UL NO. 413: 7 Things to Expect from AI in 2024+, Xi Going Stalin, SSH's Terrapin…
2024-1-3 01:17:11 Author: danielmiessler.com(查看原文) 阅读量:9 收藏

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news—but why it matters, and how to respond.

TOC

INTRO

Welcome to 2024!

This year is going to be insane, and I’m choosing to frame that as a good thing.

Between international security, politics, and AI, I think there is going to be so much chaos that it’d be easy to despair from all the uncertainty.

Let’s not do that. Let’s do the opposite. Let’s take that chaos and uncertainty and choose to become excited rather than anxious.

Amidst all this craziness, there’s never been a better time to become who you were meant to be.

I’m honored and grateful to be grinding here alongside you.

Yours,

Wrote a ton during the break.

MY WORK

This is the last week to register for my live AI Course, which will take place on January 13th.

Reserve a limited slot

🚨I am running a space-limited 3-hour AI course called AUGMENTED on January 13th and 12PM PST. Here’s what it covers:

My Approach

  • What I want from AI (the problems I’m solving)

  • My framework / approach for solving them

  • A live demo of multiple workflows

Architecture Overview

  • The tech stack that I’ve built

  • My prompt/templates approach and lessons-learned

Guides

  • A step-by-step for building the server-side infra

  • A step-by-step for building the client-side infra

  • Hosting recommendations

Outputs

  • The full guide to building my stack for yourself

  • Multiple full-text copies of my actual modules

  • A set of ideas you can use for different professions and areas of focus, e.g., security, writing, copywriting.

Basically, by the end of the 3 hours, you’ll be able to build a copy of my AI ecosystem for yourself.

The course will be limited in attendance, and early access prices start at $495. The date will be announced soon for the middle of January 2024.

Super excited to share my full philosophy, ecosystem, and workflows, and now I have the avenue to do that!

  • UL Subscribers can get early subscriber access for $445. GET YOUR SPOT

  • UL Members get a full $200 off the course, bringing it to $295! BECOME A MEMBER

SECURITY

SSH is vulnerable to a novel data corruption attack called Terrapin. It’s basically a way to force SSH to behave in an insecure way, so you need to patch or adjust your configs to fix it. I was going to just recommend a specific set of ciphers, but it’s more complex than that. Look at your specific stack and get your vendor patches installed as quickly/safely as possible. MORE

Julian Hazel at the University of Oxford showed that LLMs can iterate rapidly to produce realistic spearphishing emails at minimal cost. MORE

People are freaking out about Clear doing facial recognition for sign-ins. It’s crazy to me how many infosec people don’t realize the difference between having some random vendor-specific image of your face, vs. having your actual face. Someone can’t break into third-party B’s systems using third-party A’s picture of your face. And especially not with a third-party A’s digital hash of third-party A’s picture of your face. MORE | WHY BIOMETRIC DATA BREACHES WON’T REQUIRE YOU TO CHANGE YOUR BODY

💡It’s the same with fingerprints, by the way. And voice. Where it gets weird is when it’s a human doing the authentication, such as when someone tricks your mom into sending money because she thought it was you calling.

But for machines, they’re going off of mathematical representations of a picture of you, not the actual you. This is why stealing “biometric authentication data” isn’t nearly as bad as most people think it is.

Verizon's been caught again sharing customer data with anyone who asks, without any real checks in place. This is an overall problem at all these operators, not just Verizon, btw. A stalker recently obtained a victim's address and call history by posing as a police officer with a fake email. MORE

Scammers on Telegram are using doctors' identities to sell fake vaccination documents. A disinformation detection firm found about 60 channels on Telegram pushing bogus Covid-19 vaccine certificates, reaching over 3 million people and netting $286,000 in cryptocurrency. Cool article, but I feel like it’s a little confused about who’s getting scammed. MORE

Rite Aid got a five-year ban on facial recognition tech by the FTC for mishandling consumer data and causing harm. The FTC found that Rite Aid's surveillance program was full of errors and biases, leading to false accusations against customers, including an 11-year-old girl. They’re being forced to delete the collected biometric data and implement a robust data security program to prevent future violations. I honestly love how aggressive the government is getting in cases like these. MORE

Xi Jinping's regime is reportedly executing a Stalin-esque purge, targeting even his closest allies. High-profile disappearances include China's foreign and defense ministers and top military officials, some of whom reportedly died in custody or vanished without explanation. MORE

Lt. Gen. Timothy Haugh has the green light to lead the NSA and Cyber Command. MORE

