Daniel Miessler's Blog, page 28

I’ve been thinking for a couple of weeks about making and hanging some AI art in my house.

But I immediately faced some internal resistance. Like, I wasn’t (and still am not) sure whether this is the right way to “do” art.

And that got me thinking what that really means. What does it mean to do art properly—in terms of art to hang on your wall? I was talking to my friend Joseph Thacker about this (who has a solid AI art game himself by the way), and he seems to agree with my intuitions that this is absolutely ok to do.

But I still wanted to break it down. So here’s why I value and enjoy art:

It makes me feel some kind of way when I take it inIt’s a type of communication that can’t be said any other wayIt reveals something interesting about the humanity of the artist

I feel like combining the last two of these you get the best art. But of course the piece could hit the receiver different than it felt for the artist.

Anyway, #1 still matters to me. I don’t think it’s trashy to “just like” something. Or said another way, I don’t care if it is. Art ultimately should be enjoyed, and if that’s a way to enjoy it, then so be it. I refuse to castigate myself in the voice of someone else.

So yeah, I’m thinking about creating some major art themes and spending a lot of time working on these pieces. Which in this world means a lot of time working on prompts with a few different engines.

I am going to do this, make a few pieces, and get them printed on metal prints from fineartamerica.

What about you? Does your brain instantly rebel against this idea? And if so, do you think there’s a justifiable reason? Or are you letting society tell you what to like? If you have a real reason this isn’t real art I’m willing to be that kind of enthusiast. But it’d have to be a real reason, not one based on gatekeeping or peer pressure.

Let me know what you think.

SECURITY NEWS

South Korean authorities are warning that North Koreans are disguising themselves and getting jobs in South Korea. The saddest part is that it appears to be just another income generation scheme, meaning they use the salaries to fund the North Korean nuclear program. MORE

Security researchers earned $989,750 for 63 zero-days at Toronto's Pwn2Own event. 26 teams participated and nobody signed up to hack the iPhone 13 or Pixel 6. MORE

Samsung's Android app-signing key has leaked, and it's being used to sign malware. MORE

Apple just released a ton of new security features, including encrypted iCloud backups, abandonment of the CSAM protection idea, and Contact Key Verification, which allows you to validate the identity of someone before sending them something sensitive. MORE

CISA and FBI are warning about the Cuba ransomware campaign in a joint cybersecurity advisory. The malware is Windows-based and written in C++, and has nothing to do with Cuba. MORE

Rackspace has confirmed that the issue that affected their hosted Exchange service starting on December 2nd was in fact ransomware. The investigation continues. MORE  

The Israeli's have done it again with air-gapped data extraction, this time detecting the radiation coming off the power supply at a distance of around 2 meters. Of course it requires that you have the malware on the system first, but still. MORE 

TECHNOLOGY NEWS

Google has implemented continuous scrolling on desktop search. So no more clicking to the next page; just scroll down. MORE

Chrome now has support for Passkeys, which is basically a 2-factor token built into your computer. WebAuthN and Passkeys are some of the best security tech to come out in decades, in my opinion. They're the opposite of cookie popups. MORE

AI-powered writing startups are doing really well. Makes sense. Writing is something that 1) helps people succeed, and 2) people need help with. So it's a perfect place for AI startups. MORE

Twitter Blue is relaunching with actual verification this time. Meaning they're going to take some measures to ensure you're a real person, which is nice. Also, it'll cost more if you're on iOS because of Apple's App Store tax. MORE

Google has combined the Waze team with the Maps team. So, they might be doomed, basically. MORE

iOS 16 has seen extraordinary adoption, hitting an almost 70% install percentage after just three months. iOS 15 only had around 25% at this point. Meanwhile, Android 12 is still at 13% after over a year, and even version 11 is still only at around 27% (from August). MORE


HUMAN NEWS

☀️ US government scientists have produced a net energy gain using nuclear fusion for the first time. Humans have been trying this since 1950. That's 77 years. The breakthrough came out of the Lawrence Livermore Laboratory in California. They'll announce more about the milestone this week. MORE

A new meta-analysis of gene heritability has shown that most traits are in fact heritable, including things that lead to outcomes like education and weight. As a smartish non-expert, I'm guessing this study is going to have major implications for the nature/nurture debate. MORE

