Posts

Marcus Williams's Shortform 2024-11-18T22:49:50.813Z
On Targeted Manipulation and Deception when Optimizing LLMs for User Feedback 2024-11-07T15:39:06.854Z

Comments

Comment by Marcus Williams on Habryka's Shortform Feed · 2024-11-24T21:24:07.811Z · LW · GW

Sure, but does a vulnerability need to be famous to be useful information? I imagine there are many vulnerabilities on a spectrum from minor to severe and from almost unknown to famous?

Comment by Marcus Williams on Habryka's Shortform Feed · 2024-11-23T16:03:00.388Z · LW · GW

I suppose you could use models trained before vulnerabilities happen?

Comment by Marcus Williams on Have we seen any "ReLU instead of sigmoid-type improvements" recently · 2024-11-23T15:58:47.612Z · LW · GW

"We offer no explanation as to why these architectures seem to work; we attribute their success, as all else, to divine benevolence." -SwiGLU paper.

I think it varies, a few of these are trying "random" things, but mostly they are educated guesses which are then validated empirically. Often there is a spefic problem we want to solve i.e. exploding gradients or O(n^2) attention and then authors try things which may or may not solve/mitigate the problem.

Comment by Marcus Williams on Have we seen any "ReLU instead of sigmoid-type improvements" recently · 2024-11-23T08:46:35.360Z · LW · GW

I'm not sure if these would be classed as "weird tricks" and I definitely think these have reasons for working, but some recent architecture changes which one might not expect to work a priori include:

  • SwiGLU: Combines a gating mechanism and an activation function with learnable parameters.
  • Grouped Query Attention: Uses fewer Key and Value heads than Query heads.
  • RMSNorm: Layernorm but without the translation.
  • Rotary Position Embeddings: Rotates token embeddings to give them positional information.
  • Quantization: Fewer bit weights without much drop in performance.
  • Flash Attention: More efficient attention computation through better memory management.
  • Various sparse attention schemes
Comment by Marcus Williams on On Targeted Manipulation and Deception when Optimizing LLMs for User Feedback · 2024-11-12T11:20:51.827Z · LW · GW

I think you could make evals which would be cheap enough to run periodically on the memory of all users. It would probably detect some of the harmful behaviors but likely not all of them. 

We used memory partly as a proxy for what information a LLM could gather about a user during very long conversation contexts. Running evals on these very long contexts could potentially get expensive, although it would probably still be small in relation to the cost of having the conversation in the first place. 

Running evals with the memory or with conversation contexts is quite similar to using our vetos at runtime which we show doesn't block all harmful behavior in all the environments.

Comment by Marcus Williams on What Ketamine Therapy Is Like · 2024-11-11T11:33:57.172Z · LW · GW

The TL;DR is that a while back, someone figured out that giving humans a low-dose horse tranquilizer cured depression (temporarily).

I don’t know (and I don’t want to know) how they figured that out, because the story in my head is funnier than anything real life could come up with.

Well, I mean, it's also a human tranquilizer. I worry that calling medications "animal-medications" delegitimize their human use-cases.

Comment by Marcus Williams on Arjun Panickssery's Shortform · 2024-06-07T18:01:04.064Z · LW · GW

I think part of the reason why these odds might seem more off than usual is that Ether and other cryptocurrencies have been going up recently which means there is high demand for leveraged positions. This in turn means that crypto lending services such as aave having been giving ~10% APY on stablecoins which might be more appealing than a riskier, but only a bit higher, return from prediction markets.

Comment by Marcus Williams on NYU Code Debates Update/Postmortem · 2024-05-24T19:06:03.414Z · LW · GW

Are you sure you would need to fine-tune Llama-3? It seems like there are many reports that using a refusal steering vector/ablation practically eliminates refusal on harmful prompts, perhaps that would be sufficient here?

Comment by Marcus Williams on What would stop you from paying for an LLM? · 2024-05-22T14:25:18.901Z · LW · GW

Do labs actually make any money on these subscriptions? It seems like the average user is using far more than 20$ of requests (going by the price for API requests which surely can't have a massive margin?).

Obviously they must gain something or they wouldn't do it, but it seems likely the benefits are more intangible, gaining market share, generating hype and attracting API users etc. These benefits seem like they may arise from free usage as well.

Comment by Marcus Williams on Alexander Gietelink Oldenziel's Shortform · 2024-05-13T21:28:03.833Z · LW · GW

Wasn't the surprising thing about GPT-4 that scaling laws did hold? Before this many people expected scaling laws to stop before such a high level of capabilities. It doesn't seem that crazy to think that a few more OOMs could be enough for greater than human intelligence. I'm not sure that many people predicted that we would have much faster than scaling law progress (at least until ~human intelligence AI can speed up research)? I think scaling laws are the extreme rate of progress which many people with short timelines worry about.

Comment by Marcus Williams on Gemini 1.0 · 2023-12-08T07:52:06.988Z · LW · GW

It also seems likely that the Nano models are extremely overtrained compared to the scaling laws. The scaling laws are for optimal compute during training, but here they want to minimize inference cost so it would make sense to train for significantly longer.

Comment by Marcus Williams on Red-teaming language models via activation engineering · 2023-08-26T17:54:22.529Z · LW · GW

It's interesting that it still always seems to give the "I'm an AI" disclaimer, I guess this part is not included in your refusal vector? Have you tried creating a disclaimer vector?