Daniel Miessler's Blog, page 4
January 22, 2025
UL NO. 465 | The SaaS Attack Vector, Project Stargate, and Undersea Cable Drones
Hey there!
Spent like 20 hours over the past few weeks updating my Home, About, Projects, Telos (new), and Predictions pages on the new site! Highly recommend you 1) check mine out, and 2) make your own! The new front page and the About page took the longest by far.
Highly recommend checking out two podcast episodes:
Dan Carlin on Alexander the Great MORE (Biographies are my favorite now! So happy Dan is back!)
An Acquired episode on TSMC MORE ← Super inspiring and informative
My buddy Joseph has gone independent! So happy for him! He’s now a full-time bug-bounty hacker and entrepreneur! Can’t wait to see his 2025.
Have a great week!
Daniel
Sponsor
See the Future of Real-Time Cloud Security
Secure your spot on the frontlines of cybersecurity innovation at Symphony 2025.
Nearly every business runs in the cloud and adversaries have followed. Learn how you can transform security operations to defeat modern, cloud-first attacks faster than you ever thought possible.
This virtual summit is packed with sessions including:
The power of real-time cloud security: Get a first look into the bold future of cloud security, unified with the world's leading SecOps platform.
Exclusive intelligence: Gain Unit 42® insights to outsmart and stay ahead of emerging threats.
Game-changing demos: Experience the speed and scale of Cortex®, the world's leading SecOps platform.
Real-world wins: Discover how SOCs are transforming cloud security and gain actionable takeaways for your organization.
Join Us at Symphony 2025 SECURITYSaaS Attack Surface Growing 200 Apps Per Month Per 100 Employees
New research shows the average employee creates a new SaaS account every two weeks, which is creating massive security blind spots for companies. The 2024 Verizon DBIR found that web applications were involved in about 50% of all security incidents, and 80% of breaches now involve compromised SaaS credentials according to Crowdstrike.
Google's Automation of Threat Detection
Google just shared how they handle threat detection at massive scale, and they're doing some wild stuff around automation and response time. They went from response times of weeks to just hours, and they're doing it by automating 97% of their detection work.
Microsoft AI Red Team Shows How to Attack AI
Microsoft's AI Red Team published their findings from attacking over 100 AI products, sharing key lessons for identifying risks and vulnerabilities. Their most interesting insight is that basic techniques like prompt injection often work better than complex attacks, and that combining multiple simple techniques is usually the most effective approach.
DJI Removes All Geofencing from Its Drones
DJI just announced they're removing all geofencing restrictions from their drones in the US, meaning you can now technically fly them anywhere including airports, wildfires, and the White House. How is this not going to get them TikToked?
Sponsor
Extend Your SOC with a Proven AI
Intezer’s Autonomous SOC platform is the proven, always-on AI solution that extends security teams and transforms how they operate.
Eliminate alert fatigue with autonomous, high-accuracy triage.
Accelerate investigations with actionable insights delivered in 2 minutes on average.
Catch the hidden threats with AI that escalates the alerts that matter.
Request a DemoNew Administration Announces Project Stargate
The new administration along with Larry Ellison, Sam Altman, and Masayoshi Son launched a new AI project called Stargate. It’s basically a new company and $500 billion-dollar investment designed to make sure the US wins the AI war with China.
Pentagon Using AI to Speed Up Military Planning
The Pentagon is now using AI from companies like OpenAI and Anthropic to help identify and assess threats faster, but they're supposedly being careful to keep humans in control of any actual weapons. Narrator: “For now”.
It was a pleasure serving on the @CISAgov Technical Advisory Council, which has now officially been shut down 🫡
— Rachel Tobac (@RachelTobac)
11:18 PM • Jan 21, 2025
Trump Dissolves DHS Advisory Committees Including CISA Board
The new Trump administration just terminated all DHS advisory committees, including CISA's Cyber Safety Review Board that was investigating critical infrastructure attacks. The CSRB was in the middle of investigating Chinese telecom hacks by Salt Typhoon, and Senator Ron Wyden called the move "a massive gift to Chinese spies."
AI-Powered Brad Pitt Scam Costs Woman €830k
A French interior designer lost €830k to scammers using AI to impersonate Brad Pitt in an online romance scam that lasted 18 months.
Trump Rescinds Biden's AI Safety Executive Order
Trump killed Biden's main AI safety executive order from 2023 that required companies like OpenAI to share safety test results with the government. And then he launched Stargate, which is all about moving fast to beat China.
💡 I’m honestly happy with this. I am worried, because you’d be crazy not to be, about moving too fast. But the one thing we can guarantee is that China will move as fast or faster, and there’s no guarantee they’re being safe. So Moloch for the win. Loss actually.
NATO Deploys Sea Drones to Protect Undersea Cables
NATO has launched Operation Baltic Sentry, putting 20 autonomous boats in the Baltic Sea to protect undersea cables from Russian sabotage. Water drones. I don’t know why I didn’t think about that when I was commenting on it last week. Love it.
Anduril Building $1B Weapons Factory in Ohio
Palmer Luckey's defense tech company Anduril is building a massive 5-million-square-foot weapons factory in Columbus, Ohio called Arsenal-1. They're dropping close to $1B of their own money on this thing, and they picked the location partly because of the nearby Rickenbacker Airport's 12,000-foot runways.
Companies Are Using Your Data to Charge You More
The FTC just released data showing companies are using your location, demographics, and even mouse movements to charge you different prices for the same products. According to FTC Chair Lina Khan, they're investigating eight companies that sell these "surveillance pricing" systems.
Trump Announces $500B AI Infrastructure Project (Stargate)
Trump just announced "Stargate", a massive $500 billion AI infrastructure project with OpenAI, Oracle, and Softbank as the main partners. The project aims to build data centers across the US and create 100,000 jobs, with Sam Altman, Masayoshi Son, and Larry Ellison all appearing at the White House announcement.
Perplexity Releases Sonar, a Real-Time AI Search API
Perplexity just launched an API that lets developers build their real-time AI search capabilities into their own apps, and Zoom's already using it in their video platform. And the pricing is really competitive at $5 per 1,000 searches for the base tier, with a Pro tier available for more complex queries. I was already using this API so I’m not sure how it’s different, though. And the docs don’t make it clear. 🤷🏼
Transformer² Introduces Self-Adaptive Language Models
Sakana AI just released a new approach that lets language models dynamically adjust their weights in real-time based on the task they're working on. Their method, called Transformer², uses reinforcement learning to enhance or suppress different parts of the model's "brain" components, leading to significantly better performance.
TSMC Starts Making 4nm Chips in Arizona
TSMC has officially started making 4nm chips at their new Arizona plant, which is a massive win for US semiconductor manufacturing. I wonder how many people are thinking that Arizona is Plan A if China takes Taiwan. Seems like the obvious move. The US is in tremendously good position right now.
TSMC Resumes Production After Taiwan Earthquake
Speaking of TSMC, they had to temporarily halt chip production after a 6.4 magnitude earthquake hit the southern part of the island, but they're already back up and running.
Meta Cutting 5% of Workforce for Performance
Zuck just announced they're letting go of about 3,600 people by February 10th, but they're planning to refill those positions with new hires.
💡 This is constant cleansing/replacing of the workforce with Alaskan Boat Crews. After doing this constantly for a year or so the culture will be quite different there.
Not investment advice (ever), but I expect their stock to be a high performer in the next few years. (I’ll add this to my /predictions page as well)
Meta's 'Seamless' Brings Us Closer to Universal Translators
Meta just released a new AI translation system called Seamless that can translate speech between 36 languages while preserving the speaker's voice and emotional tone. We’re getting closer to the Universal Translator! MORE
New Laser Tech Measures 100km Within Nanometers
Scientists have created a new laser measurement technique that can measure distances of over 100km with nanometer-level precision, which is absolutely wild. That's like measuring the distance between two cities with the precision of 1/1000th the width of a human hair.
RSS Is Making a Comeback
RSS is having a renaissance because it lets you get all the good stuff from social media without the algorithmic manipulation. You follow your sources, and you’re good. This article shows how to use RSS to follow everything from YouTube channels to Reddit (filtering for high-quality posts only). MY RSS FEED BTW
Github Actions Falls Short for Complex Projects
A developer shares his frustrating experience with Github Actions breaking down in larger, more complex environments like monorepos with multiple teams. The main issues include broken required checks for PRs, overly complex YAML configurations, and a complete lack of local testing capabilities.
Japan's Elderly Women Choose Prison Over Loneliness
Japanese elderly women are increasingly choosing to commit petty crimes to get into prison, where they get meals, healthcare, and community they can't find outside. This is horribly depressing to me.
💡 Human connection is everything.
US Worker Job Satisfaction Hits 10-Year Low
A new Gallup poll shows American workers are more checked out than they've been in a decade, with only 31% saying they're engaged at work. The biggest drops were among younger workers and those in tech, with remote work satisfaction also taking a surprising dive from 69% to 48% since 2021.
Sweden to Spend €104M Bringing Back Print Textbooks
Sweden is reversing its 2009 all-digital education initiative by bringing back printed textbooks to classrooms after seeing declining reading and writing skills among students.
Study Shows Undocumented Immigrants Commit Far Less Crime
A comprehensive study in Texas from 2012-2018 found that undocumented immigrants commit violent and drug crimes at less than half the rate of native-born citizens, and property crimes at just 25% the rate of native-born citizens.
Healthcare Giants Caught Marking Up Cancer Drugs 1000%
The FTC just released a report showing UnitedHealth and other major healthcare companies were marking up cancer drugs by over 1,000%, affecting drugs like Imatinib for leukemia treatment.
Medicare to Negotiate Prices for Ozempic and Other Major Drugs
Medicare just added 15 more drugs to their price negotiation list, including the super-popular Ozempic and Wegovy.
Greenland Sharks Can Live for Over 500 Years
Scientists discovered Greenland sharks are the longest-living vertebrates on Earth, with some potentially being alive since before Columbus.
Stoicism’s Gift
The greatest gift that Stoicism has given me is the ability to enjoy something I still have as if I no longer have it. It’s the ultimate frame.
sshcont: SSH Into Throwaway Docker Containers
A new open source tool lets you instantly spin up disposable Docker containers via SSH for quick testing and development. It's super lightweight and works with various distros including Debian, RHEL, and Alpine, with the containers getting automatically cleaned up when you're done.
A bunch of my buddy Joseph Thacker’s favorite lists
Getting People’s Names Right With Raycast
What I Wish I Knew Before Quitting My Job
Michael Drogalis shares his raw experience of how quitting his job to work on his own turned out way harder than expected. He talks about the brutal reality of going from a $425K tech salary to making basically nothing, and how isolation and loss of structure hit him particularly hard.
