Daniel Miessler's Blog, page 18

Premium Content

This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.

UpgradeLink ConjuctionSign In

A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!
Powered by beehiiv

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.

Hello,

I had a different intro planned but what’s happening in Israel is all I can think about right now. The news and the footage coming out is unimaginable, and my thoughts are with everyone who’s currently suffering.

❣️ 

MY WORK

ExtWis 2.0b: Marc Andreessen vs. David Perell
I’m working on v2.0 of extwis, the Wisdom Extractor for text, and this is a member post of one such extraction for an extraordinary conversation between Marc Andreessen and David Perell about writing, creativity, and AI. Seriously great conversation here. MORE | GET ACCESS

⏰ If you’re on TikTok, add me and click buttons and stuff.

🎙️ Subscribe to the Podcast
I’ve moved podcast ads to the front of the podcast so that you’ll no longer be interrupted once the content starts! ADD UL TO YOUR CLIENT

📡 Connect via RSS
RSS is lyfe. ADD UL TO YOUR RSS READER

📢 Winter 2023/Spring 2024 Sponsorship Window
We are now opening the window for new sponsors for Winter 2023/Spring 2024. If you would like to get your company seen by over 99,000 of the smartest and most influential people in security and tech, you should reach out to get on the calendar before the calendar is filled.

“We’ve had multiple new customers say they heard about us from Unsupervised Learning, so we’ll absolutely be renewing.”
~ One Recent Sponsor

 CONTACT THE TEAM TO RESERVE YOUR SLOTS

SECURITY NEWS

Israeli Attack
Israel is currently dealing with the largest attack on its territory in 50 years, following a surprise early-morning assault by Palestinian militants from Gaza. The attack has resulted in hundreds of deaths so far, with militants infiltrating at least 22 Israeli towns and army bases nearly simultaneously, kidnapping Israeli civilians and soldiers, and firing thousands of rockets toward cities as far away as Jerusalem.

- The scale of the latest Palestinian attack shocked Israelis, many of whom were observing the Jewish Sabbath. Diplomats and analysts were also caught off guard.

- The ease with which Palestinian fighters entered Israel prompted recriminations and anger among Israelis, with questions about the quality of Israeli intelligence gathering.

- The Israeli government said Saturday evening that it was cutting off its electricity supply for Gaza, which gets two-thirds of its power from Israel.

- The assault coincided with Israel’s escalating efforts to seal a landmark peace deal with Saudi Arabia, and many are saying this is a way of disrupting that relationship.

- The Biden administration warned Israel’s enemies not to try to take advantage of the current state of chaos. NYTIMES

- The US has also sent an aircraft carrier and significant amounts of munitions and other military support to aid Israel.

- Israel has now ordered a ‘complete seige’ of Gaza as a result.

Heartbreaking reporting from the ground in Israel:

A family deals with the loss of a child and sister while still being held hostage. MORE

Hamas paraglides into a peace rave while people dance. Hostages are then taken in later videos. MORE

People being kidnapped from the rave. MORE

More visuals from the New York Times MORE

It's unbelievable, and I’m very worried about what will develop in the next few days as this unfolds. Especially as Israel responds and if/when Hezbollah/Iran gets more involved.

🇮🇱 🇮🇱 🇮🇱 

—

Genetic Data Breach
23andMe has confirmed a data breach where user data is being sold on hacker forums due to a credential-stuffing attack. The breach seems to have a racial aspect as they first leaked data on Ashkenazi Jews, and then on Chinese people.

The leaked data includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location.

I signed up for one of these services many years ago knowing for absolute certain that this day would come. For me the risk calculation is very simple: the value of the data to me is much higher than the danger I feel from someone having the data. BLEEPINGCOMPUTER | THERECORD | WIRED

Sponsor

Comprehensive Cloud Security Coverage from Code to Cloud

Panoptica is the cloud-native application protection platform (CNAPP) solution from development to runtime to seamlessly deliver end-to-end security for multi-cloud application environments to minimize risks with comprehensive visibility and prioritization.

Unlike many siloed security solutions, Panoptica's CNAPP solution provides a single context platform that consolidates risks from different risk engines. Only Panoptica equips developer and security teams with the ability to make informed decisions to achieve 100% visibility and remediation guidance with a new level of precision. Now teams can confidently scale across multicloud environments and reduce risks across their entire cloud application stack.

👉www.panoptica.app/demo👈

Book a Demo

MGM’s Fallout 
MGM Resorts got hit by a ransomware attack last month, costing them a crushing $100 million and leading to customer data theft. The threat actor responsible was an affiliate of the BlackCat/ALPHV ransomware gang known as Scattered Spider, who breached MGM's network using social engineering, stole sensitive data, and encrypted over a hundred ESXi hypervisors. MORE | MORE

Phantom Hacker Scams 
The FBI is warning about a rise in 'phantom hacker' scams targeting seniors. This is where the attacker calls claiming to be tech support, saying they’ve been hacked, and then proceeds to hack and/or scam them. MORE

Vulnerabilities:

WSFTP Mass Exploitation Alert 
Security researchers are warning about widespread exploitation of multiple vulnerabilities in WS_FTP Server, including one with a maximum CVSS severity score of 10. MORE

Exim Patches Zero-Days 
Exim has patched three of the six zero-days disclosed last week, one of which allowed unauthenticated attackers to gain remote code execution. MORE

Qualcomm's Quick Patch 
Qualcomm has patched over two dozen vulnerabilities, including three zero-days reported by Google's cybersecurity units. MORE

CLEAR Security Breaches 
CLEAR, the service that lets you pay to skip airport security lines, is under lawmaker scrutiny after employees escorted passengers through TSA checkpoints without ID checks or CLEAR enrollment. Anecdotally, I’m seeing a lot more people skip the CLEAR line these days and just go through TSA/PreChek. Not sure how much longer they’ll survive if they don’t clean this up. MORE 

AI Impersonates Celebrities 
We’ve been talking about convincing and impactful deepfakes for a couple of years now, and they’re finally here. Tom Hanks and Gayle King have warned their fans about AI-generated scams featuring fake versions of themselves. MORE

Sony Hit Again
Sony has been hit twice in four months, with the latest breach affecting around 6,800 individuals. The breach was due to an unauthorized party exploiting a zero-day vulnerability in the MOVEit Transfer platform, leading to the compromise of sensitive information of 6,791 people in the U.S. MORE

Backdoored Androids in Schools 
Tens of thousands of Android devices with backdoored firmware have been shipped to end-users, including US schools. Cybersecurity vendor Human Security discovered this as part of a global cybercriminal operation called BadBox, infecting the firmware of over 70,000 Android devices with the Triada malware. MORE

TECHNOLOGY NEWS

Rewind = Permanent AI Capture
Rewind, an AI life recording app for Mac and iPhone, is launching a wearable called the Rewind Pendant that continuously captures and transcribes your real-world conversations. The Pendant encrypts and stores all data locally on your phone, making it a personalized AI powered by everything you've seen, said, or heard. I’m simultaneously intrigued, ordering one, and preemptively horrified by the privacy issues this type of tech is about to unleash. MORE | A VERY SIMILAR DEVICE CALLED THE TAB | A DEMO OF THE TAB

AI Explainability Breakthrough
OpenAI just made an extraordinary jump in their ability to explain the function of individual neurons in language models like GPT-4. They found that iterating on explanations, using larger models, and changing the architecture of the explained model can all increase explanation scores.

