Welcome to the Techmeme Ride Home for Thursday, February 29th, 2024, I'm Brian McCalla. Today, the SEC has subpoenaed OpenAI. What if The Vision Pro Is Selling Better Than Even Apple Thought? Beware of the repo attack affecting GitHub, beware of the video doorbells that are ridiculously easy to take over, and is robotics the next big tech industry we need to be paying attention to. Here's what you missed today in the world of tech.
I was wondering if the feds were going to take a look at this. Sources are telling the journal that the US SEC has sent a subpoena to OpenAI. They did so in December, actually seeking internal records after the board's decision to fire Sam Altman as CEO back in November. SEC officials based in New York are conducting the investigation and have asked that some
senior OpenAI officials preserve internal documents. The SEC enforces laws that forbid people from misleading investors regardless of whether fundraisers seek capital and public or private markets. The SEC often closes investigations without making formal accusations of wrongdoing. Some of the people familiar with the investigation described it as a predictable
response to the former OpenAI board's claim in its November statement. One of the people said that the SEC hasn't pointed to any specific statement or communication by Altman that it has deemed misleading. The SEC's civil investigation has been percolating in the background as OpenAI officials pitched investors as part of its recently closed tender offer, which valued the AI juggernaut behind viral chatbot chat GPT at more than $80 billion.
The SEC probe abs to a growing list of government and legal challenges confronting OpenAI, reflecting intense global scrutiny of the company's business practices and impact on the world. It also shows how the company is still dealing with the fallout from the failed Alster of Altman last year. At that time of the leadership turmoil, OpenAI executives started getting questions from regulators and law enforcement entities such as the Manhattan U.S. Attorney's Office
about the board's accusation of Altman's lack of candor. The Wall Street Journal reported in November. That criminal investigation is ongoing. People familiar with the matter said its focus couldn't be learned. Government officials in the U.S. and Europe also have launched competition inquiries into the relationship between OpenAI and Microsoft, which also has a commercial partnership with the company. Another day, another one of these, sadly, EA plans to cut 5% of its workforce, part
of a plan that includes reducing office space and sunsetting some games. EA employed 13,400 workers as of March of last year, quoting CNBC. EA CEO Andrew Wilson wrote in a memo to employees on Wednesday that the video game company is, quote, streamlining our company operations to deliver deeper, more connected experiences for fans everywhere. We are continuing
to optimize our global real estate footprint to best support our business. Wilson wrote in his Wednesday note, we are also sunsetting games and moving away from development of future licensed IP that we do not believe will be successful in our changing industry. And, quote, Wilson added that the cuts will enable EA to focus more on its, quote, biggest opportunities, including our own IP sports and massive online communities. End quote.
A couple of weeks ago, the internet were abuzz with anecdotal stories of people returning their Apple Vision pros while they still could. This led to a general assumption that maybe the Vision Pro was having a disappointing launch. But what this segment presupposes is, maybe that wasn't true. According to Apple analyst Ming Chi Quo, Vision Pro demand is actually higher than Apple originally expected with US shipments expected to hit 200 to 250,000
units this year. Return rates, according to Quo, are also now below 1% with some caveats, including 9 to 5 Mac. Quo noted that shipping times peaked at well over a month with some pre-orders placed on January 19th, getting shipping dates into early March. This has since reduced to just a few days, suggesting that production is now keeping pace with demand. Vision
Pro shipping time has now improved to three to five days, early March. The shipping time after pre-orders opened on 19th January was an early March, meaning that although Vision Pro sold out after pre-orders opened due to early adopters buying it, demand for the device declined rapidly and has stayed the same. Quo said that current estimates of 2024 sales are considerably higher than Apple originally expected, though the ranges he cites
are large. Apple has asked suppliers to increase production, which Quo believes is due to a mix of relatively high US demand and plans to roll out sales to other countries in the coming months. Quo said demand for the Vision Pro in the US has, quote, slowed down significantly
since the headset launched there on February 2nd. He estimated that US shipments of the headset will total 200 to 250,000 units this year, which he said is better than Apple's original estimate of 150 to 200,000 units, but it is still what he calls a quote, niche market. In recent weeks, there was a lot of discussion about Vision Pro returns on social
media. However, based on his inspection of the, quote, repair refurbishment production line for the headset, quote, estimated that the current return rate is less than 1% and, quote, quoting Apple insider, according to my inspection of the repair slash refurbishment production line, the current return rate for Vision Pro is less than 1% with no anomalies. Quo said in his medium post on Wednesday, it is worth noting that 20 to 30% of the returns
are due to users not knowing how to set up Vision Pro, end quote. Data collected by Apple Insider over the years suggests that this is about the same as the pro line of iPhones return to retail. In the first month, the rate of return on those is about 1.2% with the non-pro return rate at about 1.4%. About two years ago, a source within AT&T told us that their rate of smartphone returns from all vendors combined is about 2.5% of all units sold
after the first month of release. They acknowledged to us at the time that iPhone return rates were less than half of that, end quote. Want to run your own code generating AI model, but don't want to pay someone else to do that? Well, ServiceNow, Hugging Face and Invidia have released free code generating AI models, StarCoder 2, 3B7B and 15B, the first two of which can run on most modern consumer GPUs. Quoting TechCrunch. StarCoder 2 is on a single code generating model, but rather
a family. The 3 billion parameter model was trained by ServiceNow, the 7 billion parameter model was trained by Hugging Face and a 15 billion parameter model was trained by NVIDIA, the newest supporter of the StarCoder project. Like most other code generators, StarCoder 2 can suggest ways to complete unfinished lines of code as well as summarize and retrieve snippets of code when asked in natural language, trained with 4x more data than the original
StarCoder, 67.5T versus 6.4T. StarCoder 2 delivers what Hugging Face ServiceNow and NVIDIA characterize as, quote, significantly improved performance at lower costs to operate. StarCoder 2 can be fine-tuned in a few hours using a GPU like the NVIDIA A100 on first or third
party data to create apps such as chatbots and personal coding assistance. And because it was trained on a larger and more diverse data set than the original StarCoder around 619 programming languages, StarCoder 2 can make more accurate context-aware predictions, at least hypothetically, and quote, quoting venture beats.
