Daniel Miessler's Blog, page 27

Creativity is usually described as an external force that graces you with inspiration. Something that you have to open yourself to—that you have to allow in. But creativity is more like an inner forge of your past, perspectives, and passions. It’s not something you let in; it’s something you let out.

You can see this in the work of artists like Bong Joon-ho, the creator of the film Parasite. Bong Joon-ho grew up poor in Korea, and in an interview after winning the Oscar for best picture he was asked how he was able to make something so creative. His response was to quote something Martin Scorsese told him.

The most personal is the most creative.

Martin Scorcese

He didn’t find inspiration by going on a meditation retreat. Or by reading books on creativity. Bong Joon-ho grew up feeling the exact things as the characters in the film. He explored that pain and trauma and the resulting art resonated with millions around the world and won him an Oscar.

Another great example of this is Herman Melville’s Moby Dick. Much of the book is a deep dive into a man’s obsession with ships, sailing, and most of all—whales. Melville himself had been on countless whaling adventures, and you can hear that on nearly every page. He basically translated his obsession with whaling into written form, wrapped a plot around it, and that ended up being one of the best novels ever written.

What matters is that you, the writer, are obsessed with he topic.

Neither Bong Joon-ho nor Melville set out to win a big prize. They wrote because they were compelled to. Because their topic was the only thing they could think about. And that’s the ultimate takeaway about creativity.

When you go looking for creativity, don’t look elsewhere. Instead, think about the thing you talk too much about. The thing you can’t shut up about. The thing you keep coming back to. What is the thread you keep weaving into everything? What is the topic that keeps coming up whenever you write or speak?

It doesn’t matter if it’s something you think, or others think, is uninteresting. Melville went on for thousands of words about the lengths, widths, and weights of various whales. It was tedious. Joon-ho was talking about poverty, which some could argue was depressing and negative, and not something that would lead to an oscar. They didn’t care. They wrote what they knew. They wrote their vibration. They wrote their experience.

If you don’t yet have any passions, open your mind and experience more of life. They will come.

So, your homework after reading this is simple. You have to find your thing. Just like they did. Maybe it’s model trains, or management metrics, or child education. Doesn’t matter. The compelling part isn’t the subject matter, it’s the passion you bring to it. Your experience is your creativity. Trust in that experience, and let the rest work itself out.

Sam Altman, the CEO of OpenAI, has said multiple times that,

He says it in this video as well.

We’re very much here to build AGI.

Sam Altman

I am not sure how many people realize this about the company. They’re not like playing with other AI-related tech and AGI might come out of it. They’re purposely building it. And that raises the question of how he defines AGI.

There he’s said multiple times that he defines AGI as a fairly intelligent and competent co-worker. He has specifically said this means the person having a median IQ, but median IQ is 100, so I’m not sure he’s aware that you need more than that to be a solid programmer, attorney, or scientist. If he’s talking about a competent co-worker in higher-end knowledge and creative work, I think that bar would be more like 120 or so.

Anway, what’s important is that he’s not talking about the 10x programmer, or the Von Neumann, or the Motzart. He’s talking about a solid performer.

The key though, is that you can hire that person to learn anything. Doing paperwork. Writing code. Giving lectures. Assembling things. Testing things. Designing a system. Whatever. That’s the important bit. That it’s General.

So Sam’s definition of AGI is a pretty smart co-worker that you can train to do anything. And then of course, because it’s an AGI, it can just do it consistently from then on out, without getting tired. Plus you can “hire” 1,000 of them, or 1,000,000 million of them if you need to.

That’s why it’ll change the world once it happens. We’ll be able to get so much more work done than before, in a more consistent way, and without having to constantly retrain for a human workforce that goes through various life phases.

And honestly, there’s no reason to expect that these agents will spend any considerable amount of time at 100 or 120 IQ. I fully expect them to spend little or no time there, and to instantly jump into IQ levels in the high 100’s or even in the 200’s or 300’s, which is insane.

And that’s just talking about regular co-workers who are that smart. That’s not even talking about a likely eventual superintelligence that will come from that evolution, which will be smarter than all of humanity combined. And this isn’t some pure fantasy. This is anticipated by many of the top thinkers in the space.

Anyway, the point of all this is to say that this isn’t something that might fall out of ChatGPT. It’s not a conspiracy that they’re trying to build AGI. It’s not a rumor. It’s their stated goal.

Unbelievably exciting.

