Jason Michael Perry — Thoughts on Tech & Things

Latest Thoughts

  1. 🧠 CrowdStrike Reminds Us That Dependency Management is a Major Attack Vector

    I’m sure you’re aware of one of the biggest computer shutdowns ever, which has grounded over 2,000 flights worldwide, shuttered hospitals, retail stores, and who knows what else. All because of a faulty automatic update from CrowdStrike—software ironically meant to protect companies—that’s used by a majority of Fortune 500s.

    My take is that this issue has been brewing for some time—automatic updates and increasing failures in dependency management.

    For the non-developers in the room, most modern software is built on tons of dependencies from a combination of open-source and closed-source repositories. When you set up a new project or do an update, a dependency management tool downloads the code from an external source so your application can use it.

    Our software has tons of dependencies, much of this to allow us, as developers, to avoid rebuilding logic that’s already been built. Think database connections, complex math operations, image editing tools, charts and more.

    In 2016, a developer of a package used by tons of software rage-quit over issues with his package’s name, breaking the Internet and bringing down tons of applications around the world.

    This has become an increasingly common attack vector where squatters buy up abandoned packages only to add code that can be used as a back door, or worse, hackers become contributors to popular packages with the goal of injecting malicious code into applications.

    While all eyes point to a mistake by CrowdStrike, it serves as a reminder that our software has become so complex that auto-updates of dependencies, like security software or operating system updates on production platforms without testing, remain a huge door for vulnerabilities.

    IT managers should not let software publish to mission-critical systems, even from their most trusted vendors, without testing and ensuring a ready rollback procedure to get systems quickly up in the case of a failure.

  2. 🧠 OpenAI Introduces ChatGPT 4o Mini

    Not a ton of detail yet, but interesting to see OpenAI push into the realm of Small Language Models—especially with a multimodal model that can easily understand audio, video, images, and text.

    The round-trip latency cost of calling services on the Internet can make or break AI-powered hardware—just look at the Humane pin.

    Powerful small models that run locally can open the door to super-fast response times that happen locally, and with fewer privacy concerns.

    Of course, details are super slim, but if OpenAI plans to license ChatGPT 4o Mini to hardware makers it could open the door to tons of exciting new products that actually work.

  3. 🧠 Is Meta’s Multi-Token Prediction Model A Game-Changer?

    Meta just released a multi-token prediction model that could cut down inference, the process where a model responds to a prompt, speed by 3x.

    Existing LLMs work like autocomplete, predicting the next token or word in a sequence. This novel approach looks to predict 2-4 words in a sequence all at once, allowing for faster response times.

    Meta released the model under a research license using Hugging Face, continuing to solidify its place as the open-source AI leader. I keep saying it, but who would have thought Meta would be blazing new paths?

  4. 🧠 Should Governments Have Backdoor Access to Encrypted Devices?

    Should law enforcement have a backdoor to our phones or digital worlds? This question seems to pop up every few years, often following a tragic event—in this case, the phone of an attempted assassin.

    In my opinion, end-to-end encryption makes a backdoor impossible, as any method to design one would create a loophole that hackers could exploit to access information. For example, consider the TSA’s requirement to have access to all luggage. The idea was that only TSA officials would have a backdoor key to open luggage, keeping it safe. However, like many well-intentioned plans, that key is now easily available on the internet, meaning no luggage is actually safe.

    So far, there’s no news on whether this is an iPhone or an Android device, but let’s see. Where do you stand? Should end-to-end encryption be allowed without exceptions? Should governments have the right to require backdoors into encryption?

  5. 🧠 OpenAI Reveals the 5 Steps to AGI

    Bloomberg reported on OpenAI’s five levels AI must meet to achieve Artificial General Intelligence (AGI). Currently, OpenAI says ChatGPT 4o is at level 2.

    • Level 1: Chatbots, natural language
    • Level 2: Reasoners, can apply logic and solve problems at a human level
    • Level 3: Agents, can perform additional actions
    • Level 4: Innovators, can make new inventions
    • Level 5: Can do the work of an entire organization

    Each ChatGPT release pushes us closer to the next level. ChatGPT 3.5 is level 1, providing a chatbot that could understand and respond to natural human language. ChatGPT 4o, a multimodal model, is level 2, able to reason and solve problems, surpassing human performance on many tests.

