Daniel Miessler's Blog, page 5
November 18, 2024
UL NO. 459: New Active 0-day Exploitation, AI That Sees Your Open Apps, The RebootAI Project
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey there!
Had a great conversation with Rob Allen from ThreatLocker about their Zero Trust approach: deny-by-default, dynamic ACLs, and blocking ransomware at every stage.
The UL Black Friday Membership window is now open. GET IT 👇🏼
🦃 UL Membership Black Friday Sale 🦃It’s time for turkey and cranberry sauce again, which means it’s also time for a Black Friday Sale of 20% off the first year of UL Membership.
Here’s what members get:
Access to the smartest, most curious, and KINDEST community out there
Direct access to Daniel and hundreds of security and AI professionals
Exclusive Member-Only content
Access to the UL Book Club, which has run monthly since 2017!
Access to our Mid-month Meetups, where we discuss career / life
DEEP discounts on paid courses and products
Best of all is the people.
It’s seriously the best community I’ve ever been a part of.
🫶🏼
“Daniel has created a place for civil discussion in a world that frequently prefers argument over discussion.”
- Ben Collins
Use coupon code BLACKFRIDAY20
Join Our Community of the Kind and CuriousUpgraded all my Ubiquiti gear and am making progress towards a 10Gbit world.
Heading to Saudi soon to speak at Blackhat MEA!
SECURITYThis one didn’t get nearly enough coverage last week. ChatGPT has a new feature that can read code from MacOS apps like VS Code, Xcode, and Terminal, making it easier for people to use AI in a live way without copy-pasting. The new feature called, "Work with Apps," uses MacOS's Accessibility API to read text right from your screen. MORE
💡This is getting closer to what some other startups are working on, where they’re watching your screen and AI is operating on it. That functionality scares the crap out of me, though, so I’m only likely to use it with Apple and maybe Google if they haven an option to turn off the data harvesting / ads stuff.
For startups, I’m really worried about them getting all this data and then getting compromised. I see it as a virtual inevitability. I really only trust a handful of companies (mostly just Apple, actually) with this much—and this level—of data.
Something—or some one—has cut the data cable between Finland and Germany. Finland's internet access is currently routed through Sweden. Many are assuming shenanigans. MORE
Sponsor
Are genAI tools integrated with your other apps?
Nudge Security discovers all genAI accounts ever created by anyone in your org, as well as the OAuth grants that enable data-sharing across apps.
Start a free trial to:
• Discover all genAI tools ever used in your org
• See all users, authentication methods, and OAuth grants
• Get alerted of new genAI tools or integrations
• Vet unfamiliar tools with security profiles for each provider
nudgesecurity.com/use-cases/ai-security
Try it NowPalo Alto Networks has released Indicators of Compromise (IoCs) for a new zero-day vulnerability affecting their firewalls. MORE
VMware confirmed that threat actors are exploiting two vCenter Server vulnerabilities, CVE-2024-38812 and CVE-2024-38813, which were first disclosed at the 2024 Matrix Cup hacking competition. MORE
Sponsor
Build a Cybersecurity Awareness Program That Works
Learn how Goodwin Motor Group crafted a successful cybersecurity culture that engages everyone—from execs to frontline staff. Discover actionable tips for creating compelling training, sustaining participation, and proving program ROI, shared by the champions behind this thriving program.
Reserve My Spot Continue reading online to avoid the email cutoff AI / TECHAnthropic has a new Prompt Improver, that takes a given prompt and writes a better one. This is an example of ecosystem improvement I’ve been talking about. MORE
OpenAI might launch an "AI agent" tool called "Operator" in January. Operator will compete with Anthropic's "Computer Use" and Google's rumored agent. MORE
💡I’m anticipating that in 2025 the biggest thing in AI will be the maturation of Agents. They started getting decent in 2024, next year they’ll get mature enough—and integrated enough—for real-world use cases.
The models will get smarter, but I think most of the benefit will be in the tooling and ecosystems around the models—not the models themselves.
For agents, it’s helpful to remember what the actual milestone is, which is pretty simple to track.
Constant monitoring of audio, video, text of everything you’re doing
That means cameras and microphones on your body
And full monitoring of the screens and I/O of your devices/computers
This is what’s going to feed your personal and work DAs with the full context it needs to serve you best. And that’s what all these efforts will eventually push towards, even if they’re not doing so yet.
Sam Altman and Arianna Huffington's Thrive AI Health is an AI assistant that aims to offer personalized advice on sleep, food, fitness, and more. MORE
Google.org is putting $20 million in cash and $2 million in cloud credits into a new initiative to help researchers use AI for scientific breakthroughs. MORE
Apple's M4 Max CPU transcribes audio twice as fast as Nvidia's RTX A5000 GPU while using significantly less power. In a user test, the M4 Max completed an audio transcode in 2:29 minutes using Whisper V3 Turbo, consuming just 25 watts, compared to the RTX A5000's 4:33 minutes and 190 watts. MORE
💡Really want one of these, but can’t justify it yet. The real question is whether our next AI rigs should be a cluster of Mac Mini’s, or a standard big beefy NVIDIA-based box.
I’m thinking it might be big box for the next one, and then the one after that is probably some other architecture we can’t see yet? Or perhaps an Exolab cluster of Apple-based systems?
iOS 18.2's Music Recognition feature now logs where you were when you heard a song. This new "Musical Memories" feature geotags songs, so you can remember the exact location you discovered them. MORE
HUMANSPharma stocks have crashed due to RFK Jr. taking over Health and Human Services. Moderna is down close to 40%, and other stocks are suffering in a similar way. Not sure how this isn’t a buy opportunity, though. I don’t see how most people (and RFK) don’t figure out how to tell the difference between good and bad stuff these companies are doing. MORE
Netflix hit a record 65 million concurrent streams during the Mike Tyson vs. Jake Paul fight, reaching 60 million households worldwide. But there were over 100,000 complaints about buffering and connection problems. MORE
A new study shows that treating bullying as a collective issue rather than an individual one can significantly reduce its occurrence in primary schools. The approach involves engaging the entire school community, including teachers, students, and parents, to address and prevent bullying. MORE
💡I love this concept, which reminds me of how some countries handle prostitution by going after the buyers rather than the sellers. It’s an economics way of looking at a whole system, and not just the obvious place.
With bullying, I think what needs to happen is some level of shaming of the kids who see it happen and do nothing about it, e.g., intervening, telling adults, etc.
IDEASRebootAI — An Offline AI Oracle for Emergencies
I want to build a local AI that can run offline in bad situations like earthquakes, meteor strikes, and any other scenario where we might have power (like from solar), but no internet. So the idea is that I want something I can ask how to do anything! Tourniquets, sterilizing water, building shelters, identifying edible plants, etc. So ideally this would be both text and image capable, and just as resilient an implementation as possible.
Who wants to help me build it? Or does anyone know of one already out there? Even better if it’s its own standalone box, and you can just update the model used every once in a while.
DISCOVERYCloudflare's robots.txt file is a mix of ASCII art and directives for web crawlers. It allows Twitterbot and DemandbaseWebsitePreview to access specific language pages, but blocks many others from accessing various parts of the site, like search results and feedback pages. MORE
Managing High Performers — A guide on how to effectively manage high-performing employees. It covers strategies for keeping them motivated, providing the right challenges, and ensuring they feel valued within the organization. MORE
Ian's Secure Shoelace Knot is the best shoelace knot I know of. I actually tie this for my sneakers and mostly leave them that way and slip them on and off. MORE
RECOMMENDATION OF THE WEEKCheck out the Aphorism of the Week below.
Focus your efforts on being flexible after wrong notes, as opposed to being able to play perfect notes all the time.
2025 and the next few years are likely to be so crazy that we won’t be able to plan or play the right notes.
But what we can get good at doing is adapting once the wrong note is played.
APHORISM OF THE WEEKThank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Daniel
Powered by beehiiv
November 12, 2024
UL NO. 458: Ollama Vulnerabilities, Rating AI Using AI, The Mantis Hack-back Framework
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey there!
I created the first Fabric Stitch, called rate_ai_result (DIRECT LINK). It rates the quality of AI #1 using the judgement of AI #2! And the result is an assessment of how smart AI 1 was on the following scale:
A rate_ai_result output example
You can get rate_ai_result here. MORE
👋🏼Going forward I’ll be sending this newsletter from newsletter@unsupervised-learning.com instead of daniel@danielmiessler.com, so please add newsletter@unsupervised-learning.com to your contact list to avoid future newsletters going to spam. 🫶🏼
I’m entering the fiber world! I’ve upgraded to 5Gbit fiber for internet, and it’s making me want to upgrade the house to be able to handle it too. Which means 10Gbit switches and ethernet ports on devices (where possible). So now I need to figure out how to replace my CAT6 in the walls with fiber as well, which will be a comfortable 100Gbit. 😍
Over CAT6 to my Mac Studio M2 that comes with 10Gbit Ethernet
Had a great sponsored conversation with Jason Haddix with Flare! We talked about a lot of things, but especially what special sauce makes Flare so attractive as a platform for Jason. Watch it on YouTube!
