Daniel Miessler's Blog, page 15

go.automox.com/itops-report-2024

INTRO

How are you?

Tons of stuff going on this week as plans for the year start to solidify.

A number of paid talks are starting to fill in, with the earliest in February and the latest so far in October. Absolutely love the combination of getting the ideas out there, getting to travel domestically and internationally, and getting paid for it!

I put out the bundle of loot for attendees of my AUGMENTED AI course on Friday.

I uploaded a ton to my still unannounced project, and activity on it is already going strong. Cannot wait to fully launch this thing!

🔥I have a buddy looking for a Security SE position. Remote, US-based. He’s a total and absolute gem. He’s one of my mentors and the best SE I’ve ever seen in any field. He not only learns any product instantly, but he deeply understands the tech, the customer problem, and sales, so he is insanely gifted at connecting what the customer needs to the product or service in question. Send me a quick note if you or someone you know is looking for a superstar SE. He will get snatched up quickly. EMAIL HIM DIRECTLY

Ok, let’s go…

MY WORK

A Conversation with Jason Kikta from Automox

In this sponsored episode of Unsupervised Learning, we talked to Jason Kikta. Jason is the CISO and Senior VP of Product at Automox, and our conversation covered: - Endpoint Management - IT and Security Overlap - Patching Strategies - Cloud-Based Solutions - Configuration Drift - Policy Articulation - Automation and AI - IT Operations Challenges - Future Product Features - and other topics.

omny.fm/shows/unsupervised-learning/a-conversation-with-jason-kikta-from-automox

Dark Visitors is a project that tracks AI agents doing various shenanigans on the internet and offering the ability to block them via robots.txt. HT to @securibee | by Dark Visitors | MORE

Super cool research on AI Sleeper Agents. Basically, agents that act cool normally but wait for a particular stimuli or moment to become vulnerable or take some other action. MORE | THE PAPER

From the paper (click for PDF)

💡You know how open source was supposed to provide “many eyes” and keep us safe? Well, benign AI agents will actually make that a reality. Auditing code. Crawling content for malware traps. Sending strange input to systems to try to trigger sleeper behavior, etc. The solution to malicious AI is, unfortunately, going to be benign AI tasked with finding it.

OpenAI is now partnering with the Pentagon for some projects, reversing its stance on military use of its AI. They are working on ‘a number of projects including cybersecurity capabilities’ (Bloomberg), but they’re maintaining their ‘no-weapons development’ policy. MORE | MORE

Sponsor

2024 State of IT Operations Report

We surveyed 500 U.S.-based IT professionals to dig into where the biggest efficiency challenges are for ITOps teams in 2024. We learned how generative AI and workflow automation tools increase IT agility, reduce costs, and enhance teams’ ability to simplify IT management. Download the report now to see what’s working for high-agility ITOps teams, where low-agility teams are struggling, and how your team stacks up.

Download the report now

Scammers are now using AI to fake the voices of relatives in emergency scams, tricking people into acting fast without adequate time to scrutinize. The FBI has logged over 195 complaints about these "grandparent scams," with victims losing nearly $1.9 million from January to September 2023. Tell your loved ones about these! MORE

China has been getting Nvidia chips despite a US ban that was meant to stop that from happening. They’ve been going through smaller suppliers, circumventing restrictions imposed in 2022 and 2023. MORE

San Francisco is going heavy on surveillance, evidently. They just installed 400 license plate readers across the city as part of the Flock Safety camera system. The police chief says it will help track down criminals, citing that 70% of crimes involve vehicles. I’m honestly for this kind of thing, despite the fact that it’ll have downsides. I just want there to be proper use and oversight. MORE

Advisories

🚨Ivanti Directive Issued — U.S. federal agencies have been ordered to patch a critical Ivanti software vulnerability. | CRITICAL | MORE

⚠️ Cybercriminals are exploiting TeamViewer to launch ransomware attacks by leveraging leaked LockBit builder tools. Huntress Labs' analysis of compromised endpoints revealed that attackers gained access through TeamViewer, attempting to deploy ransomware via a DOS batch file. MORE

Incidents

⚠️ UK Councils Cyberattack — Three UK councils are grappling with a cyber incident that's knocked public systems offline. | SEVERITY: HIGH | RESPONSE: Systems isolated, no customer data breach found yet. MORE

🚨 Chinese Espionage Campaign — Chinese hackers have been exploiting a VMware vulnerability for two years undetected. | CRITICAL | CVE-2023-34048 MORE

Vulnerabilities

🪳 GitHub Key Rotation — GitHub just rotated critical keys due to a high-severity vulnerability that exposed credentials. | HIGH | CVE-2024-0200 | CVSS Score: 7.2 MORE

🪳 Critical Vulnerabilities Patched — VMware and Atlassian have released patches for newly disclosed critical vulnerabilities. | CRITICAL | CVE-2023-22527, CVE-2023-34063 | CVSS Scores: 10, 9.9 MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

A recent study by Boston Consulting Group shows that consultants using ChatGPT-4 significantly outperformed their AI-less peers in various tasks. The experiment involved 758 consultants and found that those using AI completed 12.2% more tasks, did so 25.1% faster, and produced 40% higher quality results. MORE

💡These are beginner numbers because this is all just starting. I think the big change in hiring in tech—and companies in general—starting in the next 2-5 years will be letting go of the bottom 75% of performers (or just not rehiring them after attrition), and competing for the top 25%.

And within that group, the competition will be fierce for the top 1-10% who are gods with AI. Why? Because when they’re augmented by even just Copilot or ChatGPT they’ll be superhuman. But as agent frameworks start to take over, they won’t be a Human + AI pair. They’ll be a Human + AI Team pair. And that AI team might be hundreds or thousands of people behind a single person.

In other words, the competition for jobs, starting in the next few years will be against a top 10% performer who’s backed by a farm of AI Agents, which gives them the output of 10-1000X that of a non-augmented, normal employee. It’s no competition. And this is who companies will still be hiring. Everyone else, moving along the scale of competence over time, will be increasingly unemployable.

Thousands of AI Authors on the Future of AI. Super cool project that surveyed thousands of published authors on what they thought was coming in AI, and when. I think they were far too conservative, which I think is due to their academic bias. In other words, they seem too safe and sane to creatively imagine how fast this stuff could actually move. Which is also why so many academics were blindsided by November 2022. Still, I think the paper set up the questions pretty well, and it’s still interesting to see that many opinions in one place. MORE

From the paper (click for PDF)

💡The hardcore academic “ML” types are the people I’ve seen be the most wrong about AI and where it’s going. At least in my opinion; jury’s still out of course. The problem is the disconnect between the culture of academia and the insanity that is GenAI. Academics are high in rigor and caution, which is awesome for some things, but it’s a hindrance if you’re trying to think big and crazy. And big and crazy is what’s needed to play in the current game.

My recommendation is to think carefully about where you are, and where the people you follow are, on the scale of Creativity←→Rigor.

Don’t listen much to people who are like “AGI is 10+ years away, if ever.” Or, “What we have isn’t even real AI.” Or, “You can’t trust AI because it literally just makes stuff up.” People saying such things in an absolute sort of way are likely to either be low in OCEAN Openness and/or an academic.

Don’t bring math to a poetry contest, and don’t bring pessimism to an art contest.

Mark Zuckerberg has pivoted again. He was all about metaverse, and then he kind of went the AR way with Lex on his podcast, and now he’s all in on open-sourced AGI. He’s doing a massive acquisition of Nvidia's H100 GPUs, expecting to own over 340,000 by year's end. 2024 is going to be ridiculous. MORE

I agree whoever said we shouldn’t call a model open source if they only release weights.

It’s not fully open unless you have the data and methodology as well.

Still, very cool.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️ (@DanielMiessler)
Jan 18, 2024

Google's Circle to Search simplifies finding info on your phone by letting you circle an item on-screen to instantly search for it. Can’t wait for Apple and everyone else to copy this. Super cool. MORE

Shining black light in public places (FAR-UV) could help prevent the spread of airborne diseases, potentially reducing the likelihood and impact of pandemics. Studies show that far-UV light can kill 99.9% of coronaviruses and other pathogens in the air, offering a passive defense against a wide range of respiratory viruses. MORE

Wenquai slashed their AI costs dramatically by optimizing Mixtral with GPT-4. They managed to reduce their daily AI expenses from a steep $100 to less than a dollar. MORE

Apple finally passed Samsung in global smartphone sales last year. Despite a general market decline, Apple's shipments rose by 3.7 percent, while Samsung's dropped significantly by over 13 percent, contributing to Apple's lead. This is my surprised face. MORE

HUMANS

The FDA just cleared DermaSensor, the first AI device that can detect all major skin cancers, aiming to improve early diagnosis. The device, which uses elastic scattering spectroscopy to analyze skin lesions, showed a 96% true positive rate for detecting skin cancers in a clinical trial. MORE

The self-checkout trend is hitting a wall as stores like Walmart and Target scale back or ditch the machines after facing increased theft and higher labor costs. Dollar General's CEO admitted they've over-relied on the tech, and now plan to boost staff numbers at checkouts. MORE

💡I find it fascinating how sometimes tech and various movements try to jump too far ahead, too quickly, and then get pulled back. Sometimes only for a second, and sometimes for a long time. Work from home. Self-checkout. AI?

South Korea just rolled out a new visa for digital nomads, aiming to attract remote workers and boost its economy. The visa allows foreign residents to stay for up to two years, provided they earn over $65,860 annually and have comprehensive health insurance. MORE

Germany is doing something similar. They made it easier to get citizenship, aiming to attract global talent to fill job shortages. The new law reduces the residency requirement for naturalization from eight to five years and opens dual citizenship to all, not just EU and Swiss nationals. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

Everyone Should be a Thinker
One of my core beliefs is that it’s a stain on humanity that only certain people are considered to have thoughts worth sharing. I know this is just because we’re a young species, and it takes time to advance as creatures, and as a civilization. I get that. But it’s weird how civilizational retardation like this is considered normal while you’re living in it.

If you ask the average person what they think about the most important things in the world, like how to self-govern, free will, moral responsibility, the nature of reality, etc., they’ll blush and smile and make some sort of self-deprecating gesture. “That’s for the smart people to think about.” They think it’s for special people, like public intellectuals, people who write books or go on TV. It’s a travesty.

Human civilization will reach some modicum of advancement when it’s expected that every human on the planet is educated and empowered enough to not only have their own thoughts, but to believe those thoughts to be worthy of sharing. The fact that the percentage of people who believe that today is likely some obscene fraction of 1% should embarrass us all.

NOTES

I’ll be camping for the Apple Vision Pro at the Burlingame store on February 1st. I normally camp in the summer, so February will be a different experience for sure. If you’re insane like me, come say what’s up.