🎙️If you're not subscribed to the podcast version of the newsletter, please add it using with your favorite client! APPLE | SPOTIFY | OTHER

SECURITY NEWS

NYC Surveillance
Amnesty International has revealed new research showing that the NYPD has over 15,000 cameras that can do facial recognition, including over 577 cameras in the most surveilled neighborhood of East New York in Brooklyn. The research was powered by thousands of volunteers who tagged the cameras across 3 boroughs. MORE

GitHub Automatic Vuln Scanning
GitHub has enabled an option to automatically scan your code for vulnerabilities. The feature currently supports JavaScript, Python, and Ruby. Settings -> Code Security and Analysis -> Security.  MORE

Norton LifeLock
LifeLock's parent company sent emails to over 6,000 customers saying their accounts had been accessed due to credential stuffing, i.e., someone getting their password from a breach or another source somewhere, and then using those passwords to get into their LifeLock accounts. MORE

Meta Scraping Suit
Meta is suing Voyager Labs for allegedly scraping data from 600,000 Facebook user profiles. It says they scraped posts, likes, friend lists, photos, and comments from profiles, and that they've done the same against Instagram, Twitter, YouTube and many other services as well. MORE

Top Risks 2023
Ian Bremmer's Eurasia Group put out a new report of top risks for 2023, and here are the top themes:

Rogue Russia Maximum Xi Weapons of mass disruption Inflation shockwaves Iran in a corner Energy crunch Arrested global development TikTok boom Water stress Red herrings

I would have expected to see AI on the list, but the report was probably finalized before the public rise of OpenAI. In a conversation with Scott Galloway, Bremmer put the risks into two main categories: 1) Individual Super-powerful Human Beings Surrounded by Yes-men, and, 2) New growth of extreme poverty after decades of improvement. Great analysis by Bremner and his group here, and I definitely see the danger of the first one with Putin and Xi. READ THE REPORT

Chinese Probe Across Taiwan Strait
The Chinese military sent 28 warplanes across the median line of the Taiwan Straight last Sunday, joining 57 other planes in recent days. MORE
 
Vulnerabilities

Cisco is warning about unpatched vulnerabilities in EoL business routers. MORE Juniper has patched 200 vulnerabilities in 32 separate advisories. MORE

TECHNOLOGY NEWS

OpenAI Launching Paid Version
OpenAI is about to launch a paid, experimental version of ChatGPT called ChatGPT Professional. They are currently signing people up on a waitlist, and I honestly can't remember a more enthusiastic example of "take my money" than how people are reacting. Its features will include: reliability, faster responses, and no throttling. We know a tech is hot when it comes out like 6 weeks ago people already miss it in their daily work when it goes down. MORE | TWEET | WAITLIST

Microsoft and OpenAI
Microsoft is about to put $10 billion into OpenAI. Is it just me or is Microsoft kind of killing it right now? Seriously impressed with their leadership in the last few years. I feel like they've been outplaying Google and Facebook in so many ways, and if this OpenAI investment pays off they're going to be crushing it. SEMAFOR ARTICLE  | MORE

Tesla Cuts Prices
Tesla just massively cut prices on many of its vehicles to become more competitive. Reasoning for the discounts likely include: 1) the stock has faced recent pressure, 2) a number of their cars were too expensive to qualify for tax write-offs, and 3) general competition in the EV space. MORE

Meta Rescinding Offers
Meta is evidently struggling enough that it's rescinding full-time offers. MORE


HUMAN NEWS

China Covid Deaths
China has seen at least 60,000 additional deaths in the month since relaxing Covid lockdowns, although it's difficult to trust any official numbers. The number of deaths is expected to be grow significantly due to 1) the country's elderly population, and 2) the lack of immunity from previous infections and/or vaccines. MORE

Eating Early is Better?
A new study has confirmed previous research showing that it's metabolically better to eat big meals in the morning rather than later. The study found late calories resulted in more fat storage and more hunger. MORE | STUDY

Bullying Suicides
New research found teen suicides declined during the pandemic because of a reduction in bullying. MORE


IDEAS & ANALYSIS

The Chip Wars
I've not been following politics much, but I do love how Biden is handling the Chip Wars. He's not known for strength, but his getting the entire world to stop sending China advanced chips was brilliant. And he's now followed that up with major deals to build chips within US borders. I just feel like he's making all the right moves with regard to China right now, and especially around securing US access to advanced chips while denying theirs. MORE

Bullish on America, Bearish on China?
In a similar vein to the above, I'm surprised to be seeing and feeling a ton of positivity around America's prospects in the coming decade. The ideas are that 1) we're seeing a reverse of globalism, 2) more isolationism, 3) chips become more important, 4) energy becomes more critical, 5) war becomes more disruptive, and 6) a country's age demographics become increasingly important. A lot of this analysis is captured in the work of Peter Zeihan, who used to work at STRATFOR. I have been reticent to relax my worries about China's rising trajectory, but I'm becoming cautiously more optimistic based on the analysis of Zeihan and others. My problem with swallowing Zeihan's analysis whole is that I've not seen other China and strategic experts counter his views, and I find his opinions have too much certainty in them. It often sounds more like ideology than analysis to my ear, so I'm looking for smart counter narratives. But even putting his analysis to the side, I'm still happy about America's demographics, energy and food independence, and our chip manufacturing capabilities vs. China in the next decade. MORE

Mastodon Bankruptcy
I hereby confess to being really bad at Mastodon. I'm not quite sure what it is, but it's some combination of the interface and the different conversational flow. I have tried to stop using Twitter and to use Mastodon exclusively, but it hasn't stuck for even a couple of days at a time. My personal opinion is that Twitter will likely survive and end up being even better than before within a couple of months, but even if I'm wrong I don't think it'll be Mastodon that replaces it. I think it's an interesting tool for small communities, but it doesn't have the "it factor" required to replace Twitter as a global discussion platform.


