Daniel Miessler's Blog, page 14
February 1, 2024
Why I Created Fabric
In this video on David Bombal’s podcast, I talk through the AI tooling I spent 2023 building.
Click to watch the video on YouTube
The video covers:
How I captured my desired outcomes
How I break everything into components
How I apply AI to those individual components
How I call those AI commands from the CLI
How I chain those commands together to accomplish full workflows!
This tooling is what became Fabric in the beginning of 2024.
fabric is an open-source framework for augmenting humans using AI.
The goal of the project is to provide a universally accessible layer of AI that anyone can use to enhance their life or work.
github.com/danielmiessler/fabric
Powered by beehiiv
How (Specifically) AI Will 100x Human Creativity and Output
The real problems are under the water. Click for full-size.
I just realized something. The reason many people are skeptical of AI’s potential is because they’re confused about what limits human capability.
Many think we can’t accomplish more because we’re not creative enough, or smart enough, or we lack the motivation and follow-through.
But our problem is actually execution. We can capture this execution problem in two main ways.
A Scale problem
A Barrier to entry problem
I put a bunch of examples of these in the chart above.
Scale issuesScale issues are where the task is pretty easy when limited in size and scope. Like researching two competitors to see what their products and strategies are when you have someone dedicated to it for a few days.
Or Like watching a tiny area in space to make sure it doesn’t have any Earth-busting asteroids. No problem. We pool together our telescopes and take shifts with people watching the images.
The problem we have, though, is that the sky is humungous, and there aren’t nearly enough telescopes or astronomers to watch them. Plus, humans have lives and need to sleep.
Multiple examples of real vs. false problems. Click for full-size.
Too many logsSame with watching logs and alerts in cybersecurity. If you had one server, and a 3-person security team, you can take shifts, set up some basic automation, and you’ll have it covered.
But at a large corporation, you could be producing terabytes of data per day that needs to be looked at. How does your 40-person team stack against terabytes of logs per day? Especially when they all have other jobs.
It’s the same with other real examples.
People tend to think criminals get away because they outsmart the authorities. It’s not generally true. Criminals leave trails all over the place, but the team responsible for tracking them down is often just one guy.
His name is Jimmy. He’s got high blood pressure, a limp due to a bad right ankle, is going through a divorce, and just got a Corgi. Plus he’s got 19 other cases on his desk.
Finding the criminal isn’t hard, but it’s impossible. There are trails to be followed and clues to be had, but there’s simply nobody to do the work.
Barriers to entryBarriers present a very different problem. It’s not that there’s too much to do, but rather that only certain people are even allowed to play the game. Maybe you had to be lucky to get exposed to something as a kid, like Bill Gates having access to one of the first computers.
Or maybe it’s being top .01% talented as an artist, and also having parents who let you take some art classes. Or maybe it’s that your family is rich, so you grew up with two highly motivated entrepreneurs as friends in high school. Who were also rich.
We don’t pick our parents, or our innate special talents, or our random childhood friends. Yet these things massively influence whether or not we are part of exclusive inner circles.
There are many Julies in Tennessee, and Varuns in India who have the ideas and the genius to make movies better than Spielberg, but they’re locked out. They don’t know the people. They haven’t been trained. They’re not at the epicenter. And there’s no path to get there.
The problem holding humans back aren’t creativity or motivation.
The problem is scale and barriers.
AI vs. blockers and tasksAnd that’s where AI comes in.
AI crushes scale and barriers.
We can’t currently track down all the leads to find most criminals, or to find the people embezzling money, or funding terrorism. Too much noise. Too much research required. And nobody to do it.
But AI will be able to do this very soon.
Using teams of goal-driven autonomous agents, AI will track and follow every single lead, do extensive research on it, bring all that information together, connect the dots, and then write you a report.
Breaking barriers with AIOn the barrier side, there are millions of ultra-creative people scattered through the world with tremendously good ideas just sitting inside their brains right now.
Why? because they can’t draw, they can’t paint, maybe they don’t speak English, and they don’t have any way to get their ideas onto a page.
Well, AI is really good at drawing, and soon it will be really good at video.
Same with people who have extraordinary books and documentaries sitting in their heads, but they’re not very skilled yet with writing, or follow through, or recording and editing videos.
These are all barriers. They are obstacles that stop otherwise capable people from getting all the way from to our product.
Corporate scale and barriersIn the corporate world, this means only companies, and especially big companies, can execute on anything.
That’s because, ultimately, the game comes down to who has the eyes, brains, and hands to actually do the millions of tiny motions and menial tasks required to turn an idea into a product.
AI cuts directly into both of these issues. It will give scale to the individual and the small five-person team, and it will give execution capability to hundreds of millions of creative people. People who never had access to a computer, or a studio, or didn’t know how to draw, or write a book, or make a movie.
But now they can.
Suddenly, all of the ideas for a business, or for a comic or a film, won’t be stuck in peoples’ heads anymore. They won’t be the theoretical thing that rots in their mind as they work their swing-shift in a factory or warehouse somewhere.
This is how AI will 100x human creativity, and why you should be a lot more excited about it than you are right now.
AI is not a big deal because it is technology. Forget technology.
AI is not a thing. It’s an enabler of a thing. It’s an accelerator of a thing. It’s a magnifier of a thing.
And that thing is human creativity.
Powered by beehiiv
January 29, 2024
A Conversation with Shil Sircar, BlackBerry
January 29, 2024
In this episode of Unsupervised Learning, we talked to Shil Sircar. Shil is the Senior VP of Engineering and Data Science at Blackberry, and we talked about:
- Machine Learning in Cybersecurity
- The Evolution from ML to Generative AI
- Predictive vs. Generative Models
- Preventive AI in Cybersecurity
- The Cylance AI Platform
- Attacker vs. Defender Dynamics
- Temporal Advantage in Threat Detection
- Synthetic Malware Generation
- Behavioral Analysis for Cybersecurity
- And the Future of AI in Cybersecurity
Dive deeper here:
Product Page: CylanceAI by BlackBerry
Blog: Riding the AI Waves: The Rise of Artificial Intelligence to Combat Cyber Threats
Blog: AI in Cybersecurity: Hype vs. Help
Video: As Cyberthreats Have Evolved, So Has the Need for AI
Video: Real-world performance is the ultimate test for predictive AI
Predictive AI in Cybersecurity: What Works and How to Understand It
Powered by beehiiv
A Conversation with Shil Sircar, Blackberry
January 29, 2024
In this episode of Unsupervised Learning, we talked to Shil Sircar. Shil is the Senior VP of Engineering and Data Science at Blackberry, and we talked about:
- Machine Learning in Cybersecurity
- The Evolution from ML to Generative AI
- Predictive vs. Generative Models
- Preventive AI in Cybersecurity
- The Cylance AI Platform
- Attacker vs. Defender Dynamics
- Temporal Advantage in Threat Detection
- Synthetic Malware Generation
- Behavioral Analysis for Cybersecurity
- And the Future of AI in Cybersecurity
Dive deeper here:
Product Page: CylanceAI by BlackBerry
Blog: Riding the AI Waves: The Rise of Artificial Intelligence to Combat Cyber Threats
Blog: AI in Cybersecurity: Hype vs. Help
Video: As Cyberthreats Have Evolved, So Has the Need for AI
Video: Real-world performance is the ultimate test for predictive AI
Predictive AI in Cybersecurity: What Works and How to Understand It
Finding Beacons In The Dark ebook
Powered by beehiiv
UL NO. 417: NSA's Broker Buys, AI-Assisted Attacks, Companies Only Want Killers
👉 Continue reading online to avoid the email cutoff issue 👈
Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to thrive as humans in a world that’s changing faster than ever. It combines original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.
TOCINTROHappy Monday!
Had a blast speaking at OpenAI last week on how I’ve been integrating AI into my life for the last year! It was like an overview of what I talked about in the AUGMENTED course, and on the Bombal video, but more condensed. Was blown away by the positive response! Love that company.