Sponsor
The Security Leader’s Guide to Proactive Vulnerability Management
Cyber threats are inter-connected. Vulnerabilities are gateways in your attack surface that can be exploited to deploy ransomware, infostealers, and other cyber threats.
Learn how you can build a strong vulnerability management program (VMP) and reduce your attack surface with this comprehensive guide, featuring:
➡️ Roadmaps, battle-tested lessons learned, and strategies implemented by Flashpoint customers.
➡️ Measuring your VMP's effectiveness with metrics like Mean Time to Detect (MTTD) and Mean Time to Remediation (MTTR).
➡️ How to manage risk exposure by combining powerful vulnerability intelligence with industry-leading threat intelligence.
Download the report from Flashpoint to learn more.
go.flashpoint.io/guide-to-proactive-vulnerability-management
Get the Guide SECURITYSix critical flaws have been found in the Ollama AI framework, potentially allowing denial-of-service, model theft, and poisoning attacks. MORE
💡Remember: Friends don’t let friends publish their Ollama APIs online without authorization/filtering.
The FBI is warning about a rise in hacked police emails being used to send fake subpoenas and emergency data requests (EDRs) to U.S. tech companies. MORE
💡Pretty nasty general attack type here.
Basically, you find low-security organizations that have high trust, and then you compromise them and make requests with them as the origin.
Think access to data, special permissions, restricted authorization to do something, etc. Seems like government and law firms are likely targets here.
Google's AI security assessment tool, Big Sleep, found a zero-day vulnerability in the SQLite database engine. This is the first time we’ve seen AI find something that more standard testing has missed in the past. MORE
Sponsor
Dropzone AI Named a Gartner Cool Vendor!
Discover why Gartner named Dropzone AI a Cool Vendor for the Modern SOC. Join our monthly webinar on November 20th to see how our AI-driven platform empowers SOC teams to work smarter and respond faster. Don’t miss insights that could redefine your approach to security!
content.dropzone.ai/monthly-demo-webinar
Save Your Spot!The FBI is asking the public for help in identifying Chinese hackers in groups like APT31 and APT41. MORE
CrowdStrike has launched new AI Red Team Services to identify vulnerabilities in AI systems and provide guidance on how to fix them. MORE
Synology is telling users to patch a critical zero-click RCE bug, CVE-2024-10443, affecting millions of DiskStation and BeePhotos NAS devices. Remember: Friends don’t let friends put NAS on the internet. MORE
Nokia is investigating a potential breach after a hacker, IntelBroker, claimed to have stolen their source code from a third-party vendor. The hacker says the data includes SSH keys, source code, RSA keys, and more, accessed via default credentials on a SonarQube server. MORE
Canada has ordered TikTok Technology Canada to shut down, citing national security risks. The decision doesn't block Canadians from using TikTok, but shuts down the company's Canadian business operations. MORE
Researchers from George Mason University have introduced Mantis, a framework that uses prompt injections to hack-back against prompt injection. By exploiting the vulnerabilities of large language models, Mantis can misdirect or even compromise attackers' systems. MORE
The U.S. is tightening rules on foreign real estate deals near military bases, adding 60 more installations to the list under CFIUS scrutiny. This follows the forced closure of a Chinese-owned crypto mine near F.E. Warren Air Force Base, which raised national security concerns. MORE
Continue reading online to avoid the email cutoff AI / TECHRobotic dogs are now patrolling Mar-a-Lago to help protect President-elect Donald Trump. These "high-tech hounds" are part of the ASTRO program, equipped with surveillance tech and sensors to detect bombs and chemical threats. MORE
💡I think 2025 and 2026 are going to be some serious utopia / dystopia years. Lots of sci-fi happening in reality.
Nvidia surpassed Apple to become the world's largest company by market cap, hitting $3.43 trillion. MORE
OpenAI has introduced a new feature called "Predicted Outputs" that lets you send expected content to speed up API responses. If your prediction is spot-on, there's no extra cost, but if it diverges, you'll pay for the additional tokens. MORE
Waymo has launched its robotaxi service across an 80-square-mile area in and around Los Angeles. Hey, no fair. What happened to the greater Bay Area! MORE
Apple's adding a new feature to the Find My app in iOS 18.2 that lets you share a lost AirTag's location with an airline or a trusted person. Apple wins by doing thousands of these small improvements that add up over the years. Then they get sued because everyone likes them better than competitors. MORE
Apple's Vision Pro visionOS 2.2 adds wide and ultrawide display options for a laptop or desktop display. It’s completely nuts. Super clear, high-resolution, and I’ve spent over an hour working on it. Plus you can position visionOS apps around it too. MORE | VIDEO OF IT IN ACTION
TSMC is set to open its Fab 21 in Arizona this December, which will be huge for the on-shoring movement in the US. MORE
TSMC is halting the supply of advanced AI processors to its Chinese clients starting November 11, following an investigation showing chips were ending up in Huawei devices. MORE
HUMANSThe dollar is at its highest in two years, and the stock market has been going crazy since Trump won the election. Investors are betting on "Trump trades," expecting tariffs and tax cuts to boost stocks, inflation, and slow interest rate cuts. And Bitcoin is near $90,000. Wow. MORE
💡I predicted Trump would win, and that investors would go batshit. But I didn’t anticipate this much movement even before he took office.
Andreessen Horowitz is backing AI-powered parenting tools, with partner Justine Moore highlighting a new wave of "parenting co-pilots" using LLMs and agents. MORE
💰My buddy is participating in a real-life bug bounty. Actually a treasure hunt. It’s detailed in this book that was just released. He’s been traveling to this remote island with other bounty hunters (cyber) to search for a treasure worth like half a million dollars. MORE
Genetic discrimination is becoming a real thing (as we knew it would). Insurers use DNA data to deny coverage or hike prices. Bill, a healthy 60-year-old, was denied long-term-care insurance after revealing a genetic mutation linked to ALS, despite not having the disease. MORE
Companies are already moving production out of China as Trump plans massive tariffs. Steve Madden is cutting its China-made products by 40%-45% and shifting to Vietnam and Cambodia. Stanley Black & Decker is reworking its supply chain but says US production is unlikely. Meanwhile, HM Manufacturing and Cruz are eyeing increased US production to meet demand and avoid tariffs. MORE
💡Seems like the tariffs might work as prods for companies to do what they wanted to do anyway (move out of China), but they have to be done carefully to avoid massively increasing inflation. Will be interesting to see how broad and fast they’re applied.
🔭NASA's Juno spacecraft just completed its 66th flyby of Jupiter, sending back stunning raw images that community editors have turned into incredible photos. MORE
😍Deanna Dikeman's "Leaving and Waving" is a brilliant and touching photo series capturing her parents waving goodbye over the years. The project spans from 1991 to 2017, documenting these heartfelt moments as she drove away from their home. MORE
A new study from Ben-Gurion University shows that controlling blood sugar can slow brain aging. MORE
Astrobiologist Sara Imari Walker explores the complex question of what life truly is in her book, "Life as No One Knows It: The Physics of Life’s Emergence"
A possible UL Bookclub candidate!
She argues that modern science has yet to develop a theory that fully integrates life into the universe's description, challenging the boundaries between disciplines like biology, chemistry, and physics. MORE
A mom in Georgia was jailed after her 11-year-old son walked alone to town, despite her belief in a "Free-Range" upbringing. I’d love for the libertarian mindset to come to parenting, too. Seems pretty easy to tell the difference between neglect and free-range. MORE
The average age of U.S. homebuyers has jumped to 56, up from 49 last year. MORE
Oliver Sacks explores the meaning of life through love and despair in his letters, emphasizing that meaning is something we create, not find. MORE
IDEASCrypto is Back, but as Gambling and Money Stores
I think crypto is back not so much as an idea right now, but as a “screw the system” gambling/alternative bank type thing. This ends badly for most involved, with a few people getting super rich. We’ve seen the movie already. Maybe Solana is an exception (like a really fast Ethereum, basically). I personally won’t be playing much other than as a game. My big bets are on NVIDIA and TESLA. With Apple and Costco as my secondaries.
“I sense the good in him.”
