Daniel Miessler's Blog, page 29

SECURITY NEWS

There appears to be a WhatsApp data leak of over 500 million users' data in 84 countries. They're supposedly selling the data for $7K in the UK, and around $2K in the US and Germany. MORE

The FCC has banned Chinese CCTV cameras on sensitive government sites and they've told organizations to rip and replace them wherever they can. And the UK has followed the lead. THE REGISTER ANALYSIS | MORE

The US GAO says US offshore oil and gas infrastructure is at significant risk from cyberattack and warns of possible impacts similar to the Deepwater Horizon disaster. MORE

The Markup found that multiple US tax preparation websites are sending financial data to Meta through The Meta Pixel. Data includes names, emails, and even income, refund amounts, and more. MORE

Meta says they found and terminated multiple influence campaigns run by the US government. They also said the 16 pages, two groups, and 26 Instagram accounts weren't very effective and had very little engagement. MORE

Meta released their Adversarial Threat Report for Q3 2022, which included the US campaigns above but also other campaigns, including those from China and Russia. THE REPORT PDF

Meta built an AI called CICERO that beats most humans at Diplomacy, which is a strategy game where you have to convince people to cooperate with you and gang up on other players. It was considered a bastion of human gameplay because it requires so much interaction and negotiation, but this AI now has double the average score of a human player. ANNOUNCEMENT BLOG
 

TECHNOLOGY NEWS

Tesla's full-self-driving (FSD) beta is now available to everyone in North America, regardless of safety record. Tesla maintains a safety score on everyone, which you can look up in your car's profile. They weren't letting people with low scores get FSD, but as of Thanksgiving it's now available to everyone in North America. MORE

Google is evidently about to lay off around 10,000 people. More evidence of the Alaskan Fishing Boat model, in my view. 

It's not just you: shopping on Amazon has gotten way worse because most everything is now an ad. MORE

Many sources are saying Alexa is failing at Amazon, at least in terms of making money. And rumors are that many of the coming Amazon job cuts will be in the Alexa hardware division. But I wouldn't be surprised if these rumors are overstated. There's more to gaining voice assistant dominance than the pure returns on the hardware. MORE

A computer musician named Holly Herndon did a TED talk on how she created an AI clone of her voice, and why she thinks other artists should do the same. MORE


HUMAN NEWS

It's hard to know how widespread the protests are, but the protests at Foxconn's iPhone plant appear to be spreading throughout China. MORE | NYTIMES ANALYSIS

A new study out of Stanford indicates that insulin resistance doubles the risk of major depressive disorder. MORE

The US is the only rich country with rising roadway deaths.  NYTIMES ANALYSIS

A government organization in Germany is banning Microsoft 365 due to privacy concerns. MORE


IDEAS & ANALYSIS

💡Companies as Alaskan Fishing Boats — Should companies be ruthlessly maintaining a tiny crew willing to endure extreme conditions for extreme pay? MY ESSAY

📢 A Conversation with Scott Kuffer at Nucleus Security (Sponsored) — I just had a great conversation with Scott Kuffer of Nucleus Security about their vulnerability management solution. Probably the best VM conversation I've ever had with a vendor, no joke. If you're in the VM space you'll want to hear this one. LISTEN

Longtermism
There's a concept I'm seeing thrown around a lot called Longtermism, which is the idea that doing things to help more theoretical people in the future at the expense of the fewer people alive today is basically a poor excuse for being an asshole. I'm not sure what I think about it yet. At first viewing, I think the universal rule applies, i.e., both extremes are bad. It's not good to screw over the future for ourselves, but it's also weak sauce to be less humane towards today's humans under the banner of people who don't yet exist. And on that spectrum I'd probably say I'd balance more towards people today who are suffering acutely. ANALYSIS AGAINST LONGTERMISM | A BOOK THAT'S FOR IT


NOTES

We had a phenomenal book club yesterday that included some new people! We also picked the new book, which is the first book in an Indian sci-fi series, recommended by a member. Can't wait to start listening today.

Thanksgiving was excellent. We had dinner at 1PM like we're 77, at Flemmings, which has become our tradition.

Tons of progress on the studio. More sound treatment on the walls. More camera upgrades. And lights. Lots of lights. I'm loving learning this new discipline. Current mission: OBS mastery. And since many have asked, the purpose of all of this is to be able to do explainers and demos using attractive visuals. So imagine my essays and tutorials, but with visual support.


DISCOVERY

⚒️ octopii — Octopii is an open-source AI-powered Personal Identifiable Information (PII) scanner that can look for image assets such as Government IDs, passports, photos and signatures in a directory. TOOL | by REDHUNTLABS

⚒️ RustScan — A modern port scanner written in Rust. Finds ports quickly (3 seconds at its fastest). Runs scripts through its own scripting engine (Python, Lua, Shell supported). TOOL 

⚒️ kubeshark — The API traffic viewer for Kubernetes. It provides visibility and monitoring for traffic moving in, out, and across containers and pods. TOOL 

⚒️ hurl — A command line tool that runs HTTP requests defined in a simple plain text format. It can chain requests, capture values and evaluate queries on headers and body responses. TOOL 

⚒️ humans.txt — An initiative for knowing the people behind a website. It's a TXT file that contains information about the different people who created the site. WEBSITE 