Loving this Classical album, Pamart: PLANET GOLD, and I’m sadly not much of a Classical person. MORE

DISCOVERY

🔥Moving from a Knowledge Economy to an Allocation Economy. MORE

You won’t be judged on how much you know, but instead on how well you can allocate and manage the resources to get work done.
Dan Shipper

🛠️Galah: an LLM-powered web honeypot using the OpenAI API | by Adel Karimi | MORE

🐞 Pfuzz — A Unix-style web fuzzer for finding security vulnerabilities. | MORE

🛠️ LAST - Scans code for security issues using OpenAI from the command line. | by Latio Tech | MORE

🔍 aifs — An AI filesystem tool for easy local semantic search. | by KillianLucas | MORE

Culture Change at Google (The Employee Isn’t First Anymore) MORE

Navigating American healthcare might not require insurance, as paying cash can sometimes be cheaper and more flexible. MORE

How People Left Twitter, and How It’s Going MORE

Powerful DALLE-3 Art Prompts MORE

Midjourney V6 Caricatures | by Allen T | MORE

🛠️ TweetFeed's return for the latest Indicators of Compromise shared by the infosec community by Daniel López | MORE

A Search for More ChatGPT/GOT-3.5/GPT-4 “Unspeakable” Glitch Tokens by MORE

Top Hacker News Books of 2023 MORE

RECOMMENDATION OF THE WEEK

Here’s a cool heuristic for gauging your own happiness.

Pay close attention to how the success of your friends makes you feel. Not intellectually, but viscerally. Immediately. Within 1 second of seeing evidence that they’re crushing it.

If it makes you smile uncontrollably, fist pump, and want to text them and hype them up, that means you’re healthy. Congrats.

If it stings, gives you a sinking feeling, or makes you angry…I recommend you talk to a therapist. This will destroy not just your relationships, but your life in general. It’s actual poison.

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶

Yours,

Like • 0 comments • flag

Published on January 22, 2024 13:23

January 17, 2024

UL NO. 415: It's Raining 9+ CVEs, 40% Job Loss from AI, Invisible Prompt Injection…

👉 Continue reading online to avoid the email cutoff issue 👈

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news—but why it matters, and how to respond.

✍️ ERRATA: Last week I wrote about plagiarism that I am not happy with. Basically, I implied that the president of Harvard did plagiarism that was real and significant (and confirmed), and that Neri Oxman did not. I think that was a pretty safe bet for the Harvard president because Harvard did an investigation and confirmed it. But after thinking more about this, I think it’s completely the wrong framing. What Mrs. Gay did looks to have “technically” been plagiarism, and Harvard obviously agrees, but I think the problem is that we need to disambiguate between sloppiness and stealing ideas. As an example, Both Gay and Oxman are considered to have plagiarized for using descriptions of a thing from someone else. Like definitions of things. And not like creative, innovative definitions. It was just helper language to make actual points. To not cite or reference in that case might be frowned upon, and it might be considered sloppy, but it’s not stealing ideas. Plagiarism should only refer to stealing ideas. That’s how I assumed it was being used, and what I assumed these two women were being accused of. As far as I can tell, neither women did it, and the entire thing is a witchhunt based on silly definitions that need to be revised. Anyway, the point is that me saying Gay plagiarized and Oxman did not was weak sauce, and I intend to do better in the future.

✍️ ERRATA: The cool robot I talked about last week was from Stanford, not Deepmind. Some coverage referred to it as a Deepmind project and that spread as truth, but the laptop in the demo had a Stanford logo and I should have caught that. Do better, Daniel.

TOC

wiz.io/lp/container-security-best-practices-cheat-sheet

INTRO

Hey there!

Happy short week (at least in the US). A few quick updates:

📹The episode of me going on Dave Bombal’s podcast just came out! I talked all about AI and how to integrate it with your life. Think of it like a teaser for the AUGMENTED class with a lot more production and a lot less content. Still a great view into the ideas, and with a number of demos!

Insights into my AI personal AI ecosystem from the David Bombal show

🏫 I did the first run of my AUGMENTED AI course this weekend and it was phenomenal. Super fun. People absolutely LOVED the content which was so rewarding, and the chat itself was its own feature. That’s to be expected I guess when you have a couple hundred of the hungriest and sharpest people in one place. Tremendous fun, and I learned a lot, so the next one will be even better!

🎒 Just went on my first walk with my new GO RUCK rucksack. Pretty cool that I can put 60lbs. in it and maintain an 11:30 minute mile with only a 92 BPM. Even jogged a bit and powerwalked and it still stayed below 110 when going at an 11 minute pace. I always loved rucking in the Army, and I think I’ve found a lifelong favorite exercise. Walking, listening to books, and doing it at a higher BPM due to added weight. All in the name of increasing VO2Max!

⚙️ Unbelievably hyped about this open-source project I’m getting ready to announce! It’s going to be so epic. The hint: “upgrading humanity”.

Also, I’ve been spending silly amounts of time upgrading my Vim configs and skills in the last few weeks. Like I’m still watching 10+ hours of Vim stuff a week, even after redoing my main configs for 2024.

After having put in all this work, I really wish I could edit in Beehiiv using Vim commands. Of course I could just write Markdown in Vim and bring it over, but I want both things: the Beehiiv content objects, and Vim power—all in one. If anyone has any thoughts, let me know.

Anyway, let’s jump in…

MY WORK

SECURITY

⚠️ Attackers found a way to bypass MFA and gain persistent access to Google accounts by stealing and extending the life of authentication cookies. What people often miss about cookie stealing is that it’s a complete auth bypass. It’s what you get after you authenticate with MFA! So if you steal cookies (properly), both your password and your MFA security are compromised for those sessions. This attack extended the lifespan of stolen cookies, which is super nasty. MORE

The NSA is leveraging AI to spot elusive Chinese cyberattacks on U.S. infrastructure that traditional security measures might miss. Rob Joyce, NSA Cybersecurity Directorate's director, highlighted AI's role in identifying subtle, 'living off the land' tactics used by Chinese hackers to infiltrate systems without deploying malware. MORE

💡To me this NSA story highlights that in both offensive and defensive security use cases, the main advantage of AI will not be its exceptional (superhuman) capabilities, but rather the ability to apply pretty-good-intern or moderate-SME level expertise to billions more analysis points than before. In large companies or government/military applications, we often don’t need AGI. What we need is 10, 100, or 100,000 extra interns.

📄NIST put out a Taxonomy and Terminology paper for attacks against AI. TELOS is the name of UL’s internal AI system I’m building, and here’s its breakdown of the report:

A Micro-summarization of the full NIST report

MORE | DIRECT PDF REPORT LINK

My buddy Joseph Thacker has been doing a deepdive on a new “invisible prompt injection” technique against LLMs. The technique involves inserting hidden commands into AI prompts, which can lead to unexpected and potentially harmful outcomes. I’ve not looked deeply at this yet, but Joseph has, and he’s awesome. Check it out. MORE

Sponsor

Advanced Container Security Best Practices (Cheat Sheet)

Want to uplevel your container security strategy? This cheat sheet explores advanced techniques that you can put into action ASAP. Use this resource as a quick reference to ensure you have the proper benchmarks in place to secure your container environments.

What's included in this 9-page cheat sheet?

Actionable best practices w/ code examples + diagrams

List of the top open-source tools for each best practice

Environment-specific best practices

Get the Container Security Sheet

Vulnerabilities

Holy crap with the 9.5+ vulns recently.

🚨Confluence RCE Alert — Atlassian warns of a critical RCE flaw in older Confluence versions. | CRITICAL | CVE-2023-22527 | CVSS Score: 10.0 MORE

🚨GitLab Account Hijack Risk — GitLab warns of a zero-click flaw that could let attackers take over accounts. | CRITICAL | CVE-2023-7028 | CVSS Score: 10 MORE

🚨Critical Juniper Flaw — Juniper Networks is patching a severe RCE vulnerability in its firewalls and switches. | CRITICAL | CVE-2024-21591 | CVSS Score: 9.8 MORE

🚨SonicWall Vulnerability Alert — Over 178,000 SonicWall firewalls Update firewalls have DoS and RCE potential due to a number of vulnerabilities. | CRITICAL | CVE-2022-22274, CVSS Score: 9.4 MORE

👇One of the more exciting vendors in threat intelligence I’ve seen in a while!

Sponsor

Get Ahead of Threats: Continuous Threat Exposure Management

Flare automates monitoring & remediation across the clear & dark web to detect high-risk exposure before threat actors have a chance to leverage it.

Get actionable intelligence that cuts through the noise of data from public GitHub repositories, infected device markets, illicit Telegram channels, etc. Integrating into your program in 30 minutes, the platform empowers practitioners of all levels.

👉hi.flare.io/unsupervised-learning👈

Start Your Free Trial

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

It’s the beginning of 2024 and lots of tech companies are still cutting jobs. I have my own theories about why this is happening but I worry that I see everything through my own lenses and try to fit the data to my internal narrative, so I’ll hold off for now. Plus it’s no-doubt multiple things happening at once.

Unity MORE

Twitch MORE

Discord MORE

Google MORE

Cloudflare MORE

💡Ok, lol, I’ll tell you what the narrative is, and it’s one I’ve shared before. It’s basically the Alaskan Fishing Boat effect. But there was also overhiring in the pandemic, and lots of stuff happening in the economy that nobody understands, so I am hesitant to say how much of the effect is a general corporate change of perspective on employees. I definitely think it’s a factor, though. Basically, a swinging of the pendulum away from “we’re so lucky to have you” to “you work for us and we’ll get rid of you if you’re not amazing.”

Cybersecurity companies saw more deals in 2023 but pulled in 40% less cash than the year before. While the number of funding rounds jumped to 346 from 303, the total raised was just $8.7 billion, down from $14.5 billion in 2022. MORE

💡My favorite resource for this analysis is my friend Mike Privette’s Return on Security. He’s like the Nate Silver of Cybersecurity Market Intelligence. GET IT

YouTube is completely crushing it on podcast adoption, and it’s adding RSS functionality to get even more. 28% of weekly podcast listeners prefer YouTube for their podcast listening, outpacing Spotify and Apple Podcasts combined. Super surprising to me, but I do find myself using it more as well. Side note, I think Spotify is screwed. Between YouTube and Apple I don’t think they have anything unique. MORE

HUMANS

👀 The IMF is warning that AI could affect 40% of jobs, intensifying inequality. Interestingly they say it’ll have less impact in less advanced countries, which I guess makes sense given that the major attack surface is knowledge work. MORE | THE IMF REPORT

Taiwan’s election went in favor of independence from China. Woohoo! This is great for the West, but bad for local security tensions. MORE

NASA wants to send swarms of tiny probes to Proxima Centauri using laser propulsion. The Swarming Proxima Centauri project, a collaboration between Space Initiatives Inc. and the Initiative for Interstellar Studies, aims to propel gram-scale probes to a significant fraction of light speed with a 100-gigawatt laser, potentially reaching our nearest stellar neighbor by 2075. MORE

Another study has challenged the idea that 10,000 hours of study is all you need to become a top-level expert. Essentially it found that practice matters, but at the highest levels it’s more about natural talent. But we knew that already, didn’t we? MORE

The top 10% of U.S. households now hold a staggering 93% of the country's stock market wealth. MORE

A recent poll shows a majority of Americans believe in entities like aliens, ghosts, and the devil. The survey found 56.9% believe in aliens, 61.4% in ghosts, and 70.3% in the devil, with belief in God at 85.4%. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

DA + Data + Display = AR

From AI’s Predictable Path

One of the things I’m most interested in with AI is actually AR. What does AI have to do with AR? Easy. It is a natural output of the combination of:

Data being available about a thing, from whatever source

A display of some sort that can show you the data overlaid on reality

An AI that can decide how and what to display given the context

Let’s look at some examples:

The temperature of stuff, in a kitchen

The battery charge levels, in a house

The last time since someone’s eaten, on a human

Speed, on a car

Expiring food, on a refrigerator

Danger level, on a street or intersection, or market, or map

This will be one of the biggest tech upgrades to human life, and it rhymes a lot with metaverse. But really it just requires these individual pieces to get far enough, and then to start working together.