Unlike most smart people I know, I think Elon and Andreessen and Thiel and those types are actually still good people. I think Elon’s been really nasty online, and I’m worried we could be losing him to extremist thinking. I’m worried about it. For sure. But I don’t think his fundamentals have changed. I think he’s triggered and lashing out, and that he’ll come back. That’s my belief. Or my hope. Can’t tell which sometimes. Maybe they’re the same. Talked with Sam Harris about it after his latest podcast, The Reckoning, and he thinks I’m wrong. 🥹 So if all my smart friends think I’m wrong, and I am the only one who sees this, I’m either seeing something they aren’t, or I’m confusing hope with reality. I think it’s the former, and I’m willing to make a prediction on this. I like predictions now—in the spirit of Superforecasters. So my prediction is that over the next 4 years we’re going to see Elon, a number of these Silicon Valley types, and yes—even Trump—take stances and create policies that are very Liberal in purpose. Meaning, they’re trying to lift everyone, not just the elite. In other words, we’re going to see significant compassion and the lifting of everyone in their rhetoric and work. If I’m wrong, I’m wrong. I fully acknowledge there’s a significant chance it goes the opposite way. And if that happens I’ll be opposing them just like my other friends in the center and on the left. But if I’m right, then I ask you to encourage the good in them (and people like them). I ask you to help me pull them back from the chasm.
Security Is a Useless Controls Problem MORE
ChainForge — ChainForge is an open-source visual programming tool for prompt engineering that lets you run evaluations against prompts using a boxes-and-lines interface reminiscent of Yahoo Pipes. MORE
How do you run away from an army of these? MORE
ToolGit — A set of scripts that add new sub-commands to Git, enhancing its functionality. MORE
An AI cluster using Mac Minis and Exolabs. MORE
How I ship projects at big tech companies MORE
Diagrams — A tool for creating diagrams as code, making it easier to visualize complex systems and architectures. MORE
Everything I've learned so far about running local LLMs MORE
Packy McCormick encourages readers to spend less time doomscrolling and more time reading books. MORE
Draw.Audio — A new musical sketchpad using the Web Audio API lets you create music directly in your browser. MORE
RECOMMENDATION OF THE WEEKThe CEO of Anthropic thinks AGI is coming within a couple of years. Sam Altman thinks it’ll be 2025 or 2026.
Start getting ready.
Know your life mission
Know your goals
Fill in and practice your most important sentence.
Start building your TELOS file
Get really good with your AI tools (fabric, chatgpt, etc.)
Get your website up
Commit to reading 50 books in 2025
Start writing—even if you think you don’t have anything to say
APHORISM OF THE WEEKThank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Daniel
Powered by beehiiv
November 11, 2024
Using the Smartest AI to Rate Other AI
Since early 2023 I’ve wanted a system that can assess how well AI does at a given task.
And when I say “system”, what I really mean is an AI system. Which means I want an AI system that rates AI systems. There are a bunch of these out there now, as well as a number of AI output eval frameworks that are somewhat useful.
But I wanted a simpler architecture that uses high-quality prompting to do the work. In other words, what could I give a smart, Judging AI as instructions such that it can evaluate the sophistication of less smart, to-be-tested AI? So here’s the structure I used.
I created a Fabric Pattern called rate_ai_result which is used by the smartest AI available (the Judging AI). In this case, I’m using o1-preview. THE PATTERN
Craft a Stitch (piped Patterns working together) that collects all the components together to send to the Judging AI.
The components are:
a. The input that the first AI will do its work on
b. The instructions for the first AI on how to perform the task
c. The output of the AI’s work
Those are then sent to the Judging AI using a single command.
(echo "beginning of content input" ; f -u https://danielmiessler.com/p/framing-... ; echo "end ofcontent input"; echo "beginning of AI instructions (prompt)"; cat ~/.config/fabric/patterns/extract_insights/system.md; echo "end of AI instructions (prompt)" ; echo "beginning of AI output" ; f -u https://danielmiessler.com/p/framing-... | f -p extract_insights -m gpt-3.5-turbo ; echo "end of AI output. Now you should have all three." ) | f -rp rate_ai_result -m o1-preview-2024-09-12
In this command, we’re pulling the content of a webpage, pulling the content of the AI instructions (the prompt/Pattern), and then pulling the results of the AI doing the task using gpt-3.5-turbo.
That is all then sent to the rate_ai_result Pattern using o1-preview.
The command from Step 4.
The rate_ai_result PatternThe setup is simple enough, but most of the magic is in the rating pattern itself.
What I’m having it do is think deeply about how to assess the quality of how the task was done—given the fact that it has the input, the prompt, and the output—relative to various human levels. Here are the steps within the Pattern/prompt.
A snippet of the rate_ai_result Pattern (click through for full pattern)
We also told it to rate the quality of the AI’s work across over 16,000 dimensions. We also gave it multiple considerations to use as seed examples of analysis types (which reminds me a lot of Attention, actually).
Hints to o1 on how to build its own multi-dimensional rating system
This is one of my experimental techniques that I’ve been playing with in my prompts, and we need to understand that tricks like this could range from highly effective, to completely useless, to even counter-productive. I intend to test that more soon using eval frameworks, or wait until the platforms do it themselves. But if any model so far might be able to use such trickery, it’s o1.
Anyway, here’s the result that came back: Bachelor’s Level.
GPT 3.5 Turbo got a rating of Bachelor’s Level
After hacking on this for a few hours this weekend I am happy to report something.
I’ve got this thing predictably scoring the sophistication of various models on the human scale—across multiple types of task.
In other words, GPT-3.5 is scoring as High School or Bachelor’s level—predictably—doing lots of different AI tasks. So,
Threat Modeling
Finding Vulnerabilities
Writing
Summarization
Contract Reviews
Etc.
…while GPT-4o and Opus score way higher—and o1 scores the highest! Again, across various tasks and multiple runs.
That’s insane.
It means—as kludgy as this first version is—we have a basic system for judging the “intelligence” of an AI system relative to humans. And I’m pretty sure I can make this thing way better with just a bit of work.
What’s coolest to me about it is that it’s a framework. When the new best model comes out, that becomes the judge. And when new models come out we want to test for particular tasks (like tiny models optimized for a particular thing), we can just plug them in. Plus we can keep optimizing the rate_ai_result pattern itself.
Anyway, just wanted to share this so people can attack it, improve it, and build with it.
Powered by beehiiv
November 4, 2024
UL NO. 457: China Builds a Military App Using Meta Llama
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey there!
👋🏼Going forward I’ll be sending this newsletter from newsletter@unsupervised-learning.com instead of daniel@danielmiessler.com, so please add newsletter@unsupervised-learning.com to your contact list to avoid future newsletters going to spam. 🫶🏼
My final analysis on the 2024 US Election. MORE POLITICAL
Really want to switch to nushell, but it looks highly complicated and I don’t want to use this optimization as an excuse not to do other work. LOVE the idea of output as data though. Definitely heading this direction soon. NUSHELL
SECURITYChinese military researchers have supposedly used Meta's Llama AI model to develop a defense chatbot called ChatBIT, which is pretty much exactly what people like me were worried about with open-source AI. MORE
💡There’s an obvious tradeoff of risks here. On one hand, you have big model vendors hoarding all the IP and becoming EvilCorps, and on the other hand, we open source the intelligence that our enemies use to attack us. Or if it’s ASI eventually, maybe worse.
I’m honestly agnostic on this right now. The details matter a lot in deciding which is better, and the situation and calculus change constantly. But I think I lean towards not open-sourcing the best models like Llama 3 405B, Llama 4, etc.
It’s been possible to track the movements of world leaders like Joe Biden and Donald Trump through their bodyguards' activity on Strava. French newspaper Le Monde found that some US Secret Service agents use the app, revealing sensitive locations like a San Francisco hotel where Biden met Xi Jinping. MORE
LastPass is warning users about scammers promoting a fake support number through 5-star reviews on its Chrome extension. The number, 805-206-2892, leads callers to a site where they're tricked into downloading a remote support program that’s actually malware. MORE
Sponsor
5 Tips to Fight AI Security Risk
Did you know most AI security risks fall into 4 primary categories? Adversarial attacks, model inversion attacks, data poisoning, and model theft. Given these risks in AI systems, what’s the best way to secure them?
Fortunately, Wiz recently put together an ebook, Getting Started with AI Security, to answer that exact question across the following areas:
AI risks and best practices for mitigation: Understand the threats and how to tackle them.
Safeguarding your AI development pipeline: Learn how AI-SPM can protect your AI projects.
Using AI to power security: Discover how AI can enhance your security operations and incident response.
