Daniel Miessler's Blog, page 12

NOTES

Hey there,

Crazy week.

Sorry for the late episode; a bit over-exposed to travel/humans and needed a couple of days to fight off viruses/funk. Seem to have avoided getting fully sick, which is nice.

⚙️analyze_presentation — Added a new Fabric pattern that looks at the transcript of a presentation and tells you how much the presenter is trying to brag, vs. entertain, vs. inform. In other words, it tells you how self vs. other centered the presentation is, e.g., if they say “I” too often, talk about credentials, accomplishments, etc., vs. focusing on ideas.

Spoke at the EQUILIBRIUM conference in NYC last week. Thanks so much to Rohit Sethi for the invite, and to Chris Hughes for his great talk and our wide-ranging conversation beforehand. Seriously great event.

I finally got to attend a live UFC event, and it turned out to be one of the best in history! Also made some new friends in the process. What a tremendous weekend!

Speaking at the Hardly Strictly Security conference soon! Looking forward to that one!

Speaking at the Security Frontiers AI Conference tomorrow. MORE

Speaking tomorrow at an AI Cyber event put on by Rain Capital, Icon Ventures, and J.P. Morgan at the J.P. Morgan Innovation center. Thanks to Chenxi Wang for the invite! MORE

Gearing up for RSA already. The calendar is feeling the pressure. In a good way. If you’ll be around, be sure to come get a fist bump or hug, as per your preference.

I just finished reading Sense of Style, by Steven Pinker, for the third time. I like to read it every 2-3 years. It’s my favorite writing/style guide.

Ok, let’s get to it…

MY WORK

I didn’t write any essays or make any videos this week, but I did get to do some podcasts with some smart folks, and those should come out soon.

SECURITY

Microsoft says Chinese hackers are using AI to inflame social tensions in the US. MORE

💡I seriously can’t wait to build my propaganda tracker. If someone starts a campaign, I want to see where it spreads, becomes viral, etc. I’m looking for VCs and permanent operators for this. And government backing. If you know people, let me know.

PropTrak, or something.

Over 92,000 D-Link NAS devices are under attack due to an unpatched critical RCE bug. | CRITICAL | RESPONSE: D-Link advises device retirement. Thanks D-Link. | MORE

SAP patches three high-severity vulnerabilities, including a misconfiguration in SAP NetWeaver that could let users set weak passwords. MORE

The U.S. just blacklisted four additional Chinese companies for procuring AI chips for China's military modernization efforts. MORE

The U.S. and China are racing to dominate with AI-driven drone swarms, just like Daniel Suarez’s book, Kill Decision. MORE

Google's contract reveals a partnership with Israel's Defense Ministry during the Gaza conflict, which is upsetting employees. MORE

Sponsor

🔍The Cybersecurity Platform for IT Teams

Thousands of security tools. Pushy vendors. Endless product trainings. Sound familiar?

IT teams often struggle to implement a strong security program in their organization because buying and maximizing usage of tools is so hard. Oh, and they have a day job too.

That’s why we built Defendify, the “everything-you-need” platform that brings the 13 most critical security tools into one, easy-to-use interface.

Interested? See how you can get 13 tools in one platform here.

defendify.com

Explore Defendify Now

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

Great NYT piece on automating finance jobs using AI. “Some of Wall Street’s major banks are asking the same question, as they test A.I. tools that can largely replace their armies of analysts by performing in seconds the work that now takes hours, or a whole weekend.” MORE

💡At this point if people don’t see the impact of AI on actual jobs, it’s because they don’t read enough, or don’t want to see. This isn’t like the dotcom boom, or like crypto. This is tech that’s instantly useful, despite its flaws, and that we’re seeing actively replace human workers.

Yohei continues doing great work around AI agents. This one is agent log visualization. MORE

Despite sanctions, Russia's is getting 89% of its chips through China. MORE

Gary Marcus is betting $10M that we won't have AI smarter than humans by 2025. MORE

Mistral AI just released Mixtral 8x22B via a torrent link, which is an interesting new way of distributing models. Makes sense. Lots of people want them and they’re really big. Exactly what torrents are good at. MORE

📄 This paper says a Transformer is capable of acting like a general-purpose computer. MORE

OpenAI just shipped a new GPT-4 Turbo model that focuses on being more concise. I’ve tested it against Opus and it’s still nowhere near as good—at least for the stuff I do. MORE

After AI beat them, professional Go players didn't just catch up; they became better and more creative. MORE

💡I love this narrative where we learn from AI beating us. But I don’t think that means we’ll be able to keep up. It just means we’ll have new ways to think about being good, which is useful and interesting.

Nanotronics is rolling out CubeFab, a modular chip fab powered by Nvidia GPUs and AI, aiming to democratize semiconductor manufacturing. MORE

The Humane AI Pin got flamed by MKBHD and other reviewers. MORE

💡I think MKBHD can say whatever he wants on his channel. I just think it was out of character for him to be so negative and mean about it. He could have said the same things without the vitriol, and still made the same points. I like him for his even temperament as much as his analysis, and the dunking was a turnoff for me. But I still think it’s his channel and he can do whatever he wants.

Dyson's new CleanTrace feature lets you use AR to see where you've vacuumed, making sure no spot is missed. MORE

Sequoia's Arc Product-Market Fit Framework introduces three unique archetypes to help startups navigate their way to market success. MORE

Tesla just dropped the FSD subscription price to $99 a month. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

HUMANS

Right after the solar eclipse, a ton of people Googled "my eyes hurt”, which only further diminishes my hope for humanity. It’s not so much that they looked at the sun. It’s the two hit combo of looking at the sun and then wondering what’s wrong. MORE

💡One of the books that will absolutely change your life is the book Everybody Lies, which is about how Google searches reveal way more about reality than surveys.

Job interviews are pretty terrible at predicting future job performance and might even be counterproductive. Sure, but what’s the alternative? MORE

Over half of women experience sexual harassment at work. MORE

Homicides are on a surprising decline across major American cities. MORE

💡I feel like we’re this close (gesturing) to an Onion article where far-right people complain that the country’s becoming feminized and is no longer into murder.

U.S. Steel is about to become a part of Japan's Nippon Steel. MORE

Harvard's back to requiring SAT and ACT scores for admissions. It’s almost like they were a good idea in the first place, which is why we had them. MORE

💡I wish the Overton Pendulum had more than two settings—woke and racist. Can we get a compassionate/logical setting please?

Dumbphones are making a comeback. You get to stay in contact, but not be distracted. MORE

A Dungeons & Dragons show is about to sell out Madison Square Garden. MORE

What top performers do, and how to deal with critics and detractors MORE

Ernest Hemingway transformed from a humble journalist to a literary celebrity, losing himself to the fame and power that came with success. MORE

Abraham Lincoln was shaped by Aesop's fables more than any other book, including the Bible. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

Guard Your Energy Reserves
Heard a cool thing recently that said that if you have a great idea, and it’s creating a lot of energy within you, you should be very careful with how you share the idea.

Basically, according to the theory, that energy you have for the idea is limited and precious, and even telling someone about it removes its energy, power, and specialness.

So instead of telling people about it, you should go work on it immediately. That first energy, the raw energy, will be the most powerful form, and you don’t want to waste it on trying to get someone else hyped on it as well.

Reason to Worry; Reason to Build
I’m worried about the world right now. I think the next few years are likely to be the highest chance of killing ourselves that we’ve ever seen. Maybe not counting the Cuba crisis.

Trump could easily be re-elected, which I think will make things far worse for sanity and stability

I don’t see how the Gaza war doesn’t turn into the Iran war

Everything is getting more expensive (or at least feeling so)

At this exact moment, AI is going to start mass-replacing jobs

At this exact moment, the smartest/luckiest are about to be able to create unbelievable value and wealth

So the K-shape is about to curve—with the top of the K hockey-sticking up, and the bottom of the K hockey-sticking down.

This will empower the far-right

It could be bad

Here’s a diagram I created about all this in 2018:

Anyway, it’s depressing.

But I’m choosing to abstain from panic. I’m saying no to despair. I’m going to build instead. I’m going to lift people up instead. I’m going to create stuff instead. I’m going to shoot for a distant and possible better thing. A thing on the other side of all this.

And I honestly think AI will be a big part of that solution.

Now, if it all goes to hell, AI will be part of that too. But like I said, I don’t care about that. I don’t plan to fail. I am not betting against the goodness and creativity of humans.

We can make it.

We can.

And even if we can’t. We have to believe we can.

So, I ask you to join me in rejecting despair.

The world sucks. Might get worse.

Fuck it. Suit up. You’re part of the optimism force now.

Not out of ignorance. As a choice.

DISCOVERY

⚙️ This Colab notebook uses Claude to turn images into Magic cards. | by Max Woolf | MORE

🔧 Andrej Karpathy just dropped llm.c, a sleek GPT-2 implementation in under 1000 lines of pure C. | by Andrej Karpathy | MORE

📓 Shell history as a productivity tool. | by Martin Heinz | MORE

🔧 Aider turns your terminal into a pair programming session with AI, editing and committing code directly in your git repo. | by Paul Gauthier | MORE

⚙️ DNSViz is like an X-ray for your DNS, showing you exactly what's going on under the hood. | by DNSViz | MORE

Cohere's Rerank 3 model boosts enterprise search and RAG systems with minimal fuss. | by Cohere | MORE

📓 Terminal Tweaks. | by High Growth Engineer | MORE

🎵 ⚙️ Udio turns your text prompts into music, matching any style you fancy. | by UdioMusic | MORE

📄 A collection of content ideas that have truly resonated on TikTok. | MORE

⚙️ Firecrawl.dev turns entire websites into datasets ready for large language models to digest. | MORE

🔧 zk turns your command line into a powerful, plain text Zettelkasten or personal wiki keeper. | by zk-org | MORE

RECOMMENDATION OF THE WEEK

Read the piece above in the Ideas section above.

Reject despair. Embrace the work of building the better thing.

