Daniel Miessler's Blog, page 8
August 5, 2024
UL NO. 444: Pizza Meter Intelligence, China Bypasses Bans, Securing AWS Secrets...
SECURITY | AI | MEANING :: Unsupervised Learning is my continuous stream of original ideas, story analysis, tooling, and mental models designed to help humans lead successful and meaningful lives in a world full of AI .
TOCNOTESHi!
OSINT is one of my favorite hobbies, and the Pizza Index is one of my best examples of what you can do with it. Basically it’s how much pizza the Pentagon is ordering—with the implication being that they’re working late because something’s going down.
And with the stuff happening between Iran and Israel (and elsewhere), it looks like they’re quite busy. Lots of pizza and empty bars.
🚨Pizza meter is off the charts and the “bars” in DC are empty near the Pentagon. Brace yourselves.
— RealBenGeller (@RealBenGeller)
2:07 AM • Aug 3, 2024
This is why I can’t wait to fully build out my agent framework, and for agent functionality to become integrated with models / platforms (my personal prediction for 2025).
This will allow OSINT experts to take all their various sources and techniques and turn them into continuous data pipelines that they publish via API.
I’ll be publishing many of these myself. Think Pizza Index, but for thousands of different signals around different activities. So, military movements, money transfers, discussion in various forums, etc. And because they’ll be AI Augmented, they won’t just be raw data streams, but actual analysis.
It appears X may be about to initiate an attack against Y. We make this assessment based on the following:
- The following troop and vehicle movements
- The following comments made by experts with an exemplary prediction record
- These moves in the following 3 prediction markets
Based on all three of these, we estimate a 93% chance of this attack taking place within 72 hours.
The type of reports that will be everywhere soon
Anyway, super excited about this.
Already in Vegas and we’re missing my cooled bed surface. And AC. And Neorest. But so worth it to see everyone.
Really looking forward to our UL Member meetup later this week. Going to get to see a few long-time members in person for the first time!
Dont’ forget your primary, secondary, and tertiary burner phones.
—
🚨The State of Things
Ok, given the state of the world right now—and the current stock market crash—I felt inspired to write a long stream-of-consciousness view of what’s happening in the world and how I plan on responding. It’s heavy and political and deep and personal, so only read it if you are interested in thinking and feeling things. READ IT
MY WORK
I don't know two shits about the Yen or the likelihood of a US recession, but what I can tell you is how I see things right now—as someone in the US—and how I am personally going to respond.
First and most obviously—things are a bit crazy. Here’s a short list.
- Riots in the UK… x.com/i/web/status/1…
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚☕️🗣️ (@DanielMiessler)
3:56 PM • Aug 5, 2024
A slightly upgraded version of last week’s main piece on why AI will disrupt business and society.
We've Been Thinking About AI All Wrong
AI is just a way to execute Intelligence Tasks that only humans can do.
danielmiessler.com/p/weve-been-thinking-about-ai-all-wrong
—
I spoke with Christine Gadsby, Head of Product Security Operations Team at BlackBerry and we talked about the Role of AI in Cybersecurity, including:
AI's real advancements, practical applications, and associated challenges, moving beyond the hype.
Enhancing Incident Response and Threat Hunting
Christine highlights AI's significant impact on enhancing incident response and threat hunting, how AI quickly analyzes vast data to identify Indicators of Compromise (IoCs), automates routine tasks, and improves decision-making with actionable insights.
And lots more…
Go check it out. WATCH THE INTERVIEW
SECURITYTwo critical ServiceNow vulnerabilities reported by AssetNote 💪 are being actively exploited. These flaws allow attackers to access databases, exfiltrate data, and read arbitrary files, and they’re currently affecting between 13k to 42k instances. MORE
A company has reportedly paid a new record-high $75 million to a ransomware group. It’s a lot of money compared to anything other than not being able to do business. MORE
DigiCert is revoking 83,000 TLS certificates due to a domain validation bug that could lead to clashes between records and subdomains. MORE
Sponsor
Dropzone AI
Hey, Daniel here.
I've seen a thousand different AI + Security startups at this point. Most are very early and/or theoretical. Some are pretty decent, and a few are impressive.
But the absolute best I've seen so far - by far - is Dropzone.ai. They’re the only company I’ve seen that’s really mastered the agent aspect of doing investigations.
It takes alerts from various tools and just starts working on them—just like a human would. Needs more data, goes and researches that. Needs to find some context? It goes and gets that.
So by the end you have a fully documented set of steps that were taken to research an alert, and a conclusion on whether or not it was malicious—all with full documentation.
I’m so impressed with it that I’m now an advisor as well.
Want to learn more and see Dropzone.ai in action? Come meet the Dropzone.ai team in person at Security Wasteland during Black Hat.
wwv.vulncheck.com/security-wasteland-black-hat-2024
Register HereChina is getting around U.S. bans on advanced AI chips through smuggling, front companies, and loopholes, ultimately allowing restricted Nvidia GPUs to flow into the country despite export controls. MORE
Ransomware attacks are rising with an 18% year-on-year increase reported by Zscaler ThreatLabz, including a record $75 million ransom paid this year. The U.S. faces nearly half of all attacks, with the U.K. being the second most targeted country. MORE
💡I’ve always considered ransomware attacks to be something we’d have to invent as a government service if it didn’t exist in the marketplace. Like as a way to test and punish bad security.
But my intuition was that after a number of years it would get harder and harder because security would increase. So if they’re still increasing, I wonder what the reason is. Are attackers moving to more vulnerable targets after others locked themselves down, or are they just getting better at finding holes, something else, or all of the above.
Probably all of the above.
If someone has more insight—or a write-up on this—on that I’d appreciate it.
A great analysis here of securing secrets in AWS outlines how to improve credentials access incrementally. The post covers using Secrets Manager and KMS to eliminate plaintext secrets from production and enhance credential management in CI/CD pipelines. MORE
A solid blog post discusses creating custom implants for evasion by building them in C, detailing server setup, client functionality, and testing against security tools. MORE
The average cost of a data breach jumped 10% to $4.88 million in 2023 according to the Cost of a Data Breach Report 2024. MORE
China is tightening its civilian drone export rules starting September 1 to prevent their use in military or terrorist activities. The new controls will target drones with IR imaging, laser guidance, and high-precision inertial measurement devices, while lifting restrictions on long-range civilian drones. MORE
AI / TECHOpenAI has started rollout of its new ChatGPT Voice feature for ChatGPT Plus users, enabling real-time conversations with emotion detection. Initially available to a small group, it will expand to all Plus users by fall 2024. MORE
💡I am part of this initial rollout and I can tell you that the conversations with the product are far more natural now.
I talk to AI a lot using the Cove voice on ChatGPT (Cove sounds an awful lot like TARS from Iterstellar btw) and that I have mapped to double-tap and my Action Button on my phone for quick access.
Now it’s just a bit more natural sounding, although I’m getting a lot of weird artifacts in the voice which could be due to load or bandwidth issues. Not sure.
Black Hat USA 2024 Preview: AI, AI, and More AI — Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch, along with Brian Donohue, discuss the upcoming Black Hat talks they're excited about. Highlights include sessions with H D Moore, Sherrod DeGrippo, and Moxie Marlinspike, as well as some intriguing talks with cryptic titles. MORE
California's SB-1047, the "Safe and Secure Innovation for Frontier Artificial Intelligence Models Act," aims to regulate large AI models by mandating safety measures to prevent catastrophic incidents. Critics argue that the bill's focus on existential threats could stifle current AI research and development. MORE
The EU's risk-based AI regulation began on August 1 with staggered compliance deadlines categorizing AI applications into low/no-risk, high-risk, and limited risk tiers. It imposes transparency, risk management, and penalties for violations, with standards for high-risk and powerful general-purpose AI models to be finalized by April 2025. MORE
OpenAI has launched the GPT-4o Long Output model (in limited availability), which extends its output capacity to 64,000 tokens—16 times more than the original GPT-4o. I think the best use cases for this will be things like writing long-form content. MORE
Google's experimental Gemini 1.5 Pro has claimed the top spot on the AI Chatbot Arena leaderboard, surpassing OpenAI's GPT-4 and Anthropic's Claude 3.5 with a score of 1300. I’ve personally not used it yet because I find using Google products to be excrucatingly painful—especially their AI products. MORE
Meta says it will need 10x more computing power to train Llama 4 compared to Llama 3. So impressed with how Mark has gone from Metaverse Failing to AI Winning in like a year. I credit Jujitsu. | MORE
Elliott Management is calling Nvidia a 'bubble' and says AI is 'overhyped'. They argue that the market is overly optimistic about AI's potential and Nvidia's role in it. I think it’s a bubble, but it’s a bubble like the internet in 1995. In other words, there will be a bursting of AI hype, but that’s completely unrelated to the hockeystick AI is about to produce. These are unrelated things. MORE | MY ANALYSIS
Bellingcat has put together a guide on identifying explosive ordnance (EO) in social media imagery. It covers how to verify the authenticity of images, use reverse image searches, and identify EO based on text, colors, shapes, and contextual clues. MORE
CrowdStrike is facing massive lawsuit after Blue Friday crashed over 8 million computers globally. The lawsuit claims the company made "false and misleading" statements about its software testing, leading to a 32% drop in share price and a $25 billion loss in market value. MORE
Intel is laying off over 15% of its workforce as part of a $10 billion cost reduction plan after missing quarterly earnings expectations. The company reported a $1.61 billion net loss for Q2 2024 and will not pay its dividend in the fiscal fourth quarter. MORE
Apple just posted a record-breaking Q3 2024 with $85.78 billion in revenue, surpassing analyst expectations of $84.46 billion. Not sure why Berkshire Hathaway just sold so much of it. People are saying he’s anticipating a massive sell-off and he wants to be in cash. MORE
Apple is ramping up spending to get Apple Intelligence ready for launch this fall. I’m using the beta that has it, and it’s already pretty impressive even without most of the stuff turned on. MORE
Continue reading online to avoid the email cutoff… HUMANSA lot of the world tried to push Huawei out of their infrastructure, but they’re actually getting more powerful, not less. MORE
A software company increased user engagement by 8x by drastically shortening their emails. Netlify's initial 150-word emails had a 1% reply rate, but cutting the text to 37 words boosted replies to 4%, and further reducing it to 14 words doubled that rate to 8%. Insane. Maybe the takeaway is people don’t have much time, and you should respect it. MORE
Last month, Shane Mac offered everyone at his company $25,000 to quit, and six people took it. He did this because he realized he had oversold the culture and needed to reset expectations to align with their ambitious mission of building a decentralized and secure messaging protocol. The move was part of a broader effort to rewrite their values, raise the hiring bar, and ensure only those deeply committed to the mission stayed on board. MORE
💡This is what I’ve been on about with the Alaskan Fishing Boat analogy. Companies only want fully-dedicated murderers now. Entitled people, people who are are C and B players—all of those are going to get increasingly phased out.
And AI will cut even more people who’ve been hiding in middle management and other parts of the org where they get paid tons of money to not add much value.
All the consultancies are going to use AI to come in and evaluate business operations and find all those people, and recommend to the C-team that they be fired and replaced with 1/10th their number of A-players, and AI.
Journalist Evan Gershkovich was among a group of Americans and Russian dissidents released from Russia in a seven-nation prisoner swap, the largest since the Cold War. The US and Europe released eight Russian prisoners, including hitman Vadim Krasikov. MORE
Researchers at the University of California, Santa Barbara have developed an AI model called SharkEye to help prevent shark attacks. The model uses drones to detect sharks with greater accuracy than humans, even spotting those below the water's surface. MORE
Treating failing eyesight and high cholesterol are two new ways to lower the risk of developing dementia, according to a major report. The Lancet Commission's latest findings suggest that addressing 14 health issues could theoretically prevent nearly half of all dementia cases worldwide. MORE
Self-control is about 60% heritable, meaning genes explain roughly 60% of the differences in self-control among individuals. A meta-analysis of 31 studies involving over 30,000 twins showed that identical twins are more similar in self-control than non-identical twins, highlighting the genetic influence. MORE
💡Holy crap this could be devastating if it’s supported in further studies. I worry about the narrative that both IQ and self-discipline are mostly genetic, thus giving people an easy ramp to write off individuals or groups if they have lower averages.
Luckily, even if true, 1) groups don’t define individuals, and 2) there’s likely a LOT of slack in the environmental part that we’re not—as a society—tapping into yet.
A new study reveals that people tend to alter their appearance to match their names. Researchers found that adults' faces often align with social stereotypes associated with their names, while children's faces do not show this pattern. I guess be even more careful what you name your kids? MORE
A key protein called Reelin may help stave off Alzheimer's disease. A number of new studies suggest that Reelin helps maintain thinking and memory in aging brains, and when its levels fall, neurons become more vulnerable. People are starting to work on drugs for this, obviously. MORE
Wizards of the Coast will release the 2024 Dungeons & Dragons rulebooks under a Creative Commons license, fulfilling a promise made after backlash over attempts to change the Open Gaming License. MORE
"If Novelists Wrote Your Bug Reports" imagines how famous authors would describe software bugs in their unique styles. Ernest Cline likens a screen flicker to scenes from "Back to the Future" and "Ghostbusters," while Ursula K. Le Guin philosophizes about the existential pain of coding errors. MORE
IDEASMore analysis on how bad the results were of the recent UBI study done by Sam Altman. It appears to be pretty bad, just like we talked about last week.
A lot happened in July.
But, one event went quietly unnoticed.
The result of largest American controlled experiment in Universal Basic Income (UBI) was released.
You haven’t heard about it because the findings are terrifyingly bad. (1/12)
— Athan Koutsiouroumbas (@Athan_K)
5:23 PM • Aug 2, 2024
—
A really cool idea from Jonathan Haidt about free-range kids, and a cool idea for giving them more freedom.
