UL NO. 450: Thoughts on o1-preview and the Path to AGI

80% Chinese Cranes, Drones vs. Abrahams, a RAG kickstart, a Canary-based Security Maturity Model, and more...

SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about how to securely compete and thrive in a world full of AI. It’s original analysis, mental models, frameworks, and tooling to help you build a meaningful career that survives what’s coming for us.

TOC

NOTES

Hey there!

  • Fabric now supports OpenAI’s new model, o1-preview. Just update and use the new -r flag, which sends requests using User rather than System, and without a Temperature parameter. TRY IT

  • An insane cookbook use case for o1-preview, where it’s used to do data validation on synthetic data. MORE

  • I’m back to kickboxing today! Hopefully I’ll suck less this time. I’m expecting to improve rapidly once I get settled in, but man—that first session was rough.

  • It’s LinkedIn Season! 
    Connect with me on LinkedIn, and I’ll follow you back! CONNECT

MY WORK

Last Week’s Comments on Current AI Advances
If you’re following the progress of AI, I highly recommend listening to last week’s podcast. I did a whole bunch of coverage of the current state of things, my thoughts on o1-preview, the path to AGI, and a bunch of other stuff. LISTEN NOW

The Art Quality Tier List
I think I finally figured out what Art is. This piece is a definition, discussion, rating system, and even a methodology for enjoying art. For a beginner, anyway. READ IT

SECURITY

The US is evidently heavily reliant on Chinese cranes, particularly from Shanghai Zhenhua Heavy Industries (ZPMC). This report says ZPMC, a company owned by the PRC, dominates 80% of the US's ship-to-shore cranes, raising concerns about potential backdoors and remote access. MORE

💡80%? Jesus. I thought it was going to be like 25%, or 50%.

Like I can honestly imagine a war room where we have a kinetic conflict with China and they’re reviewing all the different ways to disable our economy. Terrifying. I can only hope there are people looking at this.

Fortinet has confirmed a data breach after a hacker, going by the name "Fortibitch," claimed to have stolen 440GB of files from their Microsoft Sharepoint server. Fortinet refused to pay a ransom and has notified affected customers. MORE

GitLab released critical updates to fix multiple vulnerabilities, with the most severe (CVE-2024-6678) allowing attackers to trigger pipelines as arbitrary users. This vulnerability, with a severity score of 9.9, can enable remote exploitation with minimal user interaction and low privileges. MORE

The Lazarus Group (NK), have been targeting Python developers with malware disguised as coding tests for about a year now. These attacks involve maliciously duplicated open-source Python tools and "coding tests" that trick users into installing malware hidden with Base64 encoding, allowing remote execution. MORE

Sponsor

Get the Most From Your Security Team’s Email Alert Budget  

Relying on built-in controls or traditional blockers leads to more noise than your incident response team can handle.

Material Security takes a pragmatic approach to email security – stopping new flavors of phishing attacks before reaching the user’s mailbox, while searching for similar messages in a campaign. Highest-value cases are surfaced with all the context and reach consolidated into a single view.

Here’s what security teams have said:

  • “The response time is now just 3-4 minutes instead of 45. We don’t have to manually respond to the follow-on reports and all employees are already protected automatically by the initial report. Our whole workflow has changed.” – Gusto

  • “Material helps automatically cluster similar messages and apply warning messages or other remediations without the delay and manual effort of our security team’s review.” – Mars

Mastercard is buying Recorded Future from Insight Partners for $2.65 billion, making it one of the biggest cybersecurity deals this year. Insight Partners originally acquired Recorded Future in 2019 for $780 million, so they're seeing a nice return on investment. MORE

💡One thing I see here is the motion from startup to platform. With Mastercard being the platform in this case, similar to Windows or Google or whatever.

So you have good ideas and execution, and their natural home is within some sort of ecosystem. So startups are basically petri dishes for features that will live inside of platforms.

The Security Canary Maturity Model is a framework designed to help organizations assess and improve their security posture by using canary tokens. The model outlines various maturity levels to guage where you’re at. MORE

💡I love this concept of a detection maturity model. Like, here’s the percentage of your most likely MITRE behaviors that you’d be able to see.

Sponsor

Get the No B.S. Guide to building a strong cybersecurity program in 90 days! (No email required)  

Are you an IT leader without a big, dedicated security team? Have you had challenges implementing a robust cybersecurity program due to lack of resources and/or budget?

Don't let this hold you back anymore! Download our 90-Day guide to get a month-by-month blueprint on how to build an effective, multi-layered cybersecurity strategy without enterprise-level resources.

