Here are a few in Degar style I made after training for 2,500 steps. I'd love to hear what you think of them. To my (untrained) eye, they seem a little too defined, perhaps?
Yep absolutely nothing like degas well I take that back. I think it picked up some favorite colors/tones. But it has no concept of the materials or poses or composition. So plasticky! Compare to https://images.app.goo.gl/JiDRYNNKUP9tczkQ7
I suspect it really needs more training examples. The problem I found when I looked for images to use was that 60% were of dancers, and from past experience, it will end up trying to fit a dancer into every image you create. But of course, there are only a (small) finite number of Degas images that you can train with.
A possible solution may be to incorporate artificial images in the training data. So, create an initial LoRA with the original Degas images and generate 500 images. From those generated images, pick the ones that most resemble Degas. Add those to the training set and train again. Repeat until (hopefully) it learns the correct style.
I'm curious to give this a go. I've been training a lot of LoRAs for FLUX dev recently (purely for fun). I'm sure there must be a way to get this working.
With fal, you can train a concept in around 2 minutes and only pay $2. Incredibly cheap. (You could also use it for training a style if you wanted to. I just found I seem to get slightly better results using Replicate's trainer for a style.)
$2 for 2 minutes? Can't you get less than $2 for 1 hour using GPU machines from providers like runpod or AirGPU? I found it a bit expensive to use replicate and fal after 10 minutes of prompting.
I have not used runpod or airgpu, and not affiliated.
Yes, renting raw compute via Runpod and friends will generally be much cheaper than renting a higher level service that uses that compute e.g. fal.ai or Replicate. For example, an A6000 on fal.ai is a little over $2/hr (they only show you the price in seconds, perhaps to make it more difficult to compare with ordinary GPU providers); on Runpod an A6000 is less than half that, $0.76/hr in their managed "Secure Cloud." If you're willing to take some risk of boxes disappearing, and don't need much security, Runpod's "Community Cloud" is even cheaper at $0.49/hr.
Similar deal with Replicate: an A100 there is over $5/hr, whereas on Runpod it's $1.64/hr.
And if you use the "serverless" services, the pricing becomes even more astronomical; as you note, $1/minute is unreasonably expensive: that's over 20x the cost of renting 8xH100s on Runpod's "Secure Cloud" (and 8xH100s are extreme overkill for finetuning image generators: even 1xH100 would be sufficient, meaning it's actually 160x markup).
Happy to help! It's a lot of fun. And it becomes even more fun when you combine LoRAs. So you could train one on your face, and then use that with a style LoRA, giving you a stylised version of your face.
If you do end up training one on yourself with fal, it should ultimately take you here (https://fal.ai/models/fal-ai/flux-lora) with your new LoRA pre-filled.
Then:
1. Click 'Add item' to add another LoRA and enter the URL of a style LoRA's SafeTensor file (with Civitai, go to any style you like and copy the URL from the download button) (you can also find LoRAs on Hugging Face)
2. Paste that SafeTensor URL as the second LoRA, remembering to include the trigger word for yourself (you set this when you start the training) and the trigger word for the style (it tells you on the Civitai page)
3. Play with the strength for the LoRAs if you want it to look more like you or more like the style, etc.
I want to make a LoRA of Peokudin-Gorskii photographs from the Library of Congress collection and they have thousands of photos, so I’m curious whether that’s effective for autogenerating the caption for images.
It's funny you should ask. I recently released a plugin (https://community-en.eagle.cool/plugin/4B56113D-EB3E-4020-A8...) for Eagle (an asset library management app) that allows you to write rules to caption/tag images and videos using various AI models.
I have a preset in there that I sometimes use to generate captions using GPT-4o.
If you use Replicate, they'll also generate captions for you automatically if you wish. (I think they use LLaVA behind the scenes.) I typically use this just because it's easier, and seems to work well enough.
