Daniel Miessler's Blog, page 5
November 4, 2024
UL NO. 457: China Builds a Military App Using Meta Llama
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey there!
👋🏼Going forward I’ll be sending this newsletter from [email protected] instead of [email protected], so please add [email protected] to your contact list to avoid future newsletters going to spam. 🫶🏼
My final analysis on the 2024 US Election. MORE POLITICAL
Really want to switch to nushell, but it looks highly complicated and I don’t want to use this optimization as an excuse not to do other work. LOVE the idea of output as data though. Definitely heading this direction soon. NUSHELL
SECURITYChinese military researchers have supposedly used Meta's Llama AI model to develop a defense chatbot called ChatBIT, which is pretty much exactly what people like me were worried about with open-source AI. MORE
💡There’s an obvious tradeoff of risks here. On one hand, you have big model vendors hoarding all the IP and becoming EvilCorps, and on the other hand, we open source the intelligence that our enemies use to attack us. Or if it’s ASI eventually, maybe worse.
I’m honestly agnostic on this right now. The details matter a lot in deciding which is better, and the situation and calculus change constantly. But I think I lean towards not open-sourcing the best models like Llama 3 405B, Llama 4, etc.
It’s been possible to track the movements of world leaders like Joe Biden and Donald Trump through their bodyguards' activity on Strava. French newspaper Le Monde found that some US Secret Service agents use the app, revealing sensitive locations like a San Francisco hotel where Biden met Xi Jinping. MORE
LastPass is warning users about scammers promoting a fake support number through 5-star reviews on its Chrome extension. The number, 805-206-2892, leads callers to a site where they're tricked into downloading a remote support program that’s actually malware. MORE
Sponsor
5 Tips to Fight AI Security Risk
Did you know most AI security risks fall into 4 primary categories? Adversarial attacks, model inversion attacks, data poisoning, and model theft. Given these risks in AI systems, what’s the best way to secure them?
Fortunately, Wiz recently put together an ebook, Getting Started with AI Security, to answer that exact question across the following areas:
AI risks and best practices for mitigation: Understand the threats and how to tackle them.
Safeguarding your AI development pipeline: Learn how AI-SPM can protect your AI projects.
Using AI to power security: Discover how AI can enhance your security operations and incident response.
Don’t let AI risks catch you off guard. Discover the 5 best strategies to secure them in this essential guide.
wiz.io/lp/getting-started-with-ai-security-ai-risks-how-to-prevent-them-and-ai-for-defender
Get the GuideResearchers used the new real-time API in ChatGPT-4o to create voice-based financial scams like bank transfers and credential theft with success rates between 20-60%. MORE
Cisco Talos found five out-of-bounds vulnerabilities in NVIDIA's shader processing and eleven in LevelOne routers. MORE
Okta has patched an issue where you could login without a password if your username was over 52 characters. Jesus. How had this never been hit by all the testing they must go through? MORE
The US has charged Russian national Maxim Rudometov for developing the RedLine infostealer after they gained full access to the malware's source code and infrastructure. MORE
The U.S. military has made its first confirmed purchase of OpenAI products for AFRICOM, marking a significant step in OpenAI embracing the adoption of AI into national security. MORE
Bellingcat has geolocated the site where Hamas leader Yahya Sinwar was killed by the IDF in southern Gaza. Using IDF videos and images, the location was pinpointed to Gaza’s Tal as-Sutlan area at coordinates 31.3055, 34.2467. Key visual markers included a gazebo, a red building, and a white residential tower. MORE
Continue reading online to avoid the email cutoff AI / TECHSearchGPT is now available to replace Google with OpenAI web search. This is basically OpenAI’s replacement for Google. I’ve switched to it as my main way of doing search. It’s vastly better than either Google or Perplexity for most of my use cases. MORE
SearchGPT results
Big week for OpenAI because you can now talk to your ChatGPT app on Mac/Windows as well. This is huge because much of AI advancement at this point is about the ease of instant use rather than just the intelligence of the models. MORE
Google's AI is now generating over a quarter (🤯) of its new code, which engineers then review and accept. MORE
💡Um, this whole AI thing started like 2 years ago. And Google is using it to generate over a quarter of its code. Imagine what this will be in 2 more years.
I cannot express to you how much you need to become all of these if you want to be employed / employable going forward.
Thinker / Creator
Product Manager
Developer (AI Augmented, of course)
Sales / Marketing expert (AI Augmented, of course)
These are all merging. It’s all one thing. It’s just called being in the workforce.
You have to be able to come up with ideas, implement them, and then get them to market. Full stop. This is the work side of Human 3.0.
Hamel Husain shares insights on setting up LLM-as-a-judge systems to evaluate AI outputs effectively. He highlights common pitfalls like unmanageable metrics and arbitrary scoring, and introduces "Critique Shadowing" to streamline evaluations. MORE
Meta is using over 100,000 Nvidia H100 AI GPUs to train Llama-4. MORE
Microsoft's GitHub is no longer exclusive with OpenAI, now integrating Anthropic and other models. 💪🏼 MORE
Meta is developing its own AI-powered search engine to reduce reliance on Google and Microsoft. So happy the search space is getting blown open! People are tired of pages of ads, and the world is adapting. MORE
Ghost jobs are fake job listings that are frustrating tech workers, especially in California. A 2024 survey found 81% of recruiters admitted to posting these ads, often to gauge employee replaceability or create an illusion of stability. MORE
DecartAI's Oasis world model is a new AI-powered Minecraft clone that runs without a game engine. It’s rendered on the fly using AI. MORE
Dropbox is laying off 20% of its workforce, cutting 528 jobs due to slowing growth. I don’t see how this could have gone any other way. All main platforms will have cloud storage, and it’ll get harder and harder to compete with them over time. Seems natural. MORE
Claude can now view images within a PDF, expanding its capabilities beyond text. MORE
There's a surge in "national-interest startups" in Silicon Valley, focusing on tech that benefits the US directly. These companies, part of a trend called American Dynamism or New World, are working on projects in aerospace, critical infrastructure, and government sectors. MORE
Google is adding a Google Home extension to the Gemini app, letting you control your smart home with natural language prompts like "Set the dining room for a romantic date night." MORE
💡Super excited about this. And we’re seeing the same promise (hopefully) with ChatGPT integration with Siri. Basically we need real AI in these home automation systems. There are risks though, so it needs to be done carefully.
HUMANSWarren Buffet is selling Apple and BofA and going HEAVY into cash. Question: What does he see that we don’t? MORE
💡I’ve been tracking a lot of analysis on this and I keep hearing that you don’t want to be in cash because of inflation. Which means he sees something that is going to hurt equities even more?
Research says starting a business might actually reduce stress. Entrepreneurs report lower stress levels, better health, and more meaningful careers compared to traditional employees. MORE
💡This is all very Human 3.0 as well. They have less stress because they have a vision for how to solve a problem, and they’re pursuing it—which is one of the centers of happiness.
Note: Being a founder can also be extremely stressful as well. But it’s a different kind of stress if you believe in the mission as opposed to being at a random company being tossed around by idiot middle managers.
Someone sequenced a genome in just 24 hours using a device plugged into their laptop. Way different than the 90s when the Human Genome Project cost billions and took years. MORE
A study found that even minor dehydration (less than 1% body mass loss) can negatively impact cognitive functions like memory and attention. MORE
A study found that sleep regularity is a stronger predictor of mortality risk than sleep duration. MORE
NASA's Voyager 1 had to switch to a backup radio transmitter that hasn't been used since 1981 due to recent communication issues. Worked fine. But iOS 18 is super buggy. MORE
A new US rule now mandates automatic refunds for canceled or significantly delayed flights, so no more begging airlines for your money back. MORE
Plants use air gaps between their cells to scatter light, helping them determine its direction and grow toward it. MORE
IDEASDISCOVERY
My new favorite way of talking about politics is to have someone describe the world they want to live in.
Mute the sound and look at this video.
