Daniel Miessler's Blog, page 12

Hire top quality penetration testing - Hire Kulkan

Hey there!

Tons going on this week. Prepping for some paid talks, some travel, a product launch, and working on a whole bunch of new content.

I’m honestly just so happy to be alive at this moment in human history. I’m like constantly excited by all the opportunities available to people willing to grab a problem and start learning and building.

Hack, build, grind, appreciate. That’s my current vibe.

Ok, let’s get to it…

MY WORK

My new essay that introduces the Efficient Security Principle.

Efficient Security Principle (ESP)

A way of explaining why security's baseline is so low in places, and why it's so hard to raise.

danielmiessler.com/p/efficient-security-principle

A couple really sick new Fabric patterns this week. Have used these TONS already!

🔥This one analyzes your writing based on Steven Pinker’s The Sense of Style, which is my favorite book on writing. It’s called ⚙️analyze_prose_pinker and it scores your prose according to what he teaches in the book, and gives you recommendations for how to fix it. THE PATTERN | THE RESULT OF RUNNING IT AGAINST MY LATEST ESSAY

🔥This one extracts the recommendations made in any major book. Absolutely incredible. ⚙️extract_book_recommendations takes any book name as the input and gives you all the lessons from it! THE PATTERN | THE RESULT OF RUNNING IT ON MAN’S SEARCH FOR MEANING

And here’s its sister pattern ⚙️extract_book_ideas that extracts the ideas instead of the recommendations. THE PATTERN

SECURITY

Researchers found a way to extract secret keys from Apple's M-series chips. The flaw exploits the chip's data memory-dependent prefetcher, which basically confuses code and data during cryptographic operations. We’ll have to wait and see how real-world the attacks will be. MORE

The integration of drones with digitized command and control systems and new-era sensor networks is massively upgrading U.S. military capabilities. This combination, known as the "Transformative Trinity", which saved the dystopian movie writers some time. MORE

💡There’s never been a better time to read Daniel Suarez’ Kill Decision, which was all about autonomous drones. Seriously good.

The DHS outlined its comprehensive strategy to tackle AI risks. They're launching independent evaluations and a HackDHS event to find and fix vulnerabilities in AI systems. MORE | THE ROADMAP PDF

A Canadian man living in China got arrested in New York for trying to sell Tesla's secret battery tech to undercover agents. MORE

Sponsor

Hire Kulkan as your Penetration Testing Partner to Uncover Hard-to-find Vulnerabilities

Kulkan prioritizes deep-dive manual security reviews of your technology. Our experts dissect your software and infrastructure, to find vulnerabilities beyond basic scans, and identify issues that once remediated can truly reduce security risk

Experience The Kulkan Way:

In-depth Analysis: We dive deep into the logic and integrations unique to your environment.

Human Insight Over Automation: We leverage the irreplaceable value of creative humans.

Comprehensive Reports: Our reporting adapts to your existing ticketing systems and needs.

Ongoing Support: Post-assessment, Kulkan provides continuous guidance for long-term security resilience. We aim to be Partners, not just a vendor.

www.kulkan.com

Canada is rethinking its ban of Flipper Zero, focusing instead on preventing misuse by car thieves. Glad they’re waking up on this one. MORE

🚨 Ivanti has patched a critical bug in Standalone Sentry, reported by NATO, that could let attackers run commands without authentication. | CRITICAL | RESPONSE: Immediate patching advised. | MORE

🚨 Beijing-backed cyberspies, Earth Krahang, have hit over 70 organizations worldwide, focusing on government entities. MORE

🚨 Atlassian has patched a critical SQL injection bug in Bamboo Data Center and Server, tagged as CVE-2024-1597 with a top severity score. | CRITICAL | RESPONSE: Urging users to update immediately. | MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

I and other AI builders have seen something really weird where Anthropic’s Haiku—its smallest model—scores nearly as good (or sometimes better) than Opus or GPT-4. Completely insane. Look at this result below comparing all three models’ analysis of Jonathan Haidt’s recent conversation with Rogan.

Click to enhance

It’s hard to tell that one is absolutely worse or better than the other! That being said, I have seen many cases where Haiku scores way worse (prose analysis, for example). I’m going to do more research on what the difference is.

A lot of people are reporting that GPT-5 will be out this summer, but Sam didn’t actually say that in his interview with Lex. What he said was that something good would come out soon. Others have said it could be like a mini version just to hold off the dogs—like a 4.5 release or something. Either way I can’t wait for it to leapfrog the pack again. MORE

Nvidia is patterning with Hippocratic AI to introduce AI "nurses" for virtual patient care tasks. They’re AI avatars you actually talk to, they’ll cost $9 an hour, and they’re being tested in over 40 healthcare providers. MORE

💡Most of the benefit we’ll get from AI in the first few years will be from it doing work that otherwise would not have been done at all. Not much of a competition when the alternative is nothing. Crappily done work will be replaced next, then up the chain.

Of course they’ll all happen at the same time. But we’ll notice most when it covers gaps that simply weren’t covered before, e.g., therapists, tutors, asteroid watchers, skin cancer screening, etc.

The US Department of Justice, alongside 16 state and district attorneys general, has filed an antitrust lawsuit against Apple, accusing it of maintaining an illegal monopoly in the smartphone market. They claim Apple's practices drive up prices for consumers and developers by imposing restrictive rules and limiting access to critical phone features. MORE | MY PRO-APPLE-BIASED ANALYSIS OF THE LAWSUIT

Apple's iPhone 15 is now being assembled in Brazil in addition to other places. Meanwhile Tim went to China to convince them everything’s ok with the relationship. MORE

Apple and Tesla are losing marketshare in China as national loyalty rises and domestic brands like Huawei start to dominate the market. MORE

💡Spicy Take: One of China’s greatest strengths is its Nationalism. Nationalism is a good thing—in moderation. They have too much. Most bad countries have too much. The US doesn’t have enough.

Actually, the far left in the US doesn’t have enough, and the far right has way too much. We need a new center that has a significant amount.

👉 Continue reading online to avoid the email cutoff issue 👈

HUMANS

Israel's government is reportedly running covert ops at US universities to silence pro-Palestinian voices. MORE

💡It’s remarkable to me how much the words “marketing”, “counter-propaganda”, and “information operations” blur together and separate depending on your tribe and beliefs.

The same type of content could be considered an information op, or marketing, or propaganda, or counter-propaganda depending on which side you’re on.

Measles was declared eliminated in the U.S. in 2000, but we’re now seeing new outbreaks due to anti-vax movements. MORE

Long COVID brain fog might stem from damaged blood vessels letting unwanted substances into the brain. MRI scans showed that in patients with brain fog, a dye indicating blood vessel damage leaked into brain areas crucial for language and memory. MORE

Young people are now less happy than older generations, marking a significant shift in global happiness trends. The 2024 World Happiness Report shows young North Americans are particularly affected, with their happiness levels driving the US out of the top 20 happiest nations. MORE

Stanford researchers suggest Alzheimer's might stem from fat buildup in brain cells, not just amyloid plaques. They discovered that the APOE4 gene variant, linked to higher Alzheimer's risk, moves more fat into brain cells. MORE

A UC Berkeley professor is getting attacked for telling a student to get out of artillery range of San Francisco and San Jose if he wants to find a girlfriend. MORE

Weather forecasts have massively improved, with four-day predictions now as accurate as one-day forecasts were 30 years ago. It's fascinating that 7-day forecasts, once a coin toss, are now highly accurate. MORE

Germany just legalized recreational marijuana. MORE

Blu-ray is making a comeback due to streaming becoming expensive, complex, and spotty on coverage. Plus Blu-ray still has the best quality. MORE

Cancer cases in people under 50 have surged by 80% from 1990 to 2019. MORE

Married people are thriving way more than their unmarried counterparts, according to a decade-plus Gallup study. MORE

Bidets are getting way more popular in the US. Finally. MORE

💡I’m not sponsored by Toto, but the TOTO Neorest Bidet toilet is like the best investment you’ll make in your house. Warm seat. Warm water. You get it.

Trust me on this. They’re expensive, but you can go with the seats instead if you want to get 90% of the benefit for like ¼ the cost.

Toilets are like bedding, underwear, and other types of constant-exposure things. Think of the quality difference multiplied by the amount of exposure over a lifetime. That’s your ROI.

MY RECOMMENDATION | THE SEAT-ONLY OPTION

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

💡A New Way of Thinking About the Economy

I’m starting to think of everything in terms of Framing. Like I said recently, I think it might become my Unified Theory. I think this might explain why so many see economics as like a partial science, with a lot of people saying it’s just speculation and luck.

In the Framing model, things become a lot more about vibes. Hype dynamics. Sentiment. Belief. Combined with luck. And also subjective interpretation (framing) of results.

And it crosses into politics as well, which is much the same. You can have the same data, like Biden avoiding a full recession, and if you’re a Trump person you think that happened DESPITE Biden, but if that happened during Trump it would have been his win.

