UL NO. 432: Can You Summarize Your Work in a Sentence?

Thoughts on GPT-4o, Dell's API Hack, Russian Campus Campaigns, Google's Pretend Work, and more…

Author

Daniel Miessler
May 14, 2024

Unsupervised Learning is a Security/AI newsletter about how to transition from Human 2.0 to Human 3.0 in order to thrive in the post-AI world.

TOC

NOTES

Hey there,

Lots of stuff!

New Fabric Pattern: get_wow_per_minute

This brand-new Fabric Pattern allows you to figure out the value density of any piece of content, rated from 0 to 10.

OpenAI’s Event

  • OpenAI released their new model, GPT-4o (the “o” stands for omni)

  • The big news is that it’s just about as smart as 4, but it’s 4x faster and 2x cheaper.

  • It’s also capable of having real-time conversations in a very realistic way, allowing you to use it for real-time translation and other stuff.

  • I did a predictions post that anticipated more agent stuff besides just the DA component, but alas we’ll have to wait for that…

  • It’ll soon have vision as well, so you’ll be able to have it watching your screen, and you can just ask it questions, and it can help you.

  • They released a desktop app as well, which is where that functionality will eventually live. Only a few people have it so far but I’m evidently one of the lucky ones…but it doesn’t have the screen monitoring piece yet.

💡They’re basically working to create the Digital Assistants I talked about in my Predictable Path video, which is the most obvious but awesome move ever. Tons of people are doing it, but it’s great to see OpenAI jump ahead in this space.

RSA

  • So, RSA was really good. Like really, really good. Caught up with so many friends and had so many nourishing conversations. Lots of them were about trying to convince friends to get out of their jobs where they’re unhappy, and to get into something AI.

  • Did a couple of talks and a couple of panels. Lots of fun there.

  • Probably should have brought something to sell, and had like a sales pitch, but I just hate that vibe. I think I’ll just buy marketing / ads and/or pay sales people for that so I don’t have to do it.

  • I did show some people Threshold though, which was a total hit.

  • The coolest thing I saw at RSA was the energy. We’re definitely back. And when I say we, I mean optimism and energy around security/entrepreneurship. Not exactly sure about the mix there, but it definitely felt lively to be around the conference in a way that hasn’t been true in like 5-6 years.

Speaking of Threshold, holy crap! I am LOVING this thing. It’s now my #1 way of finding my highest quality content. Plus we send out an email every day with your feed in case you didn’t get a chance to check it. Here’s my latest one:

My personal Threshold feed

I am not joking when I tell you that every single one of these were hits for me. Every. One. I can’t believe we’ve actually built the content discovery tool that I’ve wanted my whole life. And we’re just getting started with the features. The stuff coming in a few weeks will be insanity.

You should get it. Oh, and UL Members get half-off the first year with a code. It’s in UL chat once you sign up.

Ok, let’s get to it…

MY WORK

Check out this new sponsored conversation I had with Corey Ranslem, CEO of Dryad—and the resident expert on Maritime Attacks—and Ismael Valenzuela, VP of Threat Intelligence and Research at Blackberry.

We talked about all things Maritime Security, and I learned a whole lot from the conversation.

Not my work, but my Dad just went on a live studio podcast in San Francisco. He talked about how he approaches music, and performed multiple songs. Go check it out! THE FULL SHOW | A CLIP OF HIM PERFORMING HIS SONG: CHILDREN OF THE NIGHT

SECURITY

Dell got big-hacked (49 million accounts) by someone scraping an API. One message I’ve not heard enough from ASM vendors is having APIs be part of the scope. DISCUSSION | MORE

💡 If I had one existing security space to invest in, like from companies that existed 5 years ago, I’d probably go with API Security.

The whole world of value is about to be presented as APIs, including companies. It’s core, underlying infrastructure. And they will be getting probed/tested constantly by armies of AI agents.

Yeah, API Security.

Speaking of API security and agents, my buddy Joseph Thacker wrote about this recently but I messed up the link last week. Here’s the real link, plus his new piece on a similar topic. MORE | MORE 

CISA has a new alert system companies can sign up for where you sign up and get notified if you have any of their Known Exploitable Vulnerabilities (KEVs). They said about half of the companies they notified had fixed them, and that over 7,000 orgs have signed up. Super impressive. MORE

Attackers are using Microsoft Graph API for malware comms. MORE

Sponsor

Enhance Enterprise Security: Trust Every Device with 1Password!

What do you call an endpoint security product that works perfectly but makes users miserable? A failure. The old approach to endpoint security is to lock down employee devices and roll out changes through forced restarts, but it just. Doesn't. Work.

IT is miserable because they've got a mountain of support tickets, employees start using personal devices just to get their work done, and executives opt out the first time it makes them late for a meeting. You can't have a successful security implementation unless you work with end users. That's where 1Password comes in.

1Password’s user-first device trust solution notifies users as soon as it detects an issue on their device, and teaches them how to solve it without needing help from IT. That way, untrusted devices are blocked from authenticating, but users don't stay blocked.

1Password is designed for companies with Okta and it works on macOS, Windows, Linux, and mobile devices.

So if you have Okta and you're looking for a device trust solution that respects your team, visit 1Password.com/unsupervisedlearning to watch a demo and see how it works.