A remarkable new cancer therapy was used to cure a girl's incurable cancer. It used base-pair editing, which is editing the genetic code of t-cells. "They started with healthy T-cells that came from a donor and set about modifying them. The first base edit disabled the T-cells targeting mechanism so they would not assault Alyssa's body The second removed a chemical marking, called CD7, which is on all T-cells. The third edit was an invisibility cloak that prevented the cells being killed by a chemotherapy drug." Wonderful. MORE

Japan has a famously-low birth rate (1.5) but much of Asia has caught up with or surpassed it. Singapore, Taiwan, and Hong Kong all have the same or worse rates, and South Korea ranged between just 0.8 and 1.1. Some analysis points to the super-high cost of housing in these countries as a cause. MORE

Japanese Manga is becoming the new Facebook, a bit stale and with an older user-base (around 30). So what's TikTok? Korean Webtoons. They're more digitally native and are easier to consume. MORE
 

IDEAS & ANALYSIS

💡 GPT and Search — Why it's going to take some significant changes to GPT to be able to challenge Google. ARTICLE

GPT as Ever-present General Helper
ChatGPT is already turning into its eventual form, which is becoming The Oracle. It just sits there waiting to answer questions like: "What's the best way to say this?" "How would you rank these risks?" "Does this look malicious to you?" "Summarize this for me." Life-changing. TWEET


NOTES

It occurred to me while writing this week's newsletter that if I did nothing but the Discovery section it'd still be a pretty great weekly update. Like, I'd pay $100/year for just the exposure to the links. That's the key I think. Make stuff that you'd pay for yourself, and just hope/assume there are other people out there like you.

I deepfaked my own voice for video transcription/editing, and it's both super cool and alarming at the same time. Sounds pretty damn good actually, and this was only like 20 minutes of training material. LISTEN


DISCOVERY

⚒️ Nosey Parker — A Rust-based secret discovery tool for finding secrets in text. Supports files, directories, and Git, including history. PROJECT  | BY PRAETORIAN

📘 Awesome macOS Command Line — A powerful and comprehensive list of things you can do from the macOS command line. PROJECT | BY MARCEL BISCHOFF

🤖 ChatGPT (yeah, it gets its own section for the time being…)

Awesome ChatGPT Prompts: Some of my favorites: interview someone for $position, act like Excel, be a travel guide, act like a character from a book/movie, act like a motivational coach, write a screenplay, be a relationship coach, act like a cybersecurity specialist (lol), act like an etymologist, be a career counselor—these are great!  MORE | by FATIH KADIR AKIN
  Using ChatGPT to Generate Phishing Campaigns MORE | by RICK OSGOOD
  Generative AI will be amazing for small marketing teams. MORE
  How Threat Modeling and Detection Will Change in the Age of LLMs MORE
  The GPT Architecture, on a Napkin MORE

Piss-weak Parenting MORE

Writing is Magic MORE

Tracking Meaningful Security Product Metrics MORE | by LEIF DREIZLER

Nightcap Guru — A web app that uses GPT to interpret your dreams. MORE

Is America Stealing TSMC? MORE

Rami Mcarthy writes at the excellent TL;DRSec about what it takes to be a Staff Security Engineer. MORE

A list of the most interesting AWS ReInvent Announcements MORE

Everyone is Sick Right Now MORE

5 Tips for a Better Slack Experience MORE

🔥 Keep Your Identity Small MORE

You should write more. MORE

Be Wary of Imitating High-status People Who Can Afford to Countersignal MORE

A photographer captured a fire photo of Mars coming up behind the moon. MORE


RECOMMENDATION OF THE WEEK

If you're feeling a lot of negativity from the AI stuff, keep this in mind: there is also about to be an extraordinary unleashing of human creativity as a result of this AI. And there is no guarantee that the negatives will outweigh the positives. There are guaranteed to be many negatives. And many, many positives as well. But this is the ride we humans are on. Happened with the printing press. Happened with the internet. Happened with iPhones and social media. Will will adapt. Just prepare yourself and your loved ones as best you can, and try not to stress. Remember: anxiety in its positive form is excitement. Be excited.


APHORISM OF THE WEEK

"Discontent is the first step in the progress of a person or nation."

Oscar Wilde

No related posts.

There’s a lot of talk about how GPT is going to take over search. Meaning, compete with or take down Google.

I get the excitement there, but there are some pretty serious barriers to having this happen immediately. First, GPT is non-deterministic, meaning you can ask it the same thing twice and get completely different results. In fact you’re likely to.