They’re also open-sourcing their datasets and tools for GPT-4-written explanations of all 307,200 neurons in GPT-2, hoping the research community will develop new techniques for generating higher-scoring explanations.

This is huge for the use of AI in day-to-day critical systems, as humans will be more likely to trust an AI if they can see how it arrived at its decisions. MORE | SIMILAR ANTHROPIC RESEARCH

CAPTCHA Replacement 
Cloudflare has now widely deployed its CAPTCHA alternative, Turnstile, aiming to address the fact that everyone hates CAPTCHAS and they’re getting much easier for AI to crack. Turnstile relies on passive, background data analysis rather than visual puzzles. Between this and Passkeys I’m pretty happy with user-focused security advancements this year. MORE

Copilot's Impact 
Microsoft's CEO, Satya Nadella, believes that their new AI, Copilot, will revolutionize personal computing, comparing its significance to the rise of the PC, the Web, mobile, and cloud computing. MORE

Confabulation vs. Hallucination
Similar to humans, Large Language Models (LLMs) don't 'hallucinate' information, they 'confabulate', which is inventing plausible-sounding justifications with no basis in fact when forced to answer a query they don't know. Some researchers think recognizing LLMs as confabulating rather than hallucinating will improve understanding and performance. MORE 

Podcasts Suffering
The podcast industry is still reeling from layoffs and cancellations, with the ad market's uncertainty hitting hard. MORE

HUMAN NEWS

Jobs Boost 
The US economy added a surprising 336,000 jobs in September, and the unemployment rate has remained below 4% for 20 consecutive months. Wall Street had predicted a mere 173,000 jobs to be added, expecting the unemployment rate to drop to 3.7%. I’m starting to think the recession did happen, but that it’s a permanent one for those on bottom while those on top keep on thriving. More extreme on both ends. MORE

Cashless Ban Activated 
D.C. just put a stop to cashless businesses, making it mandatory for all businesses to accept cash. The goal is economic inclusivity, as not everyone has access to digital payment options, but it also makes those businesses more attractive to thieves. MORE 

China's Brain Drain 
China's top tech talents are leaving the country, but they're not going to the US as you might expect. They’re largely going to countries like Canada, Australia, and Japan instead. MORE 

COVID, Politics, and Vaccines 
Nate Silver provides regression analysis support for his previous blog post showing that states with higher Biden victory margins and vaccination rates have lower COVID-19 death rates since vaccines became widely available. Basically, more Republicans died of COVID than Democrats because they didn’t vaccinate. MORE 

TikTok Therapy Trend 
The Shadow Work Journal, a self-published workbook by 24-year-old Keila Shaheen, is the latest wellness trend on TikTok. Shadow Work involves behaving as your true self, including your rough edges. MORE

Tipping the Scales 
Chicago has become the largest US city to independently mandate a full minimum wage for tipped employees. After being in Europe for a bit I really hope we can just charge more for things and get rid of tipping. When you get a cab or a meal at a restaurant, you just tap and go. Tipping is toxic AF for everyone involved, and as far as I can tell the only reason it still exists is so that corporations can pay wait staff less money en masse. MORE

IDEAS & ANALYSIS

Conflict
I served in the US Army in Sinai, Egypt as an MFO peace observer, and have had the chance to visit Israel multiple times over the years. I have many Israeli and Palestinian friends. Given that, I hold two things in my mind simultaneously: 1) I know that extraordinary pressure on a people will cause them to do extraordinary things, and 2) I don’t see that justifying these attacks in any way.

This isn’t a contradiction to me because I see two distinct parties in Palestine: 1) innocent and peaceful Palestinians with legitimate grievances about their treatment, and 2) militants who don’t actually want peace at all. I think a big part of our problem is conflating these two groups.

The people who carried out these attacks are anti-Jew and anti-Israel, full-stop. They’re not pro anything, except maybe being a hero in their own stories. Anyone planning these actions had to know the result would be more suffering for the Palestinian people, not less. So it wasn’t for Palestine. It was for themselves. And who they targeted, and what they did to the victims, is clear evidence of that.

I also feel strange switching to discussing security and AI when this is happening. But I have to remind myself that suffering like this is going on all the time—and often to many more people—yet I don’t care because I don’t hear about it. Awareness and attention are our apertures for caring, evidently, and we have too little control over both.

Opposites
I just did a trip to Europe to do my Killer Context AI talk about software, security, and how they’ll be affected by AI. It was in Budapest, and it was my first time visiting. The highlight of the trip was visiting the most popular Ruin Bar in the city, Szimpla KERTMOZI. A Ruin Bar is basically a collection of bars inside the destruction from bombing in WW2.

So imagine a giant brick building, or a city block, and part of the buildings are destroyed from bombs. So there are missing walls, roofs, etc. Then imagine people go into there and create the most vibrant and extraordinary place to gather you can think of. Iron bars and mesh scafolding creating new walls, floors, and ceilings. Plants everywhere. CD vending machines. Mysterious pixel art. It was like a greenhouse beer garden with an industrial and artistic soul. We just kept saying wow.

Anyway, what it got me thinking of—with the context of the Israeli attacks having already happened, and the bar being in the Jewish quarter of Budapest—was the juxtaposition of bombs and gardens. Here you have one of the most hateful and destructive things ever in a massive bomb dropped on a city during a war, and then from that we build a breathtakingly beautiful place to gather and enjoy humanity. It reminded me of the imagery of concrete being laid to block out life, but a crack forms and a green sprout and flower pops through.

Humans are capable of such extremes. I feel like we could be entering a really dark period right now with what’s happening in Israel, but I am trying real hard to imagine what flowers might break through afterwards.

NOTES

My buddy Luke wrote a wonderful essay looking at the cybersecurity industry's failures after meeting a man who lost his life savings to online scammers. He argues for a shift in focus from technology to people, suggesting that cybersecurity should be a public service and that personal identifiable information (PII) should be assumed to be publicly accessible. MORE

DISCOVERY

⚒️ CloudGrep — A handy tool that functions like grep, but for cloud storage. It's a game-changer for searching through your cloud data. | by /u/0x636f6f6c | GITHUB

⚒️ Python Magic — Running LLMs has been simplified to a single line of Python code, no Docker needed. MORE 

The iPhone 15 camera evidently beats the latest Android option MORE

The Sabbath as a Remedy for Modern Stress MORE

The Monstera Albo is a multi-thousand-dollar house plant. MORE

Daniel Haussman’s insane photos of the Icelandic Highlands. MORE

Moxie Marlinspike suggests doing the minimum work to prevent starvation and then pursuing something not about money, outside of supporting structures, and not simply a matter of "consuming experience". MORE

See if your domain has been typosquatted MORE

RECOMMENDATION OF THE WEEK

Check in on your Israeli friends. It’s a small country and everyone serves in the military, so this is very personal to all Israelis even if they moved away a long time ago.

APHORISM OF THE WEEK

Powered by beehiiv

Premium Content

This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.

UpgradeLink ConjuctionSign In

A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!
Powered by beehiiv

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.

Hey there!

Welcome to the week.

These days I get most AI-excited about Agents and Multi-modal , which is where AI can do its karate on more than just text.

The latest example of this is OpenAI adding vision support, meaning you can upload photos and ask AI questions about them or ask it to do something from them. I’ve seen a bunch of these threads, but this one is 🔥.

Code a SaaS dashboard based on a mockup

Write a product spec from a diagram

AI teaches a 9th grader how human cells work from a picture

Stacked parking signs translated into when you can park

Deep analysis of a complex comic strip

Analysis of the busiest Pentagon PowerPoint slide you’ve ever seen

See examples…

Less than 31 hours since OpenAI started dropping the ChatGPT vision feature on pro users...

