Daniel Miessler's Blog, page 14
February 11, 2024
Your Work Can Only Be As Good As Your Problems Are Meaningful
Work on the most important problems possible
I have a god-tier hack for improving the quality of your work, and the fulfillment you get from it.
Improve the quality of the problems you’re working on.
Putting it another way, your work can only be as interesting as your problems.
And you can’t only be as fulfilled as your work.
Which means…
You can only be as fulfilled as your problems are meaningful.
ExampleHere’s an example.
You’re a top .01% programmer.
You can solve any problem.
You see frameworks in your head like Beth Harmon sees chess boards.
But you work at Google in Ad Platform Optimization.
As arithmeticHere’s the issue as arithmetic.
work_fulfillment = (work_quality + problem_quality) * (problem_quality + problem_quality)
So the left side of the equation is your work, and the right side is the problems you’re working on.
But even the left side is affected by the problems you’re working on! Which means you get more than triple the upgrade when you work on more interesting problems.
As a visualYour fulfillment based on working on optimizing ad models.
And here’s what it might look like if you’re working at OpenAI trying to build AGI to create universal abundance, and thus, maximum human flourishing.
What do I do?What’s the takeaway? Simple.
Ask yourself what problem(s) you’re trying to solve in your work.
If they’re not big, interesting, or important enough (in your own mind), change that.
The reason you’re unfulfilled at work might have nothing to do with you.
It might be because it doesn’t matter how well you do, or your team does, or the company does. Because they’re not working on anything important enough.
To get maximum happiness from your work, find the most important problems to work on. It won’t just improve the impact of your work, but will likely make you better at doing the work as well.
More fulfillment will fall out naturally.
Powered by beehiiv
February 5, 2024
UL NO. 418: DEFCON Moves, AnyCloudDesk, Ransomware Learnings, My Top AI Projects
👉 Continue reading online to avoid the email cutoff issue 👈
Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to thrive as humans in a world that’s changing faster than ever. It combines original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.
TOCHey there,
Big things I’m thinking about this week:
Getting to hang with my friends and plan career and life trajectories this week! Cannot wait!
More time with Apple Vision Pro
I’m creating a second product (more to come on that)
The first big product is coming along REALLY well
Fabric is going crazy. Lots of interest.
I hope you have a great week!
Let’s get into it…
MY WORK🥽My First Impressions of the Apple Vision Pro MORE
How (Specifically) AI Will 100x Human Creativity and Output MORE
The demo movie on the Fabric README.md
👉The Fabric Project on Github is blowing up! I put a couple of hours of work this weekend into the quality of the README.md and documentation (and a demo video), and I’d love it if you could head over and give us a ⭐️. STAR US
SECURITYDEFCON is moving to the Las Vegas Convention Center this year. Caesers canceled their contract together, with speculation being that it had to do with the MGM hack. Can’t wait to see what they do with the bigger space! MORE
Anydesk got hacked real bad. Another piece of tech I’d not heard much about until I find out everyone uses it. MORE
Sponsor
Enhance Enterprise Security: Trust Every Device with Kolide!
When you go through airport security, there's one line where the TSA agent checks your ID, and another line where a machine scans your bag. The same thing happens in enterprise security, but instead of passengers and luggage, it's end users and their devices.
These days, most companies are pretty good at the first part of the equation, where they check user identity. But user devices can roll right through authentication without getting inspected at all. In fact, 47% of companies allow unmanaged, untrusted devices to access their data. That means an employee can log in from a laptop that has its firewall turned off and hasn't been updated in six months. Or worse, that laptop might belong to a bad actor using employee credentials.
Kolide finally solves the device trust problem. Kolide ensures that no device can log into your Okta-protected apps unless it passes your security checks. Plus, you can use Kolide on devices without MDM, like your Linux fleet, contractor devices, and every BYOD phone and laptop in your company.
Visit kolide.com/unsupervisedlearning to watch a demo and see how it works.
kolide.com/unsupervisedlearning
Watch a DemoSomeone in finance paid out $25 million in a BEC scam because a deepfake video convinced them they were talking to real people. This is about to seriously make it more difficult to validate the person on the other end of the call. MORE
Cloudflare got hit by a suspected state-sponsored actor. The attackers exploited credentials stolen from the October 2023 Okta hack to infiltrate Cloudflare's internal systems on November 14, revealing the incident nine days later. MORE
The FBI says scammers are using couriers to swipe seniors' life savings by convincing them to buy precious metals. From May to December last year, victims lost over $55 million to these scams, with seniors being the prime targets. MORE
We’re learning from ransomware attacks. Only 29% of victims decided to pay in the last quarter of 2023, which is the lowest rate ever. It appears the big decrease from 85% in 2019 is mainly because people are more informed and ready, like having decent backups. MORE
💡I’ve always seen ransomware as a continuous global red team with dire consequences. It’s good to hear some good news on this front, with fewer people paying. That means the operation is working.