The data needs to be available. We need the screens/lenses/projectors. And we need the AI to collect and display the data for a particular user/audience based on context.

Managing My Personal Sloppiness Level
The biggest weakness of my writing going back to 1999 has been too much sloppiness and not enough vigor. Well, “enough” is not the right word, as we’ll see below.

The least important level of sloppiness is just spelling and grammar, but more problematic levels are not calling out previous work when I release something new, waiting to release the best version of an idea instead of just being exciting and releasing an early version, not creating a list of opposing viewpoints, or supplemental reading. These are all things that I wish I could do (and soon will be able to do because of AI!).

I’ve always believed I had the right balance, and I still think I do. And here’s why: The Ideas Are What Matter. I’d rather put out a million different ideas and have people thinking about them, coming up with their own, and thus contributing to total creativity—than to go slower with a lot of vigor.

To be clear, I would rather be someone who could do both. But if I have to choose, I choose the quality of the ideas vs. the quality of the presentation—at least for the mass volume day-to-day. For big ones, like my recent post, or a book, I think it’s better to go more towards rigor.

Basically, ideas generate ideas, and I don’t want to slow that down for anything! There’s a limit to that, though. Let’s make up a number. Let’s call it 9%.

9% slop at ludicrous idea speed!

That’s been my preferred setting for most of my writing career, and it’s resulted in my current situation. I wouldn’t have it any other way, other than a way in which my discipline didn’t slow me down. I wish I were that guy, but I’m not. When an idea comes, I have to get it out there. I don’t have a writing staff. I don’t have a team of writers. It’s just me. Always has been.

I think most people need to increase their slop. Ideas matter more than perfection. But some people are both sloppy and don’t have many ideas, which is a bad combo. Like I’m willing to read a mess (like this mini-essay for example), if it has something in it. But I’m not getting meat from it, all the spelling and grammar issues magnify in my mind.

Anyway, the point of mentioning all this is that AI is coming. AI will clean up your ideas anyway. AI can help you write faster and better.

So focus on your ideas! Don’t go full-slop, of course, but open up the engine a bit. Increase your slop. I think it’s better to be known for being thoughtful and kind and helpful, but a bit rough around the edges, than to be known for being perfect but without original creativity or ideas.

And most importantly, it’ll be considered a major regret if you could have had all that content out there, which helped you think and interact with people, but you didn’t do it because you couldn’t be rigorous enough. I’m looking at you, my European friends!

Ideas. Creativity. Think. Write. Share. Put it out there. Being perfect is getting less important, not more. Not only because the ideas are mattering more, but because AI can help us make anything perfect.

Get after it.

NOTES

It’s often hard to know when to leave something in the Ideas section vs. making it a full post. I should move those over at some point. But to the point of the essay above, get the idea captured first, then worry about optimization!

The moment Trump left office I told everyone, and stated publicly, that he’d be back and stronger than ever. Everyone told me I was crazy. Well, he just crushed Iowa without even trying. And that’s a state he didn’t even win in 2020. I’m going to do a longer piece on how I think his rise is simpler than it appears.

DISCOVERY

A Collection of Postmortems MORE

🐍 SSH-Snake — A tool for automated, fileless SSH network traversal that self-propagates and replicates. | by MegaManSec | MORE

🛠️ jqfmt — A tool that formats jq scripts similarly to how gofmt formats Go code. | by noperator | MORE

What Happened in the Cybersecurity Market in 2023 | by Mike Privette | MORE

🔍 awsScrape — A tool for scraping AWS IP ranges to find specific keywords in SSL certificates. | by jhaddix | MORE

🌌 Stellarium — Real-time sky rendering for astronomy enthusiasts. | by StellariumDev | MORE

📂 oil.nvim — A Neovim plugin that lets you manage files directly within the editor, streamlining your workflow. | by stevearc | MORE

🛡️ LLM-Powered Security Tool — Use AI to prioritize and fix vulnerabilities with NIST and CISA data.| MORE

🐰 Rabbit R1 — Teenage Engineering's latest creation is a sleek, tech-forward device. Probably the most hyped thing coming out of CES. | MORE

📖 'Meditations' Modernized — A new video translates Marcus Aurelius's Stoicism into today's language.| MORE

🤩How Discord Serves 15M Users on One Server MORE

The Seneca Effect suggests that while growth takes time, collapse can happen swiftly. MORE

🔥Terminal Smooth Scrolling. Yummy. Already added to my config. MORE

Feynman talks about how he got burned out and ended up getting his Nobel prize because he found a way to make physics fun again. MORE

Optimal Fraud Level MORE

RECOMMENDATION OF THE WEEK

Check out my appearance on David Bombal’s podcast. It’s the best video form illustration of what I’ve been working on for the last year. WATCH IT

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶

Yours,

Like • 0 comments • flag

Published on January 17, 2024 08:00

January 8, 2024

UL NO. 414: LastPass Settings Upgrade, Boosting ChatGPT Output, AI Adding Societal Transparency

👉 Continue reading online to avoid the email cutoff issue 👈

TOC

wiz.io/lp/the-2023-kubernetes-security-report

INTRO

Hi!

Super hyped for this week. I’m making great progress on adding stuff to my AUGMENTED AI class, which I’m giving live on Saturday. We’re closing signups on Wednesday, so get in while you can! RESERVE A SLOT

I’ve also got a ton of work done on my big open-source AI project I’ve been telling you about for a while! And I’ll be releasing that probably next week! I cannot wait to share this thing!

Alright, let’s get into it.

MY WORK

AI’s Predictable Path: 7 Things to Expect from AI in 2024+
My latest essay on where AI is heading, based not on trying to guess future tech, but based on looking at what all humans want. READ IT

My Response to Cory Doctorow Saying AI is a Bubble
Cory Doctorow thinks AI is a bubble and that it’s going to blow up soon. I think he’s right about a lot of valuations and gimmicky companies, but very wrong overall. READ IT

SECURITY

LastPass is mandating at least a 12-character master password after last year's security situation(s). Updates also include checks against breached credentials and other protections against credential-stuffing attacks. MORE

Mandiant’s X account got taken over, which is a bit embarrassing for a security company as well-respected as them. It’s not clear yet what the failure was, i.e., whether it was a password/2FA issue or a vulnerability like the XSS/CSRF one reported by Chaofan Shou. Mandiant is now part of Google. MORE

👋 Reminder to please check out our sponsors each week. They help us keep the newsletter and podcast as a viable business model, and are often sharing some pretty cool stuff. 🫶🏻

Sponsor

🚨Unveiled: The 2023 Kubernetes Security Report🚨

Dive into the unseen depths of Kubernetes security with our latest findings! Our comprehensive scans of 200,000+ cloud accounts reveal a startling landscape of exposed containers ripe for the taking.

🔍 Inside, you'll unlock:

Expert analysis of Kubernetes attack vectors

In-depth breakdown of Kubernetes attack chains

Current statistics on security controls and mitigations

The best defenses against cloud attacks

It’s a current playbook on the best ways to address cloud threats.

🔗 Secure Your Insights:

🔑Access Your Blueprint to Cloud Security Now!

⚠️ Stealthy AsyncRAT Attacks — US infrastructure has been targeted by AsyncRAT malware for 11 months. | SEVERITY: HIGH | RESPONSE: AT&T Alien Labs provides detection tools. MORE

Drones are becoming a go-to method for smugglers to transport drugs across borders. According to a Vice report, these unmanned aerial vehicles are increasingly being used to bypass checkpoints. MORE

🏥 HealthEC Data Breach — Over 4.5 million individuals had their personal data exposed in a breach at HealthEC. The compromised data includes sensitive information, which is always concerning. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

🤖 Some folks at Deepmind created a completely insane new robot. It does a lot of the stuff that we’ve seen promised for years, like cooking, cleanup, etc., and it’s all running off of consumer parts and compute. The demo video is a must. MORE

💡As big as AI is going to be, it’s nothing compared to that same AI inside of a household robot. TESLA is betting big on this, and so am I. Virtually everything about AI is made better by being in a physical form, but this is especially true for companionship, elderly assistance, and use cases like that. Being a security guy, however, I really do worry about the threat model here. Remote access and RCE to these things will be nightmare fuel.

📄 Principled Instructions Are All You Need Paper — A new paper is out describing how to get a stable 50% improvement in ChatGPT output. They provide 26 different techniques to get there. MORE

From the linked paper.

OpenAI's GPT store, a marketplace for custom AI agents, is set to launch this week after some delays. The platform will enable ChatGPT Plus and enterprise subscribers to create and sell personalized chatbots, and the more people download and use your GPTs, the more you get paid. MORE

Google is pushing to remove third-party cookies from Chrome in 2024, which critics are saying is way too fast. Critics argue that the industry will need far more time to get ready, and that solutions like Google’s Topics aren’t ready yet. Topics works by collecting things a given user is interested in and sharing that list, rather than sharing browsing history. MORE

💡 This Google Cookies thing is starting to feel a lot like a lot of their product rollouts, i.e., rushed and half-baked. The difference in this case is that it could cost them a LOT of money if they mess this one up. And potentially set the whole anti-3p-cookies effort back years.