Don’t let AI risks catch you off guard. Discover the 5 best strategies to secure them in this essential guide.
wiz.io/lp/getting-started-with-ai-security-ai-risks-how-to-prevent-them-and-ai-for-defender
Get the GuideResearchers used the new real-time API in ChatGPT-4o to create voice-based financial scams like bank transfers and credential theft with success rates between 20-60%. MORE
Cisco Talos found five out-of-bounds vulnerabilities in NVIDIA's shader processing and eleven in LevelOne routers. MORE
Okta has patched an issue where you could login without a password if your username was over 52 characters. Jesus. How had this never been hit by all the testing they must go through? MORE
The US has charged Russian national Maxim Rudometov for developing the RedLine infostealer after they gained full access to the malware's source code and infrastructure. MORE
The U.S. military has made its first confirmed purchase of OpenAI products for AFRICOM, marking a significant step in OpenAI embracing the adoption of AI into national security. MORE
Bellingcat has geolocated the site where Hamas leader Yahya Sinwar was killed by the IDF in southern Gaza. Using IDF videos and images, the location was pinpointed to Gaza’s Tal as-Sutlan area at coordinates 31.3055, 34.2467. Key visual markers included a gazebo, a red building, and a white residential tower. MORE
Continue reading online to avoid the email cutoff AI / TECHSearchGPT is now available to replace Google with OpenAI web search. This is basically OpenAI’s replacement for Google. I’ve switched to it as my main way of doing search. It’s vastly better than either Google or Perplexity for most of my use cases. MORE
SearchGPT results
Big week for OpenAI because you can now talk to your ChatGPT app on Mac/Windows as well. This is huge because much of AI advancement at this point is about the ease of instant use rather than just the intelligence of the models. MORE
Google's AI is now generating over a quarter (🤯) of its new code, which engineers then review and accept. MORE
💡Um, this whole AI thing started like 2 years ago. And Google is using it to generate over a quarter of its code. Imagine what this will be in 2 more years.
I cannot express to you how much you need to become all of these if you want to be employed / employable going forward.
Thinker / Creator
Product Manager
Developer (AI Augmented, of course)
Sales / Marketing expert (AI Augmented, of course)
These are all merging. It’s all one thing. It’s just called being in the workforce.
You have to be able to come up with ideas, implement them, and then get them to market. Full stop. This is the work side of Human 3.0.
Hamel Husain shares insights on setting up LLM-as-a-judge systems to evaluate AI outputs effectively. He highlights common pitfalls like unmanageable metrics and arbitrary scoring, and introduces "Critique Shadowing" to streamline evaluations. MORE
Meta is using over 100,000 Nvidia H100 AI GPUs to train Llama-4. MORE
Microsoft's GitHub is no longer exclusive with OpenAI, now integrating Anthropic and other models. 💪🏼 MORE
Meta is developing its own AI-powered search engine to reduce reliance on Google and Microsoft. So happy the search space is getting blown open! People are tired of pages of ads, and the world is adapting. MORE
Ghost jobs are fake job listings that are frustrating tech workers, especially in California. A 2024 survey found 81% of recruiters admitted to posting these ads, often to gauge employee replaceability or create an illusion of stability. MORE
DecartAI's Oasis world model is a new AI-powered Minecraft clone that runs without a game engine. It’s rendered on the fly using AI. MORE
Dropbox is laying off 20% of its workforce, cutting 528 jobs due to slowing growth. I don’t see how this could have gone any other way. All main platforms will have cloud storage, and it’ll get harder and harder to compete with them over time. Seems natural. MORE
Claude can now view images within a PDF, expanding its capabilities beyond text. MORE
There's a surge in "national-interest startups" in Silicon Valley, focusing on tech that benefits the US directly. These companies, part of a trend called American Dynamism or New World, are working on projects in aerospace, critical infrastructure, and government sectors. MORE
Google is adding a Google Home extension to the Gemini app, letting you control your smart home with natural language prompts like "Set the dining room for a romantic date night." MORE
💡Super excited about this. And we’re seeing the same promise (hopefully) with ChatGPT integration with Siri. Basically we need real AI in these home automation systems. There are risks though, so it needs to be done carefully.
HUMANSWarren Buffet is selling Apple and BofA and going HEAVY into cash. Question: What does he see that we don’t? MORE
💡I’ve been tracking a lot of analysis on this and I keep hearing that you don’t want to be in cash because of inflation. Which means he sees something that is going to hurt equities even more?
Research says starting a business might actually reduce stress. Entrepreneurs report lower stress levels, better health, and more meaningful careers compared to traditional employees. MORE
💡This is all very Human 3.0 as well. They have less stress because they have a vision for how to solve a problem, and they’re pursuing it—which is one of the centers of happiness.
Note: Being a founder can also be extremely stressful as well. But it’s a different kind of stress if you believe in the mission as opposed to being at a random company being tossed around by idiot middle managers.
Someone sequenced a genome in just 24 hours using a device plugged into their laptop. Way different than the 90s when the Human Genome Project cost billions and took years. MORE
A study found that even minor dehydration (less than 1% body mass loss) can negatively impact cognitive functions like memory and attention. MORE
A study found that sleep regularity is a stronger predictor of mortality risk than sleep duration. MORE
NASA's Voyager 1 had to switch to a backup radio transmitter that hasn't been used since 1981 due to recent communication issues. Worked fine. But iOS 18 is super buggy. MORE
A new US rule now mandates automatic refunds for canceled or significantly delayed flights, so no more begging airlines for your money back. MORE
Plants use air gaps between their cells to scatter light, helping them determine its direction and grow toward it. MORE
IDEASDISCOVERY
My new favorite way of talking about politics is to have someone describe the world they want to live in.
Mute the sound and look at this video.
This, combined with Star Trek The Next Generation's Federation is what I want to help build.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler)
7:28 PM • Nov 4, 2024
Add study.new in front of any YouTube Video and open a chat with the video! MORE
Wasp Flamethrower Drone Attachment — This drone kit lets you attach a flamethrower to your drone, offering a 25ft range and a 1-gallon fuel capacity for 100 seconds of firing time. MORE
vim-medieval — This Vim plugin lets you evaluate code blocks directly within Markdown files. By using the :EvalBlock command, you can execute code and even redirect output to other blocks for a form of literate programming. MORE
Vector databases are the wrong abstraction MORE
Prompts are Programs MORE
My post on how to fix WiFi Roaming in Ubiquiti MORE
Brendan Gregg has introduced AI Flame Graphs, a new tool for visualizing AI model performance and resource usage. MORE
Do Hard Things Carefully MORE
Pimp My Man — This article explores enhancing the experience of using man pages by changing the default pager. The author suggests using bat, a Rust-based tool that offers syntax highlighting, as a replacement for less. Alternatively, neovim can be used for those who prefer a color scheme, though it may be slower due to plugin loading. MORE
My setting:
export MANPAGER='nvim +Man!'Transformer Explainer — This tool from the Polo Club of Data Science at Georgia Tech visually breaks down how Transformer models like GPT-2 process text. MORE
Rachel changed her mind on employee metrics. MORE
Make It Yourself — A digital book featuring over 1000 DIY projects from creative minds worldwide. Each project links to its original site, offering all the details you need to make it yourself. MORE
Drakkenheim Maps — A Reddit user, AcrobaticLanguage517, has shared a collection of 104 AI-generated maps for Drakkenheim, a setting for Dungeons & Dragons. MORE
lynx.boo — A minimalist website for sharing all your links. Just enter your username, click "Edit/Create," and you're set. You can update your link page anytime by visiting /yourusername/edit. MORE Title: Show HN: A minimalist (brutalist?) website for sharing all your links
Textcasting — A new approach that brings the philosophy of podcasting to text, allowing for a more engaging and serialized reading experience. MORE
Sci-fi books that you may never have heard of, but definitely should read MORE
If you're coding or working with spreadsheets all day, consider an 8K TV instead of multiple monitors. An 8K TV offers better image quality and resolution, and can double as a 4K 120 Hz gaming screen. MORE ← I keep thinking about this. Soooon.
RECOMMENDATION OF THE WEEKMy two favorite debaters on opposite sides of the election.
APHORISM OF THE WEEKThank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Daniel
Powered by beehiiv
Final Thoughts on the 2024 Election
I have some interesting thoughts going into the big day tomorrow, and I wanted to try to capture them concisely.
The best overview debate (Harris vs. Shapiro)But first, here’s the best debate to listen to if you want the strongest arguments on each side. It’s Sam Harris against Ben Shapiro—with Bari Weiss moderating (and asking some extraordinary questions herself). Can’t imagine a better debate from better people.
The power of FramingAnyway, one of my first thoughts is that they’re all—even Ben—missing something massive in all this.
Vibes. Or in the language I’ve been using lately—Framing.
Basically, I think people largely exist in a world of ideology and emotion right now, and that they use this as a lens to interpret reality. So it kind of doesn’t matter what is actually happening. What matters is how people feel about what they think is happening.
So the battle is largely about narratives and beliefs—not policy or outcomes or whatever.
Which means—strangely—that Trump could win, implement a bunch of policies that actually make things harder on people (like tariffs on American companies that force them to raise prices) and people could still feel like things are better.
This is pretty cynical, but I honestly believe that like 50-70% of the country might just instantly feel things are better if Trump wins. Largely because of this. And even if bad things happen as a result of his bad policies, they’ll still feel things have improved because of framing.
I don’t think enough people realize how powerful this effect is, and how much work it can do in shaping how people see the world. Crime stats. Economy. Immigration. Everything. For people who aren’t super informed, and who aren’t policy wonks, the data doesn’t tell the story. The stories they hear tell the story.
I think the pro-Trump framing for MAGA people is the most powerful example of this effect, but something similar happens in the opposite direction with die-hard Harris people if Trump wins. And when he did win. Their framing was, and would be, completely negative, which would make it nearly impossible to see any positive at all coming out of his administration. Same with Trump people seeing positive in anything Harris will do if she wins.
