Daniel Miessler's Blog, page 13
March 7, 2024
AI Is Worse If You Think It's Someone's Fault
I am troubled by how many people are upset by AI.
I mean, they’re really upset.
Having just written a thing on framing, I think AI is another example where people are doing most of the damage themselves.
In other words, I don’t think they’re so upset about AI itself, but by how they’re thinking about AI.
Specifically, I think people are upset because they think we’re making a choice to use it or not, and we’re choosing poorly. They’re going through life reading news stories and thinking…
Wow, I can’t believe people are so stupid! Here they have the option to just keep things as they are, which was working perfectly fine in the 80s, 90s, and 2000’s, and here someone shows them this stupid ChatGPT thing and now AI’s going to take all our jobs!
In other words, they think it’s dumb people deciding to use AI, and because of their bad judgment, we’re falling into some diabolical trap.
I don’t think that’s happening at all.
We aren’t choosing anything. AI is just naturally and inevitably unfolding like any other technology, and we’re just the people who happen to be here while it happens.
Different frames = different realitySomeone living in Frame 1 vs. Frame 2 might as well be on another planet. The perception shapes everyday life.
In Frame 1, you’re under constant assault from an evil technology spawned by hucksters and sold to idiots.
Humanity is now at risk—with real impact to people’s lives—all because too many dumb people fell in love with ChatGPT.
Someone you know
If you believe that, then every time you hear about AI—on a podcast, in the supermarket, at a party, or at work—you have this cacophony of chattering voices in your head talking about how stupid everything is. Grumble, grumble, sassin-frassin, /tableflip
It makes people mad. Cynical. Grumpy. Negative. Anti-tech. Angry. Did I say mad already? It makes them mad.
Frame 2 (Positive)People in Frame 2 don’t walk around with that chatter in their heads. They’re not constantly angry at someone—or people in general—or whoever, because they brought this all upon us.
In this model, life is just happening. Tech is part of life, and AI is just a big wave of tech washing over us. It might be a bigger wave than ever before, but it’s just a wave. And it’s a natural wave because humans created tech. When humans sharpened the first stone and put a handle on it, that was tech as well, and AI is just further along that same evolution.
This doesn’t mean you can’t be negatively affected by AI if you are in Frame 2. You can still lose your job to AI, have people struggle to find work that you care about, or have it mess with your life.
But the point is to avoid what the Buddhists call The Second Arrow.
The Second ArrowThe Second Arrow is a good way of capturing how I see framing in general, and definitely around AI. It’s basically a second amount of damage taken by thinking about a first amount of damage.
The Buddha asks a student if being struck by an arrow would be painful, to which the student responds affirmatively. The Buddha then asks if being struck by a second arrow would be even more painful, and again, the student agrees.
The Buddha explains that in life, the first arrow represents the initial suffering that comes from being human, such as illness, loss, or disappointment. This type of suffering is inevitable. However, the second arrow represents the additional suffering that comes from our reaction to the first arrow.
This includes emotions like anger, fear, resentment, or self-pity. Unlike the first arrow, the suffering from the second arrow is not inevitable; it's something we have the power to influence through our response to suffering.
A summary of the original Buddhist teaching
Positive framing avoids the Second Arrow, while negative framing walks right into it.
So, when it comes to AI, don’t walk into the second arrow of thinking this was someone’s fault.
Tides aren’t our fault, the winter being cold, solar flares—it all just happens. And tech is no exception. If humans happen, tech eventually follows, and here we are.
The integration of AI into our society will be hard enough by itself.
Don’t make it harder by living in a false narrative that makes you angry about it.
Powered by beehiiv
March 4, 2024
UL NO. 422: To Survive AI, We Must Become Creators
👉 Continue reading online to avoid the email cutoff issue 👈
Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to thrive as humans in a world that’s changing faster than ever. It combines original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.
TOCHey there!
Added tons of new Patterns to Fabric this week!
create_threat_model — Creates a logical, real-world threat model for a given scenario. MORE
find_hidden_message — Cynically consumes any opinion and looks for hidden meaning in it. MORE
create_ascii_visualization — Creates an ASCII visualization of any idea you feed it. MORE
create_markmap_visualization — Creates a mindmap of any concept you give it. MORE
create_mermaid_visualization — Creates a Mermaid datavisualization of any concept you give it. MORE
Plus we’ve added (very early) CrewAI integration! 1,001,374 thanks to @xssdoctor (Jonathan Dunn) for all the work on the CrewAI stuff!
Update your project, re-run setup.sh and restart your shell. Then do:
fabric agents trip_planner
And it will plan you a trip!
So. Much. Coding going on. Elated to be on the planet with you.
—
Ok, let’s get into it.
MY WORK
To Survive AI, We Must Become Creators
My new essay on how AI enables creators and punishes workers, so it's time to start making things
danielmiessler.com/p/survive-ai-become-creators
Sponsored — A Conversation With Ismael Valenzuela About AI and Threat Intelligence - Unsupervised Learning
In this standalone episode I speak with Ismael Valenzuela, VP of Threat Research and Intelligence at Blackberry Cylance. We discuss: Modern Threat Intelligence, The shifting attention of attackers, GenAI attacks, How defenders are adapting to AI attacks, And many other topics…
omny.fm/shows/unsupervised-learning/a-conversation-with-ismael-valenzuela-about-ai-and
👉 Continue reading online to avoid the email cutoff issue 👈
SECURITYResearchers have created a worm that exploits Generative AI to spread via prompt injection. Named Morris II, the worm can replicate malicious prompts through GenAI models, leading to data theft or spam. THE PAPER
GitHub now automatically blocks commits with secrets in public repositories. In the first eight weeks of 2024, over 1 million leaked secrets were detected. MORE
Biden is viewing Chinese "connected" cars as a national security threat, proposing an investigation into their risks. The Department of Commerce has issued a notice seeking public comment on regulations to secure the tech supply chains of these vehicles. MORE
💡So happy about this new approach to China. One of the few things I credit the previous administration for.
Sponsor
Enhance Enterprise Security: Trust Every Device with Kolide!
What do you call an endpoint security product that works perfectly but makes users miserable? A failure. The old approach to endpoint security is to lock down employee devices and roll out changes through forced restarts, but it just. Doesn't. Work.
IT is miserable because they've got a mountain of support tickets, employees start using personal devices just to get their work done, and executives opt out the first time it makes them late for a meeting. You can't have a successful security implementation unless you work with end users. That's where Kolide comes in.
Kolide’s user-first device trust solution notifies users as soon as it detects an issue on their device, and teaches them how to solve it without needing help from IT. That way, untrusted devices are blocked from authenticating, but users don't stay blocked.
Kolide is designed for companies with Okta and it works on macOS, Windows, Linux, and mobile devices.
So if you have Okta and you're looking for a device trust solution that respects your team, visit kolide.com/unsupervisedlearning to watch a demo and see how it works.
kolide.com/unsupervisedlearning
Watch a DemoThe US military's Project Maven is now actively using AI to identify and strike targets, marking a significant shift from skepticism to reliance on artificial intelligence in warfare. In recent operations, AI algorithms have located targets in Yemen, the Red Sea, Iraq, and Syria. MORE
ShotSpotter, now called SoundThinking, uses hidden sensors for gunfire detection. A leaked spreadsheet revealed the exact locations of these sensors, which were previously kept secret even from law enforcement agencies. MORE
Researchers found over 200 AI hacking services on the dark web since early 2023. Attackers are leveraging AI chatbots like "BadGPT" to enhance phishing attacks and create deepfakes. MORE
Cryptocurrency enthusiasts are being targeted with Mac malware through fake Calendly meeting links. MORE
A team of hackers (the good kind) (including UL Member @rez0) found significant vulnerabilities in Google's AI and cloud systems, getting $50,000 in bounties. MORE
A new vulnerability in Hugging Face's Safetensors conversion service could lead to supply chain attacks by hijacking AI models. MORE
👉 Continue reading online to avoid the email cutoff issue 👈
TECHNOLOGYNvidia's CEO thinks AI will soon make coding obsolete, urging people to learn other skills instead. MORE
💡Agree, but it’s nuanced. To me it’s more about Creators and Executors than coding itself. Coding just thinking and speaking and writing.
Those things aren’t less important just because computers can do them better. It just means don’t go head-to-head with computers on generating them en masse.
Waymo got the OK to expand to highways in Los Angeles and the Bay Area, and it allows their cars to go up to 65mph. MORE
Apple cancelled their car project, and they’ve moved over 2,000 employees from the project to Apple's AI initiatives. MORE
💡I have never been more excited for an Apple keynote then the one we’re going to get in June. We’re talking about real AI built right into iOS! So not just a better Siri, but something way beyond. The big difference will not just be the tech (which I hope is good), but the fact that it’s always with you.
Good AI that’s always with you is way better than Amazing AI that’s stuck in an IDE somewhere.
In 2023, public tech companies added $2.4 trillion to their market cap while laying off over 260,000 workers. MORE
Elon Musk is suing OpenAI, claiming it prioritized profits over its public-benefit mission. Hard to know how much of this is old Musk (help humanity) vs. new Musk (attack your enemies). MORE
OpenAI claims the New York Times paid someone to hack its products to produce content matching the newspaper's articles. MORE
Docusign has been using customer data to train their AI, and people are freaking out. Similar to the Reddit situation. | MORE
💡Wrong question. It’s not about whether someone uses customer data to train AI. Everyone should be doing that to some degree. Question is—are you training on personal data? On sensitive data? On privacy-related data? In a way that your customers wouldn’t like?
Again, transparency is key here. There’s a big difference between training on general behavior and preferences to make the product better vs. doing something gross.
SpaceX just hit a 17Mb/s download speed sending internet directly to a stock Android phone. MORE
Wendy's is looking to test dynamic surge pricing for food in 2025, influenced by demand and weather. Interesting idea. MORE
January and February saw a resurgence in tech job cuts, with both large tech firms and startups reducing staff. MORE
The Nvidia GeForce RTX 5090 is rumored to be up to 70% faster than the RTX 4090. This performance leap could come from having as many as 192 streaming multiprocessors and 24,576 CUDA cores. MORE
HUMANSA new study of 113,000 showed those with Long Covid scored roughly 6 I.Q. points lower than those never infected. MORE
Political extremism is now Americans' top concern, edging out the economy and immigration. A recent poll found 21% of respondents view it as their biggest worry. MORE
Oregon is reversing its drug decriminalization policy amid rising overdose deaths and public concern. The state legislature passed a bill to reimpose criminal penalties for some drug possession, reflecting a shift in political support. MORE
💡I feel like 2024 is the year of the pendulum swinging back on a whole bunch of hyper-liberal policies and attitudes. I just wish it could swing back to the middle instead of continuing on to the extreme other side, as per usual.
