mcld.co.uk

ChatGPT (and the other GPTs) is an example of "large language models" that are making a big splash at the moment due to their unprecedented abilities at generating plausible text on demand. Of course it's far from perfect -- for example, many people noticed its tendency to make up facts. But here at university we're noticing its impact. Many conversations around the coffee machine about how to grade students' work, and the extent to which students are using ChatGPT.

Students in my class have used ChatGPT to do the following:

• improve a piece of their own writing, to make it more formal/scientific (this has been mentioned pretty often, and I guess there's a lot of this going on);
• generate Python code for their exercise/project, or to help them work out "the next step" in some coding that they're working on;
• diagnose errors in their code (supplying it with the error message and the code snippet);
• convert formats e.g. convert an Excel table into Latex;
• suggestions for keywords or topics that they should look up while doing their literature search.

All of these are in my opinion pretty good, positive examples of how to use an AI assistant without defrauding the university system. As long as you can learn how to use an AI assistant without cutting out your learning process, it's a good "teaching assistant". That is the new skill to learn.

Our university department has had a very interesting reaction to the availability of these tools. Instead of a blanket "no" response (which would be understandable given the vastly increased risk of some types of cheating), we now ask for a "statement of technology" with every report (e.g. thesis), i.e. a statement of what technologies were used to accelerate the work, and how they were used. There are many technologies, e.g. auto-translation, or grammar-checking, and it's very coherent to include ChatGPT within a general policy.

The standard plagiarism-checking system (TurnItIn) can't detect this new type of auto-generation. That's certainly an issue, and we will have to wait and see how that plays out. But still, old-fashioned plagiarism happens, so we still use plagiarism checkers, and perhaps they will improve. We now have to teach students, not only how to avoid plagiarism in cited/quoted work etc, but what to do and what to avoid when using text-generation systems. It seems so far that, generally, students understand that

1. it would be fraudulent/plagiaristic to submit ChaptGPT text directly as if it was their own;
2. ChatGPT text might not get them the highest marks anyway;
3. but on the other hand, it's a useful tool that can help them to learn.

I asked one group if they thought students would be at a disadvantage if they didn't use this tech, and the answer was "Yes".

In general, ChatGPT produces plausible and fluent prose (or code), but it has a few drawbacks which means students need to be careful and critical with its outputs: It can be bland and generic, not really getting the incisive point. It often makes up facts, or people, or citations. It can generate bad code, or working-but-poor code that becomes hard to debug. It seems clear that students understand this.

Teachers also understand that their teaching methods must account for its existence: for example, instead of pretending we can insist that no students look at ChatGPT, some teachers use it to generate "example answers", and then the class is invited to critique those answers.

There's a political/systemic question, of the concentration of power in the company that controls this tech, that absorbs and privatises all of the text data that anyone might enter into the system. I think there will be rival systems, and truly open-source systems, with the same capabilities pretty soon. But all the same, this concentration leads to the same concentration of data that the search giants such as Google have capitalised on in recent decades - so, the same situation, but even more concerning as the power of these systems becomes more impressive.

I don't blame students for using this algorithm. For now, I don't want to use it myself, partly for these systemic reasons. The technology is powerful and useful. Can it be made truly open: available to all, without having to submit your data to some foreign company? Can it be held democratically accountable, so that its impacts can be managed by a political process that gives everyone an equal say (i.e. our governments)?

In principle, we can answer these systemic questions "yes" -- and hopefully we'll get there. But the issues aren't new, they're the same ongoing issues of the concentration of power and resources in modern highly-connected societies, in which data is one of the increasingly pivotal resources. Thus far we haven't really succeeded in keeping power and resource from becoming hyper-concentrated over the past 40 years. The issues aren't new, but they become more and more obvious.

(Further reading on the power dynamics: "ChatGPT and more: Large scale AI models entrench big tech power".)

I'm having problems understanding people. More specifically, I'm having problems now that people are using emoji in their messages. Is it just me?

OK so here's what just happened. I saw this tweet which has some text and then 3 emoji. Looking at the emoji I think to myself,

"Right, so that's: a hand, a beige square (is the icon missing?), and an evil scary face. Hmm, what does he mean by that?"

I know that I can mouseover the images to see text telling me what the actual icons are meant to be. SO I mouseover the three images in turn and I get:

• "Clapping hands sign"
• "(white skin)"
• "Grinning face with smiling eyes"

So it turns out I've completely misunderstood the emotion that was supposed to be on that face icon. Note that you probably see a different image than I do anyway, since different systems show different images for each glyph.

Clapping hands, OK fine, I can deal with that. Clapping hands and grinning face must mean that he's happy about the thing.

But "(white skin)"? WTF?

Is it just me? How do you manage to interpret these things?

I've been at the OpenStreetMap hack weekend. [Photo]. One of the things I wanted to explore was getting offline maps working on my Firefox OS phone.