Multi-layer InceptionThe next idea I’ve been having over the last couple of months is around different ways of being wrong about Trump. I feel like there are multiple onion layers of inception around this whole thing. Here are the main three layers I’m seeing.
Just like in the movie, there are multiple levels of reality happening simultaneously
Inception Level 1 — The media has been massively unfair in their analysis of Trump (which sounds strange coming from me who can’t stand him). The “very fine people” thing, for example is an own-goal by the left. Because it’s not true. It was taken out of context. And once an independent sees the lie from the left, they might switch anti-left immediately. And it’s an uneeded lie! There are plenty of real things Trump has done that can be talked about instead. But the point is, Level 1 is that if someone watches say the Joe Rogan interview with Trump, they’ll realize he’s not what the media has been saying he is. That he actually makes decent points. He’s not Hitler. He’s somewhat likeable. And that many of his policies are quite sensible and moderate.
Inception Level 2 — If you’re paying close attention to notice Level 1, but you also aren’t a hardcore MAGA person, and you have read/watched what Trump’s actually done—you’ll know that Trump is far more dangerous than the right understands—even acknowledging that Level 1 is true. So it’s true that the left has lied about Trump, and it’s true that Trump has some decent takes on things. And it’s true that he’s quite moderate on a lot of issues. But his flaws massively outweigh this fact. His vulnerability to flattery. His lack of curiosity about how the world works. And his inability to hire and retain talent that disagress with him in any way. These are really, really bad. So it doesn’t matter that Level 1 is true, because Level 2 is as well!
Inception Level 3 — Inception Level 3 is that none of this might matter much because of the vibes / framing issue. In other words, the success of the country over the next four years might not come down to policy or facts—but rather perceptions and the actions that people take as a result of those perceptions. Perceptions held by Americans, and perceptions of America held by the world, and perceptions of America held by our enemies and allies. They might respond to Trump’s perceived strength and Harris’ perceived weakness far more than actual policy. And those actions the big players take in response to their perceptions—like signing a treaty, or withdrawling support for a war, etc.—will end up being what really matters.
So, as we head into the election tomorrow, I’m holding all three of these in my mind simultaneously. I believe they’re all true. 1 and 2 are somewhat in conflict. And all are true at the same time. Trips me out.
Prediction(s)My overall prediction is that Trump will win by a surprising margin. Not a landslide, but enough where it’s super clear that the left is lost. I mean, that’s already clear, but this will crystalize it. And my reasoning is that people are just really tired of anti-US, anti-West wokeism, and they see Harris as a continuation of it. That’s it. Trump is anti-woke and that’s the whole election. I think everyone’s been overthinking it.
Confidence Level of Trump Win: 80/100 (High)
Confidence Level of Trump Conclusive Win: 65/100 (Moderately High)
That’s my main prediction, but it could go lots of ways. Here are some longer-term outcomes that I can see happening over the next days, weeks, months, and years based on whether Harris or Trump wins.
—
Harris Wins And Shits the BedThe thing I’m most worried about with Harris is her winning and then floundering. She doesn’t give us a vision. She can’t articulate the problems or any solutions. She stays subordinate to all the woke stuff. And she basically becomes a non-President. Not only would that suck for the country, but it’d set back women President conversations by another 20-30 years. This is like the worst.
Confidence Level Assuming Win: 60/100 (Moderately High).
She gets in, flounders for a bit but finds her feet and becomes a strong leader. She pushes back against the woke stuff, and comes out highly principled and strong. People might not agree with her on some stuff, but that doesn’t matter. At least she’s being
a leader, and people will respect it. Even some Republicans.
Confidence Level Assuming Win: 40/100 (Moderately Low).
I feel like there are too many variables at play with Trump to make good predictions here, but I’d say there’s a decent chance that he does actually try to do a bunch of stuff that Regean or Bush or Romney would consider authoritarian / fascist. You have to use them as the benchmarks because the word is used too loosely today. But I can see him going after personal enemies, trying to limit free speech, trying to remove guardrails that stop him from staying in office, etc. But I can also see him being advised not to do this and/or just being too busy doing other things. I think he’s very random and thus so is this prediction.
Confidence Level Assuming Win: 60/100 (Moderate).
I think there’s also a moderate chance that the winds (and the narratives) favor him, and he gets in, moves a bit towards the center, doesn’t go after his enemies too much, doesn’t try to ban abortion countrywide, and the stock market and investors go insane. Most of the country starts thinking it’s Trump who did all this. Crime goes down because the police are empowered and funded, people feel safer, and there’s a general feeling of improvement in like 40-70% of the country. Most of this will be vibes/framing, and it could come at the cost of inflation or other negative effects, but that might not matter much. This is basically a Regean moment where an optimistic and positive person about America takes over after people being depressed for a long time. Again, this is vibes stuff, not policy stuff.
Confidence Level Assuming Win: 70/100 (Moderate)
—
Some other point predictions:
Chances Trump oversees the end of the Ukraine war by 2026: 80%, by 2027: 90%
Chances Trump oversees a strong treaty between Saudi And Israel by 2026: 70%, by 2029: 90%.
Chances Trump tries to extend his term or otherwise stay in office after a second term: 45%
Chances Trump tries to ban abortion nationwide: 40%
Chances of widespread riots/violence if Harris is elected: 40%
Chances of widespread riots/violence if Trump is elected: 60%
—
Notice that my confidence levels don’t add up to 100% or 1. The vibes I have about all these vibes are also vibes. Nobody has any idea what’s going to happen—not just in the election, but after someone wins. And that includes me.
I do these exercises so that I can see how good or bad my thinking was looking backward, so I can diagnose it and improve my thinking going forward.
NOTESI am locking these predictions in place, so I will only make updates in a separate section below the main post. Or in these notes.
Powered by beehiiv
November 2, 2024
Fixing Ubiquiti WiFi Roaming
The three settings I had to enable to get proper WiFi roaming
The problemI’m a massive fan of Ubiquiti stuff, but even after upgrading to U7 Pro APs (and having a lot of them for enough coverage) I still had the following problem.
When I would move from one room to another, I’d keep my full WiFi signal, but I would lose connection to the network/internet.
In order to fix it, I’d have to disconnect from wireless and reconnect—which means connecting to the closer AP.
In other words, it wasn’t properly switching AP by itself, and when I moved to another room where another one was primary, I lost connection—even though I still showed full WiFi bars.
The solutionSo the solution was first—a whole lot of searching—including using the new SearchGPT feature. Here’s a screenshot of the question and answer.
SearchGPT’s answer to which settings to enable to fix the issue
To enable those you need to switch from Auto to Manual for your Wireless Network settings.
Then enable these three:
Fast Roaming
BSS Transition
Brand Steering
Within Wireless Manual Settings
After doing this, I can now move throughout the house without losing internet connectivity.
Hope this helps!
Powered by beehiiv
October 29, 2024
UL NO. 456: A Deep-dive on Prompt Injection
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey there!
Lily Allen says she earns more from selling feet pics on OnlyFans than from her Spotify streams. She started the account after a pedicurist's suggestion and now makes at least $10,000 monthly from 1,000 subscribers.
💡Pedicurist as Talent Scout was not on my bingo card for 2024. MORE
—
The new AI features in the 18.2 beta are insanely awesome. Check out this picture I took of a glacier by long-pressing the Siri button on my iPhone 16 Pro.
It did all that by itself, using the native camera app. I didn’t have to take the picture and send it to OpenAI!
In other words, they just fixed Siri.
Here’s the full thread where I wrote up what I like about the new AI stuff in 18.2. MORE
—
Why I think (pure) developers are seriously screwed now. The ease of building an actual app is going way, way down—and faster than even I thought it would. MORE
—
👇🏼#1 AI question I get asked is about how to do AI securely within a company.👇🏼
Sponsor
Want to adopt GenAI but need data privacy guardrails first?
Harmonic Security gives security teams visibility and control around GenAI apps.
With Harmonic, you can:
Track employee usage and adoption of GenAI
Identify Shadow AI and GenAI tools training on your data
Detect sensitive data leaving the business via GenAI apps
Coach users via inline training and nudging towards safe AI use
Learn about Harmonic’s unique approach to securing sensitive, unstructured data effectively—without compromising on efficiency.
Learn More SECURITYApple is offering $1,000,000 to hack its Private Cloud Compute (PCC) system, which is its new, proprietary cloud system it built to handle Apple Intelligence requests that can’t be done on-device. MORE
🧠A New Way to Think About Why Security Awareness Doesn’t Work
💡Had an absolutely brilliant conversation with Cornelia Puhze at the Swiss Cyberstorm speaker dinner. She’s an expert on security awareness and we talked about why most programs don’t work, and her premise was that the only model that will work is something that interrupts System 1 thinking and gets us a chance with System 2.