Australia is set to criminalize doxxing with penalties up to seven years in jail, as part of new legislation aimed at modernizing the Privacy Act. The legislation also proposes harsher penalties for doxxing based on race, religion, or other personal attributes. MORE

This piece discusses how AI-powered autonomous weapons systems are changing warfare. The recent withdrawal of U.S.-provided M1A1 Abrams tanks by Ukraine, after being targeted by Russian kamikaze drones, highlights the shift from traditional manned mechanized warfare to AI-driven combat. Friendly reminder that you should read Kill Decision, by Daniel Suarez, which predicted so much of this. MORE | KILL DECISION BY DANIEL SUAREZ

Russia's naval activity around undersea cables is raising alarms among US officials, with concerns that the Kremlin might be planning to sabotage underwater infrastructure through a secretive military unit known as GUGI. This unit reportedly operates submarines, surface vessels, and naval drones, and has been spotted near critical deep-sea cables that carry over 95% of international data. MORE

The U.S. is drafting a "New York Joint Statement" to bolster the security of global submarine communications cables, with a focus on excluding Chinese firms from the supply chain. This move mirrors past efforts to remove Chinese companies like Huawei from 5G infrastructure, driven by fears that the Chinese government could compel these firms to disrupt cable operations during critical times. MORE

💡We need a comprehensive critical infrastructure dependency analysis, which goes along with wargaming.

Actually, now that I think about it, I’m quite confident this is already happening. I just hope it’s being done with very smart red teamers on the China side flipping switches on our undersea cables, port/crane infra, etc.

The US House has voted to block the purchase of new drones from DJI, a major Chinese manufacturer, citing national security concerns. So much coverage of counter-China stuff lately. Seems like leadership is getting the message, which is great. MORE

The State Department has declared that Russia's state-owned RT news agency has become a key player in the Kremlin's military intelligence operations, including involvement in covert activities aimed at undermining American elections and democracies. I remember thinking this was happening with RT back in like 2017 or something, so—similar to China—I’m surprised it’s just now getting press. MORE

Serhii "Flash" Beskrestnov is a civilian radio enthusiast who's become a key figure in Ukraine's drone defense strategy against Russia. Operating from a mobile intelligence center in his VW van, Flash monitors Russian radio transmissions and shares his findings with over 127,000 followers, including soldiers and government officials, on social media. MORE

AI / TECH

A new paper had humans and AI create novel research ideas and then had human experts rate the ideas. And they actually preferred the AI ideas! MORE

💡This is the way to measure the abilities of AI—not with standalone testing. It’s the same with autonomous vehicle safety.

It’s not about how you think they do independently. It’s about comparing ACCEPTED METRICS between humans and the AI—as judged by humans who don’t know who made which.

OpenAI released their new o1-preview model, which is focused on reasoning. The biggest difference between it and previous models is its use of Chain of Thought (CoT) reasoning, and the fact that it actually spends time (and tokens) thinking before returning results. MORE | MY THOUGHTS ON IT SO FAR

Klarna's CEO, Sebastian Siemiatkowski, is suggesting that AI could replace enterprise software giants like Salesforce and Workday. He claims that conversational AI, like OpenAI's upcoming Strawberry reasoning model, can handle natural-language commands to build custom apps that replicate traditional enterprise functions, especially those managing corporate data. Um, yeah. It’s all going to be SPQA. MORE

AI-powered SAR satellites are now capable of detecting aircraft from space due to new radar tech. This allows for real-time monitoring of air traffic, which could have significant implications for both civilian and military applications. MORE

CardiaTec, a Cambridge University spinout, is leveraging AI to tackle cardiovascular diseases (CVD), the leading cause of death worldwide. They’re partnering with 65 hospitals in the UK and US to build a massive human heart tissue-multi-omics dataset to identify new drug candidates. Super exciting because AI needs data to form its model of the world. All the intelligence in the world doesn’t matter if you don’t have a representation of how things work. MORE

Salesforce just launched Agentforce, a suite of AI-powered agents designed to enhance human workers across various business functions, marking what they call the "third wave" of AI. MORE

Waymo's latest data shows that human drivers are responsible for most serious collisions involving its driverless cars, with 16 out of 23 severe crashes being rear-endings by human-driven vehicles. Over 22 million miles, Waymo's vehicles have been involved in fewer than one injury-causing crash per million miles, significantly outperforming typical human drivers in San Francisco and Phoenix. MORE

Tesla's Cybertruck is spiking in the electric pickup segment, with a 61% sales surge in July, outselling rivals like the Rivian R1T and Ford F-150 Lightning. So strange because they were getting slammed there for a while. I’m seeing a lot more in the Bay Area, too. MORE

The USPS has rolled out its new Next Generation Delivery Vehicles, and while they might not win any beauty contests, they're getting rave reviews from postal workers for their modern safety features and comfort, including air conditioning. MORE

Dmitry Grinberg has managed to run Linux and Ultrix on a business card, turning it into a tiny computer. The project involves using a microcontroller with just 8KB of RAM and 32KB of flash storage. MORE

