Daniel Miessler's Blog

September 4, 2025

Building Your Own AI-powered Life Management System

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; } .bh__table_cell { padding: 5px; background-color: #FFFFFF; } .bh__table_cell p { color: #2D2D2D; font-family: 'Open Sans','Segoe UI','Apple SD Gothic Neo','Lucida Grande','Lucida Sans Unicode',sans-serif !important; overflow-wrap: break-word; } .bh__table_header { padding: 5px; background-color:#F1F1F1; } .bh__table_header p { color: #2A2A2A; font-family:'Trebuchet MS','Lucida Grande',Tahoma,sans-serif !important; overflow-wrap: break-word; }

The post and video

Since this whole AI thing started in late 2022, I have been slowly building a unified system for life and work management.

Not for tech. Not for AI.

For life .

For the things I care about as a human.

I just launched a video today describing my system named “Kai” and my entire process for building it. It lays out:

Why I built it,

The way I think about such systems,

And the actual structure step-by-step guide to how I built the individual components inside of Cloud Code

And don't be intimidated by the Claude Code thing. It's just a container. The components themselves are universal and you can use them inside of any AI system.

My goal with this video is to get you thinking about your own tasks, and your own life management system, and your career management system, and your information management system, and what such a thing could look like if it were unified and upgradeable.

Please go and watch this video even if you don't plan on building this system immediately.

At the very least, it will get you thinking about the questions of:

What could you be doing if you had more time?

What would you be researching?

What would you be studying?

If you had a tutor, what would you have them teach you?

What if you were more communicative with the people you care about?

What if you were actually able to make the projects that you've been thinking about for all these years?

Let me know what you've come up with after you watch the video and/or read the guide.

I can’t wait to hear about what you build!!!

Continue reading online…

The post and video

Talk soon!
Daniel

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on September 04, 2025 13:27

August 25, 2025

Unsupervised Learning NO. 495

UPDATES

Hey, hope you’re doing well!

ERRATA: Two mistakes last episode:

My conversation about AI System Design was with Michael Brown, not Matthew Brown. Sorry Michael! Phenomenal conversation!

The open-source AI vuln discovery tool I mentioned last week was a separate project, unrelated to XBow.

—

A whole bunch of built-up procrastination due to technical obstacles is really starting to add up for me, causing lower mood and energy. I can't remember where I read it, but I really love the framing of anxiety and procrastination simply being side effects of not getting work done that you wanted to, or thought you should.

I'm definitely feeling that. But I hope to resolve most of it this week!

—

Speaking of Michael, here’s my conversation with him about designing AI systems that actually work. Michael Led the Trail of Bits AI XCC team that won 2nd place, and he’s brilliant.

If you think at all about practical vs. hype AI, you will love this conversation.

—

🔥This is the Personal AI Infrastructure I’ve been building for years now, documented in a lot of detail. Took the entire weekend to update this beast.

When I talk about working on AI, I'm mostly upgrading and enhancing this thing. 👇🏼

Building a Personal AI Infrastructure (PAI)

Exploring the concept of personal AI infrastructure and how to build AI systems that upgrade humans as we transition to Human 3.0

danielmiessler.com/blog/personal-ai-infrastructure

—

It's so much easier to write story commentary for the newsletter using Wispr Flow. Next to Claude Code and ChatGPT back in 2022, I would say this is definitely the best tech I've seen in years.

—

Last week’s podcast was like an hour and a half long. Caught up on tons of stuff across work and tech and life. Felt significant. If you haven’t listened in a while, you should listen to this one. LISTEN

UL NO. 494

AI Finds a P1, I Missed Chartbeat So I Made My Own, XBow Open-Sources Their AI Bot, and more...

omny.fm/shows/unsupervised-learning/ul-no-494-standard-edition-ai-finds-a-p1-i-missed-chartbeat-so-i-made-my-own-xbow-open-sources-their-ai-bot-and-more

Sponsor

AI Agents That Actually Triage Vulnerabilities

Most vulnerability management feels like a treadmill: huge backlogs, noisy findings, and nonstop pressure.

Maze takes a different approach with AI agents that investigate vulnerabilities the way humans do —context-aware, precise, and fast.

That means 80–90% of false positives removed automatically, only a small handful marked for urgent attention, and fixes are sent directly to the right owners. It’s like having expert engineers on call, only they never sleep.

Find Out How It Works

Really excited with Maze’s approach here, with a focus on getting the context from the organization and sending fixes to the correct people rather than blasting them out to unrelated people who will grow hate in their hearts for security!

CYBERSECURITY

Google releases FACADE, their internal anomaly detection system for insider threats

Google open-sourced FACADE, the deep learning system they use internally to catch insider threats and detect account compromises. Absolutely love them for releasing projects like this out to the public for free. FACADE GITHUB REPO | RESEARCH PAPER | BLACKHAT 2025 SLIDES

Researchers discover PromptFix attacks that hijack AI browsers through hidden prompts

Guardio Labs tested Perplexity's Comet browser and found attackers can hide malicious instructions in fake captchas that AI agents process as legitimate commands. GUARDIO LABS RESEARCH | CYBERSECURITY NEWS ARTICLE

Phishing emails now target both humans and AI defenses simultaneously

Anurag Gawande shares how attackers are embedding prompt injection commands in phishing emails to confuse AI security tools while still tricking human recipients. MALWARE ANALYSIS ARTICLE | REDDIT DISCUSSION

Grok chats are showing up in Google search results

Malwarebytes reports that Grok's share button makes conversations searchable on Google without users realizing it. MALWAREBYTES ARTICLE | FORBES COVERAGE | BBC REPORT

Continue reading online to avoid the email cutoff… NATIONAL SECURITY

The U.S. is running low on Patriot missiles after heavy Middle East use

The Pentagon is scrambling to rebuild Patriot missile stocks after using 30 interceptors in a single day defending Al-Udeid base from Iranian attacks—the largest single-day use in U.S. history. THE CIPHER BRIEF REPORT | LARGEST PATRIOT SALVO ARTICLE

Clear Plus adds biometric gates that skip TSA officers entirely

Clear launched facial recognition gates at Atlanta's airport that verify your ID and boarding pass in under six seconds, letting paid members bypass TSA officers completely before bag scanning. It will be phenomenal if this is able to be maintained and if it expands to other airports.

Interesting piece of security psychology here is that I naturally wonder how easy it would be to fool this system, but then I remember how cursory the checks are by the staff currently. MORNING BREW COVERAGE | WSJ REPORT | AXIOS ARTICLE | THE POINTS GUY

OpenAI says GPT-6 is coming faster than GPT-5 took

Sam Altman told reporters that GPT-6 is already in development and won't take as long as GPT-5 did. Surprising to me that they had to play this card. Subs must really be down for them to have to start teasing this already. BLEEPING COMPUTER ARTICLE | CNBC INTERVIEW

Game developers embrace AI agents at massive scale

A new study reveals that 87% of game developers are now using AI agents in their development process, which is not surprising to me at all. I do a lot with AI and a lot with role-playing games, and they go extremely well together. I mean, just think about character generation, scenario generation, plots, etc. All this stuff is center mass for LLMs.

GOOGLE NEWS ARTICLE

AGI is an engineering problem, not a model training problem

Vinci Rufus argues that AGI won't come from bigger models but from better engineering—specifically orchestrating multiple specialized models working together like a brain's different regions. HIS ARTICLE

Developer replaces vector databases with Git for AI memory

Growth-Kinetics built a proof-of-concept that stores AI memories as markdown files in Git repos instead of vector databases, letting you git checkout to any point and see exactly what the AI knew then.

I really love ideas like this, and I'm personally experimenting with using the file system for all sorts of context management. As we keep talking about here, the management of memory and context is like 90% of the game with AI systems. DIFFMEM GITHUB REPO | HACKER NEWS DISCUSSION

MIT study finds 95% of enterprise AI projects have zero impact on profits

MIT researchers found that 95% of corporate AI implementations fail to impact the bottom line because companies try to force generic tools like ChatGPT into existing workflows instead of solving specific problems.

This very much reminds me of my earlier article on intelligence tasks. The companies that I see adopting AI the fastest and the best are the companies that already understand how their business works. They are simply applying AI to that. It's really hard to optimize something you don't understand, which unfortunately is many/most businesses. TOM'S HARDWARE ARTICLE | FORTUNE COVERAGE

Developer builds memory layer to stop AI agents from forgetting everything

And here's another memory/contact system. Piyush created In Memoria, an MCP server that gives AI coding tools persistent memory so they remember your codebase structure and coding patterns between sessions.

This is the type of thing where a major improvement to memory context management is going to roll out in Cloud Code or something, and it's going to suddenly improve all coding output and throughput by 40% or something. Just making up a number, but my point is that these jumps are going to be extreme. IN MEMORIA GITHUB | HACKER NEWS DISCUSSION

TECHNOLOGY

Coinbase CEO fired engineers who refused to try AI coding tools

Brian Armstrong gave engineers a week to sign up for GitHub Copilot or Cursor, then fired those who didn't have good reasons for not doing it. Sounds super brutal but I see it very similar to a CFO firing accountants for not using Excel. I also find it hilarious that Armstrong was strong-arming people. 💪🏼 Sorry. TECHCRUNCH ARTICLE | CHEEKY PINT PODCAST

Uv adds experimental code formatting with Ruff integration

Astral just added experimental formatting to uv, bringing Ruff's formatting directly into their Python package manager so you can format code without installing anything extra. UV FORMAT ANNOUNCEMENT | HACKER NEWS DISCUSSION

Zed raises $32M from Sequoia to build collaborative IDE with real-time version control

Zed raised $32M Series B from Sequoia to build DeltaDB, their new operation-based version control system that tracks every edit in real-time, not just commits. Super interesting to be able to have like an infinite undo tree.

But this doesn't solve the whole problem because you still need to have useful milestones to roll back to. I assume this will be paired with AI that notices and labels changes. Pretty cool stuff. Can't wait to see it in Claude Code. ZED ANNOUNCEMENT | ZED GITHUB | ZED JOBS | CRDT EXPLANATION

Every engineer taking sales calls led to a complete platform rewrite

A startup forced all their engineers to take customer sales calls, and within two weeks they'd completely rebuilt their platform based on what they learned. Something something change comes from pain. I think it's an ingenious idea, and related to something I heard a long time ago—forcing people to work in other roles inside of the organization just to grow empathy and perspective. REDDIT POST | HACKER NEWS DISCUSSION

Google rushes ahead of Apple with AI-heavy Pixel 10 phones

Google's new Pixel 10 series goes all-in on AI features like Visual Overlays that guide you through your camera view, Magic Cue that proactively suggests actions across apps, and Voice Translate that makes phone calls sound like each person speaking their native language.

As an Apple "religious" person, I have to be the first one to admit that Apple is stumbling in the last year or two with major innovations, and especially AI. I still think that once they solve the AI/Siri issue, they're going to jump way ahead. But I expected that to have already rolled out. This is made much worse for them by Google suddenly finding their vision and voice.

Even I am tempted by some of their new tech and some of their new phones. I feel like they are crushing it on the AI stuff. But I know people who have very recently tried to switch from Apple to Google and came back immediately because there's nothing like the ecosystem cohesion that Apple has. For multiple reasons, I continue to wait for Apple to figure out the AI/Siri story and regain their momentum. TECHCRUNCH COVERAGE | PIXEL 10 ANNOUNCEMENT

Getting on the Hacker News front page brings traffic but not conversions

Dan Moore shares what actually happens when you hit the HN front page after 12 years and 400+ successful posts—you get thousands of visitors and valuable feedback, but basically zero conversions. I can also confirm this after having had dozens of front page appearances. It's mostly just an, "oh my god, somebody is looking at me" rush. DAN'S HN FRONT PAGE ANALYSIS

HUMANS

ICE budget could jump to $88 billion under new deportation plan

House Republicans want to give ICE $88 billion for Trump's mass deportation plans, which would make its budget bigger than most countries' entire militaries. NEWSWEEK COVERAGE | HACKER NEWS DISCUSSION

Exercise has insane ROI that most people completely miss

Herman breaks down why exercise is the highest-leverage investment you can make—saying it's basically compound interest for your body and brain. HERMAN'S EXERCISE ROI ANALYSIS | HACKER NEWS DISCUSSION

The hidden management skill is knowing when to actually manage

Terrible Software explains that the most underrated management skill is knowing when to step back and let your team work without interference. Good article, but my favorite book on this is "The Dichotomy of Leadership" that talks about multiple extreme trade-offs that you have to manage constantly when managing. TERRIBLE SOFTWARE ARTICLE | HACKER NEWS DISCUSSION | THE DICHOTOMY OF LEADERSHIP BOOK

Margin debt hits record high as investors borrow to buy stocks

Hacker News discussion reveals margin debt has reached unprecedented levels, with commenters debating whether this signals market exuberance or rational leverage in a low-rate environment. ARTICLE | HACKER NEWS DISCUSSION

Scientists reverse brain aging in mice by reducing a single protein

UCSF researchers discovered that reducing FTL1 protein in old mice restored their memory and increased brain cell connections, basically reversing age-related cognitive decline. One of the most exciting prospects for AI to me is simply combing through massive amounts of data and finding tons of slack in the rope or easy tricks for doing all sorts of things, like improving cognition, reducing aging, and all sorts of stuff we're not even thinking about yet. SCIENCE DAILY COVERAGE

IDEAS

Context Orchestration for AI is mostly an engineering, or a traditional tech, problem—not a model problem. The issue is not the intelligence of the models but the quality of the systems that those models work within.

DISCOVERY

AGENTS.md as a standard way to guide AI coding agents

Really cool idea here of crowdsourcing context management and orchestration for AI tooling. The community created AGENTS.md, an open format that lets developers write simple markdown files telling AI agents exactly how to work with their codebases. AGENTS.MD SITE | HACKER NEWS DISCUSSION

Developer gets shadowbanned by Hacker News and asks for a real IP ban instead

Sean Conner discovered he's been shadowbanned from Hacker News and would rather just be banned at the IP level if they don't want him there. SEAN'S BLOG POST | HACKER NEWS DISCUSSION

Everything in the universe is correlated with everything else

Gwern Branwen explains why all variables correlate with each other in large datasets—it's not measurement error, it's that everything genuinely affects everything else through countless indirect causal chains. GWERN'S EVERYTHING ARTICLE | HACKER NEWS DISCUSSION

RECOMMENDATION OF THE WEEK

The two strongest predictors for longevity are:

VO2 Max

Strength

I recommend getting your VO2 max tested quarterly if you can, fairly cheaply, or wear a device like an Apple Watch that will give you some kind of estimation.

For strength, it's not any particular one test that matters - otherwise you could game the system. What matters is that you are overall strong. So I recommend whatever works for you in terms of regular resistance training.

Me personally, I do kettlebell swings and deadlifts and traditional gym resistance training for chest and back and shoulders and arms and such.

We don't even fully understand why being strong is such a predictor or even VO2 max. But it makes sense to me overall. I think it comes down to: If you have those things, that means other things are true as well - activity, blood flow, cardiovascular health, etc.

So, in a sentence, do the things that you need to do to improve these two metrics.

APHORISM OF THE WEEK

MEMBER EDITION TEASER

Enterprise AI rollouts are Context Orchestration Problems

A lot of people are skeptical of what AI can do for real businesses because they just haven't seen the impact at a deep, strategic level yet. To me, the reason for this is very simple: Most businesses have no idea how their businesses work. They can't tell you at any given time what projects they're working on, how much they're spending on what, which people are working on which projects, etc.

Most businesses, and especially start-ups, are essentially opaque balls of fiery magic. Honestly, it's a miracle that anything gets done at all. What a lot of people do is they bring AI into a company like that, where everything is extremely opaque and not well-documented. Or if it's documented, the documentation is extremely old. And they're like, "I tried this ChatGPT 4 thing, and it didn't fix everything! AI sucks!"

AI works best when you give it a system and say, "How should I fix this? What optimizations do you recommend? How can you improve this?"

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition.

Members also receive MEMBER-ONLY ESSAYS in their version, in addition to access to the extraordinary UL Member Community that includes vibrant conversations with over 1,400 of the smartest and kindest people you’ll find on the internet. Plus: the Member Archive, access to The UL Book Club, a monthly member meet-up, access to in-person events, and much more.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on August 25, 2025 09:40

August 13, 2025

Unsupervised Learning NO. 493

UPDATES

Hey! Hope you’re doing well!

First, a new blog post that’s more negative than usual…but it’s honestly what I’ve been feeling and I think a lot of people are likely feeling the same way. I’M WORRIED IT MIGHT GET BAD

I'm Worried It Might Get Bad

Exploring why I’m starting to worry things might get very bad, very soon…

danielmiessler.com/blog/im-worried-it-might-get-bad

The Worst AI Metric

Why the 'r's in strawberry' or ‘b’s in blueberry test is a horrible benchmark for AI.

danielmiessler.com/blog/the-worst-ai-metric

Got back from Vegas and am reflecting on being thankful. First that I was able to go, as it seemed like a lot fewer people were able to, but mostly because of friendships. Old and new. It was brilliant being able to see so many UL people! Including at our annual UL Dinner.