People are scratching their heads in disbelief.

10 wild examples:

— Borriss (@_Borriss_)
Sep 28, 2023

I can’t wait to see all the full applications people build based on this once it’s available as an API!

Meanwhile, I want you to slay the week, starting with this week’s show. Let’s go.

MY WORK

Companies Only Want Hardcore Workers
My new piece on how managers are finding creative ways to filter out all but the most dedicated and least likely to complain. READ THE ESSAY

⏰ If you’re on TikTok, add me and click buttons and stuff.

🎙️ Subscribe to the Podcast
I’ve moved podcast ads to the front of the podcast so that you’ll no longer be interrupted once the content starts! ADD UL TO YOUR CLIENT

📡 Connect via RSS
RSS is lyfe. ADD UL TO YOUR RSS READER

SECURITY NEWS

Sony Hit Again?
Ransomware group RansomedVC claims to have compromised “all” of Sony's computer systems and plans to sell (rather than ransom) the stolen data. Sony says, “We are currently investigating the situation, and we have no further comment at this time.” Sounds bad. Curious why they want to sell vs. ransom the data. Why not all of the above? MALWAREBYTES 

Chrome Zero-Day Upgrade 
Turns out, the Chrome zero-day that Google patched recently isn't in Chrome at all, but in the libwebp library used for encoding/decoding WebP images. And it’s now a CVE and a 10 on the Richter scale. Think log4j, and patch. OODALOOP 

Taiwan's Disinformation Crisis 
China is flooding Taiwan with disinformation, creating a "US skepticism" narrative ahead of the upcoming presidential election. A recent study by the Information Environment Research Centre found that Chinese actors were helping to spread most of these narratives, but more than half appeared to have Taiwanese origins. ECONOMIST

Vulnerabilities:

Exim Zero-Day Vulnerabilities 
A critical zero-day vulnerability in Exim mail transfer agent software could let attackers gain remote code execution on exposed servers. There are multiple issues, actaully. Patch for sure. BLEEPINGCOMPUTER 

Apache NiFi Vulnerability 
The vulnerability, tracked as CVE-2023-34468 with a CVSS score of 8.8, impacts NiFi versions 0.0.2 through 1.21.0 and was addressed in NiFi version 1.22.0. SECURITYWEEK

Sponsor

Don’t Let Emails Lead To Blackmail

📰You might be one click away from making headlines. And not for the right reasons.

🐟From phishing and ransomware to credential theft and zero-day attacks, hackers have many tools in their arsenal to launch attacks. A lack of cybersecurity could put your employees and business at risk.

Mimecast has the industry’s best threat detection. We use AI to scan over a billion emails daily, with built-in prompts to catch the most common threats. It also has the ability to identify newer threats and stop them from doing any damage.

👉mimecast.com/work-protected👈

Start a Free Trial to Work Protected

Bard's AI Cross-pollination
What’s the worst thing that can come from having an AI bot with the same company as a search engine? Yeah, your queries in search results. And that’s exactly what’s happening with Bard → Google. MALWAREBYTES 

Chinese Firmware Replacement 
A Chinese state-linked group, BlackTech, has been replacing Cisco device firmware with a malicious version, allowing them to move from smaller international subsidiaries to the headquarters of the targeted organizations. OODALOOP 

NSA's AI Security Center 
The National Security Agency (NSA) is launching an artificial intelligence (AI) security center to protect and integrate AI capabilities into U.S. defense and intelligence systems. The mission is to safeguard the U.S. defense-industrial base against (mostly) China and Russia. SECURITYWEEK 

Sponsor

Revolutionize Your Security Program with Vanta’s Top-Tier Compliance Automation

💸 Save not just time, but up to a whopping 85% of costs!

⌛ Join Vanta's global network of 5,000+ customers who have   slashed over 300 hours of manual work   for SOC 2, ISO 27001, HIPAA, GDPR, and more.

🕸️ Vanta's 200+ integrations let you   effortlessly monitor and secure your essential business tools . From hot-ticket frameworks to third-party risk management and security questionnaires, we offer a   one-stop solution for SaaS businesses   to manage risk and demonstrate security in real-time.

Exclusive for the Unsupervised Learning community: Claim your $1000 discount at   Vanta.com/Unsupervised . Act now, secure your business, and save big!

👉 vanta.com/unsupervised 👈

Claim Your Savings Now

Deepfake Threats Rising 
The NSA, FBI, and CISA have released a Cybersecurity Information Sheet highlighting the growing threat of synthetic media, like deepfakes. Between 2021 and 2022, these agencies collaborated to establish best practices in response to the increasing threat. CISA 

Dual Ransomware Attacks 
The FBI is warning about a new trend of dual ransomware attacks, where cybercriminals deploy two different ransomware variants against the same victim. THEHACKERNEWS 

GPTBot Blockade 
Many popular websites are blocking OpenAI’s web crawler, with at least 26 of the top 100 and 242 of the top 1,000 now doing so. SEARCHENGINELAND 

TECHNOLOGY NEWS

Lex + Mark Insane Virtual Podcast
Lex had Mark Zuckerberg on the podcast last week and they did the entire session remotely with lifelike video. It was completely insane. Lex was freaking out the whole time over how real it was. Super exciting, but the downside is that they needed to spend hours in a specialized lab to get that accurate of a scan. But the headsets were current-generation gear. THE PODCAST | MY TWEET ABOUT IT

Hardcore or Leave 
Grindr and Zoom are now insisting on in-person work. Grindr has already let go of 82 out of its 178 employees for refusing to comply with its return-to-office mandate. Repeat after me: companies are realizing they only want hardcore workers, not casuals. They consider this level of attrition to be a good thing, because the people that stay are the all-in types. BBC

Meta's Smart Glasses 
Zuckerberg has stopped saying “Metaverse’, but he’s not given up on the vision. His latest attempt are Smart Raybans which can discreetly take photos and capture videos, and they’ve been upgraded to 12-megapixel ultrawide cameras. THEVERGE

AI Training Controversy 
Meta, Bloomberg, and others have been using a data set of over 191,000 pirated books, known as "Books3", to train their generative AI systems without permission. THEATLANTIC 

AI vs. Hollywood 
The Writers Guild of America (WGA) has established regulations for the use of artificial intelligence (AI) in their projects. AI can't write or rewrite literary material, and AI-generated material can't be used to undermine a writer's credit or separated rights. WGACONTRACT2023 

Musk's Brain Bandwidth 
Elon Musk's Neuralink is looking for its first volunteer to receive the "N1", an implant with 1,024 electrodes that can listen in on brain neurons. Super exciting, but a major risk to Musk’s brand if it goes sideways (injury/death). MITTECHREVIEW

Tech Layoffs Decline 
We seem to be at an inflection point for layoffs vs. hiring again. But expect new hiring to over-index on in-person roles and filter for “hardcore” work ethic. Which means less work-life balance, perks, etc. In other words, less “we’re a family”, and more Alaskan Fishing Boat. TECHCRUNCH 

AI Job Hotspots 
San Francisco, San Jose, New York, Los Angeles, Boston, and Seattle are the top U.S. cities for AI job hunters, accounting for nearly half of all generative AI job postings in the past year. VENTUREBEAT