There's a new study out showing that DebunkBot, an AI chatbot, can effectively persuade users to abandon conspiracy theories. The bot made significant progress in changing people's beliefs, challenging the notion that facts and logic can't combat conspiracies. What can convince you something is true can also do the opposite. This is why I’m optimistic about having AI on us all the time. Yes, it can be an Orwellian nightmare—or it can be a defender, protectors, tutor, coach, etc. That’s up to us. MORE

A community college had to cancel its CS career fair because no companies reached out to participate. Super sad, and super expected. If you have people coming out of college with a Masters in CS and they can’t find jobs, what hope do junior college prospects have? This is why we need Human 3.0; the future is connecting directly to individuals, not relying on a credential or institution. MORE

Google has officially killed off cache links that allowed users to view older versions of web pages. MORE

United Airlines is partnering with SpaceX to bring free Starlink Wi-Fi to all its planes, starting with tests in early 2025 and full passenger flights later that year. MORE

HUMANS

Ukraine just launched its biggest drone attack on Moscow yet, hitting the region with 144 drones. The strike resulted in one casualty, set several homes on fire, and led to the temporary shutdown of Moscow's four airports. Someone explain how Ukraine can possibly be winning this. Completely insane to me, in the best possible way. MORE

Sweden is increasing how much it’s paying migrants to go home. It’s now up to $34,000. MORE

NASA's Advanced Composite Solar Sail System (ACS3) has successfully deployed its ultra-thin solar sail in low Earth orbit, making it visible in the night sky from various locations worldwide. The spacecraft's reflective surface can appear as bright as Sirius, and NASA's mobile app now helps users spot it using augmented reality. Can’t wait to see this! MORE

C/2023 A3, also known as Tsuchinshan–ATLAS, is being hailed as "the comet of the century" and will be visible in September and October 2024. This comet is expected to be exceptionally bright, with its peak visibility on October 2, when it will be positioned between Mercury and Venus but closer to Earth. For the best viewing experience, look towards the horizon just before sunrise between 5 am and 7 am starting September 27, as it won't return for tens of thousands of years. MORE

The US is closing a trade loophole that ecommerce giants Temu and Shein have been exploiting. This loophole allows them to ship goods directly to American consumers without paying tariffs, which has given them a competitive edge over domestic retailers. MORE

There's a leaked PDF that details Mr. Beast’s unique company culture and strategies for creating viral YouTube content. MORE | ONE PAGE SUMMARY

This person says sunlight cured their migraines. It’s not a study, but I figured most people have tried everything so why not something else. MORE

Lara Hogan's piece on being a thermostat, not a thermometer, dives into how we can influence the mood in our work environments rather than just reacting to it. MORE

Content-driven development is a strategy for making progress on side projects by focusing on creating small, shareable pieces of work. MORE

In 1913, Vienna was quite a place to hang out, with Adolf Hitler, Leon Trotsky, Josip Tito, Sigmund Freud, and Joseph Stalin all residing in the city at the same time. MORE

DISCOVERY

MerkleMap CLI — This command-line tool lets you search and enumerate subdomains using the Merklemap API, and even tail live subdomain discoveries in real-time. MORE

A 71 TiB ZFS NAS built with twenty-four 4 TB drives has lasted over a decade without a single drive failure, thanks to a strategy of keeping the server off when not in use. MORE

RAMBO Attack — Dr. Mordechai Guri has unveiled a new side-channel attack called RAMBO, which uses radio signals from a device's RAM to exfiltrate data from air-gapped networks. Let me guess—University of Tel Aviv? Israelis are the side channel GOATs. MORE

6 Techniques I Use to Create a Great User Experience for Shell Scripts — This post dives into creating user-friendly shell scripts with techniques like comprehensive error handling, colorful output, and detailed progress reporting. Soooo good. MORE

Soundiiz — Created by two friends in France, Soundiiz is a tool that lets you transfer playlists between Apple Music, Spotify, YouTube Music, and a host of other streaming services. MORE

Nothing — This is a timer that celebrates the art of doing absolutely nothing. It's not about staring at your screen but about stepping back from the chaos and embracing stillness. MORE

RAG Pipeline Quickstart with Pinecone — This guide walks you through setting up a pipeline that pulls data from an Amazon S3 bucket, creates vector embeddings using OpenAI's embedding model, and stores them in a Pinecone search index. MORE

Semantic Image Search CLI (sisi) is a new tool that lets you perform semantic image searches locally without relying on third-party APIs. MORE

IDEAS

I love it when experts completely disagree about a really important thing. It forces people like me to do tons of heavy reading so I can approach things from first principles.

RECOMMENDATION OF THE WEEK

Actively guard against age-related lock-in (it starts around 30).

Listen to new music. Read new books with new ideas. Talk to new people. Go to strange restaurants. Try new foods.

Don’t let your experiences reduce into a tighter and tighter death-spiral.

Variation keeps your mind young.

APHORISM OF THE WEEK

Choosing not to read great books has the same effect as not being allowed to.