⚒️ All InfoSec News — A newish website that aggregates cybersecurity news in an efficient columnar format. WEBSITE 

🔭 [ Sponsor ] Keeper — How many of your company's credentials are stored on sticky notes or shared on spreadsheets? How many employees just use Password123 for every system? TRY KEEPER FOR FREE

An Email That Elon Sent to Tesla Employees About Avoiding Wasteful Meetings MORE

A Security Tools Crash is Coming MORE

Narcissistic Collapse MORE

Stable Diffusion 2.0 is out with dramatically more detail and precision in its images. MORE

Cloudflare servers don't own IPs anymore, so how do they connect to the Internet? MORE


RECOMMENDATION OF THE WEEK

We've always heard that we are what we eat. I think it's somewhat true of food, but even more so with people and information. We are what we hang out with. We are what we read. We are what we hear. So we should be very careful about what we consume, whether that's company or content. Who do you surround yourself with? Who do you call to spend free time? And what are your information sources? Those become you, or, you become them, so constantly re-evaluate.


APHORISM OF THE WEEK

"Things start out as hopes and end up as habits."

Lillian Hellman

No related posts.

What if companies are supposed to be like Alaskan fishing boats? You know, the kind on The Deadliest Catch.

So you have this tiny crew of total badasses. Everyone is a superhero at their particular role because the crew needs to stay extremely small to protect profits. The captain is a dictator. The mission is clear. And bad performances from anyone are immediately noticeable and immediately dealt with.

You hurt your back? Sorry, you’re a great crew member, but you’re not going out on this trip. You want to spent more time with your brother who’s visiting? Cool, you’re off the ship. This crew is for hardcore people only. Remind you of anything?

Reminds me of how Elon runs things at his companies, and now Twitter. Being someone who likes people, and who wants to see them happy and thriving, I’m disgusted by this approach to managing people. But thinking about the actual economics of it, and thinking about what a fishing boat or a social media company is actually there to do, and I’m not sure it’s the wrong approach. In fact, I think it might be the only approach that doesn’t lead to a constant pendulum of hiring thousands of people with multiple levels of management, which creates a structure and culture of mediocrity, who then have to be laid off on every down cycle.

So here’s the question: is it possible to run a company like an Alaskan Fishing Boat without being an asshole? To do so with empathy and camaraderie, and kinship? I think so. I think it’s just harder, and that there are multiple forces working against anyone who tries to do so. Not the least of which is the fact that people now join companies thinking they’re getting a second home, not an Alaskan Fishing Boat.

I also like this analogy for another reason. It makes it clear that it’s a job and not your identity. You are not a crew member. You are not IBM employee number 3329087. You’re a human. So sure, you can serve on the boat, and be paid, but don’t let that captain tell you your value. Your value is in yourself, not what you do working on a fishing run.

I think this way of thinking about work brings clarity to multiple phenomena we’re currently witnessing, including unhappy workers, mass layoffs during downtimes, and the outsized accomplishments of Tesla and SpaceX.

So to me the question isn’t whether it’s an effective way for people to run their businesses. The question is whether it’s a model that we should pursue given the effects on the people who work there.

In this standalone episode we’re doing a sponsored interview with Scott Kuffer, co-founder and COO of Nucleus Security.

I was already excited by this vendor just based on the research I did to allow them to be a sponsor, but the conversation with them really made me think they’re approaching the vulnerability management problem the right way. Namely, by tackling a lot of the non-technical problems using technical solutions rather than obsessing over vuln prioritization.

If you are in the VM space or are about to be in it, you will love this conversation.

And with that, here’s Scott Kuffer with Nucleus Security.

No related posts.

In this standalone episode we’re doing a sponsored interview with Erkang Zheng of JupiterOne.

So Jupiter One is a special company to me. I just built a vuln management program at Robinhood based around them, and I believe so much in their vision that I’m looking to actually become an advisor. I mention this because when I fanboy for something, like Apple, or whoever, I want you to know that I’m fanboying and/or have a relationship with them. Or that I want to.

The interview here talks mostly about concepts, however, and not so much specific features. But I just wanted to mention my orientation to the company prior to starting.

I’m speaking with Erkang Zheng who is the founder and CEO of the company, and as you can hear we have a similar take on many of the problems currently in security.

So with that, here’s Erkang Zheng.

No related posts.

In this standalone episode we’re doing a sponsored interview with Erkang Zhang of Jupiter One.

So Jupiter One is a special company to me. I just built a vuln management program at Robinhood based around them, and I believe so much in their vision that I’m looking to actually become an advisor. I mention this because when I fanboy for something, like Apple, or whoever, I want you to know that I’m fanboying and/or have a relationship with them. Or that I want to.

The interview here talks mostly about concepts, however, and not so much specific features. But I just wanted to mention my orientation to the company prior to starting.

I’m speaking with Erkang Zhang who is the founder and CEO of the company, and as you can hear we have a similar take on many of the problems currently in security.

So with that, here’s Erkang Zhang.

No related posts.