Firefox OS is not like iPhone or Android - every app has to be written in pure HTML and JavaScript, which means that for full-featured phone apps / web apps we need to use the fancy extra tools that Mozilla and others are providing to beef up things beyond the usual web features. One of these is IndexedDB which allows a HTML page to store objects longish-term. So let's use that for cacheing map tiles:

• A simple demo with four tiles in a HTML page
• A Leaflet slippy map, tweaked to use IndexedDB cacheing
• Get the code on Github

The demos are just online maps, so they key thing is testing them with internet access on, and then trying again with internet access off.

I had to make a small tweak to the Leaflet slippy-map code in order to patch it to grab map tiles from my cache-or-live service. I don't know if there's a more "sustainable" way to do this...

Is this any different from standard browser cacheing? Well yes and no. It lets us have tighter control over what we, as "an app", do or do not remember. We get to say that we want to remember map tiles but we don't necessarily need to remember logo images, for example.

Post-Snowden, we all need to understand privacy and cryptography a little bit better than we did before. If you use something like Dropbox to synchronise files between computers, or to collaborate with people, you may wonder about the security of it. Well, you should wonder about the security of it: the way Dropbox works is that it sends your files up into "the cloud" which is really a big filestore run by Amazon. That's handy because if you trash your computer, your files can be recovered from Amazon's servers. But it's not so handy in that all your files are stored on some third-party server, maybe in the EU, maybe in the USA. In general we shouldn't have to trust such third parties, so it'd be better if the data were encrypted so that Dropbox/Amazon couldn't inspect it. (Note: technically the data is "encrypted" on their server but not in a way that prevents them from looking at it.) Even worse, we know (post-Snowden) that it's highly likely the US security services have some kind of "relationship" with Dropbox/Amazon through which they can scan for interesting content etc, under rather looser terms than maybe we thought. So Dropbox provides a personal service but not a private one.

Luckily (?) the makers of Bittorrent have come along with an alternative called BitTorrent Sync, which does the same kind of job but in a peer-to-peer fashion.

The way it works is described in the btsync tech summary and it's rather neat. Transferring files between computers is basically done Bittorrent-style, but it transmits the data directly between your computers over an encrypted connection.

(When I say "directly"... it's still transmitted indirectly in the sense that internet traffic passes through many machines - but I mean that your data is not addressed first to some third-party machine [neither peer nor server] before it gets re-addressed and hops onward to your machine.)

If you have two computers, attached to the internet, you sync files between them by telling them the secret random code that it generates for you. You don't need any central server (in principle), because btsync is able to use a DHT which lets it ask the p2p network, "which IP addresses correspond to machines which know my secret code?"

I think this architecture is really rather nice. There are a handful of extra tweaks you need to be aware of - for example, it does in fact use centralised servers (not just DHT) to help bootstrap awareness of peers, and also to help get round firewalls - but the basic idea is neat, and cuts out the middleman compared against Dropbox. In principle, this appears much better privacy-wise.

There is a major security/privacy issue, but before that here's a minor one. The DHT stores data in the form of "SHA1(Secret):ip:port", which means that although your secret isn't directly stored, if some naughty person was spying on you and detected that your computer had sent out a message saying "who knows about SHA1(Secret)?", then the naughty person could ask the same question and discover the IP addresses of the nodes in your little sharing network. So, that doesn't give away your secret or your data, but it does give away some of your web of connectivity. For example, maybe it lets someone confidently associate your work computer and your home computer. These narrower kinds of information leak are hard to stop, but I believe there are tools that can even avoid them (RetroShare privately hops data from friend-to-friend so that an outside observer could probably work out who your friends are, but not which bit of data is destined for which destination).

The major issue is that Bittorrent sync is not open-source. Many, many security experts can tell you that open-source software is much easier to rely on for security, because the actual software code is out in the open (and ideally, the development process too) and can be inspected for any issues. In the past this was just a vague idea, but now post-Snowden we know that government agencies do force software vendors to compromise the security of their software, and then to deny it to us. So it's very difficult to trust a company (especially, right now, a US-based company) when they say their software is private and secure.

(Of course just because something is open-source doesn't guarantee it is secure. The NSA has been documented tweaking public open-source code, influencing on-the-record standards meetings, etc.)

But if it's closed source, it's like buying a boat and not being able to check all round it to see if it's seaworthy. "Is the hull watertight?" "Well, I've checked the left side, and there are no holes in that side." "Let's go!"

So, it's no wonder that the Free Software Foundation considers it a high priority to make a free-software equivalent to btsync. The design is neat, and in principle it's privacy-preserving. In practice... who knows?

Disclaimer: I'm a citizen not a cryptographer. Post-Snowden we all need to understand privacy and cryptography a little bit better than we did before. You should probably read something by Bruce Schneier or Jacob Appelbaum.

Last week we went out to Dartmoor, camping with no electricity or running water. Just beforehand, my friend Jan posted that he'd just received his "Waka Waka" solar charger / light in the post. I think he funded their Kickstarter project - apparently the company started with a solar-powered LED light intended for developing countries, one of those business models where they use the profits from selling their neat little device in wealthy countries to support making it available in poorer countries.

Anyway, so Waka Waka make this neat-looking little solar charger that can provide reading light or can charge your phone via USB. Possibly ideal for camping trips, so I got one too. I don't have much experience with other solar cells but here's my review of this one. Looks neat doesn't it?