This, combined with Star Trek The Next Generation's Federation is what I want to help build.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler)
7:28 PM • Nov 4, 2024
Add study.new in front of any YouTube Video and open a chat with the video! MORE
Wasp Flamethrower Drone Attachment — This drone kit lets you attach a flamethrower to your drone, offering a 25ft range and a 1-gallon fuel capacity for 100 seconds of firing time. MORE
vim-medieval — This Vim plugin lets you evaluate code blocks directly within Markdown files. By using the :EvalBlock command, you can execute code and even redirect output to other blocks for a form of literate programming. MORE
Vector databases are the wrong abstraction MORE
Prompts are Programs MORE
My post on how to fix WiFi Roaming in Ubiquiti MORE
Brendan Gregg has introduced AI Flame Graphs, a new tool for visualizing AI model performance and resource usage. MORE
Do Hard Things Carefully MORE
Pimp My Man — This article explores enhancing the experience of using man pages by changing the default pager. The author suggests using bat, a Rust-based tool that offers syntax highlighting, as a replacement for less. Alternatively, neovim can be used for those who prefer a color scheme, though it may be slower due to plugin loading. MORE
My setting:
export MANPAGER='nvim +Man!'Transformer Explainer — This tool from the Polo Club of Data Science at Georgia Tech visually breaks down how Transformer models like GPT-2 process text. MORE
Rachel changed her mind on employee metrics. MORE
Make It Yourself — A digital book featuring over 1000 DIY projects from creative minds worldwide. Each project links to its original site, offering all the details you need to make it yourself. MORE
Drakkenheim Maps — A Reddit user, AcrobaticLanguage517, has shared a collection of 104 AI-generated maps for Drakkenheim, a setting for Dungeons & Dragons. MORE
lynx.boo — A minimalist website for sharing all your links. Just enter your username, click "Edit/Create," and you're set. You can update your link page anytime by visiting /yourusername/edit. MORE Title: Show HN: A minimalist (brutalist?) website for sharing all your links
Textcasting — A new approach that brings the philosophy of podcasting to text, allowing for a more engaging and serialized reading experience. MORE
Sci-fi books that you may never have heard of, but definitely should read MORE
If you're coding or working with spreadsheets all day, consider an 8K TV instead of multiple monitors. An 8K TV offers better image quality and resolution, and can double as a 4K 120 Hz gaming screen. MORE ← I keep thinking about this. Soooon.
RECOMMENDATION OF THE WEEKMy two favorite debaters on opposite sides of the election.
APHORISM OF THE WEEKThank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Daniel
Powered by beehiiv
Final Thoughts on the 2024 Election
I have some interesting thoughts going into the big day tomorrow, and I wanted to try to capture them concisely.
The best overview debate (Harris vs. Shapiro)But first, here’s the best debate to listen to if you want the strongest arguments on each side. It’s Sam Harris against Ben Shapiro—with Bari Weiss moderating (and asking some extraordinary questions herself). Can’t imagine a better debate from better people.
The power of FramingAnyway, one of my first thoughts is that they’re all—even Ben—missing something massive in all this.
Vibes. Or in the language I’ve been using lately—Framing.
Basically, I think people largely exist in a world of ideology and emotion right now, and that they use this as a lens to interpret reality. So it kind of doesn’t matter what is actually happening. What matters is how people feel about what they think is happening.
So the battle is largely about narratives and beliefs—not policy or outcomes or whatever.
Which means—strangely—that Trump could win, implement a bunch of policies that actually make things harder on people (like tariffs on American companies that force them to raise prices) and people could still feel like things are better.
This is pretty cynical, but I honestly believe that like 50-70% of the country might just instantly feel things are better if Trump wins. Largely because of this. And even if bad things happen as a result of his bad policies, they’ll still feel things have improved because of framing.
I don’t think enough people realize how powerful this effect is, and how much work it can do in shaping how people see the world. Crime stats. Economy. Immigration. Everything. For people who aren’t super informed, and who aren’t policy wonks, the data doesn’t tell the story. The stories they hear tell the story.
I think the pro-Trump framing for MAGA people is the most powerful example of this effect, but something similar happens in the opposite direction with die-hard Harris people if Trump wins. And when he did win. Their framing was, and would be, completely negative, which would make it nearly impossible to see any positive at all coming out of his administration. Same with Trump people seeing positive in anything Harris will do if she wins.
Multi-layer InceptionThe next idea I’ve been having over the last couple of months is around different ways of being wrong about Trump. I feel like there are multiple onion layers of inception around this whole thing. Here are the main three layers I’m seeing.
Just like in the movie, there are multiple levels of reality happening simultaneously
Inception Level 1 — The media has been massively unfair in their analysis of Trump (which sounds strange coming from me who can’t stand him). The “very fine people” thing, for example is an own-goal by the left. Because it’s not true. It was taken out of context. And once an independent sees the lie from the left, they might switch anti-left immediately. And it’s an uneeded lie! There are plenty of real things Trump has done that can be talked about instead. But the point is, Level 1 is that if someone watches say the Joe Rogan interview with Trump, they’ll realize he’s not what the media has been saying he is. That he actually makes decent points. He’s not Hitler. He’s somewhat likeable. And that many of his policies are quite sensible and moderate.
Inception Level 2 — If you’re paying close attention to notice Level 1, but you also aren’t a hardcore MAGA person, and you have read/watched what Trump’s actually done—you’ll know that Trump is far more dangerous than the right understands—even acknowledging that Level 1 is true. So it’s true that the left has lied about Trump, and it’s true that Trump has some decent takes on things. And it’s true that he’s quite moderate on a lot of issues. But his flaws massively outweigh this fact. His vulnerability to flattery. His lack of curiosity about how the world works. And his inability to hire and retain talent that disagress with him in any way. These are really, really bad. So it doesn’t matter that Level 1 is true, because Level 2 is as well!
Inception Level 3 — Inception Level 3 is that none of this might matter much because of the vibes / framing issue. In other words, the success of the country over the next four years might not come down to policy or facts—but rather perceptions and the actions that people take as a result of those perceptions. Perceptions held by Americans, and perceptions of America held by the world, and perceptions of America held by our enemies and allies. They might respond to Trump’s perceived strength and Harris’ perceived weakness far more than actual policy. And those actions the big players take in response to their perceptions—like signing a treaty, or withdrawling support for a war, etc.—will end up being what really matters.
So, as we head into the election tomorrow, I’m holding all three of these in my mind simultaneously. I believe they’re all true. 1 and 2 are somewhat in conflict. And all are true at the same time. Trips me out.
Prediction(s)My overall prediction is that Trump will win by a surprising margin. Not a landslide, but enough where it’s super clear that the left is lost. I mean, that’s already clear, but this will crystalize it. And my reasoning is that people are just really tired of anti-US, anti-West wokeism, and they see Harris as a continuation of it. That’s it. Trump is anti-woke and that’s the whole election. I think everyone’s been overthinking it.
Confidence Level of Trump Win: 80/100 (High)
Confidence Level of Trump Conclusive Win: 65/100 (Moderately High)
That’s my main prediction, but it could go lots of ways. Here are some longer-term outcomes that I can see happening over the next days, weeks, months, and years based on whether Harris or Trump wins.
—
Harris Wins And Shits the BedThe thing I’m most worried about with Harris is her winning and then floundering. She doesn’t give us a vision. She can’t articulate the problems or any solutions. She stays subordinate to all the woke stuff. And she basically becomes a non-President. Not only would that suck for the country, but it’d set back women President conversations by another 20-30 years. This is like the worst.
Confidence Level Assuming Win: 60/100 (Moderately High).
She gets in, flounders for a bit but finds her feet and becomes a strong leader. She pushes back against the woke stuff, and comes out highly principled and strong. People might not agree with her on some stuff, but that doesn’t matter. At least she’s being
a leader, and people will respect it. Even some Republicans.
Confidence Level Assuming Win: 40/100 (Moderately Low).
I feel like there are too many variables at play with Trump to make good predictions here, but I’d say there’s a decent chance that he does actually try to do a bunch of stuff that Regean or Bush or Romney would consider authoritarian / fascist. You have to use them as the benchmarks because the word is used too loosely today. But I can see him going after personal enemies, trying to limit free speech, trying to remove guardrails that stop him from staying in office, etc. But I can also see him being advised not to do this and/or just being too busy doing other things. I think he’s very random and thus so is this prediction.
Confidence Level Assuming Win: 60/100 (Moderate).
I think there’s also a moderate chance that the winds (and the narratives) favor him, and he gets in, moves a bit towards the center, doesn’t go after his enemies too much, doesn’t try to ban abortion countrywide, and the stock market and investors go insane. Most of the country starts thinking it’s Trump who did all this. Crime goes down because the police are empowered and funded, people feel safer, and there’s a general feeling of improvement in like 40-70% of the country. Most of this will be vibes/framing, and it could come at the cost of inflation or other negative effects, but that might not matter much. This is basically a Regean moment where an optimistic and positive person about America takes over after people being depressed for a long time. Again, this is vibes stuff, not policy stuff.
Confidence Level Assuming Win: 70/100 (Moderate)
—
Some other point predictions:
Chances Trump oversees the end of the Ukraine war by 2026: 80%, by 2027: 90%
Chances Trump oversees a strong treaty between Saudi And Israel by 2026: 70%, by 2029: 90%.
Chances Trump tries to extend his term or otherwise stay in office after a second term: 45%
Chances Trump tries to ban abortion nationwide: 40%
Chances of widespread riots/violence if Harris is elected: 40%
Chances of widespread riots/violence if Trump is elected: 60%
—
Notice that my confidence levels don’t add up to 100% or 1. The vibes I have about all these vibes are also vibes. Nobody has any idea what’s going to happen—not just in the election, but after someone wins. And that includes me.
I do these exercises so that I can see how good or bad my thinking was looking backward, so I can diagnose it and improve my thinking going forward.
