Daniel Miessler's Blog, page 4
February 11, 2025
UL NO. 468 | TELOS Patterns, Apple 0-Day, Gumroad Replaces Developers with AI
Hey, happy Tuesday,
A few updates…
AUGMENTED v3 (Building your TELOS files) was a massive success. Most fun I’ve had teaching a class. Thank you to all who attended; your live input really made it special.
Going back to roots on story format here. If it’s one sentence it’s one sentence. Writing it myself, and only using the AI for the data/stats/facts extraction. I was already writing in pretty much every summary, but I find it’s better if I start from scratch and write the whole sentence myself. Curious if / how much you notice.
Created a bunch of new Fabric Patterns focused on analyzing your TELOS file/journal for personal development. They start with t_. LINK
Sorry for the super loud DnB music in my last video on Raycast. Having a serious conversation with my production team about all the “edit” keywords being left in my videos/podcasts (where I sneeze or clear my throat), and now this music thing. I like the team, but too many things are making it through. Working on it. Oh and we’ll re-release the Raycast video soon without the annoying bit. Although it is hard to apologize for DnB.
Had some shenanigans with an automated post to my X account yesterday. First thought was my user/pass being compromised (whew!) but I maintain good password hygiene / 2FA. Turns out it was a Twitter/X application posting from “inside the house”. So if you have any Twitter/X apps running in the Twitter/X infrastructure, consider turning them off, or at least watching them closely. Could be something going on back there 👀 .
SECURITYSomeone's using 2.8 million IPs to brute force the passwords of basically every type of VPN and firewall device out there. Most of the IPs are in Brazil. LINK
Sponsor
Reduce Your Phishing Triage Time by 95% with Material
Security teams need to balance the critical risk of modern phishing attacks against the simple fact that there are only so many hours in a day. Far too much time is wasted on manually triaging, investigating, and remediating: every minute spent chasing false positives is a minute not spent on mission-critical tasks. Trusted by companies like Lyft, Databricks, and Carta, Material Security helps strike the right balance with AI-powered detections and truly automated remediations across your productivity suite, along with flexible controls and granular settings that match your needs.
See the Material DifferenceApple just patched another zero-day that Citizen Lab says was being used in "extremely sophisticated" targeted attacks against specific journalists and dissidents. LINK
Ken Huang from CSA released a detailed framework called MAESTRO for threat modeling AI agents. LINK
It addresses gaps in existing models like STRIDE and PASTA that don't handle AI well
Covers emerging threats like goal misalignment, model extraction, and adversarial attacks
Researchers at WatchTowr discovered ~150 abandoned Amazon S3 buckets that had been used by major software companies, governments, and infrastructure pipelines. The concern is attackers using them for supply chain attacks. LINK
Sponsor
See the Future of Real-Time Cloud Security
Cloud threats are evolving—are you ready? Join Symphony 2025, the premier virtual summit where top experts reveal how to stop cloud-first attacks faster. Gain exclusive threat intel, experience game-changing demos, and get a first look into the bold future of cloud security, unified with the world's leading SecOps platform.
Join us at SymphonyCloudflare had a significant outage because someone tried to block a phishing URL and accidentally turned off their entire R2 storage service instead. Here's their always strong post-mortem on what happened. LINK
Wallarm released a report on API security that includes a bunch of stats on AI services using APIs. Their big takeaway is that AI security is largely API security, which I 70% agree with. LINK | REPORT
An ex-Google engineer is facing espionage charges for passing confidential IP to China. LINK
Estonia, Latvia, and Lithuania just cut their last major tie to Russia by switching their power grids from the Soviet-era system to the European continental network. LINK
Russian drone operators received boobytrapped headsets, but they had bad packaging that made them suspicious. LINK
Continue reading online to avoid the email cutoff AI / TECHGumroad says they're no longer hiring junior or mid-level engineers because AI is handling most of that work now. Sahil the CEO says AI is doing 80% of what junior devs can do, and going forward he’ll only hire seniors and architects that use AI. LINK
💡 I’m one of the most bullish guys on AI you’ll find, but this seems early to me. I wonder if these numbers are actually correct on the ground. I use these same tools everyday and there’s still a lot of daylight between them and a human with a 105 IQ. Maybe not at pure coding, but at the stuff right adjacent to coding.
One of ChatGPT's main architects, John Schulman, left Anthropic after only 5 months, saying he wants to focus more on AI alignment research. Rumor is he might join Mira’s new startup. LINK
A new demo shows an OpenAI assistant having a remarkably natural sales conversation, handling objections and questions while not lying about the fact that it’s AI. LINK
Anthropic released an Anthropic Economic Index Report on how AI is being used in the workforce. They see 36% of people use AI for at least a quarter of their tasks, with most focused on augmentation rather than automation. LINK
Lee Robinson says AI is finally enabling truly “personal” software, where people can build exactly what they need without extra bloat (home cooking vs. restaurants) LINK
LinkedIn is testing an AI tool where you just talk to the interface about what you’re looking for and it returns results. I mean…another way to say this is that LinkedIn is testing a new tool that uses the UX modal that everyone will soon be using.
Chick-fil-A is using drones to fly over, study, and optimize their drive-thrus, helping them achieve the highest per-restaurant revenue in US fast food. Their aerial "Film Studies unit" helped one location boost drive-thru sales by 50% in 2022. LINK
They’ve got a new Atlanta location serving 700 cars per hour
Drive-thrus account for 60% of total revenue
Some locations don’t even have dining rooms
Apple's making a smart home display called the HomePad, which is basically a 7-inch square display that you can put anywhere to control your house. LINK
Uber is in a weird spot because they’re just the middle-man between users and a service like Waymo. They have lots of partnerships with autonomous vehicle companies, but if someone like Waymo wins, why wouldn’t people just use the Waymo app? LINK
TED's Chris Anderson is looking for someone to take over the entire TED organization, and he's running the search like a Willy Wonka contest where anyone can apply. LINK
Christie's is doing their first AI-only art auction, and a lot of traditional artists are pretty pissed about it. February 20 in NYC. LINK
HUMANSGoogle says they're getting rid of their diversity hiring targets for 2024, calling their policies "positive discrimination", and saying they were facing legal challenges. LINK
They did say they’re not getting rid of hiring underrepresented people, just that they won’t have quotas anymore
Surprising not-surprising that all these programs disappeared overnight on January 21st. What does that tell you?
Tells me they couldn’t wait for a reason/opportunity to do so
Doctors are now a major client base for weight-loss drugs like Ozempic. LINK
NYC's subway crime dropped by 36% in January because they added 1,200 more police. LINK
There were only 147 subway crimes in January 2025 vs 231 in January 2024
They added 1,200 NYPD officers plus 300 specifically for overnight trains
Every overnight train now has a uniformed officer from 9 PM to 5 AM
A measles outbreak is hitting the least-vaccinated part of Texas, with 9 cases in an area where only 82% of kids are vaccinated (95% is what’s needed for herd immunity). LINK
We’re also in the worst flu season in the last 15 years. But COVID was annoying so let’s not talk about it. LINK
One of my favorite thinkers, Robin Hanson breaks down how different social circles value different status markers. Specifically he looks at how intellectuals like the people he hangs out with pursue and signal value. LINK
He says most intellectuals chase fame and prestige rather than original insight
He believes truly engaged intellectuals should dramatically change focus areas over decades, just because different things are likely to interest them
The highest status in his circle goes to "polymaths" who follow evidence across disciplines
He references circles of moral concern as a relevant framework
After 12 years of Walmart domination, Amazon just jumped ahead with $187.8B in quarterly revenue compared to Walmart's expected $180B. LINK
AWS now makes up 17% of Amazon’s total revenue
Their digital ad business is growing 19% YoY to $14B in Q3 2024
The market values Amazon ($2.5T) at 3x more than Walmart ($826B)
IDEASParalyzed by Crisis
I’m a bit paralyzed by what’s going on right now in politics, and specifically with the government. I cycle between depressed, apathetic, and very angry. Did the government need to be audited and cleaned up? Sure. Is the best way to start from scratch and be aggressive with it? Sure. But you lose me when I don’t see you being careful about programs that matter, and you really lose me when I hear about people making lists of enemies to go after. I’ve also learned not to trust the narratives anymore. If you listen to Joe and Elon this is the best thing ever. If you go on Bluesky we’ve already lost our country. Again, I’m back to escaping through reading. I feel like the only way we’ll really know how good or bad any of this is, is to see the results of it. In 6 months, a year, or two years. Did we really affect the budget? Did we spend that money somewhere better? Are the lights still on? Are kids starving that used to have food? Feels super weak sauce to say wait and see, but I honestly can’t trust any data telling me one thing or another. I’ll judge it by the effects on actual people.
llm-exe — Probably the coolest AI library you’ve never heard of. It abstracts your LLM calls to a universal config and handles all the details for you. LINK | GITHUB | EXAMPLE
mtr — Combines traceroute and ping into one super-useful network diagnostic utility. What's really cool about it is that it actively monitors the connection quality between hops in real-time, showing you exactly where network problems might be hiding. LINK
rpg-map-bundle — A collection of print-and-play RPG maps lets you quickly set up tabletop RPG sessions. LINK
A blog in pure .txt files. Why not? Just write. However you do it. LINK
Science is a Strong-link Problem LINK
A frustrated Redditor asked what career options exist for those who consider themselves less intelligent. LINK
RECOMMENDATION OF THE WEEKRemember there’s only so much one person can do
Good books are always there for you
Supplement with journaling
APHORISM OF THE WEEK Share UL With Someone ThoughtfulThank you for reading. Please forward to a friend and/or share on socials to help support the work.
Powered by beehiiv
February 4, 2025
UL NO. 467 | Why You Should Care About AGI (And a Definition)
Hey there!
An absolutely must-see/listen conversation about National Security, AI Agents, NVIDIA, TSMC, and more. Basically if you’re watching AI / ChipWarsTM you want to catch this. VIDEO
We made the SANS list of top security newsletters!
How to use Fabric with o1 and o3 (the flags are different) POST
After listening to that conversation I massively tightened up my explanation of why I define AGI as an AI that can replace a knowledge worker from 2022. If you have a better definition, please send it!
From Real World AI Definitions
📺 Harmonic Sponsored Interview
I had a great conversation recently with Alastair Paterson, CEO of Harmonic Security. We discussed how their Zero-Touch Data Protection tackles AI data security, the risks of shadow AI, and how their browser-based solution helps enterprises adopt AI safely. Worth a listen! WATCH | HARMONIC.SECURITY
Have a great week!
-Daniel
Sponsor
Ransomware Survival Guide: Infostealers, Exploits & More
Flashpoint identified 4,500+ ransomware attacks in 2024, with 53% targeting U.S. companies. Ransomware operations have grown more sophisticated — strategically combining phishing, infostealers, and vulnerability exploits to breach defenses.
Survive ransomware in 2025 with this free report:
Understand converging threats and how they impact your security strategies.
Prioritize vulnerabilities (such as those associated with known exploits) by applying risk frameworks and threat intelligence.
Learn how to build an incident response playbook for containment, negotiation, and recovery.
Download the report from Flashpoint to learn more
Get the Guide SECURITYDeepSeek AI Exposed Customer Data in Unprotected Database
Chinese AI company DeepSeek, which disrupted the AI world last week, left a database containing over a million user chat logs and API keys exposed to the internet with no password protection. Researchers at Wiz found the database and reported it. My question? Does it reveal any evidence that they used OpenAI for training?
Healthcare Monitors Found With Chinese Backdoor
CISA (RIP?) found that Contec patient monitors have been secretly sending patient data to China and can download and execute files remotely. Even worse: when CISA reported it to Contec, the company's "fixes" still had the backdoor—they just disabled the network interface (which the backdoor immediately re-enables). The full advisory is full of goodies.