While BigCode's original StarCoder LLM debuted in 115 billion parameter size and was trained on about 80 programming languages, according to BigCode, the training data for the new models known as the stack was more than 7 times larger than the one used last time. More importantly, the BigCode community used new training techniques for the latest generation to ensure that the models can understand and generate low resource programming languages
like Coball, Mathematics, and Program Source Code discussions. While it remains to be seen how well these models perform in different coding scenarios, the companies did note that the performance of the smallest 3B model alone matched that of the original 15B StarCoder LLM end quote. But caveat caveat, quoting TechCrunch again.
StarCoder 2 license might prove to be a roadblock for some. StarCoder 2 is licensed under the BigCode Open Rail M1.0, which aims to promote responsible use by imposing light touch restrictions on both model licensees and downstream users. While less constraining than many other licenses, Rail M isn't truly open in the sense that it doesn't permit developers to use StarCoder 2 for every conceivable application. Medical advice giving apps are strictly off limits,
for example. Some commentators say, Rail M's requirements may be too vague to comply with in any case, and that Rail M code conflict with AI-related regulations like the EU AI Act end quote. Couple of servicemen news you can use, pieces now, first up for devs. Be aware that researchers have found an ongoing repo confusion attack which involves cloning existing repos and infecting them with malware loaders, impacting more than 100,000 GitHub repos. Quoting ours technical.
The malicious repositories are clones of legitimate ones, making them hard to distinguish to the casual eye. An unknown party has automated a process that forks legitimate repositories, meaning the source code is copied so developers can use it in an independent project that builds on the original one. The result is millions of forks with names identical to the original
one that add a payload that's wrapped under seven layers of obfuscation. To make matters worse, some people unaware of the malice of these imitators are forking the forks, which adds to the flood. Given the constant churn of new repos being uploaded and GitHub's removal, it's hard to estimate precisely how many of each there are. The researchers said the number of repos uploaded or forks before GitHub removes them is likely in the millions.
They said the attack quote impacts more than 100,000 GitHub repositories. Supply chain attacks that target users of developer platforms have existed since at least 2016 when a college student uploaded custom scripts to Ruby Gems, PiPy and NPM. The script's bore name similar
to widely used legitimate packages, but otherwise had no connection to them. A phone home feature in the student script showed that the imposter code was executed more than 45,000 times on more than 17,000 separate domains and more than half the time his code was given all powerful administrative rights. Two of the affected domains ended in a dot MIL, an indication
that people inside the US military had run his script. This form of supply chain attack is often referred to as typosquoting because it relies on users making small errors when choosing the name of a package they want to use. The flow of this particular campaign
is simple. Cloning existing repos, for example, Twitter, Followbot, WhatsAppbot, Discord, BoostTool, TwitchFollowbot and hundreds more, infecting them with malware loaders, uploading them back to GitHub with identical names, automatically forking each thousands of times, then covertly promoting them across the web via forums, Discord, etc. Developers who use any of the malicious repos in the campaign unpack a payload buried under seven layers
of obfuscation to receive malicious Python code and later an executable file. The code, mainly consisting of modified versions of the open source, BlackCapGrabber then collects authentication cookies and logging credentials from various apps and sends them to a server controlled by the attacker. The researcher said the malicious repo, quote, performs a long series of additional malicious activities. Factors, delicious ready-to-eat meals make eating
better every day easy. Wherever tomorrow takes you, be ready with pre-prepared chef-crafted and dietician approved meals delivered right to your door. You'll have over 35 different options each week to choose from, including keto, calorie smart, vegan plus veggie, and more. And there's even more to enjoy with our 55 nutrition packed add-ons that help you make your weekly meal planning even more delicious. What are you waiting for? Get
started today and have a feel-good week of meals ready to go. These are my wife's go-to lunch solutions because they're ready in two minutes. We've done the math. Factor is less expensive than takeout and every meal is dietician approved to be nutritious and delicious. Factor is the perfect solution if you're looking for fast upscale options done easily. Get as much or as little as you need by choosing 6 to 18 meals per week.