How Hypothesis Sheets Can Guide Startup Ideas
Michael Bock shares a really practical framework called "Hypothesis Sheets" for validating B2B startup ideas before committing to them.
Try something different with your meditation for the next few weeks.
Make a list of the relationships and other good things you have in your life. Things like:
Your husband/wife
A particular kid you have
A close friend
The fact that you aren’t hungry or cold
Now imagine that thing gone. But really imagine it. Like put yourself in that mental mode of being without your spouse, or that friend.
Imagine what you would do next. What does a day look like. Imagine watching TV. Imagine brushing your teeth. But without that person on the planet.
Then wake up. And realize they’re still here.
APHORISM OF THE WEEK Share UL With Someone ThoughtfulThank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Powered by beehiiv
January 14, 2025
UL NO. 464 | AI Phishing Matches Humans, Under Sea Cable Cutter Patents, and Siri is About to Not Suck
Hey there!
I have found the best coffee recipe in existence. MORE
This guy is brilliant. Funniest geek humor I’ve seen in ages. MORE
Been grinding on my Predictions page. It’s coming along, but only like 20% complete. MORE
Thanks to DoomerOutrun for the Fabric callout here! MORE
Have a great week!
Daniel
Sponsor
Enterprise Ready in Minutes: Simplify SaaS Development with WorkOS
Building B2B SaaS? Selling to enterprises means meeting complex requirements like:
SAML single sign-on
SCIM provisioning
Role-based access control
Fine-grained authorization
These features can take months to develop and maintain—but WorkOS makes it easy, so you can focus on your core product instead.
WorkOS also offers AuthKit, a powerful user management solution that’s:
Free for up to 1 million monthly active users
Packed with features like MFA, bot protection, and user impersonation
Built with Radix components for limitless customizations and modular templates
Already trusted by fast-growing companies like Cursor, Vercel, Perplexity, and Sierra, WorkOS makes becoming Enterprise Ready seamless.
👉Get Started Today SECURITYA new study shows AI-powered spear phishing is extremely effective, finding AI tools achieved a 54% click-through rate versus 12% for regular phishing emails, and matched human expert performance at 1/30th the cost. Big yikes on this one—just as good as humans for 1/30th the price. MORE | THE STUDY
💡I’d love to say that was a bad paper, but the methodology looked solid, it’s out of Harvard, and has Bruce Schneier as an author. Le sigh.
The US launched a new cybersecurity label program called the U.S. Cyber Trust Mark to help people know which smart home devices are secure. Companies have to get their products tested by NIST-approved labs to earn the certification, which covers everything from baby monitors to smart locks. MORE
🚧 Project Russia reveals Putin's detailed playbook for taking down Western democracies through spiritual warfare and economic collapse. The 2005-2010 book series, distributed to Russian officials and linked to the FSB, outlines a plan for establishing a Putin-led "supranational" state after engineering the fall of the US dollar and democratic systems. MORE
💡I’m going to write a Fabric pattern that captures all the goals and tactics of this strategy.
Then I’m going to start sending YouTube video transcripts through the pattern to find where people are speaking exactly to the book of this plan! See: Tucker Carlson.
Taiwan says a Chinese ship might have deliberately cut one of their undersea internet cables, which follows similar incidents in Europe recently. MORE
💡I wonder if one future could be internet without undersea cables. Bandwidth would be infinitely slower, but it’s harder to take out satellites. Basically all the major powers have their own internet and web. And they only really partner with friendlies.
Seems farfetched, but so did a lot of things happening right now.
CISA releases data on how well 7,791 critical infrastructure orgs were adopting their security goals. Healthcare, water systems, communications, and government facilities are doing the best so far. MORE
The Chinese Drone Company, DJI has released an Update that removes its Geofencing System (GEO) from Drones sold within the United States. The System, which would previously prevent Drone Operators from flying through Restricted/No-Fly Zones across the Country, including Military… x.com/i/web/status/1…
— OSINTdefender (@sentdefender)
5:22 AM • Jan 14, 2025
Arctic Wolf found a likely zero-day being used to hack Fortinet firewalls that have management interfaces exposed to the internet. MORE
A new zero-day in Ivanti's VPN products is being actively exploited by suspected Chinese hackers to breach corporate networks. MORE
SonicWall is rushing to get customers to patch a serious authentication bypass bug in their SSL VPN that's actively being targeted. The vuln affects both SSL VPN and SSH management interfaces and they’re directly emailing customers telling them to patch. MORE
Greenland is becoming increasingly critical for U.S. military strategy in the Arctic, as Russia already has 50+ Arctic bases and the world's largest icebreaker fleet. MORE
The White House and some intelligence agencies are now saying there's about a 50-50 chance that a foreign actor did target US personnel with some kind of energy weapon, which is a major shift from the CIA's 2023 assessment that basically ruled out deliberate attacks. MORE
Continue reading online to avoid the email cutoff AI / TECHApple is actually building the AI we all want. I’m telling you, they’ve been quiet about this AI stuff but that’s because they’re doing it quietly just like always. Look at #2 in this list! They are the ones who have the context to make this work. MORE
OpenAI's o1 keeps randomly switching languages while solving problems—and no one knows why. o1 will sometimes switch to Chinese, Persian, or other languages mid-reasoning, even when asked questions in English. MORE
Zuckerberg says Meta will start using AI to replace midlevel software engineers in 2025. He claims they'll have AI systems that can effectively work as company engineers writing code, eventually planning to automate all app development at Meta. MORE
Nvidia released a blueprint for creating digital twins of robot fleets in factories and warehouses. They're virtual environments where companies can test and optimize their robots before deploying them in the real world. MORE
OpenAI released their new "Economic Blueprint" that outlines how the US can win the AI race against China while managing the tech's risks. They say there's $175B in global funds ready to invest in AI projects that could flow to China if the US doesn't act fast. MORE
OpenAI is starting to build its own robotics team, hiring for its first hardware roles. If you thought AI was big, wait till you see robots. And then AI-powered robots. Remember, there are hundreds of billions of dollars behind replacing human workers. MORE
Dell is changing their laptop names to just Dell, Dell Pro, and Dell Pro Max, copying Apple like most everyone. First it was phone form factor. Then it was packaging. And now everything’s a Pro and Pro Max.
Apple might launch a new app called "Invites" to help manage events and meetings more effectively than Calendar. I hope they do. Really surprised Calendly and the like are the best options out there. MORE
Stack Overflow is seeing a massive decline in new questions, dropping 77% since 2022. MORE
Amazon is winding down some of its DEI programs and integrating others into existing processes. Meta just killed most of their programs and their entire DEI department. The company cited changing legal landscape as the reason, following similar moves by Microsoft and Zoom to roll back their diversity initiatives. MORE | MORE | MORE
💡The corporate world continues to move towards the Alaskan Fishing Boat Model. There’s no DEI on an Alaskan Fishing Boat.
And if robots could do the work there wouldn’t be any boat crews on them either.
Expect this to accelerate in the next 4 years.
HUMANSMeta just made huge changes to their content policies, including allowing hate speech against many different groups. MORE | MORE
💡I think my opinion on this might be different than a lot of people in the Bay Area. I want platforms to have full, nasty reality available for me to see.
But I don’t want to see it 99.9% of the time, so I want filters to be able to block it out. The worst situation is when they allow it, don’t filter it, and don’t let me filter it because they want hate because it generates clicks.
That to me is the problem, not the fact that the platform is unfiltered.
The economy added 256,000 jobs in December 2024, way above the 155,000 that economists expected. The unemployment rate dropped to 4.1%, and November's numbers were revised down by 15,000 to 212,000 jobs. MORE
🌎️ ☀️ A rare seven-planet alignment is coming to Earth's night skies in February 2025, letting us see all the planets in our solar system in a row at once. But I’ve been enjoying tons of them for like a month already. Mars and Jupiter are gorgeous, and Saturn is to the upper left of Venus in the west. MORE
Germans are using DIY balcony solar panels to cut their electricity bills, with over 400,000 of these "plug-in" systems now installed across the country. MORE
Young people are increasingly avoiding relationships, and it's happening all over the world. Japan's already low marriage rate dropped another 12% since 2019, while a third of 18-34 year-olds globally say they're just not interested in dating or relationships. MORE
In 1965 the US government tried replacing Mexican farmworkers with American high school athletes, and it failed spectacularly. The Department of Labor recruited 18,100 teenagers for the "A-TEAM" program but only 3,300 actually worked the fields, with many quitting within weeks due to brutal conditions like 110-degree heat and minimum wage pay. FAFO. MORE
IDEASMy thoughts on Zuckerberg and Musk showing us raw internet. Basically I want that, but with the ability to tune out what I don’t want to see.
Reality Through Filters
The last few years have given me some clarity on where I stand on the topic of internet censorship. I was a bit wishy-washy on it for a while, but for tech platforms like X and Facebook, I think I finally have an opinion.
danielmiessler.com/blog/reality-through-filters
DISCOVERYI’ve had this for years. Super useful.
this little snippet will save you 128 hours in 2025.
bookmark for later.
— Kyzo (@ky__zo)
1:53 PM • Dec 27, 2024
New NVIDIA Free AI Courses MORE
massport80 — A researcher scanned the entire IPv4 internet on port 80 using masscan, finding 71 million open ports and analyzing the results with nmap. MORE
You Can't Optimize Your Way to Being a Good Person — A deep look at why our obsession with moral optimization and quantifying ethical behavior might be making us worse people, not better ones. MORE
🪄Terminal Setup Guide — Julia Evans explains what's needed for a modern terminal experience, and it's more complicated than you might think. She outlines 10+ must-have features including multiline paste support, infinite shell history, and 24-bit color support. MORE
Philips Hue users will be able to create custom scenes using voice or text commands like "Give me a scene for a garden party," and the AI will either recommend existing scenes or generate new ones. MORE
RECOMMENDATION OF THE WEEKDon’t clutter your mind with anything before starting work. Treat your morning clarity as a precious resource! You want that energy to go into difficult work, not distraction and fragmentation.
I think of it like me starting with mental energy at 100 (on a perfect day). So let’s call it 90 😁. If I then open social media, or news, or emails, or whatever, my energy shatters. It’s spread into the ether like a prism scatters light.
Now my energy is at 47.
Don’t waste those points on trash. Spend them on your most creative / difficult work.
APHORISM OF THE WEEK Share UL With Someone Thoughtful
I still do this most days and I think it works great. My morning brain (right after 1hr exercise and 1 coffee) is quite eager to work and I go directly to the one top priority item. The energy decreases over time and with every distracting item loaded into the context window.