California is proposing a bill to ban homeless encampments near public spaces. The bipartisan Senate Bill 1011 aims to encourage the use of shelters by making it illegal to form encampments within 500 feet of schools, transit stops, and other specified areas. MORE
Florida is experiencing a number of outbreaks of already-beaten diseases. Why? Because vaccine skeptics on the left and right are reducing vaccination percentages below the required numbers for herd protection. MORE
Alcohol-related deaths in the US jumped by nearly 30% recently, hitting about 500 deaths daily in 2021. MORE
A neurosurgeon is using ultrasound to tackle Alzheimer's and addiction, showing promising results. MORE
👉 Continue reading online to avoid the email cutoff issue 👈
IDEAS & ANALYSIS
Holy crap, just had a crazy thought talking with @rez0__ .
What if we get AGI-powered robots before we get autonomous cars?
In other words, maybe it's way easier to put a local GPT-6-level AI into a car as a driver, than it is to fully automate "a car".
🤯
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️ (@DanielMiessler)
Mar 4, 2024
NOTES
💕 Sunday was 30 years with my love. 2 peas, kombi. 🤞
Dune 2 was insanely good. 10/10, for a sci-fi movie.
DISCOVERY🔥 My homie Jason Haddix just put out a sick episode of his newsletter all about hacking AI. Lots of prompt injection and other resources. Read the episode and subscribe! MORE
Do Literally Anything MORE
Caltrans offers CCTV data in CSV, JSON, TXT, and XML formats for free integration into applications. MORE
Adrian Göransson shares a deep dive into his git configuration, offering practical tips and insights for both beginners and seasoned users. He covers aliases, rebasing techniques like --keep-base, and the importance of signing commits and tags with SSH keys. MORE
How to get Nmap to detect new services. MORE
How I decide if your website is worth a revisit MORE
The Internet Feels Fake Now. MORE
Tyler Cowen shares his personal, highly structured approach to listening to music, from genre preferences to storage systems. He emphasizes a focus on core repertoire over random discovery. MORE
Apple's releasing William Gibson's "Neuromancer" to life as a 10-episode series on Apple TV Plus. MORE
"Bad Therapy" argues modern therapeutic parenting is failing, leaving kids anxious and unprepared for life. | by Mary Harrington | MORE
Daniel Zingaro's "Algorithmic Thinking" is one of my favorite books, and it now has a second edition with new chapters. MORE
Spending just 10 minutes on something is roughly 1% of your day. MORE
RECOMMENDATION OF THE WEEKAsk yourself if you’re primarily a:
Creator
Nurturer
or Worker
It’s my belief that Creators and Nurturers (people that help others become Creators and Nurturers) are the future of humans. So:
Parents (Nurturers)
Artists (Creator)
Entrepreneurs (Creator)
Therapists (Nurturer)
Etc.
I think those are some of the roles that will be most resilient to AI, and they’re also the most human. They’re what humans should be doing anyway!
Try to get out of the worker mentality. My family is Lutheran. Hard work was instilled in me, and I think it’s a noble and honorable thing.
But AI will do most old-style worker jobs better.
Start planning your migration to Creator and/or Nurturer now. We’ll all be hybrids, and that’s ok. But try to move towards Creator / Nurturer as quickly as possible. And help the people you care about do the same.
APHORISM OF THE WEEKThank you for reading.
UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.
So if you know someone weird like us, please share it with them. 🫶
Share UL with someone like us…Yours,
Powered by beehiiv
To Survive AI, We Must Become Creators
There’s a lot uncertainty in the knowledge worker job market right now, largely because of AI.
Like what do you do if you’re like this person on Hacker News, a brand new graduate out of college, while AI is ascending?
I have a simple model to think about things.
The biggest impact of AI, in terms of human jobs, is that it’s about to get a lot easier for creators to create, and a lot harder for workers to work.
In other words, you want to think real hard about how to become a creator and not a worker. Meaning—you want to be the one coming up with the new things that solve problems, not the one writing the code, or filing the paperwork, or setting up the meeting.
Why will creator’s thrive?The reason creators will thrive post-AI is that building new things has near-universal value. We have always rewarded people who dream up new things and bring them into the world, and I don’t see that stopping any time soon.
The issue is that creation is costly. It doesn’t just require creativity; it requires extraordinary access, and resources, and ultimately—luck.
What AI will do—and is doing already—is lower the barrier to entry. It will make it easier than ever to:
Start a business
Create a story
Publish a book
Create a movie
Build a product
Etc.
Think about how hard it is to make a movie. It requires millions of dollars to make a movie and get it in front of the masses right now. Hollywood is a gatekeeper in that respect. It’s basically the only way to get into a movie theater.
But AI is about to replace Hollywood, and home theaters, social media, and AR/VR headsets are replacing theaters. Think Sora 3 + Apple Vision Pro 3.
It’s hard to put numbers on this, but let’s just say only a few million people on the planet were able to be a creator in the pre-AI world.
Imagine what the world looks like when that becomes hundreds of millions. Or billions. And the best content rises to the top because it’s better, not because it had access to the theaters.
Now that you have that in mind for Hollywood disruption, imagine it for:
Startups
Publishing books
Scientific innovation
Creating art
Building new tech
Basically all of human innovation was stuck at a 1/10 until now because only a few people were even allowed to play.
And AI is about to open things up and take it to a 10.
Ok, but what’s a creator vs. a worker?Ok, so the next question is, “What’s the difference between a creator and a worker?” It’s both easy and had to answer that question.
On one hand it’s pretty simple:
General:
Creators come up with new solutions to human problems.
Workers are the people who execute on building them.
And that distinction is different based on the field. In a corporate setting the distinction is something like:
Blurring execution and creation
Coporate:
Creators are the people who determine what to build, how to build it if it’s a new thing, and how to sell it in the current market.
Workers are the people who make that happen.
But that distinction isn’t always neat. Sometimes we have the “draw the rest of the owl” problem, where the idea itself is not the hard part.
Turns out the rest of the owl was the hard part
Some “ideas” leave all the work undone. At that point you either have execution that’s also creation, or pure fantasy. For a tangible business, an idea must be feasible.
What if we had 37% more efficient solar panels! Wow, that’s brilliant! I’m a creator!
Lots of so-called creators
So for the line between creation and execution, the real distinction is whether you’re doing something that’s never been done before. Creating something that doesn’t already exist.
If you’re an “executor”, or “worker”, but you’re so good at it that you’re doing things that have never been done before, you move into the “creator” category.
And vice versa as well. If you’re a creator, but the space has been saturated, or what you make is now easy to replicate, you’re now an executor.
Why workers/executors are in troubleThe next question follows easily.
If there’s going to be so much creation, then why wouldn’t we need lots more workers and executors as well?
It’s a good question with a simple answer: we absolutely will need far more execution to enable all that new creation, but there’s no way to train enough people to do that work, and even if we could it would be a highly inefficient workforce.
It will be AI doing most of that work. Here’s how to look at it:
As the amount of creation goes up, the amount of execution needed will balloon massively.
We already have issues filling execution jobs today. As an example, we have millions of jobs in cybersecurity that need filling but nobody to fill them because nobody’s training entry-level people to fill the pipeline.
Humans are hard to train and retrain, they get sick, they sue, they have families and a life, and they leave if they have a better opportunity.
Human competence is basically fixed. Our IQ’s aren’t going to natively jump much in the next 20 years.
AI won’t have those problems.
AI will scale with creation.
We can make as many as we need.
When you upgrade an AI it’s much easier to redeploy than retraining or replacing a human. Especially at scale.
They aren’t conscious, don’t get tired, don’t complain, don’t go to HR, and don’t quit.
They’re getting smarter at an insane rate.
Ok, so what do I tangibly do? Which fields are good and bad? What about college?So, assuming I’ve convinced you that 1) execution is going to AI, and 2) creation is where you should be heading,
What next?
Which fields do I go into?
Which do I steer my kids into and away from?
Is college still needed?
All good questions. Here is my general advice, and please realize that I’m still thinking this through just like everyone else. And it’s largely impossible to predict the future of tech.
Tangible actionFocus on creation. Focus on ideas. Focus on making new things. Focus on problems that exist in the world that need to be solved, and start thinking about what you can build to solve those problems. Tangibly. Realistically. Not pie in the sky. Creating new things to solve human problems is the immortal job skill.
Think of tech skill—and specifically programming and AI skills—as reading and writing. Essential. Meaning, if you’re not good at them you’re probably not going to succeed at the highest levels. Even as a creator you need to be decently fluent in programming and AI because they are—for the time being—the language of creation.
Get trained. College is still valuable as a filter of quality when nothing else is known about a person. Don’t neglect this fact until it becomes completely irrelevant, which for most of normal society will not happen this decade. When you study in college (or anywhere), think of two branches: 1) a hard skill that’s valuable in the market, and 2) training on how to think. As time goes on, and AI advances, the second matters far more.
Don’t think so much about fields or companies. Think more about problems and problem spaces. Think about the problems that will go away vs. the problems that we’ll always have. Problems are the source of creation. Go where the problems are that 1) interest you, and 2) you’d be good at solving.
Get out of the mindset of being a worker, and enter the mindset of being a creator/builder. Transition from someone building other people’s ideas to someone with your own ideas, and with the skills (storytelling, communication, AI management) to make them reality.
Summary and recommendationsAI will simultaneously explode the opportunities for Creators while destroying jobs for Executors.
You need to become a Creator / Builder.
This requires you become extremely good at AI because it’s the new language of Execution.
Figure out the problems you want to work on. Problems are a far more dependable and stable source of inspiration than industries or specific companies.
Start training yourself—and your kids—as creators and builders instead of workers.
NOTESThere’s actually a third group called Nurturers, which are going to be just as needed (or maybe more?) than Creators. But I didn’t want to distract from the main point in this piece, which was employment, and I’ve already covered the topic somewhat in this essay here.
Powered by beehiiv
February 27, 2024
UL NO. 421: Framing is Everything
👉 Continue reading online to avoid the email cutoff issue 👈
Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to thrive as humans in a world that’s changing faster than ever. It combines original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.
TOCHey there!
I did some podcasts last week talking about Fabric, and there’s one in particular that I’m excited about. It was not only the best podcast convo I’ve had about the project, but it’s also the biggest channel we’ve ever talked about the project on. Can’t wait for that one to drop!
Also, I recorded a Fabric Introduction Video, which is now on the Github page. It walks through the history, the problems it was created to overcome, and a few of its primary features. Definitely go check that out on YouTube.
Final thing—we’re about to add AGENT FUNCTIONALITY into Fabric within the next week or two. It’s going to be so, so epic. Can’t wait for this.
Let’s get into it…
MY WORK🔥My new piece on the power of framing, both for personal outcomes and for idea exchange with others. One of my highest-rated pieces ever.
Framing is Everything
We're seeing reality through different lenses, and living in completely different worlds because of it
https://danielmiessler.com/p/framing-is-everything
👉 Continue reading online to avoid the email cutoff issue 👈
SECURITY🤮 Avast was allegedly caught selling user browsing data collected under the guise of privacy protection. | MORE
Reddit made a $60M/year agreement allowing an AI firm to train models with its user content, which is seriously pissing off its users and community. MORE
💡We should probably expect more of this, though, since real, actual, human data is about to become the most important thing ever to an AI economy. Although, shouldn’t we also expect people to be using AI to create the content they put on Reddit? ♻️
The Pentagon is looking for high-quality data to power its AI push. The Department of Defense's Chief Digital and Artificial Intelligence Office emphasized the need for partnerships with the private sector to scale AI technologies effectively. Just like we said above with the data freshness issue. MORE
Sponsor
STOP EMAIL-BASED ATTACKS WITH MATERIAL
New email threats need new email defenses that extend beyond just the inbox.