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, AI, and lots of human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So—if you know someone weird like us—please share it with them. 🫶

Happy to be sharing the planet with you,

Like • 0 comments • flag

Published on April 17, 2024 14:15

April 8, 2024

UL NO. 427: AI's Predictable Future (Video)

👉 Continue reading online to avoid the email cutoff issue 👈

TOC

dropzone.ai/use-case/cloud

NOTES

Hey there,

Going to keynote a conference in NYC this week! Excited to talk about AI, security, and hope for the post-AI future.

Conference season is spinning up. Can’t wait to see people. Things I have on deck. Numerous private panels/talks in the Bay Area, talk in NYC, Day of Shecurity, RSA, LocoMocoSec, EDC, big con in Switzerland, possibly others. And that will be enough for the year. The main goal is to not get Covid or Conflu this year.

Had a great time at BSides Milwaukee!

The soft launch of Threshold is going splendidly. I’m already getting MASSIVE benefits from using it myself, which is honestly my north star for the project. More on that in future posts/videos.

Fabric continues to thrive, and I continue to think about the ultimate agent framework. Right now it’s Crew.ai, but I wonder what the model companies are going to have as a response, e.g., Anthropic incorporating tools right into their prompts this week.

Ok, let’s get to it…

MY WORK

I finally turned my big, 9,000-word AI predictions essay into a full video! It’s like 70 minutes long and includes lots of extra narration and detail outside of the text.

Please pass it on to people who would love the content but who could never get through a 9,000 word essay.

SECURITY

Israel's top spy chief, Yossi Sariel, accidentally revealed his identity through an Amazon book sale linked to his real name. MORE

The CVE and NVD databases are struggling to keep up with the massive number of vulnerabilities being created, leading to gaps and inaccuracies. This will need to get addressed somehow, but I’ve not heard any good suggestions. MORE

In Montreal, criminals are using Apple's AirTags to track and steal cars. MORE

Sponsor

DROPZONE AI IS THE FIRST AI SOC ANALYST THAT AUTONOMOUSLY INVESTIGATES ALERTS 24/7

Hey, Daniel here. You know how I talk about AI agents all the time? Well it’s happening.

Dropzone.ai is AI agent technology that takes alerts from your environment and performs autonomous multi-step investigations just like a human analyst.

Once it’s finished, it generates decision-ready reports so you can focus on real threats and 10X your team without adding headcount.

No playbooks, code, or prompts required. It just takes alerts and starts investigating them, and then comes back and writes a report.

Seriously the most tangibly effective AI security tool I’ve seen yet.

It’s so good, I just became an advisor.

See a Demo of It Working on a Real Alert

Panera Bread's week-long IT downtime incident was a ransomware attack. MORE

CISA's new High-Risk Communities webpage offers cyber hygiene guides, volunteer support, and discounted tools for organizations under cyber threat. MORE

Sponsor

🔍The Cybersecurity Platform for IT Teams

Thousands of security tools. Pushy vendors. Endless product trainings. Sound familiar?

IT teams often struggle to implement a strong security program in their organization because buying and maximizing usage of tools is so hard. Oh, and they have a day job too.

That’s why we built Defendify, the “everything-you-need” platform that brings the 13 most critical security tools into one, easy-to-use interface.

Interested? See how you can get 13 tools in one platform here.

defendify.com

Explore Defendify Now

Israel's military used an AI named Lavender to pinpoint 37,000 potential Hamas targets, which is raising questions about the ethics of AI in warfare. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

There’s a rumor that Sam Altman and Jony Ive are building some sort of AI wearable device through a new secret company. MORE

OpenAI released improved ways of fine-tuning models. MORE

📄 A new paper shows that adding more agents to large language models can significantly boost their performance. MORE

📄 This paper explores how AI might be leading us towards a 'knowledge collapse' by oversimplifying complex information. MORE

The U.S. is trying to get South Korea to stop chipmaking tool exports to China. MORE

The US is testing energy storage in heated sand, aiming for 135 MW power output for five days straight. MORE

Oura's rolling out Symptom Radar to give you a nudge when your body's showing signs of strain, but it's not calling it illness detection. For obvious reasons. MORE

Amazon's ditching its cashierless "Just Walk Out" tech in Fresh stores for Dash Carts, finding the futuristic checkout too costly and complex. Disappointing. Too early I guess. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

HUMANS

New studies are showing that the wealthy are starting to have more kids than the poor, reversing the previous trend. MORE

NASA's doing a live stream of the eclipse. MORE | SPACEX STREAM

Despite a massive earthquake, TSMC's crucial EUV equipment remained unharmed because they have some wicked building stabilization tech. Production was almost fully restored the same day. MORE

The Israeli military dismissed two senior officers and reprimanded three others for an airstrike that mistakenly killed seven World Central Kitchen volunteers in Gaza. MORE

The UK's exporting workers to fill higher-paying US jobs. MORE

U.S. venture capital investments plummeted to $36.6 billion in Q1 2024, which is the lowest quarterly total since 2017. MORE

💡I had a wonderful conversation with Mike Privette from Return on Security about these VC and overall economic trends, which will be released soon.

McKinsey's offering UK employees nine months of pay to voluntarily leave the company. MORE

Gen-Z is going for trades like welding and plumbing over college and student debt. MORE

Home insurers are now using aerial images to decide who gets dropped from coverage. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

Another View of Imposter Syndrome (Click for thread)

Working harder isn’t the solution to imposter syndrome, in my opinion.

The solution is to work on big problems that are super important to solve. That way your internal focus isn’t on you. Or your work.

It’s on the problem and what you can do to address it.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 (@DanielMiessler)
Apr 5, 2024

Tyler Cowen vs. Jonathan Haidt on Teen Girl Depression
Well, I never thought I’d see Tyler Cowen be wrong about something major. But I think he did it here with Jonathan Haidt. He had Jonathan on the show and massively disagreed with him about his research into teen (especially girl) depression being caused by social media. Worth a watch.

The specific thing I think Tyler is getting wrong is the AI Mediation part, which I have written about extensively. He’s right that we’ll have AI mediation, but I think he’s wrong that it’ll work the way he thinks it will.

He seems to think that AI will stop young girls from browsing the most viral and toxic content on social media, and it’ll just send her the summary instead. Problem solved.

Um, no. That’s how HE will use it. And how I will use it. And how Jonathan will use it. And probably you, too.

But for young people consuming viral and toxic content, the content itself is the point, not the summary.

Does Tyler think AI will send people who love standup comedy a summary of the jokes made in a given standup, as a substitute for going to comedy shows?

🤖 Here’s your summary of this standup:

3 jokes on women and stereotypes

4 jokes on how clumsy he is

2 playful racist jokes

2 hecklers were addressed

Applause was 3/5 compared to other performers

We hope you’ve enjoyed this hilarious AI summary from ComixAI.

That doesn’t work for comedy, and it won’t work for young kids consuming viral/toxic content. The only way that can work is if they had a draconic blocker of all social media, and this was liked a service that summarized the content.

But it wouldn’t be something the kids would install themselves, nor happily use.

All that being said though, he is Tyler Cowen, so my chances of misunderstanding him and/or being wrong here are higher than usual.

—

Deepfaked Content Summaries (Click for thread)

Crap I just realized what the main interface for content is going to be in the next few years.

Anything you put out as text, audio, slides or video will be extracted into text, and AI will create multiple video deepfakes of it at different depth levels.

1/n

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 (@DanielMiessler)
Apr 7, 2024

AI and Music (Click for thread)

It’s weird that people think AI is going to ruin music.

It’s like they forgot about pop, which is little more than few cords and a hook.

Same with doing customer service, sales calls, etc.

We forget how low the bar is for being better than an average human.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 (@DanielMiessler)
Apr 7, 2024

DISCOVERY

🔥⚒️Luke Stephens (hakluke) put out an amazing blog on his evolving approach to bug bounty automation. He talks about going from Bash, to Python, to Golang, and then arriving at Cloud-native. Great piece. MORE

🔥Thomas Roccia wrote an amazing piece on applying LLMs to Threat Intelligence. Includes a full notebook for running agents using Langchain that perform various TI tasks. MORE | THE CODE NOTEBOOK

🛠️SWE-agent - Autonomously fixes bugs in GitHub repos, showing a 12% success rate by leveraging language models like GPT-4. By Princeton Natural Language Processing | MORE

💻 Burr is a Python framework that simplifies building GenAI apps by managing state with easy-to-use building blocks. | by DAGWorks-Inc | MORE

📖GIAM, a free open-source textbook, makes the art of mathematics accessible, covering foundational topics and proof techniques, complete with amusing chapter quotes. MORE

⚙️ Gram turns threat modeling into a self-hosted web app, making it easier for teams to collaborate on security. | by Klarna-Incubator | MORE

🔧 ChatGPT now lets you tweak images, like removing objects or changing parts, just by describing what you want in the chat. | MORE

🔧 Claude API's new "tools" feature lets it tap into the internet, opening up a world of data it couldn't touch before. | MORE

Kids are learning math from deepfake Taylor Swift and Drake on TikTok, and it's surprisingly effective. MORE

💡 I’m honestly super excited for deepfakes for these types of use-cases. Take the bad and find the good. Like, if kids absolutely love Taylor Swift, or Star Wars, let’s use that for education, tutoring, therapy, etc.

We need to be careful with it, of course, and watch out for IP issues, but there’s a lot of good that can come from this.

RECOMMENDATION OF THE WEEK

Check out one of suno.ai’s top AI-generated songs.

Mozart On the Bass

You might not like it, but if you don’t, how different is it from other stuff you don’t? Is it that much worse? And if you do like it, how much can you tell it’s not human-generated?

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, AI, and lots of human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So—if you know someone weird like us—please share it with them. 🫶

Happy to be sharing the planet with you,

Like • 0 comments • flag

Published on April 08, 2024 17:36

April 3, 2024

UL NO. 426: Unveiling XZ, AI Monitoring, Investigative Visualizations with Fabric...

👉 Continue reading online to avoid the email cutoff issue 👈

TOC

kolide.com/unsupervisedlearning

Hey there,

Ok, probably the coolest thing I’ve seen this week is this video of Chris Cappetta having deep philosophical conversations with custom AI’s based on Anthropic’s Claude.