— Andrej Karpathy (@karpathy)
9:19 PM • Jan 8, 2025
Thank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Powered by beehiiv
January 7, 2025
UL NO. 463 | Launching 2025, US Soldier Data Leak, AI Agents Emerge, China's Global Spy Network, Robotaxis Now Safer Than Humans
Hey there! Welcome to 2025!
A few notes about the end of last year and how I’m approaching this year:
I relaunched my website, separately from the newsletter. So happy with the new design, which is quite similar to the last one before I merged it with Beehiiv. Beehiiv is great as a newsletter platform, but I need more control over my content—just like I’ve been preaching all these years. Beehiiv was a nice consolidation step and now we’re moving towards the ideal. Markdown / Vite, if anyone is curious. Still lots of work to do on it. PREVIEW THE NEW SITE
End of 2024: Spent over 60 hours optimizing my productivity and tooling for 2025. That’s notes, automation, AI workflows, processes, computer, network, operating system, text editor, app launcher, menu bar, keyboard shortcuts….basically everything. Releasing a video on it for members next week. And it’s the topic of this month’s mid-month meetup as well.
For 2025: More focus and more discipline. My primary projects for 2025 will be launching SamePage and Human 3.0, with building out my own Daemon and doing other broadcast/tech/H3 related stuff will be the ever-present secondary.
Here’s what I expect for 2025:
A lot of chaos that comes with a lot of opportunity
A bias towards action, i.e., people who act will have the advantage
The AI companies move towards Agents
Many AI companies start failing because they were riding hype
Big Tech and truly innovative AI companies start to hockey-stick
Developers switch from minor AI assistance to largely AI-based dev
It becomes more obvious that AI will replace lots of knowledge work
The AI discourse switches from ASI to human work replacement
More people start asking what humans are supposed to do post-work
It’s going to be wild, and I’m happy to be on the ride with you.
Daniel
Sponsor
Stay Vigilant with AI SOC Analysts
Cyber threats never sleep, and neither do we.
Dropzone AI is the first Gartner Cool Vendor for the Modern SOC, empowering security teams with AI SOC analysts that autonomously investigate alerts 24/7.
Stop wasting time on false positives.
Reduce Mean Time to Conclusion (MTTC) with decision-ready reports.
Gain the confidence of knowing every alert is handled with expert precision.
Our AI SOC analyst adapts to your environment, and provides actionable insights—no playbooks or prompts required. Ready to see the future of SOC efficiency?
👉Request a Demo Today SECURITYA US Army soldier was arrested for allegedly selling AT&T and Verizon customer data as the hacker "Kiberphant0m". The 20-year-old communications specialist Cameron Wagenius allegedly stole and leaked sensitive call records, including what he claimed were logs from presidential candidates. MORE
There’s a critical security release for iTerm2 fixes a remote code execution vulnerability in the terminal emulator's renderer process. But you should be switching to Ghostty anyway! MORE | GET GHOSTTY
China has turned one of its most prominent pro-democracy dissidents into a spy by threatening his sick parents. Tang Yuanjun, a Tiananmen Square protest participant and exile living in New York, was arrested by the FBI in August 2024 for collecting intelligence on fellow activists for Beijing. MORE
💡This calls attention to China's use of emotional pressure and family ties to coerce members of its diaspora into becoming intelligence assets. Hard to say how big the problem is, but I’m quite worried about it.
They can basically activate millions of people in their diaspora by leveraging nationalism, political pressure, threats to family, or whatever it takes. So it’s not a matter of whether you can trust the people in the new country; they might be perfectly loyal to the company they work at, or the country they now live in. But then they get the phone call. Not nearly enough attention on this kind of stuff—and not just for China.
Manipulating or pressuring people with access is extremely effective, and very few companies have advanced Insider Threat programs—for multiple reasons. First, they’re really difficult to build and maintain. And second, it’s politically difficult to monitor and alert on suspicious behavior of employees—especially when it’s expected that many of the hits will be from foreigners. It requires a company with very strong ethics and technical skill to be able to do this 1) without being racist, and 2) without getting sued.
Amnesty International says attackers used a HomeKit vulnerability to deploy Pegasus spyware on Serbian journalists' and activists' iPhones. MORE
Holy crap: Russia is using Ukrainian kids to help them target airstrikes by having them play "quest games" that involve taking photos and videos of military targets. The FSB recruited two separate groups of 15 and 16-year-olds in Kharkiv who were asked to visit specific locations and take pictures of the surroundings, which were then targeted in airstrikes. MORE
Microsoft says it's going to delete passwords for a billion users as password attacks double every year, and they’re now blocking 7,000 password attacks per second. 🤯 MORE
The Treasury Department got hacked through their BeyondTrust remote support software by Chinese state hackers. The attackers stole a key used for cloud-based tech support that let them access multiple Treasury workstations and view unclassified documents. MORE | MORE
A vulnerability in Nuclei that lets attackers bypass template signature verification to execute malicious code has been fixed in version 3.3.2. They patched back in September. NOTE: I’m an advisor there. MORE
This is a solid breakdown of how to use ANY.RUN's Threat Intelligence Lookup for proactive threat detection. The article walks through five key approaches including regional threat monitoring, artifact verification, TTP tracking, threat evolution monitoring, and report enrichment. MORE
Congressman Mike Waltz says the incoming administration plans to shift from defense to offense in cybersecurity, specifically calling out Chinese threat actors Salt Typhoon and Volt Typhoon. Yes please. MORE
Missile attacks have now become the leading cause of commercial airline passenger deaths. 926 people have been killed by missile strikes since 2014, compared to 458 deaths from traditional accidents during the same period. MORE
A wilderness survival instructor spent two years infiltrating multiple militia groups, including becoming a top leader in AP3 and gaining access to Oath Keepers leadership. The mole, identified only as John Williams, gathered extensive documentation showing militia ties to law enforcement and surveilled a student journalist, ultimately going public with what he learned. MORE
Continue reading online to avoid the email cutoff AI / TECHSam Altman claims in a new blog post that OpenAI has figured out how to create AGI. And he predicts AI agents will "join the workforce" in 2025. MORE
💡I think he’s right here, and I’d like to reiterate why I’ve been saying AGI is coming between 2025 and 2028 since early 2023.
AI deploys as systems, not as models. A model by itself doesn’t need to be all-powerful. It’ll be a product that has tons of models working together, along with regular automation and code as plumbing and glue.
Replacing many/(most?) knowledge-work jobs is easier than most think. My definition of AGI is an AI system that replace a decent knowledge worker, so we’re talking customer service, sales reps, project management, technical writing, etc. Millions of jobs. And before too long, a lot of programmers as well.
We’re not talking about ASI—where we have a superintelligence capable of more than our best humans. We’re talking about a massive AI System made up of dozens or hundreds of smaller AIs that all coordinate together. So it can follow instructions, participate in meetings, create summaries, check code in and out, modify code, write emails, participate in Slack discussions, etc.
The bar for doing this decently well is not that high. And that’s what I think AGI is. It’s an AI system good enough to replace an average knowledge worker. I think this is a good definition because it deals with the thing we’re actually concerned about—which is human worker replacement.
AGI is not—or should not be—about benchmarks or lab results. What matters is humans, and how humans are affected by technology. That’s why I use a human definition of AGI.
So, given that, I think we’ll get there in 2025 or 2026. I’d say 40% 2025, and 50% 2026, and 10% 2027 or beyond.
The CIA built a tiny robot dragonfly spy in the 1970s that could fly 200 meters to deliver miniature laser reflectors for eavesdropping. The "insectothopter" used a gas-powered fluidic oscillator to flap its wings 1,800 times per minute and could be controlled by an infrared laser beam, though it struggled with crosswinds above 7mph. MORE
Waymo's autonomous vehicles are showing they're significantly safer than human drivers in San Francisco. The company's data shows its robotaxis have an accident rate 6.7 times lower than human drivers in similar conditions, with only 0.41 crashes per million miles compared to humans' 2.75. MORE
United Airlines is moving fast to roll out Starlink internet on their planes, and I absolutely can’t wait. I’m really hoping it’s a simplified connection process too, more like JSX. On a JSX flight you connect to wireless once when you first board the plane, with no password and while still on the runway, and you’re good for the whole flight. Like it’s so good you can have a Zoom call if you wanted to. More people on a 767, though. MORE
The Vision Pro just got an incredible planetarium experience through its Theater app update, letting you turn your room into a full dome theater where you can view the stars. This was a special thing for me growing up where we would have field trips to the Planetarium in San Francisco. It’s why I’m into Astronomy today. Can’t wait to play with this! MORE
Den Delimarsky makes a compelling case for owning your own corner of the internet rather than relying entirely on major platforms. He argues that while big platforms like YouTube and Reddit are useful, they increasingly optimize for engagement and monetization rather than interest and personality. This is the same argument I’ve been making here for like 15 years, but it’s good to hear it from someone else. MORE
HUMANSThe Chart of Everything — The Economist created a stunning visualization showing how literally everything in existence emerged from the Big Bang 13.8 billion years ago. The key insight is that all objects are essentially particles frozen in time at a higher density than their surroundings as the universe expanded and became less dense around them. The chart traces this progression from pure energy through elementary particles, atoms, and eventually to stars, planets, and life itself. MORE
Paul Cohen makes a compelling case for universities to start training polymaths again instead of specialists, arguing that modern problems like climate change and sustainability require broad, systems-level understanding. MORE
A massive 44% of US unicorn founders between 1997-2019 were born outside the US, showing just how crucial immigration is to American innovation. Indian founders led the pack with 90 individuals, followed by Israel (52) and Canada (42). MORE
A survey of 86 convicted burglars confirms that security cameras and alarms actually work as deterrents. Most inmates said they'd skip houses with visible cameras, and they bolt when alarms sound. MORE
IDEAS
AI is Founder Augmentation
A different way to think about AI and human work.