A Russian influence campaign is exploiting college campus protests to deepen divisions in the US. The Kremlin's Doppelganger network generated over 130,000 views on X by spreading fake news about the protests, using bot accounts to mimic credible news sources. MORE

Google's making 2FA setup smoother by letting you skip the phone number for options like authenticator apps or security keys. . MORE

Sponsor

Wednesday Wisdom: Virtual Cybersecurity Showcases

Looking for a concentrated dose of cybersecurity knowledge? Join us for one (or several!) of our quick-take, 20-minute “Wednesday Wisdom” webinars. We cover timely topics around ASPM, CTEM, DevSecOps, vulnerability, and more—all led by pros in the know.

This month:

May 15: Hot Takes on Hot Topics from RSA
May 22: Your Checklist for Application Security Posture Management Buy-In.

US Marines are testing robot dogs with AI-aimed rifles. These robotic "dogs" can autonomously detect and track targets, yet require a human operator to make the final decision to fire. For now. MORE

Nearly 95% of international data travels through undersea cables, and we’re starting to see more attacks on them. MORE

💡I’ve always wondered why these weren’t a huge terrorism target. Seems like most anyone can basically turn off lots of the internet whenever they want.

Like, forget the US border—how are you going to secure cables that span thousands of miles?

I think the only real answer is to focus on the threat actors rather than the vulnerability.

The US just stopped Intel and Qualcomm's ability to ship certain goods to Huawei, right after Huawei launched an AI computer with an Intel chip. MORE

TECHNOLOGY

A VC from Andreessen Horowitz reckons half of Google's staff are just pretending to work. David Ulevitch's claims a concerning trend of "fake work" within tech giants. MORE

💡It’s actually fake in multiple ways. It’s fake in the sense that people aren’t actually working, but it’s also fake in the sense that a lot of that work shouldn’t even exist.

I highly suggest David Graeber’s Bullshit Jobs. So good.

In this frame, AI is about to be the sunlight that’s needed to disinfect a very nasty surface. Unfortunately, a whole lot of societal infrastructure is in that filth.

The vast majority of the jobs that universities are training for simply won’t be there anymore. Middle management. Paper pushing. Spreadsheet management. Lots of project management. Customer service. Cold calling. The list continues.

Millions and millions of jobs.

Like I’ve said before other places, the safest place in this new world is building new things. Which means you need to be highly motivated and broad-spectrum in terms of your skills.

In short, the easiest way to have a job in the world that’s coming is to create something people want or need.

MITRE is partnering with Nvidia to create a $20 million AI supercomputer aimed at making U.S. government operations, from Medicare to taxes, more efficient. Simultaneously cool and terrifying. MORE

President Joe Biden is converting the Foxconn flop in Wisconsin into a $3.3 billion Microsoft AI data center. MORE

The "Acquired" podcast has become a staple for a lot of business/tech people in Silicon Valley. It basically looks at one company per episode. Kind of like the podcasts that do biographies. Super compelling. MORE

HUMANS

Biden's quadrupling tariffs on Chinese EVs, making it super tough for their cheaper cars to hit the US market. MORE

California's about to change how you're billed for electricity, introducing a fixed fee that varies with your income starting in 2025. This shift aims to lower the overall cost of electricity, with reductions between 8% and 18%, but introduces a monthly charge regardless of consumption. MORE

Scientists have found all DNA and RNA bases in meteorites, hinting life's building blocks might be extraterrestrial. This discovery, made using a novel extraction method akin to cold brewing, challenges the notion that life's ingredients originated solely on Earth. MORE

Scientists have reconstructed a 1mm square piece of the human cerebral cortex at nanoscale resolution, a breakthrough in brain research. This reconstruction allows us to see the brain's complexity like never before, offering insights into how neural networks connect and function. MORE

Vaccination has prevented 154 million deaths, according to a new landmark study. MORE

Streaming is cable now. MORE

The Emotional Support Animal Racket MORE

IDEAS & ANALYSIS

Jevons’ Paradox Misunderstood
Marc Andreessen was on a podcast recently and I think he mischaracterized Jevons’ Paradox as it would apply to software security. He said AI would make it harder to compete as a new business, and I think it’s the opposite.

Courage is Everything
An idea I’ve been throwing around recently:

  • Courage is Action vs. fear

  • Discipline is Courage vs. laziness

  • Success is Discipline vs. mediocrity

Courage —> Discipline —> Success

So everything you want is on the other side of courage, whether that’s courage against fear or courage against laziness. And this applies to all sorts of real-life situations:

  • Hard relationship conversations

  • Becoming fit

  • Not wasting so much time with games/TV

  • Eating right

  • Quitting the soul-crushing job to pursue your calling

In this frame, it’s all Courage.

RECOMMENDATION OF THE WEEK

Know Yourself
Think about what someone should say when they introduce you.

This is _________, he __________________.

Someone introducing you

What is that sentence for you?

Mine is something like,

This is Daniel, he has a company that builds products and services that help people transition to what he calls Human 3.0 so they can survive what’s happening in AI.

The exact sentence is different for different audiences and contexts, but it’s more crucial than ever that you are able to articulate your mission to others. And that your broadcast is strong and clear enough that others can do it for you.

APHORISM OF THE WEEK

Where your fear is, there is your task.

Carl Jung

Thank you for reading.

UL is a personal and strange combination of security, AI, tech, and lots of content about human meaning and flourishing. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So—if you know someone weird like us—please share the newsletter with them. 🫶 

Happy to be sharing the planet with you,