Flush is an app that lets you book a cafe's bathroom for $5, aiming to solve the public bathroom problem. The app, created by Elle Szabo, offers a double-sided marketplace where businesses can list their restrooms for rent and users can reserve them, with Flush taking a 5% cut. MORE

Starlink just launched satellites that'll let you use your LTE phone from almost anywhere. It’s a partnership with T-Mobile to cover dead zones, and the service is expected to roll out by the end of 2023, starting with messaging and expanding to voice and data. MORE

Apple's Vision Pro headset might hit stores as early as January 2024, which means I should get ready to get in line. MORE

Microsoft believes so strongly in AI that they’re going to put a dedicated key on Windows keyboards. They’re calling it a Copilot button, but I think that’ll end up getting more generalized to the assistant button. Clippy in just one click. MORE

HUMANS

China's Ministry of State Security is cracking down on military fans sharing photos of army equipment online, threatening up to seven years in prison. MORE

Suicide rates among Gen Z, particularly girls, are climbing across English-speaking countries. The data shows a worrying trend, with suicide becoming a leading cause of death for young people in these regions. MORE | MY PIECE ABOUT PURPOSELESSNESS

From After Babel

The US economy outperformed on jobs by adding 216,000 positions in December. MORE

Gallup's latest poll reveals just 28% of Americans are satisfied with democracy, a new low. The drop from 35% follows a trend across all political affiliations, with Democrats at 38%, Republicans at 17%, and Independents at 27% satisfaction. The Republican trend line is super interesting, with them starting the highest and ending the lowest. MORE | MORE

Starbucks is now letting you use your own cup for drive-thru and mobile orders to cut waste. Starting January 3, 2024, the initiative is part of their goal to slash waste by half by 2030, making them the first national coffee chain to offer this option. MORE

Most Americans still reject the Jan. 6 Capitol riot, but a CBS News poll shows Republican disapproval is slipping. Three years on, 78% of Americans condemn the insurrection, yet Republican approval has grown from 21% to 30%. 30%. MORE

💡So just to be clear, Republicans currently have 17% support for Democracy, down from 80%, and 30% support for the January 6th riot, up from 21%. I get their point about the system and the Left, being broken. But authoritarianism ain’t it, my guy. Goodness.

California's courts have ruled that police drone footage isn't automatically off-limits to public records requests. The decision marks a win for transparency, as it clarifies that footage from police drones can be requested under the California Public Records Act (CPRA), rejecting the argument that all such videos are exempt due to investigative purposes. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

Coming for Neri Oxman
There’s a witchhunt for Neri Oxman for some stupid reason. Business Insider wrote an “article” claiming she plagiarized part of her dissertation. But if you look at the actual claims, it’s like forgetting some quotes for someone she had already heavily quoted and cited numerous other times in the paper. It’s complete garbage. What I don’t get is the reasoning.

Like who thinks this is helpful to anyone? One possible reason is that her husband, Bill Ackman, had gone after the Harvard president for doing actual plagiarism, so someone decided to counterattack with the full force of the media. Super gross. Can’t wait for this kind of trash to be made transparent by armies of AI research bots.

And I know—I’m like seeing AI as the solution to everything—but there are lots of things AI won’t help, or will make worse. But in this case, we really do need to see connections between things that are virtually opaque due to complexity. Like I’d love to instantly know the backgrounds and political leanings of everyone who writes hit pieces on a given person—of any affiliation—combined with a sequence of events in time, combined with the claims made, etc.

AI will be exceptionally good at finding possible motives and plots in such things. And it’s not the type of thing that humans can do well. It’s too many threads, too many things to research, and then assemble, and then put together into a narrative. AI will do all that for us in minutes, and it’ll do it continuously.

Sure, it’ll also help people find connections and conspiracy in places where there is none. But that’s ok, because most other AInalisys will find that the connections are tenuous, and the conclusion is a stretch.

Anyway, these charges are crap, and I’m very tired of political takedowns of people just because they can. MORE | MY PIECE ON AI BRINGING TRANSPARENCY | GARBAGE “REPORTING”

NOTES

I’m playing a lot more with local AI models lately. Lots of Ollama but also oogabooga’s web UI for Hugging Face models. I’m going to be integrating these into my AI framework/ecosystem soon. GPT-4 is still king, but lots of use cases don’t need the king.

DISCOVERY

🎓 VIM for Pentesting — Tom Hudson, known as tomnomnom, teams up with STÖK to teach security people how to level up their command line game. This one is from like 2019 but it’s still one of the best videos of its kind. | by stokfredrik | MORE

🛠️ CrewAI — A new agent framework for creating different agents in different roles, and having them interact to produce an output. It’s like Autogen, but I think I like the structure better. MORE

Defining a Writer in CrewAI

🛡️WhiteRabbitNeo-13B — A fine-tuned version of Llama2 that allows you to ask both offensive and defensive security questions. MORE

🖥️ asitop — A super badass Python-based CLI tool for monitoring performance on Apple Silicon Macs, inspired by nvtop. | by tlkh | MORE

aistop output

🧐 Preparing for Security Engineer Interview — TryHackMe offers a comprehensive guide for security engineer interviews, blending general advice with technical sample questions. MORE

⏱️time cat — A super low-rent stopwatch for the command line. You run time cat and you CTRL-c when you’re done, and it tells you how long that was. lol | HT to Charlie Campbell for the tip.

🛠️ github-blog — Transform GitHub issues into a blog content management system with just an API. | by Renato Ribiero | MORE

🔗 Webmention.app — Automate sending web mentions for links on your site with this simple API. | by colindean | MORE

📱 Offline Chat Private AI — This app lets you run the powerful Mistral 7B 0.2 LLM on iPhone Pros, all without an internet connection. | MORE

Ivan Tolkunov built an AI to spot AI-generated images using a resnet-based model with FastAI on an M2 MacBook Air, hitting over 99% accuracy in testing. MORE

🟩 Greenphone — Create greenscreen prompts in Midjourney for custom art placement within an image. MORE

✍️ Typefully — A tool that makes tweeting easier with smart tips and automated features. Still messing with it, but I’ve heard amazing things about this one. MORE

📓 Weekly Wins Planner — A fresh template to help you organize your weekly achievements and ensure they align with your quarterly goals. It's a practical tool for staying on track. MORE

📄 Challenge Bowl Icebreakers — Looking to spice up team meetings? This free Challenge Bowl icebreaker template offers a creative way to engage team members with questions and activities that build camaraderie. MORE

The Antilibrary — A bookshelf of stuff you haven’t read yet. MORE

Potheads, Planners, and Players — Different ways to approach projects. MORE

RECOMMENDATION OF THE WEEK

Remember that goals don’t win us anything, which is why New Year’s resolutions seldom work. It’s all about the systems.

The algorithm for winning is:

Start with your goals

Build systems that will get you to those goals

Execute on the system

Another word for system is: routine. So it’s not about what you want to do, or set out to do. It’s about what you actually do, day-to-day, throughout the year.

So build the ultimate system/routine for 2024. That should be the top priority. Build the routine that—if you follow it—will result in you accomplishing your goals for the year.

No better time to do this than early January!

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶

Yours,

Like • 0 comments • flag

Published on January 08, 2024 11:27

January 2, 2024

UL NO. 413: 7 Things to Expect from AI in 2024+, Xi Going Stalin, SSH's Terrapin…

👉 Continue reading online to avoid the email cutoff issue 👈

TOC

INTRO

Welcome to 2024!

This year is going to be insane, and I’m choosing to frame that as a good thing.

Between international security, politics, and AI, I think there is going to be so much chaos that it’d be easy to despair from all the uncertainty.

Let’s not do that. Let’s do the opposite. Let’s take that chaos and uncertainty and choose to become excited rather than anxious.

Amidst all this craziness, there’s never been a better time to become who you were meant to be.

I’m honored and grateful to be grinding here alongside you.

Yours,

Wrote a ton during the break.

MY WORK

AI's Predictable Path: 7 Things to Expect From AI in 2024+

This first one is the longest and most in-depth thing I’ve written since I started writing online in 1999. It’s a nearly 9,000-word, illustrated deep-dive of what I think we’ll demand as humans from AI.

danielmiessler.com/p/ai-predictable-path-7-components-2024

Cory Doctorow is Not Even Wrong About the So-called "AI Bubble"

Doctorow got it so wrong with this one, and I make a full argument showing how.

danielmiessler.com/p/cory-doctorow-not-even-wrong-socalled-ai-bubble

LFTM: 'Looking Forward to Monday' is the Metric for 2024

This is the metric I recommend you use going into 2024, and consider making changes if it’s not where you want it to be.

danielmiessler.com/p/lftm-looking-forward-monday-metric-2024

This is the last week to register for my live AI Course, which will take place on January 13th.

Reserve a limited slot

🚨I am running a space-limited 3-hour AI course called AUGMENTED on January 13th and 12PM PST. Here’s what it covers:

My Approach

What I want from AI (the problems I’m solving)

My framework / approach for solving them

A live demo of multiple workflows

Architecture Overview

The tech stack that I’ve built

My prompt/templates approach and lessons-learned

Guides

A step-by-step for building the server-side infra

A step-by-step for building the client-side infra

Hosting recommendations

Outputs

The full guide to building my stack for yourself

Multiple full-text copies of my actual modules

A set of ideas you can use for different professions and areas of focus, e.g., security, writing, copywriting.

Basically, by the end of the 3 hours, you’ll be able to build a copy of my AI ecosystem for yourself.

The course will be limited in attendance, and early access prices start at $495. The date will be announced soon for the middle of January 2024.

Super excited to share my full philosophy, ecosystem, and workflows, and now I have the avenue to do that!

UL Subscribers can get early subscriber access for $445. GET YOUR SPOT

UL Members get a full $200 off the course, bringing it to $295! BECOME A MEMBER

SECURITY

SSH is vulnerable to a novel data corruption attack called Terrapin. It’s basically a way to force SSH to behave in an insecure way, so you need to patch or adjust your configs to fix it. I was going to just recommend a specific set of ciphers, but it’s more complex than that. Look at your specific stack and get your vendor patches installed as quickly/safely as possible. MORE

Julian Hazel at the University of Oxford showed that LLMs can iterate rapidly to produce realistic spearphishing emails at minimal cost. MORE

People are freaking out about Clear doing facial recognition for sign-ins. It’s crazy to me how many infosec people don’t realize the difference between having some random vendor-specific image of your face, vs. having your actual face. Someone can’t break into third-party B’s systems using third-party A’s picture of your face. And especially not with a third-party A’s digital hash of third-party A’s picture of your face. MORE | WHY BIOMETRIC DATA BREACHES WON’T REQUIRE YOU TO CHANGE YOUR BODY

💡It’s the same with fingerprints, by the way. And voice. Where it gets weird is when it’s a human doing the authentication, such as when someone tricks your mom into sending money because she thought it was you calling.

But for machines, they’re going off of mathematical representations of a picture of you, not the actual you. This is why stealing “biometric authentication data” isn’t nearly as bad as most people think it is.