danielmiessler.com/blog/ai-founder-augmentation
Bet on Doers That Treat Failure as Fuel
Jensen Huang just released a massive amount of stuff yesterday, including a new personal AI computer and new GPUs. But the biggest signal I’m getting from him/them is that he’s all in on robotics. I mean most people are still lagging on AI, and he’s already on robots. I am heavy in both NVIDIA and TESLA mostly because of the leaders, not necessarily for any particular product. They both just happen to think AI and Robotics are the future, though, which I also believe. The bigger point is that they are absolute freaking machines. They are thinking all the time. Executing all the time. Non-stop. They couldn’t stop if they tried. Those are the types of people I bet on because it doesn’t matter if/when they fail. They just dust off and keep going. MORE | MORE | MORE
Shift — A new Caido plugin product by my buddies Joseph Thacker and Justin (rhynorater), who won Google's LLM Bugswat. It works like Copilot for web app testing, letting you control the proxy using natural language instead of complex syntax. It can generate contextual wordlists and create match & replace rules on the fly, plus it's highly customizable with custom memory and instructions. MORE
Brand AI Analysis Tool — Someone made a cool agent that shows you how ChatGPT perceives and recommends different brands compared to their competitors. The tool analyzes direct comparisons, assumed buyer personas, and specific recommendation scenarios between any two brands. MORE
Hitting OKRs vs. Doing Your Job — A great explanation of how OKRs should focus on new initiatives and changes rather than duplicating regular work tracking. The key insight is that OKRs work better in project-based work (like Marketing) compared to product work (like Engineering) because projects naturally fit into quarters while product work is ongoing. MORE
Raspberry Shake — A line of professional-grade seismographs for home and educational use that can detect ground movements smaller than 1/100th the width of a human hair. MORE
25 Useful Ideas for 2025 — A fascinating collection of mental models and concepts that can help improve your thinking and decision-making in the new year. The list includes gems like how small problems can be worse than big ones (Region-Beta Paradox), and how teaching others is the best way to learn (Protege Effect). MORE
📚 Thank You, Everything — A new children's book explores gratitude through the Japanese concept of tsuumogami, where objects gain souls after 100 years of service. The story follows a character thanking everything from bicycles to fog to caterpillars, illustrated by artist duo Icinori (Mayumi Otero and Raphael Urwiller). MORE
14 Wild Ideas — Robin Hanson shares some fascinating predictions about the future, including that by 2100 most "people" will be immortal computer simulations, and that our nearest intelligent aliens are millions of light years away. He believes at least a third of these wild ideas are likely true. MORE
SF Purity Test — Someone made a hilarious checklist scoring system for how deep you are in SF tech culture, with items like "Applied to OpenAI", "Switched from ChatGPT to Claude and back", and "Told someone you won't date because AGI is coming". MORE
yolo-security — Someone made a parody pentesting company website that generates empty pentest reports to make management happy, complete with fake findings, pretty charts, and executive summaries. MORE
Python One-Shot Tools — Simon Willison shares a clever way to build Python tools using Claude and uv run, where a single prompt can generate a complete working script with dependencies. MORE
CF-Hero — A new tool for finding the real IP addresses behind Cloudflare-protected websites by checking multiple data sources and determining which domains are actually using Cloudflare protection. MORE
Technical Debt is Entropy In Software — An argument that entropy helps explain technical debt in software development, with tech debt representing the integral of software complexity over time. MORE
Types Make Hard Problems Easy — A detailed look at how leaning into type systems (especially TypeScript) can make complex programming problems much simpler, with a focus on letting types flow through the system and making illegal states unrepresentable. MORE
Jetson — Speaking of NVIDIA, I want this. They just released a $249 AI computer that's half the price of the previous model, aimed at hobbyists and small companies. The device is designed to be the "brain" for robots and industrial automation projects, letting them run AI computations directly on the hardware. MORE
NVIDIA Project Digits — Oh crap I want this too. “With Project DIGITS, users can develop and run inference on models using their own desktop system, then seamlessly deploy the models on accelerated cloud or data center infrastructure.” MORE
The Ars Guide to Mechanical Keyboards — A really solid intro to mechanical keyboards that explains why people love them so much. Every key has its own switch with a physical spring (unlike membrane keyboards), and Cherry's 1980s switch designs are still the foundation for most modern keyboards. MORE
lobhn — A neat little tool that shows you which stories are being discussed on both Lobsters and Hacker News, with direct links to both discussions. MORE
RECOMMENDATION OF THE WEEKWhen dealt chaos, find a way to benefit from it. 2025 might be completely insane, but like Littlefinger said, “Chaos is a ladder.” He died in the end, but it’s still a good lesson.
Seriously though, there is tremendous opportunity in change.
Treat it as a chance to remake yourself into what you are supposed to be. Start the venture. Build the company. Get the better job.
If chaos comes for you, embrace it. Reflect it back. Soak it in and use its strength to improve.
APHORISM OF THE WEEK Share UL With Someone ThoughtfulThank you for reading. Please forward to a friend and/or share on socials to help support the work. 🫶🏼
Daniel
Powered by beehiiv
December 16, 2024
UL NO. 462: Full-Face Mask Deceptions, VS Code Tunnel Hacks, Quiet AI Emergence at Apple, and Tokyo’s Three-Day Weekend Gamble
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey there!
Settling in for a couple of light holiday weeks. I plan on doing lots of coding and light reading (LitRPG mostly, I think). What are you going to do?
Please go subscribe to the YouTube channel. Always forget to promote it, and we’re putting in work over there!
SUBSCRIBE TO THE UL YOUTUBE CHANNEL
I wrote a piece for Dazz that I’ve been wanting to get out for a while. It’s about how I think continuously updated context will end up being the future of vulnerability management. Basically, the problem isn’t finding vulnerabilities; the problem is knowing how to fix them—in what priority—within any given organization. CHECK OUT THE ARTICLE
Sponsor
This AI is Game Changing for Security Operations
Check out this annual benchmark data from Intezer's AI SOC solution:
➡️ 2 min 21 second average alert investigation time
➡️ 3.81% alert escalation rate
➡️ 97.7% accuracy for false positive alerts
➡️ 93.45% accuracy for true positive alerts
This is data from an AI SOC startup with a track record of triaging huge volumes of alerts for their customer base that includes Fortune 500 companies and top MSSPs. Impressive results compared to traditional triage processes.
Intezer has a unique approach to AI agents and an interesting back story too. Their CEO Itai Tevet co-founded Intezer in 2016, after he’d lived the reality of too many alerts and not enough time while leading an elite security and incident response team.
👉Check out Intezer’s interactive tour or get a demo SECURITYFull-Face Masks for Facial Recognition Evasion
There are new super-realistic printed face masks that people can use to appear as someone else from a distance. Insane how good they appear to be, combined with how easy they are to swap on and off. They seem good enough to possibly fool a cursory glance and even facial recognition. MORE
💡Someone in the security community needs to buy some of these and test them out with common facial recognition systems. That would be a fun project.
Visual Studio Code Remote Tunnel Attacks
Chinese hackers were caught using VS Code's remote tunnel feature to hack IT service providers in Southern Europe. The attackers used SQLmap for initial access, dropped a custom PHP webshell, and used a modified version of Mimikatz (called mimCN) that's been linked to other Chinese operations. MORE
China Restricts Drone Parts to Ukraine
China has started limiting sales of critical drone components to the US and Europe that are needed for Ukraine's defense efforts. MORE
Sponsor
How to investigate ChatGPT activity in Google Workspace
When ChatGPT is allowed to access files directly from Google Drive, it grants extensive permissions for not only personal files, but resources across the entire shared drive. This blog post covers the potential risks of this integration, and how you can find activity related to ChatGPT in Google Workspace.
Read MoreFBI Takes Down Rydox Cybercrime Market
The FBI has shut down Rydox, a cybercrime marketplace operating since 2016, and arrested three Kosovo nationals who were running it. The site had done $230,000 in revenue from selling over 321,000 cybercrime products to 18,000 users, including stolen PII and hacking tools. MORE
Russian APT Gamaredon Using New Android Spyware
Russian state-backed APT Gamaredon has been targeting Russian-speaking individuals with two Android spyware families called 'BoneSpy' and 'PlainGnome' that can record calls, capture photos, and collect SMS messages. MORE
Yahoo Paranoids Layoffs
Yahoo cut 25% of its cybersecurity team (The Paranoids) over the last year and completely eliminated its red team, moving to an outsourced model instead. The company lost between 40-50 security people out of 200 total since early 2024, amid broader tech organization changes under new CTO Valeri Liborski. MORE
We’ve opened up slots for the AUGMENTED course again for February 3, 2025!
This instance of the course will be a full discussion and workshop on building out personal TELOS files and using AI to access them.
$495 (Members check the #augmented channel for your direct 25% discount link!)
→BECOME A MEMBER TO GET THE DISCOUNT ( ←💡 Pays for the membership!)
😡 Claude > ChatGPT Pro For Me
I’m super annoyed to report that ChatGPT Pro, even with the full o1-pro and all the goodies, does not come close to Claude’s intelligence as a coding partner. Specifically using Sonnet 3.5. Claude is something like 70-85% effective at communication, following instructions, and general coding tasks. ChatGPT Pro is more like 50-70%. It doesn’t follow instructions well. It constantly loses the plot. And it’s just worse at coding. Plus it takes far longer because of o1’s thinking time. And I’m paying $200 for it.
💡I think ChatGPT will catch up, and I’m pulling for them because my loyalty going back to the start of 2023 is with OpenAI. Which is why I’m paying for Pro. But holy crap it’s annoying to pay so much for something that produces work I end up having to redo using Claude. 😡
Apple's Pragmatic AI Strategy
I think Apple is actually doing exceptionally well on the AI front (except for Siri, which is still unexplainable bad). But even Siri is better now with ChatGPT integration, which I’ve been using since the beta started. My absolute favorite feature of Apple Intelligence is the ability to hold the camera button on new iPhones and have ChatGPT tell you what you just took a picture of. MORE
💡Basically, Apple is building LifeOS, and they have been for like 15 years. This naturally includes complete integration of AI into everything life and work. And they’re doing it slowly. Methodically. And quietly. Just like usual.
Everyone doubted the slow and low approach to building the iPhone ecosystem too, and now everyone copies it because it’s the best in the world. It’s the same with their AI integration. They are piecing together all the plumbing of a person’s life in the iPhone ecosystem, and the overall Apple ecosystem, which all lives inside the secure enclave or the secure cloud infrastructure, and their AI will have access to all of it.
Apple’s entire game is integration. It’s all about the ecosystem and how it all works together. Applying AI to that will be done better on Apple than anywhere else because Apple is best at seeing everything as a unified whole.
Remember this when you hear people talk about how far behind Apple is on AI. And remember it when people are surprised by Apple “suddenly” figuring out AI 2 to 3 years from now. It’s not suddenly. It’s all planned. Quiet and slow is the game.
OpenAI Whistleblower Death
A former OpenAI researcher who publicly criticized the company's data practices was found dead in his San Francisco apartment, with authorities ruling it a suicide. Suchir Balaji, 26, had recently accused OpenAI of violating copyright law in training ChatGPT and was expected to provide key evidence in several ongoing lawsuits against the company. MORE
💡There is an atmosphere of conspiracy around lately, so I’ll just say that there of course could be malicious activity here, but it’s also the case that whistleblowers lead a difficult life. They tend to target someone big in their own community and get ostracized immediately as a result, which is profoundly isolating and stressful.
