I maintain ml-mdm, a text-to-image diffusion codebase, that contains implementations of my research group’s recent papers
https://github.com/apple/ml-mdm
Any help with DOCS or CODE would be greatly appreciated. I’m happy to have BEGINNER-FRIENDLY contributions as well, there’s a “good first issues” label that we use on GitHub.
We have an active and growing group of external contributors and welcome newcomers.
Could be a fun opportunity to contribute to a machine learning research project and to learn about cutting edge techniques in this subfield.
I'm one of the contributors to this repo, so feel free to comment with any feedback!
The key research contribution from the related paper is that with a moderate amount of data (eg. 12M image pairs from CC12M) and a moderate amount of compute (single node of 8 A-100 GPUs for example) anyone can train a good text to image model using the unique multi scale nested u-net pipeline.
Hope this can help level the playing field for researchers everywhere.
To the comments about this being easy to defeat: when it comes to detecting whether a person submitted a document containing LLM generated text (whether a law document, school essay, work document etc) the real value in a technique like this is high precision, not necessarily high recall.
Yes many people can circumvent this simple watermark technique but for those who don't, it is essentially guaranteed that they used a LLM if their text has clearly atypical unicode marks (Whether U+2004, ligatures, or variant selectors). Thus an organization can feel confident in taking action against the individual who submitted the document.
Whereas right now there are a bunch of dubious "LLM detector" models that output a confidence score that may or may not correspond to whether the person used an LLM. This low precision technique leads to people getting incorrectly accused of using LLM content.
So in my opinion, a world of high precision (but potentially low recall) LLM watermarks using simple techniques is way better than this current high-noise low precision black box world of low quality "LLM detector models"
What I don't get is who will apply the watermark? Certainly not the company running the LLM (why would they degrade the output of a commercial product?). The people submitting text generated by the LLM have no interest to do that. The only people who have interest in this watermark are the recipient but they aren't involved in the production.
>why would they degrade the output of a commercial product?
For PR? It's not a degradation for legitimate uses of AI. It only degrades output being used in an attempt to mislead people. Someone using an LLM to e.g. translate would usually be fine admitting they used it. I'm working under the assumption this isn't intended for something like a code model where it would break things, but only for output being used as readable text.
I’d start by either stepping through the program (gdb, pdb, or a debugger of your choice) or adding more test cases - that’s often a quick way to understand what a piece of code is doing.
Either way I wouldn’t leave it as is, that’s just a recipe for ensuring it becomes even more opaque over time
It may just be a fake scenario but the actual solution there would be to implement the 1 hour fix without a single discussion or email.
Sometimes the best way to tailor words for both engineers and managers is to 1) solve the problem then 2) if the solution was actually difficult, explain how you solved it in simple terms.
Seems like a completely failed program to me. Any organization should be able to quantitatively prove their value on some level. As the article points out, for the DHS to say they do “not have information on [the air marshal program’s] effectiveness” while also averaging a cost of $200 million per arrest is an insane statistic that should immediately require changes in the program.
I haven't checked recently to see if this stat is still true, but at one point the number of people arrested by air marshals was actually lower than the number of air marshals who have been arrested.
The overwhelming majority of the time, "arrests" on airplanes are made by regular passengers and the flight attendants, who beat up the offender then hogtie him with duct tape. Air marshals are completely pointless.
Air marshals may be pointless, but not for this reason.
Air marshals are almost certainly trained not to intervene in minor disturbances. Otherwise a team of hijackers could locate the air marshal by having one person act as an unruly passenger.
> Otherwise a team of hijackers could locate the air marshal by having one person act as an unruly passenger.
For the last twenty years, hijackers (in flights originating from US) are probably always presumed to be suicidal and much less likely to succeed in a hijacking. To the point where I'd assume that they're rarely even attempted.
Perhaps we could end up needing air marshals in the future, a future where many passengers are not old enough to recall or be affected by the terrorist attacks on September 11.
Conversely, as a hijacker, you'd be taking a huge gamble to try and select the one flight where there were no air marshals.
A lot of times, I feel like this whole concept was based on an inherit deterrent and seems to have worked, in conjunction with increased airport screening:
"The number of hijackings has dwindled in recent years. About 50 have been reported since Sept, 11, 2001, and none in the U.S., according to the Aviation Safety Network."
Reinforced cabin doors and knowing that the terrorists want to kill everyone instead of taking hostages has changed the game. I'm not privy to what influences terrorists but it seems like they can no longer commandeer airplanes
If you're going to be hijacking to use the plane as a weapon you aren't going to be worried about the 1 in 10 chance of an air marshall trying to stop you, any more than the near certain attempt of the other 200 people on the plane trying to stop you. There just aren't legions of people out there willing to kill massive amounts of people in this fashion.
The number of bear attacks in Springfield went to zero in 1996 when Homer started Bear Patrol. It's a case of life imitating art.
Before 9/11 you hijacked a plane, flew to Cuba, got some money, and all was well.
Before 9/11 you were a passenger/crewmember on a plane, you flew to Cuba, then got released, and all was well.
9/11 changed that. No longer were passengers and crew safe as long as they complied, no longer were planes allowed to fly around and even be refuelled safe in the knowledge that all it would take is some money to free them.
As such over the course of two hours the calculus changed. Hijacking the first 3 planes worked because nobody expected it. The fourth plane was also hijacked, but the goal (crashing into whatever building) wasn't met because the passengers and crew found out the rules had changed.