The only way to stay ahead is to address the threat landscape from the outside in (phishing, BEC, and VIP impersonation attacks) AND the inside out (ATO, insider risk, and data exfiltration events).
Material Security takes a holistic approach to defending your productivity suite with:
Multi-layered threat detection & response automation
In-depth visibility into account compromise risk with remediations
Right-sized access controls around classified email & file contents
Instead of disjointed wrangling efforts, unify your email defenses with Material to gain a force multiplier for your incident response teams.
See a DemoRob Joyce, NSA's Cybersecurity Director, is set to retire after 34 years of service. MORE
A leaked document revealed the locations of ShotSpotter sensors, which monitor neighborhoods for the exact location of gunshots. MORE
Researchers have found a way to recreate fingerprints from the sounds made when you swipe a screen. MORE
Signal has added usernames, so now you can connect with people without sharing phone numbers.
Incidents
🚨 Attackers are exploiting a new ScreenConnect RCE flaw to deploy LockBit ransomware on unpatched servers. | CRITICAL | RESPONSE: ConnectWise released patches for the vulnerabilities. | MORE
🚨 UnitedHealth's Change Healthcare was hit by a suspected nation-state cyberattack, causing widespread pharmacy outages. | CRITICAL | RESPONSE: Retained security experts, working with law enforcement. | MORE
⚠️ Wyze Incident Exposes Home Video Camera Feeds | RESPONSE: Added extra verification layer MORE
⚠️ U-Haul reported a data breach affecting 67,000 customers due to stolen credentials. RESPONSE: Passwords reset and security enhanced to prevent future incidents. MORE
Vulnerabilities
⚠️ A high-severity flaw in Apple Shortcuts could let attackers grab your sensitive info without asking. | CRITICAL | CVE-2024-23204 MORE
CrowdStrike's 2024 Threat Report Summary (via Fabric’s analyze_threat_report Pattern).
- Generative AI lowers the entry barrier for cyberattacks, enabling more sophisticated threats.
- Identity-based attacks and social engineering are increasingly central to cyber threats.
- Cloud environments face a 75% increase in intrusions, with adversaries exploiting unique cloud features.
- Supply chain attacks continue to rise, leveraging trusted relationships for broader impact.
- The use of legitimate tools by adversaries complicates the detection of malicious activities.
- A significant increase in interactive intrusion campaigns, with a 60% rise observed.
- Cloud-conscious cases increased by 110% year-over-year (YoY).
- Victims named on eCrime dedicated leak sites (DLSs) increased by 76% YoY.
- CrowdStrike tracked 34 new adversaries in 2023, raising the total to 232.
- Cloud environment intrusions increased by 75% YoY.
- 84% of adversary-attributed cloud-conscious intrusions focused on eCrime.
- Interactive intrusion campaigns saw a 60% YoY increase.
- The average breakout time for eCrime intrusion activity decreased from 84 minutes in 2022 to 62 minutes in 2023.
- Malware-free activity represented 75% of detections in 2023, up from 71% in 2022
- Accesses advertised by access brokers increased by almost 20% compared to 2022 READ THE FULL REPORT
The U.S. plans to spend billions replacing China-made cranes at its ports. MORE
Apple is rolling out quantum-resistant cryptography for iMessage. Mad props to be thinking that far ahead. MORE
Microsoft just dropped PyRIT, a tool to make it easier to red-team generative AI technologies. MORE
👉 Continue reading online to avoid the email cutoff issue 👈
TECHNOLOGYSomeone used Gemini 1.5 to put an entire large codebase into a single prompt. They claim, like a lot of others, that the million tokens of context is actually relatively bulletproof. Meaning, it doesn’t forget or miss pieces of the context the way GPT-4’s 32K sometimes can. MORE
Enjoyed this article on prompt engineering, which I think is a lot more than it appears to be. MORE
💡I think “prompt engineering” should be renamed something far more lofty and respectable.
Something like: Wisdom Manipulation. Or Knowledge Engineering. Or Insight Whispering. Because the best people at it are good at thinking about the extracts of knowledge. The essence. The je ne sais quoi.
Google has apologized for ‘missing the mark’ after Gemini generated pictures of racially diverse Nazis. Now the bigger pushback seems to be on the fact that the model refused to create pictures of white people. Which is why if you asked for Nazis, you got diverse Nazis. MORE
💡I’ve been looking for a name for this phenomenon where something good is taken too far. So we don’t like racism, right? So let’s make racism illegal. Done and done. Total win. But let’s take it to an extreme and refuse to produce pictures of white people. Fail.
Reminds me of Brexit. You have this idea of independence and identity, which is good, so the UK decides to leave the EU. What? And now most everyone realizes it was stupid, and wishes they could go back.
There’s a lot of that happening right now. A good thing—taken to some malignant extreme—which ends up causing more harm than good. And the US might be about to do its own version of Brexit by voting in Trump because they’re tired of extreme wokeism.
We need to stop with the violent overreactions. They only hurt us and cause another overreacton as a response.
Worldcoin's value has jumped 40% following OpenAI's Sora launch. The surge in WLD's price, now at $7.44, began on February 15, coinciding with OpenAI's release of the Sora app. MORE
💡My (casual, not serious) theory is that Worldcoin is the future currency of the planet. I think Sam Altman is building AGI which he knows will eliminate most current work, and at the same time he’s trying to engineer a UBI-based transition period where people have to be given money to survive (and not take to the streets).
I think Worldcoin is a huge part of that plan. Just an intuition.
Nvidia is blowing up. They just posted a 265% increase in sales, reaching $22.1 billion, and net profit soared to $12.3 billion from $1.4 billion the previous year. MORE
Tech workers are feeling massive pressure with layoffs and tougher interviews. MORE
Google's actions have significantly hindered the adoption and use of RSS feeds. Most of all, killing Google Reader. 😠 MORE
HUMANSStanford researchers have developed an AI model that determines a person's sex from brain scans with over 90% accuracy. This not only advances our understanding of brain development and aging but also opens new paths for addressing sex-specific vulnerabilities in psychiatric and neurological disorders. MORE
Ways to age your brain: multitasking, skimping on sleep, sticking to monotonous activities, and overestimating your memory capacity. These habits tax the prefrontal cortex and impair memory formation. MORE
💡My take on young mind is simple: Act as much as possible like a child. Constant new things. Tons of learning. Tons of cognitively difficult things. Tons of sleep.
Gallup data reveals women aged 18 to 29 are now 15 percentage points more likely to identify as liberal than their male counterparts, a gap five times larger than in 2000. MORE
Voyager 1, launched in 1977, is now billions of miles from Earth, experiencing a slow demise due to a software glitch and power depletion. MORE
💡This makes me irrationally emotional. I imagine a loyal dog who’s done SO much for its family. And it’s struggling to stand, to walk, to bark, and to play. Because it just wants to keep being with its family and doing its job. 😢
Measles is making a comeback at a Florida school, spotlighting the risks of low vaccination rates. At Manatee Bay Elementary, only 89.31% of students were fully immunized, below the 95% target to prevent outbreaks. MORE
💡Anti-vax (both left and right versions) is another example of Brexit Effect.
Actually, yeah, that’s the name. The Brexit Effect. It’s basically where extremists take over the narrative and steer the group in a direction that undoes decades or centuries of collective progress.
The average American's yearly spend on streaming subscriptions is nearing $1,000. MORE
A quarter of New York City's children now grapple with poverty. The cessation of pandemic-era government support is pinpointed as the primary catalyst for this surge in poverty levels. 25% of kids. In an American city? Shame. MORE
Germany's Bundestag has decided to legalize cannabis for adult private use, allowing possession up to 50 grams. MORE
Forget about overpopulation worries; we're actually facing an underpopulation crisis due to plummeting birth rates. Global fertility has dropped to about 2.3 births per woman, barely above the replacement rate. MORE
Despite its romantic reputation, France is experiencing a significant "sex recession." A recent survey found that 24% of French adults hadn't had sex in the past year, a massive increase from 9% in 2006. MORE
📄 A study explores the link between Facebook adoption and well-being across 72 countries. MORE
👉 Continue reading online to avoid the email cutoff issue 👈
IDEAS & ANALYSISI love the fact that we’ve brought back the long-form conversation. I think it would make Neil Postman very happy. Here’s one such conversation between Mike Wallace and Aldous Huxley. In 1958! They’re talking about what will ultimately damn America, and it’s brilliant.
Basically, he argues that the method of control won’t be forced, but rather diversion. It’s essentially Brave New World vs. 1984. And yes, it does look like Brave New World is winning.
Also, what’s so great about this conversation is that Wallace is doing his best to extract Huxley’s vision. He’s challenging. He’s probing. And it really gets to the center of the ideas.
I’m so thankful to Rogan and Fridman for making these kinds of conversations in fashion again. Fridman does this exceptionally well. And the joy of today is that there are so many podcasters doing this now, where back then there were only a few Mike Wallaces. THE FABRIC AI SUMMARY OF THE CONVERSATION
NOTESI’ve done some insane shell enhancements lately. If anyone’s a nerd about this stuff like me, hit me up in UL Chat. Teaser: Alacritty, Zoxide… UL SHELL NERD CHAT
If anyone wants to buy me this watch, I’d appreciate it. MORE
Or this one. MORE
DISCOVERYMy friend Robert (RSnake) Hansen has released his new book on developing a positive relationship with AI as it becomes conscious. Cannot wait to read this one! MORE
Also check out Robert’s podcast. It’s more Lex Fridman style, and is quite good. Linking my appearance on the show last year. MORE
What Everyone Is Getting Wrong About Mental Health (ft. Lori Gottlieb) MORE
🔍 SiCat — A tool that streamlines the search for exploits across open and local sources. | by justakazh | MORE
🛡️ BounceBack — Stealthy reverse proxy with WAF for operational security | by D00Movenok | MORE
🛠 Try X in Y minutes — A quick dive into programming languages for learners. | by antonz | MORE
ChatGPT Is Funnier Than You MORE
🛠 Augmend — Record your screen. Capture knowledge.