NOTES

Our UL Community had an amazing mid-month meetup on Thursday afternoon. The topic was "Everything AI", and we talked about hype vs. reality, how we're all using GPT in our daily work, and what we think is going to happen with in 2023. Finally we talked about the implications of businesses getting so efficient that they didn't need people, and we wondered who was going to buy all the stuff if nobody has a job? Wonderful conversation and we're already looking forward to the February meetup. JOIN THE COMMUNITY TO PARTICIPATE IN FEBRUARY

Currently playing with Raycast as a possible replacement for Alfred as my primary launcher on macOS. Been using Alfred for years so it honestly feels like cheating just talking about it. Any of you using it already? RAYCAST

I've just launched the new UL referral program for the newsletter that you can find at the bottom of this issue. You get increasing rewards as you refer more people, going from a new PDF I just created, to UL membership discounts, all the way up to a 30-minute conversation with me about your life, career, and goals (a mini-mentorship!). In addition to that, I'm also giving away a brand new pair of the latest AirPod Pro 2's at the end of February. Every referral you get is an entry into the raffle for it, so the more referrals the more chances to win them. I always appreciate referrals, and this is just a way of rewarding and gamifying the process. Here's your referral link: |IF:RH_REFLINK|

The new Pistachio Latte at Starbucks is way better than it should be.


DISCOVERY

⚒️ legitify — Analyze GitHub repos for vulnerabilities. TOOL | DEMO VIDEO | BY LEGIT LABS

🎨 Project Discovery Wallpapers — A collection of cool wallpapers from Project Discovery. REPO 

📊 An interactive dashboard of California's reservoir levels. MORE

🔭 [ Sponsor ] Drata — Are you spending too much time on security compliance? Sign up for a demo to see how you can automate your compliance tasks in 14+ frameworks. BOOK A DEMO

Work Life Balance is Impossible MORE

Consume More, Create Less MORE

🎹 A Music Theory Visual Cheatsheet MORE

The First Draft Self MORE

GPT Phishing Emails MORE

Manage Like an Engineer MORE


RECOMMENDATION OF THE WEEK

Consumption vs. Creation
How much are you consuming things vs. making things? Think about Netflix, YouTube, other TV, and even books. All your inputs combined. How much time are you spending on that activity in a given month? Now compare that to how much time you spend doing anything creative. That's anything from writing articles, to journaling, to gardening, to making progress on a book. There aren't hard rules around this; just make sure you're not spending to much time "getting ready to create", or "training for creation" instead of actually doing it.


APHORISM OF THE WEEK

“Don’t wait for inspiration. It comes while working."

Henri Matisse

No related posts.

If you're not subscribed to the podcast version of the newsletter, please add it with your favorite client. APPLE | SPOTIFY | OTHER

SECURITY NEWS

The FBI is warning people to block online ads due to imposters poisoning search results. They advise users to 1) check ad URLs, 2) go to sites directly instead of via search, and 3) use an ad blocker. MORE

Sam Curry and friends have published a monster list of vulnerabilities across the automotive industry. Manufacturers affected include Ferrari, BMW, Rolls Royce, Porsche, and others. They were able to do things like remote unlock vehicles, precision-locate them, break into their internal infrastructure, do customer account takeovers, pull customer data, and much more. Seriously impressive work. MORE | SAM'S BLOG WRITEUP

There was a new Twitter dump making the rounds last week, but it appears to just be cleaned-up data from a previous scraping incident. It's the same person who released both version; they were previously charging for it, and now they're making it available for free. MORE

AWS is now encrypting new S3 buckets by default. MORE

Chick-fil-A is investigating "suspicious activity" regarding some customer accounts. MORE

Synology published patches for multiple critical vulnerabilities. MORE

Zoho is urging admins to patch ManageEngine immediately due to a critical bug that provides authenticated users access to the backend database. MORE

TECHNOLOGY NEWS

It looks like Apple will launch its long-awaited headset this year. Rumors are early, but it appears it'll have a digital crown (think Apple Watch) that lets you adjust the amount of AR vs. reality. Sounds cool, but I'm really worried about how cool this thing will have to be to overcome the downside of a giant piece of hardware on your head. Certain things are hard deal-breakers for adoption and coolness-factor, and giant stuff on your head is one of them.That being said, it seems like the first version might be a VR headset similar to the Oculus, with the everyday glasses-type device coming later. MORE | GRUBER | MACRUMORS 

