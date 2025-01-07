Despite its 31 days, December is a short month. It’s hard for announcements and happenings other than office parties to get attention. Fighting this trend, OpenAI made a series of announcements: their “12 Days of OpenAI.” Not to be upstaged, Google responded with a flurry of announcements, including their Gemini 2.0 Flash Thinking model. Models appeared that could use streaming audio and video for both input and output. But perhaps the most important announcement was DeepSeek-V3, a very large mixture-of-experts model (671B parameters) that has performance on a par with the other top models—but cost roughly 1/10th as much to train.

AI

Programming

Security

Portspoof is a security tool that causes all 65,535 TCP ports to appear open for valid services. It emulates a valid service on every port. It makes it difficult for an attacker to determine which ports are actually open without probing each port.

Let’s Encrypt, which issues the certificates that websites (and other applications) use to prove their identities, has announced short-lived certificates that expire after six days. Short-lived certificates increase security by minimizing exposure if a private key is compromised.

Because of the continued presence of attackers within telecommunications networks, the US FBI and CISA have recommended the use of encrypted communications protocols. (Though they still want backdoors into encryption systems, which would make them vulnerable to attack.)

A new phishing attack uses corrupted Word documents to bypass security checks. While the documents are corrupt, Word is able to recover them.

LLM Flowbreaking is a new class of attack against language models that prevent guardrails from stopping objectionable output from reaching the user. These attacks take advantage of race conditions in the application’s interaction with users.

Bootkitty is a UEFI bootkit that targets secure boot on Ubuntu systems. It appears to have been developed by cybersecurity students in Korea, then leaked (possibly accidentally). It hasn’t yet been found in the wild, but when it is, it will be a dangerous threat.

DEF CON has started a project to improve cybersecurity for water infrastructure in the US. They’re starting with six water companies serving rural communities.

Quantum Computing

Google has built a quantum computing chip in which an error-corrected logical qubit can remain stable for an hour. It passes the “below threshold”: the error rate decreases as physical qubits are added for error correction. The chip was built in Google’s new fabrication facility.

Web

Google is adding “store reviews” to Chrome. Reviews are AI-generated summaries of reports from well-known sources that report scams and other issues.

Here’s a how-to on building streaming text user interfaces on the web. Streaming text is almost a necessity for building AI-driven chatbots.

Biology

Yes, we can have virtual taste. A research group has developed a lollipop interface so that people can experience taste in virtual worlds.