I watched almost an hour of these conversations (he’s on video #3 already) and I was blown away by the quality of the AI’s responses. I mean, I think the answers were nearly perfect about meaning, self, morality, and free will. Like, they’re very similar to answers I, or Sam Harris, or my ideal philosophy professor would give if we were given an hour to write each response. Just unbelievable. Highly recommend this video. WATCH IT

Ok, let’s get to it…

MY WORK

My new essay on why it’s often so frustrating to be in security.

Efficient Security Principle (ESP)

A way of explaining why security's baseline is so low in places, and why it's so hard to raise

danielmiessler.com/p/efficient-security-principle

Here’s a new video on how to create custom patterns in Fabric, i.e., patterns that only you can run and that aren’t shared with the project. WATCH THE VIDEO

The YouTube channel is going decently well after just a few videos. Please take 14 microseconds and go hit the subscribe button. It saves kittens. SUBSCRIBE

SECURITY

The most interesting story this week has to be the XZ situation. So insane. Here’s my favorite write-up of the whole thing. (HT Joseph Thacker). I’m trying to figure out what I find so interesting about it, and here’s what I’ve come up with:

It’s movie shit

Pre-meditated

The attacker with kindness, plays the long game

The attacker eventually takes over the project just via attrition

They’re still patient

Very technical hack of a related library to ssh, but not it directly

The submitted code was obfuscated too, and would have been hard to find

And then, complete heroism / luck on finding it so soon

I love the jokes about us being lucky that this was the only one, and we caught it. 😃 . Also 😭

You probably couldn’t guess this, but I’m going to talk about how AI can help here.

So one of the subsystems of my massive Human 3.0 project is going to be continuous monitoring engines for tons of stuff.

Voting records compared to lobbying donations

Watching meteors so we don’t miss one

Finding vulns in OSS and submitting fixes or hitting up the devs

Tracking propaganda / viral content and doing OSINT on the people using it

That’s one of my favorite ones. And I love the idea of being able to look up an OSINT profile on anyone who’s submitting code. Imagine comparing:

Username / email

How many commits

Reactions to their commits

Analysis of trends

Seeing if they ever went rogue

You could do this not just for coding, but for gamers regarding cheating, politicians with regard to affiliations and influence, and tons of other stuff.

Basically, AI will give us the ability to continuously monitor activity that today doesn’t happen because it’s too resource-intensive. But AI doesn’t get tired. It never sleeps. It can just monitor and alert.

This is one of the things I’m most excited about building and see others build.

—

Related to that, check this out:

create_investigation_visualization MORE

This is a new pattern we just added to Fabric that—um—creates a visualization of an investigation.

So my buddy John Hammond just did a video about a hack of an Apex Legends tournament, and he walked through investigative work that he and some other folks did throughout like a 20-minute video.

Well, this pattern turns investigations like that into conceptual timelines! Here’s the one for his work on that story:

Hammond’s investigation of the hack. Click to enhance.

I showed a buddy that and he sent me the new massive investigation on Havana Syndrome done by Insider. This is the potential energy weapon campaign that’s been being waged against high-level US officials for years now. The investigation is super elaborate but so big it’s hard to wrap your head around. Here’s what Fabric produced for that one!

Insider’s Havana Syndrome Investigation. Click to enhance.

And you can basically send ANY investigation or research or timeline into this thing, and it’ll do its best to piece it together visually. CHECK OUT THE PATTERN

Sponsor

Enhance Enterprise Security: Trust Every Device with Kolide!

What do you call an endpoint security product that works perfectly but makes users miserable? A failure. The old approach to endpoint security is to lock down employee devices and roll out changes through forced restarts, but it just. Doesn't. Work.

IT is miserable because they've got a mountain of support tickets, employees start using personal devices just to get their work done, and executives opt out the first time it makes them late for a meeting. You can't have a successful security implementation unless you work with end users. That's where Kolide comes in.

Kolide’s user-first device trust solution notifies users as soon as it detects an issue on their device, and teaches them how to solve it without needing help from IT. That way, untrusted devices are blocked from authenticating, but users don't stay blocked.

Kolide is designed for companies with Okta and it works on macOS, Windows, Linux, and mobile devices.

So if you have Okta and you're looking for a device trust solution that respects your team, visit kolide.com/unsupervisedlearning to watch a demo and see how it works.

Watch a Demo

iPhone users are getting bombarded with legit-looking Apple ID reset notifications in a new phishing scam called "push bombing." MORE

My buddy just headed over to work at this vendor Dazz, and it turns out they’re a sponsor this week, which came in completely separately. Pretty excited about what they’re doing, might talk to them about advising. Check it out.

⬇️

Sponsor

Application Security Posture Management (ASPM) For Dummies

According to Gartner, 40% of security teams will have an ASPM solution in place by 2026 to unify security remediation and fully arm themselves against evolving threats. Do you know your ASPM ABC's? Consider this your crash course on unifying security visibility across code-to-cloud environments, easily detecting root causes & owners, and quickly prioritizing and remediating issues.

dazz.io/lp/application-security-posture-management-aspm-for-dummies

Get the Guide!

AT&T just admitted that the data they said didn’t come from their systems was a real thing, but they said it was old. It affected around 72 million people. | RESPONSE: Passcodes reset for affected customers. | MORE

NYC is rolling out AI gun detectors in subways, but there’s a history of pretty bad results up til now. MORE

Police are now using GPS darts to tag and track fleeing cars, making high-speed chases a thing of the past. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

Every US federal agency is now mandated to appoint a chief AI officer to ensure the responsible use of AI technologies. MORE

Databricks and Mosaic's collaboration on a 132B parameter MoE model showcases a significant leap in AI performance. Can’t wait to play with this one. MORE

💡One thing I don’t think is intuitive about AI progress is that the battle of local vs. pinnacle won’t always look the same.

There’s might be a bar of quality beyond which it doesn’t matter how much smarter or more capable the thing is. And I think local models are going to hit that—for most people—for most tasks—before too long. Like for daily and common tasks.

Like once you have an EA with a 120 IQ that has full access to everything in your life and takes care of you 24/7, how much will it matter if GPT-6 can make you a better one with a 145 IQ?

Maybe I’m wrong there, and you just keep getting more and more returns, or maybe EA is a bad example because they really are the brain of your life. But I think there are lots of types of tasks where you don’t get that much more benefit from a fleet of AIs performing most life tasks at like a 120 IQ level.

And I don’t think we’re far from that with local models? My point is that common tasks for humans aren’t likely to change much. Nor are our expectations of quality for those tasks (this I’m less sure about).

So what happens when good enough gets hit for most situations? Does it just become a question of getting that level of model into toilet brushes and baby seats and wallpaint?

Microsoft and OpenAI are eyeing a $100 billion project for an AI supercomputer, dubbed "Stargate", that could redefine computing power. MORE

OpenAI's Voice Engine can mimic someone's voice from just a 15-second sample, opening up new possibilities and ethical questions. MORE

💡I don’t get this announcement timing. It’s 2024. Why release this? And even better, why release it and then not have a release?

Maybe it was just a public service announcement to be careful of voice deepfakes? Kind of has that vibe at the end of the blog.

Alaska's Fairbanks airport is deploying a headless, dog-sized robot camouflaged as a coyote to scare off birds and wildlife. MORE

In this piece, an engineering manager argues their own role shouldn't exist, claiming it's a mishmash of tasks done poorly. Love these kinds of write-ups. MORE

U.S. tech giants are now eyeing Mexico for AI gear production, moving away from China. Yes please. MORE

EV owners are finding out the hard way that their vehicles chew through tires much faster than expected, often without prior warning. Is this because of increased torque? I should just ask AI, pretty sure the answer is yes. MORE

X, formerly known as Twitter, is exploring NSFW Communities for adult content sharing, a move that could reshape its engagement with online sex workers. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

HUMANS

The Philippines is preparing for countermeasures against China's coastguard, signaling a possible escalation in their maritime tensions. MORE

Despite the pandemic's initial hit, we're witnessing a roaring 2020s with record highs in net worth, stock market, and housing prices. This always trips me out and makes me sense danger when you have such weird asymmetries in how things are going. MORE

U.S. literacy has plummeted to 79% from 96% in the late '80s, costing the country up to $2.2 trillion annually. Seriously? Tracking nicely with vaccination rates. MORE

Vinyl records have not only outsold CDs for the second consecutive year but also made over twice as much money. MORE

Florida just made it a law that kids under 14 need parental consent to have social media accounts. MORE

Chronic absenteeism in U.S. schools has surged post-pandemic, affecting students across all demographics with no easy fix in sight. MORE

💡Has it surged in immigrant households where the parents massively value education? Where the parents are extremely adamant about pushing self-discipline in their kids.

I doubt it.

I’m starting to thing the absolute biggest divide in upbringing, achievement, and outcomes comes down to the mindset given by parents. It’s a type of privilege for sure, but not like the word is being thought of today.

More to come on this because I got the idea from Dr. Kennedy on Huberman’s podcast recently. The idea is that you have to teach your kids how to get good at doing things that they don’t like, and make them uncomfortable.

This might be THE superpower. And it might be one of the things kids have lost the most in the last 10-30 years. I’ll continue reading on this, but if you have any supporting or opposing data let me know.

Silicon nanospikes are shredding 96% of viruses on contact. MORE

Martin Scorsese is a secret VHS hoarder, amassing over 4,400 tapes of broadcasted content over decades. MORE

Finland's been crowned the happiest country for the seventh year, despite its past high suicide rates and current geopolitical tensions. MORE

📄 A new paper says your financial health might be influencing your brain's wiring and how sharp you stay as you age. MORE

Nearly half of all single-family homes bought in 2023 were snagged by private investors, says Washington Times. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

Why 3 Body Problem Is So Good (and why so many other things suck)

I think I figured out why 3 Body Problem is such a great TV show.

First, it’s based on great books. I’m not sure how closely it’s following the books because I read them a long time ago, but the point is that they do have good content to go off of.

But I think I figured out the main ingredient this show has that so many others don’t: authenticity—or, in other words, adherence to a cold reality.

Conversely, I think the biggest problem with most shows and movies today is that they aren’t there to show you something real. They’re there to create a franchise with lots of staying power and spinoffs and sequels. And as a result, you hardly ever see anyone you care about die. Truly bad things hardly ever happen. Or at least that the viewer cares about.