The Shadowserver Foundation found 45,000 Jenkins instances exposed online, which are vulnerable to a critical flaw that's being exploited in the wild. MORE
Bruce Schneier warns that AI could enable mass spying by analyzing the vast data that governments and companies already collect. He argues that while traditional spying requires human effort to interpret conversations, AI's ability to understand and process language will allow for spying on a scale previously unimaginable. This is exactly what this week’s essay is about. MORE
Nightshade has exploded with 250,000 downloads in just five days. It’s a tool to stop AI from copying art. I personally don’t get it. This type of thing won’t stop AI from happening, or AI from incorporating human art. It’s a flash-reaction, sourced in fear, to something inevitable. There are bad parts of that inevitability, but our time is better spent trying to address those rather than looking for ways to stop this from happening. MORE
The FCC is looking to outlaw AI-generated robocalls, especially those using voice cloning tech like the recent incident where a deepfake was used to attempt voter suppression in New Hampshire. MORE
Vulnerabilities
⚠️ SCHNEIDER RANSOMWARE — Schneider Electric's Sustainability Business hit by Cactus ransomware, terabytes of data stolen. | SEVERITY: HIGH | RESPONSE: Company is performing remediation and containment, with no other divisions affected. MORE
🪳GITLAB FILE FLAW — GitLab patched a critical flaw allowing file overwrite during workspace creation. | CRITICAL | 9.9 | MORE
🪳 GLIBC FLAW ALERT — A new glibc flaw allows root access on major Linux distros. | CRITICAL | CVE-2023-6246. MORE
👉 Continue reading online to avoid the email cutoff issue 👈
TECHNOLOGYNeuralink has successfully implanted its first brain chip in a human. The device, aimed at enabling control of external devices through thought, was placed in a patient who is part of clinical trials targeting individuals with severe mobility impairments. I seriously hope it goes well. MORE
Meta is making tons of money again, and crushed tech stocks with a 25% revenue jump to over $40 billion. This growth outshone its projections and even hinted at a potential acceleration to 29% in the next quarter. He’s got so many great properties (FB, IG, etc.), and he’s off the metaverse thing and now onto AGI. They’re on fire right now. The good kind. MORE
China has approved over 40 AI models for public use in just six months. It’s part of a broader effort to compete with the U.S. in AI. It’s crazy how many advantages and disadvantages they have when it comes to tech. On the one hand, they can make immediate policy changes, but on the other hand, they’re afraid of their people becoming too free. MORE
The New York Times is looking to blend AI with traditional journalism. They're assembling a team led by Zach Seward to prototype AI and machine learning for reporting and presentation enhancements. Makes sense to me. Like, how could they not? MORE
John Deere is working with SpaceX to bring satellite internet to farmers. MORE
YouTube Music and YouTube Premium now have over 100 million subscribers worldwide. I am using YouTube more and more myself, and music is one of the main use cases. I mean, it’s getting so good that I wonder when Google will kill the project. MORE
Starlink is turning its satellites into mobile phone towers. They’re testing it now, and it’s working. Pretty impressive. I love this version of Elon. MORE
Zoom has an Apple Vision Pro app, and it lets people join as their Persona, which is like a cartoon avatar of themselves. Mine looks pretty bad, but unfortunately, it is pretty realistic. MORE
HUMANS
I am convinced that the 8 pillars of Mental & Physical Health are:
1) Sleep
2) (Sun)light
3) Exercise
4) Stress Management
5) Relationships (Incl. To Self)
6) Nutrients (Amt., Timing, Content)
7) Oral Health & Gut Microbiome
8) Spiritual Grounding
Additions? Subtractions?
— Andrew D. Huberman, Ph.D. (@hubermanlab)
Feb 1, 2024
A recent Ipsos poll shows that 63% of employees making over $100,000 can work from home, compared to only 32% of those making under $50,000. I’d expect that gap to widen as you move up and down the scale. So, people making more than $250K, vs. people making $30K. The sad part is that freedom and luxury are what make people freer to be worth more. MORE
New data shows the bottom 80% of US households consistently spend more than they earn. The data comes from the Bureau Economic Analysis' newly released Distribution of Personal Income Accounts, which for the first time provides a clear view into the spending habits of different income groupings over the past two decades. It turns out, only the top 20% of households are consistently putting money away. MORE
95% of container ships are now going around Africa's southern tip due to avoid Houthi attacks in the Red Sea. The route change adds 10-14 days of travel, which has all sorts of implications. MORE
Conservative social media is circulating conspiracies that the NFL is rigging games to favor Taylor Swift and her boyfriend's team, all to boost President Biden's image before the election. MORE
👉 Continue reading online to avoid the email cutoff issue 👈
IDEAS & ANALYSISPunished for Good Behavior
Not fully confirmed, but I heard a friend say that the reason Goldman Sachs got crushed by the Apple Card deal, and had to pull out, is because the Apple Card customers were paying on time! Which is horrible for banks. They make all their money on people being overburdened, overstretched, and paying late. Assuming it’s true, I’m so happy about this.
Apple is LifeOS
I write about this every few years, but with Vision Pro I think it’s time to mention it again. Apple is winning because they’re slowly and methodically building LifeOS. They’re building a massive ecosystem for enhancing everything in your life. And when they think about products, they think about how they work together. If you think about what tech will look like in 25 years, where your house works with your car, and your mobile device, and your contact lenses for AR/VR, and all your finances are integrated with everything. You can pay with a gesture. You can talk to your AI assistant and they can do everything for you. It’ll all be part of your basic tech ecosystem. Now imagine that being GMail and Fitbit. You can’t, really, because Google is throwing random stuff at a wall to see if it makes a lot of revenue. And if it doesn’t, they kill it. Apple is the only one thinking properly about, and executing on, the concept of a unified LifeOS. And that’s why they’re winning. And because of that, the government’s about to step in and ask them why everyone likes their stuff, and demand they get broken up. I wish they’d just tell the truth in court. “People are only using us because the alternatives are so bad. We’re the only people building LifeOS, so it’s no wonder that people come to us.”
