outsourced to sub-module.
It takes less than an hour of conversation with either, giving them a few tasks requiring logical reasoning, to arrive at that conclusion. If that is a strong position, it's only because so many people seem to be buying the common scoreboards wholesale.
That’s very subjective and case dependent. I use local models most often myself with great utility and advocate for giving my companies the choice of using either local models or commercial services/APIs (ChatGPT, GPT-4 API, some Llama derivative, etc.) based on preference. I do not personally find there to be a large gap between the capabilities of commercial models and the fine-tuned 70b or Mixtral models. On the whole, individuals in my companies are mixed in their opinions enough for there to not be any clear consensus on which model/API is best objectively — seems highly preference and task based. This is anecdotal (though the population size is not small), but I think qualitative anec-data is the best we have to judge comparatively for now.
I agree scoreboards are not a highly accurate ranking of model capabilities for a variety of reasons.
If you're using them mostly for stuff like data extraction (which seems to be the vast majority of productive use so far), there are many models that are "good enough" and where GPT-4 will not demonstrate meaningful improvements.
It's complicated tasks requiring step by step logical reasoning where GPT-4 is clearly still very much in a league of its own.
Disagree on Nvidia, most folks fine-tune model. Proof: there are about 20k models in huggingface derived from llama 2, all of them trained on Nvidia GPUs.
If anything a capable open source model is good for Nvidia, not commenting on their share price but business of course.
Better open models lower the barrier to build products and drive the price down, more options at cheaper prices which means bigger demand for GPUs and Cloud. More of what the end customers pay for goes to inference and not IP/training of proprietary models
This might have been a reasonable and workable solution for all parties involved.
Context:
---------
1.1/ ILya Sukhar and Board do not agree with Sam Altman vision of a) too fast commercialization of Open AI AND/OR b) too fast progression to GPT-5 level
1.2/ Sam Altman thinks fast iteration and Commercialization is needed in-order to make Open AI financially viable as it is burning too much cash and stay ahead of competition.
1.3/ Microsoft, after investing $10+ Billions do not want this fight enable slow progress of AI Commercialization and fall behind Google AI etc..
a workable solution:
--------------------
2.1/ @sama @gdb form a new AI company, let us call it e/acc Inc.
2.2/ e/acc Inc. raises $3 Billions as SAFE instrument from VCs who believed in Sam Altman's vision.
2.3/ Open AI and e/acc Inc. reach an agreement such that:
a) GPT-4 IP transferred to e/acc Inc., this IP transfer is valued as $8 Billion SAFE instrument investment from Open AI into e/acc Inc.
b) existing Microsoft's 49% share in Open AI is transferred to e/acc Inc., such that Microsoft owns 49% of e/acc Inc.
c) the resulted "Lean and pure non-profit Open AI" with Ilya Sukhar and Board can steer AI progress as they wish, their stake in e/acc Inc. will act as funding source to cover their future Research Costs.
d) employees can join from Open AI to e/acc Inc. as they wish with no antipoaching lawsuits from OpenAI
This may be a fair workable solution to all the parties involved.
Context:
---------
1.1/ ILya Sukhar and Board do not agree with Sam Altman vision of a) too fast commercialization of Open AI AND/OR b) too fast progression to GPT-5 level
1.2/ Sam Altman thinks fast iteration and Commercialization is needed in-order to make Open AI financially viable as it is burning too much cash and stay ahead of competition.
1.3/ Microsoft, after investing $10+ Billions do not want this fight enable slow progress of AI Commercialization and fall behind Google AI etc..
a workable solution:
--------------------
2.1/ @sama @gdb form a new AI company, let us call it e/acc Inc.
2.2/ e/acc Inc. raises $3 Billions as SAFE instrument from VCs who believed in Sam Altman's vision.
2.3/ Open AI and e/acc Inc. reach an agreement such that:
a) GPT-4 IP transferred to e/acc Inc., this IP transfer is valued as $8 Billion SAFE instrument investment from Open AI into e/acc Inc.
b) existing Microsoft's 49% share in Open AI is transferred to e/acc Inc., such that Microsoft owns 49% of e/acc Inc.
c) the resulted "Lean and pure non-profit Open AI" with Ilya Sukhar and Board can steer AI progress as they wish, their stake in e/acc Inc. will act as funding source to cover their future Research Costs.
d) employees can join from Open AI to e/acc Inc. as they wish with no antipoaching lawsuits from OpenAI
To account for the changing times, I believe a Personal LLM should be running on your phone (with a cloud data backup) with background AGENTS looking for shopping deals, working with your calendar and making appointments for all life chores such as your car oil change appointment bookings, recommending preventive maintenance repairs, answering on your demand questions on your your kids math/english report cards grade progress for last few semesters, and so on.
Sure but Microsoft isn’t really offering a coherent solution for general company data and processes. They have the power platform, but because there’s no happy path, best practices, laid out it requires a lot more buy in from actual engineers who don’t have a lot of love for nocode platforms.
It’s totally feasible to build a IT ticketing system in power platform. And then to build a sales/CRM solution and then also build a bunch of analytics and compliance and such for finance, but because Microsoft doesn’t have the barebones platforms there it’s a lot more work to stand up, and you end up maintaining a very custom product that is totally dependent on Microsoft not suddenly changing their pricing or deciding to kill the platform due to lack of revenue. At that point you may as well just build your own thing in actual cloud products instead of depending on the “baby proofed cloud”.
> Sure but Microsoft isn’t really offering a coherent solution for general company data and processes.
Do you have a moment to talk about our Lord and Savior Dynamics 365?
> Microsoft Dynamics 365 is a product line of enterprise resource planning (ERP) and customer relationship management (CRM) intelligent business applications
What? Microsoft is one of the biggest players in the market in this space with Dynamics 365!
I don’t have any data to back it up officially, but working in the space it seems like dynamics is taking customers from their competitors (eg SAP) fast too…
Yeah, lots of botched React integrations, misuse of Serviced Workers, nightmare security roles, just to name a few daily problems you will run into when choosing Dynamics 365!
In my opinion LLM based document search tools such as OSS Quivr may be better suited for documentation search for startups.
A highly customed Quivr with one of the 'Open Source LLMs' may provides great 'semantic search' for product documentation.
https://github.com/StanGirard/quivr
Dump all your files and chat with it using your Generative AI Second Brain using LLMs ( GPT 3.5/4, Private, Anthropic, VertexAI ) & Embeddings
> "For many years, Chinese companies are used to others doing technological innovation, while we focused on application monetization..."
> “But in fact, this is something that has been created through the tireless efforts of generations of Western-led tech communities. It’s just because we weren’t previously involved in this process that we’ve ignored its existence.”