🦃 We're doing our second-ever discount on UL Membership starting the day after Thanksgiving. But that's a Friday, so I'm going to enable the discount link earlier. How early, and how much of a discount? You'll have to find out. If the link works before the date, then it's live. BLACK FRIDAY MEMBERSHIP DISCOUNT LINK


SECURITY NEWS

🚨There's a newish scam going around called Pig Butchering, which combines a romance scam with an investment scam. It starts with a fake profile that contacts the victim and builds up a relationship over time. Then they start dropping hints about an investment opportunity, and if the victim invests they might actually pay them out some to gain even more trust. Then eventually they ask for the big one—often up to hundreds of thousands of dollars—which they then steal before disappearing. Talk to your loved ones about this type of attack, especially if they're lonely and/or gullible. MICHIGAN'S WRITE-UP | PROPUBLICA'S ANALYSIS

The director of the FBI says he's extremely concerned about China's ability to weaponize TikTok. He specifically cited misuse of the data collected on Americans and China controlling the recommendation algorithm. MORE

Thousands of apps in Apple's app store, including the CDC app, have software in them from a company that was pretending to be American but was actually Russian. MORE

A China-based threat actor has been using 42,000 look-alike domains to run phishing campaigns since at least 2019. MORE

Researchers at Mitiga found hundreds of Amazon RDS instances exposed to the internet, resulting in the leakage of PII. MORE

Google has identified 34 cracked versions of Cobalt Strike being used in the wild. MORE

Riot and Ubisoft are teaming up to use AI to detect toxic behavior in chats. “The objective of the project is to initiate cross-industry alliances to accelerate research on harm detection.” MORE

Musk evidently sends emails with slightly different spacing and punctuation so as to identify leakers. And this thread that talks about it claims other companies do this as well. MORE

Vulnerabilities:

There are multiple high-severity vulnerabilities in F5's BIG-IP and BIG-IQ devices that can lead to full system takeover. MORE

 

TECHNOLOGY NEWS
TSMC is going to produce 3nm chips in Arizona. The plant's currently under construction and they plan on starting production in 2024. MORE

Amazon appears to be gutting the Alexa division. I get that it hasn't taken off in corporations the way they thought it would but it seems very short-sighted to give up a significant lead in consumer voice assistants. MORE

Thousands of songs have been released by Tencent in China that used AI to mimic human singing, and one of them has been streamed over 100 million times. MORE

It looks like Tesla owners might soon have an Apple Music app. A version was seen running on an internal vehicle. MORE


HUMAN NEWS
A new paper supports previous work showing that walking does make you more creative, but it additionally showed that 1) it continued working when people returned to sitting, and 2) it continued if people walked again. MORE

Elizabeth Holmes has been sentenced to over 11 years in prison for defrauding Theranos investors. MORE

Nearly 1 in 5 Americans listen to a podcast every day. MORE

FTX and other crypto explosions are getting people to look at Proof of Reserves as a solution. MORE


IDEAS & ANALYSIS
💡AI is About to Feel Like AGI, and You Need to Get Ready READ THE ESSAY

Hedonic Baselining
There's a link in Discovery this week about bad coffee and how the writer is all into it right now, despite being a coffee snob. I'm super into coffee as well, but lately I've been exploring the idea of Hedonic Baselining, which is my own bastardization of a lot of real research in this area. It's basically the idea that if you expose yourself consistently to peaks of experience, for anything, you basically screw yourself because regression to the mean results in a letdown. A few examples: Food: eating raw foods with very few additives will reset you so that 1) that food now tastes remarkable, and 2) any hint of salt or fat in something will be spectacular. Sex: avoid sex or sexual media, and within a few days you'll become aroused by basic clothing or the smell of decent soap. Inputs: if you stop watching one Game of Thrones after another, and instead get into quieter and more subtle art forms, you'll notice and enjoy the slightest ripples in the art. Think GoT -> Anna Karenina, 50 Cent -> Kendrick Lamar, Watching TikTok -> Reading Moby Dick. I'm playing with doing the same for coffee by having fast/meh coffee most of the time and doing my favorite Clover technique with the best coffee as a treat. So I enjoy it more.

Is Social Media More Positive Than We Think?
Fascinating new analysis from Pew indicates that social media might be more mixed and/or positive for teens than recent narratives have suggested. It paints a picture of overall positivity and connection with extremes at the ends of positive and negative. I can see this both ways: 1) we're in a moral panic around social media and it's nowhere near as bad as they say, and 2) the people responding to the poll are unaware of it's negative effects so they list it as more positive than it is. When have we known teenagers to be good judges of their reasons for being happy or sad? Or the effects of various things in their life on their happiness? I think we should definitely take their input as data, but not assume it's telling us what it seems to. And I can definitely see both of these happening at the same time. MORE

Testosterone and Winning
There's been a ton of study and talk recently about how men have far lower testosterone than men used to have, like back in the 70's, 80's, and 90's (depending on the study). There's also a ton of talk about how men are falling behind in education, in the workplace, etc., compared to women, and how this is damaging men's ability to attract a mate. Well, ever since learning that testosterone is not a violence hormone (like I grew up believing), and that it's actually a hormone for winning and striving, that brought me to a super (overly?) simple question and model. What if men have lower testosterone because they're both striving and winning less today? In other words, if men aren't as goal-oriented, don't have as clear of goals, aren't pursuiing those goals, and therefore aren't achieving them, wouldn't that massively reduce testosterone levels? In other words, maybe testosterone is so comparatively low today because men in the 70's, 80's, and 90's had a better of idea of what to do, and were doing it. And today's men are lost.