DISCOVERY
Here's a great collective action solution that you might be able to do in your neighborhood: Create a "play street", once a month: close off a street for 2 hours, for kids to play, for neighbors to meet. It has transformative effects!
theatlantic.com/family/archive…
— Jonathan Haidt (@JonHaidt)
11:54 AM • Aug 3, 2024
🌱Farmbot is an open-source farming machine for growing food in your own backyard. MORE
Supermemory — An AI-powered platform to organize, search, and utilize saved information, acting as a digital second brain. Key features include importing bookmarks from Twitter, saving content from any source, and retrieving info with instant answers. It's open source. | by Supermemory AI | MORE
Friend — Avi Schiffmann's new AI pendant, Friend, is designed to combat loneliness by sending you reassuring or playful texts based on what it overhears. The always-listening device, which doesn't store recordings, has been compared to an adult Tamagotchi and is available for preorder at $99. | by Avi Schiffmann | MORE
Fabric – Daniel Kossmann walks you through installing Fabric, an open-source AI framework by Daniel Miessler, on Ubuntu Linux. | by Daniel Kossmann | MORE
Fleet – An open-source version of FleetDM's tool built on Osquery for vulnerability monitoring, MDM, detection engineering, and more applications. | by Fleet | MORE
SOC2 Policy Templates – A collection of templates for SOC2 policies and procedures that can be outputted as an HTML dashboard or PDF. MORE
Clutch Security – A platform providing visibility into all non-human identities within an organization, helping security teams identify associated risks. | by Clutch Security | MORE
RECOMMENDATION OF THE WEEKIf you’re at Blackhat this week, remember that 10 and 20 years from now you won’t remember the talks you saw this year. But you will remember spending that time with your friends.
Prioritize friend-time over presentation-time.
Not only is the friend time more precious and valuable, but you can get the talks later if you really want to.
APHORISM OF THE WEEK Become a Member to need one less burner phone at DEFCONPowered by beehiiv
UL NO. 444: Pizza Meter Intelligence, China Bypasses Bans, Securing AWS Secrets…
SECURITY | AI | MEANING :: Unsupervised Learning is my continuous stream of original ideas, story analysis, tooling, and mental models designed to help humans lead successful and meaningful lives in a world full of AI .
TOCNOTESHi!
OSINT is one of my favorite hobbies, and the Pizza Index is one of my best examples of what you can do with it. Basically it’s how much pizza the Pentagon is ordering—with the implication being that they’re working late because something’s going down.
And with the stuff happening between Iran and Israel (and elsewhere), it looks like they’re quite busy. Lots of pizza and empty bars.
🚨Pizza meter is off the charts and the “bars” in DC are empty near the Pentagon. Brace yourselves.
— RealBenGeller (@RealBenGeller)
2:07 AM • Aug 3, 2024
This is why I can’t wait to fully build out my agent framework, and for agent functionality to become integrated with models / platforms (my personal prediction for 2025).
This will allow OSINT experts to take all their various sources and techniques and turn them into continuous data pipelines that they publish via API.
I’ll be publishing many of these myself. Think Pizza Index, but for thousands of different signals around different activities. So, military movements, money transfers, discussion in various forums, etc. And because they’ll be AI Augmented, they won’t just be raw data streams, but actual analysis.
It appears X may be about to initiate an attack against Y. We make this assessment based on the following:
- The following troop and vehicle movements
- The following comments made by experts with an exemplary prediction record
- These moves in the following 3 prediction markets
Based on all three of these, we estimate a 93% chance of this attack taking place within 72 hours.
The type of reports that will be everywhere soon
Anyway, super excited about this.
Already in Vegas and we’re missing my cooled bed surface. And AC. And Neorest. But so worth it to see everyone.
Really looking forward to our UL Member meetup later this week. Going to get to see a few long-time members in person for the first time!
Dont’ forget your primary, secondary, and tertiary burner phones.
—
🚨The State of Things
Ok, given the state of the world right now—and the current stock market crash—I felt inspired to write a long stream-of-consciousness view of what’s happening in the world and how I plan on responding. It’s heavy and political and deep and personal, so only read it if you are interested in thinking and feeling things. READ IT
MY WORK
I don't know two shits about the Yen or the likelihood of a US recession, but what I can tell you is how I see things right now—as someone in the US—and how I am personally going to respond.
First and most obviously—things are a bit crazy. Here’s a short list.
- Riots in the UK… x.com/i/web/status/1…
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚☕️🗣️ (@DanielMiessler)
3:56 PM • Aug 5, 2024
A slightly upgraded version of last week’s main piece on why AI will disrupt business and society.
We've Been Thinking About AI All Wrong
AI is just a way to execute Intelligence Tasks that only humans can do.
danielmiessler.com/p/weve-been-thinking-about-ai-all-wrong
—
I spoke with Christine Gadsby, Head of Product Security Operations Team at BlackBerry and we talked about the Role of AI in Cybersecurity, including:
AI's real advancements, practical applications, and associated challenges, moving beyond the hype.
Enhancing Incident Response and Threat Hunting
Christine highlights AI's significant impact on enhancing incident response and threat hunting, how AI quickly analyzes vast data to identify Indicators of Compromise (IoCs), automates routine tasks, and improves decision-making with actionable insights.
And lots more…
Go check it out. WATCH THE INTERVIEW
SECURITYTwo critical ServiceNow vulnerabilities reported by AssetNote 💪 are being actively exploited. These flaws allow attackers to access databases, exfiltrate data, and read arbitrary files, and they’re currently affecting between 13k to 42k instances. MORE
A company has reportedly paid a new record-high $75 million to a ransomware group. It’s a lot of money compared to anything other than not being able to do business. MORE
DigiCert is revoking 83,000 TLS certificates due to a domain validation bug that could lead to clashes between records and subdomains. MORE
Sponsor
Dropzone AI
Hey, Daniel here.
I've seen a thousand different AI + Security startups at this point. Most are very early and/or theoretical. Some are pretty decent, and a few are impressive.
But the absolute best I've seen so far - by far - is Dropzone.ai. They’re the only company I’ve seen that’s really mastered the agent aspect of doing investigations.
It takes alerts from various tools and just starts working on them—just like a human would. Needs more data, goes and researches that. Needs to find some context? It goes and gets that.
So by the end you have a fully documented set of steps that were taken to research an alert, and a conclusion on whether or not it was malicious—all with full documentation.
I’m so impressed with it that I’m now an advisor as well.
Want to learn more and see Dropzone.ai in action? Come meet the Dropzone.ai team in person at Security Wasteland during Black Hat.
wwv.vulncheck.com/security-wasteland-black-hat-2024
Register HereChina is getting around U.S. bans on advanced AI chips through smuggling, front companies, and loopholes, ultimately allowing restricted Nvidia GPUs to flow into the country despite export controls. MORE
Ransomware attacks are rising with an 18% year-on-year increase reported by Zscaler ThreatLabz, including a record $75 million ransom paid this year. The U.S. faces nearly half of all attacks, with the U.K. being the second most targeted country. MORE
💡I’ve always considered ransomware attacks to be something we’d have to invent as a government service if it didn’t exist in the marketplace. Like as a way to test and punish bad security.
But my intuition was that after a number of years it would get harder and harder because security would increase. So if they’re still increasing, I wonder what the reason is. Are attackers moving to more vulnerable targets after others locked themselves down, or are they just getting better at finding holes, something else, or all of the above.
Probably all of the above.
If someone has more insight—or a write-up on this—on that I’d appreciate it.
A great analysis here of securing secrets in AWS outlines how to improve credentials access incrementally. The post covers using Secrets Manager and KMS to eliminate plaintext secrets from production and enhance credential management in CI/CD pipelines. MORE
A solid blog post discusses creating custom implants for evasion by building them in C, detailing server setup, client functionality, and testing against security tools. MORE
The average cost of a data breach jumped 10% to $4.88 million in 2023 according to the Cost of a Data Breach Report 2024. MORE
China is tightening its civilian drone export rules starting September 1 to prevent their use in military or terrorist activities. The new controls will target drones with IR imaging, laser guidance, and high-precision inertial measurement devices, while lifting restrictions on long-range civilian drones. MORE
AI / TECHOpenAI has started rollout of its new ChatGPT Voice feature for ChatGPT Plus users, enabling real-time conversations with emotion detection. Initially available to a small group, it will expand to all Plus users by fall 2024. MORE
💡I am part of this initial rollout and I can tell you that the conversations with the product are far more natural now.
I talk to AI a lot using the Cove voice on ChatGPT (Cove sounds an awful lot like TARS from Iterstellar btw) and that I have mapped to double-tap and my Action Button on my phone for quick access.
Now it’s just a bit more natural sounding, although I’m getting a lot of weird artifacts in the voice which could be due to load or bandwidth issues. Not sure.
Black Hat USA 2024 Preview: AI, AI, and More AI — Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch, along with Brian Donohue, discuss the upcoming Black Hat talks they're excited about. Highlights include sessions with H D Moore, Sherrod DeGrippo, and Moxie Marlinspike, as well as some intriguing talks with cryptic titles. MORE
California's SB-1047, the "Safe and Secure Innovation for Frontier Artificial Intelligence Models Act," aims to regulate large AI models by mandating safety measures to prevent catastrophic incidents. Critics argue that the bill's focus on existential threats could stifle current AI research and development. MORE
The EU's risk-based AI regulation began on August 1 with staggered compliance deadlines categorizing AI applications into low/no-risk, high-risk, and limited risk tiers. It imposes transparency, risk management, and penalties for violations, with standards for high-risk and powerful general-purpose AI models to be finalized by April 2025. MORE
OpenAI has launched the GPT-4o Long Output model (in limited availability), which extends its output capacity to 64,000 tokens—16 times more than the original GPT-4o. I think the best use cases for this will be things like writing long-form content. MORE
Google's experimental Gemini 1.5 Pro has claimed the top spot on the AI Chatbot Arena leaderboard, surpassing OpenAI's GPT-4 and Anthropic's Claude 3.5 with a score of 1300. I’ve personally not used it yet because I find using Google products to be excrucatingly painful—especially their AI products. MORE
Meta says it will need 10x more computing power to train Llama 4 compared to Llama 3. So impressed with how Mark has gone from Metaverse Failing to AI Winning in like a year. I credit Jujitsu. | MORE
Elliott Management is calling Nvidia a 'bubble' and says AI is 'overhyped'. They argue that the market is overly optimistic about AI's potential and Nvidia's role in it. I think it’s a bubble, but it’s a bubble like the internet in 1995. In other words, there will be a bursting of AI hype, but that’s completely unrelated to the hockeystick AI is about to produce. These are unrelated things. MORE | MY ANALYSIS
Bellingcat has put together a guide on identifying explosive ordnance (EO) in social media imagery. It covers how to verify the authenticity of images, use reverse image searches, and identify EO based on text, colors, shapes, and contextual clues. MORE
CrowdStrike is facing massive lawsuit after Blue Friday crashed over 8 million computers globally. The lawsuit claims the company made "false and misleading" statements about its software testing, leading to a 32% drop in share price and a $25 billion loss in market value. MORE
Intel is laying off over 15% of its workforce as part of a $10 billion cost reduction plan after missing quarterly earnings expectations. The company reported a $1.61 billion net loss for Q2 2024 and will not pay its dividend in the fiscal fourth quarter. MORE
Apple just posted a record-breaking Q3 2024 with $85.78 billion in revenue, surpassing analyst expectations of $84.46 billion. Not sure why Berkshire Hathaway just sold so much of it. People are saying he’s anticipating a massive sell-off and he wants to be in cash. MORE
Apple is ramping up spending to get Apple Intelligence ready for launch this fall. I’m using the beta that has it, and it’s already pretty impressive even without most of the stuff turned on. MORE
Continue reading online to avoid the email cutoff… HUMANSA lot of the world tried to push Huawei out of their infrastructure, but they’re actually getting more powerful, not less. MORE
A software company increased user engagement by 8x by drastically shortening their emails. Netlify's initial 150-word emails had a 1% reply rate, but cutting the text to 37 words boosted replies to 4%, and further reducing it to 14 words doubled that rate to 8%. Insane. Maybe the takeaway is people don’t have much time, and you should respect it. MORE
Last month, Shane Mac offered everyone at his company $25,000 to quit, and six people took it. He did this because he realized he had oversold the culture and needed to reset expectations to align with their ambitious mission of building a decentralized and secure messaging protocol. The move was part of a broader effort to rewrite their values, raise the hiring bar, and ensure only those deeply committed to the mission stayed on board. MORE
💡This is what I’ve been on about with the Alaskan Fishing Boat analogy. Companies only want fully-dedicated murderers now. Entitled people, people who are are C and B players—all of those are going to get increasingly phased out.
And AI will cut even more people who’ve been hiding in middle management and other parts of the org where they get paid tons of money to not add much value.
All the consultancies are going to use AI to come in and evaluate business operations and find all those people, and recommend to the C-team that they be fired and replaced with 1/10th their number of A-players, and AI.
Journalist Evan Gershkovich was among a group of Americans and Russian dissidents released from Russia in a seven-nation prisoner swap, the largest since the Cold War. The US and Europe released eight Russian prisoners, including hitman Vadim Krasikov. MORE
Researchers at the University of California, Santa Barbara have developed an AI model called SharkEye to help prevent shark attacks. The model uses drones to detect sharks with greater accuracy than humans, even spotting those below the water's surface. MORE
Treating failing eyesight and high cholesterol are two new ways to lower the risk of developing dementia, according to a major report. The Lancet Commission's latest findings suggest that addressing 14 health issues could theoretically prevent nearly half of all dementia cases worldwide. MORE
Self-control is about 60% heritable, meaning genes explain roughly 60% of the differences in self-control among individuals. A meta-analysis of 31 studies involving over 30,000 twins showed that identical twins are more similar in self-control than non-identical twins, highlighting the genetic influence. MORE
💡Holy crap this could be devastating if it’s supported in further studies. I worry about the narrative that both IQ and self-discipline are mostly genetic, thus giving people an easy ramp to write off individuals or groups if they have lower averages.
Luckily, even if true, 1) groups don’t define individuals, and 2) there’s likely a LOT of slack in the environmental part that we’re not—as a society—tapping into yet.