Marvel is a great example. How many core characters have died after dozens of movies? How many stayed dead? Now think about how many regular people died. Millions? Billions? Do you ever remember caring about that? They have thousands of people dying in scenes and the cast is barely struggling in the fight, and they’re cracking jokes and posing the whole time.

3 Body Problem is great for the same reason Game of Thrones was so good in the early books and movies. You didn’t know what was going to happen, but you did know two things.

The world is dangerous.

Because the world is dangerous, any character you care about could die at any moment.

3 Body Problem is good because it’s real. Real danger. Real characters. And uncertainty. It’s authentic. True to life. But with creativity and fiction added on top, of course.

Anyway, you should check it out. It’s good. And if you like it, maybe you’ll agree that this is why.

NOTES

Feeling strange about this new talk I’m doing. It’s quite personal. Not in that it’s about me, but it’s about something I’m very passionate about, and I’m going to be trying to convey that passion to others. Feels vulnerable, but authentic. Can’t wait to see if it’s accepted well or if I’ll need to go back to a more classical style.

DISCOVERY

⚙️ Tracecat is an AI-native, open-source rival to Tines and Splunk SOAR. | by tracecatai | MORE

🔧 Centerpiece turns your search bar into a supercharged launcher for just about anything on Wayland. | by friedow | MORE

🔧 Metaview's AI tool revolutionizes hiring by recording, analyzing, and summarizing job interviews, letting managers focus on candidates, not notes. | by Kyle Wiggers | MORE

⚙️ Composio is crafting tools to empower AI Agents, seamlessly meshing with crewAI for a smarter integration. | by Soham Ganatra and Karan Vaidya | MORE

⚙️ Edgar lets you simulate building a Dyson Swarm, turning sci-fi into interactive fun. | by HackerNewsX | MORE

Someone just scraped the entirety of OpenAI's Community Forum, and it's a goldmine of insights. MORE

Yohei Nakajima discovered an AI that can list, read, and answer questions about its own code. Sick project. MORE

Emmett Shear suggests learning parenting from the parents of people you admire. MORE

Moxie Marlinspike says working on OSS projects is like working with everyone who ever applied to your company. lol. MORE

In a world overflowing with content, we're facing a crisis of quality, not quantity. MORE

RECOMMENDATION OF THE WEEK

Check out the video above of the guy talking philosophy and ethics with an AI. It’s stunning. And then, given whatever you feel about AI, ask yourself a few questions:

What does it mean for an AI to be that good at those conversations?

How much does it matter if it’s completely “fake”?

What does it even mean for that conversation to be “fake” if it’s that good?

At what point does it become uncomfortably similar to us? I mean we’re moist robots, right? What if we’re doing a very similar thing when we answer questions to what that AI is doing?

Where does that leave us?

Let me know your thoughts. EMAIL ME

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶

Yours,

Like • 0 comments • flag

Published on April 03, 2024 08:07

March 25, 2024

UL NO. 425: The Efficient Security Principle

👉 Continue reading online to avoid the email cutoff issue 👈

TOC

Hire top quality penetration testing - Hire Kulkan

Hey there!

Tons going on this week. Prepping for some paid talks, some travel, a product launch, and working on a whole bunch of new content.

I’m honestly just so happy to be alive at this moment in human history. I’m like constantly excited by all the opportunities available to people willing to grab a problem and start learning and building.

Hack, build, grind, appreciate. That’s my current vibe.

Ok, let’s get to it…

MY WORK

My new essay that introduces the Efficient Security Principle.

Efficient Security Principle (ESP)

A way of explaining why security's baseline is so low in places, and why it's so hard to raise.

danielmiessler.com/p/efficient-security-principle

A couple really sick new Fabric patterns this week. Have used these TONS already!

🔥This one analyzes your writing based on Steven Pinker’s The Sense of Style, which is my favorite book on writing. It’s called ⚙️analyze_prose_pinker and it scores your prose according to what he teaches in the book, and gives you recommendations for how to fix it. THE PATTERN | THE RESULT OF RUNNING IT AGAINST MY LATEST ESSAY

🔥This one extracts the recommendations made in any major book. Absolutely incredible. ⚙️extract_book_recommendations takes any book name as the input and gives you all the lessons from it! THE PATTERN | THE RESULT OF RUNNING IT ON MAN’S SEARCH FOR MEANING

And here’s its sister pattern ⚙️extract_book_ideas that extracts the ideas instead of the recommendations. THE PATTERN

SECURITY

Researchers found a way to extract secret keys from Apple's M-series chips. The flaw exploits the chip's data memory-dependent prefetcher, which basically confuses code and data during cryptographic operations. We’ll have to wait and see how real-world the attacks will be. MORE

The integration of drones with digitized command and control systems and new-era sensor networks is massively upgrading U.S. military capabilities. This combination, known as the "Transformative Trinity", which saved the dystopian movie writers some time. MORE

💡There’s never been a better time to read Daniel Suarez’ Kill Decision, which was all about autonomous drones. Seriously good.

The DHS outlined its comprehensive strategy to tackle AI risks. They're launching independent evaluations and a HackDHS event to find and fix vulnerabilities in AI systems. MORE | THE ROADMAP PDF

A Canadian man living in China got arrested in New York for trying to sell Tesla's secret battery tech to undercover agents. MORE

Sponsor

Hire Kulkan as your Penetration Testing Partner to Uncover Hard-to-find Vulnerabilities

Kulkan prioritizes deep-dive manual security reviews of your technology. Our experts dissect your software and infrastructure, to find vulnerabilities beyond basic scans, and identify issues that once remediated can truly reduce security risk

Experience The Kulkan Way:

In-depth Analysis: We dive deep into the logic and integrations unique to your environment.

Human Insight Over Automation: We leverage the irreplaceable value of creative humans.

Comprehensive Reports: Our reporting adapts to your existing ticketing systems and needs.

Ongoing Support: Post-assessment, Kulkan provides continuous guidance for long-term security resilience. We aim to be Partners, not just a vendor.

www.kulkan.com

Canada is rethinking its ban of Flipper Zero, focusing instead on preventing misuse by car thieves. Glad they’re waking up on this one. MORE

🚨 Ivanti has patched a critical bug in Standalone Sentry, reported by NATO, that could let attackers run commands without authentication. | CRITICAL | RESPONSE: Immediate patching advised. | MORE

🚨 Beijing-backed cyberspies, Earth Krahang, have hit over 70 organizations worldwide, focusing on government entities. MORE

🚨 Atlassian has patched a critical SQL injection bug in Bamboo Data Center and Server, tagged as CVE-2024-1597 with a top severity score. | CRITICAL | RESPONSE: Urging users to update immediately. | MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

I and other AI builders have seen something really weird where Anthropic’s Haiku—its smallest model—scores nearly as good (or sometimes better) than Opus or GPT-4. Completely insane. Look at this result below comparing all three models’ analysis of Jonathan Haidt’s recent conversation with Rogan.

Click to enhance

It’s hard to tell that one is absolutely worse or better than the other! That being said, I have seen many cases where Haiku scores way worse (prose analysis, for example). I’m going to do more research on what the difference is.

A lot of people are reporting that GPT-5 will be out this summer, but Sam didn’t actually say that in his interview with Lex. What he said was that something good would come out soon. Others have said it could be like a mini version just to hold off the dogs—like a 4.5 release or something. Either way I can’t wait for it to leapfrog the pack again. MORE

Nvidia is patterning with Hippocratic AI to introduce AI "nurses" for virtual patient care tasks. They’re AI avatars you actually talk to, they’ll cost $9 an hour, and they’re being tested in over 40 healthcare providers. MORE

💡Most of the benefit we’ll get from AI in the first few years will be from it doing work that otherwise would not have been done at all. Not much of a competition when the alternative is nothing. Crappily done work will be replaced next, then up the chain.

Of course they’ll all happen at the same time. But we’ll notice most when it covers gaps that simply weren’t covered before, e.g., therapists, tutors, asteroid watchers, skin cancer screening, etc.

The US Department of Justice, alongside 16 state and district attorneys general, has filed an antitrust lawsuit against Apple, accusing it of maintaining an illegal monopoly in the smartphone market. They claim Apple's practices drive up prices for consumers and developers by imposing restrictive rules and limiting access to critical phone features. MORE | MY PRO-APPLE-BIASED ANALYSIS OF THE LAWSUIT

Apple's iPhone 15 is now being assembled in Brazil in addition to other places. Meanwhile Tim went to China to convince them everything’s ok with the relationship. MORE

Apple and Tesla are losing marketshare in China as national loyalty rises and domestic brands like Huawei start to dominate the market. MORE

💡Spicy Take: One of China’s greatest strengths is its Nationalism. Nationalism is a good thing—in moderation. They have too much. Most bad countries have too much. The US doesn’t have enough.

Actually, the far left in the US doesn’t have enough, and the far right has way too much. We need a new center that has a significant amount.

👉 Continue reading online to avoid the email cutoff issue 👈

HUMANS

Israel's government is reportedly running covert ops at US universities to silence pro-Palestinian voices. MORE

💡It’s remarkable to me how much the words “marketing”, “counter-propaganda”, and “information operations” blur together and separate depending on your tribe and beliefs.

The same type of content could be considered an information op, or marketing, or propaganda, or counter-propaganda depending on which side you’re on.

Measles was declared eliminated in the U.S. in 2000, but we’re now seeing new outbreaks due to anti-vax movements. MORE

Long COVID brain fog might stem from damaged blood vessels letting unwanted substances into the brain. MRI scans showed that in patients with brain fog, a dye indicating blood vessel damage leaked into brain areas crucial for language and memory. MORE

Young people are now less happy than older generations, marking a significant shift in global happiness trends. The 2024 World Happiness Report shows young North Americans are particularly affected, with their happiness levels driving the US out of the top 20 happiest nations. MORE

Stanford researchers suggest Alzheimer's might stem from fat buildup in brain cells, not just amyloid plaques. They discovered that the APOE4 gene variant, linked to higher Alzheimer's risk, moves more fat into brain cells. MORE

A UC Berkeley professor is getting attacked for telling a student to get out of artillery range of San Francisco and San Jose if he wants to find a girlfriend. MORE

Weather forecasts have massively improved, with four-day predictions now as accurate as one-day forecasts were 30 years ago. It's fascinating that 7-day forecasts, once a coin toss, are now highly accurate. MORE

Germany just legalized recreational marijuana. MORE

Blu-ray is making a comeback due to streaming becoming expensive, complex, and spotty on coverage. Plus Blu-ray still has the best quality. MORE

Cancer cases in people under 50 have surged by 80% from 1990 to 2019. MORE

Married people are thriving way more than their unmarried counterparts, according to a decade-plus Gallup study. MORE

Bidets are getting way more popular in the US. Finally. MORE

💡I’m not sponsored by Toto, but the TOTO Neorest Bidet toilet is like the best investment you’ll make in your house. Warm seat. Warm water. You get it.