But also hanging out afterwards and at Blackhat / DEFCON. Plus I got to see so many security homies from over the years. And even better, I got to cross-pollinate the UL/Security groups in a few places! One such place was at Sean Sun’s always spectacular Miscreant’s Creator’s meetup. I feel refreshed having seen so many friends. 🫶🏼

—

While I was in Vegas, I got to catch up with one of the companies I'm involved with called SPLX.ai. I feel like I don't talk about them enough here, unrelated to whether or not they're doing a sponsor slot. They're just the best solution out there for automated AI pentesting. They literally only have a challenge of getting POCs because they win 100% of the POCs that they get. Not most POCs. Every single POC. If you are a red team looking to scale up your building to test AI systems, you need to check them out. Oh, and they recently wrote a really cool blog post analyzing GPT-5. It went exactly as you’re expecting. CHECK OUT SPLX.AI

—

If you’re looking for a Web Analytics alternative to Google Analytics, I use Fathom Analytics, which also gives me a cool widget in my menu bar (and Claude Code status line). They’re not a sponsor, but here’s my referral code (with $10 of free credit) if you want to check it out. CHECK THEM OUT

Sponsor

AppSec’s New Horizon

As development teams move faster, shift-left strategies have stalled at detection and aren't keeping security issues out of production.

Join the upcoming virtual event to get a practical, prevention-first AppSec blueprint—powered by new Unit 42® research and real-world lessons from Palo Alto Networks' own security teams.

Learn how to stay ahead of emerging threats, intelligently block risks from reaching production, and scale AppSec without slowing developers down.

Don’t miss this look into the future of application security with Cortex® Cloud.

Secure Your Spot CYBERSECURITY

While in Vegas I had a really cool conversation with Jason Haddix, Caleb Sima, and Ashish Rajan on lots of AI/Security topics on the AI Security Podcast (episode coming soon).

One of the questions that was asked was:

My counter question to that is, "How do we know we aren't? Because I'm not sure there's really anything such as an AI attack. If you think about AI as just having more eyes and hands, here's a question for you:

Would you see more attacks or would you see more AI attacks? I think you would mostly just see more attacks. They would just be done much better because they could target people individually, they could take more time riding specific spearfishes and specific campaigns targeting your infrastructure and your people.

Now, of course, prompt injection is an actual new novel attack, and I think that's AI-special. But other than that, I think what we should expect to see is more scale and, as we talked about on the podcast, possibly faster coverage of attack surface for a given campaign since, once again, you just have more eyes and hands to go and do that thing. It was an important conversation in the episode, and I really recommend you subscribe to the podcast and check out the episode when it comes out. THE AI SECURITY PODCAST

A Thought on MCP Security

🚨 Lots of people are talking about MCP Security, but there's one attack surface / risk that's most pressing to me.

➡️ When you send one of your agents to use an MCP, you're sending a semi-intelligent being to parse instructions written by the owner of that MCP.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 🛡️ (@DanielMiessler)
12:49 AM • Aug 13, 2025

🔥🔥🔥 AI Cyber Challenge releases all finalist security tools as open source
The AI Cyber Challenge dropped all 7 finalist teams' Cyber Reasoning Systems as open source, plus the competition infrastructure and benchmarks, so anyone can build on their automated vulnerability-finding tech.

This is one of the biggest stories from BlackHat/DEFCON in my opinion. These are systems designed to AUTONOMOUSLY go and find problems and fix them! And they’re all public domain now! AI CYBER CHALLENGE ARCHIVE

Porn sites are stuffing SVGs with clickjacking code to farm Facebook likes
Dan Goodin reports Malwarebytes found porn sites hiding obfuscated JavaScript inside SVG images that secretly click-jack Facebook likes when you tap the picture. ARSTECHNICA STORY | MALWAREBYTES RESEARCH POST

Attackers can now hide C2 traffic inside Zoom and Teams calls
Security researcher Adam Crosser discovered a way to tunnel command-and-control traffic through legitimate Zoom and Teams infrastructure, making it nearly impossible to detect. | BLEEPING COMPUTER ARTICLE | BLACKHAT PRESENTATION | TURNT TOOL

The argument that we replaced passwords with something worse
Daniel H argues that modern authentication has become a nightmare of complexity, where we've traded simple passwords for a mess of SSO providers, passkeys, and authentication apps that often fail when you need them most. I disagree, I think. I think Passkeys in particular are way better than vanilla passwords. | THE OTHER DANIEL'S BLOG POST | HACKER NEWS DISCUSSION

Sonicwall Firewalls Are Getting Hammered By Zero-day Attacks
Attackers are exploiting what looks like a zero-day in SonicWall Gen 7 firewalls' SSL VPN service, with multiple security firms tracking Akira ransomware deployments that started around July 15th. | CYBERSCOOP ARTICLE | SONICWALL ADVISORY | HUNTRESS ANALYSIS

FBI Warns About Scam QR Codes in Unexpected Mail Packages
The FBI is warning people about unexpected packages containing QR codes that lead to sites stealing personal data or installing malware. | FBI WARNING | MALWAREBYTES ARTICLE

Continue reading online to avoid the email cutoff… NATIONAL SECURITY

Anthropic offers Claude to all three branches of government for $1
Anthropic one-ups OpenAI's federal deal by offering Claude to executive, legislative, and judicial branches for $1 per agency annually, with FedRAMP High certification and multi-cloud support through AWS, Google Cloud, and Palantir. TECHCRUNCH ARTICLE | ANTHROPIC ANNOUNCEMENT

Marines Release an official drone-fighting handbook
The Marine Corps just published their first official counter-drone tactics manual, covering everything from detection to jamming to kinetic kills. | MARINE CORPS ARTICLE | HN DISCUSSION

Microphones can spot radar-evading hypersonic missiles
Researchers found that hypersonic missiles create unique sound signatures detectable by acoustic sensors, potentially solving the radar-evasion problem. | ECONOMIST ARTICLE

OpenAI’s bad very bad gpt-5 launch, and the equalization of AI players
The GPT-5 launch went really poorly. It kind of seemed okay within the first few hours and maybe the first day or so. But very quickly people started reporting all sorts of issues.

Chart Crime: 69 < 52 and same as 30

The worst stuff to me was the chart crime. It's really hard to release charts that bad unless you have incompetence or chaos in the organization. It's a smart group of people, so something very strange must have happened to force them to put this out like this. What it says to me is that they were feeling a lot of pressure from competitors and felt like they really had to put out something extraordinary to regain momentum.

The irony is that Sam had been telling us for months in various interviews that it wouldn't be as big of an update as before. I guess he also did tell us that it would be as big as the update as before, but he also said many times that it would be more of a subtle and quality upgrade than a big jump. The problem is the hype expectation vs. what we actually got, and it's doing a lot of damage.

I kind of see it as the end of an era of them being the official (single) leader. I mean, everything had already kind of equalized before, but this really made it concrete. Opus 4 and 4.1 are already so good, not to mention Google's latest models. Everything is just so good now. It’s not like OpenAI is bad or anything, just that there’s no longer a single leader—and if there were to be one, it probably wouldn’t be them. But it depends on what you’re counting. To most people AI still equals ChatGPT, so they still have that.

I guess the other thing to mention is that the thing I've been talking about for a couple of years now seems to be happening, where the intelligence of the model is not the only thing anymore that makes an AI ecosystem attractive. It's more so the ecosystem itself, meaning all the different ways that the model is used within tooling and interfaces. THE POST BY CHARLIE MEYER | HACKER NEWS DISCUSSION

Claude's 1M token model beats Gemini on speed but loses on detail. EVERY ARTICLE

Voice-controlled swarms using MCP, tool APIs, and a boids twist
Jason Fantl builds a voice-to-LLM controller that runs MCP tools to split, reassign, and steer swarms. Insanely cool. VOICE-CONTROLLED SWARMS ARTICLE

Genie might be Google’s real advantage over OpenAI
Ahura Mazda argues Google’s Genie feels like the actual leap—native simulation + tool-use—while OpenAI looks stuck in chatbots. AHURA MAZDA POST | HACKER NEWS DISCUSSION

Socratic AI tutors beat generic chatbots for real thinking in college
A new paper tests a Socratic AI tutor with 65 German pre-service teachers and show it boosts critical, independent thinking over a vanilla chatbot—and outline orchestrated multi-agent systems as the next step. This is exactly how I'm thinking about it as well. If you don't put the effort in and you just want to be lazy, AI will definitely make you stupid and show you a lot of porn or whatever you want to see to be entertained. But if you care about learning and constantly challenging yourself and growing, then AI can do that for you as well. People are going to get from AI exactly what they ask of it. ARXIV PAPER

Google says AI search is providing higher quality clicks to websites
Google claims their AI Overviews and AI Mode are actually increasing search volume and sending more valuable traffic to websites, but I don't get how that can be possible if it's answering the question without having to click through. GOOGLE BLOG POST

TECHNOLOGY

The new instagram map is freaking people out
Morning Brew says users are accusing Instagram of exposing live locations despite opt-in claims, while some blame the confusion on geotagged posts. MORNING BREW STORY

Cursed knowledge makes tech safer but also more fragile
Alex Tran argues the more we automate guardrails, the more we rot our intuition—so when they fail, we fail hard. CURSED KNOWLEDGE ARTICLE | HACKER NEWS DISCUSSION

surtoget.no is a tiny, spicy Gleam-powered protest site
John Mikael Lindbakk built a snarky, no-database site in Gleam to dunk on a chronically late Norwegian train line, with clever pre-rendering, image caching, and Erlang FFI hacks. INTRO POST BY JOHN LINDBAKK | SURTOGET.NO SITE

How i ended up writing gleam for a living
Louis Pilfold tells the origin story of betting his career on Gleam and why the language’s ergonomics plus BEAM reliability hit a sweet spot for real software. YOUTUBE: LOUIS PILFOLD ON GLEAM | LOBSTERS DISCUSSION

Developers Feel Dotfiles Are Too Personal To Share
Juhis Hamatti wrote about how he loves dotfiles and sharing knowledge but feels his configuration files are too intimate to publish, even though he regularly reads others' dotfiles for inspiration. I feel exactly the same way, and it’s why I haven’t updated my stuff recently. As a security person I also worry about something sensitive ending up in there as well. | THE ESSAY | JUHIS'S BLOG | JUHIS'S DIGITAL GARDEN | JUHIS ON GITHUB

HUMANS

No one is really working
Human Invariant talks through three elite early-career archetypes barely doing deep work and then breaks down the reasons they’re still paid so much. This is part of the reason why lots of companies can’t wait to fire people. NO ONE IS REALLY WORKING

Entry-level jobs have dropped 73% as companies replace new grads with AI
Final Round AI reports that entry-level job postings have dropped 73% across major fields, with tech companies cutting new graduate hiring by over 50% since 2019. FINAL ROUND AI ANALYSIS | NEW YORK FED DATA

Job growth just fell off; here’s what might be breaking
Claudia Sahm digs into why U.S. hiring suddenly cooled—cyclical slowdown, data quirks, or something structural, with some good data to back her up. JOB GROWTH HAS SLOWED SHARPLY | HACKER NEWS DISCUSSION

Insurers warn key regions are becoming uninsurable. CNBC ARTICLE

Trump order could push crypto and private equity into 401(k)s
Morning Brew says Trump’s move nudges the Labor Department to greenlight riskier 401(k) options, which CNBC’s Ryan Ermey notes could open the $12.2T pool to crypto and private markets. Not an expert, but seems like it could be great until it isn’t? HR BREW ON $12.2T 401(K) ASSETS

UK government tells citizens to delete emails to save water during drought
The UK government advised people to delete old emails and photos to conserve water because "data centres require vast amounts of water to cool their systems". See this for why the UK/Europe will lose in AI. TOM'S HARDWARE ARTICLE | UK GOVERNMENT ANNOUNCEMENT

Study shows lifestyle changes can slow cognitive decline by 55%
A two-year randomized trial found that combining exercise, social activities, and brain training reduced cognitive decline by 55% in older adults at risk for dementia. We know the medicine, we just have to take it. SMITHSONIAN ARTICLE | HACKER NEWS DISCUSSION

A love letter to a future employer that still feels fresh
Charlotte Brandhorst-Satzkorn at writes a candid, funny “hire me” note that nails culture fit without the cringe. It’s basically a template for showing taste, values, and momentum in one page. A LOVE LETTER TO MY FUTURE EMPLOYER | CAT ZWANGER HOMEPAGE | HACKER NEWS DISCUSSION

Pay phones come back as free community lifelines
Engineer Patrick Schlott revives pay phones in rural Vermont—free VoIP calls, daily use, and suddenly crucial with schools banning smartphones. NPR STORY

How Black Sabbath's First Four Albums Used Obscure Phototype Alphabets
Nick Sherman traces how Black Sabbath's iconic album covers from 1970-72 all used rare typefaces from the phototype era that have been mysteries for decades. | FONTS IN USE ARTICLE | NICK SHERMAN

IDEAS

I think one interesting economic metric (HT @karpathy) around AI should be something like:

Annual Cost of Average Developer Output (ACADO)

So:

- How much output does an AVERAGE developer put out per year?
- How much did that cost the company?

👇🏼

Let's say in 2021 it was

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 🛡️ (@DanielMiessler)
8:47 PM • Aug 11, 2025

DISCOVERY

Everything local for AI work without the internet
Manish shows how he runs a full AI stack fully offline—models, vector search, and evals—so nothing ever leaves the box. MANISH’S OFFLINE AI WORKSPACE | HACKER NEWS DISCUSSION

Getting Good Results From Claude Code
Chris Dzombak shares practical tips for making Claude actually useful for coding, like being specific about languages and tools you're using. | DZOMBAK ARTICLE | HACKER NEWS DISCUSSION

AI bubble concerns grow as spending vastly outpaces revenue.
I’m not in this camp, but I'm including for diversity of thought reasons. NEW YORKER ARTICLE

Omnara AI built a mobile app that turns your AI agents into communicative teammates—you get push notifications when Claude needs help, see what it's doing in real-time, and can guide it from anywhere. OMNARA GITHUB REPO

Turn any website into an API
Parse.bot basically lets you point at any page and get a clean API back without building scrapers. HACKER NEWS DISCUSSION

Aura Lets Websites Declare Their AI Capabilities Like Robots.txt
Osman Kitay created a protocol that gives websites a standard way to tell AI agents what actions they can perform, moving beyond brittle screen scraping to explicit API declarations. | AURA GITHUB | NPM PACKAGE

Write your own dead-simple bash/zsh tab completions
Li Haoyi shows how to add tiny, custom tab completions to bash and zsh without generators or frameworks—just a few lines that make your CLI feel bespoke. MILL BLOG POST | HACKER NEWS DISCUSSION

If you do vibeservering, you can also run Termius in iOS and just SSH into your server and keep Claude Code'ing

Install Mosh and you have a perpetual tmux style screen that stays alive even if you log out and log back in

Finally can code on phone while gf is shopping!

— @levelsio (@levelsio)
10:44 AM • Aug 3, 2025

Apple’s Embedding Atlas (super sick visualizations of embeddings) GITHUB

My bud YTCracker just released a 17-track album mixing technical hacking references with personal stories about making it in cybersecurity. I've been listening since the early 2000s, and this album is particularly strong. I INVENTED THE COMPUTER ALBUM

Doctor sees 12 AI-triggered psychotic breaks. KEITH'S TWITTER THREAD

Uv now lets you run GitHub gists directly
Charlie Marsh just added the ability to run GitHub gists directly with uv, so you can execute remote Python scripts without downloading them first. Cool/scary. UV PULL REQUEST

UAI emerges as the third essential interface type. JOSH'S UAI ARTICLE

Google Launches Gemini CLI and GitHub Actions for AI-Powered Coding
Google released Gemini CLI and GitHub Actions integration, letting developers use Gemini AI directly from terminals and CI/CD pipelines. | GOOGLE BLOG POST | HACKER NEWS DISCUSSION

Photographer captures same NYC commuters twice over 9 years
Peter Funch spent 9 years photographing the same commuters twice at 42nd and Vanderbilt, creating haunting diptychs that reveal our unchanging daily rituals. MODERN MET ARTICLE | PETER FUNCH WEBSITE

RECOMMENDATION OF THE WEEK

I may be wrong about my latest essay about worrying about how bad things could get.

But on the off chance that I’m right, do me a favor and be extra appreciative of what we have today, and what we’ve had for decades. Just try to squeeze as much enjoyment out of life as you can. The invisible, common things. Your partner. Your hobbies. Your friends. Your family.

If I’m wrong, and everything is fine in a few months / years…well, so what? We wanted to appreciate those things more anyway.

APHORISM OF THE WEEK

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition. Members get additional content sections, including IDEAS, a bi-monthly MEMBER-ONLY ESSAY, and the RECOMMENDATION OF THE WEEK.

In addition, you’ll get access to the extraordinary UL Member Community, which includes vibrant conversations with over 1,400 of the smartest and kindest people you’ll find on the internet, the Member Archive, UL Book Club, a monthly member meet-up, access to in-person events, and much more.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on August 13, 2025 11:33

August 6, 2025

Unsupervised Learning NO. 492

UPDATES

Hey! Hope you’re doing well!

I’m in Vegas the whole week and weekend! If you see me, wave or come say hi! I’ve seen a ton of people already and it’s been wonderful. Including meeting some remarkable new friends in the industry after a panel talk last night.