Your team's shared brain. | by Augmend | MORE
🛠JSON Lines — A handy format for storing and processing structured data line by line, especially with Unix tools. It requires UTF-8 encoding, each line to be a valid JSON value, and uses '\n' as the line separator. MORE
🛠️Cloudlist simplifies tracking assets across multiple cloud providers for blue teams. It supports a wide range of providers and configurations with minimal setup. by Project Discovery | MORE
📄 Gemini turns screen captures into replicable code. The tool was showcased in a recent screen capture demo by DynamicWebPaige | MORE
🔓 ArchiveButtons — Bypass paywalls with a simple URL entry and click. | MORE
REMOTE jobs that are always hiring. | MORE
ChatGPT-4 has the same Big 5 personality profile as the average human being. | by Steve Stewart-Williams | MORE
AI “personality” depends on prompts. | by Ethan Mollick | MORE
🔥 📄 EVERY FREAKING GOOGLE PRODUCT | by Marcos Besteiro | MORE
NSA Lead Hacker Explains How to Keep Him Out of Your System MORE
⚙️ Heeps.ai lets you churn out and post articles super fast. | by Amy Wang | MORE
⚠️ A new AI-powered vulnerability scanner detected an issue, showcasing the tool's effectiveness. The detection was shared on Mastodon | by @bagder | MORE
Securing VNC with SSH. MORE
Peter Thiel is paying people $100K to skip college. MORE
People are experimenting with ChatGPT for music creation, sharing samples and techniques online. Someone successfully generated midi music and a computer-generated voice track, while another created a singing voice sample using ChatGPT and the Sinsy voice synthesis system. MORE
Using ChatGPT to Set Ambitious Goals MORE
Meet the new Google sign-in page. Spoiler: it’s more horizontal. MORE
TikToks as Audiobooks MORE
RECOMMENDATION OF THE WEEKTake a look at CrewAI. It’s the agent framework I’m looking to integrate with Fabric, and its (AI Agents) are the future of AI. It’s not about individual models or queries. It’s about teams of AI agents working together, in an organized way, with coordination. I believe that’s how we’ll get to AGI, but even before then it’s going to increasingly be the way to get the most power out of AI. Basically all the most advanced functionality will come from agents. MORE
APHORISM OF THE WEEKThank you for reading.
UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.
So if you know someone weird like us, please share it with them. 🫶
Share UL with someone like us…Yours,
Powered by beehiiv
February 24, 2024
Framing is Everything
I’m starting to think Framing is everything.
Framing
My working definition
The process by which individuals construct and interpret their reality—concsiously or unconsciously—through specific lenses or perspectives.
Here are some of the framing dichotomies I’m noticing right now in the different groups of people I associate with and see interacting online.
AI and the future of workFRAME 1: AI is just another example of big tech and big business
and capitalism, which is all a scam designed to keep the rich and successful on top. And AI will make it even worse, screwing over all the regular people and giving all their money to the people who already have the most. Takeaway: Why learn AI when it’s all part of the evil machine of capitalism and greed?
FRAME 2: AI is just technology, and technology is inevitable. We don’t choose technological revolutions; they just happen. And when they do, it’s up to us to figure out how to adapt. That’s often disruptive and difficult, but that’s what technology is: disruption. The best way to proceed is with cautious optimism and energy, and to figure out how to make the best of it. Takeaway: AI isn’t good or evil; it’s just inevitable technological change. Get out there and learn it!
America and race/genderFRAME 1: America is founded on racism and sexism, is still extremely racist and sexist, and that means anyone successful in America is complicit. Anyone not succeeding in America (especially if they’re a non-white male) can point to this as the reason. So it’s kind of ok to just disconnect from the whole system of everything, because it’s all poisoned and ruined. Takeaway: Why try if the entire system is stacked against you?
FRAME 2: America started with a ton of racism and sexism, but that was mostly because the whole world was that way at the time. Since its founding, America has done more than any country to enable women and non-white people to thrive in business and politics. We know this is true because the numbers of non-white-male (or nondominant group) representation in business and politics vastly outnumber any other country or region in the world. Takeaway: The US actually has the most diverse successful people on the planet. Get out there and hustle!
Success and failureFRAME 1: The only people who can succeed in the west are those who have massive advantages, like rich parents, perfect upbringings, the best educations, etc. People like that are born lucky, and although they might work a lot they still don’t really deserve what they have. Startup founders and other entrepreneurs like that are benefitting from tons of privilege and we need to stop looking up to them as examples. Takeaway: Why try if it’s all stacked against you?
FRAME 1: It’s absolutely true that having a good upbringing is an advantage, i.e., parents who emphasized school and hard work and attainment as a goal growing up. But many of the people with that mentality are actually immigrants from other countries, like India and China. They didn’t start rich; they hustled their way into success. They work their assess off, they save money, and they push their kids to be disciplined like them, which is why they end up so successful later in life. Takeaway: The key is discipline and hustle. Everything else is secondary. Get out there!
Personal identity and traumaFRAME 1: I’m special and the world out there is hostile to people like me. They don’t see my value, and my strengths, and they don’t acknowledge how I’m different. As a result of my differences, I’ve experienced so much trauma growing up, being constantly challenged by so-called normal people around me who were trying to make me like them. And that trauma is now the reason I’m unable to succeed like normal people. Takeaway: Why won’t people acknowledge my differences and my trauma? Why try if the world hates people like me?
FRAME 2: It’s not about me. It’s about what I can offer the world. There are people out there truly suffering, with no food to eat. I’m different than others, but that’s not what matters. What matters is what I can offer. What I can give. What I can create. Being special is a superpower that I can use to use to change the world. Takeaway: I’ve gone through some stuff, but it’s not about me and my differences; it’s about what I can do to improve the planet.
How much control we have in our livesFRAME 1: Things are so much bigger than any of us. The world is evil and I can’t help that. The rich are powerful and I can’t help that. Some people are lucky and I’m not one of those people. Those are the people who get everything, and people like me get screwed. It’s always been the case, and it always will. Takeaway: There are only two kinds of people: the successful and the unsuccessful, and it’s not up to us to decide which we are. And I’m clearly not one of the winners.
FRAME 2: There’s no such thing as destiny. We make our own. When I fail, that’s on me. I can shape my surroundings. I can change my conditions. I’m in control. It’s up to me to put myself in the positions where I can get lucky. Discipline powers luck. I will succeed because I refuse not to. Takeaway: If I’m not in the position I want to be in, that’s on me to work harder until I am.
The practical power of different frames
Importantly, frames aren’t absolutely true or false.
Many of the frames above are simultaneously true, depending on the situation or how you look at it. They’re not reality. They’re the ways we choose to interpret reality. And there are infinite possible frames to choose from—not just an arbitrary two.
And the word “choose” is really important there, because we have options. We all can—and do—choose between a thousand different versions of FRAME 1 (I’m screwed so why bother), and FRAME 2 (I choose to behave as if I’m empowered and disciplined) every day.
This is why you can have Chinedu, a 14-year-old kid from Lagos with the worst life in the world (parents killed, attacked by militias, lost friends in wartime, etc.), but he lights up any room he walks into with his smile. He’s endlessly positive, and he goes on to start multiple businesses, a thriving family, and have a wonderful life.
Meanwhile, Brittany in Los Angeles grows up with most everything she could imagine, but she lives in social media and is constantly comparing her mansion to other people’s mansions. She sees there are prettier girls out there. With more friends. And bigger houses. And so she’s suicidal and on all sorts of medications.
This isn’t a judgment of Brittany. At some level, her life is objectively worse than Chinedu’s. Hook them up to some emotion-detecting-MRI or whatever and I’m sure you’ll see more suffering in her brain, and more happiness in his. Objectively.
What I’m saying—and the point of this entire model—is that the quality of our respective lives might be more a matter of framing than of actual circumstance.
But this isn’t just about extremes like Chinedu and Brittany. It applies to the entire spectrum between war-torn Myanmar and Atherton High. It applies to all of us.
We get to choose our frame. And our frame is our reality.
The framing divergence
So here’s where it gets interesting for society, and specifically for politics.
Our frames are massively diverging.
I think this—more than anything—explains how you can have such completely isolated pockets of people in a place like the SF Bay Area.
I have started to notice two distinct groups of people online and in person.
GROUP 1: Listen to somewhat similar podcasts I do, have read over 20 non-fiction books in the last year, are relatively thin, are relatively active, they see the economy as booming, they’re working in tech or starting a business, and they’re 1000% bouncing with energy. They hardly watch much TV, if any, and hardly play any video games. If they have kids they’re in a million different activities, sports, etc, and the conversation is all about where they’ll go to college and what they’ll likely do as a career. They see politics as horribly broken, are probably center-right, seem to be leaning more religious lately, and generally are optimistic about the future. Energy and Outlook: Disciplined, driven, positive, and productive.
GROUP 2: They see the podcasts GROUP 1 listens to as a bunch of tech bros doing evil capitalist things. They’re very unhealthy. Not active at all. Low energy. Constantly tired. They spend most of their time watching TV and playing video games. They think the US is racist and sexist and ruined. If they have kids they aren’t doing many activities and are quite withdrawn, often with a focus on their personal issues and how those are causing trauma in their lives. Their view of politics is 100% focused on the extreme right and how evil they are, personified by Trump, and how the world is just going to hell. Energy and Outlook: Undisciplined, moping, negative, and unproductive.
I see a million variations of these, and my friends and I are hybrids as well, but these seem like two poles on some kind of spectrum.
But thing that gets me is how different they are. And now imagine that for the entire country. With way more frames and, therefore, subcultures.
These lenses shape and color everything. They shape how you hear the news. They shape the media you consume. Which in turn shape the lenses again.
These perspectives are so critical because they also determine who you hang out with, what you watch and listen to, and, therefore, how your perspectives are reinforced and updated. Repeat. ♻️
A couple of books
Two books that this makes me think of are Bobos in Paradise, by David Brooks, and Bowling Alone, by Robert Putman.
They both highlight, in different ways, how groups are separating in the US, and how subgroups shoot off from what used to be the mainstream and become something else.
That’s a key point in both books, actually: America used to largely be one group. The same cars. The same neighborhoods. The same washing machines. The same newspapers.
Most importantly, the same frames.
There were different religions and different preferences for things, but we largely interpreted reality the same way.
Here are some very rough examples of shared frames in—say—the 20th century in the United States:
America is one of the best countries in the world
I’m proud to be American
You can get ahead if you work hard
Equality isn’t perfect, but it’s improving
I generally trust and respect my neighbors
The future is bright
Things are going to be ok
Those are huge frames to agree on. And if you look at those I’ve laid out above, you can see how different they are.
Ok, what does that mean for us?
I’m not sure what it means, other than divergence. Pockets. Subgroups with vastly different perspectives and associated outcomes.
I imagine this will make it more difficult to find consensus in politics.
✅
I imagine it’ll mean more internal strife.
✅
Less trust of our neighbors. More cynicism.
✅
And so on.
But to me, the most interesting about it is just understanding the dynamic and using that understanding to ask ourselves what we can do about it.
SummaryFrames are lenses, not reality.
Some lenses are more positive and productive than others.
We can choose which frames to use, and those might shape our reality more than our actual circumstances.
Changing frames can, therefore, change our outcomes.
When it comes to social dynamics and politics, lenses determine our experienced reality.
If we don’t share lenses, we don’t share reality.
Maybe it’s time to pick and champion some positive shared lenses.
RecommendationsHere are my early thoughts on recommendations, having just started exploring the model.
Identify your frames. They are like the voices you use to talk to yourself, and you should be very careful about those.