🔥Ok, here’s the project I’ve been raving about! It’s called Fabric, and it’s basically a way to integrate AI into your life. It’s a massive collection of prompts, command line clients, and server infrastructure for running your own AI ecosystem!
fabric is an open-source framework for augmenting humans using AI.
Everyone has a billion different AI prompts, but how do you find the best ones? How do you upload yours? How do you use them from the command line? And how do you set up your own infrastructure to use your custom prompts? Fabric is an answer to those questions.
github.com/danielmiessler/fabric
It’s still early, and we’re adding tons of stuff to it (and more documentation), but you can go there now and start using the prompts today.
The patterns (prompts) we have uploaded so far
Quickstart:
For the fastest start, head to /patterns and you can use those anywhere you use prompts. See above.
To build your own server, head to /infrastructure/server.
And coming soon: brew install fabric
Enjoy! And let me know what you’d like to see in the project!
I hope you have a great week! Let’s get into it…
MY WORK
A Conversation with Shil Sircar from Blackberry Data Science - Unsupervised Learning
In this sponsored episode of Unsupervised Learning, we talked to Shil Sircar. Shil is the Senior VP of Engineering and Data Science at Blackberry, and we talked about:
- Machine Learning in Cybersecurity - The Evolution from ML to Generative AI - Predictive vs. Generative Models - Preventive AI in Cybersecurity - The Cylance AI Platform - Attacker vs. Defender Dynamics - Temporal Advantage in Threat Detection - Synthetic Malware Generation - Behavioral Analysis for Cybersecurity - And the Future of AI in Cybersecurity
omny.fm/shows/unsupervised-learning/a-conversation-with-shil-sircar-from-blackberry-da
I Think 80% of Jobs Go Away
The combination of factors I see leading to a killers-only workforce. (Member Content)
danielmiessler.com/p/80-jobs-go-away
SECURITYThe NSA has been buying American browsing data from data brokers without warrants. I bet it’s totally “legal”-ish because they’re getting it from “legitimate” data brokers, but it seems shady AF because they normally would have needed a warrant to get the same kind of information. MORE
South Korean intelligence says North Korea's hackers are now leveraging generative AI to launch cyberattacks. MORE
💡One of the most powerful uses of AI—and especially agents—will be going through millions of targets and figuring out what to attack, when, and using which technique. Red will move much faster than blue on this. Attackers can be sloppy and fast, and defenders have to be a lot slower and more careful. Over time (2-5 years?), this imbalance will switch to the defenders having the advantage due to them having more context.
A lot of hype was made about a data dump of over 26 billion records, but it looks like it’s really a collection of multiple previous breaches. MORE
If we have such a massive cyber skills gap, why are so many companies laying off workers in security jobs? Despite a predicted 32% growth in cybersecurity jobs through 2032, the industry faced over 9,100 layoffs since March 2020, with 55 vendors reporting cuts last year. MORE
Advisories
🚨Confluence Server Attacks — Over 600 IPs are hammering Atlassian Confluence servers with remote code execution attempts. | CRITICAL | CVE-2023-22527 | CVSS Score: 10 MORE
Sponsor
The Critical State of AI in the Cloud
Find out what 200,000+ cloud accounts revealed about the AI surge.
Over the past year and a half, generative AI has seen explosive growth among both end-users and businesses. But at what rate? In this new Wiz Research report, discover how many organizations are adopting managed AI services and what this could mean for your security teams.
You’ll learn:
An in-depth breakdown of generative AI’s impact on cloud landscapes
Statistics on the surge of AI services across major cloud providers
What this means to you: Rising costs and new security concerns
Be the first to get access to these exclusive insights!
wiz.io/lo/state-of-ai-report-2024
Grab your free copy nowBritish intelligence is saying AI will supercharge ransomware attacks in the next couple of years. They're "almost certain" we'll see a spike in both the number and severity of attacks, thanks to AI making hacking tasks like reconnaissance and social engineering more efficient and harder to detect. MORE
💡This is very similar to the point above. Think of it this way: where could attackers (and defenders) benefit from 100,000 interns performing a particular set of tasks? If you’re an attacker with 100,000 interns you could create a deep dossier on each potential target inside of a company, and then create a plan for how to go after them. Well, the better AI (and specifically agents) get, the more realistic this becomes. Attackers will basically say, “Create a dossier on every person at that company, find the types of emails they’re almost guaranteed to click on based on a psychological analysis of their personalities based on their online activity, and then build and launch those campaigns, starting with the people who can give us the most access.”
MIT researchers developed a computational imaging algorithm that lets the ambient light sensor capture images without needing security access to the camera. This method exploits the fact that apps can access these sensors without asking, a loophole not previously considered a privacy risk. MORE
X has rolled out passkeys for iOS users. The move follows a series of high-profile account hacks and the controversial decision to drop SMS two-factor authentication for non-subscribers. MORE
Cybersecurity firms Snyk and Cato Networks are getting ready to IPO. Seems like weird timing, but ok. Happy to see the activity, and I hope it encourages others to follow. MORE
3 US troops have been killed by an Iranian drone in Jordan, and Biden has vowed to respond. MORE
Incidents
Trello had a breach that exposed over 15 million users’ emails and names, and Loan Depot's ransomware attack affected over 16 million customers’ info. MORE
💡I’m a bit shook by how close I am to not mentioning breaches at all. Almost nobody cares. Of course the CISO at the place does, but the collective memory on these things is non-existent. Unless it’s some kind of major event, it’s just background noise. Part of doing business. Just like fraud charges for banks. 10 years ago we thought we’d stop doing business with companies that got hacked. Today, virtually everyone’s been hacked. And nobody cares.
👉 Continue reading online to avoid the email cutoff issue 👈
TECHNOLOGY
You can now do @ to mention a custom GPT in a conversation within ChatGPT. So imagine you are trying to make a website, you can @-in the Grimoire GPT. MORE
All the Major Tech Layoffs in 2024 So Far MORE | MORE
💡I just released a member post describing why I think this might get worse, i.e., why I think 80% of current jobs go away over the next 8-12 years or so. Who really knows the exact amount, or timeline, but I think the pressure factors are strong.
Here’s another piece saying something similar: Tech Layoffs Not Tied to Economic Struggles, but AI Investments MORE
OpenAI just rolled out ChatGPT Team, offering features like access to GPT-4, DALL·E 3, and a secure workspace for team collaboration. MORE
Elon Musk is hoping for a $6bn raise for his AI startup, xAI, to take on OpenAI, with a valuation aiming at $20bn. Seriously? How many companies does this guy need? And how much of this is just a push to get the Tesla stock and control he was looking for? MORE
Microsoft just hit a $3 trillion market cap. It’s stunning to me how Microsoft is ascending while Google stagnates. What a difference a decade can make. MORE
The Biden administration is putting billions into semiconductor manufacturing, targeting companies like Intel and TSMC to boost U.S. chip production. This includes significant investments in new factories across states like Arizona, Ohio, New Mexico, and Oregon, with Intel's projects alone surpassing $43.5 billion. Love. It. MORE
HUMANSThe 'Nones' have taken the lead as the largest religious group in the U.S., with 28% of adults identifying as religiously unaffiliated, surpassing Catholics and evangelicals. MORE
Over half of Americans would struggle with a $1,000 emergency, says a new survey. Only 44% could handle such an expense without borrowing, using credit, or cutting back elsewhere. MORE
Men are flocking to 'man camps' like the Modern Day Knight Project to tackle their loneliness and redefine masculinity, often enduring intense physical trials. These boot camps, costing up to $18,000, promise self-improvement and mental fortitude, but experts question their extreme methods and psychological impact. I also wonder about the Venn overlaps with militia groups. MORE
US agencies are telling companies not to delete Slack or Signal chats, especially if they're under investigation. They're updating their language to make it clear that companies need to preserve and hand over records from platforms like Slack and Signal, with failure to do so potentially leading to fines or criminal charges. MORE
The Army's dropping its high school diploma requirement for new recruits due to it’s recruiting crisis. So now you’ll be able to enlist if you're at least 18, qualify for a job in the active-duty Army, and score at least a 50 on the ASVAB test. They only hit 40% of their recruiting goals last year. And it looks like the Navy is doing something similar. MORE
👉 Continue reading online to avoid the email cutoff issue 👈
IDEAS & ANALYSISCompanies Want AI, Immediately
🤯Anecdotal, but I was in a meeting with a big-wig executive and some other industry experts, and the resident VC expert (from a very reputable company) had a challenge for us. He asked,
What percentage of funding into AI startups do you all think is coming from internal, corporate investment groups?