Critical SonicWall Zero-Day Being Exploited in the Wild
SonicWall confirmed that attackers are actively exploiting a nasty authentication bypass in their SMA 1000 series products. Microsoft's Threat Intel team found this one (CVE-2025-23006), and it lets attackers execute commands remotely without needing to log in.
- Affects admin consoles on port 8443 by default
- About 2,000 vulnerable devices exposed on Shodan right now
- CISA added it to their must-patch list immediately
Sponsor
Protect your app with WorkOS Radar
Does your app get fake signups, throwaway emails, or users abusing your free tier? Or worse, bots attacks and brute force attempts?
WorkOS Radar can block all this and more. A simple API gives you advanced device fingerprinting that can detect bad actors, bots, and suspicious behavior.
Your users trust you. Let’s keep it that way.
Protect Your App NowMajor Hacking Forums Seized in International Operation
Law enforcement just took down some of the biggest hacking forums in the world, including Cracked and Nulled, which had over 10 million users combined.
Backline Launches with AI-Powered Security Remediation
A new startup called Backline raised $9M to use AI agents that automatically fix security vulnerabilities without human intervention. I include this one because it’s part of the trend of what we’re going to see from agents becoming real. Sure you can find issues, but can you fix them?
Tulsi Gabbard Faces Senate Over Surveillance Stance
In her DNI confirmation hearing, Tulsi Gabbard got grilled hard about her complete 180° on surveillance—going from wanting to kill Section 702 to now calling it "vital". She was also asked about her previous support of Edward Snowden, who she once called a "brave whistleblower" but now says "broke the law".
💡 I am a simple man: I think if you dump top secret documents to the internet and move to Russia, or if you break into the Capitol building on verification day because you want to change the results—you’re a criminal.
At one point I saw Snowden as a whistleblower too, and I was a bit torn about it, but that day passed years ago.
AI and Palantir Transform UK Police Operations
Bedfordshire police just became the first UK force to deploy Palantir's AI system, and they found 123 at-risk kids in just 8 days. Their stock is way up too.
A Better Way to Think About Passkeys
An argument we're getting passkeys all wrong—i.e., that they should be used alongside magic links, not as a complete replacement for other auth methods. I’m just happy they exist. Best thing to happen to security in over a decade at least.
💡 Why I Think You Should Care About Us Reaching AGI
I wanted to say a bit more on the AGI thing. I think it’s the most important topic in AI, actually. Tons of very smart people don’t know why they should care about AGI. Like who cares if it hits this benchmark or that threshold? There’s only one good reason I can think of, which is why I use it as my definition.
AI workers. Like, coworkers.
Imagine your team at work. You’ve got 5 coworkers. Or 20. Or 35. However big your team is. Now imagine it’s 10,000 instead. Like overnight. One day you just have 10,000 devs instead of 7.
They’re not perfect. They make mistakes just like everyone else. Someone still reviews their work. They still get lost sometimes. In some ways they’re way smarter than your human coder peers, and in some ways way dumber.
But they make steady progress. They show up for video calls. They can read docs. They can code. They can take direction. They can readjust based on seeing a Slack message. They can give updates in a meeting.
But it’s 10,000 of them instead of 10. Or 100,000 instead of 100. And they work 24/7 and constantly improve.
That’s why AGI is a big deal. And I think we’re getting really close. Again, it’s not one component that will do it. AGI will be a system. It’ll behave like one person (thing, whatever), but it’ll really be this composite that lets it behave in a cohesive way.
My guess in 2023 was 2025-2028. I think we’re on track for that. My guess now is late 2025 or sometime in 2026 for the most basic version that barely gets us there. And even more likely in 2027, and definitely by 2028.
If and when it happens, it’ll be the single biggest impact on humanity from tech, by far. Even bigger than the internet. Both negative and positive.
93% of IT Leaders Plan to Deploy AI Agents by 2026
Perfect timing: a new Mulesoft report shows that almost all IT leaders are planning to use autonomous AI agents within two years, and about half are already doing it.
Sam Altman Admits OpenAI Was Wrong About Open Source
Sam Altman admitted in a Reddit interview that OpenAI has been "on the wrong side of history" regarding open source. Insane how winds can shift so quickly. It’s all Kumbaya until a terror attack happens that was “influenced by” an open-source AI model. Then HuggingFace becomes an Al Qaeda website.
OpenAI Claims Chinese Rival DeepSeek Stole Training Data
OpenAI accused DeepSeek of scraping and using data from ChatGPT to train their own models. They say they found patterns in DeepSeek's outputs that were suspiciously similar to those from GPT-4, including some of the same quirks and mistakes.
💡 The big troll right now is to say it’s funny that OpenAI is complaining about stealing when they stole the internet for their own training. I personally think the whole thing is moot.
I think, with few specific and licensed exceptions, what we put into the public is just part of the universe’s background noise. Would it be nice to get credit? Sure. But if you said it publicly you should expect it to become part of the internet’s collective knowledge. AI is just making that more real.
DeepSeek's R1-Zero Shows AI Reasoning Without Human Training
DeepSeek just dropped their R1-Zero system that achieves 14% accuracy on ARC-AGI-1 without any human-labeled training data. This is so critical because it’s very much like previously in chess. At first the chess AI got good by watching humans, then they made a better one (AlphaZero) that just learned by playing.
DeepSeek AI Found Avoiding 85% of China-Related Topics
A new study shows that DeepSeek's AI model refuses to answer the vast majority of sensitive questions about China. The PromptFoo team tested 1,360 prompts and found that not only does it dodge these topics, but it often responds with weirdly nationalistic messaging.
Effective Ways to Evaluate LLMs and RAG Systems
Here's a solid breakdown of how to properly evaluate RAG systems and LLMs in practice. Salman Khan breaks down the two main components we need to care about: the quality of retrieved info and how well the LLM uses it.
Andrej Karpathy on Flow State Programming
Andrej Karpathy shared his thoughts on "vibe coding", where you basically get into a flow state and code like you're playing an instrument. He says the key is to stop overthinking and just think and respond and let the AI do most of the actual work. Lot of people were like, “No! Not you too!” But if Andrej is thinking this way and you aren’t, guess who’s probably wrong?
Apple Partners With SpaceX for iPhone Satellite Service
Apple quietly added Starlink satellite support to iPhones through a software update, partnering with SpaceX and T-Mobile to expand their emergency communication options.
Scientists Think Aliens Exist
A massive new survey revealed that 87% of astrobiologists think extraterrestrial life exists somewhere in the universe, and regular scientists agree at about the same rate.
Drones Are 91% Effective at Scaring Away Grizzly Bears
A study in Montana shows that drones are way better at keeping grizzlies away from humans than traditional methods like dogs and vehicles. Wesley Sarmento's research in Frontiers found that drones had a 91% success rate compared to just 57% for trained dogs.
Swerving Broncos
I was thinking about how worried people are about AI taking over, and how it’s going to cause all sorts of security and safety issues. But the other night I was driving on the 101 near San Francisco at like 11PM and saw literally three (unrelated) giant Bronco or whatever trucks like drifting over the lanes. Side to side. Over miles. Either on their phones or drunk or something. I’d get away from them and miles later another one. I’m fully Waymo-pilled. Humans are super dangerous, and we ignore it because we’re used to it.
Apple's Big AI Jump
Apple's about to go from having the worst AI implementation to having the best. How? By finally turning on the switch they've been building up to for years now.
danielmiessler.com/blog/apples-ai-jump
AI Novels Are Coming
It's about to get a lot easier to write a decent novel. I'd guess that within 1-3 years, being an "author" of a novel is going to become AI prompting combined with verbal narration.
danielmiessler.com/blog/ai-novels
DISCOVERY
I dismissed ChatGPT's new Tasks feature as a slightly better version of Google Alerts.
I was wrong. It's fucking cool.
I just made an AI agent that:
• Sends me a summary of any comedy or music events + new movies playing in my hometown every day at 3pm
• Checks for any… x.com/i/web/status/1…
— Andrew Wilkinson (@awilkinson)
8:41 PM • Jan 19, 2025
🔥 Using UV as Your Python Script Shebang
Here's a really clever way to use UV (the new fast Python package manager) directly in your shell scripts as a shebang line. The trick is using #!/usr/bin/env -S uv run --script at the top of your Python scripts, which lets you run them directly from the command line while automatically handling dependencies.
AI Crawlers Getting Trapped by Malicious Tarpits
A developer has created Nepenthes, a malicious software that traps aggressive AI web crawlers in infinite loops and feeds them garbage data to poison their models. Smiling not smiling.
Deep Research Feature for ChatGPT
OpenAI dropped a new ChatGPT capability called "deep research" that's designed to do thorough, multi-source research with actual citations.
The Death of Subculture Through Commodification
Justin McGuirk explores how William Gibson's novels perfectly capture our obsession with commodifying everything unique and authentic until it loses all meaning.
YouTube Video Downloader with High Quality and No Ads
Found a really clean Python script that lets you download YouTube videos and playlists in the highest quality, and it even grabs subtitles and thumbnails automatically. Expect it to get blocked soon.
If you ever get overwhelmed by what all this AI stuff even means, or you want to explain it to anyone else, try something like this:
APHORISM OF THE WEEK Share UL With Someone Thoughtful
Within the next few years we might have something called AGI, where AI can work as a full knowledge-worker. Like joining the onboarding cohort, reading documentation, participating on Slack, submitting code, adjusting their work based on the work of others, etc.
But instead of 2 or 5 of them, imagine hundreds of them for the cost of one human employee.
Thank you for reading. Please forward to a friend and/or share on socials to help support the work.
Powered by beehiiv
January 28, 2025
UL NO. 466 | My Analysis and Prediction on the Deepseek Situation
Hey there!
I hope your week is starting off better than NVIDIA’s did.
Went to a phenomenal Offensive Security / AI conference/hackathon on Saturday. Amazing job to Rob Ragan for organizing!
Nerd Observation: Far too few people realize you can just lift the top of your iPhone up to someone else’s (it’s called ) and it’ll do this super sick liquid thing and transfer your contact info. I don’t know how people in SF still don’t know about this feature! Every time I do it people think I invented WiFi.
So glad I bought a bunch of TSMC last week! 😀 (jk, playing long game, but still sucks)
Just finished The Picture of Dorian Gray for UL Book Club, and it f’ing blew me away. READ MORE CLASSICS! ← A reminder to myself. Every single time I read a classic I remember that I need to read more of them.
I have an explainer in the AI section about what happened with Deepseek.
This week’s DISCOVERY is 🔥
📺 Vanta Sponsored Interview
I had a great conversation recently with Faisal Khan, a GRC Solution Specialist at Vanta. Their platform is transforming trust management, helping organizations automate compliance, streamline vendor risk management, and tackle frameworks like SOC 2 and ISO 27001. It was a fascinating discussion about how they’re addressing GRC, and we even got a demo! Worth a watch if you’re in or around this space. WATCH | VANTA.COM
-Daniel
Sponsor
Join thousands of fans already listening to Threat Vector
Threat Vector, the official podcast of Palo Alto Networks, is your premier destination for security thought leadership.
Join us as we explore cybersecurity threats, robust protection strategies, and industry trends.
The award-winning podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.
Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.
Listen or Subscribe Now SECURITYCritical SonicWall Vulnerability Being Actively Exploited
SonicWall just announced a nasty vulnerability in their SMA 1000 appliances that's likely being used in the wild right now. The bug (CVE-2025-23006) is about as bad as they get with a CVSS score of 9.8.
Researchers Find Remote Control Flaw in Millions of Subarus
My buddies Sam Curry and Shubham Shah found they could remotely unlock, start, and track Subarus through a simple employee web portal vulnerability. Two of the GOATS of bounty.
A thread on the downsides of everyone getting a coding assistant:
One of the biggest impacts of AI that goes kind of unnoticed is that we’re about to see an explosion of poorly built applications.