Look at the frames of the people around you. Talk to them and figure out what frames they’re using. Think about the frames people have that you look up to vs. those you don’t.
Consider changing your frames to better ones. Remember that frames aren’t reality. They’re useful or harmful ways of interpreting reality. Choose yours carefully.
When you disagree with someone, think about your respective understandings of reality. Adjust the conversation accordingly. Odds are you might think the same as them if you saw reality the way they do, and vice versa.
I’m going to continue thinking on this. I hope you do as well, and let me know what you come up with.
✉️ Email Me
Powered by beehiiv
February 21, 2024
Analyzing Threat Reports with Fabric
We’ve just added a new Pattern to fabric.
It’s called analyze_threat_report, and it’s designed to extract all the most valuable parts of a cybersecurity threat report like the DBIR report, Crowdstrike, Blackberry, etc.
The output (from the Crowdstrike 2024 Global Threat Report)ONE-SENTENCE-SUMMARY:The 2024 CrowdStrike Global Threat Report highlights the accelerated pace and sophistication of cyberattacks, emphasizing the critical need for advanced, AI-driven cybersecurity measures in the face of evolving threats.TRENDS:- Generative AI lowers the entry barrier for cyberattacks, enabling more sophisticated threats.- Identity-based attacks and social engineering are increasingly central to adversaries' strategies.- Cloud environments are under greater threat as adversaries advance their capabilities.- The use of legitimate tools by attackers complicates the detection of malicious activities.- A significant rise in supply chain attacks, exploiting trusted software for maximum impact.- The potential targeting of global elections by adversaries to influence geopolitics.- The emergence of 34 new adversaries, including a newly tracked Egypt-based adversary, WATCHFUL SPHINX.- A 60% increase in interactive intrusion campaigns observed, with technology sectors being the primary target.- A notable rise in ransomware and data-theft extortion activities, with a 76% increase in victims named on dedicated leak sites.- North Korean adversaries focus on financial gain through cryptocurrency theft and intelligence collection.- Stealth tactics are increasingly employed to evade detection and move laterally within networks.- Access brokers play a crucial role in providing initial access to eCrime threat actors.- A shift towards ransomware-free data leak operations among big game hunting adversaries.- The growing use of cloud-conscious techniques by adversaries to exploit cloud vulnerabilities.- An increase in the use of legitimate remote monitoring and management tools by eCrime actors.- The persistence of access brokers in facilitating cyberattacks through advertised accesses.- Law enforcement's increased focus on disrupting big game hunting operations and their supporting infrastructure.- The rise of macOS malware variants targeting information stealers to expand eCrime profit opportunities.- The adaptation of malware delivery techniques following patches for Mark-of-the-Web bypass vulnerabilities.STATISTICS:- Cloud-conscious cases increased by 110% year over year (YoY).- A 76% YoY increase in victims named on eCrime dedicated leak sites.- 34 new adversaries tracked by CrowdStrike, raising the total to 232.- Cloud environment intrusions increased by 75% YoY.- 84% of adversary-attributed cloud-conscious intrusions were focused on eCrime.- A 60% year-over-year increase in the number of interactive intrusion campaigns observed.- The average breakout time for interactive eCrime intrusion activity decreased from 84 minutes in 2022 to 62 minutes in 2023.- The number of accesses advertised by access brokers increased by almost 20% compared to 2022.- A 583% increase in Kerberoasting attacks in 2023.QUOTES:- "You don’t have a malware problem, you have an adversary problem."- "The speed and ferocity of cyberattacks continue to accelerate."- "Generative AI has the potential to lower the barrier of entry for low-skilled adversaries."- "Identity-based attacks take center stage."- "We are entering an era of a cyber arms race where AI will amplify the impact."- "The continued exploitation of stolen identity credentials."- "The growing menace of supply chain attacks."- "Adversaries are advancing their capabilities to exploit the cloud."- "The use of legitimate tools to execute an attack impedes the ability to differentiate between normal activity and a breach."- "Organizations must prioritize protecting identities in 2024."REFERENCES:- CrowdStrike Falcon® XDR platform- CrowdStrike Counter Adversary Operations (CAO)- CrowdStrike Falcon® Intelligence- CrowdStrike® Falcon OverWatchTM- Microsoft Outlook (CVE-2023-23397)- Azure Key Vault- CrowdStrike Falcon® Identity Threat Protection- CrowdStrike Falcon® Fusion Playbooks- CrowdStrike Falcon® Adversary OverwatchTM- CrowdStrike Falcon® Adversary Intelligence- CrowdStrike Falcon® Adversary HunterRECOMMENDATIONS:- Implement phishing-resistant multifactor authentication and extend it to legacy systems and protocols.- Educate teams on social engineering and implement technology that can detect and correlate threats across identity, endpoint, and cloud environments.- Implement cloud-native application protection platforms (CNAPPs) for full cloud visibility, including into applications and APIs.- Gain visibility across the most critical areas of enterprise risk, including identity, cloud, endpoint, and data protection telemetry.- Drive efficiency by using tools that unify threat detection, investigation, and response in one platform for unrivaled efficiency and speed.- Build a cybersecurity culture with user awareness programs to combat phishing and related social engineering techniques.The projectTo use this, and all the other Patterns in Fabric, head over to the project page.
And here’s the specific Pattern. analyze_threat_report.
GitHub - danielmiessler/fabric: fabric is an open-source framework for augmenting humans using AI.
fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.
github.com/danielmiessler/fabric
Powered by beehiiv
February 19, 2024
UL NO. 420: Creators, Nurturers, Executors, and Gatekeepers
👉 Continue reading online to avoid the email cutoff issue 👈
Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to thrive as humans in a world that’s changing faster than ever. It combines original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.
TOCHey there!
Ok, super psyched for this new feature we just shipped in Fabric. You can now add your own personal context in Fabric using the -c switch! Your context.md file is stored under ~/.config/fabric/context.md. Here’s an early version of mine:
Click for full size.
And guess what that lets you do! Look at this. It’s INSANE:
Do you realize what that is? I’m asking AI questions with the context of my own personal mission, goals, ambitions, etc!!! And it came up with strategies to help me accomplish what I said I cared about!
🤯 Wow wow wow.
And this is only .01% of what we have planned. Talk about augmentation. Everything is WAY more powerful when it’s tuned for you specifically!
This is why I’m building AI. AI art is nice. Chatting with docs is nice. But what I care about is using AI to help humans reach our potential. Humanity 3.0.
LFG!
Many thanks to @rez0 and @xssdoctor for this feature. Joseph (rez0) had the -c idea, and Jonathan (@xssdoctor) implemented it on Saturday. 🙏 .
Go Play With The Project! (and don’t forget to star)
Lots more to talk about but we have a show to do.
Let’s get into it…
MY WORKCouple new pieces this week!
How I Find Positivity in AI's Taking of 80% of Jobs
One thing I get asked a lot is why I'm so positive on AI when I think it'll remove over 80% of jobs. Here’s my response…
danielmiessler.com/p/positivity-ai-taking-jobs
Creators, Nurturers, Executors, and Gatekeepers
A model for viewing the roles of humans, and how those roles will be impacted by AI…
danielmiessler.com/p/ai-creators-nurturers-executors-gatekeepers
👉 Continue reading online to avoid the email cutoff issue 👈
SECURITYOpenAI and Microsoft stopped multiple groups, hailing from China, Iran, North Korea, and Russia that were leveraging OpenAI's capabilities for tasks like information gathering, code debugging, and crafting phishing schemes. MORE | MORE | MORE
A new paper shows that GPT-4 can autonomously hack websites, including performing SQL injections without prior knowledge of vulnerabilities. Pretty exciting, but it’s still early days. MORE
💡The way forward on automated hacking is this: 1) teams of agents, 2) extremely detailed capture of human tester thought processes, lots of real-world examples, and time. I suspect that in 2-5 years, agent-based web hacking will be able to get 90% of the bugs we normally see submitted in web bug bounties. But they’ll be faster. And the reports will be better. That last 10% will remain elusive until those agents are at AGI level.
CISA is setting up a new office to push zero trust. The Zero Trust Initiative Office aims to educate and train federal agencies and enhance their security posture. MORE
Sponsor
WEBINAR: 2024 IT RISK AND COMPLIANCE BENCHMARK REPORT
The 2024 IT Risk and Compliance Benchmark Report is here! Now in its 5th year, our annual report covers everything you need to know about the state of GRC, from time and budget trends and staffing updates to responses to generative AI risk and how the compliance operations landscape has changed. Join us live on February 22nd at 11am PT / 2pm ET.
Join us for our webinar to learn about:
The top findings from the survey (hint: trust and transparency are top-of-mind for GRC professionals in 2024).
Why GRC professionals are searching for a single, holistic solution that can solve the challenges of multiple teams.
How data silos between risk and compliance are affecting respondents’ ability to address their GRC challenges.
How the market has responded to AI risks in 2023 and how GRC professionals plan on leveraging AI in 2024.
How decision-making around GRC has shifted toward a more collaborative approach.
brighttalk.com/webcast/18576/606194
Register NowIncidents
⚠️ A security researcher found a BMW cloud server that was mistakenly set to public, exposing critical internal data. The exposed server contained private keys and login credentials for BMW's cloud services across multiple regions. MORE
Daniel Meli, a 27-year-old from Malta, was arrested for spreading Warzone RAT, a tool packed with cybercrime features like keylogging and remote desktop control. The FBI/DOJ operation also saw the seizure of four domains linked to the malware and the arrest of another individual in Nigeria for customer support roles. MORE
The FBI stopped a Russian intelligence-focused botnet hiding in Ubiquiti routers. A court-authorized operation disrupted hundreds of Ubiquiti Edge OS routers used by the APT28 group for global espionage. MORE
Sponsor
Get Ahead of Threats: Continuous Threat Exposure Management
Flare automates monitoring & remediation across the clear & dark web to detect high-risk exposure before threat actors have a chance to leverage it.
Get actionable intelligence that cuts through the noise of data from public GitHub repositories, infected device markets, illicit Telegram channels, etc. Integrating into your program in 30 minutes, the platform empowers practitioners of all levels.
👉hi.flare.io/unsupervised-learning👈
Start Your Free TrialVulnerabilities
🚨 EXCHANGE SERVER FLAW — A critical Exchange Server flaw, CVE-2024-21410, is currently being exploited by attackers. | CRITICAL | 9.8 | MORE
🚨 Microsoft patched 73 vulnerabilities, including two zero-days being actively exploited. Among these, five are rated Critical, and the rest vary from Important to Moderate in severity. MORE
👉 Continue reading online to avoid the email cutoff issue 👈
TECHNOLOGYMark Zuckerberg says the pandemic's overhiring and a shift towards efficiency are the main reasons for the ongoing tech layoffs. He specifically said the move to AI wasn’t the reason for Meta, but that there was a focus on being leaner. To me those are the same thing. MORE
💡I think “becoming more efficient” might be a common euphemism as companies stop backfilling natural attrition and start implementing more AI instead. “Oh, no, it’s not about replacing people at all! We just think more efficient organizations are better.” TRANSLATION: Companies with fewer people. And I don’t think that’s wrong. There are far too many layers of management at most mid to large sized organizations I’ve seen.