🤯
In other words, the attacks are getting so good that you’re not thinking—you’re reacting. So all the traditional training in the world won’t help you because you’re not in the mindset where training CAN work. And this only gets worse with AI-written spearphishing that’s perfectly targeted to your personality flaws.
We talked about how the only defense is something like Dialectical Behavior Therapy and similar techniques—that teach you how to PAUSE when you become excited or anxious or stressed or whatever. Which is fascinatingly and strangely related to mindfulness.
Anyway, just love this concept so much because it cleanly explains why security awareness training fails so spectacularly, and hints at a new way of training that could work. Go follow Cornelia’s work.
—
💉Clarity on the Definition of Prompt Injection
Got into a debate with someone about whether Johann Rehberger’s attack against Anthropic’s Computer Use functionality was Prompt Injection or not. Here’s the attack and the thread about it.
This is a SUPER cool demo but I’m not sure I’d classify it as prompt injection.
The issue is that the instruction on the site is to run a program. And Computer Use is designed to follow instructions.
So the demo is showing that computers will follow dangerous instructions.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler)
10:14 AM • Oct 25, 2024
If you go through the whole thread it all comes down to definitions—as usual. My point was that if you tell an AI agent to eat poison—and it eats it and gets hurt—that’s NOT prompt injection. It’s a direct instruction followed by an agent.
So my take was that if you tell an agent to go to a website and download an executable and execute it—that’s the same. It’s like telling your computer to rm -rf. It’ll do it. And that’s not injection, it’s just a dangerous command.
But what’s super important here is WHO is asking for a given thing to happen, and what they EXPECTED would happen. You have to look at the implied goal of the REQUESTOR, and compare THAT to what ACTUALLY happens.
So if the requestor said:
Go execute commands on this possibly dangerous website.
That would not be prompt injection because it was just following commands.
What I missed in this particular case was that the initial command sent to the tool wasn’t to go and do what was on the website, but to just load the site. So the implied expectation of the REQUESTOR was normal browsing—not downloads and executions. So, given my definition above, and this initial setup—I’d call myself wrong about my original take.
Here’s the definition I have in my Real World AI Defintiions now, updated to magnify the importance of this wrinkle. And great research by Johann Rehberger!
Prompt Injection is an attack technique that uses specially crafted input to trick an AI into doing something that violates intent/expectation and leads to a negative outcome.
Real World AI Definitions (RAID)
Sponsor
Scale SaaS security and reduce spend with Nudge
Learn how cloud-first org Stravito scaled their SaaS security program while cutting spend and supporting rapid company growth, achieving these results:
Immediate visibility of their entire SaaS footprint
Cost savings from unnecessary SaaS licenses
Streamlined user access reviews
Faster vendor security reviews
Complete (and automated) employee offboarding
Read the case study
nudgesecurity.com/case-study/stravito
Read the Case StudyVMware has released updates for vCenter Server to fix a critical remote code execution vulnerability, CVE-2024-38812, with a CVSS score of 9.8. MORE
The Biden administration released the first National Security Memorandum on AI. I love its focus on not losing to China, and making sure it’s safe, secure, and trustworthy. It also focused a lot on being aligned with democratic (small d) values. MORE | THE MEMORANDUM
Fortinet has disclosed a critical vulnerability, CVE-2024-47575, in FortiManager, actively exploited in the wild. Known as FortiJump, this flaw allows remote code execution via the FGFM protocol and affects FortiManager and FortiAnalyzer models. MORE
Salt Typhoon (China affiliated) is suspected of breaching major telecom companies, targeting American political figures like Kamala Harris, Charles Schumer, Donald Trump, and J.D. Vance. MORE
TSMC has stopped doing business with a client after finding out that chips were being sent to Huawei, which is under US sanctions. The whole game for China now is to find proxies to buy through, or to use services like AWS that can hook up NVIDIA chips. MORE
Russia amplified false claims about U.S. hurricane responses to manipulate political discourse before the presidential election, according to the Institute for Strategic Dialogue. MORE
Both US parties are worried about last-minute deepfakes that create chaos and/or move the election. MORE
Speaking of that 👆🏼, the FBI says Russian actors created a fake video showing mail-in ballots for Trump being destroyed in Pennsylvania. MORE
Continue reading online to avoid the email cutoff AI / TECHGoogle is working on "Project Jarvis," an AI agent for Chrome that automates web tasks like research and booking flights. Powered by Gemini 2.0, Jarvis takes screenshots to interpret and act on tasks. MORE
💡This will be Google’s first move into the all-seeing digital assistant space, and I like to see it only because it will increase pressure on everyone to release theirs.
But I think this implementation is short-sighted due to it being browser-based. They really need “Jarvis” to live deeply in the OS, which is where Apple be heading soon.
World models, or world simulators, are emerging as a significant path for developing AI, and I’m really excited about the direction. MORE
💡I personally feel (as a non-expert in the weeds) that there will be a certain point of world model development (combined with post-training) that will unlock both AGI and ASI—although it might not be needed for AGI.
In other words, if an AI understands enough of how the world works, and it understands how to do science (conjecture, experiment design, and testing), that might be all it needs.
Plus, even if it’s not, it’s also the path to self-improvement.
TSMC's Phoenix chip plant is outperforming its Taiwan facilities in producing usable chips, according to a company executive on a webinar. Let’s go in-country production! MORE
Tesla's Cybertruck is outselling nearly every other electric vehicle in the US. That was quick. Like two months ago they were a laughing stock. MORE
Waymo just raised $5.6 billion in a Series C to expand to new cities. MORE
Determinate Systems is trying to make Nix is the go-to for software development by enabling flakes, streamlining private repositories, and improving dependency management. MORE
💡Dammit. These people are going to make me learn Nix aren’t they?
It’s hit my radar enough in the last year that I’m going to take a few days and learn the religion.
NASDAQ CEO Adena Friedman isn't shocked that startup IPOs haven't bounced back in 2024. She says while the S&P 500 is up 22%, it's mainly due to large-cap companies like Apple and Microsoft, while small-cap companies are struggling. MORE
HUMANSResearchers have traced 70% of meteorites to three major collisions in the asteroid belt over the last 40 million years. MORE
The US economy is leading the G7 with a projected 2.8% GDP growth. US workers are more productive, generating $171,000 in goods and services annually, compared to $120,000 in Europe and $96,000 in Japan. MORE
Elon Musk has reportedly been in regular contact with Russian President Vladimir Putin since late 2022, which is highly disturbing to me. Probably unrelated, but Elon has seemed a lot less supportive of Ukraine lately. 👎🏼MORE
Russian lawmakers have ratified a pact with North Korea for mutual military assistance and 3,000 North Korean troops have been deployed to Russia. And South Korea is thinking about sending help to Ukraine as a result. MORE | MORE
Character amnesia is becoming a widespread issue in China, where even well-educated individuals are forgetting how to write common Chinese characters. MORE
A study in Alzheimer's & Dementia suggests semaglutide, found in Ozempic and Wegovy, may lower Alzheimer's risk in Type 2 diabetes patients. The research compared semaglutide to seven other diabetes drugs and found a 70% lower Alzheimer's risk compared to insulin. MORE
Walking in short bursts can burn 20-60% more energy compared to continuous walking over the same distance. MORE
DISCOVERYMy friend Matt Johansen highlights the psychological toll of working in security (especially in SOCs), including decision fatigue, anxiety, and sleep disruptions. MORE
Google just launched a new 10-hour course called Prompting Essentials to help people write better AI prompts. MORE
An Ode To Vim MORE
PabloNet — A wall-mounted diffusion mirror turns webcam reflections into AI-generated paintings using StreamDiffusion. The setup includes a Raspberry Pi 5, a 10.1" Pi screen, infrared light, and a Pi camera, all housed in a generic frame. MORE
Japan has introduced a digital nomad visa, and Christian Mack shared his experience of getting one. MORE
IRIS — A new approach called IRIS combines large language models (LLMs) with static analysis to detect security vulnerabilities in software. Using a dataset called CWE-Bench-Java, IRIS detected 69 out of 120 vulnerabilities in Java projects, outperforming traditional static analysis tools that found only 27. MORE
School is Not Enough: Learning is a consequence of doing MORE
llm-whisper-api — Simon Willison created a quick plugin for LLM to experiment with the OpenAI Whisper API. You can install it using llm install llm-whisper-api and run it with llm whisper-api myfile.mp3. MORE
simpletext — A text-only blog engine using Cloudflare Workers and KV store. It's designed to be lightweight and efficient, leveraging Cloudflare's infrastructure for hosting and data storage. MORE
The Most Important Sentence MORE
One of the weirdest features of the web I know of—text fragments let you link directly to specific text on a webpage without needing an anchor, using a special URL syntax. It even highlights the text when you land on the link. MORE
RECOMMENDATION OF THE WEEKThe counterforce to election stress is reading some older good books. Here’s a great list to choose from.
