Daniel Miessler's Blog, page 15

👉 Continue reading online to avoid the email cutoff issue 👈

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news—but why it matters, and how to respond.

TOC

INTRO

MY WORK

SECURITY

TECHNOLOGY

HUMANS

IDEAS & ANALYSIS

NOTES

DISCOVERY

RECOMMENDATION OF THE WEEK

APHORISM OF THE WEEK

INTRO

Welcome to 2024!

This year is going to be insane, and I’m choosing to frame that as a good thing.

Between international security, politics, and AI, I think there is going to be so much chaos that it’d be easy to despair from all the uncertainty.

Let’s not do that. Let’s do the opposite. Let’s take that chaos and uncertainty and choose to become excited rather than anxious.

Amidst all this craziness, there’s never been a better time to become who you were meant to be.

I’m honored and grateful to be grinding here alongside you.

Yours,

Wrote a ton during the break.

MY WORK

AI's Predictable Path: 7 Things to Expect From AI in 2024+

This first one is the longest and most in-depth thing I’ve written since I started writing online in 1999. It’s a nearly 9,000-word, illustrated deep-dive of what I think we’ll demand as humans from AI.

danielmiessler.com/p/ai-predictable-path-7-components-2024

Cory Doctorow is Not Even Wrong About the So-called "AI Bubble"

Doctorow got it so wrong with this one, and I make a full argument showing how.

danielmiessler.com/p/cory-doctorow-not-even-wrong-socalled-ai-bubble

LFTM: 'Looking Forward to Monday' is the Metric for 2024

This is the metric I recommend you use going into 2024, and consider making changes if it’s not where you want it to be.

danielmiessler.com/p/lftm-looking-forward-monday-metric-2024

This is the last week to register for my live AI Course, which will take place on January 13th.

Reserve a limited slot

🚨I am running a space-limited 3-hour AI course called AUGMENTED on January 13th and 12PM PST. Here’s what it covers:

My Approach

What I want from AI (the problems I’m solving)

My framework / approach for solving them

A live demo of multiple workflows

Architecture Overview

The tech stack that I’ve built

My prompt/templates approach and lessons-learned

Guides

A step-by-step for building the server-side infra

A step-by-step for building the client-side infra

Hosting recommendations

Outputs

The full guide to building my stack for yourself

Multiple full-text copies of my actual modules

A set of ideas you can use for different professions and areas of focus, e.g., security, writing, copywriting.

Basically, by the end of the 3 hours, you’ll be able to build a copy of my AI ecosystem for yourself.

The course will be limited in attendance, and early access prices start at $495. The date will be announced soon for the middle of January 2024.

Super excited to share my full philosophy, ecosystem, and workflows, and now I have the avenue to do that!

UL Subscribers can get early subscriber access for $445. GET YOUR SPOT

UL Members get a full $200 off the course, bringing it to $295! BECOME A MEMBER

SECURITY

SSH is vulnerable to a novel data corruption attack called Terrapin. It’s basically a way to force SSH to behave in an insecure way, so you need to patch or adjust your configs to fix it. I was going to just recommend a specific set of ciphers, but it’s more complex than that. Look at your specific stack and get your vendor patches installed as quickly/safely as possible. MORE

Julian Hazel at the University of Oxford showed that LLMs can iterate rapidly to produce realistic spearphishing emails at minimal cost. MORE

People are freaking out about Clear doing facial recognition for sign-ins. It’s crazy to me how many infosec people don’t realize the difference between having some random vendor-specific image of your face, vs. having your actual face. Someone can’t break into third-party B’s systems using third-party A’s picture of your face. And especially not with a third-party A’s digital hash of third-party A’s picture of your face. MORE | WHY BIOMETRIC DATA BREACHES WON’T REQUIRE YOU TO CHANGE YOUR BODY

💡It’s the same with fingerprints, by the way. And voice. Where it gets weird is when it’s a human doing the authentication, such as when someone tricks your mom into sending money because she thought it was you calling.

But for machines, they’re going off of mathematical representations of a picture of you, not the actual you. This is why stealing “biometric authentication data” isn’t nearly as bad as most people think it is.

Verizon's been caught again sharing customer data with anyone who asks, without any real checks in place. This is an overall problem at all these operators, not just Verizon, btw. A stalker recently obtained a victim's address and call history by posing as a police officer with a fake email. MORE

Scammers on Telegram are using doctors' identities to sell fake vaccination documents. A disinformation detection firm found about 60 channels on Telegram pushing bogus Covid-19 vaccine certificates, reaching over 3 million people and netting $286,000 in cryptocurrency. Cool article, but I feel like it’s a little confused about who’s getting scammed. MORE

Rite Aid got a five-year ban on facial recognition tech by the FTC for mishandling consumer data and causing harm. The FTC found that Rite Aid's surveillance program was full of errors and biases, leading to false accusations against customers, including an 11-year-old girl. They’re being forced to delete the collected biometric data and implement a robust data security program to prevent future violations. I honestly love how aggressive the government is getting in cases like these. MORE

Xi Jinping's regime is reportedly executing a Stalin-esque purge, targeting even his closest allies. High-profile disappearances include China's foreign and defense ministers and top military officials, some of whom reportedly died in custody or vanished without explanation. MORE

Lt. Gen. Timothy Haugh has the green light to lead the NSA and Cyber Command. MORE

Vulnerabilities

🪳pfSense Vulnerabilities Found — Multiple flaws in pfSense firewall software could let attackers run commands. | HIGH | CVE-2023-42326 | CVSS Score: 8.8 MORE

🚨 Terrapin SSH Vulnerability — A new attack called Terrapin can compromise SSH channel integrity by manipulating protocol operation. | CRITICAL | CVE-2023-48795, CVE-2023-46445, CVE-2023-46446 | MORE

Incidents

⚠️ Xfinity Data Breach — Comcast confirms a CitrixBleed hack compromised data of nearly 36 million Xfinity customers. | SEVERITY: HIGH | RESPONSE: Customers must reset passwords, and two-factor authentication is recommended. MORE

⚠️ Nissan Cyberattack — Nissan got hit by a ransomware group claiming they've snatched 100 Gb of data. | SEVERITY: HIGH | RESPONSE: Working to identify impacted information and has notified authorities. MORE

⚠️ Ubisoft Security Alert — Ubisoft is probing a potential breach after internal data leaks surfaced online. | SEVERITY: HIGH | RESPONSE: The company is currently investigating the incident and has not shared further details. MORE 

⚠️ GTA 5 Code Leaked — GTA 5's source code got leaked online right around Christmas. | SEVERITY: HIGH | RESPONSE: No official response from Rockstar yet. MORE 

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

Waymo's latest safety data reveals its driverless cars are significantly less likely to be involved in injury-causing crashes compared to human drivers. Such a massive win for autonomous driving, while we constantly hear of fails from Tesla and Cruise. Over 7.1 million miles of autonomous driving, Waymo reported only three minor injuries, while humans are estimated to have a three to nine times higher chance of injury crashes in the same conditions. MORE

The UK Supreme Court has ruled that AI systems cannot be recognized as inventors of patents. In other words, only a natural person can be an inventor, which is fine, except it won’t stop inventors from using armies of inventor/documentation agents from not only coming up with ideas but writing and submitting all the paperwork. In the name of the human. MORE

💡How are we going to tell the difference between a human having X output vs. having an army of AI Agents working for them behind the scenes producing that output for them? We won’t.

I mean if someone writes 300 book reports over the weekend they probably used their agent farm to do so. But the more interesting bit is that we won’t care. It’ll just be the norm. Everyone operating at the top tiers of any game will be a(I)ugmented with their own fleet of aigents behind them.