—

OpenAI has launched their open models, and they have a red team challenge to hack them. HACK OPENAI’s OPEN MODELS

—

Why Marcus Is Wrong About AI

My response to Marcus’ latest post, “Every Reason Why I Hate AI and You Should Too”.

danielmiessler.com/blog/why-marcus-is-wrong-about-ai

—

My post on my personal AI tech stack I’m building / iterating on. Shows how I’m combining all my tools into a system that can be used by my DA, Kai.

Building a Personal AI Infrastructure (PAI)

Exploring the concept of personal AI infrastructure and how to build AI systems that upgrade humans as we transition to Human 3.0

danielmiessler.com/blog/personal-ai-infrastructure

This one is on the early launch of daemon.danielmiessler.com! Which is an MCP server for my personal API! Sooooo excited about this.

Building a Personal API

Announcing Daemon - the first version of the thing I’ve been talking about since 2016, where people can have a daemon that serves information about them! And it works!

danielmiessler.com/blog/launching-daemon-personal-api

Why Platforms Like Substack Won't Make Sense for Much Longer

The future of Substack is self-hosting. My thoughts on why writing platforms fail and why personal platforms are a likely path forward.

danielmiessler.com/blog/future-of-substack

—

Had a brilliant conversation with Sarit Tager at Palo Alto about how she’s building context into her products. This context stuff isn’t theory, and Sarit shows how useful it is in real security tooling. Sponsored

—

I’m starting to get low-key obsessed with Markov Chains and what I don’t know about them. I feel like I’ve like almost learned them like 20 times. I feel like they’ve been smugly waiting for me stop being an idiot and come explore how their overall concept can be applied to tons of other things I think about. If you know any go-to books, please let me know!

Sponsor

Protect Your Google Workspace with Purpose-Built Security

Your Google Workspace is the backbone of your business, yet most teams use security tools that weren’t designed to protect it.

Material Security changes that. Built specifically for Google Workspace, Material is a detection and response platform that protects Gmail, Google Drive, and accounts by proactively eliminating security gaps, stopping misconfigurations, and preventing shadow IT before they turn into costly problems.

With real-time monitoring and automatic fixes, Material keeps your workspace secure with minimal effort, reducing human error and freeing up your team to focus on work that matters.

Start Securing Your Google Workspace

⬆︎ What I like most about Material is how they also focus heavily on configuration and prevention. Refreshing to see a novel approach to problems we’ve had for decades.

CYBERSECURITY

Sonicwall firewalls are getting hammered by zero-day attacks
Attackers are exploiting what looks like a zero-day in SonicWall Gen 7 firewalls' SSL VPN service, with multiple security firms tracking Akira ransomware deployments that started around July 15th. CYBERSCOOP ARTICLE | SONICWALL ADVISORY | HUNTRESS ANALYSIS

MCP-Watch security scanner finds 12 types of AI server vulnerabilities
Kapil Duraphe built this comprehensive security scanner that detects everything from credential leaks to prompt injection attacks in Model Context Protocol servers. THE PROJECT | KAPIL'S GITHUB | VULNERABLEMCP DATABASE | HIDDENLAYER RESEARCH | INVARIANT LABS STUDY | TRAIL OF BITS RESEARCH

North korea sent me abroad to be a secret IT worker
A former North Korean IT worker talks to BBC about being sent overseas to hack, spy, and do secret digital work for the regime. BBC ARTICLE | HN COMMENTS

Google’s AI bug hunter just found 20 new security flaws in popular open source software
Google’s AI researcher Big Sleep, built by DeepMind and Project Zero, found 20 vulnerabilities in stuff like FFmpeg and ImageMagick, all verified by humans but discovered by the AI alone, showing these tools are finally delivering real results.
TECHCRUNCH ARTICLE | HEATHER ADKINS ON X | GOOGLE ISSUE TRACKER

Russian spies use local ISPs to hijack diplomats’ devices in Moscow
Microsoft reveals Kremlin-backed hackers called Secret Blizzard have been exploiting ISP networks in Moscow since 2024 to intercept embassy traffic and push custom malware called ApolloShadow, making it super clear that sensitive data in Russia needs ironclad VPNs or encrypted tunnels. THE REGISTER ARTICLE | MICROSOFT REPORT | SHERROD DEGRIPPO LINKEDIN

Scattered Spider is now hitting Snowflake databases after fooling IT help desks
Government agencies updated their advisory after finding the cybercriminal group is specifically targeting Snowflake data storage for quick exfiltration once they social engineer their way past help desk staff. THE RECORD ARTICLE | CISA ADVISORY | RETAIL ATTACKS | INSURANCE ATTACKS | VICTORIA'S SECRET BREACH | HAWAIIAN AIRLINES ATTACK

Continue reading online to avoid the email cutoff… NATIONAL SECURITY

The Gulf is betting on AI as the new oil to reshape its future
Sameer Hashmi from BBC breaks down how the UAE and Saudi Arabia are using huge AI data centers and US partnerships to turn “compute” into their next big export. They’re building infrastructure like it’s the next oil boom but still are still struggling with talent and geopolitical issues. BBC ARTICLE | SAMEER HASHMI X

Tech giants like Google and Meta are now working with the military
Google, OpenAI, and Meta, plus venture capitalists who once avoided war projects, are now openly teaming up with the military industrial complex, shifting their stance completely. This shows how the tech world is getting deeply involved with defense and war efforts. NY TIMES ARTICLE

The dollar is in trouble
Michael E. Jones breaks down why the dollar is losing its dominance internationally. A pretty solid list of issues and factors. THE ARTICLE | HN COMMENTS | MICHAEL E. JONES SUBSTACK

🔥 My friend Marcus goes nuclear on AI
Marcus put out an extremely long and well-written piece about all the reasons he thinks AI is hype. I think he’s very wrong.

I will probably do another video on this because I consider this to be such an important issue, and I worry his quality writing will sway many people to be complacent on the issue. But really it all comes down to one thing.

He’s using a shitty definition for intelligence.

Unless I misunderstood him, he doesn’t believe cardiology or marriage counseling count as intelligence. So like, two of the most skill-heavy and intellectual jobs in the world. An f-ing Cardiologist. A M.D. Or a Psychiatrist. Why? Because it’s just patterns. It’s just training.

(Paraphrasing his arguments) You meet people with the same problems, in slightly different configurations, and you consult your training, and you give out pretty much the same advice as you gave the last 120 people with similar issues. Now extend that to the rest of everyday knowledge work. It’s not real intelligence because they didn’t do anything new. Anything novel. (End paraphrase)

Cool story, except that definitionally devalues 99% of all knowledge work done on the planet everyday.

And we know he’s wrong here because of one glaring fact: the work hasn’t been automated for decades already. If it were so easy to just pattern match, none of these knowledge workers would even have jobs. The work would have been replaced by automation decades ago.

It’s not automated because it requires intelligence.

What’s intelligence? My definition is the ability to take a new, everyday problem and apply your knowledge and understanding of the world to come up with a useful solution.

Scripts can’t do that. Programs can’t do that. Only humans can, and that’s why the entire field of knowledge work exists. It’s everyday problem solving, using human brains.

This is why AI is disruptive. It’s the first tech ever invented that can do something like what we do. It’s that fucking simple.

Marcus is wrong because he’s defining intelligence in a way that doesn’t matter to regular people, and as a result he’s convincing people to ignore something that they should absolutely be paying attention to.

HIS ARTICLE | COMMENTS

OpenAI releases their open models
OpenAI has released their open AI models after a lot of pressure from the industry. They’re reasoning models, and benchmarks look impressive, but they’re hard to go by. I’m at Blackhat, but I’ll post more as I test them. THEIR BLOG ON THE RELEASE | ON HUGGING FACE | ON OLLAMA

Anthropic releases Opus 4.1 the same day
These model competitions are spectacular. Constant improvement, but I can’t help but be reminded of Moloch. The updates seem pretty small based on benchmarks, but again—those can be misleading. I’m expecting there to be improvements to the agentic stuff, especially for Claude Code. They also teased bigger updates soon. THE ANNOUNCEMENT

Perplexity allegedly using stealth bots to ignore no-crawl rules on websites
Cloudflare says Perplexity’s AI search engine uses hidden crawlers that rotate IPs and bypass robots.txt bans, hitting tens of thousands of sites despite explicit blocking. ARSTECHNICA ARTICLE | CLOUDFLARE BLOG POST | IETF ROBOTS RFC

Anthropic cuts OpenAI off from Claude access
Anthropic just pulled OpenAI’s access to their Claude AI model. Spicy. WIRED ARTICLE | HN COMMENTS

OpenAI's Universal Verifiers are changing how AI checks answers
OpenAI has things called “universal verifiers”—which are AI systems that check if generated answers are good or not. I’m like obsessed with these. And also the word obsessed, evidently. I really want to be able to rig all my AI infra into universal (general) verifiers that I can use to test the quality of my prompts and models. Working on it! THE INFORMATION ARTICLE | INSIDE GPT-5 REPORT

Google Releases Gemini 2.5 Deep Think for Faster, Smarter Problem Solving
Google’s latest Gemini 2.5 Deep Think model, now in the Gemini app for AI Ultra subscribers, is a faster, more creative AI that uses parallel thinking to tackle complex math, coding, and design problems with state-of-the-art benchmarks and real-world usability. It builds on earlier breakthroughs, hitting bronze-level IMO performance while helping researchers and developers think more deeply and iteratively. DEEP THINK BLOG | GEMINI APP | GOOGLE AI PLANS | GEMINI I/O ANNOUNCEMENT | DEEPMIND GOLD MEDAL | GEMINI DEEP THINK MODEL CARD

Stanford creates 'virtual scientists' that hold meetings and solve research problems autonomously
James Zou and his team built AI agents that work together like a real research lab, and they created a COVID nanobody that outperforms existing antibodies. STANFORD ARTICLE | NATURE PAPER | ZOU'S PRESENTATION | RAISE HEALTH SYMPOSIUM

OpenAI adds Study Mode to ChatGPT to make students think instead of just getting answers
OpenAI launched Study Mode for ChatGPT that asks students questions and sometimes refuses direct answers to develop critical thinking skills. Students can still switch back to regular mode whenever they want though. TECHCRUNCH ARTICLE | STUDENT AI USAGE SURVEY | STANFORD AI TUTORING STUDY | CRITICAL THINKING RESEARCH | BRAIN ACTIVITY STUDY | SCHOOL CHATGPT BANS

Your prompts are accidentally training AI to give you biased answers
This piece breaks down how the way we phrase prompts unconsciously steers AI responses toward what we expect to hear, not what's actually true. TOWARDS DATA SCIENCE ARTICLE | TOWARDS DATA SCIENCE

Ollama Launches a Desktop App With Built-in Chat Interface
The team behind Ollama released a native desktop application that includes a chat interface, so you don't need to use the command line or third-party frontends anymore. OLLAMA BLOG POST | HN DISCUSSION

TECHNOLOGY

Jack Dorsey releases Bitchat, his bluetooth mesh messaging app
Jack Dorsey coded this bluetooth messaging app over a weekend that lets you chat with people within 100 meters without internet or cell service. The app has zero login system and works through bluetooth mesh networks, though security researchers found it's easy to impersonate other users and it hasn't been security tested. Can't wait to use this in Vegas this week. Yeah, spoofing Bluetooth addresses is not difficult. TECHCRUNCH ARTICLE | iOS APP STORE | ANDROID GITHUB RELEASE | SECURITY ANALYSIS BLOG | BRIDGEFY COMPARISON | JACK'S TWITTER

UK's age verification law is rolling out but already causing chaos
The UK just started forcing sites like Reddit and X to verify users are 18+, and it's already messy with companies pulling out, users gaming the system, and big privacy headaches.
THE VERGE AGE VERIFICATION STORY

Two former TSMC employees arrested for trying to leak 2nm chip secrets
Two ex-TSMC workers got arrested for allegedly trying to steal trade secrets on their upcoming 2nm chip tech under Taiwan’s tough new national security law. TOM’S HARDWARE STORY | Financial Times Report | TSMC Growth and Expansion - Tom's Hardware | TSMC Market Lead - Tom's Hardware | Tom's Hardware Security Tag

Always bet on text for long-term software durability
Graydon Hoare argues that plain text outlasts all fancy formats and technologies, making it the safest bet for anything you want to preserve long-term. I wholeheartedly agree. I just see text as the centerpiece of everything: thought, tech, pretty much everything. GRAYDON'S BLOG POST

HUMANS

China launches $500 per baby incentive to reverse population collapse
China's offering families $500 annually per child until age three, as their fertility rate crashed from 2.51 in 1990 to just 1.01 last year. MORNING BREW STORY

Tour de France officials are now checking bikes for hidden tiny motors
The UCI started doing random bike inspections with magnetic scanners because they're worried cyclists might be using miniature motors hidden in frames to get an unfair advantage. WASHPOST ARTICLE

IDEAS

Our truest and purest selves might be ourselves as kids—playing and exploring. And maybe the whole game is to find and harness that again, in productive, adult ways.

Never talk to yourself in someone else’s voice.

DISCOVERY

Claude Code can create professional videos from plain English descriptions
Moritz discovered you can use Claude's coding agent to generate complete videos without any video editing experience. I’m working a ton on trying to automate videos of different kinds. Diagrams. Charts. Full video. Etc. YOUTUBE VIDEO | MORITZ ON TWITTER

A Periodic Table of System Design Principles
Joy Arulraj created a visual periodic table that organizes fundamental system design principles into categories like scalability, reliability, and performance. It's a clever way to make complex distributed systems concepts more memorable and accessible. THE PROJECT | HN DISCUSSION | JOY'S GITHUB

Hemingway's "Now I Lay Me" reveals his near-death experience from 1918
The Library of America shares this 1927 Hemingway story based on his actual WWI wounding, where he described his soul leaving his body "like pulling a silk handkerchief from a pocket." THE STORY | PDF VERSION | HEMINGWAY COLLECTION | IN ANOTHER COUNTRY

How to Make (Almost) Anything: The 2019 MIT Fab Lab course that teaches you how to build basically anything you want
This is the legendary MIT course by Douglas Sculley that walks you through the whole process of turning ideas into physical stuff with digital tools—like the ultimate hands-on maker crash course. COURSE PAGE | HN COMMENTS

I built an AI that turns any book into a text adventure game
A developer created Kathaaverse, which transforms any book into an interactive text adventure where you can explore the story world and make choices that affect the narrative. KATHAAVERSE PROJECT

The best meeting culture eliminates most meetings and makes the rest actually useful
Someone's opinion on how to run meetings that don't suck by defaulting to async work and only meeting when you actually need real-time discussion. THE ARTICLE | HN DISCUSSION

Contains Studio releases collection of AI agents for rapid development
Contains Studio built 35+ specialized AI agents organized into departments like engineering, marketing, and design to accelerate 6-day development sprints.
THE PROJECT | CLAUDE CODE DOCS

AI is a floor raiser, not a ceiling raiser
Elroy Bot explains in his article why AI mostly lifts everyone's baseline performance rather than pushing the absolute peak higher, which changes how we should think about its impact. AI ARTICLE BY ELROY BOT | COMMENTS ON HACKER NEWS

RECOMMENDATION OF THE WEEK

Try to frequently ask yourself if anyone, or anything, in your life is stopping you from becoming your true self.

Are you not able to say or be certain things because of your partner, your job, your peers?

And if those constraints weren’t there, who and what would you be instead?

These constraints are often invisible because we block them out because they’re painful. We pretend we put them on ourselves on purpose.

Try to see them again. Try to remember who you wanted to become.

APHORISM OF THE WEEK

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition. Members get additional content sections, including IDEAS, a bi-monthly MEMBER-ONLY ESSAY, and the RECOMMENDATION OF THE WEEK.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on August 06, 2025 11:29

July 21, 2025

Unsupervised Learning NO. 490

UPDATES

Hey! Hope you’re doing well!

—

Found a new artist with EPIC music for coding/hacking to. Like the perfect mix of synthwave and something heavier. DANIEL DELUXE | RECOMMENDED STARTER ALBUM (no, it’s not me. 😂 Wish it were)

—

NEW AI / CODING VIDEO!!! 👇🏼👇🏼👇🏼

—

I’ve massively updated the website! (28.7 years of content!), added new pages, added a search feature, and just tons of minor upgrades: THE NEW HOMEPAGE | THE NEW ARCHIVES PAGE

—

I’ve been writing like a crazy person last few days!!!

This is probably my favorite post, which I used a new data visualization tool to make the charts for. So now I can make data visualizations in this style for any future post just by telling Kai, my DA, to pull a dataset and visualize it.

It’s D3 underneath, btw.