Verizon's been caught again sharing customer data with anyone who asks, without any real checks in place. This is an overall problem at all these operators, not just Verizon, btw. A stalker recently obtained a victim's address and call history by posing as a police officer with a fake email. MORE

Scammers on Telegram are using doctors' identities to sell fake vaccination documents. A disinformation detection firm found about 60 channels on Telegram pushing bogus Covid-19 vaccine certificates, reaching over 3 million people and netting $286,000 in cryptocurrency. Cool article, but I feel like it’s a little confused about who’s getting scammed. MORE

Rite Aid got a five-year ban on facial recognition tech by the FTC for mishandling consumer data and causing harm. The FTC found that Rite Aid's surveillance program was full of errors and biases, leading to false accusations against customers, including an 11-year-old girl. They’re being forced to delete the collected biometric data and implement a robust data security program to prevent future violations. I honestly love how aggressive the government is getting in cases like these. MORE

Xi Jinping's regime is reportedly executing a Stalin-esque purge, targeting even his closest allies. High-profile disappearances include China's foreign and defense ministers and top military officials, some of whom reportedly died in custody or vanished without explanation. MORE

Lt. Gen. Timothy Haugh has the green light to lead the NSA and Cyber Command. MORE

Vulnerabilities

🪳pfSense Vulnerabilities Found — Multiple flaws in pfSense firewall software could let attackers run commands. | HIGH | CVE-2023-42326 | CVSS Score: 8.8 MORE

🚨 Terrapin SSH Vulnerability — A new attack called Terrapin can compromise SSH channel integrity by manipulating protocol operation. | CRITICAL | CVE-2023-48795, CVE-2023-46445, CVE-2023-46446 | MORE

Incidents

⚠️ Xfinity Data Breach — Comcast confirms a CitrixBleed hack compromised data of nearly 36 million Xfinity customers. | SEVERITY: HIGH | RESPONSE: Customers must reset passwords, and two-factor authentication is recommended. MORE

⚠️ Nissan Cyberattack — Nissan got hit by a ransomware group claiming they've snatched 100 Gb of data. | SEVERITY: HIGH | RESPONSE: Working to identify impacted information and has notified authorities. MORE

⚠️ Ubisoft Security Alert — Ubisoft is probing a potential breach after internal data leaks surfaced online. | SEVERITY: HIGH | RESPONSE: The company is currently investigating the incident and has not shared further details. MORE

⚠️ GTA 5 Code Leaked — GTA 5's source code got leaked online right around Christmas. | SEVERITY: HIGH | RESPONSE: No official response from Rockstar yet. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

Waymo's latest safety data reveals its driverless cars are significantly less likely to be involved in injury-causing crashes compared to human drivers. Such a massive win for autonomous driving, while we constantly hear of fails from Tesla and Cruise. Over 7.1 million miles of autonomous driving, Waymo reported only three minor injuries, while humans are estimated to have a three to nine times higher chance of injury crashes in the same conditions. MORE

The UK Supreme Court has ruled that AI systems cannot be recognized as inventors of patents. In other words, only a natural person can be an inventor, which is fine, except it won’t stop inventors from using armies of inventor/documentation agents from not only coming up with ideas but writing and submitting all the paperwork. In the name of the human. MORE

💡How are we going to tell the difference between a human having X output vs. having an army of AI Agents working for them behind the scenes producing that output for them? We won’t.

I mean if someone writes 300 book reports over the weekend they probably used their agent farm to do so. But the more interesting bit is that we won’t care. It’ll just be the norm. Everyone operating at the top tiers of any game will be a(I)ugmented with their own fleet of aigents behind them.

The API economy, now valued in the trillions, and faces complex regulatory challenges with the integration of AI. Just in time for my API-ification of everything take. If you think it’s a big market now, wait until it’s the fabric for all business. MORE | THE API-IFICATION OF EVERYTHING | A THRIVING ECOSYSTEM OF DA MODULES

China's coming down even more on the gaming industry, setting new rules against daily login rewards and pay-to-play incentives. It’s extraordinary and frightening to me that China has this much control over their population. And I can't help but feel like we’re at a massive disadvantage against them because of it. MORE

New research from Apple shows how they plan to bring (hopefully way better than Siri) AI features to the next OS and iPhone hardware, including creating lifelike animated avatars and running complex language models directly on the device. Cannot f-ing wait for the iOS 18 announcements and betas this year! MORE

Sam Altman is backing Retro Biosciences with $180 million. The startup's ambitious goal is to extend human healthspan (Peter Attia’s term) by a decade. MORE

Google's AI tool, Performance Max, has reduced the need for specialized ad sales roles by automating ad creation and scaling. Various articles are saying up to 30,000 jobs are being cut at Google as a result. MORE

Tesla released its Optimus Gen 2 robot, which has improvements in speed, weight, and agility over the previous gen. This new model is 22 lbs lighter and 30% faster, with enhanced movement capabilities across its 35 degrees of freedom. MORE

HUMANS

Japan's western coast was on high alert after a 7.6 magnitude earthquake triggered tsunami warnings and calls for immediate evacuation. The Japan Meteorological Agency issued a major tsunami warning for Ishikawa, with potential waves up to 5 meters high, and lower-level advisories for other western coastal areas. MORE

Biden just pardoned every American who's used marijuana, even those never charged. The pardon covers federal and D.C. offenses for personal use but excludes sales and DUIs. MORE

Nearly half of young Americans are living with their parents, which are numbers we haven't seen since the Depression. Last summer, the Pew Research Center reported that 52% of 18 to 29-year-olds (around 27 million) were living at home, the highest since the 1930s. MORE

The latest PISA report suggests a strong link between phone use and plummeting student test scores. Students spending less than an hour on phones at school scored significantly higher in math, with a 50-point difference compared to those on screens for over five hours. MORE

AI now spots childhood autism with 100% accuracy just by scanning kids' eyes. The study involved 958 children and used deep learning to analyze 1,890 retinal images, half from kids already diagnosed with autism. MORE

High doses of Vitamin D might help your body use extra calories for muscle growth instead of storing them as fat. The study suggests that increased Vitamin D intake can influence how the body allocates calories, potentially favoring muscle over fat storage. They put normal at 2,000 IU a day, and high at 10,000 IUs. I was at 10K a day and went back down to 5K. Maybe I’ll go back up. MORE

Volkswagen is bringing back physical buttons due to customer pushback on touch controls. MORE

Apple's next-gen CarPlay is starting with Porsche and Aston Martin, offering a more immersive experience that extends to the entire dashboard. The new system allows for vehicle-specific themes and integrates with car features like radio and temperature control. Really wish I could get this on a Tesla, or that BMW made something as good as Model Y. MORE

The EU has agreed on significant migration reforms, including streamlined deportations and detention centers at borders. The pact is trying to balance migration pressures across member states, but faces criticism from refugee rights groups. MORE

US homelessness has spiked to its highest level since 2007, with a 12% increase from last year. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

I happily put them all in essays during the break!

NOTES

My favorite vim tip of 2024: change your file editing alias to “v” or “e”. One character. I have been using “vi” for years, thinking I was smart. If you’re going to use two characters instead of “nvim” (4), why not 1 instead of 2? MORE

DISCOVERY

⚙️ My Dot Files — I posted a repo of my nvim configs which are customized Lazy, plus a slightly customized zsh theme. MORE

💻 Therm — A stripped-down iTerm2 fork that prioritizes minimalism and improved defaults. I want to use it but I’m a bit scared, honestly. Somebody convince me. | by pancake | MORE

📚 The Primal Hunter Series — This is the LitRPG series I’m currently reading. MORE

🐬 Ollama.ai — Ollama is a super easy way to play with local models. Just go get Ollama and pick this model dolphin-mixtral. Quite strong. | by Eric Hartford | MORE

🔗 ngocok — A free alternative to Burp Collaborator using ngrok for security testing. | by dwisiswant0 | MORE

💬 Talk2Arxiv — Chat with academic papers using this open-source tool that parses and understands PDFs. | by evanhu1 | MORE

Anders Borch shares experiences from interviewing hundreds of software engineering candidates. | by Anders Borch | MORE

Butterfly Ideas: Protecting Fragile Thoughts MORE

Hacker News Activity Analysis with a GPT-4 Agent MORE

SQL as an API Strategy MORE

How to get Stable Diffusion to generate consistent characters | by Chase Lean | MORE

🔥The iPhone’s Notes App Is the Purest Reflection of Our Messy Existence MORE

Writing Code Is the Same Thing as Writing Prose MORE

📝 FigJam's Self-Evaluation Template — As the year wraps up, FigJam offers a free self-evaluation template to help you reflect on your accomplishments and areas for improvement, setting you up for success in the coming year. MORE

🎙️ Oliver Burkeman brings a refreshing perspective on productivity, reminding us that a fulfilling life isn't about squeezing productivity out of every moment. MORE

You Don’t Need Analytics on Your Blog MORE

Life's Little Upgrades MORE

How I Work MORE

Google Podcasts is Shutting Down MORE

I Just Need a Programmer MORE

Keep a "brag document" to track and share your work accomplishments. | by Julia Evans | MORE

RECOMMENDATION OF THE WEEK

Think about what you were supposed to become as a person.

Ask yourself, going into 2024, if you are that.

Realize it’s 100% ok if you aren’t. Hardly anyone is. I’m definitely not.

But most importantly, ask yourself if you’re on the path!

If you aren’t, and you don’t have a plan to get there, or you’ve convinced yourself to settle for something lesser, reject that. Don’t give in. Don’t settle. Resist. Battle. Fight.

Recommit to becoming who you were meant to be.

As a huristic, ask yourself if you look forward to Mondays. If you don’t, it might be because you’re not working towards becomnig that person, or because the way you’re spending your time isn’t a good path for doing so.

This is the perfect moment to think about how to change that.

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶

Yours,

Like • 0 comments • flag

Published on January 02, 2024 09:17

January 1, 2024

Cory Doctorow is Not Even Wrong About the So-called "AI Bubble"

Doctorow just wrote an uncharacteristically shortsighted essay asking whether there would be anything left over after AI’s bubble bursts.

Here’s an excerpt:

He makes some decent points about silly AI startups in the piece, and I, of course, agree that most of those will die off soon.

The scale of inefficiency

But if you agree with him that this entire AI boom is actually a bubble, and would like to know why I think differently, ask yourself this question:

In other words, what challenges currently limit the number, size, efficiency, and scale of startups and enterprises—especially those pertaining to creating and executing business ideas?

It’s hard to capture perfectly, but let’s make a quick list:

Most businesses do not have standardized internal processes

Even for companies that do, it’s almost impossible to implement those processes at scale across the company

Most companies cannot scale their sales operations

Most companies cannot scale their support organization

Most companies aren’t good at finding and keeping the right people

Most companies cannot scale their marketing efforts

Most companies cannot scale their vision/strategy leadership talent that come up with innovative ways to deal with market conditions

So let’s further break this down as:

Strategic Cohesion

Keeping everyone updated on direction

Keeping everyone motivated on direction

Process Standardization

Policy creation

Policy following

Keeping everyone updated and synchronized

Ease of updates for new processes and policies

Hiring and Performance Management

Finding the right people

Vetting them properly

Keeping them invented to do quality work there

Getting rid of those who stop performing well

Sales Operations

Everyone knows what we sell

Everyone knows the customer they’re selling to

Everyone knows how our product can help them

Consistent testing and iteration process

Consistency, quality, persistence

Ease of updates for new products

Marketing

Everyone knows what we sell

Everyone knows the customer they’re selling to

Everyone knows how our product can help them

Creativity in marketing copy

Consistent testing and iteration process

Consistency, quality, persistence

Ease of updates for new products

Support

Enough people

Proper training

Consistent improvement process

Ease of updates

I’ve been consulting and advising for startups for over 15 years, and it’s always some combination of these things that either limits growth or outright destroys a company. And for larger companies, these factors limit the scale and quality of their output.