Next, I think the whole idea confuses what GPT and search are good at. Search looks up facts. It’s pulling from a database. While the “G” in GPT stands for generative. Meaning, it’s making things up. It’s often very correct when it does so, which is why we’re so impressed. But it’s also often wrong in truly comedic ways.

Imagine a young Jedi asking Yoda how many moons exist in the Dagobah system. He’d like answer something like:

Feeble my mind is for such things. Wisdom is that for which I focus. If need this data you do, go to a goddamn archive and look it up yourself.

So I think GPT could be amazing, with some likely soon-to-arrive tweaks, for answering basic and mostly static facts. Like, what’s the best advice for someone in an abusive relationship? Or what are some great ideas for traveling in the US? Those change, but not very often, and the insight you get from GPT is Yoda level rather than just a database lookup.

But if you’re asking what the best article is on learning Vim, that requires that you’ve looked at all of them and done some sort of ranking. That’s not GPT’s thing.

So I’d be a bit skeptical of the claims around GPT killing Google any time soon. Maybe at some point in the near future, if they incorporate a lot more database lookup functionality and combine that with results stability. But until then it’s going to be a lot more Yoda and and a lot less Einstien. 

Click for printable size.

Here’s a quick list of things we can do to get ready for AI’s ascendance. You can click it to get the full size to print out.

.memberful-global-teaser-content p:last-child{ -webkit-mask-image: linear-gradient(180deg, #000 0%, transparent); mask-image: linear-gradient(180deg, #000 0%, transparent); } This is UL Member Content

Subscribe

Already a member? Login

SECURITY NEWS

Security researchers found that Chinese electronics company Eufy (part of Anker) has major vulnerabilities in its security cameras. The issues include uploading data to the cloud when they said they weren't, and the existence of a URL endpoint that allows an attacker to stream live video without encryption. MORE

Attackers are hitting a Redis vulnerability and deploying a new piece of malware called Redigo. Make sure you don't have unnecessary/unsecured Redis (port 6379) listening on the internet. MORE

Two power substations were damaged by gunfire in North Carolina on Sunday. The damage caused power outages for tens of thousands and will take days to repair. MORE

TikTok's CEO said in a recent interview about US TikTok data, “no foreign government has asked us for user data before, and if they did we would say no.” Appreciate that, but there's not a foreign government we're more worried about than yours. MORE

South Dakota has banned TikTok on state-owned devices. MORE

Rackspace had a security incident that took out their hosted Exchange services. They're still investigating. MORE

LastPass can't catch a break and has reported a third update to their original breach back in August. This time they're saying that some customer data was accessed, but not any passwords because passwords aren't accessible to them either. Stay strong, security team; this has to have been a rough 5 months. MORE

Vulnerabilities:

Nvidia has patched 29 GPU driver bugs that can lead to code execution and system takeover. MORE CISA warns of multiple critical issues affecting Mitsubishi Electric PLCs. MORE

 

TECHNOLOGY NEWS

Apple appears to be GTFO'ing out of China as quickly as possible. They'll be using chips from TSMC's new Arizona plant when it goes live, and Ming-chi Kuo thinks they'll eventually move 40-45% of iPhone production to India. MORE

Disney has a new AI tool that can age or de-age actors in video in just a few seconds. Completely insane. MORE | VIDEO

Creators can now earn money through Discord. They've expanded their server subscription program allowing creators to charge for premium access and perks. MORE

Tesla has delivered its first production Semi, and it successfully completed a 500-mile delivery. It was a delivery to Pepsi, who has ordered 100 of them. The 500-mile version will cost $180,000. MORE

Amazon layoffs might be as high as 20,000 now, including senior managers. MORE


HUMAN NEWS

New York City's mayor, Eric Adams, has directed agencies to remove the severely mentally ill from the streets if they are deemed unable to take care of themselves. They're being taken to and cared for in hospitals, which is what we used to do before the hospitals were shut down. This is nice, but we need a sustainable and scalable solution as well. MORE

A new study contradicts the common-held belief that you become more likable in two-person conversations if you speak less. They showed that people were more likable the more they spoke. MORE

A study looked at multiple factors to determine predictors of political tolerance and found the strongest predictor was cognitive ability. MORE
 

IDEAS & ANALYSIS

💡 Napkin Ideas Around What to Expect Post-ChatGPT — I collected a bunch of my thoughts on the impact ChatGPT is going to have on business and society. ARTICLE

NOTES

I’ve spent a silly amount of time playing with AI over the last couple of weeks, and have been impressed with what the internet has done with ChatGPT. Check out the Discovery section to see some of my favorite examples.