AI iPhone Concept 
Jony Ive is working with OpenAI CEO Sam Altman to create some sort of "iPhone of artificial intelligence", backed by over $1 billion from Softbank CEO Masayoshi Son. I hope this thing has some measure of success. I just love the idea of design + AI in a new piece of hardware. Mostly becasue I want the MANGA companies to tremble with fear and do something innovative themselves. THEVERGE 

HUMAN NEWS

📚️ TikTok's Literary Influence 
BookTok is indeed one of the best parts of TikTok, but look at these stats. Last year, one in four book buyers in Britain used TikTok, and videos with the BookTok tag have been viewed 179 billion times. Wow! ECONOMIST 

Teens Overwhelmed by Notifications 
Teens are being bombarded with hundreds of phone notifications daily, according to a new report by Common Sense Media. The study found that about half of 11- to 17-year-olds receive at least 237 notifications every day, with some even reaching nearly 5,000 notifications in 24 hours. NBCNEWS

Asteroid Dust Unveiled 
NASA flew a thing to a freakin’ astroid and grabbed a sample and brought it back to Earth. Scientists are now analyzing the content like a bunch of excited kids, which is 1000% justified. ARSTECHNICA

Anti-social Phones
A new study shows that when people have their phones they’re less likely to interact with others and enjoy being around new people less. SCIENCEDIRECT

Military Intervention 
Sweden is dealing with a massive surge in shootings and bombings linked to criminal gangs. They’re now calling in the military to help police address the issues. Meanwhile, far-right parties are ascending in the polls. FT 

Reading Crisis in America 
Two-thirds of American kids can't read fluently, with 40% being essentially nonreaders. Many blame the Phonics method of teaching English, which arguably isn’t complex enough for English. SCIENTIFICAMERICAN 

Unaffordable Housing 
The average American can't afford a home in 99% of US counties, according to a new report from ATTOM. The report found that the typical home priced today would require 35% of someone's annual wages. Completely unsustainable. CBSNEWS 

Fast Food Wages = AI Acceleration 
California's fast food workers are getting a pay raise to $20 per hour next year. The law applies to restaurants with at least 60 locations nationwide, and will make California's fast food workers the highest paid in the industry. My predication? This will just increase investment in worker-replacement technologies like AI and robots. It’s like, “Hey, we were looking for a reason to invest millions in those technologies, and California just gave us that reason.” APNEWS

IDEAS & ANALYSIS

You Fix Good Things by Doing Them Better
Liberal Democracies and Science share something important. When they aren't as good as they should be, the solution isn't to try something else—like communism or anarchy or tarot cards. The solution is to improve our Liberal Democracies and Science. Have a bad democracy? Do better democracy. Have a problem with bad science? Do better science. They aren’t the problem. Not doing them well is the problem.

NOTES

I have the music bug stronger than ever. I have set up my keyboard and all my software (KOMPLETE + Native Instruments + Logic for anyone interested), and I even had a preliminary session with my buddy Marc. He’s the one talking about whale song research in UL Chat. Super fun! If I don’t have at least one shitty song released within 6 months you are hereby required to give me major shit.

Here’s an amazing Jungle set: CloZee’s set from Envision 2023. This is the type of stuff I’ll be making for sure. But think more hacking, UL themes. I’m psyched. Just need to figure out where to find all the right samples, and get down and dirty with Logic. If you are into making EDM, let me know the best database for finding high-quality and legit samples I can buy or use.

DISCOVERY

⚒️ CertGraph — An open-source tool that crawls SSL certificates to create a directed graph, where each domain is a node and the certificate alternative names for that domain's certificate are the edges to other domain nodes. GITHUB

⚒️ Aftermath IR Framework — A Swift-based open-source incident response framework, is designed to help defenders collect and analyze data from compromised hosts. It can be deployed from an MDM or run independently from the user's command line, and provides a parsed view of locally collected databases, file timelines, and browser information to potentially track down the infection vector. GITHUB

⚒️ Magentic: Python LLM Integration — A new tool that lets you integrate Large Language Models (LLMs) into your Python code. It allows you to create functions that return structured output from the LLM, and mix LLM queries and function calling with regular Python code to create complex logic. GITHUB

⚒️ Shinobi Unveiled — A new AI analyst tool, is designed to help cloud professionals quickly search, monitor, and understand complex environments. It's like having a personal AI analyst to help you uncloud the cloud. SHINOBI 

Apple’s going to fix hot iPhone 15’s with a software update. MACRUMORS

Top 1% Earnings by State VISUALCAPITALIST

Here’s an article on how to scrape websites using ChatGPT. Pretty decent, but in my experience it’s best to get the entire page and do stuff with it later. I use a combination of Browserless, Feedly, and Zapier to do this. Ping me in UL Chat if you want details. PROXIESAPI

Cloudflare is deploying AI models like LLAMA2 as Cloud Workers TECHCRUNCH

Don't Ever Write Your Own Database HACKERNEWS

Elderly people can’t resist answering the phone BOGLEHEADS

Reddit is all about “personal LLMs”, which is something I talked about in my book in 2016. I called them “DA’s”, though, which I regret. REDDIT

Letting Go of Self-Optimization NYTIMES

Is Robots.txt Really Effective? JIM-NIELSEN

Astronomers have coined a new term, "noctalgia", to describe the collective grief over the loss of our night sky due to light pollution. SPACE

The Prophetic Perfect Tense is a fascinating literary technique used in the Bible, where future events are described in the past tense, as if they've already happened. WIKIPEDIA

Chomsky says moral relativists don’t exist OPENCULTURE

First-Ever Photographed Black Hole is Spinning PETAPIXEL

Qualify your yes’s ASMARTBEAR

Google People Mystery Remember Google People? It was a bizarre social network that existed for a brief moment between Orkut and Google+, with strange features like forcing your profile image to smile and guessing your birth and death dates. The platform, which was never officially "alive" according to Google, was shut down after about six months for reasons unknown. QNTM Discovery: "Google's Forgotten Social Network" QNTM

The Ashley Book of Knots, often referred to as the knot bible, is a comprehensive guide to tying practical knots, complete with 7000 drawings representing 3800 knots. ARCHIVE

RECOMMENDATION OF THE WEEK

Gulag Archipelago is a book I think everyone should read in their life, and it’s my recommendation of the week.

You don’t need to read it today, or tomorrow. But maybe commit to reading it within a year. I can basically guarantee that you’ll wish you read it earlier.

The Gulag Archipelago

APHORISM OF THE WEEK

Powered by beehiiv

Here’s an uncomfortable topic, especially in the Bay Area. Covid and a near recession has taught companies that they don’t like lifestyle employees. Or what I’m calling “casuals”.

These are people who want—and were sold in college—a “family” at work. Work-life balance. They ask what the company offers them, vs. what they can offer the company. Companies are done with this mindset in their workers. They’re fed up. The pendulum is swinging violently the other direction, which is towards Alaskan Fishing Boats. What does that mean?

It means the captain asks you if you’re willing to sacrifice everything for this job, and be 100% all-in, and if so you agree to do exactly what I fucking tell you to do. And not complain. Otherwise, I’ll give this job to someone who does.

Companies can’t say they’re heading this direction because it’s not PC. But—at least in my opinion—that’s why so many are doing aggressive Return to Office and similar policies that either fire people or make them quit. It’s because they want them to quit.

Companies as Alaskan Fishing Boats

What if companies are set up to work like Alaskan Fishing boats? What does that mean for the modern workplace and the modern worker?

danielmiessler.com/p/companies-as-alaskan-fishing-boats

They’re looking for people who will work the hardest with the fewest complaints. Full stop.

