- Unsupervised Learning
- Posts
- UL NO. 413: 7 Things to Expect from AI in 2024+, Xi Going Stalin, SSH's Terrapin…
UL NO. 413: 7 Things to Expect from AI in 2024+, Xi Going Stalin, SSH's Terrapin…
Xi purges detractors, my thoughts on chaos and 2024, my predictions for what we'll build with AI in 2024, macro D, and much more…
Daniel Miessler
January 02, 2024
Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news—but why it matters, and how to respond.
TOC
INTRO
Welcome to 2024!
This year is going to be insane, and I’m choosing to frame that as a good thing.
Between international security, politics, and AI, I think there is going to be so much chaos that it’d be easy to despair from all the uncertainty.
Let’s not do that. Let’s do the opposite. Let’s take that chaos and uncertainty and choose to become excited rather than anxious.
Amidst all this craziness, there’s never been a better time to become who you were meant to be.
I’m honored and grateful to be grinding here alongside you.
Yours,
Wrote a ton during the break.
MY WORK
This is the last week to register for my live AI Course, which will take place on January 13th.
Reserve a limited slot
🚨I am running a space-limited 3-hour AI course called AUGMENTED on January 13th and 12PM PST. Here’s what it covers:
My Approach
What I want from AI (the problems I’m solving)
My framework / approach for solving them
A live demo of multiple workflows
Architecture Overview
The tech stack that I’ve built
My prompt/templates approach and lessons-learned
Guides
A step-by-step for building the server-side infra
A step-by-step for building the client-side infra
Hosting recommendations
Outputs
The full guide to building my stack for yourself
Multiple full-text copies of my actual modules
A set of ideas you can use for different professions and areas of focus, e.g., security, writing, copywriting.
Basically, by the end of the 3 hours, you’ll be able to build a copy of my AI ecosystem for yourself.
The course will be limited in attendance, and early access prices start at $495. The date will be announced soon for the middle of January 2024.
Super excited to share my full philosophy, ecosystem, and workflows, and now I have the avenue to do that!
UL Subscribers can get early subscriber access for $445. GET YOUR SPOT
UL Members get a full $200 off the course, bringing it to $295! BECOME A MEMBER
SECURITY
SSH is vulnerable to a novel data corruption attack called Terrapin. It’s basically a way to force SSH to behave in an insecure way, so you need to patch or adjust your configs to fix it. I was going to just recommend a specific set of ciphers, but it’s more complex than that. Look at your specific stack and get your vendor patches installed as quickly/safely as possible. MORE
Julian Hazel at the University of Oxford showed that LLMs can iterate rapidly to produce realistic spearphishing emails at minimal cost. MORE
People are freaking out about Clear doing facial recognition for sign-ins. It’s crazy to me how many infosec people don’t realize the difference between having some random vendor-specific image of your face, vs. having your actual face. Someone can’t break into third-party B’s systems using third-party A’s picture of your face. And especially not with a third-party A’s digital hash of third-party A’s picture of your face. MORE | WHY BIOMETRIC DATA BREACHES WON’T REQUIRE YOU TO CHANGE YOUR BODY
💡It’s the same with fingerprints, by the way. And voice. Where it gets weird is when it’s a human doing the authentication, such as when someone tricks your mom into sending money because she thought it was you calling.
But for machines, they’re going off of mathematical representations of a picture of you, not the actual you. This is why stealing “biometric authentication data” isn’t nearly as bad as most people think it is.