Much love to Jonathan Dunn (@xssdoctor) for creating the client for the Fabric project. We’ve got it in a pretty good state now, and the client and documentation are now live! MORE
DISCOVERY
I demand a show like Black MIrror, but for the POSITIVE possibilities.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️ (@DanielMiessler)
Feb 5, 2024
Ok, here are the two of the best projects in AI right now, along with Fabric, if I may say so myself… 😃
CrewAI — In my opinion, this is the best AI Agent framework out there. In other words, this, or something like it, is how we’re going to get to AGI. It just gets more powerful when you add better models. by João Moura | MORE
Wishful Search — This project lets you throw random data of any kind into a bin, and then you can ask questions as if you spent days writing perfect SQL. It’s actual magic, and it’s not getting near enough attention. | by Hrishi Olickel | MORE
If you’re not watching these two projects, go fix that!
🧵 fabric — My open-source framework for augmenting humans with AI. The idea is to have granular AI solutions for all the different use cases we need to solve in real life. | by Daniel Miessler | MORE
🖥️ Plock — Stream outputs from an LLM or any script directly into your text editor, all in real-time and locally. | by jasonjmcghee | MORE
🔍 SigFinder — Quickly spot binaries signed to internal CAs/domains. MORE
🔧 Ruff v0.2.0 — A super-fast Python linter and formatter, now better. | by astral | MORE
🔬 MLX — A machine learning array framework optimized for Apple silicon. | by ml-explore | MORE
🔉Insanely Fast Whisper — It can transcribe 2.5 hours of audio in under 98 seconds using OpenAI's Whisper Large v3. | by Vaibhav Srivastav | MORE
🤖Attabit — An AI-powered news site. This is the future, folks. If you provide news rather than analysis/opinion that is much harder to copy, this is what you’re up against. | MORE
🤖Signals — Signals is a curated collection of links to major stories from around the web, enhanced by an AI tool named MISO ("multilingual insight search optimizer") that helps reporters efficiently find diverse stories in various languages. MORE
If you’re not using Perplexity yet, it’s worth playing with. Think: AI Google. MORE
I need one of these neck lamps for reading in bed without waking her up. MORE
Even intelligence agencies are overwhelmed by too much data. MORE
Apple's machine learning team introduced MLX, a new way to use AI apps, but optimized for Apple silicon. MORE
Your Security Program is Sh*t — A rant on how many security programs are shams where external consultants are valued over internal expertise. Talks about how cybersecurity is often sidelined until corporate mandates force action, leading to a superficial compliance process that prioritizes appearances over actual security. Pretty good piece. MORE
Vantage has launched a standalone Kubernetes cost-monitoring agent, slashing resource usage significantly. The new agent consumes up to 99% less vCPU and 97.9% less memory than previous solutions, streamlining Kubernetes cost monitoring by adhering to the Unix Philosophy of simplicity and efficiency. | by Vantage | MORE
Current Software Engineers Have No Deep Knowledge MORE
The Seven Laws of Pessimism MORE
One-shot Prompting Magic MORE
What if Christensen's disruption theory is outdated? The piece explores how recent examples like the iPhone and Tesla challenge Clayton Christensen's classic theory that cheaper, "good enough" products disrupt markets. | by Anshu Sharma | MORE
RECOMMENDATION OF THE WEEKSchedule dedicated time to hang with your closest friends. It won’t always happen otherwise, and you need “belly showing time” to stay close.
It’s not real if it’s not on the calendar.
APHORISM OF THE WEEKThank you for reading.
UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.
So if you know someone weird like us, please share it with them. 🫶
Share UL with someone like us…Yours,
Powered by beehiiv
February 4, 2024
Apple Vision Pro First Impressions
This first-impressions “review” will be a little different than most because:
I’m a total Apple fanboy
I’m not sold on VR/AR/Spacial headsets
Also, I’m not going to write some super long review. I just want to give some high-point callouts for anyone interested.
ContextI am all about figuring out coming tech, so the “spacial computing” proposition is naturally interesting to me. That being true, I have felt like all the previous VR hardware I’ve tried has been extremely kitschy.
Cool, but just as a sideshow, not as a real thing. That’s just my opinion.
My Apple Vision Pro ExperienceSo here we go, in no particular order…
The new UX paradigm of eyes + pinchThe most futuristic thing about the interface is how you browse and select things in the interface.
The videos somehow made it seem like you needed to move your hands to pinch things. And the setup interaction has you pinch things as well, which is a bit confusing.
In reality, you don’t—and really shouldn’t—move your arms and hands to make selections. In fact, it makes things infinitely more tiring and slower if you do so.
The whole game is clean, crisp, focus on items with your eyes before you click with your fingers.
Your fingers can stay in your lap or almost anywhere in the 180 degrees in front of you.
The trick is to make sure your eyes do not wander as you’re clicking. If you do, your clicks will land where your eyes drifted to, instead of what you meant to click.
If you get really good at this you can navigate and click MUCH faster than using touchscreens or mice.
And once you do get fast with it, it feels godlike
Floating windows FTWBy far, the most impressive practical application is the ability to have multiple windows floating around you.
These windows are extraordinarily clear. They stick where you left them. And they’re very intuitive to deal with.
I had a Facetime conversation with a friend yesterday, and around me I had the Mindfulness app, a web browser, AppleTV, the Disney app, and a couple of other windows I don’t remember.
But I was immersed in the conversation, and I found myself researching things we were talking about in the browser on the side. It was just wonderful.
And the whole time I was sitting on my couch.
It was a moment that actually felt like the future. Basically, I got pulled into the moment and wasn’t thinking about the interface at all. It just seemed completely natural.
And that was very soon after using it for the first time on Friday.