Everyone guessed like 10% — 20%. I thought I was being crazy saying 60%. But I imagined it was a high number.
He said it was 90%.
90% of money going into AI companies coming from internal companies? In this economy? What does that say to you?
To me it says they can’t wait to get rid of most of their employees. To me it says they know how much heat they’re getting instead of light from most of their efforts. And they can’t wait to automate as much as possible.
As I say in my latest post, get ready for this. Be ready. It’s coming. Companies cannot wait for AI to replace the vast majority of their workforce. Don’t believe any company telling you otherwise.
More Efficient Terrorist Groups
One of the scariest things I heard this week was Tyler Cowen saying that AI’s big threat for terrorism isn’t making new pathogens, but actually helping them run a terrorist organization efficiently and without getting caught. Yikes.
Trying another mechanical keyboard, the Nuphy Air75 V2. Basically I have Vim typing sounds envy and I’m hoping this will address the issue. Plus it’s very Mac-friendly and YouTube reviews have been stellar.
📚We had one of our best hour-long conversations during UL Bookclub this weekend. I’d say top 3 for sure. So many topics. So many great comments. It was extraordinary. And the book was only the onramp to the topics, as usual. Absolutely love the book club. Never imagined being in one, and now it’s been going strong for like 4 years. COME BE PART OF IT
The big (commercial) app I’ve been working on is now in testing phase. I’m about to start showing prospects!
DISCOVERY🔥📺 Tyler Cowen on How GPT is Changing His Job MORE
🛠️ Replit — A platform for coding, AI assistance, and deployment, all within your browser. | by replit | MORE
🤖 LangGraph — It’s basically Langchain for multi-agent workflows | by Harrison Chase | MORE
🔌 Power VIM with AI — A new plugin brings AI directly into VIM, making it easier to write code and content by integrating with your documents. | by Song Luo | MORE
🛠️ APIDetector - Efficiently scan for exposed Swagger endpoints across web domains and subdomains. by brinhosa | MORE
😹 Tomcter - python tool developed to bruteforce Apache Tomcat manager login with default credentials. by oppsec | MORE
✨ Innovative and open-source visualization application that transforms various data formats, such as JSON, YAML, XML, CSV and more, into interactive graphs. by Aykut Saraç | MORE
✍️ A student shares how AI boosts their lecture note-taking by blending teacher's words, presentation content, and AI-generated summaries. They use their phone to record and live transcribe lectures, then feed the transcript to a Large Language Model (LLM) like Claude for concise summaries, enhancing their personal notes without replacing them. | by snats | MORE
🛠 Writing a TUI in BASH — A deep dive into creating Terminal User Interfaces using BASH, showing it's possible with minimal dependencies. | by dylanaraps | MORE
🛌 Morpheus-1 - A model that induces lucid dream states by propheticai | MORE
Rich People Don't Talk to Robots MORE
Ring's stopping police access to doorbell footage. MORE
Extreme Brainstorming Ideas to Trigger New, Better Ideas MORE
Prompt Security is a company looking to secure AI apps against prompt injection. MORE
Several Truths About Success MORE
Git commit messages are useless MORE
The Books We Can’t Wait to Read in 2024. MORE
Everything Is a File MORE
Bright Data's platform is a one-stop shop for proxy networks, web scraping tools, and pre-packaged datasets. MORE
How I use ChatGPT daily (scientist/coder perspective) MORE
Ash Jogalekar highlights academic papers that break barriers with their brilliance and accessibility, becoming timeless across disciplines. These papers are celebrated for their exceptional thought and broad relevance, making complex ideas accessible to a wider audience. | by Ash Jogalekar | MORE
Warren Buffett's Berkshire Hathaway has 83% of its $365 billion portfolio in just 7 stocks. I have a silly question: why not just find out what he’s doing in terms of stocks and percentages, and match those? MORE
RECOMMENDATION OF THE WEEKGive help. Ask for help.
Give help. Ask for help.
Give help. Ask for help.
♻️
You never know where your friends are in their up-and-down cycles of self-belief, good and bad news, etc. Reach out and offer help.
And don’t forget to ask for help when you need it too.
APHORISM OF THE WEEKThank you for reading.
UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.
So if you know someone weird like us, please share it with them. 🫶
Share UL with someone like us…Yours,
Powered by beehiiv
January 28, 2024
I Think 80% of Jobs Go Away
This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.
A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!Powered by beehiiv
January 24, 2024
How To Write Effective AI Prompts (Updated)
Click for fullscreen
If you want AI to work for you, you have to know how to talk to it.
I’ve been grinding on AI since November 2022, and I recently taught a 3-hour live course on how I’ve integrated AI into my everyday workflows. One of the topics I covered was how to create concise and effective prompts.
PromptingHere’s some detail on each of these points.
I use Markdown because it’s simple, and simple is good for reading/editing.One of the most important things about prompts is transparency. They have to be legible and super easy to read and edit. Markdown is perfect for that.
A prompt written in Markdown
As you can see above, this format makes it super clear what’s going on. You have clear sections at different levels, combined with numbered and bulleted lists.
Markdown is a human-first format
Most LLMs seem to also like Markdown because it’s easy to parse, e.g., lists of steps, hierarchical instructions, etc.LLMs love Markdown for the same reason that humans do—because it’s easy to understand.
The clearer you make prompts for yourself, the clearer they are for the AI as well.
I tell the LLM who it is, e.g., give it a roleWhen you tell an AI that it’s an astronaut, you’re priming it with all the knowledge in the model about that topic. That means it’ll give far better answers.
I often use the “take a step back and think step by step” setupAfter I define the role of the AI, I then tell it to:
Take a step back and think step by step about how to achieve the best outcome.
There was a competition between prompting techniques and this one beat out dozens of other techniques!
I break things into small, discrete stepsAfter I define my role and tell the AI to think step-by-step, I then give it those steps one by one.
Each step should do only one thing and work with the one above and below it
I often don’t even use a user promptI’ve actually started using the system prompt almost exclusively. It’s taken more seriously by LLMs and I tend to get much better results.
I tell it exactly how I want the output to look
I am very clear about how I want the output to look. The clearer the better.
I also give examples of good output if it might be confusingOne of the best things you can do with an AI is give examples. And it’s especially good if you do both 1) great instructions, and 2) great examples of output at the same time.
EXAMPLE OUTPUT- Nabisco (nabisco.com)- Coke (coke.com)- Cars (cars.com)END EXAMPLE OUTPUTI try to use as few words as possible; LLMs easily confused with too many instructionsBe as concise as you can. You might think saying more will help, but it often just confuses it.
I’m a little rough with it (do this!, don’t do this!)You only output Markdown.
LLMs prefer being told what to do rather than having to think for themselves.
Be explicit in what you like and don’t like about what they’ve done.
Combine all these
The results of a clean prompt (click for fullscreen)
I use Markdown because it’s simple, and simple is good for reading/editing
Most LLMs seem to also like Markdown because it’s easy to parse, e.g., lists of steps, hierarchical instructions, etc.
I tell the LLM who it is, e.g., give it a role
I often use the “take a step back and think step by step” setup
I break things into small, discrete steps
I often don’t even use a user prompt
I tell it exactly how I want the output to look
I also give examples of good output if #7 might be confusing
I try to use as few words as possible; LLMs easily confused with too many instructions
I’m a little rough with it (do this!, don’t do this!)
If you combine all these techniques, your prompting game will upgrade multiple levels, and so will your results.
Powered by beehiiv
January 22, 2024
UL NO. 416: Tracking AI Agent Activity, 400 SF Cameras, AI Sleeper Agents…
👉 Continue reading online to avoid the email cutoff issue 👈
Unsupervised Learning is a Security, AI, and Meaning-focused newsletter and podcast that looks at how best to thrive as humans. It combines original ideas and analysis to bring you not just the news—but why it matters, and how to respond.