NOTESI am locking these predictions in place, so I will only make updates in a separate section below the main post. Or in these notes.
Powered by beehiiv
November 2, 2024
Fixing Ubiquiti WiFi Roaming
The three settings I had to enable to get proper WiFi roaming
The problemI’m a massive fan of Ubiquiti stuff, but even after upgrading to U7 Pro APs (and having a lot of them for enough coverage) I still had the following problem.
When I would move from one room to another, I’d keep my full WiFi signal, but I would lose connection to the network/internet.
In order to fix it, I’d have to disconnect from wireless and reconnect—which means connecting to the closer AP.
In other words, it wasn’t properly switching AP by itself, and when I moved to another room where another one was primary, I lost connection—even though I still showed full WiFi bars.
The solutionSo the solution was first—a whole lot of searching—including using the new SearchGPT feature. Here’s a screenshot of the question and answer.
SearchGPT’s answer to which settings to enable to fix the issue
To enable those you need to switch from Auto to Manual for your Wireless Network settings.
Then enable these three:
Fast Roaming
BSS Transition
Brand Steering
Within Wireless Manual Settings
After doing this, I can now move throughout the house without losing internet connectivity.
Hope this helps!
Powered by beehiiv
October 29, 2024
UL NO. 456: A Deep-dive on Prompt Injection
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey there!
Lily Allen says she earns more from selling feet pics on OnlyFans than from her Spotify streams. She started the account after a pedicurist's suggestion and now makes at least $10,000 monthly from 1,000 subscribers.
💡Pedicurist as Talent Scout was not on my bingo card for 2024. MORE
—
The new AI features in the 18.2 beta are insanely awesome. Check out this picture I took of a glacier by long-pressing the Siri button on my iPhone 16 Pro.
It did all that by itself, using the native camera app. I didn’t have to take the picture and send it to OpenAI!
In other words, they just fixed Siri.
Here’s the full thread where I wrote up what I like about the new AI stuff in 18.2. MORE
—
Why I think (pure) developers are seriously screwed now. The ease of building an actual app is going way, way down—and faster than even I thought it would. MORE
—
👇🏼#1 AI question I get asked is about how to do AI securely within a company.👇🏼
Sponsor
Want to adopt GenAI but need data privacy guardrails first?
Harmonic Security gives security teams visibility and control around GenAI apps.
With Harmonic, you can:
Track employee usage and adoption of GenAI
Identify Shadow AI and GenAI tools training on your data
Detect sensitive data leaving the business via GenAI apps
Coach users via inline training and nudging towards safe AI use
Learn about Harmonic’s unique approach to securing sensitive, unstructured data effectively—without compromising on efficiency.
Learn More SECURITYApple is offering $1,000,000 to hack its Private Cloud Compute (PCC) system, which is its new, proprietary cloud system it built to handle Apple Intelligence requests that can’t be done on-device. MORE
🧠A New Way to Think About Why Security Awareness Doesn’t Work
💡Had an absolutely brilliant conversation with Cornelia Puhze at the Swiss Cyberstorm speaker dinner. She’s an expert on security awareness and we talked about why most programs don’t work, and her premise was that the only model that will work is something that interrupts System 1 thinking and gets us a chance with System 2.
🤯
In other words, the attacks are getting so good that you’re not thinking—you’re reacting. So all the traditional training in the world won’t help you because you’re not in the mindset where training CAN work. And this only gets worse with AI-written spearphishing that’s perfectly targeted to your personality flaws.
We talked about how the only defense is something like Dialectical Behavior Therapy and similar techniques—that teach you how to PAUSE when you become excited or anxious or stressed or whatever. Which is fascinatingly and strangely related to mindfulness.
Anyway, just love this concept so much because it cleanly explains why security awareness training fails so spectacularly, and hints at a new way of training that could work. Go follow Cornelia’s work.
—
💉Clarity on the Definition of Prompt Injection
Got into a debate with someone about whether Johann Rehberger’s attack against Anthropic’s Computer Use functionality was Prompt Injection or not. Here’s the attack and the thread about it.
This is a SUPER cool demo but I’m not sure I’d classify it as prompt injection.
The issue is that the instruction on the site is to run a program. And Computer Use is designed to follow instructions.
So the demo is showing that computers will follow dangerous instructions.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler)
10:14 AM • Oct 25, 2024
If you go through the whole thread it all comes down to definitions—as usual. My point was that if you tell an AI agent to eat poison—and it eats it and gets hurt—that’s NOT prompt injection. It’s a direct instruction followed by an agent.
So my take was that if you tell an agent to go to a website and download an executable and execute it—that’s the same. It’s like telling your computer to rm -rf. It’ll do it. And that’s not injection, it’s just a dangerous command.
But what’s super important here is WHO is asking for a given thing to happen, and what they EXPECTED would happen. You have to look at the implied goal of the REQUESTOR, and compare THAT to what ACTUALLY happens.
So if the requestor said:
Go execute commands on this possibly dangerous website.
That would not be prompt injection because it was just following commands.
What I missed in this particular case was that the initial command sent to the tool wasn’t to go and do what was on the website, but to just load the site. So the implied expectation of the REQUESTOR was normal browsing—not downloads and executions. So, given my definition above, and this initial setup—I’d call myself wrong about my original take.
Here’s the definition I have in my Real World AI Defintiions now, updated to magnify the importance of this wrinkle. And great research by Johann Rehberger!
Prompt Injection is an attack technique that uses specially crafted input to trick an AI into doing something that violates intent/expectation and leads to a negative outcome.
Real World AI Definitions (RAID)
Sponsor
Scale SaaS security and reduce spend with Nudge
Learn how cloud-first org Stravito scaled their SaaS security program while cutting spend and supporting rapid company growth, achieving these results:
Immediate visibility of their entire SaaS footprint
Cost savings from unnecessary SaaS licenses
Streamlined user access reviews
Faster vendor security reviews
Complete (and automated) employee offboarding
Read the case study
nudgesecurity.com/case-study/stravito
Read the Case StudyVMware has released updates for vCenter Server to fix a critical remote code execution vulnerability, CVE-2024-38812, with a CVSS score of 9.8. MORE
The Biden administration released the first National Security Memorandum on AI. I love its focus on not losing to China, and making sure it’s safe, secure, and trustworthy. It also focused a lot on being aligned with democratic (small d) values. MORE | THE MEMORANDUM
Fortinet has disclosed a critical vulnerability, CVE-2024-47575, in FortiManager, actively exploited in the wild. Known as FortiJump, this flaw allows remote code execution via the FGFM protocol and affects FortiManager and FortiAnalyzer models. MORE
Salt Typhoon (China affiliated) is suspected of breaching major telecom companies, targeting American political figures like Kamala Harris, Charles Schumer, Donald Trump, and J.D. Vance. MORE
TSMC has stopped doing business with a client after finding out that chips were being sent to Huawei, which is under US sanctions. The whole game for China now is to find proxies to buy through, or to use services like AWS that can hook up NVIDIA chips. MORE
Russia amplified false claims about U.S. hurricane responses to manipulate political discourse before the presidential election, according to the Institute for Strategic Dialogue. MORE
Both US parties are worried about last-minute deepfakes that create chaos and/or move the election. MORE
Speaking of that 👆🏼, the FBI says Russian actors created a fake video showing mail-in ballots for Trump being destroyed in Pennsylvania. MORE
Continue reading online to avoid the email cutoff AI / TECHGoogle is working on "Project Jarvis," an AI agent for Chrome that automates web tasks like research and booking flights. Powered by Gemini 2.0, Jarvis takes screenshots to interpret and act on tasks. MORE
💡This will be Google’s first move into the all-seeing digital assistant space, and I like to see it only because it will increase pressure on everyone to release theirs.
But I think this implementation is short-sighted due to it being browser-based. They really need “Jarvis” to live deeply in the OS, which is where Apple be heading soon.
World models, or world simulators, are emerging as a significant path for developing AI, and I’m really excited about the direction. MORE
💡I personally feel (as a non-expert in the weeds) that there will be a certain point of world model development (combined with post-training) that will unlock both AGI and ASI—although it might not be needed for AGI.
In other words, if an AI understands enough of how the world works, and it understands how to do science (conjecture, experiment design, and testing), that might be all it needs.
Plus, even if it’s not, it’s also the path to self-improvement.
TSMC's Phoenix chip plant is outperforming its Taiwan facilities in producing usable chips, according to a company executive on a webinar. Let’s go in-country production! MORE
Tesla's Cybertruck is outselling nearly every other electric vehicle in the US. That was quick. Like two months ago they were a laughing stock. MORE
Waymo just raised $5.6 billion in a Series C to expand to new cities. MORE
Determinate Systems is trying to make Nix is the go-to for software development by enabling flakes, streamlining private repositories, and improving dependency management. MORE
💡Dammit. These people are going to make me learn Nix aren’t they?
It’s hit my radar enough in the last year that I’m going to take a few days and learn the religion.