Vulnerabilities

🪳pfSense Vulnerabilities Found — Multiple flaws in pfSense firewall software could let attackers run commands. | HIGH | CVE-2023-42326 | CVSS Score: 8.8 MORE

🚨 Terrapin SSH Vulnerability — A new attack called Terrapin can compromise SSH channel integrity by manipulating protocol operation. | CRITICAL | CVE-2023-48795, CVE-2023-46445, CVE-2023-46446 | MORE

Incidents

⚠️ Xfinity Data Breach — Comcast confirms a CitrixBleed hack compromised data of nearly 36 million Xfinity customers. | SEVERITY: HIGH | RESPONSE: Customers must reset passwords, and two-factor authentication is recommended. MORE

⚠️ Nissan Cyberattack — Nissan got hit by a ransomware group claiming they've snatched 100 Gb of data. | SEVERITY: HIGH | RESPONSE: Working to identify impacted information and has notified authorities. MORE

⚠️ Ubisoft Security Alert — Ubisoft is probing a potential breach after internal data leaks surfaced online. | SEVERITY: HIGH | RESPONSE: The company is currently investigating the incident and has not shared further details. MORE 

⚠️ GTA 5 Code Leaked — GTA 5's source code got leaked online right around Christmas. | SEVERITY: HIGH | RESPONSE: No official response from Rockstar yet. MORE 

TECHNOLOGY

Waymo's latest safety data reveals its driverless cars are significantly less likely to be involved in injury-causing crashes compared to human drivers. Such a massive win for autonomous driving, while we constantly hear of fails from Tesla and Cruise. Over 7.1 million miles of autonomous driving, Waymo reported only three minor injuries, while humans are estimated to have a three to nine times higher chance of injury crashes in the same conditions. MORE

The UK Supreme Court has ruled that AI systems cannot be recognized as inventors of patents. In other words, only a natural person can be an inventor, which is fine, except it won’t stop inventors from using armies of inventor/documentation agents from not only coming up with ideas but writing and submitting all the paperwork. In the name of the human. MORE

💡How are we going to tell the difference between a human having X output vs. having an army of AI Agents working for them behind the scenes producing that output for them? We won’t.

I mean if someone writes 300 book reports over the weekend they probably used their agent farm to do so. But the more interesting bit is that we won’t care. It’ll just be the norm. Everyone operating at the top tiers of any game will be a(I)ugmented with their own fleet of aigents behind them.

The API economy, now valued in the trillions, and faces complex regulatory challenges with the integration of AI. Just in time for my API-ification of everything take. If you think it’s a big market now, wait until it’s the fabric for all business. MORE | THE API-IFICATION OF EVERYTHING | A THRIVING ECOSYSTEM OF DA MODULES

China's coming down even more on the gaming industry, setting new rules against daily login rewards and pay-to-play incentives. It’s extraordinary and frightening to me that China has this much control over their population. And I can't help but feel like we’re at a massive disadvantage against them because of it. MORE 

New research from Apple shows how they plan to bring (hopefully way better than Siri) AI features to the next OS and iPhone hardware, including creating lifelike animated avatars and running complex language models directly on the device. Cannot f-ing wait for the iOS 18 announcements and betas this year! MORE 

Sam Altman is backing Retro Biosciences with $180 million. The startup's ambitious goal is to extend human healthspan (Peter Attia’s term) by a decade. MORE 

Google's AI tool, Performance Max, has reduced the need for specialized ad sales roles by automating ad creation and scaling. Various articles are saying up to 30,000 jobs are being cut at Google as a result. MORE

Tesla released its Optimus Gen 2 robot, which has improvements in speed, weight, and agility over the previous gen. This new model is 22 lbs lighter and 30% faster, with enhanced movement capabilities across its 35 degrees of freedom. MORE

HUMANS

Japan's western coast was on high alert after a 7.6 magnitude earthquake triggered tsunami warnings and calls for immediate evacuation. The Japan Meteorological Agency issued a major tsunami warning for Ishikawa, with potential waves up to 5 meters high, and lower-level advisories for other western coastal areas. MORE

Biden just pardoned every American who's used marijuana, even those never charged. The pardon covers federal and D.C. offenses for personal use but excludes sales and DUIs. MORE

Nearly half of young Americans are living with their parents, which are numbers we haven't seen since the Depression. Last summer, the Pew Research Center reported that 52% of 18 to 29-year-olds (around 27 million) were living at home, the highest since the 1930s. MORE

The latest PISA report suggests a strong link between phone use and plummeting student test scores. Students spending less than an hour on phones at school scored significantly higher in math, with a 50-point difference compared to those on screens for over five hours. MORE