Companies as Alaskan Fishing Boats
What if companies are supposed to be like Alaskan fishing boats? You know, the kind of The Deadliest Catch. So you have this tiny crew of total badasses. Everyone is a superhero at their particular role because the crew needs to stay extremely small to protect profits. The captain is a dictator. The mission is clear. And bad performances from anyone is immediately noticeable and immediately dealt with. You hurt your back? Sorry, you're a great crew member, but you're not going out on this trip. You want to spent more time with your brother who's visiting? Cool, you're off the ship. This crew is for hardcore people only. Remind you of anything? Reminds me of how Elon runs things at his companies, and now Twitter. Being someone who likes people, and who wants to see them happy and thriving, I'm disgusted by this approach to managing people. But thinking about the actual economics of it, and thinking about what a fishing boat or a social media company is actually there to do, and I'm not sure it's the wrong approach. In fact, I think it might be the only approach that doesn't lead to a constant pendulum of hiring thousands of people with multiple levels of management, which creates a structure and culture of mediocrity, who then have to be laid off on every down cycle. So here's the question: is it possible to run a company like an Alaskan Fishing Boat without being an asshole? To do so with empathy and camaraderie, and kinship? I think so. I think it's just harder, and that there are multiple forces working against anyone who tries to do so. Not the least of which is the fact that people now join companies thinking they're getting a second home, not an Alaskan Fishing Boat. I also like this analogy for another reason. It makes it clear that it's a job and not your identity. You are not a crew member. You are not IBM employee number 3329087. You're a human. So sure, you can serve on the boat, and be paid, but don't let that captain tell you your value. Your value is in yourself, not what you do working on a fishing run. I think this way of thinking about work brings clarity to multiple phenomena we're currently witnessing. WSJ ANALYSIS ON THE DECLINE OF WORK | ELON'S PUSH TO "HARDCORE"


NOTES
I've been flirting with new terminal and shell applications, namely Warp (terminal) and Starship (shell). It's early days, and Warp doesn't support Vim mappings, so I am not sure how long I can go without those. But these things are gorgeous. Especially Warp. It makes other terminal apps look like a DOS prompt from the 1730's. And they're both written in Rust, which gives me a placebo effect of Maverick speed. CHECK OUT WARP | CHECK OUT STARSHIP

My new nootropic experimentation is going extraordinarily well. Although I'm also working out more so the benefits are definitely multi-variate. I'm starting to think of things like working out and walking as nootropics. It helps somehow. Like everyone wants the Limitless pill, and I already enjoy working out and walking, so I like to think of the latter as the former.

I cannot wait to get started on my new mobile app based around wellness. You'll be hearing more about it soon, but it won't be until the January to February timeframe. One reason that I acutely need the app myself is for mood capture. I had one of my highest moods ever earlier today, and what the app is going to do is be able to associate that with my having done certain activities recently that do or don't align with my identity and my goals. That's the teaser. I cannot wait.


DISCOVERY
⚒️ s3crets scanner — Find secrets in data uploaded to public S3 buckets using Trufflehog. TOOL | by EILOHN

🔭 [ Sponsor ] Snyk — See the top 7 AWS security misconfigurations and how to fix them. GET THE LIST

A Case for Bad Coffee MORE

The Quest for My Perfect Watch MORE

Brown Noise (lower pitch than white noise) is helping people with ADHD. MORE

Superforecaster Predictions for 2023 MORE

Almost Twice as Many Republicans Have Died From COVID Than Democrats MORE

The Decline of Work MORE

The Truffle Industry is a Big Scam MORE

How Friendships Change in Adulthood MORE

I record myself on audio 24/7 and use AI to process the information. Is this the future? MORE


RECOMMENDATION OF THE WEEK
I believe there will be, within 1-3 years, companies that come into your job and find all the different human work that can be automated using new AI models. Answering the phone, customer service, creating reports, sending emails, doing performance analysis, data analytics, threat detection, business planning, contract review, vendor analysis, the list is endless. Get ready for this. This won't result in some giant layoff. It'll look more like normal attrition and change within a company combined with simply not hiring people back. Starting in—I'm guessing here—2-5 years, and accelerating from there. Be thinking about what business you want to start, or how you can avoid working at all. And here's the good news. It's going to be a lot easier to be a one-person business because AI will be able to do so much of the work that used to require staff. Get ready for this world of lots more very small businesses with like 1-5 people in them, and a world of a whole lot of knowledge workers (most) who can't do anything better than an AI.


APHORISM OF THE WEEK
"If opportunity doesn't knock, build a door."

Milton Berle

No related posts.

I just wrote a piece similar to this last week, but this one drives the point home even more. Basically, the current trajectory of AI, with all the art generation, the language models, etc., are about to become a whole lot more instruction and response based. What does that mean?

It means rather than having to trick your AI Art generator into making something cool using special prompt wizardry, you’re going to be able to give a similar model basic instructions to do pretty much anything. Write the perfect email for my boss. Find the best ideas in the company. Tell me what customers are closest to churning and what would win them back. Etc. And it will simply produce magic.

I’ve been doing this for months already using GPT-3, and I’m completely stunned by what it can do with, say, a security news story. I can give it the body of an article and it can tell me who the attacker was, who the defender was, what technique they used in their attack, and tons of other important analysis. It’s insane. And to the point of my previous article, it’s precisely what we thought could only come from an AGI.