Immersive mediaThe 3D / immersive experiences are better than anything I’ve ever experienced.
The absolute best one so far is the Alicia Keyes live performance. Super cliche, but it really does feel like you’re in the room with her. I felt some emotion on some songs. It was brilliant.
I’ve also watched a few other immersive videos from Apple, including the Rhino one, and they’re all absolutely captivating.
These videos are way more compelling than other types of media. It’s not exactly like being there, but probably like 80%, whereas other media is more like 30%? Something like that.
I imagine education being dramatically more immersive using this medium, which is so needed.
We need education that feels like entertainment, because entertainment is what we’re competing with.
The device and experienceWatching movies really is nice, and I expected it to be my favorite thing. But I have such a great setup at home that the AVP experience comes a bit short.
The reason is the display. It doesn’t quite have the same resolution as a quality OLED TV. Size yes. Much more actually. But clarity, no. I could have something wrong with my device, though, or some shmootz on the lens or something. Or too much light coming in. Not sure. But it doesn’t feel as clear as my screen at home.
I switched to the other strap immediately. You need a secure fit for sure.
Another interesting limitation is that you can see the eye-holes. Like I can see how my vision is limited through the holes I’m seeing out of.
You also have a hard stop at 180* around you. In all directions. It just stops there. Not a big deal, but I thought it would wrap around my head for some reason.
The sound is really, really good. But I actually prefer AirPods, which you can wear instead.
And neither compares to my home entertainment setup, which has like 9 Genelec speakers and 2 x 18” GRX subs, in full surround. So I wasn’t expecting to match that.
My main use case for theater is when I’m not at home. I can’t wait to use it on a flight to Florida coming up! I’m going to watch the first half of Dune to get ready for the upcoming second half.
Overall impressions on how important the release isI think based on the number of insane demos that I’m seeing online, this really is a 2007 moment.
What I mean by that is that Apple has reset the expectations of what it means to have such a device. They’ve reinvented the category. And now everyone will copy them.
We forget that every smartphone now works like an iPhone. And that’s what’s about to happen with AR/VR headsets. Expect everyone to copy eye-tracking and pinch rather than controllers, for example.
Also, notice that the iPhone did this with the lack of a stylus and using your hands instead. Jobs would be happy about that.
There are also some pretty significant limitations. Once you see how amazing the screen is, you instantly wish it were better. I think Marquez noticed this too.
It’s like you go, WOW! And then 20 seconds later, you’re like, I can’t wait for v2. Not because of the hedonic treadmill, but because the excellence in some areas makes you notice the flaws in others.
I think that similar to iPhone as well, the real magic comes from the platform. It’s what devs will do with it. We’ve already seen a ton of crazy apps, but the piano-playing one was my favorite. And the DJ’ing one. Again, the education piece is going to be insane.
My rating out of 10Hard to rate this thing, so I’ll just make something up.
In terms of lows, this is a 7/10. Pretty great, but lots of rough edges and limitations just because it’s an early release, and because the tech just isn’t there yet.
In terms of highs, this is a 12/10. For me it’s a must-have because I want to see what everyone can build on it, and I want to use it for productivity and education and being teleported to other places and experiences, and lots of other stuff.
In terms of game-changing, paradigm-shifting, and all that. Like future stuff, it’s a 12/10 again. They surpassed the bar of being the next thing in computing.
Ok, but should I get one?This one is pretty easy.
If you’re not an Apple acolyte, don’t have $4,000 to spare, or aren’t into the future of tech interfaces, I’d say it’s not worth it. Wait for v2 or v3.
If you are any of those, and especially if you’re 2 or 3 of them, go buy one right now.
Powered by beehiiv
February 1, 2024
Why I Created Fabric
In this video on David Bombal’s podcast, I talk through the AI tooling I spent 2023 building.
Click to watch the video on YouTube
The video covers:
How I captured my desired outcomes
How I break everything into components
How I apply AI to those individual components
How I call those AI commands from the CLI
How I chain those commands together to accomplish full workflows!
This tooling is what became Fabric in the beginning of 2024.
fabric is an open-source framework for augmenting humans using AI.
The goal of the project is to provide a universally accessible layer of AI that anyone can use to enhance their life or work.
github.com/danielmiessler/fabric
Powered by beehiiv
How (Specifically) AI Will 100x Human Creativity and Output
The real problems are under the water. Click for full-size.
I just realized something. The reason many people are skeptical of AI’s potential is because they’re confused about what limits human capability.
Many think we can’t accomplish more because we’re not creative enough, or smart enough, or we lack the motivation and follow-through.
But our problem is actually execution. We can capture this execution problem in two main ways.
A Scale problem
A Barrier to entry problem
I put a bunch of examples of these in the chart above.
Scale issuesScale issues are where the task is pretty easy when limited in size and scope. Like researching two competitors to see what their products and strategies are when you have someone dedicated to it for a few days.
Or Like watching a tiny area in space to make sure it doesn’t have any Earth-busting asteroids. No problem. We pool together our telescopes and take shifts with people watching the images.
The problem we have, though, is that the sky is humungous, and there aren’t nearly enough telescopes or astronomers to watch them. Plus, humans have lives and need to sleep.
Multiple examples of real vs. false problems. Click for full-size.
Too many logsSame with watching logs and alerts in cybersecurity. If you had one server, and a 3-person security team, you can take shifts, set up some basic automation, and you’ll have it covered.
But at a large corporation, you could be producing terabytes of data per day that needs to be looked at. How does your 40-person team stack against terabytes of logs per day? Especially when they all have other jobs.
It’s the same with other real examples.