We just came up with something called the UL Boost Protocol, which is a way for UL members to promote member content outside the community in a coordinated fashion. Thanks to Bryan for the logo and emoji! MORE

I have my KOMPLETE keyboard set up. It’s time to make some music finally. Although I think my first creation will be a multi-note bass tone for a new UL YouTube bumper.

DISCOVERY

⚒️ ThreatMapper — Deepfence ThreatMapper looks for threats in your production platforms and ranks those threats based on risk of exploit. It looks for vulnerable software, exposed secrets, and misconfigurations. It also maps those threats visually to show how they can be exploited. TOOL | by DEEPFENCE

⚒️ pup — Process HTML at the command line. Reads from stdin, prints to stdout, and allows you to filter by CSS. Example: cat index.html | pup ‘title’ TOOL | by ERIC CHIANG

⚒️ teler — A tool that reads your log files and tells you about attacks in real time. Super slick and easy to set up, but doesn’t have the community sharing and blocking capabilities that CrowdSec has, which (full disclosure) is why I’m looking to work with them. I love that this fail2ban/bro/snort space is heating up after seeming to be dead for so long! TOOL |  by KITABISA

🔥 A Project Discovery SQL Injection Chain — Use a combination of subfinder, httpx, katana, GF, and sqlmapse se to run SQL Injection testing at scale. COMMAND | BY SERGIO MEDEIROS

🎙️ A Conversation with Erkang Zheng of JupiterOne (Sponsored) — I had a great conversation with Erkang, the CEO of JupiterOne, about what mistakes we keep making in Vulnerability Management. We’re kindred spirits on the point of asset management being the center of the universe. Not just for VM, but for security in general. Highly recommended listen! THE CONVERSATION

🧱 OWASP Top 10 CI/CD Risks — This document helps defenders identify focus areas for securing their CI/CD ecosystem. It is the result of extensive research into attack vectors associated with CI/CD, and the analysis of high-profile breaches and security flaws. PROJECT 

🤖 ChatGPT Insanity:Imagine You’re a Database Server MOREImagine You’re a Linux Server MORE Be My Writing Coach MORE Talk to Me as My Younger Self MORETake an SAT MORECreate a Set of Fantasy Creatures MOREDescribe How You’d Destroy Humanity MOREThe best managers are the best ICs that never wanted to be managers. MORE

The BlackHat USA 2022 Conference Recordings MORE 

The UL Newsletter: Finding the Patterns in the Noise…Get a weekly analysis of what's happening in security and tech—and why it matters.

You can measure someone’s height instantly using recent iPhones’ LIDAR scanner. You just open the Measure app, point it at someone’s full height, and it’ll show you a line with their height on it. MORE

You can instantly extract people and things from their background in macOS Ventura. Open Photos, go to an image with someone in it, right-click, and select Copy Subject. You now have that person in your clipboard without the background. MORE

Capsaicin is a psychoactive substance. By the way, it’s pronounced CAP say sn, which I just looked up. MORE 

You can get to your cough nerfed version of Apple’s Spotify Wrapped by going to replay.music.apple.com. You then click around several times. It’s awesome. Results are decent though, once you get in. But not nearly as good as the Spotify version, and that’s coming from an Apple Acolyte. MORE

ProjectDiscovery just released version 9.3 of their Nuclei Templates, with 73 new templates! MORE

Security, Funded — A newsletter about the financing activity around the InfoSec industry. Mike Privette just hit 1,000 subscribers with this newsletter and that’s pretty rad. Check it out if you haven’t seen it yet. THE NEWSLETTER

Google has a company strategy, not a product strategy. Basically, they are looking for someone to make the next GMail, so they just hire tons of smart people and have them throw stuff at the wall as their way to search for it. MORE

TikTok is obsessing over the camera on the iPhone 3GS. MORE

RECOMMENDATION OF THE WEEK

You already know what I’m going to say, don’t you? AI. AI this. AI that. “Daniel, why do you keep talking about AI?” Because stuff like ChatGPT, that’s why. This train isn’t coming—it’s here. And here’s how to get ready. Start thinking a lot about what core human needs people have regarding Security and Status. In other words, what makes them more safe and more desirable? Those are the safest and most guaranteed plays for any business, but they’re also the ripest opportunities for quick disruption using new AI. Come up with the ideas. Learn how to implement them using the OpenAI, Google, and Meta tools. Become versed in the APIs. Become a guru at writing prompts. Focus a lot on what people should be asking, not what they are asking. There’s no way to prepare for what’s coming, but this is the next best thing. Prepare the young people you know. They need this more than anyone. Broad education. Critical thinking skills. A focus on the questions rather than the answers. And the coding and data skills required to use all these AI tools that are coming.