But guess what? Most people are about to get a whole lot less interested in AGI, because we’re about to get the benefits of AGI without it needing to be self-aware. AGI-level powers are simply emerging from these evolutions in transformers and LLMs.

I’m telling you again, and please listen. I know how hyperbolic this sounds. It’s not hyperbole. This is bigger than the internet. This is about to change everything because it is changing the fundamental value of human work. We’re talking about the ability to do pretty much any knowledge work task better than humans.

You need to get ready. We all do.

SECURITY NEWS

Attackers have dumped nearly 8 million Australian health records on the dark web after breaching a health insurance company with almost 10 million customers. MORE

NSA has released guidance asking companies to switch to memory-safe languages like Rust, C#, Go, and others. GET THE PDF

Security researcher David Schütz accidentally found a bypass to the Android lock screen by tinkering with the SIM card. The issue affects everyone running Android 10, 11, 12, and 13 if they don't have the November 2022 patch. MORE | VIDEO

In Apple's new iOS 16.1.1 update, they're limiting 'AirDrop Everyone' to 10 minutes in China. Speculation is that it was being used to share unapproved content between people that couldn't be monitored by the government. MORE

BellingCat was able to identify the location of a cruise missile program from a single old photo from 8 years earlier. MORE

CISA is expanding its cybersecurity education program nationwide. The high-school-focused program had success in Louisiana and now they're taking it to the rest of the country. MORE

Vulnerabilities:

Cisco patches 33 vulns in its enterprise firewall products. MORE VMware has released an advisory for VMware Workspace One Assist. MORE Citrix released updates for ADC and Gateway. MORE

 

Sponsor

State of SIEM 2022
 This State of SIEM 2022 Report surveyed hundreds of cybersecurity and SecOps professionals who use a SIEM to understand their challenges, frustrations, and areas of improvement. Check out the 2022 report to see how SecOps professionals are keeping up with their existing environment, and what they plan for next steps. 

TECHNOLOGY NEWS

The chatter is picking up that GPT-4 is going to be utterly insane. Scoble says it might be as big a leap as GPT-2 to GPT-3, or bigger. MORE

Apple says it might be hard to get an iPhone Pro or Pro Max this holiday season due to high demand and production (see Covid) issues in China. MORE

Amazon might soon have a service called 'Clinic' which would connect customers to telemedicine services. I can't wait for this type of help to be widely available and easier to use, especially for mental health. MORE

Musk has ended default remote work at Twitter, which is the same thing he did for Tesla and SpaceX. He clarified that if you have a special case or your manager vouches that you're a top performer, you can still work remotely. MORE

GitHub has massively updated its search capabilities, including a new search and code nav view, a new code browser, a symbols inspector, and more. MORE


HUMAN NEWS

The planet now has 8 billion people on it, but experts are now expecting it to irreversibly decline throughout this century. MORE

China is struggling with more Covid outbreaks, including in the world's biggest iPhone plant. Their isolation policy, combined with the lack of a vaccination rollout, means China's population is largely unprotected from either previous infections or vaccines. MORE

Deep Bass makes us dance, but we don't know why. MORE

France is going to put solar panels on top of all large parking lots. MORE


IDEAS & ANALYSIS

Using AI Art as Inspiration
I have heard from multiple places now that there are professionals using AI Art generators as an augmentation tool. So they have an idea of what they want, but can't quite visualize it yet, so they run a bunch of prompts through the art algorithms. Then they get inspired or polarized by what they see, their vision becomes clearer, and they make the art themselves. I'm excited by this, but I know augmentation is only for the privileged. That is, if you're already so amazing that you can create art as good as an art algorithm, and you're one of the tiny number of people with a job doing that, you're in a great position to use the algorithms to your advantage. But that's not most artists. 

Twitter and First vs. Second-order Chaos
I still believe Musk will turn things around at Twitter and make it a better platform, but holy crap what a week. I'm stunned by his ability to own-goal himself. Selling blue checks without verification? When everyone told him it would cause a major impersonation problem? And he just did it anyway? Here's a theory that I am playing with: he's great at first-order chaos, but bad at second-order chaos. First-order chaos is something like weather or self-driving, where it's unpredictable but it doesn't fight back. Second-order chaos is where your actions produce counter-reactions in the thing you're working with—in this case, people who use Twitter. He seemed completely thrown off by how the crowd reacted to his actions, like he couldn't believe the rocket had an attitude. Again, not sure if that's a valid model or not, but it struck me.


NOTES

👀 I have a friend next door who does sourcing for AI/ML positions, and she just got laid off at Twitter. She's looking for a new opportunity, so hit her up if you're looking for AI people! HER LINKEDIN

I tried a new nootropic cocktail Sunday morning and basically felt like Limitless all day. I'll be doing a full member piece soon on nootropics. BECOME A MEMBER

Speaking of membership, I'm about to have another Black Friday sale for UL Membership! I'm not sure what the discount is going to be, but it'll be compelling. Details to follow next week!