A new study reveals that people tend to alter their appearance to match their names. Researchers found that adults' faces often align with social stereotypes associated with their names, while children's faces do not show this pattern. I guess be even more careful what you name your kids? MORE
A key protein called Reelin may help stave off Alzheimer's disease. A number of new studies suggest that Reelin helps maintain thinking and memory in aging brains, and when its levels fall, neurons become more vulnerable. People are starting to work on drugs for this, obviously. MORE
Wizards of the Coast will release the 2024 Dungeons & Dragons rulebooks under a Creative Commons license, fulfilling a promise made after backlash over attempts to change the Open Gaming License. MORE
"If Novelists Wrote Your Bug Reports" imagines how famous authors would describe software bugs in their unique styles. Ernest Cline likens a screen flicker to scenes from "Back to the Future" and "Ghostbusters," while Ursula K. Le Guin philosophizes about the existential pain of coding errors. MORE
IDEASMore analysis on how bad the results were of the recent UBI study done by Sam Altman. It appears to be pretty bad, just like we talked about last week.
A lot happened in July.
But, one event went quietly unnoticed.
The result of largest American controlled experiment in Universal Basic Income (UBI) was released.
You haven’t heard about it because the findings are terrifyingly bad. (1/12)
— Athan Koutsiouroumbas (@Athan_K)
5:23 PM • Aug 2, 2024
—
A really cool idea from Jonathan Haidt about free-range kids, and a cool idea for giving them more freedom.
DISCOVERY
Here's a great collective action solution that you might be able to do in your neighborhood: Create a "play street", once a month: close off a street for 2 hours, for kids to play, for neighbors to meet. It has transformative effects!
theatlantic.com/family/archive…
— Jonathan Haidt (@JonHaidt)
11:54 AM • Aug 3, 2024
🌱Farmbot is an open-source farming machine for growing food in your own backyard. MORE
Supermemory — An AI-powered platform to organize, search, and utilize saved information, acting as a digital second brain. Key features include importing bookmarks from Twitter, saving content from any source, and retrieving info with instant answers. It's open source. | by Supermemory AI | MORE
Friend — Avi Schiffmann's new AI pendant, Friend, is designed to combat loneliness by sending you reassuring or playful texts based on what it overhears. The always-listening device, which doesn't store recordings, has been compared to an adult Tamagotchi and is available for preorder at $99. | by Avi Schiffmann | MORE
Fabric – Daniel Kossmann walks you through installing Fabric, an open-source AI framework by Daniel Miessler, on Ubuntu Linux. | by Daniel Kossmann | MORE
Fleet – An open-source version of FleetDM's tool built on Osquery for vulnerability monitoring, MDM, detection engineering, and more applications. | by Fleet | MORE
SOC2 Policy Templates – A collection of templates for SOC2 policies and procedures that can be outputted as an HTML dashboard or PDF. MORE
Clutch Security – A platform providing visibility into all non-human identities within an organization, helping security teams identify associated risks. | by Clutch Security | MORE
RECOMMENDATION OF THE WEEKIf you’re at Blackhat this week, remember that 10 and 20 years from now you won’t remember the talks you saw this year. But you will remember spending that time with your friends.
Prioritize friend-time over presentation-time.
Not only is the friend time more precious and valuable, but you can get the talks later if you really want to.
APHORISM OF THE WEEK Become a Member to need one less burner phone at DEFCONPowered by beehiiv
July 31, 2024
UL NO. 443: North Korean Co-workers, UBI Failure?, AI-Groupthink, GPS Spoofing…
SECURITY | AI | MEANING :: Unsupervised Learning is my continuous stream of original ideas, story analysis, tooling, and mental models designed to help humans lead successful and meaningful lives in a world full of AI .
TOCNOTESHi!
Here’s what’s up:
Gearing up for Vegas. 11 days, assuming I don’t get sick after like 4. 😷
If you see me, please know that I’m shy and awkward like 20-60% of the time. Just say hi anyway. I love people and it’s good training for me for being more extraverted.
I watched a number of videos last night about people losing their jobs, starting a YouTube channel, and just generally struggling. And of course as soon as I watched two of these, my whole feed was this.
So I watched 10 more. It’s very sad.
People are hurting because they’re feeling the ground shifting under their feet and it’s not clear if it’s their fault, what’s going on, or what to do about it.
This is why I’m doing what I do now. To help people like I saw in those videos. I subscribed to all of them to boost their numbers, and I’m going to try to reach out to them and send them encouragement.
Be kind to people. Everyone’s hurting in some kind of way. Especially right now, and hurt people are often more mean than they normally would be. See: politics.
Ok, let’s get to it…
MY WORKThis my absolute best argument for why AI will have an extraordinary effect on the economy and jobs. Send it to your friends who are still skeptical.
We've Been Thinking About AI All Wrong
AI is just a way to execute Intelligence Tasks that only humans can do.
www.danielmiessler.com/p/weve-been-thinking-about-ai-all-wrong
—
I created a full video going through our new Substrate project. If you prefer videos to long articles, this is the way.
SECURITYKnowBe4 accidentally hired a North Korean state actor who tried to install info-stealing malware on their devices. They caught it in time, but it shows how good North Korean hackers are at pretending to be IT staff. | Bill Toulas | MORE
GitHub's repository design flaw allows indefinite access to data from deleted and private repositories, known as Cross Fork Object Reference (CFOR). | by @TruffleSecurity | MORE
A plane’s GPS was jammed on a commercial transatlantic route for the first time, raising fears that thousands of other flights could be at risk of deliberate hacking. The incident happened on a flight from Madrid to Toronto and is suspected to be a targeted attack rather than accidental interference. | MORE
Sponsor
Remove Barriers to AI Innovation with Tines
When it comes to implementing AI, privacy and security concerns make things complicated. It doesn’t help that many AI tools demo well but fall short in real-world deployment, complicating vendor due diligence.
AI in Tines was designed to address your security team’s valid concerns around data privacy, security, and usability, and help you overcome the challenges of inflexible technologies.
Tines makes workflow automation and AI accessible to any member of your team, while supporting your AI guardrails. You’re in control - you decide when and how your workflows interact with AI.
The result: a scalable automation program that drives innovation, and frees up resources to spend on mission-critical, strategic work.
TRY IT FREEThere's been a 400% increase in GPS spoofing incidents, affecting around 900 flights daily. This spike is causing major safety concerns, especially with systems like EGPWS becoming unreliable. A new workgroup has been set up to address these issues and find solutions. | MORE
France's high-speed rail traffic got disrupted due to what officials are calling 'malicious acts' just before the Olympic ceremony. | MORE
Sponsor
Discover, secure and govern genAI use
Nudge Security has discovered over 500 unique genAI apps in customer environments to date, without the need for any prior knowledge of an app’s existence.
Within minutes of starting a free trial, you’ll have a full inventory of all genAI apps in use (along with every other SaaS app) and security profiles for each provider to quickly vet new or unfamiliar tools.
Get your free genAI inventory today.
nudgesecurity.com/use-cases/mitigate-ai-risks
Free TrialGoogle has decided not to phase out third-party cookies in Chrome and will instead offer users more control over how these cookies are used. This move comes after realizing the significant impact on publishers and advertisers. | by Lawrence Abrams | MORE
💡I’m shocked that this company that makes most of its money on advertising—and is bad at rolling out products—cancelled a thing that’s 1) really difficult to do, and 2) would negatively affect advertisers.
An evaluation of Amazon GuardDuty reveals limited coverage and high costs, with significant latency in detecting attacks like S3 ransomware. | by Tracebit | MORE
Google's reCAPTCHA is showing its age and is harvesting user information and labor worth billions while being almost universally disliked and vulnerable to bots. Cloudflare has an alternative, but I’m not sure it’s good enough to fully replace. MORE
The Senate unanimously passed the DEFIANCE Act, letting victims of nonconsensual intimate images created by AI sue their creators for damages. Victims can get up to $150,000, or $250,000 if linked to sexual assault, stalking, or harassment. | by Lauren Feiner | MORE
The U.S. Commerce Department says shipments of high-performance processors from China and Hong Kong to Russia have dropped by 20%, but Hong Kong is still a key hub for smuggling critical components. Despite the decrease, nearly $2 billion worth of goods were shipped from Hong Kong to Russia in late 2023. MORE
AI / TECHWiz turned down a $23 billion acquisition offer from Alphabet and is instead aiming for an IPO. Completely baller move. My thoughts are that they knew they could get more money and they knew that going to Google was basically a move to The Graveyard. MORE
AI is replacing jobs in the video game industry, with major companies like Activision using generative AI tools for concept art. This has led to significant layoffs, with an estimated 10,500 people losing their jobs in 2023 and even more this year. | by Brian Merchant | MORE
A new study shows that while generative AI like ChatGPT makes individual stories more creative and engaging, it also makes them more similar to each other. | by Ben Dickson | MORE
💡I’ve heard a lot of supposed risks from AI, but this one sounds pretty realistic. We’ll need to engineer in mechanisms for exposure to alternative frames, models, and viewpoints to avoid people consolidating and following an AI-powered groupthink on various topics.
And avoiding sentences that are too long.
Switzerland has passed a law requiring all public sector agencies to use open-source software and open-source any code they develop. This move aims to reduce vendor lock-in, foster innovation, and save taxpayer money. | by Dr. Matthias Stürmer | MORE
💡I generally love this. But two things:
Open doesn’t mean secure by itself, without other effort. We’ve seen that multiple times now.
Support has always been an issue for OSS, so they’ll still need to train staff and/or hire companies to maintain the stuff.
Gumloop is a super-slick platform for automating AI workflows. They raised a $3.1M Seed round led by First Round Capital with participation from YC and co-founders at Instacart, Dropbox, and Airtable. MORE
Alphabet is putting another $5 billion into Waymo to push forward its self-driving tech. This investment aims to solidify Waymo's position as a leader in autonomous driving. | by Jonathan M. Gitlin | MORE
💡It’s looking a lot like Waymo vs. Tesla for self-driving taxis. But the approaches are very different. Waymo needs a LOT of time in a city before it’s ready to go, and Tesla is taking the Elon approach of shooting for the moon (Mars?) with tech that may or may not be possible yet.
For example: Elon said full self-driving was pretty easy and would be solved years ago, but it’s 2024 and it’s just now getting good.
Joe Procopio argues that tech companies are struggling to find good employees because they focus too much on credentials and not enough on skills. He suggests that companies should prioritize practical experience and problem-solving abilities over degrees and certifications. | by Joe Procopio | MORE
💡It’ll take a while, but this is precisely the shift that’s happening. And yeah—AI will force the issue.
ASTRA Scores: AI-Powered Assessment and Rating Systems
With AI, hiring, dating, and learning is about to get very strange
danielmiessler.com/p/astra-scores-aipowered-assessment-rating-systems
Apple just launched a beta version of Apple Maps for the web. This means you can now use Apple Maps directly from your browser without needing an iPhone or Mac. | MORE
HUMANSThe Wall Street Journal explores why the U.S. birthrate is declining, citing economic uncertainty, career priorities, and lifestyle choices as key factors. MORE
The idea that Universal Basic Income (UBI) reduces the need to work isn't new, but recent studies show it doesn't lead to better jobs or more education. Instead, people just work less. | by Alex Howlett | MORE
💡I think the issue is that certain people will spend free time and money to better themselves, and certain people won’t. And it’s not clear what that distinction is or how to nurture it.
But the way forward starts with trying to isolate the behavior and its cause, rather than believing in fairytales like “giving away free money will make everyone ambitious”.
This reminds me of a very similar lesson I learned when hiring in cybersecurity over 20 years: exposing people to training and encouragement makes the stars stand out, but it doesn’t turn everyone into stars.
Southwest is ditching its open seating policy after 50 years to boost profits and meet customer preferences. They found that 80% of their fliers prefer assigned seats, and they plan to charge more for premium options like extra legroom. | by Cassandra Cassidy | MORE
Continue reading online to avoid the email cutoff…The Senate's version of the 2025 NDAA doesn't include the 'Countering CCP Drones Act,' which would have banned DJI drone sales in the U.S. This decision came after opposition from over 6,000 public safety agencies and hundreds of thousands of drone pilots. | MORE
💡I’m happy-sad about this. I love DJI drones, but I feel like we need to go without them to instill enough hurt to inspire a friendly competitor.
Nearly 40% of Americans are stressed about making ends meet, up from 28% in 2021. This is similar to Great Recession numbers. | by Matt Egan | MORE
US Economic Growth Hits 2.8% — The U.S. economy grew at a 2.8% annual rate last quarter, driven by consumer and business spending despite high interest rates. MORE
Weight-loss drugs like Ozempic, Mounjaro, and Wegovy are causing people to spend less on groceries and choose healthier options. A new study shows that users buy 52% less snacks and confectionery, 47% less baked goods, and 28% less sugary drinks. | by NY Post | MORE
A new antibiotic from the University of Illinois Chicago disrupts two different cellular targets, making it 100 million times harder for bacteria to evolve resistance. | by University of Illinois Chicago | MORE
One dose of a new nasal spray treatment clears toxic tau proteins from brain cells, improving memory. | by UTMB | MORE
Remember: the bigger the finding the more you should wait for supporting studies. In my mind this stuff isn’t completely real until the drug is available to normal people after being tested rigorously.
Still, very exciting.
Liberals and conservatives are both prone to conspiracy theories; they just prefer different ones. That’s the conclusion of a recent paper by Adam Enders and colleagues, looking at the relationship between conspiracy theories and political orientation. | by Steve Stewart-Williams | MORE
Henrik Karlsson talks about how generating interesting ideas is like building a muscle. He says that the more you write and think deeply, the better you get at coming up with new and meaningful thoughts. | by Henrik Karlsson | MORE
IDEASZuckerberg is arguing that China is going to steal weights anyway, and there’s no way to stop that, so we might as well develop advanced AI as open-source.🧵
DISCOVERY
This is extraordinary.