APHORISM OF THE WEEK

“It is not so much our friends` help that helps us, as the confidence of their help.”

Democritus

No related posts.

This is a member-only post. Thank you for being part of this.

.memberful-global-teaser-content p:last-child{ -webkit-mask-image: linear-gradient(180deg, #000 0%, transparent); mask-image: linear-gradient(180deg, #000 0%, transparent); } This is UL Member Content

Subscribe

Already a member? Login

Knowledge Work Replacement Magnifying Talent Gaps Solopreneuer Power-upsAI Specialist DemandIdea People Become DominantRandom Thoughts

If you’re reading this you already know the internet is on fire over the new GPTChatBot from OpenAI. There are people using it to create full virtual machines, write exploit code, write terraform, generate Pokemon-like characters, and a thousand other things.

Hat tips to @sasazdelar, @jhaddix, and @clintgibler for some of these conversations.

I’ve had lots of conversations with friends about, “oh, that means this will be possible!”, or “oh, think about this that might happen!”, so I wanted to capture a few things we’ve come up with here. Please note that some of these are horribly negative in terms of impact to society, and others are possible ways to harvest positivity out of the situation.

There are about to be a ton of new startups—as well as established consulting companies like McKinsey and KPMG and the like—that will build frameworks that leverage GPT (and its competitors) to replace human work. I feel bad about this, but like I mentioned in my Companies as Alaskan Fishing Boats article, businesses aren’t there to employ people. They’re there to get work done.

I’m sure KPMG would love to let its AI take your “boring” work off your hands.

I also had it recreate a customer report it took me personally 2 hours to create. It nailed it in 10 seconds.

Feeling bad about it, I decided to point the weapon at myself. I had it emulate the dozens of hours of work I do every week for my own newsletter. With some very simple prompting and some good examples it produced a decent facimile of what I do.

Well, shit.

It created these analysis headlines in 10 seconds

And soon the Bobs will be largely replaced by AI as well.

These companies will walk into businesses like Bob2 and figure out who is doing what, how long it takes them, and figure out how to use their new AI Framework to eliminate the need for human workers. Of course it’ll be called optimization or enhancement or some shit, but we all know what it is.

Looking at what the chatbot can do, we expect the biggest disruption in (obviously) repeatable work. But most work we do is repetitive. Some likely high-impact areas:

Reviewing updates and looking for interesting nuggets or patterns

🤖 For all messages in this Slack channel, extract the most important updates and send them to company leaders in a report with the following sections and tables, including a prioritized list of recommended actions given our stated company goals and current OKRs.

Conducting muti-step follow-ups to analysis

Also, for security issues do the same for re-opening tickets when the fixed condition goes away.

🤖 For all open Jira tickets look in the history for evidence of what completed would look like, check for that condition, and close the ticket using that evidence as the reason.

Continuous monitoring for security or operational purposes

🤖 For all PR’s, evaluate the code submitted for coding errors that can place data at risk. Create and deliver a message to the developer that gives them the problem, it’s location in the code, the implications of doing it that way, and give 1-3 recommendations on doing it better. If there is a company-recommended way of doing it, give that as the singular recommendation.

🤖 Find all instances of sensitive data or tokens being posted in chat and email the poster and their manager pointing them to the company policy and the link to documentation on how to do it securely.

🤖 Using the AWS API below, monitor the authentication configuration for all admins on these accounts. Alert if any of those accounts ever have too much authority or have an authentication level below our company standard.

I think anyone not using GPTBot-like tech to do these tasks in the next few months will be on the path to being replaced by those who are. I don’t imagine this will result in some massive layoff. It’ll be more like a steady trend towards non-replacement as people naturally leave companies. Which will still result in companies needing far fewer people.

Now I can draw better because I’m better at prompt engineering

And keep in mind this is Day 0 for this tech. Like a few days ago this thing was making pretty pictures.

You know how there’s a wide gap in income and status between the most talented and competent people and those who are less so? Well now imagine those super smart people armed—yes, armed—with AI. For them, AI will be like multiplying their brains and having them work continuously. Or like hiring a giant staff just for them.