Now this doesn’t mean they’re going to be able to counter all the pro-balance and pro-employee perk language that’s been building up for the last decade. But what it does mean is that it will be largely hollow for many companies.

The HR department will still be selling the touchy-feely vibe, but underneath the hiring managers will secretly be finding ways to filter for the hardcore mentality.

My advice

Here’s what I think about all this.

I think this move is the smart thing to do (mostly) from a business sense, because those workers who pass the hardcore test will end up producing far more than non-hardcore alternatives. I say mostly because it’s possible to go way too far there and become horrible and toxic.

Companies will continue to make exceptions for top-5% talent. Expect to see named people allowed to have more at-home time, more equity, etc., just because they pull in more fish than everyone else.

This truth about the corporate world should tell us it’s time to move on from this antiquated corporate system.

I think this whole thing is a wake-up for anyone who values their creativity and their autonomy.

What I'm Doing and How It's Going

What I’ve been doing since leaving the corporate world, and why I think you should consider doing the same.

danielmiessler.com/p/what-im-doing-how-its-going

Companies are very old constructs, based loosely on military organizations. That’s why you have officers, a rigid reporting structure, etc. There was a time when this was 1) the only thing available, and 2) mutually beneficial to all parties.

You used to be able to get a corporate job and retire with it. With a pension. With job safety. While being able to put kids through college, take vacations, etc. But that’s all gone now.

This phase is completing

Yuval Harari talks in his books about phases of civilizational organization that have usefulness for a period and then are suddenly no longer needed.

He suggests that societies grow out of certain phases when new technologies, ideologies, or economic systems emerge. For example, the Industrial Revolution marked the end of feudalism in many societies. Similarly, the rise of scientific thinking and humanism has challenged the dominance of traditional religions.

He says these phases are necessarily 'better' or ‘worse’ than the previous or last, but rather a different way of organizing human life that responds to changing conditions.

Well, I’d argue that Corporate Work is one such phase.

It used to have all sorts of advantages, some of which were mentioned above. But now most of them are gone. Plus there are many advantages to alternatives.

Individuals are able to switch jobs faster

It’s not considered as bad to do so

Companies can fire easier, and that’s also not as abnormal

Everyone’s pretty much dropped pensions

Freelance work is a lot more of a thing due to technology

So what’s the new phase?

It’s time for humans to blossom into our potential, which doesn’t involve Jira

I think the new phase is that of the Individual.

This is why I advocate so much for people having their own domain, their own websites, emoting in public, learning in public, etc.

It’s because the HUMAN is the unit of import. We’re what matters. Not corporations. We shouldn’t be judging ourselves by the title a company gives us. We shouldn’t be restricted from sharing ourselves online by our companies.

It’s our time.

Summary

So, while this move to “hardcore” will cause a lot of difficulty for people, and it’s quite underhanded in the way it’s not being talked about, I ultimately think it’s a good thing for humanity.

Why?

Becasue we’re not supposed to be moving paperwork from here to there anyway. Writing documentation. Going to meetings about meetings. We have more to offer than repetitive tasks and office politics that make you pray for the weekend.

The faster we see the corporate job for what it is, i.e., as a relic of the past, the faster we can start transitioning to the next thing.

NOTES

Click to see all AI Influence Levels

I don’t think society should stop corporations cold-turkey. First of all, different cultures will transition at different speeds. Don’t hold your breath for South Korea or Japan anytime soon. And there is still a role for corporations, but they should basically be Alaskan fishing boats full of hardcore Individuals who know their own value, have their own independence, and are temporarily playing on an elite team. Which is in strong contrast to the dom/sub dynamic of many current corporations.

Powered by beehiiv

The following is the output of extwis on a piece of content. extwis is an AI tool I built for extracting meaning from text-based content such as articles, podcasts, conversations, papers, or books.

In this series I run extwis against various interesting pieces of content and post the content for people to consume. And sometimes I add my own commentary at the end.

extwis OutputSUMMARY:

In this episode of "Philosophize This," host Stephen West discusses the work of contemporary philosopher Byung-Chul Han. Han's philosophy centers around the role of technology in society, the concept of power, and the impact of neoliberalism on human behavior. He argues that modern societies control people through "positive power," encouraging them to constantly strive for achievement and self-improvement, leading to a rise in narcissism, anxiety, and depression. Han also criticizes the shallow, fast-paced consumption of information enabled by technology, advocating for deeper contemplation and engagement with "the other."

IDEAS:

1. Modern societies control people through "positive power," encouraging them to constantly strive for achievement and self-improvement.

2. This drive for constant self-improvement leads to a rise in narcissism, anxiety, and depression.

3. Technology enables shallow, fast-paced consumption of information, preventing deeper contemplation and engagement with "the other."

4. The ethos of neoliberalism, which emphasizes individual entrepreneurial freedoms, is applied to individuals, turning them into commodities focused on increasing their market value.

5. The lack of genuine interaction with "the other" leads to a crisis of connection and love in modern society.

6. The smartphone is a symbol of domination, serving as a surveillance device and a digital confessional.

7. True thinking, which differentiates humans from other animals, requires contemplation and engagement with different perspectives.

8. To counteract the negative effects of this achievement-focused society, individuals need to reintroduce "the other" into their lives.

9. This can be achieved by truly listening to others, doing things purely for joy, and making space for rest and leisure.

10. Despite the challenges presented by modern society, individuals have the power to navigate these issues and live meaningful lives.

QUOTES:

1. "Freedom turns out to be a form of control."

2. "Can is much more effective than the negativity of should."

3. "The ego struggles with itself as against an enemy."

4. "The infinite work on the ego resembles self-observation and self-examination in the Protestant religion."

5. "The narcissist loves to have friends that are all the same as them and agree with them on everything."

6. "The terror of the same affects all areas of life today."

7. "One travels everywhere yet does not experience anything."

8. "One accumulates online friends and followers yet never encounters another person."

9. "Thinking, actually contemplating things at a deeper level, that's something that differentiates us from other animals."

10. "The fact is that person doesn't even miss the levels of depth to everything that's available to someone if they just spent a little less time talking and a little more time actually thinking."

FACTS:

1. Byung-Chul Han is a South Korean-born German philosopher who is currently alive and working.

2. Han's philosophy centers around the role of technology in society, the concept of power, and the impact of neoliberalism on human behavior.

3. Han argues that modern societies control people through "positive power," encouraging them to constantly strive for achievement and self-improvement.

4. This drive for constant self-improvement leads to a rise in narcissism, anxiety, and depression.

5. The ethos of neoliberalism, which emphasizes individual entrepreneurial freedoms, is applied to individuals, turning them into commodities focused on increasing their market value.

6. Han criticizes the shallow, fast-paced consumption of information enabled by technology, advocating for deeper contemplation and engagement with "the other."

7. Han views the smartphone as a symbol of domination, serving as a surveillance device and a digital confessional.

8. Han suggests that to counteract the negative effects of this achievement-focused society, individuals need to reintroduce "the other" into their lives, truly listen to others, do things purely for joy, and make space for rest and leisure.

RESOURCES:

1. Podcast: "Philosophize This," hosted by Stephen West.

2. Book: Works of Byung-Chul Han, a South Korean-born German philosopher who is currently alive and working.

3. Concept: Neoliberalism, an economic strategy that emphasizes individual entrepreneurial freedoms within an institutional framework characterized by strong private property rights, free markets, and free trade.

4. Concept: Positive power, a form of control that encourages individuals to constantly strive for achievement and self-improvement.