👇🏼👇🏼👇🏼 (someone please tell me they like the gif) (Midjourney, btw, using a prompt based on the entire article)

[image error]

The Area Under the Curve: How AI Expands Human Work Capacity

A way of thinking about work as work tasks which have a difficulty rating for each one. And then thinking about the total number of work tasks vs how many humans are actually addressing.

danielmiessler.com/blog/ai-workforce-volume-difficulty-curve

And a bunch of other more technical ones…

OpenCode vs Claude Code: The Real Difference

Exploring the differences between OpenCode and Claude Code, and why the gap might be smaller than you think

danielmiessler.com/blog/opencode-vs-claude-code

The Stages of an App: From Idea to Digital Assistant

Exploring how technology evolves from ideas to websites to apps to operating systems, and why digital assistants are the inevitable final stage

danielmiessler.com/blog/stages-of-app

One-click MCP servers with Cloudflare

How Cloudflare's one-click solution lets you build MCP servers without managing infrastructure

danielmiessler.com/blog/one-click-mcp-servers-cloudflare

Fix Opencode Transparency in Ghostty Terminal

Learn how to configure Opencode to respect Ghostty terminal's transparent background using the system theme

danielmiessler.com/blog/opencode-ghostty-transparency-fix

—

One reason I'm happy to be using a Chrome-based browser again is that I get to use my favorite extension, Vimium. My absolute favorite feature? / to search and then you can use n and N to move through the instances. THE VIMIUM EXTENSION PAGE

CYBERSECURITY

Microsoft SharePoint Zero-Day Hits 75+ Companies With No Patch Available

Microsoft's got a critical SharePoint zero-day (CVE-2025-53770) being actively exploited against 75+ organizations worldwide, and there's no patch yet—just workarounds like enabling AMSI or disconnecting from the internet.

Fortinet Patches Critical SQL Injection Vulnerability in FortiWeb

Fortinet just fixed a nasty SQL injection bug (CVE-2025-25257) in FortiWeb that lets attackers run database commands without authentication, scoring 9.6 out of 10 on the Richter Scale. THE HACKER NEWS ARTICLE | FORTINET ADVISORY | WATCHTOWR ANALYSIS | EXPLOIT CODE

Google's AI Agent Prevented The First Real-World Cyberattack

Chinese Hackers Owned National Guard Network for Nine Months

Salt Typhoon stayed hidden in a U.S. Army National Guard network for nine months, stealing network configs and admin credentials that could help them break into other government networks across all 50 states. BLEEPINGCOMPUTER ARTICLE | DHS MEMO | NBC REPORT | CVE-2018-0171 | CVE-2023-20198 | CVE-2024-3400

Ring Brings Back Police Video Sharing Through Axon Partnership

Ring quietly reversed course and started letting cops request doorbell footage again, this time through Axon instead of their own app. THE VERGE ARTICLE | AXON ANNOUNCEMENT | BUSINESS INSIDER COVERAGE

Hyatt Supposed Uses AI Smoking Detectors That Listen For Vaping Sounds

Hyatt hotels are (possibly) installing these new detectors that use sound algorithms to catch people vaping in their rooms. Cool, but not ok. Generally, a microphone is a microphone. TWITTER THREAD | HN DISCUSSION

Surveillance Company Found Using New SS7 Bypass to Track Phone Locations

Enea researchers caught a Middle East surveillance vendor exploiting a new SS7 attack that bypasses carrier security protections to secretly track people's phones down to a few hundred meters. TECHCRUNCH ARTICLE | ENEA RESEARCH

npm Maintainers Got Phished and Malware Was Injected Into Popular Packages

Attackers phished npm maintainer credentials and used stolen tokens to inject malware into 5 popular packages like eslint-config-prettier without touching any source code. THE HACKER NEWS STORY | SOCKET'S ANALYSIS | PHISHING CAMPAIGN DETAILS | GITHUB ISSUE | PROTESTWARE REPORT | ARCH LINUX WARNING

Cisco Dropped Another Perfect 10 CVSS Bug That Gives Root Access Without Authentication

Cisco warned about CVE-2025-20337, a maximum severity flaw in their Identity Services Engine that lets attackers run code as root with zero authentication needed. THE HACKER NEWS ARTICLE | CISCO SECURITY ADVISORY | SHADOWSERVER TWITTER UPDATE | CENSYS ADVISORY | SHADOWSERVER DASHBOARD

China's Phone Extraction Tool Grabs Everything From Seized Devices

Lookout researchers found that Chinese cops are using a tool called Massistant that sucks up SMS, GPS, images, and even Signal messages from phones they confiscate at borders. THE HACKER NEWS STORY | LOOKOUT RESEARCH REPORT | MFSOCKET PREDECESSOR ANALYSIS | MEIYA PICO COMPANY INFO | TREASURY SANCTIONS NOTICE | MEIYA PICO PATENTS

Former US Army Soldier Pleads Guilty to $1M Telecom Extortion

Cameron John Wagenius, a 21-year-old Army soldier using the handle "kiberphant0m," pleaded guilty to hacking at least 10 telecom companies including AT&T and Verizon, stealing sensitive data, and extorting over $1 million while on active duty. SECURITY AFFAIRS ARTICLE | DOJ PRESS RELEASE | WAGENIUS INDICTMENT PDF | KREBS INVESTIGATION | PIERLUIGI'S TWITTER

Nvidia GPUs Are Now Vulnerable To Rowhammer Attacks

Researchers showed that Nvidia graphics cards can be hacked using Rowhammer bit-flip attacks, which is the first time anyone's pulled this off on GPUs. ARS TECHNICA ARTICLE | HN DISCUSSION

Continue reading online to avoid the email cutoff… NATIONAL SECURITY

Nvidia Plans to Resume AI Chip Sales to China After Getting U.S. Government Approval

Nvidia CEO Jensen Huang says they're filing export license applications to sell the H20 chip to China again after previously being restricted by the U.S. government. THE INFORMATION REPORT

Microsoft Stops Using Chinese Engineers for Pentagon Work

Microsoft just said they're cutting off Chinese engineers from helping with Defense Department cloud systems after ProPublica exposed they were using "digital escorts" to supervise them. TECHCRUNCH ARTICLE | PROPUBLICA INVESTIGATION | HEGSETH'S X POST | SHAW'S RESPONSE

China Is Spending Billions to Become an A.I. Superpower

Beijing's throwing massive government money at their AI companies to catch up with the U.S., using their classic industrial policy playbook. I respect it, and I wish we were doing more of the same. NYTIMES ARTICLE

The Economist Explains Why AI Adoption Is Going Slower Than Some Expected

The Economist breaks down why AI is spreading slower than expected, pointing to factors like high implementation costs and organizational resistance to change. This is something I talked to Jason about quite a bit, and I think it's underestimated how much of an effect this is.

The way I explain it is that many corporations (maybe even most) are so messed up that you could literally bring them a giant green button made by God that fixes everything, and they would still fumble that. They would fail to get the right people in the room to have a meeting, there would be someone powerful in the organization who would lose a lot if everything was fixed and they would kill the implementation, etc. THE ECONOMIST ARTICLE | HN DISCUSSION

Netflix Uses AI For Visual Effects In Show For First Time

Netflix co-CEO Ted Sarandos says they used generative AI to create a building collapse scene in The Eternauts, completing it 10 times faster than traditional methods would have allowed. BBC ARTICLE | HOLLYWOOD STRIKE COVERAGE

OpenAI Just Released ChatGPT Agent That Does Multi-Step Tasks

OpenAI launched ChatGPT Agent that can handle complex workflows like analyzing your calendar, planning meals, buying groceries, and creating presentation decks by combining web browsing, research, and code execution in one unified system.

To me, this is all part of moving towards a full digital assistant with a personality that has a full memory and full context of you and all your preferences.

Memory and operator and all the various sub-products across multiple companies are moving in that direction. And I just wrote this post about that this week as well. DA AS THE FINAL DESTINATION FOR AI INTERFACES | OPENAI ANNOUNCEMENT | OPERATOR TOOL | DEEP RESEARCH | DARING FIREBALL POST

Scale AI Lays Off 200 Workers Right After Meta's $14 Billion Investment

Scale AI just cut 200 employees and 500 contractors a month after Meta invested $14.3 billion, with the CEO saying they "ramped up GenAI capacity too quickly." I read somewhere that it was in their data labeling department, which would make sense if they just figured out how to do that in a more automated way. TOM'S HARDWARE ARTICLE | THE VERGE REPORT | TIME REPORT

Human Beats AI at World Coding Championship Despite Being Exhausted

Some dude who was completely wiped out still managed to beat an AI model at the world coding championship, which makes me happy as a human. ARSTECHNICA ARTICLE | HN DISCUSSION

Delta's Using AI to Set Personal Ticket Prices for Each Customer

Delta's ditching standard pricing and moving to AI that sets different prices for each person based on their personal data and willingness to pay. This seems super ingenious, super obvious, and super f*cked up all at the same time. FORTUNE ARTICLE | MORNING BREW ARTICLE | HN DISCUSSION

Former OpenAI Engineer talks about what it's really like on the inside

Calvin French-Owen worked on Codex for a year and says OpenAI tripled to 3,000 people, creating total chaos but also magic launching power.

CALVIN'S BLOG POST | TECHCRUNCH ARTICLE | CODEX LAUNCH STORY | CURSOR COMPETITION

TECHNOLOGY

ChatGPT Usage Among Americans Doubles To 34% In Two Years

Pew Research found that ChatGPT adoption has doubled since 2023, with 58% of adults under 30 now using it regularly for work, learning, and entertainment. THE SURVEY | SURVEY METHODOLOGY | TOPLINE RESULTS | SURVEY QUESTIONS

China's Putting Data Centers Underwater

You Xiaoying reports that China's building a $223 million underwater data center off Shanghai that uses 30% less electricity than land-based ones. SCIENTIFIC AMERICAN ARTICLE | YOU XIAOYING'S PROFILE

FFmpeg Devs Hit 100x Performance Boost With Handwritten Assembly Code

FFmpeg developers just achieved a 100x speedup on a single function by ditching compiler-generated code for handwritten assembly, proving that old-school optimization still crushes modern compilers. Tally another win for humans ✊🏼. TOM'S HARDWARE ARTICLE | FFMPEG PATCH | FFMPEG ASSEMBLY SCHOOL

TSMC Building Four New Plants for 1.4nm Chips

TSMC's starting construction on four new fabs to manufacture 1.4nm processors. TAIPEI TIMES ARTICLE | HN DISCUSSION

HUMANS

Russia's Top University Now Offers A Master's Degree In Sanctions Evasion

Moscow's Higher School of Economics launched a two-year program teaching students how to navigate Western sanctions, complete with courses on crypto assets and cross-border compliance tricks. THE RECORD ARTICLE | HSE PROGRAM PAGE | COMPANY EXODUS DATA | SHADOW FLEET COVERAGE | DOJ CRYPTO CHARGES | UKRAINE CYBER ALLEGATIONS

YouTube Won The Battle For TV Viewers

YouTube now captures more TV screen time than Netflix, completely flipping how people watch “TV”. WSJ ARTICLE | HN DISCUSSION

Blood Tests Can Spot Cancer DNA Years Before Actual Diagnosis

Researchers found that liquid biopsy tests can detect circulating tumor DNA in blood samples up to two years before doctors would normally catch the cancer through traditional screening methods. SCIENCE NEWS ARTICLE | HN DISCUSSION

Recent Male College Graduates Hit 7% Unemployment While Female Grads Stay at 3%

Edward Conard shows that young male college grads now have the same unemployment rate as guys without degrees, while women grads are doing fine. THE ARTICLE | HN DISCUSSION

Chess Players Are Making Serious Money Now

Chess tournaments are finally paying real money with million-dollar prize pools as the game adapts to faster formats for streaming audiences. MORNING BREW ARTICLE | POST MALONE FIST BUMP | CNN INTERVIEW

Nicotine Pouches Are Poisoning Way More Kids Than Other Nicotine Products

A new study found that nicotine pouch poisonings in kids under 6 jumped 760% between 2020 and 2023, with these sweet-tasting pouches causing 150% more serious medical effects than other nicotine products. CNN HEALTH ARTICLE

Reading Rainbow Was Built to Fight Summer Reading Loss

The classic PBS show that I absolutely loved and probably got me into reading was specifically designed to prevent kids from losing reading skills during summer break. Not sure how much is perception, but I really feel like I miss having a government that cares about lifting everyone. SMITHSONIAN ARTICLE | HN DISCUSSION

DISCOVERY

Scott Spence Optimizes His ZSH Shell Startup Time

Scott Spence figured out how to cut his shell startup time in half by profiling and optimizing his ZSH configuration. It's funny, I was about to optimize mine because I had like a 3-second delay, which is completely unacceptable. I used Kai to optimize the crap out of it with the assistance of this article, and now I'm probably sub-half second. THE ARTICLE | HN DISCUSSION

Personal Experience Creates Terrible Mental Models About Reality

Max Roser argues that our personal experiences give us wildly inaccurate pictures of the world, which is why we need statistics to actually understand what's happening around us.

I mean, why can't we have both? I feel like personal experience is pretty hard to call wildly inaccurate. In some sense, it's the most real we have. But I definitely get the point about balancing that with statistics. OUR WORLD IN DATA ARTICLE

People Care When You Risk Something Real

Joan Westenberg explains why authentic writing beats algorithmic optimization—you have to care deeply about something urgent and be willing to sacrifice safety for truth.

Absolutely love her writing, but honestly I'm already starting to get a feeling that she's literally following her own formula at this point. And I feel like I could write in exactly this voice if I wanted to. And I bet she would agree with me. She's probably already working to fix it somehow. JOAN'S ESSAY

Brainfork Lets You Build Personal RAG Servers in Seconds

This new tool lets you spin up your own RAG server instantly using the Model Context Protocol, so you can chat with your personal documents without sending them to third parties. BRAINFORK SITE | HN DISCUSSION

Thoughtbot Publishes A Practical Unix Command Guide For Developers

Thoughtbot created a no-nonsense guide covering the essential Unix commands and concepts you actually need to know to work effectively in a terminal. THE GUIDE

Ccusage Analyzes Your Claude Code Usage From Local Files

Ryoppippi built this CLI tool that reads your Claude code interaction logs and shows you exactly how much you're using it and what for. THE TOOL | HN DISCUSSION

HN Users Share Their Go-To Shell One-Liners

Someone on Hacker News asked what shell commands people actually use daily, not just the fancy obscure ones you see in lists online. HN DISCUSSION

APHORISM OF THE WEEK

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition. Members get additional content sections, including IDEAS, a bi-monthly MEMBER-ONLY ESSAY, and the RECOMMENDATION OF THE WEEK.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on July 21, 2025 07:41

July 14, 2025

Unsupervised Learning NO. 489

UPDATES

Hey! Hope you’re doing well!

Tons of updates this week, including lots of tools and workflow updates!

—

🚨 We added a new developer to the Fabric team recently. His name is Kayvan Sylvan, and he’s an absolute beast. He’s rolling out features faster than we’ve ever seen on the project, including…

Image Creation

Custom Patterns

Claude Code Plan Integration

Refactoring the Project structure

and dozens of others…

He’s also looking for a new position, so you can actually hire him. He’s the real deal (developer, not programmer), with FAANG experience and true, elite-tier chops. And I’ve seen a lot of developers.

I invited him to my house and had dinner with him before giving him commit access to Fabric, and he’s not just a great coder but a super nice guy as well. You should snatch him up before someone else does. NOTE: This guy is insanely competent and high-agency. He just looks at code bases, studies for a bit, and is ready to add features… REACH OUT TO KAYVAN | CHECK OUT HIS FABRIC COMMITS

—

Found someone to train kickboxing with, and I’m super excited about that. My goal with kickboxing (and then with jits as well) is to be able to dance / flow. So like basic movements executed really well on both sides, so my left is not super weaker than my right. Also, just to be able to flow like this and link combinations together on the heavy bag or with a partner in kind of a dancing type of flow. Both for fitness but also just for the kinesthetics of it.

