- Unsupervised Learning
- Posts
- UL NO. 420: Creators, Nurturers, Executors, and Gatekeepers
UL NO. 420: Creators, Nurturers, Executors, and Gatekeepers
APTs using ChatGPT, Bugs Putin, The good side of AI jobs loss?, AI Monitoring Culture, AI patents, and more…
Daniel Miessler
February 19, 2024
Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to thrive as humans in a world that’s changing faster than ever. It combines original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.
TOC
Hey there!
Ok, super psyched for this new feature we just shipped in Fabric. You can now add your own personal context in Fabric using the -c switch! Your context.md file is stored under ~/.config/fabric/context.md. Here’s an early version of mine:
Click for full size.
And guess what that lets you do! Look at this. It’s INSANE:
Do you realize what that is? I’m asking AI questions with the context of my own personal mission, goals, ambitions, etc!!! And it came up with strategies to help me accomplish what I said I cared about!
🤯 Wow wow wow.
And this is only .01% of what we have planned. Talk about augmentation. Everything is WAY more powerful when it’s tuned for you specifically!
This is why I’m building AI. AI art is nice. Chatting with docs is nice. But what I care about is using AI to help humans reach our potential. Humanity 3.0.
LFG!
Many thanks to @rez0 and @xssdoctor for this feature. Joseph (rez0) had the -c idea, and Jonathan (@xssdoctor) implemented it on Saturday. 🙏 .
Go Play With The Project! (and don’t forget to star)
Lots more to talk about but we have a show to do.
Let’s get into it…
MY WORK
Couple new pieces this week!
SECURITY
OpenAI and Microsoft stopped multiple groups, hailing from China, Iran, North Korea, and Russia that were leveraging OpenAI's capabilities for tasks like information gathering, code debugging, and crafting phishing schemes. MORE | MORE | MORE
A new paper shows that GPT-4 can autonomously hack websites, including performing SQL injections without prior knowledge of vulnerabilities. Pretty exciting, but it’s still early days. MORE
💡The way forward on automated hacking is this: 1) teams of agents, 2) extremely detailed capture of human tester thought processes, lots of real-world examples, and time. I suspect that in 2-5 years, agent-based web hacking will be able to get 90% of the bugs we normally see submitted in web bug bounties. But they’ll be faster. And the reports will be better. That last 10% will remain elusive until those agents are at AGI level.
CISA is setting up a new office to push zero trust. The Zero Trust Initiative Office aims to educate and train federal agencies and enhance their security posture. MORE
Sponsor
WEBINAR: 2024 IT RISK AND COMPLIANCE BENCHMARK REPORT
The 2024 IT Risk and Compliance Benchmark Report is here! Now in its 5th year, our annual report covers everything you need to know about the state of GRC, from time and budget trends and staffing updates to responses to generative AI risk and how the compliance operations landscape has changed. Join us live on February 22nd at 11am PT / 2pm ET.
Join us for our webinar to learn about:
The top findings from the survey (hint: trust and transparency are top-of-mind for GRC professionals in 2024).
Why GRC professionals are searching for a single, holistic solution that can solve the challenges of multiple teams.
How data silos between risk and compliance are affecting respondents’ ability to address their GRC challenges.
How the market has responded to AI risks in 2023 and how GRC professionals plan on leveraging AI in 2024.
How decision-making around GRC has shifted toward a more collaborative approach.
Incidents
⚠️ A security researcher found a BMW cloud server that was mistakenly set to public, exposing critical internal data. The exposed server contained private keys and login credentials for BMW's cloud services across multiple regions. MORE
Daniel Meli, a 27-year-old from Malta, was arrested for spreading Warzone RAT, a tool packed with cybercrime features like keylogging and remote desktop control. The FBI/DOJ operation also saw the seizure of four domains linked to the malware and the arrest of another individual in Nigeria for customer support roles. MORE
The FBI stopped a Russian intelligence-focused botnet hiding in Ubiquiti routers. A court-authorized operation disrupted hundreds of Ubiquiti Edge OS routers used by the APT28 group for global espionage. MORE
Sponsor
Get Ahead of Threats: Continuous Threat Exposure Management
Flare automates monitoring & remediation across the clear & dark web to detect high-risk exposure before threat actors have a chance to leverage it.
Get actionable intelligence that cuts through the noise of data from public GitHub repositories, infected device markets, illicit Telegram channels, etc. Integrating into your program in 30 minutes, the platform empowers practitioners of all levels.