People tend to think criminals get away because they outsmart the authorities. It’s not generally true. Criminals leave trails all over the place, but the team responsible for tracking them down is often just one guy.
His name is Jimmy. He’s got high blood pressure, a limp due to a bad right ankle, is going through a divorce, and just got a Corgi. Plus he’s got 19 other cases on his desk.
Finding the criminal isn’t hard, but it’s impossible. There are trails to be followed and clues to be had, but there’s simply nobody to do the work.
Barriers to entryBarriers present a very different problem. It’s not that there’s too much to do, but rather that only certain people are even allowed to play the game. Maybe you had to be lucky to get exposed to something as a kid, like Bill Gates having access to one of the first computers.
Or maybe it’s being top .01% talented as an artist, and also having parents who let you take some art classes. Or maybe it’s that your family is rich, so you grew up with two highly motivated entrepreneurs as friends in high school. Who were also rich.
We don’t pick our parents, or our innate special talents, or our random childhood friends. Yet these things massively influence whether or not we are part of exclusive inner circles.
There are many Julies in Tennessee, and Varuns in India who have the ideas and the genius to make movies better than Spielberg, but they’re locked out. They don’t know the people. They haven’t been trained. They’re not at the epicenter. And there’s no path to get there.
The problem holding humans back aren’t creativity or motivation.
The problem is scale and barriers.
AI vs. blockers and tasksAnd that’s where AI comes in.
AI crushes scale and barriers.
We can’t currently track down all the leads to find most criminals, or to find the people embezzling money, or funding terrorism. Too much noise. Too much research required. And nobody to do it.
But AI will be able to do this very soon.
Using teams of goal-driven autonomous agents, AI will track and follow every single lead, do extensive research on it, bring all that information together, connect the dots, and then write you a report.
Breaking barriers with AIOn the barrier side, there are millions of ultra-creative people scattered through the world with tremendously good ideas just sitting inside their brains right now.
Why? because they can’t draw, they can’t paint, maybe they don’t speak English, and they don’t have any way to get their ideas onto a page.
Well, AI is really good at drawing, and soon it will be really good at video.
Same with people who have extraordinary books and documentaries sitting in their heads, but they’re not very skilled yet with writing, or follow through, or recording and editing videos.
These are all barriers. They are obstacles that stop otherwise capable people from getting all the way from to our product.
Corporate scale and barriersIn the corporate world, this means only companies, and especially big companies, can execute on anything.
That’s because, ultimately, the game comes down to who has the eyes, brains, and hands to actually do the millions of tiny motions and menial tasks required to turn an idea into a product.
AI cuts directly into both of these issues. It will give scale to the individual and the small five-person team, and it will give execution capability to hundreds of millions of creative people. People who never had access to a computer, or a studio, or didn’t know how to draw, or write a book, or make a movie.
But now they can.
Suddenly, all of the ideas for a business, or for a comic or a film, won’t be stuck in peoples’ heads anymore. They won’t be the theoretical thing that rots in their mind as they work their swing-shift in a factory or warehouse somewhere.
This is how AI will 100x human creativity, and why you should be a lot more excited about it than you are right now.
AI is not a big deal because it is technology. Forget technology.
AI is not a thing. It’s an enabler of a thing. It’s an accelerator of a thing. It’s a magnifier of a thing.
And that thing is human creativity.
Powered by beehiiv
January 29, 2024
A Conversation with Shil Sircar, BlackBerry
January 29, 2024
In this episode of Unsupervised Learning, we talked to Shil Sircar. Shil is the Senior VP of Engineering and Data Science at Blackberry, and we talked about:
- Machine Learning in Cybersecurity
- The Evolution from ML to Generative AI
- Predictive vs. Generative Models
- Preventive AI in Cybersecurity
- The Cylance AI Platform
- Attacker vs. Defender Dynamics
- Temporal Advantage in Threat Detection
- Synthetic Malware Generation
- Behavioral Analysis for Cybersecurity
- And the Future of AI in Cybersecurity
Dive deeper here:
Product Page: CylanceAI by BlackBerry
Blog: Riding the AI Waves: The Rise of Artificial Intelligence to Combat Cyber Threats
Blog: AI in Cybersecurity: Hype vs. Help
Video: As Cyberthreats Have Evolved, So Has the Need for AI
Video: Real-world performance is the ultimate test for predictive AI
Predictive AI in Cybersecurity: What Works and How to Understand It
Powered by beehiiv
A Conversation with Shil Sircar, Blackberry
January 29, 2024
In this episode of Unsupervised Learning, we talked to Shil Sircar. Shil is the Senior VP of Engineering and Data Science at Blackberry, and we talked about:
- Machine Learning in Cybersecurity
- The Evolution from ML to Generative AI
- Predictive vs. Generative Models
- Preventive AI in Cybersecurity
- The Cylance AI Platform
- Attacker vs. Defender Dynamics
- Temporal Advantage in Threat Detection
- Synthetic Malware Generation
- Behavioral Analysis for Cybersecurity
- And the Future of AI in Cybersecurity
Dive deeper here:
Product Page: CylanceAI by BlackBerry
Blog: Riding the AI Waves: The Rise of Artificial Intelligence to Combat Cyber Threats
Blog: AI in Cybersecurity: Hype vs. Help
Video: As Cyberthreats Have Evolved, So Has the Need for AI
Video: Real-world performance is the ultimate test for predictive AI
Predictive AI in Cybersecurity: What Works and How to Understand It
Finding Beacons In The Dark ebook
Powered by beehiiv
UL NO. 417: NSA's Broker Buys, AI-Assisted Attacks, Companies Only Want Killers
👉 Continue reading online to avoid the email cutoff issue 👈
Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to thrive as humans in a world that’s changing faster than ever. It combines original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.