Microsoft is about to take a major swipe at Google's search dominance by integrating ChatGPT into Bing. It'll be interesting to see how it goes because GPT isn't super great at looking up facts right now. Its current form is somehow much better at replacing WIkipedia than Google. I'd just be happy to see anything that makes Google sweat. Their only innovation in search in the last several years seems to have been adding more ads. MORE

Tech companies laid off over 150,000 people in 2022, which is more than in 2020 or 2021. MORE

Amazon increased its layoffs from 10,000 to 18,000. Like many other companies, they're blaming overeager hiring in previous years. MORE

Samsung's last quarter profits fell an estimated 70% vs. last year. MORE

OpenAI may be selling some shares to a private equity fund in a deal that places its overall worth at around $29 billion. MORE

Apple has launched AI-powered book narrations. Really cool, but I'm still unable to use the Books app due to the lack of audiobook bundle pricing that exists with Amazon. MORE

Researchers tested GPT 3.5 against the Bar Exam and said GPT-4 will likely be able to pass it. MORE

Shopify has canceled all recurring meetings of more than two people and has encouraged employees to abstain from all large chats. Can't wait to hear the results of this experiment. MORE


HUMAN NEWS

A Tesla with a man and his wife and two kids went 300 feet off the edge of the cliffs on Highway 1 in California, and everyone survived. The husband has now been arrested for attempted murder. MORE

The US is looking to ban non-compete agreements in labor contracts. The move would significantly increase mobility for employees and competition for talent. MORE

China is reopening its border with Hong Kong after three years of strict control. MORE

There's a new mostly-automated McDonald's in Fort Worth, Texas. It's the first in a pilot of new automated locations that can do much of the entire process without humans. MORE

NYC schools are banning GPT on school devices and networks to avoid student cheating. Of course they'll still be able to use it on their mobile devices, at home, etc. I think it says a whole lot that they haven't banned Google in the same way. Doesn't that kind of mean GPT is better for looking things up? MORE

The latest omicron subvariant is now responsible for around 40% of US cases. MORE

The US is coming after $460 million in FTX-related money at Robinhood. MORE


IDEAS & ANALYSIS

ChatGPT in Security: Who Wins in Red vs. Blue
Here's a fun question: who is going to be better at using ChatGPT and future models for cybersecurity attack and defense? Will it be the attackers or the defenders? My money is on the attackers for no reason other than them having higher numbers, more time, and more scrappiness. Most defenders are professionals, while many attackers are either state-sanctioned or offensive security is their only viable path to a decent income. I see that difference putting most of the creative advantage on the attacker's side, and that's just adding to the natural asymmetry of "attackers can fail constantly and just hope to get lucky once vs. defenders needing to be right all the time." Examples of AI-powered attacks will (and already are in some cases) include faster and better phishing campaigns, automated exploit code writing, automated reverse engineering, automated BEC and other social engineering, information warfare campaigns, etc. Other than elite researchers and state-sponsored good hackers, I expect the defenders to be overwhelmed by the volume and creativity of AI-augmented attacks from those on the attacker side. MORE


NOTES

I've updated my LinkedIn profile to reflect that I'm now full-time at Unsupervised Learning. What a great feeling! Incredibly stoked for the products I'm building and all the extra time I'm going to be putting into the show. It's not even mid-month and we've already put out two member posts! MORE

Went to see my bestie Jason last week and it was glorious just hanging out, talking shop, and planning for 2023. Got to see him interact a ton with his kids as well, and it turns out he's as good a father as he is a friend and hacker. It was wonderful to see. MORE 

I did a bunch of AI art this weekend and published the gallery and the prompts I used to a new member post. MORE | SAMPLE


DISCOVERY

📄 Cloud Pentesting — An evolutionary timeline of getting into cloud-based pentesting. BLOG | BY SETH ART

AT&T predicted the internet in an ad in 1993. MORE

Excess management is costing the US $3 trillion a year. MORE

Accomplishments of Small Teams MORE

How LinkedIn rebuilt its threat detection and response program under the theme of a Software Defined SOC. MORE  

Upcoming security conferences calendar. MORE

A calendar of security and privacy CFP deadlines. MORE

My Hacker Samurai art was particularly popular this weekend. MORE | MEMBER POST WITH TECHNIQUE AND PROMPTS

There's big drama in the D&D space, with a new license going after competitors and attempting to control creators. MORE

Using GPT to create intelligence reports. MORE


RECOMMENDATION OF THE WEEK

Do a quick check of your backup situation. What all data is essential to you and your family? Do you have both a cloud and local backup of all that data? Run through some potential negative scenarios and make sure your current solution wouldn't leave you without data that's important to you. I like to do this exercise every January.


APHORISM OF THE WEEK

"The holy grail of discipline is getting your dopamine from effort rather than reward."

Andrew Huberman (Paraphrased)

No related posts.

I’ve been seeing a superhack for creating AI art from a few places online and I wanted to describe the technique here, show how to do it, and share some of the art I’ve made using it.

