Discover more from hrbrmstr's Daily Drop
Drop #274 (2023-06-04): Vacation Drop
LLM Hacker's Handbook; Quirky QRs; WebVM
Apologies to expectant WPE readers and Bonus Drop collectors. This past week has been an especially gnarly long covid week with both the cardio and noggin' fog rearing their ugly, combined heads throughout most of the week.
As such, Thu-Fri was dedicated solely to completing work projects ahead of this week's Down East Hiaitus with #2.1, with no cognitive cycles left to curate or even markdown-ify the filler content for the coming week.
So, the Drop is also on vacation until Sunday, June 11 (which will be a Bonus Drop), with normal Drops resuming the following week.
You won't be left empty-handed, however. As I'll include a mini-version of the WPE along with some other resources which should most assuredly tide many of you over for the coming days.
LLM Hacker's Handbook
This was going to be a WPE with a few more "try this at home" resources, but there's plenty of tasks to complete on a learning path to see how our LLM/GPT overlords can be hacked.
The LLM Hacker's Handbook not only explains the hacks, but gives you exercises to test what you've learned.
You'll learn about some LLM current shortcomings such as "The Hangman Problem" (LLMs can't "remember" things between invocations that aren't made a part of the conversation history), "Math" (LLMs have no inherent capacity for computation;), and "Reasoning" (LLMs can't reason).
There are also tips on techniques like prompt engineering, repetition, context expansion, and mirroring which can help improve LLM performance.
You'll learn a bit more about prompt injection, where the LLM output goes beyond the intended scope, and why this is possible; and, also discover "attack" concepts such as persistence, correction, context expansion, and inversion techniques which can be used for offensive purposes to manipulate LLM output.
The news is not all bad, however. There are plenty of defensive techniques, such as using templated output, blocklisting, and using classifiers to help mitigate (but, sadly, not full prevent) undesirable LLM behavior. (A further note about blocklisting: it turns out you likely want to go this route vs use an allow-list, which seem to be oddly ineffective for LLMs — also note that I'm using the preferred, modern terms vs the ones the article uses.)
You'll also learn about "streaming LLMs" and why they aren't a good idea.
It's a fun, concise read with lots of playground activity.
I can't believe I did not know about "halftone QR codes" before, but now want to QR-ify All The Things. There's a great paper on the backgrond liked in the GH repo code. NOTE: it looks like it's fairly trivial to port the code to other languages, too.
I wonder if I can use the same old school manual decoding techinques to discern their contents.
This was going to be a long-form deep-dive, but I think every reader will be able to experiment with a full linux VM in their browser without much counseling form me.
TL;DR: WebVM is a server-less virtual environment running fully client-side in HTML5/WASM. It's designed to be Linux ABI-compatible, and runs an unmodified Debian distribution including many native development toolchains.
It's powered by the CheerpX virtualization engine, and enables safe, sandboxed client-side execution of x86 binaries on any browser. CheerpX includes an x86-to-WebAssembly JIT compiler, a virtual block-based file system, and a Linux syscall emulator.
It's a tad quriky for me on M1 Macs, so YMMV, but there are tons of exciting possibilities for this technology, since it enables individuals to do something client-side which would have previously meant sending possible sensitive data (or least the signals of what you're doing on said data) to a server that might not be in your control.
Given the ☔️ forecast, there may actually be another Drop or two this week. ☮