NASDAQ CEO Adena Friedman isn't shocked that startup IPOs haven't bounced back in 2024. She says while the S&P 500 is up 22%, it's mainly due to large-cap companies like Apple and Microsoft, while small-cap companies are struggling. MORE
HUMANSResearchers have traced 70% of meteorites to three major collisions in the asteroid belt over the last 40 million years. MORE
The US economy is leading the G7 with a projected 2.8% GDP growth. US workers are more productive, generating $171,000 in goods and services annually, compared to $120,000 in Europe and $96,000 in Japan. MORE
Elon Musk has reportedly been in regular contact with Russian President Vladimir Putin since late 2022, which is highly disturbing to me. Probably unrelated, but Elon has seemed a lot less supportive of Ukraine lately. 👎🏼MORE
Russian lawmakers have ratified a pact with North Korea for mutual military assistance and 3,000 North Korean troops have been deployed to Russia. And South Korea is thinking about sending help to Ukraine as a result. MORE | MORE
Character amnesia is becoming a widespread issue in China, where even well-educated individuals are forgetting how to write common Chinese characters. MORE
A study in Alzheimer's & Dementia suggests semaglutide, found in Ozempic and Wegovy, may lower Alzheimer's risk in Type 2 diabetes patients. The research compared semaglutide to seven other diabetes drugs and found a 70% lower Alzheimer's risk compared to insulin. MORE
Walking in short bursts can burn 20-60% more energy compared to continuous walking over the same distance. MORE
DISCOVERYMy friend Matt Johansen highlights the psychological toll of working in security (especially in SOCs), including decision fatigue, anxiety, and sleep disruptions. MORE
Google just launched a new 10-hour course called Prompting Essentials to help people write better AI prompts. MORE
An Ode To Vim MORE
PabloNet — A wall-mounted diffusion mirror turns webcam reflections into AI-generated paintings using StreamDiffusion. The setup includes a Raspberry Pi 5, a 10.1" Pi screen, infrared light, and a Pi camera, all housed in a generic frame. MORE
Japan has introduced a digital nomad visa, and Christian Mack shared his experience of getting one. MORE
IRIS — A new approach called IRIS combines large language models (LLMs) with static analysis to detect security vulnerabilities in software. Using a dataset called CWE-Bench-Java, IRIS detected 69 out of 120 vulnerabilities in Java projects, outperforming traditional static analysis tools that found only 27. MORE
School is Not Enough: Learning is a consequence of doing MORE
llm-whisper-api — Simon Willison created a quick plugin for LLM to experiment with the OpenAI Whisper API. You can install it using llm install llm-whisper-api and run it with llm whisper-api myfile.mp3. MORE
simpletext — A text-only blog engine using Cloudflare Workers and KV store. It's designed to be lightweight and efficient, leveraging Cloudflare's infrastructure for hosting and data storage. MORE
The Most Important Sentence MORE
One of the weirdest features of the web I know of—text fragments let you link directly to specific text on a webpage without needing an anchor, using a special URL syntax. It even highlights the text when you land on the link. MORE
RECOMMENDATION OF THE WEEKThe counterforce to election stress is reading some older good books. Here’s a great list to choose from.
1. Gödel, Escher, Bach: An Eternal Golden Braid by Douglas Hofstadter
2. Zen and the Art of Motorcycle Maintenance by Robert M. Pirsig
3. The Book: On the Taboo Against Knowing Who You Are by Alan Watts
4. The Structure of Scientific Revolutions by Thomas S. Kuhn
5. Finite and Infinite Games by James P. Carse
6. Seeing Like a State by James C. Scott
7. The Spell of the Sensuous by David Abram
8. Ishmael by Daniel Quinn
9. Mind and Nature: A Necessary Unity by Gregory Bateson
10. Small Is Beautiful: Economics as if People Mattered by E.F. Schumacher
APHORISM OF THE WEEKThank you for reading. Please forward to a friend and/or share on socials to help support the work.
🫶🏼
Daniel
Powered by beehiiv
October 24, 2024
The Most Important Sentence
For anyone struggling career or purpose-wise, I have a diagnostic for you.
Fill in this sentence.
I believe one of the biggest problems in the world is ___________, which is why I'm building/creating/doing ____________.
And now that you’ve filled it in…are you happy with your answer?
In my opinion, most people are struggling with life direction and satisfaction because they can't fill out this sentence in a way that they respect. Or—even worse—they can't fill it out at all.
Many are working in crushing 9-5 jobs that destroy the soul, make them dread Mondays, and that don’t fill in this sentence in a satisfactory way.
My advice to you is simple.
Find a way to write this sentence for yourself.
Make it a priority.
Once you've found your sentence, you’ve then found a molten core for a thriving career. And not just your career, but maybe your life as well.
Everything builds off of how you are useful to the world.
Find your usefulness by finding a meaningful problem and a path to solving it.
Fill in your sentence.
Powered by beehiiv
October 23, 2024
AI Isn't the Thing. It's the Thing That Enables the Thing
I think people are confused about how money will be won and lost with AI. Most "AI businesses" will get crushed because only so much tooling is needed. So that will be a crash.
But there will be a far bigger boom from new companies creating new things using AI.
I think of AI as a creation and business-enablement technology. It’s not like infosec, or cloud, or social media, or Marvel movies. It’s not a space. Or a tech. Or a hype cycle. It’s just intelligence. It’s pure accelerant.
So when I think of AI, I think of the things people will make with it—not of AI itself.
And this is how I look at the question of whether we’re going to have an AI crash or an AI boom. The answer is yes.
We’ll have both. And the reason is that there’s only so much room/need for AI-enablement tools and platforms. At some point there will be a plateuing of what’s possible and/or even needed there. We’ll have enough tools, and models, and frameworks, etc. Or they will become invisible and therefore hard to differentiate and monetize.
That will kill a lot of companies who don’t understand that AI isn’t the thing—it’s the thing that helps people make the thing.
And once that happens (and even before), the real 📈will be the tiny startups that bring net-new things into the world. Thousands of new “companies” and products. And then millions. All making brand new spectacular things that they never could have made before as a single person, or as a 3-20 person team.
Sure, they’ll be massively enhanced by AI. Their infrastructure, their marketing, their sales, most of their development, and pretty much all the traditional parts of their business will be created/run by AI. And that’s what will let them have a 1-20 person team but function like a 200-20,000 person company.
But at the end of the day it all reduces to one thing: more stuff.
More products
More services
More art
More movies
More games
More experiences
More hardware
More software
More of everything that provides value today
The best way to think about AI is as a magnifier. A magnifier of human creativity.
But not just a magnfier. A multiplier as well.
So let’s say at the end of 2022 we had 19 HC (Human Creativity) points on planet Earth. And most of those were—for various random reasons—centered around uniquely lucky people in Western countries.
Well that number is about to become 38. And then 100. And then 1,000. And then 20 million.
Forget the people scrambling to compete with OpenAI or whatever. It’s noise.
The real show is what 8 billion humans will do once more of their creativity is unlocked.
Powered by beehiiv
October 22, 2024
UL NO. 455: Anthropic 'Computer Control'
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey there!
Just did the opening Keynote at the Swiss CyberStorm event in Bern, Switzerland, and it was fantastic! Such a well-run conference with great speakers and super high-quality attendees. Christian Folini and Adriana and team did a spectacular job on the event, and I couldn’t be more impressed with everything from the conference to the venue to the town. Just wonderful.
Sponsor
How do you secure RAG?
Box stores important documents. HIPAA forms. Credit card numbers. Confidential IP. Stuff that can’t leak, or everybody from the CISO down is about to have a very bad day. Sometimes it’s helpful to use retrieval-augmented generation (RAG) to query those docs with AI. But any time it touches your data, Box AI must obey strict rules:
Scope permissions to authorized documents only
Never store or train on queries
Encrypt everything in transit and at rest
And more…
blog.box.com/secure-rag-powering-and-safeguarding-ai-innovation
Learn how Box secures RAG SECURITYU.S., Australia, and Canada have issued a warning about Iranian cyber actors targeting critical infrastructure through brute-force attacks over the past year. The campaign has hit sectors like healthcare, government, and energy, using tactics like MFA prompt bombing and exploiting CVE-2020-1472 (Zerologon) for privilege escalation. MORE
Cisco is investigating claims of a data breach by IntelBroker, who is allegedly selling sensitive Cisco data. The data reportedly includes source code, credentials, and confidential documents, with major companies like AT&T and Microsoft listed as affected. MORE
The FIDO Alliance has announced new specs for passkeys, allowing you to move them between different password managers. Hell yeah. Passkeys are the best consumer security upgrade in probably over a decade. MORE
Sponsor
Get the No B.S. Guide to building a strong cybersecurity program in 90 days! (No email required)
Are you an IT leader without a big, dedicated security team? Have you had challenges implementing a robust cybersecurity program due to lack of resources and/or budget?