5. Concept: Digital panopticon, a surveillance system where the observation is constant and the observed does not know when they are being watched.

PRIOR WORK:

1. Michel Foucault's work on power and surveillance: Han's work builds on Foucault's analysis of power and surveillance in society.

2. The Protestant Ethic and the Spirit of Capitalism by Max Weber: Han's comparison of self-improvement to self-examination in Protestant religion echoes Weber's exploration of the relationship between Protestantism and capitalism.

3. The Society of the Spectacle by Guy Debord: Han's critique of shallow consumption of information aligns with Debord's analysis of the spectacle in modern society.

4. The Culture of Narcissism by Christopher Lasch: Han's discussion of the rise of narcissism in modern societies mirrors Lasch's exploration of the same theme.

5. The Second Self: Computers and the Human Spirit by Sherry Turkle: Han's view of technology as a tool of control and self-obsession aligns with Turkle's exploration of the psychological impact of computers.

6. The Condition of Postmodernity by David Harvey: Harvey's analysis of neoliberalism provides a context for understanding Han's critique of the same economic strategy.

7. The Burnout Society by Byung-Chul Han: Han's own book provides a deeper exploration of the themes discussed in this podcast episode.

RECOMMENDATIONS:

1. Consider the impact of "positive power" on your life and behavior.

2. Reflect on the role of technology in your life and how it may be encouraging shallow consumption of information.

3. Contemplate the ethos of neoliberalism and how it may be influencing your perception of yourself as a commodity.

4. Make space for "the other" in your life, truly listen to others, do things purely for joy, and make space for rest and leisure.

5. Challenge the way you're currently thinking about things and sit with perspectives that are truly different from your own.

6. Be aware of the potential negative impacts of an achievement-focused society, such as narcissism, anxiety, and depression.

7. Engage in activities that require deep thinking and contemplation, rather than fast-paced multitasking.

8. Consider the value of genuine interaction and connection with others, beyond surface-level relationships.

9. Reflect on the balance between work and leisure in your life and consider whether adjustments need to be made.

10. Read more about Byung-Chul Han's philosophy to gain a deeper understanding of his ideas.

Analysis

I really enjoyed this podcast episode, but I feel like it misses the point a bit.

I don’t think the problem with narcissism is the focus on the self. Or the focus on self-optimization. I think the problem is the lack of focus on something worthwhile outside of oneself that serves as a source of life meaning.

Most importantly I don’t think our rise in anxiety and depression is from narcissism. I think that’s a red herring. The problem is what Victor Frankl called the Existential Vacuum.

I don’t think there’s anything wrong with being acheivement-based. The key is to make sure you’re driving yourself towards the right things that have the right reasons behind them. And to make that meaning the purpose, and not your self-optimization.

Self-optimization and acheivment for the sake of it is empty. Agree with that. But the missing piece is not Other and enjoying things. The missing thing is life purpose.

Powered by beehiiv

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.

Hey there,

No big intro this week. Let’s just jump into it!

MY WORK

AI Will Likely Crush the B2B Services Economy

Some back-of-napkin analysis of how much AI could impact B2B services and overall GDP.

danielmiessler.com/p/ai-will-likely-crush-b2b-services-economy

🎙️ Subscribe to the Podcast
I’ve moved podcast ads to the front of the podcast so that you’ll no longer be interrupted once the content starts! ADD UL TO YOUR CLIENT

📡 Connect via RSS
RSS is lyfe. ADD UL TO YOUR RSS READER

SECURITY NEWS

Cyber Job Shortage Confusion
Ben Rothke has an interesting post explaining the discrepancy between so many people looking for cyber jobs while there are also so many openings. He argues that there are tons of newbies, generalists, middle-managers, and CISO-types—but nowhere near enough people to actually do the technical work. In other words, developers that know the deepest levels of product and application security and have the dev skills to push code to production. There are more specific skill sets than just development that this applies to, like third-party assessments, threat modeling, pentesting, etc., but I think the analysis is spot on. TL;DR: We have a surplus of cyber-adjacent people looking for jobs, but hiring managers are struggling to find people who can do the actual technical work. BROTHKE | MY ESSAY ON WHAT HIRING MANAGERS WANT

We Need a Content Source Authentication System
We’re seriously about to need a content authentication system. This demo that just came out from HeyGen shows another language being overlayed on top of an existing video. Except the mouth matches the translation, so it looks like they actually speak the language. This is the type of problem that happens slowly until it hits us all at once, i.e., not knowing what content came from the actual creator vs. what was faked. I give more analysis here. TWITTER

CVE Farming
Software Supply Chain security researcher, Dan Lorenc, has highlighted an issue where people are gaming the CVE submission system by submitting multiple old and highly-rated issues to get a reputation boost by having their own CVE. MALWAREBYTES

Vulnerabilities:

Apple's Zero-Day Flaws There have been multiple Apple Zero-day patches recently, with the most recent one being Predator Spyware related. When you see an Apple urgent patch, it’s a good idea to update, especially if you’re someone likely to be targeted. THEHACKERNEWS | OODALOOP | GOOGLE

GitLab's Critical Flaw GitLab has patched a critical vulnerability that allowed attackers to run pipelines as another user. 9.6. SECURITYWEEK

Fortinet's Security Patches Fortinet has rolled out patches for high-severity XSS vulnerabilities affecting multiple versions of FortiOS and FortiProxy. SECURITYWEEK

Juniper Vulnerability Around 12,000 Juniper SRX firewalls and EX switches are open to a fileless remote code execution flaw that doesn't require authentication. BLEEPINGCOMPUTER

Nagios XI Vulnerabilities Nagios XI has been hit with multiple security flaws that could lead to privilege escalation and information disclosure. THEHACKERNEWS

Malicious npm Packages Cybersecurity researchers have found a new batch of malicious npm packages that are designed to steal Kubernetes configurations and SSH keys from compromised machines. THEHACKERNEWS

Sponsor

Cloud Visibility?

Cloud-first security teams are leading the pack in adopting Cloud Native Application Protection Platforms (CNAPP). This CNAPP Buyer’s Guide contains everything you need to know to make sure you’re adapting to the evolving threatscape and staying ahead of attackers, including:

What exactly is CNAPP

Why Gartner predicts that 80% of teams will move to CNAPP by 2026 

How leading security orgs are consolidating their security stack (CSPM, CWPP, CIEM, CDR)

Bonus: An RFP template with a scorecard to assess potential solutions

Get the complete breakdown in the CNAPP Buyer’s Guide.

👉wiz.io/lp/cnapp-buyers-guide👈

Download Now

UK's Cyber Operations 
The UK's Strategic Command is now conducting 'hunt forward' operations, which are defensive activities where military cyber experts deploy to a foreign nation to detect malicious activity on the host nation's networks. I like the initiative here. Seems aggressive but necessary. THERECORD

Microsoft's Data Leak 
Microsoft's AI research team accidentally exposed 38 terabytes of private data, including a backup of two employees' workstations, while publishing open-source training data on GitHub. The leak included secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. People wonder how AI is going to affect security, and I think one of the biggest ways is having tons of AI agents monitoring for and preventing mistakes. Things like: Publishing errors, config mistakes, too many permissions, etc. Imagine having a team of hundreds of people working 24/7 who never get tired to make sure you never make these mistakes. That’s one huge thing AI will end up being for the blue side. WIZ

OpenAI's Red Teaming 
OpenAI is launching the OpenAI Red Teaming Network, a group of contracted experts to help make their AI models more robust. TECHCRUNCH | OPENAI

Clorox's Cyberattack Impact 
This is a rare case where a cyber incident directly impacts the bottom line. Clorox is still recovering from a cyberattack that happened a month ago, and it's going to hit its earnings because had to switch to manual ordering and processing during the attack. THEHILL

Sponsor

Revolutionize Your Security Program with Vanta’s Top-Tier Compliance Automation

💸 Save not just time, but up to a whopping 85% of costs!