OpenAI just released Sora, which creates insane short videos from just a text prompt. MORE
💡I’m interested in testing the system for abuse potential, but the tech isn’t as exciting to me as it seems to be to others. I think the creative process needs more granular control of specific aspects of a video. Which is why we have directors. The videos look stunning, for sure, but the real power will be when you can give the AI the same instructions that a director can give an actor or a set designer.
Andrej Karpathy is leaving OpenAI again, but he says there was no drama and he just wants to focus on personal projects. Having watched lots of his videos, I believe him. MORE
Zuckerberg did an amazing pitch for the Quest over the Vision Pro. It was just a monologue with him sitting on his couch. It was glorious. I think he was wrong, but I really loved the directness and passion from Mark. MORE | MORE
Sam Altman is putting together a $7 trillion venture for chips and energy in the UAE. That’s $7 trillion for new chip factories and energy supplies. The Middle East is the perfect place for this. They know oil is ending and they have trillions to invest. And AI is the future. Coulnd’t be a smarter move for the UAE. MORE
Large US companies are deploying AI to scrutinize employee communications in apps such as Slack, Teams, and Zoom. These AI systems can analyze both text and images for content and sentiment, and people are starting to worry about the implications. MORE
💡Stop being surprised about these types of monitoring or culture enforcement stories. Companies don’t owe anyone jobs. Not a single person. You’re there only because 1) they absolutely need someone, and 2) because they think you’re the best possible person for the job. If your Slack and Zoom and other types of communication indicate otherwise, then they should be expected to take action to find someone they think is better.
So much of people’s anxiety around employment comes from the feeling of mistreatment. From the disconnect between their expectations and reality. Like they’re owed this amazing job by this company, and somehow the company is trying to be selfish! It’s a lie. The whole thing is a lie.
Companies don’t owe employees anything. If they could do the job with a fleet of GPT-5-powered robots they would fire everyone as soon as legally possible. Never, ever forget this. And help your loved ones realize it as well.
This is not a judgment of companies by the way. I’m not saying they’re evil. What I’m bothered about is the fact that the illusion worked so well, and so many people are still fooled by it. A lot of the anxiety and suffering goes away when you see the company-worker relationship for what it is.
OpenAI just closed funding that puts its value at $80 billion. MORE
OpenAI is testing "memory" controls for ChatGPT, allowing users to manage what the AI remembers or forgets. MORE
Air Canada was forced to pay a refund for something its chatbot offered that was incorrect. Be very careful about the power you give AI bots. MORE
Google's new Gemini 1.5 can process up to 1 million tokens, setting a new standard for large-scale foundation models. It's designed to be more efficient, with a Mixture-of-Experts architecture enhancing its training and serving capabilities. Sadly it doesn’t seem easy to get access. MORE
Bugcrowd just raised $102! Congrats to Casey and team! MORE
Sequoia Capital is addressing open source software's funding drought by offering equity-free stipends to developers. The venture capital giant plans to support up to three developers annually, allowing them to focus on their projects full-time without financial worries. MORE
HUMANSThe US Patent Office says AI can't be inventors, but their human users can. They say AI systems cannot be credited as inventors in patent applications, and humans must disclose AI's role in the creation process. MORE
💡I love the spirit here, but this is about to be a distinction without a difference. How is the office supposed to know who did what? When you have AI that can draw the diagrams, write the application, and make it look really damn good, all the human will have to do is sign their name on the bottom.
Violent crime in the U.S. is on an insane decline, despite public perception thinking the opposite. In 2023, data from over 200 cities showed a 12.2% drop in murder rates compared to 2022. This trend extends to rape, robbery, and aggravated assault, all showing decreases. MORE
Researchers have distilled storytelling into six fundamental emotional arcs. By analyzing 1,327 stories from Project Gutenberg's collection, they identified these patterns as the backbone of narrative success. MORE
The U.S. Government Will Soon Spend More on Debt Interest Payments Than Defense. MORE
💡This is incredibly disturbing to me. I don’t know enough about the space to comment, but I really wish there were some innovation we could do where we say, “Hey, to you 4 countries we owe the most, let’s work out this deal ________ which will forgive 50% of the debt we owe you. So it’ll be some preferential treatment in trading, guaranteed purchase agreements, etc., which will benefit them as well because now they’re tied to us even closer. Again, I don’t know crap about this, but it seems like something similar has to be possible.
The CDC's first state-level analysis of Long COVID found the most affected states. West Virginia had it worst, at 10.6%. MORE
Y Combinator is pushing for a massive increase in MRI scans to catch cancer early. They believe scaling up MRI technology and AI interpretation could dramatically reduce cancer deaths. MORE
The music industry is moving towards country now the way it moved towards rap a few years ago. Beyoncé just put out some new country songs as well. During the Super Bowl, she released "Texas Hold ‘Em" and "16 Carriages," announcing a country album due on March 29. The genre's growth is highlighted by a 24% increase in country music streaming through Q3 2023. MORE
👉 Continue reading online to avoid the email cutoff issue 👈
IDEAS & ANALYSISPutin pulled the ultimate Bugs Bunny trick in an interview on Russia-1. He said he preferred Biden over Trump. Which is essentially a propaganda op to have all the Trump supporters say Putin doesn’t want Trump because he’ll be so strong against Russia! When, in fact, Putin absolutely wants Trump because Trump will try to stop the US backing of Ukraine. Pretty damn smart.
NOTESWell, the exposure of my lack of working out, worked. All the flaming helped me get back on the weights wagon, and I’m feeling really good and really sore. Thanks to everyone for caring and sending admonishment!
🔥I had a sick idea for a Fabric Pattern. rate_predictions. Go and collect someone’s public work, will include their books and essays and videos and such. Parse them for predictions. Rate both whether it came true, but also how confident they were in it. Provide a score of how much you should listen to this person’s future predictions! Paul Krugman, for example, would get an F.
💡This is one of the things I’m most excited about with AI Agent Farms. You can basically say, hey, go get everything that so and so has every done. Now do ____, _____, and _____ on it. And tell me the results.
So you can say,
Show me how innovative they are
Collect all their ideas
Tell me why they should be cancelled
Tell me how full of sh*t they are
Write a letter that thanks them for their contributions to children's education, giving examples throughout their career
DISCOVER🔥Wesley, the founder of Axonn.ai, sought help to refine his AI tool's content idea generation prompt. The original prompt encouraged too much creativity, resulting in less practical content ideas. By simplifying the prompt and focusing on the target audience's needs, the revised version produced a better mix of relevant and creative content ideas. By Moritz Kremb | MORE
Stephen McMichael from our UL community wrote a blog post and did a number of videos showing off Fabric and a few of its patterns. Thanks Stephen! Great work! | by Stephen McMichael | MORE | MORE
📋 SOC Interview Questions is a list of, um, SOC interview questions, curated by /u/ogunal00 on Reddit. | by LetsDefend | MORE
AutoFineTune - script to easily fine-tune a small model with synthetically generated data. | by Yohei | MORE
🔒 Docker Hardening — A guide to tightening Docker security, step by step. | by ReynardSec | MORE
Written right before he died, this piece shares insights Steve Jobs wanted to pass on as his life learnings. MORE
Run Llama 2 uncensored locally MORE
Nix Davish's guide dives into using Nix's home-manager for macOS to streamline dotfile management. MORE
The Great GPT Firewall is cataloging websites blocking AI crawlers. In its latest update, 76% of press sites and 44% of video-on-demand sites have restricted AI access. MORE
Reka unveils a groundbreaking 21B parameter model MORE
Massed Muddler Intelligence MORE
Rebuilding The Middle Class with AI MORE
Packing for LLM Training Efficiency -- Improving model training with proper data packing MORE
AI Is Starting to Threaten White-Collar Jobs MORE
Suffering forces change | by Tim Ferris | MORE
☀️💡Someone is going to dim the sun, and it will be soon. MORE
F*ck You — Show Me The Prompt MORE
💡I very much agree with this, which is why we created Fabric. The prompt is the thing. Abstracting it is a type of creativity gatekeeping. FABRIC
So You Think You Know Git MORE
Stop Basing Your Self-Worth on Other People's Opinions MORE
The Best Vision Pro Apps (So Far) MORE
I'm an Old Fart and AI Makes Me Sad — A poignant reflection on how AI's evolution sparks nostalgia and a sense of loss. | by Alex Suzuki | MORE
Why McDonald’s Coke is Better — McDonald's Coke is better because the syrup is delivered in stainless steel tanks, keeping it fresher than the usual plastic bag delivery. They also pre-chill both the syrup and water, and adjust the syrup-to-water ratio to account for ice melt, ensuring the drink doesn't water down. MORE
RECOMMENDATION OF THE WEEKAbsolutely loving this book, Same as Ever, by Morgan Housel. It has themes similar to my Stochastic Prediction idea in my recent booklet on AI predictions. Basically, tech is unpredictable, but humans are extremely predictable. This book covers the concept really well.
APHORISM OF THE WEEKThank you for reading.
UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.
So if you know someone weird like us, please share it with them. 🫶
Share UL with someone like us…Yours,
Powered by beehiiv
February 18, 2024
Creators, Nurturers, Executors, and Gatekeepers
We had a great conversation during February’s UL Mid-month Meetup, where we discussed our careers, how vulnerable they were to AI, and how to become as resilient as possible.
One member talked about the dichotomy of Gatekeepers vs. Creators, which I thought was a great frame. It got me thinking about all the various categories of value or value negation in the current economy. What you see above is what I came up with out of his idea and the subsequent discussion with the other members.
What will AI affect most?So the framing is really a few different questions:
What are the current category ratios?
Which category is most likely to get crushed by AI?
Which is most likely to survive and/or grow?
If we perfectly transitioned into Human 3.0, and built a post-capitalist society that maximized human , what would this chart look like?
We had a few opinions and observations that we all agreed on.
What will matter going forward (and largely already) is CREATORS
We didn’t talk about NURTURERS, but I am sure they won’t mind my addition. They’re kind of like another type of creator, really. And they would include roles like parent, teacher, social worker, etc.
EXECUTORS are people doing most of the everyday work and tasks (no, not beheading people). Stuff like customer service, cold calling, junior programmers, admins, etc. Basically, the people who get things done. Oh, also managers. Relax. It’s a joke. Kind of.
Then you have the GATEKEEPERS. These are the people trying to block or otherwise stop potential CREATORS and EXECUTORS from benefiting from their abilities.
Examples of each include (but are not limited to):
CREATORS: Artists, Musicians, Poets, Writers, Entrepreneurs
NURTURERS: Parents, Teachers, Social Workers, Government*
EXECUTORS: Admins, Junior Coders, Managers, Customer Service
GATEKEEPERS: Professional Organizations, Lobbyists
Some examples we talked about were like the fact that it’s really hard to start a business because there’s so much red tape. It’s hard to provide medical or mental help to someone because only certain people are allowed. Only certain people are allowed to provide certain legal paperwork. etc.