Specifically, applications built completely by AI with no thought of security whatsoever.
🧵
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler)
5:16 PM • Jan 27, 2025
Sponsor
The SOC Speed Metric You Need to Know
MTTD and MTTR don’t tell the whole story. Mean Time to Conclusion (MTTC) is the missing metric that reveals SOC efficiency.
90% of SOCs are drowning in alerts—MTTC helps clear the backlog. Learn how Dropzone AI reduces MTTC with AI-driven automation. Get the free eBook now.
Download the eBook➡️The CVSS Scoring System Is Broken Beyond Repair
The creator of curl just announced they're completely abandoning CVSS scoring because it's fundamentally broken for widely-used open source projects. Daniel Stenberg explains how CISA recently marked a low-severity curl vulnerability as "Critical" with a CVSS score of 9.1, showing how the current system is causing more harm than good.
💡 This talk has really been flying around for years, and the new version did help a lot, but I wonder if something better might be on the cusp of being invented. If it hasn’t already.
I think the bigger concept at play here is that context is everything, and systems like CVSS were built for the old world. They have some mechanisms for adding information about the environment, but ultimately—I hate to say it—but AI combining context about the attack with context about what we’re defending is the ultimate game here.
We still need a schema for that, but the real game is dynamic context + intelligence, not a better CVSS.
UnitedHealth Breach Now Affects 190M Americans
The Change Healthcare ransomware attack is now officially the largest healthcare breach in US history, with UnitedHealth saying 190 million people were affected.
Ship Seized in Swedish Baltic Cable Sabotage
Swedish authorities just grabbed a ship they think cut an underwater internet cable running between Sweden and Latvia. This is after multiple similar incidents nearby, including the Nord Stream pipeline sabotage and other Baltic cable attacks that many experts believe are tied to Russia.
Nvidia Loses $600B After Chinese Deepseek AI Breakthrough (the US stock market lost $1T)
Nvidia just had the biggest single-day market loss in history after this whole Deepseek thing. Basically Deepseek built a top tier model after spending only $5.6M in GPU costs. It triggered a 17% stock drop, wiping out $589B in value—which is more than twice the previous record holder, also set by Nvidia last year.
So here’s my quick explanation for those who aren’t too close to the whole AI/Chips space.
NVIDIA has been a darling of all the AI hype because they’re the GPU leaders
Much of the future hope of making money from AI has been embodied by them
The idea is that GPUs rule the AI world and NVIDIA rules the GPU world
Implicit in that is the assumption that NVIDIA chips are scarce and expensive
This meant that anyone wanting to be a leader would have LOTS of NVIDIA chips
Deepseek, a Chinese company, just blew that out of the water
They produced something that should have cost them billions for just $5.6M
They found workarounds that let them get more performance for less
This shocked AI investors because it made NVIDIA less necessary in their minds
Less necessary → less valuable
My analysis = So What?If anything Deepseek is nothing but exciting! We’re getting more AI for less resources. End of story.
The advantage Deepseek found is an example of what I’ve been calling “slack in the rope”. Here’s what I said about this last year:
From August 2024
There will be WAY MORE of these types of Deepseek jumps in my opinion, simply because we barely understand how any of this stuff works.
One way I’m casually thinking about this is that there are now two steps here:
Training the Intelligence (the model)
Training the Wisdom (Reinforcement Learning)
Intelligence is the size of the brain, and RL is life experience.
This isn’t technically true, but I think it makes a lot of sense as a model.
Anyway, I think the market reaction is very mistaken.
The market has gone from being foolish to overvalue NVIDIA to being foolish to undervalue it.
It was worth too much before because of hype, and it’s worth too little now because of fundamentals.
Meanwhile, Apple Stock Rises. Something I’ve not heard anywhere else: Apple is in great shape here. Why? Because it’s not AS MUCH about specialized hardware or specialized models or specialized knowledge. Progress will continue, progress will get leaked and shared, and the companies who have the richest context of users and companies—along with the platform best situated to serve them—will be in the best position long-term.
🔭 PREDICTION
What happens to NVIDIA—or any other part of the stack—doesn’t matter much at all because we are still at .00000000000018% of the amount of AI we want/need in the world.
It doesn’t matter how we get there, and it’s not predictable. Could be ARM processors. Could be GPUs. Could be something completely new. Doesn’t matter. We’re still at the bottom of the mountain.
People are confusing hype and company stocks with underlying fundamentals.
My prediction is that NVIDIA will continue to rise (despite being battered by multiple things like Deepseek in the future) because 1) they have a strong leader, and 2) there’s simply so much more to do.
OpenAI's Operator Can Browse the Web Like a Human
OpenAI launched a preview of Operator, a new tool that can navigate web browsers just like a human would, using buttons, menus, and text fields without needing special APIs. I was a bit underwhelmed by this one, honestly. We need more generalized agents, not an app store for agent functions.
Google Releases Free Gemini 2.0 with Million-Token Processing
Google just dropped a massive update to Gemini that processes 5x more text than GPT-4 and they're giving it away for free during beta. The new model is crushing benchmarks as well, scoring 73.3% on the AIME math exam and 74.2% on GPQA Diamond science tests.
Anthropic Builds Citations API to Combat AI Hallucinations
Anthropic just released a new Citations API that lets Claude reference specific parts of documents to avoid making stuff up.
Google Pours Another $1B into Anthropic
Google just dropped another billion dollars into Anthropic, making them one of the most well-funded AI companies in the world right now. They've now raised over $11B between Google and Amazon.
Apple's Two Main AI Priorities for 2025 Revealed
A leaked memo from Apple's AI chief shows they're focusing on completely rebuilding Siri's infrastructure and improving their existing AI models this year. So, AI basically.
Seed Rounds Growing Despite Market Downturn
While overall startup funding has dropped significantly since 2021, seed rounds are actually getting bigger, especially those over $5M. The total seed funding for 2024 was $13.2B, which is down from the 2022 peak of $19B but still way more resilient than the 50% drops we saw in early and late-stage funding.
Colorado Police Give Away Free AirTags to Prevent Car Theft
Police in Arvada, Colorado are now giving away free AirTags and Tile trackers to help prevent vehicle theft in their community.
Doorbell Camera Captures Meteorite Nearly Hitting Man
A Ring camera in Canada caught the exact moment a meteorite smashed into a man's front walkway just minutes after he walked away from the exact spot. How did this not leave a crater?
Blood Pressure Readings Should Be Done Lying Down
A new Harvard study shows we should be taking blood pressure readings while lying down instead of sitting, which apparently gives much better predictions of heart issues.
Hans Zimmer May Compose New Saudi National Anthem
Hans Zimmer is apparently in talks with Saudi Arabia to remake their national anthem and create some other compositions for the kingdom, including a piece called "Arabia".
A Simple Technique That Makes Plans Work Better
A premortem is basically where you imagine your project has already failed and you work backwards to figure out why—and it's way more useful than regular planning.
Worth looking back at given the news.
The 4 Components of Top AI Model Ecosystems
The four things I think will determine who wins the AI Model Wars
danielmiessler.com/blog/ai-model-ecosystem-4-components
DISCOVERY🔥 Cline is the Absolute Best AI Assistant I’ve Used So Far
There’s massive competition in AI coding assistants, and I’ve used most of them. Cline has turned out to be my favorite so far! And I just started using it a couple of weeks ago and it basically feels smarter and more natural as I interact with it. Kind of a sleeper, but I highly recommend it. And rather than being its own IDE like Curor, Cline just integrates as an extension into standard VSCode.
Clever Anti-Scraper Trap Using CSS Selectors
A developer created a brilliant trap for web scrapers by using specifically crafted CSS selectors that look normal but actually create an exponential number of matching combinations, effectively DOSing scrapers while regular browsers remain unaffected.
Try Out Deepseek Using Ollama
This is how I recommend you try it out. Really fascinating to watch it think in realtime before it answers.
Magenta.nvim: A Tool-First AI Coding Assistant
Here’s one of the Neovim options that I’m trying. Ultimately I’d love to get something like Cline in my Neovim setup and not have to use VSCode. The plugins are working ok but the integration friction is the downside.
LangChain Releases Local Web Research Assistant
LangChain just dropped a cool new tool that lets you do deep web research completely locally using Ollama-hosted LLMs. The system does iterative research by searching, summarizing, identifying gaps, and then diving deeper.
Convert WordPress Sites to Hugo Automatically
Someone created a simple service that converts WordPress blogs to Hugo static sites in just a couple of clicks. It’s really time to get off of Wordpress, if you’re still on it. And I highly recommend a static website going forward. OWN YOUR MARKDOWN.
Philips Hue Bulbs to Get Motion Sensing Without Extra Hardware
Philips Hue bulbs are about to get a pretty insane upgrade that lets them detect motion without needing separate sensors, using radio signal interference between 3-4 bulbs in a room. The tech, called Sensify, is super responsive with triggers happening in under 500ms, and it's coming as a free firmware update to tens of millions of existing Zigbee devices.
How to Say "No" as a Product Manager
RECOMMENDATION OF THE WEEKRemember that:
AI is not AI stocks
AI is not the survival of AI companies that did marketing in 2023/4
AI’s TAM is the replacement of human labor and the magnification of GDP that can come from millions/billions of people becoming a founder / builder / creator
That’s the ball to watch
Everything else is noise
APHORISM OF THE WEEK Share UL With Someone ThoughtfulThank you for reading. Please forward to a friend and/or share on socials to help support the work.
Powered by beehiiv
January 22, 2025
UL NO. 465 | The SaaS Attack Vector, Project Stargate, and Undersea Cable Drones
Hey there!
Spent like 20 hours over the past few weeks updating my Home, About, Projects, Telos (new), and Predictions pages on the new site! Highly recommend you 1) check mine out, and 2) make your own! The new front page and the About page took the longest by far.
Highly recommend checking out two podcast episodes:
Dan Carlin on Alexander the Great MORE (Biographies are my favorite now! So happy Dan is back!)
An Acquired episode on TSMC MORE ← Super inspiring and informative
My buddy Joseph has gone independent! So happy for him! He’s now a full-time bug-bounty hacker and entrepreneur! Can’t wait to see his 2025.
Have a great week!
Daniel
Sponsor
See the Future of Real-Time Cloud Security
Secure your spot on the frontlines of cybersecurity innovation at Symphony 2025.
Nearly every business runs in the cloud and adversaries have followed. Learn how you can transform security operations to defeat modern, cloud-first attacks faster than you ever thought possible.
This virtual summit is packed with sessions including:
The power of real-time cloud security: Get a first look into the bold future of cloud security, unified with the world's leading SecOps platform.
Exclusive intelligence: Gain Unit 42® insights to outsmart and stay ahead of emerging threats.
Game-changing demos: Experience the speed and scale of Cortex®, the world's leading SecOps platform.
Real-world wins: Discover how SOCs are transforming cloud security and gain actionable takeaways for your organization.
Join Us at Symphony 2025 SECURITYSaaS Attack Surface Growing 200 Apps Per Month Per 100 Employees
New research shows the average employee creates a new SaaS account every two weeks, which is creating massive security blind spots for companies. The 2024 Verizon DBIR found that web applications were involved in about 50% of all security incidents, and 80% of breaches now involve compromised SaaS credentials according to Crowdstrike.
Google's Automation of Threat Detection
Google just shared how they handle threat detection at massive scale, and they're doing some wild stuff around automation and response time. They went from response times of weeks to just hours, and they're doing it by automating 97% of their detection work.
Microsoft AI Red Team Shows How to Attack AI
Microsoft's AI Red Team published their findings from attacking over 100 AI products, sharing key lessons for identifying risks and vulnerabilities. Their most interesting insight is that basic techniques like prompt injection often work better than complex attacks, and that combining multiple simple techniques is usually the most effective approach.