Here, Zuckerberg argues that we might as well YOLO out advanced AI as open-source since none of the closed-source companies have good enough cybersecurity to keep 🇨🇳 from stealing their weights anyway.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚☕️🗣️ (@DanielMiessler)
11:02 AM • Jul 25, 2024
SearchGPT — OpenAI just announced SearchGPT, a new tool that integrates search capabilities directly into ChatGPT. It’s still wait-listed tho. | by OpenAI | MORE
I Use Obsidian — Jason Heppler shares how he uses Obsidian for note-taking and knowledge management. He dives into his workflow, plugins, and tips for getting the most out of the tool. | by Jason Heppler | MORE
In the Beginning Was the Command Line — Neal Stephenson's classic essay on operating systems and the cultural implications of technology. It's a deep dive into how we interact with computers and why it matters. | MORE
My Obsidian Note-Taking Workflow — This article dives into the author's detailed workflow for using Obsidian for note-taking, including why they chose Obsidian, how they use Markdown and Vim motions, and the essential plugins that enhance their productivity. | by Simon Späti | MORE
Bash-Oneliners — A collection of terminal tricks for Linux. | by Bonnie I-Man Ng | MORE
DataChain: Unstructured data management for AI projects, reimagined — Iterative's new open-source tool lets you simplify AI projects and scale unstructured data management. | by Iterative | MORE
Llama agent stack — Meta has released an example system for using its Llama models as agents to perform a variety of tasks. | by Meta | MORE
Open-World Exploration in Minecraft — Odyssey is a new framework that equips large language model-based agents with advanced skills for exploring Minecraft. | by ZJU VIPA Lab | MORE
Claude Engineer — An advanced CLI that uses Anthropic's Claude 3 and 3.5 models to assist with software development tasks. | by Pietro Schirano | MORE
Lakera — A low-latency AI application firewall that secures traffic into and out of generative AI applications. | by Lakera | MORE
GPT4-Captcha-bypass — A CLI tool using OpenAI GPT-4 to solve various types of captchas including puzzle, text, and reCAPTCHA. | by Yunus Aydin | MORE
FlowAnalyzer — A tool for understanding OAuth 2.0 Grants/Flows with support for OIDC and JWTs. | by Manuel Berrueta | MORE
Bash Simple Curses — A simple Bash library to create terminal interfaces. | by metal3d | MORE
RECOMMENDATION OF THE WEEKI’m going to try to do something for the next several months. I kind of do this all the time already, but I’m going to emphasize it going into election time.
When someone labels me as super-liberal, I’m going to say something nice about their conservative views. I’m going to humanize them.
When someone labels me as super-conservative, I’m going to say something nice about their liberal views. I’m going to humanize them.
Try it, and see if it opens the conversation at all.
I learned how to do this years ago from Jonathan Haidt’s book, The Righteous Mind.
APHORISM OF THE WEEK Become a Member to Instantly Know KaratePowered by beehiiv
July 29, 2024
We've Been Thinking About AI All Wrong
When I tell people that AI going to separate people into have’s and have-nots, or multiply our global productivity by trillions of dollars, most don’t believe me.
I realize now why that is. It’s because most people don’t have the right mental model for thinking about AI.
When most people think AI they think image generation or chatbots. And understandably so—since those were the first applications of what’s now called GenAI.
But it’s much better to think of AI as an Intelligence Pipeline.
Great question. An Intelligence Pipeline is a series of Intelligence Tasks that result in a useful output. And Intelligence Tasks are functions that can only be done using human intelligence.
Here are some real-world examples.
Intelligence Pipeline ExamplesBefore we get into these, let’s highlight the point by doing something crazy. Let’s completely abandon the word “AI”. It’s a silly word, and it means 100 different things depending on who you ask.
Instead I want you to think about people. Humans. And specifically, human workers.
So imagine a person—let’s call them Chris—who works in a cube with a computer. Chris has a coffee next to him, and a small plant. And a picture of his girlfriend and his dog on the cube wall.
Chris’s jobChris works at a company called CutePup. CutePup finds pictures of cute dogs and puts them on the CutePup website.
Chis is a member of a Process Team that does one part of the company workflow. Here’s the whole process.
Take an uploaded picture and determine if it’s a dog
Determine if the dog is cute
Determine what kind of dog it is
Post all cute dogs on the website in the section for its breed
So the workflow looks like this:
The CutePup Workflow
That’s it. That’s what CutePup does.
Chris is not alone in his building. He’s in a cube farm with 48,912 other people.
Chris is part of the Process 1 team, so his job is to determine whether a picture is a dog or not. Here’s what he sees on his screen all day:
That Chris lyfe
This one is a cat, so Chris clicks on the No button.
Chris’s teammatesCarol sits next to Chris. She works in Process 2. She only gets photos that Process 1 has determined are dogs, and she has a screen that asks her if the dog is cute or not.
Carol has a better job
Next to Carol is Amir who works in Process 3. Amir is an expert on dog breeds.
When a dog pops up, Amir looks at it and types in the breed into a text box.
You’ve got to know a lot of dogs
Why use humans and not just computer code?You might be wondering why we don’t have computers do this.
Well, because they can’t. You can’t ask Python or C++ if something is a dog or not. Or if that dog is cute.
You need a human for that. You need Intelligence.
So, the CutePup workflow looks like this:
Is it a dog?
Is it cute?
What kind is it?
That’s three different tasks that require human intelligence. That’s an Intelligence Pipeline, and each node in the Pipeline is an Intelligence Task.
Let’s look at more complex example.
ClaimRight InsuranceClaimRight is an insurance company that pays people out if their products wear out before they’re supposed to. It’s for all sorts of products, like scooters, tents, baby strollers, etc.
But they don’t pay out if it’s fraud or abuse of the product. Here’s the workflow:
Checking for fraud and abuse of the product
Look at the 50 pictures of the item that are submitted as part of a claim
Determine if the item is covered by ClaimRight
Review the video of the submitter talking through the photos they took
Determine if it’s the same person who took out the policy based on their face and their voice
Determine whether the item in the video is the same as the item in the photos
Determine whether the damage in the photos is from normal wear-and-tear or from abuse
If everything adds up, mark it as wear-and-tear and pay out the policy.
Kira works at ClaimRight, along with 349,219 other people in the Boise office. She has a plaque on her cube for 25 years of service. She’s really good at determining the difference between wear-and-tear and abuse.
And she’s not just good at it—she’s fast. In her 8 hour day, not counting lunch and breaks and stuff, she can get through an average of 29 cases per day!
29!
That’s 11 more than the median, and with an 89% accuracy rating, which is top 2% in the company.
Now let’s look at something even more cognitively difficult.
OverseerKevin works at Overseer. They’re a military intelligence service company that sells intelligence reports to the US government. They specialize in watching all the military bases in a foreign country using satellite images, and then determining what that country is doing militarily.
Here’s the Pipeline.
Lots of analysis and expertise needed in multiple places
Look at the 28,452 satellite images that come in every day
Compare the images to the previous day’s images
Identify everything in the new image
Determine what changed since the last image
Determine the military significance of those changes
Construct a narrative around that significance, framed for a particular customer within the government
Write the report
Submit the report
Kevin is an employee at Overseer, and he’s kind of a genius. Among the 712,309 people who work at his company (there are hundreds of satellites and hundreds of places of interest to monitor), he’s one of the few who can work in Process 2, Process 3, and Process 5. Plus he’s pretty good at 6 and 7. Most people can only do one or two.
And like Carol at ClamRight, Kevin is super fast. He can actually do 9 reports per week! End-to-end if necessary. And his accuracy is off the charts at 86%.
Let’s look at another example—this time in Medicine.
Badspot checks for molesBadSpot is a company that checks for dangerous moles on people. You send in the picture and it determines if it’s something you need to worry about.
Here’s the BadSpot Intelligence Pipeline.
Decades of schooling and experience required
With CutePup and ClaimRight the stakes were pretty low. Maybe you get an occasional cat in your dog pics, or maybe the insurance policy pays out when it shouldn’t have. No biggie.
But with Overseer and BadSpot, we’re talking about military intelligence and health. So we’re potentially dealing with people’s lives.
And as you might expect, the level of expertise required is much higher. Think about the intelligence, knowledge, and experience needed to execute the Intelligence Tasks in these Pipelines:
OverseerKnow thousands of different military vehicles
Know the military history of the target country
Know all their recent military moves
Correlate that data with what’s happening in the news
Correlate that with what’s happening in other intel reports
Experience with analyzing satellite photos
Experience with detecting techniques that attempt to hide vehicles and military activity
Expertise in writing intel reports for different audiences
BadSpotAnyone doing the job must be a Doctor (M.D.)
So that’s medical school, a residency, and then however long they’ve been practicing
The better they are intelligence and creativity wise (think the TV Show, House), and the more experienced, the better they are at finding the Bad Spots.
One thing both of these Intelligence Pipelines have in common is that there aren’t many people who can do the Intelligence Tasks involved. Like, there aren’t many people who can do these things on the planet. We’re talking a few a few thousand at most.
More on that later. First let’s look at how common these types of Tasks and Pipelines are throughout society.
More Intelligence Task and Pipeline ExamplesAs it turns out, business is nothing but collections of these types of intelligence tasks and pipelines.
Here are a bunch more Intelligence Tasks we all recognize from the corporate world.
Office worksummarize_meeting
send_summary_to_stakeholders
read_report
proofread_document
create_meeting
organize_event
Programming worksolve_problem
write_code
research_better_way
check_for_security_issues
check_peers_code
approve_pr
Customer Service workread_complaint
check_customer_history
check_for_fraud
check_current_policy
respond_to_customer
make_customer_happy
Medical workanalyze_mole
diagnose_disease
write_prescription
analyze_xray
assess_patient
analyze_mri
talk_with_family
Researcher workfind_sources
rate_sources
summarize_article
rate_article
extract_key_ideas
synthesize_ideas
perform_analysis
write_report
submit_report
find_funding
Manager workinterview_candidate
give_performance_review
manage_budget
document_program_progress
write_progress_update
create_progress_update_presentation
deliver_presentation
Creative Workbrainstorm
riff_on_idea
expand_idea
write_first_draft
create_art
write_prose
And the list goes on…
The thing that unifies all these tasks is that you can’t give them to a computer program to execute.
These are things that only humans can do. These aren’t just work tasks, they’re Intelligence tasks.
Similarities across tasks and pipelinesNow let’s look at some similarities across all these tasks and pipelines.
Above we looked at four different companies: CutePup, ClaimRight, Overseer, and BadSpot—all doing various thinking-based activities that require human intelligence. And then we looked above at a whole bunch more examples of intelligence-based tasks.
Now that we’ve talked about them, let’s look at what makes someone good or bad at these things.
Traits that make people good at intelligence-based tasksHere are some attributes that make great employees in knowledge work.
Smarts — how sharp are they at finding patterns and adjusting?
Knowledge — how much do they know about the field?
Experience — how many examples have they seen?
Consistency — do they deliver high-quality after 8 hours of doing it?
Attention-to-detail — do they catch the details?
Speed — How many of these tasks can they do in a period?
Dependability — do they call in sick or take lots of vacation?
Autonomy — How independent are they at doing the task?
Trustworthiness — are we sure they haven’t been paid off?
Caution — do they cause problems we have to clean up?
Learning — do they learn new stuff quickly?
I think these are solid attributes. Now let’s collapse them into a few metrics.
ITEM — Intelligence Task Execution MetricsSo the metrics concept we’ll remember as ITEM (EYE-tehm), and the metrics themselves we’ll remember as KISAC (KAI-sack).
📘 Knowledge — The depth of their knowledge about the entire field, it’s history, all the main thinkers in the field, all the seminal works, all the academic theory, all the books, all the papers, etc.
🧠 Intelligence — The ability to hold all that knowledge in their mind at once, find the patterns in the input being evaluated, and come up with insightful analysis.
🕰️ Speed — The number of those tasks they can do—per minute, day, week, etc.—at a given quality level.
🔎 Accuracy — Their accuracy, lack of mistakes, etc.
💶 Cost — The amount of money it costs to hire them, keep them employed, and keep them trained.
These are decent because they capture not only someone’s ability to do a task (knowledge and intelligence), but also the performance of their outputs (speed and accuracy), as well as the cost of execution.
Coming back to AIRight, so that was a lot of setup, and now we’re able to make the main point.
The best way to think about AI—especially as it relates to business, the economy, and productivity—is to realize that AI is simply a way to execute all these various Intelligence Tasks better, more consistently, and cheaper.
Companies are just Intelligence Tasks organized into Pipelines
That’s it. Forget all the other crap about AI.
Forget the chatbots
Forget the image generation
Forget the crazy videos
Those are distractions.
What matters is how AI will help humans do actual work that otherwise humans would have had to do ourselves. And keep in mind—a lot of intelligence-heavy work isn’t being done at all!
There are thousands of intelligence-based tasks that desperately need doing, but there simply aren’t enough people to do them.
Watching all the meteors in the sky (Astronomy)
Tutoring (Education)
Medical Evals (Medicine)
Looking things up (Library Science)
Tracking transactions (Fraud & Corruption)
Investigations (Journalism)
Researching a Topic (Research)
Empathic and Active Listening (Mental Health)
Watching computer logs (Cybersecurity)
Watching security cameras (Physical Security)
Tracking down criminals and corruption (Journalism)
Etc.
There are literally billions of people who don’t have access to teachers, tutors, therapists, nurses, researchers, journalists, etc., and all the wonderful Intelligence Tasks that they are able to do.
The planet needs hundreds of billions of these Intelligence Tasks done every day, and there are very, very few people with the education, training, certification, or availability to carry them out.
And that’s just for the stuff that nobody is doing. Now let’s look at the work that’s actually being done using the KISAC metrics above.
Comparing humans vs. AI on Intelligence TasksHere are the KISAC metrics again.
📘 Knowledge — The depth of their knowledge about the entire field, it’s history, all the main thinkers in the field, all the seminal works, all the academic theory, all the books, all the papers, etc.
🧠 Intelligence — The ability to hold all that knowledge in their mind at once, find the patterns in the input being evaluated, and come up with insightful analysis.