.memberful-global-teaser-content p:last-child{ -webkit-mask-image: linear-gradient(180deg, #000 0%, transparent); mask-image: linear-gradient(180deg, #000 0%, transparent); } This is UL Member Content

Subscribe

Already a member? Login

This is member content. Thank you for being a subscriber.

.memberful-global-teaser-content p:last-child{ -webkit-mask-image: linear-gradient(180deg, #000 0%, transparent); mask-image: linear-gradient(180deg, #000 0%, transparent); } This is UL Member Content

Subscribe

Already a member? Login

New Content

💡FRONTVIEW MIRROR: 2023 EDITION 
💡MY PHILOSOPHY AND RECOMMENDATIONS ON THE LASTPASS BREACHES


SECURITY NEWS

In a bit of Deja Vu from LastPass, Okta has now revealed that attackers have stolen source code from its GitHub repositories. This comes after it was hit by Lapsus earlier in 2022. They said no customer data was accessed, but LastPass has us all waiting for other shoes to drop. MORE

Two people have been charged in a Ring camera swatting spree after hacking Yahoo! email accounts for access. They used the stolen credentials to gain access to the accounts and then made fake emergency calls to the victims' addresses so they could watch the responses through the hacked Ring cameras. MORE

A ransomware attack at a Louisiana hospital has impacted 270,000 patients. The attack happened in October of 2022 and resulted in the loss of names, addresses, DOBs, medical records, financial information, and more from the affected victims. MORE

Americans lost $10 billion to Indian call center scams in 2022. MORE

The owner of Madison Square garden programmed the MSG facial recognition systems to ban his enemies. Lawyers who were suing him got put on a special list that excluded them from attending events. MORE

Snyk raised another $197 million at a $7.4 billion valuation. MORE

Serbia put its troops on high alert over rising tensions with Kosovo. Kosovo broke away from Serbia during the war in 98'-99', and now Serbia is accusing Kosovo of planning terror attacks against Serbian areas in Kosovo. MORE

Ukraine is getting 10,000 more Starlink antennas to help with the war, and the funding issues have evidently been solved by multiple European countries pitching in to pay for them. MORE

 
TECHNOLOGY NEWS

Mastodon has gone from 300,000 users to over 2.5 million (in November). MORE

Around 50% of Ethereum-based NFT trading was "wash" trading, which is basically people buying their own NFTs to pump the price. Now do your surprised face. MORE

Hue has a new Natural Light scene that gives you the proper temperature of light based on the time of day. MORE

A study has found that the Apple Watch can accurately predict stress levels based on its health telemetry. MORE

Adobe has a new podcast audio cleanup tool that's unbelievably good. I don't see how one would use it in a regular workflow, but for one-off cleanups it's quite impressive. I hope it ends up in some sort of tool that can be part of a production chain. MORE


HUMAN NEWS

Croatia is now on the Euro and part of the passport-free Schengen zone, meaning if you have an EU passport, you can freely move to and from other member countries. MORE

There's a new blood test that detects signs of Alzheimer's years before signs of cognitive decline are detectable. It detected indicators in 10 people in the control group and follow-ups years later revealed that they all ended up with impairment. MORE

The New York Harbor used to be full of sewage, and due to environmental controls, it's full of life—including Bald Eagles, Humpback Whales, Osprey, Sturgeon, and many other animals. MORE


IDEAS & ANALYSIS

💡FrontView Mirror: 2023 Edition (Members)— My read on what's on the horizon for 2023 and beyond. READ 

💡My Philosophy and Recommendation on the LastPass Breaches READ

💡My Answer to the "GPT Isn't Really Creative" Argument READ


NOTES

A Massive 2023
2023 is going to be completely insane for me, and for UL, in the best possible ways. For those that are wondering, I'm essentially doing three main things: 1) consulting using a set of offerings that I've built over the last several years, 2) building a number of products and services—one is an Attack Surface Product, another is a Health application, and another two that I'm not ready to talk about yet, and 3) doing the newsletter/podcast. Basically, everything I learn while studying, consulting, and building products gets folded back into the show. The UL community itself isn't a project; it's my life. It's the center of everything. So it's ever-present and continuous regardless of whatever else I'm doing. Same with studying, reading, and writing. I'll also be doing some paid speaking on the topics of pursuing fulfillment, coming trends in society, continuous attack surface monitoring, and building security programs. And to be able to do all this, I'm going to be hiring some people to help delegate and scale things. It's nice to have goals to do 10 different things, but unless you can delegate, and keep things running simultaneously while you work on other things, you'll end up executing them poorly. Or not at all.