My argument is simple: Most of these elements, such as sales, operations, marketing, internal processes, etc., are operating with like 5-30% efficiency. It’s mostly waste. And the percentage of waste grows as the teams get bigger.

If you know, you know.

It’s virtually impossible to run a sales team. Most companies aren’t doing it well. Same with marketing. It’s voodoo magic, and inconsistent, more art than science, and very few companies thrive there. And internally, most companies are horribly run from a process and communication standpoint.

Too much bureaucracy. Too many inefficiencies. Too many people doing useless things, not enough people doing the right things. And the broken processes and structure create broken incentives. And then the whole broken system starts working toward the wrong things.

Well, these are the engines that power companies. All of our startups, medium-sized companies, and giant corporations.

If I had to guess, I’d say we’re getting 5-30% value from most companies of any significant size. Let’s call it 20%. That’s 80% waste across all those areas added up that produces friction.

And that’s just for the percentage of 100% that’s possible with that number of humans at the company.

Enter AI

Now let’s add AI. The right way to think about AI is to ask:

Here’s my answer:

AI will massively improve not just the efficiency in all those areas, but also the scalability.

Imagine you have a sales team that’s 7% efficient. If you don’t believe the numbers are that low, think about the amount of time they spend working (and being paid) vs. how many calls they have and how many deals they close.

7% might be generous.

Anyway, now imagine you have a 20-person sales team. Now think about what happens when that efficiency goes to 45%, or 70%.

But now you have 1,500 salespeople.

And we’re not doing that just for sales operations. We’re doing that for marketing as well. And hiring and firing. And all the other areas we mentioned that are holding back companies.

This is what makes Doctorow’s essay so shortsighted. We’ve just seen the ability to improve the efficiency and scale of the core muscles of capitalism itself. And all he sees are gimmicky companies on billboards.

The real impact of AI on the economy

I said back in February of 2023 that AI would pull us out of a recession. Who knows how much of an effect it was, but I think it was likely significant.

And a couple of months later I said AI would massively raise the US’s GDP within a few years.

I think I was too timid in those predictions. I think, given the analysis above, that we’re likely to see global productivity multiply extraordinarily in the next 10 years.

What I don’t know—and nobody can know—is how that will combine with the tens of millions of jobs that will also be lost at the same time. Like, who is buying all this new and better stuff if AI is also removing human jobs?

Anyway.

AI is not a thing. It’s a magnifier. And the things it magnifies are creativity and consistent, high-quality human work output. Our total output for planet Earth is currently N, let’s say.

When you very quickly add billions upon billions of AI of powered agents, and systems of agents, that are capable of producing creativity at some level, as well as producing extraordinarily consistent and high-quality output, you take that N value and multiply it by 10, by 100, by 1000.

Stop thinking about the silly applications of AI, The company that reads you walnut recipes in the voice of a walnut tree are not going to last. So what?

The impact of the printing press was not the manufacturing of religious books. The impact was introducing billions of people to entirely different worlds and different ways of thinking.

Similarly, the impact of augmenting humanity with artificial intelligence is not the micro-companies that do kitschy things with a side feature of AI.

The impact is dramatically multiplying the output of humanity.

So yes, Mr. Doctorow, there will indeed be something left after “the AI bubble” bursts.

Like • 0 comments • flag

Published on January 01, 2024 16:01

December 24, 2023

LFTM: 'Looking Forward to Monday' is the Metric for 2024

I have a dead-simple diagnostic tool for 2024.

Ask yourself how you feel about Mondays.

Too many of us dread them. The meetings. The meetings about meetings. The planning that rarely turns into reality. Team politics. Perpetual reviews. And generally feeling like you’re wasting your valuable time and attention.

If that’s you, you probably see the weekend as a temporary sanctuary from a week of necessary frustration.

We’re told this is normal. We’re told everyone feels this way, and that we should accept it. It’s not true.

If you dread Mondays it means you are not in alignment with the work you’re doing. Everyone needs to work, but work can either be rewarding or soul-crushing.

Dreading Monday means you’re doing the soul-crushing kind. 2024 is the year to change that. For one, you’ll be happier. Second—I think the more soul-crushing the work is the more vulnerable it is to being automated.

Free yourself. Find something that makes you excited for the week to come.

AI is going apeshit. Things are changing. It’s the perfect time to find a better path.

Like • 0 comments • flag

Published on December 24, 2023 11:52

December 22, 2023

Blogging and Podcasting Are Gatekeeping Concepts

Humans are meant to think and share their thoughts in writing, audio, and video.

The fact that this is called “podcasting”, or “blogging”, or “being a YouTuber” is simply a remnant of a primitive and unhealthy society that we need to evolve away from.

Everyone on Earth should be enabled to learn, and grow, and think—and to share their thoughts and opinions with others. They shouldn’t have to, of course, but it should be normal to do so. They should be raised to think that it’s part of their value as a human to think for themselves, and to have ideas and opinions that are valuable to others.

Right now that’s not the case. Think about what percentage of people in the world think they have ideas to offer. I’d guess over 99% of the world (who knows the real number) thinks having and sharing ideas is special, and not for someone like them.

We saw this before with the democratization of reading.

500 years ago, only certain people could read. And if you heard that somebody was trying to learn, it would be a great surprise. Everyone would say, “Hey look, Sally is trying to Church.”, or “Bobby wants to Clergy.” The act of reading was associated with special activity, like being a priest.

That’s what blogging is now. Or podcasting. Or being a writer, or a public intellectual. They’re special words for things that shouldn’t be special.

As it turns out, everybody should read. And that’s why it was an evolution to have the printing press and the widespread distribution of reading. Well, now it’s time for that to happen for thinking, writing, and sharing those thoughts with others.

Brimming with creativity and confidence

So try not to think of blogging, podcasting, or making videos as special activities for special people. Using those names is self-gatekeeping for behaviors that we should consider normal.

We as humans should all think. We should all feel. We should all imagine. And we should all be encouraged to share.

Not certain people. Not special people. Everyone.

Include details in your query to get more relevant answers

Like • 0 comments • flag

Published on December 22, 2023 19:36

December 19, 2023

UL NO. 412: OpenAI's Prompt Guide, My Neovim Overhaul, the UL Character Sheet, and…

👉 Continue reading online to avoid the email cutoff issue 👈

Happy Monday!

Ok, a bit of a shorter show this week with the holiday coming up. And there’s no show next week, as a reminder.

But I’ve been busier than ever somehow!

The response to the course announcement has been INSANE, and I’ve been adding new stuff to it every day. So excited to deliver this! Couple of quick FAQ items: 1. I’ll be announcing the date in the next week or so, 2) it’s a live course, and 3) it won’t be recorded.

I also finally finished my annual December Vim Refresh Ritual of many of hours of Neovim study. And I now have my full 2024 configuration. And I published it for the first time! You can check it out in my new dotfiles repo on Github. GET IT

Switched to Lazy for my plugin manager and base

Deleted all my custom configs and started over

Added each config and remap by hand so I know every single setting and what it does

I even created my own oh-my-zsh theme that I like better than my old go-to. It’s also in the repo.

I now have that Irish Spring feeling! Feels wonderful!

Basically my Vim setup now looks and feels sicker than ever, and because of Lazy it is far easier to manage plugins and updates. I simply add one definition file under /plugins and it does the install and config by itself. No more adding in one place and configuring in another and then kicking off an update manually. Plus I have full LSP functionality and a million other smoothed edges that come with Lazy.

Hat tip to Primegean and Josean for a lot of config inspo.

Folke is the creator of Lazy and also my favorite Vim theme—TokyoNight, and he’s a hero.

To use my configs (it’s pretty customized so be sure to read the options.lua and keymaps.lua files, simply back up your existing nvim directory and copy it into your .config directory. When you launch Vim, the distro will do the work. And the docs are pretty damn good as well.

My new NVIM setup with Tokyonight

Let’s get into this week’s show!

Purposelessness—Not Social Media—is Making Our Kids Depressed
My new piece on how I believe the lack of purpose is the root cause of a lot of young peoples’ suffering. MORE

🗡️The UL Character Sheet
My new essay and D&D model for showing how Talent and Luck matter far less than Discipline. MORE

MY WORK

❤️ Purposelessness—Not Social Media—is Making Our Kids Depressed
My new piece on how I believe the lack of purpose is the root cause of a lot of young peoples’ suffering. MORE

🗡️The UL Character Sheet
My new essay and D&D model for showing how Talent and Luck matter far less than Discipline. MORE

Reserve a limited slot

🚨I am running a space-limited 3-hour AI course called AUGMENTED in January. Here’s what it covers:

My Approach

What I want from AI (the problems I’m solving)

My framework / approach for solving them

A live demo of multiple workflows

Architecture Overview

The tech stack that I’ve built

My prompt/templates approach and lessons-learned

Guides

A step-by-step for building the server-side infra

A step-by-step for building the client-side infra

Hosting recommendations

Outputs

The full guide to building my stack for yourself

Multiple full-text copies of my actual modules

A set of ideas you can use for different professions and areas of focus, e.g., security, writing, copywriting.

Basically, by the end of the 3 hours, you’ll be able to build a copy of my AI ecosystem for yourself.

The course will be limited in attendance, and early access prices start at $495. The date will be announced soon for the middle of January 2024.

Super excited to share my full philosophy, ecosystem, and workflows, and now I have the avenue to do that!

UL Subscribers can get early subscriber access for $445. GET YOUR SPOT

UL Members get a full $200 off the course, bringing it to $295! BECOME A MEMBER

SECURITY

Ubiquiti customers are reporting access to other people's UniFi devices and getting their notifications. One user received a security camera notification that wasn't theirs, while another found themselves with control over 88 devices from someone else's account. MORE

Channel 1 is a new TV channel launching in LA in 2024, and it’s going to use AI-generated news anchors for the first time on American TV. My first question is why TV? I guess they still need to grab that long tail while they switch to streaming. Really curious how people respond to it. The question is whether the need for constant news will outweigh any bad vibes from the uncanny valley. MORE

Discord just rolled out WebAuthn for MFA. Go do the thing. MORE

Sponsor

The 2023 Kubernetes Security Report

The shocking reality of critical vulnerabilities in publicly-exposed containers.