I don’t know the details of this case at all; I’m simply saying we shouldn’t always jump to the lowest probability and most nefarious explanation.
AI Company's Honestopian Billboard Campaign
A Y Combinator-backed startup called Artisan is running ads all over San Francisco with slogans like "Stop Hiring Humans" and "Artisans won't complain about work-life balance" to promote their customer service AI. The company's CEO said the campaign was designed to be dystopian and controversial to grab attention, but I don’t believe that. I think it has a dual purpose: controversy for marketing, but direct honesty for those actually looking to reduce headcount. MORE
ChatGPT Gets Real-Time Video Vision
ChatGPT can now analyze real-time video through your phone's camera, letting you point it at objects for instant analysis and conversation about what it sees. Works really well, actually, but I need it on the desktop. MORE
Google Announces Gemini 2 and AI Agents
Google released Gemini 2, which can now control computers and navigate the web to do tasks like shopping and coding. Seriously impressive stuff. It feels close to a ChatGPT moment from late 2022. Completely surreal to just talk to an AI that can see your screen and help you code. MORE
Exxon Plans Natural Gas Plant for AI Data Centers
Exxon is building its first-ever external power plant focused on AI data centers, with plans to generate 1.5 gigawatts of power through natural gas. They are one of the most innovative companies out there. I have issues with their ethics at times. Significant issues. But holy crap they can read the tea leaves. Becoming an energy provider to AI. Brilliant. MORE
Health Data Tracking in Markdown
Someone made a really smart case for tracking health data in Markdown files instead of apps, since apps eventually die and take your data with them. They use plain text files for daily logs and Google Sheets for trends, with everything backing up to Google Drive. Markdown all the things. MORE
GPS-Based NTP Server Appliances from CenterClick
CenterClick has released a line of GPS-based NTP server appliances that work completely offline with no subscriptions or cloud requirements. The devices support multiple GNSS constellations, can track up to 1 million unique IPs, and use less than 5W of power. MORE
United Airlines Adds AirTag Support to Mobile App
United Airlines is adding Apple's new Share Item Location feature to their mobile app, letting customers paste location-tracking links for their AirTagged bags directly into their missing bag reports. MORE
YouTube's TV Usage Stats Show Huge Growth
YouTube is seeing massive growth in TV viewing, with sports content up 30% and users watching over 400 million hours of podcasts on TVs monthly. MORE
Bird Flu Jumps to Human in Louisiana
Louisiana reports its first human case of H5N1 bird flu in someone who had contact with sick birds, and they're currently hospitalized. MORE
Tokyo Offers 3-Day Weekends to Boost Birth Rate
Tokyo is trying to increase births by giving its 160,000+ government workers a 4-day workweek starting in April, hoping less work means more babies. Japan's birth rate has fallen to 1.2 babies per woman, and they're expecting fewer than 700,000 newborns this year—the lowest since records began in 1899. MORE
Ketone Bodies Found to Clear Alzheimer's-Related Proteins
Research shows ketones don't just provide energy to the brain—they actually help remove misfolded proteins associated with Alzheimer's by making them easier to clear through autophagy, with dramatic results in both mouse and worm studies. MORE
Stack Analyzer
Detect more than +500 technologies in your code base. MORE
Security Talks at ReInvent
A playlist of all the security talks at AWS ReInvent. MORE
ZSTD vs GZIP Comparison
In a series of compression tests, ZSTD consistently outperformed GZIP and ZLIB across speed, compression ratio, and decompression efficiency metrics. The tests by Aditya Karnam showed ZSTD was particularly dominant with large datasets. MORE
Downtime. Fiction. Family. Friends.
APHORISM OF THE WEEKThank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Daniel
Powered by beehiiv
December 3, 2024
Frontview Mirror: 2025 Edition
This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.
A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!Powered by beehiiv
December 2, 2024
UL NO. 460: CISA Exploded, The Chinese Telco Hack, Two Meta-skills
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey there!
My current TMUX windows
It’s that time of the year again! MAJOR NEOVIM and TMUX updates. This year I did lots of cleaning, added noice.lua to get some clean aesthetics (I especially love the visual search box popup), and a bunch of other goodies. Feels so good to do in December or January! Will do a blog/video on it soon.
My own Stratum 1 time server on the LAN!
My time server lives! Check out my snmp time.local.lan output 👆🏼
I’ve opened up my AUGMENTED course again for February of this year. This is going to be a very focused session on building out personal TELOS files. $495. RESERVE A SLOT
Sponsor
Gain Visibility & Control Over Risky Drive Sharing
Google Drive is where your team works and collaborates: it’s full of sensitive, critical information — and it’s growing rapidly. Sampling our Drive customers, we found that over approximately six months, the average Drive footprint grew over 800% and sharing of sensitive information increased over 500%.
Sharing and collaboration is key to your operations–but managing the risk that goes along with it is just as critical. Material gives organizations visibility and granular control over Drive behavior, that’s why our customers also saw risky sharing — like public exposure of confidential content — drop by 94% in the same time period.
Find the risks lurking in Google Workspace and manage them without disrupting your operations, with automated detections and remediations from Material Security.
material.security/providers/google-workspace
Gain Visibility and Control with Material SECURITYJen Easterly, CISA's director, will leave the agency on January 20 as the new administration begins. Sad. MORE
💡She’s one of the best things that’s ever happened to public cyber. I was holding out hope that she would stay on. What a loss.
China has deeply compromised thousands of US telco networks according to Senator Mark Warner, who says the situation is way worse than SolarWinds. The Chinese group "Salt Typhoon" has established persistent access that may require replacing thousands of network devices, and they potentially accessed phone call data and wiretapping capabilities. MORE
💡Worse than SolarWinds. Deeply compromised telco networks. Add it to OPM, Marriott, and thousands of other hacks. Really tired of this.
Some are saying the compromise is so deep and nasty that it might require a whole rebuild to get them out. Which will take years, if it happens.
Meanwhile—they’re still our telco networks.
Volexity discovered Russian APT28 hackers compromising organizations next door to their actual targets to hijack their WiFi networks and gain unauthorized access. The attackers used password spraying to get credentials, then leveraged neighboring offices' devices to connect to the target's MFA-less WiFi network and move laterally. MORE
💡Great. Now we have to worry about who’s getting hacked next door as well.
Apple has rolled out urgent updates for iOS, iPadOS, macOS, visionOS, and Safari to fix two zero-day vulnerabilities. The flaws, CVE-2024-44308 and CVE-2024-44309, involve JavaScriptCore and WebKit, potentially allowing code execution and XSS attacks. MORE
Wiz is acquiring Dazz for $450 million to boost its cloud security offerings, especially for developers. Damn. Dazz just came out and already acquired. Nice job. MORE
The Danish Navy detained the Chinese bulk carrier Yi Peng 3, suspected of damaging undersea telecom cables in the Baltic Sea. The incident occurred in Danish waters, with the ship reportedly sailing over cables between Finland, Germany, Sweden, and Lithuania. MORE
Sponsor
The Complete Guide to Credit Card Fraud and Prevention
Fraud tactics are becoming ever more sophisticated - but real-time data and applying the most up-to-date best practices can help protect your business. Learn the latest credit card fraud methods to help your team anticipate and counteract threats.
→ Understand evolving fraud tactics
→ Implement intelligence-driven prevention strategies
→ Build fraud resilience
Download the guide to learn more.
go.flashpoint.io/guide-to-credit-card-fraud-prevention
Get the GuideCrowdstrike says a China-linked group called Liminal Panda has been targeting telecom networks in South Asia and Africa since 2020, using protocols like SIGTRAN and GSM to infiltrate and collect intelligence. MORE
CISOs can now get professional liability insurance from to Crum & Forster. This new policy protects CISOs from personal liability, covering consulting work and even pro bono IT security tasks. MORE
Google's OSS-Fuzz project, using AI, found 26 vulnerabilities, including a critical OpenSSL flaw (CVE-2024-9143) that went unnoticed for two decades. MORE
Google blocked over 1,000 pro-China propaganda sites that were posing as legitimate news outlets. The sites were run by four Chinese firms working together as "Glassbridge,". MORE
Researchers found Russia is using AI to scale up its disinfo campaigns, with a focus on creating fake Western personas to spread anti-Ukraine narratives. They're seeing more sophisticated tactics like using AI-generated profile pictures and coordinating posts across multiple platforms to appear more authentic. MORE
Continue reading online to avoid the email cutoff AI / TECHAWS just added automatic testing of RAG setups and LLM-based model evaluation to Bedrock, which lets you quickly test different RAG configurations without needing human reviewers. The evaluations look at things like correctness and helpfulness, with scores from 0-1 and natural language explanations for the results. MORE
Anthropic released an open-source protocol for connecting AI models directly to data sources like Google Drive and GitHub. The protocol lets AI assistants access live data from business tools and development environments instead of being isolated, with Block and Apollo already integrating it and companies like Replit and Sourcegraph adding support. MORE
💡This is very much in line with what I’ve been building for the last couple of years with Fabric and my own internal tooling. Basically, everything is microservices and data sources, and they’re all modular. I think that’s where everything is going.
OpenAI is reportedly planning to develop a web browser to compete with Google Chrome, integrating ChatGPT and search features. MORE
Llama 3.1 405B is now blazing fast on Cerebras Inference, hitting 969 tokens per second—12x faster than GPT-4o and 18x faster than Claude 3.5 Sonnet. MORE
💡This alternative hardware stuff is just insane. These are custom chips, similar to Groq, that run inference extremely quickly.
My opinion isn’t formed yet, but I’m wondering how much of the future of AI is building models vs. inference, and I think I’m very much leaning towards inference.
Microsoft has quietly built the largest enterprise AI agent ecosystem with over 100,000 organizations using its Copilot Studio. At the Ignite conference, they announced support for 1,800 large language models in Azure and unveiled autonomous agents that work with minimal oversight. MORE
Salesforce plans to hire over 1,000 people to support their new AI product Agentforce, which automates customer service, sales, and marketing tasks. The tool costs $2 per agent conversation and is already being used by companies like OpenTable, Saks, and Wiley. The company's stock hit a record high of $322.81 on the news, up 2.5%. MORE
💡Both Microsoft and Salesforce are going heavy on Agent frameworks, tooling, and products. Especially the Salesforce stuff. It’s basically a full platform for automating people’s jobs.
They look cute in the picture, though, so they’re probably harmless.