🕰️ Speed — The number of those tasks they can do—per minute, day, week, etc.—at a given quality level.
🔎 Accuracy — Their accuracy, lack of mistakes, etc.
💶 Cost — The amount of money it costs to hire them, keep them employed, and keep them trained.
—
📘Knowledge👥Humans:
📚Reading: A couple thousand books maximum
💼Experience: Let’s say 50 years
🔬Examples: Let’s say hundreds, thousands, or a tens of thousands max
🤖AI:
📚Reading: All the books in the entire field, with perfect recall, and millions of related books
💼Experience: The combined experience of every person who’s ever done that task
🔬Examples: Tens or hundreds of millions, or maybe billions depending on the task
—
🧠 Intelligence👥Humans:
Very few Einsteins or Von Neumann’s in the world
Max I.Q. around 180 or so
Most people at around 100
Not rising very fast at all
🤖AI:
In 2022 it was less smart than a child
In 2024 it’s currently around 100 I.Q., depending on the task
Many experts agree that top models will be genius-level within a few years
In narrow applications, current models are already super-human
It’s improving very quickly
—
🕰️ Speed👥Humans:
Checking Moles — A few hundred a day
Report Writing — 1 to 15 a month
Article Summarization — 5 to 20 a day
Cyber Investigations — 1 to 5 a week
Rating Cute Dog Pics — 200 - 2000 a day
Assessing X-Rays — 100 - 500 a day
🤖AI:
Checking Moles — Millions per day
Report Writing — Hundreds per day
Article Summarization — Thousands per day
Cyber Investigations — Dozens per day
Rating Cute Dog Pics — Hundreds of thousands per day
Assessing X-Rays — Hundreds of thousands per day
Keep in mind—this is just for a single AI instance, and most systems will have a fleet of them performing what a single human or a small human team was doing. So multiply those numbers by 10, 100, or 1000x.
—
🔬Accuracy👥Humans:
Very high accuracy if the human goes extremely slow, depending on the person and the task
Medical errors are the third largest cause of death in the US. SOURCE
🤖AI:
Some studies are already showing AI as equal to, or better than, doctors at identifying diseases, assessing moles, reading X-Rays, etc. SOURCE
Automation allows for faster use of multiple checks and validations to ensure acceptable results
AI’s accuracy within a given pipeline is likely to increase over time due to the Knowledge and Intelligence advantage, whereas humans have a constant cycle of get_smart —> retire —> retrain
—
💶 Cost👥Humans:
Expensive to train
Expensive to retrain
Expensive and time consuming to re-integrate into a team
Expensive to replace
Even more expensive for those with the best results
🤖AI:
Will cost a tiny fraction for most Intelligence Tasks
Will cost a tiny fraction for re-training and re-deployment
Upgrades to general models will often upgrade the entire fleet
The difference in cost between execution at mid-human level vs. high-human-level will likely be negligible
—
In short, humans will beat out AI in a few things for a long time to come—but for most Intelligence Tasks, AI is going to do 10-1000x the amount of work that humans can do—with as-good-or-better quality—for a fraction of the cost.
And again, this is not some theoretical or ambiguous work. This is the work we’re all familiar with. It’s the regular work we get hired at companies to do.
Regular work that humans get hired to do every day
That is what AI is. And that is why it matters.
SummaryPeople are confused about AI becasue they equate it with either chatbots or image generation.
The best way to clarify your thinking on it is to remove the word “AI” from the conversation entirely.
Replace the word “AI” with a unit of work that only humans can do, called an Intelligence Task.
AI is getting extremely competent at executing such tasks, and it’s doing so faster, better, and cheaper every day.
Companies are just sequences of those Intelligence Tasks organized into Intelligence Pipelines that accomplish a given goal.
Which means companies and individuals that intelligently leverage AI will become dominant, while those that don’t will get left behind.
Meanwhile, the Intelligence Pipelines that used to get executed by human workers will soon be mostly be executed by AI.
This is why AI matters, and why it will have such an extraordinary impact on the economy and society.
Powered by beehiiv
July 22, 2024
UL NO. 442: Crowdstrike Analysis, Cannabis=Soma?, NK Github SE, AI Weaponry
SECURITY | AI | MEANING :: Unsupervised Learning is my continuous stream of original ideas, story analysis, tooling, and mental models designed to help humans lead successful and meaningful lives in a world full of AI .
TOCNOTESHey there!
Any sufficiently bad software update is indistinguishable from a cyberattack…
— Leigh Honeywell (@leighhoneywell)
12:36 PM • Jul 19, 2024
Legend post by Leigh Honeywell 👆
Had a wonderful couple days celebrating my best bud’s birthday in Colorado! Happy Birthday, Jason! MORE
I did a presentation for a UN group on the future of AI and employability, and it should be coming out soon on YouTube.
We’re doing another UL Dinner in Vegas. Stay tuned in chat for the deets.
Mad props to all the people who had to hustle and grind this weekend after Blue Friday 👏
Ok, let’s get to it…
MY WORKHeads-down on the AI class, which is on the 26th, 9AM PST. SIGN-UPS CLOSING WEDNESDAY
SECURITYThe Crowdstrike Outage — Banks, airlines, hospitals, media companies, and tens of thousands of other businesses got hit with a global IT outage that locked workers out of their devices. The issue was a bad update to the Crowdstrike client, which prevented bootup and required someone to physically interact with the machine in safe mode. | MORE
💡It appears that this might have been the largest IT outage ever—ironically, even bigger than Y2K, which did mostly nothing.
I’m trying to come up with lessons-learned here, but perhaps the biggest is around PR. The CEO came out and said—basically—”Don’t worry, this isn’t a security problem” (Paraphrasing)
Which is a really bad thing to say when the internet has been turned off. It’s like, I don’t care what you call this thing that’s happening, but it’s definitely bad.
He later apologized fully and put out better language, but I liked my buddy Chris Hoff’s proposed language better, which was something like, “This was not a security attack against Crowdstrike or its customers, but an outage caused by a bad software update.”
Another thought I had was that this would be less likely to happen if Microsoft was performing the EDR function, because—presumably—they would be more familiar with all the moving parts, have more integrated testing, etc.
It just seems to me like the natural evolution here is a lot like Defender, where the platform eventually catches up to the quality of the standalone, and it gets less and less smart to use something not part of the OS.
🔧A new threat actor called CrystalRay is using an open-source tool called SSH-Snake to move laterally across networks, exfiltrate credentials, and deploy cryptomining malware. The malware can modify itself to remain fileless and self-propagating. MORE
GitHub has warned developers about a social engineering campaign by the Lazarus Group (North Korean) targeting developers in cryptocurrency, gambling, and cybersecurity. They gain trust over time and then start submitting malware. MORE
Sponsor
Dropzone AI
Hey, Daniel here.
I've seen a thousand different AI + Security startups at this point. Most are very early and/or theoretical. Some are pretty decent, and a few are impressive.
But the absolute best I've seen so far - by far - is Dropzone.ai. They’re the only company I’ve seen that’s really mastered the agent aspect of doing investigations.
It takes alerts from various tools and just starts working on them—just like a human would. Needs more data, goes and researches that. Needs to find some context? It goes and gets that.
So by the end you have a fully documented set of steps that were taken to research an alert, and a conclusion on whether or not it was malicious—all with full documentation.
I’m so impressed with it that I’m now an advisor as well.
GET A DEMOPalmer Luckey, the guy who created Oculus, is now making AI weapons for Ukraine through his company Anduril. He started Anduril to build AI-driven weapons like drones and submarines, which are now being used by the Pentagon and sent to Ukraine. MORE
China is installing record amounts of solar and wind energy, adding 10 gigawatts of wind and solar capacity every two weeks, which is like building five large nuclear power plants weekly. This really makes me mad. I want the US to do this, and more. MORE
Iran and China are increasing their foreign influence efforts, using social media to stoke discord and promote anti-U.S. narratives. Google blocked over 10,000 instances of Chinese influence activity in Q1 2024 alone. MORE
Sponsor
Discover, secure and govern genAI use
Nudge Security discovers all genAI accounts ever created by anyone in your org, in minutes. No agents, browser plug-ins, or prior knowledge of an app required.
Within minutes of starting a free trial, you’ll have a full inventory of all genAI accounts and security profiles for each provider to help you vet new or unfamiliar apps.
Get your free genAI inventory today.
nudgesecurity.com/use-cases/mitigate-ai-risks
Free TrialThe U.S. Department of Justice seized two domains and searched nearly 1,000 social media accounts used by Russian actors to spread pro-Kremlin disinformation. MORE
Cloudflare says nearly 7% of all internet traffic is malicious, with DDoS attacks making up over 37% of all mitigated traffic. In Q1 2024 alone, they blocked 4.5 million unique DDoS attacks, and the sophistication of these attacks is increasing. MORE
UK police arrested a 17-year-old suspected of being part of the Scattered Spider hacking group and involved in the 2023 MGM Resorts ransomware attack. AKA: The reason DEFCON is way further North in Vegas this year. MORE
AI / TECHRealtime Video Transcription With Timestamps (Whisper Diarization) MORE
Beijing's support has seen China make up ground in the AI race, but it has also handcuffed AI companies with some of the world’s tightest restrictions, many of them political. This dual approach could end up stifling innovation in the long run. MORE
💡I think barring them stealing some pinnacle AI tech that gets them advanced AGI or ASI, their model will ultimately hurt them for two reasons:
When you have to filter everything, you just move slower.
The people who want to move fastest will leave China for the US / Canada / EU.
Kaiser Permanente is using AI, wearables, and other tech to bring healthcare directly to patients. Very AI-forward approach from them. I like it. MORE
Sam Altman revealed that OpenAI’s Voice Mode alpha release is coming later this month.
💡I’m with my bud Matthew Berman on this one:
Let's de-normalize companies demo'ing products earlier than 3 months before release.
* Microsoft: Recall
* Apple: Intelligence
* OpenAI: Sora AND GPT4o Voice
Who else should be called out?
— MatthewBerman (@MatthewBerman)
8:25 PM • Jul 20, 2024
Andrej Karpathy is launching Eureka Labs to create AI teaching assistants for education. The startup aims to leverage generative AI to help students through course materials, starting with an AI course called LLM101n. MORE
Google has launched its Project Oscar, an open-source platform that enables development teams to create AI agents that monitor issues, manage bugs, and handle various aspects of the software lifecycle—all through natural language interactions. MORE
Omega’s AI Will Map How Olympic Athletes Win — Omega is using AI to map out how Olympic athletes win by analyzing their full performance, not just the start and finish times. This includes using motion sensors on athletes' clothing to capture every detail of their movements. MORE
The U.S. is thinking about new trade restrictions that could stop Nvidia from selling its HGX-H20 AI GPUs to China, which might cost Nvidia around $12 billion in revenue. MORE
💡This would hurt me in the stocks for sure, but I’m thinking that’d be temporary. Hopefully. ← Not financial advice.
Beijing scientists have developed the world’s smallest and lightest solar-powered drone, weighing just 4.21g with a 200mm wingspan. It can fly non-stop during daylight thanks to its electrostatic motor, which is 200-300% more efficient than traditional electromagnetic motors. I wants it. MORE
A Florida (it’s either Florida man or DNS) man got arrested for shooting down a Walmart delivery drone, claiming it was spying on him. Shooting at drones is treated as a felony, similar to firing at a passenger aircraft, with penalties up to 20 years in prison. MORE
Waymo Wants to Bring Robotaxis to SFO — Waymo is pushing to get approval for robotaxi pickups and drop-offs at San Francisco International Airport. MORE
Microsoft Lays Off DEI Team — Microsoft laid off its diversity, equity, and inclusion team, saying DEI is "no longer business critical." MORE
Andreessen Horowitz argues that bad government policies are now the biggest threat to tech startups, which they call "Little Tech." They believe American technology supremacy depends on these startups and that the government should support them rather than favoring big incumbents. MORE
Google is shutting down its URL shortening service, so any links created with it will stop working. If you have any important links using this service, you'll need to update them soon. MORE
💡I’m pretty sure Google will soon sell YouTube to Johnson & Johnson and GMail to Luxotica, and then go full speed into the “wtf are we doing” business.
It’s the single most perplexing business I’ve ever seen.
They were first on GenAI. They wrote the paper. And now they’re completely lapped by not just OpenAI but Anthropic as well. How are you in like 5th place when you have all the people and all the money?
They’re like the opposite of Cloudflare, which does small things really well that add up. Google is slowly getting rid of all the best things it has.
The main thing Google is growing is its graveyard.
Such a colossal waste of money and talent. Their failures should be studied for centuries as an example of what happens when you don’t lead with UX-focused product management, rather than “throw shit at wall”-focused engineering.
HUMANSIran-backed Houthi rebels say they were behind a drone attack on Tel Aviv that killed one person and injured several others. MORE
USA Household Income Distribution by State — A Reddit user shared a detailed visualization of household income distribution across different states in the USA. MORE
A new meta-analysis shows that toothbrushing can significantly reduce hospital-acquired pneumonia (HAP) in ICU patients. This simple intervention could lead to 17,000 fewer deaths each year from ventilator-associated pneumonia (VAP). MORE
Young Adulthood Is No Longer One of Life's Happiest Times — Research shows that young adulthood is now one of the most unhappy times in life, with a significant rise in despair among young people, especially women aged 18 to 25. MORE
Most of Gen Z Using TikTok for Health Advice — A new survey found that 56% of Gen Z are using TikTok for wellness, diet, and fitness advice, with 34% relying on it as their main source of health information. MORE
Ask HN: Every day feels like prison — A mid-thirties guy in tech feels trapped in a 9-5 job he no longer cares about and is struggling to build a business on the side. Despite making major life changes, he still feels stuck and unhappy, fearing this might be his life for the next 30-40 years. MORE
Read the full newsletter online IDEASSam Altman is simultaneously building AGI and doing big studies on UBI. It’s super obvious what he’s doing, and I think it’s mostly the right thing.
I mean, all you have to believe for this to be a good thing is that:
AGI will remove a lot of jobs
People will need money to survive while they figure out what else to do
And I think those are really safe bets.