CLI Updates
I like to update my CLI universe every year or two, and over the last few weeks I watched like 15 hours of video on Neovim, Tmux, and just general CLI optimization. I ended up updating my iTerm setup, redoing my Neovim config completely—including a full migration to pure Lua-based configuration, as well as some updates to how I use Tmux (and how Neovim and Tmux work together). For anyone interested, here are my two primiary Vim config files. REPO | SCREENSHOT
 
Infectious Positivity
Overall I'm just super pumped for 23'. I have an energy and mindset like I've never had—like I'm removing heavy backpacks and realizing I can run. I can't wait to see what I can accomplish this year. I'm also imbued with a desire to help others get to a similar place. I've been like this all my life. When I experience something cool I try to get all my friends into it. Well, you all are my friends. So please forgive me if you feel me pushing you to do X or Y. I'm not always right, of course, and even when I am, what's good for me isn't always good for other people. So feel free to discard the incoming passion and enthusiasm as needed. Just know it's coming from a good place. 🙂


DISCOVERY

⚒️ uncover — Another phenomenal tool by Project Discovery that uses search engine APIs to discover vulnerable hosts. Includes integrations with Shadan, Censys, FOFA, Hunter, and many more.  TOOL | BY PROJECT DISCOVERY

⚒️ clif — A command-line interface for application fuzzing. Basically like ffuf for local apps. TOOL | BY 0X4NDY | DEMO

Sam Harris' comments on Elon and Free Speech. Crystal clear, as usual. MORE

Robert Reich on how corporate America is consolidating. MORE

Laid-off tech workers seem to be finding jobs quickly. MORE


RECOMMENDATION OF THE WEEK

1. Buy a domain and start a blog. Not just a blog, but a website. A digital presence.
2. If you already have one, make sure it's on your own domain, and get everything you do digitally to emanate from your own site.
3. Commit to writing more. You don't have to take selfies with your food and become an "influencer". Just be yourself, in public, to whatever degree makes you comfortable.

Those are my tangible recommendations, and if you want my reasons, I've captured them here.

This is the year people need to break their reliance on companies for their identity. You are not an employee; you're a human. And I want to hear from you.


APHORISM OF THE WEEK

"Do whatever you feel most lazy about."

Unknown

No related posts.

There’s a river of argument about ChatGPT that goes something like this:

I know GPT can do some cool stuff, but it’s really just a next-word-completion trick. It’s not doing real creativity like humans do.

I get that argument, and it’s attractive to me as well, but I think it’s flawed. Here’s why.

Human brains are just as much of a black box as GPT.

Moment to moment, people have no idea what their brain is doing. Thoughts just pop into our heads continuously. If you’re an “uncreative” person those thoughts are things like,

Crap, I need to get carrots from the grocery store.

And if you’re “creative” the thoughts are like,

Wow, I just had an idea for a cool beat.

…or,

I just had some clarity on this character I’m working on for this novel…

But where did that creativity come from? With your brain it came from a soup of genetics and environment, mixed together with time, to create your own personal version of GPT that runs continuously.

Do you have control over what you find attractive? If you prefer tall men with dark hair, are you in control or is your brain in control? You don’t decide who you’re attracted to. You don’t decide your personality. You don’t decide your preferences.

And you don’t decide your creativity either. It comes, or it doesn’t. And you don’t know its contents. You have no idea what sort of ideas it’s about to produce for you. You’re often as surprised as anyone.

So how is that different from GPT? A couple weeks ago I was trying to convince a friend that GPT was doing true creativity, and I came up with a challenge to prove my point.

Write a Bob Dylan song about the love between Luke and Leia.

Here’s what it produced in the time it takes a human to dry their hands after washing.

GPT writing a Dylan love song about Luke’s love for Leia

Notice I didn’t say anything about “forbidden” love. Or even their last names. It just knew what I was talking about. And it used the general structure of a lot of Dylan songs to do it.

In seconds.

Look at this:

The UL Newsletter: Finding the Patterns in the Noise…Get a weekly analysis of what's happening in security and tech—and why it matters.

Even though they were siblings by blood,
Their love was pure and true,
They stood by each other through thick and thin,
Their love would always come shining through.

I think the lyrics were a bit too direct and shallow to perfectly capture Dylan, for the record.

Siblings by blood? I didn’t even mention that in the prompt! In order to do this, GPT had to know about forbidden love, incest, and Star Wars—all at the same time. Plus a song structure for Bob Dylan.

That’s creativity by any measure I can imagine.

And that brings us to the point I think needs to be made. Or the question that needs to be asked.

Is creativity a human process of struggle and waiting for inspiration from our black box of a human brain, or is it creative output?

If you define creativity as a human thing based on human experience, that’s fine. But then you’re playing the same game we’ve been playing with AI. It’s not “real” AI if a machine can do it, right?

Beating Kasparov at chess? Bah! That’s just Chess. But they forget that Chess was also in the human-only category a day before it happened. So the bar keeps raising the more that AI does.

Too many people define AI in terms that constantly move and can never be achieved.

It’s the same with creativity. The only way to make it a purely human thing is to define it so narrowly as being created by humans alone using only their own faculties. If you define it as the ability to produce creative output, by any other standard, then GPT is producing “real” creativity.

Feel free to disagree, but anything that can write a love song in less than 10 seconds is a creative marvel. And anything that can write a love song that includes the forbidden concept of incest, based on two fictional first names alone, using the style of an actual songwriter, and do it 10 seconds, is a goddamn creative miracle.