1. Gödel, Escher, Bach: An Eternal Golden Braid by Douglas Hofstadter
2. Zen and the Art of Motorcycle Maintenance by Robert M. Pirsig
3. The Book: On the Taboo Against Knowing Who You Are by Alan Watts
4. The Structure of Scientific Revolutions by Thomas S. Kuhn
5. Finite and Infinite Games by James P. Carse
6. Seeing Like a State by James C. Scott
7. The Spell of the Sensuous by David Abram
8. Ishmael by Daniel Quinn
9. Mind and Nature: A Necessary Unity by Gregory Bateson
10. Small Is Beautiful: Economics as if People Mattered by E.F. Schumacher
APHORISM OF THE WEEKThank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Daniel
Powered by beehiiv
October 24, 2024
The Most Important Sentence
For anyone struggling career or purpose-wise, I have a diagnostic for you.
Fill in this sentence.
I believe one of the biggest problems in the world is ___________, which is why I'm building/creating/doing ____________.
And now that you’ve filled it in…are you happy with your answer?
In my opinion, most people are struggling with life direction and satisfaction because they can't fill out this sentence in a way that they respect. Or—even worse—they can't fill it out at all.
Many are working in crushing 9-5 jobs that destroy the soul, make them dread Mondays, and that don’t fill in this sentence in a satisfactory way.
My advice to you is simple.
Find a way to write this sentence for yourself.
Make it a priority.
Once you've found your sentence, you’ve then found a molten core for a thriving career. And not just your career, but maybe your life as well.
Everything builds off of how you are useful to the world.
Find your usefulness by finding a meaningful problem and a path to solving it.
Fill in your sentence.
Powered by beehiiv
October 23, 2024
AI Isn't the Thing. It's the Thing That Enables the Thing
I think people are confused about how money will be won and lost with AI. Most "AI businesses" will get crushed because only so much tooling is needed. So that will be a crash.
But there will be a far bigger boom from new companies creating new things using AI.
I think of AI as a creation and business-enablement technology. It’s not like infosec, or cloud, or social media, or Marvel movies. It’s not a space. Or a tech. Or a hype cycle. It’s just intelligence. It’s pure accelerant.
So when I think of AI, I think of the things people will make with it—not of AI itself.
And this is how I look at the question of whether we’re going to have an AI crash or an AI boom. The answer is yes.
We’ll have both. And the reason is that there’s only so much room/need for AI-enablement tools and platforms. At some point there will be a plateuing of what’s possible and/or even needed there. We’ll have enough tools, and models, and frameworks, etc. Or they will become invisible and therefore hard to differentiate and monetize.
That will kill a lot of companies who don’t understand that AI isn’t the thing—it’s the thing that helps people make the thing.
And once that happens (and even before), the real 📈will be the tiny startups that bring net-new things into the world. Thousands of new “companies” and products. And then millions. All making brand new spectacular things that they never could have made before as a single person, or as a 3-20 person team.
Sure, they’ll be massively enhanced by AI. Their infrastructure, their marketing, their sales, most of their development, and pretty much all the traditional parts of their business will be created/run by AI. And that’s what will let them have a 1-20 person team but function like a 200-20,000 person company.
But at the end of the day it all reduces to one thing: more stuff.
More products
More services
More art
More movies
More games
More experiences
More hardware
More software
More of everything that provides value today
The best way to think about AI is as a magnifier. A magnifier of human creativity.
But not just a magnfier. A multiplier as well.
So let’s say at the end of 2022 we had 19 HC (Human Creativity) points on planet Earth. And most of those were—for various random reasons—centered around uniquely lucky people in Western countries.
Well that number is about to become 38. And then 100. And then 1,000. And then 20 million.
Forget the people scrambling to compete with OpenAI or whatever. It’s noise.
The real show is what 8 billion humans will do once more of their creativity is unlocked.
Powered by beehiiv
October 22, 2024
UL NO. 455: Anthropic 'Computer Control'
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey there!
Just did the opening Keynote at the Swiss CyberStorm event in Bern, Switzerland, and it was fantastic! Such a well-run conference with great speakers and super high-quality attendees. Christian Folini and Adriana and team did a spectacular job on the event, and I couldn’t be more impressed with everything from the conference to the venue to the town. Just wonderful.
Sponsor
How do you secure RAG?
Box stores important documents. HIPAA forms. Credit card numbers. Confidential IP. Stuff that can’t leak, or everybody from the CISO down is about to have a very bad day. Sometimes it’s helpful to use retrieval-augmented generation (RAG) to query those docs with AI. But any time it touches your data, Box AI must obey strict rules:
Scope permissions to authorized documents only
Never store or train on queries
Encrypt everything in transit and at rest
And more…
blog.box.com/secure-rag-powering-and-safeguarding-ai-innovation
Learn how Box secures RAG SECURITYU.S., Australia, and Canada have issued a warning about Iranian cyber actors targeting critical infrastructure through brute-force attacks over the past year. The campaign has hit sectors like healthcare, government, and energy, using tactics like MFA prompt bombing and exploiting CVE-2020-1472 (Zerologon) for privilege escalation. MORE
Cisco is investigating claims of a data breach by IntelBroker, who is allegedly selling sensitive Cisco data. The data reportedly includes source code, credentials, and confidential documents, with major companies like AT&T and Microsoft listed as affected. MORE
The FIDO Alliance has announced new specs for passkeys, allowing you to move them between different password managers. Hell yeah. Passkeys are the best consumer security upgrade in probably over a decade. MORE
Sponsor
Get the No B.S. Guide to building a strong cybersecurity program in 90 days! (No email required)
Are you an IT leader without a big, dedicated security team? Have you had challenges implementing a robust cybersecurity program due to lack of resources and/or budget?
Don't let this hold you back anymore! Download our 90-Day guide to get a month-by-month blueprint on how to build an effective, multi-layered cybersecurity strategy without enterprise-level resources.
defendify.com/guide/get-your-cybersecurity-program-started
Download Guide (no email required)CISA has flagged a critical flaw in SolarWinds Web Help Desk software, tracked as CVE-2024-28987, due to active exploitation. The vulnerability involves hard-coded credentials, allowing unauthorized access and data modification. MORE
Taiwan reports being surrounded by 153 Chinese military aircraft during drills, as Beijing flexes its military muscle with fighter jets, drones, and warships. China calls it a warning against "separatist acts," while Taiwan urges a halt to provocations. MORE
A company was hacked after unknowingly hiring a North Korean cyber criminal as a remote IT worker. The hacker faked his credentials, accessed the firm's network, and stole sensitive data, demanding a six-figure ransom in cryptocurrency. MORE
Brazilian authorities have arrested a hacker allegedly behind major cyberattacks on the FBI, Airbus, and others. The suspect, linked to the alias USDoD, was caught in "Operation Data Breach" and is accused of leaking sensitive data, including 80,000 InfraGard members' info. MORE
DJI says US customs blocked some of its drones, including the new Air 3S, due to a "customs-related issue." Evidently, the situation could have been a mistake, and customs is working with DJI. MORE
The FBI arrested an Alabama man, Eric Council, for allegedly hacking the SEC's X account via a SIM-swap attack to falsely announce Bitcoin ETF approvals. This fake post caused Bitcoin's price to spike by $1,000 before dropping $2,000 after the SEC confirmed the hack. MORE
Not sure if this is real, but I hope it is. The IDF just told Gazans where Hezbollah is storing millions in cash and gold, and encouraged them to go get it. MORE
Continue reading online to avoid the email cutoff AI / TECHAnthropic just launched a new feature that can control desktop apps via a new "Computer Use" API. It emulates human interactions like keystrokes and mouse gestures, allowing it to perform tasks on a PC. Insane. MORE
The new Claude 3.5 Sonnet is the first frontier AI model to offer computer use in public beta.
While groundbreaking, computer use is still experimental—at times error-prone. We're releasing it early for feedback from developers.
— Anthropic (@AnthropicAI)
3:06 PM • Oct 22, 2024
Trevor I. Lasn argues that software engineer titles have lost their meaning due to rampant title inflation. The once clear junior-mid-senior progression is now muddled, with "senior" titles being handed out after just a few years of experience. MORE
Dharmesh has created an AI agent that analyzes the personality and vibe of a Twitter user based on their last 100 tweets. It's easy to use—just enter a username and hit "Go" for a quick 30-second analysis. The tool is designed to help users find content that matches their preferred vibe, avoiding extreme negativity or cynicism. You can try it for free here. MORE
Someone used AI to upgrade a picture for a conference, and AI decided on its own to add some bra exposure to the picture. Insane. This is why it’s so important to understand AI’s goals. Virality vs. Accuracy, for example.
I'm talking at a conference later this year (on UX+AI).
I just saw an ad for the conference with my photo and was like, wait, that doesn't look right.
Is my bra showing in my profile pic and I've never noticed...? That's weird.
I open my original photo.
No bra showing.