This will magnify even further because the best AI will be the most expensive.

So now the lucky people who picked great parents, great genes, a great environment, and great education won’t just have the best opportunities and jobs. Now they’ll have the talent and funds to pay for the best AIs as well. So the best engineers will be better engineers. The best entrepreurs will have more ideas and move faster to market. And those competing in the same space will win largely based on how well they can leverage AI.

Maybe it’s not all bad news. One thing I can see is it getting a whole lot easier to be a business by yourself, or with just 1-5 employees. People with ideas will be able to jump in and use AI for a lot of sales, marketing, and even customer support.

The UL Newsletter: Finding the Patterns in the Noise…Get a weekly analysis of what's happening in security and tech—and why it matters.

This would be greatly helped by governments reducing friction on starting and running small businesses.

The employees people do hire will be dynamic generalists who are also good with data and—you guessed it—using AI frameworks. So you’ll buy Salesforce Small Business, or whatever, which will really be a ton of stitched-together AI API calls on the backend, and your employee will connect all the pieces, do the installs, set all the preferences, connect your data, etc. And then do periodic maintanenc and tweaking as the needs of the business change.

If you pick your first couple of employees well, it could easily be the equivalent of having 10-20 people. Of course your competition will be doing the same, so you do have the arms race problem.

A natural question for many reading this will be,

Um, ok, but what the hell should I be re-training into? What should I be telling my kids to learn?

I feel like there are two ways to go here: 1) general, or 2) hyper-specialized. My bet is on general with strong skills in data, basic coding for requesting and manipulating data, and—most importantly—knowledge of how to customize AI systems to solve multiple problems.

Strong specialization is always golden, but the problem is it’ll be hard to pick which strong specialization to go into. Or, more poingiantly, it’s hard to know which one is both lucrative and resistant to AI doing it better. If AI is taking over, my bet is that the people good at using it solve problems will be safer than most.

So much of business—and definitely most work that people do, comes down to, “How do we do the thing we’ve been told to do?” With AIs answering more and more of that question, the focus will shift to the new question of, “What should we be doing?”. That’s a collosal shift, and it’s one that favors a different type of employee.

So maybe that generalist, liberal-arts education won’t be as much of a waste anymore. Maybe broader educations will help people become leaders (and solopreneuers) rather than blind executors of the stated plan. As we see from even the AI art stuff and the first versions of the GPTChat bot, the quality of the results depend heavily on the quality of the instructions. And it takes a special perspective, background, and finesse to provide that type of instruction.

Democratization of the best AIs for idea generation and execution will be essential if we want to avoid the ultimate winner-takes-all.

Unfortunately we should expect a lot of fierce competition around this type of “thinking and prompting”. Expect fierce IP battles around what constitutes a human idea vs. one generated by an AI. Without some strong regulation there we’re going to see the best algorithms get protected by the highest prices. Then the biggest and richest companies will have a fleet of AI thinkers working for them as well as the executors.

🤖 Given your analysis of the current market, give me 20 ideas that we can move faster on than our competition that customers are likely to love.

Once again, winner takes all.

As awesome as GPTChat is, keep in mind that these Transformer models are genius at making the thing look correct. It often is, and that’s stunning. But it also oftentimes looks perfect while being complete garbage. Don’t run GPTChat output in prod, is what I’m saying. You’ll need another instance to help find you a job.This is going to be a massive boon for A/B testing scenarios. You can have AI generate a number of ideas and send them into a testing or polling or survey type of environment where they can be tested against reality. I.e., extremely fast idea/product iteration.One thing you should consider adding often to your instructions is the command to “explain your results”. We’ve heard for a couple of years now that one major problem with ML is that it can’t explain how it got to its answer, but this iteration of the tech is quite good at it. Usually. See above. As an example, I created a system using this tech that reads security news stories and tells me if it was a valid incident, who the attacker was, who the target was, what the attack technique was, and—impressively—what the business impact was on a scale of HIGH, MEDIUM, or LOW. For that piece I told it to explain that rating, and it basically never missed. Blew me away.Also keep in mind that this tech is really bad at lots of different kinds of math. Not sure how long that’ll be the case, but it’s definitely true in December of 2022. So once again, don’t bank on it for things like that.I use a variation of a guideline explained to me by an expert, which is to imagine this thing like Yoda rather than Einstein. Einstein does math. Yoda has wisdom. Don’t ask Yoda or GPT to do your taxes; they’ll disappoint you.