TOCINTROHappy Monday!
Had a blast speaking at OpenAI last week on how I’ve been integrating AI into my life for the last year! It was like an overview of what I talked about in the AUGMENTED course, and on the Bombal video, but more condensed. Was blown away by the positive response! Love that company.
🔥Ok, here’s the project I’ve been raving about! It’s called Fabric, and it’s basically a way to integrate AI into your life. It’s a massive collection of prompts, command line clients, and server infrastructure for running your own AI ecosystem!
fabric is an open-source framework for augmenting humans using AI.
Everyone has a billion different AI prompts, but how do you find the best ones? How do you upload yours? How do you use them from the command line? And how do you set up your own infrastructure to use your custom prompts? Fabric is an answer to those questions.
github.com/danielmiessler/fabric
It’s still early, and we’re adding tons of stuff to it (and more documentation), but you can go there now and start using the prompts today.
The patterns (prompts) we have uploaded so far
Quickstart:
For the fastest start, head to /patterns and you can use those anywhere you use prompts. See above.
To build your own server, head to /infrastructure/server.
And coming soon: brew install fabric
Enjoy! And let me know what you’d like to see in the project!
I hope you have a great week! Let’s get into it…
MY WORK
A Conversation with Shil Sircar from Blackberry Data Science - Unsupervised Learning
In this sponsored episode of Unsupervised Learning, we talked to Shil Sircar. Shil is the Senior VP of Engineering and Data Science at Blackberry, and we talked about:
- Machine Learning in Cybersecurity - The Evolution from ML to Generative AI - Predictive vs. Generative Models - Preventive AI in Cybersecurity - The Cylance AI Platform - Attacker vs. Defender Dynamics - Temporal Advantage in Threat Detection - Synthetic Malware Generation - Behavioral Analysis for Cybersecurity - And the Future of AI in Cybersecurity
omny.fm/shows/unsupervised-learning/a-conversation-with-shil-sircar-from-blackberry-da
I Think 80% of Jobs Go Away
The combination of factors I see leading to a killers-only workforce. (Member Content)
danielmiessler.com/p/80-jobs-go-away
SECURITYThe NSA has been buying American browsing data from data brokers without warrants. I bet it’s totally “legal”-ish because they’re getting it from “legitimate” data brokers, but it seems shady AF because they normally would have needed a warrant to get the same kind of information. MORE
South Korean intelligence says North Korea's hackers are now leveraging generative AI to launch cyberattacks. MORE
💡One of the most powerful uses of AI—and especially agents—will be going through millions of targets and figuring out what to attack, when, and using which technique. Red will move much faster than blue on this. Attackers can be sloppy and fast, and defenders have to be a lot slower and more careful. Over time (2-5 years?), this imbalance will switch to the defenders having the advantage due to them having more context.
A lot of hype was made about a data dump of over 26 billion records, but it looks like it’s really a collection of multiple previous breaches. MORE
If we have such a massive cyber skills gap, why are so many companies laying off workers in security jobs? Despite a predicted 32% growth in cybersecurity jobs through 2032, the industry faced over 9,100 layoffs since March 2020, with 55 vendors reporting cuts last year. MORE
Advisories
🚨Confluence Server Attacks — Over 600 IPs are hammering Atlassian Confluence servers with remote code execution attempts. | CRITICAL | CVE-2023-22527 | CVSS Score: 10 MORE
Sponsor
The Critical State of AI in the Cloud
Find out what 200,000+ cloud accounts revealed about the AI surge.
Over the past year and a half, generative AI has seen explosive growth among both end-users and businesses. But at what rate? In this new Wiz Research report, discover how many organizations are adopting managed AI services and what this could mean for your security teams.
You’ll learn:
An in-depth breakdown of generative AI’s impact on cloud landscapes
Statistics on the surge of AI services across major cloud providers
What this means to you: Rising costs and new security concerns
Be the first to get access to these exclusive insights!
wiz.io/lo/state-of-ai-report-2024
Grab your free copy nowBritish intelligence is saying AI will supercharge ransomware attacks in the next couple of years. They're "almost certain" we'll see a spike in both the number and severity of attacks, thanks to AI making hacking tasks like reconnaissance and social engineering more efficient and harder to detect. MORE
💡This is very similar to the point above. Think of it this way: where could attackers (and defenders) benefit from 100,000 interns performing a particular set of tasks? If you’re an attacker with 100,000 interns you could create a deep dossier on each potential target inside of a company, and then create a plan for how to go after them. Well, the better AI (and specifically agents) get, the more realistic this becomes. Attackers will basically say, “Create a dossier on every person at that company, find the types of emails they’re almost guaranteed to click on based on a psychological analysis of their personalities based on their online activity, and then build and launch those campaigns, starting with the people who can give us the most access.”
MIT researchers developed a computational imaging algorithm that lets the ambient light sensor capture images without needing security access to the camera. This method exploits the fact that apps can access these sensors without asking, a loophole not previously considered a privacy risk. MORE
X has rolled out passkeys for iOS users. The move follows a series of high-profile account hacks and the controversial decision to drop SMS two-factor authentication for non-subscribers. MORE
Cybersecurity firms Snyk and Cato Networks are getting ready to IPO. Seems like weird timing, but ok. Happy to see the activity, and I hope it encourages others to follow. MORE
3 US troops have been killed by an Iranian drone in Jordan, and Biden has vowed to respond. MORE
Incidents
Trello had a breach that exposed over 15 million users’ emails and names, and Loan Depot's ransomware attack affected over 16 million customers’ info. MORE
💡I’m a bit shook by how close I am to not mentioning breaches at all. Almost nobody cares. Of course the CISO at the place does, but the collective memory on these things is non-existent. Unless it’s some kind of major event, it’s just background noise. Part of doing business. Just like fraud charges for banks. 10 years ago we thought we’d stop doing business with companies that got hacked. Today, virtually everyone’s been hacked. And nobody cares.