Kubernetes (K8s) has transformed the way applications are deployed and managed in the cloud-native landscape. Based on our scans of over 200,000 cloud accounts, the Wiz Security Research team exposes how many clusters are at risk, and what it means for your cloud defense. You’ll discover:

In-depth breakdown of Kubernetes attack chains

Statistics on security controls and mitigations

The best ways to defend against cloud attacks

Think of it as your playbook against cloud threats. All this and more can be found here:

👉wiz.io/lp/the-2023-kubernetes-security-report👈

Grab Your Free Copy Now

Utah's Supreme Court just ruled that suspects don't have to give up their phone passcodes to the police. The case involved a kidnapping, and I see this one going to the Supreme Court. MORE

A new report discusses a Pro-China YouTube network used A.I. to spread disinformation about the U.S.. The network's content, spanning 30 channels, had almost 120 million views and over 730,000 subscribers since last year. These channels have been disseminating rumors and misinformation on topics ranging from politics to social media narratives. MORE (This was a fully AI-written summary. How was it?)

💡One thing you might be wondering is how much AI I use to generate the newsletter. The answer is a lot, but mostly for the collection, filtering, and organizing steps. I and/or OpenAI would still need to do a lot more work to be able to pass AI output directly in for main stories. For one, I use the newsletter as my news consumption activity, so I actually need to read the stories, and there’s still a massive difference between me writing something and the AI writing it.

I intend to keep the human aspect in play for the foreseeable future because it’s still better than AI. And the value to you is largely the analysis, not the story summary. If/when the balance changes in the future I’ll let you know, and at that point I’ll transition to summaries being fully AI-generated and then custom-written analysis, commentary, and long-form content. Still a bit early for that, though.

Maersk and Hapag-Lloyd are halting Red Sea transits due to increased missile and drone attacks, impacting global shipping routes. MORE

Incidents

⚠️ INL Data Compromise — Over 45,000 people's personal info was stolen from the Idaho National Laboratory. | SEVERITY: HIGH | RESPONSE: INL and federal agencies are investigating. MORE

⚠️ MongoDB announced an incident exposing some customer details but not the data stored in MongoDB Atlas. The breach was detected on December 13th, and while the full extent is still under investigation, customer account metadata and contact information were compromised. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

🤖 OpenAI released its own prompting guide. It’s quite good and includes examples. Here are the main tactics:

Ask the model to adopt a persona

Use delimiters to clearly indicate distinct parts of the input

Specify the steps required to complete a task

Provide examples

Specify the desired length of the output | MORE

🔥Eleizer Yudkowsky (yeah, that one), tells AI to create a “normal” image. And then whatever it gives back he tells it to make it “more normal”. It keeps going and the stuff it ends up with is completely insane. Read the whole thread. MORE

Facebook’s being swarmed by fake social media photos that people think are real. We all knew this was coming, but it’s still weird to see it actually happen. An artist posted a real version of a thing and now he’s being copied by people using AI. MORE

Apple's already working on a 2nm chip process for 2025, with TSMC's mass production plans hinting at a possible 1nm before too long. This is why you should get your Apple hardware to Apple Silicon and start skipping a generation or two. MORE

OpenAI is putting more emphasis on its Superalignment research team run by Ilya Sutskever. The team's recent experiments show progress in guiding smarter AI models without diminishing their capabilities, using a method where an inferior AI influences a superior one. MORE

OpenAI just cut off ByteDance for training a rival AI using GPT-4. ByteDance reportedly violated Microsoft and OpenAI's developer licenses by using GPT output to enhance its own AI model. Do they not know OpenAI looks for this in API call patterns? MORE

GM just dumped Apple CarPlay and Android Auto, claiming they're not safe because they might make drivers use their phones more. People are still going to use car computers; now they’ll just use a worse one. Ford came out and basically called BS, and said they’d still be supporting them. MORE

HUMANS

ProPublica did an investigation on NYPD use of bodycams, and it showed that despite millions spent on the cameras, police departments often delay, redact, or refuse to release footage, undermining their entire point. This reminds me of tax law. When powerful people and mechanisms don’t want a thing to happen, they find ways to make sure it doesn’t. MORE

The Pope has approved priests to bless same-sex marriages. This guy has changed so much about the Catholic church that I wonder if some of it won’t be reversed by successors. I suppose not since future generations will (likely) be more progressive. MORE

Solar and wind energy are set to surpass coal in the US power mix for the first time in 2024. MORE

Netflix's recent viewership data reveals a strong contrast between the shows people discuss online and the ones they actually watch, with series like "Ginny & Georgia" dominating real viewership. The report shows "Ginny & Georgia" was in the top ten most viewed between January and June 2023, despite less online buzz compared to genre hits like "The Witcher." I love this disconnect between real and stated preferences. Reminds me of the book Everybody Lies, about Google search query analysis. MORE | EVERYBODY LIES BOOK

US Steel used to be a total behemoth, and now it’s selling to Nippon Steel. MORE

TikTok's car confessionals are becoming the new short-form video blogging. TikTok creators like Cheryl Porter and Keith Lee are amassing millions of followers through their car-based content. The trick here is authenticity. The car setting I think makes both the creator and the viewer feel more unguarded and real. MORE

Costco is selling gold bars online. As soon as they go up they sell out. I think I might get a few. MORE

IDEAS & ANALYSIS

RPG Literature and The Connection to Grinding
So I’ve been reading a genre called RPGLit (RPG Literature) for a few years, and I just realized a connection with the Discipline post I just wrote. So I’m starting the second book in The Primal Hunter series and I’m enjoying it more than I should be. Actually I’m often confused about whether I’m enjoying this genre or not. But I definitely am sometimes. Like I can’t tell if I’m wasting time or having fun or relieving stress or whatever. Or even why I enjoy it at all. Well this week I finally isolated what it was. It’s an entire genre about self-improvement. With clear stats. Clear skills. Clear ascension. Clear progress. So it’s basically a proxy for life grinding! It’s like erotica for D&D-minded self-improvement nerds. Anyway, if any part of that appeals to you, you should sample the genre. I’m not sure what the best stuff is, but fellow ULer Joseph Thacker (rez0) and I are all about the CRADLE series. THE FIRST PRIMAL HUNTER BOOK | THE FIRST CRADLE BOOK 1

NOTES

I can’t tell you how much joy it gives me to tweak my terminal / Nvim setup every year or so. Especially this year because it was such a drastic rewrite and fresh start. I feel like Vim is one of my replacements for religion.

I am extremely excited for 2024. Tremendous momentum and energy heading into Christmas, and honestly am looking forward to January.

🥳 As I read what I just wrote, I realized that it’s now been 1 year since going independent. Wow. I hadn’t really thought about it, but I think we can call it an unambiguous success. I’ve never felt more free or more creative in my life. This is why I keep pushing all my friends to think about a similar jump!

🙏 I want to say thank you for reading this newsletter and engaging with all my content. I’d still be doing it if nobody was listening, but the fact that you are makes it possible to do for a living. And I appreciate you.

👉 Continue reading online to avoid the email cutoff issue 👈

DISCOVERY

🤖 Microagents — Python-based agents that evolve to answer queries and improve over time. And they write their own code to do it. | by aymenfurter | MORE

🗣️Kelly Shortridge argues here that cybersecurity isn’t special, and that we tend to exaggerate our challenges compared to other departments. She also gives practical advice. Worth a read for sure, and it didn’t go unnoticed that she put it on her own site, and not on a company site! More of that please! MORE | EXTWIS SCREENSHOT

🤖 The Lever Prompting Technique — Give it levels and tell it to move up or down on a 10-point scale. | by Moritz Kremb | MORE

📺 My buddy Gunnar Andrews posted a new video on building bug bounty automation. MORE

🔍 Nmap Peek — Easily view Nmap scan results directly in VSCode for better analysis and workflow. | by marduc812 |

🎶 StemGen — A new end-to-end music creation model, with demos. MORE | TELOS AI SCREENSHOT

🧱 BELAY — BELAY offers a modern twist on the traditional executive assistant role by providing U.S.-based virtual assistants and accounting professionals to help leaders manage their tasks. MORE

🔍 Incogni — Actively seeks out and removes your sensitive information from the web. MORE

🔧 SQL Polyglot — A tool to help you write SQL queries that work across different databases. | by antonz | MORE

🔨 Be Family — A modern, AI-powered family organization tool designed to simplify family management. It's an interesting approach to keeping family life calm and collaborative, and they're offering it free for life to early sign-ups. MORE

📚 The Munger Operating System — It's about aligning your actions with the value you want to create. It's a reminder that trust and success aren't just handed to you; they're the result of consistent, hard work. MORE

🤔 Improvements Since the '90s MORE

📚The Verge’s favorite books from 2023 MORE

Engaging OKR Check-ins with Hill Charts MORE

Taylor Swift's Eras Tour concert film is now on AppleTV. It’s worth watching even if you don’t like her music. It shows a complete mastery of the craft, on all dimensions. MORE

Stock funds managed by less attractive individuals beat those managed by their better-looking counterparts by a solid 2%. MORE

On being wrong about AI MORE

Ask HN: Terrified I Won’t Find Another Job MORE

RECOMMENDATION OF THE WEEK

No matter how much family and/or in-laws can annoy you with politics or whatever, put your mind years or decades in the future when they’re not there.

Find something to appreciate—something to agree on—and try to be present.

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶

Yours,

Like • 0 comments • flag

Published on December 19, 2023 07:30

December 18, 2023

The UL Character Sheet

Click for full size version

I’ve been wanting to capture this for a while now. I’ve made multiple versions of this over the years, but I’m pretty happy with how this one turned out.

The goal of the system is to show the interplay between Talent, Discipline, and Luck, but specifically to show how Discipline matters more than anything.

The premise

The goal here is to model reality, and the main claims of the systems are the following:

Talent matters a lot.

But not nearly as much as Discipline.

Luck is a critical wildcard that can bury or launch you, but it can be significantly altered by either high or low Discipline.

Notably, Talent and Discipline are set to a given target’s attribute. Meaning, we’re estimating how talented or disciplined they are in real life.

Luck, however, is random. You roll 1d10 for that. But interestingly, if your Discipline is high enough, you can raise your luck from low to average, or even boost it over the natural maximum of 10.

And Luck also goes in the opposite direction: you can start with average Luck but if your Discipline is low, your Luck ends up lower.

When you combine all of these components, you get a really powerful dynamic where Discipline ends up the absolute most important thing.

Again, that’s my belief of how reality works, and so that’s the model I’ve constructed.

The system

So the arithmetic here isn’t that special or important. What’s important is the range between low values and high values—especially in Discipline and Luck.

One thing to note is that the baseline is around 600, which is where everything is set to average, with lots of motion when values are higher or lower.

Calibration

Don’t over-think this, but here are some guidelines for estimating Talent and Discipline.

Talent

Talent means universal talent, meaning your natural ability to be good at things.

5 is Average

6 is Talented

7 is Notable

8 is Gifted

9 is Extraordinary

10 is Pinnacle

Don’t worry too much about the specifics. Let’s say 10 is like top .01% of the world, 9 is top 1%. 7 and 8 are where you’re well-known either internally or publicly for a thing, and 6 is where you’re not any of those but you’re a step ahead of the pack.