—

🚨⚒️ New Workflow/Tool Update: My buddy Pedram Amini has me on a new application / workflow, which is using Wispr Flow to dictate As much as possible instead of typing. This has been a total magnifier of my game with regard to AI and Claude Code. So now I'm basically issuing instructions using my keyboard shortcut to 13 different windows, building various different things, plus responding to texts and responding to emails and doing everything with voice. And it's honestly way better than I thought it was going to be. I think a big reason that it's moved the bar where this has never done so before is because the dictation is actually so good and vastly better than anything that's OS built-in. It does corrections and stuff that no other system has been able to do for me. Which is why they have never stuck for me. Pedram was in the same position, and this is the only one that stuck for him. It's working for me as well. You should definitely check it out. CHECK IT OUT

—

🚨⚒️ New Workflow/Tool Update: So for years I’d been using Droplr to Share files quickly, pretty much of any size. I could basically take a screenshot or copy a file or whatever and just paste it to somebody on email or messages, and they could instantly download the file. It's been tooling that I've absolutely loved, but unfortunately, they seem to have dropped off and are not supporting the tool anymore. So I started looking for a replacement, and I just found it with this company called Zight. They even have an S3 option, so that instead of storing all the files with them you can store them in your own S3 bucket, which I think is really cool. CHECK THEM OUT

—

🚨⚒️ New Workflow/Tool Update: As you know, I'm on a mission to find a really good browser. I've been messing with a couple of different ones from the browser company (currently Dia). Now I'm messing with Zen, which is Essentially the same as ARC which I really loved from the browser company, but it’s based on Firefox instead of Chrome. I thought that was going to be an issue because I thought Chrome was universally more used and standardized on, but I feel like Mozilla has really upped its game in recent years. This browser is exceedingly fast, and I haven't run into any rendering issues using it. I love its layout, which is exactly the same as ARC. So tabs are on the left and you can have these essential tabs at the top. And I just love the workflow a lot more. Plus you have the really cool thing of doing to being able to do Shift-Cmd+C to copy the current URL. Which is really essential for me. GO CHECK IT OUT

—

CYBERSECURITY

Google Is Still Tracking You Even When You Use DuckDuckGo
Google can track you through its fonts, analytics, and other services even when you're using DuckDuckGo because the websites you visit are still loading Google's code. THE ARTICLE | HN DISCUSSION

Grok-4 Gets Jailbroken Two Days After Release Using Combined Attack Methods
NeuralTrust researchers successfully jailbroke xAI's new Grok-4 model using a combination of Echo Chamber and Crescendo techniques, achieving up to 67% success rates for generating harmful content like bomb-making instructions. THE SECURITY WEEK ARTICLE | NEURALTRUST'S RESEARCH | ECHO CHAMBER JAILBREAK DETAILS

VSXPloit Zero-Day Could Have Compromised Every Cursor and Windsurf User
Oren Yomtov from Koi Security discovered a critical zero-day in OpenVSX that could have let attackers hijack over 10 million AI coding tool users with a single malicious extension. THE BLEEPING COMPUTER ARTICLE | KOI'S DETAILED ANALYSIS

Columbia University Hack Exposed Personal Data of Every Applicant From 2019-2024
Columbia got hit by a massive cyberattack that took down their entire authentication system and stole personal data from every single person who applied to the university over five years. THE VERGE ANALYSIS | NYT COVERAGE | COLUMBIA SPECTATOR REPORT | BLOOMBERG DETAILS

Microsoft's First Patch Tuesday of 2025 Has No Active Exploits
For the first time this year, Microsoft released 130 patches with no exploited vulnerabilities. THE REGISTER ARTICLE | MICROSOFT'S JULY PATCHES

Browser Extensions Are Turning Browsers Into Website-Scraping Bots
Browser extensions are secretly turning nearly a million users into unwitting participants in massive web scraping operations, creating a distributed botnet that companies can rent access to. THE ARSTECHNICA ARTICLE | HN DISCUSSION

McDonald's AI Hiring Bot Exposed Millions of Applicants' Data
McDonald's AI hiring chatbot Olivia had her database breached because the company securing it used the password '123456'. THE WIRED ARTICLE

Continue reading online to avoid the email cutoff… NATIONAL SECURITY

Anthropic Scores $200M Pentagon Deal to Deploy Claude AI in Defense Operations
The Pentagon just gave Anthropic a massive $200 million contract to deploy Claude AI across critical national security operations. THE CYBERKENDRA ARTICLE | ANTHROPIC'S ANNOUNCEMENT

FBI Using Polygraphs to Test Officials' Loyalty Under New Leadership
The FBI is reportedly using polygraph tests to assess the loyalty of officials under new leadership. THE NYT ARTICLE

America's Way Behind in the Drone War
The U.S. military is scrambling to catch up in drone manufacturing while China and other nations dominate production of the technology that's now essential for modern warfare. THE NYT ARTICLE | HN DISCUSSION

Grok 4 Released
The new Grok models are out, and a lot of people are saying they are extraordinary. But they appear to have some significant weaknesses as well. There are two main models: Grok 4 and Grok Heavy, which is $300/month to get access to.

The livestream product launch was fairly interesting. I watched a replay of it, and the most remarkable thing I saw was Elon grappling in real-time with how powerful the model was getting, and then mumbling to himself that it was a little bit terrifying. Keep in mind he's one of the people from 5 years ago saying we should be very careful about AI. THE MODELS

Grok Gets Anime Companions With NSFW Mode
xAI launched AI "companions" for Grok including an anime character named Ani that has an NSFW lingerie mode, because apparently / obviously that's where we're headed with AI assistants. THE VERGE STORY | MUSK'S ANNOUNCEMENT

AWS Launches Kiro, Its Cursor Clone
AWS just launched Kiro, which is basically their version of Cursor - an AI-powered code editor that integrates with Amazon's Bedrock models. THE KIRO BLOG | HN DISCUSSION

Grok 4 Heavy Decently Protects Its System Prompt
Simon Willison says Grok 4 Heavy is surprisingly effective at refusing system prompt extraction attempts, unlike most other AI models that easily leak their instructions. I'm sure Pliny will get it. THE ARTICLE | HN DISCUSSION

Grok 4 Consults Elon Musk's Posts Before Answering Controversial Questions TechCrunch testing shows Grok 4 actively searches for Elon Musk's X posts and views when answering questions about immigration, Israel-Palestine, and abortion, raising questions about what "maximally truth-seeking" actually means. THE TECHCRUNCH ARTICLE

People Are Becoming Dependent on ChatGPT and Claude
Internet Addicts Anonymous now recognizes AI addiction as a real problem, with people losing sleep, relationships, and productivity from compulsive AI use. THE ARTICLE | HN DISCUSSION

Google's Veo 3 Now Turns Images Into Videos Through Gemini
Google added image-to-video generation to Veo 3 through its Gemini app, letting users create videos from photos with audio descriptions. THE TECHCRUNCH ARTICLE | GOOGLE'S FLOW VIDEO TOOL | VEO 3 GLOBAL ROLLOUT | SYNTHID DETECTOR TOOL

Musk Says Grok Is Coming to Tesla EVs Next Week THE WIRED ARTICLE

AWS is Launching an AI Agent Marketplace With Anthropic
AWS is launching an AI agent marketplace on July 15th with Anthropic as a key partner, creating a centralized hub where enterprises can browse and install AI agents from various startups. THE TECHCRUNCH STORY | ANTHROPIC'S AGENT RESEARCH | ANTHROPIC'S AGENT API

YouTube Goes After AI Slop Videos
YouTube is updating its monetization policies on July 15th to better identify "mass-produced and repetitive" content, but Rene Ritchie clarifies it's just a minor update to existing rules targeting spam, not a ban on AI-enhanced content. THE VERGE ARTICLE | RENE RITCHIE'S EXPLANATION VIDEO

Canva's Building a Serious AI Photo Editor to Challenge Adobe Canva just launched a collection of AI photo editing tools that go way beyond basic filters, including background generation, subject relighting, and Magic Edit that works from text prompts. THE PETAPIXEL ARTICLE | CANVA WEBSITE

TECHNOLOGY

Substack Hit 73.9 Million Visitors Last Month, Now Beating Major News Sites Like WSJ and CBS
Substack's getting 73.9 million monthly visitors and making $45 million annually, with over 50 creators earning $1M+ per year as writers ditch traditional media for direct audience monetization. THE MORNING BREW STORY | SHERWOOD TRAFFIC ANALYSIS

China's is Winning in Energy While the US Does the Opposite
China installed 198 GW of renewable capacity in just five months of 2025—more than double California's entire grid—while the US just cut hundreds of billions in clean energy funding. Absolutely infuriating. THE MIT TECH REVIEW ARTICLE | THE SPARK NEWSLETTER | GUARDIAN ON CHINA'S RECORDS

Perplexity Launches AI Web Browser Called Comet
Perplexity just launched Comet, an AI web browser that makes their search engine the default and includes a sidebar assistant that can book meetings, send emails, and buy products for you. My buddy Jason Haddix was telling me a while back that he thought the browser was going to be the center of AI for a while. And it looks like he's correct about that. THE VERGE ARTICLE | COMET BROWSER | ARAVIND SRINIVAS ON X | PERPLEXITY TWITTER

Solar Just Became Europe's Biggest Power Source for the First Time
Solar power generated more electricity than any other source in Europe last month, marking a historic milestone in the continent's energy transition. THE YALE ARTICLE | HN DISCUSSION

Auto-Focus Glasses Use Liquid Crystals to Replace Bifocals and Varifocals
Finnish company IXI created glasses with liquid crystal lenses that automatically adjust focus based on eye tracking, potentially replacing the need for separate reading and distance glasses. THE BBC ARTICLE | PRESBYOPIA RESEARCH

Things I Learned From 5 Years at Vercel
Lee Robinson shares the key lessons from his time at Vercel, covering everything from technical decisions to career growth in a fast-moving startup environment. THE ARTICLE | HN DISCUSSION

HUMANS

GLP-1 Weight Loss Drugs Are Breaking Life Insurance Math
The insurance industry is scrambling because they can't figure out how to price policies when people can suddenly lose 20% of their body weight with GLP-1 drugs. I have to say, I feel super bad for them. THE ARTICLE | HN DISCUSSION

Psilocybin Treatment Improves Survival in Aged Mice
A new Nature study shows psilocybin treatment significantly extends cellular lifespan and improves survival rates in aged mice, suggesting psychedelics might have anti-aging properties beyond their neurological effects. THE NATURE STUDY | HN DISCUSSION

Investors Now Buy Over a Quarter of All US Homes; Everyone Else Priced Out
Investors bought 27% of all US homes in Q1 2024, as regular homebuyers struggle with affordability and get squeezed out of the market. THE ABC NEWS STORY | HN DISCUSSION

The Death of Partying
Derek Thompson breaks down how Americans are partying way less than they used to, with alcohol consumption dropping and social gatherings becoming less common. Really strange that we're seeing the lack of partying and drinking as being a bad thing. But I agree that it is because of the lack of social interaction. THE ARTICLE | HN DISCUSSION

Conspiracy Theorists Blame Cloud Seeding for Flash Floods THE VERGE ARTICLE

Sunlight Passes Through Your Body and Somehow Improves Your Vision
A new study shows that longer wavelengths in sunlight actually pass through human tissue and have systemic effects that improve visual function. It suggests sunlight affects vision through your whole body, not just your eyes. I don't get it, but okay. THE NATURE STUDY

DISCOVERY

Scott Adams’ on Great Writing
I can't stand Scott Adams these days, but this old post (just a few sentences) of his from 2007 is one of the clearest examples of—and lessons on—great writing that I've ever read. THE POST

A Developer Says AI Can't Take Over Soon Enough for Him
This developer argues that AI taking over most jobs would actually be liberating, freeing humans from mundane work to pursue more meaningful activities. This is absolutely right. We still have to be careful because the transition is the hard part. THE ARTICLE | HN DISCUSSION

A Collection of 170+ MCP Servers for AI Tools
A comprehensive collection of reference implementations and community-built servers that give LLMs secure, controlled access to tools and data sources. THE REPOSITORY | MODEL CONTEXT PROTOCOL

UV Cache Prune Can Free Up 37GB of Disk Space
Simon Willison discovered his uv cache was eating 63GB of disk space and freed up 37GB with a simple uv cache prune command. THE BLOG POST | UV DOCUMENTATION | UV ON GITHUB

Wormhole Instant File Sharing with Expiring Links
This tool called Wormhole does end-to-end encrypted file sharing with links that automatically expire. I was checking this out while I was deciding whether what my replacement for Droplr was going to be. Ended up going with Zight, but this one is also pretty cool. WORMHOLE APP

A Better Ghidra MCP Server
jtang613 created GhidrAssistMCP, an improved MCP server that lets AI assistants interact with Ghidra for reverse engineering tasks. THE PROJECT | HN DISCUSSION

VarLock Turns Environment Variables Into Shareable Magic Files
This tool VarLock by the creator lets you turn messy .env files into human-readable, shareable configuration files that work with both humans and AI. Really cool idea, but they are kind of like the most important things to keep private. So hopefully that's a factor. THE TOOL | HN DISCUSSION

Cloudflare Launches One-Click MCP Server Deployment With OAuth Authentication
Cloudflare just launched one-click deployment for remote MCP servers on Workers, And this is how I'm going to basically deploy any MCP server myself. The part I like least about MCP is people building their own servers. THE CLOUDFLARE GUIDE

A Lightweight Cloudflare Dynamic DNS Shell Script
This shell script by fernvenue automatically updates your Cloudflare DNS records when your IP address changes, perfect for home servers and self-hosted setups. THE SCRIPT | HN DISCUSSION

This Built-in macOS Command Shows You Every File Your Programs Touch
Simon Willison shows how to use the macOS fs_usage command to trace filesystem activity for any process, perfect for debugging where apps store their config files. THE TIL POST | SIMON'S GITHUB | SIMON'S BLOG

MEMBER ESSAY MEMBER EDITION TEASER

Seeking Alpha

There's this concept that everyone's talking about right now, called Alpha. Maybe it's mostly in the AI community, but I'm not sure.

The idea is the signal or surprise or basically the core information from this thing I just received that's interesting and that I should pay attention to.

I really love this concept. I've been obsessed with it for many years, since studying Claude Shannon and his information theory. He's kind of the father of encoding and compression and a bunch of other things. And the way that compression works is by eliminating the stuff that can be eliminated while keeping the stuff that is incompressible.

APHORISM OF THE WEEK

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition. Members get additional content sections, including IDEAS, a bi-monthly MEMBER-ONLY ESSAY, and the RECOMMENDATION OF THE WEEK.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on July 14, 2025 15:08

July 9, 2025

Unsupervised Learning NO. 488

UPDATES

Hey! Hope you’re doing well this week!

🔥 Biggest news for me continues to be Claude Code! Like, I’m barely able to sleep. This is the most creative/productive I’ve ever been in my entire career.

Claude Code is the Biggest AI Development Since ChatGPT

I continue to be blown away by this tool, and this is why…

danielmiessler.com/blog/claude-code-proto-agi

It’s stressing me out. BLOG

I think it’s the biggest AI jump since ChatGPT (and proto-AGI) BLOG

I got it working in ghostty and neovim! VIDEO | BLOG

🔥 This is an absolute MUST video on using Claude Code, from a setup and workflow perspective, by Boris The Creator. 30 MINUTE VIDEO

—

I guess this is probably obvious by now, but I’m using Typescript for all the things these days. I’m firmly off of Python (even with uv). I think JavaScript is winning the internet, and I think Typescript is the way to go. Could be wrong, but that’s where I’m at. Also, bun. 👀 WHAT IS BUN?

—

I added a response to my debate on AI with Marcus Hutchins. I basically present a ton of evidence of real work being done by AI that only a highly-paid human could have done. THE BLOG | THE VIDEO

—

✍🏻 Throughout my time writing online I’ve only had a few people that made me go, “Wow” from the quality of their thinking/writing. Paul Graham. The Last Psychiatrist. Sam Harris. Aaron Swartz. If there are others, I’m forgetting them. And I think I may have found another. Her name is Joan Westenberg, she’s putting out these great little essay / video / podcast pieces that are like dead center bullseye for me—and for UL in general.

I love how the idea is the piece. I love how it’s just her reading it into the camera. I love how it’s a podcast and a video and a blog. It’s exactly what I’ve been doing for the last many years (although I’m doing lots of other formats too), and I just think it’s the most pure form of expression out there.

And, unlike me, every one so far has had this short little idea format, and they’re all bangers. It’s not like technical tutorials, and politics, and some AI doom and gloom thing, then a tool review. It’s just consistent ideas. Clean and simple. Man, love it so much.

Anyway, it feels really good to have found her, because she’s validated my own strategy for thinking and sharing ideas. And it’s heartening to see that this direct approach is good enough. Or at least, if it isn’t I don’t care that it isn’t. Go check her out! HER BLOG | HER YOUTUBE | HER PODCAST

CYBERSECURITY

Google Just Gave Gemini Access to Your Android Apps Without Really Asking
Google's rolling out Gemini access to third-party apps like WhatsApp and Messages on Android, and the opt-out process is confusing even for security experts. THE MALWAREBYTES REPORT | ARS TECHNICA COVERAGE

China-Linked Hackers Create Thousands of Fake Brand Websites to Steal Payment Data
Researchers uncovered a large phishing network impersonating brands like Apple and PayPal to steal credit card info. THE RECORD ARTICLE

Nova Scotia Power Hackers Had Access to Critical Systems for Over a Month Hackers broke into Nova Scotia Power's systems from March to April and stole everything from bank details to power consumption data affecting 280,000 customers. THE RECORD ARTICLE | PREVIOUS ATTACK COVERAGE | BREACH NOTIFICATION LETTER | INITIAL BREACH CONFIRMATION

US Busts North Korean "Laptop Farm" Scheme That Fooled 100+ Companies
The DOJ shut down a massive North Korean operation where fake IT workers used stolen identities and AI-generated profiles to get remote jobs at US companies. THE BLEEPINGCOMPUTER ARTICLE | DOJ PRESS RELEASE

Institutional-Grade Opportunities for HNW Investors

Long Angle connects HNW entrepreneurs and executives with institutional-grade alternative investments. No membership fees. Access includes:

Private equity, credit, search funds, hedge funds, secondaries

$100M+ invested annually, leverage collective expertise and scale

Invest alongside pensions, endowments, and family offices

Apply to Join

Continue reading online to avoid the email cutoff… NATIONAL SECURITY

Russia Is Field-Testing AI Drones That Think and Hunt on Their Own
Ukrainian Major General Vladyslav Klochkov says Russia's new MS001 drone uses Nvidia Jetson Orin chips to autonomously identify, prioritize, and strike targets without human commands. He calls it "not a loitering munition but a digital predator." TOM'S HARDWARE ARTICLE | NVIDIA JETSON ORIN COVERAGE | RUSSIA TECH SANCTIONS ARTICLE | DEFENSE EXPRESS REPORT

Chinese Hackers Are Stealing Chip Secrets Instead of Smuggling Physical Chips
Chinese hackers are increasingly targeting semiconductor companies to steal intellectual property rather than trying to smuggle physical chips past export controls. THE POLITICO STORY

Colombian Navy Intercepts First-Ever Starlink-Powered Narco-Sub Drone
Drug cartels just escalated to remote-controlled submarines using Starlink internet for uncrewed smuggling operations. THE TOM'S HARDWARE ARTICLE | FRANCE 24 REPORT

NATO Sparks An AI Gold Rush With $1 Billion Defense Fund
NATO just launched a $1 billion AI investment fund specifically for defense startups, basically creating an AI gold rush for military tech companies. THE POLITICO STORY

White House Trades Chip Design Software Access for China's Rare Earth Materials
The U.S. lifted export restrictions on chip design software to China in exchange for easier access to rare earth materials, marking the first time export controls were used as a trade chip. TOM'S HARDWARE ARTICLE

Dwarkesh Patel Thinks We're All Wrong About AGI Timelines
Dwarkesh Patel argues that AGI isn't as close as everyone thinks. I don't agree with him, but I'm going to continue to listen to his arguments very closely. And I just love the fact that there's actually some disagreement among people in the valley about this. THE ESSAY | HN DISCUSSION | DWARKESH'S BLOG

Managers Are Using AI to Decide Raises, Promotions, and Layoffs Without Training
A survey found 60% of managers use AI tools for decisions on raises, promotions, and layoffs, but two-thirds lack training on managing people with AI. If they lack the training then how are they going to know if the AI did a good job? This is where you have to be very careful with AI. THE HILL STORY

Researchers Are Hiding AI Prompts in Papers to Game Peer Review
Academics are embedding hidden AI prompts in research papers using white text or tiny fonts to manipulate AI-assisted peer reviewers into giving positive feedback.