👉 Continue reading online to avoid the email cutoff issue 👈
TECHNOLOGY
You can now do @ to mention a custom GPT in a conversation within ChatGPT. So imagine you are trying to make a website, you can @-in the Grimoire GPT. MORE
All the Major Tech Layoffs in 2024 So Far MORE | MORE
💡I just released a member post describing why I think this might get worse, i.e., why I think 80% of current jobs go away over the next 8-12 years or so. Who really knows the exact amount, or timeline, but I think the pressure factors are strong.
Here’s another piece saying something similar: Tech Layoffs Not Tied to Economic Struggles, but AI Investments MORE
OpenAI just rolled out ChatGPT Team, offering features like access to GPT-4, DALL·E 3, and a secure workspace for team collaboration. MORE
Elon Musk is hoping for a $6bn raise for his AI startup, xAI, to take on OpenAI, with a valuation aiming at $20bn. Seriously? How many companies does this guy need? And how much of this is just a push to get the Tesla stock and control he was looking for? MORE
Microsoft just hit a $3 trillion market cap. It’s stunning to me how Microsoft is ascending while Google stagnates. What a difference a decade can make. MORE
The Biden administration is putting billions into semiconductor manufacturing, targeting companies like Intel and TSMC to boost U.S. chip production. This includes significant investments in new factories across states like Arizona, Ohio, New Mexico, and Oregon, with Intel's projects alone surpassing $43.5 billion. Love. It. MORE
HUMANSThe 'Nones' have taken the lead as the largest religious group in the U.S., with 28% of adults identifying as religiously unaffiliated, surpassing Catholics and evangelicals. MORE
Over half of Americans would struggle with a $1,000 emergency, says a new survey. Only 44% could handle such an expense without borrowing, using credit, or cutting back elsewhere. MORE
Men are flocking to 'man camps' like the Modern Day Knight Project to tackle their loneliness and redefine masculinity, often enduring intense physical trials. These boot camps, costing up to $18,000, promise self-improvement and mental fortitude, but experts question their extreme methods and psychological impact. I also wonder about the Venn overlaps with militia groups. MORE
US agencies are telling companies not to delete Slack or Signal chats, especially if they're under investigation. They're updating their language to make it clear that companies need to preserve and hand over records from platforms like Slack and Signal, with failure to do so potentially leading to fines or criminal charges. MORE
The Army's dropping its high school diploma requirement for new recruits due to it’s recruiting crisis. So now you’ll be able to enlist if you're at least 18, qualify for a job in the active-duty Army, and score at least a 50 on the ASVAB test. They only hit 40% of their recruiting goals last year. And it looks like the Navy is doing something similar. MORE
👉 Continue reading online to avoid the email cutoff issue 👈
IDEAS & ANALYSISCompanies Want AI, Immediately
🤯Anecdotal, but I was in a meeting with a big-wig executive and some other industry experts, and the resident VC expert (from a very reputable company) had a challenge for us. He asked,
What percentage of funding into AI startups do you all think is coming from internal, corporate investment groups?
Everyone guessed like 10% — 20%. I thought I was being crazy saying 60%. But I imagined it was a high number.
He said it was 90%.
90% of money going into AI companies coming from internal companies? In this economy? What does that say to you?
To me it says they can’t wait to get rid of most of their employees. To me it says they know how much heat they’re getting instead of light from most of their efforts. And they can’t wait to automate as much as possible.
As I say in my latest post, get ready for this. Be ready. It’s coming. Companies cannot wait for AI to replace the vast majority of their workforce. Don’t believe any company telling you otherwise.
More Efficient Terrorist Groups
One of the scariest things I heard this week was Tyler Cowen saying that AI’s big threat for terrorism isn’t making new pathogens, but actually helping them run a terrorist organization efficiently and without getting caught. Yikes.
Trying another mechanical keyboard, the Nuphy Air75 V2. Basically I have Vim typing sounds envy and I’m hoping this will address the issue. Plus it’s very Mac-friendly and YouTube reviews have been stellar.
📚We had one of our best hour-long conversations during UL Bookclub this weekend. I’d say top 3 for sure. So many topics. So many great comments. It was extraordinary. And the book was only the onramp to the topics, as usual. Absolutely love the book club. Never imagined being in one, and now it’s been going strong for like 4 years. COME BE PART OF IT
The big (commercial) app I’ve been working on is now in testing phase. I’m about to start showing prospects!