Same for the economy. It might massively take off under Trump. Like MASSIVELY. Because of vibes. And hype. And belief. Which in turn becomes behavior, which then returns real results.

In short, I’m starting to think Framing is a lot more real than I gave it credit for. And now that I’m seeing things that way, I can’t unsee it.

I think we should re-think how we use the term “technical”, which I laid out in a tweet thread here.

There’s bias around the word “technical” that is often used to diminish people—often women—who are doing crucial work.

1/n

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 (@DanielMiessler)
Mar 22, 2024

NOTES

I have all four (five?) of the AI devices on order. Rabbit, Humane, can’t remember them all. Plus the new cheap ones. I’m all in.

The AI device I need the most is just something that records conversations and sends them to a place I can process them with AI.

So,

- transcription
- pulling out key points
- creating follow ups
- etc

All that I can do myself.

I just need the text.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 (@DanielMiessler)
Mar 24, 2024

I’m going back to my OG style of news summary, which is usually a single sentence. And then then when I have more to say I can add a sentence or two or do an 💡breakout, or a full essay. Let me know how you like the mix.

I’m re-reading Steven Pinker’s The Sense of Style. I try to do so every 2-3 years or so. It’s my favorite book on writing.

Broke down again and re-subscribed to the Twitter API. $100 is expensive, but I do value the feed, and there are certain things I need full tweet access for. Can’t wait to make full use of it.

I also created a new Fabric Pattern based on the book. It’s called ⚙️analyze_prose_pinker and it analyzes your prose according to what he teaches in the book, and gives you recommendations for how to fix it. MORE

Just getting into 3 Body Problem on NETFLIX. I love how different it is, and how much I can’t remember the details because I read the books so long ago. MORE

DISCOVERY

⚙️🔥 Opus Clip — Automatically creates shareable clips from videos for platforms like TikTok and YouTube Shorts. HT to Jason Haddix for showing me this one. | by Opus Clip | MORE

⚙️RAGTune — An Open-Source tool for tuning and optimizing RAG pipelines! | by Misbah Syed | MORE

⚙️ Gourlex - Takes a webpage and returns all URLs on the page. | by trap-bytes | MORE

🛠 OpenDevin is an open-source project aiming to clone and improve Devin, an AI that can autonomously engineer software. | by Junyang Lin | MORE

Unreal Engine 5.4's latest update is so realistic it's hard to tell it's not actual movie footage. MORE

Luck as a Skill MORE

The secret to a meaningful life? — Committing to a long-term, ambitious vision that pushes you to grow smarter, wealthier, and mentally stronger. MORE

A guide to ESPPs and RSUs MORE

Prompt Injection and Jailbreaking Are Not The Same Thing | by Simon Willison | MORE

RECOMMENDATION OF THE WEEK

Think about your Hedonic Baseline.

I’ve been getting pretty good about thinking about my life during normal moments, like walking down stairs, or walking to my car. Just appreciating utterly mediocre moments.

I use the stoic technique of imaging that that thing is gone. I’m on Mars looking at Earth through a telescope, telling stories about how nice it used to be, where you could just go for a walk by a mountain, and smell the air or whatever.

I make a full list of the things I’m taking for granted right now. My relationships. Mobility. The ability to think. Being in the Bay Area at this crazy moment. Etc. And I imagine those things gone.

I actively cultivate appreciation by lowering my Hedonic Baseline. Like what’s the minimum expected stimuli that would make me happy? Imagine yourself without all the great things you have, and then when you realize you have them you appreciate them more.

Think about what you have. Think about them by subtraction.

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶

Yours,

Like • 0 comments • flag

Published on March 25, 2024 13:12

Efficient Security Principle (ESP)

One of the hardest things about being in information security is the frustration.

The longer you’re in the field the more you’re exposed to ridiculously insecure systems that nobody seems to want to fix. We know how to fix them. We often have the money. And security people are explaining—at maximum volume—exactly how to do it. But it doesn’t happen.

I’d like to propose an explanation and name for this phenomenon—the Efficient Security Principle (ESP).

In other words, the way we know something has the “right” amount of security —acceptable, not ethically or morally—is when people just keep using it. There are countless examples.

Online companies, when they get hacked constantly

Email use at companies, when it’s the #1 way to get compromised

Online banking, when fraud is constant

Front door locks, when they’re trivial to pick

The internet in general, when we know it’s an open wound

We use these things anyway because the value they provide massively outweighs the security risks in our minds.

The moment enough people stop using something due to security being too bad, the baseline goes up. And not before.

How to use this principle

If You’re a Technical Security Expert
Security experts often believe the level of security for a given system is much lower than it should be. Which makes sense. We’re close to it. We see the depth of the problems. And we know how to make it better.

Recommendation: Realize that it’s not about us as technical security experts. Realize that it’s about the bigger system, which is primarily concerned with the functionality they’re getting from an offering, not with its security risks. If people in general know the risk and they’re still taking it, that’s just because they value the offering that much. Don’t take it personally.

If You’re a Security Leader
Even security leaders within large organizations can become disillusioned because they don’t see their programs being taken seriously. Just like the technical implementers, they know how to improve security and they can get quite upset when nobody is listening.

Recommendation: First, make sure the baseline is actually where people think it is. If there are security gaps that the company—or its users—don’t know about, make those visible to close the gap of knowledge and get additional support. Second, find innovative ways to raise the baseline in a way that doesn’t inconvenience the company or its users. They may not want to spend much extra effort to raise the baseline, but they won’t object if it goes up without effort on their part.

Summary

The Efficient Security Principle says that security is only as good as it needs to be to keep people from abandoning the service, and that the more popular or essential the offering, the lower the security can be.

Progress is still possible—especially through policy change and regulation—but it mostly comes gradually, at glacial speeds, or in fast jumps from major incidents. But security experts loudly calling out how low the baseline is, and gesturing wildly towards the solution, seldom results in change.

Passionate security experts struggling with low security baselines should absorb this truth so their mental health and job satisfaction don’t suffer unnecessarily.

NOTES

Thanks to Saša Zdjelar and Clint Gibler for their insights while talking through some of these ideas with me, and Saša for the email example.

The principle applies most to very large systems, like the internet, or the overall security of a massive publicly-traded company, not granular or small-scale mechanisms.

There is a natural, glacial upgrade of all security just generally as a result of technical improvement, and within companies that are working on it diligently. If it’s invisible enough, the change can come naturally in a way that doesn’t bother users, which is technically a lifting of the baseline. But it’s so gradual that it doesn’t really apply to a given point of time when someone is wondering why security isn’t better.

Saša Zdjelar points out that SMS is a good example of where the danger became too great and a global push happened to phase it out in a relatively short amount of time.

There are also Security Blindspots where security experts know something that the public doesn’t. So they’re using the offering now, but if they knew how bad it really was, they might not. That’s a special case that doesn’t apply here. This principle deals with the situation where the functionality is deemed more important with full knowledge, not with situations where knowledge is unavailable or withheld.

I wrote a similar essay about this in 2018 called Why Software Remains Insecure, but didn’t call out the concept as a principle.

Pardon the formal, “I’m so smart” tone of the piece. I’m trying to make it evergreen, and thus remove any hesitation or personality from it. It’s really still just a capture of a Frame of thinking that I find useful, and I’ll continue to upgrade it as I see opportunities for improvement.

Like • 0 comments • flag

Published on March 25, 2024 11:43

March 19, 2024

The AI Coin-sorter Analogy

I’ve had this analogy in my mind for a while for AI. Specifically, neural nets.

Imagine a coin sorter with a flat surface the size of the sun.

So the idea for sorting coins is that you just throw random coins at it, and they fall into the system and bounce around and get filtered into certain paths.

But in this system, the openings on the surface don’t just have a few sizes of openings, but billions. All different shapes and sizes of slots. And there are also billions of different sizes of coins.

And when you throw coins (data) at the surface of the sun, that’s what changes the shapes of the slots.

But then, it’s actually layer upon layer underneath. And the billions of shapes of the slots on the top layer then shape different shapes and sizes of the slots on the layers below. Also billions.

And it does this for multiple layers.

Now, once you have that in your mind, now imagine that it’s not actually coins. It’s data coming in. Data in the form of light.

Light from Earth.

The Earth is a giant flashlight. It’s shining all the knowledge of humanity at the surface of the Sun.

And as that light hits the full surface of the sun, it carves billions of tiny nooks and crannies into the top surface, which shapes the nooks and cranies on all the thousands of layers below.

Until finally—on the other side—light comes out. And that light is the wisdom of “AI”.

A shapeable object

Here’s why I like this visualization.

It shows how the data shapes the filter.

It shows that the light that comes out the other side is the result of both the light and the filter.

It shows that the thing isn’t foreign!

#3 is my favorite.

When all of humanity’s knowledge is sent to the Sun, that’s what shapes the Sun. That’s what burns all those intricate patterns into its layers.