Trust me on this. They’re expensive, but you can go with the seats instead if you want to get 90% of the benefit for like ¼ the cost.

Toilets are like bedding, underwear, and other types of constant-exposure things. Think of the quality difference multiplied by the amount of exposure over a lifetime. That’s your ROI.

MY RECOMMENDATION | THE SEAT-ONLY OPTION

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

💡A New Way of Thinking About the Economy

I’m starting to think of everything in terms of Framing. Like I said recently, I think it might become my Unified Theory. I think this might explain why so many see economics as like a partial science, with a lot of people saying it’s just speculation and luck.

In the Framing model, things become a lot more about vibes. Hype dynamics. Sentiment. Belief. Combined with luck. And also subjective interpretation (framing) of results.

And it crosses into politics as well, which is much the same. You can have the same data, like Biden avoiding a full recession, and if you’re a Trump person you think that happened DESPITE Biden, but if that happened during Trump it would have been his win.

Same for the economy. It might massively take off under Trump. Like MASSIVELY. Because of vibes. And hype. And belief. Which in turn becomes behavior, which then returns real results.

In short, I’m starting to think Framing is a lot more real than I gave it credit for. And now that I’m seeing things that way, I can’t unsee it.

I think we should re-think how we use the term “technical”, which I laid out in a tweet thread here.

There’s bias around the word “technical” that is often used to diminish people—often women—who are doing crucial work.

1/n

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 (@DanielMiessler)
Mar 22, 2024

NOTES

I have all four (five?) of the AI devices on order. Rabbit, Humane, can’t remember them all. Plus the new cheap ones. I’m all in.

The AI device I need the most is just something that records conversations and sends them to a place I can process them with AI.

So,

- transcription
- pulling out key points
- creating follow ups
- etc

All that I can do myself.

I just need the text.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 (@DanielMiessler)
Mar 24, 2024

I’m going back to my OG style of news summary, which is usually a single sentence. And then then when I have more to say I can add a sentence or two or do an 💡breakout, or a full essay. Let me know how you like the mix.

I’m re-reading Steven Pinker’s The Sense of Style. I try to do so every 2-3 years or so. It’s my favorite book on writing.

Broke down again and re-subscribed to the Twitter API. $100 is expensive, but I do value the feed, and there are certain things I need full tweet access for. Can’t wait to make full use of it.

I also created a new Fabric Pattern based on the book. It’s called ⚙️analyze_prose_pinker and it analyzes your prose according to what he teaches in the book, and gives you recommendations for how to fix it. MORE

Just getting into 3 Body Problem on NETFLIX. I love how different it is, and how much I can’t remember the details because I read the books so long ago. MORE

DISCOVERY

⚙️🔥 Opus Clip — Automatically creates shareable clips from videos for platforms like TikTok and YouTube Shorts. HT to Jason Haddix for showing me this one. | by Opus Clip | MORE

⚙️RAGTune — An Open-Source tool for tuning and optimizing RAG pipelines! | by Misbah Syed | MORE

⚙️ Gourlex - Takes a webpage and returns all URLs on the page. | by trap-bytes | MORE

🛠 OpenDevin is an open-source project aiming to clone and improve Devin, an AI that can autonomously engineer software. | by Junyang Lin | MORE

Unreal Engine 5.4's latest update is so realistic it's hard to tell it's not actual movie footage. MORE

Luck as a Skill MORE

The secret to a meaningful life? — Committing to a long-term, ambitious vision that pushes you to grow smarter, wealthier, and mentally stronger. MORE

A guide to ESPPs and RSUs MORE

Prompt Injection and Jailbreaking Are Not The Same Thing | by Simon Willison | MORE

RECOMMENDATION OF THE WEEK

Think about your Hedonic Baseline.

I’ve been getting pretty good about thinking about my life during normal moments, like walking down stairs, or walking to my car. Just appreciating utterly mediocre moments.

I use the stoic technique of imaging that that thing is gone. I’m on Mars looking at Earth through a telescope, telling stories about how nice it used to be, where you could just go for a walk by a mountain, and smell the air or whatever.

I make a full list of the things I’m taking for granted right now. My relationships. Mobility. The ability to think. Being in the Bay Area at this crazy moment. Etc. And I imagine those things gone.

I actively cultivate appreciation by lowering my Hedonic Baseline. Like what’s the minimum expected stimuli that would make me happy? Imagine yourself without all the great things you have, and then when you realize you have them you appreciate them more.

Think about what you have. Think about them by subtraction.

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶

Yours,

Like • 0 comments • flag

Published on March 25, 2024 13:12

Efficient Security Principle (ESP)

One of the hardest things about being in information security is the frustration.

The longer you’re in the field the more you’re exposed to ridiculously insecure systems that nobody seems to want to fix. We know how to fix them. We often have the money. And security people are explaining—at maximum volume—exactly how to do it. But it doesn’t happen.

I’d like to propose an explanation and name for this phenomenon—the Efficient Security Principle (ESP).

In other words, the way we know something has the “right” amount of security —acceptable, not ethically or morally—is when people just keep using it. There are countless examples.

Online companies, when they get hacked constantly

Email use at companies, when it’s the #1 way to get compromised

Online banking, when fraud is constant

Front door locks, when they’re trivial to pick

The internet in general, when we know it’s an open wound

We use these things anyway because the value they provide massively outweighs the security risks in our minds.

The moment enough people stop using something due to security being too bad, the baseline goes up. And not before.

How to use this principle

If You’re a Technical Security Expert
Security experts often believe the level of security for a given system is much lower than it should be. Which makes sense. We’re close to it. We see the depth of the problems. And we know how to make it better.

Recommendation: Realize that it’s not about us as technical security experts. Realize that it’s about the bigger system, which is primarily concerned with the functionality they’re getting from an offering, not with its security risks. If people in general know the risk and they’re still taking it, that’s just because they value the offering that much. Don’t take it personally.

If You’re a Security Leader
Even security leaders within large organizations can become disillusioned because they don’t see their programs being taken seriously. Just like the technical implementers, they know how to improve security and they can get quite upset when nobody is listening.

Recommendation: First, make sure the baseline is actually where people think it is. If there are security gaps that the company—or its users—don’t know about, make those visible to close the gap of knowledge and get additional support. Second, find innovative ways to raise the baseline in a way that doesn’t inconvenience the company or its users. They may not want to spend much extra effort to raise the baseline, but they won’t object if it goes up without effort on their part.

Summary

The Efficient Security Principle says that security is only as good as it needs to be to keep people from abandoning the service, and that the more popular or essential the offering, the lower the security can be.

Progress is still possible—especially through policy change and regulation—but it mostly comes gradually, at glacial speeds, or in fast jumps from major incidents. But security experts loudly calling out how low the baseline is, and gesturing wildly towards the solution, seldom results in change.

Passionate security experts struggling with low security baselines should absorb this truth so their mental health and job satisfaction don’t suffer unnecessarily.

NOTES

Thanks to Saša Zdjelar and Clint Gibler for their insights while talking through some of these ideas with me, and Saša for the email example.

The principle applies most to very large systems, like the internet, or the overall security of a massive publicly-traded company, not granular or small-scale mechanisms.

There is a natural, glacial upgrade of all security just generally as a result of technical improvement, and within companies that are working on it diligently. If it’s invisible enough, the change can come naturally in a way that doesn’t bother users, which is technically a lifting of the baseline. But it’s so gradual that it doesn’t really apply to a given point of time when someone is wondering why security isn’t better.

Saša Zdjelar points out that SMS is a good example of where the danger became too great and a global push happened to phase it out in a relatively short amount of time.

There are also Security Blindspots where security experts know something that the public doesn’t. So they’re using the offering now, but if they knew how bad it really was, they might not. That’s a special case that doesn’t apply here. This principle deals with the situation where the functionality is deemed more important with full knowledge, not with situations where knowledge is unavailable or withheld.

I wrote a similar essay about this in 2018 called Why Software Remains Insecure, but didn’t call out the concept as a principle.

Pardon the formal, “I’m so smart” tone of the piece. I’m trying to make it evergreen, and thus remove any hesitation or personality from it. It’s really still just a capture of a Frame of thinking that I find useful, and I’ll continue to upgrade it as I see opportunities for improvement.

Like • 0 comments • flag

Published on March 25, 2024 11:43

March 19, 2024

The AI Coin-sorter Analogy

I’ve had this analogy in my mind for a while for AI. Specifically, neural nets.

Imagine a coin sorter with a flat surface the size of the sun.

So the idea for sorting coins is that you just throw random coins at it, and they fall into the system and bounce around and get filtered into certain paths.

But in this system, the openings on the surface don’t just have a few sizes of openings, but billions. All different shapes and sizes of slots. And there are also billions of different sizes of coins.

And when you throw coins (data) at the surface of the sun, that’s what changes the shapes of the slots.

But then, it’s actually layer upon layer underneath. And the billions of shapes of the slots on the top layer then shape different shapes and sizes of the slots on the layers below. Also billions.

And it does this for multiple layers.

Now, once you have that in your mind, now imagine that it’s not actually coins. It’s data coming in. Data in the form of light.

Light from Earth.

The Earth is a giant flashlight. It’s shining all the knowledge of humanity at the surface of the Sun.

And as that light hits the full surface of the sun, it carves billions of tiny nooks and crannies into the top surface, which shapes the nooks and cranies on all the thousands of layers below.

Until finally—on the other side—light comes out. And that light is the wisdom of “AI”.