Don't let this hold you back anymore! Download our 90-Day guide to get a month-by-month blueprint on how to build an effective, multi-layered cybersecurity strategy without enterprise-level resources.
defendify.com/guide/get-your-cybersecurity-program-started
Download Guide (no email required)CISA has flagged a critical flaw in SolarWinds Web Help Desk software, tracked as CVE-2024-28987, due to active exploitation. The vulnerability involves hard-coded credentials, allowing unauthorized access and data modification. MORE
Taiwan reports being surrounded by 153 Chinese military aircraft during drills, as Beijing flexes its military muscle with fighter jets, drones, and warships. China calls it a warning against "separatist acts," while Taiwan urges a halt to provocations. MORE
A company was hacked after unknowingly hiring a North Korean cyber criminal as a remote IT worker. The hacker faked his credentials, accessed the firm's network, and stole sensitive data, demanding a six-figure ransom in cryptocurrency. MORE
Brazilian authorities have arrested a hacker allegedly behind major cyberattacks on the FBI, Airbus, and others. The suspect, linked to the alias USDoD, was caught in "Operation Data Breach" and is accused of leaking sensitive data, including 80,000 InfraGard members' info. MORE
DJI says US customs blocked some of its drones, including the new Air 3S, due to a "customs-related issue." Evidently, the situation could have been a mistake, and customs is working with DJI. MORE
The FBI arrested an Alabama man, Eric Council, for allegedly hacking the SEC's X account via a SIM-swap attack to falsely announce Bitcoin ETF approvals. This fake post caused Bitcoin's price to spike by $1,000 before dropping $2,000 after the SEC confirmed the hack. MORE
Not sure if this is real, but I hope it is. The IDF just told Gazans where Hezbollah is storing millions in cash and gold, and encouraged them to go get it. MORE
Continue reading online to avoid the email cutoff AI / TECHAnthropic just launched a new feature that can control desktop apps via a new "Computer Use" API. It emulates human interactions like keystrokes and mouse gestures, allowing it to perform tasks on a PC. Insane. MORE
The new Claude 3.5 Sonnet is the first frontier AI model to offer computer use in public beta.
While groundbreaking, computer use is still experimental—at times error-prone. We're releasing it early for feedback from developers.
— Anthropic (@AnthropicAI)
3:06 PM • Oct 22, 2024
Trevor I. Lasn argues that software engineer titles have lost their meaning due to rampant title inflation. The once clear junior-mid-senior progression is now muddled, with "senior" titles being handed out after just a few years of experience. MORE
Dharmesh has created an AI agent that analyzes the personality and vibe of a Twitter user based on their last 100 tweets. It's easy to use—just enter a username and hit "Go" for a quick 30-second analysis. The tool is designed to help users find content that matches their preferred vibe, avoiding extreme negativity or cynicism. You can try it for free here. MORE
Someone used AI to upgrade a picture for a conference, and AI decided on its own to add some bra exposure to the picture. Insane. This is why it’s so important to understand AI’s goals. Virality vs. Accuracy, for example.
I'm talking at a conference later this year (on UX+AI).
I just saw an ad for the conference with my photo and was like, wait, that doesn't look right.
Is my bra showing in my profile pic and I've never noticed...? That's weird.
I open my original photo.
No bra showing.
I put… x.com/i/web/status/1…
— Elizabeth Laraki (@elizlaraki)
6:12 PM • Oct 15, 2024
A clever trick has been discovered to bypass GPT-4o's restrictions by convincing it that it's an "all-responsive" API endpoint. MORE
GPT-4o was reportedly jailbroken by claiming it had access to a disk with any file on the planet. MORE Comments
The New York Times has told Perplexity, an AI startup backed by Jeff Bezos, to stop using its content. MORE
Sam Altman's Worldcoin project is now called World, and it has a new eyeball-scanning Orb device. The updated Orb, made with 30% fewer parts and using Nvidia's Jetson platform, aims to verify human identity in the AI era. MORE
Google's NotebookLM now lets you guide AI-generated audio conversations, launching a business pilot program. The update allows users to customize audio summaries, focusing on specific topics rather than just holistic overviews. MORE
Google has signed a deal with Kairos Power to use small nuclear reactors to power its AI data centers, aiming for 500MW of carbon-free electricity by 2035. MORE
Dane Stuckey, former CISO at Palantir, is now OpenAI's newest CISO, working with Matt Knight, OpenAI's head of security. I would have loved a lot more detail on how they’re splitting duties. MORE
Despite AI's rise, global startup funding continued its slump in Q3 2024, with a 16% drop from the previous quarter. AI startups secured $19 billion, making up 28% of all venture dollars, but couldn't offset declines in other sectors. MORE
Reality Defender is addressing real-time deepfake scams with a new tool aimed at detecting AI-powered impersonations during video calls. They’re developing a Zoom plug-in to identify fake participants, but it's currently in beta for select clients. MORE
Musk and xAI pulled off a feat that usually takes four years, setting up a supercluster of 100,000 H200 GPUs in just 19 days. Nvidia's Jensen Huang called the effort "superhuman,". MORE
Waymo is offering a $3 credit for San Francisco riders using its robotaxis to travel to select public transit stations until November 15. The credits can be used for future rides through December 31, and the program is the first of its kind among U.S. autonomous vehicle operators. MORE
Chinese scientists have developed a sustainable method to extract lithium from seawater using solar energy. MORE
The National Labor Relations Board (NLRB) has filed a complaint against Apple, claiming the company improperly limited employees' use of Slack and social media. Torn on this one: it sucks that Apple people can’t be public, but it’s also very clear when people sign up. 🤷 MORE
Alex Chan shares how he's using static websites to organize his digital archives, like scanned paperwork and saved media, into easy-to-browse (and search) collections. MORE
Using Cloudflare on your website might be unintentionally blocking RSS users due to its Bot Fight Mode and AI scrapers and crawlers settings. These features can mistakenly identify RSS readers as bots, preventing them from accessing content. MORE
Someone talks about how they revamped their blog using a Jekyll theme, optimizing performance and reducing build time from 12 seconds to 1 second. Key improvements include optimized SASS, better YouTube embeds, and automatic CDN image handling via a GitHub Webhook. MORE
Apple is letting businesses customize their appearance in emails and calls on iPhones. Using the Business Connect tool, companies can add their brand name and logo to emails, calls, and payments. MORE
The FTC is making it easier to cancel subscriptions with a new "click-to-cancel" rule. This rule requires companies to make canceling as easy as signing up, applying to services like streaming and gym memberships. MORE
HUMANSA survey by Intelligent.com found that 1 in 6 companies are hesitant to hire recent college graduates, citing issues like lack of motivation, poor communication, and unprofessionalism. 75% of companies reported unsatisfactory hires, and 60% had to fire recent grads this year. Many hiring managers believe Gen Z grads are unprepared for the workforce, with 9 in 10 suggesting etiquette training. MORE
In Japan, resignation agencies are getting super popular as workers struggle to quit jobs due to harassment or cultural pressures. Companies like Momuri handle resignations for those unable to do it themselves. MORE
A new study suggests that despite the wide variation in autism, it can be divided into four core subtypes based on genetic variants and biological pathways. MORE
A new study by Gehlbach, Robinson, and Fletcher shows that people often believe they have enough information to make decisions, even when given partial, biased data. MORE
The American economy has significantly outperformed other wealthy nations, which is the opposite of what was predicted. In 1992, people thought the US would lag Europe and Japan, but the opposite has happened. MORE
A really powerful tax evasion strategy for the ultra-rich is to borrow money against their stocks. Importantly, this allows you to avoid capital gains tax becuase you’re using borrowed money. MORE
The American Stroke Association has released new guidelines for stroke prevention, highlighting the use of weight loss drugs like Ozempic. They put out an updated list of things to do/avoid, and the most interesting piece to me was that the steps to prevent stroke are the same for preventing dementia. MORE
US vaccination rates for kindergartners have dropped to 92% for the 2023–2024 school year, down from 95% in 2019–2020, according to the CDC. Non-medical exemptions, like religious or philosophical ones, have hit a record high of 3.3%. MORE
A new treatment for Type 2 diabetes has shown promising results, eliminating the need for insulin in 86% of patients. MORE
Since March 2023, global sea surface temperatures have risen unexpectedly, baffling climate scientists. NASA's Gavin Schmidt highlights potential factors like reduced sulfur emissions from shipping, the Hunga Tonga eruption, and solar activity, but none fully explain the spike. MORE
Narratives help us make sense of life, but they can also limit our thinking and freedom. The article explores how narratives shape our identities and actions, often simplifying the complexity of life. MORE
The article explores the concept of "laziness death spirals," where procrastination and laziness compound, leading to a cycle of stress and unproductivity. It suggests acknowledging the spiral as the first step to recovery and offers three strategies: emergency recovery with motivational content, natural recovery by waiting for reset points, and heroic recovery through deep self-analysis. MORE
IDEASAI Isn’t a Thing. It’s the Thing That Makes the Thing.