Discipline

Discipline means your ability to build and follow a plan for success. Here are some guidelines for estimating Discipline.

5 is Average

6 is Committed

7 is Dedicated

8 is Resolute

9 is Unyielding

10 is Heroic

Here we’ll do something different for the levels. 10 is where you have a rigorous routine for diet and exercise, and you basically never miss it. Like once or twice a year due to emergencies. 9 is no more than once a month. 8 is where you have a less formal routine but do it over 90% of the time. 7 is where you have a decent routine and you follow it more than 75% but less than 90%. 6 is where you have some kind of routine and you follow it 50%-75% of the time.

Average is where you aren’t doing horribly bad things, and you’re able to maintain some kind of discipline to stay on schedule and meet commitments, but nothing special. 4 and below are for increasingly bad habits, lack of routine, and/or inability to make or follow goals or commitments.

The scenarios

So, given all that—and assuming you at least somewhat agree with the model’s connection to reality—what’s fun is to then run yourself and others you know through the system.

This is the best way to tell whether you think the model tracks to reality or not. So let’s look at a few of the scenarios.

1️⃣If you look at the first scenario, the final score of 8 is abysmal. And this comes from not just the low initial values, but because the low Discipline score lowered the low Luck to the minimum of 1.

This is probably too extreme of a low score, but it directionally and overall tracks for me.

4️⃣Scenario 4 is fascinating because it’s someone with relatively low Talent, but high Discipline. And they even rolled a 1 on Luck! But because of their high Discipline they ended up higher Luck! And this resulted in a higher outome score than average!

In other words, you can still crush life by being exceptionally disciplined—even if you’re not as talented or lucky.

This is precisely the dynamic I was hoping to capture with the model, and why I think it tracks.

Usefulness

I love turning my knowledge into models that I can gain insights from. And to me, models are only useful if they’re…um…useful.

For me, the purpose of a model like this is to inspire myself—and those I care about—to try to be more disciplined.

Basically, I’m trying to use a contrived—yet hopefully somewhat accurate—model to try to tangibly illustrate that high discipline can dramatically improve your life.

And similarly, you can have everything going for you but throw it all away by not being disciplined.

How I use this myself

The way I use this is dead simple.

My natural Discipline score ranges between 4 and 6. But I’ve figured out the hack that we’re able to copy the habits of disciplined people!

That means I grind.

Constant studying

Constant learning

Constant hacking/building/creating

Constant sharing of what I learn

And most important, I created a life and health routine, which I parsed from hundreds of hours of study and research, that I follow as much as possible. This routine allows me to do all the things above more often, more consistently, and at higher quality.

Basically, the routine raises my Discipline score—and not by a little bit.

On a good, on-routine day it probably takes my Discipline from a 4 to an 8. So if my Talent is a 7, and my Luck is a 5, here is the variance:

Off-routine: 560

On-routine: 2240

That’s over 4X!

Again the numbers aren’t magical, so it’s not like you can take 2240 somewhere and get something for it. But remember that average in this system is around 600-700. So 2240 is much higher.

And remember, I’m not saying this system makes it real. What I’m saying is, “This is real.”, and the system is just properly capturing it.

To me this is precisely how reality works: The people who grind their assess off get outsized outcomes. And this is true regardless of talent and luck.

Recommendations

Play with the system. Plug your numbers in. Get your numbers from others if you don’t think you’re objective enough.

Plug the numbers in for people you care about, and see if it matches your interpretation of reality.

Consider showing the system to people who could use it. But make sure they’re receptive to it and you’re not being an ass.

And finally, if you use the system, and it tracks to reality for you, and it tells you that more Discipline could help you—do what you can to aggressively raise your Discipline.

It’s the most important stat on the character sheet.

NOTES

Thanks to Jason Haddix for talking with me about this for over a decade and helping me formulate these thoughts.

Like • 0 comments • flag

Published on December 18, 2023 11:48

December 15, 2023

Purposelessness—Not Social Media—is Causing Our Kids' Depression

Social media started around 2012, which is precisely when we saw our kids’ mental health drop into an abyss. But nobody has been able to clearly articulate exactly how social media is causing it. Nor why it crushes some kids while barely affecting others.

Jonathan Haidt shows it’s not the relationship with parents

I believe I have the answer. Or at least the primary answer.

It’s not Social Media causing the depression. Social Media is causing Purposelessness, and the Lack of Purpose is causing the depression .

Comparison as the thief of joy

The common narrative we hear about social media’s negative influence is that of comparison. Young kids, especially girls, are shown images of the gorgeous, famous, and happy, and they compare that to their own lives and are devastated. Repeatedly. All day, every day.

That’s bad, for sure, but I don’t think it’s quite it. That’s more like the kindling or the match, but not the fire.

The problem is that social media is sending multiple conflicting messages for what that young person should be.

You should be beautiful

You should be tall

You should be a YouTuber

You should be a model

You should be an influencer

You should be a singer

You should be attractive and popular

Kids and teens are supposed to be forming their direction in life as they grow up. Figuring out where they’re going and what they want to be. But that little voice inside them is quiet, and it gets drowned out by the persistent and convincing messages from social media.

Another thing that’s making it worse is that parents are simultaneously sending less of their own signal of what the kid should be.

Parents used to largely tell kids who they were, and what they should be. Maybe they’d give some options, but it was clear that they should at least be:

Someone who believes in God

Someone who loves their country

Someone with a trade or education

Someone with a job in their trade or field

Someone with their own family and career

In other words, most people knew from the time of childhood on, who they were and what their purpose was. It was to be a patriotic and god-fearing electrician, or housewife, or teacher. Or whatever.

Super simple. Super clear. At the same time, the false purpose signals were few and relatively quiet. They didn’t have social media—or media in general—showing them thousands of alternatives a day.

Today we have the opposite. Today, parents provide much less purpose, while social media pulls the kids in a million different directions. And the result is that they’re they’re lost. They don’t know who they are, who they should be, or why they’re even here.

Parents and schools—trying to be encouraging—are more likely to say things like, “You can be whatever you want.” It’s a positive sentiment, but by itself doesn’t give them the direction they need. And it might even make it worse because it implies they should be able to figure it out for themselves.

The explanatory power of the Purpose Problem

This Purpose Problem model explains so much.

It explains why some people are seemingly immune to social media’s negativity

It explains why religion offers so much help to so many

It explains why kids were much happier in the past

It explains why many people struggle with addiction and can’t have a single taste of a drug without spiraling out of control, while some could do three weeks of the hardest drugs possible and go back to regular life and never think about the drugs

And it explains why many kids in immigrant families have some immunity

In all five of those cases, the difference is purpose.

Kids are resistant to social media when they have a stronger purpose from something else

Religion often gives people a strong identity and direction

In the past they got this purpose from parents and religion

Addiction can be seen as a lack of connection and purpose that makes drugs and escape attractive

And immigrant families often do two things simultaneously: giving lots of direction and purpose themselves, while also limiting their kids’ exposure to outside influence

That’s what matters. Having a purpose that is stronger than all the false signals constantly bombarding us day to day. Signals telling us what we should be. Things like:

You have to be rich

You have to be pretty

You have to be famous

That other person is doing better than you

You’re not as popular as that other person

That person has everything in life, and I have nothing

They’re so happy, and I’m so not

These are all signals pulling kids in multiple directions. They obscure and reduce their internal voice, or stop them from developing one at all.

And the result is devastating. It makes kids feel like everyone around them has it figured out—except for them. And that disconnect—that feeling of isolation—is what makes life unbearable.

Ok, but what do we do?

The solution is simple but not easy.

We have to make sure our kids have a purpose that’s stronger than the external signals they’re receiving.

We can do that in two ways:

Magnify their primary purpose signal

Reduce their exposure to false purpose signals

I’m sure there’s some minimum that the primary signal needs to reach, but don’t worry about that so much. Worry about the ratio. Make sure their primary signal is way stronger and more consistently reinforced than the noise.

Practically speaking, this means helping them find and lock onto a direction. They’re kids, so you can’t just ask them deep philosophical questions about self. When I was a kid I was mostly about boogers and BMX. They’re young.

So it’s about creating a distant goal of self. A thing they are becoming. You want them thinking something like:

I’m going to be a mother and a doctor and help people by writing books and doing YouTube

I’m going to be a father and a restorer of trees on the planet

I’m going to be a physicist like my mother and my uncle

I’m going to be…something

Something. Something distant. Something grand. Something they can claim as an identity to immunize them against the garbage assaulting their minds every day.

I obviously don’t know what that something is, as it’s different for every kid and every situation. And it might take a while for you to figure out with them. Plus, it might not even matter much because it’s likely to change.

What matters is that it feels legitimate, strong, and tangible enough to lock onto and define them during these chaotic years.

Summary

It’s not social media causing depression in our kids.

It’s the lack of Purpose.

Social media looks guilty because it’s the main thing sending false purposes, false identities, and pulling kids in multiple directions.

This means they can’t nurture their inner voice that’s still quiet, so they end up with no direction and no purpose—which means no identity.

They then (falsely) see that everyone has life figured out—except for them—and they start questioning why they’re even here.

To solve this, we must 1) help them find and magnify their own signal, and 2) reduce negative external signals, such as social media and other forms of comparison.

In short, kids are so depressed because they don’t know who they are or what they’re supposed to be doing.

And our primary purpose, as adults, needs to be helping them figure that out.

NOTES

BONUS: This is also—in my opinion—the main reason for adult depression as well. Turns out, adults are grown-up kids. Also, it’s much harder to guide someone about purpose when you don’t have one yourself. So the lack of purpose we’re currently seeing is moving forward in time and subsequent generations :(.

To be fair to parents, it’s also harder to give a defined purpose today because it’s far less clear than 20 years ago that our country, God, an education, or a career will yield any sustainable meaning or happiness. It’s less clear that God exists. It’s less clear that the US or the West is a force for good. It’s less clear that an education is a guarantee of happiness. It’s less clear that a good job or career is a guarantee of happiness. See: layoffs. See: AI. So it’s far harder than 20 years ago to tell a kid to pursue those things and you’ll be happy. So what do you tell them? Not easy.

This is why so many kids of recent Asian and African immigrants, especially of the Helicopter variety, are less prone to social media depression. They’re too busy. They’ve been told what their purpose is, and they’re fully engaged in pursuing that. They’re in study groups with other people who have the same mentality. They’re in sports groups. They spend their whole day thinking about what they are becoming, and working towards, and with other kids doing the same. This doesn’t make them immune to depression, but it provides a lot of defense. And it doesn’t have to be perfect to do the job. The purpose doesn’t have to be exact (and it can’t be anyway since they’re just kids). What matters is that it’s a much stronger signal than the noise.

There is a lot of great work being done on the social media aspect of this by Jonathan Haidt, and specifically on the topic of getting phones out of schools, which I recommend you check out. MORE