This is mainly a misunderstanding due to the way I phrased it. This is what I think. I know for a fact that is the case for other AI researchers having watched many conferences - "all of them" is not what I meant (I wrote "many other") and we certainly need people to approach problems from different perspectives and backgrounds, since they will benefit from each other in the end. Not going to lie I'm a bit disappointed to see these kind of comments.
Fair enough about your motivation, however you also to further in saying that the best way to achieve and exceed human intelligence is to first understand it. That didn't pan out for chess, it hasn't contributed much to our current SOTA approaches to many other problems where LLMs are king, and I'm not sure why neuroscientists are so confident in some future where their field is the key to intelligence when their track record of breakthroughs is so poor.
I admit my phrasing was poor there, and I got too excited. I will clarify since I don't really disagree with you or what others said (claiming it's the best way is an overstatement).
Well, one could say that neural networks pioneers modeled their ideas on simplified brain structures representations. Modern neural networks have little in common with an actual biological brain, however, the inspiration remains there (even for modern NNs like CNNs). I recall the intent was there too, originally: providing a framework to study biological cognition in the 50s. Then it evolved to become a new paradigm in computer science so that we have programs able to learn and adapt for problems that are formally too complicated for deterministic solutions.
I come from a medical science background, where I studied the brain from a "traditional" neuroscience perspective (biology, pathology, anatomy, psychology and whatnot). That the best way is actually to try to recreate it is honestly how I feel whenever I read about AI advancements where the clear goal is to achieve/surpass human intelligence, something we don't fully understand yet.
“What I cannot create, I do not understand.” someone clever once said.
It doesn't really follow that we (humans) have to replicate how we (humans) gained intelligence, there very well could be a shortcut that doesn't involve millions of years of getting eaten by tigers.
LeCun is for sure a source of inspiration, and I think he has a fair critique that still holds true despite what people think when they see reasoning models in action. But I don't think like him that autoregressive models are a doomed path or whatever. I just like to question things (and don't have absolute answers).
I-JEPA and V-JEPA have recently shown promising results as well.
I guess semantics matter. Language is primarily hierarchical, but its presentation is what's linear. And LLMs mainly learn and work from this presentation; the question is, and one of the main points, whether emerging patterns is enough evidence to show that there's hierarchical thinking.
> There's not much signal here, just basic facts about LLMs and then leaps to very bold statements.
The article wasn't supposed to be informative for people who already know how LLMs work. Like the title said, just wanted to write down some thoughts.
> This is just silly. Humans forget things all the time! If I want to remember something I write it down.
The opposite was never stated. Human memory is of course selective.
> Here is an interesting experiment I use to help people understand next token prediction. Think of a simple math problem in your head, maybe 3 digit by 2 digit multiplication. Then speak out every single thought you have while solving it.
Now a point I'm happy to discuss! The process of solving it is actually quite autoregressive-like, but this is also an example of a common pitfall with LLMs: they purely rely on pattern matching because they don't have the internal representation of what they really deal with (algebra). But we all know that.
The main question is whether LLMs taught to reason actually show that they have this kind of representation. They still work very differently I'd say; even for tasks that seem trivial to humans, reasoning LLMs will make a lot of mistakes before arriving at a plausible-sounding result. Because it was trained to reason, there's a higher chance now that the plausible-sounding result is actually correct. But this property is actually quite interesting once applied to complex tasks that would take too much time and overwhelming for humans, and that's where they shine as powerful tools.
> even for tasks that seem trivial to humans, reasoning LLMs will make a lot of mistakes before arriving at a plausible-sounding result.
Like a lot of my coworkers analyzing a production bug? I would agree if the statement were that LLMs were underpowered compared to a human brain today but I'm not seeing evidence that humans do reasoning in a way that can't be correctly modeled.
From your article and comments, it sounds like the take is something like "humans don't actually reason autoregressively" which could be true, I don't know enough to know, but sort of like saying physics models aren't really how nature works: ultimately LLMs are executable models of the world, it's even in the name.
> From your article and comments, it sounds like the take is something like "humans don't actually reason autoregressively" which could be true, I don't know enough to know, but sort of like saying physics models aren't really how nature works: ultimately LLMs are executable models of the world, it's even in the name.
The conclusion states "Language and thought are not purely autoregressive in humans".
Which doesn't mean humans don't have autoregressive components in their thinking. At least that's my opinion. I don't make this bold statement and I don't know enough to know, too.
> Like a lot of my coworkers analyzing a production bug? I would agree if the statement were that LLMs were underpowered compared to a human brain today
Clearly not in the same way and that was what I was trying to explain with regards to the hallucination issue too. Humans are also learning from proofs, can apply frameworks, etc. there's no denying that. But the internal process of an LLM remains pattern matching and sequential prediction whereas there's more to the human's thinking process.
LLMs are underpowered in some aspects that can't be replicated with autoregressive modeling, but are already stronger in other aspects. That is what I think.