The API economy, now valued in the trillions, and faces complex regulatory challenges with the integration of AI. Just in time for my API-ification of everything take. If you think it’s a big market now, wait until it’s the fabric for all business. MORE | THE API-IFICATION OF EVERYTHING | A THRIVING ECOSYSTEM OF DA MODULES

China's coming down even more on the gaming industry, setting new rules against daily login rewards and pay-to-play incentives. It’s extraordinary and frightening to me that China has this much control over their population. And I can't help but feel like we’re at a massive disadvantage against them because of it. MORE 

New research from Apple shows how they plan to bring (hopefully way better than Siri) AI features to the next OS and iPhone hardware, including creating lifelike animated avatars and running complex language models directly on the device. Cannot f-ing wait for the iOS 18 announcements and betas this year! MORE 

Sam Altman is backing Retro Biosciences with $180 million. The startup's ambitious goal is to extend human healthspan (Peter Attia’s term) by a decade. MORE 

Google's AI tool, Performance Max, has reduced the need for specialized ad sales roles by automating ad creation and scaling. Various articles are saying up to 30,000 jobs are being cut at Google as a result. MORE

Tesla released its Optimus Gen 2 robot, which has improvements in speed, weight, and agility over the previous gen. This new model is 22 lbs lighter and 30% faster, with enhanced movement capabilities across its 35 degrees of freedom. MORE

HUMANS

Japan's western coast was on high alert after a 7.6 magnitude earthquake triggered tsunami warnings and calls for immediate evacuation. The Japan Meteorological Agency issued a major tsunami warning for Ishikawa, with potential waves up to 5 meters high, and lower-level advisories for other western coastal areas. MORE

Biden just pardoned every American who's used marijuana, even those never charged. The pardon covers federal and D.C. offenses for personal use but excludes sales and DUIs. MORE

Nearly half of young Americans are living with their parents, which are numbers we haven't seen since the Depression. Last summer, the Pew Research Center reported that 52% of 18 to 29-year-olds (around 27 million) were living at home, the highest since the 1930s. MORE

The latest PISA report suggests a strong link between phone use and plummeting student test scores. Students spending less than an hour on phones at school scored significantly higher in math, with a 50-point difference compared to those on screens for over five hours. MORE

AI now spots childhood autism with 100% accuracy just by scanning kids' eyes. The study involved 958 children and used deep learning to analyze 1,890 retinal images, half from kids already diagnosed with autism. MORE

High doses of Vitamin D might help your body use extra calories for muscle growth instead of storing them as fat. The study suggests that increased Vitamin D intake can influence how the body allocates calories, potentially favoring muscle over fat storage. They put normal at 2,000 IU a day, and high at 10,000 IUs. I was at 10K a day and went back down to 5K. Maybe I’ll go back up. MORE

Volkswagen is bringing back physical buttons due to customer pushback on touch controls. MORE

Apple's next-gen CarPlay is starting with Porsche and Aston Martin, offering a more immersive experience that extends to the entire dashboard. The new system allows for vehicle-specific themes and integrates with car features like radio and temperature control. Really wish I could get this on a Tesla, or that BMW made something as good as Model Y. MORE

The EU has agreed on significant migration reforms, including streamlined deportations and detention centers at borders. The pact is trying to balance migration pressures across member states, but faces criticism from refugee rights groups. MORE

US homelessness has spiked to its highest level since 2007, with a 12% increase from last year. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

I happily put them all in essays during the break!

NOTES

My favorite vim tip of 2024: change your file editing alias to “v” or “e”. One character. I have been using “vi” for years, thinking I was smart. If you’re going to use two characters instead of “nvim” (4), why not 1 instead of 2? MORE

DISCOVERY

⚙️ My Dot Files — I posted a repo of my nvim configs which are customized Lazy, plus a slightly customized zsh theme. MORE

💻 Therm — A stripped-down iTerm2 fork that prioritizes minimalism and improved defaults. I want to use it but I’m a bit scared, honestly. Somebody convince me. | by pancake | MORE

📚 The Primal Hunter Series — This is the LitRPG series I’m currently reading. MORE

🐬 Ollama.ai — Ollama is a super easy way to play with local models. Just go get Ollama and pick this model dolphin-mixtral. Quite strong. | by Eric Hartford | MORE 

🔗 ngocok — A free alternative to Burp Collaborator using ngrok for security testing. | by dwisiswant0 | MORE

💬 Talk2Arxiv — Chat with academic papers using this open-source tool that parses and understands PDFs. | by evanhu1 | MORE

Anders Borch shares experiences from interviewing hundreds of software engineering candidates. | by Anders Borch | MORE

Butterfly Ideas: Protecting Fragile Thoughts MORE

Hacker News Activity Analysis with a GPT-4 Agent MORE

SQL as an API Strategy MORE

How to get Stable Diffusion to generate consistent characters | by Chase Lean | MORE

🔥The iPhone’s Notes App Is the Purest Reflection of Our Messy Existence MORE

Writing Code Is the Same Thing as Writing Prose MORE

📝 FigJam's Self-Evaluation Template — As the year wraps up, FigJam offers a free self-evaluation template to help you reflect on your accomplishments and areas for improvement, setting you up for success in the coming year. MORE

🎙️ Oliver Burkeman brings a refreshing perspective on productivity, reminding us that a fulfilling life isn't about squeezing productivity out of every moment. MORE

You Don’t Need Analytics on Your Blog MORE

Life's Little Upgrades MORE

How I Work MORE

Google Podcasts is Shutting Down MORE

I Just Need a Programmer MORE

Keep a "brag document" to track and share your work accomplishments. | by Julia Evans | MORE

RECOMMENDATION OF THE WEEK

Think about what you were supposed to become as a person.

Ask yourself, going into 2024, if you are that.

Realize it’s 100% ok if you aren’t. Hardly anyone is. I’m definitely not.

But most importantly, ask yourself if you’re on the path!

If you aren’t, and you don’t have a plan to get there, or you’ve convinced yourself to settle for something lesser, reject that. Don’t give in. Don’t settle. Resist. Battle. Fight.

Recommit to becoming who you were meant to be.

As a huristic, ask yourself if you look forward to Mondays. If you don’t, it might be because you’re not working towards becomnig that person, or because the way you’re spending your time isn’t a good path for doing so.

This is the perfect moment to think about how to change that.

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶 

Share UL with someone like us…

Yours,

Powered by beehiiv

Doctorow just wrote an uncharacteristically shortsighted essay asking whether there would be anything left over after AI’s bubble bursts.

Here’s an excerpt:

He makes some decent points about silly AI startups in the piece, and I, of course, agree that most of those will die off soon.

The scale of inefficiency

But if you agree with him that this entire AI boom is actually a bubble, and would like to know why I think differently, ask yourself this question:

In other words, what challenges currently limit the number, size, efficiency, and scale of startups and enterprises—especially those pertaining to creating and executing business ideas?

It’s hard to capture perfectly, but let’s make a quick list:

Most businesses do not have standardized internal processes

Even for companies that do, it’s almost impossible to implement those processes at scale across the company

Most companies cannot scale their sales operations

Most companies cannot scale their support organization

Most companies aren’t good at finding and keeping the right people

Most companies cannot scale their marketing efforts

Most companies cannot scale their vision/strategy leadership talent that come up with innovative ways to deal with market conditions

So let’s further break this down as:

Strategic Cohesion

Keeping everyone updated on direction

Keeping everyone motivated on direction

Process Standardization

Policy creation

Policy following

Keeping everyone updated and synchronized

Ease of updates for new processes and policies

Hiring and Performance Management

Finding the right people

Vetting them properly

Keeping them invented to do quality work there

Getting rid of those who stop performing well

Sales Operations

Everyone knows what we sell

Everyone knows the customer they’re selling to

Everyone knows how our product can help them

Consistent testing and iteration process

Consistency, quality, persistence

Ease of updates for new products

Marketing

Everyone knows what we sell

Everyone knows the customer they’re selling to

Everyone knows how our product can help them

Creativity in marketing copy

Consistent testing and iteration process

Consistency, quality, persistence

Ease of updates for new products

Support

Enough people

Proper training

Consistent improvement process

Ease of updates

I’ve been consulting and advising for startups for over 15 years, and it’s always some combination of these things that either limits growth or outright destroys a company. And for larger companies, these factors limit the scale and quality of their output.

My argument is simple: Most of these elements, such as sales, operations, marketing, internal processes, etc., are operating with like 5-30% efficiency. It’s mostly waste. And the percentage of waste grows as the teams get bigger.

If you know, you know.

It’s virtually impossible to run a sales team. Most companies aren’t doing it well. Same with marketing. It’s voodoo magic, and inconsistent, more art than science, and very few companies thrive there. And internally, most companies are horribly run from a process and communication standpoint.

Too much bureaucracy. Too many inefficiencies. Too many people doing useless things, not enough people doing the right things. And the broken processes and structure create broken incentives. And then the whole broken system starts working toward the wrong things.

Well, these are the engines that power companies. All of our startups, medium-sized companies, and giant corporations.

If I had to guess, I’d say we’re getting 5-30% value from most companies of any significant size. Let’s call it 20%. That’s 80% waste across all those areas added up that produces friction.

And that’s just for the percentage of 100% that’s possible with that number of humans at the company.

Enter AI

Now let’s add AI. The right way to think about AI is to ask:

Here’s my answer:

AI will massively improve not just the efficiency in all those areas, but also the scalability.

Imagine you have a sales team that’s 7% efficient. If you don’t believe the numbers are that low, think about the amount of time they spend working (and being paid) vs. how many calls they have and how many deals they close.

7% might be generous.

Anyway, now imagine you have a 20-person sales team. Now think about what happens when that efficiency goes to 45%, or 70%.

But now you have 1,500 salespeople.

And we’re not doing that just for sales operations. We’re doing that for marketing as well. And hiring and firing. And all the other areas we mentioned that are holding back companies.

This is what makes Doctorow’s essay so shortsighted. We’ve just seen the ability to improve the efficiency and scale of the core muscles of capitalism itself. And all he sees are gimmicky companies on billboards.