I’m not mad at them, by the way. This is inevitable. I’m just worried for people and feel like screaming into my fist when I see how blatantly this is being built right in front of us, with most people being completely unaware.
Agentforce: Create Powerful AI Agents
Build and customize autonomous AI agents to support your employees and customers 24/7, including full integration with the Salesforce ecosystem.
www.salesforce.com/agentforce
Meta is using large language models (LLMs) to boost their incident response, achieving a 42% accuracy in identifying root causes in their web monorepo. This approach reduces mean time to resolution (MTTR) from hours to seconds by surfacing likely issues early in investigations. MORE
Nvidia just announced Fugatto, their new AI model that makes music from text prompts. The name stands for Foundational Generative Audio Transformer Opus 1, and it lets you either describe the music you want or upload existing audio to work from. MORE
40% of LinkedIn articles may be AI-generated, with tech and marketing having the highest rates. Researchers analyzed 10,000 LinkedIn posts and found consistent patterns in AI content, including longer articles and specific linguistic markers. MORE
Apple is reportedly working on a new AI-powered version of Siri, called "LLM Siri," to compete with ChatGPT and Google's Gemini Live. This upgrade will make Siri more conversational and capable of handling advanced tasks, like interacting with third-party apps and summarizing text. MORE
Zoom drops "Video" from its name as it pivots to being an "AI-first work platform." The company is trying to move beyond its pandemic-era video conferencing success by launching comprehensive workplace tools to compete with Microsoft and Google.
Meesho is handling 60,000 daily customer calls in Hindi and English using existing LLMs combined with custom components for local context. The system cuts call costs by 75% and resolves 95% of queries without human intervention. Insane stats! MORE
OpenAI's Sora text-to-video model has been leaked by early testers who claim they weren't fairly compensated for their work. The leak appears to be a protest against OpenAI's treatment of creative contributors. MORE
Tesla is set to launch V4 Supercharger stations next year, offering up to 500kW charging for EVs and 1.2MW for Tesla Semi trucks. These new stations will feature longer cords, CCS connectors, and physical payment terminals, making them more accessible for various EV brands. MORE
Google faces its most serious legal challenges ever, with multiple antitrust cases that could force dramatic changes to its core businesses. The DOJ wants Google to sell Chrome, Epic won a case to open up the Play Store, and another case targets Google's $237.9B ad business. MORE
HUMANSYoung doctors are flocking to dermatology because it pays extremely well and has great work-life balance. The average dermatologist makes $438,000/year, works 40 hours a week, and rarely has to take call, while other specialties like emergency medicine require nights, weekends, and holidays. MORE
A Wired article explains how to get better at dealing with uncertainty and making predictions. The piece focuses on practical ways to improve forecasting skills, drawing heavily from intelligence agencies and "superforecasters" who are good at calibrating probabilities. MORE
The gaming industry is seeing widespread layoffs and studio closures as players spend less on new games and stick to established titles like Fortnite and Call of Duty. Over 14,000 games have been released on Steam in 2024 already, surpassing 2023's total, while established games take up 92% of total gaming time. MORE
Denmark plans to plant 1 billion trees and convert 10% of farmland into forests over the next 20 years to cut fertilizer use. MORE
A Pew report reveals that 21% of US adults, and nearly 40% under 30, now get their news from influencers instead of traditional media. MORE
A data scientist challenges the assumption that employee performance follows a normal (Gaussian) distribution, arguing it actually follows a Pareto distribution where low performers are 3x more common than high performers. The analysis shows there's no statistical basis for firing the bottom 10% of workers annually, and companies should focus on addressing genuine hiring mistakes rather than forced rankings. MORE
MIT is making tuition free for undergrad students from families making under $200K. If you can get in. Which most cant. The solution is to make elite education basically free, not to give a couple more people a chance. MORE
Japanese fiction sales are exploding in the UK, making up 43% of translated fiction in 2024 so far. The boom started with surrealist authors like Murakami and Yoshimoto in the 90s, but has evolved into three main categories: literary fiction from female perspectives, crime novels, and "comfort books" featuring cats and cafes. MORE
Medicare is paying vastly different prices for identical drugs depending on how they're administered. The same medications cost way more when given in hospitals vs. doctor's offices or at home. MORE
Barnes & Noble is making a comeback with plans to open 60 new stores this year, including 12 this month. After nearly going bankrupt, they're adopting an indie bookstore vibe and letting each location tailor its offerings to the community. So happy about this! MORE
IDEASThe new Meta Skills?
I think the new meta-skills might be Creativity and Judgement. Let me explain. Imagine you’re sitting in front of a computer with a super-intelligent AI system that works for you. It can make anything. Any art. Any program. Any company. ANYTHING. When you’re no longer limited by execution, the questions become quite interesting. The first question is: What do you tell it to make? And the second question is: How do you know when it’s done? Both of these require that you understand the world. You have to know the difference between good and bad versions of things. You have to understand problems, and solutions. They require that you basically know a lot, about a lot of different things. It takes us back to classical education—like Grammar, Dialectic, and Rhetoric. What I’d argue is real education, as opposed to training to be a corporate employee. In other words, to survive this AI push we might need to become generalist autodidacts—with our own specializations of course. MORE
Onsite or Remote?
It’s strange how some companies and people are so much better when the team is all onsite in a single location, and others are so much better when they let people work remote. I think it comes down to this: if you’re a young, feisty startup with lots of young, A-player talent, it’s probably better to be all in-person in a single location. No exceptions. And it seems like anything else it’s best to have flexibility. Because once there are multiple offices, the benefits of going in disintegrate quickly. MORE
DISCOVERY
It's surreal that we're about to walk into a Bird Flu pandemic for one reason alone:
People are TIRED of pandemic talk.
So we're about to break the global economy again, kill lots of people, all because pandemics are "annoying". x.com/i/web/status/1…
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler)
11:47 PM • Nov 29, 2024
"Who's Hiring in Tech?" — A Twitter bot (@careergus) has been monitoring and archiving tech job posts from Hacker News' "Who's Hiring?" threads since 2019, building a dataset of over 100,000 job postings. MORE
A fascinating analysis shows how the internet's BGP table changes over a single day, with 1,087,828 total updates captured during the 24-hour period. MORE
ssh-artwork — A fun tool that lets you create ASCII art in your SSH server's public key fingerprint by manipulating the key generation process until you get your desired pattern. MORE
jsontr.ee — A new tool that lets you visualize JSON data as an interactive tree structure in your terminal, with support for collapsing/expanding nodes and searching. MORE
LaTeX.css — A new CSS framework that makes your website look exactly like a LaTeX document, complete with theorems, proofs, dark mode, and proper math rendering. MORE
SearchGPT Shortcut — You can now invoke ChatGPT in web search mode using Apple Shortcuts. So instead of going to LLM responses, it searches the web first. MORE
Amazon S3 Put-If-Match — S3 now supports atomic compare-and-swap operations, letting you check if data has changed before overwriting it. This is huge for preventing race conditions and implementing optimistic locking in distributed systems. MORE
Text2Motion.ai — A new AI tool that lets you create animations just by describing them in text, similar to how you'd use DALL-E for images. MORE
rga — Ripgrep on steroids. It lets you search through PDFs, E-Books, Office documents, zip files, tar.gz archives, and more. It's faster than pdfgrep because it uses multithreading and caches text extraction. MORE
ElevenLabs just released a podcast creation tool that lets you turn text into complete audio shows using AI voices and music. The tool can take blog posts, news articles, or scripts and convert them into complete podcasts, complete with AI-generated voices and background music. MORE
Canon R1 vs Nikon Z9 vs Sony A1 II Camera Comparison — Chris Niccolls did a detailed shootout between the three top pro cameras, with the Canon R1 winning overall but each having specific strengths. MORE
RECOMMENDATION OF THE WEEKWhen you’re thinking about what education your young family members need. Or your friends. Or yourself. Frame the question as a challenge of:
What would they tell an all-knowing and all-powerful AI to make if they had full control of it?
How would they know if it was finished making it?
#1 requires that they understand the problems in the world. That they know what should exist that doesn’t. #2 requires that they can tell the difference between high and low-quality things—which again—comes down to experience.
Focus on broad, world-model-building education that gives them both of these. I think this type of approach will ultimately make people the most resilient to AI replacement.
APHORISM OF THE WEEKThank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Daniel
Powered by beehiiv
November 19, 2024
Frontview Mirror: 2025 Edition
This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.
A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!Powered by beehiiv
November 18, 2024
UL NO. 459: New Active 0-day Exploitation, AI That Sees Your Open Apps, The RebootAI Project
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey there!
Had a great conversation with Rob Allen from ThreatLocker about their Zero Trust approach: deny-by-default, dynamic ACLs, and blocking ransomware at every stage.
The UL Black Friday Membership window is now open. GET IT 👇🏼
🦃 UL Membership Black Friday Sale 🦃It’s time for turkey and cranberry sauce again, which means it’s also time for a Black Friday Sale of 20% off the first year of UL Membership.
Here’s what members get:
Access to the smartest, most curious, and KINDEST community out there
Direct access to Daniel and hundreds of security and AI professionals
Exclusive Member-Only content
Access to the UL Book Club, which has run monthly since 2017!
Access to our Mid-month Meetups, where we discuss career / life
DEEP discounts on paid courses and products
Best of all is the people.
It’s seriously the best community I’ve ever been a part of.
🫶🏼
“Daniel has created a place for civil discussion in a world that frequently prefers argument over discussion.”
- Ben Collins
Use coupon code BLACKFRIDAY20
Join Our Community of the Kind and CuriousUpgraded all my Ubiquiti gear and am making progress towards a 10Gbit world.
Heading to Saudi soon to speak at Blackhat MEA!
SECURITYThis one didn’t get nearly enough coverage last week. ChatGPT has a new feature that can read code from MacOS apps like VS Code, Xcode, and Terminal, making it easier for people to use AI in a live way without copy-pasting. The new feature called, "Work with Apps," uses MacOS's Accessibility API to read text right from your screen. MORE
💡This is getting closer to what some other startups are working on, where they’re watching your screen and AI is operating on it. That functionality scares the crap out of me, though, so I’m only likely to use it with Apple and maybe Google if they haven an option to turn off the data harvesting / ads stuff.
For startups, I’m really worried about them getting all this data and then getting compromised. I see it as a virtual inevitability. I really only trust a handful of companies (mostly just Apple, actually) with this much—and this level—of data.
Something—or some one—has cut the data cable between Finland and Germany. Finland's internet access is currently routed through Sweden. Many are assuming shenanigans. MORE
Sponsor
Are genAI tools integrated with your other apps?