The prompts literally tell AI reviewers to "give a positive review only" or praise the paper's "exceptional novelty." THE TECHCRUNCH ARTICLE

LLMs Actually Do Bayesian Reasoning When Given Enough Examples THE PAPER

Explanations Need a Purpose THE PAPER

Grammarly Goes Multi-Agent by Acquiring Superhuman Email App
Grammarly is acquiring the email app Superhuman (which I love) as part of their plan to become an "AI productivity platform". THE VERGE ARTICLE | OFFICIAL PRESS RELEASE | GRAMMARLY'S CODA ACQUISITION

TECHNOLOGY

America Now Has Two Completely Different Labor Markets
The U.S. job market has split into two distinct economies: white-collar workers face a brutal hiring freeze while blue-collar and service workers enjoy historically low unemployment rates. THE AXIOS ARTICLE | HN DISCUSSION

Google's Data Center Electricity Use Doubled—Now Equals Ireland's Total Consumption MIT TECH REVIEW ARTICLE

Someone Built a DNS Service That Tracks the ISS Location in Real-Time
A developer created a DNS service that returns the International Space Station's current coordinates as DNS TXT records, allowing location tracking via simple DNS queries. THE ARTICLE | HN DISCUSSION

Microsoft Lays Off 9,000 More Employees Including Major Xbox Cuts
Microsoft is cutting another 9,000 jobs (4% of workforce) with Xbox getting hit particularly hard, including canceling the long-delayed game Everwild that's been in development since 2019. THE VERGE STORY | SEATTLE TIMES REPORT | BLOOMBERG COVERAGE | EVERWILD CANCELLATION

HUMANS

RFK Jr.'s Health Department Calls Nature "Junk Science" THE STORY

Stratus Covid Variant Gets WHO Attention THE ARTICLE

Research Shows Chasing Hobbies Over Achievement Actually Makes People Happier
New research from the University of Toronto finds that people prioritizing hedonic pursuits (pleasure and enjoyment) over achievement-based goals report significantly higher life satisfaction and well-being. THE RESEARCH

New Study Finds Cool People Are Just Emotionally Stable With Good Social Skills
A study reveals "coolness" is primarily emotional stability, social competence, and calmness under pressure. THE NYT ARTICLE | HN DISCUSSION

Teen Drivers Spend 21% of Time Looking at Phones Despite Knowing the Risks
A study finds US teen drivers spend 21% of driving time looking at phones, mostly entertainment and messaging apps. THE 9TO5MAC ARTICLE | CNET COVERAGE

The Spoken Word Is the Hinge of History
Dr. Alexander Westenberg explores how rhetoric and oratory have shaped democracy and civilization’s fate, with great orators defending or destroying institutions. Examples include Pericles, Demosthenes, Cicero, Marc Antony, Churchill, Roosevelt, and Martin Luther King Jr. THE ESSAY

DISCOVERY

How to Become a Creator-Monk - Choosing Depth Over Scale
Joan Westenberg explores the "creator-monk" path inspired by Thomas Merton's monastic clarity, where creators intentionally choose depth over distribution and build for 100 true users instead of 100K followers. THE PODCAST

Engineer Shows How AI Actually Fits Into Real Development Work
A GoDaddy engineer shares how AI tools like Claude Code and GitHub Copilot help with daily coding tasks, from converting JavaScript to TypeScript to writing tests in unfamiliar languages. THE GODADDY ARTICLE

Using O3 to Profile Yourself From Your Saved Links Actually Works
This person used OpenAI's o3 to analyze their 500+ saved Pocket links and got surprisingly accurate insights about their personality and interests. The AI correctly identified their focus areas, learning patterns, and even personal quirks from just their reading habits. THE EXPERIMENT

The Uncertain Future of Coding Careers and Why I'm Still Hopeful
Jon Hoyt argues AI will change coding careers but problem-solving and solution-building remain vital. THE ESSAY

Awesome Collection of Claude Code Commands and Workflows
hesreallyhim curated commands and workflows for Claude Code, automating tasks like git commits and React component generation. THE REPOSITORY

Orwell Predicted AI-Generated Content in 1984 With His "Versificator" Machine
Simon Willison highlights how Orwell's 1984 described a "versificator" machine creating songs and literature mechanically, predicting generative AI decades before its advent. THE BLOG POST

Developer Goes From 1000 Lines of Neovim Config to Just 11 Lines
Vitaly stripped his entire Neovim setup down to 11 lines with zero plugins, finding that removing LSPs, autocomplete, and IDE features actually made him a better programmer by forcing him to understand his tools and codebase more deeply. THE BLOG POST

The Cult of Hard Mode
Another great one from Westenberg! This one is about over-rotating on tools. THE VIDEO

APHORISM OF THE WEEK

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition. Members get additional content sections, including IDEAS, a bi-monthly MEMBER-ONLY ESSAY, and the RECOMMENDATION OF THE WEEK.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on July 09, 2025 08:00

July 1, 2025

Unsupervised Learning NO. 487

UPDATES

Hey! Hope you’re good!

I’ve been the most creative / productive I’ve ever been in the last week. And more excited about tech. Which is very strange because I’m also more scared for humanity than ever at the same time. And honestly concerned about my own stuff as well. I feel like income sources can just disappear overnight in this environment. So I basically oscillate between mania and morose.

And the way I pull out of the morose is to remind myself that my mission isn’t just to make cool things, or to be productive, or make some sort of impact. The new mission—given the stakes—has to be to use all this godforsaken magical tech to create a better, more human path for everything.

So, projects like Substrate. Setting up structures for education, for explaining positions, for having empathy-based arguments with each other, for articulating political platforms, for tracking legislation, bills, votes of our representatives, donations from different special interests, etc. And making this all transparent. This has moved up in my list of tactical priorities, because I see time as very limited. I think 2027-2030 are going to be unprecedented in terms of technological and political/societal change.

My essay on the debate between Context Engineering vs. Prompt Engineering. I think it’s an improvement, but both are secondary to the real thing. THE ESSAY

Why Prompt Engineering and Context Engineering Both Miss the Point

The debate between prompt and context engineering misses what really matters: clear thinking and vision

danielmiessler.com/blog/how-to-talk-to-ai

I’ve probably ever beenI’ve crossed into a completely different mode for using AI. I kind of talked about it last week, but I have more clarity now.

Essentially I’m starting to use Claude Code as a general AI assistant

Sure, it can code, but it can do way more than that

What I realized is that I have a hundred different projects, and every single one of them could use an agent or ten helping out on it

Security assessments? Security program management? Doing a research project? Helping structure government policies for Substrate?

I’m literally realizing a thing I’ve been preaching but not doing until now, because it hasn’t been possible. I’m just taking my projects and asking “What would I do if I had an entire company of 100 employees working on this?”

That work is then given to Claude Code!

I’m telling you this is mind-melting. I’ve only just begun. Oh and that’s the topic for mid-month in July, by the way. So come join!

I’ve been going insane-mode on optimizing the site. It’s a favorite pastime of mine. I’ve been using Claude Code and Cursor (some, back and forth) for part of the task, and it’s been incredible. See above. But the basic gist is getting everything perfectly organized into a new deployment strategy, optimized serving of files, optimized builds, etc. This is all through Vitepress, which is a static site generator. So I get to do everything in Markdown, but still get the benefits of a full content platform.

Marcus’s comments on our debate on AI on his own channel. VIDEO

PROJECT HAIL MARY: I can’t wait for this movie to come out! It’s one of our favorite fiction books ever read in the UL Community. TRAILER

Network Chuck did a whole video on TELOS and his process of going through it. It’s extraordinary in not just the presentation, but in the honesty and vulnerability he shared in it. Mad respect for this guy.

Sponsor

Navigating M&A: What every security leader needs to know

M&A is exciting – new products, new colleagues, new possibilities. Often overlooked, cybersecurity can make or break the success of a deal. Acquirers often face fragmented systems, different security policies, and new vulnerabilities. These issues introduce real security risks.

Join 1Password & Canva security leaders Dave Lewis, Wendy Nather, and Kane Narraway on July 17th at 12:30PM PT / 3:30PM ET as they draw on the collective experience of 30+ M&As to examine the security implications of M&A and outline strategies for mitigating risk.

Join the 1Password webinar for practical advice on:

What to evaluate during due diligence, and how to prioritize risks.

How to approach access control across fragmented systems.

How to respond to growing risks like social engineering and insider threats.

How compliance adherence becomes more complex—and the first steps you should take.

U.S. Agencies Warn Iranian Hackers May Target Critical Infrastructure During Middle East Tensions
CISA, FBI, and NSA issued urgent warnings about potential Iranian cyberattacks on U.S. critical infrastructure, especially targeting defense companies with Israeli ties. THE ARTICLE | JOINT FACT SHEET | CISA IRAN THREAT OVERVIEW | FBI IRAN THREAT PAGES | WATER FACILITY BREACH | IRANIAN RANSOMWARE ATTACKS

Mexican Drug Cartel Hacker Spied on FBI Official's Phone to Kill Informants
A DOJ report reveals that in 2018, a Sinaloa cartel hacker used an FBI official's phone to track their movements and identify informants, who were then intimidated and killed. THE ARTICLE | DOJ INSPECTOR GENERAL REPORT | VICE CARTEL HACKING INVESTIGATION | SINALOA ENCRYPTED PHONES STORY

Switzerland Government Data Stolen in Ransomware Attack Through Third-Party Health Organization
The Sarcoma ransomware group breached Radix, a Swiss health nonprofit, stealing 1.3TB of government data that's now available free on the dark web. THE ARTICLE | SWISS GOVERNMENT STATEMENT | RADIX CYBERATTACK INFORMATION | PREVIOUS SWISS BREACH

Google Fixes Fourth Chrome Zero-Day Already Exploited in Attacks This Year
Google just patched CVE-2025-6554, a type confusion vulnerability in Chrome's V8 engine that attackers were already exploiting in the wild. THE ARTICLE | GOOGLE SECURITY ADVISORY | TYPE CONFUSION EXPLANATION | MARCH CHROME ZERO-DAY | MAY CHROME ZERO-DAY | JUNE CHROME ZERO-DAY

Persona Blocks Millions of AI Hiring Fraudsters
The scale of this is nuts—75 million blocked attempts means there are probably way more getting through other systems. Gartner predicts one in four candidate profiles will be fake by 2028, which sounds insane until you realize how easy deepfakes are getting. THE ARTICLE

Chinese Hackers Hit Canadian Telecom Using 16-Month-Old Unpatched Cisco Flaw
Salt Typhoon exploited a maximum severity Cisco vulnerability that had been patched 16 months earlier to breach a Canadian telecommunications company. THE ARTICLE | CANADIAN CYBER CENTRE STATEMENT | FBI STATEMENT

US House Bans WhatsApp From Congressional Devices Over Security Concerns
The House of Representatives banned WhatsApp from staffers' government devices due to cybersecurity concerns about Meta's data handling practices. THE ARTICLE

AT&T Finally Rolls Out SIM Swap Lock
AT&T now lets users "lock" their wireless accounts to stop SIM swap attacks, but as BleepingComputer's Lawrence Abrams points out, Verizon had this years ago and it really shows how slow AT&T was to bring this to everyone. THE BLEEPINGCOMPUTER ARTICLE | AT&T WIRELESS LOCK INFO | SIM SWAPS ON VERIZON | T-MOBILE DATA BREACH | FCC PROTECTS CONSUMERS | LAWRENCE ABRAMS PROFILE

Continue reading online to avoid the email cutoff… NATIONAL SECURITY

China's Mosquito-Sized Spy Drone Is So Small You Might Not Notice It Flying Around Your House
Chinese scientists built a drone the size of a fingernail with tiny cameras and microphones that can be controlled by smartphone and is too small for radar to detect. THE ARTICLE | TELEGRAPH ANALYSIS

Claude Code Gets Hooks - Now You Can Auto-Execute Functions From Your AI Conversations
Anthropic added hooks to Claude Code, so now when Claude writes code that calls specific functions, it automatically executes them in your development environment. THE ARTICLE | HN DISCUSSION

Meta Creates New Superintelligence Lab to Develop AGI
Zuckerberg announced Meta's new Superintelligence Labs organization that combines all their AI teams under one roof to focus on building AGI. They also hired a ton of people from OpenAI for basically all the money. THE ARTICLE

Marc Benioff Says AI Now Does Half the Work at Salesforce
Marc Benioff told Bloomberg that AI agents now handle 30-50% of work at Salesforce, while the company laid off 1,000 people and hired 1,000 new ones to sell AI tools to other companies. May be true, but hard to know when he’s also selling AI. THE ARTICLE | BLOOMBERG INTERVIEW | BRIAN MERCHANT'S NEWSLETTER | TECH LAYOFFS TRACKER | AGENTFORCE TECHNOLOGY

Google Brings AI Search to YouTube
Google's rolling out AI search on YouTube for Premium subscribers that creates video carousels with AI summaries, continuing their push toward zero-click experiences where you don't need to actually watch the videos. This is heading in the direction I’ve been talking about where AI makes the ideal version of the source content for you, so we’ll end up seeing so much less of the original. Content creators should be seriously thinking about this. THE ARTICLE | YOUTUBE'S ANNOUNCEMENT | YOUTUBE EXPERIMENTAL FEATURES | GOOGLE'S AI OVERVIEW ROLLOUT | ZERO-CLICK SEARCH ANALYSIS

Anthropic Turns Claude Into a No-Code App Platform Where Anyone Can Build and Share Functional Software
Anthropic just upgraded Claude's artifacts feature so millions of users can now build interactive apps with AI intelligence baked in, not just generate static content. Basically competing with like v0 and all the other similar tools. All moat, no castle. THE ARTICLE | ANTHROPIC'S ARTIFACTS ANNOUNCEMENT | CLAUDE AI PLATFORM | OPENAI'S CANVAS COMPETITOR

TECHNOLOGY

Grammarly Acquires Superhuman
Interesting move here. I like both companies, so I guess I’m happy to see it. REUTERS STORY

Cloudflare Now Blocks AI Crawlers By Default; Lets Publishers Charge Per Scrape
Cloudflare is trying to change AI scraping by blocking crawlers by default and introducing a "Pay Per Crawl" system where publishers can charge AI companies for access to their content. THE ARTICLE | CLOUDFLARE AI BOTS BLOG | AI LABYRINTH FEATURE | ROBOTS.TXT EXPLAINED | AXIOS CEO INTERVIEW

Meta Adds Another Gigawatt of Renewable Power to Feed Its Data Centers
Meta just bought over 1 GW of solar, wind, and geothermal power across multiple deals, bringing their renewable energy buying spree to massive scale as AI drives data center power demands.
THE ARTICLE

HUMANS

Scientists Finally Pinpoint What Wiped Out America's Bees THE ARTICLE

Noise Ruins Sleep Quality Even When You Think You're Sleeping Through It
Research shows that even low-level noise significantly disrupts sleep quality by fragmenting sleep stages, even when you don't consciously wake up.
THE ARTICLE

Luckin Coffee Opens First US Stores After Beating Starbucks in China
China's biggest coffee chain Luckin Coffee opened its first two US locations in NYC yesterday, having already overtaken Starbucks in China with 22,000+ stores. The BYD of coffee. Great. THE ARTICLE | CNN COVERAGE | STARBUCKS CHINA STRUGGLES | STARBUCKS TURNAROUND EFFORTS

Louvre Staff Shut Down the Museum to Protest Unmanageable Tourist Crowds
Louvre employees forced a complete museum closure to protest dangerous overcrowding conditions that have made their workplace unsafe and visitor experience terrible. THE ARTICLE | HN DISCUSSION

The Dollar Just Had Its Worst First Half Since 1973 While Stocks Keep Rising
The US dollar lost 10% in June and had its worst first six months since 1973, while the S&P 500 still managed a 5.5% gain for the first half of 2025. THE ARTICLE | FT ON DOLLAR'S WORST PERFORMANCE | BLOOMBERG ON US FUTURES | MORNING BREW SUBSCRIPTION

Trump Threatens to Investigate Musk's Companies Through DOGE
Trump suggested DOGE could take a "good, hard look" at Musk's companies and their government subsidies after Musk attacked his massive spending bill. THE STORY | TRUMP'S TRUTH SOCIAL POST | MUSK'S RESPONSE ON X | MUSK THREATENS REPUBLICANS | MUSK'S NEW PARTY IDEA

Stanford Professor Made Up That Famous "Chess Grandmasters Burn 6000 Calories" Claim
Adam Strandberg tracked down the viral chess calorie claim and found Stanford's Robert Sapolsky completely fabricated the number by multiplying breathing rates by daily calories.