The real impact of AI on the economy

I said back in February of 2023 that AI would pull us out of a recession. Who knows how much of an effect it was, but I think it was likely significant.

And a couple of months later I said AI would massively raise the US’s GDP within a few years.

I think I was too timid in those predictions. I think, given the analysis above, that we’re likely to see global productivity multiply extraordinarily in the next 10 years.

What I don’t know—and nobody can know—is how that will combine with the tens of millions of jobs that will also be lost at the same time. Like, who is buying all this new and better stuff if AI is also removing human jobs?

Anyway.

AI is not a thing. It’s a magnifier. And the things it magnifies are creativity and consistent, high-quality human work output. Our total output for planet Earth is currently N, let’s say.

When you very quickly add billions upon billions of AI of powered agents, and systems of agents, that are capable of producing creativity at some level, as well as producing extraordinarily consistent and high-quality output, you take that N value and multiply it by 10, by 100, by 1000.

Stop thinking about the silly applications of AI,  The company that reads you walnut recipes in the voice of a walnut tree are not going to last. So what?

The impact of the printing press was not the manufacturing of religious books. The impact was introducing billions of people to entirely different worlds and different ways of thinking.

Similarly, the impact of augmenting humanity with artificial intelligence is not the micro-companies that do kitschy things with a side feature of AI.

The impact is dramatically multiplying the output of humanity.

So yes, Mr. Doctorow, there will indeed be something left after “the AI bubble” bursts.

Powered by beehiiv

I have a dead-simple diagnostic tool for 2024.

Ask yourself how you feel about Mondays.

Too many of us dread them. The meetings. The meetings about meetings. The planning that rarely turns into reality. Team politics. Perpetual reviews. And generally feeling like you’re wasting your valuable time and attention.

If that’s you, you probably see the weekend as a temporary sanctuary from a week of necessary frustration.

We’re told this is normal. We’re told everyone feels this way, and that we should accept it. It’s not true.

If you dread Mondays it means you are not in alignment with the work you’re doing. Everyone needs to work, but work can either be rewarding or soul-crushing.

Dreading Monday means you’re doing the soul-crushing kind. 2024 is the year to change that. For one, you’ll be happier. Second—I think the more soul-crushing the work is the more vulnerable it is to being automated.

Free yourself. Find something that makes you excited for the week to come.

AI is going apeshit. Things are changing. It’s the perfect time to find a better path.

Powered by beehiiv

Humans are meant to think and share their thoughts in writing, audio, and video.

The fact that this is called “podcasting”, or “blogging”, or “being a YouTuber” is simply a remnant of a primitive and unhealthy society that we need to evolve away from.

Everyone on Earth should be enabled to learn, and grow, and think—and to share their thoughts and opinions with others. They shouldn’t have to, of course, but it should be normal to do so. They should be raised to think that it’s part of their value as a human to think for themselves, and to have ideas and opinions that are valuable to others.

Right now that’s not the case. Think about what percentage of people in the world think they have ideas to offer. I’d guess over 99% of the world (who knows the real number) thinks having and sharing ideas is special, and not for someone like them.

We saw this before with the democratization of reading.

500 years ago, only certain people could read. And if you heard that somebody was trying to learn, it would be a great surprise. Everyone would say, “Hey look, Sally is trying to Church.”, or “Bobby wants to Clergy.” The act of reading was associated with special activity, like being a priest.

That’s what blogging is now. Or podcasting. Or being a writer, or a public intellectual. They’re special words for things that shouldn’t be special.

As it turns out, everybody should read. And that’s why it was an evolution to have the printing press and the widespread distribution of reading. Well, now it’s time for that to happen for thinking, writing, and sharing those thoughts with others.

Brimming with creativity and confidence

So try not to think of blogging, podcasting, or making videos as special activities for special people. Using those names is self-gatekeeping for behaviors that we should consider normal.

We as humans should all think. We should all feel. We should all imagine. And we should all be encouraged to share.

Not certain people. Not special people. Everyone.

Powered by beehiiv

👉 Continue reading online to avoid the email cutoff issue 👈

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news—but why it matters, and how to respond.

Happy Monday!

Ok, a bit of a shorter show this week with the holiday coming up. And there’s no show next week, as a reminder.

But I’ve been busier than ever somehow!

The response to the course announcement has been INSANE, and I’ve been adding new stuff to it every day. So excited to deliver this! Couple of quick FAQ items: 1. I’ll be announcing the date in the next week or so, 2) it’s a live course, and 3) it won’t be recorded.

I also finally finished my annual December Vim Refresh Ritual of many of hours of Neovim study. And I now have my full 2024 configuration. And I published it for the first time! You can check it out in my new dotfiles repo on Github. GET IT

Switched to Lazy for my plugin manager and base

Deleted all my custom configs and started over

Added each config and remap by hand so I know every single setting and what it does

I even created my own oh-my-zsh theme that I like better than my old go-to. It’s also in the repo.

I now have that Irish Spring feeling! Feels wonderful!

Basically my Vim setup now looks and feels sicker than ever, and because of Lazy it is far easier to manage plugins and updates. I simply add one definition file under /plugins and it does the install and config by itself. No more adding in one place and configuring in another and then kicking off an update manually. Plus I have full LSP functionality and a million other smoothed edges that come with Lazy.

Hat tip to Primegean and Josean for a lot of config inspo.

Folke is the creator of Lazy and also my favorite Vim theme—TokyoNight, and he’s a hero.

To use my configs (it’s pretty customized so be sure to read the options.lua and keymaps.lua files, simply back up your existing nvim directory and copy it into your .config directory. When you launch Vim, the distro will do the work. And the docs are pretty damn good as well.

My new NVIM setup with Tokyonight

Let’s get into this week’s show!

Purposelessness—Not Social Media—is Making Our Kids Depressed
My new piece on how I believe the lack of purpose is the root cause of a lot of young peoples’ suffering. MORE

🗡️The UL Character Sheet
My new essay and D&D model for showing how Talent and Luck matter far less than Discipline. MORE

MY WORK

❤️ Purposelessness—Not Social Media—is Making Our Kids Depressed
My new piece on how I believe the lack of purpose is the root cause of a lot of young peoples’ suffering. MORE

🗡️The UL Character Sheet
My new essay and D&D model for showing how Talent and Luck matter far less than Discipline. MORE

Reserve a limited slot

🚨I am running a space-limited 3-hour AI course called AUGMENTED in January. Here’s what it covers:

My Approach

What I want from AI (the problems I’m solving)

My framework / approach for solving them

A live demo of multiple workflows

Architecture Overview

The tech stack that I’ve built

My prompt/templates approach and lessons-learned

Guides

A step-by-step for building the server-side infra

A step-by-step for building the client-side infra

Hosting recommendations

Outputs

The full guide to building my stack for yourself

Multiple full-text copies of my actual modules

A set of ideas you can use for different professions and areas of focus, e.g., security, writing, copywriting.

Basically, by the end of the 3 hours, you’ll be able to build a copy of my AI ecosystem for yourself.

The course will be limited in attendance, and early access prices start at $495. The date will be announced soon for the middle of January 2024.

Super excited to share my full philosophy, ecosystem, and workflows, and now I have the avenue to do that!

UL Subscribers can get early subscriber access for $445. GET YOUR SPOT

UL Members get a full $200 off the course, bringing it to $295! BECOME A MEMBER

SECURITY

Ubiquiti customers are reporting access to other people's UniFi devices and getting their notifications. One user received a security camera notification that wasn't theirs, while another found themselves with control over 88 devices from someone else's account. MORE

Channel 1 is a new TV channel launching in LA in 2024, and it’s going to use AI-generated news anchors for the first time on American TV. My first question is why TV? I guess they still need to grab that long tail while they switch to streaming. Really curious how people respond to it. The question is whether the need for constant news will outweigh any bad vibes from the uncanny valley. MORE

Discord just rolled out WebAuthn for MFA. Go do the thing. MORE 

Sponsor

The 2023 Kubernetes Security Report

The shocking reality of critical vulnerabilities in publicly-exposed containers.

Kubernetes (K8s) has transformed the way applications are deployed and managed in the cloud-native landscape. Based on our scans of over 200,000 cloud accounts, the Wiz Security Research team exposes how many clusters are at risk, and what it means for your cloud defense. You’ll discover:

In-depth breakdown of Kubernetes attack chains

Statistics on security controls and mitigations

The best ways to defend against cloud attacks 

Think of it as your playbook against cloud threats. All this and more can be found here:

👉wiz.io/lp/the-2023-kubernetes-security-report👈

Grab Your Free Copy Now

Utah's Supreme Court just ruled that suspects don't have to give up their phone passcodes to the police. The case involved a kidnapping, and I see this one going to the Supreme Court. MORE

A new report discusses a Pro-China YouTube network used A.I. to spread disinformation about the U.S.. The network's content, spanning 30 channels, had almost 120 million views and over 730,000 subscribers since last year. These channels have been disseminating rumors and misinformation on topics ranging from politics to social media narratives. MORE (This was a fully AI-written summary. How was it?)