The filter isn’t a separate thing. The filter is Earth’s data, burned into a shape.

And thus, the output of the filter also isn’t foreign.

It’s just a view of what we sent it.

Like • 0 comments • flag

Published on March 19, 2024 10:19

UL NO. 424: Raising Security's Floor

👉 Continue reading online to avoid the email cutoff issue 👈

TOC

kolide.com/unsupervisedlearning

Hey there!

Added some really sick Patterns to Fabric this week!

⚙️create_better_frame: Takes any type of input where someone is presenting, interpreting, or commenting on the world, and does two things: 1) it creates negative frames for seeing that content, and 2) offers more positive frames. Basically, it provides a positivity filter for any given input, should one choose to accept it. MORE

⚙️create_academic_paper: Takes any bullet points, article, essay, or anything else you’ve written, and turns it into a LaTeX-formatted academic paper format! MORE

Also, for anyone with a git repo, summarize_git_changes is a great way to see and share updates on recent progress. MORE

cd yourgitrepo

git log --pretty=format:"%h - %an, %ar : %s" --stat | head -n 500 | fabric -sp summarize_git_changes

Fabric’s latest updates

Also, Threshold (UL’s first commercial product) is imminent! Like I’m already in there and using it, and we’re making final tweaks now. It’ll launch in Preview, meaning there will be lots of changes in the next few weeks, but it will be useful from Day 1.

Can’t wait to share it. Hopefully this week and then in next week’s newsletter.

Ok, let’s get to it…

MY WORK

Personal AIs Will Mediate Everything

What happens to user-facing businesses when humans aren’t the things interacting with products?

danielmiessler.com/p/personal-ais-will-mediate-everything

A Conversation with Jason Meller of Kolide/1Password - Unsupervised Learning

In this sponsored conversation, I speak with Jason Meller. Jason is the founder of Kolide, which has just recently been acquired by 1Password. We discuss: - Collide's acquisition by 1Password - The synergy between Collide and 1Password - The challenge of password management - The concept of device trust and zero trust - The limitations of MDM solutions - Engaging end-users in security remediation - The philosophy behind Collide's approach - The importance of human-friendly security solutions - Future plans for Collide under 1Password - The potential for broader application of Collide's technology Jason and I see a lot of things the same, and I really enjoyed this conversation and think you will too.

omny.fm/shows/unsupervised-learning/a-conversation-with-jason-meller-of-kolide-1passwo

SECURITY

🚨This is a collection of full-video deepfakes that are seriously concerning. They’re generated by a commercial model, not like a government. MORE

💡We seriously need to build like a global Snopes platform. Like before the elections.

Idea: You get a bunch of Left people, Center people, and Right people and you build a platform that does like Snopes used to do with internet claims. It basically shows the content, and gives an analysis of why you should believe it, why you shouldn’t, and then a verdict. Plus you can have the platform be like a collection point for pro-con arguments, in super concise form. And yeah, it’ll use AI to do a lot of that collection and summarization.

Something like:

—

SITUATION: There’s a video of Obama saying it’s time for a pre-emptive strike against Mayanta.

ANALYSIS: The video is currently being analyzed by multiple experts. Here is what has been said so far:

Fox News Analysis: The video appears to be fake, created by _____. SOURCE

ONN Analysis: No evidence that the video is fake. SOURCE

CISA Analysis: This is a deepfake, read our analysis here. SOURCE

Brietbart: Obama has said similar things in the past so there’s no reason to disbelieve it. SOURCE

CURRENT CONCLUSION: Given the current evidence, we are ALMOST CERTAIN that this video is a deepfake, using Kent’s Words of Estimative Probability.

We need this service. And as Dan Kaminsky used to say, “We have the technology.”

The Left/Right cooperation won’t be perfect, of course, but it’ll be 1,000% better than nothing.

These deepfakes are too good for us not to have any trusted place for people to verify things.

There’s a supposed data leak of data on 71 million AT&T customers, but AT&T says it’s not from their systems. MORE

Someone built an AITM (Active In the Middle) attack tool using just 174 lines of code on Cloudflare Workers. It can supposedly fully bypass MFA on Microsoft accounts. MORE

Leaked documents reveal a Chinese hacking group's systematic attacks against 20 foreign governments and companies, including detailed operations and targets. MORE

Sponsor

🔍Enhance Enterprise Security: Ensure Device Trust and Protect Your Data!🔍

When you go through airport security, there's one line where the TSA agent checks your ID, and another line where a machine scans your bag. The same thing happens in enterprise security, but instead of passengers and luggage, it's end users and their devices.

These days, most companies are pretty good at the first part of the equation, where they check user identity. But user devices can roll right through authentication without getting inspected at all. In fact, 47% of companies allow unmanaged, untrusted devices to access their data. That means an employee can log in from a laptop that has its firewall turned off and hasn't been updated in six months. Or worse, that laptop might belong to a bad actor using employee credentials.

Kolide finally solves the device trust problem. Kolide ensures that no device can log into your Okta-protected apps unless it passes your security checks. Plus, you can use Kolide on devices without MDM, like your Linux fleet, contractor devices, and every BYOD phone and laptop in your company.

Visit kolide.com/unsupervisedlearning to watch a demo and see how it works.

Watch a Demo

SpaceX is contracted to build a spy satellite network for a US intelligence agency. Makes sense. I can’t think of a cheaper and more reliable way to get a lot of satellites into space. MORE

Rohan Pandey modified llama2 to un-redact an email from Elon to Illya. MORE

Burglars are starting to use Wi-Fi jammers to knock out security cameras, making it harder to track them down afterward. MORE

Sponsor

VIRTUAL OPEN SOURCE POWERED SECURITY CONFERENCE

Join us for Hardly Strictly Security: The Ultimate Open Source Cybersecurity Conference. Mark your calendars for April 25th. This free, virtual conference is for security engineers, red teamers, bug bounty hunters, security leaders, and anyone who wants to celebrate and continue to leverage the power of open source to make our world more secure.

hardlystrictlysecurity.io

Join Us!

A Chinese company's leaked documents reveal a massive global hacking campaign. MORE

Fortinet has disclosed a critical SQL injection flaw in FortiClientEMS that could let attackers run code on systems. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

Steven Hao gave Devin access to his work stuff (questionable?), and it’s basically doing his job for him. Devin is even posting on Slack and asking questions, and using the responses to continue when he gets stuck. MORE

💡The amount of hate and hype towards Devin has been extraordinary. Definitely go check it out if you haven’t yet. It’s basically a code automation agent that does better than previous attempts.

Midjourney's new "Character Reference" feature finally lets you recreate the same AI character in different situations. Can’t wait to play more with this. MORE

Elon Musk open-sourced Grok, but not completely. They didn’t release any of the code required to train it. MORE

💡As I talked about before, I think we should only call a model “open source” if they release 1) the weights, 2) the data, and 3) the full training methodology—including code.

Covariant is launching RFM-1, aiming to bring ChatGPT-like capabilities to robots. This platform could revolutionize how robots understand and interact with the physical world, making them more adaptable and intelligent. MORE

💡AI is big. Robots are big. But the biggest is AI in robots.

Finland is rolling out a giant 'sand battery' to store heat in winter, showing 1 MW of power and a 100 MWh capacity. The technique uses excess electricity to warm sand and can meet a week's heat demand in winter with minimal energy loss. MORE

Nvidia's getting into humanoid robotics with its new AI platform, GR00T. The platform is designed to support a wide range of humanoid robots, including big names like Agility Robotics and Boston Dynamics, marking a significant push into the sector. Massively impressed with Nvidia right now.

👉 Continue reading online to avoid the email cutoff issue 👈

HUMANS

Hong Kong is implementing a new, Beijing-driven stringent security law that goes after treason and other types of dissent. The penalties are harsh, with up to life in prison. Hong Kong continues to get phased out, with China phased in. MORE

Midjourney is blocking AI-generated images of Trump and Biden going into the 2024 election. MORE

The U.S. unexpectedly added 275,000 jobs in February, surpassing economist predictions. But the unemployment rate went up slightly, to 3.9%. MORE

A really good thread here on Hacker News about experienced programmers not being able to find jobs. OP and commenters have a theory for why it’s happening. MORE

Some schools in England are adopting super strict policies, inspired by the Michaela Community School's success, to improve student behavior and academic outcomes. These schools enforce rigid routines and discipline, believing it helps disadvantaged students succeed, despite criticism of the approach being oppressive. MORE

💡I’ve been expecting to see a lot more of this, actually. Not just for disadvantaged students—which I can see it being great for—but for everyone. Reminds me of all the Man camps going on where you learn survival and hunting and stuff.

I see this as a counter to life being good, basically. Life for most people is fairly easy in terms of not being in danger, having enough to eat, etc., and people want to build character.

It’s hard to build character when everything is easy. So we should expect to see a lot more of making things artificially hard—on purpose—to help strengthen ourselves.