A shapeable object

Here’s why I like this visualization.

It shows how the data shapes the filter.

It shows that the light that comes out the other side is the result of both the light and the filter.

It shows that the thing isn’t foreign!

#3 is my favorite.

When all of humanity’s knowledge is sent to the Sun, that’s what shapes the Sun. That’s what burns all those intricate patterns into its layers.

The filter isn’t a separate thing. The filter is Earth’s data, burned into a shape.

And thus, the output of the filter also isn’t foreign.

It’s just a view of what we sent it.

Like • 0 comments • flag

Published on March 19, 2024 10:19

UL NO. 424: Raising Security's Floor

👉 Continue reading online to avoid the email cutoff issue 👈

TOC

kolide.com/unsupervisedlearning

Hey there!

Added some really sick Patterns to Fabric this week!

⚙️create_better_frame: Takes any type of input where someone is presenting, interpreting, or commenting on the world, and does two things: 1) it creates negative frames for seeing that content, and 2) offers more positive frames. Basically, it provides a positivity filter for any given input, should one choose to accept it. MORE

⚙️create_academic_paper: Takes any bullet points, article, essay, or anything else you’ve written, and turns it into a LaTeX-formatted academic paper format! MORE

Also, for anyone with a git repo, summarize_git_changes is a great way to see and share updates on recent progress. MORE

cd yourgitrepo

git log --pretty=format:"%h - %an, %ar : %s" --stat | head -n 500 | fabric -sp summarize_git_changes

Fabric’s latest updates

Also, Threshold (UL’s first commercial product) is imminent! Like I’m already in there and using it, and we’re making final tweaks now. It’ll launch in Preview, meaning there will be lots of changes in the next few weeks, but it will be useful from Day 1.

Can’t wait to share it. Hopefully this week and then in next week’s newsletter.

Ok, let’s get to it…

MY WORK

Personal AIs Will Mediate Everything

What happens to user-facing businesses when humans aren’t the things interacting with products?

danielmiessler.com/p/personal-ais-will-mediate-everything

A Conversation with Jason Meller of Kolide/1Password - Unsupervised Learning

In this sponsored conversation, I speak with Jason Meller. Jason is the founder of Kolide, which has just recently been acquired by 1Password. We discuss: - Collide's acquisition by 1Password - The synergy between Collide and 1Password - The challenge of password management - The concept of device trust and zero trust - The limitations of MDM solutions - Engaging end-users in security remediation - The philosophy behind Collide's approach - The importance of human-friendly security solutions - Future plans for Collide under 1Password - The potential for broader application of Collide's technology Jason and I see a lot of things the same, and I really enjoyed this conversation and think you will too.

omny.fm/shows/unsupervised-learning/a-conversation-with-jason-meller-of-kolide-1passwo

SECURITY

🚨This is a collection of full-video deepfakes that are seriously concerning. They’re generated by a commercial model, not like a government. MORE

💡We seriously need to build like a global Snopes platform. Like before the elections.

Idea: You get a bunch of Left people, Center people, and Right people and you build a platform that does like Snopes used to do with internet claims. It basically shows the content, and gives an analysis of why you should believe it, why you shouldn’t, and then a verdict. Plus you can have the platform be like a collection point for pro-con arguments, in super concise form. And yeah, it’ll use AI to do a lot of that collection and summarization.

Something like:

—

SITUATION: There’s a video of Obama saying it’s time for a pre-emptive strike against Mayanta.

ANALYSIS: The video is currently being analyzed by multiple experts. Here is what has been said so far:

Fox News Analysis: The video appears to be fake, created by _____. SOURCE

ONN Analysis: No evidence that the video is fake. SOURCE

CISA Analysis: This is a deepfake, read our analysis here. SOURCE

Brietbart: Obama has said similar things in the past so there’s no reason to disbelieve it. SOURCE

CURRENT CONCLUSION: Given the current evidence, we are ALMOST CERTAIN that this video is a deepfake, using Kent’s Words of Estimative Probability.

We need this service. And as Dan Kaminsky used to say, “We have the technology.”

The Left/Right cooperation won’t be perfect, of course, but it’ll be 1,000% better than nothing.

These deepfakes are too good for us not to have any trusted place for people to verify things.

There’s a supposed data leak of data on 71 million AT&T customers, but AT&T says it’s not from their systems. MORE

Someone built an AITM (Active In the Middle) attack tool using just 174 lines of code on Cloudflare Workers. It can supposedly fully bypass MFA on Microsoft accounts. MORE

Leaked documents reveal a Chinese hacking group's systematic attacks against 20 foreign governments and companies, including detailed operations and targets. MORE

Sponsor

🔍Enhance Enterprise Security: Ensure Device Trust and Protect Your Data!🔍

When you go through airport security, there's one line where the TSA agent checks your ID, and another line where a machine scans your bag. The same thing happens in enterprise security, but instead of passengers and luggage, it's end users and their devices.

These days, most companies are pretty good at the first part of the equation, where they check user identity. But user devices can roll right through authentication without getting inspected at all. In fact, 47% of companies allow unmanaged, untrusted devices to access their data. That means an employee can log in from a laptop that has its firewall turned off and hasn't been updated in six months. Or worse, that laptop might belong to a bad actor using employee credentials.

Kolide finally solves the device trust problem. Kolide ensures that no device can log into your Okta-protected apps unless it passes your security checks. Plus, you can use Kolide on devices without MDM, like your Linux fleet, contractor devices, and every BYOD phone and laptop in your company.

Visit kolide.com/unsupervisedlearning to watch a demo and see how it works.

Watch a Demo

SpaceX is contracted to build a spy satellite network for a US intelligence agency. Makes sense. I can’t think of a cheaper and more reliable way to get a lot of satellites into space. MORE

Rohan Pandey modified llama2 to un-redact an email from Elon to Illya. MORE

Burglars are starting to use Wi-Fi jammers to knock out security cameras, making it harder to track them down afterward. MORE

Sponsor

VIRTUAL OPEN SOURCE POWERED SECURITY CONFERENCE

Join us for Hardly Strictly Security: The Ultimate Open Source Cybersecurity Conference. Mark your calendars for April 25th. This free, virtual conference is for security engineers, red teamers, bug bounty hunters, security leaders, and anyone who wants to celebrate and continue to leverage the power of open source to make our world more secure.

hardlystrictlysecurity.io

Join Us!

A Chinese company's leaked documents reveal a massive global hacking campaign. MORE

Fortinet has disclosed a critical SQL injection flaw in FortiClientEMS that could let attackers run code on systems. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

Steven Hao gave Devin access to his work stuff (questionable?), and it’s basically doing his job for him. Devin is even posting on Slack and asking questions, and using the responses to continue when he gets stuck. MORE

💡The amount of hate and hype towards Devin has been extraordinary. Definitely go check it out if you haven’t yet. It’s basically a code automation agent that does better than previous attempts.

Midjourney's new "Character Reference" feature finally lets you recreate the same AI character in different situations. Can’t wait to play more with this. MORE

Elon Musk open-sourced Grok, but not completely. They didn’t release any of the code required to train it. MORE

💡As I talked about before, I think we should only call a model “open source” if they release 1) the weights, 2) the data, and 3) the full training methodology—including code.

Covariant is launching RFM-1, aiming to bring ChatGPT-like capabilities to robots. This platform could revolutionize how robots understand and interact with the physical world, making them more adaptable and intelligent. MORE

💡AI is big. Robots are big. But the biggest is AI in robots.

Finland is rolling out a giant 'sand battery' to store heat in winter, showing 1 MW of power and a 100 MWh capacity. The technique uses excess electricity to warm sand and can meet a week's heat demand in winter with minimal energy loss. MORE

Nvidia's getting into humanoid robotics with its new AI platform, GR00T. The platform is designed to support a wide range of humanoid robots, including big names like Agility Robotics and Boston Dynamics, marking a significant push into the sector. Massively impressed with Nvidia right now.

👉 Continue reading online to avoid the email cutoff issue 👈

HUMANS

Hong Kong is implementing a new, Beijing-driven stringent security law that goes after treason and other types of dissent. The penalties are harsh, with up to life in prison. Hong Kong continues to get phased out, with China phased in. MORE

Midjourney is blocking AI-generated images of Trump and Biden going into the 2024 election. MORE

The U.S. unexpectedly added 275,000 jobs in February, surpassing economist predictions. But the unemployment rate went up slightly, to 3.9%. MORE

A really good thread here on Hacker News about experienced programmers not being able to find jobs. OP and commenters have a theory for why it’s happening. MORE

Some schools in England are adopting super strict policies, inspired by the Michaela Community School's success, to improve student behavior and academic outcomes. These schools enforce rigid routines and discipline, believing it helps disadvantaged students succeed, despite criticism of the approach being oppressive. MORE

💡I’ve been expecting to see a lot more of this, actually. Not just for disadvantaged students—which I can see it being great for—but for everyone. Reminds me of all the Man camps going on where you learn survival and hunting and stuff.

I see this as a counter to life being good, basically. Life for most people is fairly easy in terms of not being in danger, having enough to eat, etc., and people want to build character.

It’s hard to build character when everything is easy. So we should expect to see a lot more of making things artificially hard—on purpose—to help strengthen ourselves.

Like Stoic Resilience Training (SRT) or something. I’m for it, as long as it doesn’t get too out of hand.

Young men and women are drifting apart politically, with women going way more Left, and men staying largely the same. MORE | MORE

John Barnett, a former Boeing whistleblower, was found dead amid a lawsuit against the company. He exposed safety issues, including a 25% failure rate in emergency oxygen systems. MORE

🚨Toronto Police suggest leaving car keys at the front door to dodge violent run-ins with car thieves. It's a bit like saying, "Take my car, not me." MORE

💡This is how you get Republicans elected, and eventually—if things aren’t fixed—far-right governments like we’re seeing all across Europe.

Liberals can’t let Conservatives be the only people who enforce laws and maintain security. Or they can, but there will be consequences.

“They voted for THAT guy? Wow, the voters are evil and stupid!” Maybe. But people also like feeling safe. As usual, the answer is a hybrid:

Enforce laws strictly, largely as if criminals had a choice.