> but I'm not seeing evidence that humans do reasoning in a way that can't be correctly modeled.
Me neither, this is not what my stance is, and I'm actually optimistic about it. I just don't think we should be satisfied with only autoregressive modeling if the ambition is to reach or comprehend human-level intelligence.
You seem to continue to make a lot of claims without basis.
> they purely rely on pattern matching
Yes.
> because they don't have the internal representation of what they really deal with (algebra)
Wait what? No. You can't claim this yet as it's an open question. It may well be the case they do have an internal representation of algebra, and even a world model for that matter, if flawed.
I think you need to be more aware of the current research in LLM interpretability. The answers to these questions are hardly as definitive as you make it seem.
I do actually read a lot about LLM interpretability, and this is my own conclusion (should've phrased it like "they don't seem to have"). I do actually consider this an open question, so I'm a bit confused as to why you think this way - perhaps due to my phrasing (I just had a very long flight), but know that is not the case and I always doubt things. In fact I said after the text you quoted that the question is actually quite open (mentioning reasoning models, but to be honest, it's not exclusive to them, just more apparent in some ways).
I might also clarify (here and probably in my article when I have the time to do so). LLMs "do" build internal models in the sense that, at the same time:
- They organize knowledge by domain in a unified network
- They're capable of generalization (already mentioned and acknowledged at the very beginning of the article)
However these models, while they share parallels with human cognition, lack substance and can't replicate (yet) the deep integrated cognitive model of humans. That is where current interpretability research is at, and probably SOTA LLMs too. My own opinion and speculation is that autoregressive models will never get to a satisfying approximation level of the human-level cognition since humans' thinking process seems to be more than autoregressive components, aligning with current psychology. But that doesn't mean architectures won't evolve.
Do not misunderstand that because I said they're pattern matching machines, that they will be unable to properly "think". In fact, the line between pattern matching and thinking is actually quite blurry.
Author here and I welcome the feedback, but I don't really understand your point. My post is clearly not dismissive of efforts to make LLMs reason using CoT prompting techniques and post-training, and I think such efforts are even mentioned. The model remains autoregressive either way, and this reasoning is not some kind of magic that makes them behave differently - these improvements only make them perform (much) better on given tasks.
Additionally, I'm not dismissive of the non-linear nature of transformers which I'm familiar with. Attention mechanism is a lot more complex than a linear relationship between the prediction and the past inputs, yes. But the end result remains sequential prediction. Ironically, diffusion models are kind of the opposite: sequential internally, parallel prediction at each step.
(Note: added note on terminology since the confusion arised by my use of "linearity", which was not referring to the attention mechanism itself. I've read so many papers that are perfectly fine with the use of "autoregressive" for this paradigm that I forgot some people coming from traditional statistics may be confused. Also "based on the last word" was wrong and meant "last words" or "previous words", obviously.)
All that being said, I don't think it's fair to say one doesn't understand how transformers work solely because of semantic interpretation. I appreciate the feedback though!
Not saying that our current approaches will lead to intelligence. No one can know.
It could very well be that the internal mechanism of our thought has an auto-regressive reasoning component.
With the full system effectively "combining" short term memory (what just happened) and "pruned" long-term memory (what relevant things i know from the past) and pushing that into a RAW autoregressive reasoning component.
It is also possible that another specialized auto regressive reasoning component is driving the "prune" and "combine" operations. This whole system could be solely represented in the larger network.
The argument that "intelligence cannot be auto-regressive" seems to be without basis to me.
> there is strong evidence that not all thinking is linguistic or sequential.
It is possible that a system wrapping a core auto-regressive reasoner can produce non-sequential thinking - even if you don't allow for weight updates.
I completely agree. I never said that "intelligence cannot be auto-regressive", I just questioned whether this can be achieved or not this way. And I don't actually have answers, I just wrote down some thoughts so it would sparkle some interesting discussions about that, and I'm glad it did work (a little) in the end.
I also mentioned that I'm supportive of architectures that will integrate autoregressive components. Totally agree with that.
Unsure why you think the storage access framework doesn't let you grant access to a directory. You can literally try it on a relatively modern app such as Lemuroid: the system file picker lets you grant access to your ROMs folder.
Whole access to the shared storage is deprecated by SAF and scoped storage. That doesn't mean there is no way to achieve the same productivity tasks you could achieve before: it's just that now you're granting explicit fine-grained access to the files and folders your app needs.
MANAGE_EXTERNAL_STORAGE still exists and is now reserved for apps that can justify their file management purpose. Since this is a highly privacy-invasive permission, Play Store requires a review for these kinds of apps.
Stock OS ships security updates on the latest major version. It means that you can only get a given patch level on the same version for a given device. CalyxOS wasn't rebased on Android 12 until fairly recently. As of January 2022 (prior to the Android 12 release), their vendor patch level was 2021-10-01 which means that at the time the OS was roughly behind 3 months in updates.