What if Cannabis is Soma from Brave New World?
- Makes people comfortable with mediocrity
- Makes people more accepting of whatever they’re handed
- Makes people less likely to change their situation
And legalization is happening coincident with the rise of AI.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚☕️🗣️ (@DanielMiessler)
9:59 PM • Jul 21, 2024
Conspiracy culture is getting stupid at this point.
Troubled kid shoots Trump, just like a thousand other shootings. A team did a bad job protecting him. Just like a thousand other bad jobs that were done that day.
-> Must be Deepstate
An old and declining candidate is… x.com/i/web/status/1…
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚☕️🗣️ (@DanielMiessler)
7:21 PM • Jul 21, 2024
One of the security applications of AI I'm most excited about is its use on currently intractable problems.
- Vendor management
- Supply chain management
- Threat modeling software dependencies
Let me explain…
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚☕️🗣️ (@DanielMiessler)
7:51 AM • Jul 19, 2024
The future of security and risk management is to have them disappear into SOPs (Standard Operating Procedures).
A flight checklist and a skyscraper building plan don't have "stay in sky" or "don't fall down" sections.
It's just a process. A process with those lessons built in.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚☕️🗣️ (@DanielMiessler)
5:55 AM • Jul 18, 2024
DISCOVERY
Hmm. I’ll be watching this closely. 👀
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚☕️🗣️ (@DanielMiessler)
3:24 AM • Jul 17, 2024
Llema — A new recon/security tool that runs via Llamda in your browser. MORE
Respotter — A honeypot for Responder that tricks attackers into revealing their presence. | by C.J. May | MORE
Exo — Run your own AI cluster at home on everyday devices. | by ExoLabs | MORE
Why Aren't We Using SSH for Everything? | by Shazow | MORE
Gray Swan AI — Specializes in AI safety and security tools to assess and safeguard AI deployments. | by Gray Swan AI | MORE
Costco's Apocalypse Bucket — Costco is selling a 25-year shelf-life emergency food kit called the "apocalypse bucket" for $79.99. It includes 150 freeze-dried and dehydrated meal servings, ranging from teriyaki rice to apple cinnamon cereal. MORE
RECOMMENDATION OF THE WEEKDon’t ask what someone’s politics are. Ask them what their ideal world looks like, including questions like these:
Are there multiple religions?
Are there multiple ethnic groups?
Are people free to love whoever they want?
Do they all live together?
Who are the most famous people in that world?
Who gets paid the least?
Who gets paid the most?
What happens to someone if they’re truly disabled and can’t work?
What happens to someone if they’re too lazy to work?
What happens to someone who is addicted to drugs?
I think many of our disagreements are about how and not what. I know a lot of people who support Trump, for example, who would say:
You can be gay
There can be other religions
All the ethnic groups should live together
There should be a social safety net
Etc.
So if you are on the left, and you hear someone on the right say those things, that’s an opportunity for a REAL conversation. A conversation about how. Not what. And vice versa.
Bottom line: I think we all in the roughly 80% center agree about a lot more than it feels like right now.
As we go into this election cycle, try to use this exercise to realize this with more people.
APHORISM OF THE WEEK Become a Member to Get 3” Taller and Learn to Speak to AnimalsPowered by beehiiv
July 16, 2024
UL NO. 441: Substrate, OpenAIs AGI Levels, US Literacy Rates
SECURITY | AI | MEANING :: Unsupervised Learning is my continuous stream of original ideas, analysis, tooling, and mental models designed to help humans thrive in a world full of AI.
TOCNOTESHey there!
Wow, so much going on. And only a few weeks until Hacker Camp in Vegas.
Friend of UL, Ray Alner, is looking for a new position as a Systems Engineer. He has experience in DevOps, Cyber, leadership, and a whole bunch of other stuff. Also, on a personal note, Ray is one of UL’s smartest and kindest members, and someone should absolutely snatch him up before they miss out. REACH OUT TO RAY DIRECTLY
I’ve brought back the SECURITY, TECH, and HUMANS sections. I love the idea of just one section, but I found myself wanting to sort them to make it easier to read. Which means you were probably feeling that way too. Sorry. Fixed it.
I added new levels to the AGI definitions (4 and 5) within the RAID AI Definitions Resource. MORE
I feel like Apple Notes is my actual operating system, and macOS is just the window manager.
Ok, let’s get to it…
MY WORK👉This is the big one! I’ve been thinking about and writing this one for months. There’s a high chance that this will be the most impactful project I ever create. READ THE ANNOUNCEMENT
Would really love for you check it out. And even better—get involved.
Introducing Substrate — An Open-source Framework for Human Understanding, Meaning, and Progress
Substrate is a crowdsourced project designed to enhance understanding, communication, and action in order to move humanity forward
danielmiessler.com/p/introducing-substrate
—
My new piece on Dynamic Content Summaries and how I think they’re going to be the way we view content in the future. MORE
Exploring the idea of Personal vs. Business brands, and which is better for different types of creator. MORE
SECURITYKaspersky Shuts Down U.S. Operations — Kaspersky is shutting down its business in the U.S. starting July 20, following sanctions and bans from the U.S. government. | MORE
AT&T says nearly all cellular customers and some landline users have had their data stolen, but now there’s an interesting twist being reported by Kim Zetter at Wired. Evidently AT&T paid a member of the hacking team nearly $300,000 to delete the only copy of all the data. | MORE
Russia is using AI-enhanced software called "Meliorator" to create fake online personas for disinformation campaigns. This tool helps manage these personas and spread false information through social media. | MORE
💡One of the things I’m most worried about from AI is the disinformation bots. Both the sheer number of them, but also their sophistication.
The better AI gets (and especially agent frameworks) the more it’s going to be like our enemies’ intelligence agencies now have millions of employees.
What used to be tens or hundreds of people creating campaigns—slowly, with lots of mistakes—will instead be millions of bots. And they’ll be making far fewer mistakes and adapting very quickly to new narratives and memes.
I think the internet is going to have to switch from a blocklist to an allowlist mentality. It’s just going to be too much to filter.
A new Exim vulnerability with a CVSS score of 9.1 allows attackers to bypass attachment extension blocking and deliver executables. Over 1.5M email servers are affected. | CVSS 9.1 | MORE
Google is now offering passkeys for high-risk users who join its Advanced Protection Program, replacing the previous requirement for a physical security key. | MORE
📢 Calling All Innovators in AI! 📢
🤖 Excited about AI innovation? We are too.
As we gear up for Winter 2024/Spring 2025, we're opening our sponsorship window to companies innovating in Artificial Intelligence.
🚀 Join us in reaching over 94,000 of the sharpest minds in security and tech. Don't miss your chance to showcase your AI project or business to our specialized readership.
Connect now before this season’s sponsorship calendar fills up!
📧 Email us at [email protected] to discuss how we can spotlight your AI innovations in upcoming newsletters!
Get Seen by 94,000 of The Best and BrightestA new Exim vulnerability with a CVSS score of 9.1 allows attackers to bypass attachment extension blocking and deliver executables. Over 1.5M email servers are affected. | CVSS 9.1 | MORE
Foreign influence campaign analysis from US Intelligence:
Russia is backing Trump (I’m guessing because he’ll pull us out of Ukraine).
Iran is acting as a "chaos agent," in its influence campaigns, focusing on exploiting U.S. political and social tensions rather than backing a specific candidate.
China is mostly staying out of U.S. elections, seeing little benefit in influencing the outcome. They're more focused on data collection for future influence operations.
Sponsor
PODCAST: Bestselling author Dmitri Alperovitch’s Vision for Cyber Defense
In this episode of Automox’s CISO IT podcast, host Jason Kikta speaks to Dmitri Alperovitch, bestselling author of the new book ‘World on the Brink’ and founder of the think-tank, Silverado Policy Accelerator. They discuss how IT has evolved from very slow deliberate patching to faster cycles and how cloud tech improves cybersecurity. Listen now from wherever you get your podcasts.
automox.com/resources/podcasts/ciso-it-e07
Listen NowGitLab has a critical flaw (CVE-2024-6385) in its CI/CD pipelines that lets attackers run pipelines as any user. Upgrade now. | CVSS 9.6 | MORE
Sponsor
ProjectDiscovery Cloud Platform Asset Discovery
Our latest release includes enhanced tech stack detection and universal asset discovery.
For Individuals & Bug Bounty Hunters: Discover and monitor up to 10 domains daily.
For Organizations: Uncover your external attack surface and cloud assets with automatic asset enrichment and daily monitoring.
Stay ahead with ProjectDiscovery Cloud Platform!
Discover Assets Today AI / TECHOpenAI’s AGI Levels — OpenAI has published their 5-tier ladder for AI progress. I’m honestly not a fan, other than Level 5. | MORE
💡I don’t see how they’re going from chatbots to human level reasoners, and then to agents, and then to innovators that can aid in invention. First, Level 2 and Level 4 are way too close, and both are already possible.
Then you have this really interesting jump at Level 5, to something that can do the work of an organization.
The problem is they’re mixing criteria. 1 is I don’t know what. Reasoners is about thinking quality. Agents is just an attribute: “can take action”. Innovators is just a descriptive output, i.e., “aids invention”.
Huh? Chatbots can aid invention. And that’s Level 1.
Then you have Level 5, which is actually about scale more than thinking quality.
The scale isn’t super useful, IMHO. I am not even perfectly happy with my own attempt, but at least it compares apples to apples.
AI Startups Raising $100M+ in 2024 — Here's the full list of 28 US AI startups that have raised $100M or more in 2024. | MORE
Anthropic has added new features to Claude that help automate prompt engineering. | MORE
💡I’m seeing a lot of my friends in AI switching to Claude over ChatGPT right now. Or more specifically, preferring Claude Aritifacts over ChatGPT, and Sonnet 3.5 over GPT-4o.
But it’s a leapfrog game. Soon we’ll have Opus 3.5, Llama 3.0 300B, and eventually GPT-5 (or whatever they call it).
2025 is going to be nuts, for multiple reasons.
New Fiber Speeds — A new fiber optic network transmits data at speeds above 400 terabytes per second, breaking the current record by nearly 33%. And this is on existing fiber, not some special new stuff. | MORE
YouTube Music Tests AI Playlists — YouTube Music is testing a new feature that lets you use AI to generate a playlist by describing what you want to hear. Premium users in the US can use a chat UI to enter descriptions like "catchy pop choruses" or "upbeat pop anthems." | by Emma Roth | MORE
There's a surge in delivery startups like Hailify, which pivoted from managing Uber and Lyft gigs to delivering thousands of parcels from China-based companies like Shein and Temu to U.S. shoppers. They see an opportunity to take market share from FedEx, USPS, and UPS. | by Ann Gehan | MORE
HUMANSWhy Women Are Disappearing From Tech — The percentage of venture deals for companies with female founders has dropped from 6.5% to 5.7% this year. Companies with at least one female co-founder are also seeing less funding, down from 27% to 16.6%. | by Jessica E. Lessin | MORE
Houston Is on a Path to an All-Out Power Crisis — For the 2.2 million people in Houston who lost power after Hurricane Beryl, the situation is dire. The city's power infrastructure is so fragile that even moderate storms are causing massive outages. And people are getting very angry. | MORE
Tour de France Riders Are Inhaling Carbon Monoxide — Multiple Tour de France teams are using carbon monoxide inhalation to enhance altitude training. This controversial practice involves inhaling a deadly gas to boost performance, and while it's not banned by WADA, it raises serious ethical and health concerns. | MORE
130 Million U.S. Adults Have Low Literacy Skills — Over half of Americans aged 16 to 74 read below a sixth-grade level, impacting their daily lives and families. | by Dr. Iris Feinberg | MORE
Colorado Poultry Workers Test Positive for Bird Flu — Three poultry workers in Colorado have tested presumptive positive for bird flu after an outbreak at a commercial egg facility. This virus has already killed over 6 million birds and is now infecting dairy cattle across the state. | MORE
Just 4 in 10k Galaxies May Host Intelligent Aliens — A new study suggests that intelligent alien life might be incredibly rare because it requires a planet with plate tectonics, oceans, and continents. Only about 0.003% to 0.2% of exoplanets meet these criteria, making the odds of finding such civilizations extremely low. | by Robert Stern and Taras Gerya | MORE
IDEASVCs Are Buying Medical Practices
I’ve got an doctor friend who’s been telling me about how venture capital is moving into medical practices. They’re coming in and doing what you would expect, which is looking for ways to make more money. Except they’re largely doing it unethically, i.e., by having the places sell stuff patients don’t need, request tests that are unnecessary, etc.
I feel like this is another example of like big investors buying up single-family homes and then renting them. Or storage spaces.
It’s like—the people with the money collect all the things, and then they can do whatever they want with them. And the purpose never seems to be to make things better. It’s always to make more money.
What am I missing? And if I’ve got this right, what are we to do about it? Capitalism is the best system we have, so this should be legal I think. But how do we keep the super-rich from just buying everything and making life worse for everyone else?