DJI Removes All Geofencing from Its Drones
DJI just announced they're removing all geofencing restrictions from their drones in the US, meaning you can now technically fly them anywhere including airports, wildfires, and the White House. How is this not going to get them TikToked?
Sponsor
Extend Your SOC with a Proven AI
Intezer’s Autonomous SOC platform is the proven, always-on AI solution that extends security teams and transforms how they operate.
Eliminate alert fatigue with autonomous, high-accuracy triage.
Accelerate investigations with actionable insights delivered in 2 minutes on average.
Catch the hidden threats with AI that escalates the alerts that matter.
Request a DemoNew Administration Announces Project Stargate
The new administration along with Larry Ellison, Sam Altman, and Masayoshi Son launched a new AI project called Stargate. It’s basically a new company and $500 billion-dollar investment designed to make sure the US wins the AI war with China.
Pentagon Using AI to Speed Up Military Planning
The Pentagon is now using AI from companies like OpenAI and Anthropic to help identify and assess threats faster, but they're supposedly being careful to keep humans in control of any actual weapons. Narrator: “For now”.
It was a pleasure serving on the @CISAgov Technical Advisory Council, which has now officially been shut down 🫡
— Rachel Tobac (@RachelTobac)
11:18 PM • Jan 21, 2025
Trump Dissolves DHS Advisory Committees Including CISA Board
The new Trump administration just terminated all DHS advisory committees, including CISA's Cyber Safety Review Board that was investigating critical infrastructure attacks. The CSRB was in the middle of investigating Chinese telecom hacks by Salt Typhoon, and Senator Ron Wyden called the move "a massive gift to Chinese spies."
AI-Powered Brad Pitt Scam Costs Woman €830k
A French interior designer lost €830k to scammers using AI to impersonate Brad Pitt in an online romance scam that lasted 18 months.
Trump Rescinds Biden's AI Safety Executive Order
Trump killed Biden's main AI safety executive order from 2023 that required companies like OpenAI to share safety test results with the government. And then he launched Stargate, which is all about moving fast to beat China.
💡 I’m honestly happy with this. I am worried, because you’d be crazy not to be, about moving too fast. But the one thing we can guarantee is that China will move as fast or faster, and there’s no guarantee they’re being safe. So Moloch for the win. Loss actually.
NATO Deploys Sea Drones to Protect Undersea Cables
NATO has launched Operation Baltic Sentry, putting 20 autonomous boats in the Baltic Sea to protect undersea cables from Russian sabotage. Water drones. I don’t know why I didn’t think about that when I was commenting on it last week. Love it.
Anduril Building $1B Weapons Factory in Ohio
Palmer Luckey's defense tech company Anduril is building a massive 5-million-square-foot weapons factory in Columbus, Ohio called Arsenal-1. They're dropping close to $1B of their own money on this thing, and they picked the location partly because of the nearby Rickenbacker Airport's 12,000-foot runways.
Companies Are Using Your Data to Charge You More
The FTC just released data showing companies are using your location, demographics, and even mouse movements to charge you different prices for the same products. According to FTC Chair Lina Khan, they're investigating eight companies that sell these "surveillance pricing" systems.
Trump Announces $500B AI Infrastructure Project (Stargate)
Trump just announced "Stargate", a massive $500 billion AI infrastructure project with OpenAI, Oracle, and Softbank as the main partners. The project aims to build data centers across the US and create 100,000 jobs, with Sam Altman, Masayoshi Son, and Larry Ellison all appearing at the White House announcement.
Perplexity Releases Sonar, a Real-Time AI Search API
Perplexity just launched an API that lets developers build their real-time AI search capabilities into their own apps, and Zoom's already using it in their video platform. And the pricing is really competitive at $5 per 1,000 searches for the base tier, with a Pro tier available for more complex queries. I was already using this API so I’m not sure how it’s different, though. And the docs don’t make it clear. 🤷🏼
Transformer² Introduces Self-Adaptive Language Models
Sakana AI just released a new approach that lets language models dynamically adjust their weights in real-time based on the task they're working on. Their method, called Transformer², uses reinforcement learning to enhance or suppress different parts of the model's "brain" components, leading to significantly better performance.
TSMC Starts Making 4nm Chips in Arizona
TSMC has officially started making 4nm chips at their new Arizona plant, which is a massive win for US semiconductor manufacturing. I wonder how many people are thinking that Arizona is Plan A if China takes Taiwan. Seems like the obvious move. The US is in tremendously good position right now.
TSMC Resumes Production After Taiwan Earthquake
Speaking of TSMC, they had to temporarily halt chip production after a 6.4 magnitude earthquake hit the southern part of the island, but they're already back up and running.
Meta Cutting 5% of Workforce for Performance
Zuck just announced they're letting go of about 3,600 people by February 10th, but they're planning to refill those positions with new hires.
💡 This is constant cleansing/replacing of the workforce with Alaskan Boat Crews. After doing this constantly for a year or so the culture will be quite different there.
Not investment advice (ever), but I expect their stock to be a high performer in the next few years. (I’ll add this to my /predictions page as well)
Meta's 'Seamless' Brings Us Closer to Universal Translators
Meta just released a new AI translation system called Seamless that can translate speech between 36 languages while preserving the speaker's voice and emotional tone. We’re getting closer to the Universal Translator! MORE
New Laser Tech Measures 100km Within Nanometers
Scientists have created a new laser measurement technique that can measure distances of over 100km with nanometer-level precision, which is absolutely wild. That's like measuring the distance between two cities with the precision of 1/1000th the width of a human hair.
RSS Is Making a Comeback
RSS is having a renaissance because it lets you get all the good stuff from social media without the algorithmic manipulation. You follow your sources, and you’re good. This article shows how to use RSS to follow everything from YouTube channels to Reddit (filtering for high-quality posts only). MY RSS FEED BTW
Github Actions Falls Short for Complex Projects
A developer shares his frustrating experience with Github Actions breaking down in larger, more complex environments like monorepos with multiple teams. The main issues include broken required checks for PRs, overly complex YAML configurations, and a complete lack of local testing capabilities.
Japan's Elderly Women Choose Prison Over Loneliness
Japanese elderly women are increasingly choosing to commit petty crimes to get into prison, where they get meals, healthcare, and community they can't find outside. This is horribly depressing to me.
💡 Human connection is everything.
US Worker Job Satisfaction Hits 10-Year Low
A new Gallup poll shows American workers are more checked out than they've been in a decade, with only 31% saying they're engaged at work. The biggest drops were among younger workers and those in tech, with remote work satisfaction also taking a surprising dive from 69% to 48% since 2021.
Sweden to Spend €104M Bringing Back Print Textbooks
Sweden is reversing its 2009 all-digital education initiative by bringing back printed textbooks to classrooms after seeing declining reading and writing skills among students.
Study Shows Undocumented Immigrants Commit Far Less Crime
A comprehensive study in Texas from 2012-2018 found that undocumented immigrants commit violent and drug crimes at less than half the rate of native-born citizens, and property crimes at just 25% the rate of native-born citizens.
Healthcare Giants Caught Marking Up Cancer Drugs 1000%
The FTC just released a report showing UnitedHealth and other major healthcare companies were marking up cancer drugs by over 1,000%, affecting drugs like Imatinib for leukemia treatment.
Medicare to Negotiate Prices for Ozempic and Other Major Drugs
Medicare just added 15 more drugs to their price negotiation list, including the super-popular Ozempic and Wegovy.
Greenland Sharks Can Live for Over 500 Years
Scientists discovered Greenland sharks are the longest-living vertebrates on Earth, with some potentially being alive since before Columbus.
Stoicism’s Gift
The greatest gift that Stoicism has given me is the ability to enjoy something I still have as if I no longer have it. It’s the ultimate frame.
sshcont: SSH Into Throwaway Docker Containers
A new open source tool lets you instantly spin up disposable Docker containers via SSH for quick testing and development. It's super lightweight and works with various distros including Debian, RHEL, and Alpine, with the containers getting automatically cleaned up when you're done.
A bunch of my buddy Joseph Thacker’s favorite lists
Getting People’s Names Right With Raycast
What I Wish I Knew Before Quitting My Job
Michael Drogalis shares his raw experience of how quitting his job to work on his own turned out way harder than expected. He talks about the brutal reality of going from a $425K tech salary to making basically nothing, and how isolation and loss of structure hit him particularly hard.
How Hypothesis Sheets Can Guide Startup Ideas
Michael Bock shares a really practical framework called "Hypothesis Sheets" for validating B2B startup ideas before committing to them.
Try something different with your meditation for the next few weeks.
Make a list of the relationships and other good things you have in your life. Things like:
Your husband/wife
A particular kid you have
A close friend
The fact that you aren’t hungry or cold
Now imagine that thing gone. But really imagine it. Like put yourself in that mental mode of being without your spouse, or that friend.
Imagine what you would do next. What does a day look like. Imagine watching TV. Imagine brushing your teeth. But without that person on the planet.
Then wake up. And realize they’re still here.
APHORISM OF THE WEEK Share UL With Someone ThoughtfulThank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Powered by beehiiv
January 14, 2025
UL NO. 464 | AI Phishing Matches Humans, Under Sea Cable Cutter Patents, and Siri is About to Not Suck
Hey there!
I have found the best coffee recipe in existence. MORE
This guy is brilliant. Funniest geek humor I’ve seen in ages. MORE
Been grinding on my Predictions page. It’s coming along, but only like 20% complete. MORE
Thanks to DoomerOutrun for the Fabric callout here! MORE
Have a great week!
Daniel
Sponsor
Enterprise Ready in Minutes: Simplify SaaS Development with WorkOS
Building B2B SaaS? Selling to enterprises means meeting complex requirements like:
SAML single sign-on
SCIM provisioning
Role-based access control
Fine-grained authorization
These features can take months to develop and maintain—but WorkOS makes it easy, so you can focus on your core product instead.
WorkOS also offers AuthKit, a powerful user management solution that’s:
Free for up to 1 million monthly active users
Packed with features like MFA, bot protection, and user impersonation
Built with Radix components for limitless customizations and modular templates
Already trusted by fast-growing companies like Cursor, Vercel, Perplexity, and Sierra, WorkOS makes becoming Enterprise Ready seamless.
👉Get Started Today SECURITYA new study shows AI-powered spear phishing is extremely effective, finding AI tools achieved a 54% click-through rate versus 12% for regular phishing emails, and matched human expert performance at 1/30th the cost. Big yikes on this one—just as good as humans for 1/30th the price. MORE | THE STUDY
💡I’d love to say that was a bad paper, but the methodology looked solid, it’s out of Harvard, and has Bruce Schneier as an author. Le sigh.
The US launched a new cybersecurity label program called the U.S. Cyber Trust Mark to help people know which smart home devices are secure. Companies have to get their products tested by NIST-approved labs to earn the certification, which covers everything from baby monitors to smart locks. MORE
🚧 Project Russia reveals Putin's detailed playbook for taking down Western democracies through spiritual warfare and economic collapse. The 2005-2010 book series, distributed to Russian officials and linked to the FSB, outlines a plan for establishing a Putin-led "supranational" state after engineering the fall of the US dollar and democratic systems. MORE
💡I’m going to write a Fabric pattern that captures all the goals and tactics of this strategy.
Then I’m going to start sending YouTube video transcripts through the pattern to find where people are speaking exactly to the book of this plan! See: Tucker Carlson.
Taiwan says a Chinese ship might have deliberately cut one of their undersea internet cables, which follows similar incidents in Europe recently. MORE
💡I wonder if one future could be internet without undersea cables. Bandwidth would be infinitely slower, but it’s harder to take out satellites. Basically all the major powers have their own internet and web. And they only really partner with friendlies.
Seems farfetched, but so did a lot of things happening right now.