"Semantic Cache is a tool for caching natural text based on semantic similarity. It's ideal for any task that involves querying or retrieving information based on meaning, such as natural language classification or caching AI responses. Two pieces of text can be similar but not identical (e.g., "great places to check out in Spain" vs. "best places to visit in Spain"). Traditional caching doesn't recognize this semantic similarity and misses opportunities for reuse."
I strongly advise not relying on embedding distance alone for it because it'll match these two:
1. great places to check out in Spain
2. great places to check out in northern Spain
Logically the two are not the same, and they could in fact be very different despite their semantic similarity. Your users will be frustrated and will hate you for it. If an LLM validates the two as being the same, then it's fine, but not otherwise.
I agree, a naive approach to approximate caching would probably not work for most use cases.
I'm speculating here, but I wonder if you could use a two stage pipeline for cache retrieval (kinda like the distance search + reranker model technique used by lots of RAG pipelines). Maybe it would be possible to fine-tune a custom reranker model to only output True if 2 queries are semantically equivalent rather than just similar. So the hypothetical model would output True for "how to change the oil" vs. "how to replace the oil" but would output False in your Spain example. In this case you'd do distance based retrieval first using the normal vector DB techniques, and then use your custom reranker to validate that the potential cache hits are actual hits
I see no real difference between 2 and 3. Once the data has left your device, it has left your device. There is no getting it back and you no longer have any control over it.
This #2, so-called "Private Cloud Compute", is not the same as iCloud. And certainly not the same as sending queries to OpenAI.
Quoting:
“With Private Cloud Compute, Apple Intelligence can flex and scale its computational capacity and draw on larger, server-based models for more complex requests. These models run on servers powered by Apple silicon, providing a foundation that allows Apple to ensure that data is never retained or exposed.“
“Independent experts can inspect the code that runs on Apple silicon servers to verify privacy, and Private Cloud Compute cryptographically ensures that iPhone, iPad, and Mac do not talk to a server unless its software has been publicly logged for inspection.”
“Apple Intelligence with Private Cloud Compute sets a new standard for privacy in AI, unlocking intelligence users can trust.”
"We make the hardware and we pinky promise that we will protect your data and will open source part of it" means nothing for privacy. Especially when things like warrants come into play.
How would a warrant work in this case? Using Silicon Data Protection[0] the hash of the currently running firmware (of both the AP _and_ the SEP) is locked into hardware registers in the PKA engine used by the SEP. This hash perturbs the key derivation, and the PKA engine can also attest to the running firmware hash(es) by using an EC key only available to it (they call this BAA, Basic Attestation Authority).
iOS won't send any data to a PCC that isn't running a firmware that's been made public in their transparency logs and compute nodes have no way to be debugged in a way that exposes user data[1]
And at the end of the day, this is going to give the warrant holder a handful of requests from a specific user? Why wouldn't they use that same warrant to get onto the target's device directly and get that same data plus a ton more?
Apple controls the hardware and the private keys baked into the hardware. If one of their servers can decrypt the payload, they can intercept, duplicate, and decrypt the payload and its response. I'm sure this'll start a long fight between law enforcement and Apple after the first warrant hits and Apple claims it can't comply.
Warrants to hack devices are a lot less common and generally harder to obtain. That's why police will send Google warrants for "give us info on every device who has been in a radius of x between y and z time".
I'm sure Apple did their very best to protect their users, but I don't think their very best is good enough to warrant this kind of trust. A "secure cloud" solution will also tempt future projects to use the cloud over local processing more, as cloud processing is now readily available. Apple's local processing is a major advantage over the competition but I doubt that'll stay that way if their cloud solution remains this integrated.
Your example indicates a situation where law enforcement does not know which device belongs to their suspect, if they even have one. That's a very different scenario from a targeted "tell us the requests belonging to this individual".
Warrants to search a device are extremely common place, otherwise the likes of Grayshift and Cellebrite would not be around.
From a threat modeling perspective compromising PCC is high risk (Apple's not just going to comply and the fight will be very public, see the FBI San Bernardino fight) , high effort (Long protracted court case), low reward (I only see requests that are going to get shipped off to the cloud). If I were law enforcement I'd explore every other avenue available to me before I go down that particular rabbit hole which is exactly what this design is intended to achieve.