Like Stoic Resilience Training (SRT) or something. I’m for it, as long as it doesn’t get too out of hand.

Young men and women are drifting apart politically, with women going way more Left, and men staying largely the same. MORE | MORE

John Barnett, a former Boeing whistleblower, was found dead amid a lawsuit against the company. He exposed safety issues, including a 25% failure rate in emergency oxygen systems. MORE

🚨Toronto Police suggest leaving car keys at the front door to dodge violent run-ins with car thieves. It's a bit like saying, "Take my car, not me." MORE

💡This is how you get Republicans elected, and eventually—if things aren’t fixed—far-right governments like we’re seeing all across Europe.

Liberals can’t let Conservatives be the only people who enforce laws and maintain security. Or they can, but there will be consequences.

“They voted for THAT guy? Wow, the voters are evil and stupid!” Maybe. But people also like feeling safe. As usual, the answer is a hybrid:

Enforce laws strictly, largely as if criminals had a choice.

Invest heavily in at-risk groups before they commit crimes, largely as if they don’t.

Recent Boeing incidents have sparked far-right conspiracy theories about diversity causing intentional failures. Some extremists claim these mishaps are part of a plot to undermine Western civilization and promote communism. MORE

💡Wut? If someone can explain that one to me I’d appreciate it.

Using tap water in a Neti Pot can be deadly due to potential brain-eating amoebas. It's safer to use distilled or sterilized water for sinus cleaning. MORE

💡I feel vindicated. I’ve been using only filtered (reverse osmosis) water for mine for years. The best treatment I’ve found (along with an allergy pill) by far.

This analysis claims to show that people used to consume more calories without gaining as much weight. MORE

Fentanyl poisoning has become the leading cause of death for Americans aged 18-45. MORE

Over 2,000 U.S. newspapers have closed since 2004. MORE

Car washes are popping up everywhere because they're surprisingly profitable. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

I’ve had an absolute epiphone about politics, and really everything in the last couple of months. Specifically from the concept of Framing. I feel like it’s a model with extraordinary explanatory power, and I’ve not found anything it can’t explain. It’s becoming my primary Unified Theory. I’m prone to excitement though, so I’m going to let it sit for a while before I write another big piece about it.

—

Really interesting back and forth with with Dino Dai Zovi about the cybersecurity “floor and ceiling”.

Security is always roughly as good as it should be. We know this because if it needed to be better, it would be.

Most home locks are pickable, and most hospitals are ransomeware-able.

Each system has an acceptable level of security failure.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 (@DanielMiessler)
Mar 17, 2024

And further thinking made me expand on it here.

I don't think this is true on just multi-decade timelines. I think it's true on "an average day" timeline.

Think about how much we have of the following:

- Identity theft
- Account fraud
- Password reuse
- Companies constantly being hacked
- Ransomware
- Credential stuffing… twitter.com/i/web/status/1…

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 (@DanielMiessler)
Mar 18, 2024

And this is my piece from 2018 that I think captures the idea best.

Why Software Remains Insecure

My piece from 2018 on why software remains insecure after we’ve spent decades trying to solve the problem…

danielmiessler.com/p/the-reason-software-remains-insecure

Basically, I think security is subordinate to innovation and daily life in most situations, and that it falls to an absolute minimum as a result. And as a result, we should guard our mental health against thinking people are steering us wrong, or that we’re massively neglecting something that urgently must be fixed.

In short, if it were urgent we would know because it would get fixed immediately. And if it’s not fixed immediately, it’s not urgent.

This isn’t a statement about any objective rating of what matters, or what’s more secure or insecure (see Framing above).

Framing is Everything

We're seeing reality through drastically different lenses, and living in different worlds because of it.

danielmiessler.com/p/framing-is-everything

The only thing that matters is what people care about and worry about. And that’s why we can spend billions barely moving the needle on a thing that’s not that important, while completely ignoring worse risks that don’t inspire people to care.

NOTES

We had a banger UL meetup this month where a member shared their super tricked-out keyboard. It’s the exact type I’d been looking up already and trying hard not to get into. But he made such a compelling case that I’m now going down the rabbit hole. Send help. Also don’t click this link. MORE

I’m emotionally moved, and technically astounded, by the fact that Voyager 1 is a light day away from us. A LIGHT DAY. 24 hours at the speed of light, just to send and receive a signal. Oh, and the thing keeps like dying and then coming back online. What a hero.

DISCOVERY

🛡️ haktrails is a Golang client that makes querying SecurityTrails API data super easy. Especially useful for bug bounty hunters. | by hakluke | MORE

⚙️ Openapi-tui lets you interact with APIs defined in openapi spec right from your terminal. | by zaghaghi | MORE

I Stopped Loving Captain Kirk MORE

Solarpunk is the new Cyberpunk MORE

Steve Pavlina's "Do It Now”. Takes me back. One of the early influences on my approach to productivity. From 2005! MORE

Minimal Viable System. MORE

🔥Ben Kuhn shares Why and How to Blog. MORE

Which Skills Are Least Likely to Be Replaced by AI? MORE

Amanda Askell talks about why Claude 3’s system prompt is so good. MORE

Spreadsheets as Simulation Tools MORE

The Getty has released nearly 88,000 art images for anyone to use for free. MORE

RECOMMENDATION OF THE WEEK

Share Let Grow with people! Absolutely love this project!

It’s about teaching independence and resilience to kids.

Watch this (it’s 4 minutes).

The most effective and most fun way to reduce anxiety in elementary and middle school students is the Let Grow Experience. Below is a 4 minute video about it, very moving. Parents: ask your kids' school to try it. It's free. Visit

— Jonathan Haidt (@JonHaidt)
Mar 18, 2024

Please share this with anyone you know who cares about raising healthy, independent kids.

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶

Yours,

Like • 0 comments • flag

Published on March 19, 2024 09:44

March 13, 2024

Personal AIs Will Mediate Everything

AI is going to change the interaction paradigm with technology.

Today, humans do pretty much everything themselves. Things like applications and websites are designed to be pretty because humans interact with them directly, and they like to interact with nice-looking things.

However, the future of interaction with technology will be AI-mediated. Meaning, we won’t be going to do things directly. Our digital assistants will be doing the interaction on our behalf and returning us the results.

The AI itself will then determine based on our preferences the best way to display those results to us using a third-party UI interface.

So, companies will provide their data and of course, they will have some sort of UI themselves, but largely people will be browsing that data through an AI provided interface that shows them things filtered in a certain way and looking the way they like to see them

This has profound implications for a lot of the Internet today that is based on looking pleasant to humans who are visiting directly

AI's Predictable Path

Technological progress isn't predictable, but the human desires that drive them are.

danielmiessler.com/p/ai-predictable-path-7-components-2024

Questions

How much of current companies’ success is based on having humans interact with their content directly?

What does search look like when it’s not being browsed and clicked by actual humans?

Same for product catalogs. There may be some companies that are big enough and special enough to restrict access to their catalog to only using their specific UI, but I think most companies are going to have to survive solely on the quality of the data they provide. I think people will demand that they are able to see that through their own preferred interfaces.

If you make and sell anything, you should consider how your product looks to an AI and how it will compete with other services without direct human interaction.

Basically, your API will be your company.

The goal will be getting people’s personal DA assistants to use your company’s API as the preferred one when they look something up for their principal.

Example

Let’s say you want an expensive coffee grinder. Here are the rough steps:

Google for high-end coffee grinders 2024 best or something

Do the same on Wirecutter

Do the same on Amazon

Spend the next 15-500 minutes doing research and comparisons, reading comments, reviews, etc.

In 2027 (who really knows when, but around there)

Here’s how you’ll do it with your DA.

YOU: I need a coffee grinder. Like a super nice one. But less than a thousand bucks.

AMIEN (Your DA): Ok, cool, I’ll do some research.

Amien might ask you some clarifying questions, if you’re not busy, but on the backend here’s what he’s doing:

Query his (Amien’s) favorite list of product catalogs (which itself is provided by a specific company)

Find the highest rated product catalog for coffee-related stuff

Query it

Query a few other top APIs and look for similar results

Triangulate on a few top options

Read all the reviews

Compare the aesthetic with what he knows his principal likes visually

AMIEN: Ok, I think I found it. Here it is.

(Sends to your AR interface so you see it floating in front of you, rotating)

Here’s the important part: Amien made 1,027 different API requests in the 39 seconds he took to do the research.

Amien looked at all the images. Amien read all the reviews. Amien browsed all the lists.

Amien. Not you.

Summary

One of the biggest “tangible” changes from AI will be the mediation of interfaces, i.e., it used to be Human —> Interface, and now it’ll be Human —> DA —> Interface. And Interface —> DA —> Human.

This will have profound implications on how products are built.

The focus will increasingly be on the API that you provide as a company, and getting it to be preferred by DAs.