💡One thing you might be wondering is how much AI I use to generate the newsletter. The answer is a lot, but mostly for the collection, filtering, and organizing steps. I and/or OpenAI would still need to do a lot more work to be able to pass AI output directly in for main stories. For one, I use the newsletter as my news consumption activity, so I actually need to read the stories, and there’s still a massive difference between me writing something and the AI writing it.

I intend to keep the human aspect in play for the foreseeable future because it’s still better than AI. And the value to you is largely the analysis, not the story summary. If/when the balance changes in the future I’ll let you know, and at that point I’ll transition to summaries being fully AI-generated and then custom-written analysis, commentary, and long-form content. Still a bit early for that, though.

Maersk and Hapag-Lloyd are halting Red Sea transits due to increased missile and drone attacks, impacting global shipping routes. MORE

Incidents

⚠️ INL Data Compromise — Over 45,000 people's personal info was stolen from the Idaho National Laboratory. | SEVERITY: HIGH | RESPONSE: INL and federal agencies are investigating. MORE

⚠️ MongoDB announced an incident exposing some customer details but not the data stored in MongoDB Atlas. The breach was detected on December 13th, and while the full extent is still under investigation, customer account metadata and contact information were compromised. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

🤖 OpenAI released its own prompting guide. It’s quite good and includes examples. Here are the main tactics:

Include details in your query to get more relevant answers

Ask the model to adopt a persona

Use delimiters to clearly indicate distinct parts of the input

Specify the steps required to complete a task

Provide examples

Specify the desired length of the output | MORE 

🔥Eleizer Yudkowsky (yeah, that one), tells AI to create a “normal” image. And then whatever it gives back he tells it to make it “more normal”. It keeps going and the stuff it ends up with is completely insane. Read the whole thread. MORE

Facebook’s being swarmed by fake social media photos that people think are real. We all knew this was coming, but it’s still weird to see it actually happen. An artist posted a real version of a thing and now he’s being copied by people using AI. MORE

Apple's already working on a 2nm chip process for 2025, with TSMC's mass production plans hinting at a possible 1nm before too long. This is why you should get your Apple hardware to Apple Silicon and start skipping a generation or two. MORE

OpenAI is putting more emphasis on its Superalignment research team run by Ilya Sutskever. The team's recent experiments show progress in guiding smarter AI models without diminishing their capabilities, using a method where an inferior AI influences a superior one. MORE

OpenAI just cut off ByteDance for training a rival AI using GPT-4. ByteDance reportedly violated Microsoft and OpenAI's developer licenses by using GPT output to enhance its own AI model. Do they not know OpenAI looks for this in API call patterns? MORE

GM just dumped Apple CarPlay and Android Auto, claiming they're not safe because they might make drivers use their phones more. People are still going to use car computers; now they’ll just use a worse one. Ford came out and basically called BS, and said they’d still be supporting them. MORE

HUMANS

ProPublica did an investigation on NYPD use of bodycams, and it showed that despite millions spent on the cameras, police departments often delay, redact, or refuse to release footage, undermining their entire point. This reminds me of tax law. When powerful people and mechanisms don’t want a thing to happen, they find ways to make sure it doesn’t. MORE

The Pope has approved priests to bless same-sex marriages. This guy has changed so much about the Catholic church that I wonder if some of it won’t be reversed by successors. I suppose not since future generations will (likely) be more progressive. MORE

Solar and wind energy are set to surpass coal in the US power mix for the first time in 2024. MORE

Netflix's recent viewership data reveals a strong contrast between the shows people discuss online and the ones they actually watch, with series like "Ginny & Georgia" dominating real viewership. The report shows "Ginny & Georgia" was in the top ten most viewed between January and June 2023, despite less online buzz compared to genre hits like "The Witcher." I love this disconnect between real and stated preferences. Reminds me of the book Everybody Lies, about Google search query analysis. MORE | EVERYBODY LIES BOOK

US Steel used to be a total behemoth, and now it’s selling to Nippon Steel. MORE

TikTok's car confessionals are becoming the new short-form video blogging. TikTok creators like Cheryl Porter and Keith Lee are amassing millions of followers through their car-based content. The trick here is authenticity. The car setting I think makes both the creator and the viewer feel more unguarded and real. MORE

Costco is selling gold bars online. As soon as they go up they sell out. I think I might get a few. MORE

IDEAS & ANALYSIS

RPG Literature and The Connection to Grinding
So I’ve been reading a genre called RPGLit (RPG Literature) for a few years, and I just realized a connection with the Discipline post I just wrote. So I’m starting the second book in The Primal Hunter series and I’m enjoying it more than I should be. Actually I’m often confused about whether I’m enjoying this genre or not. But I definitely am sometimes. Like I can’t tell if I’m wasting time or having fun or relieving stress or whatever. Or even why I enjoy it at all. Well this week I finally isolated what it was. It’s an entire genre about self-improvement. With clear stats. Clear skills. Clear ascension. Clear progress. So it’s basically a proxy for life grinding! It’s like erotica for D&D-minded self-improvement nerds. Anyway, if any part of that appeals to you, you should sample the genre. I’m not sure what the best stuff is, but fellow ULer Joseph Thacker (rez0) and I are all about the CRADLE series. THE FIRST PRIMAL HUNTER BOOK | THE FIRST CRADLE BOOK 1

NOTES

I can’t tell you how much joy it gives me to tweak my terminal / Nvim setup every year or so. Especially this year because it was such a drastic rewrite and fresh start. I feel like Vim is one of my replacements for religion.

I am extremely excited for 2024. Tremendous momentum and energy heading into Christmas, and honestly am looking forward to January.

🥳 As I read what I just wrote, I realized that it’s now been 1 year since going independent. Wow. I hadn’t really thought about it, but I think we can call it an unambiguous success. I’ve never felt more free or more creative in my life. This is why I keep pushing all my friends to think about a similar jump!

🙏 I want to say thank you for reading this newsletter and engaging with all my content. I’d still be doing it if nobody was listening, but the fact that you are makes it possible to do for a living. And I appreciate you.

👉 Continue reading online to avoid the email cutoff issue 👈

DISCOVERY

🤖 Microagents — Python-based agents that evolve to answer queries and improve over time. And they write their own code to do it. | by aymenfurter | MORE

🗣️Kelly Shortridge argues here that cybersecurity isn’t special, and that we tend to exaggerate our challenges compared to other departments. She also gives practical advice. Worth a read for sure, and it didn’t go unnoticed that she put it on her own site, and not on a company site! More of that please! MORE | EXTWIS SCREENSHOT

🤖 The Lever Prompting Technique — Give it levels and tell it to move up or down on a 10-point scale. | by Moritz Kremb | MORE

📺 My buddy Gunnar Andrews posted a new video on building bug bounty automation. MORE

🔍 Nmap Peek — Easily view Nmap scan results directly in VSCode for better analysis and workflow. | by marduc812 |

🎶 StemGen — A new end-to-end music creation model, with demos. MORE | TELOS AI SCREENSHOT

🧱 BELAY — BELAY offers a modern twist on the traditional executive assistant role by providing U.S.-based virtual assistants and accounting professionals to help leaders manage their tasks. MORE

🔍 Incogni — Actively seeks out and removes your sensitive information from the web. MORE

🔧 SQL Polyglot — A tool to help you write SQL queries that work across different databases. | by antonz | MORE 

🔨 Be Family — A modern, AI-powered family organization tool designed to simplify family management. It's an interesting approach to keeping family life calm and collaborative, and they're offering it free for life to early sign-ups. MORE

📚 The Munger Operating System — It's about aligning your actions with the value you want to create. It's a reminder that trust and success aren't just handed to you; they're the result of consistent, hard work. MORE

🤔 Improvements Since the '90s MORE

📚The Verge’s favorite books from 2023 MORE 

Engaging OKR Check-ins with Hill Charts MORE

Taylor Swift's Eras Tour concert film is now on AppleTV. It’s worth watching even if you don’t like her music. It shows a complete mastery of the craft, on all dimensions. MORE

Stock funds managed by less attractive individuals beat those managed by their better-looking counterparts by a solid 2%. MORE

On being wrong about AI MORE

Ask HN: Terrified I Won’t Find Another Job MORE

RECOMMENDATION OF THE WEEK

No matter how much family and/or in-laws can annoy you with politics or whatever, put your mind years or decades in the future when they’re not there.

Find something to appreciate—something to agree on—and try to be present.

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶 

Share UL with someone like us…

Yours,

Powered by beehiiv

Click for full size version

I’ve been wanting to capture this for a while now. I’ve made multiple versions of this over the years, but I’m pretty happy with how this one turned out.