⌛ Join Vanta's global network of 5,000+ customers who have slashed over 300 hours of manual work for SOC 2, ISO 27001, HIPAA, GDPR, and more.

🕸️ Vanta's 200+ integrations let you effortlessly monitor and secure your essential business tools. From hot-ticket frameworks to third-party risk management and security questionnaires, we offer a one-stop solution for SaaS businesses to manage risk and demonstrate security in real-time.

Exclusive for the Unsupervised Learning community: Claim your $1000 discount at Vanta.com/Unsupervised. Act now, secure your business, and save big!

👉vanta.com/unsupervised👈

Claim Your Savings Now

T-Mobile's Data Leaks 
WTAF is going on at T-Mobile? They’ve been having a rough year, with customers reporting seeing other people's sensitive information when they log into their accounts. And this is one of many incidents so far this year. Are we just over-reporting on T-Mobile right now, or is it really this bad? OODALOOP

Snatch Ransomware Alert 
FBI and CISA have issued a joint warning about "Snatch", a ransomware-as-a-service operation that's been active since 2018. The malware forces Windows systems to reboot into Safe Mode, encrypting files undetected by antivirus tools, and has recently targeted IT, defense, and food and agriculture sectors. OODALOOP

APT36's YouTube Clones 
The APT36 hacking group, also known as 'Transparent Tribe,' is using Android apps that mimic YouTube to infect devices with their signature remote access trojan (RAT), 'CapraRAT.' This malware can harvest data, record audio and video, and access sensitive communication information. BLEEPINGCOMPUTER

Chinese Linux Backdoor 
Chinese hackers have come up with a new Linux backdoor, dubbed SprySOCKS, which is a spin-off from a Windows backdoor named Trochilus. The malware, linked to the Chinese government, has capabilities like collecting system info, controlling compromised systems, and creating a proxy for data transfer. ARSTECHNICA

TECHNOLOGY NEWS

ChatGPT Gets Voice and Vision
OpenAI's ChatGPT has been upgraded with vision and auditory capabilities, significantly enhancing its ability to assist users in their daily tasks.

- You can talk to ChatGPT and have it respond in a natural voice
- You can upload an image and ask questions about it
- The features are rolling out slowly to the user base, as with most of their new shiny stuff OPENAI

Cisco Acquires Splunk 
Cisco bought Splunk for $28 billion. The joke is that Splunk took a while to react because when they saw the payment they just figured Cisco was renewing their license. My take on this is that it’s an AI play to go where the enterprise data is. And logs is one of those places. SPLUNK | SECURITYWEEK 

GitHub's Passwordless Logins 
GitHub has rolled out passkeys for all users, allowing for passwordless logins and better protection against phishing. Thank God. Passkeys everywhere, please. Especially for finance-related apps. BLEEPINGCOMPUTER

DALL-E 3 Unveiled Kind Of
OpenAI has teased DALL-E 3, a new version of its AI image creator that can be controlled using ChatGPT. The system is way better at doing exactly what you tell it, but it doesn’t look as good as Midjourney. Weird that they did a launch without actually giving people access, though. AXIOS

Microsoft's Copilot Everywhere  
Microsoft is putting Copilot AI in everything, basically. Deep into the new Windows OS, the core apps, and on the new Surface devices. Yusuf Mehdi, consumer chief marketing officer, describes Copilot as "a handshake between you and technology — available when you need it and out of the way when you don’t." I’m not a Windows guy, but I’m super happy to see this. THEVERGE

AI's Impact on Kindle 
Amazon had to throttle how many new books one can publish on Kindle because of GenAI. People were posting many per day, most of which were very low quality. HACKERNEWS

AI Girlfriends Rise 
Ads for AI girlfriends are popping up everywhere, with Replika alone being downloaded over 20 million times. I tried a couple from an article last week and they were super cringe. Also GPT-3 cringe, which “she” was happy to tell me. One of the services was a straight-up porn avatar/chatbot. FREYAINDIA

Nursing Robot Expansion 
Diligent's nursing robot, Moxi, is getting a big boost with a $25 million funding round aimed at tripling its reach. Electric cars don’t have anything on robots. AI and personal/everyday robots are going to shape our tech future the most in the next 20 years I think. TECHCRUNCH 

HUMAN NEWS

Iran's Hijab Bill 
Iran's parliament has a new bill that could land women in jail for up to 10 years for "inappropriate" attire, and it’s also the anniversary of the government crackdown against women not wearing the Hijab. Meanwhile, the UK is erecting a Hijab statue talking about how awesome they are. To be clear, I think women should obviously be able to wear whatever they want in free countries. What trips me out is how religion can make something a symbol of freedom and oppression simultaneously. OODALOOP

Germany's Economic Decline 
Germany is now the world's worst-performing major developed economy. The decline is largely due to the loss of cheap natural gas from Russia following its invasion of Ukraine, which has severely impacted Germany's energy-intensive industries. APNEWS 

Single-Parent Households 
The U.S. has the highest rate of children living in single-parent households in the world, with almost a quarter of U.S. children under 18 living with one parent and no other adults. This is more than three times the global average of 7%. PEWRESEARCH 

Religious Identification Declines 
Americans are increasingly identifying as spiritual rather than religious, according to a recent Gallup poll. The survey found that 47% of Americans identify as religious, down from 54% in 1999, while 33% identify as spiritual but not religious, and 18% say they are neither, up from 9% in 1999. GALLUP

Alcohol's Heart Risks 
The World Heart Federation's recent policy brief debunks the myth that alcohol, including red wine, is heart-healthy, linking it to several heart-related risks. I learned this from Huberman, and have removed all alcohol from my house. I no longer drink unless I’m out with friends and it’s a special occasion. Or at conferences. Turns out it’s just poison at any dosage, so I’m done with it as a regular thing. HEALTH.HARVARD

Airlines Turned Banks 
Airlines have become more like financial institutions, creating points out of nothing and selling them for real money to banks with co-branded credit cards. THEATLANTIC

Charging for Returns 
H&M, following other brands like Zara and Uniqlo, has started charging for returns in the UK, which might be a bummer for your wallet but could be a win for the environment. But I suspect the reason is that it discourages returns and improves the bottom line. Imagine if Amazon did this. THEVERGE

COVID Vaccine Uptake 
According to Politico and Morning Consult polling, 57% of registered voters said they would "probably" or "definitely" get the vaccine, nearly triple the uptake of last year's updated vaccine. ARSTECHNICA 

IDEAS & ANALYSIS

Who Wins AI? Open or Closed Source?
I think open-source AI has a high chance of ending up with tons of market share for a simple reason. AI only needs to be “good enough” for most tasks. There’s a bar for perfect that isn’t actually perfect at all. So open source AI models don’t have to beat GPT-N, they just have to exceed that bar. Also, look at macOS vs. Linux. What’s more popular with high-end consumers? iOS and macOS. But only for their personal devices. What’s running the consoles and the machines all around us all day? The millions of electronic systems and machines embedded all over the planet. Linux. I think open source AI might be the same. Mostly open for most things, and then closed for the premium use cases. SUBSTACK 

NOTES

Strong UL book club this week. Great discussion of the current book and surrounding issues, and we picked the next book as well. Can’t wait for everyone to read this one!