—

NOTES

Some companies will just be super gifted with UI and they will provide that UI as one of the options for the digital assistant to use when presenting the content to their owner. But I think third-party UIs will eventually win out and be the preferred interfaces for people to consume most content.

Like • 0 comments • flag

Published on March 13, 2024 14:58

March 11, 2024

UL NO. 423: AI is Becoming Like Reading

👉 Continue reading online to avoid the email cutoff issue 👈

TOC

PlexTrac.com/UnsupervisedLearning

Hey there!

So I’m basically a god now because I’m on my whole new tool stack!

Kitty replaces Alacritty and iTerm2. MORE

zoxide replaces cd. MORE

Yabai for macOS window management. MORE

SKHD for keyboard shortcuts. MORE

sketchybar for a dynamic menu bar. MORE

Stow for syncing dotfiles. MORE

I mean this setup is INSANITY. Haven’t felt this hyped for a desktop setup since like 2001. Let’s go!

Also, we updated Fabric with some new goodies:

Fabric now supports Claude Opus!
pbpaste | fabric -p extract_ideas —model claude-3-opus-20240229

Added a new Pattern, extract_predictions, which pulls predictions out of content. I’m going to run this against entire bodies of work and then rate people’s predictive skill, similar to Tetlock’s book, Superforecasting.

We’re adding model shortcuts soon so you don’t have to put the whole model name.

find_hidden_message is now more effective, and gives three different levels of interpretation: cynical, normal, and favorable. MORE

Claude Opus is officially the first thing I’ve seen perform better than GPT-4. I’ve been using it with Fabric’s find_hidden_message Pattern and Opus does significantly better than GPT-4 on nailing nuance in propaganda. I’m still team OpenAI though. Can’t wait for 5!

I’m also just days away from the Threshold product launch! Look out for it!

Ok, let’s do this…

MY WORK

Two new essays this week.

AI is Already Becoming Like Reading

My new short piece on how I’m noticing that AI is becoming just as uninteresting as books, and why that's a problem for the capabilities gap.

danielmiessler.com/p/ai-becoming-reading

AI Is Worse If You Think It's Someone's Fault

I think a lot of stress about AI is caused by framing it as something that we’ve chosen rather than something that’s just naturally happening.

danielmiessler.com/p/ai-second-arrow

SECURITY

A Google engineer was indicted for allegedly stealing AI trade secrets to benefit China. He's accused of taking over 500 files related to Google's AI chips and transferring them to a personal account. MORE

💡This guy lives in my hometown, and that’s where he was arrested. It takes a lot of courage and wisdom to simultaneously realize how bad Chinese Government espionage is without giving in to racism. One answer is really good Insider Threat programs that look at behavior rather than characteristics. But those programs tend to only exist in big companies like Google (which is where he was caught).

🚨 Russian attackers Midnight Blizzard are persistently going after Microsoft, targeting its source code and internal systems. | MORE

🚨 QNAP alerts users to a critical flaw in its NAS devices that could let attackers bypass authentication. | CRITICAL | RESPONSE: Urging immediate updates. | MORE

💡Never, under any circumstances, put a NAS online. Jesus. It’s like the perfect storm of the most critical data with the worst code.

🚨 The US Cybersecurity and Infrastructure Security Agency (CISA) was hacked, forcing two critical systems offline. | HIGH | RESPONSE: Systems taken offline, no operational impact reported. | MORE

Sponsor

🔍Elevate Your Security Game with PlexTrac🔍

Cut pentest reporting time in HALF and go beyond with PlexTrac. Our automated platform empowers you to:

🔎Deep-Dive into Your Security: Analyze your attack surface with precision.

📊Centralize Data Management: One-stop-shop for all pentest and vulnerability data.

🎯Prioritize with Confidence: Leverage context-based scoring for smarter decision-making.

🛡️Master Continuous Validation: Stay ahead with proactive security measures.

What’s in It for You?

⏱️Faster reporting times.

🤝 Smoother team collaboration.

🎖️Prioritize effectively for high-impact results.

💥Up to 5X ROI - Experience the difference!

Transform Your Security Reporting Today.

Get Your Personalized Demo at:

Demo Now: Elevate Your Security Posture! 🚀

North Korean spies hacked into South Korean chipmakers, stealing designs to boost their semiconductor industry. They exploited vulnerabilities and used "living off the land" techniques to stay undetected. MORE

A Flipper Zero device was used to break into a Tesla, but it was a bit of a stretch. First, the Flipper Zero didn’t do any special work, and second a lot of things have to go right/wrong for it to work. MORE

Scammers are increasingly using AI to mimic the voices of loved ones in distress, tricking people into sending money. MORE

💡PSA Advice: Let your most vulnerable family and friends know that scammers can now fake voices and everything. And that if something happens they need to stay calm and actually call you, or someone you know, to confirm what’s being said. Scammers do try to do this when they know you can’t reach them, or present other types of urgency, but train them as best you can to resist that.

The U.S. sanctioned individuals and entities behind Predator spyware for targeting Americans. These sanctions freeze their U.S.-based assets and ban transactions with them. MORE

Cloudflare's new "Firewall for AI" aims to protect applications using large language models from security threats. It features Advanced Rate Limiting and Sensitive Data Detection for enterprise customers. MORE

💡Freakin’ Cloudflare. So damn nimble. They seep into all the cracks. I’m telling you they’re slowly becoming the internet. Google gets rid of Gmail and YouTube out of sheer stupidity, Akamai gets bought by Johnson & Johnson and boom! Cloudflare = Internet.

Brian Krebs analyzes Radaris, a data broker that sells American data with ties to Russian services and sanctioned media. MORE

Russia's been caught setting up fake news sites in the U.S., aiming to spread disinformation. These sites, including names like D.C. Weekly and the Miami Chronicle, blend Kremlin propaganda with local news stories. MORE

💡One of the next things I’m going to do with all this AI I’m building is start parsing news sources and rating them for propaganda. I want to find these things early.

China's increasing its defense budget by 7.2% amid economic challenges, signaling a shift from "peaceful reunification" with Taiwan to a more aggressive stance. This more than doubles the military budget under President Xi Jinping's tenure. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

🔥 AIR AI is a cold-calling AI service that you HAVE to hear. Super good. From this demo, 4 sample calls generated over $275,000 in net profit. MORE | NEW VOICE DEMO

Someone has been giving AIs Matrix IQ tests, and Claude-3 just broke 100 (average human level) for the first time. MORE

Apple has quickly shifted from a passive stance to going full speed on AI, making it a core part of their strategy. They have a lot of ground to cover, though, so we’ll see what they release in September. MORE

Apple Podcasts now have auto-generated transcripts. I need to figure out how to pull these programmatically. If anyone knows, let me know. MORE

Research suggests that models can optimize prompts better and faster than humans, making manual prompt engineering potentially obsolete. MORE

💡I think this is likely to be true. But I think people who can think and communicate clearly will maintain a significant advantage.

I don’t see some random person being able to bark idiocy at a model and have it say, “Ah, you were referring to Feynman’s Third Principle…indeed…let us proceed…”

Global trust in AI is waning, with a significant drop from 61% in 2019 to 53% now. In the US, trust has plummeted even more, from 50% to just 35%. MORE

💡This is why I wrote one of this week’s essays. THIS ONE

HUMANS

France just made history by embedding the right to abortion directly into its Constitution. The bill passed with a 780-72 vote during a joint session of Parliament. MORE

The CFPB has set a new rule capping credit card late fees at $8, which will save consumers around $10 billion annually. MORE

The James Webb Space Telescope just gave us a spectacular deep-field image revealing countless galaxies. This image covers a tiny fraction of the sky, yet it's packed with galaxies. Not stars. Galaxies. MORE | THE BIG RAW IMAGE

💡I have the Hubble version. Now I need to get this one onto a metal print.

A single dose of LSD, MM120, shows promising results in treating generalized anxiety disorder, with a 48% remission rate at 12 weeks. MORE

Sweden officially joined NATO, becoming its 32nd member country. This move integrates Sweden into NATO's collective defense mechanism. MORE

New York has rolled out National Guard troops at key subway stations to curb crime. MORE

SCOTUS ruled unanimously to keep Trump on state ballots, and as much as I dislike him, I think it was the right answer. MORE

💡This attempt was what I call a Brexit Move by the left. You think you want something, and then you get it, and you realize it was a mistake.

You don’t take people you dislike off the ballot. That’s not American. No matter how much you dislike a candidate, if they can legally be elected they deserve to be.

If we don’t like that they can be legally elected, we can fix the country or move. Taking people off the ballot because we don’t like them isn’t a democratic option. And even if you were to get it passed, it would immediately be used against you. See Brexit.

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

I was troubled with Harari’s analysis on Colbert where he basically said we have no idea what to tell people to do in the face of AI right now.

I think we might know better than ever actually. Before we thought we could predict, and we were often wrong. But now we can be sure it involves clear thinking, clear communication, understanding the past, understanding the merits of various arguments, how to disagree, etc.