I think it boils down to that it doesn't matter what they promise, if you send a videocap of all you ever do on your computer to some company on the internet, you just have to take your chances. Would you put mics and cameras in all of your rooms in your home that send data to Apple (or someone else) to analyze "for your benefit" even if they say and promise they won't do anything bad with the feeds?
At least with gmail and chat clients etc. things are somewhat put in compartments, one of the services might screw up and do something with your emails but your Messenger or WhatsApp chats are not affected by that, or vice versa. But when you bake it into the OS (laptop or phone) you're IMHO taking a much bigger risk, no matter what the intentions are.
There is nothing which Apple Intelligence can do that a hypothetically evil Apple couldn't have done before, given sufficiently treacherous code in their operating systems. Thus if you use an Apple device, you're already trusting Apple to not betray you. These new features don't increase the number of entities one must place their trust in.
Whereas with apps like Gmail and WhatsApp on an iPhone, you must trust Google and Meta in addition to Apple, not in place of Apple. It doesn't distribute who you trust, it multiplies it.
I still think it's a big difference between trusting existing OS'es and apps, which are under scrutiny by hundreds of security researchers and thousands of security nerds all the time, and willingly sending away all your data to a party who promises they will treat it well (I know it doesn't work like this in this case, but just for the sake of argument).
In essence, what you're doing is training an assistant to learn all of your details of your life and habits and the question is if that "assistant" is really secure forever. Taken to the extreme, the assistant becomes a sort of "backup" of yourself. But yeah it's an individual decision with the pro's and con's of this.
I think that's fair, but impractical for most users. I have a number of Home Assistant integrations with locally hosted AI models for smart home features, but I wouldn't expect my grandma to set up a server and a few VMs when she could just give her HomePod a prompt that works with AI and have no worries about the implementation. Do you feel like Apple's "independent" auditing is insufficient?
> Do you feel like Apple's "independent" auditing is insufficient?
Yeah, pretty much
Also, your grandma might not setup a VM, but it sounds like the off-device processing is essentially stateless, or at most might have a very lightweight session. It seems like the kind of thing one person could setup for their family (with the same tamper-proof signatures, plus physical security), or provide a privacy focused appliance for anyone to just plug into a wall, if they wanted to.
I have been involved in security audits for 110% closed code, code that's secret even within the company.
Auditing helps the company writing it, the auditors are usually experts in breaking stuff in fun ways, and it's good for business - we could slap "code security audited by XXX" on the sales pitch.
From. what I can tell, Apple doesn't actually provide the source code itself, or provides the (cryptographically verified) binaries and VMs to run it. Reverse engineering will still need to take place, it seems.
I will trust independent audits of local code and local hardware. There are still plenty of opportunities for someone to send out malicious patches, but the code running can (and probably will) be analysed by journalists looking for a scoop and security researchers looking for a bug bounty.
I have no idea what code is running on a server I can't access. I can't exactly go SSH into siri.apple.com and match checksums. Knowing Apple's control freak attitude, I very much doubt any researcher permitted to look at their servers is going to be very independent either.
Apple is just as privacy friendly as ChatGPT or Gemini. That's not necessarily a bad thing! AI requires feeding lots of data into the cloud, that's how it works. Trying to sell their service as anything more than that is disingenuous, though.
> I have no idea what code is running on a server I can't access.
That's like... the whole point? You have some kind of hardware-based measured boot thing that can provide a cryptographic attestation that the code it's running is the same as the code that's been reviewed by an independent auditor. If the auditor confirms that the data isn't being stored, just processed and thrown away, that's almost as good as on-device compute for 99.999% of users. (On-device compute can also be backdoored, so you have to trust this even in the case that everything is local.)
The presentation was fairly detail-light so I don't know if this is actually what they're doing, but it's nice to see some effort in this direction.
I do like Apple's attempts to make this stuff better for privacy, but a pinky promise not to leak any information is still just that.