DISCOVERY

⚒️ katana — Project Discovery makes the best recon / continuous monitoring tooling out there. I've been saying this for years. And now they have a crawler! Cannot wait to play with this more! TOOL |  BY PROJECT DISCOVERY | OUTPUT

⚒️ Targeted Password Guesses — A tool that uses GPT-3 to create a password list based on a particular target. Dammit, I was about to do this too. Oh well, I'll still do mine and compare. TOOL | BY ACM RESEARCH

⚒️ Hey GitHub — Write code using your voice. TOOL

⚒️ GitHub Business Card — Create a business card based on your GitHub profile. Love these kinds of projects! CREATE YOURS | BY SEBASTIEN CASTIEL

⚒️ Softr — Build full business apps with backend databases, user management, authentication, payments, etc., all without writing code. Uses Airtable or Google docs as the database. I could have used this like 39 times in the last 5 years. MORE

🧵Recon Tools for Web Testing — A sick thread by Lohitaksh Nandan listing his favorite web hacking tools. THREAD | BY LOHITAKSH NANDAN

I somehow didn't remember that httpx by Project Discovery does stack detection when it checks for web servers. So you can do something like cat hostnames | httpx -tech-detect and get back what kind of tech the site runs. Just keep in mind it's only a small subset of what you'd get if you used the actual wappalyzer API, which is a paid offering. Still really sick to get this functionality for free though. TOOL | BY PROJECT DISCOVERY | MY TWEET ABOUT IT

🔭 [ Sponsor ] Panther — The State of SIEM Report. Insights From 250+ Security Practitioners Who Actively Use a SIEM Platform GET THE REPORT

AI draws Darth Vader as a construction worker and nails the helmet. MORE

A bunch of my friends started a new monthly podcast called 404 Security Not Found (great name) that you should check out. For discussion podcasts with multiple guests I love the format where each person brings their own stories and then everyone discusses, and this group really sticks it. Recommend. LISTEN TO THE FIRST EPISODE

There's a new short film collaboration between Star Wars and Studio Ghibli streaming on Disney+. More

Someone created a chip that can be inserted into a Starlink terminal that will let you run arbitrary code. GITHUB PROJECT 

Here's the list of sessions from USENIX's 2022 Security Symposium. These conferences are always stellar, and I love that they make all their talks available. THE TALKS


RECOMMENDATION OF THE WEEK

This next generation of AI models coming out from Google, OpenAI, and others are going to be something else. Pay attention to what they can do in broad tasks, not just the flashy stuff like making images or videos. Look for ways they will be used to augment and then largely replace human work. Especially your work, and the work of the people you care about. And then start thinking about a 5-10 year plan for that.


APHORISM OF THE WEEK

"Chaos often breeds life, when order breeds habit."

Henry Brooks Adams

No related posts.

SECURITY NEWS

TikTok has now admitted, after denying last week, that Chinese staff can in fact read European TikTok data. Pressure is increasing across the US government to outright ban the app, but it's quickly becoming national infrastructure so many young people. MORE | FCC COMMISSIONER CALLS FOR BAN

Security company Lookout says mobile-based phishing attacks against federal government employees increased 47% between 2020 and 2021, which is roughly half of local, state, and federal government employees. MORE | THE LOOKOUT REPORT

Microsoft says between June 2020 and June 2021, 20% of all nation-state attacks were aimed at critical infrastructure, and that percentage grew to 40% between 2021 and 2022. MORE | THE FULL REPORT

CISA is pushing organizations to implement not just MFA, but phishing-resistant MFA, which today mostly means FIDO2 / WebAuthn. MORE | CISA GUIDE TO PHISHING-RESISTANT MFA

An attacker injected malicious code into a benign JavaScript file deployed on hundreds of US newspapers, and that malware was then pushed to all their users. The company targeted was undisclosed, but the malware was the SocGholish, which deploys fake updates that are actually malware. MORE

Musk is launching a new Twitter Blue offering for $8/month that gives anyone a blue checkmark without checking to see if they're a real person. His counter to the security problem is to permanently ban any account that impersonates another. But he also talked about "widespread verification" in another tweet. I hope he means an actual identity confirmation. MORE | MY ANALYSIS OF THE RECENT EVENTS

Rewind.ai is an app that records everything you have seen, said, or heard on your Mac so you can remind yourself if necessary. Cool idea, theoretically. And likely a security/privacy hellscape. MORE

Dropbox got compromised by a phishing campaign which gave attackers access to 130 of their private Github repositories. MORE

Vulnerabilities:

Fortinet: 6 High issues. MORE Splunk: 9 High issues. MORE Cisco: Multiple, up to system takeover. MORE

 

Sponsor

Benchmark your cloud configuration in minutes with JupiterOne
 See how your cloud configuration compares against CIS Foundations benchmarks in just a few clicks. Once your cloud provider is integrated with JupiterOne, this framework is automatically imported based on which cloud provider you use, giving you a greater understanding of how to improve your configuration and security posture.