—
Most Conspiracies Come From Not Realizing How Often Things Fail | MORE
Therapy, Rumination, and Untying Knots | MORE
DISCOVERYffuf on Lambda — ffuf running on AWS Lambda and streamed to a web browser. | by defparam | MORE
Bullfrog — A Github Action that secures your workflows by controlling outbound network connections. You can define allowed IPs and domains or use audit mode to see all connections without blocking them. | by BullfrogSec | MORE
Everything You See Is a Computational Process, If You Know How to Look — Lance Fortnow argues that computation is everywhere if you know how to see it. He compares everyday processes like mailing a letter to computational operations and even describes randomness as a complex computational process. | by Lance Fortnow | MORE
The "Shaan Puri Emotion Eliciter" prompt lets you input your writing and get specific suggestions to make it more emotionally engaging. It maintains the original intent of your writing while enhancing it using each of the seven emotions. | by Moritz Kremb | MORE
WTF Happened to Blogs | by Michal Pándy | MORE
As an Employee, You Are Disposable — The recent tech layoffs have shown that employees are disposable in the eyes of executives. It doesn’t matter if a company is profitable or not; layoffs can still happen, and executives continue to earn huge sums of money amidst these cuts. | by Nelson | MORE
You Never Control the Arc of Your Career — This piece dives into how career paths are often shaped by forces beyond our control, using Bruce Springsteen as an example. | by Michael Eaton | MORE
Smoking vs. Lung Cancer Deaths. MORE
Learning Multiple Concepts from a Single Image — Unsupervised Concept Extraction (UCE) is a new task that extracts and recreates multiple concepts from a single image without any human annotations. | by Shaozhe Hao et al | MORE
Change Detection in Satellite Imagery — This study addresses semantic change detection using satellite image time series (SITS-SCD) by integrating both change detection and semantic segmentation. | by Elliot Vincent, Jean Ponce and Mathieu Aubry | MORE
89 Things I Know About Git Commits — A collection of insights about Git commits gathered over 12 years of experience in both small teams and large Open Source projects. | by Jamie Tanna | MORE
RECOMMENDATION OF THE WEEKCheck on your friends you haven’t heard from in a while.
Send them a text. It’s free, and they will appreciate being thought of.
APHORISM OF THE WEEKHey there,
If you’re not already, I’d love for you to become a member. 🫶🏻
Support My Work and Become a MemberThank you,
-Daniel
Powered by beehiiv
Introducing Substrate — An Open-source Framework for Human Understanding, Meaning, and Progress
Table of ContentsSCIENCE: Automated Hypothesis to Results Workflows
LEADERSHIP: Describing A Comprehensive Plan
PRODUCTIVITY: Optimizing Any Process
IntroductionI’m excited to share a project I’ve been working on for a number of months called Substrate. Fair warning: it’s quite ambitious.
Ok, what is it exactly?
What the hell does that mean?
Yep, fantastic question. The purpose of the project is to make the things that matter to humans more transparent, discussable, and ultimately—fixable.
Interesting. What kinds of things?
Yes, exactly. Here are some of the main ones we’re starting with.
Substrate ComponentsWhen we say “human understanding, meaning, and progress” in the description, we’re talking about these types of conceptual objects:
Ideas — A list of novel human ideas
Problems — A list of our most important human problems
Beliefs — A list of beliefs about the world
Models — A list of models for conceptualizing reality
Frames — A list of narratives/lenses for perceiving reality
Solutions — A list of potential solutions to our problems
Information Sources — A list of sources of data and information
People — A list of humans
Organizations — A list of organizations
Laws — A list of laws that were proposed and/or passed
Claims — A list of truth claims
Votes — A list of votes and results from legislation/elections
Arguments — A list of arguments that have been made
Funding Sources — A list of groups that fund various projects
Lobbyists — A list of lobbyists and their agendas
Missions — A list of human ideas
Donations — A list of donations made from X to Y
Goals — A list of potential human goals
Facts — A list of verified truth claims
Each of these will be an actual list, maintained as a repository within Github. Each list will have a schema, similar to this one for the Problems repository:
Problem Name
Problem ID
Problem Description
Toxic Drinking Water in Poor US Towns
PR-1097
Many towns with populations with low socioeconomic status have water that’s not safe to drink.
Deforestation of Our Rain Tropical Rain Forests
PR-33082
Our rainforests are being destroyed, which will negatively affect humans on Earth.
GitHub - Substrate/Problems: The Problems people consider worth working on.
A collection of the problems people feel need to be tackled.
github.com/human-substrate/Problems
And all of these live within an over-arching Substrate Organization within Github.
Substrate
An Open-source Framework for Human Understanding, Meaning, and Progress
github.com/human-substrate
This structure will allow the entire open-source community (i.e., the world) to contribute their own Problems, Claims, Sources, Frames, Goals, etc., that others can use.
Ok, I think I’m starting to get it, but I need more.
Fair enough.
One way to think about this is as a way to put handles on things that are hard to discuss.
Here are a couple of examples.
Component ExamplesHere are some more examples of Substrate Components in everyday scenarios. Let’s look at an Argument component.
An ArgumentThink of a common argument we might hear on any given day about whatever topic. This one is about recycling.
We’re confronted by this type of thing constantly. About things like recycling, but also about things that matter much more, like politics.
What Substrate will do is take an argument like this recycling example, and turn it into something like this:
A MermaidJS Visualization of this claim (Using Sonnet 3.5) Click for full size.
Each of those objects in that diagram will be Substrate Components! The Claims, the Sources, etc.
Here’s what the Arguments repository might look like:
Argument Name
Argument ID
Argument Description
Recycling Plastic Isn’t Worth The Effort in the US
AR-28445
It’d be good to recycle plastic if it were actually worth the effort, but current systems are so inefficient that they cost more energy than they save.
A Source
Examples of Organizational Sources
When people make truth claims, it’s important that we be able to fact-check or research those claims to see their support. Substrate does this by maintaining a list of Sources that we may or may not trust for new information, such as an Organization, or a Person (both of which are also Substrate Components).
When someone makes an Argument, or a Claim within an Argument, it can be linked to Sources that people can choose to trust or not trust.
But either way, people can see the full argument and its support in one visual!
An example of Argument → Claims → Sources
This is why we’re so excited about Substrate. It is going to make things that used to be murky and opaque into transparent objects that can be inspected, analyzed, and discussed.
OLD: “You’re just not able to counter all my arguments and evidence.”
NEW: “Here’s my argument (throws it up on a shared viewscreen). Show me which claim you disagree with, or which source you disagree with that backs up those claims.”
This will enable far more logical and precise discussions!
Real-world Use CasesOk, sounds really cool. But what do you actually do with it?
Intrigued but practical
Yes, so now we’re getting to the best part—how to actually use this thing!
First, keep in mind that this is very early. We’re just getting started. But we already have many use cases planned that we want to talk about below.
Also, keep in mind that some of these you can do starting immediately, some will take time, and many of them will get magnified significantly by AI.
Let’s take a look.
Describing Yourself
Visualizing Your Being Using Substrate
Many people have trouble describing who they are and what they’re about.
With Substrate you’ll soon be able to just describe yourself in text, audio, or video, or even have a conversation with an AI—and it will be able to both articulate and visualize you.
And if you share your context or Substrate representation with others, they’ll be able to see what you’re about as well.
Learning a Person’s ValuesSubstrate will be a wonderful way to start learning about someone, e.g., what they care about, and how they see the world.
Imagine having something like this available when you look at someone, or research them.
A Visual Conversation Starter
This will be a wonderful way to learn about what someone really cares about, and how they see the world.
They believe the most important Problems are PR-1097, PR-2210, and PR-2231
They believe the best Solutions are SL-1128, SL-3110, and SL-1012 to those Problems.
They intend to track progress using the following KPIs.
Imagine matching up with someone like that across multiple axes:
Values
Goals
Beliefs
Preferences
Etc.
We’re very excited about the potential to spawn more human connection in this way.
Visualize Any ArgumentAnother great use will be when a given narrative, or rumor, or conspiracy theory is going viral. We’ll be able to use Substrate to analyze the Argument or Claim and publish the results.
Here’s an argument that we never went to the moon.
Click for Full Size
Using this kind of visualization, you’ll be able to see (for example) that:
They’re making the following Arguments that SL-19992 and SL-44091 are the best Solutions: AR-7781, AR-9812, and AR-9992.
Which include the following Claims: CL-1111, CL-2309, and CL-0002.
Which we fact-checked using the following Sources.
Which resulted in the following Results (Claim = False / True).
Which—using the following methodology—leads us to this Conclusion.
Think Snopes, but as a graph that everyone can visually explore.
What’s amazing about this is that someone from any political background can now evaluate this with more transparency than has ever been possible. They can SEE the Arguments, the Claims, and the Sources that were used to validate them, etc. It’s all right there.
And, of course, people will be able to add all their favorite sources of ground truth, so they can make sure the Substrate visualization is trustworthy to them. At that point, the question just becomes which sources you trust, but you can then see how the logic and sources flow to the conclusion.
I think this has the potential to significantly strengthen our shared understanding of reality, and will allow us to disagree with each other in a far healthier way.
Here’s one for the claim that there’s a tiny teapot orbiting the sun.
These aren’t using Substrate yet, but they will be soon, making each component of the argument community-sourced and transparent.
Substrate + AI = ActionYeah, yeah, yeah. AI this—AI that.
I hear you, but this is different. This isn’t about AI. It’s about human meaning and progress. AI is just a tool for helping that along.
Consider this about what you’ve heard so far about Substrate, and what’s simultaneously happening with AI:
Context sizes (prompt sizes) are increasing
Inference costs (the cost to run AI) are plummeting
What this means is we can Chocolate-Peanutbutter Substrate with AI’s ability to hold multiple things in its mind at once.
So we can feed AI with our Goals, KPIs, Risks, etc.—and have it help us untangle them and take action.
Here are some examples that we’re most excited about.
SCIENCE: Automated Hypothesis to Results WorkflowsOne big problem with science is that it takes so long. Look at the set of things that have to happen:
It’s hard to come up with ideas.
It’s hard to design experiments.
It’s hard to find funding to do experiments.
It’s hard to interpret results.
It’s hard to publish results.
It’s hard to get the results in front of the right people.
So now imagine we have our list of Problems, a list of Proposed Experiments, a list of Funding Sources, etc. They’re all there.
Now AI can help us do most every step in that chain—completely automated!
Coming up with—or collecting—ideas and hypotheses
Designing experiments
Collecting and evaluating the best funding sources
Requesting funding by writing a perfect pitch
Helping set up the experiments (eventually with robotic help as well)
Running and monitoring the experiments
Interpreting results
Writing the paper
Sharing the paper
So in other words:
Hypothesis ➡️ Proposed Experiment ➡️ Look Up Funding Sources ➡️ Acquire Funding ➡️ Run Experiments ➡️ Publish Results ➡️ Make Progress
In the beginning, this will still require a lot of human help—especially at the idea and the running of the experiments phases. But over time AI will only become more useful in those areas, too.
We’re talking about accelerating science!
LEADERSHIP: Describing A Comprehensive Plan
A visual representation of a political platform (Click for Full Size)
Many leaders struggle with clarity. It’s hard to know what they think the issues are, what they specifically plan on doing, and how they plan to measure progress.
We see this with both business leaders and politicians.
So with Substrate, we intend to make it so that every leader will need to have a full, detailed plan that has the following components:
Here’s what I think the Problems are
Here’s what I think the Solutions are
Here are my proposed Strategies for accomplishing that
Here are the KPIs we’ll use to track progress
Fire me if I don’t get the KPIs to _________ by ___________ date.
Imagine having that level of clarity and accountability for any leader trying to get a job, doing anything.
PRODUCTIVITY: Optimizing Any ProcessOk, I saved the best one for last. This is the one that I’m personally most excited about.
From Companies Are Just Graphs of Algorithms
In a recent piece, I talked about how Companies Are Just Graphs of Algorithms. True, but I don’t think I went far enough with it.
Everything can be conceptualized in this way—as a process.
State of things
Action / Event
Result = New State of Things
And if we add human components in there, like peoples’ jobs, or making decisions—like we do for like running a business, or a country, or a family, we have additional pieces:
People
Decisions
Strategies
Lessons-learned
Conclusions
Reasons
Etc.
And what that results in is a way to tie this all together into much larger graphs. Graphs we can use to describe the operations of a Family, or a Company, or even a Country.
Here’s one for a small company:
A Company Process Flow (Click for Full Screen)
That’s pretty cool that we can create that, but that’s not the full power of Substrate combined with AI.
The smarter AI gets, the better it will get at optimizing flows of any kind.
In other words, this is just the current state. We can now ask AI what it would do to optimize this.
Should this company merge departments?
Where can we add more people?
Which processes here are inefficient?
Which can be replaced by AI?
Where could we use more human decision-making?
If we wanted to grow, where should that happen?
Now imagine this for:
A family
A corporation
A church
A city
A county
Etc.
And keep in mind, the more data you have here the better. You can feed such a system all the various efficiency metrics for the various pieces as well.
A security team analysis exampleIt currently takes 3.5 business days to complete a security assessment
“Delays in Security Assessment Turnaround” are the #1 complaint in the Engineering survey
If we switch to the new FlexScan model using fewer generalist security testers, we’ll be able to complete Type B and C assessments 94% faster.
This will give our senior testers 2 extra days to do high-impact assessments
This will also likely make Engineering much happier with Security, and make them more likely to cooperate on our goals.
So this is really multiple steps here:
The full articulation and breakdown of how a process is currently running
Visualization of that process to help with human understanding
AI analysis of how to optimize the process to optimize the stated goals of the entity
And remember—the AI will also have access to the mission of the organization as well. And its goals. And its strategies. And its team members. And their projects. Etc.
So it will have the full context on how resources are being spent relative to the desired outcomes, and it will be able to see how the actual KPIs are moving.
From there it will be able to make all sorts of recommendations, such as:
Hiring new people
Hiring people with certain skills
Using more AI in high volume and low creativity areas
Adjusting strategies based on goals and market conditions
Cancelling projects X and Y to work on Z instead because it’s more aligned with the goals
Etc.
Ultimately we’re talking about the ability to continuously analyze and optimize any system using full knowledge of its goals and progress.
And the more data about the system it has, the better it’ll perform. And the smarter AI gets, the better it’ll perform.
Insane.
SummaryOk, that was a lot.
Here are the main points.
The world is hard to understand, and things that are hard to understand are hard to discuss and improve.
The goal of Substrate is to address this problem by making the things humans care about more visible, discussable, and improvable.
The framework is open-source and lives on GitHub.
At its core, it’s a collection of crowdsourced lists of the things humans care about, and that make up our discourse and society.
One major problem that people and organizations have is not knowing —and/or being able to communicate—what they are about.
Using the framework, people and organizations will be able to articulate their values and purpose more clearly, which will help not only them but everyone they interact with.
Substrate is magnified by AI because AI can—or will soon be able to—hold all of Substrate in its mind at once.