If you follow Information Security at all you are surely aware of the LastPass breach situation. It started back in August of 2022 as a fairly common breach notification on a blog, but it, unfortunately, turned into more of a blog series.

The initial blog was on August 25th, saying there was a breach, but it wasn’t so bad because they had no access to customer data or password vaults:

Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.

Then on September 15th they announced what they thought was the conclusion to the investigation, celebrating the attackers not getting much:

Although the threat actor was able to access the Development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults.

Then on November 30th they then updated the same blog saying they actually did get some customer data, but no password vaults:

We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information…(snip)…We are working diligently to understand the scope of the incident and identify what specific information has been accessed.

And finally, in the latest update, they reveal that they did actually get the password vaults:

The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data. These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture.

So basically:

Minor incident, but no customer data or vaults were lostActually, some data was lostActually, both data and vaults were lost

It’s especially troubling because the attackers got the sites that are in each vault, meaning they can go on HaveIBeenPwned and see if there are any leaked passwords there and then try those passwords to guess the master password.

The UL Newsletter: Finding the Patterns in the Noise…Get a weekly analysis of what's happening in security and tech—and why it matters. My thoughts on the situation

Anyway, it’s pretty bad, and people have been asking me my thoughts on the situation. And specifically, asking me whether I used LastPass or any other password manager.

The answer is no. I don’t use third-party password managers for precisely this reason, and here’s my logic.

Nobody is better at protecting passwords than the three primary providers: Google, Apple, and Microsoft. I would trust any of those three more than any third-party company to protect my passwords. Why?They have the most to lose from their security being bad, so they tend to invest heavily in itThey have full researcher and threat intel teams to support their product security teamsIf their auth mechanisms were to get compromised it would likely be very loud, meaning it would be hard to keep a secret for longAny damage that was done would be handled fairly well, and the response would be quickI believe auth/password handling belongs with your OS, not with third-party apps. That’s the natural place for core functionality, which I wrote about in 2017.

This is why I will always use integrated (OS-level) password managers over third-party options. Again:

They’re better fundedThey have extensive security teamsThey basically have unlimited funds to spend on doing auth/passwords rightIt would be hard to keep a compromise a secretThe response from the vendor is likely to be solidThe natural home for your auth/OS security is your OS, not third-party apps

This doesn’t mean 1Password or LastPass are bad. They seem to be solid products, the present troubles being ignored. The points above would still apply for me if none of these companies had ever had an incident.

One final point is that I prefer to trust the least number of actors. We already trust our OS so much, and I feel like giving passwords to a second (much less a third) party ends up doubling my attack surface. I’d rather have that single point of failure with a high-security and loud-if-compromised entity than spread it around.

Anyway, I hope this helps you see my thinking around this that I’ve held for over a decade now. I personally believe this is better for most people, but not all threat models are the same and there could be some situations where it’s better to divide things up.

But if I’ve made you at least consider using built-in password management with one of the big-3 then this exercise has been successful.

Cheers.

NotesI have friends on LastPass and other password manager company security teams, and I know them to be great engineers and great security teams. But to me the points above stand regardless of the security-level at the third-parties.

SECURITY NEWS

Google released an open-source scanner for vulnerabilities in project dependencies. It's a front-end to the OSV database that links a dependency list to its vulnerabilities. MORE

The latest updates for Apple software fixed a new zero-day that could be used to hack iPhones. Discovered by a Google TAG researcher, Clément Lecigne, the flaw was a type confusion flaw with Webkit. MORE

NSA says Chinese hackers are actively exploiting the new Citrix zero-day. MORE

Github has enabled secret scanning on all public repositories. MORE

NIST is telling everyone to move off of SHA-1 by 2030. MORE

NSA's cyber director says Russia is attacking the global energy sector. MORE

FBI has seized domains for 48 DDOS-for-hire services. MORE

Marco Rubio is pushing a TikTok ban in Congress. MORE

The IRS leaked the data for 112K taxpayers, again. MORE

Samba has released patches for multiple high-severity issues. MORE
 

TECHNOLOGY NEWS

China has banned AI-generated content that doesn't have a watermark. MORE

TikTok is adding landscape videos, which will make it even more of a problem for YouTube and other competitors. MORE

Twitter is shutting down its newsletter platform, Revue, as part of its streamlining and lighting things on fire. MORE

Twitter spent the week in absolute turmoil. It's hard to even capture all the things that happened. It's like 18 months of corporate drama in the span of 7 days. First they (he) banned a bunch of journalists. Then let them back in, saying the bans were temporary. But after banning mentions of many competitor networks, such as Mastodon, Instagram, etc., it appears that the journalists could have been targeted for being critical of Musk. Then to cap it off, Musk ran a poll asking if he should step down as CEO, and the internet said yes. I think this man needs 1) sleep, and 2) an adult to take control before he completely destroys the $44 billion dollar platform he just purchased. MORE