I don’t fault him too much, though. These things are set up with so little time, and they want sound bites. I just wish he had given more hope instead of saying we have no idea what to teach.

This is not quite correct.

He’s right that we don’t know what specific tech skill to teach someone.

But teaching curiosity, philosophy, history, and tools for thinking are more important than ever.

And this even more true with the uncertainty of AI, not less.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️ (@DanielMiessler)
Mar 10, 2024

NOTES

I’m feeling myself drawn back to the stoics lately. Got myself a neck light and have been reading Meditations before bed. Such a guaranteed pleaser.

I also have Ryan Holiday’s Stoic calendar (the copy of Meditations is from him too). Highly recommended. RYAN HOLIDAY’S STOIC STORE

We’re doing our mid-month UL meetup on OPTIMIZATION! So I’m going to be talking all about my different desktop and shell stuff I mentioned in the intro. Plus everyone else will share theirs. It’s going to be rad. You should come. SIGN UP FOR UL AND STUFF

This is the fastest and lowest stress newsletter I’ve done in … maybe ever? Ideas and content and flow is just … flowing. Most creative time I’ve ever had in my life, these last few months. AI helps with collection, and that helps a little, but it’s more so that I have so much going on that I have lots to say and lots to share, and I have basically zero creator anxiety. Because I’m not trying to be a creator. I’m making things, and reading things, and enjoying things—and just talking about all of it on Sundays. Huge difference.

DISCOVERY

Obsidian as a graph database for RAG. MORE

Mail-in-the-Middle automates spear phishing by exploiting email typos to intercept sensitive information. | by Felipe Molina | MORE

Junaid Islam outlines a five-step method for cutting cybersecurity budgets without compromising security. MORE

During World War II, America fought against damaging rumors with "rumor clinics" in newspapers and magazines. These clinics debunked lies by fact-checking and publishing the findings, helping to maintain morale and unity. MORE

💡Honestly starting to think we could use something like this.

Julia Evans dives into the surprisingly complex world of Git's HEAD, revealing its multifaceted roles. A Mastodon poll showed only 10% of respondents were 100% confident in their understanding of HEAD. MORE

💡I’m embarrassed by how often I just delete a whole repo and re-download it. I need a git class.

It's getting harder to tell humans from bots, not because bots are getting smarter, but because humans are acting more like bots. MORE

How to start a home lab, by Hayden James. | MORE

Chen's enthusiasm and soft skills landed him a job at Amazon despite technical shortcomings. He says 80% of failures at Amazon are due to soft skill issues, not technical ability. MORE

J.R.R. Tolkien intensely disliked Frank Herbert's Dune, rooted in their fundamentally opposing moral philosophies. Tolkien's deontological stance, emphasizing inherent acts of goodness, starkly contrasts with Herbert's consequentialist view, where the morality of actions is judged by their outcomes. MORE

Someone reminisces about the simpler, less polished writing they used to do. They express a longing for their earlier, unrefined work, feeling it had a charm that their current writing lacks. MORE

Cate Hall shares how anyone can learn to be more agentic, transforming their life by finding and leveraging unique advantages. She emphasizes that traits like agency aren't fixed and can be developed with the right mindset and actions. MORE

RECOMMENDATION OF THE WEEK

Trust your routine. If you spend a lot of time putting together a routine that keeps you feeling good, positive, and energetic, remember that routine when you feel worse.

I always think it must be something else. There’s no way it’s just me not being on my routine, right? Right?

It’s probably not being on your routine.

Sleep

Sun

Exercise

Clean food

Walking

Talk to your friends / family

It’s the basics, and there’s a reason you wrote them down.

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶

Yours,

Like • 0 comments • flag

Published on March 11, 2024 08:00

March 10, 2024

AI is Already Becoming Like Reading

It’s only been a year and AI is already becoming as boring to people as reading.

Meaning—the masses are starting to see it as just another tech phase, while the highly ambitious are working to integrate it into every part of their lives.Just like reading.

Rich and successful people have told us over and over that there’s a secret to their abilities. Voracious book consumption.

Like a book a week in many cases. 1 And those are largely high-quality non-fiction books about science, business, productivity, and other topics that help one improve their lot in life—not just the fun stuff.

Going back to my framing piece, I talked about how I generally meet two groups of people in the Bay Area. Group 1 is highly depressed, inactive, unhealthy, and they see the world as this evil and hostile place.

They also don’t generally read biographies, business books, science books, productivity books, or anything else oriented around motivation, self-discipline, innovation, positivity, and progress.

The other group that I meet is the exact opposite. They’re reading constantly! About how to be smarter. Healthier. More productive. How to start businesses. How to be more disciplined. And they see the world as a fundamentally positive place full of potential.

As with books, now with AI

And now it’s happening with AI!

This is really frustrating me.

The masses are starting to ignore the benefits of AI and go back to normal. While the highly-ambitious are constantly reading and are using AI for absolutely everything.

If you thought the gap was big between readers and non-readers, wait until you see the gap between AI-augmented readers and everyone else.

In role-playing or gaming terms, these advantages stack.

But that’s not what AI haters will say, or people who discount reading. They’ll talk about how flawed AI is. Or how it’s all hype. Or about how most books have flaws. Or most experts have been proven to be biased. Or some random narrative that convinces them to continue doing nothing.

Meanwhile, Group 2:

Starts businesses

Reads more

Learns constantly from AI

Gets even more optimized by AI

Gets healthier

Has a positive view of the world and the future

Continues learning

Gets most of the rewards in terms of money and advantages

The punchline

The unfortunate punchline of all this, and why this makes me so angry, is that Group 2 will end up with everything. And Group 1 will get increasingly screwed by the changes that are happening to the economy.

But rather than see their own framing and behaviors as the problem, they’ll blame everything else.

Don’t be Group 1. I implore you.

Group 1 is a choice. Group 2 is a choice.

Choose Group 2.

Read like a crazy person

Define your goals as a human and in your career

Build plans to help you pursue them

Look to your own behavior as your primary obstacle

Use AI as much as possible to help you on your path

See the world as limitless potential for growth and positivity

These things don’t have to be strictly true at all times, but behaving as if they are is the best way to be both healthy and productive.

You got this.

Like • 0 comments • flag

Published on March 10, 2024 15:15

March 7, 2024

AI Is Worse If You Think It's Someone's Fault

I am troubled by how many people are upset by AI.

I mean, they’re really upset.

Having just written a thing on framing, I think AI is another example where people are doing most of the damage themselves.

In other words, I don’t think they’re so upset about AI itself, but by how they’re thinking about AI.

Specifically, I think people are upset because they think we’re making a choice to use it or not, and we’re choosing poorly. They’re going through life reading news stories and thinking…

Wow, I can’t believe people are so stupid! Here they have the option to just keep things as they are, which was working perfectly fine in the 80s, 90s, and 2000’s, and here someone shows them this stupid ChatGPT thing and now AI’s going to take all our jobs!

In other words, they think it’s dumb people deciding to use AI, and because of their bad judgment, we’re falling into some diabolical trap.

I don’t think that’s happening at all.

We aren’t choosing anything. AI is just naturally and inevitably unfolding like any other technology, and we’re just the people who happen to be here while it happens.

Different frames = different reality

Someone living in Frame 1 vs. Frame 2 might as well be on another planet. The perception shapes everyday life.

In Frame 1, you’re under constant assault from an evil technology spawned by hucksters and sold to idiots.

Humanity is now at risk—with real impact to people’s lives—all because too many dumb people fell in love with ChatGPT.
Someone you know

If you believe that, then every time you hear about AI—on a podcast, in the supermarket, at a party, or at work—you have this cacophony of chattering voices in your head talking about how stupid everything is. Grumble, grumble, sassin-frassin, /tableflip

It makes people mad. Cynical. Grumpy. Negative. Anti-tech. Angry. Did I say mad already? It makes them mad.

Frame 2 (Positive)

People in Frame 2 don’t walk around with that chatter in their heads. They’re not constantly angry at someone—or people in general—or whoever, because they brought this all upon us.

In this model, life is just happening. Tech is part of life, and AI is just a big wave of tech washing over us. It might be a bigger wave than ever before, but it’s just a wave. And it’s a natural wave because humans created tech. When humans sharpened the first stone and put a handle on it, that was tech as well, and AI is just further along that same evolution.

This doesn’t mean you can’t be negatively affected by AI if you are in Frame 2. You can still lose your job to AI, have people struggle to find work that you care about, or have it mess with your life.

But the point is to avoid what the Buddhists call The Second Arrow.

The Second Arrow

The Second Arrow is a good way of capturing how I see framing in general, and definitely around AI. It’s basically a second amount of damage taken by thinking about a first amount of damage.

The Buddha asks a student if being struck by an arrow would be painful, to which the student responds affirmatively. The Buddha then asks if being struck by a second arrow would be even more painful, and again, the student agrees.