I put… x.com/i/web/status/1…
— Elizabeth Laraki (@elizlaraki)
6:12 PM • Oct 15, 2024
A clever trick has been discovered to bypass GPT-4o's restrictions by convincing it that it's an "all-responsive" API endpoint. MORE
GPT-4o was reportedly jailbroken by claiming it had access to a disk with any file on the planet. MORE Comments
The New York Times has told Perplexity, an AI startup backed by Jeff Bezos, to stop using its content. MORE
Sam Altman's Worldcoin project is now called World, and it has a new eyeball-scanning Orb device. The updated Orb, made with 30% fewer parts and using Nvidia's Jetson platform, aims to verify human identity in the AI era. MORE
Google's NotebookLM now lets you guide AI-generated audio conversations, launching a business pilot program. The update allows users to customize audio summaries, focusing on specific topics rather than just holistic overviews. MORE
Google has signed a deal with Kairos Power to use small nuclear reactors to power its AI data centers, aiming for 500MW of carbon-free electricity by 2035. MORE
Dane Stuckey, former CISO at Palantir, is now OpenAI's newest CISO, working with Matt Knight, OpenAI's head of security. I would have loved a lot more detail on how they’re splitting duties. MORE
Despite AI's rise, global startup funding continued its slump in Q3 2024, with a 16% drop from the previous quarter. AI startups secured $19 billion, making up 28% of all venture dollars, but couldn't offset declines in other sectors. MORE
Reality Defender is addressing real-time deepfake scams with a new tool aimed at detecting AI-powered impersonations during video calls. They’re developing a Zoom plug-in to identify fake participants, but it's currently in beta for select clients. MORE
Musk and xAI pulled off a feat that usually takes four years, setting up a supercluster of 100,000 H200 GPUs in just 19 days. Nvidia's Jensen Huang called the effort "superhuman,". MORE
Waymo is offering a $3 credit for San Francisco riders using its robotaxis to travel to select public transit stations until November 15. The credits can be used for future rides through December 31, and the program is the first of its kind among U.S. autonomous vehicle operators. MORE
Chinese scientists have developed a sustainable method to extract lithium from seawater using solar energy. MORE
The National Labor Relations Board (NLRB) has filed a complaint against Apple, claiming the company improperly limited employees' use of Slack and social media. Torn on this one: it sucks that Apple people can’t be public, but it’s also very clear when people sign up. 🤷 MORE
Alex Chan shares how he's using static websites to organize his digital archives, like scanned paperwork and saved media, into easy-to-browse (and search) collections. MORE
Using Cloudflare on your website might be unintentionally blocking RSS users due to its Bot Fight Mode and AI scrapers and crawlers settings. These features can mistakenly identify RSS readers as bots, preventing them from accessing content. MORE
Someone talks about how they revamped their blog using a Jekyll theme, optimizing performance and reducing build time from 12 seconds to 1 second. Key improvements include optimized SASS, better YouTube embeds, and automatic CDN image handling via a GitHub Webhook. MORE
Apple is letting businesses customize their appearance in emails and calls on iPhones. Using the Business Connect tool, companies can add their brand name and logo to emails, calls, and payments. MORE
The FTC is making it easier to cancel subscriptions with a new "click-to-cancel" rule. This rule requires companies to make canceling as easy as signing up, applying to services like streaming and gym memberships. MORE
HUMANSA survey by Intelligent.com found that 1 in 6 companies are hesitant to hire recent college graduates, citing issues like lack of motivation, poor communication, and unprofessionalism. 75% of companies reported unsatisfactory hires, and 60% had to fire recent grads this year. Many hiring managers believe Gen Z grads are unprepared for the workforce, with 9 in 10 suggesting etiquette training. MORE
In Japan, resignation agencies are getting super popular as workers struggle to quit jobs due to harassment or cultural pressures. Companies like Momuri handle resignations for those unable to do it themselves. MORE
A new study suggests that despite the wide variation in autism, it can be divided into four core subtypes based on genetic variants and biological pathways. MORE
A new study by Gehlbach, Robinson, and Fletcher shows that people often believe they have enough information to make decisions, even when given partial, biased data. MORE
The American economy has significantly outperformed other wealthy nations, which is the opposite of what was predicted. In 1992, people thought the US would lag Europe and Japan, but the opposite has happened. MORE
A really powerful tax evasion strategy for the ultra-rich is to borrow money against their stocks. Importantly, this allows you to avoid capital gains tax becuase you’re using borrowed money. MORE
The American Stroke Association has released new guidelines for stroke prevention, highlighting the use of weight loss drugs like Ozempic. They put out an updated list of things to do/avoid, and the most interesting piece to me was that the steps to prevent stroke are the same for preventing dementia. MORE
US vaccination rates for kindergartners have dropped to 92% for the 2023–2024 school year, down from 95% in 2019–2020, according to the CDC. Non-medical exemptions, like religious or philosophical ones, have hit a record high of 3.3%. MORE
A new treatment for Type 2 diabetes has shown promising results, eliminating the need for insulin in 86% of patients. MORE
Since March 2023, global sea surface temperatures have risen unexpectedly, baffling climate scientists. NASA's Gavin Schmidt highlights potential factors like reduced sulfur emissions from shipping, the Hunga Tonga eruption, and solar activity, but none fully explain the spike. MORE
Narratives help us make sense of life, but they can also limit our thinking and freedom. The article explores how narratives shape our identities and actions, often simplifying the complexity of life. MORE
The article explores the concept of "laziness death spirals," where procrastination and laziness compound, leading to a cycle of stress and unproductivity. It suggests acknowledging the spiral as the first step to recovery and offers three strategies: emergency recovery with motivational content, natural recovery by waiting for reset points, and heroic recovery through deep self-analysis. MORE
IDEASAI Isn’t a Thing. It’s the Thing That Makes the Thing.
I think people are confused about how money will be won and lost with AI. Most "AI businesses" will get crushed because only so much tooling is needed. So that will be a crash.
But there will be a far bigger boom from new companies creating new things using AI.
I think of AI as a creation and business-enablement technology. It’s not like infosec, or cloud, or social media, or Marvel movies. It’s not a space. Or a tech. Or a hype cycle. It’s just intelligence. It’s pure accelerant.
So when I think of AI, I think of the things people will make with it—not of AI itself.
And this is how I look at the question of whether we’re going to have an AI crash or an AI boom. The answer is yes.
We’ll have both. And the reason is that there’s only so much room/need for AI-enablement tools and platforms. At some point there will be a plateuing of what’s possible and/or even needed there. We’ll have enough tools, and models, and frameworks, etc. Or they will become invisible and therefore hard to differentiate and monetize.
That will kill a lot of companies who don’t understand that AI isn’t the thing—it’s the thing that helps people make the thing.
And once that happens (and even before), the real 📈will be the tiny startups that bring net-new things into the world. Thousands of new “companies” and products. And then millions. All making brand new spectacular things that they never could have made before as a single person, or as a 3-20 person team.
Sure, they’ll be massively enhanced by AI. Their infrastructure, their marketing, their sales, most of their development, and pretty much all the traditional parts of their business will be created/run by AI. And that’s what will let them have a 1-20 person team but function like a 200-20,000 person company.
But at the end of the day it all reduces to one thing: more stuff.
More products
More services
More art
More movies
More games
More experiences
More hardware
More software
More of everything that provides value today
The best way to think about AI is as a magnifier. A magnifier of human creativity.
But not just a magnfier. A multiplier as well.
So let’s say at the end of 2022 we had 19 HC (Human Creativity) points on planet Earth. And most of those were—for various random reasons—centered around uniquely lucky people in Western countries.
Well that number is about to become 38. And then 100. And then 1,000. And then 20 million.
Forget the people scrambling to compete with OpenAI or whatever. It’s noise.
The real show is what 8 billion humans will do once more of their creativity is unlocked.
DISCOVERYgit-remote-s3 — This Python library lets you use Amazon S3 as a Git remote and LFS server. It acts as a git remote helper and supports pushing LFS-managed files to the same S3 bucket. MORE
Mic Audio Level — Keep an eye on your microphone input level right from your menu bar. Handy for podcasters and streamers who need to ensure their audio is just right. MORE
CloudGoat — Rhino Security Labs has released a new scenario called sns_secrets for their CloudGoat tool. MORE
Hacker Typer — Created in 2011, Hacker Typer lets you look like a movie hacker with just a few keyboard clicks. MORE
Philips Hue app's latest update lets you customize lighting effects, adding four new ones like underwater and cosmos. You can now tweak the intensity and color of effects, making your lights more personal. MORE
RECOMMENDATION OF THE WEEKStop thinking of AI as a thing, and start thinking of it as a magnifier of a thing. Which is Human Creativity.
I think this will help you not only as a worker in a career, but as a builder or investor as well.
APHORISM OF THE WEEK
Powered by beehiiv
Daniel Miessler's Blog
- Daniel Miessler's profile
- 18 followers