Invest heavily in at-risk groups before they commit crimes, largely as if they don’t.

Recent Boeing incidents have sparked far-right conspiracy theories about diversity causing intentional failures. Some extremists claim these mishaps are part of a plot to undermine Western civilization and promote communism. MORE

💡Wut? If someone can explain that one to me I’d appreciate it.

Using tap water in a Neti Pot can be deadly due to potential brain-eating amoebas. It's safer to use distilled or sterilized water for sinus cleaning. MORE

💡I feel vindicated. I’ve been using only filtered (reverse osmosis) water for mine for years. The best treatment I’ve found (along with an allergy pill) by far.

This analysis claims to show that people used to consume more calories without gaining as much weight. MORE

Fentanyl poisoning has become the leading cause of death for Americans aged 18-45. MORE

Over 2,000 U.S. newspapers have closed since 2004. MORE

Car washes are popping up everywhere because they're surprisingly profitable. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

I’ve had an absolute epiphone about politics, and really everything in the last couple of months. Specifically from the concept of Framing. I feel like it’s a model with extraordinary explanatory power, and I’ve not found anything it can’t explain. It’s becoming my primary Unified Theory. I’m prone to excitement though, so I’m going to let it sit for a while before I write another big piece about it.

—

Really interesting back and forth with with Dino Dai Zovi about the cybersecurity “floor and ceiling”.

Security is always roughly as good as it should be. We know this because if it needed to be better, it would be.

Most home locks are pickable, and most hospitals are ransomeware-able.

Each system has an acceptable level of security failure.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 (@DanielMiessler)
Mar 17, 2024

And further thinking made me expand on it here.

I don't think this is true on just multi-decade timelines. I think it's true on "an average day" timeline.

Think about how much we have of the following:

- Identity theft
- Account fraud
- Password reuse
- Companies constantly being hacked
- Ransomware
- Credential stuffing… twitter.com/i/web/status/1…

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 (@DanielMiessler)
Mar 18, 2024

And this is my piece from 2018 that I think captures the idea best.

Why Software Remains Insecure

My piece from 2018 on why software remains insecure after we’ve spent decades trying to solve the problem…

danielmiessler.com/p/the-reason-software-remains-insecure

Basically, I think security is subordinate to innovation and daily life in most situations, and that it falls to an absolute minimum as a result. And as a result, we should guard our mental health against thinking people are steering us wrong, or that we’re massively neglecting something that urgently must be fixed.

In short, if it were urgent we would know because it would get fixed immediately. And if it’s not fixed immediately, it’s not urgent.

This isn’t a statement about any objective rating of what matters, or what’s more secure or insecure (see Framing above).

Framing is Everything

We're seeing reality through drastically different lenses, and living in different worlds because of it.

danielmiessler.com/p/framing-is-everything

The only thing that matters is what people care about and worry about. And that’s why we can spend billions barely moving the needle on a thing that’s not that important, while completely ignoring worse risks that don’t inspire people to care.

NOTES

We had a banger UL meetup this month where a member shared their super tricked-out keyboard. It’s the exact type I’d been looking up already and trying hard not to get into. But he made such a compelling case that I’m now going down the rabbit hole. Send help. Also don’t click this link. MORE

I’m emotionally moved, and technically astounded, by the fact that Voyager 1 is a light day away from us. A LIGHT DAY. 24 hours at the speed of light, just to send and receive a signal. Oh, and the thing keeps like dying and then coming back online. What a hero.

DISCOVERY

🛡️ haktrails is a Golang client that makes querying SecurityTrails API data super easy. Especially useful for bug bounty hunters. | by hakluke | MORE

⚙️ Openapi-tui lets you interact with APIs defined in openapi spec right from your terminal. | by zaghaghi | MORE

I Stopped Loving Captain Kirk MORE

Solarpunk is the new Cyberpunk MORE

Steve Pavlina's "Do It Now”. Takes me back. One of the early influences on my approach to productivity. From 2005! MORE

Minimal Viable System. MORE

🔥Ben Kuhn shares Why and How to Blog. MORE

Which Skills Are Least Likely to Be Replaced by AI? MORE

Amanda Askell talks about why Claude 3’s system prompt is so good. MORE

Spreadsheets as Simulation Tools MORE

The Getty has released nearly 88,000 art images for anyone to use for free. MORE

RECOMMENDATION OF THE WEEK

Share Let Grow with people! Absolutely love this project!

It’s about teaching independence and resilience to kids.

Watch this (it’s 4 minutes).

The most effective and most fun way to reduce anxiety in elementary and middle school students is the Let Grow Experience. Below is a 4 minute video about it, very moving. Parents: ask your kids' school to try it. It's free. Visit

— Jonathan Haidt (@JonHaidt)
Mar 18, 2024

Please share this with anyone you know who cares about raising healthy, independent kids.

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶

Yours,

Like • 0 comments • flag

Published on March 19, 2024 09:44

March 13, 2024

Personal AIs Will Mediate Everything

AI is going to change the interaction paradigm with technology.

Today, humans do pretty much everything themselves. Things like applications and websites are designed to be pretty because humans interact with them directly, and they like to interact with nice-looking things.

However, the future of interaction with technology will be AI-mediated. Meaning, we won’t be going to do things directly. Our digital assistants will be doing the interaction on our behalf and returning us the results.

The AI itself will then determine based on our preferences the best way to display those results to us using a third-party UI interface.

So, companies will provide their data and of course, they will have some sort of UI themselves, but largely people will be browsing that data through an AI provided interface that shows them things filtered in a certain way and looking the way they like to see them

This has profound implications for a lot of the Internet today that is based on looking pleasant to humans who are visiting directly

AI's Predictable Path

Technological progress isn't predictable, but the human desires that drive them are.

danielmiessler.com/p/ai-predictable-path-7-components-2024

Questions

How much of current companies’ success is based on having humans interact with their content directly?

What does search look like when it’s not being browsed and clicked by actual humans?

Same for product catalogs. There may be some companies that are big enough and special enough to restrict access to their catalog to only using their specific UI, but I think most companies are going to have to survive solely on the quality of the data they provide. I think people will demand that they are able to see that through their own preferred interfaces.

If you make and sell anything, you should consider how your product looks to an AI and how it will compete with other services without direct human interaction.

Basically, your API will be your company.

The goal will be getting people’s personal DA assistants to use your company’s API as the preferred one when they look something up for their principal.

Example

Let’s say you want an expensive coffee grinder. Here are the rough steps:

Google for high-end coffee grinders 2024 best or something

Do the same on Wirecutter

Do the same on Amazon

Spend the next 15-500 minutes doing research and comparisons, reading comments, reviews, etc.

In 2027 (who really knows when, but around there)

Here’s how you’ll do it with your DA.

YOU: I need a coffee grinder. Like a super nice one. But less than a thousand bucks.

AMIEN (Your DA): Ok, cool, I’ll do some research.

Amien might ask you some clarifying questions, if you’re not busy, but on the backend here’s what he’s doing:

Query his (Amien’s) favorite list of product catalogs (which itself is provided by a specific company)

Find the highest rated product catalog for coffee-related stuff

Query it

Query a few other top APIs and look for similar results

Triangulate on a few top options

Read all the reviews

Compare the aesthetic with what he knows his principal likes visually

AMIEN: Ok, I think I found it. Here it is.

(Sends to your AR interface so you see it floating in front of you, rotating)

Here’s the important part: Amien made 1,027 different API requests in the 39 seconds he took to do the research.

Amien looked at all the images. Amien read all the reviews. Amien browsed all the lists.

Amien. Not you.

Summary

One of the biggest “tangible” changes from AI will be the mediation of interfaces, i.e., it used to be Human —> Interface, and now it’ll be Human —> DA —> Interface. And Interface —> DA —> Human.

This will have profound implications on how products are built.

The focus will increasingly be on the API that you provide as a company, and getting it to be preferred by DAs.

—

NOTES

Some companies will just be super gifted with UI and they will provide that UI as one of the options for the digital assistant to use when presenting the content to their owner. But I think third-party UIs will eventually win out and be the preferred interfaces for people to consume most content.

Like • 0 comments • flag

Published on March 13, 2024 14:58

March 11, 2024

UL NO. 423: AI is Becoming Like Reading

👉 Continue reading online to avoid the email cutoff issue 👈

TOC

PlexTrac.com/UnsupervisedLearning

Hey there!

So I’m basically a god now because I’m on my whole new tool stack!

Kitty replaces Alacritty and iTerm2. MORE

zoxide replaces cd. MORE

Yabai for macOS window management. MORE

SKHD for keyboard shortcuts. MORE

sketchybar for a dynamic menu bar. MORE

Stow for syncing dotfiles. MORE

I mean this setup is INSANITY. Haven’t felt this hyped for a desktop setup since like 2001. Let’s go!

Also, we updated Fabric with some new goodies:

Fabric now supports Claude Opus!
pbpaste | fabric -p extract_ideas —model claude-3-opus-20240229

Added a new Pattern, extract_predictions, which pulls predictions out of content. I’m going to run this against entire bodies of work and then rate people’s predictive skill, similar to Tetlock’s book, Superforecasting.

We’re adding model shortcuts soon so you don’t have to put the whole model name.

find_hidden_message is now more effective, and gives three different levels of interpretation: cynical, normal, and favorable. MORE

Claude Opus is officially the first thing I’ve seen perform better than GPT-4. I’ve been using it with Fabric’s find_hidden_message Pattern and Opus does significantly better than GPT-4 on nailing nuance in propaganda. I’m still team OpenAI though. Can’t wait for 5!

I’m also just days away from the Threshold product launch! Look out for it!

Ok, let’s do this…

MY WORK

Two new essays this week.

AI is Already Becoming Like Reading

My new short piece on how I’m noticing that AI is becoming just as uninteresting as books, and why that's a problem for the capabilities gap.

danielmiessler.com/p/ai-becoming-reading

AI Is Worse If You Think It's Someone's Fault

I think a lot of stress about AI is caused by framing it as something that we’ve chosen rather than something that’s just naturally happening.

danielmiessler.com/p/ai-second-arrow

SECURITY

A Google engineer was indicted for allegedly stealing AI trade secrets to benefit China. He's accused of taking over 500 files related to Google's AI chips and transferring them to a personal account. MORE

💡This guy lives in my hometown, and that’s where he was arrested. It takes a lot of courage and wisdom to simultaneously realize how bad Chinese Government espionage is without giving in to racism. One answer is really good Insider Threat programs that look at behavior rather than characteristics. But those programs tend to only exist in big companies like Google (which is where he was caught).