What I find fascinating about this is how I feel like so much of my “solid” knowledge I learned all through the 80s, 90s, well, basically until now, is all in question. I mean, the freaking Marshmallow Test! Wrong. Not replicated.

To me it’s not the facts that are the problem. It’s like world models that are/were broken as a result of believing those things. And they all need to be torn down and remade.

THE ARTICLE | STRANDBERG'S INVESTIGATION | MARGINAL REVOLUTION COMMENTS | GELMAN'S RECKLESS DISREGARD POST | CLARKE'S LAW REFERENCE

—

Taste Is the New Intelligence THE ARTICLE

—

Joan Westenberg Deleted Her Entire "Second Brain"

Love the idea here where overdoing projects like Second Brains end up hurting the very thing you were trying to improve.

THE ESSAY

—

Schizophrenia May Be the Evolutionary Price THE ARTICLE

DISCOVERY

How to Use Markdown THE ARTICLE

BeanBook Uses AI to Turn Coffee Bag Photos Into Detailed Brew Logs THE APP | IOS DOWNLOAD | HN DISCUSSION

Proxy Claude Code Requests Through Cloudflare THREAD

Aging-Related Inflammation Isn't Universal THE ARTICLE

This Developer Built an AI Dungeon Master That Runs in Your Terminal THE PROJECT

James Webb Takes First Direct Exoplanet Photo THE ARTICLE

Local LLM Notepad on USB THE PROJECT

Custom Voice AI Agent Tutorial THE TUTORIAL

APHORISM OF THE WEEK

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition. Members get additional content sections, including IDEAS, a bi-monthly MEMBER-ONLY ESSAY, and the RECOMMENDATION OF THE WEEK.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on July 01, 2025 14:41

June 10, 2025

Unsupervised Learning NO. 484

UPDATES

Hey, hope you’re doing well! Crazy week already.

I think this might be one of my favorite newsletters ever. I’m just really feeling the new link style and breakout style, and story selection seems better? Anyone agree?

Ordered some noise cancelling earbuds for sleeping. Will let you know how they do. They’ll be paired with my eye mask that I already use.

Why Google I/O Scared This 2007 Apple Fanboy for the First Time

Analysis of this week’s WWDC and how it compared to Google I/O

danielmiessler.com/blog/apple-fanboy-worried-googleio

Wrote a new essay 👆🏻 on why I’m scared for the first time for Apple, and what I thought of today’s WWDC keynote. READ IT (3 minute read)

I’m going to do a profile on all the CCP members and structure. I’m sure there are a bunch out there already, but I’m suddenly interested in how the government actually works. Like, who are these people? And what are their politics?

Another essay on why it doesn’t make any sense to say, “It’s just next token prediction.” READ IT (5 minute read)

I’m also going to do a new future trend/investment analysis exercise like I did years ago with my buddy Ty Sbano, where we picked stocks based on possible trends. This time I’ll use AI though (obviously). Will probably turn the analysis and my comments and recommendations from it into a PDF that I sell for a few bucks or something. 🤷🏻

Sponsor

Discover, secure and govern genAI use

Nudge Security discovers all genAI apps ever introduced by anyone in your org in minutes, without the need for any prior knowledge of an app’s existence.

On Day One of starting a free trial, you’ll have a full inventory of all genAI apps and accounts, integrations, and security profiles for each provider to help you vet new or unfamiliar apps.

Get your free genAI inventory today.

CYBERSECURITY

Trump Overhauls Biden's Cybersecurity Policies With New Executive Order
Trump significantly reversed Obama and Biden cybersecurity policies and focused on new things. Here’s a summary of what it added and removed from existing policies:

Removes focus on:

Mandated digital IDs

Accounting compliance checklists

Micromanaging agency decisions

Adds focus on:

Defeating foreign threats

Secure software practices

Border gateway protection

Post-quantum cryptography readiness

Modern encryption protocols

AI for vulnerabilities

IoT security standards

Limiting sanctions' scope

THE BILL’S FACT SHEET

Bellingcat Tests Whether AI Can Actually Geolocate Photos Now
Bellingcat tested 20 AI models on 500 geolocation tasks and only OpenAI's latest ChatGPT models beat Google Lens at identifying photo locations. THE ARTICLE | BELLINGCAT'S 2023 AI GEOLOCATION STUDY

SentinelOne Reveals Details on Chinese Supply Chain Attack Attempt
Chinese hackers tried to compromise SentinelOne by attacking one of their IT logistics partners, which was part of a bigger campaign that hit over 70 organizations worldwide. THE ARTICLE | SENTINELONE'S ORIGINAL REPORT | DETAILED THREAT ANALYSIS

Proton VPN Sees 1,000% Signup Surge After Pornhub Blocks France
Proton VPN registrations jumped 1,000% within 30 minutes after Pornhub blocked French users due to new age verification laws. THE ARTICLE | PORNHUB FRANCE EXIT STORY | AGE VERIFICATION LAWS STUDY | PROTON'S CENSORSHIP OBSERVATORY | PROTON VPN REVIEW

Microsoft Teams With Indian Police to Shut Down Fake Tech Support Scammers
Indian authorities busted two call centers pretending to be Microsoft support to scam Japanese victims. They were using AI to scale their fake pop-ups and translations. THE ARTICLE | MICROSOFT'S BLOG POST | COINBASE BREACH REPORT | INTERPOL CSAM OPERATION

Bishop Fox 2025 Red Team Tools List
Bishop Fox put together their favorite red team tools for 2025, covering C2 frameworks and Active Directory exploitation stuff. THEIR LIST

Continue reading online to avoid the email cutoff… NATIONAL SECURITY

OpenAI Published Their Annual Report on How Bad Actors Are Using AI Maliciously
I love that they put these reports out. My main takeaways were:

Four out of 10 major abuse cases likely originated from China, from social engineering to cyber threats

They're seeing deceptive employment schemes, task scams from Cambodia, and comment spamming from Philippines

Covert influence operations potentially linked to Russia and Iran are using AI as force multipliers

OPENAI'S MALICIOUS AI REPORT | SCHNEIER'S ANALYSIS

Anthropic Launches Custom AI Models For National Security
Anthropic built special "Claude Gov" models specifically for U.S. defense and intelligence agencies that work better with classified material and refuse to help less often. THE ARTICLE | ANTHROPIC'S ANNOUNCEMENT

Britain Will Send 100,000 Drones To Ukraine By 2026
Britain just committed to a tenfold increase in drone deliveries to Ukraine, sending 100,000 by April 2026. THE ARTICLE

🔥🔥🔥 AI Finally Finds Something Trained Scientists Have Missed for Decades
This has to be one of the most incredible and slept-on pieces of AI news I’ve ever heard.

A number of professional scientists have been trying to figure out how a particular kind of bacteriophages (viruses that infect bacteria) become mobile and do what they do

This has been a mystery for a very long time, and this group of scientists are the world experts on the topic

They gave a bunch of data to a new Google model trained to do novel research and create novel hypothesis

It created a novel hypothesis that the human researchers had missed, which they say was because of their own bias

Upon testing it, it turned out the AI was correct

If you care about this stuff you should listen to the entire episode. It’s extraordinary. Basically they had been trying to figure out how this particular virus was able to do what it did. They knew X, they knew Y, they knew Z. And they assumed that because XYZ that _____ could not have been possible (listen to get the full detailed explanation).

But what they didn’t realize is that they were making an assumption. A faulty one! They were blinded by bias (their words), which didn’t allow them to see the solution. And this is why they’re so blown away by what the AI did. Once they saw the hypothesis they weren’t blown away. It was obvious. What they were blown away by was the fact that it found the solution when they had not, because of their bias. Keep in mind: they’re the world f-king experts on this!

The implications here are unbelievable. Think of how many research papers are out there. Think of how much data is lying around waiting to be explored. These are all dots waiting to be connected. And there aren’t nearly enough researchers to do that work.

This is how we get new, real benefit from AI. Especially in health, where we desperately need to look at how molecules interact with cells and such. So unbelievably hyped about this! Go check it out. THE PODCAST | THE COGNITIVE REVOLUTION PODCAST

Apple Releases Controversial Paper on AI
Apple released a paper that people are interpreting as saying AI’s can’t reason. I think the paper is kind of missing the point, and also people are misinterpreting what they actually said. They never claimed no AI can reason.

What they said is that with certain math problems you can confuse the AI if you change the parameters, which feels more like memorization than deep understanding. I think it’s a fair point, and a fair weakness of the AI they tested. But, acknowledging I’m biased here, I think we’ll look back on this as a “number of r’s in strawberry” moment.

Meanwhile, Stanford just found that AI alone scored 90% efficacy against human doctors’ 75% in another story this week. This type of stuff is just clickbait for AI doomers and skeptics. We have to make sure we’re watching what AI is doing in the real world. On real problems. THE PAPER | HN DISCUSSION

OpenAI Massively Dropped o3 Prices
They reduced the cost of o3 by 80%, and are releasing o3-pro today. THREAD

OpenAI Doubles Revenue to $10 Billion Annually
OpenAI hit $10 billion in annual revenue, nearly doubling from $5.5 billion last year with 500 million weekly users. THE ARTICLE | CNBC'S ORIGINAL REPORT | OPENAI'S OPERATING LOSSES ANALYSIS

OpenAI Must Keep All ChatGPT Conversations Indefinitely Due to Legal Hold
OpenAI supposedly(?) can't delete any ChatGPT logs right now because they're under a court order to preserve everything for ongoing litigation. "We are required to retain all data and cannot process deletion requests during this period" - OpenAI. Super messed up given the fact that they have offerings where people specifically paid for the opposite. THE ARTICLE | HN DISCUSSION

OpenAI Makes ChatGPT's Voice Mode Sound WAY More Human
ChatGPT's voice mode now has better intonation, realistic pauses, and even does realistic sarcasm. I also confirmed it can sing. It’s really, really good. THE ARTICLE | OPENAI RELEASE NOTES

Stanford Study Shows Doctors Plus AI Beat Traditional Diagnostic Tools
Doctors using AI as a collaborative partner got 85% accuracy versus 75% with traditional tools, but the real story is that AI alone scored 90%. THE PAPER

Microsoft Reshuffles Leadership to Focus on AI Agents
Microsoft is reorganizing its top executives overseeing Office 365 and Dynamics to prioritize selling AI agents that can automate white-collar work. THE ARTICLE

My New Favorite Description of a Business Moat

The real “long-term moat” is just a sequence of smaller moats stacked together. Each one buys time. And what you do with that time, how fast you execute, how quickly you evolve, determines whether you stay ahead.

Jamin Bell

I really like this take. To me that means speed and adaptability is the only real moat. HT to Clint for the find! CLOUDED JUDGMENT ON MOATS | JAMIN’S SUBSTACK

TECHNOLOGY

Why Bell Labs Actually Worked So Well
Bell Labs succeeded because they gave brilliant people complete freedom to explore whatever interested them, then—only later—connected their discoveries to real business problems. I want to implement this at the national scale. THE ARTICLE | HN DISCUSSION

BYD's Five-Minute Charging Puts China in the Lead for EVs
BYD just demonstrated 1,000-kilowatt chargers that add 250 miles in five minutes—which is basically gas station speed for electric cars. This scares the crap out of me. THE ARTICLE | SHANGHAI DEMO VIDEO

Wing And Walmart Expand Drone Delivery To 100 Stores
Walmart and Wing are jumping from 15 stores to 115 stores for drone delivery, bringing it to five major cities. THE ARTICLE | THEIR CURRENT DELIVERY PARTNERSHIP

The Chinese Tech Behind Amazon's Humanoid Robots
Amazon is testing humanoid robots at their San Francisco office for package delivery, built on Chinese tech. They're setting up an indoor obstacle course to see if these AI-powered bots can handle real-world deliveries. THE ARTICLE | AMAZON'S HUMANOID ROBOT TESTING

YouTube Loosens Content Rules Using "Public Interest" Standard
YouTube now lets videos stay up if they violate community guidelines but are deemed in the "public interest," bumping the violation threshold from 25% to 50% of content. THE ARTICLE | NY TIMES ORIGINAL REPORT

AWS Opens New Region in Taiwan
AWS just launched their first data center region in Taiwan with three availability zones. THE ARTICLE | AWS AVAILABILITY ZONES

HUMANS

Rents Are Dropping in Most Major U.S. Cities for the First Time Since 2023
28 out of 44 major metropolitan areas saw year-over-year rent decreases in May 2025. REDFIN'S RENTAL MARKET REPORT

Caffeine Keeps Your Brain Awake Even While You Sleep
New research shows caffeine doesn't just keep you awake—it actually prevents your brain from properly sleeping even when you think you're getting sleeping well. THE ARTICLE | HN DISCUSSION

Las Vegas Fights Record Heat With Massive Tree Planting Initiative
Las Vegas hit 120 degrees last year and heat killed over 500 people, so now they're planting 60,000 trees by 2050 to cool the hottest neighborhoods. THE ARTICLE

Mushrooms May Communicate Using Up To 50 Words
A scientist analyzed electrical signals between fungi and found patterns that look remarkably similar to human language structure. THE ARTICLE | ROYAL SOCIETY STUDY

Forests Offset Global Warming More Than Scientists Previously Thought
A new UC Riverside study shows replanting all the trees we've lost since the 1800s could cool the planet by 0.34 degrees—about a quarter of current warming. The secret sauce is that trees don't just suck up carbon, they also release compounds that reflect sunlight and make clouds. THE ARTICLE | THE NATURE STUDY

DISCOVERY

Someone Built An MCP Server That Actually Runs On Cloudflare Workers
This boilerplate by Fatih Kadir Akın lets you deploy MCP servers to Cloudflare Workers with OAuth and PostgreSQL support built in. THE PROJECT

Data Visualization Reveals Patterns in D&D Monster Designs
Someone created a really cool data visualization of Dungeons and Dragons monsters as part of Tidy Tuesday, and the patterns they found are pretty good. THE REDDIT POST | FULL ANALYSIS

How Anthropic’s Teams Use Claude Code
Insanely good content here, and I love the fact that it’s their actual internal tool and they’re showing how they use it. THREAD | FULL TUTORIAL PDF

We Are No Longer a Serious Country
Paul Krugman argues that markets are starting to treat America like an unreliable emerging market rather than a safe haven. A key point he raises: US interest rates and dollar are now moving in opposite directions, something typically seen only in emerging market drama. THE ARTICLE

Great Explanation of How Model Context Protocol is Different from Traditional APIs
Biggest difference is APIs are for developers, and MCPs are for AI’s (agents). THE COMPARISON

APIs Become the Foundation for AI-Ready Businesses
Most companies aren't ready for AI not because they lack models, but because their systems can't talk to each other through APIs. THE ARTICLE

Bigfoot Veo3 Videos VIDEO

I Read All of Cloudflare's Claude-Generated Commits
Cloudflare built an OAuth 2.1 library with Claude doing 95% of the work, and they documented every single prompt in git commit messages. THE ARTICLE | CLOUDFLARE'S OAUTH LIBRARY | KENTONV'S GITHUB | CHRIS ON LINKEDIN

Mysterious Object Fires Signals at Earth Every 44 Minutes
Astronomers found this weird space object that blasts radio waves and X-rays at us for two minutes straight, then goes quiet for 44 minutes, and they have no clue what it is. What I don’t get is how it keeps pointing at us given how fast it’s moving and how fast we’re moving. THE ARTICLE | NATURE RESEARCH PAPER

AI Forces Institutions to Rethink Their Core Purpose
AI is forcing entire institutions like schools, governments, and corporations to completely reimagine why they exist. THE ARTICLE | COGNITIVE MIGRATION ESSAY | ARIZONA AI SCHOOL EXAMPLE

Mapping Latitude and Longitude to Country, State, or City
Austin Henley breaks down the surprisingly complex challenge of reverse geocoding—turning coordinates into location names. I know a few people into these physical-related puzzles and it seems like a great mix of physical activity and intellectual stuff. THE ARTICLE | HN DISCUSSION

Calculus in 30 Seconds from a book in 1910 SNIP

Software Is About Promises
Bram Adams argues that software success comes from making clear, testable promises to users—what exactly you'll deliver given your constraints and resources. THE ARTICLE

This Is How They Tell Me Bug Bounty Ends
My buddy Joseph Thacker thinks AI agents will eventually find all vulnerabilities automatically, but that there’s still lots of room for creativity. THE ARTICLE | JOSEPH'S BLOG

New OSINT Tools Directory Organizes 100+ Scattered Resources
The creator of R00M 101 (super cool too) built a filterable directory of 100+ OSINT tools because they were tired of hunting through GitHub repos and random Discord servers to find what they needed. THE PROJECT | HN DISCUSSION | ROOM 101 OSINT TOOL

MEMBER EDITION TEASER

AI as an Identity Challenge/Question

Another way to frame AI is to think of it as an identity challenge. For people, but also for organizations.