Friction gets massively reducedFriction is caused by a few things, many of which I talked about in my piece about multiplying human creativity.
The difficulty of execution
The scale of execution needed to do the world’s tasks
Gatekeepers stopping creators and executors from entering the game
AI will crush all of these. Not completely of course, but massively. Why? Because of what I talked about in that post above. Basically, AI excels at large-scale execution of automatable tasks, and AI will only get better and better at that kind of work.
What that meansThis is phenomenal news for humans for a very simple reason.
There will be millions more creators! Right now it’s hard to create. It costs money. There’s paperwork involved. You need to pay fees. You need to navigate regulations.
This is an example of GATEKEEPING. Not all gatekeepers are people. We’ve also constructed a million different systems that GATEKEEP, and AI disrupts those as well.
The result will be:
More people making art, films, anime, short stories, plays, movies, and all sorts of amazing things that only a tiny percent of 1% of the planet could do before.
More people will be able to have an idea, start a business, and go to market—all by themselves! Why? Because their AIs will have completed all the paperwork for them, and plus they’ll have AI to do the support, to help them with sales, and the million other small jobs that it takes to run a business.
In short, more artists, and more entrepreneurs. Not a few more. Tens or hundreds of millions more.
Human value reimaginedSo that starts to look something like this, maybe, assuming we don’t kill ourselves off while trying to get there.
A more human world
Imagine that!
90% of the planet being CREATORS or NURTURERS!
And to be clear, there will be TONS of EXECUTORS. They’ll just be AI Agents.
Meanwhile, humans will be focused on the stuff that matters. Human stuff.
This is what I want from AI, and what I’m trying to help build.
Powered by beehiiv
How I Find Positivity in AI's Taking of Jobs
Within our Unsupervised Learning Community we had an interesting discussion last week. One of our members said—and I’m paraphrasing here:
I know I’m supposed to be happy about all this AI innovation, but all it does is make me sad.
I responded by saying something like:
I feel like that too sometimes, but it reminds me to lean in to building and sheparding people into the positive version. Because the negative version would be bad.
A different member then responded with:
What’s the positive? That we will have survived while the other 80% lost their jobs?
This is an important point that gave me a lot of pause. I responded in the thread and we had a long discussion there, and I’ve now turned my response into this essay below.
—
The reason I can see "positive" in any of this is that I think it's kind of the wrong question.
The question assumes we have the option of maintaining the past. If the question is,
"Which would you prefer, the ability for humans to resist technology and keep working their old jobs where they spend 8 hours a day moving paperwork around, and they're paid barely enough to raise a family, or new AI-driven world where most of those jobs go away?"
I think a lot of people will say, yes, let's keep those jobs. At least it's better than nothing. But that's not the choice we have.
AI is coming not because we're choosing it. We didn't choose reading. We didn't choose the internet. We didn't choose smartphones. And we aren't choosing AI. These things are simply happening. It's the illusion of choosing or rejecting the future that's producing anxiety, or at least, it's exacerbating it.
The stoic option we have (not in the emotionless sense, but in the true Stoicism sense) is to accept inevitability and find the maximum number of ways to benefit from it. In this case, I think the benefits are clear.
We are being prompted to move past a world in which we spend 8 hours a day doing what David Graeber called "Bullshit Jobs."
We're transitioning into a situation where the silliness of spending all this time (most of our important waking hours) doing things in the service of capitalism and money, becomes obvious.
There's a lot of good that came from Capitalism, for sure, and it continues to help lift people out of poverty. But it's not sustainable for a human-centric lifestyle going forward, and especially after AI.
People only have jobs in the capitalist model because capitalism needs them to have those jobs. Capitalism, i.e., capitalism's temporary need for human workers, is the only reason we've had all these jobs all this time.
Put another way, if capitalism only needs 2 people to run a 200,000 person business, capitalism will pressure naturally to get to that magic number of 2 people. That's not a human system. That's a capitalist system. And AI is simply allowing capitalism to optimize.
What we need is a human-based system that doesn't collapse based on capitalism becoming even more efficient. That means human flourishing based on human strengths. Love. Connection. Human relationships. Sharing. Collaboration. Joint Creation Projects. And ultimately a human-centric world.
So, to give a short version of this very long answer, the benefit of 80% of jobs going away due to AI is that it reveals the underlying flawed nature of what we had before. And it allows us to start building, and transitioning to, something much better.
Yes, 100%. The transition is going to be horribly nasty. But here's the thing. Mindset matters. We have a choice of seeing this as the loss of a great and wonderful thing, and the transition to a dystopian hellhole, or seeing it as a 100% inevitable transition from a capitalism-centered world to a human-centered world.
We will experience 100X the trauma by interpreting it as the loss of a perfect, beautiful thing vs. seeing it as the loss of David Graeber's Bullshit Jobs. So let’s do that one. This is what I mean when I say lean into it. See the positive of the other side. Look towards it. And strap in, because it's going to be really tough.
But I think it's our job, for people like us, to help people see the positive narrative and not the negative one. Because that distinction makes the difference between experiencing temporary struggle in service of an extraordinary positive, vs. experiencing a horrifically traumatic and negative experience akin to the death of humanity.
Powered by beehiiv
February 12, 2024
UL NO. 419: Problem Quality, 0-Day Spyware, LOTL, Ollama + OpenAI
👉 Continue reading online to avoid the email cutoff issue 👈
Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to thrive as humans in a world that’s changing faster than ever. It combines original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.
TOCHey there,
A few quick things…
I’m seriously messing up on the gym/weights/walking/table tennis side. Have only exercised a few times in the last few weeks! And I can feel it.
The reason for this is that my energy and mood have been so high from my work, and I’ve basically been going non-stop. No excuse. I tell you all about this so you can shame me.
Tons of inbound interest of all kinds due to Fabric taking off. A million ideas for how to improve it already! Many thanks to @xssdoctor for being such a huge part of the project. You know…between his patients as a f’ing cardiologist!
Let’s get into it…
MY WORK
Your Work Can Only Be As Good As Your Problems Are Meaningful
A lot of people struggle with doing great work and still being unfulfilled, but your issue might be the problems you’ve chosen to work on.
danielmiessler.com/p/fulfillment-work-problems
How (Specifically) AI Will 100x Human Creativity and Output
AI will solve the problems we have, not the problems we think we have.
danielmiessler.com/p/ai-will-100x-human-creativity-and-output
SECURITYGoogle’s TAG group says 80% of the zero-day vulnerabilities it’s tracked have come from commercial spyware vendors. Google's been watching 40 of these companies and they specifically call out some of them, including: Cy4Gate, RCS Lab, Intellexa, Negg Group, NSO Group, and Variston. MORE
💡I’m noticing an interesting pattern here. The biggest threat to your data is might not be the dark web, but data brokers, which are actual companies. And the biggest threat from weaponized 0-days might not be the random attacker, but commercial spyware companies. Which, again, often sell legally. So it’s not the criminal activity that’s most scary, it’s the criminal activity that’s weaponized into a “legitimate” business. What’s another example? Lobbying?
Related to that, the US is going after commercial spyware by banning visa entries for people known to be associated with the industry. MORE
Americans lost a record $10 billion to fraud in 2023, according to the FTC's latest report. Which is up 14% from 2022. Investment scams were the main type, and they were up 21% YOY. MORE
Sponsor
GO BEYOND PENTEST MANAGEMENT AND REPORTING WITH PLEXTRAC
What if you could cut the time spent on pentest reporting workflows in half? With PlexTrac, you can.
PlexTrac’s automated platform goes beyond pentest management and reporting, enabling you to:
Analyze your attack surface at the asset level.
Action all pentest and vulnerability scanner data in one place.
Use context-based scoring to prioritize risk.
Conquer the last mile of continuous validation.
What does this mean for you?
Faster pentest reporting time.
Better collaboration across teams and with stakeholders.
Improved ability to prioritize high-impact findings.
Up to 5X ROI.
Check out PlexTrac.com/UnsupervisedLearning for a personalized demo to see how PlexTrac can help you boost efficiency and recognize real value, today.
PlexTrac.com/UnsupervisedLearning
Get a DemoCory Doctorow got scammed by someone claiming to be part of his bank, and he wrote a full blog post about it. Hat off for the vulnerability, but the guy called on a crappy VOIP line and mispronounced the credit union name and asked for his full credit card number? And he gave it to him? In his defense, he says he knows his credit union uses people with bad mics who don’t know how to pronounce the name of the credit union. Jesus, man, get a new bank. Still, I do appreciate the transparency. MORE
The FTC has officially banned AI Deepfake robocalls. I’m curious how much effect this will have given that most scammers are already breaking the law on purpose in multiple ways. But I like how quickly action was taken. MORE
Canada is moving to ban the Flipper Zero to address a spike in car thefts. The creators of Flipper Zero argue that their device cannot be used to steal cars made after the 1990s due to advanced security systems. Pretty happy I don’t live in Canada (or Florida) where the government just randomly bans stuff. MORE
OnlyFake is putting out really good fake IDs with AI. The site claims to produce up to 20,000 documents daily using "neural networks" and "generators”. Seems like they’re probably going to get smashed by authorities, but here come the copycats. MORE
The FBI and CISA have put out a joint guide to "Living Off The Land" (LOTL) attacks, where attackers use legitimate tools for malicious purposes. MORE | GUIDE PDF
CISA revealed that the Volt Typhoon hacking group, backed by China, has been lurking undetected in some US critical infrastructure IT environments for over five years, potentially sleeping for future attacks. MORE
A crowd in San Francisco attacked and set on fire a Waymo car. If you haven’t seen the animated Matrix series, go watch it. It’s about to be super relevant. MORE
A Chinese group infiltrated the Dutch military's network with a previously unknown malware strain, Coathanger, designed to persist through reboots and firmware upgrades. The impact was minimized due to the network's segmentation, affecting less than 50 users involved in unclassified R&D projects. MORE
Incidents
Verizon accidentally exposed over 63,000 employees' personal data. MORE
💡Someone asked me on a podcast recently why so many telcos have security issues. I didn’t have a better answer than lots of users and lots of employees. In other words, lots of attack surface? If someone has a better analysis, let me know.
Vulnerabilities
🪳FORTINET VULNERABILITIES — Fortinet's FortiSIEM faces two critical vulnerabilities enabling remote code execution. | CRITICAL | 10.0 | MORE
🪳Critical Patches Released for new Flaws in Cisco and VMware products as well, up to 9.6 on the Richter scale. MORE
👉 Continue reading online to avoid the email cutoff issue 👈
TECHNOLOGYA study (and paper) put human lawyers up against LLMs for evaluating legal documents. It was like you’d probably expect. For determining legal issues, LLMs (specifically GPT4-1106) matched or slightly exceeded the accuracy of Junior Lawyers and were very close to the accuracy of LPOs. For locating legal issues, LLMs were slightly less accurate than LPOs but still outperformed Junior Lawyers. Worse, though, was the speed difference. LLMs did that work between 91.63% to 99.64% faster than the human reviewers. MORE
💡This seems like a good time to mention a piece of advice I have for previously high-status jobs that are vulnerable to AI, e.g., lawyers, doctors, engineers. Build a brand and learn how to do your thing in public. If you can’t figure out how to broadcast your expertise as a unique message, and connect with people, you’re likely to get crushed by AI. Many of these professions have one thing in common: they are based on collecting knowledge and experience into an education, and imperfectly giving that experience to a human. That is the worst possible place to be as a human, because AI has, or will soon have, the life and work experience of millions of doctors/lawyers/engineers. Get to the human side ASAP.