SECURITY NEWS

There appears to be a WhatsApp data leak of over 500 million users' data in 84 countries. They're supposedly selling the data for $7K in the UK, and around $2K in the US and Germany. MORE

The FCC has banned Chinese CCTV cameras on sensitive government sites and they've told organizations to rip and replace them wherever they can. And the UK has followed the lead. THE REGISTER ANALYSIS | MORE

The US GAO says US offshore oil and gas infrastructure is at significant risk from cyberattack and warns of possible impacts similar to the Deepwater Horizon disaster. MORE

The Markup found that multiple US tax preparation websites are sending financial data to Meta through The Meta Pixel. Data includes names, emails, and even income, refund amounts, and more. MORE

Meta says they found and terminated multiple influence campaigns run by the US government. They also said the 16 pages, two groups, and 26 Instagram accounts weren't very effective and had very little engagement. MORE

Meta released their Adversarial Threat Report for Q3 2022, which included the US campaigns above but also other campaigns, including those from China and Russia. THE REPORT PDF

Meta built an AI called CICERO that beats most humans at Diplomacy, which is a strategy game where you have to convince people to cooperate with you and gang up on other players. It was considered a bastion of human gameplay because it requires so much interaction and negotiation, but this AI now has double the average score of a human player. ANNOUNCEMENT BLOG
 

TECHNOLOGY NEWS

Tesla's full-self-driving (FSD) beta is now available to everyone in North America, regardless of safety record. Tesla maintains a safety score on everyone, which you can look up in your car's profile. They weren't letting people with low scores get FSD, but as of Thanksgiving it's now available to everyone in North America. MORE

Google is evidently about to lay off around 10,000 people. More evidence of the Alaskan Fishing Boat model, in my view. 

It's not just you: shopping on Amazon has gotten way worse because most everything is now an ad. MORE

Many sources are saying Alexa is failing at Amazon, at least in terms of making money. And rumors are that many of the coming Amazon job cuts will be in the Alexa hardware division. But I wouldn't be surprised if these rumors are overstated. There's more to gaining voice assistant dominance than the pure returns on the hardware. MORE

A computer musician named Holly Herndon did a TED talk on how she created an AI clone of her voice, and why she thinks other artists should do the same. MORE


HUMAN NEWS

It's hard to know how widespread the protests are, but the protests at Foxconn's iPhone plant appear to be spreading throughout China. MORE | NYTIMES ANALYSIS

A new study out of Stanford indicates that insulin resistance doubles the risk of major depressive disorder. MORE

The US is the only rich country with rising roadway deaths.  NYTIMES ANALYSIS

A government organization in Germany is banning Microsoft 365 due to privacy concerns. MORE


IDEAS & ANALYSIS

💡Companies as Alaskan Fishing Boats — Should companies be ruthlessly maintaining a tiny crew willing to endure extreme conditions for extreme pay? MY ESSAY

📢 A Conversation with Scott Kuffer at Nucleus Security (Sponsored) — I just had a great conversation with Scott Kuffer of Nucleus Security about their vulnerability management solution. Probably the best VM conversation I've ever had with a vendor, no joke. If you're in the VM space you'll want to hear this one. LISTEN

Longtermism
There's a concept I'm seeing thrown around a lot called Longtermism, which is the idea that doing things to help more theoretical people in the future at the expense of the fewer people alive today is basically a poor excuse for being an asshole. I'm not sure what I think about it yet. At first viewing, I think the universal rule applies, i.e., both extremes are bad. It's not good to screw over the future for ourselves, but it's also weak sauce to be less humane towards today's humans under the banner of people who don't yet exist. And on that spectrum I'd probably say I'd balance more towards people today who are suffering acutely. ANALYSIS AGAINST LONGTERMISM | A BOOK THAT'S FOR IT


NOTES

We had a phenomenal book club yesterday that included some new people! We also picked the new book, which is the first book in an Indian sci-fi series, recommended by a member. Can't wait to start listening today.

Thanksgiving was excellent. We had dinner at 1PM like we're 77, at Flemmings, which has become our tradition.

Tons of progress on the studio. More sound treatment on the walls. More camera upgrades. And lights. Lots of lights. I'm loving learning this new discipline. Current mission: OBS mastery. And since many have asked, the purpose of all of this is to be able to do explainers and demos using attractive visuals. So imagine my essays and tutorials, but with visual support.