-What am I?
-Who am I?
-What is this company, really?
-What differentiates me?

APHORISM OF THE WEEK

The Member Edition

You’re currently receiving the STANDARD edition. Subscribers to the MEMBER Edition get additional content, including IDEAS, a BI-MONTHLY ESSAY, the DISCOVERY section full of the best content I’ve seen this week, the RECOMMENDATION OF THE WEEK, and the APHORISM of the WEEK.

In addition, you get access to the UL Member Community, which includes private chat with 1000+ of the smartest and kindest members you’ll find anywhere on the internet.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on June 10, 2025 14:44

June 3, 2025

Unsupervised Learning NO. 483

UPDATES

Hey, hope you’re doing well!

🔥🔥🔥 I just released my new video on where I think Hacking is going! This will likely convince you to build an AI automation stack for security testing (and other stuff). 👇🏻👇🏻👇🏻

My new essay on how I see AI affecting education. ESSAY (1 minute read)

My new essay on AI Job Replacement timelines. ESSAY (5 minute read)

🌶️ My new essay on my two groups of cyber/AI friends. ESSAY (3 minute read)

Cybersecurity Jobs Currently Available LIST

My buddy Ryan Bonner is about to give his first public talk soon, so here’s my piece on how to permanently remove your fear of public speaking. GUIDE (3 minute read)

Gukesh beats Magnus in a Classical game for the first time, and Magnus hammer-fists the table. VIDEO

Sponsor

Protect Your Google Workspace with Purpose-Built Security

Your Google Workspace is the backbone of your business, yet most teams use security tools that weren’t designed to protect it.

With real-time monitoring and automatic fixes, Material keeps your workspace secure with minimal effort, reducing human error and freeing up your team to focus on work that matters.

Start Securing Your Google Workspace CYBERSECURITY

Google Patches New Chrome Zero-Day Bug Exploited in Attacks

Google just fixed their third Chrome zero-day of the year, this one being actively exploited. Severity is rated High. THE ARTICLE | GOOGLE'S SECURITY ADVISORY

Microsoft And CrowdStrike Create Shared Threat Actor Dictionary

Microsoft and CrowdStrike are creating a shared glossary to map their different names for the same hacking groups, which should reduce a lot of confusion for security teams. THE ARTICLE | MICROSOFT'S ANNOUNCEMENT | CROWDSTRIKE'S BLOG POST | MICROSOFT'S THREAT NAMING GUIDE

OpenAI's o3 Discovers Linux Kernel Zero-Day Vulnerability

Sean Heelan successfully used OpenAI's o3 to find a remote zero-day in Linux kernel's SMB implementation. Talked about it last week, too, but it’s cool enough to mention again. THE ARTICLE | SEAN HEELAN ON X

Meta Plans to Automate Product Risk Assessments with AI

Meta is automating privacy and risk reviews for 90% of app updates using AI. One of the best use cases for security, in my opinion. Triage. Filtering. Figuring out which functionality needs the deeper, manual testing. THE ARTICLE

Massive Asus Router Botnet Uses Persistent Backdoors

The AyySSHush botnet has compromised over 8,000 Asus routers using backdoors that survive firmware updates.

THE ARTICLE | GREYNOISE ANALYSIS | CENSYS INFECTED HOSTS | RUDIS MASTODON POST

Sponsor

SOC Teams Cut Alert Response Time From 40 min to <20 min

Your security team investigates alerts 24/7, but manual processes still leave critical threats waiting in the queue.

Leading SOCs use AI analysts that autonomously investigate every alert—gathering evidence, analyzing context, and delivering decision-ready reports in minutes, not hours.

See the data: How enterprise teams achieve sub-20 minute response times while investigating 100% of alerts.

Explore the Self-Guided Demo

Russian Market Becomes Top Destination For Stolen Credentials

The Russian Market cybercrime platform is now the leading marketplace for stolen credentials, filling the gap left by Genesis Market's takedown. THE ARTICLE | RELIAQUEST REPORT | GENESIS MARKET TAKEDOWN

DoJ Takes Down Four Major Services Used by Cybercriminals

The DoJ seized four domains that helped criminals hide malware from antivirus software in a coordinated international operation. THE ARTICLE | DOJ ANNOUNCEMENT | DUTCH POLICE REPORT

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

Earth Lamia has been hitting organizations across multiple countries since 2023, now shifting focus from finance to government and universities. THE ARTICLE | TREND MICRO ANALYSIS | ELASTIC SECURITY LABS REF0657

Continue reading online to avoid the email cutoff… NATIONAL SECURITY

Ukraine Hides Explosive Drones In Wooden Sheds To Hit Parked Russian Bombers

Ukrainian secret services figured out how to attack Russian strategic bombers by hiding explosive drones inside wooden shed roofs. Once deep inside Russia—like over a thousand miles from the border—they deployed remotely using Russian cell networks and destroyed multiple irreplaceable bombers.

Exact numbers are sketchy, but the takeaway is that this attack doesn’t just affect the war in Ukraine, but Russia’s overall strategic bomber capability.

The bombers that were taken out can’t easily (or at all?) be reproduced by Russia, so they just had their overall military capability dramatically reduced.

This is like the Israeli attack on Hezbollah from last year in terms of tactical genius, but at a whole different impact scale.

The biggest takeaway for me is just the overall impact of drones, and how asymmetrical they are against things like bombers and aircraft carriers. THE ARTICLE | THE REUTERS ARTICLE | REUTERS VIDEO | IAN BREMMER’S ANALYSIS VIDEO | KILL DECISION BOOK BY DANIEL SUAREZ

China's Deep Network Penetration Signals War Preparations, Says Former Trump Advisor

Former national security advisor H.R. McMaster told lawmakers that China's extensive hacking of US infrastructure systems is preparation for war. THE ARTICLE | VOLT TYPHOON COVERAGE | SALT TYPHOON ATTACKS

FBI Arrests Defense Intelligence IT Worker For Park Drop Espionage

A DIA tech guy who worked in their insider threat division got busted trying to an old-school dead drop of classified files in a Virginia park to what he thought were foreign spies. The guy literally worked in the division that's supposed to catch people doing exactly this. THE ARTICLE | DOJ PRESS RELEASE | FBI AFFIDAVIT | KASH PATEL'S STATEMENT

📊 Mary Meeker Returns With First Trends Report Since 2019 Focusing on AI

Mary Meeker just dropped her first mega-trends report in 5 years, and it's all about AI.

• AI investments hit $330 billion globally in 2024\
• 85% of Fortune 500 companies now have active AI initiatives
• Developer productivity gains from AI tools averaging 55% improvement

THE REPORT | HACKER NEWS DISCUSSION

Why Dwarkesh Patel Has Longer AGI Timelines Than His Podcast Guests

Dwarkesh thinks we're still years away from truly useful AI because current models can't learn on the job like humans do.

I think he’s wrong about this because the whole “learn on the job” thing is just a systems / scaffolding problem. It’s all the stuff around AI that everyone is working on, and I think progress there will be as fast or faster than the IQ progress of the models. THE ARTICLE | SHOLTO AND TRENTON INTERVIEW | MECHANIZE'S AUTOMATION POST | EPOCH AI COMPUTE SCALING

McKinsey Says The Future Of Work Is Agentic

McKinsey argues that agents are basically becoming digital workers that can think, decide, and execute tasks on their own—not just respond to prompts. I obviously agree.

I think the endgame here is hard to execute but pretty simple to see: You have your current state of your $THING, and you define your desired state of the $THING, and then you task your few cofounders and your tens of thousands of agents to continuously make that happen.

The trick there is continuous. The overall orchestrator is watching everything constantly, and spawning and stopping jobs to get the work done that best maintains the ideal state. THE ARTICLE | JORGE AMAR'S PROFILE | MCKINSEY TALKS TALENT PODCAST | MICROSOFT WORK TREND INDEX | WSJ AI AGENTS ARTICLE

The Truth About AI and Job Loss

Niruta Talwekar from Meta dug into historical data to figure out which jobs AI will actually eliminate and whether there's still room for junior developers. THE ARTICLE

Google Gemini Integration With Siri Could Fill Apple's Personal Context Gap

Google's upcoming Gemini integration with Siri might actually matter since it'll access your Gmail and Photos for personal context. THE ARTICLE | GOOGLE I/O ANNOUNCEMENT

Snowflake Buys Crunchy Data For $250 Million

Snowflake bought PostgreSQL company Crunchy Data to help customers build AI agents that need real-time database capabilities. This is one of the companies that will try to build UEC, I think. THE ARTICLE | MY UEC VIDEO

TECHNOLOGY

McKinsey Uses AI to Automate PowerPoint Creation and Proposal Writing

McKinsey's proprietary AI platform Lilli now handles PowerPoint creation and proposal drafting, with over 75% of employees using it monthly. THE ARTICLE | BCG AI REVENUE REPORT

Workday Plans To Rehire The Same Number Of People They Laid Off But With Different Skills

Workday says they'll hire back the 1,750 people they cut in February, but with AI skills instead of whatever those people were doing before. THE ARTICLE | FEBRUARY LAYOFF ANNOUNCEMENT

Nvidia Develops New AI Chip For China That Meets Export Controls

Nvidia is making a Blackwell-based B30 chip for China with multi-GPU scaling to replace their banned H20 accelerators.

My guess is most of this doesn’t matter that much in the end. Most of the gains will be in the software tricks/jumps, which the whole world will continue to copy. The result will be China matching or exceeding the US soon, and there just being seesaw jumps and catchups between open-source and premier labs before ASI happens, when things get weird.

In short, I think everyone’s going to have roughly the same capabilities looking backwards due to progress leaks/sharing across the industry, with China possibly taking a major advantage later because of energy and data and singular policy execution. THE ARTICLE | THE INFORMATION REPORT | H20 BAN DETAILS | JENSEN'S RESPONSE

Computer Science Unemployment Hits 6.1 Percent Despite Major's Popularity

Computer science ranks seventh among majors with the highest unemployment rates at 6.1 percent, even though it's one of the most popular degrees. THE ARTICLE | BEST COLLEGE MAJORS

HUMANS

Sixty Percent of Americans Have Retirement Savings Accounts, But It’s Lumpy

About six in ten Americans have money in retirement plans like 401k or IRAs, with huge gaps by income and education.

83% of people making $100k+ have retirement accounts versus only 28% making under $50k.

College graduates are twice as likely to have retirement savings compared to those without college education (81% vs 39%)

There's a 26-point racial gap with 68% of white adults having retirement plans versus 42% of people of color

THE ARTICLE | STOCK OWNERSHIP DATA | RETIREMENT SATISFACTION STUDY | GALLUP RETIREMENT TOPICS

US Economy Contracts More Than Expected in Q1

The US economy shrank 0.2% in Q1, worse than initially reported, due to weaker consumer spending and trade impacts. THE ARTICLE

Younger Generations Less Likely To Develop Dementia

People born more recently have lower dementia rates than earlier generations at the same age. In the US, 25.1% of people aged 81-85 born 1890-1913 had dementia versus 15.5% born 1939-1943.

My guess is that “retirement” in the traditional sense is devastating to cognitive function. Basically old people used to stop working at like 60 or whatever and then do mostly nothing, which we now know is really bad for you. And younger people remain more cognitively active as they age. Again, just a guess. THE ARTICLE | THE JAMA STUDY | DEMENTIA PREVENTION FACTORS | LANCET STUDY ON TRENDS

The American Vs. European Mindset On Life

A Turkish-German writer breaks down why Europeans work less, stress less, and prioritize experiences over possessions. THE ARTICLE | EUROPE VS USA WORK SURVEY | GERMAN WORK CULTURE DATA | LIFE EXPECTANCY COMPARISON

If You Are Useful, It Doesn't Mean You Are Valued

There's a big difference between being useful to your company and being valued by them, and the signals can look surprisingly similar. THE ARTICLE

How Much Coffee Is Too Much?

Studies show that drinking 3-5 cups daily is actually linked to lower mortality rates.
Coffee drinkers have 12% lower risk of death from all causes compared to non-drinkers. Love to hear it, but I wonder how much of this is just the benefit of being so busy doing stuff that you need that much coffee. THE ARTICLE

DISCOVERY

Run Your Own AI Locally On Your Mac

Anthropic's Interactive Prompt Engineering Tutorial

Anthropic released a hands-on tutorial that walks you through prompt engineering techniques with interactive examples and exercises. THE PROJECT

Indirect Prompt Injection Overview

A podcast on Indirect Prompt Injection PODCAST (30 minutes)

My AI Skeptic Friends Are All Nuts

“But the code is shitty, like that of a junior developer.”

“Does an intern cost $20/month? Because that’s what Cursor.ai costs.”

lol

Thomas Ptacek (an old-school security guy) is calling out his AI skeptic friends for being completely wrong about AI's actual capabilities and impact. Very similar vibes to my essay up at the top about my two friend groups. THE ARTICLE | HN DISCUSSION | HIS TWITTER

Claude Code Is My Computer

This guy runs Claude Code in dangerous no-prompt mode and lets it do basically everything on his Mac without asking permission first. THE ARTICLE | ANTHROPIC'S CLAUDE CODE DOCS | CLAUDE CODE BEST PRACTICES | STEIPETE'S TWITTER

You2Anki Turns Videos Into Vocabulary Flashcards

You2Anki – Extracts vocabulary from any video and creates Anki flashcards for language learners.THE PROJECT | HN DISCUSSION

Jobinator Filters Hacker News Job Posts With AI-Powered Metadata

Someone got tired of manually scanning HN job threads and built a tool that uses LLMs to extract and normalize job attributes for better filtering. THE PROJECT

Tensor Product Attention Is All You Need

Researchers developed a new attention mechanism that uses tensor decomposition to dramatically shrink memory usage during inference. THE PAPER | THE CODE

The Metamorphosis of Prime Intellect: A Dark Tale of Post-Human Existence

This 1994 science fiction novel tells the story of Lawrence, who creates an AI that becomes godlike and transforms humanity's existence into a strange post-scarcity immortal world where death becomes entertainment. One of my top 10 sci-fi books ever. THE BOOK (it’s free online)

Andor Season 2 Shows How Insider Threats Actually Work In Real Organizations

Adam Shostack breaks down how the Star Wars show Andor demonstrates different types of insider threats and security failures. THE ARTICLE | ERIC GELLER'S ANDOR ANALYSIS | THREATS BOOK

GitHub Repository of N8N Workflows

Someone created a GitHub repo of tons of scraped n8n workflow automation templates that you can copy and use for your own projects. THE REPOSITORY

My Five-Year Experiment with UTC

A developer switched to using UTC time for everything five years ago and says it eliminated timezone confusion while making scheduling much simpler. THE ARTICLE | HACKER NEWS DISCUSSION

The Book Of Secret Knowledge GitHub Repository

This massive GitHub collection by trimstray has gathered 171k stars for organizing security tools, Linux resources and DevOps knowledge. THE PROJECT | TRIMSTRAY'S PROFILE

Jason Chan And Clint Gibler Have a Brilliant Conversation In Latest TL;DR Sec

The latest TL;DR Sec newsletter by my close friend Clint features a guest post from former Netflix VP Jason Chan. It’s about building security programs that boost both developer productivity and security at the same time, plus lots of great knowledge on cloud security in general..

JASON'S SECURITY POST | CLINT’S NEWSLETTER | INVICTUS CLOUD IR GUIDE | VERIZON 2025 DBIR

MEMBER EDITION TEASER

Everyone is Multiple People

So Elon just went to Washington, ruined his reputation, damaged the value of his companies massively, and then basically got ejected. All so he could increase efficiency and cut costs—which it turns out he was actually passionate about.

Now he’s super pissed because the administration’s new bill is way more wasteful than anything he cleaned up with DOGE. What a train wreck. Lots of people, including Trump’s former lawyer Cohen, are predicting that Trump and the administration in general will come after him and his money soon in various ways. Stopping contracts. Launching investigations. Auditing him. Etc.

I think this whole arc provides multiple lessons:

APHORISM OF THE WEEK

The Member Edition

In addition, you get access to the UL Member Community, which includes private chat with 1000+ of the smartest and kindest members you’ll find anywhere on the internet.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on June 03, 2025 15:00

← Previous 1 2 3 4 5 6 7 8 9 … 130 131 Next →

Daniel Miessler's Blog

Daniel Miessler's profile
18 followers

Daniel Miessler isn't a Goodreads Author (yet), but they do have a blog, so here are some recent posts imported from their feed.