TOCINTROHow are you?
Tons of stuff going on this week as plans for the year start to solidify.
A number of paid talks are starting to fill in, with the earliest in February and the latest so far in October. Absolutely love the combination of getting the ideas out there, getting to travel domestically and internationally, and getting paid for it!
I put out the bundle of loot for attendees of my AUGMENTED AI course on Friday.
I uploaded a ton to my still unannounced project, and activity on it is already going strong. Cannot wait to fully launch this thing!
🔥I have a buddy looking for a Security SE position. Remote, US-based. He’s a total and absolute gem. He’s one of my mentors and the best SE I’ve ever seen in any field. He not only learns any product instantly, but he deeply understands the tech, the customer problem, and sales, so he is insanely gifted at connecting what the customer needs to the product or service in question. Send me a quick note if you or someone you know is looking for a superstar SE. He will get snatched up quickly. EMAIL HIM DIRECTLY
Ok, let’s go…
MY WORK
A Conversation with Jason Kikta from Automox
In this sponsored episode of Unsupervised Learning, we talked to Jason Kikta. Jason is the CISO and Senior VP of Product at Automox, and our conversation covered: - Endpoint Management - IT and Security Overlap - Patching Strategies - Cloud-Based Solutions - Configuration Drift - Policy Articulation - Automation and AI - IT Operations Challenges - Future Product Features - and other topics.
omny.fm/shows/unsupervised-learning/a-conversation-with-jason-kikta-from-automox
Dark Visitors is a project that tracks AI agents doing various shenanigans on the internet and offering the ability to block them via robots.txt. HT to @securibee | by Dark Visitors | MORE
Super cool research on AI Sleeper Agents. Basically, agents that act cool normally but wait for a particular stimuli or moment to become vulnerable or take some other action. MORE | THE PAPER
From the paper (click for PDF)
💡You know how open source was supposed to provide “many eyes” and keep us safe? Well, benign AI agents will actually make that a reality. Auditing code. Crawling content for malware traps. Sending strange input to systems to try to trigger sleeper behavior, etc. The solution to malicious AI is, unfortunately, going to be benign AI tasked with finding it.
OpenAI is now partnering with the Pentagon for some projects, reversing its stance on military use of its AI. They are working on ‘a number of projects including cybersecurity capabilities’ (Bloomberg), but they’re maintaining their ‘no-weapons development’ policy. MORE | MORE
Sponsor
2024 State of IT Operations Report
We surveyed 500 U.S.-based IT professionals to dig into where the biggest efficiency challenges are for ITOps teams in 2024. We learned how generative AI and workflow automation tools increase IT agility, reduce costs, and enhance teams’ ability to simplify IT management. Download the report now to see what’s working for high-agility ITOps teams, where low-agility teams are struggling, and how your team stacks up.
go.automox.com/itops-report-2024
Download the report nowScammers are now using AI to fake the voices of relatives in emergency scams, tricking people into acting fast without adequate time to scrutinize. The FBI has logged over 195 complaints about these "grandparent scams," with victims losing nearly $1.9 million from January to September 2023. Tell your loved ones about these! MORE
China has been getting Nvidia chips despite a US ban that was meant to stop that from happening. They’ve been going through smaller suppliers, circumventing restrictions imposed in 2022 and 2023. MORE
San Francisco is going heavy on surveillance, evidently. They just installed 400 license plate readers across the city as part of the Flock Safety camera system. The police chief says it will help track down criminals, citing that 70% of crimes involve vehicles. I’m honestly for this kind of thing, despite the fact that it’ll have downsides. I just want there to be proper use and oversight. MORE
Advisories
🚨Ivanti Directive Issued — U.S. federal agencies have been ordered to patch a critical Ivanti software vulnerability. | CRITICAL | MORE
⚠️ Cybercriminals are exploiting TeamViewer to launch ransomware attacks by leveraging leaked LockBit builder tools. Huntress Labs' analysis of compromised endpoints revealed that attackers gained access through TeamViewer, attempting to deploy ransomware via a DOS batch file. MORE
Incidents
⚠️ UK Councils Cyberattack — Three UK councils are grappling with a cyber incident that's knocked public systems offline. | SEVERITY: HIGH | RESPONSE: Systems isolated, no customer data breach found yet. MORE
🚨 Chinese Espionage Campaign — Chinese hackers have been exploiting a VMware vulnerability for two years undetected. | CRITICAL | CVE-2023-34048 MORE
Vulnerabilities
🪳 GitHub Key Rotation — GitHub just rotated critical keys due to a high-severity vulnerability that exposed credentials. | HIGH | CVE-2024-0200 | CVSS Score: 7.2 MORE
🪳 Critical Vulnerabilities Patched — VMware and Atlassian have released patches for newly disclosed critical vulnerabilities. | CRITICAL | CVE-2023-22527, CVE-2023-34063 | CVSS Scores: 10, 9.9 MORE
👉 Continue reading online to avoid the email cutoff issue 👈
TECHNOLOGYA recent study by Boston Consulting Group shows that consultants using ChatGPT-4 significantly outperformed their AI-less peers in various tasks. The experiment involved 758 consultants and found that those using AI completed 12.2% more tasks, did so 25.1% faster, and produced 40% higher quality results. MORE
💡These are beginner numbers because this is all just starting. I think the big change in hiring in tech—and companies in general—starting in the next 2-5 years will be letting go of the bottom 75% of performers (or just not rehiring them after attrition), and competing for the top 25%.
And within that group, the competition will be fierce for the top 1-10% who are gods with AI. Why? Because when they’re augmented by even just Copilot or ChatGPT they’ll be superhuman. But as agent frameworks start to take over, they won’t be a Human + AI pair. They’ll be a Human + AI Team pair. And that AI team might be hundreds or thousands of people behind a single person.
In other words, the competition for jobs, starting in the next few years will be against a top 10% performer who’s backed by a farm of AI Agents, which gives them the output of 10-1000X that of a non-augmented, normal employee. It’s no competition. And this is who companies will still be hiring. Everyone else, moving along the scale of competence over time, will be increasingly unemployable.
Thousands of AI Authors on the Future of AI. Super cool project that surveyed thousands of published authors on what they thought was coming in AI, and when. I think they were far too conservative, which I think is due to their academic bias. In other words, they seem too safe and sane to creatively imagine how fast this stuff could actually move. Which is also why so many academics were blindsided by November 2022. Still, I think the paper set up the questions pretty well, and it’s still interesting to see that many opinions in one place. MORE
From the paper (click for PDF)
💡The hardcore academic “ML” types are the people I’ve seen be the most wrong about AI and where it’s going. At least in my opinion; jury’s still out of course. The problem is the disconnect between the culture of academia and the insanity that is GenAI. Academics are high in rigor and caution, which is awesome for some things, but it’s a hindrance if you’re trying to think big and crazy. And big and crazy is what’s needed to play in the current game.
My recommendation is to think carefully about where you are, and where the people you follow are, on the scale of Creativity←→Rigor.
Don’t listen much to people who are like “AGI is 10+ years away, if ever.” Or, “What we have isn’t even real AI.” Or, “You can’t trust AI because it literally just makes stuff up.” People saying such things in an absolute sort of way are likely to either be low in OCEAN Openness and/or an academic.
Don’t bring math to a poetry contest, and don’t bring pessimism to an art contest.
Mark Zuckerberg has pivoted again. He was all about metaverse, and then he kind of went the AR way with Lex on his podcast, and now he’s all in on open-sourced AGI. He’s doing a massive acquisition of Nvidia's H100 GPUs, expecting to own over 340,000 by year's end. 2024 is going to be ridiculous. MORE
I agree whoever said we shouldn’t call a model open source if they only release weights.
It’s not fully open unless you have the data and methodology as well.