DISCOVERY

⚒️ Sling Shot R3con — A new open-source tool that simplifies the initial phase of bug bounty and penetration testing by automating tasks like subdomain discovery, DNS resolution, port scanning, and website crawling. The tool, written in Bash and powered by Project Discovery tools, is designed to save time and increase efficiency for developers and security enthusiasts. MEDIUM

⚒️ Tracker-Radar — A dataset of the most common third-party domains on the web with information about their behavior, classification, and ownership. TWITTER

⚒️ Go Exploit — A Go-based framework designed to help developers create portable and consistent exploits. GITHUB 

⚒️ FFUF v2.1.0 — A new release of the popular web fuzzer, FFUF, is out now. | by joohoi | GITHUB 

Bypassing SSL Pinning in TikTok TWITTER

WSL 2.0: Now with Windows Snapping for GUI Apps GITHUB

Six Weeks to a New Brain BBC

Vim + LLMs REZ0

MBA grads are buying entire companies through a phenomenon called "entrepreneurship through acquisition" (ETA). MORNINGBREW

The SATs are changing next year to a new format that will de-emphasize speed. NYTIMES

Building Knowledge Graphs with Langchain and Matplotlib DATADRIVENINVESTOR

Marriage as a Poverty Solution THEATLANTIC

Orwell's Complete Works HACKERNEWS

Project Gutenberg has just turned thousands of its titles into audiobooks using synthetic speech. TECHCRUNCH

Exploiting Okta for Penetration Testing REDDIT

There's a whole branch of math that's all about knots. YOUTUBE

Training Smaller AI Models to Outperform Giants GOOGLE

Social Media's Impact on Teen Girls NYTIMES

RECOMMENDATION OF THE WEEK

Re-evaluate your task list with the retrospective view of December 31st, 2023.

What have you done this year?

What did you set out to do?

Where are you on that list?

Look at your current daily/weekly plans this week and reframe them based on this

If your goals haven’t changed, and you’ve not accomplished them yet, are the things you’re doing this week and next that high of a priority?

Zoom out. Look at your goals and your progress. Re-evaluate.

APHORISM OF THE WEEK

Powered by beehiiv

Midjourney 5.2

I've been talking to my buddy Joel Parish about AI since, well, forever (2014?), and dinner last week was more of the same. This time we were riffing about the impact of AI on the economy, jobs, etc. Pretty Basic dinner convo for the Bay Area, honestly.

Anyway, we started thinking about how the economy breaks down into different sectors, and which ones would be hit hardest. Lots of groups have done similar analysis, including this latest one by McKinsey. That one focused on the upside though, similar to this piece I did recently. In this convo, however, we were thinking about the downside impact.

We started talking about services, which is where we think most of the impact will be. And we were talking about companies that exist to provide those services. Then we started thinking about the percentages.

Joel had the great idea to concentrate on the difference between B2B and B2C. B2C seems less vulnerable because the product or service is going directly from the creator to the buyer. We were in NOLA and were using restaurants as an example, where the chef can have a great idea, make the thing, and then serve it.

But B2B is different. It’s especially vulnerable to AI because it’s largely middleware. Not completely, but largely.

So after that conversation I decided to dig in a bit on possible impact, based on some numbers. First, how big is US GDP? Turns out it’s around $26 trillion or so.

Google

And how big is the services sector?

Google

77%.

That’s insane. Now for a harder piece. What percentage of that is B2B? Looks like around half again.

Google

Let’s call that 37% of GDP. So—according to these very rough estimates—37% of GDP is B2B Services.

AI Impact

So what percentage of that might be replaced by AI? That’s much harder to say because of all sorts of variables:

How long are we talking about?

Are we talking about GPT-4 level, or like AGI with a 150 IQ?

Which services? Not all of them are equally automatable.

So given those constraints, let’s ask (of course) ask AI. I seeded it with the information that AI at this particular moment (in the next 2-3 years) can:

Solve some creative problems

Analyze proposed solutions and give recommendations

Summarize nearly any sort of text content and reproduction it in various formats for various audiences

Write, correct, and recommend documentation and many other types of text-based artifact

Execute common tasks like sending emails, creating calendar invites, etc. via APIs

Given those (which I’d argue GPT-4 is getting very close to), here’s what it came back with.

From GPT-4

50-70% lost revenue, and 60-80% lost jobs! That’s ~60% of 37% of GDP, which is…22%.

22% of GDP.

Keep in mind this is all hand-wavy AI talking about AI, and based on estimates of estimates. But I honestly can’t find much flaw in the reasoning here.

More sci-fi stuff (but not really)

For giggles I decided to ask it to project based on a much smarter AI. Here’s what happens if you ask it to do the same numbers with an AGI (my definition here) level AI with an IQ between 120 and 160.

From GPT-4

That’s ~70% revenue loss, and ~80% job loss. Again, based on a whole lot of shenanigans, that doesn’t seem wrong to me.

What do we think this means?

Not much, really. This is all just napkin math stuff combined with science fiction. The main point was to say that the Services economy seems especially vulnerable to AI.

But that’s almost 80% of GDP. And B2B seems extra vulnerable, which is basically half of that, bringing us to something like 40% of GDP.

And GPT-4 thinks if AI hits it in any significant way we could see somewhere like 60-80% impact on the revenue and jobs in the sector.

I think our random guesses without any of this, um, “research”, was something like 50% to 90% of B2B being gutted by AI. So there’s a directional match anyway.

Now what?

I guess the takeaway would be for actual researchers to think about:

What the largest portions of the economy are

Which are most vulnerable to AI

How different levels of AI would impact them differently, since more advanced AI cuts deeper into high-skill knowledge and creative work

Would love to hear your thoughts.

Powered by beehiiv

I should read a lot more biographies. I’m never disappointed when I do, and I always extract so much wisdom from them.

I’ve been thinking about why that is.

I think it’s because good biographies of interesting people tend to highlight both insights and failures. They let us benefit from where others did something well or badly.

It’s almost like biographies extend our own lives. In terms of experience.

Of course all reading does that to some extent. But biographies are magnified versions of that. We’re literally watching someone grind and struggle and fail and get knocked down. And then get back up. And then try some more. And (usually) get some measure of success. Which is why there’s a book about them.

The biography superpower

To me the best insight I get from biographies is seeing the main character get crushed. That sounds bad, but it’s not. A biography is a zoomed-out timeline, where we can move left or right along it and learn the lessons.

So when I see someone got crushed as a kid. Or in college. Or at their first or fifth job. It teaches me resilience. Because then later in the book/timeline/story you find out they kept pushing. Or maybe they eventually got lucky.

Doesn’t matter.

What didn’t happen in any of these books is that the main character gave up. And after they gave up, success came to them and got them out of bed. That never happens. Or almost never.

What happens is the person keeps grinding. They keep being them. They keep failing. Falling down. Being called a failure. Being shit on. Being thought less of. And they eventually win.

That’s what I get from biographies. They’re like real-world pep-talks. They’re case studies in Stoicism. They’re case studies in resilience. They’re case studies in believing in yourself.

Read more biographies.

—

P.S.: Also, I just finished the Elon one. It wasn’t all that positive towards Elon, and don’t believe people who tell you it was if they haven’t read it. I thought it was quite balanced, and there was a lot of negative in there.

Powered by beehiiv

Premium Content

This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.

UpgradeLink ConjuctionSign In

A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!
Powered by beehiiv