🚨 Russian attackers Midnight Blizzard are persistently going after Microsoft, targeting its source code and internal systems. | MORE

🚨 QNAP alerts users to a critical flaw in its NAS devices that could let attackers bypass authentication. | CRITICAL | RESPONSE: Urging immediate updates. | MORE

💡Never, under any circumstances, put a NAS online. Jesus. It’s like the perfect storm of the most critical data with the worst code.

🚨 The US Cybersecurity and Infrastructure Security Agency (CISA) was hacked, forcing two critical systems offline. | HIGH | RESPONSE: Systems taken offline, no operational impact reported. | MORE

Sponsor

🔍Elevate Your Security Game with PlexTrac🔍

Cut pentest reporting time in HALF and go beyond with PlexTrac. Our automated platform empowers you to:

🔎Deep-Dive into Your Security: Analyze your attack surface with precision.

📊Centralize Data Management: One-stop-shop for all pentest and vulnerability data.

🎯Prioritize with Confidence: Leverage context-based scoring for smarter decision-making.

🛡️Master Continuous Validation: Stay ahead with proactive security measures.

What’s in It for You?

⏱️Faster reporting times.

🤝 Smoother team collaboration.

🎖️Prioritize effectively for high-impact results.

💥Up to 5X ROI - Experience the difference!

Transform Your Security Reporting Today.

Get Your Personalized Demo at:

Demo Now: Elevate Your Security Posture! 🚀

North Korean spies hacked into South Korean chipmakers, stealing designs to boost their semiconductor industry. They exploited vulnerabilities and used "living off the land" techniques to stay undetected. MORE

A Flipper Zero device was used to break into a Tesla, but it was a bit of a stretch. First, the Flipper Zero didn’t do any special work, and second a lot of things have to go right/wrong for it to work. MORE

Scammers are increasingly using AI to mimic the voices of loved ones in distress, tricking people into sending money. MORE

💡PSA Advice: Let your most vulnerable family and friends know that scammers can now fake voices and everything. And that if something happens they need to stay calm and actually call you, or someone you know, to confirm what’s being said. Scammers do try to do this when they know you can’t reach them, or present other types of urgency, but train them as best you can to resist that.

The U.S. sanctioned individuals and entities behind Predator spyware for targeting Americans. These sanctions freeze their U.S.-based assets and ban transactions with them. MORE

Cloudflare's new "Firewall for AI" aims to protect applications using large language models from security threats. It features Advanced Rate Limiting and Sensitive Data Detection for enterprise customers. MORE

💡Freakin’ Cloudflare. So damn nimble. They seep into all the cracks. I’m telling you they’re slowly becoming the internet. Google gets rid of Gmail and YouTube out of sheer stupidity, Akamai gets bought by Johnson & Johnson and boom! Cloudflare = Internet.

Brian Krebs analyzes Radaris, a data broker that sells American data with ties to Russian services and sanctioned media. MORE

Russia's been caught setting up fake news sites in the U.S., aiming to spread disinformation. These sites, including names like D.C. Weekly and the Miami Chronicle, blend Kremlin propaganda with local news stories. MORE

💡One of the next things I’m going to do with all this AI I’m building is start parsing news sources and rating them for propaganda. I want to find these things early.

China's increasing its defense budget by 7.2% amid economic challenges, signaling a shift from "peaceful reunification" with Taiwan to a more aggressive stance. This more than doubles the military budget under President Xi Jinping's tenure. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

🔥 AIR AI is a cold-calling AI service that you HAVE to hear. Super good. From this demo, 4 sample calls generated over $275,000 in net profit. MORE | NEW VOICE DEMO

Someone has been giving AIs Matrix IQ tests, and Claude-3 just broke 100 (average human level) for the first time. MORE

Apple has quickly shifted from a passive stance to going full speed on AI, making it a core part of their strategy. They have a lot of ground to cover, though, so we’ll see what they release in September. MORE

Apple Podcasts now have auto-generated transcripts. I need to figure out how to pull these programmatically. If anyone knows, let me know. MORE

Research suggests that models can optimize prompts better and faster than humans, making manual prompt engineering potentially obsolete. MORE

💡I think this is likely to be true. But I think people who can think and communicate clearly will maintain a significant advantage.

I don’t see some random person being able to bark idiocy at a model and have it say, “Ah, you were referring to Feynman’s Third Principle…indeed…let us proceed…”

Global trust in AI is waning, with a significant drop from 61% in 2019 to 53% now. In the US, trust has plummeted even more, from 50% to just 35%. MORE

💡This is why I wrote one of this week’s essays. THIS ONE

HUMANS

France just made history by embedding the right to abortion directly into its Constitution. The bill passed with a 780-72 vote during a joint session of Parliament. MORE

The CFPB has set a new rule capping credit card late fees at $8, which will save consumers around $10 billion annually. MORE

The James Webb Space Telescope just gave us a spectacular deep-field image revealing countless galaxies. This image covers a tiny fraction of the sky, yet it's packed with galaxies. Not stars. Galaxies. MORE | THE BIG RAW IMAGE

💡I have the Hubble version. Now I need to get this one onto a metal print.

A single dose of LSD, MM120, shows promising results in treating generalized anxiety disorder, with a 48% remission rate at 12 weeks. MORE

Sweden officially joined NATO, becoming its 32nd member country. This move integrates Sweden into NATO's collective defense mechanism. MORE

New York has rolled out National Guard troops at key subway stations to curb crime. MORE

SCOTUS ruled unanimously to keep Trump on state ballots, and as much as I dislike him, I think it was the right answer. MORE

💡This attempt was what I call a Brexit Move by the left. You think you want something, and then you get it, and you realize it was a mistake.

You don’t take people you dislike off the ballot. That’s not American. No matter how much you dislike a candidate, if they can legally be elected they deserve to be.

If we don’t like that they can be legally elected, we can fix the country or move. Taking people off the ballot because we don’t like them isn’t a democratic option. And even if you were to get it passed, it would immediately be used against you. See Brexit.

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

I was troubled with Harari’s analysis on Colbert where he basically said we have no idea what to tell people to do in the face of AI right now.

I think we might know better than ever actually. Before we thought we could predict, and we were often wrong. But now we can be sure it involves clear thinking, clear communication, understanding the past, understanding the merits of various arguments, how to disagree, etc.

I don’t fault him too much, though. These things are set up with so little time, and they want sound bites. I just wish he had given more hope instead of saying we have no idea what to teach.

This is not quite correct.

He’s right that we don’t know what specific tech skill to teach someone.

But teaching curiosity, philosophy, history, and tools for thinking are more important than ever.

And this even more true with the uncertainty of AI, not less.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️ (@DanielMiessler)
Mar 10, 2024

NOTES

I’m feeling myself drawn back to the stoics lately. Got myself a neck light and have been reading Meditations before bed. Such a guaranteed pleaser.

I also have Ryan Holiday’s Stoic calendar (the copy of Meditations is from him too). Highly recommended. RYAN HOLIDAY’S STOIC STORE

We’re doing our mid-month UL meetup on OPTIMIZATION! So I’m going to be talking all about my different desktop and shell stuff I mentioned in the intro. Plus everyone else will share theirs. It’s going to be rad. You should come. SIGN UP FOR UL AND STUFF

This is the fastest and lowest stress newsletter I’ve done in … maybe ever? Ideas and content and flow is just … flowing. Most creative time I’ve ever had in my life, these last few months. AI helps with collection, and that helps a little, but it’s more so that I have so much going on that I have lots to say and lots to share, and I have basically zero creator anxiety. Because I’m not trying to be a creator. I’m making things, and reading things, and enjoying things—and just talking about all of it on Sundays. Huge difference.

DISCOVERY

Obsidian as a graph database for RAG. MORE

Mail-in-the-Middle automates spear phishing by exploiting email typos to intercept sensitive information. | by Felipe Molina | MORE

Junaid Islam outlines a five-step method for cutting cybersecurity budgets without compromising security. MORE

During World War II, America fought against damaging rumors with "rumor clinics" in newspapers and magazines. These clinics debunked lies by fact-checking and publishing the findings, helping to maintain morale and unity. MORE

💡Honestly starting to think we could use something like this.

Julia Evans dives into the surprisingly complex world of Git's HEAD, revealing its multifaceted roles. A Mastodon poll showed only 10% of respondents were 100% confident in their understanding of HEAD. MORE

💡I’m embarrassed by how often I just delete a whole repo and re-download it. I need a git class.

It's getting harder to tell humans from bots, not because bots are getting smarter, but because humans are acting more like bots. MORE

How to start a home lab, by Hayden James. | MORE

Chen's enthusiasm and soft skills landed him a job at Amazon despite technical shortcomings. He says 80% of failures at Amazon are due to soft skill issues, not technical ability. MORE

J.R.R. Tolkien intensely disliked Frank Herbert's Dune, rooted in their fundamentally opposing moral philosophies. Tolkien's deontological stance, emphasizing inherent acts of goodness, starkly contrasts with Herbert's consequentialist view, where the morality of actions is judged by their outcomes. MORE

Someone reminisces about the simpler, less polished writing they used to do. They express a longing for their earlier, unrefined work, feeling it had a charm that their current writing lacks. MORE

Cate Hall shares how anyone can learn to be more agentic, transforming their life by finding and leveraging unique advantages. She emphasizes that traits like agency aren't fixed and can be developed with the right mindset and actions. MORE

RECOMMENDATION OF THE WEEK

Trust your routine. If you spend a lot of time putting together a routine that keeps you feeling good, positive, and energetic, remember that routine when you feel worse.

I always think it must be something else. There’s no way it’s just me not being on my routine, right? Right?

It’s probably not being on your routine.

Sleep

Sun

Exercise

Clean food

Walking

Talk to your friends / family

It’s the basics, and there’s a reason you wrote them down.

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶

Yours,