Still, very cool.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️ (@DanielMiessler)
Jan 18, 2024
Google's Circle to Search simplifies finding info on your phone by letting you circle an item on-screen to instantly search for it. Can’t wait for Apple and everyone else to copy this. Super cool. MORE
Shining black light in public places (FAR-UV) could help prevent the spread of airborne diseases, potentially reducing the likelihood and impact of pandemics. Studies show that far-UV light can kill 99.9% of coronaviruses and other pathogens in the air, offering a passive defense against a wide range of respiratory viruses. MORE
Wenquai slashed their AI costs dramatically by optimizing Mixtral with GPT-4. They managed to reduce their daily AI expenses from a steep $100 to less than a dollar. MORE
Apple finally passed Samsung in global smartphone sales last year. Despite a general market decline, Apple's shipments rose by 3.7 percent, while Samsung's dropped significantly by over 13 percent, contributing to Apple's lead. This is my surprised face. MORE
HUMANSThe FDA just cleared DermaSensor, the first AI device that can detect all major skin cancers, aiming to improve early diagnosis. The device, which uses elastic scattering spectroscopy to analyze skin lesions, showed a 96% true positive rate for detecting skin cancers in a clinical trial. MORE
The self-checkout trend is hitting a wall as stores like Walmart and Target scale back or ditch the machines after facing increased theft and higher labor costs. Dollar General's CEO admitted they've over-relied on the tech, and now plan to boost staff numbers at checkouts. MORE
💡I find it fascinating how sometimes tech and various movements try to jump too far ahead, too quickly, and then get pulled back. Sometimes only for a second, and sometimes for a long time. Work from home. Self-checkout. AI?
South Korea just rolled out a new visa for digital nomads, aiming to attract remote workers and boost its economy. The visa allows foreign residents to stay for up to two years, provided they earn over $65,860 annually and have comprehensive health insurance. MORE
Germany is doing something similar. They made it easier to get citizenship, aiming to attract global talent to fill job shortages. The new law reduces the residency requirement for naturalization from eight to five years and opens dual citizenship to all, not just EU and Swiss nationals. MORE
👉 Continue reading online to avoid the email cutoff issue 👈
IDEAS & ANALYSISEveryone Should be a Thinker
One of my core beliefs is that it’s a stain on humanity that only certain people are considered to have thoughts worth sharing. I know this is just because we’re a young species, and it takes time to advance as creatures, and as a civilization. I get that. But it’s weird how civilizational retardation like this is considered normal while you’re living in it.
If you ask the average person what they think about the most important things in the world, like how to self-govern, free will, moral responsibility, the nature of reality, etc., they’ll blush and smile and make some sort of self-deprecating gesture. “That’s for the smart people to think about.” They think it’s for special people, like public intellectuals, people who write books or go on TV. It’s a travesty.
Human civilization will reach some modicum of advancement when it’s expected that every human on the planet is educated and empowered enough to not only have their own thoughts, but to believe those thoughts to be worthy of sharing. The fact that the percentage of people who believe that today is likely some obscene fraction of 1% should embarrass us all.
NOTESI’ll be camping for the Apple Vision Pro at the Burlingame store on February 1st. I normally camp in the summer, so February will be a different experience for sure. If you’re insane like me, come say what’s up.
Loving this Classical album, Pamart: PLANET GOLD, and I’m sadly not much of a Classical person. MORE
DISCOVERY🔥Moving from a Knowledge Economy to an Allocation Economy. MORE
You won’t be judged on how much you know, but instead on how well you can allocate and manage the resources to get work done.
Dan Shipper
🛠️Galah: an LLM-powered web honeypot using the OpenAI API | by Adel Karimi | MORE
🐞 Pfuzz — A Unix-style web fuzzer for finding security vulnerabilities. | MORE
🛠️ LAST - Scans code for security issues using OpenAI from the command line. | by Latio Tech | MORE
🔍 aifs — An AI filesystem tool for easy local semantic search. | by KillianLucas | MORE
Culture Change at Google (The Employee Isn’t First Anymore) MORE
Navigating American healthcare might not require insurance, as paying cash can sometimes be cheaper and more flexible. MORE
How People Left Twitter, and How It’s Going MORE
Powerful DALLE-3 Art Prompts MORE
Midjourney V6 Caricatures | by Allen T | MORE
🛠️ TweetFeed's return for the latest Indicators of Compromise shared by the infosec community by Daniel López | MORE
A Search for More ChatGPT/GOT-3.5/GPT-4 “Unspeakable” Glitch Tokens by MORE
Top Hacker News Books of 2023 MORE
RECOMMENDATION OF THE WEEKHere’s a cool heuristic for gauging your own happiness.
Pay close attention to how the success of your friends makes you feel. Not intellectually, but viscerally. Immediately. Within 1 second of seeing evidence that they’re crushing it.
If it makes you smile uncontrollably, fist pump, and want to text them and hype them up, that means you’re healthy. Congrats.
If it stings, gives you a sinking feeling, or makes you angry…I recommend you talk to a therapist. This will destroy not just your relationships, but your life in general. It’s actual poison.
APHORISM OF THE WEEKThank you for reading.
UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.
So if you know someone weird like us, please share it with them. 🫶
Share UL with someone like us…Yours,
Powered by beehiiv
January 17, 2024
UL NO. 415: It's Raining 9+ CVEs, 40% Job Loss from AI, Invisible Prompt Injection…
👉 Continue reading online to avoid the email cutoff issue 👈
Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news—but why it matters, and how to respond.
✍️ ERRATA: Last week I wrote about plagiarism that I am not happy with. Basically, I implied that the president of Harvard did plagiarism that was real and significant (and confirmed), and that Neri Oxman did not. I think that was a pretty safe bet for the Harvard president because Harvard did an investigation and confirmed it. But after thinking more about this, I think it’s completely the wrong framing. What Mrs. Gay did looks to have “technically” been plagiarism, and Harvard obviously agrees, but I think the problem is that we need to disambiguate between sloppiness and stealing ideas. As an example, Both Gay and Oxman are considered to have plagiarized for using descriptions of a thing from someone else. Like definitions of things. And not like creative, innovative definitions. It was just helper language to make actual points. To not cite or reference in that case might be frowned upon, and it might be considered sloppy, but it’s not stealing ideas. Plagiarism should only refer to stealing ideas. That’s how I assumed it was being used, and what I assumed these two women were being accused of. As far as I can tell, neither women did it, and the entire thing is a witchhunt based on silly definitions that need to be revised. Anyway, the point is that me saying Gay plagiarized and Oxman did not was weak sauce, and I intend to do better in the future.
✍️ ERRATA: The cool robot I talked about last week was from Stanford, not Deepmind. Some coverage referred to it as a Deepmind project and that spread as truth, but the laptop in the demo had a Stanford logo and I should have caught that. Do better, Daniel.
TOCINTROHey there!
Happy short week (at least in the US). A few quick updates:
📹The episode of me going on Dave Bombal’s podcast just came out! I talked all about AI and how to integrate it with your life. Think of it like a teaser for the AUGMENTED class with a lot more production and a lot less content. Still a great view into the ideas, and with a number of demos!
Insights into my AI personal AI ecosystem from the David Bombal show
🏫 I did the first run of my AUGMENTED AI course this weekend and it was phenomenal. Super fun. People absolutely LOVED the content which was so rewarding, and the chat itself was its own feature. That’s to be expected I guess when you have a couple hundred of the hungriest and sharpest people in one place. Tremendous fun, and I learned a lot, so the next one will be even better!
🎒 Just went on my first walk with my new GO RUCK rucksack. Pretty cool that I can put 60lbs. in it and maintain an 11:30 minute mile with only a 92 BPM. Even jogged a bit and powerwalked and it still stayed below 110 when going at an 11 minute pace. I always loved rucking in the Army, and I think I’ve found a lifelong favorite exercise. Walking, listening to books, and doing it at a higher BPM due to added weight. All in the name of increasing VO2Max!
⚙️ Unbelievably hyped about this open-source project I’m getting ready to announce! It’s going to be so epic. The hint: “upgrading humanity”.
Also, I’ve been spending silly amounts of time upgrading my Vim configs and skills in the last few weeks. Like I’m still watching 10+ hours of Vim stuff a week, even after redoing my main configs for 2024.