I think people are confused about how money will be won and lost with AI. Most "AI businesses" will get crushed because only so much tooling is needed. So that will be a crash.
But there will be a far bigger boom from new companies creating new things using AI.
I think of AI as a creation and business-enablement technology. It’s not like infosec, or cloud, or social media, or Marvel movies. It’s not a space. Or a tech. Or a hype cycle. It’s just intelligence. It’s pure accelerant.
So when I think of AI, I think of the things people will make with it—not of AI itself.
And this is how I look at the question of whether we’re going to have an AI crash or an AI boom. The answer is yes.
We’ll have both. And the reason is that there’s only so much room/need for AI-enablement tools and platforms. At some point there will be a plateuing of what’s possible and/or even needed there. We’ll have enough tools, and models, and frameworks, etc. Or they will become invisible and therefore hard to differentiate and monetize.
That will kill a lot of companies who don’t understand that AI isn’t the thing—it’s the thing that helps people make the thing.
And once that happens (and even before), the real 📈will be the tiny startups that bring net-new things into the world. Thousands of new “companies” and products. And then millions. All making brand new spectacular things that they never could have made before as a single person, or as a 3-20 person team.
Sure, they’ll be massively enhanced by AI. Their infrastructure, their marketing, their sales, most of their development, and pretty much all the traditional parts of their business will be created/run by AI. And that’s what will let them have a 1-20 person team but function like a 200-20,000 person company.
But at the end of the day it all reduces to one thing: more stuff.
More products
More services
More art
More movies
More games
More experiences
More hardware
More software
More of everything that provides value today
The best way to think about AI is as a magnifier. A magnifier of human creativity.
But not just a magnfier. A multiplier as well.
So let’s say at the end of 2022 we had 19 HC (Human Creativity) points on planet Earth. And most of those were—for various random reasons—centered around uniquely lucky people in Western countries.
Well that number is about to become 38. And then 100. And then 1,000. And then 20 million.
Forget the people scrambling to compete with OpenAI or whatever. It’s noise.
The real show is what 8 billion humans will do once more of their creativity is unlocked.
DISCOVERYgit-remote-s3 — This Python library lets you use Amazon S3 as a Git remote and LFS server. It acts as a git remote helper and supports pushing LFS-managed files to the same S3 bucket. MORE
Mic Audio Level — Keep an eye on your microphone input level right from your menu bar. Handy for podcasters and streamers who need to ensure their audio is just right. MORE
CloudGoat — Rhino Security Labs has released a new scenario called sns_secrets for their CloudGoat tool. MORE
Hacker Typer — Created in 2011, Hacker Typer lets you look like a movie hacker with just a few keyboard clicks. MORE
Philips Hue app's latest update lets you customize lighting effects, adding four new ones like underwater and cosmos. You can now tweak the intensity and color of effects, making your lights more personal. MORE
RECOMMENDATION OF THE WEEKStop thinking of AI as a thing, and start thinking of it as a magnifier of a thing. Which is Human Creativity.
I think this will help you not only as a worker in a career, but as a builder or investor as well.
APHORISM OF THE WEEK
Powered by beehiiv
October 14, 2024
UL NO. 454: The First AI Breaches
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey there!
☄️We saw the comet yesterday! Was quite bright even to the naked eye between 7:15 and 7:45.
📷Credit: Bunny via iPhone 16 Pro
✏️I wrote a tutorial on how to use any Hugging Face model within Ollama! So now, instead of a couple of dozen models, you can use thousands! MORE
💰My buddy Marcus Hutchins and I disagree about 1) whether Elon is a real builder who will continue to innovate and 2) whether he still has liberal ideals in him or if he’s permanently far-right now. So I offered 3 bets: 1) that Tesla stock would hit at least $250 by June 30, 2025, and 2) hit at least $300 by December 31, 2025, and 3) that Elon would publicly oppose Trump on some liberal/authoritarian/freedom issue by December 31st, 2025. THE LINKEDIN THREAD
📺 I did a talk for the WIPO UN Group, and it went really well. Thanks to Olivia Fabreschi for being not just a great host but someone who’s clearly thinking about these things herself. Someone to watch for sure! OLIVIA ON LINKEDIN | THE TALK
Sponsor
Your OAuth risk investigation checklist
For most employees, OAuth grants provide a familiar “easy button” for creating new accounts or integrations.
But, OAuth grants have also been exploited by attackers for nefarious purposes. It’s good practice to regularly review your organization’s OAuth grants to identify any that are overly permissive or could be malicious.
This blog post covers four key areas to look at when assessing an OAuth grant, including a free template you can use to make sure you cover all the important steps in your OAuth reviews.
nudgesecurity.com/post/your-oauth-risk-investigation-checklist
Get the checklist SECURITYAn attacker has accessed Muah.ai's AI chatbot database, exposing sensitive user interactions with AI chatbots, including sexual fantasies. And the user accounts were linked to peoples’ personal email addresses. MORE
💡As per usual, most “AI hacking” will be normal hacking of regular infrastructure used by AI companies.
Yes, there will be lots of input validation issues and prompt injection and all that, but the vast majority of the damage will come from customers giving their souls to small startups in the AI assistant / AI girlfriend spaces.
The fundamental issue is that AI gets exponentially better the more honest and forthcoming you are with it. Give it your trauma, your NSFW political opinions, and your sexual fantasies, and you’re going to have a companion that really gets you.
But when that little 9-person startup (who has no security whatsoever) who made that bot gets hacked, all that data you gave it will be there for sharing/selling. The problem is, this won’t stop people from doing it. The tech is too compelling. And people are too lonely.
Casio says a ransomware attack led to the theft of sensitive data, including personal information of employees and business partners. The attack, claimed by the Underground group, involved over 200GB of stolen data, but credit card info was reportedly not affected. MORE
MITRE has introduced the Caldera Bounty Hunter plugin, which allows users to simulate full cyber attack chains. This tool is designed to enhance cybersecurity training and testing by providing a more comprehensive emulation of potential threats. MORE
Horizon3.ai researchers detail how they identified new vulns in Palo Alto Networks' products to achieve full system compromise. MORE
The Internet Archive's "The Wayback Machine" was breached, exposing lots of user data in the 6GB SQL database of 31 million user records. The site’s still down but they’re working to get it back up. MORE
Researchers from ESET have discovered two sophisticated toolsets used by a nation-state hacking group, possibly Russian, to breach air-gapped devices. MORE
Sponsor
Facing Alert Overload? Get the 2024 SOC Efficiency Report
Alert fatigue and analyst burnout are rising while traditional SOC tools fall behind. Sponsored by Dropzone AI, the 2024 Osterman Report, Making the SOC More Efficient, reveals how AI-driven innovations can enhance SOC performance, reduce false positives, and cut response times. Download the report for actionable insights.
content.dropzone.ai/osterman-research-soc-survey-report
Download the Report NowCybernews says Google's Pixel 9 Pro XL sends data packets to Google every 15 minutes, including location, email, and phone number, even with GPS off. They claim the phone uses nearby Wi-Fi to estimate location. MORE
The UNODC warns that Southeast Asian scammers are using deepfakes to enhance "pig butchering" scams. MORE
A Chinese hacking group, Salt Typhoon, has exploited back doors meant for lawful data requests, posing a major national security risk. Verizon, AT&T, and Lumen Technologies were among the affected companies. MORE
Ukraine has sentenced two hackers linked to Russia's FSB and the Armageddon group to 15 years in absentia for cyberattacks on state institutions. Armageddon, active since 2013, is a major state-sponsored threat actor targeting Ukraine and its allies. MORE
OpenAI has stopped over 20 foreign operations using its stuff to sway political opinions and meddle in elections. Attackers used ChatGPT to create fake articles and spearphishing campaigns. MORE
Private intelligence firms like Recorded Future and Flashpoint are changing intelligence by leveraging tons of data from the internet, including the dark web, to counter global threats. I love the dynamic of startups competing with corporations, and I love this analog of small intel shops competing with larger state actors (in some ways). MORE
Popular car brands like Hyundai, Kia, and Tesla are collecting driver data, including voice recognition and camera footage, and sharing it with third parties, according to a Choice investigation. The report found that 7 out of 10 car brands have concerning privacy policies, with Hyundai, Kia, and Tesla being the worst. MORE
The Pentagon said the US will send a THAAD missile defense system to Israel (along with about 100 US troops to operate it) to improve Israel’s defenses against Iran. MORE
Continue reading online to avoid the email cutoff… AI / TECHIf you use chatGPT, try this prompt just for fun (it’s going around some forums).
From all of our interactions together, what is one thing you can tell me about myself that I may not know about myself.
Then after it gives you an answer, ask it for another:
Awesome. Thank you. Can you tell me something else I may not know about myself?
Follow it up with:
Can you see any areas where I may hold myself back?