    The next milestone, potentially with ChatGPT 5.0 in 2025, will be level 3, envisioning an AI acting as an independent agent, able to read emails, understand content, and perform tasks without direct human prompting.

    Level 4 aims for innovation, where AI not only learns but also creates new ideas and solutions.

    Level 5 represents the ultimate goal, where AI can manage an entire organization, handling multiple tasks and actions autonomously. Think of Rosy from “The Jetsons” managing a home—scheduling, cleaning, cooking, and maintaining order without human intervention.

    Sam Altman, CEO of OpenAI, suggests that we might achieve AGI before the end of the decade. Who knows what ChatGPT 7 or 8 might bring? All before 2030.

  6. 🧠 Creating Virtual Worlds with Text-to-3D

    Meta’s announcement of text-to-3D is an obvious next step in the company’s mixed reality goals. For a few months, I’ve used an AI tool named Meshy that allows you to create 3D assets and export them as USDZ files. Once in this format, it’s easy to grab and manipulate these 3D assets on Apple Vision Pro or Meta Quest as real-world AR objects.

    This announcement is just the start of some cool social media capabilities in Meta’s Horizon environment, allowing you to create virtually anything from photos or text and transform them into 3D objects you can wear.

    Imagine uploading a favorite dress, pair of shoes, or a weapon from a cartoon and instantly converting that object into a 3D object you can mount in a 3D environment or place on a virtual avatar. It’s early days, but bit by bit, the groundwork is being laid to make all of this possible.

  7. 🧠 Would You Sell Your Digital Self?

    On his death, Wendy’s founder Dave Thomas gave the company the right to digitally recreate him for ads. In 2002, that seemed crazy, but today, de-aging tech and body scans have reached a point where reality and fiction have blended.

    ElevenLabs recently announced a deal to buy the voice rights of deceased celebrities from their estates, allowing companies to pay to use their voices for various projects, like audiobooks.

    With AI recreations of Marilyn Monroe and hologram 2Pac at concerts, it’s possible to imagine artists who, through their estates, continue to create music, act, and write books through digital avatars long after their death.

    Should this be normalized? Would you sell the rights to your digital self to help provide for your family after you leave?

  8. 🧠 When Solar Companies Go Dark

    Earlier today, I mentioned a car becoming a brick, but another place where this phenomenon is playing out is with solar power. Solar companies have had a tough time lately, as have many businesses in the face of rising interest rates. The unexpected consequence is that people who own solar panels can’t get the hardware maintained.

    Thankfully, many of these systems are built to work when the power is off and Internet connectivity is impossible. However, some of the more advanced solar panels I’ve considered for my home include numerous IoT or connected features that need the power of backend services to function properly.

    Maybe companies that offer connected devices or warranties should be required to save money to fund these systems in their untimely demise?

  9. 🧠 When Your Car Becomes a Brick

    Almost any device you buy today is a connected device that is essentially bricked without servers and the Internet. I’ve mentioned the pain this can cause when businesses fail and instantly your speakers, home automation, or other products just stop working.

    As our toys get bigger, the stakes of what this means get higher. Take the recent bankruptcy of EV car maker Fisker. Some of the car’s features need access to online services to work, and some features require OTA (over-the-air) updates to get enabled. While cars from old, non-existent brands like Saturn can run today with no issues, a Fisker and other connected cars have much more complex software that stands to limit what’s possible when and if the company shuts down its services.

    It’s not uncommon for today’s cars to respond to recalls by releasing software updates that fix issues. Fisker has made it clear that it can and will not provide any updates beyond its recently released version 2.1 update. That has to be a hard pill to swallow after spending $70k on a car that is now valued for 14k.

  10. 🧠 Tesla lays off Supercharger team

    Man, this is the dumbest decision I’ve seen.

    I test-drove many EVs before deciding on getting a Tesla Model 3, and the deciding factor was unquestionably the supercharger network. It is the best in the US and a huge differentiator for Tesla.

    Even if the supercharger network diverted resources from the company’s core goals, there were better alternatives. Selling or, better yet, spinning off as a JV could have preserved the invaluable institutional knowledge of the 500-person team.

    Keep in mind that this is the same team that just convinced every US car maker to make NACS the Tesla Charging standard the de facto US standard. In doing that, they opened the company to receive cash from Biden’s NEVI program. They’re getting free cash from us and the US government to expand this network.

    If you see something I’m missing, please let me know in the comments, but this single move seems like the best way to destroy one of the company’s best competitive advantages.