Vulnerabilities
🚨 EXCHANGE SERVER FLAW — A critical Exchange Server flaw, CVE-2024-21410, is currently being exploited by attackers. | CRITICAL | 9.8 | MORE
🚨 Microsoft patched 73 vulnerabilities, including two zero-days being actively exploited. Among these, five are rated Critical, and the rest vary from Important to Moderate in severity. MORE
TECHNOLOGY
Mark Zuckerberg says the pandemic's overhiring and a shift towards efficiency are the main reasons for the ongoing tech layoffs. He specifically said the move to AI wasn’t the reason for Meta, but that there was a focus on being leaner. To me those are the same thing. MORE
💡I think “becoming more efficient” might be a common euphemism as companies stop backfilling natural attrition and start implementing more AI instead. “Oh, no, it’s not about replacing people at all! We just think more efficient organizations are better.” TRANSLATION: Companies with fewer people. And I don’t think that’s wrong. There are far too many layers of management at most mid to large sized organizations I’ve seen.
OpenAI just released Sora, which creates insane short videos from just a text prompt. MORE
💡I’m interested in testing the system for abuse potential, but the tech isn’t as exciting to me as it seems to be to others. I think the creative process needs more granular control of specific aspects of a video. Which is why we have directors. The videos look stunning, for sure, but the real power will be when you can give the AI the same instructions that a director can give an actor or a set designer.
Andrej Karpathy is leaving OpenAI again, but he says there was no drama and he just wants to focus on personal projects. Having watched lots of his videos, I believe him. MORE
Zuckerberg did an amazing pitch for the Quest over the Vision Pro. It was just a monologue with him sitting on his couch. It was glorious. I think he was wrong, but I really loved the directness and passion from Mark. MORE | MORE
Sam Altman is putting together a $7 trillion venture for chips and energy in the UAE. That’s $7 trillion for new chip factories and energy supplies. The Middle East is the perfect place for this. They know oil is ending and they have trillions to invest. And AI is the future. Coulnd’t be a smarter move for the UAE. MORE
Large US companies are deploying AI to scrutinize employee communications in apps such as Slack, Teams, and Zoom. These AI systems can analyze both text and images for content and sentiment, and people are starting to worry about the implications. MORE
💡Stop being surprised about these types of monitoring or culture enforcement stories. Companies don’t owe anyone jobs. Not a single person. You’re there only because 1) they absolutely need someone, and 2) because they think you’re the best possible person for the job. If your Slack and Zoom and other types of communication indicate otherwise, then they should be expected to take action to find someone they think is better.
So much of people’s anxiety around employment comes from the feeling of mistreatment. From the disconnect between their expectations and reality. Like they’re owed this amazing job by this company, and somehow the company is trying to be selfish! It’s a lie. The whole thing is a lie.
Companies don’t owe employees anything. If they could do the job with a fleet of GPT-5-powered robots they would fire everyone as soon as legally possible. Never, ever forget this. And help your loved ones realize it as well.
This is not a judgment of companies by the way. I’m not saying they’re evil. What I’m bothered about is the fact that the illusion worked so well, and so many people are still fooled by it. A lot of the anxiety and suffering goes away when you see the company-worker relationship for what it is.
OpenAI just closed funding that puts its value at $80 billion. MORE
OpenAI is testing "memory" controls for ChatGPT, allowing users to manage what the AI remembers or forgets. MORE
Air Canada was forced to pay a refund for something its chatbot offered that was incorrect. Be very careful about the power you give AI bots. MORE
Google's new Gemini 1.5 can process up to 1 million tokens, setting a new standard for large-scale foundation models. It's designed to be more efficient, with a Mixture-of-Experts architecture enhancing its training and serving capabilities. Sadly it doesn’t seem easy to get access. MORE
Bugcrowd just raised $102! Congrats to Casey and team! MORE
Sequoia Capital is addressing open source software's funding drought by offering equity-free stipends to developers. The venture capital giant plans to support up to three developers annually, allowing them to focus on their projects full-time without financial worries. MORE
HUMANS
The US Patent Office says AI can't be inventors, but their human users can. They say AI systems cannot be credited as inventors in patent applications, and humans must disclose AI's role in the creation process. MORE
💡I love the spirit here, but this is about to be a distinction without a difference. How is the office supposed to know who did what? When you have AI that can draw the diagrams, write the application, and make it look really damn good, all the human will have to do is sign their name on the bottom.
Violent crime in the U.S. is on an insane decline, despite public perception thinking the opposite. In 2023, data from over 200 cities showed a 12.2% drop in murder rates compared to 2022. This trend extends to rape, robbery, and aggravated assault, all showing decreases. MORE
Researchers have distilled storytelling into six fundamental emotional arcs. By analyzing 1,327 stories from Project Gutenberg's collection, they identified these patterns as the backbone of narrative success. MORE
The U.S. Government Will Soon Spend More on Debt Interest Payments Than Defense. MORE
💡This is incredibly disturbing to me. I don’t know enough about the space to comment, but I really wish there were some innovation we could do where we say, “Hey, to you 4 countries we owe the most, let’s work out this deal ________ which will forgive 50% of the debt we owe you. So it’ll be some preferential treatment in trading, guaranteed purchase agreements, etc., which will benefit them as well because now they’re tied to us even closer. Again, I don’t know crap about this, but it seems like something similar has to be possible.