CISA releases data on how well 7,791 critical infrastructure orgs were adopting their security goals. Healthcare, water systems, communications, and government facilities are doing the best so far. MORE
The Chinese Drone Company, DJI has released an Update that removes its Geofencing System (GEO) from Drones sold within the United States. The System, which would previously prevent Drone Operators from flying through Restricted/No-Fly Zones across the Country, including Military… x.com/i/web/status/1…
— OSINTdefender (@sentdefender)
5:22 AM • Jan 14, 2025
Arctic Wolf found a likely zero-day being used to hack Fortinet firewalls that have management interfaces exposed to the internet. MORE
A new zero-day in Ivanti's VPN products is being actively exploited by suspected Chinese hackers to breach corporate networks. MORE
SonicWall is rushing to get customers to patch a serious authentication bypass bug in their SSL VPN that's actively being targeted. The vuln affects both SSL VPN and SSH management interfaces and they’re directly emailing customers telling them to patch. MORE
Greenland is becoming increasingly critical for U.S. military strategy in the Arctic, as Russia already has 50+ Arctic bases and the world's largest icebreaker fleet. MORE
The White House and some intelligence agencies are now saying there's about a 50-50 chance that a foreign actor did target US personnel with some kind of energy weapon, which is a major shift from the CIA's 2023 assessment that basically ruled out deliberate attacks. MORE
Continue reading online to avoid the email cutoff AI / TECHApple is actually building the AI we all want. I’m telling you, they’ve been quiet about this AI stuff but that’s because they’re doing it quietly just like always. Look at #2 in this list! They are the ones who have the context to make this work. MORE
OpenAI's o1 keeps randomly switching languages while solving problems—and no one knows why. o1 will sometimes switch to Chinese, Persian, or other languages mid-reasoning, even when asked questions in English. MORE
Zuckerberg says Meta will start using AI to replace midlevel software engineers in 2025. He claims they'll have AI systems that can effectively work as company engineers writing code, eventually planning to automate all app development at Meta. MORE
Nvidia released a blueprint for creating digital twins of robot fleets in factories and warehouses. They're virtual environments where companies can test and optimize their robots before deploying them in the real world. MORE
OpenAI released their new "Economic Blueprint" that outlines how the US can win the AI race against China while managing the tech's risks. They say there's $175B in global funds ready to invest in AI projects that could flow to China if the US doesn't act fast. MORE
OpenAI is starting to build its own robotics team, hiring for its first hardware roles. If you thought AI was big, wait till you see robots. And then AI-powered robots. Remember, there are hundreds of billions of dollars behind replacing human workers. MORE
Dell is changing their laptop names to just Dell, Dell Pro, and Dell Pro Max, copying Apple like most everyone. First it was phone form factor. Then it was packaging. And now everything’s a Pro and Pro Max.
Apple might launch a new app called "Invites" to help manage events and meetings more effectively than Calendar. I hope they do. Really surprised Calendly and the like are the best options out there. MORE
Stack Overflow is seeing a massive decline in new questions, dropping 77% since 2022. MORE
Amazon is winding down some of its DEI programs and integrating others into existing processes. Meta just killed most of their programs and their entire DEI department. The company cited changing legal landscape as the reason, following similar moves by Microsoft and Zoom to roll back their diversity initiatives. MORE | MORE | MORE
💡The corporate world continues to move towards the Alaskan Fishing Boat Model. There’s no DEI on an Alaskan Fishing Boat.
And if robots could do the work there wouldn’t be any boat crews on them either.
Expect this to accelerate in the next 4 years.
HUMANSMeta just made huge changes to their content policies, including allowing hate speech against many different groups. MORE | MORE
💡I think my opinion on this might be different than a lot of people in the Bay Area. I want platforms to have full, nasty reality available for me to see.
But I don’t want to see it 99.9% of the time, so I want filters to be able to block it out. The worst situation is when they allow it, don’t filter it, and don’t let me filter it because they want hate because it generates clicks.
That to me is the problem, not the fact that the platform is unfiltered.
The economy added 256,000 jobs in December 2024, way above the 155,000 that economists expected. The unemployment rate dropped to 4.1%, and November's numbers were revised down by 15,000 to 212,000 jobs. MORE
🌎️ ☀️ A rare seven-planet alignment is coming to Earth's night skies in February 2025, letting us see all the planets in our solar system in a row at once. But I’ve been enjoying tons of them for like a month already. Mars and Jupiter are gorgeous, and Saturn is to the upper left of Venus in the west. MORE
Germans are using DIY balcony solar panels to cut their electricity bills, with over 400,000 of these "plug-in" systems now installed across the country. MORE
Young people are increasingly avoiding relationships, and it's happening all over the world. Japan's already low marriage rate dropped another 12% since 2019, while a third of 18-34 year-olds globally say they're just not interested in dating or relationships. MORE
In 1965 the US government tried replacing Mexican farmworkers with American high school athletes, and it failed spectacularly. The Department of Labor recruited 18,100 teenagers for the "A-TEAM" program but only 3,300 actually worked the fields, with many quitting within weeks due to brutal conditions like 110-degree heat and minimum wage pay. FAFO. MORE
IDEASMy thoughts on Zuckerberg and Musk showing us raw internet. Basically I want that, but with the ability to tune out what I don’t want to see.
Reality Through Filters
The last few years have given me some clarity on where I stand on the topic of internet censorship. I was a bit wishy-washy on it for a while, but for tech platforms like X and Facebook, I think I finally have an opinion.
danielmiessler.com/blog/reality-through-filters
DISCOVERYI’ve had this for years. Super useful.
this little snippet will save you 128 hours in 2025.
bookmark for later.
— Kyzo (@ky__zo)
1:53 PM • Dec 27, 2024
New NVIDIA Free AI Courses MORE
massport80 — A researcher scanned the entire IPv4 internet on port 80 using masscan, finding 71 million open ports and analyzing the results with nmap. MORE
You Can't Optimize Your Way to Being a Good Person — A deep look at why our obsession with moral optimization and quantifying ethical behavior might be making us worse people, not better ones. MORE
🪄Terminal Setup Guide — Julia Evans explains what's needed for a modern terminal experience, and it's more complicated than you might think. She outlines 10+ must-have features including multiline paste support, infinite shell history, and 24-bit color support. MORE
Philips Hue users will be able to create custom scenes using voice or text commands like "Give me a scene for a garden party," and the AI will either recommend existing scenes or generate new ones. MORE
RECOMMENDATION OF THE WEEKDon’t clutter your mind with anything before starting work. Treat your morning clarity as a precious resource! You want that energy to go into difficult work, not distraction and fragmentation.
I think of it like me starting with mental energy at 100 (on a perfect day). So let’s call it 90 😁. If I then open social media, or news, or emails, or whatever, my energy shatters. It’s spread into the ether like a prism scatters light.
Now my energy is at 47.
Don’t waste those points on trash. Spend them on your most creative / difficult work.
APHORISM OF THE WEEK Share UL With Someone Thoughtful
I still do this most days and I think it works great. My morning brain (right after 1hr exercise and 1 coffee) is quite eager to work and I go directly to the one top priority item. The energy decreases over time and with every distracting item loaded into the context window.
— Andrej Karpathy (@karpathy)
9:19 PM • Jan 8, 2025
Thank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Powered by beehiiv
January 7, 2025
UL NO. 463 | Launching 2025, US Soldier Data Leak, AI Agents Emerge, China's Global Spy Network, Robotaxis Now Safer Than Humans
Hey there! Welcome to 2025!
A few notes about the end of last year and how I’m approaching this year:
I relaunched my website, separately from the newsletter. So happy with the new design, which is quite similar to the last one before I merged it with Beehiiv. Beehiiv is great as a newsletter platform, but I need more control over my content—just like I’ve been preaching all these years. Beehiiv was a nice consolidation step and now we’re moving towards the ideal. Markdown / Vite, if anyone is curious. Still lots of work to do on it. PREVIEW THE NEW SITE
End of 2024: Spent over 60 hours optimizing my productivity and tooling for 2025. That’s notes, automation, AI workflows, processes, computer, network, operating system, text editor, app launcher, menu bar, keyboard shortcuts….basically everything. Releasing a video on it for members next week. And it’s the topic of this month’s mid-month meetup as well.
For 2025: More focus and more discipline. My primary projects for 2025 will be launching SamePage and Human 3.0, with building out my own Daemon and doing other broadcast/tech/H3 related stuff will be the ever-present secondary.
Here’s what I expect for 2025:
A lot of chaos that comes with a lot of opportunity
A bias towards action, i.e., people who act will have the advantage
The AI companies move towards Agents
Many AI companies start failing because they were riding hype
Big Tech and truly innovative AI companies start to hockey-stick
Developers switch from minor AI assistance to largely AI-based dev
It becomes more obvious that AI will replace lots of knowledge work
The AI discourse switches from ASI to human work replacement
More people start asking what humans are supposed to do post-work
It’s going to be wild, and I’m happy to be on the ride with you.
Daniel
Sponsor
Stay Vigilant with AI SOC Analysts
Cyber threats never sleep, and neither do we.
Dropzone AI is the first Gartner Cool Vendor for the Modern SOC, empowering security teams with AI SOC analysts that autonomously investigate alerts 24/7.
Stop wasting time on false positives.
Reduce Mean Time to Conclusion (MTTC) with decision-ready reports.
Gain the confidence of knowing every alert is handled with expert precision.
Our AI SOC analyst adapts to your environment, and provides actionable insights—no playbooks or prompts required. Ready to see the future of SOC efficiency?
👉Request a Demo Today SECURITYA US Army soldier was arrested for allegedly selling AT&T and Verizon customer data as the hacker "Kiberphant0m". The 20-year-old communications specialist Cameron Wagenius allegedly stole and leaked sensitive call records, including what he claimed were logs from presidential candidates. MORE
There’s a critical security release for iTerm2 fixes a remote code execution vulnerability in the terminal emulator's renderer process. But you should be switching to Ghostty anyway! MORE | GET GHOSTTY
China has turned one of its most prominent pro-democracy dissidents into a spy by threatening his sick parents. Tang Yuanjun, a Tiananmen Square protest participant and exile living in New York, was arrested by the FBI in August 2024 for collecting intelligence on fellow activists for Beijing. MORE
💡This calls attention to China's use of emotional pressure and family ties to coerce members of its diaspora into becoming intelligence assets. Hard to say how big the problem is, but I’m quite worried about it.
They can basically activate millions of people in their diaspora by leveraging nationalism, political pressure, threats to family, or whatever it takes. So it’s not a matter of whether you can trust the people in the new country; they might be perfectly loyal to the company they work at, or the country they now live in. But then they get the phone call. Not nearly enough attention on this kind of stuff—and not just for China.
Manipulating or pressuring people with access is extremely effective, and very few companies have advanced Insider Threat programs—for multiple reasons. First, they’re really difficult to build and maintain. And second, it’s politically difficult to monitor and alert on suspicious behavior of employees—especially when it’s expected that many of the hits will be from foreigners. It requires a company with very strong ethics and technical skill to be able to do this 1) without being racist, and 2) without getting sued.