After having put in all this work, I really wish I could edit in Beehiiv using Vim commands. Of course I could just write Markdown in Vim and bring it over, but I want both things: the Beehiiv content objects, and Vim power—all in one. If anyone has any thoughts, let me know.
Anyway, let’s jump in…
MY WORKSECURITY⚠️ Attackers found a way to bypass MFA and gain persistent access to Google accounts by stealing and extending the life of authentication cookies. What people often miss about cookie stealing is that it’s a complete auth bypass. It’s what you get after you authenticate with MFA! So if you steal cookies (properly), both your password and your MFA security are compromised for those sessions. This attack extended the lifespan of stolen cookies, which is super nasty. MORE
The NSA is leveraging AI to spot elusive Chinese cyberattacks on U.S. infrastructure that traditional security measures might miss. Rob Joyce, NSA Cybersecurity Directorate's director, highlighted AI's role in identifying subtle, 'living off the land' tactics used by Chinese hackers to infiltrate systems without deploying malware. MORE
💡To me this NSA story highlights that in both offensive and defensive security use cases, the main advantage of AI will not be its exceptional (superhuman) capabilities, but rather the ability to apply pretty-good-intern or moderate-SME level expertise to billions more analysis points than before. In large companies or government/military applications, we often don’t need AGI. What we need is 10, 100, or 100,000 extra interns.
📄NIST put out a Taxonomy and Terminology paper for attacks against AI. TELOS is the name of UL’s internal AI system I’m building, and here’s its breakdown of the report:
A Micro-summarization of the full NIST report
My buddy Joseph Thacker has been doing a deepdive on a new “invisible prompt injection” technique against LLMs. The technique involves inserting hidden commands into AI prompts, which can lead to unexpected and potentially harmful outcomes. I’ve not looked deeply at this yet, but Joseph has, and he’s awesome. Check it out. MORE
Sponsor
Advanced Container Security Best Practices (Cheat Sheet)
Want to uplevel your container security strategy? This cheat sheet explores advanced techniques that you can put into action ASAP. Use this resource as a quick reference to ensure you have the proper benchmarks in place to secure your container environments.
What's included in this 9-page cheat sheet?
Actionable best practices w/ code examples + diagrams
List of the top open-source tools for each best practice
Environment-specific best practices
wiz.io/lp/container-security-best-practices-cheat-sheet
Get the Container Security SheetVulnerabilities
Holy crap with the 9.5+ vulns recently.
🚨Confluence RCE Alert — Atlassian warns of a critical RCE flaw in older Confluence versions. | CRITICAL | CVE-2023-22527 | CVSS Score: 10.0 MORE
🚨GitLab Account Hijack Risk — GitLab warns of a zero-click flaw that could let attackers take over accounts. | CRITICAL | CVE-2023-7028 | CVSS Score: 10 MORE
🚨Critical Juniper Flaw — Juniper Networks is patching a severe RCE vulnerability in its firewalls and switches. | CRITICAL | CVE-2024-21591 | CVSS Score: 9.8 MORE
🚨SonicWall Vulnerability Alert — Over 178,000 SonicWall firewalls Update firewalls have DoS and RCE potential due to a number of vulnerabilities. | CRITICAL | CVE-2022-22274, CVSS Score: 9.4 MORE
👇One of the more exciting vendors in threat intelligence I’ve seen in a while!
Sponsor
Get Ahead of Threats: Continuous Threat Exposure Management
Flare automates monitoring & remediation across the clear & dark web to detect high-risk exposure before threat actors have a chance to leverage it.
Get actionable intelligence that cuts through the noise of data from public GitHub repositories, infected device markets, illicit Telegram channels, etc. Integrating into your program in 30 minutes, the platform empowers practitioners of all levels.
👉hi.flare.io/unsupervised-learning👈
Start Your Free Trial👉 Continue reading online to avoid the email cutoff issue 👈
TECHNOLOGYIt’s the beginning of 2024 and lots of tech companies are still cutting jobs. I have my own theories about why this is happening but I worry that I see everything through my own lenses and try to fit the data to my internal narrative, so I’ll hold off for now. Plus it’s no-doubt multiple things happening at once.
Unity MORE
Twitch MORE
Discord MORE
Google MORE
Cloudflare MORE
💡Ok, lol, I’ll tell you what the narrative is, and it’s one I’ve shared before. It’s basically the Alaskan Fishing Boat effect. But there was also overhiring in the pandemic, and lots of stuff happening in the economy that nobody understands, so I am hesitant to say how much of the effect is a general corporate change of perspective on employees. I definitely think it’s a factor, though. Basically, a swinging of the pendulum away from “we’re so lucky to have you” to “you work for us and we’ll get rid of you if you’re not amazing.”
Cybersecurity companies saw more deals in 2023 but pulled in 40% less cash than the year before. While the number of funding rounds jumped to 346 from 303, the total raised was just $8.7 billion, down from $14.5 billion in 2022. MORE
💡My favorite resource for this analysis is my friend Mike Privette’s Return on Security. He’s like the Nate Silver of Cybersecurity Market Intelligence. GET IT
YouTube is completely crushing it on podcast adoption, and it’s adding RSS functionality to get even more. 28% of weekly podcast listeners prefer YouTube for their podcast listening, outpacing Spotify and Apple Podcasts combined. Super surprising to me, but I do find myself using it more as well. Side note, I think Spotify is screwed. Between YouTube and Apple I don’t think they have anything unique. MORE
HUMANS👀 The IMF is warning that AI could affect 40% of jobs, intensifying inequality. Interestingly they say it’ll have less impact in less advanced countries, which I guess makes sense given that the major attack surface is knowledge work. MORE | THE IMF REPORT
Taiwan’s election went in favor of independence from China. Woohoo! This is great for the West, but bad for local security tensions. MORE
NASA wants to send swarms of tiny probes to Proxima Centauri using laser propulsion. The Swarming Proxima Centauri project, a collaboration between Space Initiatives Inc. and the Initiative for Interstellar Studies, aims to propel gram-scale probes to a significant fraction of light speed with a 100-gigawatt laser, potentially reaching our nearest stellar neighbor by 2075. MORE
Another study has challenged the idea that 10,000 hours of study is all you need to become a top-level expert. Essentially it found that practice matters, but at the highest levels it’s more about natural talent. But we knew that already, didn’t we? MORE
The top 10% of U.S. households now hold a staggering 93% of the country's stock market wealth. MORE
A recent poll shows a majority of Americans believe in entities like aliens, ghosts, and the devil. The survey found 56.9% believe in aliens, 61.4% in ghosts, and 70.3% in the devil, with belief in God at 85.4%. MORE
👉 Continue reading online to avoid the email cutoff issue 👈
IDEAS & ANALYSISDA + Data + Display = AR
From AI’s Predictable Path
One of the things I’m most interested in with AI is actually AR. What does AI have to do with AR? Easy. It is a natural output of the combination of:
Data being available about a thing, from whatever source
A display of some sort that can show you the data overlaid on reality
An AI that can decide how and what to display given the context
Let’s look at some examples:
The temperature of stuff, in a kitchen
The battery charge levels, in a house
The last time since someone’s eaten, on a human
Speed, on a car
Expiring food, on a refrigerator
Danger level, on a street or intersection, or market, or map
This will be one of the biggest tech upgrades to human life, and it rhymes a lot with metaverse. But really it just requires these individual pieces to get far enough, and then to start working together.
The data needs to be available. We need the screens/lenses/projectors. And we need the AI to collect and display the data for a particular user/audience based on context.
Managing My Personal Sloppiness Level
The biggest weakness of my writing going back to 1999 has been too much sloppiness and not enough vigor. Well, “enough” is not the right word, as we’ll see below.
The least important level of sloppiness is just spelling and grammar, but more problematic levels are not calling out previous work when I release something new, waiting to release the best version of an idea instead of just being exciting and releasing an early version, not creating a list of opposing viewpoints, or supplemental reading. These are all things that I wish I could do (and soon will be able to do because of AI!).