Verizon's been caught again sharing customer data with anyone who asks, without any real checks in place. This is an overall problem at all these operators, not just Verizon, btw. A stalker recently obtained a victim's address and call history by posing as a police officer with a fake email. MORE
Scammers on Telegram are using doctors' identities to sell fake vaccination documents. A disinformation detection firm found about 60 channels on Telegram pushing bogus Covid-19 vaccine certificates, reaching over 3 million people and netting $286,000 in cryptocurrency. Cool article, but I feel like it’s a little confused about who’s getting scammed. MORE
Rite Aid got a five-year ban on facial recognition tech by the FTC for mishandling consumer data and causing harm. The FTC found that Rite Aid's surveillance program was full of errors and biases, leading to false accusations against customers, including an 11-year-old girl. They’re being forced to delete the collected biometric data and implement a robust data security program to prevent future violations. I honestly love how aggressive the government is getting in cases like these. MORE
Xi Jinping's regime is reportedly executing a Stalin-esque purge, targeting even his closest allies. High-profile disappearances include China's foreign and defense ministers and top military officials, some of whom reportedly died in custody or vanished without explanation. MORE
Lt. Gen. Timothy Haugh has the green light to lead the NSA and Cyber Command. MORE
Vulnerabilities
🪳pfSense Vulnerabilities Found — Multiple flaws in pfSense firewall software could let attackers run commands. | HIGH | CVE-2023-42326 | CVSS Score: 8.8 MORE
🚨 Terrapin SSH Vulnerability — A new attack called Terrapin can compromise SSH channel integrity by manipulating protocol operation. | CRITICAL | CVE-2023-48795, CVE-2023-46445, CVE-2023-46446 | MORE
Incidents
⚠️ Xfinity Data Breach — Comcast confirms a CitrixBleed hack compromised data of nearly 36 million Xfinity customers. | SEVERITY: HIGH | RESPONSE: Customers must reset passwords, and two-factor authentication is recommended. MORE
⚠️ Nissan Cyberattack — Nissan got hit by a ransomware group claiming they've snatched 100 Gb of data. | SEVERITY: HIGH | RESPONSE: Working to identify impacted information and has notified authorities. MORE
⚠️ Ubisoft Security Alert — Ubisoft is probing a potential breach after internal data leaks surfaced online. | SEVERITY: HIGH | RESPONSE: The company is currently investigating the incident and has not shared further details. MORE
⚠️ GTA 5 Code Leaked — GTA 5's source code got leaked online right around Christmas. | SEVERITY: HIGH | RESPONSE: No official response from Rockstar yet. MORE
TECHNOLOGY
Waymo's latest safety data reveals its driverless cars are significantly less likely to be involved in injury-causing crashes compared to human drivers. Such a massive win for autonomous driving, while we constantly hear of fails from Tesla and Cruise. Over 7.1 million miles of autonomous driving, Waymo reported only three minor injuries, while humans are estimated to have a three to nine times higher chance of injury crashes in the same conditions. MORE
The UK Supreme Court has ruled that AI systems cannot be recognized as inventors of patents. In other words, only a natural person can be an inventor, which is fine, except it won’t stop inventors from using armies of inventor/documentation agents from not only coming up with ideas but writing and submitting all the paperwork. In the name of the human. MORE
💡How are we going to tell the difference between a human having X output vs. having an army of AI Agents working for them behind the scenes producing that output for them? We won’t.
I mean if someone writes 300 book reports over the weekend they probably used their agent farm to do so. But the more interesting bit is that we won’t care. It’ll just be the norm. Everyone operating at the top tiers of any game will be a(I)ugmented with their own fleet of aigents behind them.
The API economy, now valued in the trillions, and faces complex regulatory challenges with the integration of AI. Just in time for my API-ification of everything take. If you think it’s a big market now, wait until it’s the fabric for all business. MORE | THE API-IFICATION OF EVERYTHING | A THRIVING ECOSYSTEM OF DA MODULES
China's coming down even more on the gaming industry, setting new rules against daily login rewards and pay-to-play incentives. It’s extraordinary and frightening to me that China has this much control over their population. And I can't help but feel like we’re at a massive disadvantage against them because of it. MORE
New research from Apple shows how they plan to bring (hopefully way better than Siri) AI features to the next OS and iPhone hardware, including creating lifelike animated avatars and running complex language models directly on the device. Cannot f-ing wait for the iOS 18 announcements and betas this year! MORE
Sam Altman is backing Retro Biosciences with $180 million. The startup's ambitious goal is to extend human healthspan (Peter Attia’s term) by a decade. MORE
Google's AI tool, Performance Max, has reduced the need for specialized ad sales roles by automating ad creation and scaling. Various articles are saying up to 30,000 jobs are being cut at Google as a result. MORE
Tesla released its Optimus Gen 2 robot, which has improvements in speed, weight, and agility over the previous gen. This new model is 22 lbs lighter and 30% faster, with enhanced movement capabilities across its 35 degrees of freedom. MORE
HUMANS