The Buddha explains that in life, the first arrow represents the initial suffering that comes from being human, such as illness, loss, or disappointment. This type of suffering is inevitable. However, the second arrow represents the additional suffering that comes from our reaction to the first arrow.

This includes emotions like anger, fear, resentment, or self-pity. Unlike the first arrow, the suffering from the second arrow is not inevitable; it's something we have the power to influence through our response to suffering.
A summary of the original Buddhist teaching

Positive framing avoids the Second Arrow, while negative framing walks right into it.

So, when it comes to AI, don’t walk into the second arrow of thinking this was someone’s fault.

Tides aren’t our fault, the winter being cold, solar flares—it all just happens. And tech is no exception. If humans happen, tech eventually follows, and here we are.

The integration of AI into our society will be hard enough by itself.

Don’t make it harder by living in a false narrative that makes you angry about it.

Like • 0 comments • flag

Published on March 07, 2024 09:30

March 4, 2024

UL NO. 422: To Survive AI, We Must Become Creators

👉 Continue reading online to avoid the email cutoff issue 👈

TOC

kolide.com/unsupervisedlearning

Hey there!

Added tons of new Patterns to Fabric this week!

create_threat_model — Creates a logical, real-world threat model for a given scenario. MORE

find_hidden_message — Cynically consumes any opinion and looks for hidden meaning in it. MORE

create_ascii_visualization — Creates an ASCII visualization of any idea you feed it. MORE

create_markmap_visualization — Creates a mindmap of any concept you give it. MORE

create_mermaid_visualization — Creates a Mermaid datavisualization of any concept you give it. MORE

Plus we’ve added (very early) CrewAI integration! 1,001,374 thanks to @xssdoctor (Jonathan Dunn) for all the work on the CrewAI stuff!

Update your project, re-run setup.sh and restart your shell. Then do:

fabric agents trip_planner

And it will plan you a trip!

So. Much. Coding going on. Elated to be on the planet with you.

—

Ok, let’s get into it.

MY WORK

To Survive AI, We Must Become Creators

My new essay on how AI enables creators and punishes workers, so it's time to start making things

danielmiessler.com/p/survive-ai-become-creators

Sponsored — A Conversation With Ismael Valenzuela About AI and Threat Intelligence - Unsupervised Learning

In this standalone episode I speak with Ismael Valenzuela, VP of Threat Research and Intelligence at Blackberry Cylance. We discuss: Modern Threat Intelligence, The shifting attention of attackers, GenAI attacks, How defenders are adapting to AI attacks, And many other topics…

omny.fm/shows/unsupervised-learning/a-conversation-with-ismael-valenzuela-about-ai-and

👉 Continue reading online to avoid the email cutoff issue 👈

SECURITY

Researchers have created a worm that exploits Generative AI to spread via prompt injection. Named Morris II, the worm can replicate malicious prompts through GenAI models, leading to data theft or spam. THE PAPER

GitHub now automatically blocks commits with secrets in public repositories. In the first eight weeks of 2024, over 1 million leaked secrets were detected. MORE

Biden is viewing Chinese "connected" cars as a national security threat, proposing an investigation into their risks. The Department of Commerce has issued a notice seeking public comment on regulations to secure the tech supply chains of these vehicles. MORE

💡So happy about this new approach to China. One of the few things I credit the previous administration for.

Sponsor

Enhance Enterprise Security: Trust Every Device with Kolide!

What do you call an endpoint security product that works perfectly but makes users miserable? A failure. The old approach to endpoint security is to lock down employee devices and roll out changes through forced restarts, but it just. Doesn't. Work.

IT is miserable because they've got a mountain of support tickets, employees start using personal devices just to get their work done, and executives opt out the first time it makes them late for a meeting. You can't have a successful security implementation unless you work with end users. That's where Kolide comes in.

Kolide’s user-first device trust solution notifies users as soon as it detects an issue on their device, and teaches them how to solve it without needing help from IT. That way, untrusted devices are blocked from authenticating, but users don't stay blocked.

Kolide is designed for companies with Okta and it works on macOS, Windows, Linux, and mobile devices.

So if you have Okta and you're looking for a device trust solution that respects your team, visit kolide.com/unsupervisedlearning to watch a demo and see how it works.

Watch a Demo

The US military's Project Maven is now actively using AI to identify and strike targets, marking a significant shift from skepticism to reliance on artificial intelligence in warfare. In recent operations, AI algorithms have located targets in Yemen, the Red Sea, Iraq, and Syria. MORE

ShotSpotter, now called SoundThinking, uses hidden sensors for gunfire detection. A leaked spreadsheet revealed the exact locations of these sensors, which were previously kept secret even from law enforcement agencies. MORE

Researchers found over 200 AI hacking services on the dark web since early 2023. Attackers are leveraging AI chatbots like "BadGPT" to enhance phishing attacks and create deepfakes. MORE

Cryptocurrency enthusiasts are being targeted with Mac malware through fake Calendly meeting links. MORE

A team of hackers (the good kind) (including UL Member @rez0) found significant vulnerabilities in Google's AI and cloud systems, getting $50,000 in bounties. MORE

A new vulnerability in Hugging Face's Safetensors conversion service could lead to supply chain attacks by hijacking AI models. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

Nvidia's CEO thinks AI will soon make coding obsolete, urging people to learn other skills instead. MORE

💡Agree, but it’s nuanced. To me it’s more about Creators and Executors than coding itself. Coding just thinking and speaking and writing.

Those things aren’t less important just because computers can do them better. It just means don’t go head-to-head with computers on generating them en masse.

Waymo got the OK to expand to highways in Los Angeles and the Bay Area, and it allows their cars to go up to 65mph. MORE

Apple cancelled their car project, and they’ve moved over 2,000 employees from the project to Apple's AI initiatives. MORE

💡I have never been more excited for an Apple keynote then the one we’re going to get in June. We’re talking about real AI built right into iOS! So not just a better Siri, but something way beyond. The big difference will not just be the tech (which I hope is good), but the fact that it’s always with you.

Good AI that’s always with you is way better than Amazing AI that’s stuck in an IDE somewhere.

In 2023, public tech companies added $2.4 trillion to their market cap while laying off over 260,000 workers. MORE

Elon Musk is suing OpenAI, claiming it prioritized profits over its public-benefit mission. Hard to know how much of this is old Musk (help humanity) vs. new Musk (attack your enemies). MORE

OpenAI claims the New York Times paid someone to hack its products to produce content matching the newspaper's articles. MORE

Docusign has been using customer data to train their AI, and people are freaking out. Similar to the Reddit situation. | MORE

💡Wrong question. It’s not about whether someone uses customer data to train AI. Everyone should be doing that to some degree. Question is—are you training on personal data? On sensitive data? On privacy-related data? In a way that your customers wouldn’t like?

Again, transparency is key here. There’s a big difference between training on general behavior and preferences to make the product better vs. doing something gross.

SpaceX just hit a 17Mb/s download speed sending internet directly to a stock Android phone. MORE

Wendy's is looking to test dynamic surge pricing for food in 2025, influenced by demand and weather. Interesting idea. MORE

January and February saw a resurgence in tech job cuts, with both large tech firms and startups reducing staff. MORE

The Nvidia GeForce RTX 5090 is rumored to be up to 70% faster than the RTX 4090. This performance leap could come from having as many as 192 streaming multiprocessors and 24,576 CUDA cores. MORE

HUMANS

A new study of 113,000 showed those with Long Covid scored roughly 6 I.Q. points lower than those never infected. MORE

Political extremism is now Americans' top concern, edging out the economy and immigration. A recent poll found 21% of respondents view it as their biggest worry. MORE

Oregon is reversing its drug decriminalization policy amid rising overdose deaths and public concern. The state legislature passed a bill to reimpose criminal penalties for some drug possession, reflecting a shift in political support. MORE

💡I feel like 2024 is the year of the pendulum swinging back on a whole bunch of hyper-liberal policies and attitudes. I just wish it could swing back to the middle instead of continuing on to the extreme other side, as per usual.

California is proposing a bill to ban homeless encampments near public spaces. The bipartisan Senate Bill 1011 aims to encourage the use of shelters by making it illegal to form encampments within 500 feet of schools, transit stops, and other specified areas. MORE

Florida is experiencing a number of outbreaks of already-beaten diseases. Why? Because vaccine skeptics on the left and right are reducing vaccination percentages below the required numbers for herd protection. MORE

Alcohol-related deaths in the US jumped by nearly 30% recently, hitting about 500 deaths daily in 2021. MORE

A neurosurgeon is using ultrasound to tackle Alzheimer's and addiction, showing promising results. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

Holy crap, just had a crazy thought talking with @rez0__ .

What if we get AGI-powered robots before we get autonomous cars?

In other words, maybe it's way easier to put a local GPT-6-level AI into a car as a driver, than it is to fully automate "a car".