If you hvae 5 people willing to kill themselves for your cause, there are better ways to make a political statement now than the risk of hijacking a plane - not because of any potential air marshall, but because of the guarantee of the passengers.
If you heard that more police officers had been arrested than had ever arrested anyone, would it really matter much if those police officers had been arrested as teenagers, or on the job? It's a program that employs people who have caused more incidents of crime than they have intervened to prevent. Not because they're particularly criminal, but because they are particularly useless.
> It's a program that employs people who have caused more incidents of crime than they have intervened to prevent.
Whether that's problematic depends on a lot of things, including whether arresting people is actually the main benefit of them being present.
I have a few dogs. They bark at people walking by on the sidewalk a lot. I've never had someone break into my house. Are the dogs useless as a mechanism to prevent home invasion or burglary, or does knowledge of their presence prevent people from even attempting such? Now consider that I haven't noted whether those crimes are common in my area or not.
Maybe those dogs have growled at guests in my house, making them feel uncomfortable. Should my stance be that they've growled at more guests than intruders they've attacked? Do you feel comfortable making a definitive statement on the value of those dogs and whether the costs outweigh the benefits with the given information, or do you think additional information would be important to discerning that?
At the point at which your dogs have broken into and robbed your neighbor's house more often than they have prevented your house from being broken into; that's the point at which you can compare your dogs to the Air Marshal service.
> more often than they have prevented your house from being broken into
The whole point is that you can't tell whether that's happened with the data presented, regardless of what you compare it to, and no, once is not too many times given the actual thing we're discussing.
If the existence of Air Marshals prevented one more 9/11 type event from happening, or even a few failed attempts (which would be capitalized on by politicians to push their own agendas), then I would without reservation say they are worth it. We just haven't been presented with that data. In some cases it may not exist. Acting like the answer to that is irrelevant is not the correct way to go about it though, in my opinion.
Context is important, lest you prime your reader to make unsupported conclusions. Imagine if instead of doing this to police officers, we insinuated things about arrestees instead.
No, context can be important. If all context were important, you couldn't talk about one thing without talking about every other thing. If your argument about why context is important in this case rests on if a hypothetical fact that "people arrested by police have collectively prevented more crimes than they have committed" would be uninteresting or even unfair without context, I'd deeply disagree.
> Any organization should be able to quantitatively prove their value on some level.
There is danger there with corrupt and immoral organizations. They might just start generating false incidents and then run to save the day to pad their stats "look how effective we are!".
Luckily, that only happens with deeply corrupt organizations. Like for instance FBI [1], when they were sending their informants to mosques in US looking to recruit terrorists. Up until the the members of the mosque ended up reporting the FBI agents to the FBI.
---
Niazi and another mosque member had reported Monteilh to the FBI, claiming that Monteilh was espousing terrorist rhetoric and trying to draw them into a plot to blow up shopping malls
---
> Like for instance FBI [1], when they were sending their informants to mosques in US looking to recruit terrorists. Up until the the members of the mosque ended up reporting the FBI agents to the FBI.
I am not saying what FBI does is good, but this reminds me now that the only way to deal with constant threat of phishing is actually to create false fishing attacks all the time, so that people would be aware of the thread. Could be generally a good approach if the methods employed were more public rather than clandestine.
I'm sure this has something to do with that entire re-organization feeling more like an excuse to create some contracts for companies connected to administration insiders than it did anything actually useful that couldn't have been accomplished without the creation of a huge new department (and several smaller ones).
> averaging a cost of $200 million per arrest is an insane statistic
That depends on the deterrence of having air marshals.
The argument sounds like one that gets brought up here regularly, when executives lay off 90% of the sysadmins because "nothing ever goes wrong, so why are we paying for them?", and teams that are constantly running round looking like heroes for fixing broken stuff all the time get more kudos than the teams that keep things quietly humming along without any issues.
This was my thought as well, but I still think we need evidence of this. If air marshals are primarily there to deal with terrorist threats (and not things like unruly/drunk/whatever passengers), then my feeling is that two things post-9/11 are responsible for the low risk of terrorist acts involving planes (or even just run-of-the-mill ransom-type hijackings):
1. Would-be hijackers can no longer get into cockpits. Pilots would much rather a hijacker kill every passenger and crew member on the plane than gain control of the plane.
2. Passengers don't take shit anymore. They know that, if terrorists successfully take control of a plane, the most likely outcome is that they're all dead. So they'll attack -- and hopefully subdue -- the hijackers.
I expect the effects of #2 have lessened somewhat, given that 9/11 was over 20 years ago, and the memory of it is less raw (not to mention many adults who fly now were young children or not even born in 2001).
If air marshals really do act as a deterrence, there must be some evidence to back that up.
I don't think #2 actually goes away. It's a cultural shift. Prior to 9/11, the advice was always to just stay calm and let the authorities negotiate with the terrorist, because that had in the past generally led to passengers and plane surviving the incident. That level of passivity isn't coming back.
The generated "using it in a sentence" examples are often the funniest (and most absurd) part:
chokebone
choke·bone
the muscle holding a prisoner down, used in controlling an animal or person such as a cat, dog, snake, snakebite, or spider
"he managed to regain the chokebone and win the auction for his 12-year-old daughter"
a bomb which, in addition to the usual stimulants such as caffeine, turns out to be deadly if inhaled by a person having sexual intercourse
"a young man survived a blast of coffeebomb, killing two men and wounding five"
John Carreyrou, the WSJ reporter who first broke much of the Theranos story, just came out with a podcast called Bad Blood the Final Chapter that’ll follow the court case and other recent developments