🔥 Ollama now supports OpenAI’s API format, meaning you can just substitute your OpenAI calls for Ollama calls (which are local), and get local results. Super cool! MORE
Sam Altman bets on AI creating one-person billion-dollar companies soon. In a chat with tech CEO friends, Altman predicts AI advancements will enable a single person to run a billion-dollar company by automating jobs across various sectors. Yep, this is what we’ve been saying here. MORE
The most popular use case for Claude and Gemini is to compare them to GPT-4.
— Andriy Burkov (@burkov)
Feb 12, 2024
Sam Altman is looking to raise up to $7 trillion (that’s a “t”) for AI chip production. The plan involves a partnership between OpenAI, investors, chip makers, and power providers to build new chip foundries, with OpenAI committing to be a major customer. MORE
💡I’m starting to think that you need basically crazy people to make real progress. Jobs. Musk. Altman. The winning combination seems to be an insane vision, and then not listening to anyone who tells you it’s impossible.
OpenAI is working on two new types of agents, one that can control devices, and another that can perform web tasks. Remember when I said AGI won’t come from some giant breakthrough in model capability, but by chaining together systems? Well, yeah, that’s what this is part of. Think about it this way: what else chains together tasks on devices and on web browsers? Human employees. MORE
HUMANSMexico has overtaken China as the top exporter to the US. Factors contributing to this shift include Trump-era tariffs and Biden's climate policies making Chinese imports costlier, plus strategic moves by manufacturers to relocate closer to the US market due to political tensions and rising labor costs in China. MORE
Researchers have used information theory to analyze why Bach's music feels so compelling. They analyzed his compositions by converting them into information networks and found some patterns that may explain why he was so good. MORE
💡I’m currently obsessed with Claude Shannon’s Information Theory and how it applies to real life, so this is interesting. Here’s how I think it applies to writing and giving presentations. MORE
The wealthy are cutting lines all over the place, like at the airport, Disney World and ski resorts. From Tinder's $499 membership to ski lift fast-track passes, people are paying premiums to bypass queues. MORE
💡People with money seem to be increasingly living in a completely different world than those without it. Meaning, someone who makes $50,000 a year, which used to be decent money, is now vastly less capable of doing things than someone who makes like $150K or above (an arbitrary, anecdotal cutoff). That’s 3X as much, so that may seem obvious, but it didn’t used to be that way. Or at least it didn’t seem so to me. In the 80’s and 90’s we were all doing the same stuff, in the same places. Now, if you go to nicer cafes or restaurants they don’t really have many people there doing regular jobs. Meals at nice places are usually (at least in the Bay Area), over $120, and that’s just for 2 people. Rent is insane. Mortgage, forget about it. Food bills. Gas? I honestly don’t know what anyone is going to do on $50,000 in big cities on the coasts. And this separation of restaurants, hobbies, neighborhoods, and other parts of our lives cannot be healthy.
Gallup just showed that only 47% of Americans report being "very satisfied" with their lives, a figure that's just barely above the record low set in 2011. Those earning over $100,000, married individuals, religious attendees, college graduates, Democrats, and those aged 55 and older are more likely to report high levels of satisfaction. See the callout above. MORE | GALLUP STUDY
The Three-Body Problem's audiobook is getting a new voice with Rosalind Chao, just ahead of Netflix's adaptation. Actress Rosalind Chao, known for her role in the Netflix series, is narrating the new audiobook version of The Three-Body Problem, offering a unique take on the entire story. The new audiobook comes out February 27th. I’m going to re-read (listen to) this version. MORE
Over the past three years, Democrats’ lead with Black Americans has decreased by nearly 20 points, and similar declines are seen among Hispanic adults and young adults aged 18 to 29. Democrats still maintain a significant lead among non-Hispanic Black adults, with a 47-percentage-point advantage, but this is the smallest margin Gallup has recorded since it began its polling. MORE
Seine-Port, a quaint village near Paris, recently voted to limit smartphone use in public spaces, aiming to encourage more human interaction and less screen time. MORE
A startling 46% of Americans didn't finish a single book last year, placing anyone who read at least two books in the top half of American readers. I surmise that these numbers are wildly too high, due to the book version of preference falsification. But maybe if we’re counting comic books, true crime, romance, and that kind of stuff, we get close to 50%. I’d love to see the number for non-true-crime, non-fiction books. I bet that number is closer to 10%? Anyone know any numbers there? MORE
👉 Continue reading online to avoid the email cutoff issue 👈
IDEAS & ANALYSISHow to Elect Donald Trump in 2024 (Politics, Skip if That’s Not Your Thing)
I’ve said this a dozen times already, but I’m going to say it again here on the off chance that there’s anyone that’s reachable.
If Trump gets elected it will be due to catastrophic Democratic mistakes. It won’t be Trump. Trump is easy to beat. It’ll be the left assassinating itself.
All you have to do to beat Trump is not be so extreme in your liberal views. Not sure what I mean? Here, I’ll make a list.
Here’s how to get Trump elected.
Say the US is a horribly unfair and racist country despite the fact that non-white immigrants want to come here more than anywhere, because it’s the most meritocratic place on the planet.
Say White Supremacy is worse than it’s ever been.
Say Jewish people are the most evil and entitled white people, and that they deserved what happened in Gaza.
Say any raising of illegal immigration as an issue makes you a racist.
Say that rich people are the source of all our problems.
Say those things and you elect Trump.
Or, to put it another way, all a Democratic candidate would have to do to beat Trump would be to take away those weapons.
Here’s 4 things they could say to beat Trump easily. And they can still be liberals! Like me!
Yeah, the Republicans are right about illegal immigration. It’s bad. We’re addressing it. We’re boosting the border patrol by ___ amount, and increasing enforcement on criminals here illegally by ____ amount. But we’re also opening up more legal immigration, because our immigrants are awesome and they make great Americans.
No. America is not a horrible country. It’s actually one of the best countries in the world. It’s not the best because we’ve made no mistakes. It’s the best because we try really hard to fix them, and to become the country we’ve always wanted. And we continue to make progress. Don’t believe me? Let’s look at actual numbers. Look at China. Look at Latin America. Look at most countries in Africa. Are they anywhere near as open to minorities as the U.S.? How many religious minorities do they have in political office? How many women? How many LGBTQ people? Racial minorities? How about those same groups running businesses? How do those numbers compare to the U.S.? (then give the numbers that show they have the most diverse political and business leaders anywhere in the world!). We lead the world in lifting people of all groups and cultures to the highest levels in our society. Be proud of that.
There’s nothing wrong with being rich or successful. Here in America we look up to that. We always have, and it’s ok to do so. But we also believe that becoming successful has a lot of luck in it. The luck of good parents, or luck of learning the value of grit, discipline, and hard work at an early age, or the luck of being super smart or knowing the right people. That doesn’t take away the extremely hard work it takes to become successful, but it gives the successful a responsibility. Not to give away what they earned, but to invest some of it into those who weren’t so lucky. So THEY can work hard and become successful too.
It’s time to be done with cancel culture. It served a good and necessary purpose when we got rid of people like Harvey Weinstein, and we need to continue to stay vigilant against that type of trash across our entire society. But people are flawed, and people can change. And we’ve all known someone who’s a good person who’s done something shameful, that they regret. It’s up to us to know the difference between those people and the Harvey Weinstein’s of the world. And it’s up to us to stop treating them like they’re the same. Enough.
This is very simple. Say those 4 things and you beat Donald Trump by 10-30%. Continue on with the self-hate and you will find out just how tired the country is with Wokeism.
In other words, Trump could easily win by 5-20% just as a country-wide message to the extreme left that it no longer wants what they’re selling.
NOTESSuper excited for the second part of Dune.
Can’t wait for the new Three Body Problem series.
Got a couple of talks I’m flying to in the next couple of months, and I’m looking forward to using the Apple Vision Pro to work during them!
Really need to get back to table tennis and gym and rucking!
DISCOVERY🖥️ Sudo for Windows — Elevate commands without a new console | by Jordi Adoumie | MORE
🛠 Toolong — Terminal app for log file viewing and management | by Textualize | MORE
🎼 An extraordinary EDM set by my now favorite artist of this genre, CloZee. MORE
🧱 A pretty solid AI stack in February of 2024:
My current OSS go-to stack:
- @supabase for db, auth, storage, realtime
- @LangChainAI for building my rag pipelines
- @posthog for analytics
- @FastAPI for the backend
- @nextjs for the frontend
- @resend for the emails
- @LiteLLM for LLMs compatibility
- @ollama &… twitter.com/i/web/status/1…
— Stan Girard (@_StanGirard)
Feb 10, 2024
In a GenAI World, Only Identity Matters — A great essay about the problems of identifying who’s doing what in a world full of GenAI. | by Caleb Sima | MORE
Required Security Changes for Secure AI Agents — A solid piece on what will be needed for AI agents to securely operate in real-world scenarios. | by Joseph Thacker | MORE
Jess Weinstein is excited about Stripe building new zero-to-one products, such as “Support-as-a-service” | by Jeff Weinstein | MORE
OKRs are Bullshit MORE
Simple Precision Time Protocol at Meta MORE
TikTok Is Destroying Itself from the Inside Out MORE
How Levels.fyi scaled to millions of users with Google Sheets as a Backend MORE
Wirecutter content is now freely accessible through Apple News. MORE
Applying Threat Intelligence to the Diamond Model of Intrusion Analysis MORE
OPML is Underrated MORE
The world is awful. The world is much better. The world can be much better. MORE
YouTube now supports uploading podcasting RSS feeds, which means if you used to be an audio podcast person, you can automatically publish your stuff on YouTube when it goes live on the audio version! MORE
Parse, don't validate MORE
RECOMMENDATION OF THE WEEKThink about the problems you’re working on, and ask yourself if they’re worth years of your attention. There are a lot of layoffs right now, so I’m not recommending you quit your job next week to find beautiful problems.
But I am recommending that you start thinking about it. Especially if the universe is conspiring against us and ends up laying us off, or making it hard to find a job. You might as well make the next one a place where you deeply care about the problems, and the solution.
There are a million benefits of this, but one is also that you’re far more likely to shine at work, and thus be non replaceable, if you’re deeply motivated by the mission.
APHORISM OF THE WEEKThank you for reading.
UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.
So if you know someone weird like us, please share it with them. 🫶
Share UL with someone like us…Yours,
Powered by beehiiv
Daniel Miessler's Blog
- Daniel Miessler's profile
- 18 followers