I’ve always believed I had the right balance, and I still think I do. And here’s why: The Ideas Are What Matter. I’d rather put out a million different ideas and have people thinking about them, coming up with their own, and thus contributing to total creativity—than to go slower with a lot of vigor.
To be clear, I would rather be someone who could do both. But if I have to choose, I choose the quality of the ideas vs. the quality of the presentation—at least for the mass volume day-to-day. For big ones, like my recent post, or a book, I think it’s better to go more towards rigor.
Basically, ideas generate ideas, and I don’t want to slow that down for anything! There’s a limit to that, though. Let’s make up a number. Let’s call it 9%.
9% slop at ludicrous idea speed!
That’s been my preferred setting for most of my writing career, and it’s resulted in my current situation. I wouldn’t have it any other way, other than a way in which my discipline didn’t slow me down. I wish I were that guy, but I’m not. When an idea comes, I have to get it out there. I don’t have a writing staff. I don’t have a team of writers. It’s just me. Always has been.
I think most people need to increase their slop. Ideas matter more than perfection. But some people are both sloppy and don’t have many ideas, which is a bad combo. Like I’m willing to read a mess (like this mini-essay for example), if it has something in it. But I’m not getting meat from it, all the spelling and grammar issues magnify in my mind.
Anyway, the point of mentioning all this is that AI is coming. AI will clean up your ideas anyway. AI can help you write faster and better.
So focus on your ideas! Don’t go full-slop, of course, but open up the engine a bit. Increase your slop. I think it’s better to be known for being thoughtful and kind and helpful, but a bit rough around the edges, than to be known for being perfect but without original creativity or ideas.
And most importantly, it’ll be considered a major regret if you could have had all that content out there, which helped you think and interact with people, but you didn’t do it because you couldn’t be rigorous enough. I’m looking at you, my European friends!
Ideas. Creativity. Think. Write. Share. Put it out there. Being perfect is getting less important, not more. Not only because the ideas are mattering more, but because AI can help us make anything perfect.
Get after it.
NOTESIt’s often hard to know when to leave something in the Ideas section vs. making it a full post. I should move those over at some point. But to the point of the essay above, get the idea captured first, then worry about optimization!
The moment Trump left office I told everyone, and stated publicly, that he’d be back and stronger than ever. Everyone told me I was crazy. Well, he just crushed Iowa without even trying. And that’s a state he didn’t even win in 2020. I’m going to do a longer piece on how I think his rise is simpler than it appears.
DISCOVERYA Collection of Postmortems MORE
🐍 SSH-Snake — A tool for automated, fileless SSH network traversal that self-propagates and replicates. | by MegaManSec | MORE
🛠️ jqfmt — A tool that formats jq scripts similarly to how gofmt formats Go code. | by noperator | MORE
What Happened in the Cybersecurity Market in 2023 | by Mike Privette | MORE
🔍 awsScrape — A tool for scraping AWS IP ranges to find specific keywords in SSL certificates. | by jhaddix | MORE
🌌 Stellarium — Real-time sky rendering for astronomy enthusiasts. | by StellariumDev | MORE
📂 oil.nvim — A Neovim plugin that lets you manage files directly within the editor, streamlining your workflow. | by stevearc | MORE
🛡️ LLM-Powered Security Tool — Use AI to prioritize and fix vulnerabilities with NIST and CISA data.| MORE
🐰 Rabbit R1 — Teenage Engineering's latest creation is a sleek, tech-forward device. Probably the most hyped thing coming out of CES. | MORE
📖 'Meditations' Modernized — A new video translates Marcus Aurelius's Stoicism into today's language.| MORE
🤩How Discord Serves 15M Users on One Server MORE
The Seneca Effect suggests that while growth takes time, collapse can happen swiftly. MORE
🔥Terminal Smooth Scrolling. Yummy. Already added to my config. MORE
Feynman talks about how he got burned out and ended up getting his Nobel prize because he found a way to make physics fun again. MORE
Optimal Fraud Level MORE
RECOMMENDATION OF THE WEEKCheck out my appearance on David Bombal’s podcast. It’s the best video form illustration of what I’ve been working on for the last year. WATCH IT
APHORISM OF THE WEEKThank you for reading.
UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.
So if you know someone weird like us, please share it with them. 🫶
Share UL with someone like us…Yours,
Powered by beehiiv
January 8, 2024
UL NO. 414: LastPass Settings Upgrade, Boosting ChatGPT Output, AI Adding Societal Transparency
👉 Continue reading online to avoid the email cutoff issue 👈
Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news—but why it matters, and how to respond.
TOCINTROHi!
Super hyped for this week. I’m making great progress on adding stuff to my AUGMENTED AI class, which I’m giving live on Saturday. We’re closing signups on Wednesday, so get in while you can! RESERVE A SLOT
I’ve also got a ton of work done on my big open-source AI project I’ve been telling you about for a while! And I’ll be releasing that probably next week! I cannot wait to share this thing!
Alright, let’s get into it.
MY WORKAI’s Predictable Path: 7 Things to Expect from AI in 2024+
My latest essay on where AI is heading, based not on trying to guess future tech, but based on looking at what all humans want. READ IT
My Response to Cory Doctorow Saying AI is a Bubble
Cory Doctorow thinks AI is a bubble and that it’s going to blow up soon. I think he’s right about a lot of valuations and gimmicky companies, but very wrong overall. READ IT
LastPass is mandating at least a 12-character master password after last year's security situation(s). Updates also include checks against breached credentials and other protections against credential-stuffing attacks. MORE
Mandiant’s X account got taken over, which is a bit embarrassing for a security company as well-respected as them. It’s not clear yet what the failure was, i.e., whether it was a password/2FA issue or a vulnerability like the XSS/CSRF one reported by Chaofan Shou. Mandiant is now part of Google. MORE
👋 Reminder to please check out our sponsors each week. They help us keep the newsletter and podcast as a viable business model, and are often sharing some pretty cool stuff. 🫶🏻
Sponsor
🚨Unveiled: The 2023 Kubernetes Security Report🚨
Dive into the unseen depths of Kubernetes security with our latest findings! Our comprehensive scans of 200,000+ cloud accounts reveal a startling landscape of exposed containers ripe for the taking.
🔍 Inside, you'll unlock:
Expert analysis of Kubernetes attack vectors
In-depth breakdown of Kubernetes attack chains
Current statistics on security controls and mitigations
The best defenses against cloud attacks
It’s a current playbook on the best ways to address cloud threats.
🔗 Secure Your Insights:
wiz.io/lp/the-2023-kubernetes-security-report
🔑Access Your Blueprint to Cloud Security Now!⚠️ Stealthy AsyncRAT Attacks — US infrastructure has been targeted by AsyncRAT malware for 11 months. | SEVERITY: HIGH | RESPONSE: AT&T Alien Labs provides detection tools. MORE
Drones are becoming a go-to method for smugglers to transport drugs across borders. According to a Vice report, these unmanned aerial vehicles are increasingly being used to bypass checkpoints. MORE
🏥 HealthEC Data Breach — Over 4.5 million individuals had their personal data exposed in a breach at HealthEC. The compromised data includes sensitive information, which is always concerning. MORE
👉 Continue reading online to avoid the email cutoff issue 👈
TECHNOLOGY🤖 Some folks at Deepmind created a completely insane new robot. It does a lot of the stuff that we’ve seen promised for years, like cooking, cleanup, etc., and it’s all running off of consumer parts and compute. The demo video is a must. MORE
💡As big as AI is going to be, it’s nothing compared to that same AI inside of a household robot. TESLA is betting big on this, and so am I. Virtually everything about AI is made better by being in a physical form, but this is especially true for companionship, elderly assistance, and use cases like that. Being a security guy, however, I really do worry about the threat model here. Remote access and RCE to these things will be nightmare fuel.
📄 Principled Instructions Are All You Need Paper — A new paper is out describing how to get a stable 50% improvement in ChatGPT output. They provide 26 different techniques to get there. MORE
From the linked paper.