The goal of the system is to show the interplay between Talent, Discipline, and Luck, but specifically to show how Discipline matters more than anything.

The premise

The goal here is to model reality, and the main claims of the systems are the following:

Talent matters a lot.

But not nearly as much as Discipline.

 Luck is a critical wildcard that can bury or launch you, but it can be significantly altered by either high or low Discipline.

Notably, Talent and Discipline are set to a given target’s attribute. Meaning, we’re estimating how talented or disciplined they are in real life.

Luck, however, is random. You roll 1d10 for that. But interestingly, if your Discipline is high enough, you can raise your luck from low to average, or even boost it over the natural maximum of 10.

And Luck also goes in the opposite direction: you can start with average Luck but if your Discipline is low, your Luck ends up lower.

When you combine all of these components, you get a really powerful dynamic where Discipline ends up the absolute most important thing.

Again, that’s my belief of how reality works, and so that’s the model I’ve constructed.

The system

So the arithmetic here isn’t that special or important. What’s important is the range between low values and high values—especially in Discipline and Luck.

One thing to note is that the baseline is around 600, which is where everything is set to average, with lots of motion when values are higher or lower.

Calibration

Don’t over-think this, but here are some guidelines for estimating Talent and Discipline.

Talent

Talent means universal talent, meaning your natural ability to be good at things.

5 is Average

6 is Talented

7 is Notable

8 is Gifted

9 is Extraordinary 

10 is Pinnacle 

Don’t worry too much about the specifics. Let’s say 10 is like top .01% of the world, 9 is top 1%. 7 and 8 are where you’re well-known either internally or publicly for a thing, and 6 is where you’re not any of those but you’re a step ahead of the pack.

Discipline

Discipline means your ability to build and follow a plan for success. Here are some guidelines for estimating Discipline.

5 is Average

6 is Committed

7 is Dedicated

8 is Resolute

9 is Unyielding

10 is Heroic

Here we’ll do something different for the levels. 10 is where you have a rigorous routine for diet and exercise, and you basically never miss it. Like once or twice a year due to emergencies. 9 is no more than once a month. 8 is where you have a less formal routine but do it over 90% of the time. 7 is where you have a decent routine and you follow it more than 75% but less than 90%. 6 is where you have some kind of routine and you follow it 50%-75% of the time.

Average is where you aren’t doing horribly bad things, and you’re able to maintain some kind of discipline to stay on schedule and meet commitments, but nothing special. 4 and below are for increasingly bad habits, lack of routine, and/or inability to make or follow goals or commitments.

The scenarios

So, given all that—and assuming you at least somewhat agree with the model’s connection to reality—what’s fun is to then run yourself and others you know through the system.

This is the best way to tell whether you think the model tracks to reality or not. So let’s look at a few of the scenarios.

1️⃣If you look at the first scenario, the final score of 8 is abysmal. And this comes from not just the low initial values, but because the low Discipline score lowered the low Luck to the minimum of 1.

This is probably too extreme of a low score, but it directionally and overall tracks for me.

4️⃣Scenario 4 is fascinating because it’s someone with relatively low Talent, but high Discipline. And they even rolled a 1 on Luck! But because of their high Discipline they ended up higher Luck! And this resulted in a higher outome score than average!

In other words, you can still crush life by being exceptionally disciplined—even if you’re not as talented or lucky.

This is precisely the dynamic I was hoping to capture with the model, and why I think it tracks.

Usefulness

I love turning my knowledge into models that I can gain insights from. And to me, models are only useful if they’re…um…useful.

For me, the purpose of a model like this is to inspire myself—and those I care about—to try to be more disciplined.

Basically, I’m trying to use a contrived—yet hopefully somewhat accurate—model to try to tangibly illustrate that high discipline can dramatically improve your life.

And similarly, you can have everything going for you but throw it all away by not being disciplined.

How I use this myself

The way I use this is dead simple.

My natural Discipline score ranges between 4 and 6. But I’ve figured out the hack that we’re able to copy the habits of disciplined people!

That means I grind.

Constant studying

Constant learning

Constant hacking/building/creating

Constant sharing of what I learn

And most important, I created a life and health routine, which I parsed from hundreds of hours of study and research, that I follow as much as possible. This routine allows me to do all the things above more often, more consistently, and at higher quality.

Basically, the routine raises my Discipline score—and not by a little bit.

On a good, on-routine day it probably takes my Discipline from a 4 to an 8. So if my Talent is a 7, and my Luck is a 5, here is the variance:

Off-routine: 560

On-routine: 2240

That’s over 4X!

Again the numbers aren’t magical, so it’s not like you can take 2240 somewhere and get something for it. But remember that average in this system is around 600-700. So 2240 is much higher.

And remember, I’m not saying this system makes it real. What I’m saying is, “This is real.”, and the system is just properly capturing it.

To me this is precisely how reality works: The people who grind their assess off get outsized outcomes. And this is true regardless of talent and luck.

Recommendations

Play with the system. Plug your numbers in. Get your numbers from others if you don’t think you’re objective enough.

Plug the numbers in for people you care about, and see if it matches your interpretation of reality.

Consider showing the system to people who could use it. But make sure they’re receptive to it and you’re not being an ass.

And finally, if you use the system, and it tracks to reality for you, and it tells you that more Discipline could help you—do what you can to aggressively raise your Discipline.

It’s the most important stat on the character sheet.

NOTES

Thanks to Jason Haddix for talking with me about this for over a decade and helping me formulate these thoughts.

Powered by beehiiv

Social media started around 2012, which is precisely when we saw our kids’ mental health drop into an abyss. But nobody has been able to clearly articulate exactly how social media is causing it. Nor why it crushes some kids while barely affecting others.

Jonathan Haidt shows it’s not the relationship with parents

I believe I have the answer. Or at least the primary answer.

It’s not Social Media causing the depression. Social Media is causing Purposelessness, and the Lack of Purpose is causing the depression .

Comparison as the thief of joy

The common narrative we hear about social media’s negative influence is that of comparison. Young kids, especially girls, are shown images of the gorgeous, famous, and happy, and they compare that to their own lives and are devastated. Repeatedly. All day, every day.

That’s bad, for sure, but I don’t think it’s quite it. That’s more like the kindling or the match, but not the fire.

The problem is that social media is sending multiple conflicting messages for what that young person should be.

You should be beautiful

You should be tall

You should be a YouTuber

You should be a model

You should be an influencer

You should be a singer

You should be attractive and popular

Kids and teens are supposed to be forming their direction in life as they grow up. Figuring out where they’re going and what they want to be. But that little voice inside them is quiet, and it gets drowned out by the persistent and convincing messages from social media.

Another thing that’s making it worse is that parents are simultaneously sending less of their own signal of what the kid should be.

Parents used to largely tell kids who they were, and what they should be. Maybe they’d give some options, but it was clear that they should at least be:

Someone who believes in God

Someone who loves their country

Someone with a trade or education

Someone with a job in their trade or field

Someone with their own family and career

In other words, most people knew from the time of childhood on, who they were and what their purpose was. It was to be a patriotic and god-fearing electrician, or housewife, or teacher. Or whatever.

Super simple. Super clear. At the same time, the false purpose signals were few and relatively quiet. They didn’t have social media—or media in general—showing them thousands of alternatives a day.

Today we have the opposite. Today, parents provide much less purpose, while social media pulls the kids in a million different directions. And the result is that they’re they’re lost. They don’t know who they are, who they should be, or why they’re even here.

Parents and schools—trying to be encouraging—are more likely to say things like, “You can be whatever you want.” It’s a positive sentiment, but by itself doesn’t give them the direction they need. And it might even make it worse because it implies they should be able to figure it out for themselves.

The explanatory power of the Purpose Problem

This Purpose Problem model explains so much.

It explains why some people are seemingly immune to social media’s negativity

It explains why religion offers so much help to so many

It explains why kids were much happier in the past

It explains why many people struggle with addiction and can’t have a single taste of a drug without spiraling out of control, while some could do three weeks of the hardest drugs possible and go back to regular life and never think about the drugs

And it explains why many kids in immigrant families have some immunity

In all five of those cases, the difference is purpose.

Kids are resistant to social media when they have a stronger purpose from something else

Religion often gives people a strong identity and direction

In the past they got this purpose from parents and religion

Addiction can be seen as a lack of connection and purpose that makes drugs and escape attractive

And immigrant families often do two things simultaneously: giving lots of direction and purpose themselves, while also limiting their kids’ exposure to outside influence

That’s what matters. Having a purpose that is stronger than all the false signals constantly bombarding us day to day. Signals telling us what we should be. Things like:

You have to be rich

You have to be pretty

You have to be famous

That other person is doing better than you

You’re not as popular as that other person

That person has everything in life, and I have nothing

They’re so happy, and I’m so not

These are all signals pulling kids in multiple directions. They obscure and reduce their internal voice, or stop them from developing one at all.