Apple has developed some of the strongest anti tampering compute on existence to prevent people from running code they don't want on hardware they produce. However, that protection is pretty useless when it comes to protection from Apple. They have the means to bypass any layer of protection they've built into their hardware.
It all depends on what kind of auditing Apple will allow. If Apple allows anyone to run this stuff on any Mac, with source or at least symbols available, I'll give it the benefit of the doubt. If Apple comes up with NDAs and limited access, I won't trust them at all.
I don't think so. Signal regularly stops committing code to the public repos (https://github.com/signalapp/Signal-Server) when they're working on some kind of big reveal (cryptocurrency integration and such), but the server code is out there for you to run yourself.
Signal has the added benefit that it doesn't need to read what's in the messages you send. It needs some very basic routing information and the rest can be encrypted end to end. With AI stuff, the contents need to be decrypted in the cloud, so the end-to-end protections don't apply.
I meant more regarding their server setup but now that I think about it you are correct, it matters a lot more if the query/message/whatever isn’t encrypted before hitting the cloud.
Eh with modern processor features like secure enclaves it's definitely possible to build systems in which the operators CANNOT access the information. (I worked on such a system using SGX for a large car producer, even physical access to the machines/hypervisors/raw memory would not give you access, perhaps the nsa has some keys baked in to extract a session key you may generate inside an enclave, but it would be very surprising if they burned that backdoor on anything as low fruit as this).
SGX has been broken by speculative execution bugs, though. Had something to do with people extracting DRM keys, if I recall correctly, not exactly a nation state attack. Since then, SGX has been removed from modern Intel processors (breaking some Blurays and software products for newer chips in the process).
Secure enclave stuff can be used to build a trust relationship if it's designed well, but Apple is the party hosting the service and the one burning the private keys into the chip.
Yep, it was broken a few times but fixed with microcode patches (afaik). It's still a part of the server processors and in wide use already. I'm not saying it's a golden bullet or otherwise infallable, but it sure beats cat /dev/mem by quite some way.
If you produce the hardware you necessarily have access to the signing key to say update the microcode or the firmware. Intel is in the TCB for SGX, but your cloud operator wouldn’t be. In this case Apple is both the hardware manufacturer and the operator.
Yes, that's all well and good but assumes no mistakes and no National Security letters ordering them to describe it that way and no changes of control or business strategy at some point in the future.
Once the data is out of your possession it's out of your control.
There are VERY few things that can keep your information safe if a TLA wants it. You need to go full Edward Snowden with phones in faraday cages and typing passwords under a sheet -levels of paranoia to be fully safe.
Drow "nation state is after me" from the threat model and you'll be a lot happier.
- TLA agency deploys scarce zero days or field ops because you're particularly interesting, vs..
- TLA agency has everything about you in a dragnet, and low level cop in small town searches your data for a laugh because they know you, and leaks it back to your social circle or uses it for commercial advantage
The history of tech is the history of falling costs with mass production. Expensive TLA surveillance tech for nation states can become broadly accessible, e.g. through-wall WiFi radar sensing sold to millions via IEEE 802.11bf WiFi 7 Sensing in NPU/AI PCs [1], or USB implant cables [2] with a few zeros lopped off the TLA price.
Instead of adversary motives, threat models can be based on adversary costs.
As adversary costs fall, threat models need to evolve.
Not everyone has nation states in their threat models. I want privacy from corporations / surveillance capitalism, not the US government. Apple's privacy promises are focused on keeping my data out of the hands of bad actors like Google etc. and that's more than enough for me.
But in summary
1. The servers run on Apple Silicon hardware which have fancier security features
2. Software is open source
3. iOS verifies that the server is actually running that open source software before talking to it
4. This is insane privacy for AI
The security features are meant to prevent the server operator (Apple) from being able to access data that's being processed in their farm. The idea is that with that + E2E encryption, it should be way closer to on-device processing in terms of privacy and security
You do realise that already happens though? If you read apple's privacy policy they send a lot of what you do to their servers.