Japan's western coast was on high alert after a 7.6 magnitude earthquake triggered tsunami warnings and calls for immediate evacuation. The Japan Meteorological Agency issued a major tsunami warning for Ishikawa, with potential waves up to 5 meters high, and lower-level advisories for other western coastal areas. MORE
Biden just pardoned every American who's used marijuana, even those never charged. The pardon covers federal and D.C. offenses for personal use but excludes sales and DUIs. MORE
Nearly half of young Americans are living with their parents, which are numbers we haven't seen since the Depression. Last summer, the Pew Research Center reported that 52% of 18 to 29-year-olds (around 27 million) were living at home, the highest since the 1930s. MORE
The latest PISA report suggests a strong link between phone use and plummeting student test scores. Students spending less than an hour on phones at school scored significantly higher in math, with a 50-point difference compared to those on screens for over five hours. MORE
AI now spots childhood autism with 100% accuracy just by scanning kids' eyes. The study involved 958 children and used deep learning to analyze 1,890 retinal images, half from kids already diagnosed with autism. MORE
High doses of Vitamin D might help your body use extra calories for muscle growth instead of storing them as fat. The study suggests that increased Vitamin D intake can influence how the body allocates calories, potentially favoring muscle over fat storage. They put normal at 2,000 IU a day, and high at 10,000 IUs. I was at 10K a day and went back down to 5K. Maybe I’ll go back up. MORE
Volkswagen is bringing back physical buttons due to customer pushback on touch controls. MORE
Apple's next-gen CarPlay is starting with Porsche and Aston Martin, offering a more immersive experience that extends to the entire dashboard. The new system allows for vehicle-specific themes and integrates with car features like radio and temperature control. Really wish I could get this on a Tesla, or that BMW made something as good as Model Y. MORE
The EU has agreed on significant migration reforms, including streamlined deportations and detention centers at borders. The pact is trying to balance migration pressures across member states, but faces criticism from refugee rights groups. MORE
US homelessness has spiked to its highest level since 2007, with a 12% increase from last year. MORE
IDEAS & ANALYSIS
I happily put them all in essays during the break!
NOTES
My favorite vim tip of 2024: change your file editing alias to “v” or “e”. One character. I have been using “vi” for years, thinking I was smart. If you’re going to use two characters instead of “nvim” (4), why not 1 instead of 2? MORE
DISCOVERY
⚙️ My Dot Files — I posted a repo of my nvim configs which are customized Lazy, plus a slightly customized zsh theme. MORE
💻 Therm — A stripped-down iTerm2 fork that prioritizes minimalism and improved defaults. I want to use it but I’m a bit scared, honestly. Somebody convince me. | by pancake | MORE
📚 The Primal Hunter Series — This is the LitRPG series I’m currently reading. MORE
🐬 Ollama.ai — Ollama is a super easy way to play with local models. Just go get Ollama and pick this model dolphin-mixtral. Quite strong. | by Eric Hartford | MORE
🔗 ngocok — A free alternative to Burp Collaborator using ngrok for security testing. | by dwisiswant0 | MORE
💬 Talk2Arxiv — Chat with academic papers using this open-source tool that parses and understands PDFs. | by evanhu1 | MORE
Anders Borch shares experiences from interviewing hundreds of software engineering candidates. | by Anders Borch | MORE
Butterfly Ideas: Protecting Fragile Thoughts MORE
Hacker News Activity Analysis with a GPT-4 Agent MORE
SQL as an API Strategy MORE
How to get Stable Diffusion to generate consistent characters | by Chase Lean | MORE
🔥The iPhone’s Notes App Is the Purest Reflection of Our Messy Existence MORE
Writing Code Is the Same Thing as Writing Prose MORE
📝 FigJam's Self-Evaluation Template — As the year wraps up, FigJam offers a free self-evaluation template to help you reflect on your accomplishments and areas for improvement, setting you up for success in the coming year. MORE
🎙️ Oliver Burkeman brings a refreshing perspective on productivity, reminding us that a fulfilling life isn't about squeezing productivity out of every moment. MORE
You Don’t Need Analytics on Your Blog MORE
Life's Little Upgrades MORE
How I Work MORE
Google Podcasts is Shutting Down MORE
I Just Need a Programmer MORE
Keep a "brag document" to track and share your work accomplishments. | by Julia Evans | MORE
RECOMMENDATION OF THE WEEK
Think about what you were supposed to become as a person.
Ask yourself, going into 2024, if you are that.
Realize it’s 100% ok if you aren’t. Hardly anyone is. I’m definitely not.
But most importantly, ask yourself if you’re on the path!
If you aren’t, and you don’t have a plan to get there, or you’ve convinced yourself to settle for something lesser, reject that. Don’t give in. Don’t settle. Resist. Battle. Fight.
Recommit to becoming who you were meant to be.
As a heuristic, ask yourself if you look forward to Mondays. If you don’t, it might be because you’re not working towards becoming that person, or because the way you’re spending your time isn’t a good path for doing so.
This is the perfect moment to think about how to change that.
APHORISM OF THE WEEK
Do not wait until the conditions are perfect to begin. Beginning makes the conditions perfect.
—
Thank you for reading.
UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.
So if you know someone weird like us, please share it with them. 🫶
Yours,