And the result is devastating. It makes kids feel like everyone around them has it figured out—except for them. And that disconnect—that feeling of isolation—is what makes life unbearable.

Ok, but what do we do?

The solution is simple but not easy.

We have to make sure our kids have a purpose that’s stronger than the external signals they’re receiving.

We can do that in two ways:

Magnify their primary purpose signal

Reduce their exposure to false purpose signals

I’m sure there’s some minimum that the primary signal needs to reach, but don’t worry about that so much. Worry about the ratio. Make sure their primary signal is way stronger and more consistently reinforced than the noise.

Practically speaking, this means helping them find and lock onto a direction. They’re kids, so you can’t just ask them deep philosophical questions about self. When I was a kid I was mostly about boogers and BMX. They’re young.

So it’s about creating a distant goal of self. A thing they are becoming. You want them thinking something like:

I’m going to be a mother and a doctor and help people by writing books and doing YouTube

I’m going to be a father and a restorer of trees on the planet

I’m going to be a physicist like my mother and my uncle

I’m going to be…something

Something. Something distant. Something grand. Something they can claim as an identity to immunize them against the garbage assaulting their minds every day.

I obviously don’t know what that something is, as it’s different for every kid and every situation. And it might take a while for you to figure out with them. Plus, it might not even matter much because it’s likely to change.

What matters is that it feels legitimate, strong, and tangible enough to lock onto and define them during these chaotic years.

Summary

It’s not social media causing depression in our kids.

It’s the lack of Purpose.

Social media looks guilty because it’s the main thing sending false purposes, false identities, and pulling kids in multiple directions.

This means they can’t nurture their inner voice that’s still quiet, so they end up with no direction and no purpose—which means no identity.

They then (falsely) see that everyone has life figured out—except for them—and they start questioning why they’re even here.

To solve this, we must 1) help them find and magnify their own signal, and 2) reduce negative external signals, such as social media and other forms of comparison.

In short, kids are so depressed because they don’t know who they are or what they’re supposed to be doing.

And our primary purpose, as adults, needs to be helping them figure that out.

NOTES

BONUS: This is also—in my opinion—the main reason for adult depression as well. Turns out, adults are grown-up kids. Also, it’s much harder to guide someone about purpose when you don’t have one yourself. So the lack of purpose we’re currently seeing is moving forward in time and subsequent generations :(.

To be fair to parents, it’s also harder to give a defined purpose today because it’s far less clear than 20 years ago that our country, God, an education, or a career will yield any sustainable meaning or happiness. It’s less clear that God exists. It’s less clear that the US or the West is a force for good. It’s less clear that an education is a guarantee of happiness. It’s less clear that a good job or career is a guarantee of happiness. See: layoffs. See: AI. So it’s far harder than 20 years ago to tell a kid to pursue those things and you’ll be happy. So what do you tell them? Not easy.

This is why so many kids of recent Asian and African immigrants, especially of the Helicopter variety, are less prone to social media depression. They’re too busy. They’ve been told what their purpose is, and they’re fully engaged in pursuing that. They’re in study groups with other people who have the same mentality. They’re in sports groups. They spend their whole day thinking about what they are becoming, and working towards, and with other kids doing the same. This doesn’t make them immune to depression, but it provides a lot of defense. And it doesn’t have to be perfect to do the job. The purpose doesn’t have to be exact (and it can’t be anyway since they’re just kids). What matters is that it’s a much stronger signal than the noise.

There is a lot of great work being done on the social media aspect of this by Jonathan Haidt, and specifically on the topic of getting phones out of schools, which I recommend you check out. MORE

Powered by beehiiv

👉 Continue reading online to avoid the email cutoff issue 👈

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news—but why it matters, and how to respond.

Hey there!

Something super cool to share that I’ve been working on.

Approximately 1,000,007 people have asked me for a deep-dive on how I’m using AI. All the tools I’ve built. What they do. How I set them up. And how they can do the same.

So I’ve made an intense, 3-hour course that covers all of it, that I’m running in January!

COURSE WEBSITE

What AUGMENTED covers:

My Approach

What I want from AI (the problems I’m solving)

My framework / approach for solving them

A live demo of multiple workflows

Architecture Overview

The tech stack that I’ve built

My prompt/templates approach and lessons-learned

Guides

A step-by-step for building the server-side infra

A step-by-step for building the client-side infra

Hosting recommendations

Outputs

The full guide to building my stack for yourself

Multiple full-text copies of my actual modules

A set of ideas you can use for different professions and areas of focus, e.g., security, writing, copywriting.

Basically, by the end of the 3 hours, you’ll be able to build a copy of my AI ecosystem for yourself.

The course will be limited in attendance, early access prices start at $495. The date will be announced soon for the middle of January 2024.

UL Subscribers can get early subscriber access for $445. GET YOUR SPOT

UL Members get a full $200 off the course, bringing it to $295! BECOME A MEMBER

Super excited to share my full ecosystem and workflows, and now I have the avenue to do that!

MY WORK

Had the opportunity to talk to my good friend Gabe about a bunch of AI topics. Gabe is super bright on all sorts of AI topics, and especially AI Safety and use cases for Threat Intelligence. Check it out. WATCH IT

SECURITY

Researchers have found a way to extract megs of ChatGPT's training data by prompting it to repeat a word indefinitely. The attack can make the model regurgitate data it was trained on, including sensitive information like email addresses and phone numbers. OpenAI also warns, however, that the attack goes against the TOS. MORE

Meta has rolled out end-to-end encryption by default on Messenger. A lot of people see this as a pure win, and I mostly do as well. But the easiest way for me to tell someone is unsophisticated in infosec is for them to tell me they’re 100% for or against end-to-end encryption. MORE

🪳Atlassian just patched four more critical vulnerabilities that could allow RCE. | CRITICAL | CVE-2022-1471, CVE-2023-22522, CVE-2023-22523, CVE-2023-22524 | CVSS Scores: 9.8, 9.0, 9.8, 9.6 MORE

Incidents

🚨US Agencies Hacked — Hackers exploited a critical Adobe ColdFusion flaw to hit US government servers. | CRITICAL | CVE-2023-26360 MORE | MORE | CISA ADVISORY

⚠️ Engineer's Costly Revenge — Miklos Brody got two years for trashing his ex-employer's code after being fired. | SEVERITY: HIGH | RESPONSE: He must pay $529,000 and will be under supervised release for three years. MORE

⚠️ Austal USA Hacked — Navy contractor Austal USA confirms a cyberattack with no operational impact (um, yet). | SEVERITY: MEDIUM, as the breach could involve sensitive shipbuilding data but no classified information was reported stolen. | RESPONSE: Reps say the incident was quickly mitigated and authorities are investigating. Just remember what we said last week about waiting for shoes to drop. MORE

Vulnerabilities

🚨Sophos RCE Exploitation — Sophos had to issue a fix for an RCE vulnerability after attacks on outdated firewalls. | CRITICAL | CVE-2022-3236 | MORE

🚨Outlook Hijack Alert — Russian hackers are exploiting a critical Outlook bug to take over Exchange accounts. | CRITICAL | CVE-2023-23397 MORE

🪳ClamAV Critical Flaw | CRITICAL | CVE-2023-20032 MORE

Sponsor

CISOs Overconfident But Underprepared for SaaS Security Risks

A disconnect lurks in the current state of SaaS cybersecurity. We surveyed 600+ security experts, and many were confident in their SaaS security strategies, yet:

79% faced SaaS security breaches in the past year.

52% of organizations still rely on manual SaaS cybersecurity audits

60% have limited to no ability to monitor SaaS-to-SaaS connections

Explore the latest insights in the AppOmni SSPM 2023 Report.

👉appomni.com/saas-security-report-2023-sspm👈

Get The Report Now

GitLab's new guide shows you how to visualize cyberattack techniques using MITRE ATT&CK Navigator, making it easier to see your security coverage. Includes a ready-to-use example project that lets you map out techniques across the ATT&CK framework. MORE

North Korean hackers are phishing crypto teams by impersonating legitimate investment firms. They get them to download malicious scripts that grant control over the team's computers, and then use that access to steal the funds they have access to. MORE

💡One common thread I’ve seen in Crypto projects is an immature, energetic, and nearly religious pursuit of fast money. This is what makes these projects so ripe for fraud. Most everyone involved is trying to become a millionaire in a matter of months. And this not only makes them vulnerable to fraud, but other types of attack as well—including phishing, credential theft, investment scams, etc.

Sponsor

Cracking the Code to Vulnerability Management

Vulnerability management in the cloud is no longer just about patches and fixes. In this latest report, the Wiz Security Research team put vulnerability management theory into practice using recently identified vulnerabilities as examples.

You’ll learn:

Which technology & vulnerability types to prioritize 

How to leverage CVSS metrics

The essential questions to ask when triaging

All this and more can be found in The 2023 Cloud Vulnerability Report

👉wiz.io/lp/2023-cloud-vulnerability-report👈

Get the FREE report today!