Furthermore how private do you think Siri is? Their privacy policy explicitly states they send transcripts of what you say to them. That cannot be disabled.
That's the problem. These AI features may be "free" but is there an option to disable them system wide from rummaging through all your data and building a profile in order to be helpful? If not I won't update. And I mean one tickbox not a separate switch for every app and feature like siri has making it nearly impossible to disable
> Furthermore how private do you think Siri is? Their privacy policy explicitly states they send transcripts of what you say to them. That cannot be disabled.
Ten minutes ago i set up a new Apple device and it not only asked me if I wanted to enable Siri, but whether I wanted to contribute audio clips to improve it. What, exactly, cannot be disabled?
You can trivially find it in the Settings app after setup, too: Privacy & Security -> Analytics & Improvements -> scroll to the Improve Siri & Dictation toggle that explains that it controls whether Apple can store and review audio of interactions with Siri and the dictation function. Plenty of other options to review in the vicinity too, since the first party privacy settings are basically all in the same place.
That is the option for the audio itself. The transcripts of the audio (you do know what transcripts are, right?) are always sent to apple as per their privacy policy.
"When you use Siri, your device will indicate in Siri Settings if the things you say are processed on your device and not sent to Siri servers. Otherwise, your voice inputs are sent to and processed on Siri servers. In all cases, transcripts of your interactions will be sent to Apple to process your requests."
It's pretty clear and not in dispute that your transcripts are always sent to Apple.
That’s because Siri doesn’t run on-device - phones like the iPhone 6 can’t run that level of analysis. They “collect transcripts” insofar as they need to process your request.
Nonetheless, Siri is trivial to disable altogether.
Yeah if you asked the average person on the sheet (e.g. you) if they thought Siri was 100% private, they'd say yes because Apple has mislead them and said it is. That's the point. Apple says everything is private but then secretly collects data via their privacy policies.
Certainly there's a difference. You are right that the jump is big between 1 and 2, but it is negligent to say that Apple, a company which strives for improved privacy and security, and ChatGPT have the same privacy practices.
No, that's not the point. The point is neither of those companies could have the same values you have for your data and you are then leaving the security of that data in the hands of someone else. Even Apple, who is better than most, values your privacy with a dollar value representing your custom and their reputation. That is not how I value (nor most people value) their data. The latter point applies to any company, regardless of intention because security breaches are a matter of when, not if, and if anyone says otherwise they should not be talking about security.
Apple has demonstrated to be relatively trustworthy about privacy while most AI companies have demonstrated the opposite, so I do see a significant difference.
Google was cool, once upon a time, but they always used your personal info pretty openly. The CEO a himself famously said, “The Google policy on a lot of things is to get right up to the creepy line and not cross it.”
Apple has taken a markedly different approach, and has done so for years - E2E encryption, hashing and segmenting routes on maps, Secure Enclave, etc.
While I think it’s perfectly reasonable to “trust no one”, and I fully agree that there may be things we don’t know, I don’t think there it’s reasonable to put Apple on the same (exceedingly low) level as Google.
No they never were, they were "do no evil" but at the exact same time everyone knew they were an advertising company and most people in the field could see where it was heading eventually, or at least i'd hope.
Apples motives are different, selling premium hardware and MORE premium hardware, they wouldn't dare fuck that up, their nestegg is hardware and slowly more services tied to said hardware ecosystem (icloud subs, tv subs etc). Hence the privacy makes sense to pull people into the ecosystem.
Google... everything google does even phones, is for more data gathering for their advertising revenue.
Google's entire buisness model was built on hoovering up and selling access to user data in the form of AdSense. Without that data, their business falls apart.
Apple's business model is to entice people into a walled garden ecosystem where they buy lots of expensive hardware sold on high margins. They don't need user data to make this work, which is why they can more comfortably push features like end-to-end and no-knowledge encryption.
#2 is publicaly auditable, 100% apple controlled and apple hardware servers, tied to your personal session (probably via the ondevice encryption), i'd imagine ephemeral docker containers or something similar for requests that just run for each request or some form of Encrypted AI Lambdas.