Amnesty International says attackers used a HomeKit vulnerability to deploy Pegasus spyware on Serbian journalists' and activists' iPhones. MORE
Holy crap: Russia is using Ukrainian kids to help them target airstrikes by having them play "quest games" that involve taking photos and videos of military targets. The FSB recruited two separate groups of 15 and 16-year-olds in Kharkiv who were asked to visit specific locations and take pictures of the surroundings, which were then targeted in airstrikes. MORE
Microsoft says it's going to delete passwords for a billion users as password attacks double every year, and they’re now blocking 7,000 password attacks per second. 🤯 MORE
The Treasury Department got hacked through their BeyondTrust remote support software by Chinese state hackers. The attackers stole a key used for cloud-based tech support that let them access multiple Treasury workstations and view unclassified documents. MORE | MORE
A vulnerability in Nuclei that lets attackers bypass template signature verification to execute malicious code has been fixed in version 3.3.2. They patched back in September. NOTE: I’m an advisor there. MORE
This is a solid breakdown of how to use ANY.RUN's Threat Intelligence Lookup for proactive threat detection. The article walks through five key approaches including regional threat monitoring, artifact verification, TTP tracking, threat evolution monitoring, and report enrichment. MORE
Congressman Mike Waltz says the incoming administration plans to shift from defense to offense in cybersecurity, specifically calling out Chinese threat actors Salt Typhoon and Volt Typhoon. Yes please. MORE
Missile attacks have now become the leading cause of commercial airline passenger deaths. 926 people have been killed by missile strikes since 2014, compared to 458 deaths from traditional accidents during the same period. MORE
A wilderness survival instructor spent two years infiltrating multiple militia groups, including becoming a top leader in AP3 and gaining access to Oath Keepers leadership. The mole, identified only as John Williams, gathered extensive documentation showing militia ties to law enforcement and surveilled a student journalist, ultimately going public with what he learned. MORE
Continue reading online to avoid the email cutoff AI / TECHSam Altman claims in a new blog post that OpenAI has figured out how to create AGI. And he predicts AI agents will "join the workforce" in 2025. MORE
💡I think he’s right here, and I’d like to reiterate why I’ve been saying AGI is coming between 2025 and 2028 since early 2023.
AI deploys as systems, not as models. A model by itself doesn’t need to be all-powerful. It’ll be a product that has tons of models working together, along with regular automation and code as plumbing and glue.
Replacing many/(most?) knowledge-work jobs is easier than most think. My definition of AGI is an AI system that replace a decent knowledge worker, so we’re talking customer service, sales reps, project management, technical writing, etc. Millions of jobs. And before too long, a lot of programmers as well.
We’re not talking about ASI—where we have a superintelligence capable of more than our best humans. We’re talking about a massive AI System made up of dozens or hundreds of smaller AIs that all coordinate together. So it can follow instructions, participate in meetings, create summaries, check code in and out, modify code, write emails, participate in Slack discussions, etc.
The bar for doing this decently well is not that high. And that’s what I think AGI is. It’s an AI system good enough to replace an average knowledge worker. I think this is a good definition because it deals with the thing we’re actually concerned about—which is human worker replacement.
AGI is not—or should not be—about benchmarks or lab results. What matters is humans, and how humans are affected by technology. That’s why I use a human definition of AGI.
So, given that, I think we’ll get there in 2025 or 2026. I’d say 40% 2025, and 50% 2026, and 10% 2027 or beyond.
The CIA built a tiny robot dragonfly spy in the 1970s that could fly 200 meters to deliver miniature laser reflectors for eavesdropping. The "insectothopter" used a gas-powered fluidic oscillator to flap its wings 1,800 times per minute and could be controlled by an infrared laser beam, though it struggled with crosswinds above 7mph. MORE
Waymo's autonomous vehicles are showing they're significantly safer than human drivers in San Francisco. The company's data shows its robotaxis have an accident rate 6.7 times lower than human drivers in similar conditions, with only 0.41 crashes per million miles compared to humans' 2.75. MORE
United Airlines is moving fast to roll out Starlink internet on their planes, and I absolutely can’t wait. I’m really hoping it’s a simplified connection process too, more like JSX. On a JSX flight you connect to wireless once when you first board the plane, with no password and while still on the runway, and you’re good for the whole flight. Like it’s so good you can have a Zoom call if you wanted to. More people on a 767, though. MORE
The Vision Pro just got an incredible planetarium experience through its Theater app update, letting you turn your room into a full dome theater where you can view the stars. This was a special thing for me growing up where we would have field trips to the Planetarium in San Francisco. It’s why I’m into Astronomy today. Can’t wait to play with this! MORE
Den Delimarsky makes a compelling case for owning your own corner of the internet rather than relying entirely on major platforms. He argues that while big platforms like YouTube and Reddit are useful, they increasingly optimize for engagement and monetization rather than interest and personality. This is the same argument I’ve been making here for like 15 years, but it’s good to hear it from someone else. MORE
HUMANSThe Chart of Everything — The Economist created a stunning visualization showing how literally everything in existence emerged from the Big Bang 13.8 billion years ago. The key insight is that all objects are essentially particles frozen in time at a higher density than their surroundings as the universe expanded and became less dense around them. The chart traces this progression from pure energy through elementary particles, atoms, and eventually to stars, planets, and life itself. MORE
Paul Cohen makes a compelling case for universities to start training polymaths again instead of specialists, arguing that modern problems like climate change and sustainability require broad, systems-level understanding. MORE
A massive 44% of US unicorn founders between 1997-2019 were born outside the US, showing just how crucial immigration is to American innovation. Indian founders led the pack with 90 individuals, followed by Israel (52) and Canada (42). MORE
A survey of 86 convicted burglars confirms that security cameras and alarms actually work as deterrents. Most inmates said they'd skip houses with visible cameras, and they bolt when alarms sound. MORE
IDEAS
AI is Founder Augmentation
A different way to think about AI and human work.
danielmiessler.com/blog/ai-founder-augmentation
Bet on Doers That Treat Failure as Fuel
Jensen Huang just released a massive amount of stuff yesterday, including a new personal AI computer and new GPUs. But the biggest signal I’m getting from him/them is that he’s all in on robotics. I mean most people are still lagging on AI, and he’s already on robots. I am heavy in both NVIDIA and TESLA mostly because of the leaders, not necessarily for any particular product. They both just happen to think AI and Robotics are the future, though, which I also believe. The bigger point is that they are absolute freaking machines. They are thinking all the time. Executing all the time. Non-stop. They couldn’t stop if they tried. Those are the types of people I bet on because it doesn’t matter if/when they fail. They just dust off and keep going. MORE | MORE | MORE
Shift — A new Caido plugin product by my buddies Joseph Thacker and Justin (rhynorater), who won Google's LLM Bugswat. It works like Copilot for web app testing, letting you control the proxy using natural language instead of complex syntax. It can generate contextual wordlists and create match & replace rules on the fly, plus it's highly customizable with custom memory and instructions. MORE
Brand AI Analysis Tool — Someone made a cool agent that shows you how ChatGPT perceives and recommends different brands compared to their competitors. The tool analyzes direct comparisons, assumed buyer personas, and specific recommendation scenarios between any two brands. MORE
Hitting OKRs vs. Doing Your Job — A great explanation of how OKRs should focus on new initiatives and changes rather than duplicating regular work tracking. The key insight is that OKRs work better in project-based work (like Marketing) compared to product work (like Engineering) because projects naturally fit into quarters while product work is ongoing. MORE
Raspberry Shake — A line of professional-grade seismographs for home and educational use that can detect ground movements smaller than 1/100th the width of a human hair. MORE
25 Useful Ideas for 2025 — A fascinating collection of mental models and concepts that can help improve your thinking and decision-making in the new year. The list includes gems like how small problems can be worse than big ones (Region-Beta Paradox), and how teaching others is the best way to learn (Protege Effect). MORE
📚 Thank You, Everything — A new children's book explores gratitude through the Japanese concept of tsuumogami, where objects gain souls after 100 years of service. The story follows a character thanking everything from bicycles to fog to caterpillars, illustrated by artist duo Icinori (Mayumi Otero and Raphael Urwiller). MORE
14 Wild Ideas — Robin Hanson shares some fascinating predictions about the future, including that by 2100 most "people" will be immortal computer simulations, and that our nearest intelligent aliens are millions of light years away. He believes at least a third of these wild ideas are likely true. MORE
SF Purity Test — Someone made a hilarious checklist scoring system for how deep you are in SF tech culture, with items like "Applied to OpenAI", "Switched from ChatGPT to Claude and back", and "Told someone you won't date because AGI is coming". MORE
yolo-security — Someone made a parody pentesting company website that generates empty pentest reports to make management happy, complete with fake findings, pretty charts, and executive summaries. MORE
Python One-Shot Tools — Simon Willison shares a clever way to build Python tools using Claude and uv run, where a single prompt can generate a complete working script with dependencies. MORE
CF-Hero — A new tool for finding the real IP addresses behind Cloudflare-protected websites by checking multiple data sources and determining which domains are actually using Cloudflare protection. MORE
Technical Debt is Entropy In Software — An argument that entropy helps explain technical debt in software development, with tech debt representing the integral of software complexity over time. MORE
Types Make Hard Problems Easy — A detailed look at how leaning into type systems (especially TypeScript) can make complex programming problems much simpler, with a focus on letting types flow through the system and making illegal states unrepresentable. MORE
Jetson — Speaking of NVIDIA, I want this. They just released a $249 AI computer that's half the price of the previous model, aimed at hobbyists and small companies. The device is designed to be the "brain" for robots and industrial automation projects, letting them run AI computations directly on the hardware. MORE
NVIDIA Project Digits — Oh crap I want this too. “With Project DIGITS, users can develop and run inference on models using their own desktop system, then seamlessly deploy the models on accelerated cloud or data center infrastructure.” MORE
The Ars Guide to Mechanical Keyboards — A really solid intro to mechanical keyboards that explains why people love them so much. Every key has its own switch with a physical spring (unlike membrane keyboards), and Cherry's 1980s switch designs are still the foundation for most modern keyboards. MORE
lobhn — A neat little tool that shows you which stories are being discussed on both Lobsters and Hacker News, with direct links to both discussions. MORE
RECOMMENDATION OF THE WEEKWhen dealt chaos, find a way to benefit from it. 2025 might be completely insane, but like Littlefinger said, “Chaos is a ladder.” He died in the end, but it’s still a good lesson.
Seriously though, there is tremendous opportunity in change.
Treat it as a chance to remake yourself into what you are supposed to be. Start the venture. Build the company. Get the better job.
If chaos comes for you, embrace it. Reflect it back. Soak it in and use its strength to improve.
APHORISM OF THE WEEK Share UL With Someone ThoughtfulThank you for reading. Please forward to a friend and/or share on socials to help support the work. 🫶🏼
Daniel
Powered by beehiiv
December 16, 2024
UL NO. 462: Full-Face Mask Deceptions, VS Code Tunnel Hacks, Quiet AI Emergence at Apple, and Tokyo’s Three-Day Weekend Gamble
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey there!
Settling in for a couple of light holiday weeks. I plan on doing lots of coding and light reading (LitRPG mostly, I think). What are you going to do?
Please go subscribe to the YouTube channel. Always forget to promote it, and we’re putting in work over there!
SUBSCRIBE TO THE UL YOUTUBE CHANNEL
I wrote a piece for Dazz that I’ve been wanting to get out for a while. It’s about how I think continuously updated context will end up being the future of vulnerability management. Basically, the problem isn’t finding vulnerabilities; the problem is knowing how to fix them—in what priority—within any given organization. CHECK OUT THE ARTICLE
Sponsor
This AI is Game Changing for Security Operations
Check out this annual benchmark data from Intezer's AI SOC solution:
➡️ 2 min 21 second average alert investigation time
➡️ 3.81% alert escalation rate
➡️ 97.7% accuracy for false positive alerts
➡️ 93.45% accuracy for true positive alerts
This is data from an AI SOC startup with a track record of triaging huge volumes of alerts for their customer base that includes Fortune 500 companies and top MSSPs. Impressive results compared to traditional triage processes.
Intezer has a unique approach to AI agents and an interesting back story too. Their CEO Itai Tevet co-founded Intezer in 2016, after he’d lived the reality of too many alerts and not enough time while leading an elite security and incident response team.
👉Check out Intezer’s interactive tour or get a demo SECURITYFull-Face Masks for Facial Recognition Evasion
There are new super-realistic printed face masks that people can use to appear as someone else from a distance. Insane how good they appear to be, combined with how easy they are to swap on and off. They seem good enough to possibly fool a cursory glance and even facial recognition. MORE
💡Someone in the security community needs to buy some of these and test them out with common facial recognition systems. That would be a fun project.