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

Google shat the bed on its Gemini rollout. It was supposed to be the big GPT-4 killer, and it ended up flopping for multiple reasons. 1) The real model everyone was waiting for isn’t coming out until next year. 2) They actually fudged some of the demos. Not complete lies, but trickery for sure. 3) You still have to use it in Bard, but the integration wasn’t fully-baked. In short, and like usual, they have amazing tech and they continue to fail at Product Management. All that said, the smaller models are pretty interesting, and the fact that they’ll be integrated with Android is a big deal indeed. MORE

🤖 Someone recreated the Google Gemini demo, but with GPT-4, and it works! MORE

Spotify just cut 17% of its staff and killed off some top podcasts, signaling something, but I’m not sure what. Is this Spotify losing, or podcasting in general? I think probably the former. The layoffs are the third round this year. MORE 

Elon Musk launched Grok to Premium+ members. I signed up to use it and it’s pretty decent. For me, however, I am a pinnacle model guy, which means GPT-4. I have such limited time, and it’s not my job to taste and sample and rate AI implementations. I am building on AI, not just talking about it. Which means I’m picking one and diving in. And for now, that’s OpenAI. The only reason I’ll use something other than OpenAI is if it has a standout feature that I can’t get anywhere else. MORE

Amazon's rolling out Digit, its humanoid robot. Currently, operating Digit costs about $10 to $12 per hour, but Agility Robotics expects this to drop to $2 to $3 as production scales up. Since 2017 they’ve gone from like 48K robots in their distribution centers to nearly 800,000. But don’t worry, they said they’re there to work “in collaboration with” humans, not to replace them. MORE

Tesla's rolling out Apple Podcasts to their vehicles next week, which is great. But I’d still prefer a tighter integration like CarPlay. MORE

HUMANS

Tesla's Model Y just surpassed the Toyota RAV4 in new vehicle registrations in the US, but at the same time Ford has reduced their production target for F-150 Lightnings by 50%. So I ask again—is Tesla the only one winning in the electric car space? It’s starting to feel like Uber, where we thought there would be tons of players, but the first mover is ending up on top. MORE

A whole lot of businesses seem to be realizing that Austin (and Texas) is not the same as the Bay Area, so they’re moving out and/or back. I’m sure it’s multifactorial, but I’d bet a lot of it is the pure hustle culture in the Bay. Austin is more focused on balance, which is not the desired Alaskan Fishing Boat philosophy. MORE

The Extremely Large Telescope in Chile will be finished in 2028. It will have a huge 39.3-meter main mirror, which is around 4x the current largest. It’ll allow us, among other things, to see exoplanets! MORE

A Cardiff University study suggests low-dose aspirin could cut cancer death rates by 20%. The research analyzed data from 118 studies involving around a million patients, showing a significant reduction in cancer mortality for those taking daily low-dose aspirin. MORE

Canada’s cost of living is increasing rapidly, causing reverse immigration. MORE

NOTES

Three words: Blue. Eye. Samurai.

👉 Continue reading online to avoid the email cutoff issue 👈

DISCOVERY

🛠️ Web API Testing — Learn how to test web APIs with practical labs and techniques. | by albinowax MORE

🪳 SyzGPT Meets LLM — A new tool combines fuzzing with language models to improve security testing. | by albocoder1 MORE

📂 The InfoSec OPML File — This OPML file is a goldmine for anyone in infosec. It's a curated list of feeds that you can plug into your RSS reader a ton of infosec inbound content. | by Securibee | MORE

🔍 Decompiler Explorer — Compare decompiler outputs directly in your browser with this new web tool. MORE

🕹️ apk.sh — This Bash script streamlines reverse engineering of Android apps by automating tasks like pulling, decoding, and patching APKs. MORE

🔎 Tom Hazledine just open-sourced his AI tooling for finding related blog posts using LLM embeddings and GPT-4, making content recommendations smarter and more relevant. MORE

🔧 Nuclei AI Extension — Streamlines the process of creating vulnerability templates directly from web content. | by projectdiscovery | MORE

🔒 VulnerableCode — A free, open database for software package vulnerabilities. | by nexB | MORE

🛠️ Openlayer — A workspace for evaluating machine learning models, offering real-time updates on performance and anomalies. MORE

Taylor Swift's "Eras" Tour is the first to do over $1 billion in ticket sales. MORE

Storytelling Wins Interviews MORE

Top Reads of 2023 MORE

🔥The Egg by Andy Weir MORE

Print That Video MORE

Apple and Amex? MORE

Switch off bad TV settings MORE

RECOMMENDATION OF THE WEEK

Three words: Blue. Eye. Samurai. It’s on NETFLIX, and it’s Rated R. Soooo good.

Anyone using these new nicotine gums? I’m all about nootropics, and nicotine doesn’t seem too dangerous, actually. But wondering what people think here. Huberman knows someone who eats the gum like all day everyday.

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶 

Share UL with someone like us…

Yours,

Powered by beehiiv

👉 Continue reading online to avoid the email cutoff issue 👈

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news—but why it matters, and how to respond.

Greetings!

I’m settling into December and have been hacking on stuff like a fiend!

Improving the explanation of what you get when you sign up as a UL Member, and the UL Member portal for where you get it. A buddy basically said it wasn’t super clear what all came with it—like I didn’t hype it up enough and show all the benefits—which I agreed with after I looked at it, and I was already working on improving the portal. It’s better now!

Making progress on our main AI product, now with a completely new stack.

Building that project I teased about a few weeks back. It’s my first Go executable project, so it’s taking a bit. Super excited about it though!

I wrote a sick new AI tool that takes any video and provides a full set of transcripts and topics like this one for Mark Manson’s Convo With David Perell.

A sample from my new Chapters tool

If you know any YouTube creators who need auto-generated, high-quality chapter timestamps, please let me know. This normally takes hours of tedious work for a human, and it’s pretty hard to do well. REACH OUT IF YOU KNOW SOMEONE

Started a new RPGLit book, which is very RPTLit.

And I’m hyped to be seeing two friends this week that I’ve not seen in many months! I hope you’re into something good as well, but also trying to power down a bit for the holidays.

Let’s jump in!

MY WORK

Immigration and National/Racial Identity is Becoming the Top Global Security Issue
Starting off with a light topic, this new essay is about when culture wars create identity wars, and we get predictable results in the form of authoritarianism and atrocity. READ IT

👉 Continue reading online to avoid the email cutoff issue 👈

SECURITY

Okta just revealed that the recent hack compromised data on all its support customers, meaning the ones who had contacted support and had been using that service. MORE | MORE 

The 23andMe breach also just expanded. They’re now saying it was “a significant number of files”, and it was genetic data as well. MORE

💡This is why I’m so skeptical whenever I hear, “But no ______ data was affected.” I’m always waiting for the other bodies to drop. I feel like we won’t know the actual impact for a number of months, so I consider all the initial updates to be preliminary. Same with LastPass, and countless others.

Meta and Google are calling out China for thousands of fake accounts spreading content across multiple platforms. Meta's report detailed the removal of 4,789 accounts posing as Americans, which later shifted to impersonating Indian profiles to spread disinformation about the Dalai Lama. MORE | META’S REPORT

Sponsor

Why the Agile Framework and AI are a Match Made in IT Heaven

Download this eBook and learn how the Agile project management approach and AI together can help you solve nearly any IT problem.

Inside, you’ll discover:

Why the Agile framework is so powerful

How developers can create more precise and effective AI prompts with the help of the Agile framework

A sample AI prompt for developing a PowerShell script

👉go.automox.com/agile-ai-ebook👈

Download Now

Meta's has outright banned AI-generated political ads. For all countries. Everywhere. The decision affects ads related to politics, elections, housing, employment, credit, social issues, health, pharmaceuticals, and financial services. MORE

Google's RETVec is Gmail's new tool to fight spam and malicious emails, using a multilingual text vectorizer that catches tricks like homoglyphs and typos. The integration of RETVec has boosted Gmail's spam detection by 38% and cut false positives by nearly 20%, while also slashing computational costs significantly. MORE | THE PROJECT

The USS Carney and commercial vessels were attacked with missiles by Houthi rebels in the Red Sea. Balsy. They downed 3 drones as part of the attacks. MORE

Vulnerabilities:

🚨Chrome Zero-Day Patched — Google just released an emergency update for Chrome's fifth exploited zero-day this year. | CRITICAL | CVE-2023-6345 | MORE

🚨Zyxel NAS Vulnerabilities — Zyxel's NAS devices have critical flaws allowing unauthenticated command execution. | CRITICAL | CVE-2023-4474 | CVSS Score: 9.8 MORE

Incidents:

⚠️ North Texas Water Hit — North Texas Municipal Water District's systems, including phones, were disrupted by a cyberattack. | SEVERITY: HIGH | RESPONSE: The district has not yet disclosed any specific response measures. MORE