 

TECHNOLOGY NEWS

Matter launched last week, which is basically a new, shared language that allows all your smart home devices to speak to and control each other. THE VERGE SUMMARY 

TSMC is approaching 1nm due to a breakthrough in 2D materials. MORE

Shubhro Saha figured out how to run GPT-3 prompts in Google Sheets, allowing you to automatically sanitize data, categorize feedback, etc. MORE 

OpenAI has released the public DALL-E API in beta. So now you can automate the creation of generative images. MORE

Musk is supposedly looking at some kind of OnlyFans clone for Twitter. That'll be hard to do if the brand is trusted information. MORE

Amazon's entire music library is now available to Prime subscribers for free. MORE

Meta built an AI-powered audio codec that can supposedly compress audio 10x tighter than MP3. MORE

Starlink is soft-capping residential users at 1TB per month. MORE

Layoffs and Freezes:

Lyft: 13% MORE Stripe: 14% MORE Meta: Reportedly thousands this week. MORE Apple: Hiring Freeze MORE Track the layoffs with layoffs.fyi MORE

HUMAN NEWS

There's a newish narrative going around that says it makes no sense to recycle plastic, and that you might as well throw it away. I'm skeptical only because it matches my intuition and sounds like it could be some kind of propaganda effort. MORE

Human trials have started for lab grown blood. They're starting with a couple of spoonfuls to see how it does in the body. MORE

Gas prices in Europe are thankfully much lower than expected due to a mild autumn. MORE


IDEAS & ANALYSIS

✍️ AI Art Just Opened The Threat to Human Work We Were Expecting from AGI READ

✍️ My Prediction for Twitter READ

Build Your Own Stuff
Substack just launched their own chat service so that people could chat with creators. Sounds pretty cool right? So did Medium. So did LiveJournal. So did Tumblr. So did MySpace. So did a dozen other services. I've had a blog since 1999, and I have seen so many platforms rise and fall. Trust me on this. Your domain is your brand. Keep your own blog, on your own domain. And make sure you are using universal enough tech that you can take your backups and go anywhere else if you neded to. Your domain is what matters. Don't rely on the Mediums and Substacks of the world. They'll be gone tomorrow. SO YOU WANT TO START A BLOG


NOTES

I'm getting into video. Mostly YouTube, but probably some TikTok too. And not like ham in front of the camera type stuff, but some of that combined with mostly having video and visual support to whatever I'm talking about. Basically, video > text for most people, so I am going to master that medium and make sure most of my content has a video element going forward. 

Westworld has been cancelled. Not surprising to me. I couldn't even get into the last season because they lost the plot. Couldn't tell who the good or bad guys were. Oh well, seaons 1 and 3 were masterpieces. MORE

I continue to spin up all the UL umbrella threads. Consulting, the products I'm building, and tons more work on the show (which members have been seeing most of all). So much additional energy happening in the community, more member content, more meetups, a new UL Principles document, and tons more. Elated with the progress.

This month's bookclub book is The Science of Storytelling, by Will Storr. MORE


DISCOVERY

Awesome Cybersecurity Newsletters — A massive collection of newsletters about the cybers. MORE | BY TAL ELIYAHU

🔭 [ Sponsor ] JupiterOne — See how your cloud configuration compares against CIS Foundations benchmarks in just a few clicks. GET STARTED WITH YOUR FREE ACCOUNT

The Immutable Laws of Security MORE

🔥 The Best of AI Twitter MORE

How to Get Paid Slack Features For Free MORE

What I Learned from Reading 217 Subdomain Takeover Reports MORE | BY NYNAN

What Happens After Everything Becomes TikTok? MORE

Threat Model Examples  MORE | BY TAL ELIYAHU

Helping Elon Speed Run the Content Moderation Curve MORE

Running Lego Engines With Air MORE

My Simple Kubernetes Setup for Side Projects MORE | BY BAS STEINS

Advice That Worked For Me MORE

How to Set Your Google Calendar to Private MORE


RECOMMENDATION OF THE WEEK

Keep abreast of the AI Art stuff and the companies that spin off of it to do other things. That doesn't mean look at 34 different art engines and their pictures. But pay attention to the companies that are using transformer tech to solve other kinds of problems. And make sure the people you care about are aware of what's happening. This thing that's about to happen to tech, that's starting right now, is bigger than anything before it. Bigger than the internet. Maybe the printing press. It's the creation of agents that can do most of our cognitive work better than us. It's big. MORE


APHORISM OF THE WEEK

"I visualize a time when we will be to robots what dogs are to humans, and I'm rooting for the machines."

Claude Shannon

No related posts.

Let me start with the punchline: Something like 80% of most “knowledge work” is about to get replaced by artificial intelligence.

I’m not professionally educated or trained in AI, but I’ve read probably 30 books and spent thousands of hours thinking about it.

I am not talking about ten to thirty years from now. 20-40 years is an easy prediction for such things. And when you go that far out it gets increasingly silly to even think about.

AI Art is doing what we thought would come from AGI.

No, I’m talking about major attacks on knowledge work within 5 years, with something like 50% to 80% of knowledge work is doable by AI within 8-15 years. Whether it will be done by AI that’s another story, but the capabilities will be there.

Why would I think such a thing?

I know, you’ve heard this all before. I have too. We all have.

AI is taking over! Skynet! Blah blah blah

It’s a meme of a cliche of a meme at this point. But this isn’t that.

Silicon Valley, and indeed the entire world, is about to experience the biggest Gold Rush ever. It’s starting already actually, and you know it as AI Art.

And I know you’ve seen the art. Or at least heard about it. It’s cool. It’s impressive. But how does that get us to human work replacement?

AI Art only works because it deeply “understands” human concepts.

Look at these images.