AI now spots childhood autism with 100% accuracy just by scanning kids' eyes. The study involved 958 children and used deep learning to analyze 1,890 retinal images, half from kids already diagnosed with autism. MORE

High doses of Vitamin D might help your body use extra calories for muscle growth instead of storing them as fat. The study suggests that increased Vitamin D intake can influence how the body allocates calories, potentially favoring muscle over fat storage. They put normal at 2,000 IU a day, and high at 10,000 IUs. I was at 10K a day and went back down to 5K. Maybe I’ll go back up. MORE

Volkswagen is bringing back physical buttons due to customer pushback on touch controls. MORE

Apple's next-gen CarPlay is starting with Porsche and Aston Martin, offering a more immersive experience that extends to the entire dashboard. The new system allows for vehicle-specific themes and integrates with car features like radio and temperature control. Really wish I could get this on a Tesla, or that BMW made something as good as Model Y. MORE

The EU has agreed on significant migration reforms, including streamlined deportations and detention centers at borders. The pact is trying to balance migration pressures across member states, but faces criticism from refugee rights groups. MORE

US homelessness has spiked to its highest level since 2007, with a 12% increase from last year. MORE

IDEAS & ANALYSIS

I happily put them all in essays during the break!

NOTES

My favorite vim tip of 2024: change your file editing alias to “v” or “e”. One character. I have been using “vi” for years, thinking I was smart. If you’re going to use two characters instead of “nvim” (4), why not 1 instead of 2? MORE

DISCOVERY

⚙️ My Dot Files — I posted a repo of my nvim configs which are customized Lazy, plus a slightly customized zsh theme. MORE

💻 Therm — A stripped-down iTerm2 fork that prioritizes minimalism and improved defaults. I want to use it but I’m a bit scared, honestly. Somebody convince me. | by pancake | MORE

📚 The Primal Hunter Series — This is the LitRPG series I’m currently reading. MORE

🐬 Ollama.ai — Ollama is a super easy way to play with local models. Just go get Ollama and pick this model dolphin-mixtral. Quite strong. | by Eric Hartford | MORE 

🔗 ngocok — A free alternative to Burp Collaborator using ngrok for security testing. | by dwisiswant0 | MORE

💬 Talk2Arxiv — Chat with academic papers using this open-source tool that parses and understands PDFs. | by evanhu1 | MORE

Anders Borch shares experiences from interviewing hundreds of software engineering candidates. | by Anders Borch | MORE

Butterfly Ideas: Protecting Fragile Thoughts MORE

Hacker News Activity Analysis with a GPT-4 Agent MORE

SQL as an API Strategy MORE

How to get Stable Diffusion to generate consistent characters | by Chase Lean | MORE

🔥The iPhone’s Notes App Is the Purest Reflection of Our Messy Existence MORE

Writing Code Is the Same Thing as Writing Prose MORE

📝 FigJam's Self-Evaluation Template — As the year wraps up, FigJam offers a free self-evaluation template to help you reflect on your accomplishments and areas for improvement, setting you up for success in the coming year. MORE

🎙️ Oliver Burkeman brings a refreshing perspective on productivity, reminding us that a fulfilling life isn't about squeezing productivity out of every moment. MORE

You Don’t Need Analytics on Your Blog MORE

Life's Little Upgrades MORE

Google Podcasts is Shutting Down MORE

I Just Need a Programmer MORE

Keep a "brag document" to track and share your work accomplishments. | by Julia Evans | MORE

RECOMMENDATION OF THE WEEK

  1. Think about what you were supposed to become as a person.

  2. Ask yourself, going into 2024, if you are that.

  3. Realize it’s 100% ok if you aren’t. Hardly anyone is. I’m definitely not.

  4. But most importantly, ask yourself if you’re on the path!

  5. If you aren’t, and you don’t have a plan to get there, or you’ve convinced yourself to settle for something lesser, reject that. Don’t give in. Don’t settle. Resist. Battle. Fight.

  6. Recommit to becoming who you were meant to be.

As a huristic, ask yourself if you look forward to Mondays. If you don’t, it might be because you’re not working towards becomnig that person, or because the way you’re spending your time isn’t a good path for doing so.

This is the perfect moment to think about how to change that.

APHORISM OF THE WEEK

Do not wait until the conditions are perfect to begin. Beginning makes the conditions perfect.

Alan Cohen

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶 

Yours,


文章来源: https://danielmiessler.com/p/ul-no-413-7-things-expect-ai-2024-xi-going-stalin-sshs-terrapin
如有侵权请联系:admin#unsafe.sh