🤯

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️ (@DanielMiessler)
Mar 4, 2024

NOTES

💕 Sunday was 30 years with my love. 2 peas, kombi. 🤞

Dune 2 was insanely good. 10/10, for a sci-fi movie.

DISCOVERY

🔥 My homie Jason Haddix just put out a sick episode of his newsletter all about hacking AI. Lots of prompt injection and other resources. Read the episode and subscribe! MORE

Do Literally Anything MORE

Caltrans offers CCTV data in CSV, JSON, TXT, and XML formats for free integration into applications. MORE

Adrian Göransson shares a deep dive into his git configuration, offering practical tips and insights for both beginners and seasoned users. He covers aliases, rebasing techniques like --keep-base, and the importance of signing commits and tags with SSH keys. MORE

How to get Nmap to detect new services. MORE

How I decide if your website is worth a revisit MORE

The Internet Feels Fake Now. MORE

Tyler Cowen shares his personal, highly structured approach to listening to music, from genre preferences to storage systems. He emphasizes a focus on core repertoire over random discovery. MORE

Apple's releasing William Gibson's "Neuromancer" to life as a 10-episode series on Apple TV Plus. MORE

"Bad Therapy" argues modern therapeutic parenting is failing, leaving kids anxious and unprepared for life. | by Mary Harrington | MORE

Daniel Zingaro's "Algorithmic Thinking" is one of my favorite books, and it now has a second edition with new chapters. MORE

Spending just 10 minutes on something is roughly 1% of your day. MORE

RECOMMENDATION OF THE WEEK

Ask yourself if you’re primarily a:

Creator

Nurturer

or Worker

It’s my belief that Creators and Nurturers (people that help others become Creators and Nurturers) are the future of humans. So:

Parents (Nurturers)

Artists (Creator)

Entrepreneurs (Creator)

Therapists (Nurturer)

Etc.

I think those are some of the roles that will be most resilient to AI, and they’re also the most human. They’re what humans should be doing anyway!

Try to get out of the worker mentality. My family is Lutheran. Hard work was instilled in me, and I think it’s a noble and honorable thing.

But AI will do most old-style worker jobs better.

Start planning your migration to Creator and/or Nurturer now. We’ll all be hybrids, and that’s ok. But try to move towards Creator / Nurturer as quickly as possible. And help the people you care about do the same.

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶

Yours,

Like • 0 comments • flag

Published on March 04, 2024 13:55

To Survive AI, We Must Become Creators

There’s a lot uncertainty in the knowledge worker job market right now, largely because of AI.

Like what do you do if you’re like this person on Hacker News, a brand new graduate out of college, while AI is ascending?

I have a simple model to think about things.

The biggest impact of AI, in terms of human jobs, is that it’s about to get a lot easier for creators to create, and a lot harder for workers to work.

In other words, you want to think real hard about how to become a creator and not a worker. Meaning—you want to be the one coming up with the new things that solve problems, not the one writing the code, or filing the paperwork, or setting up the meeting.

Why will creator’s thrive?

The reason creators will thrive post-AI is that building new things has near-universal value. We have always rewarded people who dream up new things and bring them into the world, and I don’t see that stopping any time soon.

The issue is that creation is costly. It doesn’t just require creativity; it requires extraordinary access, and resources, and ultimately—luck.

What AI will do—and is doing already—is lower the barrier to entry. It will make it easier than ever to:

Start a business

Create a story

Publish a book

Create a movie

Build a product

Etc.

Think about how hard it is to make a movie. It requires millions of dollars to make a movie and get it in front of the masses right now. Hollywood is a gatekeeper in that respect. It’s basically the only way to get into a movie theater.

But AI is about to replace Hollywood, and home theaters, social media, and AR/VR headsets are replacing theaters. Think Sora 3 + Apple Vision Pro 3.

It’s hard to put numbers on this, but let’s just say only a few million people on the planet were able to be a creator in the pre-AI world.

Imagine what the world looks like when that becomes hundreds of millions. Or billions. And the best content rises to the top because it’s better, not because it had access to the theaters.

Now that you have that in mind for Hollywood disruption, imagine it for:

Startups

Publishing books

Scientific innovation

Creating art

Building new tech

Basically all of human innovation was stuck at a 1/10 until now because only a few people were even allowed to play.

And AI is about to open things up and take it to a 10.

Ok, but what’s a creator vs. a worker?

Ok, so the next question is, “What’s the difference between a creator and a worker?” It’s both easy and had to answer that question.

On one hand it’s pretty simple:

General:

Creators come up with new solutions to human problems.

Workers are the people who execute on building them.

And that distinction is different based on the field. In a corporate setting the distinction is something like:

Coporate:

Creators are the people who determine what to build, how to build it if it’s a new thing, and how to sell it in the current market.

Workers are the people who make that happen.

Blurring execution and creation

But that distinction isn’t always neat. Sometimes we have the “draw the rest of the owl” problem, where the idea itself is not the hard part.

Turns out the rest of the owl was the hard part

Some “ideas” leave all the work undone. At that point you either have execution that’s also creation, or pure fantasy. For a tangible business, an idea must be feasible.

What if we had 37% more efficient solar panels! Wow, that’s brilliant! I’m a creator!
Lots of so-called creators

So for the line between creation and execution, the real distinction is whether you’re doing something that’s never been done before. Creating something that doesn’t already exist.

If you’re an “executor”, or “worker”, but you’re so good at it that you’re doing things that have never been done before, you move into the “creator” category.

And vice versa as well. If you’re a creator, but the space has been saturated, or what you make is now easy to replicate, you’re now an executor.

Why workers/executors are in trouble

The next question follows easily.

If there’s going to be so much creation, then why wouldn’t we need lots more workers and executors as well?

It’s a good question with a simple answer: we absolutely will need far more execution to enable all that new creation, but there’s no way to train enough people to do that work, and even if we could it would be a highly inefficient workforce.

It will be AI doing most of that work. Here’s how to look at it:

As the amount of creation goes up, the amount of execution needed will balloon massively.

We already have issues filling execution jobs today. As an example, we have millions of jobs in cybersecurity that need filling but nobody to fill them because nobody’s training entry-level people to fill the pipeline.

Humans are hard to train and retrain, they get sick, they sue, they have families and a life, and they leave if they have a better opportunity.

Human competence is basically fixed. Our IQ’s aren’t going to natively jump much in the next 20 years.

AI won’t have those problems.

AI will scale with creation.

We can make as many as we need.

When you upgrade an AI it’s much easier to redeploy than retraining or replacing a human. Especially at scale.

They aren’t conscious, don’t get tired, don’t complain, don’t go to HR, and don’t quit.

They’re getting smarter at an insane rate.

Ok, so what do I tangibly do? Which fields are good and bad? What about college?

So, assuming I’ve convinced you that 1) execution is going to AI, and 2) creation is where you should be heading,

What next?

Which fields do I go into?

Which do I steer my kids into and away from?

Is college still needed?

All good questions. Here is my general advice, and please realize that I’m still thinking this through just like everyone else. And it’s largely impossible to predict the future of tech.

Tangible action

Focus on creation. Focus on ideas. Focus on making new things. Focus on problems that exist in the world that need to be solved, and start thinking about what you can build to solve those problems. Tangibly. Realistically. Not pie in the sky. Creating new things to solve human problems is the immortal job skill.

Think of tech skill—and specifically programming and AI skills—as reading and writing. Essential. Meaning, if you’re not good at them you’re probably not going to succeed at the highest levels. Even as a creator you need to be decently fluent in programming and AI because they are—for the time being—the language of creation.

Get trained. College is still valuable as a filter of quality when nothing else is known about a person. Don’t neglect this fact until it becomes completely irrelevant, which for most of normal society will not happen this decade. When you study in college (or anywhere), think of two branches: 1) a hard skill that’s valuable in the market, and 2) training on how to think. As time goes on, and AI advances, the second matters far more.

Don’t think so much about fields or companies. Think more about problems and problem spaces. Think about the problems that will go away vs. the problems that we’ll always have. Problems are the source of creation. Go where the problems are that 1) interest you, and 2) you’d be good at solving.

Get out of the mindset of being a worker, and enter the mindset of being a creator/builder. Transition from someone building other people’s ideas to someone with your own ideas, and with the skills (storytelling, communication, AI management) to make them reality.

Summary and recommendations

AI will simultaneously explode the opportunities for Creators while destroying jobs for Executors.

You need to become a Creator / Builder.

This requires you become extremely good at AI because it’s the new language of Execution.

Figure out the problems you want to work on. Problems are a far more dependable and stable source of inspiration than industries or specific companies.

Start training yourself—and your kids—as creators and builders instead of workers.

NOTES

There’s actually a third group called Nurturers, which are going to be just as needed (or maybe more?) than Creators. But I didn’t want to distract from the main point in this piece, which was employment, and I’ve already covered the topic somewhat in this essay here.