The CDC's first state-level analysis of Long COVID found the most affected states. West Virginia had it worst, at 10.6%. MORE
Y Combinator is pushing for a massive increase in MRI scans to catch cancer early. They believe scaling up MRI technology and AI interpretation could dramatically reduce cancer deaths. MORE
The music industry is moving towards country now the way it moved towards rap a few years ago. Beyoncé just put out some new country songs as well. During the Super Bowl, she released "Texas Hold ‘Em" and "16 Carriages," announcing a country album due on March 29. The genre's growth is highlighted by a 24% increase in country music streaming through Q3 2023. MORE
IDEAS & ANALYSIS
Putin pulled the ultimate Bugs Bunny trick in an interview on Russia-1. He said he preferred Biden over Trump. Which is essentially a propaganda op to have all the Trump supporters say Putin doesn’t want Trump because he’ll be so strong against Russia! When, in fact, Putin absolutely wants Trump because Trump will try to stop the US backing of Ukraine. Pretty damn smart.
NOTES
Well, the exposure of my lack of working out, worked. All the flaming helped me get back on the weights wagon, and I’m feeling really good and really sore. Thanks to everyone for caring and sending admonishment!
🔥I had a sick idea for a Fabric Pattern. rate_predictions. Go and collect someone’s public work, will include their books and essays and videos and such. Parse them for predictions. Rate both whether it came true, but also how confident they were in it. Provide a score of how much you should listen to this person’s future predictions! Paul Krugman, for example, would get an F.
💡This is one of the things I’m most excited about with AI Agent Farms. You can basically say, hey, go get everything that so and so has every done. Now do ____, _____, and _____ on it. And tell me the results.
So you can say,
Show me how innovative they are
Collect all their ideas
Tell me why they should be cancelled
Tell me how full of sh*t they are
Write a letter that thanks them for their contributions to children's education, giving examples throughout their career
DISCOVER
🔥Wesley, the founder of Axonn.ai, sought help to refine his AI tool's content idea generation prompt. The original prompt encouraged too much creativity, resulting in less practical content ideas. By simplifying the prompt and focusing on the target audience's needs, the revised version produced a better mix of relevant and creative content ideas. By Moritz Kremb | MORE
Stephen McMichael from our UL community wrote a blog post and did a number of videos showing off Fabric and a few of its patterns. Thanks Stephen! Great work! | by Stephen McMichael | MORE | MORE
📋 SOC Interview Questions is a list of, um, SOC interview questions, curated by /u/ogunal00 on Reddit. | by LetsDefend | MORE
AutoFineTune - script to easily fine-tune a small model with synthetically generated data. | by Yohei | MORE
🔒 Docker Hardening — A guide to tightening Docker security, step by step. | by ReynardSec | MORE
Written right before he died, this piece shares insights Steve Jobs wanted to pass on as his life learnings. MORE
Run Llama 2 uncensored locally MORE
Nix Davish's guide dives into using Nix's home-manager for macOS to streamline dotfile management. MORE
The Great GPT Firewall is cataloging websites blocking AI crawlers. In its latest update, 76% of press sites and 44% of video-on-demand sites have restricted AI access. MORE
Reka unveils a groundbreaking 21B parameter model MORE
Massed Muddler Intelligence MORE
Rebuilding The Middle Class with AI MORE
Packing for LLM Training Efficiency -- Improving model training with proper data packing MORE
AI Is Starting to Threaten White-Collar Jobs MORE
Suffering forces change | by Tim Ferris | MORE
☀️💡Someone is going to dim the sun, and it will be soon. MORE
F*ck You — Show Me The Prompt MORE
💡I very much agree with this, which is why we created Fabric. The prompt is the thing. Abstracting it is a type of creativity gatekeeping. FABRIC
So You Think You Know Git MORE
Stop Basing Your Self-Worth on Other People's Opinions MORE
The Best Vision Pro Apps (So Far) MORE
I'm an Old Fart and AI Makes Me Sad — A poignant reflection on how AI's evolution sparks nostalgia and a sense of loss. | by Alex Suzuki | MORE
Why McDonald’s Coke is Better — McDonald's Coke is better because the syrup is delivered in stainless steel tanks, keeping it fresher than the usual plastic bag delivery. They also pre-chill both the syrup and water, and adjust the syrup-to-water ratio to account for ice melt, ensuring the drink doesn't water down. MORE
RECOMMENDATION OF THE WEEK
Absolutely loving this book, Same as Ever, by Morgan Housel. It has themes similar to my Stochastic Prediction idea in my recent booklet on AI predictions. Basically, tech is unpredictable, but humans are extremely predictable. This book covers the concept really well.
APHORISM OF THE WEEK
A year from now you will wish you had started today.
Thank you for reading.
UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.
So if you know someone weird like us, please share it with them. 🫶
Yours,