⚠️ Dollar Tree Data Compromise — ZeroedIn's breach hit about 2 million people, including Dollar Tree and Family Dollar employees. | SEVERITY: HIGH | RESPONSE: ZeroedIn notified affected customers and may face a class action lawsuit. MORE

📖 Okta Threat Hunting Guide — Part 2 of the Okta Threat Hunting series is out, offering advanced techniques for log auditing. | by /u/Or1rez MORE

📺TALK: Prompt Injection Exploits, CONFERENCE: Ekoparty VIDEO

🧱PROJECT: RETVec: Gmail's New Shield MORE

There was a wild panel of military leaders called BLACK SWAN: DAWN OF THE SUPER SOLIDER (their caps). And the topic was basically all the different ways we are working to make people into super soldiers. Surreal since they’re so casual about the conversation, and I just showed my girl all the Bourne movies, which included the modified soldiers one. VIDEO | (Members) Check the #extractwisdom channel | GET ACCESS to the EXTWIS of the VIDEO

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

Sam Altman's back as OpenAI's CEO, and things seem to be settling down. Not sure what they’ll even do for Season 5 of the Sam Altman show. Microsoft also snagged a board observer seat. MORE | MORE | MORE

💡Analysis continues for exactly what happened, but I am still working under the theory that it was (basically) Accels vs. Doomers. And the Verge has Altman saying Q* was a leak (screenshot). All this keeping in mind that Sam isn’t pure Accel, and not everyone who thinks he should slow down is a Doomer. Still, I think that was (and continues to be) the primary dynamic. VERGE SCREENSHOT

An anonymous poll showed Google’s productivity is suffering, with 71% of software engineers working six hours or less daily and/or juggling multiple jobs without hitting a 40-hour week. How did Microsoft become sexy and Google has become stodgy? I think the answer is Satya. MORE

💡The other thing hurting Google is that they’re building products using a “throw it at the wall and hope it becomes another GMail” strategy, rather than building a Life Ecosystem Platform like Apple.

The Black Cabs in London are coming to Uber. Big win for Uber here. MORE

HUMANS

Ireland is experiencing major riots around immigration. A stabbing by someone who seems to be originally from Algeria spawned the riots, and far-right groups in the country are calling for civil war. Conor McGregor is in the fray as well, making a number of anti-immigration statements and calling for immigration change. People are also hoping he runs for office. MORE

The U.S. economy showed a 5.2% annualized increase in GDP, surpassing both the initial estimate of 4.9% and economists' revised predictions. Wait until all this AI-powered creation starts kicking in. MORE

💡Predicting AI-based GDP changes is really difficult, and not just because it’s about the future (lol). The issue is that AI both giveth and taketh away. It’s going to make everyone more productive, but also remove jobs. Many companies will go under because they’re replaced by AI offerings, but there will be a ton of new startups too. So how does that all net out? Nobody knows. My guess is we end up with way more productivity, but if a massive portion of the population loses their jobs, who’s going to buy all the new stuff? Will it just be the top 20% making stuff and selling it to the top 20%?

Bitcoin just passed $40,000, which is the highest it has been since April last year. People are asking if crypto is back now, but I’ve yet to see solid use cases that aren’t Bitcoin (alternate money storage), or get-rich schemes. MORE

Saudi Arabia's Crown Prince is reportedly driving a secret initiative to spike global oil demand, undermining climate action efforts. MORE

🔥Ozempic's rise is reshaping spending habits and could actually boost the economy. GLP-1 drugs like Ozempic are leading to less spending on food but more on lifestyle and fitness. This is something to watch closely. MORE

Extraordinary housing costs are forcing divorced couples to remain living together because they can't afford separate homes. This reminds me of bad job markets where people aren’t leaving a company because they can’t. And then when the economy improves you have a whole bunch of people resign. How many people are in relationships they don’t want to be simply because they don’t have the option to leave? MORE

China is building nuclear reactors faster than anyone. Also, missiles, ships, and pretty much everything else as well. Including infrastructure. They’re just winning at preparing for the future. All we do here is fight while they prepare for a post-US-dominated world. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

NOTES

A bit of vulnerability here: I’ve been slacking on my workout/exercise routine. A good amount of table tennis, but not enough walking and not enough weights. This is partially on purpose (relaxing a bit for December) but not really. I’m still eating well and getting tons done, but my energy levels would be even higher if I were on-plan! Do better, me.

DISCOVERY

⚒️AutoGen’sTeachable Agents — Like Autogen, and also from Microsoft, but as you talk to a given Agent it learns your responses and stores them in context for future conversations! MORE

🔬 Meditron LLM Release — Meditron's new open-source LLMs are trained on a vast medical corpus and outperform other models in medical tasks. MORE

🚀 Reaction Replaces Fail2ban — A new tool called Reaction aims to offer a more efficient alternative to fail2ban for server protection. | by xvello | MOR

🖥️ Yabai — A macOS utility that turns your desktop into a tiling window manager for better space management. | by koekeishiya MORE

📈 Say This Not That Chart — A handy reference for anyone looking to polish their professional communication. It's about choosing the right words at work. MORE

🗒️ SMART Goals Template — Ditch those vague aspirations. This template guides you to set Specific, Measurable, Achievable, Relevant, and Time-bound goals. MORE

Digital car keys are finally catching on. MORE

AI and the Rise of Mediocrity MORE

This guy created documentation for everything in his house. MORE

The Great Deshittification MORE

D&D is definitely back.

Adobe bought Figma, and people aren’t happy. MORE

Lego-fy Yourself MORE

Why Life Doesn’t Really Exist MORE

A negative review of our UL Book Club book of the month. MORE

RECOMMENDATION OF THE WEEK

If January is the time we think about the upcoming year, let December be your time to reach out to old friends. Here’s a text you can use for people you haven’t talked to in a while, but that you wish you had.

Hey there, just saying Hi. We never chat and that’s on me for not reaching out. I love you, and I hope you’re well. And I vow to send more texts until we’re annoyed or excited enough to get on the phone. 😀 

Copy that and spend like 10 minutes going through your contact list and sending it to the few dozen people who you care about and have lost contact with.

Some portion of those people could really benefit from hearing you right now, and they’re just a text away.

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶 

Share UL with someone like us…

Yours,

Powered by beehiiv

When I hear that a terror attack happened in the US, Britain, or Canada I immediately think:

Young

Male

White

Nationalist/Racist

This is a problem. Not because I’m thinking it, but because I’m increasingly correct.

I think conflict caused by European cultural, national, and racial identity is becoming one of the top security concerns in the world right now. This is definitely true in Europe, but similar dynamics are spinning up in the US and Canada as well.

I think it’s multi-causal, though. It’s not all immigration. It’s harder to find a job, things cost more, and women are getting more demanding about the quality of their mates. So you’ve got millions of young white guys being told they’re the worst ever, that nobody wants them, and then you add immigration to that, and it becomes an easy onramp for extremist narratives and leaders. They’re happy to offer them-shaped scapegoats.

At the same time, much of Europe, especially in the East, is moving more authoritarian. They’re going more “protecting our culture”, “protecting the native population”, and more isolationist. Then you look at what’s happening in Sweden with second-generation-caused gang violence, and the rise of the Far Right there. Similar Far Right gains are happening in France, and now in Ireland as well.

This immigration/identity thing is a super volcano getting ready to pop, and there are only three main ways to address it.

Possible solutions

The Left-Wing Way: Dismiss all questions about culture, identity, and immigration as racist, and use the Cancel Hammer to attack anyone who talks about it.

The Logical-Moral Way: Start having kind, open, and honest conversations about the numbers and cultures of the people coming into Europe, what it even means to be “European” as a country or a culture, and consider policy changes that could help reduce tension in a way that’s acceptable for both the immigrants and the receiving countries.

The Right-Wing Way: Declare that white people are under attack from non-white immigration, stir up hatred in the native youth who are already struggling financially and existentially, and then use that negative energy to elect a new authoritarian leader who will eventually lead to atrocities against immigrants (and people they think are immigrants) in the name of nationalism.

Broadly speaking, those are our choices, with much of the narrative currently stuck in #1—with the Far Right now ascending all over the place to bring in #3.

Unfortunately, #1 causes #3, and the only thing capable of getting us out of this is #2, which seems completely impossible. That’s why this is one of the top security issues to watch in 2024 and beyond.

It will be a very dangerous thing when the most attractive narrative to millions of young white people men is a nationalist/racist one, which will no doubt come with a matching authoritarian leader.

We’ve seen these movies before, and they all suck.

NOTES

There’s another solution related to #2 that involves giving people escape hatches through narrative changes. This should obviously come as part of tangible policy change that reduces the actual tension, but it’s possible to dramatically increase or reduce pain by thinking about it in different ways. HUMILIATION IS DEADLY

Powered by beehiiv