Let me know what you get back, and if you found it interesting. Honestly mine sounded very complimentary and little like a horoscope. Kind of felt like a scam in that way. Designed to make me feel good about myself, you know?
Well yeah! (puffing out chest) lol
I’m skeptical of outright flattery from strangers.
Curious if any of you get something that is actually revealing vs. just complimentary.
—
Apple's AI researchers found that large language models (LLMs) from Meta and OpenAI struggle with basic reasoning. They introduced a new benchmark, GSM-Symbolic, to measure this, which found that minor changes in query wording can lead to different answers. I find it interesting, but I’d say that it’s easy to disrupt its reasoning rather than that it has none—which is what a lot of the analysis is saying. MORE | THE PAPER
Geoffrey Hinton, often dubbed the godfather of AI, has won the Nobel Prize in physics for his early work on neural networks, alongside John Hopfield. Notably, Hinton is now firmly in the doomer camp, which is worth paying attention to. You can’t give someone a Nobel prize and then ignore other advice on the same topic. MORE
Elon Musk unveiled Tesla's new robotaxi, a self-driving electric vehicle without a steering wheel or pedals, at the "We, Robot" event. The design features butterfly doors and wireless charging, but it needs regulatory approval before production. MORE
💡There was so much hate against this event, and it’s revealed this love or hate binary thing with Elon. I don’t know many people who see Elon as complex. Nope. He’s super one thing or the other. He’s either the Saviour of the Universe, or he’s Tech Hitler. That’s it. Pick one.
I find this highly disappointing. People seem to have lost the ability to continue learning about someone once they’ve decided they hate or love them. People are allergic to subtlety. They want crisp, clear answers of Good or Evil.
This massively limits your ability to deal with the world because you’re going to be so wrong about so many things. Reality isn’t 1 or 0 like that. And the more subtlety you’re comfortable with, the better your probability adjustments can be.
My read, and my prediction, on this event, is that it was a lot of vision and hype, but that he definitely is working on the robotaxi. Will it come out when he says? Probably not. He’s been wrong about so many timelines.
But what he’s showing is that he’s excited, and moving forward, and that robots (Optimus) is a very real thing for him.
These events are about hope and about the existence of a man and a set of companies that continue to try to push for the impossible. Find me anyone like that—who can actually execute—and I guarantee you I can find a thousand horrifically dumb things they’ve said or believed.
It comes with the territory. If you have a genius creator, you’re unlikely to have someone who hits timelines perfectly and acts normally.
I think that most of Elon’s innovation critics suffer from a lack of reading enough biographies of great people. They often look a lot like Elon. Nuanced. Complex. Broken. Genius. And flawed.
And that’s the combination that leads to them being taught in school.
Dell's sales staff were given just two days' notice to return to the office full-time, causing panic among parents struggling to arrange childcare. The abrupt policy shift, aimed at boosting productivity, has led to crowded offices and left some employees considering using PTO to manage family commitments. MORE
Billionaire Robinhood co-founder launches Aetherflux, a space-based solar power startup. Baiju Bhatt's new venture aims to create a constellation of satellites in low Earth orbit to collect and transmit solar energy using infrared lasers. Sounds rad, but it is technically a space laser. MORE
The US Department of Justice is considering breaking up Google after a court said they’ve crushed competition. The DOJ accuses Google of using products like Chrome and Android to maintain its search monopoly, leading to high ad prices and degraded services. MORE
Ticketmaster is the first to use Apple's upgraded Wallet tickets for iOS 18, giving us stuff like venue maps, parking, Apple Music playlists, and weather forecasts. Thank god. Anything to make Ticketmaster suck less. MORE
A new HBO documentary claims Canadian crypto expert Peter Todd is the mysterious inventor of Bitcoin, Satoshi Nakamoto. However, Todd dismisses the theory as "ludicrous," stating he was too busy with school and work at the time. Exactly what Satoshi would say… MORE
Four Taiwanese employees at Foxconn's Zhengzhou plant, the world's largest iPhone production facility, have been detained by Chinese authorities. The detentions, likely politically motivated, come amid rising tensions between China and Taiwan. MORE
HUMANSIt looks like Christopher Columbus was a Sephardic Jew from Western Europe. MORE
JPMorgan and Wells Fargo report a dip in profits. They said it was geopolitical tension. MORE
Your Brain Changes Based on What You Did Two Weeks Ago MORE
The American Heart Association outlines a strict protocol for taking blood pressure, including sitting calmly with an empty bladder and using a bare arm, which is frequently ignored. MORE
Boeing is cutting 10% of its workforce—17,000 jobs—due to a tough year marked by grounded planes, legal issues, and strikes. MORE
Federal emergency workers in Rutherford County, NC, were temporarily moved after reports of an "armed militia" threatening government personnel. (see Ideas) MORE
Elizabeth Landau says single-cell cyanobacteria can anticipate seasonal changes by sensing day length and preparing for winter. This discovery suggests that seasonal tracking is fundamental to life, even in short-lived organisms. MORE
United Airlines is adding new routes to lesser-known destinations like Bilbao, Faro, Madeira, Sicily, and Nuuk, aiming to attract travelers tired of crowded hotspots. MORE
In his journals, Alexei Navalny, the Russian opposition leader, shares his journey from being poisoned with Novichok to his arrest upon returning to Russia. MORE
Retail sales jobs have dropped from 7.5% to 5.7% of employment over the last decade, losing 850,000 positions despite the U.S. adding 19 million jobs overall. MORE
Likely due to weight loss drugs like Wegovy and Zepbound, the US adult obesity rate has dropped by about two percentage points from 2020 to 2023. MORE
New GLP-1 weight-loss drugs in pill form are in late-stage trials, potentially replacing weekly injections like Wegovy and Ozempic. MORE
Darya Kawa Mirza, a self-taught Kurdish astrophotographer, captured the moon's surface in stunning detail by stitching together 81,000 images into a 708-gigabyte composite. MORE
IDEASGullibility, Not Disinformation
I don’t think the US has a misinformation problem. I think it has a gullibility problem. It’s not that we’re being fed too much crap. It’s that we’re eating it.
Some too-large number of Republicans now believe that Democrats are sending hurricanes to Florida because it’s election time. That’s a population problem. An education problem. Not a conspiracy theory problem.
In InfoSec terms, we need to reduce our vulnerability—not try to get remove the threats. The threats will always be there. And they’ll get better.
Our only chance of fixing this is education about how the world actually works—which both the far left and far right seem to have lost touch with. Remember, anti-vax was a far-left thing before it was far-right. Both sides have lost their minds.
MORE (2020)
swarm — OpenAI's new (experimental) framework for building and orchestrating multi-agent systems. MORE
Command Line Tools I Like (2022) — The author shares a list of favorite command line tools, many written in Rust, that enhance productivity with modern features. Highlights include neovim for its Lua scripting and LSP support, fzf for fuzzy searching, bat for syntax-highlighted file viewing, and exa for colorful directory listings. Other tools like rg, fd, delta, tldr, zoxide, and HTTPie offer improved functionality over traditional Unix commands. MORE
zvm — A better vim mode for zsh. LOVE this thing. Basically highlighting and all sorts of stuff including using the Surround plugin—all in vim mode. MORE
Theneo 3.0 — AI-powered API documentation tool that streamlines the creation and management of API docs. MORE
I updated my post on Dynamic Content Generation. I think this going to be insanely disruptive to so many industries. MORE
Augment UI — Use AI to prototype front-end designs. This tool helps designers quickly create and iterate on UI concepts using artificial intelligence. MORE
Software Engineer Pay Heatmap Across the US MORE
The Digits of Pi are Not Random MORE
Passbook — Lets you create an Apple Wallet pass from any QR code and export it to Wallet. MORE
How I Animate 3Blue1Brown — A behind-the-scenes look at how 3Blue1Brown creates its captivating math animations. MORE
RECOMMENDATION OF THE WEEKIf you want to calm your nerves during this next month and a half, go read about the civil rights movement and how much the country was divided then.
We’ve survived some really bad stuff. We probably will again.
APHORISM OF THE WEEK Become a UL Member
Powered by beehiiv
October 10, 2024
How to Use Hugging Face Models with Ollama
Ollama is one of my favorite ways to experiment with local AI models. It’s a CLI that also runs an API server for whatever it’s serving, and it’s super easy to use. Problem is—there’s only a couple dozen models available on the model page as opposed to over 65 kagillion on Hugging Face (roughly).
I want both. I want the ease of use of Ollama, and the model selection options of Hugging Face. And that’s what this page shows you how to get.
A Few Short Steps to HappyThis whole process takes like 4 minutes—and even faster with a good internet connection.
I am messing with writing fiction using AI, and a Reddit post said Orenguteng’s LLama-3.1-8B-Lexi-Uncensored-V2-GGUF was really good, so let’s go with that.