OpenAI's GPT store, a marketplace for custom AI agents, is set to launch this week after some delays. The platform will enable ChatGPT Plus and enterprise subscribers to create and sell personalized chatbots, and the more people download and use your GPTs, the more you get paid. MORE
Google is pushing to remove third-party cookies from Chrome in 2024, which critics are saying is way too fast. Critics argue that the industry will need far more time to get ready, and that solutions like Google’s Topics aren’t ready yet. Topics works by collecting things a given user is interested in and sharing that list, rather than sharing browsing history. MORE
💡 This Google Cookies thing is starting to feel a lot like a lot of their product rollouts, i.e., rushed and half-baked. The difference in this case is that it could cost them a LOT of money if they mess this one up. And potentially set the whole anti-3p-cookies effort back years.
Flush is an app that lets you book a cafe's bathroom for $5, aiming to solve the public bathroom problem. The app, created by Elle Szabo, offers a double-sided marketplace where businesses can list their restrooms for rent and users can reserve them, with Flush taking a 5% cut. MORE
Starlink just launched satellites that'll let you use your LTE phone from almost anywhere. It’s a partnership with T-Mobile to cover dead zones, and the service is expected to roll out by the end of 2023, starting with messaging and expanding to voice and data. MORE
Apple's Vision Pro headset might hit stores as early as January 2024, which means I should get ready to get in line. MORE
Microsoft believes so strongly in AI that they’re going to put a dedicated key on Windows keyboards. They’re calling it a Copilot button, but I think that’ll end up getting more generalized to the assistant button. Clippy in just one click. MORE
HUMANSChina's Ministry of State Security is cracking down on military fans sharing photos of army equipment online, threatening up to seven years in prison. MORE
Suicide rates among Gen Z, particularly girls, are climbing across English-speaking countries. The data shows a worrying trend, with suicide becoming a leading cause of death for young people in these regions. MORE | MY PIECE ABOUT PURPOSELESSNESS
From After Babel
The US economy outperformed on jobs by adding 216,000 positions in December. MORE
Gallup's latest poll reveals just 28% of Americans are satisfied with democracy, a new low. The drop from 35% follows a trend across all political affiliations, with Democrats at 38%, Republicans at 17%, and Independents at 27% satisfaction. The Republican trend line is super interesting, with them starting the highest and ending the lowest. MORE | MORE
Starbucks is now letting you use your own cup for drive-thru and mobile orders to cut waste. Starting January 3, 2024, the initiative is part of their goal to slash waste by half by 2030, making them the first national coffee chain to offer this option. MORE
Most Americans still reject the Jan. 6 Capitol riot, but a CBS News poll shows Republican disapproval is slipping. Three years on, 78% of Americans condemn the insurrection, yet Republican approval has grown from 21% to 30%. 30%. MORE
💡So just to be clear, Republicans currently have 17% support for Democracy, down from 80%, and 30% support for the January 6th riot, up from 21%. I get their point about the system and the Left, being broken. But authoritarianism ain’t it, my guy. Goodness.
California's courts have ruled that police drone footage isn't automatically off-limits to public records requests. The decision marks a win for transparency, as it clarifies that footage from police drones can be requested under the California Public Records Act (CPRA), rejecting the argument that all such videos are exempt due to investigative purposes. MORE
👉 Continue reading online to avoid the email cutoff issue 👈
IDEAS & ANALYSISComing for Neri Oxman
There’s a witchhunt for Neri Oxman for some stupid reason. Business Insider wrote an “article” claiming she plagiarized part of her dissertation. But if you look at the actual claims, it’s like forgetting some quotes for someone she had already heavily quoted and cited numerous other times in the paper. It’s complete garbage. What I don’t get is the reasoning.
Like who thinks this is helpful to anyone? One possible reason is that her husband, Bill Ackman, had gone after the Harvard president for doing actual plagiarism, so someone decided to counterattack with the full force of the media. Super gross. Can’t wait for this kind of trash to be made transparent by armies of AI research bots.
And I know—I’m like seeing AI as the solution to everything—but there are lots of things AI won’t help, or will make worse. But in this case, we really do need to see connections between things that are virtually opaque due to complexity. Like I’d love to instantly know the backgrounds and political leanings of everyone who writes hit pieces on a given person—of any affiliation—combined with a sequence of events in time, combined with the claims made, etc.
AI will be exceptionally good at finding possible motives and plots in such things. And it’s not the type of thing that humans can do well. It’s too many threads, too many things to research, and then assemble, and then put together into a narrative. AI will do all that for us in minutes, and it’ll do it continuously.
Sure, it’ll also help people find connections and conspiracy in places where there is none. But that’s ok, because most other AInalisys will find that the connections are tenuous, and the conclusion is a stretch.
Anyway, these charges are crap, and I’m very tired of political takedowns of people just because they can. MORE | MY PIECE ON AI BRINGING TRANSPARENCY | GARBAGE “REPORTING”
NOTESI’m playing a lot more with local AI models lately. Lots of Ollama but also oogabooga’s web UI for Hugging Face models. I’m going to be integrating these into my AI framework/ecosystem soon. GPT-4 is still king, but lots of use cases don’t need the king.
DISCOVERY🎓 VIM for Pentesting — Tom Hudson, known as tomnomnom, teams up with STÖK to teach security people how to level up their command line game. This one is from like 2019 but it’s still one of the best videos of its kind. | by stokfredrik | MORE
🛠️ CrewAI — A new agent framework for creating different agents in different roles, and having them interact to produce an output. It’s like Autogen, but I think I like the structure better. MORE
Defining a Writer in CrewAI
🛡️WhiteRabbitNeo-13B — A fine-tuned version of Llama2 that allows you to ask both offensive and defensive security questions. MORE
🖥️ asitop — A super badass Python-based CLI tool for monitoring performance on Apple Silicon Macs, inspired by nvtop. | by tlkh | MORE
aistop output
🧐 Preparing for Security Engineer Interview — TryHackMe offers a comprehensive guide for security engineer interviews, blending general advice with technical sample questions. MORE
⏱️time cat — A super low-rent stopwatch for the command line. You run time cat and you CTRL-c when you’re done, and it tells you how long that was. lol | HT to Charlie Campbell for the tip.
🛠️ github-blog — Transform GitHub issues into a blog content management system with just an API. | by Renato Ribiero | MORE
🔗 Webmention.app — Automate sending web mentions for links on your site with this simple API. | by colindean | MORE
📱 Offline Chat Private AI — This app lets you run the powerful Mistral 7B 0.2 LLM on iPhone Pros, all without an internet connection. | MORE
Ivan Tolkunov built an AI to spot AI-generated images using a resnet-based model with FastAI on an M2 MacBook Air, hitting over 99% accuracy in testing. MORE
🟩 Greenphone — Create greenscreen prompts in Midjourney for custom art placement within an image. MORE
✍️ Typefully — A tool that makes tweeting easier with smart tips and automated features. Still messing with it, but I’ve heard amazing things about this one. MORE
📓 Weekly Wins Planner — A fresh template to help you organize your weekly achievements and ensure they align with your quarterly goals. It's a practical tool for staying on track. MORE
📄 Challenge Bowl Icebreakers — Looking to spice up team meetings? This free Challenge Bowl icebreaker template offers a creative way to engage team members with questions and activities that build camaraderie. MORE
The Antilibrary — A bookshelf of stuff you haven’t read yet. MORE
Potheads, Planners, and Players — Different ways to approach projects. MORE
RECOMMENDATION OF THE WEEKRemember that goals don’t win us anything, which is why New Year’s resolutions seldom work. It’s all about the systems.
The algorithm for winning is:
Start with your goals
Build systems that will get you to those goals
Execute on the system
Another word for system is: routine. So it’s not about what you want to do, or set out to do. It’s about what you actually do, day-to-day, throughout the year.
So build the ultimate system/routine for 2024. That should be the top priority. Build the routine that—if you follow it—will result in you accomplishing your goals for the year.
No better time to do this than early January!
APHORISM OF THE WEEKThank you for reading.
UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.
So if you know someone weird like us, please share it with them. 🫶
Share UL with someone like us…Yours,
Powered by beehiiv
Daniel Miessler's Blog
- Daniel Miessler's profile
- 18 followers