Visual Studio Code Remote Tunnel Attacks
Chinese hackers were caught using VS Code's remote tunnel feature to hack IT service providers in Southern Europe. The attackers used SQLmap for initial access, dropped a custom PHP webshell, and used a modified version of Mimikatz (called mimCN) that's been linked to other Chinese operations. MORE
China Restricts Drone Parts to Ukraine
China has started limiting sales of critical drone components to the US and Europe that are needed for Ukraine's defense efforts. MORE
Sponsor
How to investigate ChatGPT activity in Google Workspace
When ChatGPT is allowed to access files directly from Google Drive, it grants extensive permissions for not only personal files, but resources across the entire shared drive. This blog post covers the potential risks of this integration, and how you can find activity related to ChatGPT in Google Workspace.
Read MoreFBI Takes Down Rydox Cybercrime Market
The FBI has shut down Rydox, a cybercrime marketplace operating since 2016, and arrested three Kosovo nationals who were running it. The site had done $230,000 in revenue from selling over 321,000 cybercrime products to 18,000 users, including stolen PII and hacking tools. MORE
Russian APT Gamaredon Using New Android Spyware
Russian state-backed APT Gamaredon has been targeting Russian-speaking individuals with two Android spyware families called 'BoneSpy' and 'PlainGnome' that can record calls, capture photos, and collect SMS messages. MORE
Yahoo Paranoids Layoffs
Yahoo cut 25% of its cybersecurity team (The Paranoids) over the last year and completely eliminated its red team, moving to an outsourced model instead. The company lost between 40-50 security people out of 200 total since early 2024, amid broader tech organization changes under new CTO Valeri Liborski. MORE
We’ve opened up slots for the AUGMENTED course again for February 3, 2025!
This instance of the course will be a full discussion and workshop on building out personal TELOS files and using AI to access them.
$495 (Members check the #augmented channel for your direct 25% discount link!)
→BECOME A MEMBER TO GET THE DISCOUNT ( ←💡 Pays for the membership!)
😡 Claude > ChatGPT Pro For Me
I’m super annoyed to report that ChatGPT Pro, even with the full o1-pro and all the goodies, does not come close to Claude’s intelligence as a coding partner. Specifically using Sonnet 3.5. Claude is something like 70-85% effective at communication, following instructions, and general coding tasks. ChatGPT Pro is more like 50-70%. It doesn’t follow instructions well. It constantly loses the plot. And it’s just worse at coding. Plus it takes far longer because of o1’s thinking time. And I’m paying $200 for it.
💡I think ChatGPT will catch up, and I’m pulling for them because my loyalty going back to the start of 2023 is with OpenAI. Which is why I’m paying for Pro. But holy crap it’s annoying to pay so much for something that produces work I end up having to redo using Claude. 😡
Apple's Pragmatic AI Strategy
I think Apple is actually doing exceptionally well on the AI front (except for Siri, which is still unexplainable bad). But even Siri is better now with ChatGPT integration, which I’ve been using since the beta started. My absolute favorite feature of Apple Intelligence is the ability to hold the camera button on new iPhones and have ChatGPT tell you what you just took a picture of. MORE
💡Basically, Apple is building LifeOS, and they have been for like 15 years. This naturally includes complete integration of AI into everything life and work. And they’re doing it slowly. Methodically. And quietly. Just like usual.
Everyone doubted the slow and low approach to building the iPhone ecosystem too, and now everyone copies it because it’s the best in the world. It’s the same with their AI integration. They are piecing together all the plumbing of a person’s life in the iPhone ecosystem, and the overall Apple ecosystem, which all lives inside the secure enclave or the secure cloud infrastructure, and their AI will have access to all of it.
Apple’s entire game is integration. It’s all about the ecosystem and how it all works together. Applying AI to that will be done better on Apple than anywhere else because Apple is best at seeing everything as a unified whole.
Remember this when you hear people talk about how far behind Apple is on AI. And remember it when people are surprised by Apple “suddenly” figuring out AI 2 to 3 years from now. It’s not suddenly. It’s all planned. Quiet and slow is the game.
OpenAI Whistleblower Death
A former OpenAI researcher who publicly criticized the company's data practices was found dead in his San Francisco apartment, with authorities ruling it a suicide. Suchir Balaji, 26, had recently accused OpenAI of violating copyright law in training ChatGPT and was expected to provide key evidence in several ongoing lawsuits against the company. MORE
💡There is an atmosphere of conspiracy around lately, so I’ll just say that there of course could be malicious activity here, but it’s also the case that whistleblowers lead a difficult life. They tend to target someone big in their own community and get ostracized immediately as a result, which is profoundly isolating and stressful.
I don’t know the details of this case at all; I’m simply saying we shouldn’t always jump to the lowest probability and most nefarious explanation.
AI Company's Honestopian Billboard Campaign
A Y Combinator-backed startup called Artisan is running ads all over San Francisco with slogans like "Stop Hiring Humans" and "Artisans won't complain about work-life balance" to promote their customer service AI. The company's CEO said the campaign was designed to be dystopian and controversial to grab attention, but I don’t believe that. I think it has a dual purpose: controversy for marketing, but direct honesty for those actually looking to reduce headcount. MORE
ChatGPT Gets Real-Time Video Vision
ChatGPT can now analyze real-time video through your phone's camera, letting you point it at objects for instant analysis and conversation about what it sees. Works really well, actually, but I need it on the desktop. MORE
Google Announces Gemini 2 and AI Agents
Google released Gemini 2, which can now control computers and navigate the web to do tasks like shopping and coding. Seriously impressive stuff. It feels close to a ChatGPT moment from late 2022. Completely surreal to just talk to an AI that can see your screen and help you code. MORE
Exxon Plans Natural Gas Plant for AI Data Centers
Exxon is building its first-ever external power plant focused on AI data centers, with plans to generate 1.5 gigawatts of power through natural gas. They are one of the most innovative companies out there. I have issues with their ethics at times. Significant issues. But holy crap they can read the tea leaves. Becoming an energy provider to AI. Brilliant. MORE
Health Data Tracking in Markdown
Someone made a really smart case for tracking health data in Markdown files instead of apps, since apps eventually die and take your data with them. They use plain text files for daily logs and Google Sheets for trends, with everything backing up to Google Drive. Markdown all the things. MORE
GPS-Based NTP Server Appliances from CenterClick
CenterClick has released a line of GPS-based NTP server appliances that work completely offline with no subscriptions or cloud requirements. The devices support multiple GNSS constellations, can track up to 1 million unique IPs, and use less than 5W of power. MORE
United Airlines Adds AirTag Support to Mobile App
United Airlines is adding Apple's new Share Item Location feature to their mobile app, letting customers paste location-tracking links for their AirTagged bags directly into their missing bag reports. MORE
YouTube's TV Usage Stats Show Huge Growth
YouTube is seeing massive growth in TV viewing, with sports content up 30% and users watching over 400 million hours of podcasts on TVs monthly. MORE
Bird Flu Jumps to Human in Louisiana
Louisiana reports its first human case of H5N1 bird flu in someone who had contact with sick birds, and they're currently hospitalized. MORE
Tokyo Offers 3-Day Weekends to Boost Birth Rate
Tokyo is trying to increase births by giving its 160,000+ government workers a 4-day workweek starting in April, hoping less work means more babies. Japan's birth rate has fallen to 1.2 babies per woman, and they're expecting fewer than 700,000 newborns this year—the lowest since records began in 1899. MORE
Ketone Bodies Found to Clear Alzheimer's-Related Proteins
Research shows ketones don't just provide energy to the brain—they actually help remove misfolded proteins associated with Alzheimer's by making them easier to clear through autophagy, with dramatic results in both mouse and worm studies. MORE
Stack Analyzer
Detect more than +500 technologies in your code base. MORE
Security Talks at ReInvent
A playlist of all the security talks at AWS ReInvent. MORE
ZSTD vs GZIP Comparison
In a series of compression tests, ZSTD consistently outperformed GZIP and ZLIB across speed, compression ratio, and decompression efficiency metrics. The tests by Aditya Karnam showed ZSTD was particularly dominant with large datasets. MORE
Downtime. Fiction. Family. Friends.
APHORISM OF THE WEEKThank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Daniel
Powered by beehiiv
December 3, 2024
Frontview Mirror: 2025 Edition
This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.
A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!Powered by beehiiv
December 2, 2024
UL NO. 460: CISA Exploded, The Chinese Telco Hack, Two Meta-skills
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey there!
My current TMUX windows
It’s that time of the year again! MAJOR NEOVIM and TMUX updates. This year I did lots of cleaning, added noice.lua to get some clean aesthetics (I especially love the visual search box popup), and a bunch of other goodies. Feels so good to do in December or January! Will do a blog/video on it soon.
My own Stratum 1 time server on the LAN!
My time server lives! Check out my snmp time.local.lan output 👆🏼
I’ve opened up my AUGMENTED course again for February of this year. This is going to be a very focused session on building out personal TELOS files. $495. RESERVE A SLOT
Sponsor
Gain Visibility & Control Over Risky Drive Sharing
Google Drive is where your team works and collaborates: it’s full of sensitive, critical information — and it’s growing rapidly. Sampling our Drive customers, we found that over approximately six months, the average Drive footprint grew over 800% and sharing of sensitive information increased over 500%.
Sharing and collaboration is key to your operations–but managing the risk that goes along with it is just as critical. Material gives organizations visibility and granular control over Drive behavior, that’s why our customers also saw risky sharing — like public exposure of confidential content — drop by 94% in the same time period.
Find the risks lurking in Google Workspace and manage them without disrupting your operations, with automated detections and remediations from Material Security.
material.security/providers/google-workspace
Gain Visibility and Control with Material SECURITYJen Easterly, CISA's director, will leave the agency on January 20 as the new administration begins. Sad. MORE
💡She’s one of the best things that’s ever happened to public cyber. I was holding out hope that she would stay on. What a loss.
China has deeply compromised thousands of US telco networks according to Senator Mark Warner, who says the situation is way worse than SolarWinds. The Chinese group "Salt Typhoon" has established persistent access that may require replacing thousands of network devices, and they potentially accessed phone call data and wiretapping capabilities. MORE
💡Worse than SolarWinds. Deeply compromised telco networks. Add it to OPM, Marriott, and thousands of other hacks. Really tired of this.
Some are saying the compromise is so deep and nasty that it might require a whole rebuild to get them out. Which will take years, if it happens.
Meanwhile—they’re still our telco networks.
Volexity discovered Russian APT28 hackers compromising organizations next door to their actual targets to hijack their WiFi networks and gain unauthorized access. The attackers used password spraying to get credentials, then leveraged neighboring offices' devices to connect to the target's MFA-less WiFi network and move laterally. MORE
💡Great. Now we have to worry about who’s getting hacked next door as well.
Apple has rolled out urgent updates for iOS, iPadOS, macOS, visionOS, and Safari to fix two zero-day vulnerabilities. The flaws, CVE-2024-44308 and CVE-2024-44309, involve JavaScriptCore and WebKit, potentially allowing code execution and XSS attacks. MORE
Wiz is acquiring Dazz for $450 million to boost its cloud security offerings, especially for developers. Damn. Dazz just came out and already acquired. Nice job. MORE
The Danish Navy detained the Chinese bulk carrier Yi Peng 3, suspected of damaging undersea telecom cables in the Baltic Sea. The incident occurred in Danish waters, with the ship reportedly sailing over cables between Finland, Germany, Sweden, and Lithuania. MORE
Sponsor
The Complete Guide to Credit Card Fraud and Prevention
Fraud tactics are becoming ever more sophisticated - but real-time data and applying the most up-to-date best practices can help protect your business. Learn the latest credit card fraud methods to help your team anticipate and counteract threats.