Nudge Security discovers all genAI accounts ever created by anyone in your org, as well as the OAuth grants that enable data-sharing across apps.
Start a free trial to:
• Discover all genAI tools ever used in your org
• See all users, authentication methods, and OAuth grants
• Get alerted of new genAI tools or integrations
• Vet unfamiliar tools with security profiles for each provider
nudgesecurity.com/use-cases/ai-security
Try it NowPalo Alto Networks has released Indicators of Compromise (IoCs) for a new zero-day vulnerability affecting their firewalls. MORE
VMware confirmed that threat actors are exploiting two vCenter Server vulnerabilities, CVE-2024-38812 and CVE-2024-38813, which were first disclosed at the 2024 Matrix Cup hacking competition. MORE
Sponsor
Build a Cybersecurity Awareness Program That Works
Learn how Goodwin Motor Group crafted a successful cybersecurity culture that engages everyone—from execs to frontline staff. Discover actionable tips for creating compelling training, sustaining participation, and proving program ROI, shared by the champions behind this thriving program.
Reserve My Spot Continue reading online to avoid the email cutoff AI / TECHAnthropic has a new Prompt Improver, that takes a given prompt and writes a better one. This is an example of ecosystem improvement I’ve been talking about. MORE
OpenAI might launch an "AI agent" tool called "Operator" in January. Operator will compete with Anthropic's "Computer Use" and Google's rumored agent. MORE
💡I’m anticipating that in 2025 the biggest thing in AI will be the maturation of Agents. They started getting decent in 2024, next year they’ll get mature enough—and integrated enough—for real-world use cases.
The models will get smarter, but I think most of the benefit will be in the tooling and ecosystems around the models—not the models themselves.
For agents, it’s helpful to remember what the actual milestone is, which is pretty simple to track.
Constant monitoring of audio, video, text of everything you’re doing
That means cameras and microphones on your body
And full monitoring of the screens and I/O of your devices/computers
This is what’s going to feed your personal and work DAs with the full context it needs to serve you best. And that’s what all these efforts will eventually push towards, even if they’re not doing so yet.
Sam Altman and Arianna Huffington's Thrive AI Health is an AI assistant that aims to offer personalized advice on sleep, food, fitness, and more. MORE
Google.org is putting $20 million in cash and $2 million in cloud credits into a new initiative to help researchers use AI for scientific breakthroughs. MORE
Apple's M4 Max CPU transcribes audio twice as fast as Nvidia's RTX A5000 GPU while using significantly less power. In a user test, the M4 Max completed an audio transcode in 2:29 minutes using Whisper V3 Turbo, consuming just 25 watts, compared to the RTX A5000's 4:33 minutes and 190 watts. MORE
💡Really want one of these, but can’t justify it yet. The real question is whether our next AI rigs should be a cluster of Mac Mini’s, or a standard big beefy NVIDIA-based box.
I’m thinking it might be big box for the next one, and then the one after that is probably some other architecture we can’t see yet? Or perhaps an Exolab cluster of Apple-based systems?
iOS 18.2's Music Recognition feature now logs where you were when you heard a song. This new "Musical Memories" feature geotags songs, so you can remember the exact location you discovered them. MORE
HUMANSPharma stocks have crashed due to RFK Jr. taking over Health and Human Services. Moderna is down close to 40%, and other stocks are suffering in a similar way. Not sure how this isn’t a buy opportunity, though. I don’t see how most people (and RFK) don’t figure out how to tell the difference between good and bad stuff these companies are doing. MORE
Netflix hit a record 65 million concurrent streams during the Mike Tyson vs. Jake Paul fight, reaching 60 million households worldwide. But there were over 100,000 complaints about buffering and connection problems. MORE
A new study shows that treating bullying as a collective issue rather than an individual one can significantly reduce its occurrence in primary schools. The approach involves engaging the entire school community, including teachers, students, and parents, to address and prevent bullying. MORE
💡I love this concept, which reminds me of how some countries handle prostitution by going after the buyers rather than the sellers. It’s an economics way of looking at a whole system, and not just the obvious place.
With bullying, I think what needs to happen is some level of shaming of the kids who see it happen and do nothing about it, e.g., intervening, telling adults, etc.
IDEASRebootAI — An Offline AI Oracle for Emergencies
I want to build a local AI that can run offline in bad situations like earthquakes, meteor strikes, and any other scenario where we might have power (like from solar), but no internet. So the idea is that I want something I can ask how to do anything! Tourniquets, sterilizing water, building shelters, identifying edible plants, etc. So ideally this would be both text and image capable, and just as resilient an implementation as possible.
Who wants to help me build it? Or does anyone know of one already out there? Even better if it’s its own standalone box, and you can just update the model used every once in a while.
DISCOVERYCloudflare's robots.txt file is a mix of ASCII art and directives for web crawlers. It allows Twitterbot and DemandbaseWebsitePreview to access specific language pages, but blocks many others from accessing various parts of the site, like search results and feedback pages. MORE
Managing High Performers — A guide on how to effectively manage high-performing employees. It covers strategies for keeping them motivated, providing the right challenges, and ensuring they feel valued within the organization. MORE
Ian's Secure Shoelace Knot is the best shoelace knot I know of. I actually tie this for my sneakers and mostly leave them that way and slip them on and off. MORE
RECOMMENDATION OF THE WEEKCheck out the Aphorism of the Week below.
Focus your efforts on being flexible after wrong notes, as opposed to being able to play perfect notes all the time.
2025 and the next few years are likely to be so crazy that we won’t be able to plan or play the right notes.
But what we can get good at doing is adapting once the wrong note is played.
APHORISM OF THE WEEKThank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Daniel
Powered by beehiiv
November 12, 2024
UL NO. 458: Ollama Vulnerabilities, Rating AI Using AI, The Mantis Hack-back Framework
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey there!
I created the first Fabric Stitch, called rate_ai_result (DIRECT LINK). It rates the quality of AI #1 using the judgement of AI #2! And the result is an assessment of how smart AI 1 was on the following scale:
A rate_ai_result output example
You can get rate_ai_result here. MORE
👋🏼Going forward I’ll be sending this newsletter from [email protected] instead of [email protected], so please add [email protected] to your contact list to avoid future newsletters going to spam. 🫶🏼
I’m entering the fiber world! I’ve upgraded to 5Gbit fiber for internet, and it’s making me want to upgrade the house to be able to handle it too. Which means 10Gbit switches and ethernet ports on devices (where possible). So now I need to figure out how to replace my CAT6 in the walls with fiber as well, which will be a comfortable 100Gbit. 😍
Over CAT6 to my Mac Studio M2 that comes with 10Gbit Ethernet
Had a great sponsored conversation with Jason Haddix with Flare! We talked about a lot of things, but especially what special sauce makes Flare so attractive as a platform for Jason. Watch it on YouTube!
Sponsor
The Security Leader’s Guide to Proactive Vulnerability Management
Cyber threats are inter-connected. Vulnerabilities are gateways in your attack surface that can be exploited to deploy ransomware, infostealers, and other cyber threats.
Learn how you can build a strong vulnerability management program (VMP) and reduce your attack surface with this comprehensive guide, featuring:
➡️ Roadmaps, battle-tested lessons learned, and strategies implemented by Flashpoint customers.
➡️ Measuring your VMP's effectiveness with metrics like Mean Time to Detect (MTTD) and Mean Time to Remediation (MTTR).
➡️ How to manage risk exposure by combining powerful vulnerability intelligence with industry-leading threat intelligence.
Download the report from Flashpoint to learn more.
go.flashpoint.io/guide-to-proactive-vulnerability-management
Get the Guide SECURITYSix critical flaws have been found in the Ollama AI framework, potentially allowing denial-of-service, model theft, and poisoning attacks. MORE
💡Remember: Friends don’t let friends publish their Ollama APIs online without authorization/filtering.
The FBI is warning about a rise in hacked police emails being used to send fake subpoenas and emergency data requests (EDRs) to U.S. tech companies. MORE
💡Pretty nasty general attack type here.
Basically, you find low-security organizations that have high trust, and then you compromise them and make requests with them as the origin.
Think access to data, special permissions, restricted authorization to do something, etc. Seems like government and law firms are likely targets here.
Google's AI security assessment tool, Big Sleep, found a zero-day vulnerability in the SQLite database engine. This is the first time we’ve seen AI find something that more standard testing has missed in the past. MORE
Sponsor
Dropzone AI Named a Gartner Cool Vendor!
Discover why Gartner named Dropzone AI a Cool Vendor for the Modern SOC. Join our monthly webinar on November 20th to see how our AI-driven platform empowers SOC teams to work smarter and respond faster. Don’t miss insights that could redefine your approach to security!
content.dropzone.ai/monthly-demo-webinar
Save Your Spot!The FBI is asking the public for help in identifying Chinese hackers in groups like APT31 and APT41. MORE
CrowdStrike has launched new AI Red Team Services to identify vulnerabilities in AI systems and provide guidance on how to fix them. MORE
Synology is telling users to patch a critical zero-click RCE bug, CVE-2024-10443, affecting millions of DiskStation and BeePhotos NAS devices. Remember: Friends don’t let friends put NAS on the internet. MORE
Nokia is investigating a potential breach after a hacker, IntelBroker, claimed to have stolen their source code from a third-party vendor. The hacker says the data includes SSH keys, source code, RSA keys, and more, accessed via default credentials on a SonarQube server. MORE
Canada has ordered TikTok Technology Canada to shut down, citing national security risks. The decision doesn't block Canadians from using TikTok, but shuts down the company's Canadian business operations. MORE
Researchers from George Mason University have introduced Mantis, a framework that uses prompt injections to hack-back against prompt injection. By exploiting the vulnerabilities of large language models, Mantis can misdirect or even compromise attackers' systems. MORE
The U.S. is tightening rules on foreign real estate deals near military bases, adding 60 more installations to the list under CFIUS scrutiny. This follows the forced closure of a Chinese-owned crypto mine near F.E. Warren Air Force Base, which raised national security concerns. MORE
Continue reading online to avoid the email cutoff AI / TECHRobotic dogs are now patrolling Mar-a-Lago to help protect President-elect Donald Trump. These "high-tech hounds" are part of the ASTRO program, equipped with surveillance tech and sensors to detect bombs and chemical threats. MORE
💡I think 2025 and 2026 are going to be some serious utopia / dystopia years. Lots of sci-fi happening in reality.