From there, we’ll be able to ask all sorts of meaningful questions, such as, “What is that person or organization about?”, “Are we pursuing the best path towards our goals?”, or, “What are the most critical mistakes I’m currently making?”
Ultimately this will allow us to take action on these things., e.g., “What actions should I take right now to optimize this workflow?”, or, “What should I do right now to achieve the best possible outcome that’s aligned with my goals?”
In short, Substrate is a way to better understand and optimize the things we care about as humans.
How to Get InvolvedHere are some of my friends and colleagues who have already signed on to help with this project.
Jonathan Dunn — MD, Hacker
Jason Haddix — Cybersecurity Expert, Hacker, Trainer
Clint Gibler — Cybersecurity Expert, Hacker
Joseph Thacker — Cybersecurity Expert, Hacker
Joel Parish — Cybersecurity Expert, Hacker
Robert Hansen — Cybersecurity Expert, Hacker
If you are interested in contributing, you can do so through the Github projects themselves, or you can connect with us directly.
Thanks for your interest, and please share this page with anyone else you think would like to contribute.
Powered by beehiiv
July 14, 2024
Dynamic Content Summaries (DSC)
Click for Full Size
I don’t think humans are going to be consuming most content directly from the source within a few years.
Instead, I think our Digital Assistants (our personal AIs) will be creating individual summaries of the content for us, which I’m calling Dynamic Content Summaries (DCSs).
So instead of you having to read and listen to and watch thousands of hours of content per day—which is impossible—your AI will be creating these summaries for you for the most important stuff.
Scenario: Book Too Long, Please SummarizeSo imagine you’ve been told that some book is just fantastic, and you know it has some nuggets in it, but you don’t want to spend the 17 hours reading it.
Your Digital Assistant can just create you a 3-minute video of all the best parts.
It’s a 3-minute video instead of 17-hour book
It’s a perfect deepfake of the author giving that summary
The summary compresses it very well, so it kept the most important parts
So now you know the high points.
But even better, you can just tell it:
Cool, I liked that. Give me a 20 minute audio version starting on my drive home tonight.
You talking to your DA named Armin
So now you have a podcast version, also in the author’s voice, but it’s 20 minutes long instead of 3.
Any format, length, and avatarThe power of this will be the complete flexibility in the content you’ll get.
And your DA (or a service your DA has hired) will be working on these constantly for you.
Text summaries
Audio summaries
Video summaries
Of any length
Performed by any personality
SummaryMy prediction is that much of the content we consume will actually be DCS’s instead of the original format.
Our DAs will know exactly how much time we have and what would work best for us, because they can see our schedule and they know our preferences.
We’ll be consuming far more content in far less time.
And of course our DA will still sometimes recommend that we do the raw version for certain content.
Powered by beehiiv
July 13, 2024
Should You Create a Personal or Business Brand?
I think every creator might need to make a core decision of whether they're doing:
A PERSONAL brand on which you post pretty much everything, including possibly having a business aspect.
A PROFESSIONAL brand where you mostly only talk about one topic.
I think a lot of people take significant damage in their content efforts by not being clear about which of these they are.
Let me give two examples of professional brands:
TL;DRSec by @Clint Gibler
Return on Security by @Mike Privette
These are brilliant brands because the output when you sign up is expected. It's niched to a very specific field and people aren't really turned off by surprises outside that field.
A personal brand would be someone like myself, where Unsupervised Learning is a container for everything I do, which also includes membership, community, products, etc. There's a theme, and that's similar to a professional brand, but it's not really the same because you might talk about anything in your feed, vs. just things in a specific lane. The reason I'm sharing this is to say the following:
I think Personal brands are like 10x harder to grow, and if you are trying to do a career around a business, you might want to go with a Business brand first, or completely.
I think Personal brands might be deeper and stickier over time, with your TRUE FANS, but you will have to grind for a decade or more to start gaining speed in most cases.
Be very careful and deliberate about your choice to do one or the other. I saw @0livia Gallucci - 2 ✨⛵ asking about this recently as well here, and we've talked about it directly too. Which is why I'm thinking through this and capturing it here.
There is also nuance about the name of the brand. If the name of the brand is your name, it's almost by default a Personal brand, so one thing to watch out for is if it's your name but you have trained your audience to expect only one thing. So if they only expect SQL Injection content from you, and you're now turning 35 and you want to branch out...well that can be difficult.
The reason it can be difficult is because of a concept called Audience Capture, where a creator finds themselves backed into a corner and only allowed to make one type of content, e.g., SQL Injection. Don't let this happen to you.
One way to avoid this is to have separate product or brand offerings that are distinct and similar to a Business brand, but that focus on that particular area. So for example, @jhaddix has Arcanum Security now, and people expect that to be infosec content. And he presumably won't be posting tons of stuff about Comics or Cosplay stuff there. But he's still more free to be his full self on X.
I have a close friend in security who's thinking about doing relationship content, and I used to think he should just merge that in with his current output, but now I think I was wrong about that. Now I think he should break that out into a separate brand--still losely under his own name of course--but not really have any cross-posted content between them. This way he Personally can be the umbrella, with the infosec stuff in one brand and the relationship in another.
Summary and recommendationsAsk yourself if your brand is fundamentally a business or fundamentally a life passion.
If it's a business, go niche. If it's a life passion, consider a Personal brand—and remember you can always do a separate product or service under that main brand.
If you ever plan on selling your brand, don’t have it be your name, or a unified Personal brand.
Remember that it’s 10x harder (I made up the multiple, but it’s somewhere between 2x and 20x harder) to grow a Personal/Unified brand than a niched business one.
Bottom line: Consider This Carefully.
It's much harder to go back once you've moved forward.
Powered by beehiiv
July 8, 2024
UL NO. 440: RAID (Real World AI Definitions)
SECURITY | AI | MEANING :: Unsupervised Learning is my continuous stream of original ideas, analysis, tooling, and mental models designed to help humans thrive in a world full of AI.
TOCNOTESHey there!
First, some terrorist funding news…
lol - The Internet
I’m re-reading Alex Hormozi’s two business books. He has my absolutely favorite business content right now, by far. THE FIRST ONE
My buddy Jakoby is an Army Veteran and brilliant security guy, and he’s struggling pretty hard right now. He’s actively trying to avoid eviction and any help would be appreciated. GIVE WHAT YOU CAN
Fabric made it to the front page of Hacker News! HACKER NEWS
Don’t forget to sign up for the next run of AUGMENTED which runs on July 26th. SIGN UP
Got to spend some in-person time with a couple fellow entrepreneurs/creators over the weekend. Invaluable time, these physical meetups. Nothing is more useful than having peers red-team your thinking, and I highly recommend setting up similar sessions with your peeps.
My friend Monica Verma is running her CISO Masterclass soon, and she also has a newsletter!
Ok, let’s get to it…
MY WORKI just finished a resource I’ve been working on for over a week called RAID, for Real-world AI Definitions. It was going to be like 3 paragraphs but I just kept adding more definitions and more detail. READ IT
RAID (Real World AI Definitions)
An evolving set of real-world AI definitions designed to be usable in discussion
danielmiessler.com/p/raid-ai-definitions
STORIESCloudflare has a new, free tool to stop bots from scraping websites for AI training data. | by Kyle Wiggers | TECHCRUNCH
Twilio says someone got phone numbers because of an unsecured Authy API endpoint, and 33 million numbers are now on the dark web. | THE VERGE
Russian experts say they've fully analyzed the structure of the American ATACMS missile, and they believe this knowledge will help them counter one of Ukraine's most effective long-range weapons. | EURASIANTIMES
Sponsor
Curious about AI's impact on security automation?
Tines co-founder and CEO Eoin Hinchy breaks it down with Patrick Gray on the Risky Biz podcast, discussing AI’s ability to speed up workflow build times and reduce barriers to entry.
They also cover security and privacy concerns - with AI in Tines, you decide when and how your workflows interact with AI.
Some highlights from the conversation:
“Tines does security automation and they do it extremely well. As a company, Tines is extremely well placed to make use of decision engines like large language models.” - Patrick
“With LLMs, there can be a spectrum. You can use the really cheap models to do the very basic, mundane work, and slowly and responsibly increase your usage as you build trust in the system.” - Eoin
tines.com/blog/tines-on-risky-biz
Hear the full interviewNorth Korea has switched its state TV broadcasts from a Chinese satellite to a Russian one, reducing the number of people who can watch. This change was discovered by South Korea’s KBS, which relies on North Korea's KCTV for insights into the country. THERECORD
Hezbollah launched over 200 rockets and drones at Israel after Israel killed a senior Hezbollah official, Muhammad Nimah Nasser. This is the largest attack along the Lebanon-Israel border so far. ALJAZEERA
Sponsor
Discover, secure and govern genAI use
Nudge Security discovers all genAI accounts ever created by anyone in your org, in minutes. No agents, browser plug-ins, or prior knowledge of an app required.
Within minutes of starting a free trial, you’ll have a full inventory of all genAI accounts and security profiles for each provider to help you vet new or unfamiliar apps.
Get your free genAI inventory today.
nudgesecurity.com/use-cases/mitigate-ai-risks
Free TrialThe U.S. intelligence community is diving into generative AI to enhance intelligence operations, using it for tasks like search, discovery, and counter-argument generation. | by Frank Konkel | NEXTGOV
Here’s some analysis saying AI can’t be funny, but I think I disagree. | by Anya Jaremko-Greenwold | THEWEEK
💡I’m starting to see lots of AI-generated memes that are pretty damn good. This is one Joseph Thacker shared on X:
I mean, it’s not a Chapelle standup, but it’s decent. And most importantly I’ve not seen a single explanation for why AI will continue improving in other areas but not in humor.
There's was a breach at OpenAI, but it looks like the hacker only accessed an employee discussion forum. | by Devin Coldewey | TECHCRUNCH
Nvidia is set to make $12 billion by selling over a million HGX H20 GPUs to China in 2024. These GPUs are designed to comply with U.S. export restrictions while still offering strong performance. | TOMSHARDWARE
Apple might soon announce a deal to bring Google's Gemini chatbot to iOS 18 and macOS Sequoia. | by Filipe Espósito | 9TO5MAC
💡So that means Apple will potentially be working with all three main AI players now, which is precisely what we would expect to see.
They announced OpenAI, mentioned Meta a while back, and now Google.
Greece is moving to a six-day working week to boost productivity, despite global trends towards shorter weeks. | THE GUARDIAN
💡I don’t want gesture control; I want actual cameras. :)
David Brooks sat down with Steve Bannon to understand his vision for the global populist movement. Bannon believes the ruling elites of the West have lost confidence in themselves and are detached from their people's lived experiences. | by David Brooks | NYT
The number of U.S. high school graduates is expected to peak in 2025 or 2026 and then decline for years, posing severe challenges to schools at all levels. Schools and colleges are closing, faculty members are being laid off, and districts are facing financial dilemmas. | by Jennifer A. Kingson | AXIOS
The U.S. dollar just hit a 38-year peak against the yen, driven by rising Treasury yields and Japan's sluggish economic growth. | ASAHI
People whose eyes dilated more performed better on tests of working memory, suggesting that pupil size is linked to how well we can process and remember information. | by Kate Graham-Shaw | SCIENTIFIC AMERICAN
The FDA approved Eli Lilly's Alzheimer's drug, donanemab (Kisunla), which slows disease progression by about a third. | by Tina Reed | AXIOS
High Work-In-Progress (WIP) is killing your business, innovation, and morale. The more tasks you juggle, the slower everything moves. High WIP means everyone is stressed and busy without significant results. | by Maarten Dalmijn | HACKER NEWS
IDEASThe AI Class Gap
Here's the separation that most concerns me with AI: We’re going to see even more separation between haves and have-nots because:
One small group will use AI to have a staff of 10,000 executive assistants, tutors, and analysts working 24/7 to run their businesses and optimize their entire lives.
Most people will either not use AI at all, or will only use it for gaming, watching media, porn, and doing random tasks.
It’ll largely be the same split as between voracious readers and everyone else today. The tools are available, but only a tiny percentage will use them.
The result will be a even more distance between the thriving and the surviving.
DISCOVERYSelf-Publishing a Tech Book — Andrew Wheeler shares his journey of self-publishing "Data Science for Crime Analysis with Python," offering insights on the process and tools he used. | by Andrew Wheeler | HACKER NEWS
MMA-AI — This guy is predicting MMA fight outcomes with AI and doing really well! | MMA-AI
Sam Parr launched SamsList, a database of CPAs, accountants, tax strategists, and bookkeeping firms. He’s already made over $32,000 in revenue in just two months. | by Sam Parr | SAMSLIST
The Illustrated Transformer — A visual and intuitive guide to understanding how transformers work in machine learning. | by Jay Alammar | JALAMMAR
ElevenLabs has a new AI Voice Isolator that removes unwanted ambient noise from content like podcasts and videos. | by ElevenLabs | VENTUREBEAT
Tao Te Ching by Ursula K. Le Guin — Ursula K. Le Guin's translation of the Tao Te Ching emphasizes the paradoxes and mysteries of the text, making it both profound and approachable. | by Nicholas Bennett | GITHUB
RECOMMENDATION OF THE WEEKCheck out Ground News. It’s a news site focused on seeing media bias in how stories are or aren’t covered by different media publications. GROUND NEWS
Ground News
See how different publications are presenting the same stories, or which sides aren’t even showing certain ones.
ground.news
APHORISM OF THE WEEKHey there,
You should become a member and stuff.
Here are some of the benefits:
Entry into the best online community I’ve ever been a part of
We’re voraciously curious, we’re constantly reading, constantly learning, and we share what we learn with others. But most importantly, we’re kind. We’re a community of helping people become their best selves
An insanely great Book Club, which has been running for like 5 years straight!
Additional monthly meetups where we share tools, routines, personal challenges, and lots of other stuff you can’t get anywhere else
Significant discounts on my paid offerings
Access to private UL events
And more…
Support My Work and Become a MemberThank you,
-Daniel
Powered by beehiiv
Daniel Miessler's Blog
- Daniel Miessler's profile
- 18 followers