Lvl 3 is supposed to support other models and providers in the future too. I hope it will support every server with simple, standard API so I can run self-hosted LLama 3 (or whatever will be released in next 6-12 months).
It sounded like 3 is meant for non-personal stuff. Basically like a search engine style feature. When you want to look up things like say sports records and info, or a movie and info about it, etc.
The problem is they don't explicitly define when 1 can pass to 2 and whether we can fully and categorically disable it. As far as I know, 1 can pass to 2 when governments ask for some personal data or when Apple's ad model needs some intimate details for personalization.
Imagine the memory on their server is encrypted with an on-processor key (something like intel SGX) -- reading OS memory, e.g dumping from linux or hardware, you can't read it unless you somehow extract the key (which are different on each chip) from the physical chip. Now, the process running using that encrypted memory generates TLS keys for you to send the data, and operates on it only inside this secure enclave.
There is no way to access it without destroying the chip, and even in this scenario it will be extremely expensive and imo unlikely, certainly impossible at scale. Some scientists may be able to do it once in a lab.
BTW there is an entire industry popping up around exactly this sort of use case, it's called 'confidential computing' and CNCF have some software in the works (confidential containers iirc). I'm pretty excited to see what risc-v is going to bring to the party enclave wise.
That was my sense as well. I would have appreciated some clarification on where the line between 1 and 2 was, although I am sure a YouTuber will deep dive on it as soon as they have it in their hands
I'm skeptical of the on-device AI. They crave edge compute but I'm doubtful their chips can handle a 7B param model. Maybe ironically with Microsoft's phi 3 mini 4k you can run this stuff on a cpu but today it's no where near good enough.
I don't know how they are going to square the privacy circle when at worst its a RAG based firehose to OpenAI, and at best you can just ask the model to leak your personal info.
It's a fork of VS Code with some AI features sprinkled in. It writes around 80% of my code, these days.
It also has a few useful features:
- a chat interface where you can @-mention files, folders, and even documentation
- if you edit a line of code, it suggests edits around that line that are useful (e.g. you change a variable name and it will suggest updating the other uses, which you accept just by pressing Tab)
- as you're writing/editing code, it will suggest where your cursor might go next — press Tab and your cursor jumps there
Looks interesting, but I don't really want my code to go via some unknown company. As far as I can tell in "Privacy Mode" code still goes via their servers, they just promise not to store anything (with the caveat that OpenAI retain stuff for 30d).
They give you the option to use your own OpenAI/Anthropic/Azure API keys, but in all honesty, I don't know if they still gather information about your code even using your own API keys.
You could use something like Little Snitch (on Mac) to check if it makes any calls to their servers.
They also allow you to override the URL for the OpenAI models, so although I haven't tried, perhaps you can use local models on your own machine.
I'd recommend trying it. It takes a few tries to get the correct input parameters, and I've noticed anything approaching 4× scale tends to add unwanted hallucinations.
For example, I had a picture of a bear I made with Midjourney. At a scale of 2×, it looked great. At a scale of 4×, it adds bear faces into the fur. It also tends to turn human faces into completely different people if they start too small.
When it works, though, it really works. The detail it adds can be incredibly realistic.
That magnific.ai thingy is taking a lot of liberty on the images, and denaturing it.
Their example with the cake is the most obvious. To me, the original image shows a delicious cake, and the modified one shows a cake that I would rather not eat...
Every single one of their before & after photos looks worse in the after.
The cartoons & illustrations lose all of their gradations in feeling & tone with every outline a harsh edge. The landscapes lose any sense of lushness and atmosphere, instead taking a high-clarity HDR look. Faces have blemishes inserted the original actor never had. Fruit is replaced with wax imitation.
As an artist, I would never run any of my art through anything like this.
Here are a few in Degar style I made after training for 2,500 steps. I'd love to hear what you think of them. To my (untrained) eye, they seem a little too defined, perhaps?
https://imgur.com/a/sqsQLPg