DISCOVERY

⚒️ octopii — Octopii is an open-source AI-powered Personal Identifiable Information (PII) scanner that can look for image assets such as Government IDs, passports, photos and signatures in a directory. TOOL | by REDHUNTLABS

⚒️ RustScan — A modern port scanner written in Rust. Finds ports quickly (3 seconds at its fastest). Runs scripts through its own scripting engine (Python, Lua, Shell supported). TOOL 

⚒️ kubeshark — The API traffic viewer for Kubernetes. It provides visibility and monitoring for traffic moving in, out, and across containers and pods. TOOL 

⚒️ hurl — A command line tool that runs HTTP requests defined in a simple plain text format. It can chain requests, capture values and evaluate queries on headers and body responses. TOOL 

⚒️ humans.txt — An initiative for knowing the people behind a website. It's a TXT file that contains information about the different people who created the site. WEBSITE 

⚒️ All InfoSec News — A newish website that aggregates cybersecurity news in an efficient columnar format. WEBSITE 

🔭 [ Sponsor ] Keeper — How many of your company's credentials are stored on sticky notes or shared on spreadsheets? How many employees just use Password123 for every system? TRY KEEPER FOR FREE

An Email That Elon Sent to Tesla Employees About Avoiding Wasteful Meetings MORE

A Security Tools Crash is Coming MORE

Narcissistic Collapse MORE

Stable Diffusion 2.0 is out with dramatically more detail and precision in its images. MORE

Cloudflare servers don't own IPs anymore, so how do they connect to the Internet? MORE


RECOMMENDATION OF THE WEEK

We've always heard that we are what we eat. I think it's somewhat true of food, but even more so with people and information. We are what we hang out with. We are what we read. We are what we hear. So we should be very careful about what we consume, whether that's company or content. Who do you surround yourself with? Who do you call to spend free time? And what are your information sources? Those become you, or, you become them, so constantly re-evaluate.


APHORISM OF THE WEEK

"Things start out as hopes and end up as habits."

Lillian Hellman

No related posts.

What if companies are supposed to be like Alaskan fishing boats? You know, the kind on The Deadliest Catch.

So you have this tiny crew of total badasses. Everyone is a superhero at their particular role because the crew needs to stay extremely small to protect profits. The captain is a dictator. The mission is clear. And bad performances from anyone are immediately noticeable and immediately dealt with.

You hurt your back? Sorry, you’re a great crew member, but you’re not going out on this trip. You want to spent more time with your brother who’s visiting? Cool, you’re off the ship. This crew is for hardcore people only. Remind you of anything?

Reminds me of how Elon runs things at his companies, and now Twitter. Being someone who likes people, and who wants to see them happy and thriving, I’m disgusted by this approach to managing people. But thinking about the actual economics of it, and thinking about what a fishing boat or a social media company is actually there to do, and I’m not sure it’s the wrong approach. In fact, I think it might be the only approach that doesn’t lead to a constant pendulum of hiring thousands of people with multiple levels of management, which creates a structure and culture of mediocrity, who then have to be laid off on every down cycle.

So here’s the question: is it possible to run a company like an Alaskan Fishing Boat without being an asshole? To do so with empathy and camaraderie, and kinship? I think so. I think it’s just harder, and that there are multiple forces working against anyone who tries to do so. Not the least of which is the fact that people now join companies thinking they’re getting a second home, not an Alaskan Fishing Boat.

I also like this analogy for another reason. It makes it clear that it’s a job and not your identity. You are not a crew member. You are not IBM employee number 3329087. You’re a human. So sure, you can serve on the boat, and be paid, but don’t let that captain tell you your value. Your value is in yourself, not what you do working on a fishing run.

I think this way of thinking about work brings clarity to multiple phenomena we’re currently witnessing, including unhappy workers, mass layoffs during downtimes, and the outsized accomplishments of Tesla and SpaceX.

So to me the question isn’t whether it’s an effective way for people to run their businesses. The question is whether it’s a model that we should pursue given the effects on the people who work there.

In this standalone episode we’re doing a sponsored interview with Scott Kuffer, co-founder and COO of Nucleus Security.

I was already excited by this vendor just based on the research I did to allow them to be a sponsor, but the conversation with them really made me think they’re approaching the vulnerability management problem the right way. Namely, by tackling a lot of the non-technical problems using technical solutions rather than obsessing over vuln prioritization.

If you are in the VM space or are about to be in it, you will love this conversation.

And with that, here’s Scott Kuffer with Nucleus Security.

No related posts.