Images From Midjourney’s Gallery

The AI is able to do this because it’s consumed billions of pieces of information about humans—from our creative output. It understands art styles, sadness, happiness, birds, cars, fights, kisses, space, toilets, and ice cream.

I just told Midjourney’s V4 engine to make:

a digital photo of a sad ice cream

A sad ice cream, by Midjourney Version 4

Now here’s the scariest part about this: the AI has no idea what sadness is. Not in any human sense.

The difference between effectively undersanding and truly understanding just became moot.

But it might as well. Despite not knowing, it can emulate it brilliantly, and mix and match it with concepts like ice cream or marriage or courage.

What we missed isn’t that it’s smarter than we thought, but rather how much it can accomplish despite not being smart at all.

Ok, but what does that have to do with knowledge work?

Now, think about the nature of most knowledge work. It’s answering emails, wrangling people in Slack. Creating reports. Reading reports. Creating PowerPoint decks. Arranging meetings, conducting meetings, summarizing meetings, sharing summaries of meetings. Connecting SMEs, arranging events. Making decisions. Providing the data to help make decisions. Etc.

Some of these are more distant and/or alarming than others.

All those things are ice cream and sadness. They’re all just concepts that can be learned from looking at millions of examples. And once the has been shown those examples, it’ll be able to do things like this:

The UL Newsletter: Finding the Patterns in the Noise…Get a weekly analysis of what's happening in security and tech—and why it matters. MeetingsJoin all meetings and create summaries of what was saidProvide statistics on how much everyone spokeAnalyze their facial expressions for engagement vs. apathyGive them an EngagementTM score based on their recent interactionsAnalysisCapture all new ideas into the incoming ideas workflowRate the ideas based on creativity and originalitySee if they’ve been recommended and evaluated beforeIf the idea is related to topic1, topic2, or topic3, send a summary of the idea to TaniaActually, since you’ve already read everyone’s email and Slack, if there’s a new idea that gets talked about seriously, send it to the appropriate L2 leader as a Slack summaryActionTurn all action items into the appropriate Jira tickets assigned to the appropriate team, and include all context from the meetingFollow-up with regular pings of escalating importance, tied to escalations to higher bossesRead all open Jira tickets and see which actions can be done automatically given the AI’s access, e.g., locking down Github settings, launching some infrastructure to A/B test an idea from a meeting and emailing participants and leaders with the resultsWhen the A/B testing comes back, make a recommendation of how to move forward based on the cost and current budgets plus the current economic outlookFactor in the company’s stated posture towards taking risks, moving fast, etc, which is included in its charterMiscSuggest better wording when communicating with people based on knowing how they like to receive informationMonitor all internal communications for toxicity, and take various automatic actions when it’s seenSame for insider threat from espionage, sabotage, etc.

The insane part in all of this is that those can be (and will be) their own businesses. Their own AI businesses. You can launch a startup to do almost every line item in there, and many of them are starting already as a result of figuring out exactly what I’m describing here.

Art is the hand of the AI magician that you shouldn’t be watching.

This is the real AI gold rush. Forget the art. That was a parlour trick. But what it did was expose us to the insane capabilities of transformers and their ability to fill in the blank.

Summary

Shit is about to get crazy. We’re about to see an explosion of tech startups that are using transformers and other AI tech to automate human work. It’s going to feel like a tech boom, and it will be, but it’ll be a tech boom based on doing thousands of knowlege work tasks as good—and then better—than humans.

At scale. With no breaks. For a whole lot cheaper than having human staff.

And if you think you’re safe in management, how good do you think these systems will be at making most day-to-day decisions? We’ve already seen multiple examples of super-basic AIs making better decisions than judges, doctors, and all sorts of SMEs with significant experience. Many decisions made my leaders today will be easily done better by this type of AI.

The major separation will be between ideas and execution.

The safest will be those with the actual ideas, because execution and organization and such will be the realm of automation.

In short, AGI is not the threat we need to be worried about. A thing does not need to have feelings or self-awareness to do a job better than a human. And that’s what we just built. It’s not AGI, but it doesn’t matter.

What you can do

So here’s what I recommend based on this insane moment we’re about to enter.

If you’re looking for a first or new career, you should think very seriously about getting into AI. And not just the hard science of it (which will get increasingly exclusive), but the practical implementation side of it. Learn how to solve business problems using these tools. Welcome to Cyberdyne.If you’re in any sort of knowledge work that includes lots of reading, parsing, and performing repetitive tasks, start thinking about alternatives.If you have youngish kids, or are helping to guide some, make sure they understand what’s in this post so they can be ready. Try to steer them into being as close to the root ideas as possible.If you already get it, and you just want to know what to do tactically, start mapping repetitive tasks that are done (especially poorly) within businesses, and either learn a framework/company that solves that problem using AI or learn the raw tools yourself and build your own frameworks.

Fun times. We’ve already got the rise of authoritarianism, countries pulling inward, and the rise of inequality. And now we’re adding human work replacement to the mix.

The next 15 years is going to be a hoot.

NotesI am working on a counter follow-up post that shows a positive and optimistic trend that could come from all this, once the part above happens.There will still be lots of jobs that are resistant to this push. Physical work, managing human teams where human interaction is a key part of retention, etc.If you want to tell me how stupid I am, I’m @danielmiessler on Twitter.