Nvidia surpassed Apple to become the world's largest company by market cap, hitting $3.43 trillion. MORE
OpenAI has introduced a new feature called "Predicted Outputs" that lets you send expected content to speed up API responses. If your prediction is spot-on, there's no extra cost, but if it diverges, you'll pay for the additional tokens. MORE
Waymo has launched its robotaxi service across an 80-square-mile area in and around Los Angeles. Hey, no fair. What happened to the greater Bay Area! MORE
Apple's adding a new feature to the Find My app in iOS 18.2 that lets you share a lost AirTag's location with an airline or a trusted person. Apple wins by doing thousands of these small improvements that add up over the years. Then they get sued because everyone likes them better than competitors. MORE
Apple's Vision Pro visionOS 2.2 adds wide and ultrawide display options for a laptop or desktop display. It’s completely nuts. Super clear, high-resolution, and I’ve spent over an hour working on it. Plus you can position visionOS apps around it too. MORE | VIDEO OF IT IN ACTION
TSMC is set to open its Fab 21 in Arizona this December, which will be huge for the on-shoring movement in the US. MORE
TSMC is halting the supply of advanced AI processors to its Chinese clients starting November 11, following an investigation showing chips were ending up in Huawei devices. MORE
HUMANSThe dollar is at its highest in two years, and the stock market has been going crazy since Trump won the election. Investors are betting on "Trump trades," expecting tariffs and tax cuts to boost stocks, inflation, and slow interest rate cuts. And Bitcoin is near $90,000. Wow. MORE
💡I predicted Trump would win, and that investors would go batshit. But I didn’t anticipate this much movement even before he took office.
Andreessen Horowitz is backing AI-powered parenting tools, with partner Justine Moore highlighting a new wave of "parenting co-pilots" using LLMs and agents. MORE
💰My buddy is participating in a real-life bug bounty. Actually a treasure hunt. It’s detailed in this book that was just released. He’s been traveling to this remote island with other bounty hunters (cyber) to search for a treasure worth like half a million dollars. MORE
Genetic discrimination is becoming a real thing (as we knew it would). Insurers use DNA data to deny coverage or hike prices. Bill, a healthy 60-year-old, was denied long-term-care insurance after revealing a genetic mutation linked to ALS, despite not having the disease. MORE
Companies are already moving production out of China as Trump plans massive tariffs. Steve Madden is cutting its China-made products by 40%-45% and shifting to Vietnam and Cambodia. Stanley Black & Decker is reworking its supply chain but says US production is unlikely. Meanwhile, HM Manufacturing and Cruz are eyeing increased US production to meet demand and avoid tariffs. MORE
💡Seems like the tariffs might work as prods for companies to do what they wanted to do anyway (move out of China), but they have to be done carefully to avoid massively increasing inflation. Will be interesting to see how broad and fast they’re applied.
🔭NASA's Juno spacecraft just completed its 66th flyby of Jupiter, sending back stunning raw images that community editors have turned into incredible photos. MORE
😍Deanna Dikeman's "Leaving and Waving" is a brilliant and touching photo series capturing her parents waving goodbye over the years. The project spans from 1991 to 2017, documenting these heartfelt moments as she drove away from their home. MORE
A new study from Ben-Gurion University shows that controlling blood sugar can slow brain aging. MORE
Astrobiologist Sara Imari Walker explores the complex question of what life truly is in her book, "Life as No One Knows It: The Physics of Life’s Emergence"
A possible UL Bookclub candidate!
She argues that modern science has yet to develop a theory that fully integrates life into the universe's description, challenging the boundaries between disciplines like biology, chemistry, and physics. MORE
A mom in Georgia was jailed after her 11-year-old son walked alone to town, despite her belief in a "Free-Range" upbringing. I’d love for the libertarian mindset to come to parenting, too. Seems pretty easy to tell the difference between neglect and free-range. MORE
The average age of U.S. homebuyers has jumped to 56, up from 49 last year. MORE
Oliver Sacks explores the meaning of life through love and despair in his letters, emphasizing that meaning is something we create, not find. MORE
IDEASCrypto is Back, but as Gambling and Money Stores
I think crypto is back not so much as an idea right now, but as a “screw the system” gambling/alternative bank type thing. This ends badly for most involved, with a few people getting super rich. We’ve seen the movie already. Maybe Solana is an exception (like a really fast Ethereum, basically). I personally won’t be playing much other than as a game. My big bets are on NVIDIA and TESLA. With Apple and Costco as my secondaries.
“I sense the good in him.”
Unlike most smart people I know, I think Elon and Andreessen and Thiel and those types are actually still good people. I think Elon’s been really nasty online, and I’m worried we could be losing him to extremist thinking. I’m worried about it. For sure. But I don’t think his fundamentals have changed. I think he’s triggered and lashing out, and that he’ll come back. That’s my belief. Or my hope. Can’t tell which sometimes. Maybe they’re the same. Talked with Sam Harris about it after his latest podcast, The Reckoning, and he thinks I’m wrong. 🥹 So if all my smart friends think I’m wrong, and I am the only one who sees this, I’m either seeing something they aren’t, or I’m confusing hope with reality. I think it’s the former, and I’m willing to make a prediction on this. I like predictions now—in the spirit of Superforecasters. So my prediction is that over the next 4 years we’re going to see Elon, a number of these Silicon Valley types, and yes—even Trump—take stances and create policies that are very Liberal in purpose. Meaning, they’re trying to lift everyone, not just the elite. In other words, we’re going to see significant compassion and the lifting of everyone in their rhetoric and work. If I’m wrong, I’m wrong. I fully acknowledge there’s a significant chance it goes the opposite way. And if that happens I’ll be opposing them just like my other friends in the center and on the left. But if I’m right, then I ask you to encourage the good in them (and people like them). I ask you to help me pull them back from the chasm.
Security Is a Useless Controls Problem MORE
ChainForge — ChainForge is an open-source visual programming tool for prompt engineering that lets you run evaluations against prompts using a boxes-and-lines interface reminiscent of Yahoo Pipes. MORE
How do you run away from an army of these? MORE
ToolGit — A set of scripts that add new sub-commands to Git, enhancing its functionality. MORE
An AI cluster using Mac Minis and Exolabs. MORE
How I ship projects at big tech companies MORE
Diagrams — A tool for creating diagrams as code, making it easier to visualize complex systems and architectures. MORE
Everything I've learned so far about running local LLMs MORE
Packy McCormick encourages readers to spend less time doomscrolling and more time reading books. MORE
Draw.Audio — A new musical sketchpad using the Web Audio API lets you create music directly in your browser. MORE
RECOMMENDATION OF THE WEEKThe CEO of Anthropic thinks AGI is coming within a couple of years. Sam Altman thinks it’ll be 2025 or 2026.
Start getting ready.
Know your life mission
Know your goals
Fill in and practice your most important sentence.
Start building your TELOS file
Get really good with your AI tools (fabric, chatgpt, etc.)
Get your website up
Commit to reading 50 books in 2025
Start writing—even if you think you don’t have anything to say
APHORISM OF THE WEEKThank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Daniel
Powered by beehiiv
November 11, 2024
Using the Smartest AI to Rate Other AI
Since early 2023 I’ve wanted a system that can assess how well AI does at a given task.
And when I say “system”, what I really mean is an AI system. Which means I want an AI system that rates AI systems. There are a bunch of these out there now, as well as a number of AI output eval frameworks that are somewhat useful.
But I wanted a simpler architecture that uses high-quality prompting to do the work. In other words, what could I give a smart, Judging AI as instructions such that it can evaluate the sophistication of less smart, to-be-tested AI? So here’s the structure I used.
I created a Fabric Pattern called rate_ai_result which is used by the smartest AI available (the Judging AI). In this case, I’m using o1-preview. THE PATTERN
Craft a Stitch (piped Patterns working together) that collects all the components together to send to the Judging AI.
The components are:
a. The input that the first AI will do its work on
b. The instructions for the first AI on how to perform the task
c. The output of the AI’s work
Those are then sent to the Judging AI using a single command.
(echo "beginning of content input" ; f -u https://danielmiessler.com/p/framing-... ; echo "end ofcontent input"; echo "beginning of AI instructions (prompt)"; cat ~/.config/fabric/patterns/extract_insights/system.md; echo "end of AI instructions (prompt)" ; echo "beginning of AI output" ; f -u https://danielmiessler.com/p/framing-... | f -p extract_insights -m gpt-3.5-turbo ; echo "end of AI output. Now you should have all three." ) | f -rp rate_ai_result -m o1-preview-2024-09-12
In this command, we’re pulling the content of a webpage, pulling the content of the AI instructions (the prompt/Pattern), and then pulling the results of the AI doing the task using gpt-3.5-turbo.
That is all then sent to the rate_ai_result Pattern using o1-preview.
The command from Step 4.
The rate_ai_result PatternThe setup is simple enough, but most of the magic is in the rating pattern itself.
What I’m having it do is think deeply about how to assess the quality of how the task was done—given the fact that it has the input, the prompt, and the output—relative to various human levels. Here are the steps within the Pattern/prompt.
A snippet of the rate_ai_result Pattern (click through for full pattern)
We also told it to rate the quality of the AI’s work across over 16,000 dimensions. We also gave it multiple considerations to use as seed examples of analysis types (which reminds me a lot of Attention, actually).
Hints to o1 on how to build its own multi-dimensional rating system
This is one of my experimental techniques that I’ve been playing with in my prompts, and we need to understand that tricks like this could range from highly effective, to completely useless, to even counter-productive. I intend to test that more soon using eval frameworks, or wait until the platforms do it themselves. But if any model so far might be able to use such trickery, it’s o1.
Anyway, here’s the result that came back: Bachelor’s Level.
GPT 3.5 Turbo got a rating of Bachelor’s Level
After hacking on this for a few hours this weekend I am happy to report something.
I’ve got this thing predictably scoring the sophistication of various models on the human scale—across multiple types of task.
In other words, GPT-3.5 is scoring as High School or Bachelor’s level—predictably—doing lots of different AI tasks. So,
Threat Modeling
Finding Vulnerabilities
Writing
Summarization
Contract Reviews
Etc.
…while GPT-4o and Opus score way higher—and o1 scores the highest! Again, across various tasks and multiple runs.
That’s insane.
It means—as kludgy as this first version is—we have a basic system for judging the “intelligence” of an AI system relative to humans. And I’m pretty sure I can make this thing way better with just a bit of work.
What’s coolest to me about it is that it’s a framework. When the new best model comes out, that becomes the judge. And when new models come out we want to test for particular tasks (like tiny models optimized for a particular thing), we can just plug them in. Plus we can keep optimizing the rate_ai_result pattern itself.
Anyway, just wanted to share this so people can attack it, improve it, and build with it.
Powered by beehiiv
Daniel Miessler's Blog
- Daniel Miessler's profile
- 18 followers