They were also shipping an outdated version of Chromium (v94) during the same period (this is important since Chromium distributions for both CalyxOS/GrapheneOS are updated through OS updates - and Chromium is whitelisted by the OS to provide the WebView, even if you happen to use another browser). Considering their userbase is privacy/security-conscious, I think they should've been aware they were more vulnerable than stock OS for a while.
Looking at their source code it's also evident CalyxOS is increasingly relying on the LineageOS codebase. Not that it's a bad thing (LineageOS has its own goals but they're not necessarily aligned with security-focused projects), but it's worth noting.
You misunderstood what they said. Indeed, Android can have multiple app repositories and this is an integral part of its security model design.
However, for the security model to be respected, each app repository should represent a single source. The device and user management APIs expect that in Android. F-Droid fundamentally bypasses the trust boundaries in that regard by allowing multiple repositories to coexist within a single client.
Not to mention it also results in a terrible UX given that the application IDs are often reused but signed by another party.
> However, for the security model to be respected, each app repository should represent a single source. The device and user management APIs expect that in Android.
This is exactly the point that I was questioning, so it sounds like I understood their point just fine. Do you have a citation for this assertion?
The paper from Google doesn't even mention a repository as a concept.
Here's what it does say:
> Untrusted code is executed on the device. One fundamental difference to other mobile operating
systems is that Android intentionally allows (with explicit consent by end users) installation of
application (A) code from arbitrary sources, and does not enforce vetting of apps by a central
instance.
The Android security model is based on the idea that you can install arbitrary APKs from literally anywhere. If I download an APK through Chrome and install it, I might turn around and download another APK from a different website. If anything, Chrome is more arbitrary in its sourcing of APKs. How does F-Droid break the security model but Chrome doesn't? Alternatively, how does Google allow Chrome to break its own security model?
And again, what is your source for your claim? I'm reading the actual document from Google, and it appears to say exactly the opposite of what you're saying.
This paper is not exhaustive and there is further documentation on the APIs in question on the Android official website. You can easily guess the problem involved with the security model when the OS expects an app repository to represent a source of trust, but the app in question decides otherwise.
Chromium is a particular case, but is still equally considered an untrusted source unless explicitly allowed. Of course, the security model takes into account that apps can be installed from anywhere. That's why they're signed and they're running in their own restricted sandbox.
> You can easily guess the problem involved with the security model when the OS expects an app repository to represent a source of trust, but the app in question decides otherwise.
No, I can't, because as far as I can tell there is no OS-level concept of an app repository. Where are you getting this from? Can you link to the APIs that have this concept documented?
> Of course, the security model takes into account that apps can be installed from anywhere. That's why they're signed and they're running in their own restricted sandbox.
Right. They planned that in. They spelled it out explicitly. Untrusted code from arbitrary sources is allowed if the user opts in. It's not a violation of the security model, it's a particular case that was specifically planned for.
Any regular app can be considered an installer. Such APIs like the one controlled by requireUserAction which allows seamless app updates since Android 12 are declared in the app in question, and can even allow apps to update seamlessly.
The management features, again, expect the app to represent a single source. F-Droid deliberately chooses to manage multiple sources that can also be added by the user within the same app, thus bypassing these features. That's the way they work and again, this paper is not exhaustive and is not in contradiction to anything that has been said (quite the opposite).
You still haven't explained where it is specified that the OS cares about number of "sources". I have cited the original document explaining the Android security model. I have given you the specific paragraphs that show why I think the way that I do.
In return, you suggest that the documentation is out there, but you give no specific pages that I can read. My attempts to find them on my own or through your blog post have been fruitless. Given that the idea that you're putting forward runs directly contrary to the paper that Google published and is contradicted by the behavior of Google's web browser, the burden of proof is now on you. I need your source. Please provide a link to where you arrived at your idea.
You're welcome to search for mentions of sources and app stores, and to browse the references.
Again, the paper is not in contradiction, you misread it. Not to mention, as explained in the original comment you were responding to, F-Droid weakens the security model for various other reasons.
The links you provide say nothing except something I already knew: there is a setting that tells Android to allow installing apps from unknown sources. Which proves... nothing at all.
It's obvious you're convinced you're right, but since you're unable to produce evidence it seems we are at an impasse. I'm done here.
Once again, these management features don't expect an app to bypass the trust boundaries by allowing the user to arbitrarily add repositories. There is a to-be-exposed toggle that allows user profiles to install apps from trusted sources. It wouldn't work with the way F-Droid works. I can't explain more than that.
You have been provided with evidences, but you've been arguing in bad faith since your first comment by misinterpreting the paper. The security model also expects you to download apps from trusted sources because the signature verification is only enforced for app updates, that's a trust-on-first-use model. That notion exists within Android, and you have been given examples.
> In order to ensure that it is the app developer and not another party that is consenting, applications
are signed by the developer.
Back to the original question; it is clearly explained why.