→ Understand evolving fraud tactics
→ Implement intelligence-driven prevention strategies
→ Build fraud resilience
Download the guide to learn more.
go.flashpoint.io/guide-to-credit-card-fraud-prevention
Get the GuideCrowdstrike says a China-linked group called Liminal Panda has been targeting telecom networks in South Asia and Africa since 2020, using protocols like SIGTRAN and GSM to infiltrate and collect intelligence. MORE
CISOs can now get professional liability insurance from to Crum & Forster. This new policy protects CISOs from personal liability, covering consulting work and even pro bono IT security tasks. MORE
Google's OSS-Fuzz project, using AI, found 26 vulnerabilities, including a critical OpenSSL flaw (CVE-2024-9143) that went unnoticed for two decades. MORE
Google blocked over 1,000 pro-China propaganda sites that were posing as legitimate news outlets. The sites were run by four Chinese firms working together as "Glassbridge,". MORE
Researchers found Russia is using AI to scale up its disinfo campaigns, with a focus on creating fake Western personas to spread anti-Ukraine narratives. They're seeing more sophisticated tactics like using AI-generated profile pictures and coordinating posts across multiple platforms to appear more authentic. MORE
Continue reading online to avoid the email cutoff AI / TECHAWS just added automatic testing of RAG setups and LLM-based model evaluation to Bedrock, which lets you quickly test different RAG configurations without needing human reviewers. The evaluations look at things like correctness and helpfulness, with scores from 0-1 and natural language explanations for the results. MORE
Anthropic released an open-source protocol for connecting AI models directly to data sources like Google Drive and GitHub. The protocol lets AI assistants access live data from business tools and development environments instead of being isolated, with Block and Apollo already integrating it and companies like Replit and Sourcegraph adding support. MORE
💡This is very much in line with what I’ve been building for the last couple of years with Fabric and my own internal tooling. Basically, everything is microservices and data sources, and they’re all modular. I think that’s where everything is going.
OpenAI is reportedly planning to develop a web browser to compete with Google Chrome, integrating ChatGPT and search features. MORE
Llama 3.1 405B is now blazing fast on Cerebras Inference, hitting 969 tokens per second—12x faster than GPT-4o and 18x faster than Claude 3.5 Sonnet. MORE
💡This alternative hardware stuff is just insane. These are custom chips, similar to Groq, that run inference extremely quickly.
My opinion isn’t formed yet, but I’m wondering how much of the future of AI is building models vs. inference, and I think I’m very much leaning towards inference.
Microsoft has quietly built the largest enterprise AI agent ecosystem with over 100,000 organizations using its Copilot Studio. At the Ignite conference, they announced support for 1,800 large language models in Azure and unveiled autonomous agents that work with minimal oversight. MORE
Salesforce plans to hire over 1,000 people to support their new AI product Agentforce, which automates customer service, sales, and marketing tasks. The tool costs $2 per agent conversation and is already being used by companies like OpenTable, Saks, and Wiley. The company's stock hit a record high of $322.81 on the news, up 2.5%. MORE
💡Both Microsoft and Salesforce are going heavy on Agent frameworks, tooling, and products. Especially the Salesforce stuff. It’s basically a full platform for automating people’s jobs.
They look cute in the picture, though, so they’re probably harmless.
I’m not mad at them, by the way. This is inevitable. I’m just worried for people and feel like screaming into my fist when I see how blatantly this is being built right in front of us, with most people being completely unaware.
Agentforce: Create Powerful AI Agents
Build and customize autonomous AI agents to support your employees and customers 24/7, including full integration with the Salesforce ecosystem.
www.salesforce.com/agentforce
Meta is using large language models (LLMs) to boost their incident response, achieving a 42% accuracy in identifying root causes in their web monorepo. This approach reduces mean time to resolution (MTTR) from hours to seconds by surfacing likely issues early in investigations. MORE
Nvidia just announced Fugatto, their new AI model that makes music from text prompts. The name stands for Foundational Generative Audio Transformer Opus 1, and it lets you either describe the music you want or upload existing audio to work from. MORE
40% of LinkedIn articles may be AI-generated, with tech and marketing having the highest rates. Researchers analyzed 10,000 LinkedIn posts and found consistent patterns in AI content, including longer articles and specific linguistic markers. MORE
Apple is reportedly working on a new AI-powered version of Siri, called "LLM Siri," to compete with ChatGPT and Google's Gemini Live. This upgrade will make Siri more conversational and capable of handling advanced tasks, like interacting with third-party apps and summarizing text. MORE
Zoom drops "Video" from its name as it pivots to being an "AI-first work platform." The company is trying to move beyond its pandemic-era video conferencing success by launching comprehensive workplace tools to compete with Microsoft and Google.
Meesho is handling 60,000 daily customer calls in Hindi and English using existing LLMs combined with custom components for local context. The system cuts call costs by 75% and resolves 95% of queries without human intervention. Insane stats! MORE
OpenAI's Sora text-to-video model has been leaked by early testers who claim they weren't fairly compensated for their work. The leak appears to be a protest against OpenAI's treatment of creative contributors. MORE
Tesla is set to launch V4 Supercharger stations next year, offering up to 500kW charging for EVs and 1.2MW for Tesla Semi trucks. These new stations will feature longer cords, CCS connectors, and physical payment terminals, making them more accessible for various EV brands. MORE
Google faces its most serious legal challenges ever, with multiple antitrust cases that could force dramatic changes to its core businesses. The DOJ wants Google to sell Chrome, Epic won a case to open up the Play Store, and another case targets Google's $237.9B ad business. MORE
HUMANSYoung doctors are flocking to dermatology because it pays extremely well and has great work-life balance. The average dermatologist makes $438,000/year, works 40 hours a week, and rarely has to take call, while other specialties like emergency medicine require nights, weekends, and holidays. MORE
A Wired article explains how to get better at dealing with uncertainty and making predictions. The piece focuses on practical ways to improve forecasting skills, drawing heavily from intelligence agencies and "superforecasters" who are good at calibrating probabilities. MORE
The gaming industry is seeing widespread layoffs and studio closures as players spend less on new games and stick to established titles like Fortnite and Call of Duty. Over 14,000 games have been released on Steam in 2024 already, surpassing 2023's total, while established games take up 92% of total gaming time. MORE
Denmark plans to plant 1 billion trees and convert 10% of farmland into forests over the next 20 years to cut fertilizer use. MORE
A Pew report reveals that 21% of US adults, and nearly 40% under 30, now get their news from influencers instead of traditional media. MORE
A data scientist challenges the assumption that employee performance follows a normal (Gaussian) distribution, arguing it actually follows a Pareto distribution where low performers are 3x more common than high performers. The analysis shows there's no statistical basis for firing the bottom 10% of workers annually, and companies should focus on addressing genuine hiring mistakes rather than forced rankings. MORE
MIT is making tuition free for undergrad students from families making under $200K. If you can get in. Which most cant. The solution is to make elite education basically free, not to give a couple more people a chance. MORE
Japanese fiction sales are exploding in the UK, making up 43% of translated fiction in 2024 so far. The boom started with surrealist authors like Murakami and Yoshimoto in the 90s, but has evolved into three main categories: literary fiction from female perspectives, crime novels, and "comfort books" featuring cats and cafes. MORE
Medicare is paying vastly different prices for identical drugs depending on how they're administered. The same medications cost way more when given in hospitals vs. doctor's offices or at home. MORE
Barnes & Noble is making a comeback with plans to open 60 new stores this year, including 12 this month. After nearly going bankrupt, they're adopting an indie bookstore vibe and letting each location tailor its offerings to the community. So happy about this! MORE
IDEASThe new Meta Skills?
I think the new meta-skills might be Creativity and Judgement. Let me explain. Imagine you’re sitting in front of a computer with a super-intelligent AI system that works for you. It can make anything. Any art. Any program. Any company. ANYTHING. When you’re no longer limited by execution, the questions become quite interesting. The first question is: What do you tell it to make? And the second question is: How do you know when it’s done? Both of these require that you understand the world. You have to know the difference between good and bad versions of things. You have to understand problems, and solutions. They require that you basically know a lot, about a lot of different things. It takes us back to classical education—like Grammar, Dialectic, and Rhetoric. What I’d argue is real education, as opposed to training to be a corporate employee. In other words, to survive this AI push we might need to become generalist autodidacts—with our own specializations of course. MORE
Onsite or Remote?
It’s strange how some companies and people are so much better when the team is all onsite in a single location, and others are so much better when they let people work remote. I think it comes down to this: if you’re a young, feisty startup with lots of young, A-player talent, it’s probably better to be all in-person in a single location. No exceptions. And it seems like anything else it’s best to have flexibility. Because once there are multiple offices, the benefits of going in disintegrate quickly. MORE
DISCOVERY
It's surreal that we're about to walk into a Bird Flu pandemic for one reason alone:
People are TIRED of pandemic talk.
So we're about to break the global economy again, kill lots of people, all because pandemics are "annoying". x.com/i/web/status/1…
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler)
11:47 PM • Nov 29, 2024
"Who's Hiring in Tech?" — A Twitter bot (@careergus) has been monitoring and archiving tech job posts from Hacker News' "Who's Hiring?" threads since 2019, building a dataset of over 100,000 job postings. MORE
A fascinating analysis shows how the internet's BGP table changes over a single day, with 1,087,828 total updates captured during the 24-hour period. MORE
ssh-artwork — A fun tool that lets you create ASCII art in your SSH server's public key fingerprint by manipulating the key generation process until you get your desired pattern. MORE
jsontr.ee — A new tool that lets you visualize JSON data as an interactive tree structure in your terminal, with support for collapsing/expanding nodes and searching. MORE
LaTeX.css — A new CSS framework that makes your website look exactly like a LaTeX document, complete with theorems, proofs, dark mode, and proper math rendering. MORE
SearchGPT Shortcut — You can now invoke ChatGPT in web search mode using Apple Shortcuts. So instead of going to LLM responses, it searches the web first. MORE
Amazon S3 Put-If-Match — S3 now supports atomic compare-and-swap operations, letting you check if data has changed before overwriting it. This is huge for preventing race conditions and implementing optimistic locking in distributed systems. MORE
Text2Motion.ai — A new AI tool that lets you create animations just by describing them in text, similar to how you'd use DALL-E for images. MORE
rga — Ripgrep on steroids. It lets you search through PDFs, E-Books, Office documents, zip files, tar.gz archives, and more. It's faster than pdfgrep because it uses multithreading and caches text extraction. MORE
ElevenLabs just released a podcast creation tool that lets you turn text into complete audio shows using AI voices and music. The tool can take blog posts, news articles, or scripts and convert them into complete podcasts, complete with AI-generated voices and background music. MORE
Canon R1 vs Nikon Z9 vs Sony A1 II Camera Comparison — Chris Niccolls did a detailed shootout between the three top pro cameras, with the Canon R1 winning overall but each having specific strengths. MORE
RECOMMENDATION OF THE WEEKWhen you’re thinking about what education your young family members need. Or your friends. Or yourself. Frame the question as a challenge of:
What would they tell an all-knowing and all-powerful AI to make if they had full control of it?
How would they know if it was finished making it?
#1 requires that they understand the problems in the world. That they know what should exist that doesn’t. #2 requires that they can tell the difference between high and low-quality things—which again—comes down to experience.
Focus on broad, world-model-building education that gives them both of these. I think this type of approach will ultimately make people the most resilient to AI replacement.
APHORISM OF THE WEEKThank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Daniel
Powered by beehiiv
November 19, 2024
Frontview Mirror: 2025 Edition
This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.
A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!Powered by beehiiv
Daniel Miessler's Blog
- Daniel Miessler's profile
- 18 followers