The short review: Really pleasant and functional design which can sit/stand/hang anywhere or fold away. In southern England in August, it needs a proper sunny day to charge my smartphone all the way up (i.e. it can't do a full charge every day) but it's great for topping up a phone so you can keep using it. The LED light is surprisingly bright and pleasantly-coloured.

Some extra notes:

I should mention that my main aim was to keep the smartphone charged up so I could use it for GPS and important phone calls. For that reason, we didn't use the LED light feature much (so that we didn't run it down), so I guess I can't really evaluate the LEDs beyond saying they're lovely and bright and neutrally-coloured, and apparently can last for dozens of hours from a single charge. So, having said that:

• It has nicely-thought-out status lights so you know what's going on. A subtly flashing "bip-bip" indicates how fast it's charging, and a blue light lets you know when it's charging up your USB device.

• In southern England (latitude about 50 degrees) in August, it needs a good sunny day to charge all the way from zero to full. With varied sunshine, it charges up pretty far, but only enough to get my smartphone up to about two-thirds. That's not a bad deal at all, and if you live in sunnier climes or if you use your smartphone moderately rather than running it dry each day, I guess you'll have no trouble at all. (Though in less-sunny climes, or if it's not summer....) Also, I didn't "optimise" the position of the solar panel too heavily, just left it on the roof of the tent, pointed it at the sun, and went out walking for the day.

• Once charged, it doesn't hold its charge for ever. It seems that overnight it can fall back from its 4-bars full status down to 2-bars. So it's not exactly like you can treat it as a "spare battery" once charged, I'd guess it makes sense to use the charge within a day if you're going to.

• Waterproofness: I must admit I'm a bit baffled by the instructions. Apparently it's rainproof on one side (the solar panel side) but not on the other side. So does this mean it's OK to leave it out in the rain, or not? Well, who knows - but I left it out all day, on at least a couple of days and nights when it rained pretty heavily, and it seems fine.

• It looks like an iphone in a holder! Now you might think that's just irrelevant. Actually, we live in London so it means I can't leave it outside to charge, and can't really leave it prominently showing anywhere, in case it gets swiped. Luckily, on holiday we were in the middle of a field with no-one around.

As I said, the design of the thing is v pleasant - nice simple block design that has a robust feel to it, including the little stand bit that folds out. Also the stand has a hole that can be used for standing the thing on a bottle, or hanging it from the ceiling, or strapping it to your back-pack. Neat.

I'm concerned about the LRAD which is apparently being deployed during the Olympics. We citizens don't seem to have a way of knowing if it will be used for backup, general crowd control, or long-term hearing damage. So I wrote to my MP; if you live in London and care about your hearing, maybe write to yours. Here's what I wrote:

Dear [____],

I'm an audio researcher living in [____]. Because of my profession, my hearing is particularly important to me. So I'm a little concerned about the Long-Range Acoustic Device (LRAD) that the MoD has confirmed will be in use during the Olympics, and I'd like to ask you to seek some specific assurance please.

I'm aware that the device has two uses: one is to broadcast messages loudly, and one is as a non-lethal weapon which can damage hearing. The MoD has said the device is "primarily to be used in the loud hailer mode". I'm sure you can imagine that the use of the term "primarily" is a concern to me.

In a given situation, there is no way for anyone except the operator to discern which mode is being used or intended. If I am commuting through London during the Olympics and get caught up in something (a crowd situation of some sort), and an officer points the LRAD at me, I have no way of being reassured that there is no chance of permanent damage. This is why I'd like to ask you to seek very specific assurances.

Could you please press the Ministry of Defence to state specifically:

• Is the LRAD intended to be deployed frequently, or in exceptional circumstances?
• Under what conditions would the LRAD be used with settings that might endanger hearing?
• What rank of officer would be required to authorise the use of LRAD with settings that might endanger hearing?
• What safeguards are in place to ensure that the LRAD will not endager hearing, whether during correct use or operator error?

I hope you can help put these specific questions forward.

Best wishes, [____]

Reference: http://www.guardian.co.uk/sport/2012/may/12/british-military-sonic-weapon-olympics

I have switched my browser's search engine from Google to Bing. I never thought it would come to this!

Years ago I migrated away from Microsoft, disliking what they were doing with their dominance. It feels odd to be deliberately turning to Microsoft now, for a very similar reason.

Google …

I'm writing a simple PHP web application. Normally it outputs HTML, but for linked data purposes I'd also like to be able to output RDF in Turtle format, from the SAME URL. This is achieved using something called content negotiation.

Often you can configure your webserver to do the right …

Geomob was interesting tonight. A couple of notes (for my own purposes really):

The Domesdaymap taking the Domesday project and putting it into a useable searchable map was great - the amazing thing about it is that, despite being one of the most important European surveys in pre-modern times, it wasn't …

We had an interesting conversation here yesterday about designing new musical instruments. We're interested in new instruments and interfaces, and there's quite a vogue for "user-centred design", "experience design" and the like. But Andrew McPherson pointed out this paper by Johan Redstrom with an interesting critique of this move, essentially …