DISCOVERY🔥📺 Tyler Cowen on How GPT is Changing His Job MORE
🛠️ Replit — A platform for coding, AI assistance, and deployment, all within your browser. | by replit | MORE
🤖 LangGraph — It’s basically Langchain for multi-agent workflows | by Harrison Chase | MORE
🔌 Power VIM with AI — A new plugin brings AI directly into VIM, making it easier to write code and content by integrating with your documents. | by Song Luo | MORE
🛠️ APIDetector - Efficiently scan for exposed Swagger endpoints across web domains and subdomains. by brinhosa | MORE
😹 Tomcter - python tool developed to bruteforce Apache Tomcat manager login with default credentials. by oppsec | MORE
✨ Innovative and open-source visualization application that transforms various data formats, such as JSON, YAML, XML, CSV and more, into interactive graphs. by Aykut Saraç | MORE
✍️ A student shares how AI boosts their lecture note-taking by blending teacher's words, presentation content, and AI-generated summaries. They use their phone to record and live transcribe lectures, then feed the transcript to a Large Language Model (LLM) like Claude for concise summaries, enhancing their personal notes without replacing them. | by snats | MORE
🛠 Writing a TUI in BASH — A deep dive into creating Terminal User Interfaces using BASH, showing it's possible with minimal dependencies. | by dylanaraps | MORE
🛌 Morpheus-1 - A model that induces lucid dream states by propheticai | MORE
Rich People Don't Talk to Robots MORE
Ring's stopping police access to doorbell footage. MORE
Extreme Brainstorming Ideas to Trigger New, Better Ideas MORE
Prompt Security is a company looking to secure AI apps against prompt injection. MORE
Several Truths About Success MORE
Git commit messages are useless MORE
The Books We Can’t Wait to Read in 2024. MORE
Everything Is a File MORE
Bright Data's platform is a one-stop shop for proxy networks, web scraping tools, and pre-packaged datasets. MORE
How I use ChatGPT daily (scientist/coder perspective) MORE
Ash Jogalekar highlights academic papers that break barriers with their brilliance and accessibility, becoming timeless across disciplines. These papers are celebrated for their exceptional thought and broad relevance, making complex ideas accessible to a wider audience. | by Ash Jogalekar | MORE
Warren Buffett's Berkshire Hathaway has 83% of its $365 billion portfolio in just 7 stocks. I have a silly question: why not just find out what he’s doing in terms of stocks and percentages, and match those? MORE
RECOMMENDATION OF THE WEEKGive help. Ask for help.
Give help. Ask for help.
Give help. Ask for help.
♻️
You never know where your friends are in their up-and-down cycles of self-belief, good and bad news, etc. Reach out and offer help.
And don’t forget to ask for help when you need it too.
APHORISM OF THE WEEKThank you for reading.
UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.
So if you know someone weird like us, please share it with them. 🫶
Share UL with someone like us…Yours,
Powered by beehiiv
January 28, 2024
I Think 80% of Jobs Go Away
This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.
A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!Powered by beehiiv
January 24, 2024
How To Write Effective AI Prompts (Updated)
Click for fullscreen
If you want AI to work for you, you have to know how to talk to it.
I’ve been grinding on AI since November 2022, and I recently taught a 3-hour live course on how I’ve integrated AI into my everyday workflows. One of the topics I covered was how to create concise and effective prompts.
PromptingHere’s some detail on each of these points.
I use Markdown because it’s simple, and simple is good for reading/editing.One of the most important things about prompts is transparency. They have to be legible and super easy to read and edit. Markdown is perfect for that.
A prompt written in Markdown
As you can see above, this format makes it super clear what’s going on. You have clear sections at different levels, combined with numbered and bulleted lists.
Markdown is a human-first format
Most LLMs seem to also like Markdown because it’s easy to parse, e.g., lists of steps, hierarchical instructions, etc.LLMs love Markdown for the same reason that humans do—because it’s easy to understand.
The clearer you make prompts for yourself, the clearer they are for the AI as well.
I tell the LLM who it is, e.g., give it a roleWhen you tell an AI that it’s an astronaut, you’re priming it with all the knowledge in the model about that topic. That means it’ll give far better answers.
I often use the “take a step back and think step by step” setupAfter I define the role of the AI, I then tell it to:
Take a step back and think step by step about how to achieve the best outcome.
There was a competition between prompting techniques and this one beat out dozens of other techniques!
I break things into small, discrete stepsAfter I define my role and tell the AI to think step-by-step, I then give it those steps one by one.
Each step should do only one thing and work with the one above and below it
I often don’t even use a user promptI’ve actually started using the system prompt almost exclusively. It’s taken more seriously by LLMs and I tend to get much better results.
I tell it exactly how I want the output to look
I am very clear about how I want the output to look. The clearer the better.
I also give examples of good output if it might be confusingOne of the best things you can do with an AI is give examples. And it’s especially good if you do both 1) great instructions, and 2) great examples of output at the same time.
EXAMPLE OUTPUT- Nabisco (nabisco.com)- Coke (coke.com)- Cars (cars.com)END EXAMPLE OUTPUTI try to use as few words as possible; LLMs easily confused with too many instructionsBe as concise as you can. You might think saying more will help, but it often just confuses it.
I’m a little rough with it (do this!, don’t do this!)You only output Markdown.
LLMs prefer being told what to do rather than having to think for themselves.
Be explicit in what you like and don’t like about what they’ve done.
Combine all these
The results of a clean prompt (click for fullscreen)
I use Markdown because it’s simple, and simple is good for reading/editing
Most LLMs seem to also like Markdown because it’s easy to parse, e.g., lists of steps, hierarchical instructions, etc.
I tell the LLM who it is, e.g., give it a role
I often use the “take a step back and think step by step” setup
I break things into small, discrete steps
I often don’t even use a user prompt
I tell it exactly how I want the output to look
I also give examples of good output if #7 might be confusing
I try to use as few words as possible; LLMs easily confused with too many instructions
I’m a little rough with it (do this!, don’t do this!)
If you combine all these techniques, your prompting game will upgrade multiple levels, and so will your results.
Powered by beehiiv
Daniel Miessler's Blog
- Daniel Miessler's profile
- 18 followers