HUMAN NEWS

A large number of Gen Z workers evidently experience "tech shame" from not being comfortable with new technologies. MORE

San Francisco has the emptiest downtown in America. MORE

The US copyright office has ruled that AI art cannot be copywrited. MORE


IDEAS & ANALYSIS

AI and Smart Locks
The AI thing reminds me of smart locks. People say smart locks aren't good enough because you can hack them, forgetting that regular locks are trivially bypassed. AI fails a lot, but so do humans. The threshold isn't failure—it's being good enough in enough situations. TWEET

Your Domain is Your Digital Home
Twitter might turn out to be another example of why you should build your personal digital presence off your domain, not a platform. A lot of people have spent tens of thousands of hours getting popular on Twitter. And it can just go away, like Medium or Blogspot. You need to ask yourself: what would happen if platform X went way? If the answer is that you’d be screwed, find ways to make that not true. TWEET

AI Will Have a K-Shaped Impact
I like the concept of "K-shaped" for explaining things. K-shaped economic recoveries, for example, are recoveries where the bottom part of the population suffers or declines, while the top part thrives. This is the answer to the competing narratives about AI. Some say it'll remove millions of jobs and people are super-screwed. Others say it'll augment the creative and help them create even more businesses, and be even more effective in the businesses they have. Yes and yes. Both are true, and neither negates the other. The only question is, "what percentage of people will get left behind by the tech, and what percentage will use it to thrive?" That's the part nobody knows. It's hard to say because 1) we don't know how good the tech will get, and how fast, and 2) we also don't know how well people and society will adapt to finding other work for replaced employees. I'd say that's the part that's guaranteed. Millions, and possibly even billions, will enter what Harari calls the "useless" class, which sounds very judgemental but really just means they won't be able to provide something to the market that an AI or robot can't do better. To the market, not to other humans like family and friends. But not being able to provide something to the market really matters. It's been the source of pride and respect for humans basically forever. This K-shape is something we need to be thinking a lot about. In short, how are we going to help the people on the lower part of the K who can't use AI to thrive?

No, ChatGPT Isn't Just a Stupid Next-Word Completion Machine
As one would expect, there are many people on the internet saying ChatGPT is all—or at least mostly—hype. The argument is that GPT is just a transformer model that haphazardly writes the next word in a sequence, so it's not actually intelligent. This misses the point entirely. Yes, it's technically true that the mechanism used is writing the next word in a sequence, but this completely misses the most impressive advance in the field. Because of the size and quality of the model that ChatGPT uses, it effectively understands what it's completing. Here's an example: "Write a love song from Luke to Leia in the voice of Dylan." And here's the result. Doing this requires that the AI understand 1) forbidden love, 2) that it's forbidden to love your sister that way, 3) that Luke and Leia were from Star Wars (which I never mentioned), 4) the songwriting style of Bob Dylan, and 5) how songs are formed using various pieces to make a whole. So, sure, you can call that "just completing the next word", but you can also say love is "just a bunch of chemicals and hormones". Or that watching a sunrise with your one true love is just "a morning observation of a star appearing over the western horizon". Call it what you want, but anything that can write a Dylan song about Luke's incestuous love for Leia—in 3 seconds—is a goddamn miracle. 


NOTES

I'm extremely pissed at Elon, but I also see that he's struggling, not sleeping, and generally making an ass of himself. Kind of reminds me of Kanye. It doesn't remove my anger at what they've said or done, but it layers it with some degree of compassion for a flailing human. Still thinking through it.

Wonderful book club yesterday. We talked about the book RAM, and had a wonderful member guide us through its teachings through the lens of Indian mythology. That then led to lots of discussion about morality across different cultures. We finished by picking next month's book, which is going to be fantastic!

There won't be a newsletter/podcast next week. It's family and chill time for most people. I hope you have a wonderful holiday break!


DISCOVERY

⚒️ apk.sh — A Bash script that makes it easier to reverse engineer Android applications. It automates the common tasks of pulling, decoding, rebuilding, and patching an APK. PROJECT  | BY AX

🤖 Artificial Intelligence

How to Detect AI-generated Text MORE
  Perplexity.ai — Get a summary of anything. MORE
  6 Types of Businesses that will be disrupted by ChatGPT-like technologies. MORE

The more metrics you track, the less you know. MORE

Binance is F*cked MORE

The 2022 Adversary Infrastructure Report MORE

Substack appears to be using tons of code from Ghost. MORE

A Dashboard that shows Covid and MPXV in wastewater in multiple locations. MORE

The Scourge of Job Title Inflation MORE


RECOMMENDATION OF THE WEEK

 

Take inventory of the platforms you use for your digital identity and "brand" Realize that all of them can go away, with Twitter as a case in point about volatility Make sure your core content is all primarily at your domain, with all other platforms being syndication channels Assume all channels are temporary, and always use your domain as home base

APHORISM OF THE WEEK

"Everything has been said before, but since nobody listens we have to keep going back and beginning all over again."

Andre Gide

No related posts.