Plus you can pause or reschedule your deliveries anytime. Factor meals are 100% ready to heat and eat so there's no prepping, cooking, or cleanup needed. Head to FactorMeeals.com-ride50 and use code ride50 to get 50% off. That's code ride50 at FactorMeeals.com-ride50 to get 50% off. And the news you really need to use if you're using an off-brand video doorbell. Researchers have found serious security flaws in cheap video doorbells sold by a Chinese
company under various brand names on Amazon, Sheen, and other sites. Quoting consumer reports. Blair and Delaraca discovered the problems while evaluating a number of video doorbells for our regular ratings program. They were sold under two brand names. Eekin and Tuck. The two devices stood out not just because of the security problems but also because they appeared to be identical right down to the plain white box they came in despite
having different brand names. Online searches quickly revealed at least 10 more seemingly identical video doorbells being sold under a range of brand names all controlled through the same mobile app called iWit, AIIT which is owned by Eekin. We bought two of these products sold under the fishbot and rake blue brands and found the same vulnerabilities.
The security issues are serious. People who face threats from a stalker or a strange abusive partner are sometimes spied on through their phones, online platforms, and connected smartphone devices. The vulnerabilities CR found could allow a dangerous person to take control of the video doorbell on their target's home, watching when they and their family
members come and go. First these doorbells expose your home IP address and Wi-Fi network name to the internet without encryption, potentially opening your home security network to online criminals. Security experts worry there could be more problems including poor security on the company servers where videos are being stored. The fact that they aren't using encryption is egregious says Bo Woods, a digital security researcher with the Cyber
Security Advocacy Group, I am the cavalry. It indicates there may be a whole host of bad practices. He said, quote, the video doorbells pose a special threat to individuals who are in danger from people who know where they live. Anyone who can physically access one of the doorbells can take over the device. No tools or fancy hacking skills needed. Let's imagine that an abusive ex boyfriend wants to watch the comings and goings of
his former partner and her children. He'd simply need to create an account on the iWit smartphone app, then go to his target's home and hold down the doorbell button to put it into pairing mode. He could then connect the doorbell to a Wi-Fi hotspot and take control of the device. As the new quote owner of the device, he could now watch who comes and goes and when. And he can see the device's serial number. That's dangerous because of
the company's poor security systems. When the stalker pairs the device to his phone, the original owner will get an email saying she no longer has access to the device. That might seem like a small technological glitch she can solve by simply repairing the device with her own phone, taking back control. But once the stalker has the serial number, he
can continue to remotely access still images from the video feed. The consumer reports journalists provided the serial number to Blair to allow him to remotely access her camera. No password is needed or even an account with the company and no notification is sent to the doorbell's owner. Finally, interesting raise from my company we've discussed previously. Humanoid robot maker figure AI confirms it has raised $675 million at a $2.6 billion valuation and is showing
off a general purpose robot called figure one or figure zero one. I can't remember how I said that last time. Quoting CMBC founded in 2022 figure AI has developed a general purpose robot called figure zero one that looks and moves like a human. The company sees its robots being put to use in manufacturing shipping and logistics warehousing and retail, where quote labor shortages are most severe. Though its machines aren't intended for
military or defense applications. Earlier this week the company released a video showing figure zero one in action. The robot attached to a tether walks on two legs and uses its five finger hands to pick up a plastic crate then walks several more steps before placing the box on a conveyor belt. Figures ultimate aim for figure zero one is to be able to perform everyday tasks autonomously. The company says getting there will require it to develop
more robust AI systems. Meanwhile figure is part of a crowded field of companies vying to make humanoid robots a reality. Amazon backed agility robotics plans to open a factory that can produce up to 10,000 of its bipedal digital robots per year. Tesla is also trying to build a humanoid robot called optimist while robotics company boss and dynamics has developed several models. Norwegian humanoid robot startup one X technologies recently raised
a hundred million dollars with backing from open AI. The market is nascent analyst at Goldman Sachs expect the humanoid robot market to reach thirty eight billion dollars by twenty thirty five and project that more than two hundred and fifty thousand units could be shipped in twenty thirty and quote. All these years robotics has seemed like a someday
a down the road industry a maybe industry. But if the investing hype around AI enabled robotics bears out we could soon be regularly talking about the robotics industry on the show like we do any other industry self-driving cars AI social media any other techniques we talk about. And nothing for you today talk to you tomorrow.