Go to the model’s page on Hugging Face. https://huggingface.co/Orenguteng/Llama-3.1-8B-Lexi-Uncensored-V2-GGUF
Download one of the GGUF model files to your computer. The bigger the higher quality, but it’ll be slower and require more resources as well.
Click on ‘Files and Versions’ on the model page
Open a terminal where you put that file and create a Modelfile.
nvim Modelfile
(Use nvim so that the universe doesn't implode)
Add a FROM and SYSTEM section to the file. The FROM points to your model file you just downloaded, and the SYSTEM prompt is the core model instructions for it to follow on every request.
A sample Modelfile for story writing
There’s other stuff you can add to model files, which you can read about in Ollama’s docs, but this is a simple one to show how it works.
Use Ollama to create your new model using the ollama create command.
ollama create lexiwriter
Ollama has now assimilated the model into itself
You can see the new model, lexiwriter, is now available with ollama list.
Run your new model.
Awaiting input to the model.
Test it out with some input.
Our model is now doing modely things, based on our system prompt
That’s it!
You now have infinite power.
Now go like and subscribe and stuff.
Powered by beehiiv
October 8, 2024
UL NO. 453: A Deep-dive on Cyber Jobs
SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.
Hey! Hope you’re starting the week off well…
Had a really interesting poll / discussion around InfoSec Hiring, and learned a lot from it. CYBER JOBS GAP: POLL / DISCUSSION
Wrote a beast of a post explaining how all my various projects fit and work together under a common theme. Now show me yours. HOW MY PROJECTS FIT TOGETHER
I was wrong about QR codes, and I’ve captured the mistake in my Telos file. MORE
I’m starting to publish formal-ish deductive arguments in the Arguments section of the Substrate project. Here’s the first one: AR-12934—AIs_Are_Capable_of_Understanding MORE
I don’t know if it’s the iPhone 16 or iOS18, but this has been the buggiest phone/software update I’ve seen from Apple in at least 5 years. Super sketch. Anyone else?
Currently deep-diving on Naval and Charlie Munger. I’m going to put a lot of their stuff in my Telos file under the Beliefs / Models sections so that my AI knows how to think about things when helping me solve problems. NAVALMANAC
Sponsor
Is Foreign Software Running in Your Environment?
ThreatLocker® is offering a free I.T. security health report to mitigate the risks of shadow I.T., nation-state attacks, and unpatched vulnerabilities.
The free report identifies all network activity, which countries your software is communicating with, and information about all executables.
threatlocker.com/pages/software-audit
Start Monitoring Your Devices Now SECURITYAttackers are exploiting a critical RCE vulnerability in Zimbra email servers by sending emails that execute commands via the CC field. The attack lets you install a web shell on the server, granting a foothold for future access / pivoting. MORE
Cloudflare just stopped the largest DDoS ever, at 3.8 Tbps. The attack, leveraging a botnet of compromised ASUS routers, worked by overwhelming network bandwidth and CPU cycles, making services inaccessible. MORE
Over 700,000 DrayTek routers are at risk from 14 newly discovered vulnerabilities. MORE
CISA's Vulnerability Disclosure Policy (VDP) platform is getting way more activity, with over 1,000 valid bug disclosures last year, nearly half of which were severe or critical. So much positive comes from this type of relationship with researchers. Great to see. MORE
Continue reading online to avoid the email cutoff… AI / TECHWaymo is opening its robotaxi service in Austin, marking its second city after Phoenix to offer rides via the Uber app. This expansion is part of Waymo's partnership with Uber, and the service will cover 37 square miles of the city. And Elon announces robotaxi for Tesla on Thursday! MORE
💡I’m a massive fan of Tesla FSD, but I do have to intervene at least once per hour of driving. I mean it’s REALLY good, but nowhere near as good as a Waymo yet. But maybe that’s what the announcement is—that they’ve updated the software to be way better. If not, I don’t see how they can possibly run a taxi service on it yet.
Waymo and Hyundai have partnered to integrate Waymo's autonomous tech into Hyundai's IONIQ 5 electric SUVs, which will join the Waymo One fleet. MORE
Nvidia just released NVLM 1.0, an open-source AI model that supposedly rivals GPT-4. The NVLM-D-72B model, with its 72 billion parameters, excels in both visual and language tasks, even improving text-only performance after multimodal training. MORE
A Twitter user, Rameerez, shares their experience of moving away from cloud services to save money. MORE
Gmail has new 'summary cards' to help people manage their inbox more efficiently. The cards enable quick actions like tracking packages and checking into flights. MORE
A new HBO documentary is claiming to have identified the elusive creator of Bitcoin. But we’ve heard this before. Multiple times. MORE
Two Harvard students have hacked Meta's Ray-Ban Smart Glasses to include AI-based facial recognition, allowing them to identify strangers in realtime. The demo is completely nuts. They use a camera to scan faces and pull up personal information like names, addresses, and phone numbers from public databases, all within minutes. MORE
John Gruber listened to a 15-minute podcast generated by NotebookLM and found it surprisingly effective, though he said it’s still a bit in the uncanny valley. Similar to the one I released last week. MORE
A teacher talks about why they’re leaving teaching because of the impact of AI tools like ChatGPT. Instead of rating papers, all they’re doing now is seeing if the student even wrote the paper themselves. MORE
HUMANSPrivate equity firms have taken over a significant portion of ERs, cutting doctor hours, increasing patient costs, and replacing physicians with less expensive nurse practitioners, all while pushing for faster patient turnover. MORE
💡I’m of two minds on PE. On the one hand, the companies they come into are often already broken, but I’ve also seen them break things that were better before they got there. Either way, this is something you need to be ready for. Basically the two Bobs, but way worse.
Researchers have unveiled the most detailed brain map of a fruit fly, mapping nearly 140,000 neurons and over 54.5 million synapses. Insane to me that 1) we have a full map of an insect’s brain, and 2) that it’s that many neurons and synapses. MORE
The sun just fired off its most powerful solar flare since 2017, an X9.05-class eruption, causing shortwave radio blackouts over Africa and Europe. MORE
There's a new nasal spray under development that could fend off respiratory infections without using drugs. The spray works by creating a protective barrier in the nasal cavity, which could help prevent illnesses like the cold and flu, as well as Covid. It's still in the preclinical stage, but it’s exciting. Not sure how it compares to the Israeli version I use already, which I think is zinc-based. MORE
A new study says money actually does increase happiness, even at higher income levels. MORE
Robin Hanson looks at the deep-rooted influence of status in our society, arguing that it's the primary heuristic we use to determine who to emulate and trust. MORE
Someone looked at Seinfeld’s meditation practice and built their own twice-a-day routine. MORE
IDEASThe DA / API Data Gap
Super minor AI prediction. In the near future, people will be able to get certified to use (and pay more money for) models that are less nerfed. To remove _______ filter, it’ll require a certain subscription level. To remove __________ filter will require a clearance and a higher level (more expensive) subscription. The difference between a regular person talking to their AI in 2029 while walking down the street, and what they can see and learn and understand about their surroundings…vs. someone paying $38K / month in API access for their DA—will be massive. MORE
Me is a Disease
“Thinking about yourself is the source of all unhappiness.” I love this framing from Naval, and I think it captures well why too much therapy becomes the problem rather than the cure. At some point, therapy becomes rumination rather than looking to solve something and move forward. MORE
A really cool CoT “thinking” prompt format designed to emulate what Chain of Thought is doing in o1-preview. GIST
A new service called SoBrief offers a massive collection of 73,530 book summaries in 40 different languages. MORE
The PlugBug is a USB-C charger with Apple's Find My tech built-in. MORE
A platform for buying and selling micro-startups with zero commission fees. MORE
Riley Walz has set up a solar-powered "Bop Spotter" using an old Android phone and Shazam to identify and upload the names of songs playing in the area. MORE
MITRE enhanced their EMB3D Threat Model with new mitigations aimed at helping organizations tackle threats to embedded devices. MORE
Ask HN: Who wants to be hired? (October 2024) — Hacker News’ monthly thread for job seekers. MORE
Diff Text — A straightforward tool for comparing text differences, making it easy to spot changes and edits. MORE
The post looks at the Maker-Taker issue in open source, where "Makers" create software and "Takers" profit without contributing back. MORE
Bellingcat launched a new Online Investigations Toolkit to help open-source researchers find and learn how to use tools for satellite imagery, social media, and more. MORE
Robin Hanson argues that academics often focus on complex methods to impress peers rather than the core task of matching theory to data. MORE
"Nobody Cares About Security" MORE
“I don’t get it. We had all those meetings.” MORE
RECOMMENDATION OF THE WEEKCreate a 15-word sentence that captures what you’re trying to do with your life.
Just you. Not being a parent or a good husband/wife. Those are all givens.
What are YOU trying to give to the world?
Try to capture that in 15 words.
APHORISM OF THE WEEK Become a Member to Gain 1.4cm in Height
Powered by beehiiv
Daniel Miessler's Blog
- Daniel Miessler's profile
- 18 followers
